CN115834028A - Chip and method for generating message authentication code - Google Patents

Chip and method for generating message authentication code Download PDF

Info

Publication number
CN115834028A
CN115834028A CN202111113081.2A CN202111113081A CN115834028A CN 115834028 A CN115834028 A CN 115834028A CN 202111113081 A CN202111113081 A CN 202111113081A CN 115834028 A CN115834028 A CN 115834028A
Authority
CN
China
Prior art keywords
mul
key
sub
stage
series circuit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111113081.2A
Other languages
Chinese (zh)
Inventor
闫磊
焦海
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority to CN202111113081.2A priority Critical patent/CN115834028A/en
Priority to PCT/CN2022/114040 priority patent/WO2023040595A1/en
Publication of CN115834028A publication Critical patent/CN115834028A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the application discloses a chip and a method for generating a message authentication code, and belongs to the technical field of chips. The chip includes: the SNOW3G module is configured to generate a key stream and transmit the key stream to the MUL module, and the length of a first key in the key stream is m; the MUL module comprises a control circuit, a data selector and n-stage MUL series circuits, wherein n is smaller than m; the control circuit is configured to split the first key into i segments of sub-keys, the length of each segment of sub-key being less than or equal to n; the data selector is configured to input the j section sub-key to the n-stage MUL series circuit in the j clock period; the n-stage MUL series circuit is configured to perform MUL operation on the j-th section of the sub-key and the target message in the j-th clock cycle to obtain an MUL operation result. The scheme can improve the running speed of the circuit and reduce the area consumption of a hardware circuit.

