分组密码SAFER+的C#实现

   朱明海

摘　要   SAFER+作为一种对计算资源需求不大,同时又安全高效的分组密码算法，应用十分广泛。本文探讨了在VS .NET下用C#实现该算法的细节，详细解释了模“+”和模“-”运算的程序过程，同时对编程中容易出现的误区给出了解释。

关键词   SAFER+，C#，模运算，误区

一 、引言

SAFER+是密码学家James L.Massey、Gurgn H.Khachetrian和Melsik K.Kuregian等人设计的一种分组密码算法，它采用了结构清晰的替换／置换网络（Substitution-Permutation Network）,是SAFER（Secure And Fast Encryption Routine）系列密码的强化版，也是AES首轮15个候选算法之一，SAFER+的最大特点是全部运算都是字节运算，使得它能在计算资源最紧张的IC卡上也能快速运行。SAFER+的运用十分广泛，如在通信领域所采用的蓝牙通信技术中，用于认证的E1函数，所采用的算法即是128位的SAFER+。

SAFER+的明文和密文分组均为128比特，其用户密钥匙可在128比特、192比特和256比特三种中进行选择，相应地轮函数的迭代轮数分别为8轮、12轮和16轮，SAFER+的运算部件分为三种，第一种是逐比特异或运算⊕和模256加运算“+”来进行群加密；第二种是用一个算法公开的指数盒和它的逆盒，也即对数盒做文章字节内的混淆；最后用一个线性层作为字节之间的快速扩散。

作为一种流行的软件开发工具，VS .NET 在其命名空间system.security.cryptography中提供了众多的加解密类，在次命名空间内可以找到熟悉的DES，RIJNDAEL，RC2等对称密码体系算法的运用，但是缺少SAFER+等算法。

在一般的密码学书籍中，SAFER+主要以C语言实现，而缺少以其他语言形式的实现，笔者从多方面对SAFER+进行了尝试。首先，在VS.NET中，以C#实现了256位密钥的SAFER+算法；其次，对算法中涉及到的模“＋”，模“－”等均在程序中以模操作清晰地表现出来；并对编程可能出现的误区进行了较深入的剖析；再次，对涉及到的迭代轮数，密钥字节数等参数均以C#的变量形式给出，避免了将之在程序中进行硬编码。程序界面如图1所示。

图1 程序运行界面面俱到

二、SAFER+实现细节

1.两个常量数组－指数盒数组和对数盒数组

SAFER+中，用于字节内混淆的是一个算法公开的指数盒数组m_nExpBox[256]和它的逆盒，也即对数盒数组m_nLogBox[512]，其中，指数盒数组m_nExpBox[256]的定义如下：

m_nExpBox[i] = 45ⁱ  mod 257‘特别地，45¹²⁸ mod 257 = 256，将之表示为0。

而对数盒数组m_nLogBox[512]定义如下：

m_nLogBox[i] = Log₄₅(i)’特别地，定义Log₄₅(0)=128

注意到它是指数盒数组的逆盒运算，因此，可借助指数盒数组m_nExpBox[256]来定义。

m_nLogBox[]的值因为计算量较大，所以简单地用一维数组表示如下：

static public byte[] m_nExpBox=

        {   1,45,226,147,190,69,21,174,120,3,135,164,184,56,207,63,

            8,103,9,148,235,38,168,107,189,24,52,27,187,191,114,247,

            64,53,72,156,81,47,59,85,227,192,159,216,211,243,141,177,

            255,167,62,220,134,119,215,166,17,251,244,186,146,145,100,131,

            241,51,239,218,44,181,178,43,136,209,153,203,140,132,29,20,

            129,151,113,202,95,163,139,87,60,130,196,82,92,28,232,160,

            4,180,133,74,246,19,84,182,223,12,26,142,222,224,57,252,

            32,155,36,78,169,152,158,171,242,96,208,108,234,250,199,217,

            0,212,31,110,67,188,236,83,137,254,122,93,73,201,50,194,

            249,154,248,109,22,219,89,150,68,233,205,230,70,66,143,10,

            193,204,185,101,176,210,198,172,30,65,98,41,46,14,116,80,

            2,90,195,37,123,138,42,91,240,6,13,71,111,112,157,126,

            16,206,18,39,213,76,79,214,121,48,104,54,117,125,228,237,

            128,106,144,55,162,94,118,170,197,127,61,175,165,229,25,97,

            253,77,124,183,11,238,173,75,34,245,231,115,35,33,200,5,

            225,102,221,179,88,105,99,86,15,161,49,149,23,7,58,40

        };

static public byte[] m_nLogBox =

        {   128,0,176,9,96,239,185,253,16,18,159,228,105,186,173,248,

            192,56,194,101,79,6,148,252,25,222,106,27,93,78,168,130,

            112,237,232,236,114,179,21,195,255,171,182,71,68,1,172,37,

            201,250,142,65,26,33,203,211,13,110,254,38,88,218,50,15,

            32,169,157,132,152,5,156,187,34,140,99,231,197,225,115,198,

            175,36,91,135,102,39,247,87,244,150,177,183,92,139,213,84,

            121,223,170,246,62,163,241,17,202,245,209,23,123,147,131,188,

            189,82,30,235,174,204,214,53,8,200,138,180,226,205,191,217,

            208,80,89,63,77,98,52,10,72,136,181,86,76,46,107,158,

            210,61,60,3,19,251,151,81,117,74,145,113,35,190,118,42,

            95,249,212,85,11,220,55,49,22,116,215,119,167,230,7,219,

            164,47,70,243,97,69,103,227,12,162,59,28,133,24,4,29,

            41,160,143,178,90,216,166,126,238,141,83,75,161,154,193,14,

            122,73,165,44,129,196,199,54,43,127,67,149,51,242,108,104,

            109,240,2,40,206,221,155,234,94,153,124,20,134,207,229,66,

            184,64,120,45,58,233,100,31,146,144,125,57,111,224,137,48,

            128,0,176,9,96,239,185,253,16,18,159,228,105,186,173,248,

            192,56,194,101,79,6,148,252,25,222,106,27,93,78,168,130,

            112,237,232,236,114,179,21,195,255,171,182,71,68,1,172,37,

            201,250,142,65,26,33,203,211,13,110,254,38,88,218,50,15,

            32,169,157,132,152,5,156,187,34,140,99,231,197,225,115,198,

            175,36,91,135,102,39,247,87,244,150,177,183,92,139,213,84,

            121,223,170,246,62,163,241,17,202,245,209,23,123,147,131,188,

            189,82,30,235,174,204,214,53,8,200,138,180,226,205,191,217,

            208,80,89,63,77,98,52,10,72,136,181,86,76,46,107,158,

            210,61,60,3,19,251,151,81,117,74,145,113,35,190,118,42,

            95,249,212,85,11,220,55,49,22,116,215,119,167,230,7,219,

            164,47,70,243,97,69,103,227,12,162,59,28,133,24,4,29,

            41,160,143,178,90,216,166,126,238,141,83,75,161,154,193,14,

            122,73,165,44,129,196,199,54,43,127,67,149,51,242,108,104,

            109,240,2,40,206,221,155,234,94,153,124,20,134,207,229,66,

            184,64,120,45,58,233,100,31,146,144,125,57,111,224,137,48

        };