Implementation of national secret algorithm introduction of domestic cipher algorithm
Domestic cipher algorithm (State secret algorithm) refers to the National Password Bureau identified domestic commercial cryptographic algorithm, in the financial field, the main use of public SM2, SM3, SM4 Three kinds of algorithms, respectively, are asymmetric algorithm, hashing algorithm and symmetric algorithm.
1.SM2 algorithm: SM2 elliptic curve public key cryptography is a public-key cryptography algorithm in China, including sm2-1 Elliptic curve digital signature algorithm, sm2-2 elliptic curve key Exchange protocol, The sm2-3 elliptic curve public key encryption algorithm is used to realize the functions of digital signature key negotiation and data encryption, respectively. SM2 algorithm and RSA algorithm is different, the SM2 algorithm is based on Elliptic Curve point group discrete logarithm problem, compared to the RSA algorithm, 256-bit SM2 password strength is higher than the 2048-bit RSA password strength.
- The elliptic curve parameter does not give the recommended curve, and the generation of the curve parameter needs to be produced by a certain algorithm. However, in practice, the State Secret Service recommends the use of the 256-bit elliptic curve of prime field, the curve equation is y^2= x^3+ax+b (where P is a large prime number greater than 3, N is the order of the base point G, Gx, Gy respectively is the base point g X and Y values, a, B is the curve equation y^2= x^3+ax+ Coefficient of B).
2.SM3 algorithm: SM3 hashing algorithm is a self-designed cryptographic hashing algorithm, which is suitable for the generation and verification of digital signature and verification message authentication code and the generation of random number in commercial cipher applications, which can meet the security requirements of many cipher applications. To ensure the security of the hash algorithm, the resulting hash value should not be too short, such as MD5 output 128 bit hash value, the output length is too short, affecting its security SHA-1 the output length of the algorithm is 160 bits, the SM3 algorithm output length is 256 bits, Therefore, the SM3 algorithm is more secure than the MD5 algorithm and SHA-1 algorithm.
3.SM4 algorithm: SM4 block cipher algorithm is a self-designed group symmetric cipher algorithm, which is used to encrypt/decrypt data to ensure the confidentiality of data and information. To ensure the security of a symmetric cryptographic algorithm is the basic condition is that it has enough key length, the SM4 algorithm and AES algorithm has the same key length grouping length of 128 bits, so the security is higher than the 3DES algorithm.
For details, please refer to the rules published by the National Cryptography Bureau
Address: http://www.oscca.gov.cn/
Implementation of the installation of the experimental environment
Tools
SM2 implementation
Python3 implementation of the SM2+SM3,SM3 includes the KDF function, can be combined with SM2 decryption (SM2 called the SM3 module). SM2 realizes the signature, verification and decryption functions under various vegetarian domains.
SM3 implementation
The design principle of SM3 cipher hashing algorithm
SM3 the design of cryptographic hashing algorithm mainly follows the following principles:
- Can effectively resist the bit tracking method and other analytical methods;
- Under the precondition of guaranteeing safety, the comprehensive performance index is equivalent to the SHA-256 under the same conditions.
(1) Design principle of compression function
The design of compression function has the characteristics of clear structure and strong avalanche effect, and adopts the following design techniques:
- The message is a double-word person. The two-word message of the loser is selected from the message word generated by the message extension algorithm. In order to get the news of the intervention as soon as possible avalanche effect, using the modulo 2^23 arithmetic plus operation and p permutation, etc.
- Each step involves a rapid proliferation of message bits that are involved in the previous step, and each message bit quickly participates in further proliferation and confusion
- Using hybrid from different group operations, modulo 2^23 arithmetic plus operation, XOR operation, 3-tuple Boolean function and P-permutation
- Under the premise of guaranteeing the security of the algorithm, in order to take into account the introduction of the algorithm and the validity of the software and hardware, the nonlinear operation mainly uses Boolean arithmetic and arithmetic addition.
- The selection of the parameters of the compression function should make the compression function satisfy the characteristics of complete diffusion and fast avalanche speed.
(2) Design of message extension algorithm
The message extension algorithm expands the message grouping of 512b into a group of 2176b messages. The linear feedback shift register is used to realize the message expansion, and it achieves better expansion effect under less computation. The function of message extension algorithm in SM3 cipher hashing algorithm is to strengthen the correlation between message bits and reduce the attack probability of the hashing algorithm through the message extension weakness. The message extension algorithm has the following requirements:
- The message extension algorithm satisfies the moisture-resistance
- Linear scaling of messages, so that the extended message has a good correlation
- Has a fast avalanche effect
- For both hardware and software and smart card real
SM4 implementation of SMS4 algorithm encryption process
1. read-in data
2. Calculate Wheel Key Intermediate variable
3. Calculate Wheel Key
4.SMS4 algorithm i+1 round encryption
5.SMS4 algorithm final encrypted output
SM4 Wireless LAN standard packet data algorithm. Symmetric encryption, both the key length and the packet length are 128 bits.
SM4 block cipher algorithm is a self-designed group symmetric cipher algorithm, which is used to encrypt/decrypt data to ensure the confidentiality of data and information. To ensure the security of a symmetric cryptographic algorithm is the basic condition is that it has enough key length, the SM4 algorithm and AES algorithm has the same key length grouping length of 128 bits, so the security is higher than the 3DES algorithm.
The basic operation of the SM4 cipher algorithm has two parts:
- 1. Modulus 2 Plus: ⊕,32 specific or arithmetic
- 2. Cyclic shift: <<< I, 32-bit word loop left I bit
SM4 Basic Password part is
- 1 Nonlinear byte transform s box (confusing)
- Substitution rules for S-boxes: The high half byte entered is the line number, the low half byte is the column number, and the data at the row and column intersection is the output. Set the input to "5F", the line number is 5 and the column number is F, so the output value of the S box is the value of the intersection of row 5th and column F in the table.
2 Non-linear word transform tau: confusion, specifically 4 S box parallel displacement, set input character a= (A0,A1,A2,A3), Output word b= (b0,b1,b2,b3), B =τ (A) = (S_box (a0), S_box (A1), S_box (A2), S_box ( A3)
3-word Linear component L-Transform: acts as a diffusion
32-bit input, 32-bit output.
Set input to B and output to c operation rule:
C=l (B) =b⊕ (b<<<2) ⊙ ((b<<<10) ⊙ (b<<<18) ⊙ (b<<<24)
4-word Synthetic transform T:
By the nonlinear transformation tau and the linear transformation L composite;
T (x) =l (Tau (x)). (first s after L)
Summarize
The experiment is a group of experiments, although in the early stage has a certain Python foundation, but to real programming to achieve a complete, complex algorithm or feel a little difficult, so our code is downloaded in CSDN after the study and make some changes. Wing Kin, Mengya, and I each are mainly responsible for researching an algorithm, then in the group discussion, the algorithm to do their own reporting, is the whole team know how to implement the mechanism. I am responsible for the implementation of SM4, this part of the code is compiled by the C language, this approach also broadens their learning ideas.
The implementation of the National secret algorithm