From aa0f8faa89610c57e1a1614053f8c6ecd784a3e5 Mon Sep 17 00:00:00 2001 From: Sun Yimin Date: Mon, 16 Oct 2023 16:20:18 +0800 Subject: [PATCH] Updated Efficient Software Implementations of ZUC (markdown) --- Efficient-Software-Implementations-of-ZUC.md | 44 ++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/Efficient-Software-Implementations-of-ZUC.md b/Efficient-Software-Implementations-of-ZUC.md index 1acfbba..5e254ec 100644 --- a/Efficient-Software-Implementations-of-ZUC.md +++ b/Efficient-Software-Implementations-of-ZUC.md @@ -7,6 +7,50 @@ 3. Multi-Buffer, 多路并行 +## S1 Sbox生成 +改编自[AES 和 SM4 的 S 盒生成方法简介](http://zongyue.top:8090/archives/aes%E5%92%8Csm4%E7%9A%84s%E7%9B%92%E7%94%9F%E6%88%90%E6%96%B9%E6%B3%95%E7%AE%80%E4%BB%8B) +```python +from pyfinite import ffield + +gen = 0b110001011 +F = ffield.FField(8, gen, useLUT=0) # 这里一定要写useLUT=0,不然会出问题。。。 + +A = [0b01110111, 0b10111011, 0b11011101, 0b11101110, 0b11001011, 0b01101101, 0b00111110, 0b10010111] + +def zuc_sbox_gen(x): + ''' + 输入x,输出S(x) + ''' + x_inv = F.Inverse(x) + y = 0 + for i, a in enumerate(A): + if(x_inv&(1<<(7-i))): + y ^= a # 若该bit为1,则异或相应列 + return y^0x55 + +def print_table(table): + for i, s in enumerate(table): + print(f'0x%02X'%s,',', end='') + if (i+1) % 16 == 0: + print() + +sbox = [] +for i in range(256): + if i > 0: + sbox.append(zuc_sbox_gen(i)) # 生成sbox + else: + sbox.append(0x55) + +print_table(sbox) +``` +## 从AES S盒计算ZUC S1 +参考[aes和sm4s盒复合域实现方法](http://zongyue.top:8090/archives/aes%E5%92%8Csm4s%E7%9B%92%E5%A4%8D%E5%90%88%E5%9F%9F%E5%AE%9E%E7%8E%B0%E6%96%B9%E6%B3%95)的做法: +$S_{zuc}(x)=L(S_{aes}(Mx)+C$,下面我们尝试进行推导 L, M, C +假设复合域求逆运算为 $f$,则: +$S_{aes}(x)=A_{aes}X_{aes}f(X^{-1}_{aes}x) + 0x63 \rightarrow $ + +$f(X^{-1}_{aes}x)=X^{-1}_{aes}A^{-1}_{aes}S_{aes}(x) \rightarrow $ + ## 参考: 1. [zuc sbox with aesni](https://gist.github.com/emmansun/ae4677d71c75ff8407d5f5b3a884f5d2), This is the pure golang code to study ZUC implementation with AESENCLAST/AESE instruction.