CN104852798A - Data encryption and decryption system and method thereof - Google Patents

Data encryption and decryption system and method thereof Download PDF

Info

Publication number
CN104852798A
CN104852798A CN201510238121.4A CN201510238121A CN104852798A CN 104852798 A CN104852798 A CN 104852798A CN 201510238121 A CN201510238121 A CN 201510238121A CN 104852798 A CN104852798 A CN 104852798A
Authority
CN
China
Prior art keywords
module
data
decryption
encryption
adjusted value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510238121.4A
Other languages
Chinese (zh)
Other versions
CN104852798B (en
Inventor
程雪岷
覃冠杰
马建设
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Graduate School Tsinghua University
Original Assignee
Shenzhen Graduate School Tsinghua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Graduate School Tsinghua University filed Critical Shenzhen Graduate School Tsinghua University
Priority to CN201510238121.4A priority Critical patent/CN104852798B/en
Publication of CN104852798A publication Critical patent/CN104852798A/en
Application granted granted Critical
Publication of CN104852798B publication Critical patent/CN104852798B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The present invention discloses a data encryption and decryption system and a method thereof. The system comprises an input data buffer module, a main control module, an adjustment value generation module, a main encryption and decryption module, a key expansion module, a ciphertext stealing module, a ciphertext stealing register module and a data output module. The data inputted by the outside is temporally stored in the input data buffer module. The main control module controls the input data buffer module, the adjustment value generation module, the main encryption and decryption module, the key expansion module, the ciphertext stealing module, the ciphertext stealing register module and the data output module. The adjustment value generation module generates an adjustment value needed by an XTS encryption mode. The main encryption and decryption module carries out wheel arithmetic operations of encryption and decryption on the state matrix of the data. The key expansion module expands an initial key to be the round key needed by the main encryption and decryption module. The ciphertext stealing in the XTS encryption mode is realized by the ciphertext stealing module. The ciphertext stealing register module temporally stores the middle encryption and decryption data needed by the ciphertext stealing. The data output module outputs an encryption or decryption result to the outside.