Description

Chip and method for generating message authentication code
Technical Field
The embodiment of the application relates to the technical field of chips, in particular to a chip and a method for generating a message authentication code.
Background
With the development of mobile communication technology, the confidentiality and integrity of communication data become one of the core problems in the field of mobile communication based on the open architecture of Internet Protocol (IP) and the characteristics of wireless propagation. Third generation partnership (3) rd Generation Partnership Project,3 GPP) specifies three sets of security algorithms to protect the confidentiality and integrity of the communicated data. The SNOW3G algorithm is one of the stream cipher algorithms, and NIA1 is a complete SNOW3G algorithm as a coreA sexual protection algorithm.
In the related technology, the process of the NIA1 algorithm is that firstly, each parameter required by the SNOW3G algorithm is input, a key stream is generated through the SNOW3G algorithm, then, MUL operation is performed on the key stream and other parameters together, and a message authentication code is generated after the operation is completed. Data operation Message Authentication Codes (MAC) are respectively sent and transmitted at the user equipment end and the wireless network controller end, and the integrity of the data can be confirmed by comparing whether the codes are consistent or not. When the MUL operation is realized by a hardware circuit, the MUL operation is formed by connecting 64 stages of circuits in series, wherein the input of the circuit of the current stage is the output of the circuit of the previous stage, and the output of the circuit of the current stage is the input of the circuit of the next stage.
The related art has a problem in that it is difficult for the above hardware circuit to satisfy the 4 th generation (4 th generation) th Generation, 4G), 5 th Generation (5) th Generation, 5G) speed requirements for network communication, and in addition, in an actual manufacturing process, consumption of a hardware circuit area is large, resulting in an increase in chip manufacturing cost.
Disclosure of Invention
The embodiment of the application provides a chip and a method for generating a message authentication code, which can improve the running speed of a circuit by reducing the number of stages of an MUL series circuit, and reduce the area consumption of a hardware circuit so as to reduce the manufacturing cost of the chip. The technical scheme is as follows:
in one aspect, an embodiment of the present application provides a chip, where the chip includes:
the system comprises a SNOW3G module and a MUL module, wherein the SNOW3G module is configured to generate a key stream and transmit the key stream to the MUL module, the length of a first key in the key stream is m, and m is a positive integer greater than 1;
the MUL module comprises a control circuit, a data selector and an n-stage MUL series circuit;
the control circuit is configured to split the first key into i segments of sub-keys, i is an integer greater than or equal to 2, the length of each segment of the sub-key is less than or equal to n, and n is less than m;
the data selector is configured to input a j section of sub-key to the n-stage MUL series circuit in a j clock period, wherein j is an integer smaller than or equal to i;
the n-stage MUL series circuit is configured to perform MUL operation on the j-th segment of the subkey and the target message in the j-th clock cycle.
On the other hand, an embodiment of the present application provides a method for generating a message authentication code, where the method includes:
generating a key stream, wherein the length of a first key in the key stream is m, and m is a positive integer greater than 1;
splitting the first key into i sections of sub keys, wherein i is an integer greater than or equal to 2;
in a j clock period, performing MUL operation on the j section of sub-secret keys and the target message through n-level MUL series circuits, wherein n is smaller than m, the length of each section of sub-secret keys is smaller than or equal to n, and j is an integer smaller than or equal to i;
the technical scheme provided by the application can comprise the following beneficial effects:
in the embodiment of the application, a first key generated by SNOW3G is split into i segments of sub-keys, and the i segments of sub-keys are input to an n-level MUL series circuit in a segmented manner for operation in multiple clock cycles through a control circuit and a data selector. Compared with the technical scheme that the first secret key is completely input into the MUL series circuit for operation in one clock cycle in the related art, the circuit level is reduced, and the operation speed of the circuit in the unit clock cycle is increased under the condition that the total data operation amount is not changed. Furthermore, because the circuit level is reduced, the area consumption of the hardware circuit is reduced, and the manufacturing cost of the chip is further reduced.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and, together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic diagram illustrating a structure of a MUL operation hardware circuit according to an exemplary embodiment of the present application;
FIG. 2 illustrates a schematic diagram of a chip provided in an exemplary embodiment of the present application;
fig. 3 is a schematic diagram illustrating a structure of a MUL module according to an exemplary embodiment of the present application;
FIG. 4 illustrates a schematic diagram of an alternative data selector according to an exemplary embodiment of the present application;
FIG. 5 is a block diagram illustrating a one-out-of-four data selector according to an exemplary embodiment of the present application;
fig. 6 is a flowchart illustrating a method for generating a message authentication code according to an exemplary embodiment of the present application;
fig. 7 is a flowchart illustrating a method for generating a message authentication code according to another exemplary embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of chips and methods consistent with certain aspects of the present application, as detailed in the appended claims.
With the development of mobile communication technology, based on the open architecture of network protocols and the characteristics of wireless propagation, the confidentiality and integrity of communication data become one of the core problems in the field of mobile communication. The 3GPP specifies three sets of security algorithms to protect the confidentiality and integrity of communication data, and the SNOW3G algorithm is one of the stream cipher algorithms. The NIA1 algorithm in the related art is an integrity protection algorithm with the SNOW3G algorithm as a core. And the complete protection algorithm is used for ensuring that the communication data is not tampered by a third person except the two communication parties in the transmission process.
The NIA1 algorithm process is as follows: firstly, inputting various parameters required by a SMOW3G algorithm, and generating a Z1, Z2, Z3, Z4 and Z5 five 32-bit (bit) key stream through the SNOW3G algorithm, wherein the Z1 and the Z2 form a variable P, the Z3 and the Z4 form a variable Q, and the Z5 forms a variable OTP. The variables P, Q, OTP are 64 bits, 32 bits, respectively. And performing operation processing on the key stream, the target message and the length of the target message through MUL operation to obtain a message authentication code. The operation process is as follows:
For 0≤i≤D-3
let M i =MESSAGE[64i]||MESSAGE[64i+1]||...||MESSAGE[64i+63].
Let M D-2 =MESSAGE[64(D-2)]||…||MESSAGE[LENGTH-1]||0…0.
Let M D-1 =LENGTH[0]||LENGTH[1]||…||LENGTH[63].
Let variable EVAL =0.
for i=0to D–2:
Figure BDA0003270335500000041
Is provided with
Figure BDA0003270335500000042
MUL operations are performed on EVAL:
EVAL=Mul(EVAL,Q,0x000000000000001b).
let EVAL = e0| | e1| \8230 | | | e63.
For 0≤i≤31,
Is provided with
Figure BDA0003270335500000043
e32, \ 8230;, e63 did not participate in the calculation.
Where LENGTH represents the LENGTH of the target message. The target message M is divided into D-2 groups, each group being 64 bits in length. M i Indicating the ith group of target messages, M D-2 Representing the last set of targeted messages. In one possible embodiment, the last set of target messages is complemented, for example by 0, when their length is less than 64 bits. In the subsequent operation process, the complementary data do not participate in the operation, or the operation result of the complementary data is abandoned. M D-1 Indicating the length of each group of target messages.
And performing MUL operation on the target message M and the variable P to obtain a variable EVAL.Setting the initial value of the variable EVAL to 0, and transmitting the target message M i With the previous group of target messages M i-1 And carrying out exclusive OR operation on the obtained variable EVAL, carrying out MUL operation on the obtained variable EVAL and the variable P, and storing the obtained variable EVAL in the variable EVAL. And so on, the last group of target messages M is completed D-2 MUL operation with variable P.
And carrying out XOR operation on the variable EVAL obtained by the operation and the LENGTH LENGTH of the target message, further carrying out MUL operation on the result of the XOR operation and the variable Q, further carrying out XOR operation on the result obtained by the operation by selecting the high 32 bits of the result and the variable OTP, and further generating the message authentication code.
Specifically, the MUL operation realizes conversion of data length from 192 bits to 64 bits, which is realized by a MULxPOW function through 64 cycles. The realization method is as follows:
MULxPOW_0==V;
MULxPOW_1==MULx(MULxPOW_0,c);
MULxPOW_2==MULx(MULxPOW_1,c);
……
MULxPOW_61==MULx(MULxPOW_60,c);
MULxPOW_62==MULx(MULxPOW_61,c);
MULxPOW_63==MULx(MULxPOW_62,c)。
the MULx function is used for realizing the conversion of the data length from 128 bits to 64 bits, and the MULxPOW function is used for realizing the conversion of the data length from 128 bits to 64 bits.
