CN104639314A

CN104639314A - Device based on AES (advanced encryption standard) encryption/decryption algorithm and pipelining control method

Info

Publication number: CN104639314A
Application number: CN201410856583.8A
Authority: CN
Inventors: 梁允萍; 李烨
Original assignee: Shenzhen Institute of Advanced Technology of CAS
Current assignee: Shenzhen Institute of Advanced Technology of CAS
Priority date: 2014-12-31
Filing date: 2014-12-31
Publication date: 2015-05-20

Abstract

The invention provides a device based on AES (advanced encryption standard) encryption/decryption algorithm and a pipelining control method. The method comprises the following steps that a first composite domain matrix is buffered, and in addition, a first inversion operation starting instruction is generated after the waiting for the first delay time; exclusive-or operation is utilized in a composite domain GF((2<4>)<2>) according to the first inversion operation starting instruction, and a first multiplicative inverse element is solved on the basis of the first composite domain matrix; the first multiplicative inverse element is cached, and in addition, a first transform operation starting instruction is generated after the waiting for the second delay time; according to the first transform operation starting instruction, the first multiplicative inverse element is transformed into a finite domain GF(2<8>) from the composite domain GF((2<4>)<2>), and a first finite domain matrix is obtained; the first finite domain matrix is sequentially subjected to affine transformation and line shift transformation, and a first middle state matrix is obtained. The device and the method solve the problem that the defects in the aspects of area, power consumption and velocity exist when the existing hardware is used for realizing an AES algorithm.

Description

Based on device and the flowing water control method of AES encryption/decipherment algorithm

Technical field

The present invention relates to the actualizing technology of AES encryption algorithm, particularly relate to a kind of device based on AES encryption/decipherment algorithm and flowing water control method.

Background technology

AES (Advanced Encryption Standard) i.e. Advanced Encryption Standard is that America NI ST (National Institute of Standards and Technology) established in 2002 a kind of new Information Encryption Algorithm used.Aes algorithm integrates fail safe, high efficiency, flexibility, is encryption technology the most safely and effectively so far.For the AES encryption algorithm the most simply adopting 128bit key length, even if utilize in 1 second the machine completing 1 56bit DES and crack, also take about 149,000,000,000,000 years and just can crack.

AES encryption algorithm have employed Rijndael algorithm, it is a kind of cryptographic algorithm standard of symmetric key type, adopt Iterative block cipher algorithm, key length can be 128 bits, 192 bits or 256 bits, wherein 128 bit key length are the most frequently used, and with 128 (16 byte) block encryptions and data decryption.Use double secret key different from public key cryptography, symmetric key cipher uses identical key to encrypt and decrypt data.The figure place of the enciphered data returned by block cipher is identical with input data bits.Iterative cryptographic uses a loop structure, repeats displacement in the cycle and replaces input data.

Aes algorithm comprises three kinds of calculating processes: cipher key spreading computing, cryptographic calculation and decrypt operation, and for 128bit key length, the iterations of these three kinds of calculating processes is all 10.Cipher key spreading computing carries out iteration to key itself, generates 10 and takes turns round key; The encryption and decryption process of AES is converted to the 128bit data of input the state byte of a 4x4, and converts this state byte.Its ciphering process is: first to expressly carrying out an InvAddRoundKey computing, then carry out 9 and take turns the identical interative computation comprising byte substitution, line displacement, row mixing and InvAddRoundKey, finally carry out again taking turns byte substitution, line displacement and InvAddRoundKey, obtain ciphertext.Decrypting process is the inverse operation of ciphering process, wherein uses the order of InvAddRoundKey to be also backward, finally obtains expressly.

Aes algorithm also can use hardware implementing with software simulating, but AES encryption algorithm was compared with former des encryption algorithm, realize difficulty high, particularly in embedded systems, the operational capability of microprocessor is limited, and software simulating is often difficult to ensure higher data throughput, needs to increase password coprocessor and carrys out the allomeric function that auxiliary main controller completes aes algorithm, and relative to software encryption system, hardware encipher system is more safe and reliable.

At present in domestic research in some algorithm realization, major part is software simulating, and the high-speed hardware realizing the AES IP applied in related network and multimedia system realizes negligible amounts.And the existing hardware implementing for aes algorithm is just relative to software simulating advantage to some extent in power consumption or efficiency, but in chip area, circuit power consumption and data throughput etc., do not do further optimization for hardware circuit feature.Be such as in " the utilizing VLSI to realize the device of 128 bit cipher key length AES algorithms " mentioned in the patent of invention of CN101478392A at publication number, give the most basic a kind of AES chip design method based on VLSI design, lack necessary hardware optimization, its data throughput and chip area still have very large optimization space.

Summary of the invention

Based on this, be necessary the technical problem for existing in prior art, a kind of device based on AES encryption/decipherment algorithm and flowing water control method are provided, solve the deficiency of existing hardware implementing aes algorithm in area, power consumption and speed.

Based on a flowing water control method for AES encryption algorithm, it comprises:

By each byte in the first state matrix from finite field gf (2 ⁸) up-convert into compositum GF ((2 ⁴) ²), obtain the first compositum matrix;

First compositum matrix described in buffer memory, and after waiting for the first delay time, generate the first inversion operation enabled instruction;

According to described first inversion operation enabled instruction, at compositum GF ((2 ⁴) ²) on utilize XOR, obtain the first multiplicative inverse based on described first compositum matrix;

First multiplicative inverse described in buffer memory, and the first transform operation enabled instruction is generated after wait second delay time;

According to described first transform operation enabled instruction, by described multiplicative inverse from compositum GF ((2 ⁴) ²) transform to finite field gf (2 ⁸), obtain the first finite field matrix;

After described first finite field matrix being carried out successively affine transformation and line displacement conversion, obtain the first intermediateness matrix;

First intermediateness matrix described in buffer memory, and mixcolumns operation start command is generated after wait the 3rd delay time;

According to described mixcolumns operation start command, carry out mixcolumns and InvAddRoundKey conversion successively to described first intermediateness matrix, the first intermediate object program after enciphering transformation process is taken turns in acquisition execution one.

Wherein in an embodiment, in described method, described first delay time is less than or equal to a clock cycle with the second delay time, the 3rd delay time sum.

Based on a flowing water control method for AES decipherment algorithm, it comprises:

Each byte in second state matrix is carried out inverse affine transformation, obtain inverse affine transformation matrix;

By each byte in described inverse affine transformation matrix from finite field gf (2 ⁸) transform to compositum GF ((2 ⁴) ²), obtain the second compositum matrix;

Second compositum matrix described in buffer memory, and the second inversion operation enabled instruction is generated after wait the 4th delay time;

According to described second inversion operation enabled instruction, at compositum GF ((2 ⁴) ²) on utilize XOR, obtain the second multiplicative inverse based on described second compositum matrix;

Second multiplicative inverse described in buffer memory, and the second transform operation enabled instruction is generated after wait the 5th delay time;

According to described second transform operation enabled instruction, by described multiplicative inverse from compositum GF ((2 ⁴) ²) transform to finite field gf (2 ⁸), obtain the second finite field matrix;

The data of different rows in described second finite field matrix are carried out inverse cyclic shift according to different side-play amount, obtains the displacement transformation matrix that drives in the wrong direction;

Drive in the wrong direction described in buffer memory displacement transformation matrix, and after wait the 6th delay time, generate the enabled instruction of row mixing transform operation;

According to the enabled instruction of described row mixing transform operation, perform row mixing inverse transformation and InvAddRoundKey conversion successively to described retrograde displacement transformation matrix, the second intermediate object program after decryption transformation process is taken turns in acquisition execution one.

