Serpent加密算法代码_serpent解密资源-CSDN文库

共64个文件

c：19个

txt：9个

class：8个

Serpent

加密算法

5星 · 超过95%的资源需积分: 49 128 浏览量 2009-07-14 01:28:16 上传评论收藏 893KB RAR 举报

资源推荐

资源详情

资源评论

收起资源包目录

serpent-package.rar （64个子文件）

README.h 1KB

floppy1

ecb_tbl.c 4KB

ecb_vk.c 4KB

ecb_e_m.c 5KB

cbc_d_m.c 6KB

serpent-reference.c 23KB

ecb_tbl_precomputed.txt 153KB

serpent-test.c 10KB

ecb_d_m.c 5KB

README 1KB

ecb_iv.c 7KB

cbc_e_m.c 6KB

serpent-reference.h 3KB

serpent-tables.h 16KB

ecb_vt.c 4KB

serpent-aux.c 5KB

Makefile 5KB

serpent-aux.h 1KB

serpent-api.h 9KB

floppy2

ecb_vk.c 4KB

ecb_e_m.c 4KB

cbc_d_m.c 4KB

aes.h 3KB

test.c 3KB

ecb_d_m.c 4KB

README 569B

cbc_e_m.c 4KB

serpentsboxes.h 15KB

serpent.h 3KB

ecb_vt.c 4KB

serpent.c 21KB

Makefile 870B

floppy5

submission.pdf 36KB

submission.ps 70KB

README 304B

serpent.ps 226KB

serpent.pdf 173KB

floppy3

src

Serpent

gen_plains.java 13KB

Serpent_Algorithm.java 12KB

Serpent_Standard.java 42KB

Serpent_BitSlice.java 77KB

Serpent_Properties.java 7KB

NIST

test.java 11KB

KAT.java 18KB

MCT.java 28KB

README 2KB

classes

Serpent

Serpent_Algorithm.class 4KB

Serpent_BitSlice.class 35KB

gen_plains.class 9KB

Serpent_Properties.class 4KB

Serpent_Standard.class 32KB

NIST

MCT.class 14KB

KAT.class 10KB

test.class 7KB

Serpent.jar 50KB

floppy4

ecb_tbl.txt 160KB

cbc_d_m.txt 204KB

ecb_e_m.txt 161KB

ecb_d_m.txt 155KB

README 535B

ecb_vt.txt 31KB

ecb_vk.txt 58KB

cbc_e_m.txt 204KB

ecb_iv.txt 27KB

Serpent: A Proposal for the

Advanced Encryption Standard

Ross Anderson

Eli Biham

Lars Knudsen

Cambridge University, England; email rja14@cl.cam.ac.uk

Technion, Haifa, Israel; email biham@cs.technion.ac.il

University of Bergen, Norway; email lars.knudsen@ii.uib.no

Abstract. We propose a new block cipher as a candidate for the Ad-

vanced Encryption Standard. Its design is highly conservative, yet still

allows a very eﬃcient implementation. It uses S-boxes similar to those

of DES in a new structure that simultaneously allows a more rapid

avalanche, a more eﬃcient bitslice implementation, and an easy anal-

ysis that enables us to demonstrate its security against all known types

of attack. With a 128-bit block size and a 256-bit key, it is as fast as DES

on the market leading Intel Pentium/MMX platforms (and at least as

fast on many others); yet we believe it to be more secure than three-key

triple-DES.

1 Introduction

For many applications, the Data Encryption Standard algorithm is nearing the

end of its useful life. Its 56-bit key is too small, as shown by a recent distributed

key search exercise [28]. Although triple-DES can solve the key length problem,

the DES algorithm was also designed primarily for hardware encryption, yet the

great majority of applications that use it today implement it in software, where

it is relatively ineﬃcient.

For these reasons, the US National Institute of Standards and Technology

has issued a call for a successor algorithm, to be called the Advanced Encryption

Standard or AES. The essential requirement is that AES should be both faster

than triple DES and at least as secure: it should have a 128 bit block length and

a 256 bit key length (though keys of 128 and 192 bits must also be supported).