As shown in fig. 1, the MUL operation is implemented in a hardware circuit, and is composed of 64 stages of MUL series circuits. The 64-stage MUL series circuit includes 64 stages of MULxPOW operation units 10, 64 data selectors 11, and an exclusive or gate 12. Each stage of the MULxPOW operation units 10 corresponds to one data selector 11. The input of the MULxPOW operation unit 10 of each stage is the operation result of the MULxPOW operation unit 10 of the previous stage. In the process of generating message authentication code, target message M i MUL operation is performed with the variable P. The variable P has 64 bits, each bit of the variable P is sequentially used as the input of the control signal terminal of 64 data selectors 11, each stage of MULxWOW operation unit 10 and constant h are used as the input of the data selector 11Input of the data input terminal. Specifically, mulxpaw _0 is a first-stage mulxpaw operation unit 10, and the corresponding data selector is a first data selector 11. First bit P [ 0] of variable P]The operation result and constant of MULxWOW _0 are input to the input terminal of the first data selector 11 if P [ 0] is input to the control signal terminal of the first data selector 11]A constant h is output if 0, if P [ 0]]If the value is 1, the operation result of MULxWOW _0 is output. The operation result of MULxPOW _0 is an input of MULxPOW _ 1. The results output by all the data selectors 11 are exclusive-ored. The above operations are all implemented in one clock cycle.
However, the above hardware circuit is difficult to meet the requirements of 4G and 5G communication technologies on the operating speed of the circuit, and simultaneously increases the area consumption of the hardware circuit. In one possible embodiment, the circuit cannot reach 800M speed under the requirement of 7 nm manufacturing process.
The embodiment of the application optimizes the MUL module, inputs the variable P into the n-stage MUL series circuit in a plurality of clock periods in a segmented manner through the control circuit and the data selector, reduces the circuit stage number, improves the operation speed of the circuit, and reduces the area consumption of a hardware circuit.
Referring to fig. 2, a schematic diagram of a chip according to an exemplary embodiment of the present disclosure is shown.
In this embodiment of the present application, the chip is a chip having a message integrity protection function, such as a baseband chip in a terminal device or a network device, which is not limited in this embodiment of the present application.
In this embodiment, the chip includes a SNOW3G module 20 and a MUL module 21. The SNOW3G module 20 transmits the generated keystream to the MUL module 21. When the keystream is transmitted to MUL module 21, MUL module 21 generates a stop signal, which is fed back to SNOW3G module 20, and SNOW3G module 20 stops transmitting the keystream to MUL module 21.
The SMOW3G module 20 generates a KEY stream by a snowp 3G stream cipher algorithm based on data input by a COUNT (COUNT), BEARER (BEARER), DIRECTION (DIRECTION), KEY (KEY), and LENGTH (LENGTH) data input port, where the KEY stream includes a plurality of KEYs. The SNOW3G stream cipher algorithm is one of the security algorithms specified by 3GPP to protect the confidentiality and integrity of communication data.
As regards the length of the keys, in a possible embodiment the plurality of keys are of the same length.
In addition, a plurality of keys may be arbitrarily combined.
Illustratively, the SNOW3G module 20 generates a key stream, which includes 5 keys, respectively defined as Z1, Z2, Z3, Z4, and Z5. The keys Z1 and Z2 constitute a variable P, the keys Z3 and Z3 constitute a variable Q, and the keys Z5 constitute a variable OTP. Where the variable P is a first key of length m. The size of m is related to the length of the individual keys. Wherein the variable Q and the variable OTP may be used as the second key.
Optionally, each key is 32 bits long.
Optionally, the length of the first key variable P is 64 bits, the length of the variable Q is 64 bits, and the length of the variable OTP is 32 bits.
It should be noted that the above-mentioned embodiments of the application are only described in terms of the keystream generated by using the SNOW3G algorithm in the 3 GPP-related standard, and in practical applications, those skilled in the art may adjust the length and type of the keystream output by the SNOW3G module 20 according to the 3 GPP-related standard.
In the embodiment of the present application, the MUL module 21 includes a control circuit 210, a data selector 211, and an n-stage MUL series circuit 212.
The MESSAGE (MESSAGE), the data input by the MESSAGE LENGTH (LENGTH) data input port and the key stream generated by the SNOW3G module 20 are used as the input data of the MUL module 21, and finally, a MESSAGE authentication code corresponding to the target MESSAGE is generated. The message authentication code is used for verifying whether the communication data of the two communication parties is tampered by a third person in the transmission process.
In this embodiment, the control circuit 210 splits the first key into multiple segments of sub-keys according to length. Based on the control signal of the control circuit 210, the data selector 211 sequentially selects a segment of the sub-key to be input to the n-stage MUL series circuit 212 in each clock cycle until all the sub-keys are input to the n-stage MUL series circuit 212. The n-stage MUL series circuit 212 performs MUL operation on the subkey and the target message input every clock cycle.
The control circuit 210 splits the first key into i segments of sub-keys according to the length by using the control signal, where i is an integer greater than or equal to 2.
Alternatively, i may be 2, 3, 4, and the like, which is not limited in this application.
Regarding the number of split segments of the sub-key and the length of each segment of the sub-key, the number of split segments of the sub-key and the length of each segment of the sub-key are related to the number n of circuit levels of the n-level MUL series circuit 212.
Optionally, the length of each segment of sub-key is less than or equal to n, so as to ensure that each segment of sub-key can be operated at one time after being input into the MUL circuit.
Optionally, the lengths of the sub-keys may be the same or different, and this is not limited in this embodiment of the application.
In an illustrative example, if the n-level MUL series circuit 212 has a circuit level number n of 32 and the first key variable P has a length of 64 bits, the first key variable P is split into 2 segments of sub-keys, each segment of sub-key having a length of 32 bits.
In an illustrative example, if the number of circuit levels n of the n-level MUL series circuit 212 is 22 and the length of the first key variable P is 64 bits, the first key variable P is split into 3 sub-keys, the length of the first sub-key and the second sub-key is 22, and the length of the third sub-key is 20.
It should be noted that, in the embodiment of the present application, only the number of split segments of the first key and the length of each segment of the sub-key are described, and in practical applications, a person skilled in the art may specifically determine the number of split segments of the first key and the length of each segment of the sub-key according to the circuit level n of the n-level MUL series circuit.
The data selector 211 selects a segment of the sub-key in each clock cycle according to the control signal of the control circuit 210, and sequentially inputs the segment of the sub-key to the n-stage MUL series circuit 212 until the last clock cycle inputs the last segment of the sub-key to the n-stage MUL series circuit 212. Wherein the number of clock cycles is the same as the number of segments of the subkey.
In one possible implementation, the data selector 211 inputs the j-th segment sub-key to the n-stage MUL series circuit at the j-th clock cycle, where j is an integer less than or equal to i.
In an illustrative example, the control circuit 210 splits the first key into 4 segments of sub-keys by length, and 4 clock cycles are required to input the 4 segments of sub-keys into the n-stage MUL series circuit 212. The data selector 211 inputs the segment 1 sub-key to the n-stage MUL series circuit 212 at the 1 st clock cycle until the segment 4 sub-key is input to the n-stage MUL series circuit 212 at the 4 th clock cycle, and the data selector 211 stops selecting the data input.
The type of the data selector 211 is related to the number of split segments of the subkey.
In one possible embodiment, when the number of split segments of the subkey is 2, the type of the data selector 211 is an alternative data selector.
In another possible embodiment, when the number of split segments of the subkey is 4, the type of the data selector 211 is a one-out-of-four data selector.
It should be noted that, in the embodiment of the present application, only the type of the data selector is described, and in practical applications, a person skilled in the art may select the type of the data selector according to the number of split segments of the sub-key, which is not limited in the embodiment of the present application.
Optionally, the number of the data selectors 211 may be one or multiple, and this is not limited in this embodiment of the application.
The n-level MUL series circuit 212 performs MUL operation on the sub-key of each clock cycle and the target message input by the input port of the MUL module 21 to obtain the MUL operation result of each cycle.
Optionally, the number n of circuit stages of the n-stage MUL series circuit 212 may be 32, 22, and the like, which is not limited in the embodiment of the present application.
It should be noted that, in the present embodiment, the circuit number n of the n-stage MUL series circuit 212 is described, and in practical applications, a person skilled in the art needs to comprehensively determine the value of the circuit number n according to the circuit operation speed, the hardware circuit area consumption, the complexity of the control circuit, and the like, which is not limited in the present embodiment.
In one possible implementation, the n-stage MUL serial circuit 212 performs MUL operation on the jth sub-key and the target message in the jth clock cycle to obtain a MUL operation result.
In an exemplary example, the number of the split segments of the sub-key is 4, the n-stage MUL series circuit 212 performs MUL operation on the 1 st sub-key and the target message in the 1 st clock cycle to obtain a corresponding MUL operation result, and performs MUL operation on the 4 th sub-key and the target message until the 4 th clock cycle to obtain a corresponding MUL operation result.
