区块链教程区块链背后的信息安全2DES、3DES加密算法原理二

Feistel轮函数

每次Feistel轮函数内部,均经过4种运算,即:

  • 1、扩展置换:右侧32位做扩展置换,扩展置换将32位输入扩展成为48位输出,使得扩展后输出数据长度与48位子密钥等长。
  • 2、异或运算:右侧32位扩展置换为48位后,与48位子密钥做异或运算。
  • 3、S盒置换:将异或运算后的48位结果,分成8个6位的块,每块通过S盒置换产生4位的输出,8个块S盒置换后组成32位的输出。
    S盒置换的过程为:6位中取第1位和第6位组成行号,剩余第2、3、4、5位组成列号,从S盒置换表中取出相应行、列的十进制数,并转化为4位二进制数,即为S盒输出。
  • 4、P盒置换:S盒置换后的32位输出数据,进行P盒置换,仍然输出为32位数据。

go标准库中DES Feistel轮函数代码如下:

func feistel(right uint32, key uint64) (result uint32) {
????//右侧32位扩展置换为48位,并与48位子密钥做异或运算
????sBoxLocations := key ^ expandBlock(right)
????var sBoxResult uint32
????for i := uint8(0); i < 8; i++ {
????????//sBoxLocations>>42、sBoxLocations <<= 6,按每6位分块
????????sBoxLocation := uint8(sBoxLocations>>42) & 0x3f
????????sBoxLocations <<= 6
????????//6位中取第1位和第6位组成行号
????????row := (sBoxLocation & 0x1) | ((sBoxLocation & 0x20) >> 4)
????????//剩余第2、3、4、5位组成列号
????????column := (sBoxLocation >> 1) & 0xf
????????//feistelBox包括了S盒置换和P盒置换的实现
????????sBoxResult ^= feistelBox[i][16*row+column]
????}
????return sBoxResult
}

var feistelBox [8][64]uint32

//P盒置换
func permuteBlock(src uint64, permutation []uint8) (block uint64) {
????for position, n := range permutation {
????????bit := (src >> n) & 1
????????block |= bit << uint((len(permutation)-1)-position)
????}
????return
}

//初始化feistelBox
func init() {
????for s := range sBoxes {
????????for i := 0; i < 4; i++ {
????????????for j := 0; j < 16; j++ {
????????????????f := uint64(sBoxes[s][i][j]) << (4 * (7 - uint(s)))
????????????????f = permuteBlock(f, permutationFunction[:])
????????????????feistelBox[s][16*i+j] = uint32(f)
????????????}
????????}
????}
}
//代码位置src/crypto/des/block.go

附go标准库中使用的扩展置换表和P盒置换表:

//扩展置换表
var expansionFunction = [48]byte{
????0, 31, 30, 29, 28, 27, 28, 27,
????26, 25, 24, 23, 24, 23, 22, 21,
????20, 19, 20, 19, 18, 17, 16, 15,
????16, 15, 14, 13, 12, 11, 12, 11,
????10, 9, 8, 7, 8, 7, 6, 5,
????4, 3, 4, 3, 2, 1, 0, 31,
}

//P盒置换表
var permutationFunction = [32]byte{
????16, 25, 12, 11, 3, 20, 4, 15,
????31, 17, 9, 6, 27, 14, 1, 22,
????30, 24, 8, 18, 0, 5, 29, 23,
????13, 19, 2, 26, 10, 21, 28, 7,
}
//代码位置src/crypto/des/const.go

附go标准库中使用的S盒置换表:

var sBoxes = [8][4][16]uint8{
????// S-box 1
????{
????????{14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7},
????????{0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8},
????????{4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0},
????????{15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13},
????},
????// S-box 2
????{
????????{15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10},
????????{3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5},
????????{0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15},
????????{13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9},
????},
????// S-box 3
????{
????????{10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8},
????????{13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1},
????????{13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7},
????????{1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12},
????},
????// S-box 4
????{
????????{7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15},
????????{13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9},
????????{10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4},
????????{3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14},
????},
????// S-box 5
????{
????????{2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9},
????????{14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6},
????????{4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14},
????????{11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3},
????},
????// S-box 6
????{
????????{12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11},
????????{10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8},
????????{9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6},
????????{4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13},
????},
????// S-box 7
????{
????????{4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1},
????????{13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6},
????????{1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2},
????????{6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12},
????},
????// S-box 8
????{
????????{13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7},
????????{1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2},
????????{7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8},
????????{2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11},
????},
}
//代码位置src/crypto/des/const.go

3DES

DES是一个经典的对称加密算法,但也缺陷明显,即56位的密钥安全性不足,已被证实可以在短时间内破解。
为解决此问题,出现了3DES,也称Triple DES,3DES为DES向AES过渡的加密算法,它使用3条56位的密钥对数据进行三次加密。
为了兼容普通的DES,3DES并没有直接使用加密->加密->加密的方式,而是采用了加密->解密->加密的方式。
当三重密钥均相同时,前两步相互抵消,相当于仅实现了一次加密,因此可实现对普通DES加密算法的兼容。
3DES解密过程,与加密过程相反,即逆序使用密钥。

go标准中3DES加密算法的实现如下:

type tripleDESCipher struct {
????cipher1, cipher2, cipher3 desCipher
}

func NewTripleDESCipher(key []byte) (cipher.Block, error) {
????if len(key) != 24 {
????????return nil, KeySizeError(len(key))
????}

