国密算法 ZUC流密码 祖冲之密码 python代码完整实现
此前发布了包含SM2公钥密码、SM3杂凑算法和SM4分组密码的国密算法完整工具包,其实还是有些不完整,因为没有流密码。今天把我们国家自己的流密码——ZUC祖冲之密码算法补充上。介绍其他国密算法的链接如下:
SM2:国密算法 SM2 公钥加密 非对称加密 数字签名 密钥协商 python实现完整代码_qq_43339242的博客-CSDN博客_python国密sm2
SM3:国密算法 SM3 消息摘要 杂凑算法 哈希函数 散列函数 python实现完整代码_qq_43339242的博客-CSDN博客
SM4:国密算法 SM4 对称加密 分组密码 python实现完整代码_qq_43339242的博客-CSDN博客_sm4代码python
对上述几个算法和实现不了解的,建议点进去看看。下面这篇文章是对上述的汇总:
国密算法 SM2公钥密码 SM3杂凑算法 SM4分组密码 python代码完整实现
所有代码托管在码云:hggm - 国密算法 SM2 SM3 SM4 python实现完整代码: 国密算法 SM2公钥密码 SM3杂凑算法 SM4分组密码 python代码完整实现 效率高于所有公开的python国密算法库 (gitee.com)
废话多了。上ZUC的代码:
from array import array
_ZUC_D = [0x44D700, 0x26BC00, 0x626B00, 0x135E00, 0x578900, 0x35E200, 0x713500, 0x09AF00,
0x4D7800, 0x2F1300, 0x6BC400, 0x1AF100, 0x5E2600, 0x3C4D00, 0x789A00, 0x47AC00]
_ZUC_S0 = bytes([
0x3E, 0x72, 0x5B, 0x47, 0xCA, 0xE0, 0x00, 0x33, 0x04, 0xD1, 0x54, 0x98, 0x09, 0xB9, 0x6D, 0xCB,
0x7B, 0x1B, 0xF9, 0x32, 0xAF, 0x9D, 0x6A, 0xA5, 0xB8, 0x2D, 0xFC, 0x1D, 0x08, 0x53, 0x03, 0x90,
0x4D, 0x4E, 0x84, 0x99, 0xE4, 0xCE, 0xD9, 0x91, 0xDD, 0xB6, 0x85, 0x48, 0x8B, 0x29, 0x6E, 0xAC,
0xCD, 0xC1, 0xF8, 0x1E, 0x73, 0x43, 0x69, 0xC6, 0xB5, 0xBD, 0xFD, 0x39, 0x63, 0x20, 0xD4, 0x38,
0x76, 0x7D, 0xB2, 0xA7, 0xCF, 0xED, 0x57, 0xC5, 0xF3, 0x2C, 0xBB, 0x14, 0x21, 0x06, 0x55, 0x9B,
0xE3, 0xEF, 0x5E, 0x31, 0x4F, 0x7F, 0x5A, 0xA4, 0x0D, 0x82, 0x51, 0x49, 0x5F, 0xBA, 0x58, 0x1C,
0x4A, 0x16, 0xD5, 0x17, 0xA8, 0x92, 0x24, 0x1F, 0x8C, 0xFF, 0xD8, 0xAE, 0x2E, 0x01, 0xD3, 0xAD,
0x3B, 0x4B, 0xDA, 0x46, 0xEB, 0xC9, 0xDE, 0x9A, 0x8F, 0x87, 0xD7, 0x3A, 0x80, 0x6F, 0x2F, 0xC8,
0xB1, 0xB4, 0x37, 0xF7, 0x0A, 0x22, 0x13, 0x28, 0x7C, 0xCC, 0x3C, 0x89, 0xC7, 0xC3, 0x96, 0x56,
0x07, 0xBF, 0x7E, 0xF0, 0x0B, 0x2B, 0x97, 0x52, 0x35, 0x41, 0x79, 0x61, 0xA6, 0x4C, 0x10, 0xFE,
0xBC, 0x26, 0x95, 0x88, 0x8A, 0xB0, 0xA3, 0xFB, 0xC0, 0x18, 0x94, 0xF2, 0xE1, 0xE5, 0xE9, 0x5D,
0xD0, 0xDC, 0x11, 0x66, 0x64, 0x5C, 0xEC, 0x59, 0x42, 0x75, 0x12, 0xF5, 0x74, 0x9C, 0xAA, 0x23,
0x0E, 0x86, 0xAB, 0xBE, 0x2A, 0x02, 0xE7, 0x67, 0xE6, 0x44, 0xA2, 0x6C, 0xC2, 0x93, 0x9F, 0xF1,
0xF6, 0xFA, 0x36, 0xD2, 0x50, 0x68, 0x9E, 0x62, 0x71, 0x15, 0x3D, 0xD6, 0x40, 0xC4, 0xE2, 0x0F,
0x8E, 0x83, 0x77, 0x6B, 0x25, 0x05, 0x3F, 0x0C, 0x30, 0xEA, 0x70, 0xB7, 0xA1, 0xE8, 0xA9, 0x65,
0x8D, 0x27, 0x1A, 0xDB, 0x81, 0xB3, 0xA0, 0xF4, 0x45, 0x7A, 0x19, 0xDF, 0xEE, 0x78, 0x34, 0x60])
_ZUC_S1 = bytes([
