CN101958789A - High-speed data encryption/decryption module in communication link - Google Patents
High-speed data encryption/decryption module in communication link Download PDFInfo
- Publication number
- CN101958789A CN101958789A CN 201010286059 CN201010286059A CN101958789A CN 101958789 A CN101958789 A CN 101958789A CN 201010286059 CN201010286059 CN 201010286059 CN 201010286059 A CN201010286059 A CN 201010286059A CN 101958789 A CN101958789 A CN 101958789A
- Authority
- CN
- China
- Prior art keywords
- enciphering
- fpga
- deciphering
- chip
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004891 communication Methods 0.000 title claims abstract description 44
- 238000012545 processing Methods 0.000 claims abstract description 77
- 238000012360 testing method Methods 0.000 claims abstract description 13
- 230000006870 function Effects 0.000 claims description 22
- 238000006243 chemical reaction Methods 0.000 claims description 10
- 230000010365 information processing Effects 0.000 claims description 6
- 239000004020 conductor Substances 0.000 claims description 4
- 238000002955 isolation Methods 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 claims description 3
- 238000004377 microelectronic Methods 0.000 claims description 3
- 238000000605 extraction Methods 0.000 claims description 2
- 239000000284 extract Substances 0.000 abstract description 4
- 230000005540 biological transmission Effects 0.000 description 9
- 238000000034 method Methods 0.000 description 9
- 238000013461 design Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000009792 diffusion process Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000005070 sampling Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 239000003990 capacitor Substances 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000035515 penetration Effects 0.000 description 1
- 230000001568 sexual effect Effects 0.000 description 1
Images
Landscapes
- Logic Circuits (AREA)
- Semiconductor Integrated Circuits (AREA)
Abstract
The invention discloses a high-speed data encryption/decryption module in a communication link. The module comprises a DB62 input port, a field programmable gate array (FPGA) encryption/decryption processing module, a DB62 output port, a random number generating chip, a Flash storage chip, a configuration and test circuit and a power supply network, wherein the DB62 input port and the DB62 output port are connected with the FPGA encryption/decryption processing module respectively; the DB62 input port receives an uplink differential signal and transmits to the FPGA encryption/decryption processing module; the FPGA encryption/decryption processing module extracts data information and encrypts/decrypts the data; the encrypted/decrypted data is output to the DB62 output port in a form of an LVDS differential signal; the random number generating chip is connected with the FPGA encryption/decryption processing module; the Flash storage chip is connected with the FPGA encryption/decryption processing module; the configuration and test circuit is connected with the FPGA encryption/decryption processing module; and the power supply network is connected with each module in the whole encryption/decryption processing module. The high-speed data encryption/decryption module has wide application prospect in the field of high-speed data communication and information safety.
Description
One, technical field:
The present invention relates to a kind of communication link high speed data enciphering/deciphering module, be specifically related to realize the information security field of data enciphering/deciphering function based on FPGA.
Two, technical background:
When bringing convenience to people's lives, fast development of information technology also brought lot of challenges, in storage, processing and transmission course, pay attention to safety problem more as information such as individual privacy, financial security and military and national defense, information security not only requires the confidentiality of information, requires information transmitted to possess integrality and availability simultaneously.Cryptographic technique is to be used for the important means that ensures information security in the modern society, and for a kind of cryptographic algorithm with safe enough intensity, the fail safe of information depends primarily on the characteristic of encryption key.A kind of good cryptographic algorithm not only can be resisted the various forms analytical attack, is not broken in theory or practical application, also needs logically to simplify as much as possible simultaneously, possesses the characteristics that realize fast on software and the hardware.Block cipher is commonly used to mass data is encrypted, and has advantages such as enciphering rate is fast, realization is simple with respect to public key encryption, and typical block cipher such as DES, 3DES, AES, IDEA scheduling algorithm have been represented the development level of block cipher in the world.
On the other hand, in the high-speed data communication link in order to effectively utilize the communication resource more, to cooperate real-time enciphering/deciphering information processing at a high speed, need the data volume of processing very big, requirement to transmission performance is also more and more higher, performances such as selected physical layer transmission interface shape should possess at a high speed, stable, anti-interference, high speed, accurately transmission to guarantee information on the communication link make the rate of information throughput reach the Gbps magnitude.
In sum, the real-time enciphering/deciphering that how to reach information in high speed communications link is handled, and the enciphering/deciphering code calculation possesses the characteristics such as simple and high efficiency of fail safe, realization, and this is that cryptographic algorithm design and institute's software that adopts or hardware realization framework need be considered.In addition, how to design the physical layer characteristic and the interface of signal in the high speed data link transmission, guarantee that the enciphering/deciphering module also is the aspect that system design should be noted that with the information flow coupling between the upper and lower level of link.
