CN103260156B - Key stream generating apparatus and method, Confidentiality protection device and method - Google Patents

Key stream generating apparatus and method, Confidentiality protection device and method Download PDF

Info

Publication number
CN103260156B
CN103260156B CN201210034235.3A CN201210034235A CN103260156B CN 103260156 B CN103260156 B CN 103260156B CN 201210034235 A CN201210034235 A CN 201210034235A CN 103260156 B CN103260156 B CN 103260156B
Authority
CN
China
Prior art keywords
key stream
unit
control unit
generates
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210034235.3A
Other languages
Chinese (zh)
Other versions
CN103260156A (en
Inventor
孔令斌
朱红儒
齐旻鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201210034235.3A priority Critical patent/CN103260156B/en
Publication of CN103260156A publication Critical patent/CN103260156A/en
Application granted granted Critical
Publication of CN103260156B publication Critical patent/CN103260156B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of key stream generating apparatus and method, Confidentiality protection device and method, key stream generating apparatus comprises: control unit, the algorithms selection signal that the algorithm for sending generation key stream to initialization unit, updating block, replacement unit and key stream generation unit is corresponding; Initialization unit, generates initial value for the algorithm corresponding based on algorithms selection signal; Cycle shift unit, for carrying out initial assignment and renewal to circulating register; Replacement unit, generates output parameter for the algorithm corresponding based on algorithms selection signal; Updating block, generates updated value for the algorithm corresponding based on algorithms selection signal; Key stream generation unit, generates key stream for the algorithm corresponding based on algorithms selection signal.Adopt technical solution of the present invention, need deployment two the to overlap problem that key stream generating apparatus occupies terminal equipment and the more process resource of apparatus for network node of terminal equipment and apparatus for network node in prior art can be solved.

