KR102393958B1 - Data processing method in system with encryption algorithm - Google Patents

Abstract

In order for the system to which the encryption algorithm operated by at least one processor is applied to process the data block composed of bits, based on the scrambler key composed of a plurality of bits and the start address of the data block, the number of rounds to encrypt the data block Generates round keys of A plurality of bits constituting a data block is divided into byte units to generate sub-input data, and each sub-input data is input according to a byte order into each of a plurality of byte lanes for processing encryption/decryption.
The round keys generated by the number of times to be encrypted are separated into byte units to generate sub-round keys, and according to each encryption round, the sub-round keys are input into a plurality of byte lanes, respectively, and sub-data is encrypted using the sub-round key. do.

Description

Data processing method in system with encryption algorithm applied

The present invention relates to a data processing method in a system to which an encryption algorithm for processing large amounts of data is applied.

Among block encryption algorithms used for data protection, commercial algorithms include DES (Data Encryption Standard) and AES (Advanced Encryption Standard). These algorithms process data in blocks.

In case of DES, the size of one block is 8 bytes, and in case of AES, the size of one block is 16 bytes. Block encryption algorithms perform the task of repositioning data within blocks of data to improve encryption quality. This increases the encryption quality by erasing the dependency relationship between the currently processed data, the previous data, and the subsequent data.

As described above, the block cipher algorithm improves the encryption quality by changing the data location within the data block, but has a limitation in that data must be processed only in blocks. For example, suppose there is a system that encrypts data using a block cipher algorithm and stores it in memory.

Therefore, the data to be changed is 1-byte data stored at an arbitrary address, but because of the restriction that the data must be processed in units of blocks including the data, all blocks are read and decoded, and then the data is changed. And the block containing the changed data must be encrypted and stored in memory.

When a block cipher algorithm is used as the encryption/decryption algorithm, it is a problem that always occurs when processing data with a length shorter than 1 block length, and encryption/decryption may take a lot of time. In addition, if the memory access time is long, the overall system performance may significantly decrease.

Therefore, the present invention provides a data processing method in a system to which an encryption algorithm for processing large amounts of data can be encrypted and stored in the memory, and the contents of the memory can be changed only by 'write' unlike 'read-modify-write' to provide.

As a method of processing a data block composed of bits by a system to which an encryption algorithm operated by at least one processor, which is a feature of the present invention for achieving the technical problem of the present invention is applied,

Based on the scrambler key composed of a plurality of bits and the start address of the data block, generating round keys as many as the number of rounds to encrypt the data block; separating the plurality of bits constituting the data block into byte units Generating sub-input data, inputting each sub-input data according to the byte order to each of a plurality of byte lanes that process encryption/decryption, and separating the round keys generated as many times as the number of times to be encrypted in units of bytes to serve generating round keys, inputting the sub-round keys into the plurality of byte lanes according to each encryption round, respectively, and encrypting the sub-data using the sub-round keys.

The generating of the round keys includes generating a selection bit key of a second length bit by selecting bits at a preset position in a first scrambler key that is a first length bit, respectively, a start address composed of the second length bits. generating a converted address of a second length bit based on there is.

In the generating of the converted address of the second length bit, when the bit length of the first scrambler key is 128 bits, the bits of the start address composed of the second length bit are changed to a preset position to set the second length It may include generating the translated address of bits.

In the step of generating the converted address of the second length bit, if the bit length of the first scrambler key is 64 bits, a value corresponding to a specific bit from bits forming the start address is further generated as one bit, , generating a value of two bits as a value obtained by performing an inverse sub-byte operation of a value corresponding to the specific bit, and deleting three bits by the lower 1 bit on the right based on the specific bit, the specific bit, the and generating the converted address of the second bit including upper bits on the left and the three generated bits based on a specific bit, wherein the specific bit is the rightmost bit among bits forming the start address It corresponds to the 4th bit in

After generating the first round key, if the first round does not correspond to the last number of rounds to be encrypted, generating a second scrambler key from the first scrambler key. can do.

The generating of the second scrambler key includes: performing an inverse subbyte operation on the upper 8 bits of the first scrambler key; Cycically shifting the lower 3 bits in the first direction in the first scrambler key, and generating a key generated by cyclically shifting the lower 3 bits in the first direction as the second scrambler key there is.

The generating of the first round key includes generating a combined key of a second length bit by performing an exclusive-OR between the selection bit group of the second length bit and the converted address of the second length bit; generating an inverse key of a second length bit by performing an inverse subbyte operation on each bit; generating a bit position change key of a second length bit by changing the positions of bits of the inverse key of the second length bit to a predetermined position , generating a second inverse key of a second length bit by performing an inverse subbyte operation on each bit of the bit position change key of the second length bit, changing the second length bit of the second inverse key into a first length bit , generating a length change key of a first length bit, and performing an exclusive-OR on a first scrambler key of the first length bit and a length change key of the first length bit to generate the first round key may include.

The generating with the inverse key and the generating with the bit position change key may be generated a plurality of times.

The encrypting of the sub data includes: generating inverse sub-byte-operated sub data by performing an inverse sub-byte operation on the sub data; outputting the first sub-byte, calculating a bit rotation rotation determination value based on the j-1th sub-round key, and based on the calculated bit rotation rotation determination value, one bit of the first sub-byte is rotationally rotated or the generating a circular processing sub-byte by maintaining the bit order of the first sub-byte, the circular processing sub-byte using the first value and the second value calculated for each bit constituting the j-2th sub-round key generating a bit rearrangement subbyte by changing the bit position of there is.

Where j is an integer indicating which byte the sub data corresponds to in the data block, and when the calculated values of j-0, j-1, j-2, and j-3 are 0 or less, each calculated value is You can use a sub-round key with the remainder divided by 16.

The generating of the circularly processed sub-byte may include adding the first sub-byte to one bit if the value of the exclusive logical sum of the first bit and the second bit preset among the bits constituting the j-1 th sub-round key is 1 It is possible to generate the cyclically processed sub-byte by cyclically rotating to the left. If the exclusive logical sum of the first bit and the second bit is 0, the first sub-byte may be generated as the circularly processed sub-byte.