Description

A kind of data encrypting and deciphering system and method
Technical field
The present invention relates to information science technology field, particularly relate to a kind of data encrypting and deciphering system and method.
Background technology
At area information storage, the implementation method of carrying out encryption and decryption for hard disc data can be divided into soft encryption and the large class of hardware encryption two.Namely hardware encryption is coordinate corresponding software by special process chip, realizes the encryption process to hard disc data.Compared with not needing the soft encryption of additional hardware, hardware encryption has that speed is fast, occupying system resources is few, Cipher Strength high.
Disclosing only for auxiliary understanding inventive concept of the present invention and technical scheme of upper background technology content, it must not belong to the prior art of present patent application, show that not having tangible proof the applying date of foregoing in present patent application is in disclosed situation, above-mentioned background technology should not be used for novelty and the creativeness of evaluating the application.
Summary of the invention
The present invention (mainly) object is to propose a kind of data encrypting and deciphering system and method, with the technical problem that the enciphering rate solving the existence of above-mentioned prior art is slow.
For this reason, the present invention proposes a kind of data encrypting and deciphering system, comprises input data buffering module, main control module, adjusted value generation module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and data outputting module; Described input data buffering module keeps in the data of outside input; Described master control module controls input data buffering module, adjusted value generation module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and data outputting module; Described adjusted value generation module generates the adjusted value that XTS encryption mode needs; The wheel arithmetic operation that the state matrix of described main encryption/decryption module to described data is encrypted or deciphers, initial key is extended to the round key needed for described main encryption/decryption module by described cipher key expansion module; Described Cipher-Text Stealing module realizes the Cipher-Text Stealing in XTS encryption mode; Described Cipher-Text Stealing register module keeps in the middle encryption and decryption data required for Cipher-Text Stealing; Described data outputting module externally exports encryption or decrypted result.
A kind of data encryption/decryption method, comprises the steps: that main control module carries out Initialize installation, according to the signal of outside input, starts encryption and decryption functions; The S box that main encryption/decryption module and adjusted value generation module are used is set; The S box that cipher key expansion module is used is set; The data that cipher key expansion module transmits according to main control module and signal, produce the round key used in main encryption/decryption module, produces the round key used in adjusted value generation module; Outer input data is kept in by input data buffering module, and according to the signal that main control module sends, by temporary data input Cipher-Text Stealing module; The logical place value received is sent into adjusted value generation module by described main control module; Cipher-Text Stealing module, according to the signal of main control module, is selected enable or do not enable Cipher-Text Stealing pattern; Main encryption module and adjusted value generation module are under the control of main control module, corresponding round key is called respectively from cipher key expansion module, the encryption of the tune handle of input is generated adjusted value by adjusted value generation module, and sent into main encryption module, main encryption/decryption module obtains data from Cipher-Text Stealing module, execution pipeline walks abreast encryption and decryption operation, the data after process is sent in data outputting module.
The beneficial effect that the present invention is compared with the prior art comprises: present invention employs the XTS encryption and decryption pattern adapting to pile line operation, make fail safe and efficiency all be better than traditional encryption and decryption pattern.
Accompanying drawing explanation
Fig. 1 is the overall construction drawing of invention;
Fig. 2 is the block diagram of adjusted value generation module of the present invention;
Fig. 3 is the block diagram of main encryption/decryption module of the present invention;
Fig. 4 is cipher key expansion module schematic diagram;
Fig. 5 is the structured flowchart of cipher key expansion module;
Fig. 6 is the structured flowchart of composite S cartridge module;
Fig. 7 is the structured flowchart that row displacement row obscure module;
Fig. 8 is the schematic diagram of Cipher-Text Stealing module;
Fig. 9 is the structured flowchart of Cipher-Text Stealing module;
Figure 10 is the structured flowchart of register module;
Figure 11 is the state transition diagram of data encrypting and deciphering system;
Figure 12 is workflow diagram of the present invention.
Embodiment
Contrast accompanying drawing below in conjunction with embodiment the present invention is described in further detail.It is emphasized that following explanation is only exemplary, instead of in order to limit the scope of the invention and apply.
With reference to the following drawings, will describe the embodiment of non-limiting and nonexcludability, wherein identical Reference numeral represents identical parts, unless stated otherwise.
Those skilled in the art will recognize that, it is possible for making numerous accommodation to above description, so embodiment is only used to describe one or more particular implementation.
As shown in Figure 1, a kind of data encrypting and deciphering system comprises input data buffering module, main control module, adjusted value generation module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and data outputting module.Input data buffering module is used for the data of temporary external bus input.Main control module be used for conversioning wheel computing module encryption and decryption pattern, coordinate cipher key expansion module, adjusted value generation module and main encryption/decryption module work, necessary data are provided for cipher key expansion module, control Cipher-Text Stealing flow process and input and output flow process.The adjusted value that adjusted value generation module needs for generating XTS encryption mode.Main encryption/decryption module is responsible for the wheel arithmetic operation being encrypted the state matrix of data or deciphering, wheel arithmetic operation comprises byte substitution, inverse byte substitution, row displacement, Retrograde transposition, row are obscured, inverse arrange obscure, the child-operation such as InvAddRoundKey.Cipher key expansion module is used for the round key be extended to by initial key needed for main encryption/decryption module.Cipher-Text Stealing module is for realizing the Cipher-Text Stealing function in XTS encryption mode.Cipher-Text Stealing register module is used for the middle encryption and decryption data of temporary Cipher-Text Stealing.Data outputting module is used for externally exporting encryption or decrypted result.Each signal name in Fig. 1 illustrates as shown in table 1:
The explanation of table 1 each external signal title
Fig. 2 is adjusted value generation module block diagram.Tweak is preset 128 and adjusts handles, is carried out the 14 wheel cryptographic calculations of taking turns, and to take turns the round key that cryptographic calculation uses be utilize the Key2 expansion of outside input to obtain.Adjust the data of handle after third wheel computing to put into adjusted value register, then enter in adjusted value power operation module together with Ln signal, after power operation, Tdone signal is placed in high level, starts to export adjusted value.Adjusted value power operation module is when Tdone signal is placed in high level, value in register sent, then within the cycle of Ln-1 subsequently, circulation performs following operation: first judge that 128 highest orders inputting data are 1 or 0, if highest order is 0, then directly overall data to be moved to left 1; If highest order is 1, then overall data is moved to left after 1, will most least-significant byte and 0x87 step-by-step XOR; Then data are exported as adjusted value, and utilize the value in output valve renewal adjusted value register.
Being described in detail as follows of each parts in Fig. 2: preset tune handle and the 0th round key of taking turns are carried out xor operation by first run InvAddRoundKey module in charge; The data of input are converted to according to mapping ruler and export data accordingly by adjusted value byte substitution module 1 to adjusted value byte substitution module 14; Adjusted value capable displacement row are obscured the capable displacement of module 1 to adjusted value and are arranged and obscure module 13 data of input are carried out position adjustment, and realize data by multiplying and XOR obscure process; The round key that current data and each are taken turns by adjusted value InvAddRoundKey module 1 to adjusted value InvAddRoundKey module 13 carries out step-by-step xor operation; Adjusted value capable displacement InvAddRoundKey module is adjusted and xor operation by position, realizes row shift function and the InvAddRoundKey function of data simultaneously; Adjusted value register module is used for temporary intermediate object program; Adjusted value power operation module, by shifting function and xor operation, realizes the power operation function of data.Each signal name and illustrate as shown in Table 2:
The explanation of table 2 adjusted value generation module signal
Fig. 3 is main encryption/decryption module block diagram, input data can be be-encrypted data or data to be decrypted, first XOR is carried out by inputting data and adjusted value and the 0th round key of taking turns, then the 14 wheel computings taken turns are carried out to it, the round key used in wheel computing utilizes the Key1 expansion of outside input to obtain, if decryption mode, then round key is that encryption round key obtains after inverse rank transformation process.Data after 14 next round computings again with adjusted value XOR after Output rusults.Being described in detail as follows of each parts in Fig. 3: the data of input to be converted to according to mapping ruler and to export data accordingly by main encryption and decryption byte substitution module 1 to main encryption and decryption byte substitution module 14; Main encryption and decryption row displacement row are obscured module 1 and are obscured module 13 to main encryption and decryption row displacement row the data of input are carried out position adjustment, and realize obscuring of data by multiplying and XOR; Main encryption and decryption InvAddRoundKey module 1 is responsible for input data and corresponding round key to carry out XOR to main encryption and decryption InvAddRoundKey module 13; First main encryption and decryption XOR module in charge carries out xor operation by inputting data and adjusted value and the 0th round key of taking turns; Main encryption and decryption row displacement InvAddRoundKey module is adjusted and xor operation by position, realizes row shift function and the InvAddRoundKey function of data simultaneously; Input data and adjusted value are carried out XOR and to be gone forward side by side line output by the second main encryption and decryption XOR module in charge.Each signal name and illustrate as shown in Table 3:
The main encryption/decryption module signal instruction of table 3
Fig. 4 is cipher key expansion module schematic diagram.W 4ito W 4i+3for the 1st in current round key is to the 4th 32 words, W 4i-8to W 4i-1for 32 words of 8 in front two-wheeled round key, function wherein symbol for step-by-step XOR; SubBytes is byte substitution operation; RotBytes is the circulative shift operation in units of byte, supposes W={b1, b2, b3, b4}, and wherein b1, b2, b3, b4 are octet, so RotBytes (W)={ b2, b3, b4, b1}; Rcon is the wheel constant of 32, and high 24 are 0, and least-significant byte is that Rc, Rc determine according to the wheel sequence number i when front-wheel, as shown in table 1.
Fig. 5 is cipher key expansion module structured flowchart.Two-wheeled round key key1 and key2 before cipher key spreading control unit receives, and send in XOR module.In addition send in F function module by the 4th word of the 3rd of key1 the word and key2, the data that F module exports also deliver to the generation participating in round key in the first cipher key spreading XOR module, and the function of F function module is symbol for step-by-step XOR; SubBytes is byte substitution operation; RotBytes is the circulative shift operation in units of byte.The function of each parts is respectively in Figure 5: cipher key spreading control unit is responsible for receiving external data and signal, the collaborative work of coordination key schedule modules, externally exporting secret generating settling signal; One F function module is responsible for carrying out F function operation to 1 round key of taking turns before current; 2nd F function module is responsible for carrying out F function operation to 2 round key of taking turns before current; First cipher key spreading XOR module in charge, according to the principle of formula (1), carries out xor operation to the data of input and generates current round key; Mul9 module in charge carries out the operation taken advantage of with 9 moulds to input data; MulB module in charge carries out the operation taken advantage of with 11 moulds to input data; MulD module in charge carries out the operation taken advantage of with 13 moulds to input data; MulE module in charge carries out the operation taken advantage of with 14 moulds to input data; The data of input are carried out xor operation by the second cipher key spreading XOR module in charge, generate the inverse round key that epicycle round key is corresponding.Generation due to round key does not rely on inverse round key, so the generation of inverse round key can't impact the formation speed of round key.
The pass of inverse round key and round key is close to be shown below, wherein k 1, j', k 2, j', k 3, j', k 4, j' be the column element of inverse round key, k 1, j, k 2, j, k 3, j, k 4, jfor the column element of round key, be byte:
k 1 , j ′ k 2 . j ′ k 3 , j ′ k 4 , j ′ = E B D 9 9 E B D D 9 E B B D 9 E k 1 , j k 2 , j k 3 , j k 4 , j
The each signal name of cipher key expansion module and illustrate as shown in table 4:
The each signal name of table 4 cipher key expansion module and implication thereof
Title Figure place Explanation
Clk 1 Clock signal
Reset 1 Reset signal, high level is effective
RC 8 The wheel constant least-significant byte that F function needs
Saddr 4 Signal selected by S box
En1 1 Key1 enable signal, high level is effective
En2 1 Key2 enable signal, high level is effective
Key1 128 1 take turns before round key
Key2 128 2 take turns before round key
Key_ready 1 Round key settling signal, high level is effective
Invkey_ready 1 Inverse key settling signal, high level is effective
Key 128 Epicycle round key output port
Invkey 128 Epicycle is against round key output port
Fig. 6 is composite S cartridge module block diagram, and composite S box applies in the byte substitution module in main encryption/decryption module, whole value generation module, and in F function module in cipher key expansion module.The S box that composite S box is exported by 88 inputs 8 and inverse S box thereof form, and composite S box is realized by look-up table ROM cell, and searching address is 12, and high 4 are used for selecting S box or inverse S box, and least-significant byte is byte substitution input data.Composite S box is present in byte substitution module and F function module, and is applied in main encryption/decryption module in Fig. 1, adjusted value generation module, cipher key expansion module.Signal name and the explanation thereof of composite S box is given in table 5.
Table 5 composite S cartridge module signal instruction
Title Figure place Explanation
Clk 1 External timing signal
Addr 4 For S box and the inverse S box of choice for use
Datain 8 Need the input data of carrying out byte substitution
Dataout 8 Output data after byte substitution
Fig. 7 is that row displacement row obscure module frame chart, and this module can realize row displacement, arrange and obscure and inverse operation operation, and applies in adjusted value generation module and main encryption/decryption module.The mathematical expression form that row displacement, Retrograde transposition, row are obscured, inverse row are obscured is as shown in table 6, wherein b i, 1', b i, 2', b i, 3', b i, 4' and b 1, j', b 2, j', b 3, j', b 4, j' be through operation after byte, b i, 1, b i, 2, b i, 3, b i, 4and b 1, j, b 2, j, b 3, j, b 4, jfor preoperative byte.Row displacement row are obscured module and are utilized multiplying in look-up table functional realiey finite field, in XOR module, utilize line to realize row displacement and Retrograde transposition operation, and select corresponding data XOR to obtain row to obscure and inverse row confusion result, finally exported by Mode signal-line choosing, when Mode is low level, the displacement of output row and row obscure rear result, export Retrograde transposition and obscure rear result against arranging when Mode is high level.Being described in detail as follows of each module in Fig. 7: Mul2 module in charge carries out the operation taken advantage of with 2 moulds to input data; Mul3 module in charge carries out the operation taken advantage of with 3 moulds to input data; Mul9 module in charge carries out the operation taken advantage of with 9 moulds to input data; MulB module in charge carries out the operation taken advantage of with 11 moulds to input data; MulD module in charge carries out the operation taken advantage of with 13 moulds to input data; MulE module in charge carries out the operation taken advantage of with 14 moulds to input data; The data that forward XOR module in charge receives Datain data, Mul2, Mul3 export, and carry out xor operation, then the data after space is shifted and row are obscured are exported; Reverse XOR module in charge receives the data that Mul9, MulB, MulD, MulE module exports, and carries out xor operation, then the data after Retrograde transposition and inverse row are obscured is exported; Row displacement row obscure the data that register is responsible for temporary forward XOR module and the output of reverse XOR module, and according to Mode signal behavior one, export final data.These moulds of mul2, mul3, mul9, mulB, mulD, mulE take advantage of unit all based on look-up tables'implementation, and table 7 to table 12 sets forth their value table.