Wherein in an embodiment, in described method, described 4th delay time is less than or equal to a clock cycle with the 5th delay time, the 6th delay time sum.

Based on a device for AES encryption/decipherment algorithm, it is characterized in that, this device comprises multiple cycle calculations module connected successively, and each cycle calculations module comprises:

First transform domain operations module, for will input state matrix in each byte from finite field gf (2 ⁸) up-convert into compositum GF ((2 ⁴) ²);

To invert element computing module, for will the state matrix of input at compositum GF ((2 ⁴) ²) on utilize XOR to obtain multiplicative inverse;

Second transform domain operations module, for will input state matrix from compositum GF ((2 ⁴) ²) transform to finite field gf (2 ⁸);

Affine transformation/affine inverse transform module, for carrying out affine transformation or affine inverse transformation by the byte in finite field;

Line displacement conversion/line displacement inverse transform module, for the data by different rows in the state matrix of input, carries out cyclic shift or inverse cyclic shift according to different side-play amount;

Mixcolumns/row mixing inverse transform module, carries out mixcolumns or row mixing inverse transformation for each byte in the state matrix to input;

InvAddRoundKey conversion module, for carrying out XOR process by the state matrix of input and round key;

According to the cryptographic calculation instruction received, first state matrix is inputed to described first transform domain operations module and obtain the first compositum matrix, by the first compositum matrix described in the first register cell buffer memory, and export after waiting for the first delay time the first inversion operation enabled instruction to described in invert element computing module, described element computing module of inverting receives described first compositum matrix and obtains the first multiplicative inverse, by the first multiplicative inverse described in the second register cell buffer memory, and after wait second delay time, export the first transform operation enabled instruction to described second transform domain operations module, described second transform domain operations module receives described first multiplicative inverse and obtains the first finite field matrix, described first finite field matrix is inputted successively after described affine transformation/affine inverse transform module and described line displacement conversion/line displacement inverse transform module carry out affine transformation and row cyclic shift respectively and obtain the first intermediateness matrix, by the first intermediateness matrix described in the 3rd register cell buffer memory, and after wait the 3rd delay time, export mixcolumns operation start command to described mixcolumns/row mixing inverse transform module, described first intermediateness matrix is successively through described mixcolumns/row mixing inverse transform module, obtain after described InvAddRoundKey conversion module carries out mixcolumns and XOR respectively execution one take turns enciphering transformation process after the first intermediate object program,

According to the decrypt operation instruction received, second state matrix is inputted successively described affine transformation/affine inverse transform module and described second transform domain operations module, obtain the second compositum matrix, by the second compositum matrix described in the 4th register cell buffer memory, and export after wait the 4th delay time the second inversion operation enabled instruction to described in invert element computing module, described element computing module of inverting receives described second compositum matrix and obtains the second multiplicative inverse, by the second multiplicative inverse described in the 5th register cell buffer memory, and after wait the 5th delay time, export the second transform operation enabled instruction to described first transform domain operations module, described second multiplicative inverse is successively by obtaining the displacement transformation matrix that drives in the wrong direction after described first transform domain operations module and line displacement conversion/line displacement inverse transform module, by the displacement transformation matrix that drives in the wrong direction described in the 6th register cell buffer memory, and after wait the 6th delay time, export the enabled instruction of row mixing transform operation to described mixcolumns/row mixing inverse transform module, described retrograde displacement transformation matrix is successively through described mixcolumns/row mixing inverse transform module, described InvAddRoundKey conversion module carry out respectively arrange mixing inverse transformation and XOR after obtain execution one take turns decryption transformation process after the second intermediate object program.

Wherein in an embodiment, described device also comprises:

Wheel inter-register group, for storing the first intermediate object program or the second intermediate object program that each cycle calculations module obtains, and generates wheel circulation enabled instruction to all cycle calculations modules at next clock temporarily.

Wherein in an embodiment, described device also comprises:

Wheel number control module, for according to arrange encryption or decryption rounds calculation times, read the round key needed for each cycle calculations, when the first intermediate object program that the cryptographic calculation instruction of each foundation or decrypt operation instruction obtain or the second intermediate object program input in next cycle calculations module, the round key of reading is inputed to described next cycle calculations module.

Wherein in an embodiment, described line displacement conversion/line displacement inverse transform module comprises: the line displacement converter unit utilizing selector to form and the line displacement inverse transformation block utilizing selector to form;

Described line displacement converter unit and described line displacement inverse transformation block include at least N group selector, and the columns that the number of described N group selector equals the state matrix inputting described line displacement conversion/line displacement inverse transform module is multiplied by line number and subtracts the long-pending of the difference of two; Two inputs of each selector access the value of any two positions in wherein a line to be shifted of described state matrix, and the output of described each selector is as the value on any position in corresponding line in the state matrix exported.

Wherein in an embodiment, described mixcolumns/row mixing inverse transform module comprises many groups the first arithmetic element, and each is organized the first arithmetic element and comprises:

First XOR unit, for receiving the first value of the i-th position of wherein row in described state matrix, makes XOR by the second value on this value and adjacent position;

First multiplying unit, for the Output rusults of described first XOR unit and a preset value are carried out multiplication operation, obtains the first result of product;

Second XOR unit, for by described first result of product successively with described wherein one arrange in the value of all the other positions carry out XOR continuously, obtain the value of the i-th position in cryptographic calculation result in these row.

Wherein in an embodiment, described mixcolumns/row mixing inverse transform module also comprises at least two group second arithmetic elements, described each organize the second arithmetic element and comprise:

First XOR unit, for by described first value and described wherein one arrange in the 3rd value on the i-th+2 position carry out XOR;

Second XOR unit, carries out XOR for the 3rd value on the first result of product of described first value correspondence acquisition and described i-th+2 position is corresponded to the first result of product obtained in the first arithmetic element;

3rd XOR unit, for carrying out XOR by the Output rusults of described first XOR unit and described second XOR unit;

Second multiplying unit, for the Output rusults of described 3rd XOR unit and described preset value are carried out multiplication operation, obtains the second result of product;

3rd multiplying unit, for described second result of product and described preset value are carried out multiplication operation, obtains the 3rd result of product;

4th XOR unit, for the value of the i-th position in these row in described cryptographic calculation result and described 3rd result of product are carried out XOR, obtains the value of the i-th position in decrypt operation result in these row;

5th XOR unit, for the value of the i-th+2 position in these row in described cryptographic calculation result and described 3rd result of product are carried out XOR, obtains the value of the i-th+2 position in decrypt operation result in these row.

For the extensive use of AES enciphering and deciphering algorithm, the present invention is based on pipelining and devise and a kind of there is the external interface of simple general-purpose, transplantable AES encryption and decryption IP kernel, effectively can avoid design iterations, improve design efficiency; For tediously long, complicated key schedule and enciphering and deciphering algorithm, devise exclusive inside and outside two-layer streamline and parallel algorithm, obtain very high data throughput; For cryptographic algorithm and the high symmetry of decipherment algorithm, adopt the methods for designing such as resource-sharing, greatly improve hardware resource utilization, reduce chip area.

Accompanying drawing explanation

Fig. 1 is the structural representation of an embodiment of apparatus of the present invention;

Fig. 2 is round transformation inner flow line flow path block diagram when encrypting in an embodiment of apparatus of the present invention;

Fig. 3 is round transformation inner flow line flow path block diagram when deciphering in an embodiment of apparatus of the present invention;

Fig. 4 is the structural representation of another embodiment of apparatus of the present invention;

Fig. 5 is the structure chart of element of inverting in compositum in an embodiment of apparatus of the present invention;

Fig. 6 is the row shift circuit structure chart of encryption and decryption resource sharing in an embodiment of apparatus of the present invention;

Fig. 7 is the inverse mixcolumns circuit structure diagram that in an embodiment of apparatus of the present invention, byte level matrix launches.