Description

Key stream generating apparatus and method, Confidentiality protection device and method
Technical field
The present invention relates to communication technical field, particularly relate to a kind of key stream generating apparatus and method, Confidentiality protection device and method.
Background technology
Along with the development of mobile communication technology, the open network architedure of agreement (IP, InternetProtocol) Network Based and the characteristic of radio transmission, one of safety problem key problem becoming mobile communications device.At current Long Term Evolution (LTE; LongTermEvolution) in system; fail safe relates generally to confidentiality and integrity two aspects; generally; user plane (the UP of LTE; UserPlane) data need to carry out Confidentiality protection; control plane (CP; ControlPlane) wireless heterogeneous networks (RRC; RadioResourceControl) signaling and Non-Access Stratum (NAS, NonAccessStratum) signaling need to carry out Confidentiality protection and integrity protection.
Realize the evolved packet system (EPS of LTE fail safe protection mechanism; EvolvedPacketSystem) confidentiality algorithm (EEA; and EPS protection algorithm integrallty (EIA EPSEncryptionAlgorithm); EPSIntegrityAlgorithm) comprising: the 128-EEA1/128-EIA1 based on SNOW3G algorithm, the 128-EEA2/128-EIA2 based on Advanced Encryption Standard (AES, AdvancedEncryptionStandard) algorithm and the 128-EEA3/128-EIA3 based on ZUC algorithm.Wherein, SNOW3G algorithm and ZUC algorithm are the key stream generating algorithms towards 32, and input parameter is the initial key (KEY) of 128 and the initial vector (IV, InitialVector) of 128, and output parameter is the key stream of 32.
If the algorithm realizing LTE Confidentiality protection is 128-EEA1/128-EEA3, then the key stream generated by SNOW3G algorithm/ZUC algorithm and data are carried out XOR, namely the key stream generated by SNOW3G algorithm/ZUC algorithm and clear data to be sent are carried out XOR generating ciphertext data by data sending terminal, after data receiver receives encrypt data, the key stream generated by SNOW3G algorithm/ZUC algorithm is carried out XOR with the encrypt data received and is reduced to clear data, thus achieve UP data, RRC signaling, the Confidentiality protection of NAS signaling.If the algorithm realizing LTE integrity protection is 128-EIA1/128-EIA3, then according to the message authentication code (MAC of the key stream calculated data generated by SNOW3G algorithm/ZUC algorithm, MessageAuthenticationCode), namely data sending terminal sends after the MAC generated by SNOW3G algorithm/ZUC algorithm is attached to data to be sent, after data receiver receives data, expectation MAC (the XMAC of the data received is calculated according to the key stream generated by SNOW3G algorithm/ZUC algorithm, eXpectedMAC), then compare with the MAC received, thus realize RRC signaling, the integrity protection of NAS signaling.Wherein, when data sending terminal is apparatus for network node, data receiver is terminal equipment, and when data sending terminal is terminal equipment, data receiver is apparatus for network node.
Introduce the process being generated key stream by SNOW3G algorithm and ZUC algorithm below respectively.
One, key stream is generated by SNOW3G algorithm
The basic module realized in the device of SNOW3G algorithm comprises the linear feedback shift register (LFSR, LinearFeedbackShiftRegister) of 16 × 32, uses s respectively 0, s 1..., s 15represent; The finite state machine (FSM, FiniteStateMachine) of one 3 × 32, uses R respectively 1, R 2, R 3represent.Realize the process of SNOW3G algorithm as shown in Figure 1, mainly comprise initialization procedure and key stream generative process.
Initialization procedure comprises 32 clock cycle, in initialization procedure, first arrange initial value by initial KEY and IV to LFSR, in each clock cycle then in 32 clock cycle, through type (1) upgrades FSM, through type (2) upgrades LFSR, wherein, f represents the output parameter of FSM, and r represents the updated value of FSM, ⊕ represents XOR represent that mould adds computing, S1 and S2 represents replacement operation, R 1the input parameter of S1, S1 (R 1) be the output parameter of S1, R 2the input parameter of S2, S2 (R 2) be the output parameter of S2, v represents the updated value of LFSR, a α representative function mul α(a), a α -1representative function div α(a).
R 3=S2(R 2),R 2=S1(R 1),R 1=r(1)
v=(s 0·α)⊕s 2⊕(s 11·α -1)⊕f
s 0=s 1,s 1=s 2,s 2=s 3,s 3=s 4,s 4=s 5,s 5=s 6,s 6=s 7,s 7=s 8,
s 8=s 9,s 9=s 10,s 10=s 11,s 11=s 12,s 12=s 13,s 13=s 14,s 14=s 15,s 15=v(2)
In key stream generative process, first FSM is upgraded first clock cycle through type (1) of key stream generative process, through type (3) upgrades LFSR, then within follow-up each clock cycle, through type (1) upgrades FSM, through type (4) generates key stream kss, and through type (3) upgrades LFSR.
v=(s 0·α)⊕s 2⊕(s 11·α -1)
s 0=s 1,s 1=s 2,s 2=s 3,s 3=s 4,s 4=s 5,s 5=s 6,s 6=s 7,s 7=s 8,
s 8=s 9,s 9=s 10,s 10=s 11,s 11=s 12,s 12=s 13,s 13=s 14,s 14=s 15,s 15=v(3)
kss=f⊕s 0(4)
Two, key stream is generated by ZUC algorithm
The basic module realized in the device of ZUC algorithm comprises the LFSR of 16 × 31, uses z respectively 0, z 1..., z 15represent; The bit recombination (BR, BitReorganization) of one 4 × 32, uses x respectively 0, x 1, x 2, x 3represent; The nonlinear function (NLF, NonLinearFunction) of one 2 × 32, uses F respectively 1, F 2represent.Realize the process of ZUC algorithm as shown in Figure 2, mainly comprise initialization procedure and key stream generative process.
Initialization procedure comprises 32 clock cycle, in initialization procedure, first by initial KEY, IV and 240 bit constants, initial value is arranged to LFSR, then in each clock cycle in 32 clock cycle, through type (5) calculates BR, and through type (6) upgrades NLF, through type (7) upgrades LFSR, wherein, w represents the output parameter of NLF, w 1and w 2represent the updated value of NLF, a 0 ||a 1{ a 0, a 1all represent a 0and a 1series connection computing, a hand a lrepresent that high 16 and the a's of a is low 16 respectively, S represents replacement operation, L1 and L2 represents linear transformation, and u represents the updated value of LFSR, 2 xa and a<<<x all represents a ring shift left x position, and a>>x represents that a moves to right x position.In Fig. 2, u ≠ 0? u:! U represents and judges whether u equals 0, when u ≠ 0, u is set to u, when u=0, is set to by u! U,! Represent step-by-step negate computing.
w 2=F 2⊕x 2
F 1=S(L1(w 1L||w 2H)),F 2=S(L2(w 2L||w 1H))(6)
u=(2 15·z 15+2 17·z 13+2 21·z 10+2 20·z 4+2 8·z 0+z 0+(w>>1))mod(2 31-1)
(7)
z 0=z 1,z 1=z 2,z 2=z 3,z 3=z 4,z 4=z 5,z 5=z 6,z 6=z 7,z 7=z 8,
z 8=z 9,z 9=z 10,z 10=z 11,z 11=z 12,z 12=z 13,z 13=z 14,z 14=z 15,z 15=u
In key stream generative process, first within first clock cycle of key stream generative process, through type (5) calculates BR, through type (6) upgrades NLF, through type (8) upgrades LFSR, then within follow-up each clock cycle, through type (5) calculates BR, and through type (6) upgrades NLF, through type (9) generates key stream ksz, and through type (8) upgrades LFSR.Wherein, if formula (5) and formula (8) calculate u=0, then u is set to 2 31-1.
u=(2 15·z 15+2 17·z 13+2 21·z 10+2 20·z 4+2 8·z 0+z 0)mod(2 31-1)
(8)
z 0=z 1,z 1=z 2,z 2=z 3,z 3=z 4,z 4=z 5,z 5=z 6,z 6=z 7,z 7=z 8,
z 8=z 9,z 9=z 10,z 10=z 11,z 11=z 12,z 12=z 13,z 13=z 14,z 14=z 15,z 15=u
ksz=w⊕x 3(9)
In prior art, the algorithm realizing LTE Confidentiality protection may be 128-EEA1 or 128-EEA3, and the algorithm realizing LTE integrity protection may be 128-EIA1 or 128-EIA3.Terminal equipment and apparatus for network node are according to Authentication and Key Agreement process, determine to realize the algorithm of LTE Confidentiality protection and the algorithm of integrity protection, thus choice for use SNOW3G algorithm still uses ZUC algorithm to generate key stream, and generate key stream according to the algorithm selected, then according to generate key stream to UP data, RRC signaling, NAS signaling carries out Confidentiality protection, and to RRC signaling, NAS signaling carries out integrity protection, because the process realizing SNOW3G algorithm and ZUC algorithm is relatively independent, therefore terminal equipment and apparatus for network node just need deployment two to overlap key stream generating apparatus to realize SNOW3G algorithm and ZUC algorithm respectively, thus occupy terminal equipment and the more process resource of apparatus for network node, particularly the more sensitive terminal equipment of opposite sum power dissipation ratio is especially serious.
Summary of the invention
The embodiment of the present invention provides a kind of key stream generating apparatus and method, in order to solve need deployment two the to overlap problem that key stream generating apparatus occupies terminal equipment and the more process resource of apparatus for network node of terminal equipment and apparatus for network node in prior art.
The embodiment of the present invention also provides a kind of Confidentiality protection device and method.
Embodiment of the present invention technical scheme is as follows:
A kind of key stream generating apparatus, comprising: control unit, the algorithms selection signal that the algorithm for sending generation key stream respectively to initialization unit, updating block, replacement unit and key stream generation unit is corresponding; Initialization unit, for according to the initial key pre-set and initial vector, based on the algorithm generation initial value that the algorithms selection signal received is corresponding; Cycle shift unit, for the initial value generated according to initialization unit, carries out initial assignment to each circulating register, and according to the updated value that updating block generates, upgrades each circulating register; Replacement unit, for the value according to circulating register, the algorithm corresponding based on the algorithms selection signal received generates output parameter; Updating block, for the output parameter generated according to value and the replacement unit of circulating register, the algorithm corresponding based on the algorithms selection signal received generates updated value; Key stream generation unit, for the output parameter generated according to value and the replacement unit of circulating register, the algorithm corresponding based on the algorithms selection signal received generates key stream.