Three, summary of the invention:
1, purpose:
Satisfy the problems such as physical layer interface of high data throughput requirement at information security demand and design in the high speed communications link, the purpose of this invention is to provide a kind of communication link high speed data enciphering/deciphering module, it is to utilize FPGA, DB62 interface and adopt LVDS transmission signals form, has realized a kind of general high speed data link enciphering/deciphering module.Because encryption/decryption algorithm adopts general FPGA processor hardware to realize, have that execution speed is fast, upgrading and a debugging flexibility ratio advantages of higher; Adopted the LVDS physical layer interface signal simultaneously, the upper and lower inter-stage information of described enciphering/deciphering module and communication link can realize stablizing, high-speed transfer, speed reaches the Gbps magnitude, and LVDS physical layer interface form has been simplified interface circuit design equally, has improved the module integrated level.
2, technical scheme:
In order to realize target of the present invention, adopt following technical proposals to realize.
A kind of communication link high speed of the present invention data enciphering/deciphering module, it comprises: DB62 input port, FPGA enciphering/deciphering processing module, DB62 output port, random number generate chip, Flash memory chip, configuration and test circuit and power supply is supplied with network.Position annexation between them, signal trend are: the DB62 input port is connected with FPGA enciphering/deciphering processing module, and the DB62 output port is connected with FPGA enciphering/deciphering processing module; The DB62 input port receives 16 pairs of LVDS differential signals that higher level's link arrives, carry and enough give FPGA enciphering/deciphering processing module, FPGA enciphering/deciphering processing module is extracted data message and is adopted block cipher that data are carried out enciphering/deciphering, arrived the DB62 output port with the output of LVDS differential signal form by the enciphering/deciphering data then, flow into next processing unit of communication link; Random number generates chip and is connected with FPGA enciphering/deciphering processing module, and the desirable true random sequence that random number generates the chip generation is input to FPGA enciphering/deciphering processing module, as the initial encryption key of block encryption algorithm; The Flash memory chip is connected with FPGA enciphering/deciphering processing module, and the algorithm routine that whole enciphering/deciphering module electrifying startup stage F PGA enciphering/deciphering processing module reads the inner pre-stored of Flash memory chip is configured; Configuration is connected with FPGA enciphering/deciphering processing module with test circuit, and JTAG on-line debugging, UART serial data communication and expansion interface function are provided; Power supply is supplied with network and is linked to each other with each module in the whole enciphering/deciphering processing module, for each parts provide the power supply support.
Described DB62 input port is 62 needle interface plug-in units of standard, and it comprises 16 pairs of LVDS input data signals, 1 pair of LVDS input sync signal and 1 pair of LVDS input clock signal, and all the other are the ground connection isolation signals.It mainly finishes the physical layer interface function with the communication link upper level.
Described FPGA enciphering/deciphering processing module is the core information processing unit, and it is made of the monolithic fpga chip, finishes input information extraction, enciphering/deciphering processing and message sending function.According to the function that is realized and signal flow to, can be divided into LVDS signal receiving module, data enciphering/deciphering module, three parts of LVDS signal transmitting module to fpga chip inside successively.Relation is therebetween: the LVDS signal receiving module by differential conductor to and 100 Ω build-out resistors be connected with described DB62 input port, the LVDS signal transmitting module pair is connected with described DB62 output port by differential conductor; LVDS signal receiving module and LVDS signal transmitting module are the inner integrated functional units of fpga chip, mainly finish the conversion between TTL signal and the LVDS signal.Data enciphering/deciphering module is made up of the operation processing unit and the register of FPGA inside, realizes the enciphering/deciphering processing capacity of data.Data enciphering/deciphering module is carried out enciphering/deciphering to information and is adopted symmetrical block cipher technology, mode of operation is selected the OFB pattern, can satisfy the data format of different length, and inerrancy diffusion phenomena under the OFB mode of operation, can meet the eye on every side the real-time requirement of information processing at any time to expressly handling.The block cipher that the data enciphering/deciphering is adopted can be to have the safe enough performance arbitrarily, algorithm structure is simple and does not have the method for encryption/decryption of error code diffusion phenomena, as AES, des encryption algorithm etc.
Described DB62 output port is 62 needle interface plug-in units of standard, and it comprises 16 pairs of LVDS outputting data signals, 1 pair of LVDS output synchronizing signal and 1 pair of LVDS clock signal, and all the other are the ground connection isolation signals.It mainly finishes the physical layer interface function with the communication link next stage.
Described random number generation chip is used to produce desirable true random number and is input to FPGA enciphering/deciphering processing module provides initial key for cryptographic algorithm.
Described Flash memory chip is mainly used in preserves the configurator that powers on, and it is to have the nonvolatile memory that in-system programming function and capacity satisfy the configurator size requirement.