Embodiment

The present invention is based on AES encryption algorithm, provide a kind of device based on AES encryption/decipherment algorithm based on flowing water control technology, it improves the deficiency of hardware implementing aes algorithm in area, power consumption and speed, effectively can avoid design iterations, improves design efficiency; For tediously long, complicated key schedule and enciphering and deciphering algorithm, devise exclusive streamline and parallel algorithm, obtain very high data throughput.Each embodiment of the present invention is described in detail below with reference to accompanying drawing.

As shown in Figure 1, in one embodiment of the present of invention, provide a kind of device based on AES encryption/decipherment algorithm, it comprises multiple cycle calculations module 100 connected successively, and each cycle calculations module 100 comprises following functions module:

First transform domain operations module 111, for will input state matrix in each byte from finite field gf (2 ⁸) up-convert into compositum GF ((2 ⁴) ²);

To invert element computing module 112, for will the state matrix of input at compositum GF ((2 ⁴) ²) on utilize XOR to obtain multiplicative inverse;

Second transform domain operations module 113, for will input state matrix from compositum GF ((2 ⁴) ²) transform to finite field gf (2 ⁸);

Affine transformation/affine inverse transform module 114, for the byte in finite field is carried out affine transformation or affine inverse transformation, obtains the state matrix after byte replacement;

Line displacement conversion/line displacement inverse transform module 120, for the data by different rows in the state matrix of input, carries out cyclic shift or inverse cyclic shift according to different side-play amount;

Mixcolumns/row mixing inverse transform module 130, carries out mixcolumns or row mixing inverse transformation for each byte in the state matrix to input;

InvAddRoundKey conversion module 140, for carrying out XOR process by the state matrix of input and round key;

See the solid arrow trend in Fig. 1, according to the cryptographic calculation instruction received, first state matrix is inputed to above-mentioned first transform domain operations module 111 and obtain the first compositum matrix, by the above-mentioned first compositum matrix of the first register cell 151 buffer memory, and export the first inversion operation enabled instruction after waiting for the first delay time to above-mentioned element computing module 112 of inverting, above-mentioned element computing module 112 of inverting receives above-mentioned first compositum matrix and obtains the first multiplicative inverse, by above-mentioned first multiplicative inverse of the second register cell 152 buffer memory, and after wait second delay time, export the first transform operation enabled instruction to above-mentioned second transform domain operations module 114, above-mentioned second transform domain operations module 114 receives above-mentioned first multiplicative inverse and obtains the first finite field matrix, above-mentioned first finite field matrix is inputted successively after above-mentioned affine transformation/affine inverse transform module 114 and above-mentioned line displacement conversion/line displacement inverse transform module 120 carry out affine transformation and row cyclic shift respectively and obtain the first intermediateness matrix, by the above-mentioned first intermediateness matrix of the 3rd register cell 153 buffer memory, and after wait the 3rd delay time, export mixcolumns operation start command to above-mentioned mixcolumns/row mixing inverse transform module 130, above-mentioned first intermediateness matrix is successively through above-mentioned mixcolumns/row mixing inverse transform module 130, obtain after above-mentioned InvAddRoundKey conversion module 140 carries out mixcolumns and XOR respectively execution one take turns enciphering transformation process after the first intermediate object program, concrete, if first cycle calculations module 100, the first state matrix then inputted is the byte matrix formed after clear data grouping, if the cycle calculations module 100 of centre, then the first state matrix herein should be the first intermediate object program that a upper cycle calculations module 100 exports, Hereinafter the same.

See the dotted arrow trend in Fig. 1, according to the decrypt operation instruction received, second state matrix is inputted successively above-mentioned affine transformation/affine inverse transform module 114 and above-mentioned second transform domain operations module 113, obtain the second compositum matrix, by the above-mentioned second compositum matrix of the 4th register cell 154 buffer memory, and after wait the 4th delay time, export the second inversion operation enabled instruction to above-mentioned element computing module 112 of inverting, above-mentioned element computing module 112 of inverting receives above-mentioned second compositum matrix and obtains the second multiplicative inverse, by above-mentioned second multiplicative inverse of the 5th register cell 155 buffer memory, and after wait the 5th delay time, export the second transform operation enabled instruction to above-mentioned first transform domain operations module 111, above-mentioned second multiplicative inverse is successively by obtaining the displacement transformation matrix that drives in the wrong direction after above-mentioned first transform domain operations module 111 and line displacement conversion/line displacement inverse transform module 120, by the above-mentioned retrograde displacement transformation matrix 120 of the 6th register cell 156 buffer memory, and after wait the 6th delay time, export the enabled instruction of row mixing transform operation to above-mentioned mixcolumns/row mixing inverse transform module 130, above-mentioned retrograde displacement transformation matrix is successively through above-mentioned mixcolumns/row mixing inverse transform module 130, above-mentioned InvAddRoundKey conversion module 140 carry out respectively arrange mixing inverse transformation and XOR after obtain execution one take turns decryption transformation process after the second intermediate object program.Particularly, if first cycle calculations module 100, the second state matrix then inputted is the byte matrix formed after encrypt data grouping, if the cycle calculations module 100 of centre, then the second state matrix herein should be the second intermediate object program that a upper cycle calculations module 100 exports, Hereinafter the same.Wherein, the first transform domain operations module 111, element computing module 112, second transform domain operations module 113 of inverting and affine transformation/affine inverse transform module 114 form byte alternative transforms module 110.Further, above-mentioned multiple register cell comprises at least one register element or register architecture.

Based on above-described embodiment, the present invention takes turns in calculating in each of cryptographic algorithm or decipherment algorithm and adopts segmental operating type, such as, in one embodiment of the invention, as shown in Figure 2, a kind of flowing water control method based on AES encryption algorithm, it comprises the following steps:

Step 210, by each byte in the first state matrix from finite field gf (2 ⁸) up-convert into compositum GF ((2 ⁴) ²), obtain the first compositum matrix;

Step 220, the above-mentioned first compositum matrix of buffer memory, and after waiting for the first delay time, generate the first inversion operation enabled instruction;

Step 230, according to above-mentioned first inversion operation enabled instruction, at compositum GF ((2 ⁴) ²) on utilize XOR, obtain the first multiplicative inverse based on above-mentioned first compositum matrix;

Step 240, above-mentioned first multiplicative inverse of buffer memory, and the first transform operation enabled instruction is generated after wait second delay time;

Step 250, according to above-mentioned first transform operation enabled instruction, by above-mentioned multiplicative inverse from compositum GF ((2 ⁴) ²) transform to finite field gf (2 ⁸), obtain the state matrix after the first finite field matrix and byte replacement process, after above-mentioned first finite field matrix being carried out successively affine transformation and line displacement conversion, obtain the first intermediateness matrix;

Step 260, the above-mentioned first intermediateness matrix of buffer memory, and mixcolumns operation start command is generated after wait the 3rd delay time;

Step 270, according to above-mentioned mixcolumns operation start command, carry out mixcolumns and InvAddRoundKey conversion successively to above-mentioned first intermediateness matrix, the first intermediate object program after enciphering transformation process is taken turns in acquisition execution one.

