轻量级分组密码RECTANGLE基于FELICS的实现与优化  被引量：1

作　　者：罗鹏[1,2] 张文涛[1,3] 包珍珍[1,2] LUO Peng ZHANG Wentao BAO Zhenzhen(State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China University of Chinese Academy of Sciences, Beijing 100049, China School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China)

机构地区：[1]中国科学院信息工程研究所信息安全国家重点实验室,北京中国100093 [2]中国科学院大学,北京中国100049 [3]中国科学院大学网络空间安全学院,北京中国100049

出　　处：《信息安全学报》2017年第3期36-47,共12页Journal of Cyber Security

基　　金：国家自然科学基金(No.61379138);中国科学院先导专项(No.XDA06010701);信息保障技术重点实验室开放基金(KJ-15-003)资助

摘　　要：随着物联网的普及以及RFID、传感器的广泛应用,轻量级密码算法受到人们越来越多的关注。对于一个轻量级密码算法,除了安全性之外,软件和硬件实现性能也非常重要。卢森堡大学的科研人员于2015年开发了一个开源框架——FELICS(Fair Evaluation of Lightweight Cryptographic Systems),旨在公平地测评轻量级密码算法在嵌入式设备上的软件性能。FELICS需要在两种应用场景下(一为通信协议,另一为认证协议),测试一个密码算法在三种嵌入式平台(8位AVR、16位MSP以及32位ARM)下运行所需的Flash、RAM和执行时间,再对结果取加权平均值,并据此对参赛的轻量级分组密码的软件性能进行综合排名。到目前为止,FELICS已经包含了18个轻量级分组密码。本文首先分析FELICS中已提交的分组密码的C语言及汇编语言代码,总结常用的优化方法。然后在三种嵌入式平台上实现了轻量级分组密码RECTANGLE。进一步地,我们对算法轮密钥加、列变换、行移位这三种操作进行了优化。优化后的结果如下:在ARM平台,优化后轮函数所需的Flash减少42.6%、同时时间减少36.8%;在AVR平台场景1下,优化后RECTANGLE-128的RAM减少了12.0%、同时时间减少了5.0%,RECTANGLE-80的RAM减少了10.9%、同时时间减少了2.8%。FELICS的最终结果显示,在18个轻量级分组密码算法中,RECTANGLE在两种应用场景下分别排名第4和第5位,这表明RECTANGLE在嵌入式平台上具有优秀的软件性能。With the popularization of Internet of Things （IOT） and the wide application of RFID and sensors, more atten- tion is being paid to lightweight ciphers. Besides security, the software and hardware performance are also important for a lightweight cipher. The researchers in University of Luxembourg developed an open-source framework FELICS （Fair Evaluation of Lightweight Cryptographic Systems） in 2015, which aims at fairly evaluating the software performance of lightweight ciphers on embedded devices. By extracting Flash, RAM consumption and execution time on three widely used microcontrollers： 8-bit AVR, 16-bit MSP and 32-bit ARM, the ciphers are ranked respectively with an average value under scenario 1 （communication protocol） and scenario 2（authentication protocol）. Until now, 18 lightweight block ciphers have entered this competition. In this paper, we firstly analyze the C and assembler implementations, and summarize some com- mon optimization methods. Then, we give the implementations of the lightweight block cipher RECTANGLE on the three devices. Furthermore, we optimize the three basic operations AddRoundKey, SubColumn and ShiftRow. The results are as follows. The Flash reduces 42.6% and the time reduces 36.8% respectively for the round function on ARM. For scenario 1 on AVR, the RAM and time of RECTANGLE-128 reduce 12.0% and 5.0%, with that of RECTANGLE-80 reducing 10.9% and 2.8%. The final results on FELICS show that RECTANGLE ranked 44 under Scenario 1 and 5th under Scenario 2 among the 18 lightweight block ciphers, which indicates that RECTANGLE has very good software performance on embedded devices.

关 键 词：轻量级分组密码 RECTANGLE FELICS 嵌入式设备 软件优化实现 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]