The generating of the bit rearrangement sub-byte includes: receiving the circular processing sub-byte and the j-2 th sub-round key; calculating the first value by performing an exclusive-OR; calculating the second value by performing an exclusive-OR of the fourth, fifth, and sixth bit values of the j-2th sub-round key; and the first value and The method may include changing the positions of bits of the circular processing sub-byte according to second values to generate the bit rearrangement sub-byte.

After the step of encrypting the sub data, the method further includes the step of decrypting the encrypted data block, wherein the decrypting includes: an encrypted data block, a start address of the encrypted data block, and to encrypt the data block receiving the generated scrambler key as input; generating round keys generated as many times as the number of times to be encrypted based on the encrypted data block and the scrambler key; It may include the step of decrypting the encrypted data block by inputting it into

The decrypting may include generating the bit rearrangement sub-byte by performing an exclusive-OR of the j-3 th sub-round key and the encrypted sub data, and calculating each bit constituting the j-2 th sub-round key. generating the circular processing sub-byte by changing the bit position of the bit rearrangement sub-byte by using the first value and the second value; a bit rotation rotation determination value based on the j-1th sub-round key generating the first sub-byte by cyclically rotating one bit of the circular processing sub-byte or maintaining the bit order of the circular processing sub-byte based on the calculated bit rotation rotation determination value, the j-0th outputting a first sub-byte of the sub-data obtained by performing the inverse sub-byte operation by performing an exclusive-OR on the sub-round key and the first sub-byte; The method may include outputting byte-operated sub data, and generating the sub data by performing sub-byte operation on the inversed sub data.

The generating of the circularly processed sub-byte may include adding the first sub-byte to one bit if the value of the exclusive logical sum of the first bit and the second bit preset among the bits constituting the j-1 th sub-round key is 1 The cyclic processing sub-byte may be generated by cyclically rotating to the right, and when the value of the exclusive logical sum of the first bit and the second bit is 0, the first sub-byte may be generated as the circular processing sub-byte.

According to the present invention, since the position of input data is not changed during the operation of the encryption device and the decryption device, specific data in a data block can be easily modified.

In addition, when a commercial block cipher algorithm is used, a process of 'read-modify-write' is required, but according to the present invention, only data to be changed can be modified, so data can be modified faster than when a commercial algorithm is used.

In addition, expansion/reduction is easy according to the data bus standard (64/128 bits), and the number of rounds to be performed can be adjusted, which is advantageous for performance improvement.

1 is an exemplary diagram of a general block encryption method.
2 is a structural diagram of a system to which a general block encryption method is applied.
3 is an exemplary diagram illustrating a data change process in a system to which a general block encryption method is applied.
4 is a structural diagram of a system to which an encryption algorithm according to an embodiment of the present invention is applied.
5 is an exemplary diagram of a key scheduler according to an embodiment of the present invention.
6 is an exemplary diagram of a key generation module according to an embodiment of the present invention.
7 is an exemplary diagram of a bit selection module according to an embodiment of the present invention.
8 is an exemplary diagram of an address bit conversion module according to an embodiment of the present invention.
9 is an exemplary diagram of a sub-key conversion module according to an embodiment of the present invention.
10 is an exemplary diagram of a bit position change module according to an embodiment of the present invention.
11 is an exemplary diagram of a key length change module according to an embodiment of the present invention.
12 and 13 are exemplary diagrams of a bit shift module according to an embodiment of the present invention.
14 is an exemplary diagram for encrypting a data block in an encryption/decryptor according to an embodiment of the present invention.
15 is an exemplary diagram of decrypting an encrypted data block in the encryption/decryptor according to an embodiment of the present invention.
16 is an exemplary diagram of a method of calculating a bit cyclic rotation function according to an embodiment of the present invention.
17 is an exemplary diagram of a method of calculating a DERV function according to an embodiment of the present invention.
18 is an exemplary diagram of a data encryption operation of a system to which an encryption algorithm according to an embodiment of the present invention is applied.
19 is a diagram illustrating data change according to an embodiment of the present invention.

Hereinafter, with reference to the accompanying drawings, the embodiments of the present invention will be described in detail so that those of ordinary skill in the art to which the present invention pertains can easily implement them. However, the present invention may be embodied in several different forms and is not limited to the embodiments described herein. And in order to clearly explain the present invention in the drawings, parts irrelevant to the description are omitted, and similar reference numerals are attached to similar parts throughout the specification.

Throughout the specification, when a part "includes" a certain element, it means that other elements may be further included, rather than excluding other elements, unless otherwise stated.

Hereinafter, an encryption apparatus and method for processing large data will be described in detail with reference to the drawings.

Before describing an embodiment of the present invention, a general block encryption method will be described with reference to FIGS. 1 to 3 . In the embodiment of the present invention, the AES encryption method among various block encryption methods will be described as an example.

1 is an exemplary diagram of a general block encryption method.

Commercial block encryption algorithms process data in blocks. In the case of AES encryption, the data size of one block received as input is 16 bytes (128 bits).

As shown in FIG. 1 , the results of AES encryption using 128-bit data located at addresses 0x0 to 0xF and a 128-bit key are shown on the right side of FIG. 1 . For example, when AES-encrypted using 128-bit data of 4973207468697320746865207265616C of FIG. 1 and 128-bit key of 139050849F660D3D84E48ADF51672652, the encrypted result is 31C45DA459EAE1C26B3CFAD6E5975822 of 128 bits.

At this time, the block encryption algorithm performs a task of changing the data position in the data block to improve the encryption quality. This serves to erase the dependency relationship between the currently processed data, the previous data, and the subsequent data, and improves the encryption quality.

A system to which such a block encryption algorithm is applied and a process of changing data in the system will be described with reference to FIG. 2 .

2 is a structural diagram of a system to which a general block encryption method is applied, and FIG. 3 is an exemplary diagram illustrating a data change process in a system to which a general block encryption method is applied.

