Updated Efficient Software Implementations of ZUC (markdown)

Efficient-Software-Implementations-of-ZUC.md

@@ -7,6 +7,50 @@
 
 3. Multi-Buffer, 多路并行
 
+## S1 Sbox生成
+改编自[AES 和 SM4 的 S 盒生成方法简介](http://zongyue.top:8090/archives/aes%E5%92%8Csm4%E7%9A%84s%E7%9B%92%E7%94%9F%E6%88%90%E6%96%B9%E6%B3%95%E7%AE%80%E4%BB%8B)
+```python
+from pyfinite import ffield
+
+gen = 0b110001011
+F = ffield.FField(8, gen, useLUT=0) # 这里一定要写useLUT=0，不然会出问题。。。
+
+A = [0b01110111, 0b10111011, 0b11011101, 0b11101110, 0b11001011, 0b01101101, 0b00111110, 0b10010111]
+
+def zuc_sbox_gen(x):
+    '''
+    输入x，输出S(x)
+    '''
+    x_inv = F.Inverse(x)
+    y = 0
+    for i, a in enumerate(A):
+        if(x_inv&(1<<(7-i))):
+            y ^= a  # 若该bit为1，则异或相应列
+    return y^0x55
+
+def print_table(table):
+    for i, s in enumerate(table):
+        print(f'0x%02X'%s,',', end='')    
+        if (i+1) % 16 == 0:
+            print()
+
+sbox = []
+for i in range(256):
+    if i > 0:
+        sbox.append(zuc_sbox_gen(i))  # 生成sbox
+    else:
+        sbox.append(0x55)
+
+print_table(sbox)
+```
+## 从AES S盒计算ZUC S1
+参考[aes和sm4s盒复合域实现方法](http://zongyue.top:8090/archives/aes%E5%92%8Csm4s%E7%9B%92%E5%A4%8D%E5%90%88%E5%9F%9F%E5%AE%9E%E7%8E%B0%E6%96%B9%E6%B3%95)的做法：  
+$S_{zuc}(x)=L(S_{aes}(Mx)+C$，下面我们尝试进行推导 L, M, C  
+假设复合域求逆运算为  $f$，则:  
+$S_{aes}(x)=A_{aes}X_{aes}f(X^{-1}_{aes}x) + 0x63 \rightarrow $  
+  
+$f(X^{-1}_{aes}x)=X^{-1}_{aes}A^{-1}_{aes}S_{aes}(x) \rightarrow $  
+
 ## 参考：
 
 1. [zuc sbox with aesni](https://gist.github.com/emmansun/ae4677d71c75ff8407d5f5b3a884f5d2), This is the pure golang code to study ZUC implementation with AESENCLAST/AESE instruction.