SM4算法简介

  SM4为分组对称密码算法,明文、密文以及密钥长度均为 128 128 128 bits。SM4算法主要包括加解密算法和密钥扩展算法,采用 32 32 32 轮非线性迭代的数学结构,其中算法中每一次迭代运算为一轮非线性变换。主要操作包括异或、合成置换、非线性迭代、反序变换、循环移位以及S盒变换等。加密算法和解密算法的数学架构、运算法则、运算操作等都是完全相同的,解密运算只需要将加密算法中生成的轮密钥进行反序使用。其流程图如下图所示。
SM4算法简介_第1张图片
图1. SM4密码算法加密流程图

密钥扩展算法

   设加密主密钥 M K = ( M K 0 , M K 1 , M K 2 , M K 3 ) MK = (MK_0, MK_1, MK_2, MK_3) MK=(MK0,MK1,MK2,MK3) M K i ∈ { 0 , 1 } 32 MK_i \in \{0,1\}^{32} MKi{0,1}32
( K 0 , K 1 , K 2 , K 3 ) = ( M K 0 ⊕ F K 0 , M K 1 ⊕ F K 1 , M K 2 ⊕ F K 2 , M K 3 ⊕ F K 3 ) (K_0,K_1,K_2, K_3) = (MK_0 \oplus FK_0, MK_1 \oplus FK_1, MK_2 \oplus FK_2, MK_3 \oplus FK_3) (K0,K1,K2,K3)=(MK0FK0,MK1FK1,MK2FK2,MK3FK3)
r k i = K i + 4 = K i ⊕ T ′ ( K i + 1 ⊕ K i + 2 ⊕ K i + 3 ⊕ C K i ) rk_i = K_{i+4} = K_i \oplus T^{'}(K_{i+1} \oplus K_{i+2} \oplus K_{i+3} \oplus CK_i) rki=Ki+4=KiT(Ki+1Ki+2Ki+3CKi)

T ′ T^{'} T变换

T ′ ( B ) = B ⊕ ( B < < < 13 ) ⊕ ( B < < < 23 ) T^{'}(B) = B \oplus (B <<< 13) \oplus (B <<< 23) T(B)=B(B<<<13)(B<<<23)

系统参数 F K FK FK

F K i FK_i FKi 十六进制取值
F K 0 FK_0 FK0 A3B1BAC6
F K 1 FK_1 FK1 56AA3350
F K 2 FK_2 FK2 677D9197
F K 3 FK_3 FK3 B27022DC

固定参数 C K CK CK

固定参数 CK 的取值
000070e15 1c232a31 383f464d 545b6269
70777e85 8c939aa1 a8afb6bd c4cbd2d9
e0e7eef5 fc030a11 181f262d 343b4249
50575e65 6c737a81 888f969d a4abb2b9
c0c7ced5 dce3eaf1 f8ff060d 141b2229
3037aeb5 4c535a61 686f767d 848b9299
a0a7aeb5 bcc3cad1 d8dfe6ed f4fb0209
10171e25 2e333a41 484f565d 646b7279

加解密算法

   设输入明文为: ( X 0 , X 1 , X 2 , X 3 ) ∈ { 0 , 1 } 32 × 4 (X_0, X_1, X_2, X_3) \in \{0,1\}^{32 \times 4} (X0,X1,X2,X3){0,1}32×4, 密文输出为: ( Y 0 , Y 1 , Y 2 , Y 3 ) ∈ { 0 , 1 } 32 × 4 (Y_0, Y_1, Y_2, Y_3) \in \{0,1\}^{32 \times 4} (Y0,Y1,Y2,Y3){0,1}32×4, 轮密钥 r k i ∈ { 0 , 1 } 32 × 4 rk_i \in \{0,1\}^{32 \times 4} rki{0,1}32×4, 其中 i ∈ { 0 , 1 , ⋯ 31 } i \in \{0,1,\cdots 31\} i{0,1,31}.SM4密码算法的具体加密过程如下:
X i + 1 = F ( X i , X i + 1 , X i + 2 , X i + 3 , r k i ) = X i ⊕ T ( X i + 1 ⊕ X i + 2 ⊕ X i + 3 ⊕ r k i ) X_{i+1} = F(X_{i}, X_{i+1}, X_{i+2}, X_{i+3}, rk_i)=X_{i}\oplus T(X_{i+1}\oplus X_{i+2}\oplus X_{i+3}\oplus rk_i) Xi+1=F(Xi,Xi+1,Xi+2,Xi+3,rki)=XiT(Xi+1Xi+2Xi+3rki);
( Y 0 , Y 1 , Y 2 , Y 3 ) = R ( X 32 , X 33 , X 34 , X 35 ) = ( X 35 , X 34 , X 33 , X 32 ) (Y_0, Y_1, Y_2, Y_3) = R(X_{32}, X_{33}, X_{34}, X_{35}) = (X_{35}, X_{34}, X_{33}, X_{32}) (Y0,Y1,Y2,Y3)=R(X32,X33,X34,X35)=(X35,X34,X33,X32)