As shown in FIG. 2 , the system 10 includes a memory 11 in which encrypted data is stored, and a memory controller 12 including an encryption function for encrypting data and a decryption function for decrypting the encrypted data. . And the system 10 includes application software 13 that allows the user to input or modify data, display original data, or receive modified data as input.

Here, it is assumed that a specific part in the block of encrypted data stored in the memory 11 is to be changed. In the embodiment of the present invention, it is assumed that hexadecimal data 69 corresponding to address 0x5 is to be changed to hexadecimal data 00, which corresponds to the shaded portion in FIG. 3 .

Then, the system 10 decrypts the encrypted data through the decryption function of the memory controller 12 that reads the encrypted data from the memory 11 to the memory controller and transmits it to the application software 13 (①). The user modifies the hexadecimal data 69 of the address 0x5 to the hexadecimal data 00 through the application software 13 (②).

The system 10 encrypts the data modified by the user using the encryption function of the memory controller 12, and stores the modified data in the memory 11 as encrypted data (③). At this time, when the encrypted data stored in the first memory 11 is compared with the encrypted data after the data is modified, it can be seen that the encrypted data of all addresses in the block are changed according to the change of the hexadecimal data of the address 0x5. there is.

That is, the data to be changed was 1-byte hexadecimal data ‘69’ at address 0x5. However, due to the limitation of processing data in block units due to the nature of the block encryption method, after all 1 block is read and decrypted (read), '69' is changed to '00' of the hexadecimal data to be changed, and this block is encrypted Therefore, there is a hassle of storing (writing) in the memory 11 .

This is a problem that always occurs when a block cipher algorithm is used as the encryption/decryption algorithm. If encryption/decryption takes a lot of time or memory access time is long, the overall system performance may significantly decrease. Therefore, in the embodiment of the present invention, data can be encrypted and stored in the memory in block units, but unlike the 'read-modify-write' procedure that occurs in the existing block encryption method, the encryption device can change the memory contents only by 'write' and methods are proposed.

Prior to the description of the embodiment of the present invention, a bit representation method used for convenience of description is defined as follows.

- A[M]: Mth bit of A

- A[M:N]: From the Mth bit to the Nth bit of A

For example, when A[7:0] = 0x96, A[7]=1, A[6]=0, A[5]=0, A[4]=1, A[3]=0, A[2]=1, A[1]=1, A[0]=0.

- byte array D[j]: jth byte of byte array D

For example, when the value of an 8-byte array D is D=0x1112131415161718, D[0]=0x11, D[1]=0x12, D[2]=0x13, D[3]=0x14, D[4]= 0x15, D[5]=0x16, D[6]=0x17, D[7]=0x18

- 1 byte occupies 1 address

For example, when D = 0x11121314151617182122223242526272831, 0x11, the value of D[0], is stored in memory address 0x100, and 0x12, the value of D[1], is stored in memory address 0x101. However, since 4 bytes are generally displayed at once, it will be described as an example that 0x11121314, which is D[0:3], is stored in memory address 0x100.

4 is a structural diagram of a system to which an encryption algorithm according to an embodiment of the present invention is applied.

As shown in FIG. 4 , the system to which the encryption algorithm according to the embodiment of the present invention is applied is implemented with a random number generator 100 , a key scheduler 200 , and an encryption/decryptor 300 . In the embodiment of the present invention, for convenience of explanation, FIG. 4(a) shows a process of encrypting a data block, and FIG. 4(b) shows a process of decrypting the encrypted data block. However, both procedures are performed with the same system.

The random number generator 100 generates a 64-bit or 128-bit scrambler key SK0. Since the method of generating the scrambler key by the random number generator 100 and the form of the generated key are various, the embodiment of the present invention is not limited to any one method.

The key scheduler 200 inputs the scrambler key generated by the random number generator 100 and the start address (A) of one block (hereinafter, referred to as a data block for convenience of description) composed of data to be encrypted as input. receive In this case, the length of the data included in the data block is the same as the length of the scrambler key generated by the random number generator 100 .

Here, the scrambler key generated by the random number generator 100 is stored in a memory (not shown). This is to use the same scrambler key to encrypt or decrypt data using the generated scrambler key.

In the embodiment of the present invention, processing data over a total of 8 rounds for encrypting a data block or decrypting an encrypted data block will be described as an example. Accordingly, the key scheduler 200 generates round keys RK ₀ to RK ₇ to be used for encryption or decryption in each round. At this time, the key scheduler 200 generates a round key to be used in an arbitrary round based on the round key generated in the previous round, and is stored in the memory together with the scrambler key. This will be described in detail later.

The encryption/decryptor 300 includes a plurality of scramblers. The number of scramblers is provided as many as the number of rounds of processing data to encrypt or decrypt. In the embodiment of the present invention, since data is processed over eight rounds, it will be described with an example that eight scramblers are provided.

The first scrambler of the encryption/decryptor 300 receives a data block or an encrypted data block as an input. Then, the first round key or the eighth round key generated by the key scheduler 200 is received as an input.

In the case of encryption, the first scrambler of the encryption/decryptor 300 encrypts the first round key and the data block to generate the first round data block RD ₁ . The generated first round data block is input to the second scrambler.

The second scrambler generates a second round data block RD ₂ by encrypting the first round data block using the second round key. In this way, the eighth round data block generated through the entire eight rounds of encryption is stored in the memory 10 as an encrypted data block.

Briefly summarizing the data processing process of the system to which the encryption algorithm described above is applied, the number of rounds to be used for data encryption, that is, round keys corresponding to the number of times to encrypt data are generated. In this case, the round keys are generated using the scrambler key initially generated by the random number generator and the start address of the data block.

When round keys are generated, the encryption/decryptor receives a data block of plaintext as an input, separates bits included in the data block in byte units, and inputs them into a byte lane. At this time, the bytes are not input to the byte lane by changing positions, but are input in order. The byte lane may be changed to 16 byte lanes or 8 byte lanes according to the length of the scrambler key, but is not limited to either type.

