CN1921382B - Encrypting-decrypting method based on AES algorithm and encrypting-decrypting device - Google Patents

Abstract

The invention relates to a method for coding and decoding, based on AES algorism. Wherein, it comprises that a, based on the key length, fixing the literate time Nr; b, initializing the data, before first literating the input data, treating it with key operation on it with sub key; c, loading coding or decoding control signal; d, under the control of coding control signal, the decoding/coding literate complex module processes Nr literate operation for Nr times, and under the control of decoding control signal, said module processes decoding literate for Nr times. The invention also provides a relative decoder or coder, which comprises a decoding/coding literate complex module. The invention has a circuit which can simplify the AES algorism, with low power consumption and cost.

Description

A kind of encipher-decipher method and encryption and decryption device based on aes algorithm

Technical field

The present invention relates to the data communications security technical field, relate in particular to a kind of encryption and decryption technology.

Background technology

Aes algorithm is the abbreviation of Advanced Encrypt Standard, and it is a kind of novel symmetric key encryption algorithm standard that the NIST of American National Standard Committee announces.Aes algorithm is owing to have applied range, and the stand-by period is short, hide easily, and the advantage that throughput is high, thereby aes algorithm is used in increasing security fields.

Aes algorithm is as a kind of alternate data encryption standard (Data Encryption Standard, DES) novel symmetric key encryption algorithm standard, be an iteration block cipher, block length is 128bit, and key length can be appointed as 128bit, 192bit or 256bit.The key iteration of aes algorithm is made up of three inverible transforms that are referred to as layer, and these three layers are respectively that linear hybrid layer, non-linear layer and key add layer.

Fig. 1 is existing aes algorithm flow chart, as shown in Figure 1, is example with 128 keys, and existing aes algorithm flow process is as follows:

The cryptographic operation flow process: data to be encrypted before carrying out encrypting iteration the first time, are at first carried out the key arithmetic operation by 128 grouping inputs, start Nr time afterwards and encrypt the iterative operation flow process;

Encrypt in the iterative process at Nr time, enciphered data at first through the shifting function of displacement of S box and byte, is mixed rank transformation afterwards, carries out the key arithmetic operation at last;

Omit when encrypting iteration the last time and mix the rank transformation operation, later data are encrypted in output;

Decryption oprerations flow process: treat that decrypted data by 128 grouping inputs, before carrying out deciphering iteration first time, at first carries out the key arithmetic operation, start Nr time afterwards and decipher the iterative operation flow process;

Decipher in the iterative process at Nr time, different with encryption flow is that what deciphering was at first carried out is the shifting function of byte, carries out the inverse permutation of S box again, carries out the key arithmetic operation afterwards, mixes the row inverse transformation at last;

Omit when deciphering iteration the last time and mix the row inverse transformation step, the data that the output deciphering is later.

What manipulate is identical sub-key value for the cryptographic operation of AES and deciphering, and the order of the sub-key that only is to use is inequality.For example, in cryptographic operation, use K0 successively, K1 ..., KNr-1, KNr.And in decryption oprerations, use KNr successively, and KNr-1 ..., K1, K0.

Aes algorithm has improved fail safe to a certain extent greatly, but except the fail safe of paying close attention to algorithm, efficient that algoritic module is carried out and area are the major issues that needs solution.And existing aes algorithm, its encryption and decryption flow process is consistent basically, but, the operation that each is taken turns, and the sub-key that uses is different, in hardware designs, the elementary cell of two kinds of operations all can not be shared, this will inevitably cause bigger area overhead, and the overall size of circuit is bigger, waste power consumption and cost.

At first, in the process that realizes a S box replacement module, just need with many logical circuits. specifically, a look-up table needs the gate of 800 equivalences, for the goal pace that guarantees to design, the look-up table of general employing 16 * 16 is realized S box displacement (SubByte), use 16 * 16 look-up table to realize too for the inverse permutation (InvSubByte) of S box. and the S box not only is used in the encryption flow, in the cipher key spreading operation, to use the S box equally. be example with the key that is input as 128, if execution parallel algorithm, need 20 S box displacements, the inverse permutation of 16 S boxes promptly needs 36 16 * 16 look-up table altogether, this need expend very big area overhead in design.

Second, existing aes algorithm mix rank transformation (MixColumn) and mixed row inverse transformation (InvMixColumn) use respectively one independently the unit operate, make encryption and decryption need use different modules, not only bad for the modular realization of AES, more directly increased the expense on the area.

The 3rd, existing AES key expansion algorithm is when realizing decryption oprerations, for the efficient that guarantees that aes algorithm is realized, normally at first in computing, all sub-keys are calculated, and the result is deposited with the key storing unit the inside, use for every round key iteration.This method also can cause bigger area overhead when circuit design realizes, for example for 256 key, just need 14 * 128 key storing unit.

Therefore be necessary to simplify the circuit of aes algorithm design, reduce power consumption and cost.

Summary of the invention

Technical problem to be solved by this invention is, provide a kind of based on aes algorithm encipher-decipher method and based on the encryption and decryption device of aes algorithm, can simplify the circuit of aes algorithm design, reduce area overhead, reduce power consumption and cost.

In order to solve the problems of the technologies described above, the present invention proposes a kind of encipher-decipher method based on aes algorithm, may further comprise the steps:

A, determine iterations Nr according to key length;

B, initialization data, the be-encrypted data of input or treat that data decryption carries out the iteration first time before, itself and sub-key are carried out xor operation;

C, loading Encryption Control Signal or deciphering control signal;

D, in Nr the iterative operation of on encryption and decryption iteration Multiplexing module, encrypting under the control of Encryption Control Signal, Nr iterative operation on encryption and decryption iteration Multiplexing module, being decrypted under the control of deciphering control signal.

Wherein, steps d is further comprising the steps of:

Under the control of Encryption Control Signal, encryption and decryption iteration Multiplexing module is in the encryption conducting state, and the data to be encrypted of input are carried out Nr time and encrypted iteration on this module;

Under the control of deciphering control signal, encryption and decryption iteration Multiplexing module is in the deciphering conducting state, and the decrypted data for the treatment of of input is carried out the deciphering iteration Nr time on this module.

Wherein, the step of the single encryption iteration in described Nr the encryption iteration is:

F1, to the input data carry out S box replacement operator;

F2, each row through the data of S box displacement output is moved byte manipulation;

F3, will mix rank transformation through the data of data line shift transformation output and operate;

F4, under the control of Encryption Control Signal, obtain the sub-key that this encrypts iteration by the preceding sub-key of storing in the key storing unit of once encrypting iteration;

F5, will be through mixing rank transformation output data and the sub-key of this time input carry out the key arithmetic operation;

Omit step f3 when encrypting iteration the last time;

It is pointed out that in the displacement of S box described data are the initialized data of process step b when carrying out encrypting iteration the first time; Single is afterwards encrypted in the iterative process, is the data through last deciphering iterative operation;

The step of the single deciphering iteration in described Nr the deciphering iteration is:

G1, the data of input are carried out S box inverse permutation operation;

G2, each row through the data of S box inverse permutation output is moved inverse operation of byte;

G3, the deciphering control signal control under, by the preceding sub-key of storing in the key storing unit of once deciphering iteration obtain this deciphering iteration sub-key;

G4, will carry out the key arithmetic operation through the data of the contrary shift transformation output of data line and the sub-key of this time input;

G5, will mix the row inverse transformation through the data of key operation transform output and operate;

Omit step g 5 when deciphering iteration the last time.

It is pointed out that in the inverse permutation of S box described data are the initialized data of process step b when carrying out deciphering iteration the first time; In the single deciphering iterative process afterwards, be data through last deciphering iterative operation;

Selectively, the step of the single deciphering iteration of Nr deciphering in the iteration is:

H1, the data of input are carried out S box inverse permutation operation;

H2, each row through the data of S box inverse permutation output is moved inverse operation of byte;

H3, will mix the row inverse transformation through the data of the contrary shift transformation output of data line and operate;

H4, the deciphering control signal control under, by the preceding sub-key of storing in the key storing unit of once deciphering iteration obtain this deciphering iteration sub-key;

H5, will generate deciphering sub-key that is used for this deciphering iteration that step produces through sub-key and mix the row inverse transformation;

H6, will be through mixing row inverse transformation output data and the sub-key through the inverse transformation of overmulling row of this time input carry out the key arithmetic operation;

Omit step h3 and step h5 the last time the key iteration time, directly the sub-key with the data of step h2 conversion output and step h4 generation carries out the key arithmetic operation.