合成置换 T

   由非线性变换 τ \tau τ和线性变换 L L L的转换, T ( ⋅ ) = L ( τ ( ⋅ ) ) T(\cdot)=L(\tau(\cdot)) T()=L(τ())
非线性变换 τ \tau τ : 长度为 32 bits, 由4 个并行的8位输入输出的S盒组成,表示为 S b o x ( ⋅ ) Sbox(\cdot) Sbox()
( B 0 , B 1 , B 2 , B 3 ) = τ ( A ) = ( S b o x ( A 0 ) , S b o x ( A 1 ) , S b o x ( A 2 ) , S b o x ( A 3 ) ) (B_0, B_1, B_2, B_3) = \tau(A) = (Sbox(A_0), Sbox(A_1), Sbox(A_2), Sbox(A_3)) (B0,B1,B2,B3)=τ(A)=(Sbox(A0),Sbox(A1),Sbox(A2),Sbox(A3))
线性变换 L L L : B = L ( A ) = A ⊕ ( A < < < 2 ) ⊕ ( A < < < 10 ) ⊕ ( A < < < 18 ) ⊕ ( A < < < 24 ) B = L(A) = A\oplus(A <<< 2)\oplus(A <<< 10)\oplus(A <<< 18)\oplus(A <<< 24) B=L(A)=A(A<<<2)(A<<<10)(A<<<18)(A<<<24)

S盒

   S盒是SM4算法中唯一的非线性逻辑单元,国家密码局公布的SM4密码时,直接给出了算法中S盒的查找表信息,输入为8 bits,其中,高4bits为查找表的行信息,后4bits为查找表的列信息。

- 0 1 2 3 4 5 6 7 8 9 a b c d e f
0 0xd6 0x90 0xc9 0xfe 0xcc 0xe1 0x3d 0xb7 0x16 0xb6 0x14 0xc2 0x28 0xfb 0x2c 0x05
1 0x2b 0x67 0x9a 0x76 0x2a 0xbe 0x04 0xc3 0xaa 0x44 0x13 0x26 0x49 0x86 0x06 0x99
2 0x9c 0x42 0x50 0xf4 0x91 0xef 0x98 0x7a 0x33 0x54 0x0b 0x43 0xed 0xcf 0xac 0x62
3 0xe4 0xb3 0x1c 0xa9 0xc9 0x08 0xe8 0x95 0x80 0xdf 0x94 0xfa 0x75 0x8f 0x3f 0xa6
4 0x47 0x07 0xa7 0xfc 0xf3 0x73 0x17 0xba 0x83 0x59 0x3c 0x19 0xe6 0x85 0x4f 0xa8
5 0x68 0x6b 0x81 0xb2 0x71 0x64 0xda 0x8b 0xf8 0xeb 0x0f 0x4b 0x70 0x56 0x9d 0x35
6 0x1e 0x24 0x0e 0x5e 0x63 0x58 0xd1 0xa2 0x25 0x22 0x7c 0x3b 0x01 0x21 0x78 0x87
7 0xd4 0x00 0x46 0x57 0x9f 0xd3 0x27 0x52 0x4c 0x36 0x02 0xe7 0xa0 0xc4 0xc8 0x9e
8 0xea 0xbf 0x8a 0xd2 0x40 0xc7 0x38 0xb5 0xa3 0xf7 0xf2 0xce 0xf9 0x61 0x15 0xa1
9 0xe0 0xae 0x5d 0xa4 0x9b 0x34 0x1a 0x55 0xad 0x93 0x32 0x30 0xf5 0x8c 0xb1 0xe3
a 0x1d 0xf6 0xe2 0x2e 0x82 0x66 0xca 0x60 0xc0 0x29 0x23 0xab 0x0d 0x53 0x4e 0x6f
b 0xd5 0xdb 0x37 0x45 0xde 0xfd 0x8e 0x2f 0x03 0xff 0x6a 0x72 0x6d 0x6c 0x5b 0x51
c 0x8d 0x1b 0xaf 0x92 0xbb 0xdd 0xbc 0x7f 0x11 0xd9 0x5c 0x41 0x1f 0x10 0x5a 0xd8
d 0x0a 0xc1 0x31 0x88 0xa5 0xcd 0x7b 0xbd 0x2d 0x74 0xd0 0x12 0xb8 0xe5 0xb4 0xb0
e 0x89 0x69 0x97 0x4a 0x0c 0x96 0x77 0x7e 0x65 0xb9 0xf1 0x09 0xc5 0x6e 0xc6 0x84
f 0x18 0xf0 0x7d 0xec 0x3a 0xdc 0x4d 0x20 0x79 0xee 0x5f 0x3e 0xd7 0xcb 0x39 0x48

你可能感兴趣的:(密码学,算法,密码学,安全)