Do you want to learn the national secret algorithm?

About this article

National Cryptozoology refers to the domestic cryptographic algorithm recognized by the State Cryptozoology Bureau. Mainly include SM1, SM2, SM3 and SM4. The key length and block length are both 128 bits.

• SM1 is symmetric encryption,
• SM2 is asymmetric encryption, (RSA)
• SM3 message digest, (HASH)
• SM4 block cipher algorithm (AES).

This article will briefly introduce the workflow of the four major state secrets. The focus is on understanding the application scenarios of the four major state secret algorithms. The details of the algorithms will not be covered. If there are any, you can skip them.

I hope you will have a general understanding of the state secrets after reading this article. Because of the particularity of the state secrets, this is a feature that many products have to consider in China. Even if foreign giants including ARM and other giants want to enter the Chinese market, many When introducing products, they will emphasize that their products support national secrets and have passed certification.

1、SM1

1. Introduction to SM1

SM1 is symmetric encryption , and the algorithm implementation principle of its algorithm has not been disclosed. Its encryption strength is equivalent to AES , and it needs to call the interface of the encryption chip to use it . SM1's key length of up to 128 bits and the strength and non-disclosure of the algorithm itself ensure communication security.

Since the SM1 encryption algorithm is not public, we cannot know its internal principles, so we cannot implement it in code here.

2. SM1 application scenarios

SM 1 is packaged into a chip by a specific organization certified by the State Secretariat Office, and sold to designated manufacturers. The SM1 algorithm has been widely used in various fields such as e-commerce, government affairs, and national economy and people's livelihood (such as national government affairs, police and other institutional fields). Currently, the series of chips, smart IC cards, encryption cards, encryption machines and other security products on the market all use the SM1 algorithm.

Data encryption includes software encryption and hardware encryption. Software encryption refers to relying solely on code to protect software without requiring specific hardware services. The most prominent advantages of software encryption are its low cost, simple implementation, and good flexibility and portability. However , software-implemented encryption requires the full participation of the CPU, which may cause unnecessary waiting and interruptions, leading to a waste of system resources. Especially when using software encryption to process massive data, there is a risk of hard disk read and write bottlenecks . Hardware encryption uses an encryption chip integrated on the CPU chip to achieve**. The encryption process is independent of the CPU and is completed within the chip, which can effectively prevent data from being tampered with**. Most banks use hard encryption, and the underlying algorithm often contains SM1.

An encryption card integrates encryption and authentication algorithms such as AES, DES, and MDS on a chip. The chip is made into a support card (i.e., encryption card). All operations involved in data encryption, decryption, and authentication are completed on the card. This in turn speeds up the encryption and decryption process and improves the overall performance of the device. At present, encryption cards are generally divided into two categories:

• One is an encryption card that implements universal encryption, decryption and verification algorithms.
• The other is an encryption card that implements the national secret algorithm (SM1).

2、SM2

National secret SM2 is asymmetric encryption, also known as public key cryptography ; the essence of the national secret algorithm is elliptic curve encryption . For more information about symmetric encryption and asymmetric encryption, please refer to the article "In-depth Understanding of Symmetric Encryption and Asymmetric Encryption" written by the author.

The SM2 elliptic curve public key cryptography (ECC) algorithm is my country's public key cryptography algorithm standard. The main contents of the SM2 algorithm include 3 parts:

• Digital signature algorithm;
• key exchange protocol
• Public key encryption algorithm.

1. Formation process of SM2

Among all public key cryptography, ECC and RSA are more widely used; and under the same security strength, the private key bit length and system parameters of ECC are much smaller than that of RSA, which means that the storage space required for applying ECC is much smaller. Much smaller, the bandwidth requirements of the transmission station are lower, the number of logic gates of the logic circuit required for hardware implementation of ECC is much less than that of RSA, and the power consumption is lower . This makes ECC more suitable than RSA for implementation into devices with severely limited resources, such as mobile communication devices, wireless communication devices and smart cards with low power consumption requirements.

The advantages of ECC make it the public key cryptography algorithm with the most development potential and application prospects. By 2000, many countries and industry organizations in the world had adopted ECC as the public key cryptography algorithm standard.

In this context, our country has organized research on ECC with independent intellectual property rights since 2001. By using public-key cryptographic algorithm design and security analysis theories and methods recognized by the international cryptography community, we have absorbed existing ECC research results at home and abroad. , the SM2 algorithm was developed in 2004.

The SM2 algorithm was first publicly released in December 2010, became China's commercial encryption standard in March 2012 (standard number GM/T0003-2012), and became China's national encryption standard in August 2016 (standard number GB/T 32918-2016 ).

2. Elliptic curve

On the finite field K, it takes the form of the following equation:

The equation of is called the Weierstrass equation, where O=[0,1,0] is the only point whose Z coordinate is zero, which is called the infinity point. Let x=X/Z, y=Y/Z, the equation can be written as:

And there is still an infinite point O. For the coefficients in the equation, define

in:

When Δ ≠ 0, the elliptic curve is non-singular [1], that is, for all projective points P=(X ∶ Y ∶ Z) that satisfy F(X,Y,Z)=0, F is at 3 of the P points Partial derivative

Must not all be 0.