The encryption/decryptor inputs the round key generated by the key scheduler 200 to each byte lane in byte units to encrypt byte unit data. After the entire round, the encrypted data block is stored in memory. The encryption/decryptor decrypts the encrypted data block in the reverse order of the encryption method, and since round keys have already been generated, the round keys are input into the encryption/decryptor in the reverse order to be decrypted.

Here, the key scheduler 200 that generates a round key using the scrambler key generated by the random number generator 100 and the start address of the data block will be described with reference to FIG. 5 .

5 is an exemplary diagram of a key scheduler according to an embodiment of the present invention.

As shown in FIG. 5 , the key scheduler 200 includes the same number of key generation modules 210 as the number of rounds for encryption or decryption. In the embodiment of the present invention, since encryption/decryption of a data block or an encrypted data block is performed in eight rounds in the system as an example, it will be described with an example that eight key generation modules 210 are also provided.

The first key generation module receives the scrambler key generated by the random number generator 100 as it is. And the first key generation module receives the start address of the data block as input.

The first key generation module generates a first round key (RK ₀ ) using the first scrambler key (SK ₀ ) and the start address. And the first key generation module generates a second scrambler key (SK ₁ ) by using the first scrambler key (SK ₀ ).

The second key generation module generates a second round key (RK ₁ ) using the second scrambler key (SK ₁ ) and the start address generated by the first key generation module. A key generation module that generates a round key for each round using the scrambler key and the start address in this way will be described with reference to FIG. 6 .

6 is an exemplary diagram of a key generation module according to an embodiment of the present invention.

As shown in FIG. 6 , the key generation module 210 includes a bit selection module 211 , an address bit conversion module 212 , a first bit combining module 213 , a first lower key conversion module 214 , and a first 1 bit position change module 215 , a second lower key conversion module 216 , a second bit position change module 217 , a key length change module 218 , a second bit combination module 219 , and a bit shift module (220).

In the embodiment of the present invention, each configuration is described as a “module” for convenience of description, but functions implemented in software may perform respective functions. In addition, although different key names are given for the convenience of distinguishing the names of the keys output from each module, it is not necessarily limited in this way.

When the key generation module 210 receives the P-th scrambler key SK _P from the key generation module of the P-th round, the bit selection module 211 selects a predetermined position among bits constituting the received P-th scrambler key. Bits are selected and generated with the selected selected bit key (SK). Here, the selection bit key SK is transmitted to the input of the first bit combining module, like the bit conversion address TA, which is the output of the address bit combining module 212, and combined by an exclusive OR (XOR).

In the embodiment of the present invention, the P-th scrambler key (SKP) will be described by taking as an example 64 bits or 128 bits. In addition, the selection bit key SK output from the bit selection module 211 will be described with the example that it is composed of 32-bit data.

Here, the bit selection module 211 will be described as an example in which data of a predetermined bit position are selected from the P-th scrambler key composed of 64 bits or 128 bits.

In addition, the bit selection module 211 is equally used when encrypting or decrypting data. When encrypting data, it is necessary to know the selected bit position in an arbitrary round so that it can be used in reverse for decryption. It is assumed that each bit position of each star is known in advance.

The address bit conversion module 212 receives a 32-bit start address as an input and outputs a 32-bit converted address (TA). At this time, the address bit conversion module 212 converts or randomly converts the 32-bit start address according to a predetermined rule according to the number of bits of the scrambler key generated by the random number generator 100, and outputs the converted address. This will be described in detail later.

The first bit combining module 213 receives the 32-bit selection bit SK output from the bit selection module 211 and the converted 32-bit converted address output from the address bit conversion module 212 as inputs, respectively. The exclusive logical sum is calculated and generated as a 32-bit combined key. In the exemplary embodiment of the present invention, the first bit combining module 213 generates the combined key by performing an exclusive logical OR on the selected bit key SK and the converted address, but is not necessarily limited thereto.

The first sub-key conversion module 214 receives the 32-bit combination key output from the first bit combination module 213 as an input, binds 1 byte at a time, and generates four sub-keys. Then, the 4 sub-keys grouped by 1 byte are operated by InverseSubByte to generate a 32-bit first inverse key.

The first bit position change module 215 receives the 32-bit first inverse key output from the first sub-key conversion module 214 as an input, changes the positions of the 32 bits to generate the first bit position change key.

The second lower key conversion module 216 receives the first bit position change key whose bit position is changed from the first bit position change module 215 as an input, binds 4 bytes each, and generates four lower keys. Then, the 4 sub-keys are subjected to inverse sub-byte operation to generate a 32-bit second inverse key.

The second bit position change module 217 receives the 32-bit second inverse key output from the second lower key conversion module 216 as an input, changes the positions of the 32 bits to generate a second bit position change key.

The key length change module 218 receives the 32-bit second bit position change key generated by the second bit position change module 217 as an input, changes the length of the second bit position change key to generate a length change key . At this time, the key length change module 218 changes the length of the second bit position change key to any one of 64 bits or 128 bits according to the key length of the scrambler key initially generated by the random number generator 100 to change the length. create a key This will be described in detail later.

The second bit combining module 219 calculates an exclusive-OR using the length change key output from the key length change module 218 and the P-th scrambler key received by the key generation module 210 to determine the scrambler key length. A branch is created with a round key (RK _P ). The round key RK _P generated by the second bit combining module 219 is input to the P-th round scrambler.

The bit shift module 220 changes positions of bits constituting the P-th scrambler key received by the key generation module 210 to generate the P+1-th scrambler key SK _P+1 . This will be described in detail later.

An example in which each module (or each function) constituting the key generation module 210 described above generates a key will be described with reference to FIGS. 7 to 11 .

7 is an exemplary diagram of a bit selection module according to an embodiment of the present invention.

As shown in FIG. 7, the bit selection module 211 generates a 128-bit scrambler key as a 32-bit selection bit key as shown in FIG. As shown, a 64-bit scrambler key can be generated as a 32-bit selection bit key.