????c := new(tripleDESCipher)
????c.cipher1.generateSubkeys(key[:8])
????c.cipher2.generateSubkeys(key[8:16])
????c.cipher3.generateSubkeys(key[16:])
????return c, nil
}

//3DES加密
func (c *tripleDESCipher) Encrypt(dst, src []byte) {
????c.cipher1.Encrypt(dst, src)
????c.cipher2.Decrypt(dst, dst)
????c.cipher3.Encrypt(dst, dst)
}

//3DES解密
func (c *tripleDESCipher) Decrypt(dst, src []byte) {
????c.cipher3.Decrypt(dst, src)
????c.cipher2.Encrypt(dst, dst)
????c.cipher1.Decrypt(dst, dst)
}
//代码位置src/crypto/des/cipher.go

后记

相比DES,3DES因密钥长度变长,安全性有所提高,但其处理速度不高。
因此又出现了AES加密算法,AES较于3DES速度更快、安全性更高,后续单独总结。

感谢关注兄弟连区块链教程分享!

原文地址:http://blog.51cto.com/14041296/2315037

时间: 2024-10-31 19:22:44

区块链教程区块链背后的信息安全2DES、3DES加密算法原理二的相关文章

区块链教程区块链信息安全3椭圆曲线加解密及签名算法的技术原理一

区块链教程区块链信息安全3椭圆曲线加解密及签名算法的技术原理一,2018年下半年,区块链行业正逐渐褪去发展之初的浮躁.回归理性,表面上看相关人才需求与身价似乎正在回落.但事实上,正是初期泡沫的渐退,让人们更多的关注点放在了区块链真正的技术之上. 椭圆曲线加解密及签名算法的技术原理及其Go语言实现 椭圆曲线加密算法,即:Elliptic Curve Cryptography,简称ECC,是基于椭圆曲线数学理论实现的一种非对称加密算法.相比RSA,ECC优势是可以使用更短的密钥,来实现与RSA相当或

兄弟连区块链教程open-ethereum-pool矿池源码分析unlocker模块

兄弟连区块链教程open-ethereum-pool以太坊矿池源码分析unlocker模块open-ethereum-pool以太坊矿池-unlocker模块 unlocker模块配置 json"unlocker": {????"enabled": false,????"poolFee": 1.0,????"poolFeeAddress": "",????"donate": true,?

区块链教程交易所基础开发通过接口查询币种的提币情况-etc

兄弟连区块链教程交易所基础开发通过接口查询币种的提币情况-etcpackage main import ("fmt" "github.com/buger/jsonparser" "github.com/levigross/grequests" ) // HTTPGet .func HTTPGet(url string, requestOptions *grequests.RequestOptions) (response []byte, err

区块链教程基础开发通过接口查询币种的提币情况-dash

兄弟连区块链教程基础开发通过接口查询币种的提币情况-dash:package main import ("encoding/json""fmt""math" "github.com/buger/jsonparser" "github.com/levigross/grequests" ) const min = 0.000000000001 func isEqual(f1, f2 float64) bool

区块链教程交易所基础开发通过接口查询各个币种的提币情况-eth

兄弟连区块链教程交易所基础开发通过接口查询各个币种的提币情况-eth package main import ( "errors" "fmt" "math" "strconv" "strings" "github.com/buger/jsonparser" "github.com/levigross/grequests" ) const min = 0.0000000

区块链教程open-ethereum-pool矿池源码分析main入口

兄弟连区块链教程open-ethereum-pool矿池源码分析main入口,2018年下半年,区块链行业正逐渐褪去发展之初的浮躁.回归理性,表面上看相关人才需求与身价似乎正在回落.但事实上,正是初期泡沫的渐退,让人们更多的关注点放在了区块链真正的技术之上. open-ethereum-pool以太坊矿池-main入口 命令行启动 ./build/bin/open-ethereum-pool config.json config.json配置文件 { ????"threads": 2,

区块链教程btcpool矿池源码分析StratumServer模块解析

兄弟连区块链教程btcpool矿池源码分析StratumServer模块解析 核心机制总结 接收的job延迟超过60秒将丢弃 如果job中prevHash与本地job中prevHash不同,即为已产生新块,job中isClean状态将置为true????* true即要求矿机立即切换job 三种情况下将向矿机下发新job:???? 收到新高度的job???? 过去一个job为新高度且为空块job,且最新job为非空块job????* 达到预定的时间间隔30秒 最近一次下发job的时间将写入文件(

区块链教程以太源码分析accounts账户管理分析

区块链教程以太源码分析accounts账户管理分析. 数据结构分析 ETH的账户管理定义在accounts/manager.go中,其数据结构为: // Manager is an overarching account manager that can communicate with various // backends for signing transactions. type Manager struct { backends map[reflect.Type][]Backend /

区块链教程以太坊源码分析core-state-process源码分析(二)

兄弟连区块链教程以太坊源码分析core-state-process源码分析(二):关于g0的计算,在黄皮书上由详细的介绍和黄皮书有一定出入的部分在于if contractCreation && homestead {igas.SetUint64(params.TxGasContractCreation) 这是因为 Gtxcreate+Gtransaction = TxGasContractCreation func IntrinsicGas(data []byte, contractCre