流对称加密算法:TRIVIUM
TRIVIUM是一个面向硬件实现的流式密码算法,其密钥和初始化向量(Initialize Vector,IV)长度均为80位,能提供等同于AES128的安全性。所谓流式密码算法一般通过密钥生成一个“加密字节”,然后用这个加密字节和实际数据进行某种处理(如异或)生成密文。TRIVIUM作为一个密码算法,结构和实现极为简单,且硬件消耗小,内部仅维护36字节状态。TRIVIUM至今未被攻破。注意,TRIVIUM最多加密2^64位数据,如超出则必须更换密钥和IV。
1 初始化
设TRIVIUM内部状态为S1...S288,初始化密钥为K1...K80,初始化向量为IV1...IV80,则初始化过程为
(S1, S2, …, S93) = (K1, K2, … , K80, 0, 0, … 0)
(S94, S95, …, S177) = (IV1, IV2, … IV80, 0, 0,…, 0)
(S178, S179, …, S285, S286, S287, S288) = (0, 0, … 0, 1, 1, 1)
For iter = 1 to 4 * 288 do
T1 = S66 + S91 * S92 + S93 + S171
T2 = S162 + S175 * S176 + S177 + S264
T3 = S243 + S286 * S287 + S288 + S69
(S1, S2, … S93) = (T3, S1, … S92)
(S94, S95 … S177) = (T1, S94, … S176)
(S178, S179, … S288) = (T2, S178, … S287)
End For
2 生成加密位
设需生成N个加密位,第i个输出加密位记为Zi,有
For iter = 1 to N do
T1 = S66 + S93
T2 = S162 + S177
T3 = S243 + S288
Zi = T1 + T2 + T3
T1 = S66 + S91 * S92 + S93 + S171
T2 = S162 + S175 * S176 + S177 + S264
T3 = S243 + S286 * S287 + S288 + S69
(S1, S2, … S93) = (T3, S1, … S92)
(S94, S95 … S177) = (T1, S94, … S176)
(S178, S179, … S288) = (T2, S178, … S287)
End For
结构如下图所示:
C++实例如下:
#include "CSTDIO"
#include "CSTRING"
#include "CSTDLIB"
#include "BITSET"
typedef unsigned char byte;
class TriviumCipher {
public:
TriviumCipher();
~TriviumCipher();
byte generateKeyByte();
private:
std::bitset<288> state;
bool tmp1, tmp2, tmp3;
int iter, iter2;
byte output;
};
int main(int argc, char **argv) {
TriviumCipher *cipher = new TriviumCipher();
byte arr[100];
for(int index = 0; index < 100; index++) {
arr[index] = cipher->generateKeyByte();
printf("%02x", arr[index]);
}
printf("\n");
return 0;
}
TriviumCipher::TriviumCipher() {
std::bitset<80> key;
std::bitset<80> iv;
this->state.set(1);
for(iter = 1; iter < 80; iter++) {
key[iter] = rand() % 2;
iv[iter] = rand() % 2;
}
for(iter = 0; iter < 80; iter++) {
this->state[iter] = key[iter];
}
for(iter = 80; iter < 93; iter++) {
this->state[iter] = 0;
}
for(iter = 93; iter < 173; iter++) {
this->state[iter] = iv[iter - 93];
}
for(iter = 173; iter < 177; iter++) {
this->state[iter] = 0;
}
for(iter = 285; iter < 288; iter++) {
this->state[iter] = 1;
}
for(iter = 0; iter < (4 * 288); iter++ ){
tmp1 = (this->state[65] + this->state[90] * this->state[91] + this->state[92] + this->state[170]) % 2;
tmp2 = (this->state[161] + this->state[174] * this->state[175] + this->state[176] + this->state[263]) % 2;
tmp3 = (this->state[242] + this->state[285] * this->state[286] + this->state[287] + this->state[68]) % 2;
for(iter2 = 92; iter2 > 0; iter2--) {
this->state[iter2] = this->state[iter2 - 1];
}
this->state[0] = tmp3;
for(iter2 = 176; iter2 > 93; iter2--) {
this->state[iter2] = this->state[iter2 - 1];
}
this->state[93] = tmp1;
for(iter2 = 287; iter2 > 177; iter2--) {
this->state[iter2] = this->state[iter2 - 1];
}
this->state[177] = tmp2;
}
}
TriviumCipher::~TriviumCipher() {
}
byte TriviumCipher::generateKeyByte() {
output = 0;
for(iter = 0; iter < 8; iter++) {
tmp1 = (this->state[65] + this->state[92]) % 2;
tmp2 = (this->state[161] + this->state[176]) % 2;
tmp3 = (this->state[242] + this->state[287]) % 2;
output = output << 1;
output |= (tmp1 + tmp2 + tmp3) % 2;
tmp1 = (tmp1 + this->state[90] * this->state[91] + this->state[170]) % 2;
tmp2 = (tmp2 + this->state[174] * this->state[175] + this->state[263]) % 2;
tmp3 = (tmp3 + this->state[285] * this->state[286] + this->state[68]) % 2;
for(iter2 = 92; iter2 > 0; iter2--) {
this->state[iter2] = this->state[iter2 - 1];
}
this->state[0] = tmp3;
for(iter2 = 176; iter2 > 93; iter2--) {
this->state[iter2] = this->state[iter2 - 1];
}
this->state[93] = tmp1;
for(iter2 = 287; iter2 > 177; iter2--) {
this->state[iter2] = this->state[iter2 - 1];
}
this->state[177] = tmp2;
}
return output;
}