A kind of key stream generating method, the method comprising the steps of: control unit sends algorithms selection signal corresponding to the algorithm that generates key stream respectively to initialization unit, updating block, replacement unit and key stream generation unit; Initialization unit is according to the initial key pre-set and initial vector, and the algorithm corresponding based on the algorithms selection signal received generates initial value; The initial value that cycle shift unit generates according to initialization unit, carries out initial assignment to each circulating register, and according to the updated value that updating block generates, upgrades each circulating register; Replacement unit is according to the value of circulating register, and the algorithm corresponding based on the algorithms selection signal received generates output parameter; The output parameter that updating block generates according to the value of circulating register and replacement unit, the algorithm corresponding based on the algorithms selection signal received generates updated value; The output parameter that key stream generation unit generates according to the value of circulating register and replacement unit, the algorithm corresponding based on the algorithms selection signal received generates key stream.
A kind of Confidentiality protection device, comprises initial vector generation unit, above-mentioned key stream generating apparatus, encryption/decryption element, wherein: initial vector generation unit, for generating the initial vector needed for key stream generating apparatus generation key stream; Encryption/decryption element, for the key stream generated according to key stream generating apparatus, is encrypted operation to sent clear data and obtains encrypt data, and is decrypted operation to the encrypt data received and obtains clear data.
A kind of Confidentiality protection method, the method comprising the steps of: initial vector generation unit generates the initial vector of key stream generating apparatus generation needed for key stream; Key stream generating apparatus generates key stream based on above-mentioned key stream generating method; The key stream that encryption/decryption element generates according to key stream generating apparatus, is encrypted operation to sent clear data and obtains encrypt data, and is decrypted operation to the encrypt data received and obtains clear data.
In embodiment of the present invention technical scheme, key stream generating apparatus comprises control unit, initialization unit, cycle shift unit, replacement unit, updating block and key stream generation unit, wherein control unit is to initialization unit, updating block, replacement unit and key stream generation unit send respectively and generate algorithms selection signal corresponding to the algorithm of key stream, initialization unit is according to initial KEY and IV pre-set, the algorithm corresponding based on the algorithms selection signal received generates initial value, the initial value that cycle shift unit generates according to initialization unit, initial assignment is carried out to each circulating register, and according to the updated value that updating block generates, each circulating register is upgraded, replacement unit is according to the value of circulating register, the algorithm corresponding based on the algorithms selection signal received generates output parameter, the output parameter that updating block generates according to the value of circulating register and replacement unit, the algorithm corresponding based on the algorithms selection signal received generates updated value, the output parameter that key stream generation unit generates according to the value of circulating register and replacement unit, the algorithm corresponding based on the algorithms selection signal received generates key stream.Therefore, the key stream generating apparatus that the embodiment of the present invention proposes can realize the algorithm of multiple generation key stream, so terminal equipment and apparatus for network node just no longer need deployment two to overlap key stream generating apparatus to realize SNOW3G algorithm and ZUC algorithm respectively, thus effectively save terminal equipment and the more process resource of apparatus for network node, in addition, a control unit is only comprised in the key stream generating apparatus that embodiment of the present invention technical scheme proposes, no matter this key stream generating apparatus needs the algorithm realized to have several, the algorithms selection signal that the algorithm only needing this control unit to be realized by current needs is corresponding sends to initialization unit, updating block, replacement unit and key stream generation unit, initialization unit, updating block, replacement unit and key stream generation unit can process accordingly according to the algorithms selection signal received, if desired other algorithms are additionally increased, also only need in initialization unit, updating block, processing rule corresponding to this algorithm is increased in replacement unit and key stream generation unit, thus effectively can save terminal equipment and the more process resource of apparatus for network node, greatly can also shorten the construction cycle of system.
Accompanying drawing explanation
Fig. 1 is in prior art, realizes the process schematic of SNOW3G algorithm;
Fig. 2 is in prior art, realizes the process schematic of ZUC algorithm;
Fig. 3 is in the embodiment of the present invention one, key stream generating apparatus structural representation;
Fig. 4 is in the embodiment of the present invention one, the state transition diagram of main control unit;
Fig. 5 is in the embodiment of the present invention two, and key stream generates method flow schematic diagram;
Fig. 6 is in the embodiment of the present invention three, Confidentiality protection apparatus structure schematic diagram;
Fig. 7 is in the embodiment of the present invention four, Confidentiality protection method flow schematic diagram.
Embodiment
Below in conjunction with each accompanying drawing, the main of embodiment of the present invention technical scheme is realized principle, embodiment and set forth in detail the beneficial effect that should be able to reach.
Embodiment one
The embodiment of the present invention one proposes a kind of key stream generating apparatus, comprise control unit 31, initialization unit 32, cycle shift unit 33, replacement unit 34, updating block 35 and key stream generation unit 36, its structure as shown in Figure 3, the input of key stream generating apparatus comprises initial KEY, the IV of 128,1 algorithms selection signal sel and 1 enable signal en of 128, exports the key stream ks comprising 32.
Below the function of unit is described in detail.
Control unit
Control unit 31 is mainly used in sending respectively to initialization unit 32, updating block 34, replacement unit 35 and key stream generation unit 36 generating algorithms selection signal corresponding to the algorithm of key stream, wherein, the algorithm of the generation key stream in the embodiment of the present invention one can be, but not limited to comprise SNOW3G algorithm and ZUC algorithm.
Terminal equipment belonging to key stream generating apparatus or apparatus for network node determine the algorithm generating key stream, then send algorithms selection signal sel corresponding to the algorithm determined to the control unit 31 of key stream generating apparatus, control unit 31 to initialization unit 32, updating block 34, replacement unit 35 and key stream generation unit 36 respectively transmission algorithm select signal sel.
Terminal equipment belonging to key stream generating apparatus or apparatus for network node are when needs use key stream, start key stream generating apparatus by enable signal en and generate key stream, now enable signal en is set to effectively, terminal equipment belonging to key stream generating apparatus or apparatus for network node carry out the length of the data of fail safe protection as required, the quantity of data being carried out to the key stream needed for fail safe protection can be determined, when the quantity of key stream that key stream generating apparatus generates reach the quantity of the key stream needed for fail safe protection is carried out to data time, it is invalid to be set to by enable signal en, stop key stream generating apparatus to generate key stream with this.
Control unit 31 comprises 5 kinds of states: idle (idle) state, initial assignment (assign) state, initialization (initial) state, idle running (blank) state, work (work) state.Transformational relation between each state as shown in Figure 4, wherein:
When enable signal en is invalid, control unit 31 is in idle condition, and now key stream generating apparatus does not work;
When enable signal en by invalid transfer to effective time, control unit 31 is initial assignment state by idle condition redirect, when control unit 31 is in initial assignment state, cycle shift unit 33 and replacement unit 34 complete initial assignment operation, the initial value that cycle shift unit 33 generates according to initialization unit 32 carries out initial assignment to 16 circulating registers, and it is 0 that output parameter is composed by replacement unit;
When after 1 clock cycle that control unit 31 is initial assignment state by idle condition redirect, control unit 31 is init state by initial assignment state transition, the initialization procedure of algorithm is completed in this state, initialization procedure is 32 cycles, can an embedded summary counter cnt, often just summary counter cnt accumulation is added 1, until summary counter cnt is 32 through a clock cycle;
When after 32 clock cycle that control unit 31 is init state by initial assignment state transition, control unit 31 is idling conditions by init state redirect;
When after 1 clock cycle that control unit 31 is idling conditions by init state redirect, control unit 31 is operating state by idling conditions redirect, in each clock cycle that control unit 31 is in running order, key stream generation unit 36 performs and generates the process of key stream, and the key stream that key stream generation unit 36 generates can be, but not limited to be the key stream of 32;
When enable signal en is by when effectively transferring to invalid, control unit 31 is idle condition by operating state redirect, and now key stream generating apparatus does not work.
A control unit is only comprised in the key stream generating apparatus that the embodiment of the present invention one technical scheme proposes, no matter this key stream generating apparatus needs the algorithm realized to have several, the algorithms selection signal that the algorithm only needing this control unit to be realized by current needs is corresponding sends to initialization unit, updating block, replacement unit and key stream generation unit, effectively saves terminal equipment and the more process resource of apparatus for network node.