It is pointed out that in the inverse permutation of S box described data are the initialized data of process step b when carrying out deciphering iteration the first time; In the single deciphering iterative process afterwards, be data through last deciphering iterative operation;

Wherein, described step f1 and step g 1 are replaced multiplexing submodule by the S box and are realized that described step f1 specifically may further comprise the steps:

Under the control of Encryption Control Signal, by searching the inverse element look-up table of territory unit, matrix is taken advantage of through initialized data, and the displacement of S box is finished in vectorial add operation;

Described step g 1 specifically may further comprise the steps:

Under the control of deciphering control signal, add by vector through initialized data, matrix is taken advantage of, and searches the inverse element look-up table of territory unit, finishes the inverse permutation of S box.

Wherein, described step f1 and step h1 replace multiplexing submodule by S to realize, it is the same that implementation step and step f1 and step g 1 are replaced on the multiplexing submodule performing step at the S box.

Wherein, described step f3 and step g 5 realize that described step f3 specifically may further comprise the steps on the multiplexing submodule of mixed rank transformation:

Under the control of Encryption Control Signal, mix the rank transformation multiplex circuit and be in mixed rank transformation conducting state, mix the rank transformation operation;

Under the control of deciphering control signal, mix the rank transformation multiplex circuit and be in mixed row inverse transformation state, mix row inverse transformation operation.

Wherein, mixing the rank transformation multiplex circuit is to be realized by the addition of territory unit and 2 logical circuits of taking advantage of of territory unit.

Need to prove, at first, mixing the rank transformation multiplex circuit can be for 4 row of input data, totally 16 bytes realize mixing multiplexing this circuit of rank transformation, when mixing rank transformation, be that four bytes with row are unit input, obtain four bytes of respective column later on through conversion, the processing of other row is carried out with reference to aforesaid operations;

The second, this multiplex circuit can also realize mixing the multiplexing of rank transformation and mixed row inverse transformation, mixes the row inverse transformation and carries out with reference to the step of mixing rank transformation.

Wherein, described step f3 and step h3 realize on the multiplexing submodule of mixed rank transformation that also implementation step is the same with the step that step f3 and step g 5 realize on the mixed multiplexing submodule of rank transformation.

Selectively, described step f3 and step g 5 also have another implementation on the multiplexing submodule of mixed rank transformation, and described step f3 specifically may further comprise the steps:

Bb1, under the control of coded signal, mix four bytes that the rank transformation Multiplexing Unit will import and do mixed rank transformation, obtain the result of a byte; Described four bytes are to do four bytes of the row in the data of mixing rank transformation; The result of a resultant byte is a byte of the respective column of these row after the overmulling rank transformation;

Bb2, under the control of Encryption Control Signal, four current bytes are done move byte and handle, and reuse the mixed rank transformation structure that obtains a byte result among the step bb1, and obtain the result of these row other bytes of respective column after mixing rank transformation, finish the mixed rank transformation of these row;

The data of bb3, other row are done mixed rank transformation and are carried out with reference to above-mentioned steps;

Described step g 5 specifically may further comprise the steps:

Bb4, under the control of decrypted signal, mix four bytes that the rank transformation Multiplexing Unit will import and do mixed row inverse transformation, obtain the result of a byte; Described four bytes are to do four bytes of the row in the data of mixing the row inverse transformation; The result of a resultant byte is a byte of the respective column of these row after the inverse transformation of overmulling row;

Bb5, the deciphering control signal control under, four current bytes are done move byte and handle, and reuse the mixed row inverse transformation structure that obtains a byte result among the step bb4, and obtain the result of these row other bytes of respective column after mixing the row inverse transformation, finish the mixed row inverse transformation of these row;

The data of bb6, other row are done mixed row inverse transformation and are carried out with reference to above-mentioned steps.

Wherein, described mixed rank transformation Multiplexing Unit addition that is territory unit and territory unit takes advantage of 2 logical circuits.

It is pointed out that this mixed rank transformation Multiplexing Unit is the circuit that produces the first row byte in the above-mentioned mixed rank transformation multiplex circuit.

Wherein, described step f3 and step h3 also have another kind of implementation mixing on the multiplexing submodule of rank transformation, and the step of implementation step another kind of implementation on the mixed multiplexing submodule of rank transformation with step f3 and step g 5 is the same.

Correspondingly, the present invention also provides the encryption and decryption device based on aes algorithm, comprising:

Sub-key generation module: be used for before single is encrypted iteration or single deciphering iteration, the required sub-key of key computing is carried out in generation to be-encrypted data or when treating that data decryption carries out initialization, encrypt iteration or single deciphering iteration when carrying out at single, dynamically generate and encrypt the required sub-key that carries out the key computing in iteration or the deciphering iterative process;

The initialization data module: with to be encrypted or treat that decrypted data is carried out the iteration first time before, the sub-key that produces with described sub-key generation module carries out the key arithmetic operation;

Signal controlling module: be used for generating and loading Encryption Control Signal or deciphering control signal, be respectively applied for control data are encrypted or decryption oprerations;

Encryption and decryption iteration Multiplexing module: under the control of the Encryption Control Signal of signal controlling module loading, Nr the iterative operation of on encryption and decryption iteration Multiplexing module, encrypting, under the control of the deciphering control signal of signal controlling module loading, Nr the iterative operation that on encryption and decryption iteration Multiplexing module, is decrypted.

Wherein, the sub-key generation module is used for comprising according to producing the sub-key that round is in succession carried out the key computing for carrying out the used sub-key dynamic expansion of key computing in ciphering process or the decrypting process:

Key storing unit is used for carrying out in storage encryption process or the decrypting process the used sub-key of key computing and the sub-key of the round in succession that produced by its dynamic expansion;

Key expansion unit is used under the control of Encryption Control Signal, carry out in the ciphering process according to key storing unit storage the key computing the sub-key expansion produce the sub-key that round is in succession carried out the key computing; Or be used under the control of deciphering control signal, the sub-key expansion of carrying out the key computing in the decrypting process according to key storing unit storage produces the sub-key that round is in succession carried out the key computing.

Need to prove, carry out the used sub-key of key computing in the described ciphering process or in the decrypting process and comprise: carry out the required sub-key of key computing to be-encrypted data or when treating that data decryption carries out initialization and encrypt iteration or the deciphering iterative process in carry out the key computing required sub-key;

And key expansion unit realizes that by logical circuit two kinds of processing modes are arranged:

First kind of mode: when this round was carried out the key computing, the sub-key expansion that key expansion unit is carried out the key computing according to the last round of key storing unit storage generated the current required sub-key of secondary key computing of taking turns;

The second way: when the computing of epicycle secondary key finished, next round of sub-key expansion generation that key expansion unit is carried out the key computing according to the current round of key storing unit storage was carried out the required sub-key of key computing.

Wherein, encryption and decryption iteration Multiplexing module comprises following submodule:

Data line displacement submodule: be used under the control of Encryption Control Signal, each row of importing data is wherein moved byte manipulation; Or under the control of deciphering control signal, each row of importing data is wherein moved the inverse operation of byte;

Mix the multiplexing submodule of rank transformation: under the control of Encryption Control Signal control, input data are wherein mixed the rank transformation operation; Or under the control of deciphering control signal, input data are wherein mixed row inverse transformation operation;

Key operator module: under the control of Encryption Control Signal or deciphering control signal, input data and this time input sub-key wherein carried out the step-by-step xor operation;

Wherein, encrypt the last time or during the deciphering iteration, the multiplexing submodule of described mixed rank transformation is not worked.

Wherein, the S box is replaced multiplexing submodule and is also comprised with lower unit:

S box permute unit: be used under the control of Encryption Control Signal, by searching the inverse element look-up table of territory unit, matrix is taken advantage of, and the displacement to the S box of data is finished in vectorial add operation;

S box inverse permutation unit: be used for adding by vector under the control of deciphering control signal, matrix is taken advantage of, and searches the inverse element look-up table of territory unit, finishes the inverse permutation to the S box of data.

Wherein, the inverse element look-up table of the inverse element look-up table of the S box permute unit territory unit of being searched and the territory unit that S box inverse permutation unit is searched is the inverse element look-up table of same territory unit.

Wherein, the inverse element look-up table of territory unit can be 8 inverse element look-up tables on the finite field, also can be 4 inverse element look-up tables on the finite field.

Wherein, mixing the multiplexing submodule of rank transformation comprises:

Mix the rank transformation multiplex circuit: under the control of Encryption Control Signal, gating mixes the rank transformation circuit, finishes the mixed rank transformation operation to data; Under the control of deciphering control signal, gating mixes the row inverse transform circuit, finishes the mixed row inverse transformation operation to data.

Wherein, mixing the rank transformation multiplex circuit is made up of the addition of territory unit and 2 logical circuits of taking advantage of of territory unit.

Selectively, mixing the multiplexing submodule of rank transformation can also comprise:

Move the byte processing unit: be used for current four bytes of mixing rank transformation or mixed row inverse transformation are done and move byte and handle;

Mix the rank transformation Multiplexing Unit: be used for four bytes of input are mixed rank transformation or mixed row inverse transformation, produce a byte result.