The bit selection module 211 selects 32 bits at a preset position among the data inserted into each of the 128 bits and generates them as a selection bit key. Here, the bits selected by the bit selection module 211 are not limited to any one.

In addition, bits 0 to 127, or bits 0 to 63 may be selected in descending or ascending order, or may be selected in random order. At this time, it is assumed that the bit selection module 211 has previously defined which bits are selected to generate a selection bit key when decrypting the encrypted data thereafter.

For example, assuming that a 64-bit scrambler key is used, the bit selection module 211 may generate a selection bit key with bits as shown in Equation 1 below.

When Equation 1 is described, it means that the 20th bit of the 64-bit scrambler key is positioned at the 31st bit of the selection bit key. The selection bit key generation method shown in Equation 1 is an example, and is not necessarily limited thereto.

8 is an exemplary diagram of an address bit conversion module according to an embodiment of the present invention.

As shown in FIG. 8 , the address bit conversion module 212 receives a 32-bit start address as an input and outputs a 32-bit converted address (TA). At this time, the address bit conversion module 212 outputs the converted address of 32 bits according to a predetermined rule according to whether the scrambler key generated by the random number generator 100 is 128 bits or 64 bits.

For example, assume that the scrambler key is 128 bits. Then, the address bit conversion module 212 generates the converted address (TA) by changing the bit positions of 32 bits of the start address in a preset rule or at random.

If it is assumed that the scrambler key is 64 bits, the address bit conversion module 212 deletes the lower 3 bits of the start address, A[2], A[1], and A[0], and deletes the lower 4th bit. Two identically generated bits A[3] are generated, and two bits A ^-1 [3], which are inverse bits of bit A[3], are generated.

And in the remaining bits A[31:4] except for the lower 4 bits, using the generated two A[3] bits and the two inversed bits, A ^-1 [3] bits, the 32-bit address conversion bit to create At this time, the address bit conversion module 212 sets the bit positions of 32 bits (A[31:4], A[3], A[3], A-1[3], A-1[3]) in advance. It is generated as a converted address (TA) by changing it at a rule or randomly.

Here, when the scrambler key is 64 bits, the reason for using the lower 4th bit, A[3] bit, is that when the scrambler key is 64 bits, start addresses are 0x0, 0x8, 0x10, 0x18. If this is expressed in binary, it is expressed as 00000000, 00001000, 00010000, 00011000, etc. This is because the lower 4th bit, A[3], is changed to 0 and 1 and is used as important information.

9 is an exemplary diagram of a sub-key conversion module according to an embodiment of the present invention.

In the sub-key conversion module, the first sub-key conversion module 214 and the second sub-key conversion module 216 are implemented in the same form.

As shown in Fig. 9, when the low-key conversion module receives a 32-bit combination key or a 32-bit first bit position change key as an input, it converts the 32-bit key into 4 low-order keys so that the 1-byte low-key is included. group by keys. Then, the grouped 4 sub-keys of 1 byte are calculated as inverse sub-bytes and output as the first inverse key or the second inverse key. The inverse subbyte operation method is already known, and a detailed description thereof will be omitted in the embodiment of the present invention.

10 is an exemplary diagram of a bit position change module according to an embodiment of the present invention.

In the bit position change module, the first bit position change module 215 and the second bit position change module 217 are implemented in the same form.

As shown in FIG. 10 , when the bit position change module receives a 32-bit first inverse key or a 32-bit second inverse key as an input, it changes positions of data inserted into 32 bits, respectively. This is referred to as changing the bit position in the embodiment of the present invention.

That is, as shown in FIG. 10, when the first inverse key or the second inverse key of IN[31:0] is input, the bit position change module changes the order of the bits of the corresponding inverse key to {IN[31], IN[ 27], IN[23], IN[19], IN[15], … , IN[4], IN[0]} and output. For example, if 0x81726354 is received as an input, 0x802B3C66 is generated as an output.

11 is an exemplary diagram of a key length change module according to an embodiment of the present invention.

11, the key length change module 218 classifies and uses the key length change module as shown in FIGS. 11 (a) and (b) according to the length (64 bits or 128 bits) of the used scrambler key. do.

As shown in (a) of FIG. 11 , when the length of the scrambler key is 128 bits, the key length change module creates a 128-bit length change key by concatenating the second bit position change key of 32 bits four times. And when the length of the scrambler key is 64 bits as shown in (b) of FIG. 11, the key length change module creates a 128-bit length change key by concatenating the second bit position change key of 32 bits twice.

For example, if the length of the scrambler key is 128 bits, when the key length change module receives 0x81726354 as an input, the length change key as an output becomes 0x81726354817263548172635481726354. Similarly, when the length of the scrambler key is 64 bits, when the key length change module receives 0x81726354 as an input, the length change key as an output becomes 0x8172635481726354.

The following describes the bit shift module 220 with reference to FIGS. 12 and 13 .

12 and 13 are exemplary diagrams of a bit shift module according to an embodiment of the present invention.

In an embodiment of the present invention, any one of the bit shifting modules shown in FIG. 12 or 13 is used for the bit shifting module 220 that receives the Pth scrambler key as an input and generates the P+1th scrambler key as an input. It will be described with an example.

The result obtained by taking the Pth scrambler key (SK _P ) and the start address of the data block (A) as inputs and performing up to the key length change module, and calculating the exclusive-OR with the Pth scrambler key (SK _P ) to calculate the Pth After obtaining the round key (RK _P ). For the next round (P+1th round), the Pth scrambler key (SK _P ) must be transferred to the next round. In this case, a bit shift module is used to erase the association between adjacent rounds.

In the embodiment of the present invention, only the upper 8 bits of the P-th scrambler key (SK _P ) perform the inverse subbyte operation as shown in FIG. Thereafter, by rotating 3 bits to the left (ROTL3: ROTate Left 3 bits), a P+1 th scrambler key (SK _P+1 ) is generated.

At this time, for fast operation, as shown in FIG. 13 , the P+1th scrambler key SK _P+1 may be generated after only a 3-bit cyclic rotation (ROTL3) to the left without inverse subbyte operation.