In addition, if desired other algorithms are additionally increased, only need to increase processing rule corresponding to this algorithm in initialization unit, updating block, replacement unit and key stream generation unit, thus effectively can save terminal equipment and the more process resource of apparatus for network node, greatly can also shorten the construction cycle of system.
Initialization unit
Initialization unit 32 is mainly used in initial KEY and IV according to pre-setting, and the algorithm corresponding based on the algorithms selection signal received generates initial value, the IV being input as 128 initial KEY and 128 of initialization unit 32, wherein initial KEY { k 0, k 1k 127represent, the IV { iv of 128 0, iv 1iv 127represent, the output of initialization unit 32 is the initial value of 16 32, uses i 0, i 1i 15represent.
The control of the controlled unit 31 of initialization unit 32, when the algorithm that the algorithms selection signal sel that initialization unit 32 receives is corresponding is SNOW3G algorithm, initialization unit can generate the initial value of 16 32 by following manner:
{i 0,i 1,i 2,i 3}=!{k 0,k 1,…,k 127}
{i 4,i 5,i 6,i 7}={k 0,k 1,…,k 127}
i 8=i 0
i 9=i 1⊕{iv 96,iv 97,…,iv 127}
i 10=i 2⊕{iv 64,iv 65,…,iv 95}
i 11=i 3
i 12=i 4⊕{iv 32,iv 33,…,iv 63}
i 13=i 5
i 14=i 6
i 15=i 7⊕{iv 0,iv 1,…,iv 31}
Wherein,! Represent step-by-step negate computing, { } represents series connection computing, and ⊕ represents XOR.
When the algorithm that the algorithms selection signal sel that initialization unit 32 receives is corresponding is ZUC algorithm, initialization unit 32 generates initial value by following manner:
i j=0||{k 8·j,k 8·j+1,…,k 8·j+7}||d j||{iv 8·j,iv 8·j+1,…,iv 8·j+7}
Wherein, d jfor 15 bit constants preset, 0≤j≤15, || represent series connection computing.
In addition, if desired additionally increase other algorithms, then need to increase in initialization unit this algorithm corresponding, the method that generates initial value, follow-up initialization unit just can according to the instruction of control unit, based on this newly-increased algorithm generation initial value.
Cycle shift unit
Cycle shift unit 33 is mainly used in the initial value generated according to initialization unit 32, carries out initial assignment to each circulating register, and according to the updated value that updating block 35 generates, upgrades each circulating register.
Cycle shift unit 33 mainly realizes the LFSR of SNOW3G algorithm and ZUC algorithm, and comprise the register (being called circulating register) of 16 32, the value of each circulating register uses r respectively 0, r 1r 15represent.
The control of the controlled unit 31 of cycle shift unit 33, the state of cycle shift unit 33 Monitoring and Controlling unit 31 within each clock cycle, if monitor control unit 31 for initial assignment state, the then initial value that generates according to initialization unit 32 of cycle shift unit 33, initial assignment is carried out to each circulating register, now the initial value i being input as initialization unit 32 generation of cycle shift unit 33 0, i 1i 15, cycle shift unit 33 carries out initial assignment by following manner to the circulating register of 16 32:
r j=i j
Wherein 0≤j≤15.
If monitor control unit 31 for init state, idling conditions or operating state, then the updated value r that generates according to updating block 35 of cycle shift unit 33 updt, each circulating register is upgraded, now the updated value r being input as updating block 35 generation of cycle shift unit 33 updt, cycle shift unit 33 is upgraded by the register of following manner to comprise 16 32:
r 0=r 1,r 1=r 2,r 2=r 3,r 3=r 4,r 4=r 5,r 5=r 6,r 6=r 7,r 7=r 8
r 8=r 9,r 9=r 10,r 10=r 11,r 11=r 12,r 12=r 13,r 13=r 14,r 14=r 15,r 15=r updt
Replacement unit
Replacement unit 34 is mainly used in the value according to circulating register, selects the algorithm that signal is corresponding to generate output parameter s based on the algorithm sel received.
Replacement unit 34 comprises the register (be called and replace register) of 4 32, and each value of replacing register is respectively R 0, R 1, R 2, R 3, for realizing the NLF function of FSM and the ZUC algorithm of SNOW3G algorithm, the value being input as the circulating register of cycle shift unit 33 of replacement unit 34 the output parameter generated is s.
Define the adder of 2 32, the value of 2 adders is respectively add 0, add 1, define the XOR device of 2 32, the value of 2 adders is respectively xor 0, xor 1, wherein:
xor o=R 1⊕t 1,xor 1=t 2⊕t 3
T 0, t 1, t 2, t 3be respectively 4 temporary variables, represent that mould adds computing.
The control of the controlled unit 31 of replacement unit 34, replacement unit 34 is within each clock cycle, and the state of Monitoring and Controlling unit 31, if monitor control unit 31 for initial assignment state, then output parameter sets to 0 by replacement unit 34, is equivalent to carry out initial assignment to output parameter s.
If monitor control unit 31 for init state, idling conditions or operating state, then replacement unit 34 is according to the value of circulating register, and the algorithm corresponding based on the algorithms selection signal received generates output parameter s.
Wherein, if monitoring control unit is init state, idling conditions or operating state, and algorithm corresponding to the algorithms selection signal received is SNOW3G algorithm, then replacement unit 34 generates output parameter s by following manner:
s=xor 0
t 0=r 15,t 1=add 0,t 2=R 2,t 3=r 5
R 3=add 1,R 2=S2(R 1),R 1=S1(R 0),R 0=R 3
Wherein, S1 and S2 represents replacement operation.
If monitoring control unit is init state, idling conditions or operating state, and algorithm corresponding to the algorithms selection signal received is ZUC algorithm, then replacement unit 34 generates output parameter by following manner:
s=add 1
t 0={r 11L,r′ 9H},t 1={r 7L,r′ 5H},t 2=R 0,t 3={r′ 15H,r 14L}
R 3=add 0,R 2=xor 0,R 1=S(L2{R 2L,R 3H}),R 0=S(L1{R 3L,R 2H})
Wherein, r 11L, r 7L, r 14L, R 2L, R 3Lrepresent r respectively 11, r 7, r 14, R 2, R 3low 16, R 3H, R 2Hrepresent R respectively 3, R 2high 16, r 9', r 5', r ' 15represent r respectively 9, r 5, r 15low 31, r ' 9H, r ' 5H, r ' 15Hrepresent r respectively 9', r 5', r ' 15high 16, S represents replacement operation, L1 and L2 represents linear transformation computing, { } represent series connection computing.
In addition, if desired additionally increase other algorithms, then need to increase in replacement unit this algorithm corresponding, the method that generates output parameter s, follow-up replacement unit just can according to the instruction of control unit, based on this newly-increased algorithm generation output parameter s.
Updating block
Updating block 35 is mainly used in the output parameter s generated according to value and the replacement unit 34 of circulating register, and the algorithm corresponding based on the algorithms selection signal sel received generates updated value r updt.
The value being input as the circulating register of cycle shift unit 33 of updating block 35 and the output parameter s of the generation of replacement unit 34, export as updated value r updt.
The control of the controlled unit 31 of updating block 35, when the algorithm that the algorithms selection signal sel received is corresponding is SNOW3G algorithm, updating block 35 generates updated value r by following manner updt:
r updt=(r 0·α)⊕r 2⊕(r 11·α -1)⊕s
Wherein, r 0α representative function mul α(r 0), r 11α -1representative function div α(r 0).
When the algorithm that the algorithms selection signal sel received is corresponding is ZUC algorithm, updating block 35 generates updated value r by following manner updt:
r updt=0||(r 0′+2 8·r 0′+2 20·r 4′+2 21·r′ 10+2 17·r′ 13+2 15·r′ 15+(s>>1))mod(2 31-1)
Wherein, r 0', r 4', r ' 10, r ' 13, r ' 15represent r respectively 0, r 4, r 10, r 13, r 15low 31, s > > 1 represents that s moves to right 1,2 8r 0', 2 20r 4', 2 21r ' 10, 2 17r ' 13, 2 15r ' 15represent r respectively 0' ring shift left 8, r 4' ring shift left 20, r ' 10ring shift left 21, r ' 13ring shift left 17, r ' 15ring shift left 15.
If the updated value r that updating block 35 generates updtbe 0, then updating block 35 is by updated value r updtbe set to 0|| (2 31-1).
In addition, if desired additionally increase other algorithms, then need to increase in updating block this algorithm corresponding, generate updated value r updtmethod, follow-up updating block just can according to the instruction of control unit, generates updated value r based on this newly-increased algorithm updt.
Key stream generation unit
Key stream generation unit 36 is mainly used in the output parameter s generated according to value and the replacement unit 34 of circulating register, and the algorithm corresponding based on the algorithms selection signal sel received generates key stream ks.
The value r being input as the circulating register of cycle shift unit 33 of key stream generation unit 36 0, r 2, and the output parameter s of the generation of replacement unit 34, export as key stream ks.
The control of the controlled unit 31 of key stream generation unit 36, within each clock cycle, the state of key stream generation unit 36 Monitoring and Controlling unit 31, if monitor control unit 31 for operating state, the then output parameter s that generates according to the value of circulating register and replacement unit 34 of key stream generation unit 36, the algorithm corresponding based on the algorithms selection signal sel received generates key stream.
Define 32 temporary variable t, key stream generation unit 36 generates key stream ks by following manner:
ks=s⊕t
If monitor control unit 31 for operating state, and algorithm corresponding to the algorithms selection signal sel received is SNOW3G algorithm, then t=r 0, namely key stream generation unit 36 generates key stream ks by following manner:
ks=s⊕r 0
If monitor control unit 31 for operating state, and algorithm corresponding to the algorithms selection signal sel received is ZUC algorithm, then t={r 2L, r ' 0H, namely key stream generation unit 36 generates key stream ks by following manner:
ks=s⊕{r 2L,r′ 0H}
Wherein, r 2Lrepresent r 2high 16, r 0' represent r 0low 31, r ' 0Hrepresent r 0' high 16.
In addition, if desired additionally increase other algorithms, then need to increase in key stream generation unit this algorithm corresponding, the method that generates key stream, derive subsequent keys stream generation unit just can according to the instruction of control unit, based on this newly-increased algorithm generation key stream.