The capable displacement of table 6, Retrograde transposition, row are obscured, against arranging the mathematical expression form obscured
Table 7 mul2 module value table
Table 8 mul3 module value table
Table 9 mul9 module value table
Table 10 mulB module value table
Table 11 mulD module value table
Table 12 mulE module value table
Fig. 8 is Cipher-Text Stealing module work schematic diagram, supposes to comprise altogether n data cell in pending data block, and the length of data cell 1 to data cell n-1 is 16 bytes.When the length of data cell n is discontented with 16 byte, if its length is P byte, the data after data cell n-1 encryption and decryption are divided into two parts, front portion is middle output 1, length is P byte, and rear portion is middle output 2, and length is 16-P byte, centre is exported 1 as finally exporting n, centre is exported the high position that 2 add data cell n, after being combined into the length of 16 bytes, sends into main encryption/decryption module, the result obtained exports 3 for middle, and centre is exported 3 as finally exporting n-1.
Fig. 9 is the structured flowchart of Cipher-Text Stealing module, Cipher-Text Stealing scheduling unit obtains the data of whole cryptographic block from input data buffering module, and leave in schedule register 1 to schedule register 32, each schedule register deposits the data of 1 data cell, can support at most 32 data cells, the byte number of each data cell is no more than 16.Signal Len1 is the number of data cell, and signal Len2 is the byte number of last data cell, and when the byte number of last data cell is not 16, Smode line is set to high level by main control module, enables Cipher-Text Stealing function.Suppose that the value of Len1 is n, Cipher-Text Stealing scheduling unit is first sent into data cell n-1 in main encryption/decryption module, then successively data cell 1 to data cell n-2 is sent in main encryption/decryption module in order, finally read the data of data cell n-1 after encryption and decryption from Sdata, and take out high position data section and data cell n is merged into the data that length is 16 bytes, send in main encryption/decryption module, Sdone is placed in high level simultaneously, represent that data conveying is complete.If the byte number of data cell n is just 16, then Smode line is set to low level by control module, Cipher-Text Stealing scheduling unit is first sent into data cell n-1 in main encryption/decryption module, then successively data cell 1 to data cell n-2 is sent in main encryption/decryption module in order, finally direct data cell n to be sent in main encryption/decryption module, and Sdone holding wire is drawn high to indicate completing of Cipher-Text Stealing work.Each signal name and illustrate as shown in table 13:
The each signal instruction of table 13 Cipher-Text Stealing module
Figure 10 is Cipher-Text Stealing register module structured flowchart, and Cipher-Text Stealing register module is mainly used in the result of temporal data unit n-1 after encryption and decryption computing.When reset signal Reset is placed in high level, Cipher-Text Stealing register enters holding state, wait for main encryption/decryption module Output rusults, its write enable signal port En is connected with the index signal port Isdone that completes of main encryption/decryption module, when main encryption/decryption module completes encryption and decryption work, send index signal to Cipher-Text Stealing register module, encryption and decryption result latches by Cipher-Text Stealing register module, calls for Cipher-Text Stealing module.Being described in detail as follows of each parts in Figure 10: ciphertext deposits the Isdone index signal that control unit is responsible for receiving main encryption/decryption module, and according to these signal designation ciphertext registers latch data; Ciphertext register is connected with the output data line of main encryption/decryption module, and deposits the index signal latch data of control unit according to ciphertext.The each signal name of Cipher-Text Stealing register module and explanation thereof is given in table 14.
The each signal instruction of table 14 Cipher-Text Stealing module
Figure 11 is the state transition diagram of data encrypting and deciphering system, when Reset sets high level, system reset is standby to Idle state, under Idle state, when systems axiol-ogy is in high level state to Start signal, be introduced into round key extended mode Keyexpand, when round key expansion is complete, Key_ready signal is placed in high level, enters encryption and decryption flow process.Encryption and decryption flow process is decided to be in encryption or decrypted state by Mode signal, is determined whether enabling Cipher-Text Stealing function by Smode signal.Work as Key_ready=1, when Mode=0, Smode=1, enter Cipher-Text Stealing type encrypted state Enc_Steal; Work as Key_ready=1, when Mode=0, Smode=0, enter non-Cipher-Text Stealing type encrypted state Enc_Normal; Work as Key_ready=1, when Mode=1, Smode=0, enter non-Cipher-Text Stealing type decrypted state Dec_Normal; Work as Key_ready=1, when Mode=1, Smode=1, enter Cipher-Text Stealing type decrypted state Dec_Steal.After encryption and decryption work completes, Isdone signal is placed in high level, system enters and externally exports data mode Output, and when data output is complete or Reset signal is set to high level, system is got back to Idle state and waited for Start signal.
Embodiment:
The present embodiment completes test on the family chip XC5VFX130T of the Virtex5 of Xilinx company, specifically comprises the following steps:
Step 1: system electrification, initialization S box data, the S box that the composite S box in embodiment is exported by 88 inputs 8 and their inverse S box arrange in order and form in ROM, and low level deposits 1 to No. 8 S box in order, and a high position deposits 1 to No. 8 inverse S box in order.The data of composite S box decimally represent, as table 15:
The composite S box tables of data used in table 15 embodiment
Step 2: select cipher key spreading use S box built-up sequence 1 and main encryption/decryption module, adjusted value generation module use S box built-up sequence 2.The S box built-up sequence 1 used in an embodiment is: { S8, S7, S6, S5, S4, S3, S2, S1, S8, S7, S6, S5, S4}, S box built-up sequence 2 is: { S1, S2, S3, S4, S5, S6, S7, S8, S1, S2, S3, S4, S5, S6}.
Step 3: input master key, secondary key, the tune handle made by oneself, with hexadecimal representation, as table 16:
The master key inputted in table 16 embodiment, secondary key, tune bin value
Step 4: input test clear data, with hexadecimal representation, as table 17:
The test clear data inputted in table 17 embodiment
Data cell 1 0102030405060708090A0B0C0D0E0F10
Data cell 2 1112131415161718191A1B1C1D1E1F20
Data cell 3 2122232425262728292A2B2C2D2E2F30
Data cell 4 3132333435363738393A3B3C3D3E3F40
Data cell 5 4142434445464748494A4B4C4D4E4F50
Data cell 6 5152535455565758595A5B5C5D5E5F60
Data cell 7 6162636465666768696A6B6C6D6E6F70
Data cell 8 7172737475767778797A7B7C7D7E7F80
Data cell 9 8182838485868788898A8B8C8D8E8F90
Data cell 10 9192939495969798999A9B9C9D9E9FA0
Data cell 11 0102030405060708090A0B0C0D0E0F10
Data cell 12 1112131415161718191A1B1C1D1E1F20
Data cell 13 2122232425262728292A2B2C2D2E2F30
Data cell 14 3132333435363738393A3B3C3D3E3F40
Data cell 15 4142434445464748494A4B4C4D4E4F50
Data cell 16 5152535455565758595A5B5C5D5E5F60
Data cell 17 6162636465666768696A6B6C6D6E6F70
Data cell 18 7172737475767778797A7B7C7D7E7F80
Data cell 19 8182838485868788898A8B8C8D8E8F90
Data cell 20 9192939495969798999A9B9C9D9E9FA0
Data cell 21 0102030405060708090A0B0C0D0E0F10
Data cell 22 1112131415161718191A1B1C1D1E1F20
Data cell 23 2122232425262728292A2B2C2D2E2F30
Data cell 24 3132333435363738393A3B3C3D3E3F40
Data cell 25 4142434445464748494A4B4C4D4E4F50
Data cell 26 5152535455565758595A5B5C5D5E5F60
Data cell 27 6162636465666768696A6B6C6D6E6F70
Data cell 28 7172737475767778797A7B7C7D7E7F80
Data cell 29 8182838485868788898A8B8C8D8E8F90
Data cell 30 9192939495969798999A9B9C
Step 5: Mode is set to low level, Smode is set to high level, is set to XTS encryption mode.Then Start signal is placed in high level, synchronous averaging cipher key expansion module, adjusted value generation module.Complete through 28 all after date adjusted value CMOS macro cell, round key is also ready, now start main encryption/decryption module, system carries out data cell encrypted work with streamline XTS pattern, through 28 all after dates, streamline is formally set up, and each cycle exports the ciphertext of 128, round key, inverse round key, adjusted value, ciphertext hexadecimal representation, respectively as shown in table 18, table 19, table 20, table 21:
Through expanding the round key obtained in table 18 embodiment
Round key 1 201F1E1D1C1B1A191817161514131211
Round key 2 100F0E0D0C0B0A090807060504030201
Round key 3 DFCE154C14030201D7C61D4444D4F04B
Round key 4 BE66D369DBC21940EEB1212339FA9720
Round key 5 B2C08FAD7DA3CC2C50F801CDF5CD79F9
Round key 6 572BE54487B3B7CEDF4550918749419E
Round key 7 0D407C187A7028A50DBA8A48E35237B4
Round key 8 05F9378755B69B479CDB2896C1386CC7
Round key 9 E53D0E927233956A71B3F9126D6898B3
Round key 10 295892E32C50BD4336039F3A13DE31F8
Round key 11 7CC4A01A2AD8FE9B434A2CA18910A219
Round key 12 96B364C766978263357B3845C3CABA50
Round key 13 CAAAB866FF21B6FD6FF780556B9241CF
Round key 14 E324E1CF99460240779716FD506135E1
Round key 15 CFED178D73F2D76706CA202CC4E6D15B
Through expanding the inverse round key obtained in table 19 embodiment
Inverse round key 1 201F1E1D1C1B1A191817161514131211
Inverse round key 2 AAF98CC33E25302F4261547B362D3827
Inverse round key 3 C6639C71D6BDE897CE6B9479F1BE1377
Inverse round key 4 E5744CBFBA27F825C277B75FD39C95AE
Inverse round key 5 4417D9DAFDA230512DACB4518C616B3E
Inverse round key 6 3E642DAA3C4796A04FA776C5ACB14844
Inverse round key 7 32391133EE6AA9AAA2CFCFD75E94EE16
Inverse round key 8 34879E6141D9F1568479D9DD5EB557EE
Inverse round key 9 9D83FEA47822F81C82EF581CDB977210
Inverse round key 10 110DAAB65823D62FB2B820BA3EA71489
Inverse round key 11 584B8091EBC00AB63ECF423725624A2F
Inverse round key 12 E3170674B2D076042DB546ED94CE3089
Inverse round key 13 E0AAF50136184EF5C6B4B38CC8A20C11
Inverse round key 14 9ED455F67FCFC5E8606E171231738522
Inverse round key 15 CFED178D73F2D76706CA202CC4E6D15B
The adjusted value generated in table 20 embodiment
Adjusted value 1 A3D507777787B8A1BB1474CA8D6947BB
Adjusted value 2 C1AB0FEEEE0E71437729E8941BD38E76
Adjusted value 3 82571FDCDD1DE286EE52D02937A61DED
Adjusted value 4 83AF3EB8BB3BC40DDDA5A0536E4C3BDA
Adjusted value 5 815F7D707777881BBA4B41A7DC9876B4
Adjusted value 6 85BFFAE0EEEE10377497824EB931ED68
Adjusted value 7 0A7FF5C1DDDD216EE82E059D7263DAD1
Adjusted value 8 93FEEA83BBBB43DCD05D0A3AE5C6B4A3
Adjusted value 9 A1FDD507777787B8A1BB1474CA8D6947
Adjusted value 10 42FBAB0FEEEE0E71437729E8941BD38E
Adjusted value 11 03F6571FDCDD1DE286EE52D02937A61D
Adjusted value 12 06ECAF3EB8BB3BC40DDDA5A0536E4C3B
Adjusted value 13 0CD85F7D707777881BBA4B41A7DC9876
Adjusted value 14 18B0BFFAE0EEEE10377497824EB931ED
Adjusted value 15 B7607FF5C1DDDD216EE82E059D7263DA
Adjusted value 16 E9C1FEEA83BBBB43DCD05D0A3AE5C6B4
Adjusted value 17 5583FDD507777787B8A1BB1474CA8D69
Adjusted value 18 AA06FBAB0FEEEE0E71437729E8941BD3
Adjusted value 19 D30DF6571FDCDD1DE286EE52D02937A6
Adjusted value 20 211BECAF3EB8BB3BC40DDDA5A0536E4C
Adjusted value 21 4236D85F7D707777881BBA4B41A7DC98
Adjusted value 22 036CB0BFFAE0EEEE10377497824EB931
Adjusted value 23 06D8607FF5C1DDDD216EE82E059D7263
Adjusted value 24 0CB0C1FEEA83BBBB43DCD05D0A3AE5C6
Adjusted value 25 9F6083FDD507777787B8A1BB1474CA8D
Adjusted value 26 B9C106FBAB0FEEEE0E71437729E8941B
Adjusted value 27 72830DF6571FDCDD1DE286EE52D02937
Adjusted value 28 E4061BECAF3EB8BB3BC40DDDA5A0536E
Adjusted value 29 C80D36D85F7D707777881BBA4B41A7DC
Adjusted value 30 171B6CB0BFFAE0EEEE10377497824EB9
The encrypt data obtained is encrypted in table 21 embodiment
Data cell 1 FBCFB5D6BC01762BDC72F6F6B69DA861
Data cell 2 3999BA886A05597CE8EB697E2D54D78A
Data cell 3 2BC53708573957D439AA6A8DDAB4D8C8
Data cell 4 FFAA277342B499F9CA85AA21C190A4E7
Data cell 5 CA3E91D8C36D167E164DB6ED7C0E73C2
Data cell 6 59D06CC449C5217F647E640E716ED444
Data cell 7 297BC9C547C92BEFA0DB4C1802486089
Data cell 8 95A8DFF1C6782B481943A7510ABCDA52
Data cell 9 E5B7D052D8314ED3503F22507E65045E
Data cell 10 BE574D498331B5690A1FB732C62ECBDB
Data cell 11 775C7089F7BDD5307A1051982635D830
Data cell 12 0DA363875A2A6D58296695449A9E6D94
Data cell 13 92BF63149A25A709E8397406A5F47FE9
Data cell 14 C98DABCC9D21542F6ABAD1C46726650A
Data cell 15 29526F45BFFEF80564948A006B1EC329
Data cell 16 881C0B277169AB89EB536644744A7474
Data cell 17 3ECB9F75F8F0F09AFC41345E061823A9
Data cell 18 7B9740FED4547F425581644B0102212A
Data cell 19 59E8C1F89ED02DA7DB72A77C06A4D1A8
Data cell 20 F47A268597601F768103726B6F67F8FD
Data cell 21 14CAD8B4AE00A011968826FA66B1390A
Data cell 22 C272717BAD4B2480044394B9C6841B9F
Data cell 23 7A3027B6E415C4D47B106239A58D768F
Data cell 24 40B44094C9ADDF6CE43BB012238B7B99
Data cell 25 AFDF8D86978AB7C0B92E6675782B856E
Data cell 26 D0AF4847BA973EF13D1D723BA086004D
Data cell 27 F1A5D06EA842F2A13984206BE7B592CB
Data cell 28 C2059F9646BBAFBDDFC6196350E52829
Data cell 29 6B321331EE5A5B9F0FE0E2D1863D7BA4
Data cell 30 EABFA35DC647AE2329F43E99
Step 6: after Reset being set to high level reset, repeats step 1 to step 3.Then inputted as data to be decrypted by the encrypt data in table 21, after input, Mode is set to high level, Smode is set to high level, is set to XTS decryption mode.Then Start signal is placed in high level, synchronous averaging cipher key expansion module, adjusted value generation module.Complete through 28 all after date adjusted value CMOS macro cell, inverse round key is also ready, now start main encryption/decryption module, system carries out data cell decryption work with streamline XTS pattern, through 28 all after dates, streamline is formally set up, and each cycle exports the solution ciphertext of 128, separates encrypt data shown in table 22:
The solution encrypt data obtained in table 22 embodiment
Data cell 1 0102030405060708090A0B0C0D0E0F10
Data cell 2 1112131415161718191A1B1C1D1E1F20
Data cell 3 2122232425262728292A2B2C2D2E2F30
Data cell 4 3132333435363738393A3B3C3D3E3F40
Data cell 5 4142434445464748494A4B4C4D4E4F50
Data cell 6 5152535455565758595A5B5C5D5E5F60
Data cell 7 6162636465666768696A6B6C6D6E6F70
Data cell 8 7172737475767778797A7B7C7D7E7F80
Data cell 9 8182838485868788898A8B8C8D8E8F90
Data cell 10 9192939495969798999A9B9C9D9E9FA0
Data cell 11 0102030405060708090A0B0C0D0E0F10
Data cell 12 1112131415161718191A1B1C1D1E1F20
Data cell 13 2122232425262728292A2B2C2D2E2F30
Data cell 14 3132333435363738393A3B3C3D3E3F40
Data cell 15 4142434445464748494A4B4C4D4E4F50
Data cell 16 5152535455565758595A5B5C5D5E5F60
Data cell 17 6162636465666768696A6B6C6D6E6F70
Data cell 18 7172737475767778797A7B7C7D7E7F80
Data cell 19 8182838485868788898A8B8C8D8E8F90
Data cell 20 9192939495969798999A9B9C9D9E9FA0
Data cell 21 0102030405060708090A0B0C0D0E0F10
Data cell 22 1112131415161718191A1B1C1D1E1F20
Data cell 23 2122232425262728292A2B2C2D2E2F30
Data cell 24 3132333435363738393A3B3C3D3E3F40
Data cell 25 4142434445464748494A4B4C4D4E4F50
Data cell 26 5152535455565758595A5B5C5D5E5F60
Data cell 27 6162636465666768696A6B6C6D6E6F70
Data cell 28 7172737475767778797A7B7C7D7E7F80
Data cell 29 8182838485868788898A8B8C8D8E8F90
Data cell 30 9192939495969798999A9B9C
As can be seen from embodiment, hard disc data encryption and decryption process chip of the present invention uses the key schedule after selectable composite S box, improvement, and success has carried out encryption and decryption with XTS encryption and decryption pattern to data block, and encryption and decryption result is entirely true.Same plaintext can obtain different ciphertexts on different logical places, and each clock cycle can export the deal with data of 128, illustrates that process chip also reaches treatment effeciency at a high speed while ensure that reliability.
As shown in figure 12, data encryption/decryption method in the present invention comprises the following steps: (1) main control module carries out Initialize installation according to Reset signal, according to the Start signal of outside input, start encryption and decryption functions, according to mode signal determination chip operation at encryption or decryption mode, and the S box combination that main encryption/decryption module and adjusted value generation module use is set according to Sn1, according to Sn2, the S box combination that cipher key expansion module uses is set.(2) data that transmit according to main control module of cipher key expansion module and signal, expand to the round key used in main encryption/decryption module, Key2 expanded to the round key used in adjusted value generation module by Key1.(3) input data buffering module outer input data is kept in, and according to the signal that main control module sends, by temporary data input Cipher-Text Stealing module; Meanwhile, preset tune handle and the Ln value received are sent into adjusted value generation module by main control module.(4) Cipher-Text Stealing module is according to the signal of main control module, selects enable or do not enable Cipher-Text Stealing pattern.(5) main encryption module and adjusted value generation module are under the control of main control module, corresponding round key is called respectively from cipher key expansion module, adjusted value generation module generates adjusted value after being encrypted by preset tune handle, and sent into main encryption module, main encryption/decryption module obtains data from Cipher-Text Stealing module, execution pipeline walks abreast encryption and decryption operation, the data after process is sent in data outputting module.(6) after encryption and decryption work completes, main encryption/decryption module sends signal to main control module, and main control module coordination data output module exports encryption or decrypted result.
Sn1 and Sn2 in step 1 is the S box sequential combination that user selects, the higher limit of number of combinations depends on the S box number comprised in composite S box, use 14 S boxes are all needed in main encryption/decryption module He in adjusted value module, use 13 S boxes are needed in cipher key expansion module, in encryption chip of the present invention, contain 8 different S boxes in composite S box, therefore the selectable number of combinations upper limit of Sn1 is 8 14, the selectable number of combinations upper limit of Sn2 is 8 13.
Key schedule in step 2, provides according to following formula:
W 4 i = W 4 i - 8 ⊕ W 4 i - 5 ⊕ F ( W 4 i - 2 ) W 4 i + 1 = W 4 i - 7 ⊕ W 4 i - 6 ⊕ W 4 i - 4 W 4 i + 2 = W 4 i ⊕ W 4 i - 3 ⊕ W 4 i - 1 = W 4 i - 8 ⊕ W 4 i - 5 ⊕ F ( W 4 i - 2 ) ⊕ W 4 i - 3 ⊕ W 4 i - 1 W 4 i + 3 = F ( W 4 i - 5 ) ⊕ W 4 i - 4 ⊕ W 4 i - 2 - - - ( 1 )
Wherein i=2,3,4 ..., 14.W 4ito W 4i+3represent the 1st in round key respectively to the 4th 32 words, and W 0to W 7directly provided by the initial key of 256.Function wherein symbol for step-by-step XOR; SubBytes is byte substitution operation; RotBytes is the circulative shift operation in units of byte, supposes W={b1, b2, b3, b4}, and wherein b1, b2, b3, b4 are octet, so RotBytes (W)={ b2, b3, b4, b1}; Rcon is the wheel constant of 32, and latter 24 are 0, and first 8 is that Rc, Rc determine according to the wheel sequence number i when front-wheel, shown in table 23:
Table 23 Rcon first eight bits value table (hexadecimal)
i 2 3 4 5 6 7 8 9 10 11 12 13 14
RC 01 02 04 08 10 20 40 80 1b 36 6c d8 ab
Ln in step 3 is the logical place of ciphering unit in cryptographic block, starts most to be 0, and maximum is 31.
Whether the Cipher-Text Stealing module in step 4 adopts Cipher-Text Stealing pattern according to the signal behavior of main control module, and tentation data block is split into altogether n data cell, and a front n-1 data unit length is 16 bytes, and the length of the n-th data cell is not more than 16 bytes.First data cell n-1 sends in main encryption/decryption module and carries out encryption and decryption operation by Cipher-Text Stealing module, is then sent in main encryption module by data cell 1 to data cell n-2 successively and carries out encryption and decryption operation.Finally, if the length of data cell n is just 16 bytes, then Smode holding wire drags down by main control module, and Cipher-Text Stealing module is directly sent into data cell n in main encryption/decryption module; If the length of data cell n is not 16 bytes, be assumed to be p byte (p < 16), then Smode holding wire is drawn high by main control module, Cipher-Text Stealing module takes out the data of high-order 16-p byte after the encryption and decryption of data cell n-1 from register module, the data of 16 bytes are spliced into the n-th data cell, send in main encryption/decryption module, the data obtained after encryption and decryption are as final (n-1)th unit exported, and the low level P byte after the encryption and decryption of original data cell n-1 is as the final Unit n-th exported.
Adjusted value generation module in step 5 comprises 1 first run InvAddRoundKey module, 14 adjusted value wheels computing module, 1 adjusted value register module and 1 adjusted value power operation module.Preset tune handle and first run round key are carried out XOR operation by first run InvAddRoundKey module in charge; Adjusted value wheel computing module is responsible for input value being carried out 14 next round computing cryptographic operations, computing module comprises adjusted value byte substitution module to front 13 adjusted values wheel, adjusted value capable displacement row obscure module, adjusted value InvAddRoundKey module, and last 1 adjusted value wheel computing module comprises adjusted value byte substitution module, adjusted value capable displacement InvAddRoundKey module; Adjusted value register module is for depositing the adjusted value of current output; The data that adjusted value register module exports are carried out finite field gf (2 by adjusted value power operation module in charge 128) on power operation and modular multiplication.Main encryption/decryption module comprises the first main encryption and decryption XOR module, the second main encryption and decryption XOR module, 14 main encryption and decryption wheel computing modules.Input data and adjusted value, the 0th round key of taking turns are carried out xor operation by the first main encryption and decryption XOR module in charge; Data after third wheel computing and adjusted value are carried out xor operation by the second main encryption and decryption XOR module in charge; Main encryption and decryption wheel computing module is responsible for input value being carried out 14 next round computing cryptographic operations, front 13 main encryption and decryption wheel computing modules comprise main encryption and decryption byte substitution module, main encryption and decryption row displacement row obscure module, main encryption and decryption InvAddRoundKey module, and last 1 main encryption and decryption wheel computing module comprises main encryption and decryption byte substitution module, main encryption and decryption row displacement InvAddRoundKey module.
In data encrypting and deciphering system and method for the present invention, the algorithm that encryption and decryption adopts improves based on XTS-AES, the byte substitution operation related in main encryption/decryption module, cipher key expansion module, adjusted value generation module utilizes composite S box to realize, composite S box exports S boxes by multiple 8 inputs 8 and inverse S box combines, and can select by address wire the S box used; Key schedule used by cipher key expansion module provides by formula (1); Encryption chip entirety adopts the XTS Cipher-Text Stealing pattern adapting to pile line operation, first data cell n-1 sends in main encryption/decryption module and carries out encryption and decryption operation by Cipher-Text Stealing module, then successively data cell 1 to data cell n-2 is sent in main encryption module and carries out encryption and decryption operation, finally according to the signal pin of main control module to data cell n process; Main encryption/decryption module, adjusted value generation module, cipher key expansion module adopt pipeline organization, and the byte substitution related in these modules operation, row displacement row are obscured operation and all realized based on look-up table and line function.
The present invention is based on FPGA to realize operating the streamline encryption and decryption of hard disc data, have employed the XTS encryption and decryption pattern adapting to pile line operation, make fail safe and efficiency all be better than traditional encryption and decryption pattern.In fail safe, improve for byte substitution module and cipher key expansion module, byte substitution module utilizes the S box of compound, and can specify by user the S box built-up sequence used in encryption and decryption flow process, ensure that the speed of byte substitution simultaneously; The key schedule that cipher key expansion module adopts adopts type function of can not deriving, the round key of often taking turns is converted by the round key of front two-wheeled, assailant cannot be derived remaining round key by known round key, make key schedule have stronger fail safe than aes algorithm.
The present invention is directed to the safety issue of key schedule and single fixing S box in current aes algorithm, and the safety issue of legacy packets password encryption pattern, propose a kind of data encrypting and deciphering system and method.Cryptographic algorithm in the present invention, on the basis of aes algorithm, changes key schedule, makes assailant cannot be released remaining round key by known round key.Take XTS encryption mode, not only make security performance be better than traditional encryption mode further, more can utilize pipeline and parallel design data, improve the data throughput of encryption chip.In addition, introduce multiple S box mechanism, according to the selection of user, different wheel computings will adopt different S boxes.
In the data encrypting and deciphering system that the present invention proposes, the permutation function used in byte substitution operation is made up of multiple 8 inputs, 8 S boxes exported, and the output data of displacement layer select data jointly to determine by clear data and displacement box.Use the initial key of 256, in key schedule, each round key of taking turns needs jointly to be determined by the round key of front two-wheeled.Encryption chip adopts XTS encryption mode, and except master key and plaintext, add the input of adjusted value, adjusted value generates after preset tune handle is encrypted computing and modular multiplication.For each Plaintext block, Cipher-Text Stealing pattern is utilized to obtain last 32 bytes of ciphertext blocks.Encryption/decryption module uses identical pipeline organization, and controlling present mode by control unit is encryption mode or decryption mode.Byte manipulation in wheel computing and row are obscured operation and are realized by look-up table ROM module, and row shifting function utilizes line function to realize.
Although described and described and be counted as example embodiment of the present invention, it will be apparent to those skilled in the art that and can make various change and replacement to it, and spirit of the present invention can not have been departed from.In addition, many amendments can be made so that particular case is fitted to religious doctrine of the present invention, and central concept of the present invention described here can not be departed from.So the present invention is not limited to specific embodiment disclosed here, but the present invention also may comprise all embodiments and equivalent thereof that belong to the scope of the invention.

Claims (10)

1. a data encrypting and deciphering system, is characterized in that: comprise input data buffering module, main control module, adjusted value generation module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and data outputting module; Described input data buffering module keeps in the data of outside input; Described master control module controls input data buffering module, adjusted value generation module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and data outputting module; Described adjusted value generation module generates the adjusted value that XTS encryption mode needs; The wheel arithmetic operation that the state matrix of described main encryption/decryption module to described data is encrypted or deciphers, initial key is extended to the round key needed for described main encryption/decryption module by described cipher key expansion module; Described Cipher-Text Stealing module realizes the Cipher-Text Stealing in XTS encryption mode; Described Cipher-Text Stealing register module keeps in the middle encryption and decryption data required for Cipher-Text Stealing; Described data outputting module externally exports encryption or decrypted result.
2. data encrypting and deciphering system as claimed in claim 1, is characterized in that: described adjusted value generation module comprises first run InvAddRoundKey module, multiple adjusted value byte substitution module, multiple adjusted value capable displacement row obscure module, multiple adjusted value InvAddRoundKey module, adjusted value capable displacement InvAddRoundKey module, adjusted value register module, adjusted value power operation module; Preset tune handle and the 0th round key of taking turns are carried out xor operation by described first run InvAddRoundKey module; The data of input are converted to according to mapping ruler and export data accordingly by described multiple adjusted value byte substitution module; Described multiple adjusted value capable displacement row are obscured module and the data of input are carried out position adjustment, and realize data by multiplying and XOR obscure process; The round key that current data and each are taken turns by described multiple adjusted value InvAddRoundKey module carries out step-by-step xor operation; Described adjusted value capable displacement InvAddRoundKey module is adjusted and xor operation by position, realizes row shift function and the InvAddRoundKey function of data simultaneously; Described adjusted value register module keeps in intermediate object program; Described adjusted value power operation module, by shifting function and xor operation, realizes the power operation function of data.
3. data encrypting and deciphering system as claimed in claim 1, is characterized in that: described main encryption/decryption module comprises multiple main encryption and decryption byte substitution module, multiple main encryption and decryption row displacement row obscure module, multiple main encryption and decryption InvAddRoundKey module, the first main encryption and decryption XOR module, main encryption and decryption row displacement InvAddRoundKey module, the second main encryption and decryption XOR module; The data of input are converted to according to mapping ruler and export data accordingly by described main encryption and decryption byte substitution module; Described main encryption and decryption row displacement row are obscured module and the data of input are carried out position adjustment, and realize obscuring of data by multiplying and XOR; Input data and corresponding round key are carried out XOR by described main encryption and decryption InvAddRoundKey module; Described first main encryption and decryption XOR module carries out xor operation by inputting data and adjusted value and the 0th round key of taking turns; Described main encryption and decryption row displacement InvAddRoundKey module is adjusted and xor operation by position, realizes row shift function and the InvAddRoundKey function of data simultaneously; Input data and adjusted value are carried out XOR and to be gone forward side by side line output by described second main encryption and decryption XOR module.
4. data encrypting and deciphering system as claimed in claim 1, is characterized in that: described cipher key expansion module comprises cipher key spreading control unit, a F function module, the 2nd F function module, the first cipher key spreading XOR module, the second cipher key spreading XOR module, Mul9 module, MulB module, MulD module and MulE module; Described cipher key spreading control unit is responsible for receiving external data and signal, the collaborative work of coordination key schedule modules, externally exporting secret generating settling signal; A described F function module carries out F function operation to 1 round key of taking turns before current; Described 2nd F function module carries out F function operation to 2 round key of taking turns before current; The data of described first cipher key spreading XOR module to input are carried out xor operation and are generated current round key; Described Mul9 module carries out the operation taken advantage of with 9 moulds to input data; Described MulB module carries out the operation taken advantage of with 11 moulds to input data; Described MulD module carries out the operation taken advantage of with 13 moulds to input data; Described MulE module carries out the operation taken advantage of with 14 moulds to input data; The data of input are carried out xor operation by described second cipher key spreading XOR module, generate the inverse round key that epicycle round key is corresponding.
5. data encrypting and deciphering system as claimed in claim 1, is characterized in that: described Cipher-Text Stealing module comprises Cipher-Text Stealing scheduling unit and multiple schedule register; Described Cipher-Text Stealing scheduling unit obtains the data of whole cryptographic block from described input data buffering module, and leaves in described schedule register, and described schedule register deposits the data through the input of input data buffering module.
6. data encrypting and deciphering system as claimed in claim 1, it is characterized in that: the byte substitution operation in described adjusted value generation module, main encryption/decryption module and cipher key expansion module utilizes composite S box to realize, composite S box comprises multiple 8 inputs 8 and exports S boxes and inverse S box thereof, and can select by address wire the S box used.
7. data encrypting and deciphering system as claimed in claim 1, it is characterized in that: described main encryption/decryption module, adjusted value generation module and cipher key expansion module adopt pipeline organization, the byte substitution operation in described adjusted value generation module, main encryption/decryption module and cipher key expansion module and row displacement row are obscured operation and are all realized based on look-up table and line function.
8. a data encryption/decryption method, is characterized in that comprising the steps:
(1) main control module carries out Initialize installation, according to the signal of outside input, starts encryption and decryption functions;
(2) the S box that main encryption/decryption module and adjusted value generation module are used is set;
(3) the S box that cipher key expansion module is used is set;
(4) data that transmit according to main control module of cipher key expansion module and signal, produce the round key used in main encryption/decryption module, produce the round key used in adjusted value generation module;
(5) input data buffering module outer input data is kept in, and according to the signal that main control module sends, by temporary data input Cipher-Text Stealing module; The logical place value received is sent into adjusted value generation module by described main control module;
(6) Cipher-Text Stealing module is according to the signal of main control module, selects enable or do not enable Cipher-Text Stealing pattern;
(7) main encryption module and adjusted value generation module are under the control of main control module, corresponding round key is called respectively from cipher key expansion module, the encryption of the tune handle of input is generated adjusted value by adjusted value generation module, and sent into main encryption module, main encryption/decryption module obtains data from Cipher-Text Stealing module, execution pipeline walks abreast encryption and decryption operation, the data after process is sent in data outputting module.
9. data encryption/decryption method as claimed in claim 8, is characterized in that using following key schedule,
W 4 i = W 4 i - 8 &CirclePlus; W 4 i - 5 &CirclePlus; F ( W 4 i - 2 ) W 4 i + 1 = W 4 i - 7 &CirclePlus; W 4 i - 6 &CirclePlus; W 4 i - 4 W 4 i + 2 = W 4 i &CirclePlus; W 4 i - 3 &CirclePlus; W 4 i - 1 = W 4 i - 8 &CirclePlus; W 4 i - 5 &CirclePlus; F ( W 4 i - 2 ) &CirclePlus; W 4 i - 3 &CirclePlus; W 4 i - 1 W 4 i + 3 = F ( W 4 i - 5 ) &CirclePlus; W 4 i - 4 &CirclePlus; W 4 i - 2
Wherein i=2,3,4 ..., 14; W 4ito W 4i+3represent the 1st in round key respectively to the 4th 32 words, and W 0to W 7directly provided by the initial key of 256; Function wherein symbol for step-by-step XOR; SubBytes is byte substitution operation; RotBytes is the circulative shift operation in units of byte.
10. data encryption/decryption method as claimed in claim 8, characterized by further comprising following steps:
After encryption and decryption work completes, main encryption/decryption module sends signal to main control module, and main control module coordination data output module exports encryption or decrypted result.
CN201510238121.4A 2015-05-11 2015-05-11 A kind of data encrypting and deciphering system and method Expired - Fee Related CN104852798B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510238121.4A CN104852798B (en) 2015-05-11 2015-05-11 A kind of data encrypting and deciphering system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510238121.4A CN104852798B (en) 2015-05-11 2015-05-11 A kind of data encrypting and deciphering system and method