In addition, as can be seen from the foregoing, when the target message and the sub-key perform MUL operation, the target message is divided into multiple segments, the sub-key operates a certain segment in the target message, and after the current operation between the target message segment and the sub-key is completed, the sub-key needs to be operated with the next target message segment. In one period, the subkey and all target message segments are operated.
In the embodiment of the application, a first key generated by SNOW3G is split into i segments of sub-keys, and the i segments of sub-keys are input to the n-level MUL series circuit in a segmented manner in a plurality of clock cycles through the control circuit and the data selector to be operated. Compared with the technical scheme that the first secret key is completely input into the MUL series circuit for operation in one clock cycle in the related art, the circuit level is reduced, and the operation speed of the circuit in the unit clock cycle is improved under the condition that the total data operation amount is not changed. Furthermore, because the circuit level is reduced, the area consumption of the hardware circuit is reduced, and the manufacturing cost of the chip is further reduced.
In addition, it should be noted that, in the embodiment of the present application, the MUL module further includes a logic gate. The logic gate is configured to perform a logic operation on the MUL operation results respectively corresponding to each clock cycle to obtain an intermediate operation result, and the intermediate operation result is used for a message authentication code corresponding to a second key generation target message in the key stream.
In one possible embodiment, the logic gates are exclusive or gates and the corresponding logic operation is an exclusive or operation.
Illustratively, referring to fig. 2, mul module 21 further includes an exclusive or logic gate 213. The exclusive or gate 213 performs an exclusive or operation on the MUL operation result obtained by the n-stage MUL series circuit 212 in each clock cycle, thereby obtaining an intermediate operation result.
And performing logical operation on the intermediate operation result, the second key variable Q and the variable OTP generated by the SNOW3G module 20, and the length of the target message to generate a message authentication code corresponding to the target message.
Alternatively, the logical operation may be an exclusive or operation.
In a possible implementation, the MUL operation performed on the first key and the target message in the previous clock cycle is divided into i clock cycles, so that intermediate data generated by the operation needs to be stored by using a register. Fig. 3 is a schematic diagram illustrating a structure of a MUL module according to an exemplary embodiment of the present application.
The n-stage MUL series circuit 212 in the MUL module 21 is formed by connecting n-stage mullpow operation units in series. The n-level mulxpaw operation units have been described above, and are not described in detail in the embodiments of the present application.
MUL module 21 also includes a first register 214 and a second register 215.
The first register 214 is used for storing the result of each MUL operation.
In the embodiment of the present application, the sub-key and the target message are MUL-operated by the n-stage MUL circuit 212 to obtain a MUL operation result every clock cycle. The first register 214 is used for storing all the results of the MUL operations from the first clock cycle to the second last clock cycle. Since the result of the MUL operation in the last clock cycle needs to be logically operated with all the previous MUL operation results, the result of the MUL operation in the last clock cycle is not stored in the first register.
In one possible implementation, the MUL module includes a plurality of first registers 214.
Optionally, in the last clock cycle, the MUL operation result of the MUL operation performed on the last segment of the sub-key and the target message does not need to be written into the first register 214, and therefore the number of the first registers 214 is the number of sub-key splitting segments-1.
Optionally, each register is configured to store a MUL operation result corresponding to one clock cycle.
Optionally, the data storage amount of each register is the same, and is the length of the target message.
Illustratively, the first key variable P is 64 bits long, and the control circuit 210 splits it into 4 sub-keys, each of which is 16 bits long. Based on the control signal of the control circuit 210, the data selector 211 sequentially outputs the n-level MUL serial circuit 212 in 4 clock cycles, and performs MUL operation on the sub-key and the target message in each clock cycle to obtain a first MUL operation result, a second MUL operation result, a third MUL operation result, and a fourth MUL operation result. Here, three first registers 214 are used, and the first MUL operation result to the third MUL operation result are written into the three first registers 214 respectively, and the data storage capacity of each first register 214 is the same and is the length of the target message.
In another possible embodiment, the MUL module includes a first register 214, and the data storage capacity of the first register 214 is i-1 times the length of the target message.
Illustratively, as can be seen from the foregoing, the length of the target message is 64 bits, and if the first key variable P is input to the data selector in two clock cycles, the data storage amount of the first register is 64 × (2-1), that is, 64 bits. If the first key variable P is input to the data selector in 4 clock cycles, the data storage amount of the first register is 64 × (4-1), i.e., 192 bits.
The second register 215 is used for registering the operation result of the last stage MULxPOW operation unit as the input of the first MULxPOW operation unit in the next clock cycle.
The data selector 211 includes a plurality of input ports, the number of which is the same as the number of segments of the sub-key. The multi-segment sub-keys are used as the input of the data selector, the control circuit 210 inputs corresponding control signals to the data selector in each clock cycle, and the control data selector 211 selects the corresponding sub-key input n-stage MUL series circuit 212.
The different types of data selectors differ in the way the subkeys are selected based on the control signal. The following is a description of the manner in which two different types of data selectors select subkeys based on control signals.
Illustratively, as shown in fig. 4, the data selector 211 is an alternative data selector, which has two data input ports, a control signal input port and a data output port, and the control signal input by the control signal input port is 1 bit.
The first key variable P has a length of 64 bits, and is divided into 2 segments, namely a first segment subkey P [31 ] and a second segment subkey P [ 63). When the two-segment subkey is input as data to the data selector 211, the first clock cycle starts, the control circuit 210 inputs the first control signal 0 to the data selector 211, and based on the first control signal being the same as the data selector signal 0, the data selector 211 selects the first-segment subkey P [ 31. When the second clock cycle starts, the control circuit 210 inputs the second control signal 1 to the data selector 211, and based on the second control signal being the same as the data selector signal 1, the data selector 211 selects the second-segment subkey P [63 ] (lower 32 bits) as the output of the data selector 211, and inputs it to the n-stage MUL series circuit 212.
Illustratively, as shown in fig. 5, the data selector 211 is a one-out-of-four data selector having four data input ports, a control signal input port, and a data output port. The control signal input by the control signal input port is 2 bits.
The first key variable P has a length of 64 bits, and is divided into 4 pieces, namely, a first-piece subkey P [15 ], a second-piece subkey P [ 31. Different from the alternative data selector, the control signal of the one-out-of-four data selector is 2 bits, and the data selector 211 is further controlled to select the corresponding sub-key through different combinations of the control signals. In a first clock cycle, the first control signal is 00, and the control circuit 210 controls the data selector 211 to output the first segment subkey P [15 ]; in the second clock cycle, the second control signal is 01, and the control circuit 210 controls the data selector 211 to output the second segment subkey P [31 ]; in a third clock cycle, the third control signal is 10, and the control circuit 210 controls the data selector 211 to output the third segment sub-key P [47 ]; in a fourth clock cycle, the fourth control signal is 11, and the control circuit 210 controls the data selector 211 to output the fourth segment of sub-key P [ 63. Each clock cycle, the data selector 211 inputs the sub-key of its selection output to the n-stage MUL series circuit.
It should be noted that, in the embodiment of the present application, only the data selection manner of the two-out-of-one data selector and the data selection manner of the four-out-of-one data selector are described, in practical applications, the data selection manners of different types of data selectors are different, and the embodiment of the present application is not limited thereto.
In the embodiment of the application, the first key is split into multiple segments of sub-keys through the control circuit, based on the control signal of the control circuit, the data selector selects one segment of sub-key as the input of the n-level MUL series circuit in multiple clock cycles, and the operation of MUL operation results in multiple clock cycles is realized by combining the first register and the second register, so that the operation speed of the circuit in a unit clock cycle is improved.
The technical solution of MUL module optimization provided in the embodiments of the present application is exemplarily described below with reference to fig. 2 and fig. 3.