0x55, 0xC2, 0x63, 0x71, 0x3B, 0xC8, 0x47, 0x86, 0x9F, 0x3C, 0xDA, 0x5B, 0x29, 0xAA, 0xFD, 0x77,
0x8C, 0xC5, 0x94, 0x0C, 0xA6, 0x1A, 0x13, 0x00, 0xE3, 0xA8, 0x16, 0x72, 0x40, 0xF9, 0xF8, 0x42,
0x44, 0x26, 0x68, 0x96, 0x81, 0xD9, 0x45, 0x3E, 0x10, 0x76, 0xC6, 0xA7, 0x8B, 0x39, 0x43, 0xE1,
0x3A, 0xB5, 0x56, 0x2A, 0xC0, 0x6D, 0xB3, 0x05, 0x22, 0x66, 0xBF, 0xDC, 0x0B, 0xFA, 0x62, 0x48,
0xDD, 0x20, 0x11, 0x06, 0x36, 0xC9, 0xC1, 0xCF, 0xF6, 0x27, 0x52, 0xBB, 0x69, 0xF5, 0xD4, 0x87,
0x7F, 0x84, 0x4C, 0xD2, 0x9C, 0x57, 0xA4, 0xBC, 0x4F, 0x9A, 0xDF, 0xFE, 0xD6, 0x8D, 0x7A, 0xEB,
0x2B, 0x53, 0xD8, 0x5C, 0xA1, 0x14, 0x17, 0xFB, 0x23, 0xD5, 0x7D, 0x30, 0x67, 0x73, 0x08, 0x09,
0xEE, 0xB7, 0x70, 0x3F, 0x61, 0xB2, 0x19, 0x8E, 0x4E, 0xE5, 0x4B, 0x93, 0x8F, 0x5D, 0xDB, 0xA9,
0xAD, 0xF1, 0xAE, 0x2E, 0xCB, 0x0D, 0xFC, 0xF4, 0x2D, 0x46, 0x6E, 0x1D, 0x97, 0xE8, 0xD1, 0xE9,
0x4D, 0x37, 0xA5, 0x75, 0x5E, 0x83, 0x9E, 0xAB, 0x82, 0x9D, 0xB9, 0x1C, 0xE0, 0xCD, 0x49, 0x89,
0x01, 0xB6, 0xBD, 0x58, 0x24, 0xA2, 0x5F, 0x38, 0x78, 0x99, 0x15, 0x90, 0x50, 0xB8, 0x95, 0xE4,
0xD0, 0x91, 0xC7, 0xCE, 0xED, 0x0F, 0xB4, 0x6F, 0xA0, 0xCC, 0xF0, 0x02, 0x4A, 0x79, 0xC3, 0xDE,
0xA3, 0xEF, 0xEA, 0x51, 0xE6, 0x6B, 0x18, 0xEC, 0x1B, 0x2C, 0x80, 0xF7, 0x74, 0xE7, 0xFF, 0x21,
0x5A, 0x6A, 0x54, 0x1E, 0x41, 0x31, 0x92, 0x35, 0xC4, 0x33, 0x07, 0x0A, 0xBA, 0x7E, 0x0E, 0x34,
0x88, 0xB1, 0x98, 0x7C, 0xF3, 0x3D, 0x60, 0x6C, 0x7B, 0xCA, 0xD3, 0x1F, 0x32, 0x65, 0x04, 0x28,
0x64, 0xBE, 0x85, 0x9B, 0x2F, 0x59, 0x8A, 0xD7, 0xB0, 0x25, 0xAC, 0xAF, 0x12, 0x03, 0xE2, 0xF2])
_ZUC_S = array('H')
for byte1 in _ZUC_S0: # 构造两字节的S盒变换表
byte1 <<= 8
_ZUC_S.extend(byte1 | byte2 for byte2 in _ZUC_S1)
class ZUC:
def __init__(self, key, iv):
lfsr = self.lfsr = [_ZUC_D[i] | key[i] << 23 | iv[i] for i in range(16)]
self.r = 0, 0
for i in range(32):
c = (((lfsr[15] << 1 & 0xFFFF0000 | lfsr[14] & 0xFFFF) ^ self.r[0]) + self.r[1] >> 1 & 0x7FFFFFFF)\
+ self.lfsr_next()
self.lfsr_shift((c & 0x7FFFFFFF) + (c >> 31))
def lfsr_next(self):
lfsr, r = self.lfsr, self.r
W1, W2 = r[0] + (lfsr[11] << 16 | lfsr[9] >> 15) & 0xFFFFFFFF, r[1] ^ ((lfsr[7] & 0xFFFF) << 16 | lfsr[5] >> 15)
x, y = (W1 & 0xFFFF) << 16 | W2 >> 16, (W2 & 0xFFFF) << 16 | W1 >> 16 # L线性变换
u = (x ^ (x << 2 | x >> 30) ^ (x << 10 | x >> 22) ^ (x << 18 | x >> 14) ^ (x << 24 | x >> 8)) & 0xFFFFFFFF