And for example, in another embodiment of the present invention, as shown in Figure 3, a kind of flowing water control method based on AES decipherment algorithm, it comprises the following steps:

Step 310, carries out inverse affine transformation by each byte in the second state matrix, obtain inverse affine transformation matrix, by each byte in above-mentioned inverse affine transformation matrix from finite field gf (2 ⁸) transform to compositum GF ((2 ⁴) ²), obtain the second compositum matrix;

Step 320, the above-mentioned second compositum matrix of buffer memory, and the second inversion operation enabled instruction is generated after wait the 4th delay time;

Step 330, according to above-mentioned second inversion operation enabled instruction, at compositum GF ((2 ⁴) ²) on utilize XOR, obtain the second multiplicative inverse based on above-mentioned second compositum matrix;

Step 340, above-mentioned second multiplicative inverse of buffer memory, and the second transform operation enabled instruction is generated after wait the 5th delay time;

Step 350, according to above-mentioned second transform operation enabled instruction, by above-mentioned multiplicative inverse from compositum GF ((2 ⁴) ²) transform to finite field gf (2 ⁸), obtain the second finite field matrix (namely byte replaces the state matrix after process), the data of different rows in above-mentioned second finite field matrix are carried out inverse cyclic shift according to different side-play amount, obtains the displacement transformation matrix that drives in the wrong direction;

Step 360, the above-mentioned retrograde displacement transformation matrix of buffer memory, and after wait the 6th delay time, generate the enabled instruction of row mixing transform operation;

Step 370, according to the enabled instruction of above-mentioned row mixing transform operation, perform row mixing inverse transformation and InvAddRoundKey conversion successively to above-mentioned retrograde displacement transformation matrix, the second intermediate object program after decryption transformation process is taken turns in acquisition execution one.

As fully visible, due to take turns inner flowing water be one round transformation inside adopt segmental, for ciphering process, wherein inner flowing water is divided into four flowing water sections, wherein, byte alternative transforms SubBytes and line displacement conversion ShiftRows is divided into three flowing water sections, and mixcolumns Mixcolumns and InvAddRoundKey conversion AddroundKey is a flowing water section.Byte alternative transforms SubBytes and line displacement convert three flowing water sections of ShiftRows conversion respectively: first flowing water section: will input data from territory GF (2 ⁸) transform to compositum GF ((2 ⁴) ²), insert one-level pipeline register afterwards.Second flowing water section: at territory GF ((2 ⁴) ²) in invert element, insert one-level pipeline register afterwards.3rd flowing water section: by data from compositum GF ((2 ⁴) ²) transform to territory GF (2 ⁸), be that affine transformation is carried out to data afterwards, be then ShiftRows operation, insert one-level pipeline register here.Then be the 4th the flowing water section that mixcolumns Mixcolumns and InvAddRoundKey conversion AddroundKey are formed.In ciphering process, the block diagram of the streamline of a round transformation inside as shown in Figure 2.The inside flowing water of deciphering is also divided into four flowing water sections, as shown in Figure 3, and first flowing water section: input data are carried out inverse affine transformation, then by transformation results from territory GF (2 ⁸) transform to compositum GF ((2 ⁴) ²), insert one-level pipeline register afterwards.Second flowing water section: at territory GF ((2 ⁴) ²) in invert element, insert one-level pipeline register afterwards.3rd flowing water section: by data from compositum GF ((2 ⁴) ²) transform to territory GF (2 ⁸), then carry out InvshiftRowS operation, insert one-level pipeline register afterwards.4th flowing water section: row mixing inverse transformation and InvAddRoundKey conversion.Flowing water by the way controls, and makes above-mentioned first delay time be less than or equal to a clock cycle with the second delay time, the 3rd delay time sum; Above-mentioned 4th delay time is less than or equal to a clock cycle with the 5th delay time, the 6th delay time sum, then can ensure that the time controling of each group data processing is within a clock.In order to data processing speed fast as far as possible can be reached, the process time delay of each section will be made as far as possible equal when division flowing water section, i.e. above-mentioned first delay time and the second delay time, the 3rd delay time approximately equal, above-mentioned 4th delay time and the 5th delay time, the 6th delay time approximately equal.

In another preferred embodiment of the invention, as shown in Figure 4, the above-mentioned device based on AES encryption/decipherment algorithm also comprises:

Wheel number control module 170, for according to arrange encryption or decryption rounds calculation times, read the round key needed for each cycle calculations, when the first intermediate object program that the cryptographic calculation instruction of each foundation or decrypt operation instruction obtain or the second intermediate object program input in next cycle calculations module, the round key of reading is inputed to above-mentioned next cycle calculations module, until complete the calculating of all cycle calculations modules, then obtain cryptographic calculation result or decrypt operation result, cycle calculations is taken turns in usual employing 10, then all expansion then needs 10 cycle calculations modules.In addition, " AES-128 " has 10 and takes turns similarity transformation, therefore, in another example of the present invention, the present invention adopts and takes turns circulation deployed configuration completely, is all launched by 10 round transformations, between wheel and wheel, insert register afterwards, realize the outside flowing water of round transformation.Specifically, the above-mentioned device based on AES encryption/decipherment algorithm also comprises:

Wheel inter-register group 160, for storing the first intermediate object program or the second intermediate object program that each cycle calculations module 100 obtains, and generates wheel circulation enabled instruction to all cycle calculations modules at next clock temporarily.Preferably, in the middle of every two cycle calculations modules, insert connection register, this register comprises at least one register architecture or register element.Preferably, the above-mentioned time delay taking turns each register element or register architecture in inter-register group is identical.

Based on above-described embodiment, after the present invention adopts the method for designing of streamline, for each grade of round transformation, because each clock can process one group of data, when next clock arrives, this unit can accept the data sent here from upper level streamline, the processed data completed are delivered to next stage streamline simultaneously, namely send into next round transformation, data that are to be encrypted like this or deciphering constantly can enter processing unit.For the data of a grouping, enter 10 round transformations successively in 10 clock cycle of continuous print, after 10 clock cycle process, the data of this grouping just can complete encryption or deciphering.After employing pipeline processes, often organize data only needs about 1 clock cycle can complete encryption or deciphering.

Based on above-described embodiment, the byte alternative transforms that above-mentioned first transform domain operations module 111, element computing module 112, second transform domain operations module 113 of inverting, affine transformation/affine inverse transform module 114 mainly realize.The byte alternative transforms of ciphering process and the byte of decrypting process substitute inverse transformation and can realize by the mode of tabling look-up, but this needs a large amount of hardware resource of cost to carry out the huge form of stored number.Such as, for " AES-128 ", 128bit data are totally 16 bytes, when carrying out linear transformation, encryption and decryption need to use 16 substitution tables all respectively, also need to use 4 substitution tables at round key expansion in addition, need so altogether to use 36 forms, often open form and to coexist storage 256 bytes, these forms of such storage need the space of 9KB altogether, and this is a huge hardware spending.But on the basis that hardware resource shares, take transform domain account form to address this problem in the present invention.Therefore, byte alternative transforms is divided into four independent unit calculated to realize by the present invention, be respectively above-mentioned first transform domain operations module 111, element computing module 112, second transform domain operations module 113 of inverting and affine transformation/affine inverse transform module 114, thus realize when encryption and decryption process each other inverse process, perform the corresponding calculating in deciphering and encryption and decryption process respectively by sharing three function calculating modules on hardware, thus reduce the hardware spending needing the form stored to take.The specific implementation of above-mentioned modules will be explained in detail below.Usual AES encryption process operates on the byte matrix of 4 × 4, this matrix and state matrix, its initial value is exactly a plaintext or ciphertext block (in matrix, element size is exactly a Byte expressly in block), therefore following process all processes based on this byte matrix of 4 × 4, and is all byte matrixes of one 4 × 4 for the input and output matrix of each module above-mentioned.Because territory GF (2 ⁸) can be regarded as territory GF (2 ⁴) expansion, therefore by territory GF (2 ⁸) regard territory GF (2 as ⁴) secondary expansion after be beneficial to hardware implementing.Territory GF (2 ⁸) on element a can be expressed as with territory GF (2 ⁴) in element be linear polynomial, that is: an a=bx+c of coefficient, wherein a ∈ GF (2 ⁸), b, c ∈ GF (2 ⁴).These polynomial two coefficients are all the numbers of 4 bits, represent with [b, c].Then allly be applied in territory GF (2 ⁸) Mathematical treatment of upper element can be equivalent to this polynomial computing.