From above-mentioned processing procedure, in embodiment of the present invention technical scheme, key stream generating apparatus comprises control unit, initialization unit, cycle shift unit, replacement unit, updating block and key stream generation unit, wherein control unit is to initialization unit, updating block, replacement unit and key stream generation unit send respectively and generate algorithms selection signal corresponding to the algorithm of key stream, initialization unit is according to initial KEY and IV pre-set, the algorithm corresponding based on the algorithms selection signal received generates initial value, the initial value that cycle shift unit generates according to initialization unit, initial assignment is carried out to each circulating register, and according to the updated value that updating block generates, each circulating register is upgraded, replacement unit is according to the value of circulating register, the algorithm corresponding based on the algorithms selection signal received generates output parameter, the output parameter that updating block generates according to the value of circulating register and replacement unit, the algorithm corresponding based on the algorithms selection signal received generates updated value, the output parameter that key stream generation unit generates according to the value of circulating register and replacement unit, the algorithm corresponding based on the algorithms selection signal received generates key stream.Therefore, the key stream generating apparatus that the embodiment of the present invention proposes can realize the algorithm of multiple generation key stream, so terminal equipment and apparatus for network node just no longer need deployment two to overlap key stream generating apparatus to realize SNOW3G algorithm and ZUC algorithm respectively, thus effectively save terminal equipment and the more process resource of apparatus for network node, in addition, a control unit is only comprised in the key stream generating apparatus that embodiment of the present invention technical scheme proposes, no matter this key stream generating apparatus needs the algorithm realized to have several, the algorithms selection signal that the algorithm only needing this control unit to be realized by current needs is corresponding sends to initialization unit, updating block, replacement unit and key stream generation unit, initialization unit, updating block, replacement unit and key stream generation unit can process accordingly according to the algorithms selection signal received, if desired other algorithms are additionally increased, also only need in initialization unit, updating block, processing rule corresponding to this algorithm is increased in replacement unit and key stream generation unit, thus effectively can save terminal equipment and the more process resource of apparatus for network node, greatly can also shorten the construction cycle of system.
Embodiment two
Based on the key stream generating apparatus that the embodiment of the present invention one proposes, the embodiment of the present invention two proposes a kind of key stream generating method, and as shown in Figure 5, its concrete handling process is as follows:
Step 51, control unit sends respectively to initialization unit, updating block, replacement unit and key stream generation unit and generates algorithms selection signal sel corresponding to the algorithm of key stream;
Step 52, initialization unit is according to initial KEY and IV pre-set, and the algorithm corresponding based on the algorithms selection signal sel received generates initial value;
Step 53, the initial value that cycle shift unit generates according to initialization unit, carries out initial assignment to each circulating register, and according to the updated value that updating block generates, upgrades each circulating register;
Step 54, replacement unit is according to the value of circulating register, and the algorithm corresponding based on the algorithms selection signal sel received generates output parameter;
Step 55, the output parameter that updating block generates according to the value of circulating register and replacement unit, the algorithm corresponding based on the algorithms selection signal sel received generates updated value;
Step 56, the output parameter that key stream generation unit generates according to the value of circulating register and replacement unit, the algorithm corresponding based on the algorithms selection signal sel received generates key stream.
In the embodiment of the present invention two, the state of control unit comprises idle condition, initial assignment state, init state, idling conditions and operating state, wherein:
When enable signal en is invalid, control unit is in idle condition;
When enable signal en by invalid transfer to effective time, described control unit is initial assignment state by idle condition redirect;
When after 1 clock cycle that control unit is initial assignment state by idle condition redirect, described control unit is init state by initial assignment state transition;
When after 32 clock cycle that control unit is init state by initial assignment state transition, described control unit is idling conditions by init state redirect;
When after 1 clock cycle that control unit is idling conditions by init state redirect, described control unit is operating state by idling conditions redirect.
In the embodiment of the present invention two, the initial value that cycle shift unit generates according to initialization unit, carries out initial assignment to each circulating register, and according to the updated value that updating block generates, upgrades, specifically comprise each circulating register:
Cycle shift unit, within each clock cycle, monitors the state of described control unit;
If monitoring described control unit is initial assignment state, then according to the initial value that initialization unit generates, initial assignment is carried out to each circulating register;
If monitoring control unit is init state, idling conditions or operating state, then according to the updated value that updating block generates, each circulating register is upgraded.
In the embodiment of the present invention two, replacement unit is according to the value of circulating register, and the algorithm corresponding based on the algorithms selection signal sel received generates output parameter, specifically comprises:
Within each clock cycle, monitor the state of described control unit;
If monitoring described control unit is initial assignment state, then output parameter is set to 0;
If monitoring control unit is init state, idling conditions or operating state, then according to the value of circulating register, the algorithm corresponding based on the algorithms selection signal sel received generates output parameter.
In the embodiment of the present invention two, the output parameter that key stream generation unit generates according to the value of circulating register and replacement unit, the algorithm corresponding based on the algorithms selection signal sel received generates key stream, specifically comprises:
Within each clock cycle, monitor the state of described control unit;
If monitoring described control unit is operating state, then according to the output parameter that value and the replacement unit of circulating register generate, the algorithm corresponding based on the algorithms selection signal sel received generates key stream.
Embodiment three
Based on the key stream generating apparatus that the embodiment of the present invention one proposes, the embodiment of the present invention three proposes a kind of Confidentiality protection device, in order to realize 128-EEA1 and 128-EEA3, Confidentiality protection device comprises initial vector generation unit 61, the key stream generating apparatus 62 that the embodiment of the present invention one proposes, encryption/decryption element 63, its structure as shown in Figure 6, initial vector generation unit 61 is by 32 countings (count), 5 carryings (bearer), 1 direction (direction) builds IV, then key stream ks is generated by key stream generating apparatus 62, finally carry out encryption and decryption according to key stream ks to input data (Din) to be protected to obtain exporting data (Dout).Wherein:
Initial vector generation unit 61, the IV of 128 needed for key stream is generated for generating key stream generating apparatus 62, initial vector generation unit 61 be input as count, bearer, direction, export as IV, initial vector generation unit 61 will input together with filling bit 0, generate IV in the following manner:
IV={count,bearer,direction,0 26,count,bearer,direction,0 26}
Wherein, 0 26represent 26 0.
Key stream generation unit 62 is for generation of the key stream ks carried out required for Confidentiality protection.
Encryption/decryption element 63; for the key stream ks generated according to key stream generating apparatus 62; carry out encryption and decryption to input data (Din) to be protected to obtain exporting data (Dout); be encrypted operation by clear data to be sent and obtain encrypt data, and operation is decrypted to the encrypt data received obtains clear data.Concrete: the key stream ks that clear data to be sent and key stream generating apparatus 62 generate is carried out xor operation and obtains encrypt data by encryption/decryption element 63, and the key stream ks that the encrypt data received and key stream generating apparatus 62 generate is carried out xor operation obtain clear data.
Embodiment four
Based on the Confidentiality protection device that the embodiment of the present invention three proposes, the embodiment of the present invention four proposes a kind of Confidentiality protection method, and as shown in Figure 7, its concrete handling process is as follows:
Step 71, initial vector generation unit generates the IV of key stream generating apparatus generation needed for key stream;
Step 72, the key stream generating method that key stream generating apparatus proposes based on the embodiment of the present invention two generates key stream ks;
Step 73, the key stream ks that encryption/decryption element generates according to key stream generating apparatus, is encrypted operation to sent clear data and obtains encrypt data, and is decrypted operation to the encrypt data received and obtains clear data.
In the embodiment of the present invention four, the key stream ks that encryption/decryption element generates according to key stream generating apparatus, is encrypted operation to sent clear data and obtains encrypt data, specifically comprise:
The key stream ks that clear data to be sent and key stream generating apparatus generate is carried out xor operation and obtains encrypt data by encryption/decryption element;
The key stream ks that encryption/decryption element generates according to key stream generating apparatus, is decrypted operation to the encrypt data received and obtains clear data, specifically comprise:
The key stream ks that the encrypt data received and key stream generating apparatus generate is carried out xor operation and obtains clear data by encryption/decryption element.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.