Preferably, mixing in the rank transformation Multiplexing Unit can be 2 logical circuits of taking advantage of of the addition of described territory unit and territory unit.

Implement the present invention, have following beneficial effect:

The improvement implementation of the aes algorithm that the present invention proposes can be applied in the circuit design of the encryption and decryption device in the smart card, also can be applied in other application to the area sensitivity, the present invention by utilize can be multiplexing in the aes algorithm circuit design part, design encryption and decryption multiplexing iteration module and sub-key generation module, reach the area overhead and the scale that reduce circuit design, thereby reduced power consumption, made smart card and other product competitiveness of using aes algorithm improve greatly.

Description of drawings

Fig. 1 is existing aes algorithm flow chart;

Fig. 2 is the structural representation that the present invention is based on the encryption and decryption device of aes algorithm;

Fig. 3 is the structural representation of neutron key production module of the present invention;

Fig. 4 is the structural representation of neutron cipher key spreading of the present invention;

Fig. 5 is the structural representation that the S box is replaced multiplexing submodule among the present invention;

Fig. 6 is the structural representation that mixes first embodiment of the multiplexing submodule of rank transformation among the present invention;

Fig. 7 is the logical circuit schematic diagram that mixes first embodiment of the multiplexing submodule of rank transformation among the present invention;

Fig. 8 is the structural representation that mixes second embodiment of the multiplexing submodule of rank transformation among the present invention;

Fig. 9 is the logical circuit schematic diagram that mixes second embodiment of the multiplexing submodule of rank transformation among the present invention;

Figure 10 is the first embodiment schematic flow sheet that the present invention is based on the encipher-decipher method of aes algorithm;

Figure 11 is the second embodiment schematic flow sheet that the present invention is based on the encipher-decipher method of aes algorithm.

Embodiment

AES is as the very high enciphering and deciphering algorithm of a kind of fail safe, at smart card and to the field of area sensitivity, brought into play very big effect as the handset applications aspect, when but aes algorithm is realized at hardware, there is the very big problem of area overhead, the present invention is under the prerequisite of paying close attention to its fail safe, proposed to address this problem a kind of based on aes algorithm the decipher circuit implementation and based on the encryption and decryption device of aes algorithm, thereby reduced circuit scale effectively, reduced power consumption and cost.

With reference to figure 2, be the structural representation that the present invention is based on the encryption and decryption device of aes algorithm, specifically comprise:

Initialization data module 1: be used for to be encrypted or treat that decrypted data is carried out the iteration first time before, carry out xor operation with sub-key;

Signal controlling module 2: generate Encryption Control Signal or deciphering control signal, be respectively applied for control data are encrypted or decryption oprerations;

Sub-key generation module 3: be used for before single is encrypted iteration or single deciphering iteration, the required sub-key of key computing is carried out in generation to be-encrypted data or when treating that data decryption carries out initialization, encrypt iteration or single deciphering iteration when carrying out at single, dynamically generate and encrypt the required sub-key that carries out the key computing in iteration or the deciphering iterative process;

Be used for encrypting iteration or deciphering iteration when carrying out, dynamically generate the sub-key that the key iteration needs at single; Be in this example, in cryptographic operation, produce and use K0 successively, K1 ..., KNr-1, KNr.And in decryption oprerations, produce and use KNr successively, and KNr-1 ..., K1, K0.

Encryption and decryption iteration Multiplexing module 4: under the control of Encryption Control Signal, encryption and decryption iteration Multiplexing module is in the encryption conducting state, carries out Nr time through the data of initialization data module output on this module and encrypts iteration; Or under the control of deciphering control signal, encryption and decryption iteration Multiplexing module is in the deciphering conducting state, carries out the deciphering iteration Nr time through the data of initialization data module output on this module.

Wherein, encryption and decryption iteration Multiplexing module 4 comprises following submodule:

The S box is replaced multiplexing submodule 41: under the control of Encryption Control Signal, input data are wherein carried out S box replacement operator; Or under the control of deciphering control signal, input data are wherein carried out S box inverse permutation operation;

Data line displacement submodule 42: be used under the control of coded signal, each row of importing data is wherein moved byte manipulation; Or under the control of deciphering control signal, each row of input data is wherein moved the operation of byte;

Mix the multiplexing submodule 43 of rank transformation: mix the multiplexing submodule of rank transformation: under the control of coded signal control, input data are wherein mixed the rank transformation operation; Or under the control of deciphering control signal, input data are wherein mixed row inverse transformation operation;

Key operator module 44 under the control of encryption or decrypted signal, is carried out the step-by-step xor operation with input data and this time input sub-key wherein;

Wherein, during the key iteration, mix the multiplexing submodule 43 of rank transformation and do not work the last time.

With reference to figure 3, be the structural representation of neutron key production module of the present invention.

Improved key schedule mainly is in order to produce the every sub-key input of taking turns in the encryption and decryption operation efficiently, use general module to realize this operation, avoided in the decryption oprerations in order to guarantee service speed, and the expense of the memory cell of sub-key is respectively taken turns in the storage that increases.

Therefore the invention provides improved sub-key generation module 3, be used for comprising according to producing the sub-key that round is in succession carried out the key computing for carrying out the used sub-key dynamic expansion of key computing in ciphering process or the decrypting process:

Key storing unit 31 is used for carrying out in storage encryption process or the decrypting process the used sub-key of key computing and the sub-key of the round in succession that produced by its dynamic expansion;

Key expansion unit 32 is used under the control of the Encryption Control Signal that signal controlling module 2 is produced, carry out in the ciphering process according to key storing unit 31 storage the key computing the sub-key expansion produce the sub-key that round is in succession carried out the key computing; Or be used under the control of the deciphering control signal that signal controlling module 2 is produced, the sub-key expansion of carrying out the key computing in the decrypting process according to key storing unit 31 storage produces the sub-key that round is in succession carried out the key computing.

Need to prove, carry out the used sub-key of key computing in the described ciphering process or in the decrypting process and comprise: carry out the required sub-key of key computing to be-encrypted data or when treating that data decryption carries out initialization and encrypt iteration or the deciphering iterative process in carry out the key computing required sub-key;

And key expansion unit 32 realizes that by logical circuit two kinds of processing modes are arranged:

First kind of mode: when this round was carried out the key computing, key expansion unit 32 was carried out key operator cipher key spreading according to the last round of key storing unit 31 storage and is generated current round and carry out the required sub-key of key computing;

The second way: when the computing of epicycle secondary key finished, key expansion unit 32 was carried out the required sub-key of key computing according to next round of sub-key expansion generation of carrying out the key computing of the current round of key storing unit 31 storages.

With reference to figure 4, when this figure has described 128 key inputs for example, improved sub-key extended method schematic diagram.

Use two kinds of lines to distinguish the encryption and decryption operation among the figure and produce every output of taking turns the sub-key that needs down, wherein solid line represent in the cryptographic operation by the key storing unit storage by four byte W0, W1, W2, the epicycle sub-key Ki that W3 forms, derive by four byte W0, W1, W2, the result (Ki+1) of the lower whorl sub-key that W3 forms, dotted line is represented in the decryption oprerations process, by key storing unit storage by four byte W0, W1, W2, the epicycle sub-key Ki that W3 forms finally derives by four byte W0, W1, W2, the result (Ki-1) of the lower whorl sub-key that W3 forms.Sub-key (Ki+1) and sub-key (Ki-1) that expansion produces store in the key storing unit, key storing unit is only preserved the sub-key of round in succession, and the encryption and decryption control signal is controlled and produced the result that cryptographic operation still is the lower whorl sub-key that needs of decryption oprerations.

Wherein RCON (i) be one only with the relevant constant value of wheel number, the i=1-10 RCON (i) of correspondence respectively is 8 ' h01,8 ' h02,8 ' h04,8 ' h08,8 ' h10,8 ' h20,8 ' h40,8 ' h80,8 ' h16,8 ' h36.

With reference to figure 5, for S box among the present invention is replaced the structural representation of multiplexing submodule.

The S box is replaced multiplexing submodule 41 and is specifically comprised with lower unit:

The inverse element look-up table 410 of territory unit, matrix are taken advantage of (M*b ^T) unit 411, vector add (c+z) unit 412, vector adds (x+z) unit 413 and matrix is taken advantage of (M ^-1* d ^T) unit 414.

Wherein, inverse element look-up table 410, the matrix of territory unit are taken advantage of (M*b ^T) unit 411, vector add (c+z) unit 412 and formed S box permute unit;

Vector adds (x+z) unit 413 and matrix is taken advantage of (M ^-1* d ^T) the inverse element look-up table 410 of unit 414 and territory unit formed S box inverse permutation unit.