In this paper, we present a candidate for AES. Our design philosophy has

been highly conservative; we did not feel it appropriate to use novel and untested

ideas in a cipher which, if accepted after a short review period, will be used to

protect enormous volumes of ﬁnancial transactions, health records and govern-

ment information over a period of decades.

We initially decided to use the S-boxes from DES, which have been studied

intensely for many years and whose properties are thus well understood, in a new

structure optimized for eﬃcient implementation on modern processors while si-

multaneously allowing us to apply the extensive analysis already done on DES.

The resulting design gave an algorithm (to which we will refer as Serpent-0) that

was as fast as DES and yet more secure than three-key triple-DES, provided a

192 or 256 bit key was selected. This design was published at the 5th Interna-

tional Workshop on Fast Software Encryption [10] in order to give the maximum

possible time for public review. Since then we have sought to strengthen the algo-

rithm and improve its performance. As a result, we have selected new, stronger,

S-boxes and changed the key schedule slightly. We can now show that our design

(which we will call Serpent-1, or more brieﬂy, Serpent) resists all known attacks,

including those based on both diﬀerential [12] and linear [27] techniques, with

very generous safety margins.

The Serpent ciphers were inspired by recent ideas for bitslice implementation

of ciphers [6]. However, unlike (say) the bitslice implementation of DES, which

encrypts 64 diﬀerent blocks in parallel in order to gain extra speed, Serpent is

designed to allow a single block to be encrypted eﬃciently by bitslicing. This

allows the usual modes of operations to be used, so there is no need to change

the environment to gain the extra speed.

Serpent achieves its high performance by a design that makes very eﬃcient

use of parallelism, and this extends beyond the level of the algorithm itself. For

example, in many applications, we wish to compute a MAC and perform CBC

encryption simultaneously with diﬀerent keys; and as we will see below, our

design enables this to be done very eﬃciently on a processor with two 32-bit

integer ALUs (such as the popular Intel MMX series) and almost as eﬃciently

on a 64-bit processor (such as the DEC Alpha).

2 The Cipher

Serpent is a 32-round SP-network operating on four 32-bit words, thus giving

a block size of 128 bits. All values used in the cipher are represented as bit-

streams. The indices of the bits are counted from 0 to bit 31 in one 32-bit

word, 0 to bit 127 in 128-bit blocks, 0 to bit 255 in 256-bit keys, and so on.

For internal computation, all values are represented in little-endian, where the

ﬁrst word (word 0) is the least signiﬁcant word, and the last word is the most

signiﬁcant, and where bit 0 is the least signiﬁcant bit of word 0. Externally, we

write each block as a plain 128-bit hex number.

Serpent encrypts a 128-bit plaintext P to a 128-bit ciphertext C in 32 rounds

under the control of 33 128-bit subkeys

,...,

. The user key length is

variable, but for the purposes of this submission we ﬁx it at 128, 192 or 256

bits; short keys with less than 256 bits are mapped to full-length keys of 256

bits by appending one “1” bit to the MSB end, followed by as many “0” bits

as required to make up 256 bits. This mapping is designed to map every short

key to a full-length key, with no two short keys being equivalent. (We do not

propose, for example, the use of 40-bit keys, but if they are required in some

applications, then our padding method can cope with them.) There are no other

restrictions on the keyspace.

The cipher itself consists of:

– an initial permutation IP;

– 32 rounds, each consisting of a key mixing operation, a pass through S-boxes,

and (in all but the last round) a linear transformation. In the last round,

this linear transformation is replaced by an additional key mixing operation;

– a ﬁnal permutation FP.

The initial and ﬁnal permutations do not have any cryptographic signiﬁcance.

They are used to simplify an optimized implementation of the cipher, which

is described in the next section, and to improve its computational eﬃciency.

Both these two permutations and the linear transformation are speciﬁed in the

appendix; their design principles will be made clear in the next section.