Next, an example of encryption and decryption in the encryption/decryptor 300 using the eight round keys and data blocks output from the key scheduler 200 in FIG. 4 will be described with reference to FIGS. 14 and 15. .

14 is an exemplary diagram of encrypting a data block in the encryption/decryptor according to an embodiment of the present invention, and FIG. 15 is an exemplary diagram of decrypting an encrypted data block in the encryption/decryptor according to an embodiment of the present invention.

14 and 15 show encryption of a data block and decryption of an encrypted data block when 128-bit input data and a round key are used. In addition, in the embodiment of the present invention, the data processing process of round P, which is an arbitrary round among the data processing processes of all eight rounds, is shown as an embodiment.

As shown in FIG. 14 , when a 128-bit data block (RD _P ) and a round key (RK _P ) are input, the input data blocks are bundled into byte units and inputted to a byte lane, respectively.

Here, the byte lane means a set of functions for encrypting or decrypting data input in block units in units of bytes, respectively. If the data block is 128 bits, 16 byte lanes are formed. And when a 64-bit data block is input, 8 byte lanes are formed.

In systems using the existing block-based encryption/decryption algorithm, an error may occur during encryption/decryption if 8 bytes or 16 bytes of input data are not filled. For example, a data block filled with 0) or a padding bit was used as an input. This is because the length of the original data must be a multiple of the block length due to the characteristics of the block encryption method.

However, in the embodiment of the present invention, even when input data is received in block units, the encrypted data is output to the same position as the position of the input data because it is encrypted in the byte lane in units of bytes. Accordingly, in the case of a byte lane to which data is not input, since the corresponding byte lane does not perform data encryption or decryption, it is not necessary to fill the byte lane with a specific bit or padding bit.

In an embodiment of the present invention, one inverse sub-byte operation function processing module, a first exclusive-OR operation function processing module, a bit cycle function (ROTL/ROTR) processing module, a sub-byte bit relocation module, a second An example including an exclusive logical sum calculation function processing module will be described. In the embodiment of the present invention, the byte lane constituting the encryption/decryptor is also expressed as a module for convenience of explanation, but a program implemented in software may perform the function of the byte lane.

The j-0th sub-round key is input to the round key divided into byte units (hereinafter, referred to as 'sub-round key' for convenience of description) input to the first exclusive-OR calculation function processing module. Here, j denotes a sub-input data sequence of round input data (hereinafter, referred to as 'sub-input data') divided in units of bytes.

For example, assuming that sub-input data of RD _P [0] is input to the byte lane, j becomes 0. Since one sub-input data is described as an example of 8 bytes, j is any number from 0 to 7.

Then, the j-1 th sub-round key is input to the bit cycle function processing module, and the j-2 th sub-round key is input to the DREV function processing module. And the j-3 th sub-round key is input to the second exclusive-OR calculation function processing module.

Here, when the values of j-0, j-1, j-2, and j-3 are less than 0, the remainder of dividing by 16 is used. For example, when j=0, j-0 is 0, which is equal to 0, j-1 is -1, j-2 is -2, and j-3 is -3, which is less than 0, so the values 0, - 0(0 mod 16), 15(-1 mod 16), 14(-2 mod 16), 13(-3 mod 16), which are the remainder values obtained by dividing 1, -2, -3 by 16, are used. At this time, the value 0 means the 0th sub-round key, and 15 means the 15th sub-round key, as shown in the portion indicated by the byte lane in FIG. 14 .

If one byte lane among the plurality of byte lanes shown in FIG. 14 is used as an example, the byte lane receiving the 0th sub-input data RD _P [0] as an input performs an inverse sub-byte operation on the sub-input data. Generates sub-input data with inverse sub-byte operations.

The first sub-byte is output by performing an exclusive-OR of the sub-input data, which is the inverse sub-byte operation of the 0-th sub-input data, and the 0-th sub-round key.

The bit rotation function processing module receiving the 15th sub-round key and the first sub-byte as inputs calculates N values from the 15th sub-round key received as inputs, and rotates or cycles the first sub-output based on the calculated N values Creates a circular processing sub-byte without rotation. Here, N is referred to as a bit cycle rotation determination value, which will be described later.

The circular processing sub-byte output from the bit rotation function processing module and the sub-byte bit relocation module receiving the 14th sub-round key as inputs are cycled using the first and second values calculated for each bit of the 14th sub-round key By changing the bit position of the processing sub-byte, it is created as a bit rearrangement sub-byte.

The second exclusive-OR function processing module receiving the bit relocation sub-byte and the 13th sub-round key (KP[13]) as inputs calculates the exclusive-OR of the bit relocation sub-byte and the 13th sub-round key, generate bytes. The generated second sub-byte becomes the round byte output of the corresponding round.

The decryption shown in FIG. 15 processes data by reversing the order of operations performed in the encryption of FIG. 14 . That is, the 13th sub-round key (KP[13]) and the encrypted sub-data are exclusive-ORed to generate a bit rearrangement sub-byte. Then, the bit position of the bit rearrangement sub-byte is changed by using the first value and the second value calculated with each bit constituting the 14th sub-round key to generate a cyclic processing sub-byte.

A bit cycle rotation determination value is calculated based on the 15th sub-round key, and one bit of the circular processing sub-byte is rotationally rotated based on the calculated bit rotation rotation determination value, or the bit order of the circular processing sub-byte is maintained as the first sub-byte generate bytes. The 0th sub-round key and the first sub-byte are exclusive-ORed to generate inverse sub-byte-operated sub data. And the last SB (SubByte) operation means that the sub-input data, which has been subjected to the inverse sub-byte operation, is sub-byte-operated again, and is generated as the first input sub-input data. The sub-byte operation is already known, and detailed description will be omitted in the embodiment of the present invention.

Here, an example in which the bit cyclic rotation function is performed will be described with reference to FIG. 16 .

16 is an exemplary diagram of a method of calculating a bit cyclic rotation function according to an embodiment of the present invention.

Fig. 16 (a) is a calculation method using a function that rotates bits to the left (hereinafter, referred to as a 'left shift function' for convenience of description), and Fig. 16 (b) is a diagram for cyclic rotation of bits to the right It is an exemplary diagram of a calculation method using a function (hereinafter, referred to as a 'right shift function' for convenience of explanation).

As shown in Fig. 16, the function that rotates bits to the left receives a 1-byte sub-round key K _P [j-1] as an input, and calculates a bit rotation rotation determination value N, as shown in Equation 2 and count together

Here, K ₅ and K ₄ are bits {K ₇ , K ₆ , K ₅ , K ₄ , K ₃ , K ₂ , K ₁ , K included in the 1-byte sub-round key K _P [j-1], respectively. ₀ }, meaning values of the fourth bit (K ₄ ) and the fifth bit (K ₅ ).

Based on the bit rotation rotation determination value N calculated based on Equation 2, the left shift function rotates one bit to the left or does not rotate. That is, if the value of N is 1, it rotates to the left by 1 bit, and cyclically rotates the sub input data IN[7:0] to {IN[6:0], IN[7]} as a circular processing sub-byte. print out

However, when the value of N is calculated as 0, IN[7:0], which is the sub-input data, is output as it is, and is output as a circular processing sub-byte.

The calculation method by the right shift function shown in FIG. 16B has the same operation method as the calculation method of the left shift function, but the 1-bit cyclic rotation is performed to the right.

17 is an exemplary diagram of a method of calculating a sub-byte bit relocation 　 function according to an embodiment of the present invention.

As shown in Fig. 17, the sub-byte bit relocation function receives K _P [j-2], which is a round key, as an input, and the exclusive-OR (A) of the 7th, 3rd, and 0th bit values, 6th, 2nd, 1st Calculates the exclusive logical sum (B) of bit values. Then, according to the values of A and B, each bit of the input IN is arranged as shown in FIG. 17 to change the position of each bit of the input round key. In the embodiment of the present invention, although the sub-byte bit relocation function is a rational function (DERV function) as an example, the description is not necessarily limited thereto.

An example of encrypting data in a system to which the above-described encryption algorithm is applied will be described with reference to FIG. 18 .

18 is an exemplary diagram of a data encryption operation of a system to which an encryption algorithm according to an embodiment of the present invention is applied.

The data encryption operation embodiment shown in FIG. 18 will be described with an example that the 16-byte scrambler key (0x139050849F660D3D84E48ADF51672652), 16-byte data (0x4973207468697320746865207265616C), and the start address of the data is 00000000 and the number of rounds is 8 as an example.

As shown in FIG. 18 , data included in a data block input within one round is divided into byte units and processed in each byte lane. At this time, the positions of the data divided into byte units are not changed and are input to the byte lane.

For example, RD ₀ [1], which is the second byte of input data RD ₀ , is located at RD ₁ [1] after round 0 is performed, and is located at RD ₂ [1] after round 1 is performed. This position is maintained until the last round.

Thanks to the structure that maintains the position of the data bytes at the start and end of the operation in one block as it is, it is possible to change specific data without changing other data in the block without 'read-modify-write' as described in FIG. 3 above. it is possible

19 is a diagram illustrating data change according to an embodiment of the present invention.

When the structure described with reference to FIG. 18 is used, as shown in FIG. 19, data change for changing the value stored in the memory is shown as an example. When the application software writes data (0x49732074…) to addresses 0x0 to 0xF, the memory controller encrypts the data and stores it in the memory (0x704E4241…).

In this case, it is assumed that the user attempts to change only data of a specific address, and it is assumed that the data to be changed attempts to change the value of address 0x1 from 0x73 to 0xF1 and the value of address 0x9 from 0x68 to 0xF2. In this case, if the encryption algorithm according to the embodiment of the present invention is used, data stored in the memory can be changed by writing 0x16 and 0x73 to addresses 0x1 and 0x9, respectively.

In the case of using the general block cipher algorithm, as described in FIG. 3, all blocks including the data to be modified must be read and modified, but data modification according to the embodiment of the present invention can modify only the data at the desired position. Therefore, the contents of the memory can be changed quickly and easily.

Although the embodiments of the present invention have been described in detail above, the scope of the present invention is not limited thereto, and various modifications and improvements by those skilled in the art using the basic concept of the present invention as defined in the following claims are also provided. is within the scope of the right.

Although the embodiments of the present invention have been described in detail above, the scope of the present invention is not limited thereto, and various modifications and improvements by those skilled in the art using the basic concept of the present invention as defined in the following claims are also provided. is within the scope of the right.

Claims (15)