S box displacement relates to the inverse operation with territory unit taken advantage of of matrix, and the inverse permutation of S box also exists the inverse operation with territory unit taken advantage of of matrix, for the displacement of S box, to be input as x={x7, x6, x5, x4, x3, x2, x1, the example of x0} describes, and is exactly y={y7 through displacement of S box or the later result of S box inverse permutation, y6, y5, y4, y3, y2, y1, y0}.

Specifically, under the control of the Encryption Control Signal that signaling control unit 2 is produced, data x={x7, x6, x5, x4, x3, x2, x1, x0} at first pass through the operational transformation of the inverse element look-up table 410 of territory unit, take advantage of the M*b of unit 411 again through matrix ^TOperation adds the c+z operation of unit 412 at last through vector, can obtain the data y={y7 after the displacement of S box, y6, y5, y4, y3, y2, y1, y0};

Under the control of the deciphering control signal that signaling control unit 2 is produced, data x={x7, x6, x5, x4, x3, x2, x1, x0} at first add the x+z operation of unit 413 through vector, take advantage of the matrix of unit 414 to take advantage of M through matrix again ^{- 1}* d ^TOperational processes at last through the operational processes of the inverse element look-up table 410 of territory unit, promptly obtains through the later data y={y7 of S box inverse permutation, y6, y5, y4, y3, y2, y1, y0}.

Among Fig. 5, solid line is used for representing the S box displacement that cryptographic operation uses, the inverse permutation of the S box that dotted line is used for representing that decryption oprerations is used.

Wherein, matrix $M=\left[\begin{array}{cccccccc}1& 1& 1& 1& 1& 0& 0& 0\\ 0& 1& 1& 1& 1& 1& 0& 0\\ 0& 0& 1& 1& 1& 1& 1& 0\\ 0& 0& 0& 1& 1& 1& 1& 1\\ 1& 0& 0& 0& 1& 1& 1& 1\\ 1& 1& 0& 0& 0& 1& 1& 1\\ 1& 1& 1& 0& 0& 0& 1& 1\\ 1& 1& 1& 1& 0& 0& 0& 1\end{array}\right]$ And $M^{-1}=\left[\begin{array}{cccccccc}0& 1& 0& 1& 0& 0& 1& 0\\ 0& 0& 1& 0& 1& 0& 0& 1\\ 1& 0& 0& 1& 0& 1& 0& 0\\ 0& 1& 0& 0& 1& 0& 1& 0\\ 0& 0& 1& 0& 0& 1& 0& 1\\ 1& 0& 0& 1& 0& 0& 1& 0\\ 0& 1& 0& 0& 1& 0& 0& 1\\ 1& 0& 1& 0& 0& 1& 0& 0\end{array}\right],$

M ^-1It is the inverse matrix of matrix M.Z is a constant value z={1,1,0,0,0,1,1, and 0}.The transposition of subscript " T " expression vector, vector x=x7, and x6, x5, x4, x3, x2, x1, x0} is through after the transpose process, and the result is

Here the inverse element look-up table 410 of territory unit as public module, makes up the inverse permutation of displacement of S box and S box, to reach the purpose of Multiplexing module with the inverse element look-up table of 8 bit field units;

Similarly, can use 4 inverse element look-up tables on the finite field to be used as public module, make up the inverse permutation of S box, littler to realize a kind of circuit scale, the Multiplexing module that area is more excellent.

The displacement of S box and inverse permutation are to be selected by Encryption Control Signal or deciphering control signal that signal controlling module 2 is produced, need to prove, if in the sub-key expansion, need to select Encryption Control Signal, select the displacement of S box.

Referring to Fig. 6, for mixing the structural representation of first embodiment of the multiplexing submodule of rank transformation among the present invention;

In such an embodiment, mixing the multiplexing submodule of rank transformation comprises:

Mix rank transformation multiplex circuit 430: { s0c, s1c, s2c, s3c} do and mix rank transformation is example with four bytes of a columns certificate, under the control of the Encryption Control Signal that signaling control unit 2 produces, mix rank transformation multiplex circuit 430 and be in mixed rank transformation strobe state, finish { the mixed rank transformation operation of s0c, s1c, s2c, s3c}; The byte of other row is mixed rank transformation with reference to aforesaid operations, thereby the byte of finishing different lines is finished mixed rank transformation on same mixed rank transformation multiplex circuit;

Similarly, the rank transformation multiplex circuit should be mixed and mixed row inverse transformation can also be finished, { s0c, s1c, s2c, s3c} do and mix row and be inversely transformed into example with four bytes of a columns certificate, under the control of the deciphering control signal that signaling control unit 2 produces, mix rank transformation multiplex circuit 430 and be in mixed row inverse transformation strobe state, finish { the mixed row inverse transformation operation of s0c, s1c, s2c, s3c}; The byte of other row is mixed the row inverse transformation with reference to aforesaid operations, thereby the byte of finishing different lines is finished mixed row inverse transformation on same mixed rank transformation multiplex circuit;

Mixing rank transformation and mixed row inverse transformation operation all is the addition and the multiply operation of territory unit, realize for the ease of circuit, can further multiply operation be resolved into 2 operations of taking advantage of of the addition of territory unit and territory unit, part that can be multiplexing in mixed rank transformation of utilization and the mixed row inverse transformation, make up and mix the rank transformation Multiplexing module, this processing mode on the one hand can two kinds of map functions of modularization, also can reduce the area overhead of two kinds of conversion on the other hand.

In the present embodiment, mixing rank transformation multiplex circuit 430 is made up of the addition of territory unit and 2 logical circuits of taking advantage of of territory unit.

Referring to Fig. 7, for mixing the logical circuit schematic diagram of first embodiment of the multiplexing submodule of rank transformation among the present invention.

The circuit that mixes rank transformation and mixed rank transformation can use by the addition of territory unit and 2 logical circuits of taking advantage of of territory unit to be formed, and wherein { 02} represents to use modulus to be x ⁸+ x ⁴+ x ³The territory unit of+x+1 takes advantage of the circuit of 2 operations, The circuit of the add operation of representative domain unit.The structure of the mixed rank transformation of the first row byte and the inverse transformation of mixed row such as the frame of broken lines among Fig. 5 represent that its operation is expressed as follows:

$\mathrm{MixColumn}0=\left\{02\right\}\&CenterDot;(S0c\&CirclePlus;S1c)\&CirclePlus;S1c\&CirclePlus;(\mathrm{<figure-callout\; id="2c"\; label="S"\; filenames="H200610037539XE00052.png"\; state="\{\{state\}\}">S</figure-callout>}2c\&CirclePlus;\mathrm{<figure-callout\; id="3c"\; label="S"\; filenames="H200610037539XE00052.png"\; state="\{\{state\}\}">S</figure-callout>}3c)$

$\mathrm{InvMixColumn}0=\left(\right\{02\}\&CenterDot;\left(\right\{02\}\&CenterDot;(\left(\right\{02\}\&CenterDot;(S0c\&CirclePlus;S1c))\&CirclePlus;\left(\right\{02\}\&CenterDot;(\mathrm{<figure-callout\; id="2c"\; label="S"\; filenames="H200610037539XE00052.png"\; state="\{\{state\}\}">S</figure-callout>}2c$

$\&CirclePlus;\mathrm{<figure-callout\; id="3c"\; label="S"\; filenames="H200610037539XE00052.png"\; state="\{\{state\}\}">S</figure-callout>}3c\left)\right)\&CirclePlus;(S0c\&CirclePlus;\mathrm{<figure-callout\; id="2c"\; label="S"\; filenames="H200610037539XE00052.png"\; state="\{\{state\}\}">S</figure-callout>}2c)\left)\right))\&CirclePlus;\mathrm{MixColumn}0$

The mixed rank transformation operation of other three row is as follows:

$\mathrm{<figure-callout\; id="1"\; label="MixColumn"\; filenames="H200610037539XE00031.png"\; state="\{\{state\}\}">MixColumn</figure-callout>}1=\left\{02\right\}\&CenterDot;(S1c\&CirclePlus;\mathrm{<figure-callout\; id="2c"\; label="S"\; filenames="H200610037539XE00052.png"\; state="\{\{state\}\}">S</figure-callout>}2c)\&CirclePlus;\mathrm{<figure-callout\; id="2c"\; label="S"\; filenames="H200610037539XE00052.png"\; state="\{\{state\}\}">S</figure-callout>}2c\&CirclePlus;(S0c\&CirclePlus;\mathrm{<figure-callout\; id="3c"\; label="S"\; filenames="H200610037539XE00052.png"\; state="\{\{state\}\}">S</figure-callout>}3c)$