v = (y ^ (y << 8 | y >> 24) ^ (y << 14 | y >> 18) ^ (y << 22 | y >> 10) ^ (y << 30 | y >> 2)) & 0xFFFFFFFF
self.r = _ZUC_S[u >> 16] << 16 | _ZUC_S[u & 0xFFFF], _ZUC_S[v >> 16] << 16 | _ZUC_S[v & 0xFFFF] # S盒变换
v_0, v_4, v_10, v_13, v_15 = lfsr[0], lfsr[4], lfsr[10], lfsr[13], lfsr[15]
c = v_0 + ((v_0 << 8 | v_0 >> 23) & 0x7FFFFFFF)
c = (c & 0x7FFFFFFF) + (c >> 31) + ((v_4 << 20 | v_4 >> 11) & 0x7FFFFFFF)
c = (c & 0x7FFFFFFF) + (c >> 31) + ((v_10 << 21 | v_10 >> 10) & 0x7FFFFFFF)
c = (c & 0x7FFFFFFF) + (c >> 31) + ((v_13 << 17 | v_13 >> 14) & 0x7FFFFFFF)
c = (c & 0x7FFFFFFF) + (c >> 31) + ((v_15 << 15 | v_15 >> 16) & 0x7FFFFFFF)
return (c & 0x7FFFFFFF) + (c >> 31)
def lfsr_shift(self, x):
self.lfsr.pop(0)
self.lfsr.append(x)
def enc(self, data):
res, lfsr = [], self.lfsr
for i in data:
self.lfsr_shift(self.lfsr_next())
res.append(i ^ ((lfsr[15] << 1 & 0xFFFF0000 | lfsr[14] & 0xFFFF) ^ self.r[0]) + self.r[1] & 0xFFFFFFFF
^ ((lfsr[2] & 0xFFFF) << 16 | lfsr[0] >> 15))
self.lfsr_shift(self.lfsr_next())
return res
这是未加速的版本,numba加速版本和测试代码请到码云下载。本代码的使用方法请参考测试代码。以下是从国密算法工具包的完整测试代码中截取的一部分和ZUC相关的:
import os
import random
import time
import numpy as np
from Crypto.Cipher import ARC4
from pysmx.ZUC import ZUC as ZUC_pysmx
from hggm.ZUC import ZUC as ZUC_my_fast
from hggm.slow.ZUC import ZUC as ZUC_my
def zuc_compare_test():
# 随机生成128位的密钥和初始向量
key, iv = os.urandom(16), os.urandom(16)
test_data = os.urandom(128)
test_num = 50 # 测试次数
# 随机生成消息
short_data = [os.urandom(random.randint(16, 48)) for _ in range(test_num)] # 短消息列表
long_data = [os.urandom(random.randint(1000, 2000)) for _ in range(test_num)] # 长消息列表
enc_data_arc4 = [b''] * test_num
enc_data_pysmx = [b''] * test_num
enc_data_my = [b''] * test_num
enc_data_my_fast = [b''] * test_num
enc_data_arc4_2 = [b''] * test_num
enc_data_pysmx2 = [b''] * test_num
enc_data_my2 = [b''] * test_num
enc_data_my_fast2 = [b''] * test_num
dec_data = [b''] * test_num
dec_data2 = [b''] * test_num
print('\n———————————————————————————————————————————流密码测试———————————————————————————————————————————')
print('前两次加密消息长度:%dB\n后两项为连续加密——短消息平均长度:%.1fB 长消息平均长度:%.1fB 测试次数:%d' %
(len(test_data), np.mean(list(map(len, short_data))), np.mean(list(map(len, long_data))), test_num))
print('算法库名\t\t\t首次初始化(μs)\t再次初始化(μs)\t首次加密(μs)\t再次加密(μs)\t处理短消息(ms)\t处理长消息(ms)')
# Crypto - ARC4
time_1 = time.perf_counter()
arc4 = ARC4.new(key)
