我正在尝试做一个Feistel Cipher的小实现。这就是我一直在尝试的:
int[] left = {1,2,3};//left half of plaintext
int[] right = {4,5,6};//right half of plaintext
int temp[];//temp for swapping values
//encrypt the plaintext (left and right arrays)
for(int r = 0; r < 3; r++) {//the number of rounds
for(int i = 0; i < right.length; i++){
right[i] = left[i] ^ (scramble(right[i], KEY, r));
}
temp = left;
left = right;
right = temp;
}
//swap left and right array before decryption
temp = left;
left = right;
right = temp;
for(int r = 3; r > 0; r--) {//start from the last round
for(int i = 0; i < right.length; i++) {
right[i] = left[i] ^ (scramble(right[i], KEY, r));
}
//again, swap arrays to do the next round
temp = left;
left = right;
right = temp;
}
圆函数scramble是:
private static int scramble(int character, int key, int roundNumber) {
return (int) Math.pow(2 * roundNumber * key, character) % 15;
}
我试图首先加密明文的左半部分和右半部分,然后通过解密轮次运行 - 所以到最后,数组的值应该是[1,2,3]和[4,5, 6](回到明文)。使用8的键输入,在解密后我得到[15,13,0]和[8,12,1]的值。我在哪里错了?
为简单起见,我现在只使用常量作为键,输入整数而不是从文件读取/使用字节数组。
编辑:
计算循环是不正确的。将“加密循环”更改为:
for(int r = 1; r < 4; r++) {//the number of rounds
for(int i = 0; i < right.length; i++){
right[i] = left[i] ^ (scramble(right[i], KEY, r));
}
temp = left;
left = right;
right = temp;
}
循环现在计数1,2,3(加密)和3,2,1(解密)。但是,解密仍然没有产生正确的明文。
答案 0 :(得分:3)
有时候,如果把它们剥离到最低限度,就会更容易看到。这种伪代码最小Feistel密码可能会有所帮助:
function FeistelEncipher(plaintextBlock)
left <- left hand half of plaintextBlock
right <- right hand half of plaintextBlock
// Note the half-open interval.
for (roundNumber in [0 .. number of rounds[)
if (roundNumber != 0)
swap(left, right)
end if
right <- right XOR F(left, roundNumber)
end for
// Return ciphertext block.
return join(left, right)
end function
function F(data, roundNumber)
return some combination of the data and the round key for this round
end function
假设偶数轮次,并且反向关闭&#39; [&#39;表示开放的间隔。
答案 1 :(得分:2)
Feistel通过在左侧应用右侧的功能来工作,即左=左^ F(右)然后交换。这相当于右 2 =左 1 ^ F(右1),左 2 =右 1 但是对于具有Java并不具有的并行或解构赋值的语言,表达式更有效。见https://en.wikipedia.org/wiki/Feistel_cipher处的图片。此外,您的代码组织在解密结束时执行了太多交换。解决这两个问题:
static void SO40331050Feistel (){
final int KEY = 8;
int[] left = {1,2,3}, right = {4,5,6}, temp;
System.out.println ("=====WRONG=====");
for(int r = 1; r <= 3; r++) {
for(int i = 0; i < right.length; i++){
right[i] = left[i] ^ (scramble(right[i], KEY, r));
}
System.out.println ("ENC"+r +" "+Arrays.toString(left) +" "+Arrays.toString(right));
temp = left; left = right; right = temp;
}
temp = left; left = right; right = temp; // swap before decrypt
for(int r = 3; r >= 1; r--) {
for(int i = 0; i < right.length; i++) {
right[i] = left[i] ^ (scramble(right[i], KEY, r));
}
System.out.println ("DEC"+r + " "+Arrays.toString(left) +" "+Arrays.toString(right));
temp = left; left = right; right = temp;
}
left = new int[]{1,2,3}; right = new int[]{4,5,6}; // reset
System.out.println ("=====RIGHT=====");
for(int r = 1; r <= 3; r++) {
for(int i = 0; i < right.length; i++){
left[i] ^= (scramble(right[i], KEY, r));
}
System.out.println ("ENC"+r +" "+Arrays.toString(left) +" "+Arrays.toString(right));
temp = left; left = right; right = temp; // swap after
}
for(int r = 3; r >= 1; r--) {
temp = left; left = right; right = temp; // swap before on decrypt
for(int i = 0; i < right.length; i++) {
left[i] ^= (scramble(right[i], KEY, r));
}
System.out.println ("DEC"+r + " "+Arrays.toString(left) +" "+Arrays.toString(right));
}
}
结果:
=====WRONG=====
ENC1 [1, 2, 3] [0, 3, 2]
ENC2 [0, 3, 2] [2, 7, 10]
ENC3 [2, 7, 10] [3, 11, 3]
DEC3 [2, 7, 10] [14, 0, 6]
DEC2 [14, 0, 6] [10, 7, 1]
DEC1 [10, 7, 1] [13, 6, 0]
=====RIGHT=====
ENC1 [0, 3, 2] [4, 5, 6]
ENC2 [5, 13, 2] [0, 3, 2]
ENC3 [3, 4, 11] [5, 13, 2]
DEC3 [0, 3, 2] [5, 13, 2]
DEC2 [4, 5, 6] [0, 3, 2]
DEC1 [1, 2, 3] [4, 5, 6]
此外,F通常使用整个右半部分并产生适用于整个左半部分的结果;通过在32位整数块上单独执行,您实际上并行运行三个独立的32位块密码,实际上是在ECB模式下。如果这是一个真正的密码,32位块和ECB都将是严重的弱点。
答案 2 :(得分:1)
您的圆形计数器不对称。
for(int r = 3; r > 0; r--)
计数:0,1,2。
@model计数:3,2,1。