We use the following notation. The initial permutation IP is applied to the

plaintext P giving

, which is the input to the ﬁrst round. The rounds are

numbered from 0 to 31, where the ﬁrst round is round 0 and the last is round 31.

The output of the ﬁrst round (round 0) is

, the output of the second round

(round 1) is

, the output of round i is

i+1

, and so on, until the output of the

last round (in which the linear transformation is replaced by an additional key

mixing) is denoted by

. The ﬁnal permutation FP is now applied to give the

ciphertext C.

Each round function R

(i ∈{0,...,31} uses only a single replicated S-box.

For example, R

uses S

, 32 copies of which are applied in parallel. Thus the ﬁrst

copy of S

takesbits0,1,2and3of

⊕

as its input and returns as output

the ﬁrst four bits of an intermediate vector; the next copy of S

inputs bits 4–7 of

⊕

and returns the next four bits of the intermediate vector, and so on. The

intermediate vector is then transformed using the linear transformation, giving

. Similarly, R

uses 32 copies of S

in parallel on

⊕

and transforms

their output using the linear transformation, giving

The set of eight S-boxes is used four times. Thus after using S

in round 7,

we use S

again in round 8, then S

in round 9, and so on. The last round R

is slightly diﬀerent from the others: we apply S

⊕

, and XOR the

result with

rather than applying the linear transformation. The result

is then permuted by FP, giving the ciphertext.

Thus the 32 rounds use 8 diﬀerent S-boxes each of which maps four input

bits to four output bits. Each S-box is used in precisely four rounds, and in each

of these it is used 32 times in parallel. The S-box design is discussed below.

As with DES, the ﬁnal permutation is the inverse of the initial permutation.

Thus the cipher may be formally described by the following equations:

:= IP(P)

i+1

:= R

(

)

C := FP(

)

where

(X)=L(

(X⊕

)) i =0,...,30

(X)=

(X⊕

)⊕

i =31

where

is the application of the S-box S

i mod 8

32 times in parallel, and L

is the linear transformation.

Although each round of the proposed cipher might seem weaker than a round

of DES, this is not the case. For example, the probability of the best six-round

characteristic of DES is about 2

−20

, while for Serpent the corresponding ﬁgure

is less than 2

−58

. 16-round Serpent would be as secure as triple-DES, and twice

as fast as DES. However, AES may persist for 25 years as a standard and a

further 25 years in legacy systems, and will have to withstand advances in both

engineering and cryptanalysis during that time. We therefore propose 32 rounds

to put the algorithm’s security beyond question. This gives us a cipher that is

about as fast as DES but very more secure than 3DES.

2.1 The S-boxes

The S-boxes of Serpent are 4-bit permutations with the following properties:

– each diﬀerential characteristic has a probability of at most 1/4, and a one-bit

input diﬀerence will never lead to a one-bit output diﬀerence;

– each linear characteristic has a probability in the range 1/2 ± 1/4, and a

linear relation between one single bit in the input and one single bit in the

output has a probability in the range 1/2 ± 1/8;

– the nonlinear order of the output bits as a function of the input bits is the

maximum, namely 3.

The S-boxes were generated in the following manner, which was inspired by

RC4. We used a matrix with 32 arrays each with 16 entries. The matrix was

initialised with the 32 rows of the DES S-boxes and transformed by swapping

the entries in the rth array depending on the value of the entries in the (r +1)st

array and on an initial string representing a key. If the resulting array has the

desired (diﬀerential and linear) properties, save the array as a Serpent S-box.

Repeat the procedure until 8 S-boxes have been generated.

More formally, let serpent[·] be an array containing the least signiﬁcant four

bits of each of the 16 ASCII characters in the expression “sboxesforserpent”.