Illustratively, as in FIG. 2, the target message, the length of the target message, and other parameters are input to the chip from the corresponding data input port. First, the SNOW3G module 20 generates 5 keystreams, respectively defined as Z1, Z2, Z3, Z4, Z5. Each keystream is 32 bits in length. The Z1 and Z2 keystream make up variable P, the Z3 and Z3 keystream make up variable Q, and the Z5 keystream make up variable OTP. The variable P is the first key. The variable Q and the variable OTP may be a second key. The variable P is 64 bits long, and the variable Q and the variable OTP are 64 bits and 32 bits long, respectively. The SNOW3G module 20 inputs the generated first key and second key to the MUL module 21. When receiving the first key and the second key, the MUL module 21 sends a stop signal to the SNOW3G module 20, and the SNOW3G module stops sending the first key and the second key to the MUL module 21.
Referring to fig. 3, the n-stage MUL series circuit 212 in the MUL module 21 is a 32-stage MUL series circuit. The 32-stage MUL series circuit is formed by connecting 32-stage MULxPOW operation units in series.
After receiving the first key and the second key, the MUL module 21 divides the first key variable P into 2 segments of sub-keys, which are a first segment of sub-key P [31 ] (upper 32 bits) and a second segment of sub-key P [63 ] (lower 32 bits), respectively, where each segment of sub-key has a length of 32 bits. Since the first key variable P is divided into two segments of subkeys, the data selector 211 is of the one-out-of-two type. When the first clock cycle starts with the two-segment subkey as input to the data selector 211, the control circuit 210 inputs the first control signal 0 to the data selector 211, and based on the first control signal being the same as the data selector signal 0, the data selector 211 selects the first-segment subkey P [31 [ 0] (32 high bits) as output and inputs it to the 32-stage MUL serial circuit 212. The 32-stage MUL series circuit 212 performs MUL operation on the first segment of sub-key P [31 ] (upper 32 bits) and the target message to obtain a first MUL operation result. The result of the first MUL operation is written to the first register 214. The data storage capacity of the first register 214 is 64 bits in size. The result of the 32 nd stage MULxPOW operation unit is written into the second register 215. The data storage capacity of the second register 215 is 64 bits in size.
When the second clock cycle starts, the control circuit 210 inputs the second control signal 1 to the data selector 211, and based on the second control signal being the same as the data selector signal 1, the data selector 211 selects the second segment subkey P [63 ] (32 lower bits) as an output and inputs it to the 32-stage MUL series circuit 212. The result of the 32 th stage MULxPOW operation unit in the second register 215 is input to the first stage MULxPOW operation unit in the second cycle. The 32-stage MUL series circuit 212 performs MUL operation on the second-stage sub-key P [63 ] (lower 32 bits) and the target message, to obtain a second MUL operation result. The second MUL operation result is not written into the first register 214, but is directly XOR-operated with the first MUL operation result in the first register 214 through the XOR gate 213 to obtain an intermediate operation result.
And obtaining a message authentication code based on the intermediate operation result, the variable Q and the variable OTP input by the MUL module 21 and the length of the target message by the SNOW3G module 20. The operation process of this part is already described above, and the embodiment of the present application is not described again.
In summary, compared to the 64-stage MUL series circuit in the related art, the embodiment of the present application employs a 32-stage MUL series circuit. Under the condition of a 7-nanometer preparation process, the stage number of the MUL series circuit is reduced by 1/2, so that compared with the related technology, the corresponding circuit operation speed is improved by 2 times, and the hardware circuit area consumption is reduced by 1/2.
In the embodiment of the present application, the number of circuit stages of the n-stage MUL series circuit 212 may be 22. The 22-stage MUL series circuit 212 is formed by connecting 22 stages of MULxPOW operation units in series. Accordingly, the control circuit 210 divides the first key variable P into 3 pieces of sub-keys, namely a first piece of sub-key P [21 ], a second piece of sub-key P [43 ] and a third piece of sub-key P [63 ] with a length of 22 bits and a length of 20 bits. The type of data selector 211 is a one-out-of-three data selector. The control signal input by the control input port of the data selector 211 is 2 bits, and based on different combinations of the control signals of the control circuit 210, the data selector 211 is further controlled to select a corresponding sub-key.
The first and second MUL operation results of the 22-stage MUL series circuit 212 are written into the first register 214 in the first and second clock cycles, and the first register 214 stores the MUL operation results in two clock cycles, so that the data storage capacity of the first register 214 is 128 bits. Here, two first registers 214 may be used, each of which has a data storage size of 64 bits and stores a first MUL operation result and a second MUL operation result. Unlike the previous embodiment, in the third clock cycle, since the third segment sub-key P [ 63. The third MUL operation result is not written into the first register 214, and is XOR-operated with the first MUL operation result and the second MUL operation result in the first register 214 to obtain an intermediate operation result.
The method provided by the embodiment of the application is used for generating the message authentication code corresponding to the target message, so that in the j clock cycle, after the j sub-key and the target message are subjected to MUL operation through the n-level MUL series circuit, the MUL operation result corresponding to each clock cycle is further subjected to logic operation to obtain an intermediate operation result, and further, the intermediate operation result and the second key in the key stream are used for generating the message authentication code corresponding to the target message. Please refer to fig. 6, which shows a flowchart illustrating a method for generating a message authentication code according to an exemplary embodiment of the present application.
Step 610, generating a key stream, where the length of a first key in the key stream is m, where m is a positive integer greater than 1.
The key stream is generated by the SNOW3G module, the key stream comprises a plurality of keys, and the plurality of keys can be arbitrarily combined into the first key. The length m of the first key is related to the length of the single key.
Illustratively, SNOW3G generates a keystream that contains 5 keys, defined as Z1, Z2, Z3, Z4, Z5, respectively. The Z1 and Z2 keys constitute a first key, defined as variable P, of length m.
Alternatively, if the length of each key is 32 bits, the length m of the variable P is 64 bits.
And step 620, splitting the first key into i segments of sub keys, wherein i is an integer greater than or equal to 2.
The control circuit divides the first secret key into i sections of sub-secret keys according to the length through the control signal, wherein i is an integer larger than or equal to 2.
Alternatively, i may be 2, 3, 4, and the like, which is not limited in the embodiments of the present application.
Step 630, in the j clock period, performing MUL operation on the j segment of sub-keys and the target message through n-level MUL series circuits to obtain a MUL operation result, where n is less than m, the length of each segment of sub-keys is less than or equal to n, j is an integer less than or equal to i, and the MUL operation result is used to generate a message authentication code.
The data selector selects a section of sub-key in each clock cycle according to a control signal of the control circuit, the sub-key is sequentially input into the n-level MUL series circuits until the last section of sub-key is input into the n-level MUL series circuits, and the n-level MUL series circuits carry out MUL operation on the sub-key and the target message in each clock cycle to obtain an MUL operation result in each cycle. Wherein the number of clock cycles is the same as the number of segments of the subkey. In order to ensure that each segment of the sub-key can be operated at one time after being input into the MUL circuit, the length of the sub-key is less than or equal to n.
And step 640, performing logic operation on the MUL operation results respectively corresponding to each clock cycle to obtain an intermediate operation result.
And the logic gate performs logic operation on the MUL operation result obtained by the operation of the n-stage MUL series circuit in each clock period to obtain an intermediate operation result.
In one possible embodiment, the logic gate is an exclusive or gate and the corresponding logic operation is an exclusive or operation.
Illustratively, the exclusive-or gate performs exclusive-or operation on the MUL operation result obtained by the n-stage MUL series circuit operation every clock cycle to obtain an intermediate operation result.
And 650, generating a message authentication code corresponding to the target message based on the intermediate operation result and the second key in the key stream.
And performing logic operation on the intermediate operation result, other keys generated by the SNOW3G module and the length of the target message to generate a message authentication code corresponding to the target message.
Alternatively, the logical operation may be an exclusive or operation.
In the embodiment of the application, a first key generated by SNOW3G is split into i segments of sub-keys, and the i segments of sub-keys are input to the n-level MUL series circuit in a segmented manner in a plurality of clock cycles through the control circuit and the data selector to be operated. And performing logic operation on the MUL operation result corresponding to each clock cycle to obtain an intermediate operation result, and further generating a message authentication code corresponding to the target message by using the intermediate operation result and a second secret key in the secret key stream. Compared with the related technology, the circuit level is reduced, and the running speed of the circuit in a unit clock period is improved under the condition that the total amount of data operation is not changed. Furthermore, because the circuit level is reduced, the area consumption of the hardware circuit is reduced, and the manufacturing cost of the chip is further reduced.