$\mathrm{MixColumn}2=\left\{02\right\}\&CenterDot;(\mathrm{<figure-callout\; id="2c"\; label="S"\; filenames="H200610037539XE00052.png"\; state="\{\{state\}\}">S</figure-callout>}2c\&CirclePlus;\mathrm{<figure-callout\; id="3c"\; label="S"\; filenames="H200610037539XE00052.png"\; state="\{\{state\}\}">S</figure-callout>}3c)\&CirclePlus;\mathrm{<figure-callout\; id="3c"\; label="S"\; filenames="H200610037539XE00052.png"\; state="\{\{state\}\}">S</figure-callout>}3c\&CirclePlus;(S0c\&CirclePlus;S1c)$

$\mathrm{MixColumn}3=\left\{02\right\}\&CenterDot;(S0c\&CirclePlus;\mathrm{<figure-callout\; id="3c"\; label="S"\; filenames="H200610037539XE00052.png"\; state="\{\{state\}\}">S</figure-callout>}3c)\&CirclePlus;S0c\&CirclePlus;(S1c\&CirclePlus;\mathrm{<figure-callout\; id="2c"\; label="S"\; filenames="H200610037539XE00052.png"\; state="\{\{state\}\}">S</figure-callout>}2c)$

The mixed row inverse transformation operation of other three row is as follows:

$\mathrm{<figure-callout\; id="1"\; label="InvMixColumn"\; filenames="H200610037539XE00031.png"\; state="\{\{state\}\}">InvMixColumn</figure-callout>}1=\left(\right\{02\}\&CenterDot;\left(\right\{02\}\&CenterDot;(\left(\right\{02\}\&CenterDot;(S1c\&CirclePlus;\mathrm{<figure-callout\; id="2c"\; label="S"\; filenames="H200610037539XE00052.png"\; state="\{\{state\}\}">S</figure-callout>}2c))\&CirclePlus;\left(\right\{02\}\&CenterDot;(S0c$

$\&CirclePlus;\mathrm{<figure-callout\; id="3c"\; label="S"\; filenames="H200610037539XE00052.png"\; state="\{\{state\}\}">S</figure-callout>}3c\left)\right)\&CirclePlus;(S1c\&CirclePlus;\mathrm{<figure-callout\; id="3c"\; label="S"\; filenames="H200610037539XE00052.png"\; state="\{\{state\}\}">S</figure-callout>}3c)\left)\right))\&CirclePlus;\mathrm{<figure-callout\; id="1"\; label="MixColumn"\; filenames="H200610037539XE00031.png"\; state="\{\{state\}\}">MixColumn</figure-callout>}1$

$\mathrm{InvMixColumn}2=\left(\right\{02\}\&CenterDot;\left(\right\{02\}\&CenterDot;(\left(\right\{02\}\&CenterDot;(\mathrm{<figure-callout\; id="2c"\; label="S"\; filenames="H200610037539XE00052.png"\; state="\{\{state\}\}">S</figure-callout>}2c\&CirclePlus;\mathrm{<figure-callout\; id="3c"\; label="S"\; filenames="H200610037539XE00052.png"\; state="\{\{state\}\}">S</figure-callout>}3c))\&CirclePlus;\left(\right\{02\}\&CenterDot;(S0c$

$\&CirclePlus;S1c\left)\right)\&CirclePlus;(S0c\&CirclePlus;\mathrm{<figure-callout\; id="2c"\; label="S"\; filenames="H200610037539XE00052.png"\; state="\{\{state\}\}">S</figure-callout>}2c)\left)\right))\&CirclePlus;\mathrm{MixColumn}2$

$\mathrm{InvMixColumn}3=\left(\right\{02\}\&CenterDot;\left(\right\{02\}\&CenterDot;(\left(\right\{02\}\&CenterDot;(S0c\&CirclePlus;\mathrm{<figure-callout\; id="3c"\; label="S"\; filenames="H200610037539XE00052.png"\; state="\{\{state\}\}">S</figure-callout>}3c))\&CirclePlus;\left(\right\{02\}\&CenterDot;(S1c$

$\&CirclePlus;\mathrm{<figure-callout\; id="2c"\; label="S"\; filenames="H200610037539XE00052.png"\; state="\{\{state\}\}">S</figure-callout>}2c\left)\right)\&CirclePlus;(S1c\&CirclePlus;\mathrm{<figure-callout\; id="3c"\; label="S"\; filenames="H200610037539XE00052.png"\; state="\{\{state\}\}">S</figure-callout>}3c)\left)\right))\&CirclePlus;\mathrm{MixColumn}3$

After handling, the inverse transformation of the mixed rank transformation of row and mixed row can use same module to realize, has improved the shared property of same operation, has reduced the expense of area.

Use two kinds of lines to distinguish the end product output that mixes rank transformation under the encryption and decryption operation and mix the inverse transformation of row among Fig. 7.Wherein solid line represents to select in the cryptographic operation mixed rank transformation result's output, and dotted line represents to select in the decryption oprerations inverse transformation result's of mixed row output.Encrypt, the deciphering control signal is used for controlling and mixes rank transformation and still mix the inverse transformation that is listed as.Frame of broken lines is to produce first line data that mixes rank transformation or mix the inverse transformation of row, the operation of execution and structure.

Referring to Fig. 8, for mixing the structural representation of second embodiment of the multiplexing submodule of rank transformation among the present invention.Based on the characteristics of mixing rank transformation and mixing the inverse transformation of row, in the same row operation, the being associated property of each row byte, when realizing, can reuse the structure that produces first row based on the result of first row, to import data and do and move after byte handles, produce the byte result of other row.

Therefore in such an embodiment, mix rank transformation submodule 43 and can also realize, specifically comprise with lower unit by the mode of moving the byte processing:

Move byte processing unit 4310: be used for current four bytes of mixing rank transformation or mixed row inverse transformation are done and move byte and handle;

Mix rank transformation Multiplexing Unit 4311: be used for four bytes of input are mixed rank transformation or mixed row inverse transformation, produce a byte result.

At first, under the control of the Encryption Control Signal that signaling control unit 2 produces, mixed rank transformation Multiplexing Unit 4311 is done input four bytes of the row in the data of mixing rank transformation and is done mixed rank transformation, obtains a byte of the respective column of these row after the overmulling rank transformation;

Moving current four bytes of mixing rank transformation of doing of 4310 pairs of byte processing units does and moves byte and handle, mix rank transformation Multiplexing Unit 4311 and again it is mixed rank transformation, obtain the result of these row other bytes of respective column after mixing rank transformation, finish the mixed rank transformation of these row;

The data of other row are done and are mixed rank transformation and carry out with reference to aforesaid operations, thereby finish whole mixed rank transformation operation.

Therewith correspondingly, under the control of the deciphering control signal that signaling control unit 2 produces, mixed rank transformation Multiplexing Unit 4311 is done input four bytes of the row in the data of mixing rank transformation and is done mixed row inverse transformation, obtains a byte of the respective column of these row after the inverse transformation of overmulling row;

Moving current four bytes of mixing the row inverse transformation of doing of 4310 pairs of byte processing units does and moves byte and handle, mix rank transformation Multiplexing Unit 4311 and again it is mixed the row inverse transformation, obtain the result of these row other bytes of respective column after mixing the row inverse transformation, finish the mixed row inverse transformation of these row;

The data of other row are done and are mixed the row inverse transformation and carry out with reference to aforesaid operations, thereby finish whole mixed row inverse transformation operation.

With reference to figure 9, for mixing the logical circuit schematic diagram of second embodiment of the multiplexing submodule of rank transformation among the present invention.

Broken line construction block diagram among Fig. 9 promptly adopts the frame of broken lines partial content among Fig. 7 for mixing the rank transformation Multiplexing Unit, produces the byte result of first row, in conjunction with Fig. 8, the implementation of this kind embodiment is described:

With four bytes of row s0c, s1c, s2c, s3c} do and mix rank transformation is example, and to mix the step of rank transformation as follows for specific implementation on the multiplexing submodule of this mixed rank transformation:

At first, under the control of Encryption Control Signal, mix row and change Multiplexing Unit 4311 and at first will import four bytes of a columns certificate wherein { s0c, s1c, s2c, s3c} do mixed rank transformation, obtain first a capable byte s ' 0c;

Under the control of Encryption Control Signal, move byte processing unit 4310 with { s0c, s1c, s2c, s3c} do and move the byte processing, { s3c, s0c, s1c, s2c} do mixed rank transformation through mixing rank transformation Multiplexing Unit 4311 to it to byte after obtaining being shifted, obtain a byte s ' 1c of second row;

Under the control of Encryption Control Signal, move byte processing unit 4310 with { s0c, s1c, s2c, s3c} do and move the byte processing, { s2c, s3c, s0c, s1c} do mixed rank transformation through mixing rank transformation Multiplexing Unit 4311 to it to byte after obtaining being shifted, obtain a byte s ' 2c of the third line;

Under the control of Encryption Control Signal, byte processing unit 4310 will { s0c, s1c, s2c, s3c} do and move the byte processing, { s1c, s2c, s3c, s0c} do mixed rank transformation through mixing rank transformation Multiplexing Unit 4311 to it to byte after obtaining being shifted, obtain a byte s ' 3c of fourth line;

Wherein s ' 0c, s ' 1c, s ' 2c, s ' 3c have formed the respective column after mixing rank transformation;

So far, finish the mixed rank transformation operation of these row, the mixed rank transformation operation of other row is carried out with reference to aforesaid operations, thereby finishes whole mixed rank transformation.

