编辑“︁Speck”︁

{{refimprove|time=2018-05-09T13:02:49+00:00}}
{{區塊加解密方塊
|name=Speck
|image=[[Image:speck_block_cipher_0_indexing.svg|280px|center]]
|caption=3 rounds of Speck with 2-word key schedule
|designers=Ray Beaulieu, Douglas Shors, Jason Smith, Stefan Treatman-Clark, Bryan Weeks, Louis Wingers [[National Security Agency|NSA]]
|publish date=2013
|related to={{le|Simon (密码)|Simon (cipher)|Simon}}、{{le|Threefish}}
|key size=64, 72, 96, 128, 144, 192 or 256 bits
|block size=32, 48, 64, 96 or 128 bits
|structure=ARX
|rounds=22–34 (depending on block and key size)
|speed=2.6 [[cycles per byte|cpb]] (5.7 without [[Streaming SIMD Extensions|SSE]]) on Intel Xeon 5640 (Speck128/128)
|cryptanalysis=差分密码分析<ref>{{cite web
 | title=Automatic Differential Analysis of ARX Block Ciphers with Application to SPECK and LEA
 | first1=Song
 | last1=Ling
 | first2=Zhangjie
 | last2=Huang
 | first3=Qianqian
 | last3=Yang
 | url=https://eprint.iacr.org/2016/209.pdf
 | date=2016-06-30
 | accessdate=2018-05-06
 | archive-date=2017-07-16
 | archive-url=https://web.archive.org/web/20170716014500/https://eprint.iacr.org/2016/209.pdf
 | dead-url=no
 }}</ref>
}}
'''Speck'''是一类轻量级的[[分组密码]]，最早由[[美国国家安全局]]（NSA）于2013年6月提出<ref name=":0">{{Cite journal|title=The SIMON and SPECK Families of Lightweight Block Ciphers|url=https://eprint.iacr.org/2013/404|last=Beaulieu|first=Ray|last2=Shors|first2=Douglas|date=2013|issue=404|last3=Smith|first3=Jason|last4=Treatman-Clark|first4=Stefan|last5=Weeks|first5=Bryan|last6=Wingers|first6=Louis|journal=|access-date=2018-05-09|archive-date=2013-09-03|archive-url=https://web.archive.org/web/20130903222533/https://eprint.iacr.org/2013/404|dead-url=no}}</ref>。如今Speck码较多应用于软件实现，而其姊妹算法{{le|Simon (密码)|Simon (cipher)|Simon}}则多用于硬件实现。

== 编码描述 ==
Speck支持多种分组密文长度。单个分组总是包含两个单字，每个单字可以由16位、24位、32位、48位或64位比特组成。相关密文由2、3或4个词汇组成。编码的循环函数包含两次反转计算：将右单字添加到左单字，异或密文与左单字；之后异或左单字与右单字。循环的次数取决于参数的选择如下<ref name=":0" />：
{| class="wikitable" style="margin-bottom: 10px;"
! 块大小(bits)
!秘钥大小(bits)
!循环次数
|-
| 2×16=32
| 4×16=64
| 22
|-
| rowspan="2" | 2×24=48
| 3×24=72
| 22
|-
| 4×24=96
| 23
|-
| rowspan="2" | 2×32=64
| 3×32=96
| 26
|-
| 4×32=128
| 27
|-
| rowspan="2" | 2×48=96
| 2×48=96
| 28
|-
| 3×48=144
| 29
|-
| rowspan="3" | 2×64=128
| 2×64=128
| 32
|-
| 3×64=192
| 33
|-
| 4×64=256
| 34
|}
密码次序表与主块密码使用相同的循环函数。

== 参考代码 ==
以下是编码算法实现的设计参考，使用C语言编写，其具有128比特的分组大小与密文。<syntaxhighlight lang="c">#include <stdint.h>

#define ROR(x, r) ((x >> r) | (x << (64 - r)))
#define ROL(x, r) ((x << r) | (x >> (64 - r)))
#define R(x, y, k) (x = ROR(x, 8), x += y, x ^= k, y = ROL(y, 3), y ^= x)
#define ROUNDS 32

void encrypt(uint64_t ct[2],
             uint64_t const pt[2],            
             uint64_t const K[2])
{
   uint64_t y = pt[0], x = pt[1], b = K[0], a = K[1];

   R(x, y, b);
   for (int i = 0; i < ROUNDS - 1; i++) {
      R(a, b, i);
      R(x, y, b);
   }

   ct[0] = y;
   ct[1] = x;
}</syntaxhighlight>

== 参考文献 ==
{{reflist}}

{{cryptography navbox | block}}

[[Category:分组密码]]
[[Category:美国国家安全局密码]]