Claims (19)

1. a key stream generating apparatus, is characterized in that, comprising:
Control unit, the algorithms selection signal that the algorithm for sending generation key stream respectively to initialization unit, updating block, replacement unit and key stream generation unit is corresponding;
Initialization unit, for according to the initial key pre-set and initial vector, based on the algorithm generation initial value that the algorithms selection signal received is corresponding;
Cycle shift unit, for the initial value generated according to initialization unit, carries out initial assignment to each circulating register, and according to the updated value that updating block generates, upgrades each circulating register;
Replacement unit, for the value according to circulating register, the algorithm corresponding based on the algorithms selection signal received generates output parameter;
Updating block, for the output parameter generated according to value and the replacement unit of circulating register, the algorithm corresponding based on the algorithms selection signal received generates updated value;
Key stream generation unit, for the output parameter generated according to value and the replacement unit of circulating register, the algorithm corresponding based on the algorithms selection signal received generates key stream.
2. device as claimed in claim 1, is characterized in that, described initialization unit specifically for:
When the algorithm that the algorithms selection signal received is corresponding is SNOW3G algorithm, generate initial value by following manner:
{i 0,i 1,i 2,i 3}=!{k 0,k 1,…,k 127}
{i 4,i 5,i 6,i 7}={k 0,k 1,…,k 127}
i 8=i 0
i 9 = i 1 &CirclePlus; { iv 96 , iv 97 , ... , iv 127 }
i 10 = i 2 &CirclePlus; { iv 64 , iv 65 , ... , iv 95 }
i 11=i 3
i 12 = i 4 &CirclePlus; { iv 32 , iv 33 , ... , iv 63 }
i 13=i 5
i 14=i 6
i 15 = i 7 &CirclePlus; { iv 0 , iv 1 , ... , iv 31 }
Wherein, i 0, i 1i 15for 16 initial values that initialization unit generates;
! Represent step-by-step negate computing;
{ } represents series connection computing;
{ k 0, k 1k 127it is the initial key of 128;
{ iv 0, iv 1iv 127it is the initial vector of 128;
represent XOR;
When the algorithm that the algorithms selection signal received is corresponding is ZUC algorithm, generate initial value by following manner:
i j=0||{k 8·j,k 8·j+1,…,k 8·j+7}||d j||{iv 8·j,iv 8·j+1,…,iv 8·j+7}
Wherein, i jfor the jth initial value in 16 initial values that initialization unit generates, 0≤j≤15;
|| represent series connection computing;
D jfor 15 bit constants preset.
3. device as claimed in claim 1, it is characterized in that, the state of described control unit comprises idle condition, initial assignment state, init state, idling conditions and operating state, wherein:
When enable signal is invalid, described control unit is in idle condition;
When enable signal by invalid transfer to effective time, described control unit is initial assignment state by idle condition redirect;
When after 1 clock cycle that control unit is initial assignment state by idle condition redirect, described control unit is init state by initial assignment state transition;
When after 32 clock cycle that control unit is init state by initial assignment state transition, described control unit is idling conditions by init state redirect;
When after 1 clock cycle that control unit is idling conditions by init state redirect, described control unit is operating state by idling conditions redirect.
4. device as claimed in claim 3, is characterized in that, described cycle shift unit specifically for:
Within each clock cycle, monitor the state of described control unit, if monitoring described control unit is initial assignment state, then according to the initial value that initialization unit generates, initial assignment is carried out to each circulating register, if monitoring control unit is init state, idling conditions or operating state, then according to the updated value that updating block generates, each circulating register is upgraded.
5. device as claimed in claim 4, is characterized in that, described cycle shift unit specifically for:
If monitoring described control unit is initial assignment state, then by following manner, initial assignment is carried out to 16 circulating registers:
r j=i j
Wherein, r jit is the value of the jth register in 16 circulating registers;
I jfor the jth initial value in 16 initial values that initialization unit generates, 0≤j≤15;
If monitoring control unit is init state, idling conditions or operating state, then by following manner, comprise 16 registers are upgraded:
r 0=r 1,r 1=r 2,r 2=r 3,r 3=r 4,r 4=r 5,r 5=r 6,r 6=r 7,r 7=r 8
r 8=r 9,r 9=r 10,r 10=r 11,r 11=r 12,r 12=r 13,r 13=r 14,r 14=r 15,r 15=r updt
Wherein, r 0, r 1r 15be respectively the value of 16 circulating registers;
R updtfor the updated value that updating block generates.
6. device as claimed in claim 3, is characterized in that, described replacement unit specifically for:
Within each clock cycle, monitor the state of described control unit, if monitoring described control unit is initial assignment state, then output parameter is set to 0, if monitoring control unit is init state, idling conditions or operating state, then according to the value of circulating register, the algorithm corresponding based on the algorithms selection signal received generates output parameter.
7. device as claimed in claim 6, is characterized in that, described replacement unit specifically for:
If monitoring control unit is init state, idling conditions or operating state, and algorithm corresponding to the algorithms selection signal received is SNOW3G algorithm, then generate output parameter by following manner:
s=xor 0
xor o = R 1 &CirclePlus; t 1 , xor 1 = t 2 &CirclePlus; t 3
t 0=r 15,t 1=add 0,t 2=R 2,t 3=r 5
R 3=add 1,R 2=S2(R 1),R 1=S1(R 0),R 0=R 3
Wherein, s is the output parameter that replacement unit generates;
Xor 0, xor 1be respectively the value of 2 default XOR devices;
R 0, R 1, R 2, R 3be respectively the value of 4 default replacement registers;
T 0, t 1, t 2, t 3be respectively 4 temporary variables;
Add 0, add 1be respectively the value of 2 default adders;
R 5, r 15be respectively the value of the 6th, the 16th circulating register;
S1 and S2 represents replacement operation;
represent XOR;
represent that mould adds computing;
If monitoring control unit is init state, idling conditions or operating state, and algorithm corresponding to the algorithms selection signal received is ZUC algorithm, then generate output parameter by following manner:
s=add 1
t 0={r 11L,r′ 9H},t 1={r 7L,r′ 5H},t 2=R 0,t 3={r′ 15H,r 14L}
R 3=add 0,R 2=xor 0,R 1=S(L2{R 2L,R 3H}),R 0=S(L1{R 3L,R 2H})
Wherein, r 5, r 7, r 9, r 11, r 14, r 15be respectively the value of the 6th, the 8th, the 10th, the 12nd, the 15th, the 16th circulating register;
R 11L, r 7L, r 14L, R 2L, R 3Lrepresent r respectively 11, r 7, r 14, R 2, R 3low 16;
R 3H, R 2Hrepresent R respectively 3, R 2high 16;
R ' 9, r ' 5, r ' 15represent r respectively 9, r 5, r 15low 31;
R ' 9H, r ' 5H, r ' 15Hrepresent r ' respectively 9, r ' 5, r ' 15high 16;
S represents replacement operation;
L1 and L2 represents linear transformation computing;
{ } represents series connection computing.
8. device as claimed in claim 3, is characterized in that, described updating block specifically for:
When the algorithm that the algorithms selection signal received is corresponding is SNOW3G algorithm, generate updated value by following manner:
r u p d t = ( r 0 &CenterDot; &alpha; ) &CirclePlus; r 2 &CirclePlus; ( r 11 &CenterDot; &alpha; - 1 ) &CirclePlus; s
Wherein, r updtfor the updated value that updating block generates;
S is the output parameter that replacement unit generates;
R 0, r 2, r 11be respectively the value of the 1st, the 3rd, the 12nd circulating register;
represent XOR;
R 0α representative function mul α(r 0);
R 11α -1representative function div α(r 0);
When the algorithm that the algorithms selection signal received is corresponding is ZUC algorithm, generate updated value by following manner:
r updt=0||(r′ 0+2 8·r′ 0+2 20·r′ 4+2 21·r′ 10+2 17·r′ 13+2 15·r′ 15+(s>>1))mod(2 31-1)
Wherein, r 0, r 4, r 10, r 13, r 15be respectively the value of the 1st, the 5th, the 11st, the 14th, the 16th circulating register;
R ' 0, r ' 4, r ' 10, r ' 13, r ' 15represent r respectively 0, r 4, r 10, r 13, r 15low 31;
S > > 1 represents that s moves to right 1;
2 8r ' 0, 2 20r ' 4, 2 21r ' 10, 2 17r ' 13, 2 15r ' 15represent r ' respectively 0ring shift left 8, r ' 4ring shift left 20, r ' 10ring shift left 21, r ' 13ring shift left 17, r ' 15ring shift left 15;
|| represent series connection computing;
If the updated value r generated updtbe 0, then by updated value r updtbe set to 0|| (2 31-1).