Corresponding therewith, with four bytes of row s0c, s1c, s2c, s3c} do and mix row and be inversely transformed into example, and to mix the step of row inverse transformation as follows for specific implementation on the multiplexing submodule of this mixed rank transformation:

At first, under the control of deciphering control signal, mix row and change Multiplexing Unit 4311 and at first will import four bytes of a columns certificate wherein { s0c, s1c, s2c, s3c} do and mix the row inverse transformation, obtain first a byte s ' 0c who goes;

Under the control of deciphering control signal, move byte processing unit 4310 with { s0c, s1c, s2c, s3c} do and move the byte processing, { s3c, s0c, s1c, s2c} do mixed row inverse transformation through mixing rank transformation Multiplexing Unit 4311 to it to byte after obtaining being shifted, obtain a byte s ' 1c of second row;

Under the control of deciphering control signal, move byte processing unit 4310 with { s0c, s1c, s2c, s3c} do and move the byte processing, { s2c, s3c, s0c, s1c} do mixed row inverse transformation through mixing rank transformation Multiplexing Unit 4311 to it to byte after obtaining being shifted, obtain a byte s ' 2c of the third line;

Under the control of deciphering control signal, byte processing unit 4310 will { s0c, s1c, s2c, s3c} do and move the byte processing, { s1c, s2c, s3c, s0c} do mixed row inverse transformation through mixing rank transformation Multiplexing Unit 4311 to it to byte after obtaining being shifted, obtain a byte s ' 3c of fourth line;

Wherein s ' 0c, s ' 1c, s ' 2c, s ' 3c have formed the respective column after mixing the row inverse transformation;

So far, finish the mixed row inverse transformation operation of these row, the mixed row inverse transformation operation of other row is carried out with reference to aforesaid operations, thereby finishes whole mixed row inverse transformation.

Make in this way and can modular realization mix rank transformation and the mixed processing of mixing the inverse transformation that is listed as equally.

In addition, in the realization in Fig. 9, as a kind of interchangeable scheme, mixed rank transformation Multiplexing Unit 4311 among Fig. 8 also can not be the byte result who partly produces first row with the frame of broken lines among Fig. 7, that is to say { 03}, { 0e}, { 0b}, { 0d} and { 09} also can further not split into XOR and the { operation of 02}.

With reference to Figure 10, be the first embodiment flow process signal of the encipher-decipher method that the present invention is based on aes algorithm, this method specific implementation process is as follows;

At first at step S100, carry out determining of iterations Nr, set iterations Nr according to key length, key length can be 128,192 and 256, and corresponding iterations Nr can be 10,12 or 14;

At step S101, dynamically generate to encrypt in iteration or the deciphering iterative process for Nr time and carry out the needed sub-key of key computing, it is pointed out that this step encrypts iterative process or decipher iterative process through Nr time;

At step S102, to to be encrypted or treat that decrypted data carries out initialization operation, promptly to be encrypted or treat decrypted data input after, before it carries out first round iteration, at first the sub-key that produces among itself and the step S101 is carried out the key arithmetic operation, promptly carry out the step-by-step xor operation with it;

At step S103, load and encrypt or the deciphering control signal, control is corresponding encrypts or decryption oprerations.

At step S104, start and encrypt iteration or deciphering iterative process, under the control of Encryption Control Signal, start and encrypt the iterative operation flow process, under the control of deciphering control signal, start the iterative operation flow process of deciphering; At step S105, Nr the iterative operation of on encryption and decryption iteration Multiplexing module, encrypting or deciphering.

Under the control of Encryption Control Signal, encryption and decryption iteration Multiplexing module is in the encryption conducting state, and the data of being imported to be encrypted are carried out Nr time and encrypted iteration on this module;

Under the control of deciphering control signal, encryption and decryption iteration Multiplexing module is in the deciphering conducting state, and the decrypted data of being imported for the treatment of is carried out the deciphering iteration Nr time on this module.

Wherein, encrypting single in the iteration for Nr time encrypts the step of iteration and is:

At step S106, data are carried out S box replacement operator;

At step S107, will carry out byte shift through each row of the data of step S106 conversion output, promptly each row through the data of step S106 conversion output is moved byte manipulation;

At step S108, will mix rank transformation through the data of step S107 conversion output, the every row and the matrix that are about to the data exported through step S107 conversion carry out multiplication operations;

At step S109, will carry out the key computing through the data of step S108 conversion output, be about to carry out the step-by-step xor operation through the data of S108 conversion output and the sub-key of this time input;

Omit step S108 when encrypting iteration the last time;

It is pointed out that in step S106 described data are the initialized data of process step S102 when carrying out encrypting iteration the first time; Single is afterwards encrypted in the iterative process, is the data through last encryption iterative operation.

The step of deciphering the single deciphering iteration in the iteration for Nr time is:

At step S106, data are carried out S box inverse permutation operation;

At step S107, will carry out inverse operation of byte shift through each row of the data of step S106 conversion output, promptly each row through the data of step S106 conversion output is moved inverse operation of byte;

At step S110, will carry out the key computing through the data of step S107 conversion output, be about to carry out the step-by-step xor operation through the data of step S107 conversion output and the sub-key of this time input;

At step S111, will carry out data through the data of step S110 conversion output and mix the row inverse transformation, be about to carry out multiplication operations through the every row and the matrix of the data of step S110 conversion output;

Omit step S111 when deciphering iteration the last time;

It is pointed out that in step S106 described data are the initialized data of process step S102 when carrying out deciphering iteration the first time; In the single deciphering iterative process afterwards, be data through last deciphering iterative operation.

What the S115 among Figure 10 represented is the input sequence of encryption subkey, and S116 represents is that the input of deciphering sub-key is smooth, and the input sequence of this two seed key is just in time opposite.Be in this example, when encrypting iterative operation, use K0 successively, K1 ..., KNr-1, KNr.And in the deciphering iterative operation, use KNr successively, and KNr-1 ..., K1, K0.

Selectively, the present invention gives second kind of execution mode based on the encipher-decipher method of aes algorithm, and referring to Figure 11, this method specific implementation method step is as follows:

At first at step S200, set iterations Nr according to key length, key length can be 128,192 and 256, and correspondingly, iterations Nr can be 10,12 or 14;

At step S201, dynamically generate and encrypt iteration Nr time or the deciphering iterative process is carried out the needed sub-key of key computing, it is pointed out that this step encrypts iterative process or decipher iterative process through Nr time;

At step S202, to to be encrypted or treat that decrypted data carries out initialization operation, promptly to be encrypted or treat decrypted data input after, before it carries out first round key iteration, at first itself and the sub-key that is produced at step S201 are carried out the key arithmetic operation, promptly carry out the step-by-step xor operation with it;

At step S203, load and encrypt or the deciphering control signal, control is corresponding encrypts or decryption oprerations.

At step S204, start and encrypt iteration or deciphering iterative process, under the control of Encryption Control Signal, start and encrypt the iterative operation flow process, under the control of deciphering control signal, start the iterative operation flow process of deciphering;

At step S205, Nr the iterative operation of on encryption and decryption iteration Multiplexing module, encrypting or deciphering.

Under the control of Encryption Control Signal, encryption and decryption iteration Multiplexing module is in the encryption conducting state, and the data of being imported to be encrypted are carried out Nr time and encrypted iteration on this module;

Under the control of deciphering control signal, encryption and decryption iteration Multiplexing module is in the deciphering conducting state, and the decrypted data of being imported for the treatment of is carried out the deciphering iteration Nr time on this module.

Wherein, encrypting single in the iteration for Nr time encrypts the step of iteration and is:

At step S206, data are carried out S box replacement operator;

At step S207, will be shifted through each row of the data of step S206 conversion output, promptly each row through the data of step S206 conversion output is moved byte manipulation;

At step S208, will mix rank transformation through the data of step S207 conversion output, the every row and the matrix that are about to the data exported through step S207 conversion carry out multiplication operations;

At step S210, will carry out the key computing through the data of step S208 conversion output, will carry out the step-by-step xor operation through the data of S208 conversion output and the sub-key of this time input;

Omit step S208 when encrypting iteration the last time;

It is pointed out that in step S206 described data are the initialized data of process step S202 when carrying out encrypting iteration the first time; Single is afterwards encrypted in the iterative process, is the data through last encryption iterative operation; When circuit is realized, be used for this encryption subkey of encrypting iteration through overmulling rank transformation Multiplexing Unit through what step S201 produced, but mixed the bypass of rank transformation Multiplexing Unit, do not do and mix rank transformation or mixed row inverse transformation.