So above-mentioned first transform domain operations module is used for each byte in the state matrix of input from finite field gf (2 ⁸) up-convert into compositum GF ((2 ⁴) ²).If byte a is finite field gf (2 ⁸) upper element, the binary representation of a is: { a ₇a ₆a ₅a ₄a ₃a ₂a ₁a ₀.B and c is territory GF (2 ⁴) on element, binary representation is { b respectively ₃b ₂b ₁b ₀and _c3c ₂c ₁c ₀.If a transforms to finite field gf (2 ⁸) after be a ^~, a ^~territory GF (2 can be used ⁴) on element b and c represent, then a ^~=Trans (a)=bx+c.According to the character of mathematically compositum conversion, can obtain a, b, c have following conversion relation:

b_{3} = t_{2}, b_{2} = t_{2} &CirclePlus; {a_{3}}^{~} &CirclePlus; {a_{2}}^{~}, b_{1} = t_{1} &CirclePlus; t_{3}, b_{0} = t_{3} &CirclePlus; {a_{5}}^{~},

c_{3} = {a_{4}}^{~} &CirclePlus; {a_{2}}^{~}, c_{2} = t_{1}, c_{1} = {a_{1}}^{~} &CirclePlus; {a_{2}}^{~}, c_{0} = t_{3} &CirclePlus; {a_{0}}^{~} &CirclePlus; {a_{5}}^{~},

Wherein

t_{1} = {a_{1}}^{~} &CirclePlus; {a_{7}}^{~}, t_{2} = {a_{5}}^{~} &CirclePlus; {a_{7}}^{~}, t_{3} = {a_{4}}^{~} &CirclePlus; {a_{6}}^{~} .

Above-mentioned invert element computing module for will input state matrix at compositum GF ((2 ⁴) ²) on utilize XOR to obtain multiplicative inverse.

Known a ^~=bx+c is compositum GF ((2 ⁴) ²) in element, its inverse element a ^-1=gx+h, wherein g and h is territory GF (2 ⁴) on element.There is relational expression: wherein symbol herein with represent finite field gf (2 respectively ⁴) on multiplication and addition.Can be found out by formula above and ask territory GF ((2 ⁴) ²) on inverse element a ^-1be converted into now finite field gf (2 ⁴) addition, multiplication, square and inversion operation, wherein add operation is very simple, is exactly directly carry out xor operation.For other three kinds of operation methods, details are as follows: establish a (x) and b (x) to be all territory GF (2 ⁴) on element, binary representation is { a respectively ₃a ₂a ₁a ₀and { b ₃b ₂b ₁b ₀, m ₄(x)=x ⁴the irreducible function that+x+1 will use when being this territory comultiplication computing, represent operation result with p (x), then the p (x) obtained also is the element on territory, if the binary representation of p (x) is { p ₃p ₂p ₁p ₀, then: above-mentioned element computing module of inverting can comprise following functions unit:

The first, for territory GF (2 ⁴) in element a (x) of sign linear polynomial coefficient and b (x) carry out the multiplication unit of multiplying; Specific as follows:

If a (x)=a ₃x ³+ a ₂x ²+ a ₁x+a ₀, b (x)=b ₃x ³+ b ₂x ²+ b ₁x+b ₀, tried to achieve by series of computation conversion:

p (x) = a (x) &CircleTimes; b (x) = p_{3} x^{3} + p_{2} x^{2} + p_{1} x + p_{0} :

p_{3} = a_{3} b_{0} &CirclePlus; a_{2} b_{1} &CirclePlus; a_{1} b_{2} &CirclePlus; t_{1} b_{3}, p_{2} = a_{2} b_{0} &CirclePlus; a_{1} b_{1} &CirclePlus; t_{1} b_{2} &CirclePlus; t_{3} b_{3},

p_{1} = a_{1} b_{0} &CirclePlus; t_{1} b_{1} &CirclePlus; t_{2} b_{2} &CirclePlus; (a_{1} &CirclePlus; a_{2}) b_{3}, p_{0} = a_{0} b_{0} &CirclePlus; a_{3} b_{1} &CirclePlus; a_{2} b_{2} &CirclePlus; a_{1} b_{3} .

Wherein

t_{1} = a_{3} &CirclePlus; a_{0}, t_{2} = a_{3} &CirclePlus; a_{2} .

The second, for territory GF (2 ⁴) in element a (x) carry out the square operation unit of square operation, shown in specific as follows:

P (x)=a (x) ²modm ₄x (), utilizes multiplication derivation above, can draw square result calculated easily, obtain: p through computing abbreviation ₃=a ₃, p ₁=a ₂,

3rd, for computational fields GF (2 ⁴) in the computing unit of inverse element of element a (x), shown in specific as follows:

p_{3} = {t_{1} &CirclePlus; a}_{3} b_{0} &CirclePlus; a_{1} a_{3} &CirclePlus; a_{2} a_{3}, p_{2} = a_{1} b_{0} &CirclePlus; a_{2} &CirclePlus; a_{2} a_{0} &CirclePlus; a_{3} &CirclePlus; a_{3} a_{0} &CirclePlus; a_{3} a_{2} a_{0},

p_{1} = {a_{1} a_{0} &CirclePlus; a}_{2} a_{0} &CirclePlus; a_{1} a_{2} &CirclePlus; a_{1} a_{3} &CirclePlus; a_{1} a_{1} a_{3}, p_{0} = t_{1} &CirclePlus; a_{0} &CirclePlus; a_{2} a_{0} &CirclePlus; a_{1} a_{2} &CirclePlus; {a_{0} a}_{1} a_{2},

Wherein

t_{1} = a_{3} &CirclePlus; a_{2} &CirclePlus; a_{1} &CirclePlus; a_{3} a_{2} a_{1} .

Based on above-mentioned three unit, build as shown in Figure 5 at territory GF ((2 ⁴) ²) on the invert circuit structure of element see Fig. 3.

Above-mentioned second transform domain operations module is used for the state matrix of input from compositum GF ((2 ⁴) ²) transform to finite field gf (2 ⁸).Particularly, if compositum GF ((2 ⁴) ²) on element a ^~one transforms to territory GF (2 ⁸) upper after be a, namely have a=Trans ^-1(bx+c), then a, b, c have following relation:

Wherein

t_{1} = c_{1} &CirclePlus; b_{3}, t_{2} = b_{0} &CirclePlus; b_{1} .

By above three the first transform domain operations modules 111, element computing module 112, second transform domain operations module 113 of inverting, the method of calculating can be adopted to try to achieve inverse element thus avoid and store inverse element table, just can obtain territory GF (2 with very little hardware costs like this ⁸) on inverse element, thus whole byte is replaced and byte is inverse replaces conversion and avoid employing lookup table mode and realize, saves a large amount of hardware spendings.

Above-mentioned affine transformation/affine inverse transform module is for carrying out affine transformation or affine inverse transformation by the byte in finite field.Preferably, the multiplicative inverse of each byte can be obtained after above-mentioned three the first transform domain operations modules 111, element computing module 112, second transform domain operations module 113 of inverting, complete SubBytes (byte alternative transforms, namely be a nonlinear transformation, this conversion utilizes substitution table S-box (be called for short S box) to carry out replacement operation to each byte in state matrix) a part.Byte alternative transforms SubBytes is for building S box, and it is reversible, and it obtains by asking multiplicative inverse and affine transformation two step to convert:

First, each table of bytes is shown as finite field gf (2 ⁸) on form, obtain the multiplicative inverse of each byte afterwards.The definition of multiplicative inverse is: for byte A, if can find a respective value A ^-1, make { A ^-1a}mod{m (x) }=1, then claim A ^-1for the multiplicative inverse of A.In fact, A is also A ^-1multiplicative inverse, m (x) here=x ⁸+ x ⁴+ x ³+ x+1.

Then, to the affine transformation that the multiplicative inverse obtained is carried out below:

b_{i} = b_{i} &CirclePlus; b_{(i + 4) \mod 8} &CirclePlus; b_{(i + 5) \mod 8} &CirclePlus; b_{(i + 6) \mod 8} &CirclePlus; b_{(i + 7) \mod 8} &CirclePlus; c_{i}, 0 \leq i < 8

Wherein b _ibe replaced the i-th bit in byte, c _ithat { 63} i.e. { i-th bit of 01100011}.Represent that this affine transformation is as follows by the form of matrix:

[\begin{matrix} b_{0}^{'} \\ b_{1}^{'} \\ b_{2}^{'} \\ b_{3}^{'} \\ b_{4}^{'} \\ b_{5}^{'} \\ b_{6}^{'} \\ b_{7}^{'} \end{matrix}] = [\begin{matrix} 1 & 0 & 0 & 0 & 1 & 1 & 1 & 1 \\ 1 & 1 & 0 & 0 & 0 & 1 & 1 & 1 \\ 1 & 1 & 1 & 0 & 0 & 0 & 1 & 1 \\ 1 & 1 & 1 & 1 & 0 & 0 & 0 & 1 \\ 1 & 1 & 1 & 1 & 1 & 0 & 0 & 0 \\ 0 & 1 & 1 & 1 & 1 & 1 & 0 & 0 \\ 0 & 0 & 1 & 1 & 1 & 1 & 1 & 0 \\ 0 & 0 & 0 & 1 & 1 & 1 & 1 & 1 \end{matrix}] [\begin{matrix} b_{0} \\ b_{1} \\ b_{2} \\ b_{3} \\ b_{4} \\ b_{5} \\ b_{6} \\ b_{7} \end{matrix}] + [\begin{matrix} 1 \\ 1 \\ 0 \\ 0 \\ 0 \\ 1 \\ 1 \\ 0 \end{matrix}]

Utilize above-mentioned two conversion, just can construct S box.Byte alternative transforms is exactly utilize S box to carry out replacement operation to all bytes in state matrix.And namely affine inverse transformation utilizes S box, by the mode of searching, each byte is replaced to corresponding byte, realize the inverse process of affine transformation in encryption.

In addition, above-mentioned line displacement conversion/line displacement inverse transform module, for the data by different rows in the state matrix of input, carries out cyclic shift or inverse cyclic shift according to different side-play amount.In one embodiment of the invention, above-mentioned line displacement conversion/line displacement inverse transform module 120 comprises: the line displacement converter unit utilizing selector to form and the line displacement inverse transformation block utilizing selector to form;

Above-mentioned line displacement converter unit and above-mentioned line displacement inverse transformation block include at least N group selector, and the columns that the number of above-mentioned N group selector equals the state matrix inputting above-mentioned line displacement conversion/line displacement inverse transform module is multiplied by line number and subtracts the long-pending of the difference of two; Two inputs of each selector access the value of any two positions in wherein a line to be shifted of above-mentioned state matrix, and the output of above-mentioned each selector is as the value on any position in corresponding line in the state matrix exported.Such as, as shown in Figure 6, for the byte matrix that the state matrix of input is 4*4, two inputs of selector connect the value in input state matrix in the 1st row on the 1st and 3 positions, then the output of selector can convert as line displacement/the output state matrix of line displacement inverse transform module in the 1st row 0,1,2, the value in 3 on any position.Certain the present invention can also adopt other modes to realize above-mentioned line displacement conversion/line displacement inverse transform module.Preferably, as shown in Figure 6, above-mentioned line displacement converter unit and above-mentioned line displacement inverse transformation block include 8 group selectors.Row displacement be using state matrix in the middle of four bytes of every a line as a unit, according to the row at place, do the cyclic shift of different side-play amount respectively.In order to saving resource in the middle of hardware designs of the present invention, do not utilize shift register to carry out shifting function to each row, but take a mode comparatively cleverly, directly realize displacement by the mode of hard wires.In addition, no matter encrypt or decipher because except the first row need not be shifted in a state matrix, the data of its excess-three row have the change of position, if by row displacement inverse transformation separately design when row displacement during encryption and deciphering, more still decipher according to encryption the words selected and need 12 group selectors altogether.The displacement schematic diagram of the encryption and decryption in comparative analysis arthmetic statement, can the 0th row in Discovery Status matrix and the 2nd row data, being identical after the row displacement of encryption and the row displacement transform operation of deciphering, so do not need selector and direct line realizes just passable.At the 1st row and the 3rd row, need the switching carrying out data with 8 group selectors altogether.According to such mode, use X _i,jand Y _i,jbefore representing displacement respectively, i-th row in state matrix after displacement, the byte of jth row, when then encrypting after resource sharing, the structure chart of shiftrows and row displacement inverse transformation when deciphering as shown in Figure 6, above-mentioned line displacement converter unit and above-mentioned line displacement inverse transformation block include 8 group selectors, wherein in four group selectors, two inputs of every group selector access the value of any two positions in the 1st row to be shifted of above-mentioned state matrix and the 3rd row respectively, the output of above-mentioned every group selector is as the value of any position in the 1st row in the state matrix exported and the 3rd row, and above-mentioned line displacement conversion/line displacement inverse transform module 120 inputs side, for access input state matrix in the port of byte data of the 0th row and the 2nd row, the output of the byte data of relevant position in 0th row and the 2nd row in the state matrix that direct connection above-mentioned line displacement conversion/line displacement inverse transform module 120 exports.Above above-mentioned state matrix all refers to the byte matrix of 4*4, and the byte data of corresponding position in the value of relevant position i.e. this byte matrix.

Also as, above-mentioned mixcolumns/row mixing inverse transform module is used for carrying out mixcolumns to each byte in the state matrix of input or row mix inverse transformation.Preferably, in one embodiment of the invention, above-mentioned mixcolumns/row mixing inverse transform module comprises many groups the first arithmetic element, the number of above-mentioned first arithmetic element is the line number in the state matrix of the above-mentioned mixcolumns of input/row mixing inverse transform module, each organizes the byte data of the first arithmetic element for the treatment of wherein row in state matrix, and each is organized the first arithmetic element and at least comprises:

First XOR unit, for receiving the first value of the i-th position of wherein row in above-mentioned state matrix, makes XOR by the second value on this value and adjacent position; When the i-th position has been last the byte element of row in the state matrix of input, then ascend the throne the first character joint element of these row in the position be adjacent.

First multiplying unit, for the Output rusults of above-mentioned first XOR unit and a preset value are carried out multiplication operation, obtains the first result of product;

Second XOR unit, for by above-mentioned first result of product successively with above-mentioned wherein one arrange in the value of all the other positions carry out XOR continuously, obtain the value of the i-th position in cryptographic calculation result in these row.Here i represents the location variable of the byte elements of certain row in the state matrix of input mixcolumns/row mixing inverse transform module, if using the byte matrix of 4*4 as above-mentioned state matrix, then and i ∈ (0,1,2,3).Above-mentioned first XOR unit, the first multiplying unit and the second XOR unit comprise at least one for performing the hardware configuration of computing, for multiple byte elements of certain row in state matrix, carry out the mixcolumns that carries out of byte data to wherein row in state matrix by arranging in the first XOR unit, the first multiplying unit and the second XOR unit for the hardware configuration number of computing.

The cardinal principle that above-mentioned many group first arithmetic elements adopt is as follows, and the calculating process inputted using the byte matrix of 4*4 as above-mentioned state matrix below after above-mentioned mixcolumns/row mixing inverse transform module is:

Mixcolumns expression formula during encryption is:

(\begin{matrix} b_{3} \\ b_{2} \\ b_{1} \\ b_{0} \end{matrix}) = (\begin{matrix} 02 & 03 & 01 & 01 \\ 01 & 02 & 03 & 01 \\ 01 & 01 & 02 & 03 \\ 03 & 01 & 01 & 02 \end{matrix}) \cdot (\begin{matrix} a_{3} \\ a_{2} \\ a_{1} \\ a_{0} \end{matrix})

Wherein, b _irepresent the column data that encryption exports, a _irepresent the wherein row in the state matrix of the above-mentioned mixcolumns of input/row mixing inverse transform module, i ∈ (0,1,2,3), after expansion:

b_{0} = 2 a_{0} &CirclePlus; 3 a_{1} &CirclePlus; a_{2} &CirclePlus; a_{3} = 2 (a_{0} &CirclePlus; a_{1}) &CirclePlus; a_{1} &CirclePlus; (a_{2} &CirclePlus; a_{3}) = g_{0} &CirclePlus; a_{1} &CirclePlus; f_{2},

b_{1} = a_{0} &CirclePlus; 2 a_{1} &CirclePlus; {3 a}_{2} &CirclePlus; a_{3} = 2 (a_{2} &CirclePlus; a_{1}) &CirclePlus; a_{2} &CirclePlus; (a_{0} &CirclePlus; a_{3}) = g_{1} &CirclePlus; a_{2} &CirclePlus; f_{3},

b_{2} = a_{0} &CirclePlus; a_{1} &CirclePlus; {2 a}_{2} &CirclePlus; {3 a}_{3} = 2 (a_{2} &CirclePlus; a_{3}) &CirclePlus; a_{3} &CirclePlus; (a_{0} &CirclePlus; a_{1}) = g_{2} &CirclePlus; a_{3} &CirclePlus; f_{0},

b_{3} = 3 a_{0} &CirclePlus; a_{1} &CirclePlus; a_{2} &CirclePlus; {2 a}_{3} = 2 (a_{0} &CirclePlus; a_{3}) &CirclePlus; a_{0} &CirclePlus; (a_{1} &CirclePlus; a_{2}) = g_{3} &CirclePlus; a_{0} &CirclePlus; f_{1},

Wherein:

f_{0} = a_{0} &CirclePlus; a_{1}, g_{0} = 2 (a_{0} &CirclePlus; a_{1}) = xtime (f_{0}), f_{1} = a_{1} &CirclePlus; a_{2}, g_{1} = 2 (a_{1} &CirclePlus; a_{2}) = xtime (f_{1}),

f_{2} = a_{2} &CirclePlus; a_{3}, g_{2} = 2 (a_{2} &CirclePlus; a_{3}) = xtime (f_{2}), f_{3} = a_{3} &CirclePlus; a_{0}, g_{3} = 2 (a_{3} &CirclePlus; a_{0}) = xtime (f_{3}),

Xtime (x) computing is namely to 8 bit numbers and the { computing that 02} (preset value namely mentioned herein) is multiplied of input.

And for decrypting process, the present invention carrys out secure processing device encrypts calculating in conjunction with the hardware space of above-mentioned computations herein, then in yet another embodiment of the present invention, above-mentioned mixcolumns/row mixing inverse transform module also comprises at least two group second arithmetic elements, above-mentioned every two group of second arithmetic element is for the treatment of the byte data of wherein row in state matrix, and each is organized the second arithmetic element and at least comprises with lower unit:

First XOR unit, for by above-mentioned first value first value of the i-th position of row (in the state matrix namely inputted wherein) and above-mentioned wherein one arrange in the 3rd value on the i-th+2 position carry out XOR;

Second XOR unit, for carrying out XOR by the Output rusults (i.e. the first result of product of the first value correspondence acquisition) of above-mentioned first multiplying unit with the result (namely above-mentioned 3rd value corresponds to the first result of product obtained in the first arithmetic element) of the first multiplying unit in corresponding the first arithmetic element arranged of the 3rd value on above-mentioned i-th+2 position;

3rd XOR unit, for carrying out XOR by the Output rusults of above-mentioned first XOR unit and above-mentioned second XOR unit;

Second multiplying unit, for the Output rusults of above-mentioned 3rd XOR unit and above-mentioned preset value are carried out multiplication operation, obtains the second result of product;

3rd multiplying unit, for above-mentioned second result of product and above-mentioned preset value are carried out multiplication operation, obtains the 3rd result of product;

4th XOR unit, for the value of the i-th position in these row in above-mentioned cryptographic calculation result and above-mentioned 3rd result of product are carried out XOR, obtains the value of the i-th position in decrypt operation result in these row; And

5th XOR unit, for the value of the i-th+2 position in these row in above-mentioned cryptographic calculation result and above-mentioned 3rd result of product are carried out XOR, obtains the value of the i-th+2 position in decrypt operation result in these row.Here i represents the location variable of the element of certain row in the state matrix of input mixcolumns/row mixing inverse transform module, if using the byte matrix of 4*4 as above-mentioned state matrix, then and i ∈ (0,1,2,3).Above-mentioned first XOR unit, second XOR unit, 3rd XOR unit, second multiplying unit, 3rd multiplying unit, 4th XOR unit and the 5th XOR unit comprise at least one for performing the hardware configuration of computing, for multiple byte elements of certain row in state matrix, by arranging the first XOR unit, second XOR unit, 3rd XOR unit, second multiplying unit, 3rd multiplying unit, come the wherein row mixing inverse transformation carried out of the byte data of row in state matrix for the hardware configuration number performing computing in 4th XOR unit and the 5th XOR unit.

The cardinal principle that above-mentioned second arithmetic element adopts is as follows, and the calculating process inputted using the byte matrix of 4*4 as above-mentioned state matrix below after above-mentioned mixcolumns/row mixing inverse transform module is:

And the matrix notation of row mixing inverse transformation when deciphering is:

(\begin{matrix} c_{3} \\ c_{2} \\ c_{1} \\ c_{0} \end{matrix}) = (\begin{matrix} 0 E & 0 B & 0 D & 09 \\ 09 & 0 E & 0 B & 0 D \\ 0 D & 09 & 0 E & 0 B \\ 0 B & 0 D & 09 & 0 D \end{matrix}) \cdot (\begin{matrix} a_{3} \\ a_{2} \\ a_{1} \\ a_{0} \end{matrix})

Wherein, c _irepresent the column data that deciphering exports, a _irepresent the wherein row in the state matrix of the above-mentioned mixcolumns of input/row mixing inverse transform module, i ∈ (0,1,2,3), this matrix operation is launched, and result is reconfigured, by replacement, final output is represented with the Output rusults of mixcolumns when input and encryption:

c_{0} = i_{0} &CirclePlus; b_{0}, c_{1} = i_{1} &CirclePlus; b_{1}, c_{2} = i_{0} &CirclePlus; b_{2}, c_{3} = i_{1} &CirclePlus; b_{3} .

Wherein:

i ₀＝4h ₀＝xtime(xtime(h ₀))，

h_{0} = g_{0} &CirclePlus; g_{2} &CirclePlus; a_{0} &CirclePlus; a_{2},

i ₁＝4h ₁＝xtime(xtime(h ₁))，

h_{1} = g_{1} &CirclePlus; g_{3} &CirclePlus; a_{1} &CirclePlus; a_{3} .

Adopt byte level rank transformation can multiplexing a big chunk hardware circuit, as shown in Figure 7.

As shown in Figure 7, if adopt basic implementation method encrypted column mixing transformation and deciphering row mixing inverse transformation separately design, although be easy to realize, hardware spending is saved in the contact both effectively not utilizing.Therefore, the present invention analyzes from the aspect of byte row mixing and inverse transformation thereof, shares mode save hardware resource greatly by module.

Finally, above-mentioned InvAddRoundKey conversion module is used for the state matrix of input and round key to carry out XOR process.Due to InvAddRoundKey conversion, what carry out is XOR, and the inverse operation of XOR is exactly XOR itself, so inverse InvAddRoundKey conversion during encryption is identical with InvAddRoundKey conversion inverse in decrypting process, all that round key and state matrix are performed an XOR, with during encryption unlike contrary when the order of, the round key used during deciphering and encryption.

Above-mentionedly see the explanation of foregoing, can be not described in detail in this about the correlation step in the flowing water control method based on AES encryption or decipherment algorithm.

The implementation of each embodiment only for corresponding steps in illustrating is set forth above, then in the not conflicting situation of logic, each embodiment above-mentioned be can mutually combine and form new technical scheme, and this new technical scheme is still in the open scope of this embodiment.

Through the above description of the embodiments, those skilled in the art can be well understood to the mode that above-described embodiment method can add required general hardware platform by software and realize, hardware can certainly be passed through, but in a lot of situation, the former is better execution mode.Based on such understanding, technical scheme of the present invention can embody with the form of software product the part that prior art contributes in essence in other words, this computer software product is carried on a non-volatile computer readable storage medium (as ROM, magnetic disc, CD, server storage) in, comprising some instructions in order to make a station terminal equipment (can be mobile phone, computer, server, or the network equipment etc.) perform system configuration described in each embodiment of the present invention and method.

In sum, key point of the present invention mainly contains two parts: the first, makes full use of mathematical principle and electric circuit characteristic, simplifies circuit structure, realizes resource public, saves hardware spending; The second, in the middle of many wheels cycling of critical path and often wheel operation is inner inserts the pipeline design, improve data processing speed, realize high-speed applications.Wherein first major embodiment, 1 ~ 4 point protection point below, second point major embodiment 5 ~ 6 point protection points below:

1, equivalence deciphering structural design thought, encryption and decryption realization flow is adjusted to consistent, and the hardware resource realizing encryption and decryption module is public;

2, when SubBytes/InvSubBytes and SubWord realizes, study the mathematical principle that its look-up table generates, finally take transform domain account form;

3, when ShiftRows/InvShiftRows realizes, realize principle and electric circuit characteristic according to it, replace 6 group of 3 lt and right-shift register structure with 8 group of two road selector structure;

4, during MixColumns/InvMixColumns design, utilize its mathematical characteristics, matrix computations is decomposed into byte level and calculates, finally realize the shared design in this step of enciphering and deciphering algorithm;

5, the deployed configuration of wheel circulation is completely adopted to 10 round transformations of " AES-128 ", and insert register between wheel with wheel, realize the outside flowing water of round transformation;

6, taken turns the delay time of 4 operating procedures of circulation by research encryption and decryption each time, and decompose each step further, divide rational flowing water section, finally realize the 4 level production line designs that wheel is inner.

The present invention mainly realizes the AES information security IP kernel of high-speed low-power-consumption.In low-power consumption, propose the framework that AES encryption and decryption mechanism is integrated, the increase controllability of chip and the part resource of encryption and decryption can share; Secondly: in byte replacement process, employing finite field converts the mode that element of inverting asks the common look-up table of affine replacement again; In mixcolumns process, at byte level to encrypted column mixing transformation and the hardware resource sharing deciphering inverse mixcolumns; In shiftrows process, by using hard wires to replace register shift operation to save extra register, by analyzing the contact of the capable displacement of encrypting and decrypting, save selector.Finally, consider and require that AES has the ability of process data at high speeds, propose have employed the pipeline system that in wheel, streamline and the outer streamline of wheel combine, drastically increase data-handling efficiency.

The present invention proves feasible through experiment.

1. the present invention realize SubBytes conversion time have employed band streamline territory transformation calculations mode, the simulation experiment result and other three kinds of implementations (namely based on the look-up table of ROM, the transform domain method of tabling look-up, not adopting streamline based on pure combinational logic) result as shown in table 3:

The Contrast on effect of the different implementation of table 1. byte alternative transforms

As seen from the data in Table 1, after adopting territory conversion, hardware spending greatly reduces, and after adding flowing water, processing speed can increase substantially.

2. the present invention have employed the hardware resource shared design of byte level decomposition in the mixing of realization row and row mixing inverse transform module.The experiment proved that, the method, when sacrificing some data processing speeds, can save very large hardware spending, and such method for designing is conducive to the insertion of subsequent pipeline.Experimental result contrast is in table 2.

Table 2 arranges mixing and row mixing inverse transformation three kinds of method for designing Comparative result

The above embodiment only have expressed several execution mode of the present invention, and it describes comparatively concrete and detailed, but therefore can not be interpreted as the restriction to the scope of the claims of the present invention.It should be pointed out that for the person of ordinary skill of the art, without departing from the inventive concept of the premise, can also make some distortion and improvement, these all belong to protection scope of the present invention.Therefore, the protection range of patent of the present invention should be as the criterion with claims.

Claims

1., based on a flowing water control method for AES encryption algorithm, it comprises:

2. the flowing water control method based on AES encryption algorithm according to claim 1, is characterized in that, in described method, described first delay time is less than or equal to a clock cycle with the second delay time, the 3rd delay time sum.

3., based on a flowing water control method for AES decipherment algorithm, it comprises:

4. the flowing water control method based on AES decipherment algorithm according to claim 3, is characterized in that, in described method, described 4th delay time is less than or equal to a clock cycle with the 5th delay time, the 6th delay time sum.

5. based on a device for AES encryption/decipherment algorithm, it is characterized in that, this device comprises multiple cycle calculations module connected successively, and each cycle calculations module comprises:

Line displacement conversion/line displacement inverse transform module, for the data by different rows in the state matrix of input, carries out cyclic shift or inverse cyclic shift according to different side-play amount; And

6. the device based on AES encryption/decipherment algorithm according to claim 5, is characterized in that, described device also comprises:

7. the device based on AES encryption/decipherment algorithm according to claim 5, is characterized in that, described device also comprises:

8. the device based on AES encryption/decipherment algorithm according to claim 5, it is characterized in that, described line displacement conversion/line displacement inverse transform module comprises: the line displacement converter unit utilizing selector to form and the line displacement inverse transformation block utilizing selector to form;

Described line displacement converter unit and described line displacement inverse transformation block include at least N group selector, and the columns that the number of described N group selector equals the state matrix inputting described line displacement conversion/line displacement inverse transform module is multiplied by line number and subtracts the long-pending of the difference of two; Two inputs of each selector access the value of any two positions in wherein a line to be shifted of described state matrix, and the output of described each selector is as the value of any position in corresponding line in the state matrix exported.

9. the device based on AES encryption/decipherment algorithm according to claim 5, is characterized in that, described mixcolumns/row mixing inverse transform module comprises many groups the first arithmetic element, and each is organized the first arithmetic element and comprises:

10. the device based on AES encryption/decipherment algorithm according to claim 9, is characterized in that, described mixcolumns/row mixing inverse transform module also comprises at least two group second arithmetic elements, described each organize the second arithmetic element and comprise:

4th XOR unit, for the value of the i-th position in these row in described cryptographic calculation result and described 3rd result of product are carried out XOR, obtains the value of the i-th position in decrypt operation result in these row; And