Publications (2)

Publication Number Publication Date
CN104852798A true CN104852798A (en) 2015-08-19
CN104852798B CN104852798B (en) 2017-10-03

Family

ID=53852168

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510238121.4A Expired - Fee Related CN104852798B (en) 2015-05-11 2015-05-11 A kind of data encrypting and deciphering system and method

Country Status (1)

Country Link
CN (1) CN104852798B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105356996A (en) * 2015-12-14 2016-02-24 联想(北京)有限公司 Ciphertext processing method, electronic equipment and ciphertext processing device
CN106254061A (en) * 2016-08-14 2016-12-21 北京数盾信息科技有限公司 A kind of express network storage encipher-decipher method
CN106341419A (en) * 2016-10-17 2017-01-18 重庆邮电大学 Method and mobile terminal for invoking external encryption and decryption module
CN107888373A (en) * 2016-09-29 2018-04-06 北京忆芯科技有限公司 XTS AES encryptions circuit, decryption circuit and its method
CN109150497A (en) * 2018-07-26 2019-01-04 南京航空航天大学 A kind of XTS-SM4 encrypted circuit of high-performance small area
CN111047849A (en) * 2019-12-30 2020-04-21 江苏大周基业智能科技有限公司 Networking remote control password module and safe remote control system

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11838402B2 (en) 2019-03-13 2023-12-05 The Research Foundation For The State University Of New York Ultra low power core for lightweight encryption

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8155308B1 (en) * 2006-10-10 2012-04-10 Marvell International Ltd. Advanced encryption system hardware architecture
CN103109296A (en) * 2010-09-24 2013-05-15 英特尔公司 A tweakable encrypion mode for memory encryption with protection against replay attacks

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8155308B1 (en) * 2006-10-10 2012-04-10 Marvell International Ltd. Advanced encryption system hardware architecture
CN103109296A (en) * 2010-09-24 2013-05-15 英特尔公司 A tweakable encrypion mode for memory encryption with protection against replay attacks

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
冉飞: "《基于XTS-AES的主机加密卡的FPGA的设计与实现》", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
李子磊: "《高吞吐率XTS-AES加密算法的硬件实现》", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
贾艳梅、陶新: "《SMS4算法应用于空间数据加密的研究及实现》", 《空间电子技术》 *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105356996A (en) * 2015-12-14 2016-02-24 联想(北京)有限公司 Ciphertext processing method, electronic equipment and ciphertext processing device
CN105356996B (en) * 2015-12-14 2018-11-09 联想(北京)有限公司 A kind of ciphertext processing method, electronic equipment and ciphertext processing unit
CN106254061A (en) * 2016-08-14 2016-12-21 北京数盾信息科技有限公司 A kind of express network storage encipher-decipher method
CN106254061B (en) * 2016-08-14 2019-08-23 北京数盾信息科技有限公司 A kind of high speed network storage encipher-decipher method
CN107888373A (en) * 2016-09-29 2018-04-06 北京忆芯科技有限公司 XTS AES encryptions circuit, decryption circuit and its method
CN106341419A (en) * 2016-10-17 2017-01-18 重庆邮电大学 Method and mobile terminal for invoking external encryption and decryption module
CN106341419B (en) * 2016-10-17 2019-04-19 重庆邮电大学 A kind of method that calling external encryption/decryption module and mobile terminal
CN109150497A (en) * 2018-07-26 2019-01-04 南京航空航天大学 A kind of XTS-SM4 encrypted circuit of high-performance small area
CN109150497B (en) * 2018-07-26 2020-07-24 南京航空航天大学 XTS-SM4 encryption circuit with high performance and small area
CN111047849A (en) * 2019-12-30 2020-04-21 江苏大周基业智能科技有限公司 Networking remote control password module and safe remote control system
CN111047849B (en) * 2019-12-30 2021-05-18 江苏大周基业智能科技有限公司 Networking remote control password module and safe remote control system

Also Published As

Publication number Publication date
CN104852798B (en) 2017-10-03

Similar Documents

Publication Publication Date Title
CN104852798A (en) Data encryption and decryption system and method thereof
Zhang et al. Implementation approaches for the advanced encryption standard algorithm
CN101350714B (en) Efficient advanced encryption standard (AES) data path using hybrid RIJNDAEL S-BOX
US10320554B1 (en) Differential power analysis resistant encryption and decryption functions
CN107707343B (en) SP network structure lightweight block cipher realization method with consistent encryption and decryption
CN106921487B (en) Reconfigurable S-box circuit structure
CN103516512A (en) Encryption and decryption method and encryption and decryption device based on AES (advanced encryption standard) algorithm
Karthigaikumar et al. Simulation of image encryption using AES algorithm
CN104065474B (en) Novel low-resource efficient lightweight Surge block cipher implementation method
CN104639314A (en) Device based on AES (advanced encryption standard) encryption/decryption algorithm and pipelining control method
CN101764684A (en) Encrypting and deciphering system for realizing SMS4 algorithm
CN105959107A (en) Novel and highly secure lightweight SFN block cipher implementation method
CN111431697A (en) Novel method for realizing lightweight block cipher COR L
CN108933653A (en) A kind of AES encrypting and deciphering system and method based on large-scale data
CN111064562A (en) Implementation method of AES algorithm on FPGA
US10237066B1 (en) Multi-channel encryption and authentication
CN109150495B (en) Round conversion multiplexing circuit and AES decryption circuit thereof
CN109039583B (en) Multiplexing round conversion circuit, AES encryption circuit and encryption method
JP4098719B2 (en) Programmable data encryption engine for AES algorithm
CN100561911C (en) Sbox module optimization method and optimization circuit in a kind of AES decipher circuit
JP2005513541A6 (en) Programmable data encryption engine for AES algorithm
CN109033893B (en) AES encryption unit based on synthetic matrix, AES encryption circuit and encryption method thereof
CN109033847B (en) AES encryption operation unit, AES encryption circuit and encryption method thereof
CN108809627B (en) Round conversion multiplexing circuit and AES decryption circuit
CN102780557B (en) Method and device for AES (advanced encryption standard) encryption/decryption with selection gate optimization

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
EXSB Decision made by sipo to initiate substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20171003