Described configuration and test circuit are made up of standard JTAG configuration interface, UART Asynchronous Serial Interface and expansion interface.The JTAG configuration interface is standard 14 pin plugs, by power supply,, signal such as data input, data output, model selection and clock pin forms, can directly be connected online download and the debugging that realizes configurator by download cable, finish the JTAG configuration mode of fpga chip with host computer.The present invention can select 8 kinds of FPGA configuration mode that powers at most, and various configuration modes can be selected by 3 configuration signal programmings, and JTAG is configured in 8 kinds of modes has highest level, and any moment can shield other configuration modes and realize system's online programming function.When the JTAG configuration mode is set to when invalid, acquiescence is taked main series arrangement mode during system off-line.The UART Asynchronous Serial Interface is mainly finished Debugging message and is turned back to the host computer terminal, and it is made of level transferring chip and DB9 joint, and level transferring chip can be to finish the device of Transistor-Transistor Logic level and RS232 level conversion function arbitrarily, as the MAX3232 chip.Expansion interface mainly is the common row's pin that connects fpga chip GPIO pin, is used for the inner signal that produces of debug phase observation FPGA, as a kind of assistant adjustment means.
Described power supply is supplied with network and is mainly each parts that the present invention comprises the power supply support is provided, and it is made up of the adjustment unit that magnitudes of voltage such as 3.3V, 2.5V, 1.8V and 1.0V are provided.The type selecting of each adjustment unit power supply chip should satisfy the current drives and the operating voltage requirement of high-speed data enciphering/deciphering module of the present invention.
Wherein, the fpga chip of FPGA enciphering/deciphering processing module employing is the Virtex series processors chip that Xilinx company produces.
Wherein, random number generates the WNG7 chip that chip is 30 good microelectronics productions.
Wherein, the Flash memory chip is the XCF32P chip that Xilinx company produces.
Wherein, the adjustment unit power supply chip in the power supply supply network is PTH08T220W, the PTH08T240W power supply chip of TI company.
The workflow that module of the present invention is finished the processing of data enciphering/deciphering is: first system powers on, and electric power network is started working, for each module in the system provides the power supply support; Then, the inner register relevant of initialization FPGA with configuration, by sampling configuration mode pin M0, M1, the state of M2 is determined the configuration mode to FPGA, finishes the function of initializing of FPGA enciphering/deciphering processing module; Secondly, partly resolve 16 road LVDS differential signals by the LVDS signal receiving module of FPGA enciphering/deciphering processing module again, extract data and send into information enciphering/deciphering processing unit; Adopt symmetrical block cipher SBEA to finish the enciphering/deciphering processing to receiving data again, cryptographic algorithm is selected the OFB mode of operation, and the data of reception at first cushion, and just handle after satisfying 256 bit lengths; At last, data are to the conversion of LVDS differential signal, and the information after the FPGA enciphering/deciphering is handled is converted into the Low Voltage Differential Signal that is suitable for Channel Transmission by the LVDS signal transmitting module; Return above-mentioned steps then, continue to handle receiving data.
3, advantage and effect
A kind of communication link high speed of the present invention data enciphering/deciphering module, the beneficial effect of obtaining is:
The present invention adopts programmable logic circuit FPGA to realize communication link high speed data enciphering/deciphering module, and the internal hardware logic can be carried out Configuration Online and real-time update, is convenient to algorithm improvement and upgrading; Hardware based adding/separate algorithm to realize significantly having promoted information processing rate, realize having better antidecoding capability with respect to software; Algorithm way of realization based on FPGA also is beneficial to the chip-scale conversion, reduces power consumption, promotes the product integrated level.
In order to guarantee cipher safety and in the application of some key areas, the present invention adopts the security packet cryptographic algorithm (SBEA) with independent intellectual property right, cryptographic algorithm adopts the OFB mode of operation, avoid error diffusion problem in the enciphering/deciphering processing, when the clock frequency is 82MHz, parallel 16 bit enciphering/deciphering processing speeds reach 1.312Gbps, satisfy the Gbps magnitude demand of message transmission in the high speed data link.
The present invention with the LVDS differential signal as the communication link information transport vehicle, be low to moderate the voltage swing of 350mV and the low bias voltage of 1.2V and make the LVDS signal have very high level conversion speed and lower system power dissipation, satisfy rate of information throughput Gbps magnitude and high circuit level demand.In addition, because the differential transfer attribute of LVDS signal, noise is coupled on differential signal line in the common mode mode, and receiving terminal has improved the anti-interference of signal by subtracting each other the removal noise.In a word, can realize two-forty, high security and the high reliability transport of information as physical layer interface signal of the present invention with the LVDS difference form.
Four, description of drawings
Fig. 1 system hardware structure schematic diagram of the present invention
Fig. 2 data enciphering/deciphering of the present invention process chart
Symbol description is as follows among the figure:
16 road LVDS difference input: the differential data signals that offers FPGA enciphering/deciphering processing module by the DB62 input port.
16 road LVDS difference output: the differential data signals that offers the DB62 output port by FPGA enciphering/deciphering processing module.
SYN difference input: the difference input sync signal that offers FPGA enciphering/deciphering processing module by the DB62 input port.
SYN difference output: the difference output synchronizing signal that offers the DB62 input port by FPGA enciphering/deciphering processing module.
CLK difference input: the difference input clock signal that offers FPGA enciphering/deciphering processing module by the DB62 input port.
CLK difference output: the difference clock signal that offers the DB62 input port by FPGA enciphering/deciphering processing module.
The DIN:FPGA configuration phase is from the data-signal of Flash chip output.
OE:Flash chip output enable signal.
The CCLK:FPGA configuration phase is input to the data read clock signal of Flash chip.
The CE:Flash chip selection signal.
CF:Flash configuration starting impulse signal.
The DI:JTAG data input signal.
MS:JTAG configuration mode signal.
The F_CLK:JTAG clock signal.
The DO:JTAG output signal output.
W_CLK: noise source chip data clock signal.
DATA: noise source signal random number outputting data signals.
UART: general serial communication interface sets of signals.
201-205: be the step number of data enciphering/deciphering handling process.
Five, embodiment
Reaching embodiment below with reference to the accompanying drawings describes the present invention:
See shown in Figure 1ly, a kind of communication link high speed of the present invention data enciphering/deciphering module generates chip, Flash memory, configuration and test circuit and electric power network is formed by DB62 input port, FPGA enciphering/deciphering module, DB62 output port, random number.Position annexation between them, signal trend are: the DB62 input port is connected with FPGA enciphering/deciphering processing module, and the DB62 output port is connected with FPGA enciphering/deciphering processing module; The DB62 input port receives 16 pairs of LVDS differential signals that higher level's link arrives, carry and enough give FPGA enciphering/deciphering processing module, FPGA enciphering/deciphering processing module is extracted data message and is adopted block cipher that data are carried out enciphering/deciphering, arrived the DB62 output port with the output of LVDS differential signal form by the enciphering/deciphering data then, flow into next processing unit of communication link; Random number generates chip and is connected with FPGA enciphering/deciphering processing module, and the desirable true random sequence that random number generates the chip generation is input to FPGA enciphering/deciphering processing module, as the initial encryption key of block encryption algorithm; The Flash memory chip is connected with FPGA enciphering/deciphering processing module, and the algorithm routine that whole enciphering/deciphering module electrifying startup stage F PGA enciphering/deciphering processing module reads the inner pre-stored of Flash memory chip is configured; Configuration is connected with FPGA enciphering/deciphering processing module with test circuit, and JTAG on-line debugging, UART serial data communication and expansion interface function are provided; Power supply is supplied with network and is linked to each other with each module in the whole enciphering/deciphering processing module, for each parts provide the power supply support.
62 pin DB62 interface connectors of described DB62 input port choice criteria, FPGA enciphering/deciphering module adopts the Virtex-5 family chip of Xilinx company, and model is XC5VFX70T, and the BGA form of 665 pins is adopted in encapsulation.62 pin DB62 interface connectors of DB62 output port choice criteria.Random number is produced the WNG7 noise source chip that chip selects Chengdu 30 good microelectronics to produce.According to the size of actual disposition file, but the Flash memory adopts 1 online programming PlatformFlash PROM of system as program storage, and model is XCF32P, and memory capacity is 32Mb.JTAG on-line debugging interface adopts standard 14 needle connectors in configuration and the test circuit, and UART interface choice criteria DB9 interface and MAX3232 level transferring chip are formed, and other expansion mouth is connected with the GPIO port of FPGA by common insert row.Electric power network selects the TI PTH08T220W of company, PTH08T240W, TPS74401 power supply chip and capacitor filter network to form.
In the above-mentioned communication link high-speed data enciphering/deciphering module, the DB62 input port provides LVDS input data signal " input of 16 road LVDS difference " (left side broad arrow content among the figure, comprise signals such as D_IN0+/D_IN0-~D_IN15+/D_IN15-), 1 pair of LVDS synchronizing signal " input of SYN difference " (comprising the SYN_IN+/SYN_IN-signal) and 1 pair of LVDS clock signal " input of CLK difference " (comprising the CLK_IN+/CLK_IN-signal) are to the LVDS signal receiving module of FPGA enciphering/deciphering module, the 82MHz that " input of CLK difference " clock signal adopts high speed communications link to make an appointment, the LVDS signal receiving module extracts data message and sends into the enciphering/deciphering processing unit of FPGA inside, and the SBEA algorithm that adopts design voluntarily to have independent intellectual property right carries out 16 bit parallel encryption/decryption to information.Data after the encryption/decryption process are converted into LVDS outputting data signals " output of 16 road LVDS difference " (broad arrow content in right side among the figure through the LVDS of FPGA inside signal transmitting module, comprise signals such as D_OUT0+/D_OUT0-~D_OUT15+/D_OUT15-), form physical layer interface signal in conjunction with 1 pair of LVDS output synchronizing signal " output of SYN difference " (comprising the SYN_OUT+/SYN_OUT-signal) and 1 pair of LVDS clock signal " output of CLK difference " (comprising the CLK_OUT+/CLK_OUT-signal), wherein the differential clock signal of output keeps 82MHz constant, sends into communication link subordinate information process unit via the DB62 output port at last.
In the above-mentioned communication link high-speed data enciphering/deciphering module, FPGA enciphering/deciphering processing module is carried out enciphering/deciphering to data, and to handle employed SBEA algorithm be symmetrical block cipher, clear packets length is got 256 bits, and key length is 256 bits, and the password mode of operation is selected the OFB pattern.The OFB mode of operation can satisfy different length data format enciphering/deciphering processing demands, and no enciphering/deciphering error diffusion under this pattern work, can satisfy information processing real-time requirement in the communication link at any time to expressly handling.Aspect enciphering/deciphering efficient, the time of finishing an enciphering/deciphering operation based on the hard-wired SBEA algorithm of FPGA is 19.5ns, and under 82MHz communication link clock frequency, the enciphering/deciphering throughput of parallel 16 bit process reaches 1.312Gbps.Aspect fail safe, verify by the provable security logic and to show, all attack forms such as the effectively burden sexual assault of SBEA algorithm, differential attack, algebraically attack, interpolation attack and penetration attack, the computer that with the disposal ability is 1e+5MIPS is an example, breaks through time that the SBEA algorithm needs greater than 1e+54.
In the above-mentioned communication link high-speed data enciphering/deciphering module, random number generates chips W NG7 and is connected with fpga chip XC5VFX70T, fpga chip provides clock signal by the IO_L4P_GC_4 pin for the W_CLK pin of WNG7 chip, frequency is 1MHz, and WNG7 is by the IO_L9P_CC_17 pin of DATA pin output random number sequence to FPGA.Described random number generates chips W NG7 and handles generation random noise in back by the RC oscillator through linear feedback shift register, has desirable true stochastic behaviour, satisfy cryptographic algorithm for the desired completely random of initial encryption key, characteristic such as not reproducible and unpredictable, guaranteeing role has been played in the fail safe of whole cryptographic system.In addition, generate chip, guaranteed that the key build environment is safe, has increased the decoding difficulty because WNG7 is special hardware random number.
In the above-mentioned communication link high-speed data enciphering/deciphering module, the Flash memory chip is connected with fpga chip by data-signal DIN, clock signal C CLK, output enable signal OE, chip selection signal CE and configuration pulse signal CF.Configuration phase powers on, FPGA receives configurator by the D_IN0 pin from data-signal DIN, the CCLK_0 pin of FPGA is then exported 40MHz to the CCLK holding wire, guarantees during this that enable signal OE, chip selection signal CE are effective status, and configuration pulse signal CF is a high level.If CF signal moment is changed to low level, get back to high level then, will cause FPGA to restart layoutprocedure so.
In the above-mentioned communication link high-speed data enciphering/deciphering module, the jtag interface part of configuration and test circuit is connected with the Flash memory chip with described FPGA enciphering/deciphering module by mode signal MS, clock signal F_CLK, data output signal DO and data input signal DI, wherein the DI signal is set out by jtag interface and is connected with Flash memory chip TDI pin, output to the TDI_0 pin of fpga chip then from pin TDO, then output to the DO pin of jtag interface from fpga chip pin TDO_0.As seen, form the data link of a closure between jtag interface, Flash memory chip and fpga chip three, for system provides on-line debugging and program download function.Configuration is connected with fpga chip by the MAX3232 chip with the UART interface section of test circuit, realizes the transmitted in both directions function of serial data, and the MAX3232 device is finished Transistor-Transistor Logic level and RS232 level conversion function.
In the above-mentioned communication link high-speed data enciphering/deciphering module, the electric power network module provides the power supply support for entire circuit of the present invention, wherein provide 3.3V, 2.5V port voltage and 1.0V kernel supply power voltage for fpga chip, for the Flash memory offers 3.3V port voltage and 1.8V core voltage, for random noise source chip and MAX3232 provide the support of 3.3V voltage.
In the described high speed data link enciphering/deciphering module, finish data enciphering/deciphering handling process as shown in Figure 2, its step is as follows:
(step 201) system powers on, and electric power network is started working, for each module in the described high speed data link enciphering/deciphering module provides the power supply support.
(step 202) configuration fpga chip, the inner register relevant of initialization FPGA with configuration, by sampling configuration mode pin M0, M1, the state of M2 is determined the configuration mode to FPGA, finishes the function of initializing of FPGA enciphering/deciphering processing module.
(step 203) LVDS differential signal is to the data bit conversion, and the LVDS signal receiving module of FPGA enciphering/deciphering processing module is partly resolved 16 road LVDS differential signals, extracts data and sends into information enciphering/deciphering processing unit.
(step 204) finished the information enciphering/deciphering and handled, adopt symmetrical block cipher SBEA to finish the enciphering/deciphering processing to receiving data, cryptographic algorithm is selected the OFB mode of operation, the data that receive at first cushion, after satisfying 256 bit lengths, just handle, if data length less than 256 bits take necessarily filling measure to make it reach 256 bits.
(step 205) data are to the conversion of LVDS differential signal, and the information after the FPGA enciphering/deciphering is handled is converted into the Low Voltage Differential Signal that is suitable for Channel Transmission by the LVDS signal transmitting module.Return step 203 then, continue to handle receiving data.
More than provided a specific implementation of the present invention, but the selection of scheme implementation chips type selecting, encryption/decryption algorithm and concrete implementation method can have polytype, those skilled in the art can select suitable execution mode according to the actual requirements.In a word, those skilled in the art can carry out various changes and not break away from the spirit and scope of the present invention high speed communications link data enciphering/deciphering module of the present invention, the present invention also be intended to comprise these change and modification interior.
Claims (5)
1. communication link high speed data enciphering/deciphering module, it is characterized in that: it comprises: DB62 input port, FPGA enciphering/deciphering processing module, DB62 output port, random number generate chip, Flash memory chip, configuration and test circuit and power supply is supplied with network; Position annexation between them, signal trend are: the DB62 input port is connected with FPGA enciphering/deciphering processing module, and the DB62 output port is connected with FPGA enciphering/deciphering processing module; The DB62 input port receives 16 pairs of LVDS differential signals of higher level's link arrival and carries enough to FPGA enciphering/deciphering processing module, FPGA enciphering/deciphering processing module is extracted data message and is adopted block cipher that data are carried out enciphering/deciphering, arrived the DB62 output port with the output of LVDS differential signal form by the enciphering/deciphering data then, flow into next processing unit of communication link; Random number generates chip and is connected with FPGA enciphering/deciphering processing module, and the desirable true random sequence that random number generates the chip generation is input to FPGA enciphering/deciphering processing module, as the initial encryption key of block encryption algorithm; The Flash memory chip is connected with FPGA enciphering/deciphering processing module, and the algorithm routine that whole enciphering/deciphering module electrifying startup stage F PGA enciphering/deciphering processing module reads the inner pre-stored of Flash memory chip is configured; Configuration is connected with FPGA enciphering/deciphering processing module with test circuit, and JTAG on-line debugging, UART serial data communication and expansion interface function are provided; Power supply is supplied with network and is linked to each other with each module in the whole enciphering/deciphering processing module, for each parts provide the power supply support;
Described DB62 input port is 62 needle interface plug-in units of standard, and it comprises 16 pairs of LVDS input data signals, 1 pair of LVDS input sync signal and 1 pair of LVDS input clock signal, and all the other are the ground connection isolation signals; It mainly finishes the physical layer interface function with the communication link upper level;
Described FPGA enciphering/deciphering processing module is the core information processing unit, and it is made of the monolithic fpga chip, finishes input information extraction, enciphering/deciphering processing and message sending function; According to the function that is realized and signal flow to, this inside modules is divided into LVDS signal receiving module, data enciphering/deciphering module, three parts of LVDS signal transmitting module successively; Relation is therebetween: the LVDS signal receiving module by differential conductor to and 100 Ω build-out resistors be connected with described DB62 input port, the LVDS signal transmitting module pair is connected with described DB62 output port by differential conductor; LVDS signal receiving module and LVDS signal transmitting module are the inner integrated functional units of fpga chip, mainly finish the conversion between TTL signal and the LVDS signal; Data enciphering/deciphering module is made up of the operation processing unit and the register of FPGA inside, realizes the enciphering/deciphering processing capacity of data; This data enciphering/deciphering module is carried out enciphering/deciphering to information and is adopted symmetrical block cipher technology, and mode of operation is selected the OFB pattern;
Described DB62 output port is 62 needle interface plug-in units of standard, and it comprises 16 pairs of LVDS outputting data signals, 1 pair of LVDS output synchronizing signal and 1 pair of LVDS clock signal, and all the other are the ground connection isolation signals; It mainly finishes the physical layer interface function with the communication link next stage;
Described random number generates chip and provides initial key owing to producing desirable true random number and being input to FPGA enciphering/deciphering processing module for cryptographic algorithm;
Described Flash memory chip is mainly used in preserves the configurator that powers on, but it is to have the nonvolatile memory that in-system programming function and capacity satisfy the configurator size requirement;
Described configuration and test circuit are made up of standard JTAG configuration interface, UART Asynchronous Serial Interface and expansion interface; The JTAG configuration interface is standard 14 pin plugs, by power supply,, data input, data output, model selection and clock leg signal form, can directly be connected online download and the debugging that realizes configurator by download cable, finish the JTAG configuration mode of fpga chip with host computer; The UART Asynchronous Serial Interface is mainly finished Debugging message and is turned back to the host computer terminal, and it is made of level transferring chip and DB9 joint, and level transferring chip is to finish the ADM3202 chip of Transistor-Transistor Logic level and RS232 level conversion function; Expansion interface mainly is the common row's pin that connects fpga chip GPIO pin, is used for the inner signal that produces of debug phase observation FPGA;
Described power supply is supplied with main each parts of network the power supply support is provided, it is made up of the adjustment unit that 3.3V, 2.5V, 1.8V and 1.0V magnitude of voltage are provided, and the type selecting of each adjustment unit power supply chip should satisfy the current drives and the operating voltage requirement of high-speed data enciphering/deciphering module.
2. a kind of communication link high speed data enciphering/deciphering module according to claim 1 is characterized in that: the fpga chip that this FPGA enciphering/deciphering processing module adopts is the Virtex series processors chip that Xilinx company produces.
3. a kind of communication link high speed data enciphering/deciphering module according to claim 1 is characterized in that: it is the WNG7 chip that 30 good microelectronics are produced that this random number generates chip.
4. a kind of communication link high speed data enciphering/deciphering module according to claim 1 is characterized in that: this Flash memory chip is the XCF32P chip that Xilinx company produces.
5. a kind of communication link high speed data enciphering/deciphering module according to claim 1 is characterized in that: the adjustment unit power supply chip that this power supply is supplied with in the network is PTH08T220W, the PTH08T240W power supply chip of TI company.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102860593A CN101958789B (en) | 2010-09-17 | 2010-09-17 | High-speed data encryption/decryption module in communication link |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102860593A CN101958789B (en) | 2010-09-17 | 2010-09-17 | High-speed data encryption/decryption module in communication link |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101958789A true CN101958789A (en) | 2011-01-26 |
| CN101958789B CN101958789B (en) | 2012-07-04 |
Family
ID=43485913
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102860593A Expired - Fee Related CN101958789B (en) | 2010-09-17 | 2010-09-17 | High-speed data encryption/decryption module in communication link |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101958789B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102346959A (en) * | 2011-08-11 | 2012-02-08 | 北京电子工程总体研究所 | Remote acquisition system of analog signals |
| CN103257937A (en) * | 2012-02-15 | 2013-08-21 | 京微雅格(北京)科技有限公司 | Method and device for protecting FPGA (field programmable gate array) internal configuration memory |
| CN104166823A (en) * | 2014-09-12 | 2014-11-26 | 罗满清 | Intelligent medical data safety guarantee system |
| CN104407550A (en) * | 2014-11-28 | 2015-03-11 | 成都中远信电子科技有限公司 | Satellite communication load ground detector and detection method thereof |
| CN104486069A (en) * | 2014-12-23 | 2015-04-01 | 天津光电通信技术有限公司 | GOST encryption and decryption equipment and method based on FPGA (field programmable gate array) |
| CN105677254A (en) * | 2016-01-06 | 2016-06-15 | 深圳市同创国芯电子有限公司 | Method and device for processing data |
| CN110231794A (en) * | 2019-07-09 | 2019-09-13 | 四川米众网络科技股份有限公司 | Serial communication controller based on safe cpu chip |
| CN110471345A (en) * | 2019-08-21 | 2019-11-19 | 江苏肯立科技股份有限公司 | A kind of 16 × 16 high-speed data switch matrix module of no crystal oscillator |
| CN112740217A (en) * | 2018-09-27 | 2021-04-30 | 赛灵思公司 | Cryptographic system |
| CN113722732A (en) * | 2021-08-26 | 2021-11-30 | 安徽敏矽微电子有限公司 | 2 debugging encryption and decryption security protection system on line |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060291650A1 (en) * | 2001-05-22 | 2006-12-28 | Viswanath Ananth | State-varying hybrid stream cipher |
| CN101197660A (en) * | 2006-12-07 | 2008-06-11 | 上海安创信息科技有限公司 | Encrypting method and chip for anti-attack standard encryption criterion |
| CN101742200A (en) * | 2008-11-17 | 2010-06-16 | 恩益禧电子股份有限公司 | Input/output interface, memory controller, set-top box and ciphering/deciphering method |
-
2010
- 2010-09-17 CN CN2010102860593A patent/CN101958789B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060291650A1 (en) * | 2001-05-22 | 2006-12-28 | Viswanath Ananth | State-varying hybrid stream cipher |
| CN101197660A (en) * | 2006-12-07 | 2008-06-11 | 上海安创信息科技有限公司 | Encrypting method and chip for anti-attack standard encryption criterion |
| CN101742200A (en) * | 2008-11-17 | 2010-06-16 | 恩益禧电子股份有限公司 | Input/output interface, memory controller, set-top box and ciphering/deciphering method |
Non-Patent Citations (1)
| Title |
|---|
| 《工矿自动化》 20080430 程千里等 基于FPGA+USB接口的硬件加密系统 130-131页 1-5 , 第2期 * |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102346959A (en) * | 2011-08-11 | 2012-02-08 | 北京电子工程总体研究所 | Remote acquisition system of analog signals |