9. device as claimed in claim 3, is characterized in that, described key stream generation unit specifically for:
Within each clock cycle, monitor the state of described control unit, if monitoring described control unit is operating state, then according to the output parameter that value and the replacement unit of circulating register generate, the algorithm corresponding based on the algorithms selection signal received generates key stream.
10. device as claimed in claim 9, is characterized in that, described key stream generation unit specifically for:
If monitoring described control unit is operating state, and algorithm corresponding to the algorithms selection signal received is SNOW3G algorithm, then generate key stream by following manner:
k s = s &CirclePlus; r 0
Wherein, ks is the key stream that key stream generation unit generates;
S is the output parameter that replacement unit generates;
R 0it is the value of the 1st circulating register;
represent XOR;
If monitoring described control unit is operating state, and algorithm corresponding to the algorithms selection signal received is ZUC algorithm, then generate key stream by following manner:
k s = s &CirclePlus; { r 2 L , r 0 H &prime; }
Wherein, r 0, r 2be respectively the value of the 1st, the 3rd circulating register;
R 2Lrepresent r 2high 16;
R ' 0represent r 0low 31;
R ' 0Hrepresent r ' 0high 16;
{ } represents series connection computing.
11. 1 kinds of key stream generating methods, is characterized in that, comprising:
Control unit sends respectively to initialization unit, updating block, replacement unit and key stream generation unit and generates algorithms selection signal corresponding to the algorithm of key stream;
Initialization unit is according to the initial key pre-set and initial vector, and the algorithm corresponding based on the algorithms selection signal received generates initial value;
The initial value that cycle shift unit generates according to initialization unit, carries out initial assignment to each circulating register, and according to the updated value that updating block generates, upgrades each circulating register;
Replacement unit is according to the value of circulating register, and the algorithm corresponding based on the algorithms selection signal received generates output parameter;
The output parameter that updating block generates according to the value of circulating register and replacement unit, the algorithm corresponding based on the algorithms selection signal received generates updated value;
The output parameter that key stream generation unit generates according to the value of circulating register and replacement unit, the algorithm corresponding based on the algorithms selection signal received generates key stream.
12. methods as claimed in claim 11, is characterized in that, the state of described control unit comprises idle condition, initial assignment state, init state, idling conditions and operating state, wherein:
When enable signal is invalid, described control unit is in idle condition;
When enable signal by invalid transfer to effective time, described control unit is initial assignment state by idle condition redirect;
When after 1 clock cycle that control unit is initial assignment state by idle condition redirect, described control unit is init state by initial assignment state transition;
When after 32 clock cycle that control unit is init state by initial assignment state transition, described control unit is idling conditions by init state redirect;
When after 1 clock cycle that control unit is idling conditions by init state redirect, described control unit is operating state by idling conditions redirect.
13. methods as claimed in claim 12, is characterized in that, the initial value that cycle shift unit generates according to initialization unit, initial assignment is carried out to each circulating register, and according to the updated value that updating block generates, each circulating register is upgraded, specifically comprises:
Cycle shift unit, within each clock cycle, monitors the state of described control unit;
If monitoring described control unit is initial assignment state, then according to the initial value that initialization unit generates, initial assignment is carried out to each circulating register;
If monitoring control unit is init state, idling conditions or operating state, then according to the updated value that updating block generates, each circulating register is upgraded.
14. methods as claimed in claim 12, is characterized in that, replacement unit is according to the value of circulating register, and the algorithm corresponding based on the algorithms selection signal received generates output parameter, specifically comprises:
Within each clock cycle, monitor the state of described control unit;
If monitoring described control unit is initial assignment state, then output parameter is set to 0;
If monitoring control unit is init state, idling conditions or operating state, then according to the value of circulating register, the algorithm corresponding based on the algorithms selection signal received generates output parameter.
15. methods as claimed in claim 12, is characterized in that, the output parameter that key stream generation unit generates according to the value of circulating register and replacement unit, and the algorithm corresponding based on the algorithms selection signal received generates key stream, specifically comprises:
Within each clock cycle, monitor the state of described control unit;
If monitoring described control unit is operating state, then according to the output parameter that value and the replacement unit of circulating register generate, the algorithm corresponding based on the algorithms selection signal received generates key stream.
16. 1 kinds of Confidentiality protection devices, is characterized in that, comprise initial vector generation unit, key stream generating apparatus, encryption/decryption element as described in claim as arbitrary in claim 1 ~ 10, wherein:
Initial vector generation unit, for generating the initial vector needed for key stream generating apparatus generation key stream;
Encryption/decryption element, for the key stream generated according to key stream generating apparatus, is encrypted operation to sent clear data and obtains encrypt data, and is decrypted operation to the encrypt data received and obtains clear data.
17. devices as claimed in claim 16, is characterized in that, described encryption/decryption element specifically for:
The key stream that clear data to be sent and key stream generating apparatus generate is carried out xor operation and obtains encrypt data, and the key stream that the encrypt data received and key stream generating apparatus generate is carried out xor operation obtain clear data.
18. 1 kinds of Confidentiality protection methods, is characterized in that, comprising:
Initial vector generation unit generates the initial vector of key stream generating apparatus generation needed for key stream;
Key stream generating apparatus generates key stream based on the key stream generating method described in claim arbitrary in claim 11 ~ 15;
The key stream that encryption/decryption element generates according to key stream generating apparatus, is encrypted operation to sent clear data and obtains encrypt data, and is decrypted operation to the encrypt data received and obtains clear data.
19. methods as claimed in claim 18, is characterized in that, the key stream that encryption/decryption element generates according to key stream generating apparatus, are encrypted operation and obtain encrypt data, specifically comprise to sent clear data:
The key stream that clear data to be sent and key stream generating apparatus generate is carried out xor operation and obtains encrypt data by encryption/decryption element;
The key stream that encryption/decryption element generates according to key stream generating apparatus, is decrypted operation to the encrypt data received and obtains clear data, specifically comprise:
The key stream that the encrypt data received and key stream generating apparatus generate is carried out xor operation and obtains clear data by encryption/decryption element.
CN201210034235.3A 2012-02-15 2012-02-15 Key stream generating apparatus and method, Confidentiality protection device and method Active CN103260156B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210034235.3A CN103260156B (en) 2012-02-15 2012-02-15 Key stream generating apparatus and method, Confidentiality protection device and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210034235.3A CN103260156B (en) 2012-02-15 2012-02-15 Key stream generating apparatus and method, Confidentiality protection device and method