When the characteristic of K is not 2 or 3, the Weierstrass equation has the following form:

Among them: E:y2=x3+Ax2+B is the elliptic curve recommended by the State Cryptozoology Bureau. This article also implements the algorithm based on this curve.

3. Basic operations on elliptic curves

For this part, please refer to the article we have studied together before: [Should we learn the ECC algorithm? 】

4. Summary of SM2

The SM2 algorithm is an ECC algorithm with independent intellectual property rights developed by my country on the basis of absorbing international advanced results. It is equivalent to or slightly better than similar international ECC algorithms in terms of security and implementation efficiency. It can replace RSA to meet various needs. The application has higher requirements for the security and implementation efficiency of public key cryptography algorithms, and has broad promotion and application prospects.

3、SM3

1. Introduction to SM3

The SM3 password hash algorithm is China's commercial password hash algorithm standard published by the State Cryptozoology Administration of China . This algorithm was designed by Wang Xiaoyun and others. It groups message bits and outputs hash value bits, using the Merkle Damgard structure.

The SM3 algorithm is a cryptographic hash function standard that is based on the concept of a cryptographic hash function and can map data of any length into a fixed-length hash value. The input of the SM3 algorithm can be any binary data, and the output is a fixed-length binary hash value.

The SM3 algorithm process includes the following steps:

• Initialization: First, you need to choose an initial value, which is randomly generated and needs to be kept secret throughout the algorithm.
• Data processing: Split the input data into multiple data blocks and process each data block. The processing process includes a series of linear transformations and non-linear transformations, which confuse and diffuse the data blocks to ensure the randomness and unpredictability of the final hash value.
• Output: The final hash value is generated based on the processed data blocks. A fixed-length hash value is obtained by splicing and intercepting the data blocks.

Generally speaking, the SM3 algorithm is an efficient and secure password hash function that can resist common attacks, such as brute force attacks, collision attacks, etc.

The compression function of the cryptographic hash algorithm has a similar structure to the compression function of . However, the structure of the compression function of the cryptographic hash algorithm and the design of the message expansion process are more complex. For example, each round of the compression function uses a message word, and the message expansion process Each round of the process uses a message word, etc.

The SM3 cryptographic hash algorithm message group length is 512b, and the digest length is 256b. The compression function state is 256 b, with a total of 64 steps of operation.

2. Algorithm description of SM3

2.1. Constants and functions in cryptographic hash algorithms

Initial value: The initial value of the SM3 password hash algorithm is 256 b in total, consisting of 8 32b concatenations. The specific values ​​are as follows:

constant

boolean function

X and Y in the above formula are 32-bit words.

permutation function

X and Y in the above formula are 32-bit words.

2.2. SM3 algorithm description

For a message M with a length of l (l is less than 2 raised to the power of 64) bits, the SM3 cryptographic hash algorithm generates a hash value through message filling and iterative compression, and the length of the hash value is 256 bits.

• Message padding
  Assume that the length of the message input is l (l is less than 2 raised to the power of 64) bits. First add bit "1" to the end of the message, and then add k "0"s, where k is the smallest non-negative integer that satisfies k + l + 1 = 448 mod 512. Then add a 64-bit bit string, which is the binary representation of length l. The M-bit length of the padded message is a multiple of 512.

For example: for the message 01100001 01100010 01100011, the length l =24, the bit string is obtained after padding:

• Iterative compression
  Iterative compression is the main operation of the SM3 cryptographic hash algorithm, and this step produces the final hash value. The iterative compression process can be expressed as follows:

Group the filled message M into 512 bits:

Where: n = (k + 1 + l + 64) / 512

Iterate as follows:

Among them, CF is the compression function, V (0) is the 256-bit initial value IV, B (i) is the filled message grouping, and the result of iterative compression is V (n), which is also the hash value of message M.

• Message expansion

Group message B (i) Expand to generate words W0, W1...W67; W0', W1'...W63' according to the following method, which are used for compression function CF:

• compression function

The characters are stored in big-endian format.

• Hash value

Outputs a 256-bit hash value

3. Summary of SM3

The design and application of hash functions have been developed for more than decades. Since the birth of the first directly constructed hash function, the cryptography community has generally believed that constructing a secure hash function is to construct a collision-resistant compression function . However, as Wang Xiaoyun and others successfully cracked MD5 and other hash functions, hash functions designed based on the traditional MD structure were proven to be unsafe.

Therefore, the design and analysis of hash functions has become a major research hotspot in the cryptography community, especially the current research on the latest hash algorithms, which has promoted the climax of research on hash functions. The research on the number of SM3 rounds will be the climax. The SM3 algorithm that reduces the number of rounds will be used to conduct randomness analysis and the boomerang attack method of the 32-round, 33-round, 34-round and 35-round algorithms. However, how to analyze the primitive roots, collisions and second primitive roots of algorithms with more rounds is also an issue that requires further research.

4、SM4

1. Introduction to SM4

SM4 is a block cipher algorithm with Feistel structure, and its block length and key length are both 128 bits. Both the encryption and decryption algorithm and the key expansion algorithm adopt a 32-round nonlinear iteration structure. The decryption algorithm has the same structure as the encryption algorithm, except that the round keys are used in the reverse order, that is, the round keys used by the decryption algorithm are the reverse order of the round keys used by the encryption algorithm.

2. SM4 algorithm process

The SM4 algorithm is a symmetric encryption algorithm that is widely used in China's e-government, e-commerce and other fields. The process of SM4 algorithm can be divided into the following steps:

• The key expansion
  SM4 algorithm uses block encryption, and the length of each block is 128 bits. First, the key needs to be expanded into a series of subkeys, each subkey is used to encrypt and decrypt a group. The generation process of the sub-key is obtained by using the original key through a series of transformations. The specific transformation process includes S-box table lookup, P-box replacement, XOR operation, etc.

• Block encryption
  divides the plaintext message into several 128-bit blocks, and each group is independently encrypted. The specific encryption process is as follows:

  • XOR the current group with the previous encrypted group to obtain the intermediate result.
  • The intermediate result undergoes a series of transformations (including S-box lookup table, P-box replacement, etc.) to obtain the encrypted result.
  • XOR the encrypted result with the next group to obtain the encryption result of the current group.

• Group decryption
  The decryption process is similar to the encryption process. The specific steps are as follows:

  • XOR the current group with the previous decrypted group to get the intermediate result.
  • The intermediate result is subjected to a series of inverse transformations (including inverse S-box lookup table, inverse P-box permutation, etc.) to obtain the original plaintext message.
  • XOR the original plaintext message with the next group to get the decryption result of the current group.
    The SM4 algorithm has high security, efficiency and compatibility, and is widely used in various scenarios with high security and reliability requirements, such as e-government, e-commerce, etc. At the same time, the SM4 algorithm also has the advantages of short key length and fast operation speed, making it a very excellent symmetric encryption algorithm.

4. SM4 Summary

The SM4 cryptographic algorithm is China's first commercial cryptographic algorithm announced and designed by a professional cryptography agency. So far, no attack methods have been found to threaten the security of the SM4 algorithm.

5. Other national secret algorithms

1. SM7

A block cipher algorithm.

2. SM9

SM9 is an identification cryptography standard adopted in my country. It was released by the State Cryptozoology Administration on March 28, 2016. The relevant standard is "GM/T 0044-2016 SM9 identification cryptography algorithm". In commercial cryptography systems, SM9 is mainly used for user identity authentication. The SM9 algorithm does not require the application of a digital certificate and is suitable for security protection of various emerging applications in Internet applications. According to a public report by Xinhuanet, the encryption strength of SM9 is equivalent to the RSA encryption algorithm with a 3072-bit key.

6. Summary of national secret application scenarios

• The application scenarios of SM1 algorithm are mainly concentrated in various application fields of e-government, e-commerce and national economy, including important fields such as national government affairs and police affairs. The SM1 algorithm is not public and only exists in the chip in the form of IP core. Therefore, a series of security products such as chips, smart IC cards, smart password keys, encryption cards, and encryption machines have been developed and are widely used in the above fields.

• The application scenarios of the SM2 algorithm are also mainly concentrated in e-government, e-commerce and other fields, and are particularly suitable for operations such as digital signatures, key negotiation, encryption and decryption. The SM2 algorithm is based on the elliptic curve cryptography system and has high security. It recommends a 256-bit curve as the standard curve. In addition, the SM2 algorithm is different from international standards such as ECDSA and ECDH in terms of signature and key exchange, but adopts a more secure mechanism.

• The SM3 algorithm is mainly used for digital signature and verification, as well as data integrity verification. In application scenarios, the SM3 algorithm can generate a fixed-length message digest, which can ensure security and efficiency for the processing and transmission of large amounts of data.

• The SM4 algorithm is a symmetric encryption algorithm that is widely used in e-government, e-commerce and other fields. This algorithm has high security, efficiency and compatibility and can be used to encrypt and decrypt large amounts of data. The SM4 algorithm uses the Feistel structure to divide the plaintext into multiple data blocks, and each data block is encrypted separately. This algorithm uses S-box, replacement, linear transformation and other operations to ensure the strength and security of encryption.

In general, the four cryptographic algorithms SM1-SM4 have been applied and developed in their respective fields of expertise.

Judging from the current cryptography research technology, the security of the existing national secret algorithms will not be subject to any offensive crisis for a period of time. However, with the development of cryptography technology and quantum computers, future national secret algorithms will face For greater challenges, the improvement of existing national secret algorithms, new cryptographic algorithms and research on anti-quantum cryptography will become hot topics in national secret research. Of course, this is not just for state secrets. If quantum computers really appear, all cryptography systems will be impacted.

7. Reference materials

• https://link.zhihu.com/?target=http%3A//www.wenwoha.com/blog_detail-6.html