| CN103257937B (en) * | 2012-02-15 | 2016-09-14 | 京微雅格(北京)科技有限公司 | A kind of method and apparatus protecting fpga chip internal configuration memorizer |
| CN103257937A (en) * | 2012-02-15 | 2013-08-21 | 京微雅格(北京)科技有限公司 | Method and device for protecting FPGA (field programmable gate array) internal configuration memory |
| CN104166823A (en) * | 2014-09-12 | 2014-11-26 | 罗满清 | Intelligent medical data safety guarantee system |
| CN104407550A (en) * | 2014-11-28 | 2015-03-11 | 成都中远信电子科技有限公司 | Satellite communication load ground detector and detection method thereof |
| CN104407550B (en) * | 2014-11-28 | 2018-03-16 | 成都中远信电子科技有限公司 | A kind of satellite communication load ground detector and detection method |
| CN104486069A (en) * | 2014-12-23 | 2015-04-01 | 天津光电通信技术有限公司 | GOST encryption and decryption equipment and method based on FPGA (field programmable gate array) |
| CN105677254A (en) * | 2016-01-06 | 2016-06-15 | 深圳市同创国芯电子有限公司 | Method and device for processing data |
| CN112740217A (en) * | 2018-09-27 | 2021-04-30 | 赛灵思公司 | Cryptographic system |
| CN112740217B (en) * | 2018-09-27 | 2024-02-02 | 赛灵思公司 | Cryptographic system |
| CN110231794A (en) * | 2019-07-09 | 2019-09-13 | 四川米众网络科技股份有限公司 | Serial communication controller based on safe cpu chip |
| CN110471345A (en) * | 2019-08-21 | 2019-11-19 | 江苏肯立科技股份有限公司 | A kind of 16 × 16 high-speed data switch matrix module of no crystal oscillator |
| CN113722732A (en) * | 2021-08-26 | 2021-11-30 | 安徽敏矽微电子有限公司 | 2 debugging encryption and decryption security protection system on line |
| CN113722732B (en) * | 2021-08-26 | 2024-02-23 | 安徽敏矽微电子有限公司 | 2-line on-chip debugging encryption and decryption safety protection system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101958789B (en) | 2012-07-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101958789B (en) | High-speed data encryption/decryption module in communication link | |
| CN106293617B (en) | Real random number generator | |
| CN102461063B (en) | Hardware based cryptography | |
| CN110289952B (en) | Quantum data link security terminal and security communication network | |
| CN101969376B (en) | Self-adaptive encryption system and method with semantic security | |
| CN112329038B (en) | Data encryption control system and chip based on USB interface | |
| CN111259416A (en) | Multi-algorithm security encryption authentication system and method based on FPGA | |
| CN103716166A (en) | Self-adaptation hybrid encryption method and device and encryption communication system | |
| CN105119715B (en) | Digital circuit is interconnected between a kind of virtual IO pieces of FPGA based on re-encryption algorithm | |
| CN103973432A (en) | SM4 algorithm encryption unit based on FPGA chip and USB interface chip | |
| US20170264598A1 (en) | Method and apparatus for performing symmetrical stream encryption of data | |
| CN104581712A (en) | Encryption communication method and system of mobile terminal | |
| CN103780608A (en) | SM4-algorithm control method based on programmable gate array chip | |
| CN104301111A (en) | High-precision Beidou differential information security transmission method | |
| CN103346878B (en) | A kind of secret communication method based on FPGA high-speed serial I/O | |
| Nabil et al. | Design and implementation of pipelined and parallel AES encryption systems using FPGA | |
| CN103929297A (en) | Communication method, encryption method and device for POS and mobile terminal and POS | |
| CN116073987A (en) | Reliability design method of block cipher mode, cipher card and server | |
| CN109788347A (en) | A kind of video chaotic secret communication device and method | |
| CN104980267A (en) | Quantum secret communication system controller | |
| CN103427978A (en) | Wireless Chinese character transmitting device based on chaotic encryption system | |
| CN103701591A (en) | Sequence password realization method and key stream generating method and device | |
| CN216490525U (en) | Network data encryption repeater | |
| Poluyanenko | Development of the search method for non-linear shift registers using hardware, implemented on field programmable gate arrays | |
| Nabil et al. | Design and implementation of pipelined aes encryption system using FPGA |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120704 |