Publications (2)

Publication Number Publication Date
CN103260156A CN103260156A (en) 2013-08-21
CN103260156B true CN103260156B (en) 2015-12-02

Family

ID=48963798

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210034235.3A Active CN103260156B (en) 2012-02-15 2012-02-15 Key stream generating apparatus and method, Confidentiality protection device and method

Country Status (1)

Country Link
CN (1) CN103260156B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103701591B (en) * 2013-12-23 2016-08-31 中国科学院数学与系统科学研究院 A kind of sequential cipher realization method and key stream generate method and device
CN105897396B (en) * 2016-04-12 2018-12-07 桂林电子科技大学 For the cryptanalytic methods of SNOW 3G Encryption Algorithm
CN106304054B (en) * 2016-08-29 2019-06-07 西安电子科技大学 A kind of method and device of protection data integrity in LTE system
CN109871697B (en) * 2018-12-10 2020-02-11 北京海泰方圆科技股份有限公司 Encryption and browsing method and device of electronic file, server, terminal and medium
CN110795748B (en) * 2019-10-24 2021-12-14 清华大学无锡应用技术研究院 Method, system and medium for realizing stream cipher algorithm based on reconfigurable computing array
CN115834028A (en) * 2021-09-18 2023-03-21 Oppo广东移动通信有限公司 Chip and method for generating message authentication code
CN114553424B (en) * 2022-02-21 2024-03-15 南京航空航天大学 ZUC-256 stream cipher light weight hardware system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101330376A (en) * 2007-06-22 2008-12-24 华为技术有限公司 Negotiation method for safety algorithm
CN101459510A (en) * 2007-12-14 2009-06-17 华为技术有限公司 Implementation method and device for real-time transmission data encryption algorithm
CN102256234A (en) * 2010-05-19 2011-11-23 电信科学技术研究院 Method and equipment for processing user authentication process
CN102307091A (en) * 2011-10-09 2012-01-04 大唐移动通信设备有限公司 Method and device for protecting signalling in NAS (non-access stratum) layer

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101854625B (en) * 2009-04-03 2014-12-03 华为技术有限公司 Selective processing method and device of security algorithm, network entity and communication system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101330376A (en) * 2007-06-22 2008-12-24 华为技术有限公司 Negotiation method for safety algorithm
CN101459510A (en) * 2007-12-14 2009-06-17 华为技术有限公司 Implementation method and device for real-time transmission data encryption algorithm
CN102256234A (en) * 2010-05-19 2011-11-23 电信科学技术研究院 Method and equipment for processing user authentication process
CN102307091A (en) * 2011-10-09 2012-01-04 大唐移动通信设备有限公司 Method and device for protecting signalling in NAS (non-access stratum) layer

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Specification of the 3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3.Document 4: Design and Evaluation Report;ETSI;《ETSI/SAGE Technical report》;20110915;第1-43页 *
中国移动LTE/SAE安全技术规范;朱红儒等;《中国移动通信企业标准》;20110402;第1-78页 *

Also Published As

Publication number Publication date
CN103260156A (en) 2013-08-21

Similar Documents

Publication Publication Date Title
CN103260156B (en) Key stream generating apparatus and method, Confidentiality protection device and method
US11595196B2 (en) Quantum key distribution method and device, and storage medium
US11882437B2 (en) Secure key exchange mechanism in a wireless communication system
CN108347417B (en) Network authentication method, user equipment, network authentication node and system
CN103096302B (en) A kind of encryption method, decryption method and relevant apparatus
Saxena et al. Dynamic secrets and secret keys based scheme for securing last mile smart grid wireless communication
CN102025505A (en) Advanced encryption standard (AES) algorithm-based encryption/decryption method and device
CN102160406B (en) A method for communicating in a network, a communication device and a system therefor
CN106161416A (en) A kind of method realizing data transmission and optical channel transmission equipment
JP2009141958A (en) Method of for handling security key change and communication device
CN109756877B (en) Quantum-resistant rapid authentication and data transmission method for massive NB-IoT (NB-IoT) equipment
CN101707767B (en) Data transmission method and devices
JP2017085559A (en) System and method for efficient and semantically secure symmetric encryption over channels with limited bandwidth
CN103905183B (en) Method for improving safety of communication transmission of embedded encryption chip
CN105024807A (en) Data processing method and system
CN116321129B (en) Lightweight dynamic key-based power transaction private network communication encryption method
JP2016527736A (en) Device and method for MTC group key management
La Manna et al. fABElous: An attribute-based scheme for industrial internet of things
CN103825742A (en) Authentication key agreement method applicable to large-scale sensor network
Al-alak et al. Aes and ecc mixed for zigbee wireless sensor security
Yu et al. Quantum-resistance authentication and data transmission scheme for NB-IoT in 3GPP 5G networks
Oliveira et al. Dh-aes-p4: on-premise encryption and in-band key-exchange in p4 fully programmable data planes
CA2754370A1 (en) Method and device for data encryption and decryption
CN112602289A (en) Data encryption processing method, data decryption processing method, data encryption processing device, data decryption processing device and electronic equipment
CN104902471A (en) Identity-based key exchange design method in wireless sensor network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant