HDL source code encryption method based on FPGA hardware system
Technical Field
The invention belongs to the field of integrated circuit design, relates to an HDL (high density hardware) source code encryption technology, and particularly relates to an HDL source code encryption method based on an FPGA (field programmable gate array) hardware system.
Background
Hardware Description Language (HDL), which is an interface between hardware designers and electronic design automation tools, is mainly used for writing design files and establishing a simulation model of electronic system behavior level.
At present, the front-end design method of digital integrated circuits is the mainstream design method using HDL source code (Verilog, VHDL, System Verilog, etc.) as input, and part of code in program operation will be present in the disk of computer in the form of source code. In the digital circuit design flow, there is a measure for protecting the final downloaded bit stream by encryption, so the protection is usually performed in HDL by means of codes or netlists, etc. Since the encryption methods such as codes or netlists exist for a long time, some cracking tools appear at present, and the cracking success rate of the cracking tools exceeds 80%.
Currently, HDL source code encryption is implemented by running encryption software on a host, the means of software encryption is quite common, there is a risk that the code is decoded during transmission, and the security is low, so that there is a need to improve the existing encryption method.
Disclosure of Invention
The invention aims to provide an HDL source code encryption method based on an FPGA hardware system, which is realized by the FPGA hardware system and has the advantages of high encryption speed, less occupied computer resources, high cracking difficulty and high safety.
The technical scheme for realizing the purpose of the invention is as follows: an HDL source code encryption method based on an FPGA hardware system comprises generation of a secure encryption key, encryption of an HDL source file and decryption of the HDL source file.
The generation of the secure encryption key comprises the following steps:
s101, randomly generating a plurality of random numbers by a plurality of sensors of an FPGA hardware system;
s102, encrypting a plurality of random numbers once through mathematical algorithm operation to generate a text key;
s103, secondarily encrypting the text key by an asymmetric ECC elliptic encryption algorithm to generate and store a safe encryption key, and storing a private key of the asymmetric ECC elliptic encryption algorithm;
the encryption of the HDL source file comprises the following steps:
s201, reading a source code in an HDL source file to a computer memory, and forming a text to be encrypted;
s202, encrypting the text to be encrypted through a text key and a symmetrical reversible encryption algorithm to obtain a code ciphertext and storing the code ciphertext.
The principle of the HDL source code encryption method of the invention is as follows: firstly, randomly generating different random numbers through a sensor of an FPGA hardware system, and then carrying out primary calculation encryption by adopting a mathematical algorithm (such as a private mathematical algorithm) to obtain a text key; secondly, when the HDL source file is encrypted, the encrypted text is encrypted through a symmetric reversible encryption algorithm and a text key to form a code ciphertext.
The HDL source code encrypted by the method has the advantages that random numbers generated randomly are not easy to obtain due to a plurality of hardware parameters of an FPGA hardware system; meanwhile, the private mathematical algorithm is not externally disclosed and is defined by an encryptor, and after random numbers are encrypted once, the random numbers are extremely difficult to crack, so that the safety of the HDL source code is improved. In addition, the text key is encrypted for the second time by using the asymmetric ECC elliptic encryption algorithm to obtain a secure encryption key and the secure encryption key is stored in Flash, so that a decipherer cannot directly use the secure encryption key for decryption even if the decipherer obtains the secure encryption key, and the decryption difficulty is increased.
In the invention, the decryption of the HDL source file comprises the following steps:
s301, reading an HDL source file when an interpreter program runs;
s302, reading a private key and a security encryption key, and decrypting the asymmetric ECC elliptic encryption algorithm through the private key to obtain a text key;
s303, decrypting the code ciphertext through a symmetrical reversible encryption algorithm to obtain a code plaintext, and importing the code plaintext into an interpreter for compiling.
In an embodiment of the present invention, in step S101, the plurality of random numbers are generated by using parameter indexes acquired by the plurality of sensors as entropy sources, and performing digital processing.
Further, the hardware parameter index at least comprises one or more of a voltage sensor, a temperature sensor and a current sensor. The sensors of the FPGA hardware system have multiple types, and the data collected by the sensors of the respective types are not invariable but dynamically changed in real time. The random numbers are formed by selecting parameter indexes generated by different sensors, so that the difficulty of decoding the HDL source code is increased.
Further, in step S103, the secure encryption key and the private key are stored in different storage modules. The safe encryption key and the private key are stored and respectively stored, so that when a decipherer deciphers the safe encryption key, the decipherer cannot easily obtain the private key to decipher the safe encryption key.
Preferably, the secure encryption key is stored in one of the Flash chips on the FPGA board, and the private key is stored in the other Flash chips on the FPGA board or stored in the EMMC chip or the mobile storage device.
In an embodiment of the present invention, in step S201, a number of pieces of information of the source code are connected and combined to form header content, and before the header content is added to the source code, a text to be encrypted is formed.
Furthermore, in the step of decrypting the HDL source file, before the code plaintext to be decrypted is led into an interpreter for compiling, the head content in the code plaintext needs to be checked, and whether the head content is changed or not is judged; if the head content is not changed, the code plaintext is led into an interpreter for compiling; if the head content is changed, the compiling is terminated, the decryption program is rechecked, and the code content is rechecked. During decryption, by judging the content of the head part, an encryptor or a user can conveniently and quickly judge whether the HDL source file is decoded and tampered.
Furthermore, as the HDL source file is finally required to be decrypted and released and then enters the interpreter for compiling and running, reversible encryption algorithm encryption is required to be adopted for encryption, and in step S202 of the invention, an AES algorithm with higher security in the current symmetric reversible encryption algorithm is selected for encryption or decryption.
Compared with the prior art, the invention has the beneficial effects that: in the invention, after the HDL source file is encrypted by the HDL source code encryption method, when the text key is decrypted and read for use, because the hardware parameters (various sensors) of the FPGA hardware system are numerous, which item is selected and the final calculation algorithm is defined by an encryptor, and is not disclosed externally, so the cracking difficulty is extremely high, and the safety of the HDL source file is greatly improved.
Drawings
In order to more clearly illustrate the technical solution of the embodiment of the present invention, the drawings used in the description of the embodiment will be briefly introduced below. It should be apparent that the drawings in the following description are only for illustrating the embodiments of the present invention or technical solutions in the prior art more clearly, and that other drawings can be obtained by those skilled in the art without any inventive work.
FIG. 1 is a flow chart of the HDL source code encryption method based on the FPGA hardware system of the present invention;
FIG. 2 is a schematic diagram of a hardware structure of the HDL source code encryption method based on the FPGA hardware system of the present invention;
FIG. 3 is a schematic flow chart of the encryption of HDL source files of the present invention;
FIG. 4 is a flow chart illustrating the decryption of HDL source files in accordance with the present invention.
Detailed Description
The invention will be further described with reference to specific embodiments, and the advantages and features of the invention will become apparent as the description proceeds. These examples are illustrative only and do not limit the scope of the present invention in any way. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention, and that such changes and modifications may be made without departing from the spirit and scope of the invention.
In the description of the present embodiments, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", etc. indicate orientations or positional relationships based on those shown in the drawings, and are only for convenience of describing the present invention and simplifying the description, but do not indicate or imply that the device or element referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention.
Furthermore, the terms "first," "second," "third," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicit to a number of indicated technical features. Thus, a feature defined as "first," "second," etc. may explicitly or implicitly include one or more of that feature. In the description of the invention, the meaning of "a plurality" is two or more unless otherwise specified.
The present embodiment provides an HDL source encryption method based on an FPGA hardware system, please refer to fig. 1 to 4, where the HDL source encryption method includes generating a secure encryption key, encrypting an HDL source file, and decrypting the HDL source file.
The generation of the secure encryption key comprises the following steps:
s101, randomly generating a plurality of random numbers by a plurality of sensors of an FPGA hardware system;
s102, encrypting a plurality of random numbers once through mathematical algorithm operation to generate a text key;
s103, secondarily encrypting the text key by an asymmetric ECC elliptic encryption algorithm to generate and store a safe encryption key, and storing a private key of the asymmetric ECC elliptic encryption algorithm;
the encryption of the HDL source file comprises the following steps:
s201, reading a source code in an HDL source file to a computer memory, and forming a text to be encrypted;
s202, encrypting the text to be encrypted through a text key and a symmetrical reversible encryption algorithm to obtain a code ciphertext and storing the code ciphertext.
The decryption of the HDL source file comprises the following steps:
s301, reading an HDL source file when an interpreter program runs;
s302, reading a private key and a security encryption key, and decrypting the asymmetric ECC elliptic encryption algorithm through the private key to obtain a text key;
s303, decrypting the code ciphertext through a symmetrical reversible encryption algorithm to obtain a code plaintext, and importing the code plaintext into an interpreter for compiling.
The principle of the HDL source code encryption method of the invention is as follows: firstly, randomly generating different random numbers through a sensor of an FPGA hardware system, and carrying out primary calculation encryption by adopting a private mathematical algorithm to obtain a text key; secondly, when the HDL source file is encrypted, the encrypted text is encrypted through a symmetric reversible encryption algorithm and a text key to form a code ciphertext.
The HDL source code encrypted by the method has the advantages that random numbers generated randomly are not easy to obtain due to a plurality of hardware parameters of an FPGA hardware system; meanwhile, the private mathematical algorithm is not externally disclosed and is defined by an encryptor, and after random numbers are encrypted once, the random numbers are extremely difficult to crack, so that the safety of the HDL source code is improved. In addition, the text key is encrypted for the second time by using the asymmetric ECC elliptic encryption algorithm to obtain a secure encryption key and the secure encryption key is stored in Flash, so that a decipherer cannot directly use the secure encryption key for decryption even if the decipherer obtains the secure encryption key, and the decryption difficulty is increased.
The HDL source encryption method will be described below with reference to specific examples.
Example 1:
as shown in fig. 1 to 4, the HDL source code encryption method includes generation of a secure encryption key, encryption of an HDL source file, and decryption of the HDL source file.
As shown in fig. 1 and 2, the generation of the secure encryption key includes the following steps:
s101, a plurality of sensors of the FPGA hardware system randomly generate a plurality of random numbers. In this step, the specific method for generating the random number is as follows: hardware parameter indexes generated by sensors such as a voltage sensor, a temperature sensor, a current sensor, a frequency sensor, a pressure-sensitive sensor and a vibration sensor of the FPGA hardware system are used as entropy sources and are obtained through digital processing, and the generated sensor of the random number is defined by an encryptor and is not easy to obtain by a decipherer.
S102, a plurality of random numbers are transmitted back to the host computer in a hardware connection mode, and are encrypted once through arithmetic operation of a mathematical algorithm to generate a text key. In the step, the random number is encrypted once through a private mathematical algorithm, the private mathematical algorithm is defined by an encryptor, and the private mathematical algorithm is not disclosed to the outside, so that the decryption difficulty is high.
S103, carrying out secondary encryption on the text key by using an asymmetric ECC elliptic encryption algorithm to generate a safe encryption key, storing the safe encryption key, and storing a private key of the asymmetric ECC elliptic encryption algorithm. In this step, the secure encryption key and the private key are stored in different storage modules. The safe encryption key and the private key are stored and respectively stored, so that when a decipherer deciphers the safe encryption key, the decipherer cannot easily obtain the private key to decipher the safe encryption key. For example, the secure encryption key is stored in one of the Flash chips on the FPGA board, and the private key is stored in the other Flash chips on the FPGA board or stored in the EMMC chip or the mobile storage device.
As shown in fig. 3, the encryption of the HDL source file includes the following steps:
s201, reading a source code in an HDL source file to a computer memory, and forming a text to be encrypted; or connecting and combining a plurality of pieces of information of the source code to form header content, and adding the header content into the source code to form the text to be encrypted. In this step, several pieces of information of the source code include author, date, copyright, etc., and the above-mentioned information is connected and combined according to a specific format to form header content.
S202, encrypting the text to be encrypted through a text key and a symmetrical reversible encryption algorithm to obtain a code ciphertext and storing the code ciphertext, wherein the code ciphertext accords with the encoding characteristics of the text file to form a final ciphertext format code. In this step, the HDL source file is finally decrypted and released and then compiled and run in an interpreter, so that a reversible encryption algorithm is used for encryption, and an AES algorithm with higher security in the current symmetric reversible encryption algorithm is preferentially selected for encryption or decryption.
The decryption of the HDL source file, as shown in fig. 4, comprises the following steps:
and S301, reading the HDL source file when the interpreter program runs. In this step, when reading, the path, name, and other information of the specified HDL source file are first read through the expansion function, and then the HDL source file is read.
S302, reading a private key and a security encryption key in a hardware connection mode, and decrypting an asymmetric ECC elliptic encryption algorithm by the private key to obtain a text key;
s303, decrypting the code ciphertext through an AES algorithm and a text key to obtain a code plaintext, and importing the code plaintext into an interpreter for compiling. In the step, when the head content does not exist during encryption, directly importing the obtained code plaintext into an interpreter for compiling; when the encrypted content has the header content, the header content needs to be read first, and whether the header content is changed or not is judged; if the head content is not changed, the code plaintext is led into an interpreter for compiling; if the head content is changed, the compiling is terminated, the decryption program is rechecked, and the code content is rechecked.
Example 2:
this embodiment explains the management of keys in an HDL source encryption method based on an FPGA hardware system.
In the invention, the key has a plurality of management modes, wherein in the first management mode, the key is not updated and changed within a period of time. Namely, after the code plaintext is updated, the generated text key is still used for encryption, and the high security is still maintained under the condition that the key is not leaked. In a second management mode, the secret key can be destroyed or updated, after one decryption process is completed, software can control the stored secret key to be automatically destroyed, and a new secret key is automatically generated again at the same time, because the parameters of each sensor change in real time, the new secret key is different from the old secret key; and after the key is generated, the code plaintext is encrypted again and then stored. In the third management method, the keys may be stored in a distributed manner, and in order to improve security, when the number of storage devices in the FPGA hardware system exceeds 3 or more and the independence is relatively strong, it may be considered to store the keys in a distributed manner. Specifically, after the text key is generated, the key may be dispersed into a plurality of key fragments by using a dispersion algorithm, and then stored in different storage modules, where the storage module may be a storage unit on an FPGA board, or a certain encryption area of a disk of a computer, or a mobile disk that has been processed by BitLocker (an encryption tool carried by the microsoft Windows system). The difficulty of leakage and recovery of the keys after the dispersion operation is greatly improved; it becomes almost impossible to crack the source code.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Furthermore, it should be understood that although the present description refers to embodiments, not every embodiment may contain only a single embodiment, and such description is for clarity only, and those skilled in the art should integrate the description, and the embodiments may be combined as appropriate to form other embodiments understood by those skilled in the art.