Referring to fig. 7, a flowchart of a method for generating a message authentication code according to another exemplary embodiment of the present application is shown.
Step 701, generating a key stream, where the length of a first key in the key stream is m, where m is a positive integer greater than 1.
Step 701 is synchronous with step 610, which is not described herein again in this embodiment of the present application.
Step 702, splitting the first key into i segments of sub-keys, where i is an integer greater than or equal to 2.
Step 702 and step 620 are synchronized, and details of the embodiment of the present application are not repeated herein.
In step 703, based on the jth control signal, the jth segment of sub-key is selected from the i segments of sub-keys.
The control circuit inputs a corresponding control signal to the data selector at each clock cycle, and controls the data selector to select the corresponding sub-key as an output.
Illustratively, the first key variable P is 64 bits in length, and the control circuit divides it into 2 segments, namely a first segment subkey P [31 ] and a second segment subkey P [ 63. When the two-segment subkey is input as data to the data selector, the first clock cycle starts, the control circuit 210 inputs a first control signal 0 to the data selector, and based on the first control signal being the same as the data selector signal 0, the data selector 211 selects the first-segment subkey P [31 ] (upper 32 bits) as the output of the data selector 211. The second clock cycle starts, and the control circuit 210 inputs the second control signal 1 to the data selector 211, and based on the second control signal being the same as the data selector signal 1, the data selector 211 selects the second-segment sub-key P [63 ] (lower 32 bits) as the output of the data selector 211.
Step 704, input the j-th segment of sub-key into the n-level MUL series circuit.
The corresponding sub-key output by the data selector is input to the n-stage MUL series circuit every clock cycle. And the n-stage series circuit is used for carrying out MUL operation on the sub-key and the target message in each clock cycle to obtain an MUL operation result in each cycle.
Step 705, in the j clock period, performing MUL operation on the j section of sub-secret keys and the target message through n-level MUL series circuits to obtain a MUL operation result, wherein n is smaller than m, the length of each section of sub-secret key is smaller than or equal to n, j is an integer smaller than or equal to i, and the MUL operation result is used for generating a message authentication code.
Step 705 and step 630 are synchronized, and the embodiments of the present application are not described herein again.
In step 706, the operation results of the MUL output by the n-stage MUL series circuit are written into the first register.
Since the first key is divided into a plurality of segments of sub-keys, and is input to the n-stage MUL operation serial circuit for operation in a plurality of cycles, intermediate data generated in the operation process needs to be stored by using a register. And writing MUL operation results obtained by the operation of the first clock cycle and the second last clock cycle through the n-stage MUL series circuit into the first register. Since the result of the MUL operation in the last clock cycle needs to be logically operated with all the previous MUL operation results, the result of the MUL operation in the last clock cycle is not stored in the first register.
In addition, the n-stage MUL series circuit is formed by connecting n-stage MULxPOW operation units in series. In the j clock period, in the process of MUL operation on the j section sub-key and the target message through the n-stage MUL series circuit, the operation result of the n-stage MULxWOW operation unit in the n-stage MUL series circuit is written into a second register, and the data in the second register is the input of the n-stage MUL series circuit in the j +1 clock period.
Illustratively, the first clock cycle is used for performing MUL operation on the 1 st segment of sub-key and the target message through the n-stage MUL series circuit to obtain a first MUL operation result. And writing the operation result of the MULxWOW operation unit at the last stage of the first clock cycle into the second register. At the beginning of the second clock cycle, the operation result of the MULxPOW operation unit at the last stage in the second register is used as the input of the MULxPOW operation unit at the first stage of the second clock cycle.
Step 707, reading each MUL operation result from a plurality of first registers, wherein different first registers are used for storing MUL operation results corresponding to different clock cycles.
In one possible embodiment, the number of the registers is multiple, different registers store the MUL operation results corresponding to different clock cycles, and the MUL operation results corresponding to different clock cycles are respectively read from the multiple first registers.
In a possible embodiment, if the number of the first registers is one, the results of the MUL operations corresponding to different clock cycles are read from a single first register.
In step 708, the result of the MUL operations is XOR-operated to obtain an intermediate operation result.
And in the last clock cycle, inputting the last section of the sub-secret key into the n-level MUL series circuit, and carrying out MUL operation on the last section of the sub-secret key and the target message to obtain an MUL operation result. And carrying out XOR operation on the MUL operation result of the last clock cycle and each MUL operation result in the first register through an XOR logic gate to obtain an intermediate operation result.
And step 709, generating a message authentication code corresponding to the target message based on the intermediate operation result and the second key in the key stream.
Step 709 is synchronous to step 650, which is not described again in this embodiment of the present application.
A method for generating a message authentication code is illustrated in conjunction with fig. 2 and 3.
Illustratively, as in FIG. 2, the target message, the length of the target message, and other parameters are input to the chip from the corresponding data input port. First, the SNOW3G module 20 generates 5 keystreams, respectively defined as Z1, Z2, Z3, Z4, Z5. Each keystream is 32 bits in length. The Z1 and Z2 keystream make up variable P, the Z3 and Z3 keystream make up variable Q, and the Z5 keystream make up variable OTP. The variable P is the first key. The variable Q and the variable OTP may be a second key. The variable P is 64 bits long, and the variable Q and the variable OTP are 64 bits and 32 bits long, respectively. The SNOW3G module 20 inputs the generated first key and second key to the MUL module 21. When receiving the first key and the second key, the MUL module 21 sends a stop signal to the SNOW3G module 20, and the SNOW3G module stops sending the first key and the second key to the MUL module 21.
Referring to fig. 3, the n-stage MUL series circuit 212 in the MUL module 21 is a 32-stage MUL series circuit. The 32-stage MUL series circuit is formed by connecting 32-stage MULxPOW operation units in series.
After receiving the first key and the second key, the MUL module 21 divides the first key variable P into 2 segments of sub-keys, which are a first segment of sub-key P [31 ] (upper 32 bits) and a second segment of sub-key P [63 ] (lower 32 bits), respectively, where each segment of sub-key has a length of 32 bits. Since the first key variable P is divided into two segments of subkeys, the data selector 211 is of the one-out-of-two type. When the first clock cycle starts with the two-segment subkey as input to the data selector 211, the control circuit 210 inputs the first control signal 0 to the data selector 211, and based on the first control signal being the same as the data selector signal 0, the data selector 211 selects the first-segment subkey P [31 [ 0] (32 high bits) as output and inputs it to the 32-stage MUL serial circuit 212. The 32-stage MUL series circuit 212 performs MUL operation on the first segment of sub-key P [31 ] (upper 32 bits) and the target message to obtain a first MUL operation result. The result of the first MUL operation is written to the first register 214. The data storage capacity of the first register 214 is 64 bits in size. The result of the 32 nd stage MULxPOW operation unit is written to the second register 215. The data storage capacity of the second register 215 is 64 bits in size.
When the second clock cycle starts, the control circuit 210 inputs the second control signal 1 to the data selector 211, and based on the second control signal being the same as the data selector signal 1, the data selector 211 selects the second segment subkey P [63 ] (32 lower bits) as an output and inputs it to the 32-stage MUL series circuit 212. The result of the 32 th stage MULxPOW operation unit in the second register 215 is input to the first stage MULxPOW operation unit in the second cycle. The 32-stage MUL series circuit 212 performs MUL operation on the second-stage sub-key P [63 ] (lower 32 bits) and the target message, to obtain a second MUL operation result. The second MUL operation result is not written into the first register 214, but is directly XOR-operated with the first MUL operation result in the first register 214 through the XOR gate 213 to obtain an intermediate operation result.
And obtaining a message authentication code based on the intermediate operation result, the variable Q and the variable OTP input by the MUL module 21 and the length of the target message by the SNOW3G module 20. The operation process of this part is already described above, and the embodiment of the present application is not described again.
In the embodiment of the application, the first key is split into multiple segments of sub-keys through the control circuit, based on the control signal of the control circuit, the data selector selects one segment of sub-key as the input of the n-level MUL series circuit in multiple clock cycles, and the operation of the operation result of the n-level MUL series circuit in multiple clock cycles is realized by combining the first register and the second register, so that the operation speed of the circuit in a unit clock cycle is improved.
The above description is only exemplary of the present application and should not be taken as limiting, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims (14)