Let sbox[·][·]bea(32×16)-array containing the 32 rows of the 8 DES S-

boxes, where sbox[r][·] denotes the rth row. The function swapentries(·, ·)is

self-explanatory. The following pseudo-code generates the Serpent S-boxes.

index := 0

repeat

currentsbox := index modulo 32;

for i:=0 to 15 do

j := sbox[(currentsbox+1) modulo 32][serpent[i]];

swapentries (sbox[currentsbox][i],sbox[currentsbox][j]);

if sbox[currentsbox][.] has the desired properties, save it;

index := index + 1;

until 8 S-boxes have been generated

In Serpent-0, we used the DES S-boxes in order to inspire a high level of public

conﬁdence that we had not inserted any trapdoor in them. A similar assurance

for Serpent-1 comes from the fact that the S-boxes have been generated in this

simple deterministic manner.

2.2 Decryption

Decryption is diﬀerent from encryption in that the inverse of the S-boxes must

be used in the reverse order, as well as the inverse linear transformation and

reverse order of the subkeys.

3 An Eﬃcient Implementation

Much of the motivation for the above design will become clear as we consider

how to implement the algorithm eﬃciently. We do this in bitslice mode. For a

full description of a bitslice implementation of DES, see [6]; the basic idea is that

just as one can use a 1-bit processor to implement an algorithm such as DES

by executing a hardware description of it, using a logical instruction to emulate

each gate, so one can also use a 32-bit processor to compute 32 diﬀerent DES

blocks in parallel — in eﬀect, using the CPU as a 32-way SIMD machine.

This is much more eﬃcient than the conventional implementation, in which

a 32-bit processor is mostly idle as it computes operations on 6 bits, 4 bits, or

even single bits. The bitslice approach was used in the recent successful DES

key search [28], in which spare CPU cycles from thousands of machines were

volunteered to solve a challenge cryptogram. However the problem with using

bitslice techniques for DES encryption (as opposed to keysearch) is that one has

to process many blocks in parallel, and although special modes of operation can

be designed for this, they are not the modes in common use.

Our cipher has therefore been designed so that all operations can be executed

using 32-fold parallelism during the encryption or decryption of a single block.

Indeed the bitslice description of the algorithm is much simpler than its con-

ventional description. No initial and ﬁnal permutations are required, since the

initial and ﬁnal permutations described in the standard implementation above

are just those needed to convert the data from and to the bitslice representa-

tion. We will now present an equivalent description of the algorithm for bitslice

implementation.

The cipher consists simply of 32 rounds. The plaintext becomes the ﬁrst

intermediate data B

= P , after which the 32 rounds are applied, where each

round i ∈{0,...,31} consists of three operations:

1. Key Mixing: At each round, a 128-bit subkey K

is exclusive or’ed with the

current intermediate data B

2. S-Boxes: The 128-bit combination of input and key is considered as four

32-bit words. The S-box, which is implemented as a sequence of logical op-

erations (as it would be in hardware) is applied to these four words, and the

评论收藏

内容反馈

zhaoyj1972

2013-05-01

程序感觉是全的，但不知道为什么加密后无法解密，本程序？？？，其它地方又找不到，唉
liu_bo_taogood

2014-10-15

对我有些帮助

zhiji

粉丝: 5
资源: 3

Serpent加密算法代码

Serpent加密算法

SERPENT算法实现

Serpent算法 python 实现.rar

matlab代码如何加密-serpent:Matlab蛇算法

ChaCha20加密算法C语言源代码

C＃中的IDEA和SERPENT加密算法

组密码算法Serpent_256的差分代数分析_王美琴

EncryptTools 字符串 加密 解密 工具

Encryptor(字符串加密和解密器)

加密算法参考代码

各种加密算法的代码

加密算法代码库

各种加密算法代码

Serpent:将你的python代码转换成蛇和剑

Serpent-开源

app-release.apk

DES加密算法代码.doc

DES 加密算法代码(C++)

C实现DES加密算法(代码)

DES加密算法的C代码

单片机上的DES加密算法代码

DES加密算法(代码)

几百种加密算法库 ( C/C++代码 )

C加密算法代码

AES加密算法代码

md5加密算法c语言代码

java 加密算法的代码实现

一个代码行很短的对称加密算法

idea加密算法代码

最新资源

EncryptTools 字符串加密解密工具