time_2 = time.perf_counter()
arc4_2 = ARC4.new(key)
time_3 = time.perf_counter()
arc4.encrypt(test_data)
time_4 = time.perf_counter()
arc4_2.encrypt(test_data)
time_5 = time.perf_counter()
for i in range(test_num):
enc_data_arc4[i] = arc4.encrypt(short_data[i]) # 加密短消息
time_6 = time.perf_counter()
for i in range(test_num):
enc_data_arc4_2[i] = arc4.encrypt(long_data[i]) # 加密长消息
time_7 = time.perf_counter()
print('Crypto-ARC4\t\t%.2f\t\t\t%.2f\t\t\t%.2f\t\t%.2f\t\t%.2f\t\t\t%.2f' %
((time_2 - time_1) * 1000000, (time_3 - time_2) * 1000000, (time_4 - time_3) * 1000000,
(time_5 - time_4) * 1000000, (time_6 - time_5) * 1000, (time_7 - time_6) * 1000))
# pysmx - ZUC
time_1 = time.perf_counter()
zuc_smx = ZUC_pysmx(key, iv)
time_2 = time.perf_counter()
zuc_smx2 = ZUC_pysmx(key, iv)
time_3 = time.perf_counter()
zuc_smx.zuc_encrypt(test_data)
time_4 = time.perf_counter()
zuc_smx2.zuc_encrypt(test_data)
time_5 = time.perf_counter()
for i in range(test_num):
enc_data_pysmx[i] = zuc_smx.zuc_encrypt(short_data[i]) # 加密短消息
time_6 = time.perf_counter()
for i in range(test_num):
enc_data_pysmx2[i] = zuc_smx.zuc_encrypt(long_data[i]) # 加密长消息
time_7 = time.perf_counter()
print('pysmx-ZUC\t\t%.2f\t\t\t%.2f\t\t\t%.2f\t\t%.2f\t\t%.2f\t\t\t%.2f' %
((time_2 - time_1) * 1000000, (time_3 - time_2) * 1000000, (time_4 - time_3) * 1000000,
(time_5 - time_4) * 1000000, (time_6 - time_5) * 1000, (time_7 - time_6) * 1000))
time_aim = time_7 - time_5
# my - ZUC
time_1 = time.perf_counter()
zuc_my = ZUC_my(key, iv)
time_2 = time.perf_counter()
zuc_my2 = ZUC_my(key, iv)
time_3 = time.perf_counter()
zuc_my.enc(test_data)
time_4 = time.perf_counter()
zuc_my2.enc(test_data)
time_5 = time.perf_counter()
for i in range(test_num):
enc_data_my[i] = zuc_my.enc(short_data[i]) # 加密短消息
time_6 = time.perf_counter()
for i in range(test_num):
enc_data_my2[i] = zuc_my.enc(long_data[i]) # 加密长消息
time_7 = time.perf_counter()
print('my-ZUC\t\t\t%.2f\t\t\t%.2f\t\t\t%.2f\t\t%.2f\t\t%.2f\t\t\t%.2f' %
((time_2 - time_1) * 1000000, (time_3 - time_2) * 1000000, (time_4 - time_3) * 1000000,
(time_5 - time_4) * 1000000, (time_6 - time_5) * 1000, (time_7 - time_6) * 1000))
time_my = time_7 - time_5
# my - ZUC(fast)
time_1 = time.perf_counter()
zuc_my_fast = ZUC_my_fast(key, iv)
time_2 = time.perf_counter()
zuc_my_fast2 = ZUC_my_fast(key, iv)