A method for processing a data block composed of bits by a system to which an encryption algorithm operated by at least one processor is applied, comprising:
generating round keys corresponding to the number of rounds to encrypt the data block based on a scrambler key composed of a plurality of bits and a start address of the data block;
Separating a plurality of bits constituting the data block in units of bytes to generate sub-input data, and inputting each sub-input data according to a byte order into a plurality of byte lanes for processing encryption/decryption; and
The round keys generated by the number of rounds to be encrypted are divided into byte units to generate sub-round keys, and the sub-round keys are inputted into the plurality of byte lanes according to each encryption round, respectively, to use the sub-round key. encrypting the sub-input data by
includes,
The nth round key among the round keys is a scrambler key generated based on the start address of the data block and a scrambler key used to generate a round key of the n-1th round that is a round preceding the nth round. A method of processing data blocks that are created with According to claim 1,
Each of the steps of generating the round keys comprises:
generating a selection bit key of a second length bit by selecting bits at a preset position in a first scrambler key that is a first length bit;
generating a translated address of a second length bit based on a start address composed of the second length bit; and
generating a first round key based on the selected bit key of the second length bit and the converted address of the second length bit
Including, a data block processing method. 3. The method of claim 2,
The step of generating the converted address of the second length bit comprises:
If the bit length of the first scrambler key is 128 bits, changing the bits of the start address composed of the second length bits to preset positions to generate the converted address of the second length bits
Including, a data block processing method. 4. The method of claim 3,
The step of generating the converted address of the second length bit comprises:
If the bit length of the first scrambler key is 64 bits, a value corresponding to a specific bit is further generated as one bit from bits forming the start address, and the value corresponding to the specific bit is inversely sub-byte operated. generating as a value of two bits, and
3 bits are deleted by each lower 1 bit on the right based on the specific bit, and the second length bit is converted by including the specific bit, upper bits on the left based on the specific bit, and the three generated bits Steps to create an address with
including,
The specific bit corresponds to a fourth bit from the right of the bits forming the start address. 3. The method of claim 2,
After generating the first round key,
generating a second scrambler key from the first scrambler key if the first round does not correspond to the last number of rounds to be encrypted
Including, a data block processing method. 6. The method of claim 5,
The step of generating the second scrambler key comprises:
performing an inverse subbyte operation on the upper 8 bits of the first scrambler key;
Cycically shifting the lower 3 bits in the first direction in the first scrambler key composed of the upper 8 bits calculated by inverse subbyte operation and lower bits excluding the upper 8 bits; and
generating a key generated by cyclically shifting the lower 3 bits in a first direction as the second scrambler key
Including, a data block processing method. 3. The method of claim 2,
The step of generating the first round key comprises:
generating a combination key of a second length bit by performing an exclusive-OR of the selected bit group of the second length bit with the converted address of the second length bit;
generating an inverse key of a second length bit by performing an inverse subbyte operation on each bit of the combination key;
Changing the positions of the bits of the inverse key of the second length bit to a predetermined position to generate a bit position change key of the second length bit;
generating a second inverse key of a second length bit by performing an inverse subbyte operation on each bit of the bit position change key of the second length bit;
changing a second length bit of the second inverse key into a first length bit to generate a length change key of the first length bit; and
generating the first round key by performing an exclusive-OR on the first scrambler key of the first length bit and the length change key of the first length bit
Including, a data block processing method. 8. The method of claim 7,
The generating with the inverse key and the generating with the bit position change key are generated a plurality of times. According to claim 1,
Encrypting the sub-input data comprises:
generating inverse sub-byte-operated sub-input data by performing an inverse sub-byte operation on the sub-input data;
outputting a first sub-byte by performing an exclusive-OR of the j-0th sub-round key and the sub-input data calculated by the inverse sub-byte operation;
A bit rotation rotation determination value is calculated based on the j-1th sub-round key, and one bit of the first sub-byte is rotationally rotated or the bit order of the first sub-byte is unchanged based on the calculated bit rotation rotation determination value. generating cyclic processing subbytes;
generating a bit rearrangement sub-byte by changing the bit position of the circular processing sub-byte by using the first value and the second value calculated with each bit constituting the j-2th sub-round key;
outputting the second sub-byte as a round byte of the corresponding round by performing an exclusive-OR of the j-3th sub-round key and the bit rearrangement sub-byte
Including, a data block processing method. 10. The method of claim 9,
wherein j is an integer indicating which byte the sub-input data corresponds to in the data block,
When the calculated values of j-0, j-1, j-2, and j-3 are equal to or less than 0, a sub-round key having a remainder obtained by dividing each calculated value by 16 is used. 10. The method of claim 9,
The step of generating the circular processing sub-byte comprises:
If the value of the preset exclusive logical sum of the first bit and the second bit among the bits constituting the j-1th sub-round key is 1, the first sub-byte is rotated to the left by one bit and the circular processing sub-byte is created with
and generating the first sub-byte as the circularly processed sub-byte when the value of the exclusive logical sum of the first bit and the second bit is 0. 12. The method of claim 11,
The step of generating the bit rearrangement sub-byte comprises:
receiving the circular processing sub-byte and the j-2th sub-round key;
calculating the first value by performing an exclusive-OR of the first, second, and third bit values of the j-2th sub-round key;
calculating the second value by performing an exclusive-OR of the fourth, fifth, and sixth bit values of the j-2th sub-round key; and
generating the bit rearrangement sub-byte by changing the positions of the bits of the circular processing sub-byte according to the first value and the second values
Including, a data block processing method. 12. The method of claim 11,
After encrypting the sub-input data,
Decrypting the encrypted data block
further comprising,
The decoding step is
receiving an encrypted data block, a start address of the encrypted data block, and a scrambler key generated when encrypting the data block;
generating round keys generated as many times as the number of rounds to be encrypted based on the encrypted data block and the scrambler key; and
Decrypting the encrypted data block by inputting round keys into the plurality of byte lanes in a reverse order of an encryption round.
Including, a data block processing method. 14. The method of claim 13,
The decoding step is
generating the bit rearrangement sub-byte by performing an exclusive-OR of the j-3th sub-round key and the encrypted sub-input data;
generating the circular processing sub-byte by changing the bit position of the bit rearrangement sub-byte by using a first value and a second value calculated with each bit constituting the j-2th sub-round key;
A bit rotation rotation determination value is calculated based on the j-1th sub-round key, and one bit of the circular processing sub-byte is rotationally rotated based on the calculated bit rotation rotation determination value or the bit order of the circular processing sub-byte is the same generating the first sub-byte by
outputting a first sub-byte of the sub-input data obtained by performing the inverse sub-byte operation by performing an exclusive-OR of the j-0th sub-round key and the first sub-byte;
outputting the sub-input data obtained by performing the inverse sub-byte operation by performing an exclusive-OR on the bit rearrangement sub-byte and the bit rearrangement sub-byte; and
generating the sub-input data by performing a sub-byte operation on the inversely-sub-byte-operated sub-input data;
Including, a data block processing method. 15. The method of claim 14,
The step of generating the circular processing sub-byte comprises:
If the value of the preset exclusive logical sum of the first bit and the second bit among the bits constituting the j-1th sub-round key is 1, the first sub-byte is rotated to the right by one bit and the circular processing sub-byte is created with
and generating the first sub-byte as the circularly processed sub-byte when the value of the exclusive logical sum of the first bit and the second bit is 0.

Images