1. A chip, wherein the chip comprises:
the SNOW3G module is configured to generate a key stream and transmit the key stream to the MUL module, wherein the length of a first key in the key stream is m, and m is a positive integer greater than 1;
the MUL module comprises a control circuit, a data selector and an n-stage MUL series circuit;
the control circuit is configured to split the first key into i segments of sub-keys, where i is an integer greater than or equal to 2, the length of each segment of the sub-key is less than or equal to n, and n is less than m;
the data selector is configured to input a j section of sub-key to the n-stage MUL series circuit in a j clock period, wherein j is an integer smaller than or equal to i;
the n-stage MUL series circuit is configured to perform MUL operation on the j-th section of the sub-key and the target message in the j-th clock cycle to obtain an MUL operation result, and the MUL operation result is used for generating a message authentication code.
2. The chip of claim 1, wherein the MUL module further comprises:
and the logic gate is configured to perform logic operation on the MUL operation results respectively corresponding to the clock cycles to obtain an intermediate operation result, and the intermediate operation result is used for generating a message authentication code corresponding to the target message according to a second secret key in the secret key stream.
3. The chip of claim 1, wherein the MUL module further comprises at least one first register;
the n-stage MUL series circuit is configured to write each MUL operation result into the first register;
the logic gate comprises an exclusive-or logic gate configured to exclusive-or each of the MUL operation results written to the first register to obtain the intermediate operation result.
4. The chip of claim 3, wherein the MUL module comprises a plurality of the first registers, and each of the first registers is configured to store the MUL operation result corresponding to a corresponding clock cycle.
5. The chip of claim 1, wherein the n-stage MUL series circuit is formed by n-stage MULxPOW operation units connected in series, and the MUL module further comprises a second register;
the n-stage MUL series circuit is configured to write the operation result of the n-stage MULxWOW operation unit into the second register, and the data in the second register is the input of the n-stage MUL series circuit in the next clock cycle.
6. The chip of claim 1, wherein the data selector comprises i inputs;
the control circuit is configured to input i segments of the sub-keys to the data selector through i input ends, and input a j control signal to the data selector in a j clock cycle, wherein different clock cycles correspond to different control signals;
the data selector is configured to select the jth segment sub-key input at a jth input terminal and input the jth segment sub-key to the n-stage MUL series circuit based on the jth control signal.
7. The chip of any one of claims 1 to 5, wherein m is an integer multiple of n, and each segment of the subkey has a length of n.
8. A method for generating a message authentication code, the method comprising:
generating a key stream, wherein the length of a first key in the key stream is m, and m is a positive integer greater than 1;
splitting the first key into i sections of sub keys, wherein i is an integer greater than or equal to 2;
and in the j clock period, performing MUL operation on the j section of sub-secret key and the target message through n stages of MUL series circuits to obtain an MUL operation result, wherein n is smaller than m, the length of each section of sub-secret key is smaller than or equal to n, j is an integer smaller than or equal to i, and the MUL operation result is used for generating a message authentication code.
9. The method of claim 8, wherein after MUL operation on the jth segment sub-key and the target message through n stages of MUL cascades in the jth clock cycle, the method further comprises:
performing logic operation on the MUL operation results corresponding to the clock periods respectively to obtain intermediate operation results;
and generating a message authentication code corresponding to the target message based on the intermediate operation result and a second key in the key stream.
10. The method of claim 9, wherein after MUL operation on the jth segment sub-key and the target message through n stages of MUL cascades in the jth clock cycle, the method further comprises:
writing each MUL operation result output by the n-stage MUL series circuit into a first register;
the performing logic operation on the MUL operation results respectively corresponding to each clock cycle to obtain an intermediate operation result includes:
reading each of the stored MUL operation results from the first register in response to the n-stage MUL series circuit outputting an ith operation result;
and carrying out exclusive OR operation on each MUL operation result to obtain the intermediate operation result.
11. The method of claim 10, wherein said reading each of said stored MUL operation results from said first register comprises:
reading each MUL operation result from a plurality of first registers, wherein different first registers are used for storing the MUL operation results corresponding to different clock cycles.
12. The method of claim 8 wherein said n-stage MUL series circuit is formed by n-stage MULxPOW arithmetic units connected in series;
after MUL operation is carried out on the jth segment of sub-key and the target message through the n-stage MUL series circuit in the jth clock cycle, the method further comprises the following steps:
and writing the operation result of the n-th-stage MULxWOW operation unit in the n-stage MUL series circuit into a second register, wherein data in the second register is input into the n-stage MUL series circuit in the j +1 clock period.
13. The method of claim 8, wherein prior to MUL operation of the jth segment sub-key and the target message through n stages of MUL cascades in the jth clock cycle, the method further comprises:
selecting a j section of sub-key from i sections of the sub-keys based on a j control signal;
and inputting the j segment sub-key into the n-stage MUL series circuit.
14. The method according to any one of claims 8 to 13, wherein m is an integer multiple of n, and the length of each segment of the subkey is n.
CN202111113081.2A 2021-09-18 2021-09-18 Chip and method for generating message authentication code Pending CN115834028A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202111113081.2A CN115834028A (en) 2021-09-18 2021-09-18 Chip and method for generating message authentication code
PCT/CN2022/114040 WO2023040595A1 (en) 2021-09-18 2022-08-22 Chip, and method for generating message authentication code