time_3 = time.perf_counter()
zuc_my_fast.enc(test_data)
time_4 = time.perf_counter()
zuc_my_fast2.enc(test_data)
time_5 = time.perf_counter()
for i in range(test_num):
enc_data_my_fast[i] = zuc_my_fast.enc(short_data[i]) # 加密短消息
time_6 = time.perf_counter()
for i in range(test_num):
enc_data_my_fast2[i] = zuc_my_fast.enc(long_data[i]) # 加密长消息
time_7 = time.perf_counter()
print('my-ZUC(fast)\t%.2f\t\t\t%.2f\t\t\t%.2f\t\t%.2f\t\t%.2f\t\t\t%.2f' %
((time_2 - time_1) * 1000000, (time_3 - time_2) * 1000000, (time_4 - time_3) * 1000000,
(time_5 - time_4) * 1000000, (time_6 - time_5) * 1000, (time_7 - time_6) * 1000))
time_my_fast = time_7 - time_5
print('连续加密时,未加速时总耗时为pysmx的%.2f%%' % (time_my / time_aim * 100))
print('加速以后总耗时为pysmx的%.2f%%、未加速的%.2f%%' % (time_my_fast / time_aim * 100, time_my_fast / time_my * 100))
assert enc_data_pysmx == enc_data_my == list(map(list, enc_data_my_fast)) # 短消息加密生成的列表
assert enc_data_pysmx2 == enc_data_my2 == list(map(list, enc_data_my_fast2)) # 长消息加密生成的列表
# ARC4解密
for i in range(test_num): # 解密短消息
dec_data[i] = arc4_2.decrypt(enc_data_arc4[i])
for i in range(test_num): # 解密长消息
dec_data2[i] = arc4_2.decrypt(enc_data_arc4_2[i])
assert dec_data == short_data and dec_data2 == long_data
# ZUC解密
for i in range(test_num): # 解密短消息
dec_data[i] = bytes(zuc_my2.enc(enc_data_my[i]))
dec_data2[i] = zuc_my_fast2.dec(enc_data_my_fast[i]).astype(np.uint8).tobytes()
assert dec_data == dec_data2 == short_data
for i in range(test_num): # 解密长消息(因为是流密码,从始至终加密和解密的顺序必须完全一致)
dec_data[i] = bytes(zuc_my2.enc(enc_data_my2[i]))
dec_data2[i] = zuc_my_fast2.dec(enc_data_my_fast2[i]).astype(np.uint8).tobytes()
assert dec_data == dec_data2 == long_data
if __name__ == "__main__":
zuc_compare_test()测试结果如下图:
效果还行,未加速版本的耗时约为pysmx库的60%,加速以后耗时约为其1%。未加速时能比pysmx库快一点,是因为采用了双字节S盒表,减少了函数调用和冗余计算(代码比pysmx库的实现短了很多,可能对可读性有些影响)。
需要注意的是,解密流密码密文时,必须保证解密顺序与加密时完全对应。本代码的解密方法可参考上面测试代码的最后一段,未加速版本统一用"enc"方法实现加密和解密,加速版本用"dec"方法实现解密。加密和解密后,我没有去转输出类型,未加速版本输出的是list,加速版本输出的是np数组,个人认为这个留给使用者自己转会更好,免得画蛇添足(上面解密的代码把输出类型转化为bytes后再与原始数据比较)
为了更好地进行对比,引入了Crypto(PyCryptodome)库的流密码算法ARC4(好像是RC4算法的非官方实现),可见ARC4连续加密长消息时性能是很强劲的(国外成熟密码算法库会调用编译好的C语言动态链接库),但ZUC的复杂度和安全性高于RC4。如果运行测试代码时Crypto库的部分报类似“ARC4_stream_init' not found in library”的错误,可以尝试一下老版本Crypto库,我用的3.8版本是没问题的,在cmd命令行中输入下面两行即可换版本:
pip uninstall pycryptodome
pip install pycryptodome==3.8.0
网络安全,人人有责!