The step of deciphering the single deciphering iteration in the iteration for Nr time is:

At step S206, data are carried out S box inverse permutation operation;

At step S207, the inverse operation that will be shifted through each row of the data of step S206 conversion output promptly moves inverse operation of byte to each row through the data of step S206 conversion output;

At step S208, will carry out data through the data of step S207 conversion output and mix the row inverse transformation, will carry out multiplication operations through the every row and the matrix of the data of step S207 conversion output;

At step S209, will mix the row inverse transformation through the deciphering sub-key that is used for this deciphering iteration that step S201 produces;

At step S210, will carry out the key computing through the data that step S208 handles, be about to carry out the step-by-step xor operation through the data of step S208 conversion output and sub-key through step S209 conversion;

Omit step S208 and step S209 when deciphering iteration the last time, the data of output and the sub-key of this time input carry out the step-by-step xor operation after directly will handling through step S207.

It is pointed out that in step S206 described data are the initialized data of process step S202 when carrying out deciphering iteration the first time; In the single deciphering iterative process afterwards, be data through last deciphering iterative operation.

What the S214 among Figure 11 represented is the input sequence of encryption subkey, and S215 represents is that the input of deciphering sub-key is smooth, and the input sequence of this two seed key is just in time opposite.Be in this example, in cryptographic operation, use K0 successively, K1 ..., KNr-1, KNr.And in decryption oprerations, use KNr successively, and KNr-1 ..., K1, K0.

The above is a preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also are considered as protection scope of the present invention.

Claims (19)

1. the encipher-decipher method based on aes algorithm is characterized in that, may further comprise the steps:

A, determine iterations Nr according to key length;

B, initialization data, the be-encrypted data of input or treat that data decryption carries out the iteration first time before, itself and sub-key are carried out the key arithmetic operation;

C, loading Encryption Control Signal or deciphering control signal;

D, under the control of Encryption Control Signal, Nr the iterative operation of on encryption and decryption iteration Multiplexing module, encrypting, the deciphering control signal control under, Nr the iterative operation that on encryption and decryption iteration Multiplexing module, is decrypted;

Described steps d specifically may further comprise the steps:

Under the control of Encryption Control Signal, encryption and decryption iteration Multiplexing module is in the encryption conducting state, and the data to be encrypted of input are carried out Nr time and encrypted iteration on this module;

Under the control of deciphering control signal, encryption and decryption iteration Multiplexing module is in the deciphering conducting state, and the decrypted data for the treatment of of input is carried out the deciphering iteration Nr time on this module;

The step that single in described Nr the encryption iteration is encrypted iteration is:

F1, to the input data carry out S box replacement operator;

F2, each row through the data of S box displacement output is moved byte manipulation;

F3, will mix rank transformation through the data of data line shift transformation output and operate;

F4, under the control of Encryption Control Signal, obtain the sub-key that this encrypts iteration by the preceding sub-key of storing in the key storing unit of once encrypting iteration;

F5, will be through mixing rank transformation output data and the sub-key of this time input carry out the key arithmetic operation;

Omit step f3 when encrypting iteration the last time;

The step of the single deciphering iteration in described Nr the deciphering iteration is:

G1, the data of input are carried out S box inverse permutation operation;

G2, each row through the data of S box inverse permutation output is moved inverse operation of byte;

G3, the deciphering control signal control under, by the preceding sub-key of storing in the key storing unit of once deciphering iteration obtain this deciphering iteration sub-key;

G4, will carry out the key arithmetic operation through the data of the contrary shift transformation output of data line and the sub-key of this time input;

G5, will mix the row inverse transformation through the data of key operation transform output and operate;

Omit step g 5 when deciphering iteration the last time.

2. the encipher-decipher method based on aes algorithm as claimed in claim 1 is characterized in that, described step f1 and step g 1 are replaced on the multiplexing submodule at the S box and realized that described step f1 specifically may further comprise the steps:

Under the control of Encryption Control Signal, by searching the inverse element look-up table of territory unit, matrix is taken advantage of through initialized data, and the displacement of S box is finished in vectorial add operation;

Described step g 1 specifically may further comprise the steps:

Under the control of deciphering control signal, add by vector through initialized data, matrix is taken advantage of, and searches the inverse element look-up table of territory unit, finishes the inverse permutation of S box.

3. the encipher-decipher method based on aes algorithm as claimed in claim 1 is characterized in that, described step f3 and g5 realize that step f3 specifically may further comprise the steps on the multiplexing submodule of mixed rank transformation:

Under the control of Encryption Control Signal, mix the rank transformation multiplex circuit and be in mixed rank transformation conducting state, mix the rank transformation operation;

Described step g 5 specifically may further comprise the steps:

Under the control of deciphering control signal, mix the rank transformation multiplex circuit and be in mixed row inverse transformation state, mix row inverse transformation operation.

4. the encipher-decipher method based on aes algorithm as claimed in claim 3 is characterized in that, described mixed rank transformation multiplex circuit is to be realized by 2 logical circuits of taking advantage of of the addition of territory unit and territory unit.

5. the encipher-decipher method based on aes algorithm as claimed in claim 1 is characterized in that, described step f3 and step g 5 realize that described step f3 specifically may further comprise the steps on the multiplexing submodule of mixed rank transformation:

Bb1, under the control of Encryption Control Signal, mix four bytes that the rank transformation Multiplexing Unit will import and do mixed rank transformation, obtain the result of a byte; Described four bytes are to do four bytes of the row in the data of mixing rank transformation; The result of a resultant byte is a byte of the respective column of these row after the overmulling rank transformation;

Bb2, under the control of Encryption Control Signal, four current bytes are done move byte and handle, and reuse the mixed rank transformation structure that obtains a byte result among the step bb1, and obtain the result of these row other bytes of respective column after mixing rank transformation, finish the mixed rank transformation of these row;

The data of bb3, other row are done mixed rank transformation and are carried out with reference to above-mentioned steps;

Described step g 5 specifically may further comprise the steps:

Bb4, under the control of deciphering control signal, mix four bytes that the rank transformation Multiplexing Unit will import and do mixed row inverse transformation, obtain the result of a byte; Described four bytes are to do four bytes of the row in the data of mixing the row inverse transformation; The result of a resultant byte is a byte of the respective column of these row after the inverse transformation of overmulling row;

Bb5, the deciphering control signal control under, four current bytes are done move byte and handle, and reuse the mixed row inverse transformation structure that obtains a byte result among the step bb4, and obtain the result of these row other bytes of respective column after mixing the row inverse transformation, finish the mixed row inverse transformation of these row;

The data of bb6, other row are done mixed row inverse transformation and are carried out with reference to above-mentioned steps.

6. the encipher-decipher method based on aes algorithm as claimed in claim 5 is characterized in that, addition that described mixed rank transformation Multiplexing Unit is a territory unit and territory unit take advantage of 2 logical circuits.

7. the encipher-decipher method based on aes algorithm is characterized in that, may further comprise the steps:

A, determine iterations Nr according to key length;

B, initialization data, the be-encrypted data of input or treat that data decryption carries out the iteration first time before, itself and sub-key are carried out the key arithmetic operation;

C, loading Encryption Control Signal or deciphering control signal;

D, under the control of Encryption Control Signal, Nr the iterative operation of on encryption and decryption iteration Multiplexing module, encrypting, the deciphering control signal control under, Nr the iterative operation that on encryption and decryption iteration Multiplexing module, is decrypted;

Described steps d specifically may further comprise the steps:

Under the control of Encryption Control Signal, encryption and decryption iteration Multiplexing module is in the encryption conducting state, and the data to be encrypted of input are carried out Nr time and encrypted iteration on this module;

Under the control of deciphering control signal, encryption and decryption iteration Multiplexing module is in the deciphering conducting state, and the decrypted data for the treatment of of input is carried out the deciphering iteration Nr time on this module;

The step that single in described Nr the encryption iteration is encrypted iteration is:

F1, to the input data carry out S box replacement operator;

F2, each row through the data of S box displacement output is moved byte manipulation;

F3, will mix rank transformation through the data of data line shift transformation output and operate;

F4, under the control of Encryption Control Signal, obtain the sub-key that this encrypts iteration by the preceding sub-key of storing in the key storing unit of once encrypting iteration;

F5, will be through mixing rank transformation output data and the sub-key of this time input carry out the key arithmetic operation;

Omit step f3 when encrypting iteration the last time;

The step of the single deciphering iteration in described Nr the deciphering iteration is:

H1, the data of input are carried out S box inverse permutation operation;

H2, each row through the data of S box inverse permutation output is moved inverse operation of byte;

H3, will mix the row inverse transformation through the data of the contrary shift transformation output of data line and operate;

H4, the deciphering control signal control under, by the preceding sub-key of storing in the key storing unit of once deciphering iteration obtain this deciphering iteration sub-key;

H5, will generate deciphering sub-key that is used for this deciphering iteration that step produces through sub-key and mix the row inverse transformation;

H6, will be through mixing row inverse transformation output data and the sub-key through the inverse transformation of overmulling row of this time input carry out the key arithmetic operation;

Omit step h3 and step h5 when deciphering iteration the last time, directly the data of step h2 conversion output and the sub-key of step h4 generation are carried out the step-by-step xor operation.