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111113081.2A CN115834028A (en) 2021-09-18 2021-09-18 Chip and method for generating message authentication code

Publications (1)

Publication Number Publication Date
CN115834028A true CN115834028A (en) 2023-03-21

Family

ID=85515395

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111113081.2A Pending CN115834028A (en) 2021-09-18 2021-09-18 Chip and method for generating message authentication code

Country Status (2)

Country Link
CN (1) CN115834028A (en)
WO (1) WO2023040595A1 (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102143490B (en) * 2010-01-28 2013-07-31 联芯科技有限公司 Method and device for generating message identifying code in LTE (Long Term Evolution) system
CN103260156B (en) * 2012-02-15 2015-12-02 中国移动通信集团公司 Key stream generating apparatus and method, Confidentiality protection device and method
US9419792B2 (en) * 2012-12-28 2016-08-16 Intel Corporation Instruction for accelerating SNOW 3G wireless security algorithm
US10797859B2 (en) * 2018-03-22 2020-10-06 Arm Limited Low area optimization for NB-IoT applications
GB201808834D0 (en) * 2018-05-30 2018-07-11 Nordic Semiconductor Asa Memory-efficient hardware cryptographic engine

Also Published As

Publication number Publication date
WO2023040595A1 (en) 2023-03-23

Similar Documents

Publication Publication Date Title
US8625781B2 (en) Encrypton processor
JP5532560B2 (en) Data conversion apparatus, data conversion method, and program
CN111464308A (en) Method and system for realizing reconstruction of multiple Hash algorithms
KR101139011B1 (en) A packet cipher algorithm based encryption processing method
US7653196B2 (en) Apparatus and method for performing RC4 ciphering
US10237066B1 (en) Multi-channel encryption and authentication
Feng et al. SCENERY: a lightweight block cipher based on Feistel structure
JP2010049126A (en) Data conversion device and data conversion method, and program
US7627113B2 (en) Method and system for hardware accelerator for implementing f8 confidentiality algorithm in WCDMA compliant handsets
US7257229B1 (en) Apparatus and method for key scheduling
El-meligy et al. 130nm Low power asynchronous AES core
CN114615069B (en) Quartet lightweight encryption algorithm implementation device and method
CN115834028A (en) Chip and method for generating message authentication code
Zhang et al. A lightweight hash function based on cellular automata for mobile network
TWI728933B (en) Hybrid multistage algorithm encryption and decryption system, transmitting device thereof, and receiving device thereof
Heys A tutorial on the implementation of block ciphers: software and hardware applications
KR100667189B1 (en) Apparatus for aes encryption in mobile device and method thereby
US7627115B2 (en) Method and system for implementing the GEA3 encryption algorithm for GPRS compliant handsets
Smekal et al. Hardware-Accelerated Twofish Core for FPGA
CN109039608B (en) 8-bit AES circuit based on double S cores
CN109818732B (en) Dynamic path S box and AES encryption circuit capable of defending power consumption attack
JP2000075785A (en) High-speed cipher processing circuit and processing method
CN112054889B (en) Method and device for generating message authentication code and computer readable storage medium
TWI776474B (en) Circuit module of single round advanced encryption standard
Z’aba et al. The cilipadi family of lightweight authenticated encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination