轻量级密码算法PRESENT的C语言实现（无第三方库）

一、PRESENT算法介绍

PRESENT是一种超轻量级分组密码算法，由Bogdanov等人在2007年提出，专门为资源受限环境如RFID标签和传感器网络设计。该算法在硬件实现上仅需1570个门等效电路(GE)，在保持较高安全性的同时实现了极小的硬件占用空间。PRESENT标准文档下载地址为：PRESENT: An Ultra-Lightweight Block Cipher。

PRESENT采用SPN结构，分组长度为64位，支持80位和128位两种密钥长度。算法包含31轮加密操作，每轮由轮密钥加、S盒替换和P盒置换三个步骤组成。其中S盒是一个4位输入输出的非线性变换，P盒则是一个64位的线性置换层。这种简洁的结构使得PRESENT在硬件实现上非常高效。

安全性方面，PRESENT设计时充分考虑了差分分析和线性分析等攻击方法。通过理论证明，任何5轮差分特征至少包含10个活跃S盒，25轮差分特征的概率上限为 $\frac{1}{2^{100}}$ ，线性分析则需约 $2^{84}$ 个已知明文才能成功攻击，这些安全指标完全满足轻量级应用场景的需求。

二、C语言实现

我们提供的C代码完整实现了PRESENT-80算法，包括加密、解密和密钥扩展功能。实现中定义了几个关键组件：

首先定义了算法核心的S盒和P盒置换表。S盒是一个16元素的查找表，实现非线性变换；P盒则定义了64位状态的置换规则。代码中同时包含了正向和反向的S盒/P盒，分别用于加密和解密过程。

present_permutation函数实现了通用的置换操作，根据传入的置换规则表对输入数据进行重排。这个函数被P盒置换(PSub)和逆P盒置换(InvPSub)复用，通过不同的置换规则表实现不同的置换效果。

密钥扩展部分(present_key_expansion和keyUpdate)实现了80位主密钥到32个轮密钥的派生过程。每轮密钥通过旋转、S盒变换和轮计数器异或等操作生成，确保了密钥材料的充分混淆。

加密过程(present_encrypt_block)遵循算法标准结构：31轮迭代处理，每轮包含轮密钥加、S盒替换和P盒置换，最后再进行一次轮密钥加作为后处理。解密过程(present_decrypt_block)则逆向执行这些操作。

代码中还包含了四个测试用例，验证了实现与标准测试向量的正确性。这些测试用例来自于标准文档，覆盖了全零、全一的明文和密钥组合，能够有效验证算法的基本功能。

#include<stdio.h>
#include<stdint.h>static const uint8_t present_sbox[16] = {0xC, 0x5, 0x6, 0xB, 0x9, 0x0, 0xA, 0xD, 0x3, 0xE, 0xF, 0x8, 0x4, 0x7, 0x1,0x2};
static const uint8_t present_inv_sbox[16] = {0x5, 0xE, 0xF, 0x8, 0xC, 0x1, 0x2, 0xD, 0xB, 0x4, 0x6, 0x3, 0x0, 0x7, 0x9,0xA};static const uint8_t present_pbox[64] = {0, 4, 8, 12, 16, 20, 24, 28,32, 36, 40, 44, 48, 52, 56, 60,1, 5, 9, 13, 17, 21, 25, 29,33, 37, 41, 45, 49, 53, 57, 61,2, 6, 10, 14, 18, 22, 26, 30,34, 38, 42, 46, 50, 54, 58, 62,3, 7, 11, 15, 19, 23, 27, 31,35, 39, 43, 47, 51, 55, 59, 63
};static const uint8_t present_inv_pbox[64] = {0, 16, 32, 48, 1, 17, 33, 49,2, 18, 34, 50, 3, 19, 35, 51,4, 20, 36, 52, 5, 21, 37, 53,6, 22, 38, 54, 7, 23, 39, 55,8, 24, 40, 56, 9, 25, 41, 57,10, 26, 42, 58, 11, 27, 43, 59,12, 28, 44, 60, 13, 29, 45, 61,14, 30, 46, 62, 15, 31, 47, 63
};void present_permutation(const uint8_t *src, uint8_t *res, const uint8_t *rule, uint8_t len) {uint8_t dest_pos, dest_bit;for (uint8_t i = 0; i < len; i++) {res[i] = 0;for (uint8_t j = 0; j < 8; j++) {dest_pos = rule[8 * i + j];dest_bit = (src[dest_pos >> 3] >> (7 - (dest_pos & 0x07))) & 0x01;res[i] = res[i] | (dest_bit << (7 - j));}}
}void addRoundKey(uint8_t *state, const uint8_t *ikey, uint8_t r) {for (uint8_t i = 0; i < 8; i++) {state[i] ^= ikey[8 * r + i];}
}void SubByte(uint8_t *state) {for (int i = 0; i < 8; i++) {uint8_t s0 = present_sbox[state[i] & 0xf];uint8_t s1 = present_sbox[state[i] >> 4];state[i] = s0 | s1 << 4;}
}void InvSubByte(uint8_t *state) {for (int i = 0; i < 8; i++) {uint8_t s0 = present_inv_sbox[state[i] & 0xf];uint8_t s1 = present_inv_sbox[state[i] >> 4];state[i] = s0 | s1 << 4;}
}void PSub(uint8_t *state) {uint8_t tmp[8] = {0};for (uint8_t i = 0; i < 8; i++) {tmp[i] = state[i];}present_permutation(tmp, state, present_pbox, 8);
}void InvPSub(uint8_t *state) {uint8_t tmp[8] = {0};for (uint8_t i = 0; i < 8; i++) {tmp[i] = state[i];}present_permutation(tmp, state, present_inv_pbox, 8);
}void keyUpdate(uint8_t *key, uint8_t rc) {uint8_t k[10] = {key[7] << 5 | key[8] >> 3, key[8] << 5 | key[9] >> 3, key[9] << 5 | key[0] >> 3, key[0] << 5 | key[1] >> 3,key[1] << 5 | key[2] >> 3,key[2] << 5 | key[3] >> 3, key[3] << 5 | key[4] >> 3, key[4] << 5 | key[5] >> 3, key[5] << 5 | key[6] >> 3,key[6] << 5 | key[7] >> 3};k[0] = (k[0] & 0xf) | (present_sbox[k[0] >> 4] << 4);rc = rc & 0x1f;k[7] ^= rc >> 1;k[8] ^= rc << 7;for (uint8_t i = 0; i < 10; i++) {key[i] = k[i];}
}void present_key_expansion(const uint8_t *mkey, uint8_t *ikey) {uint8_t mk[10];for (uint8_t i = 0; i < 10; i++) {mk[i] = mkey[i];ikey[i] = mkey[i];}for (uint8_t i = 1; i < 32; i++) {keyUpdate(mk, i);for (uint8_t j = 0; j < 8; j++) {ikey[8 * i + j] = mk[j];}}
}void present_encrypt_block(const uint8_t *plain, uint8_t *cipher, uint8_t *ikey) {uint8_t state[8];for (uint8_t i = 0; i < 8; i++) {state[i] = plain[i];}for (int r = 1; r < 32; r++) {addRoundKey(state, ikey, r - 1);SubByte(state);PSub(state);}addRoundKey(state, ikey, 31);for (uint8_t i = 0; i < 8; i++) {cipher[i] = state[i];}
}void present_decrypt_block(const uint8_t *cipher, uint8_t *plain, uint8_t *ikey) {uint8_t state[8];for (uint8_t i = 0; i < 4; i++) {state[i] = cipher[3 - i];state[i + 4] = cipher[7 - i];}for (int i = 31; i >= 1; i--) {addRoundKey(state, ikey, i);InvPSub(state);InvSubByte(state);}addRoundKey(state, ikey, 0);for (uint8_t i = 0; i < 4; i++) {plain[i] = state[3 - i];plain[i + 4] = state[7 - i];}
}void print_data(uint8_t *data, int data_len, const char *name) {printf("\t%s: ", name);for (int i = 0; i < data_len; i++) {printf("%02x ", data[i]);}printf("\n");
}void test_case1() {printf("test case 1:\n");uint8_t mkey[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};uint8_t plain[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};uint8_t ikey[256] = {0};uint8_t cipher[8] = {0};print_data(plain, 10, "plaintext");print_data(mkey, 8, "mkey");present_key_expansion(mkey, ikey);present_encrypt_block(plain, cipher, ikey);print_data(cipher, 8, "ciphertext");
}void test_case2() {printf("test case 2:\n");uint8_t mkey[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};uint8_t plain[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};uint8_t ikey[256] = {0};uint8_t cipher[8] = {0};print_data(plain, 10, "plaintext");print_data(mkey, 8, "mkey");present_key_expansion(mkey, ikey);present_encrypt_block(plain, cipher, ikey);print_data(cipher, 8, "ciphertext");
}void test_case3() {printf("test case 3:\n");uint8_t mkey[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};uint8_t plain[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};uint8_t ikey[256] = {0};uint8_t cipher[8] = {0};print_data(plain, 10, "plaintext");print_data(mkey, 8, "mkey");present_key_expansion(mkey, ikey);present_encrypt_block(plain, cipher, ikey);print_data(cipher, 8, "ciphertext");
}void test_case4() {printf("test case 4:\n");uint8_t mkey[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};uint8_t plain[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};uint8_t ikey[256] = {0};uint8_t cipher[8] = {0};print_data(plain, 10, "plaintext");print_data(mkey, 8, "mkey");present_key_expansion(mkey, ikey);present_encrypt_block(plain, cipher, ikey);print_data(cipher, 8, "ciphertext");
}int main() {test_case1();test_case2();test_case3();test_case4();return 0;
}