8. the encipher-decipher method based on aes algorithm as claimed in claim 7 is characterized in that, described step f1 and step h1 replace on the multiplexing submodule at the S box and realize that described step f1 specifically may further comprise the steps:

Under the control of Encryption Control Signal, by searching the inverse element look-up table of territory unit, matrix is taken advantage of through initialized data, and the displacement of S box is finished in vectorial add operation;

Described step h1 specifically may further comprise the steps:

Under the control of deciphering control signal, add by vector through initialized data, matrix is taken advantage of, and searches the inverse element look-up table of territory unit, finishes the inverse permutation of S box.

9. the encipher-decipher method based on aes algorithm as claimed in claim 7 is characterized in that, described step f3 and step h3 realize that described step f3 specifically may further comprise the steps on the multiplexing submodule of mixed rank transformation:

Under the control of Encryption Control Signal, mix the rank transformation multiplex circuit and be in mixed rank transformation conducting state, mix the rank transformation operation;

Described step h3 specifically may further comprise the steps:

Under the control of deciphering control signal, mix the rank transformation multiplex circuit and be in mixed row inverse transformation state, mix row inverse transformation operation.

10. the encipher-decipher method based on aes algorithm as claimed in claim 9 is characterized in that, described mixed rank transformation multiplex circuit is to be realized by 2 logical circuits of taking advantage of of the addition of territory unit and territory unit.

11. the encipher-decipher method based on aes algorithm as claimed in claim 7 is characterized in that, described step f3 and step h3 realize that described step f3 specifically may further comprise the steps on the multiplexing submodule of mixed rank transformation:

Bb1, under the control of Encryption Control Signal, mix four bytes that the rank transformation Multiplexing Unit will import and do mixed rank transformation, obtain the result of a byte; Described four bytes are to do four bytes of the row in the data of mixing rank transformation; The result of a resultant byte is a byte of the respective column of these row after the overmulling rank transformation;

Bb2, under the control of Encryption Control Signal, four current bytes are done move byte and handle, and reuse the mixed rank transformation structure that obtains a byte result among the step bb1, and obtain the result of these row other bytes of respective column after mixing rank transformation, finish the mixed rank transformation of these row;

The data of bb3, other row are done mixed rank transformation and are carried out with reference to above-mentioned steps;

Described step h3 specifically may further comprise the steps:

Bb4, under the control of deciphering control signal, mix four bytes that the rank transformation Multiplexing Unit will import and do mixed row inverse transformation, obtain the result of a byte; Described four bytes are to do four bytes of the row in the data of mixing the row inverse transformation; The result of a resultant byte is a byte of the respective column of these row after the inverse transformation of overmulling row;

Bb5, the deciphering control signal control under, four current bytes are done move byte and handle, and reuse the mixed row inverse transformation structure that obtains a byte result among the step bb4, and obtain the result of these row other bytes of respective column after mixing the row inverse transformation, finish the mixed row inverse transformation of these row;

The data of bb6, other row are done mixed row inverse transformation and are carried out with reference to above-mentioned steps.

12. the encipher-decipher method based on aes algorithm as claimed in claim 11 is characterized in that, addition that described mixed rank transformation Multiplexing Unit is a territory unit and territory unit take advantage of 2 logical circuits.

13. the encryption and decryption device based on aes algorithm is characterized in that, comprising:

Sub-key generation module: be used for before single is encrypted iteration or single deciphering iteration, the required sub-key of key computing is carried out in generation to be-encrypted data or when treating that data decryption carries out initialization, encrypt iteration or single deciphering iteration when carrying out at single, dynamically generate and encrypt the required sub-key that carries out the key computing in iteration or the deciphering iterative process;

The initialization data module: with to be encrypted or treat that decrypted data is carried out the iteration first time before, the sub-key that produces with described sub-key generation module carries out the key arithmetic operation;

Signal controlling module: be used for generating and loading Encryption Control Signal or deciphering control signal, be respectively applied for control data are encrypted or decryption oprerations;

Encryption and decryption iteration Multiplexing module: under the control of the Encryption Control Signal of signal controlling module loading, Nr the iterative operation of on encryption and decryption iteration Multiplexing module, encrypting, under the control of the deciphering control signal of signal controlling module loading, Nr the iterative operation that on encryption and decryption iteration Multiplexing module, is decrypted;

Described encryption and decryption iteration Multiplexing module comprises following submodule:

The S box is replaced multiplexing submodule: be used under the control of Encryption Control Signal, input data are wherein carried out S box replacement operator; Or under the control of deciphering control signal, input data are wherein carried out S box inverse permutation operation;

Data line displacement submodule: be used under the control of Encryption Control Signal, each row of importing data is wherein moved byte manipulation; Or under the control of deciphering control signal, each row of importing data is wherein moved the inverse operation of byte;

Mix the multiplexing submodule of rank transformation: under the control of Encryption Control Signal control, input data are wherein mixed the rank transformation operation; Or under the control of deciphering control signal, input data are wherein mixed row inverse transformation operation;

Key operator module: under the control of Encryption Control Signal or deciphering control signal, input data and this time input sub-key wherein carried out the step-by-step xor operation;

Wherein, encrypt the last time or during the deciphering iteration, the multiplexing submodule of described mixed rank transformation is not worked.

14. the encryption and decryption device based on aes algorithm as claimed in claim 13 is characterized in that;

Described sub-key generation module is used for comprising according to producing the sub-key that round is in succession carried out the key computing for carrying out the used sub-key dynamic expansion of key computing in ciphering process or the decrypting process:

Key storing unit is used for carrying out in storage encryption process or the decrypting process the used sub-key of key computing and the sub-key of the round in succession that produced by its dynamic expansion;

Key expansion unit is used under the control of Encryption Control Signal, and the sub-key expansion of carrying out the key computing in the ciphering process according to key storing unit storage produces the sub-key that round is in succession carried out the key computing; Or be used under the control of deciphering control signal, the sub-key expansion of carrying out the key computing in the decrypting process according to key storing unit storage produces the sub-key that round is in succession carried out the key computing.

15. the encryption and decryption device based on aes algorithm as claimed in claim 13 is characterized in that, described S box is replaced multiplexing submodule and is specifically comprised with lower unit:

S box permute unit: be used under the control of Encryption Control Signal, by searching the inverse element look-up table of territory unit, matrix is taken advantage of, and the displacement to the S box of data is finished in vectorial add operation;

S box inverse permutation unit: be used for adding by vector under the control of deciphering control signal, matrix is taken advantage of, and searches the inverse element look-up table of territory unit, finishes the inverse permutation to the S box of data.

16. the encryption and decryption device based on aes algorithm as claimed in claim 13 is characterized in that, the multiplexing submodule of described mixed rank transformation comprises:

Mix the rank transformation multiplex circuit: under the control of Encryption Control Signal, gating mixes the rank transformation circuit, finishes the mixed rank transformation operation to data; Under the control of deciphering control signal, gating mixes the row inverse transform circuit, finishes the mixed row inverse transformation operation to data.

17. the encryption and decryption device based on aes algorithm as claimed in claim 16 is characterized in that, addition that described mixed rank transformation multiplex circuit is a territory unit and territory unit take advantage of 2 logical circuits.

18. the encryption and decryption device based on aes algorithm as claimed in claim 13 is characterized in that, the multiplexing submodule of described mixed rank transformation comprises:

Move the byte processing unit: be used for current four bytes of mixing rank transformation or mixed row inverse transformation are done and move byte and handle;

Mix the rank transformation Multiplexing Unit: be used for four bytes of input are mixed rank transformation or mixed row inverse transformation, produce a byte result.

19. the encryption and decryption device based on aes algorithm as claimed in claim 18 is characterized in that, described mixed rank transformation Multiplexing Unit is 2 logical circuits of taking advantage of of the addition of described territory unit and territory unit.

Images