CN104852798A - Data encryption and decryption system and method thereof - Google Patents
Data encryption and decryption system and method thereof Download PDFInfo
- Publication number
- CN104852798A CN104852798A CN201510238121.4A CN201510238121A CN104852798A CN 104852798 A CN104852798 A CN 104852798A CN 201510238121 A CN201510238121 A CN 201510238121A CN 104852798 A CN104852798 A CN 104852798A
- Authority
- CN
- China
- Prior art keywords
- module
- data
- decryption
- encryption
- adjusted value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The present invention discloses a data encryption and decryption system and a method thereof. The system comprises an input data buffer module, a main control module, an adjustment value generation module, a main encryption and decryption module, a key expansion module, a ciphertext stealing module, a ciphertext stealing register module and a data output module. The data inputted by the outside is temporally stored in the input data buffer module. The main control module controls the input data buffer module, the adjustment value generation module, the main encryption and decryption module, the key expansion module, the ciphertext stealing module, the ciphertext stealing register module and the data output module. The adjustment value generation module generates an adjustment value needed by an XTS encryption mode. The main encryption and decryption module carries out wheel arithmetic operations of encryption and decryption on the state matrix of the data. The key expansion module expands an initial key to be the round key needed by the main encryption and decryption module. The ciphertext stealing in the XTS encryption mode is realized by the ciphertext stealing module. The ciphertext stealing register module temporally stores the middle encryption and decryption data needed by the ciphertext stealing. The data output module outputs an encryption or decryption result to the outside.
Description
Technical field
The present invention relates to information science technology field, particularly relate to a kind of data encrypting and deciphering system and method.
Background technology
At area information storage, the implementation method of carrying out encryption and decryption for hard disc data can be divided into soft encryption and the large class of hardware encryption two.Namely hardware encryption is coordinate corresponding software by special process chip, realizes the encryption process to hard disc data.Compared with not needing the soft encryption of additional hardware, hardware encryption has that speed is fast, occupying system resources is few, Cipher Strength high.
Disclosing only for auxiliary understanding inventive concept of the present invention and technical scheme of upper background technology content, it must not belong to the prior art of present patent application, show that not having tangible proof the applying date of foregoing in present patent application is in disclosed situation, above-mentioned background technology should not be used for novelty and the creativeness of evaluating the application.
Summary of the invention
The present invention (mainly) object is to propose a kind of data encrypting and deciphering system and method, with the technical problem that the enciphering rate solving the existence of above-mentioned prior art is slow.
For this reason, the present invention proposes a kind of data encrypting and deciphering system, comprises input data buffering module, main control module, adjusted value generation module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and data outputting module; Described input data buffering module keeps in the data of outside input; Described master control module controls input data buffering module, adjusted value generation module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and data outputting module; Described adjusted value generation module generates the adjusted value that XTS encryption mode needs; The wheel arithmetic operation that the state matrix of described main encryption/decryption module to described data is encrypted or deciphers, initial key is extended to the round key needed for described main encryption/decryption module by described cipher key expansion module; Described Cipher-Text Stealing module realizes the Cipher-Text Stealing in XTS encryption mode; Described Cipher-Text Stealing register module keeps in the middle encryption and decryption data required for Cipher-Text Stealing; Described data outputting module externally exports encryption or decrypted result.
A kind of data encryption/decryption method, comprises the steps: that main control module carries out Initialize installation, according to the signal of outside input, starts encryption and decryption functions; The S box that main encryption/decryption module and adjusted value generation module are used is set; The S box that cipher key expansion module is used is set; The data that cipher key expansion module transmits according to main control module and signal, produce the round key used in main encryption/decryption module, produces the round key used in adjusted value generation module; Outer input data is kept in by input data buffering module, and according to the signal that main control module sends, by temporary data input Cipher-Text Stealing module; The logical place value received is sent into adjusted value generation module by described main control module; Cipher-Text Stealing module, according to the signal of main control module, is selected enable or do not enable Cipher-Text Stealing pattern; Main encryption module and adjusted value generation module are under the control of main control module, corresponding round key is called respectively from cipher key expansion module, the encryption of the tune handle of input is generated adjusted value by adjusted value generation module, and sent into main encryption module, main encryption/decryption module obtains data from Cipher-Text Stealing module, execution pipeline walks abreast encryption and decryption operation, the data after process is sent in data outputting module.
The beneficial effect that the present invention is compared with the prior art comprises: present invention employs the XTS encryption and decryption pattern adapting to pile line operation, make fail safe and efficiency all be better than traditional encryption and decryption pattern.
Accompanying drawing explanation
Fig. 1 is the overall construction drawing of invention;
Fig. 2 is the block diagram of adjusted value generation module of the present invention;
Fig. 3 is the block diagram of main encryption/decryption module of the present invention;
Fig. 4 is cipher key expansion module schematic diagram;
Fig. 5 is the structured flowchart of cipher key expansion module;
Fig. 6 is the structured flowchart of composite S cartridge module;
Fig. 7 is the structured flowchart that row displacement row obscure module;
Fig. 8 is the schematic diagram of Cipher-Text Stealing module;
Fig. 9 is the structured flowchart of Cipher-Text Stealing module;
Figure 10 is the structured flowchart of register module;
Figure 11 is the state transition diagram of data encrypting and deciphering system;
Figure 12 is workflow diagram of the present invention.
Embodiment
Contrast accompanying drawing below in conjunction with embodiment the present invention is described in further detail.It is emphasized that following explanation is only exemplary, instead of in order to limit the scope of the invention and apply.
With reference to the following drawings, will describe the embodiment of non-limiting and nonexcludability, wherein identical Reference numeral represents identical parts, unless stated otherwise.
Those skilled in the art will recognize that, it is possible for making numerous accommodation to above description, so embodiment is only used to describe one or more particular implementation.
As shown in Figure 1, a kind of data encrypting and deciphering system comprises input data buffering module, main control module, adjusted value generation module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and data outputting module.Input data buffering module is used for the data of temporary external bus input.Main control module be used for conversioning wheel computing module encryption and decryption pattern, coordinate cipher key expansion module, adjusted value generation module and main encryption/decryption module work, necessary data are provided for cipher key expansion module, control Cipher-Text Stealing flow process and input and output flow process.The adjusted value that adjusted value generation module needs for generating XTS encryption mode.Main encryption/decryption module is responsible for the wheel arithmetic operation being encrypted the state matrix of data or deciphering, wheel arithmetic operation comprises byte substitution, inverse byte substitution, row displacement, Retrograde transposition, row are obscured, inverse arrange obscure, the child-operation such as InvAddRoundKey.Cipher key expansion module is used for the round key be extended to by initial key needed for main encryption/decryption module.Cipher-Text Stealing module is for realizing the Cipher-Text Stealing function in XTS encryption mode.Cipher-Text Stealing register module is used for the middle encryption and decryption data of temporary Cipher-Text Stealing.Data outputting module is used for externally exporting encryption or decrypted result.Each signal name in Fig. 1 illustrates as shown in table 1:
The explanation of table 1 each external signal title
Fig. 2 is adjusted value generation module block diagram.Tweak is preset 128 and adjusts handles, is carried out the 14 wheel cryptographic calculations of taking turns, and to take turns the round key that cryptographic calculation uses be utilize the Key2 expansion of outside input to obtain.Adjust the data of handle after third wheel computing to put into adjusted value register, then enter in adjusted value power operation module together with Ln signal, after power operation, Tdone signal is placed in high level, starts to export adjusted value.Adjusted value power operation module is when Tdone signal is placed in high level, value in register sent, then within the cycle of Ln-1 subsequently, circulation performs following operation: first judge that 128 highest orders inputting data are 1 or 0, if highest order is 0, then directly overall data to be moved to left 1; If highest order is 1, then overall data is moved to left after 1, will most least-significant byte and 0x87 step-by-step XOR; Then data are exported as adjusted value, and utilize the value in output valve renewal adjusted value register.
Being described in detail as follows of each parts in Fig. 2: preset tune handle and the 0th round key of taking turns are carried out xor operation by first run InvAddRoundKey module in charge; The data of input are converted to according to mapping ruler and export data accordingly by adjusted value byte substitution module 1 to adjusted value byte substitution module 14; Adjusted value capable displacement row are obscured the capable displacement of module 1 to adjusted value and are arranged and obscure module 13 data of input are carried out position adjustment, and realize data by multiplying and XOR obscure process; The round key that current data and each are taken turns by adjusted value InvAddRoundKey module 1 to adjusted value InvAddRoundKey module 13 carries out step-by-step xor operation; Adjusted value capable displacement InvAddRoundKey module is adjusted and xor operation by position, realizes row shift function and the InvAddRoundKey function of data simultaneously; Adjusted value register module is used for temporary intermediate object program; Adjusted value power operation module, by shifting function and xor operation, realizes the power operation function of data.Each signal name and illustrate as shown in Table 2:
The explanation of table 2 adjusted value generation module signal
Fig. 3 is main encryption/decryption module block diagram, input data can be be-encrypted data or data to be decrypted, first XOR is carried out by inputting data and adjusted value and the 0th round key of taking turns, then the 14 wheel computings taken turns are carried out to it, the round key used in wheel computing utilizes the Key1 expansion of outside input to obtain, if decryption mode, then round key is that encryption round key obtains after inverse rank transformation process.Data after 14 next round computings again with adjusted value XOR after Output rusults.Being described in detail as follows of each parts in Fig. 3: the data of input to be converted to according to mapping ruler and to export data accordingly by main encryption and decryption byte substitution module 1 to main encryption and decryption byte substitution module 14; Main encryption and decryption row displacement row are obscured module 1 and are obscured module 13 to main encryption and decryption row displacement row the data of input are carried out position adjustment, and realize obscuring of data by multiplying and XOR; Main encryption and decryption InvAddRoundKey module 1 is responsible for input data and corresponding round key to carry out XOR to main encryption and decryption InvAddRoundKey module 13; First main encryption and decryption XOR module in charge carries out xor operation by inputting data and adjusted value and the 0th round key of taking turns; Main encryption and decryption row displacement InvAddRoundKey module is adjusted and xor operation by position, realizes row shift function and the InvAddRoundKey function of data simultaneously; Input data and adjusted value are carried out XOR and to be gone forward side by side line output by the second main encryption and decryption XOR module in charge.Each signal name and illustrate as shown in Table 3:
The main encryption/decryption module signal instruction of table 3
Fig. 4 is cipher key expansion module schematic diagram.W
4ito W
4i+3for the 1st in current round key is to the 4th 32 words, W
4i-8to W
4i-1for 32 words of 8 in front two-wheeled round key, function
wherein symbol
for step-by-step XOR; SubBytes is byte substitution operation; RotBytes is the circulative shift operation in units of byte, supposes W={b1, b2, b3, b4}, and wherein b1, b2, b3, b4 are octet, so RotBytes (W)={ b2, b3, b4, b1}; Rcon is the wheel constant of 32, and high 24 are 0, and least-significant byte is that Rc, Rc determine according to the wheel sequence number i when front-wheel, as shown in table 1.
Fig. 5 is cipher key expansion module structured flowchart.Two-wheeled round key key1 and key2 before cipher key spreading control unit receives, and send in XOR module.In addition send in F function module by the 4th word of the 3rd of key1 the word and key2, the data that F module exports also deliver to the generation participating in round key in the first cipher key spreading XOR module, and the function of F function module is
symbol
for step-by-step XOR; SubBytes is byte substitution operation; RotBytes is the circulative shift operation in units of byte.The function of each parts is respectively in Figure 5: cipher key spreading control unit is responsible for receiving external data and signal, the collaborative work of coordination key schedule modules, externally exporting secret generating settling signal; One F function module is responsible for carrying out F function operation to 1 round key of taking turns before current; 2nd F function module is responsible for carrying out F function operation to 2 round key of taking turns before current; First cipher key spreading XOR module in charge, according to the principle of formula (1), carries out xor operation to the data of input and generates current round key; Mul9 module in charge carries out the operation taken advantage of with 9 moulds to input data; MulB module in charge carries out the operation taken advantage of with 11 moulds to input data; MulD module in charge carries out the operation taken advantage of with 13 moulds to input data; MulE module in charge carries out the operation taken advantage of with 14 moulds to input data; The data of input are carried out xor operation by the second cipher key spreading XOR module in charge, generate the inverse round key that epicycle round key is corresponding.Generation due to round key does not rely on inverse round key, so the generation of inverse round key can't impact the formation speed of round key.
The pass of inverse round key and round key is close to be shown below, wherein k
1, j', k
2, j', k
3, j', k
4, j' be the column element of inverse round key, k
1, j, k
2, j, k
3, j, k
4, jfor the column element of round key, be byte:
The each signal name of cipher key expansion module and illustrate as shown in table 4:
The each signal name of table 4 cipher key expansion module and implication thereof
Title | Figure place | Explanation |
Clk | 1 | Clock signal |
Reset | 1 | Reset signal, high level is effective |
RC | 8 | The wheel constant least-significant byte that F function needs |
Saddr | 4 | Signal selected by S box |
En1 | 1 | Key1 enable signal, high level is effective |
En2 | 1 | Key2 enable signal, high level is effective |
Key1 | 128 | 1 take turns before round key |
Key2 | 128 | 2 take turns before round key |
Key_ready | 1 | Round key settling signal, high level is effective |
Invkey_ready | 1 | Inverse key settling signal, high level is effective |
Key | 128 | Epicycle round key output port |
Invkey | 128 | Epicycle is against round key output port |
Fig. 6 is composite S cartridge module block diagram, and composite S box applies in the byte substitution module in main encryption/decryption module, whole value generation module, and in F function module in cipher key expansion module.The S box that composite S box is exported by 88 inputs 8 and inverse S box thereof form, and composite S box is realized by look-up table ROM cell, and searching address is 12, and high 4 are used for selecting S box or inverse S box, and least-significant byte is byte substitution input data.Composite S box is present in byte substitution module and F function module, and is applied in main encryption/decryption module in Fig. 1, adjusted value generation module, cipher key expansion module.Signal name and the explanation thereof of composite S box is given in table 5.
Table 5 composite S cartridge module signal instruction
Title | Figure place | Explanation |
Clk | 1 | External timing signal |
Addr | 4 | For S box and the inverse S box of choice for use |
Datain | 8 | Need the input data of carrying out byte substitution |
Dataout | 8 | Output data after byte substitution |
Fig. 7 is that row displacement row obscure module frame chart, and this module can realize row displacement, arrange and obscure and inverse operation operation, and applies in adjusted value generation module and main encryption/decryption module.The mathematical expression form that row displacement, Retrograde transposition, row are obscured, inverse row are obscured is as shown in table 6, wherein b
i, 1', b
i, 2', b
i, 3', b
i, 4' and b
1, j', b
2, j', b
3, j', b
4, j' be through operation after byte, b
i, 1, b
i, 2, b
i, 3, b
i, 4and b
1, j, b
2, j, b
3, j, b
4, jfor preoperative byte.Row displacement row are obscured module and are utilized multiplying in look-up table functional realiey finite field, in XOR module, utilize line to realize row displacement and Retrograde transposition operation, and select corresponding data XOR to obtain row to obscure and inverse row confusion result, finally exported by Mode signal-line choosing, when Mode is low level, the displacement of output row and row obscure rear result, export Retrograde transposition and obscure rear result against arranging when Mode is high level.Being described in detail as follows of each module in Fig. 7: Mul2 module in charge carries out the operation taken advantage of with 2 moulds to input data; Mul3 module in charge carries out the operation taken advantage of with 3 moulds to input data; Mul9 module in charge carries out the operation taken advantage of with 9 moulds to input data; MulB module in charge carries out the operation taken advantage of with 11 moulds to input data; MulD module in charge carries out the operation taken advantage of with 13 moulds to input data; MulE module in charge carries out the operation taken advantage of with 14 moulds to input data; The data that forward XOR module in charge receives Datain data, Mul2, Mul3 export, and carry out xor operation, then the data after space is shifted and row are obscured are exported; Reverse XOR module in charge receives the data that Mul9, MulB, MulD, MulE module exports, and carries out xor operation, then the data after Retrograde transposition and inverse row are obscured is exported; Row displacement row obscure the data that register is responsible for temporary forward XOR module and the output of reverse XOR module, and according to Mode signal behavior one, export final data.These moulds of mul2, mul3, mul9, mulB, mulD, mulE take advantage of unit all based on look-up tables'implementation, and table 7 to table 12 sets forth their value table.
The capable displacement of table 6, Retrograde transposition, row are obscured, against arranging the mathematical expression form obscured
Table 7 mul2 module value table
Table 8 mul3 module value table
Table 9 mul9 module value table
Table 10 mulB module value table
Table 11 mulD module value table
Table 12 mulE module value table
Fig. 8 is Cipher-Text Stealing module work schematic diagram, supposes to comprise altogether n data cell in pending data block, and the length of data cell 1 to data cell n-1 is 16 bytes.When the length of data cell n is discontented with 16 byte, if its length is P byte, the data after data cell n-1 encryption and decryption are divided into two parts, front portion is middle output 1, length is P byte, and rear portion is middle output 2, and length is 16-P byte, centre is exported 1 as finally exporting n, centre is exported the high position that 2 add data cell n, after being combined into the length of 16 bytes, sends into main encryption/decryption module, the result obtained exports 3 for middle, and centre is exported 3 as finally exporting n-1.
Fig. 9 is the structured flowchart of Cipher-Text Stealing module, Cipher-Text Stealing scheduling unit obtains the data of whole cryptographic block from input data buffering module, and leave in schedule register 1 to schedule register 32, each schedule register deposits the data of 1 data cell, can support at most 32 data cells, the byte number of each data cell is no more than 16.Signal Len1 is the number of data cell, and signal Len2 is the byte number of last data cell, and when the byte number of last data cell is not 16, Smode line is set to high level by main control module, enables Cipher-Text Stealing function.Suppose that the value of Len1 is n, Cipher-Text Stealing scheduling unit is first sent into data cell n-1 in main encryption/decryption module, then successively data cell 1 to data cell n-2 is sent in main encryption/decryption module in order, finally read the data of data cell n-1 after encryption and decryption from Sdata, and take out high position data section and data cell n is merged into the data that length is 16 bytes, send in main encryption/decryption module, Sdone is placed in high level simultaneously, represent that data conveying is complete.If the byte number of data cell n is just 16, then Smode line is set to low level by control module, Cipher-Text Stealing scheduling unit is first sent into data cell n-1 in main encryption/decryption module, then successively data cell 1 to data cell n-2 is sent in main encryption/decryption module in order, finally direct data cell n to be sent in main encryption/decryption module, and Sdone holding wire is drawn high to indicate completing of Cipher-Text Stealing work.Each signal name and illustrate as shown in table 13:
The each signal instruction of table 13 Cipher-Text Stealing module
Figure 10 is Cipher-Text Stealing register module structured flowchart, and Cipher-Text Stealing register module is mainly used in the result of temporal data unit n-1 after encryption and decryption computing.When reset signal Reset is placed in high level, Cipher-Text Stealing register enters holding state, wait for main encryption/decryption module Output rusults, its write enable signal port En is connected with the index signal port Isdone that completes of main encryption/decryption module, when main encryption/decryption module completes encryption and decryption work, send index signal to Cipher-Text Stealing register module, encryption and decryption result latches by Cipher-Text Stealing register module, calls for Cipher-Text Stealing module.Being described in detail as follows of each parts in Figure 10: ciphertext deposits the Isdone index signal that control unit is responsible for receiving main encryption/decryption module, and according to these signal designation ciphertext registers latch data; Ciphertext register is connected with the output data line of main encryption/decryption module, and deposits the index signal latch data of control unit according to ciphertext.The each signal name of Cipher-Text Stealing register module and explanation thereof is given in table 14.
The each signal instruction of table 14 Cipher-Text Stealing module
Figure 11 is the state transition diagram of data encrypting and deciphering system, when Reset sets high level, system reset is standby to Idle state, under Idle state, when systems axiol-ogy is in high level state to Start signal, be introduced into round key extended mode Keyexpand, when round key expansion is complete, Key_ready signal is placed in high level, enters encryption and decryption flow process.Encryption and decryption flow process is decided to be in encryption or decrypted state by Mode signal, is determined whether enabling Cipher-Text Stealing function by Smode signal.Work as Key_ready=1, when Mode=0, Smode=1, enter Cipher-Text Stealing type encrypted state Enc_Steal; Work as Key_ready=1, when Mode=0, Smode=0, enter non-Cipher-Text Stealing type encrypted state Enc_Normal; Work as Key_ready=1, when Mode=1, Smode=0, enter non-Cipher-Text Stealing type decrypted state Dec_Normal; Work as Key_ready=1, when Mode=1, Smode=1, enter Cipher-Text Stealing type decrypted state Dec_Steal.After encryption and decryption work completes, Isdone signal is placed in high level, system enters and externally exports data mode Output, and when data output is complete or Reset signal is set to high level, system is got back to Idle state and waited for Start signal.
Embodiment:
The present embodiment completes test on the family chip XC5VFX130T of the Virtex5 of Xilinx company, specifically comprises the following steps:
Step 1: system electrification, initialization S box data, the S box that the composite S box in embodiment is exported by 88 inputs 8 and their inverse S box arrange in order and form in ROM, and low level deposits 1 to No. 8 S box in order, and a high position deposits 1 to No. 8 inverse S box in order.The data of composite S box decimally represent, as table 15:
The composite S box tables of data used in table 15 embodiment
Step 2: select cipher key spreading use S box built-up sequence 1 and main encryption/decryption module, adjusted value generation module use S box built-up sequence 2.The S box built-up sequence 1 used in an embodiment is: { S8, S7, S6, S5, S4, S3, S2, S1, S8, S7, S6, S5, S4}, S box built-up sequence 2 is: { S1, S2, S3, S4, S5, S6, S7, S8, S1, S2, S3, S4, S5, S6}.
Step 3: input master key, secondary key, the tune handle made by oneself, with hexadecimal representation, as table 16:
The master key inputted in table 16 embodiment, secondary key, tune bin value
Step 4: input test clear data, with hexadecimal representation, as table 17:
The test clear data inputted in table 17 embodiment
Data cell 1 | 0102030405060708090A0B0C0D0E0F10 |
Data cell 2 | 1112131415161718191A1B1C1D1E1F20 |
Data cell 3 | 2122232425262728292A2B2C2D2E2F30 |
Data cell 4 | 3132333435363738393A3B3C3D3E3F40 |
Data cell 5 | 4142434445464748494A4B4C4D4E4F50 |
Data cell 6 | 5152535455565758595A5B5C5D5E5F60 |
Data cell 7 | 6162636465666768696A6B6C6D6E6F70 |
Data cell 8 | 7172737475767778797A7B7C7D7E7F80 |
Data cell 9 | 8182838485868788898A8B8C8D8E8F90 |
Data cell 10 | 9192939495969798999A9B9C9D9E9FA0 |
Data cell 11 | 0102030405060708090A0B0C0D0E0F10 |
Data cell 12 | 1112131415161718191A1B1C1D1E1F20 |
Data cell 13 | 2122232425262728292A2B2C2D2E2F30 |
Data cell 14 | 3132333435363738393A3B3C3D3E3F40 |
Data cell 15 | 4142434445464748494A4B4C4D4E4F50 |
Data cell 16 | 5152535455565758595A5B5C5D5E5F60 |
Data cell 17 | 6162636465666768696A6B6C6D6E6F70 |
Data cell 18 | 7172737475767778797A7B7C7D7E7F80 |
Data cell 19 | 8182838485868788898A8B8C8D8E8F90 |
Data cell 20 | 9192939495969798999A9B9C9D9E9FA0 |
Data cell 21 | 0102030405060708090A0B0C0D0E0F10 |
Data cell 22 | 1112131415161718191A1B1C1D1E1F20 |
Data cell 23 | 2122232425262728292A2B2C2D2E2F30 |
Data cell 24 | 3132333435363738393A3B3C3D3E3F40 |
Data cell 25 | 4142434445464748494A4B4C4D4E4F50 |
Data cell 26 | 5152535455565758595A5B5C5D5E5F60 |
Data cell 27 | 6162636465666768696A6B6C6D6E6F70 |
Data cell 28 | 7172737475767778797A7B7C7D7E7F80 |
Data cell 29 | 8182838485868788898A8B8C8D8E8F90 |
Data cell 30 | 9192939495969798999A9B9C |
Step 5: Mode is set to low level, Smode is set to high level, is set to XTS encryption mode.Then Start signal is placed in high level, synchronous averaging cipher key expansion module, adjusted value generation module.Complete through 28 all after date adjusted value CMOS macro cell, round key is also ready, now start main encryption/decryption module, system carries out data cell encrypted work with streamline XTS pattern, through 28 all after dates, streamline is formally set up, and each cycle exports the ciphertext of 128, round key, inverse round key, adjusted value, ciphertext hexadecimal representation, respectively as shown in table 18, table 19, table 20, table 21:
Through expanding the round key obtained in table 18 embodiment
Round key 1 | 201F1E1D1C1B1A191817161514131211 |
Round key 2 | 100F0E0D0C0B0A090807060504030201 |
Round key 3 | DFCE154C14030201D7C61D4444D4F04B |
Round key 4 | BE66D369DBC21940EEB1212339FA9720 |
Round key 5 | B2C08FAD7DA3CC2C50F801CDF5CD79F9 |
Round key 6 | 572BE54487B3B7CEDF4550918749419E |
Round key 7 | 0D407C187A7028A50DBA8A48E35237B4 |
Round key 8 | 05F9378755B69B479CDB2896C1386CC7 |
Round key 9 | E53D0E927233956A71B3F9126D6898B3 |
Round key 10 | 295892E32C50BD4336039F3A13DE31F8 |
Round key 11 | 7CC4A01A2AD8FE9B434A2CA18910A219 |
Round key 12 | 96B364C766978263357B3845C3CABA50 |
Round key 13 | CAAAB866FF21B6FD6FF780556B9241CF |
Round key 14 | E324E1CF99460240779716FD506135E1 |
Round key 15 | CFED178D73F2D76706CA202CC4E6D15B |
Through expanding the inverse round key obtained in table 19 embodiment
Inverse round key 1 | 201F1E1D1C1B1A191817161514131211 |
Inverse round key 2 | AAF98CC33E25302F4261547B362D3827 |
Inverse round key 3 | C6639C71D6BDE897CE6B9479F1BE1377 |
Inverse round key 4 | E5744CBFBA27F825C277B75FD39C95AE |
Inverse round key 5 | 4417D9DAFDA230512DACB4518C616B3E |
Inverse round key 6 | 3E642DAA3C4796A04FA776C5ACB14844 |
Inverse round key 7 | 32391133EE6AA9AAA2CFCFD75E94EE16 |
Inverse round key 8 | 34879E6141D9F1568479D9DD5EB557EE |
Inverse round key 9 | 9D83FEA47822F81C82EF581CDB977210 |
Inverse round key 10 | 110DAAB65823D62FB2B820BA3EA71489 |
Inverse round key 11 | 584B8091EBC00AB63ECF423725624A2F |
Inverse round key 12 | E3170674B2D076042DB546ED94CE3089 |
Inverse round key 13 | E0AAF50136184EF5C6B4B38CC8A20C11 |
Inverse round key 14 | 9ED455F67FCFC5E8606E171231738522 |
Inverse round key 15 | CFED178D73F2D76706CA202CC4E6D15B |
The adjusted value generated in table 20 embodiment
Adjusted value 1 | A3D507777787B8A1BB1474CA8D6947BB |
Adjusted value 2 | C1AB0FEEEE0E71437729E8941BD38E76 |
Adjusted value 3 | 82571FDCDD1DE286EE52D02937A61DED |
Adjusted value 4 | 83AF3EB8BB3BC40DDDA5A0536E4C3BDA |
Adjusted value 5 | 815F7D707777881BBA4B41A7DC9876B4 |
Adjusted value 6 | 85BFFAE0EEEE10377497824EB931ED68 |
Adjusted value 7 | 0A7FF5C1DDDD216EE82E059D7263DAD1 |
Adjusted value 8 | 93FEEA83BBBB43DCD05D0A3AE5C6B4A3 |
Adjusted value 9 | A1FDD507777787B8A1BB1474CA8D6947 |
Adjusted value 10 | 42FBAB0FEEEE0E71437729E8941BD38E |
Adjusted value 11 | 03F6571FDCDD1DE286EE52D02937A61D |
Adjusted value 12 | 06ECAF3EB8BB3BC40DDDA5A0536E4C3B |
Adjusted value 13 | 0CD85F7D707777881BBA4B41A7DC9876 |
Adjusted value 14 | 18B0BFFAE0EEEE10377497824EB931ED |
Adjusted value 15 | B7607FF5C1DDDD216EE82E059D7263DA |
Adjusted value 16 | E9C1FEEA83BBBB43DCD05D0A3AE5C6B4 |
Adjusted value 17 | 5583FDD507777787B8A1BB1474CA8D69 |
Adjusted value 18 | AA06FBAB0FEEEE0E71437729E8941BD3 |
Adjusted value 19 | D30DF6571FDCDD1DE286EE52D02937A6 |
Adjusted value 20 | 211BECAF3EB8BB3BC40DDDA5A0536E4C |
Adjusted value 21 | 4236D85F7D707777881BBA4B41A7DC98 |
Adjusted value 22 | 036CB0BFFAE0EEEE10377497824EB931 |
Adjusted value 23 | 06D8607FF5C1DDDD216EE82E059D7263 |
Adjusted value 24 | 0CB0C1FEEA83BBBB43DCD05D0A3AE5C6 |
Adjusted value 25 | 9F6083FDD507777787B8A1BB1474CA8D |
Adjusted value 26 | B9C106FBAB0FEEEE0E71437729E8941B |
Adjusted value 27 | 72830DF6571FDCDD1DE286EE52D02937 |
Adjusted value 28 | E4061BECAF3EB8BB3BC40DDDA5A0536E |
Adjusted value 29 | C80D36D85F7D707777881BBA4B41A7DC |
Adjusted value 30 | 171B6CB0BFFAE0EEEE10377497824EB9 |
The encrypt data obtained is encrypted in table 21 embodiment
Data cell 1 | FBCFB5D6BC01762BDC72F6F6B69DA861 |
Data cell 2 | 3999BA886A05597CE8EB697E2D54D78A |
Data cell 3 | 2BC53708573957D439AA6A8DDAB4D8C8 |
Data cell 4 | FFAA277342B499F9CA85AA21C190A4E7 |
Data cell 5 | CA3E91D8C36D167E164DB6ED7C0E73C2 |
Data cell 6 | 59D06CC449C5217F647E640E716ED444 |
Data cell 7 | 297BC9C547C92BEFA0DB4C1802486089 |
Data cell 8 | 95A8DFF1C6782B481943A7510ABCDA52 |
Data cell 9 | E5B7D052D8314ED3503F22507E65045E |
Data cell 10 | BE574D498331B5690A1FB732C62ECBDB |
Data cell 11 | 775C7089F7BDD5307A1051982635D830 |
Data cell 12 | 0DA363875A2A6D58296695449A9E6D94 |
Data cell 13 | 92BF63149A25A709E8397406A5F47FE9 |
Data cell 14 | C98DABCC9D21542F6ABAD1C46726650A |
Data cell 15 | 29526F45BFFEF80564948A006B1EC329 |
Data cell 16 | 881C0B277169AB89EB536644744A7474 |
Data cell 17 | 3ECB9F75F8F0F09AFC41345E061823A9 |
Data cell 18 | 7B9740FED4547F425581644B0102212A |
Data cell 19 | 59E8C1F89ED02DA7DB72A77C06A4D1A8 |
Data cell 20 | F47A268597601F768103726B6F67F8FD |
Data cell 21 | 14CAD8B4AE00A011968826FA66B1390A |
Data cell 22 | C272717BAD4B2480044394B9C6841B9F |
Data cell 23 | 7A3027B6E415C4D47B106239A58D768F |
Data cell 24 | 40B44094C9ADDF6CE43BB012238B7B99 |
Data cell 25 | AFDF8D86978AB7C0B92E6675782B856E |
Data cell 26 | D0AF4847BA973EF13D1D723BA086004D |
Data cell 27 | F1A5D06EA842F2A13984206BE7B592CB |
Data cell 28 | C2059F9646BBAFBDDFC6196350E52829 |
Data cell 29 | 6B321331EE5A5B9F0FE0E2D1863D7BA4 |
Data cell 30 | EABFA35DC647AE2329F43E99 |
Step 6: after Reset being set to high level reset, repeats step 1 to step 3.Then inputted as data to be decrypted by the encrypt data in table 21, after input, Mode is set to high level, Smode is set to high level, is set to XTS decryption mode.Then Start signal is placed in high level, synchronous averaging cipher key expansion module, adjusted value generation module.Complete through 28 all after date adjusted value CMOS macro cell, inverse round key is also ready, now start main encryption/decryption module, system carries out data cell decryption work with streamline XTS pattern, through 28 all after dates, streamline is formally set up, and each cycle exports the solution ciphertext of 128, separates encrypt data shown in table 22:
The solution encrypt data obtained in table 22 embodiment
Data cell 1 | 0102030405060708090A0B0C0D0E0F10 |
Data cell 2 | 1112131415161718191A1B1C1D1E1F20 |
Data cell 3 | 2122232425262728292A2B2C2D2E2F30 |
Data cell 4 | 3132333435363738393A3B3C3D3E3F40 |
Data cell 5 | 4142434445464748494A4B4C4D4E4F50 |
Data cell 6 | 5152535455565758595A5B5C5D5E5F60 |
Data cell 7 | 6162636465666768696A6B6C6D6E6F70 |
Data cell 8 | 7172737475767778797A7B7C7D7E7F80 |
Data cell 9 | 8182838485868788898A8B8C8D8E8F90 |
Data cell 10 | 9192939495969798999A9B9C9D9E9FA0 |
Data cell 11 | 0102030405060708090A0B0C0D0E0F10 |
Data cell 12 | 1112131415161718191A1B1C1D1E1F20 |
Data cell 13 | 2122232425262728292A2B2C2D2E2F30 |
Data cell 14 | 3132333435363738393A3B3C3D3E3F40 |
Data cell 15 | 4142434445464748494A4B4C4D4E4F50 |
Data cell 16 | 5152535455565758595A5B5C5D5E5F60 |
Data cell 17 | 6162636465666768696A6B6C6D6E6F70 |
Data cell 18 | 7172737475767778797A7B7C7D7E7F80 |
Data cell 19 | 8182838485868788898A8B8C8D8E8F90 |
Data cell 20 | 9192939495969798999A9B9C9D9E9FA0 |
Data cell 21 | 0102030405060708090A0B0C0D0E0F10 |
Data cell 22 | 1112131415161718191A1B1C1D1E1F20 |
Data cell 23 | 2122232425262728292A2B2C2D2E2F30 |
Data cell 24 | 3132333435363738393A3B3C3D3E3F40 |
Data cell 25 | 4142434445464748494A4B4C4D4E4F50 |
Data cell 26 | 5152535455565758595A5B5C5D5E5F60 |
Data cell 27 | 6162636465666768696A6B6C6D6E6F70 |
Data cell 28 | 7172737475767778797A7B7C7D7E7F80 |
Data cell 29 | 8182838485868788898A8B8C8D8E8F90 |
Data cell 30 | 9192939495969798999A9B9C |
As can be seen from embodiment, hard disc data encryption and decryption process chip of the present invention uses the key schedule after selectable composite S box, improvement, and success has carried out encryption and decryption with XTS encryption and decryption pattern to data block, and encryption and decryption result is entirely true.Same plaintext can obtain different ciphertexts on different logical places, and each clock cycle can export the deal with data of 128, illustrates that process chip also reaches treatment effeciency at a high speed while ensure that reliability.
As shown in figure 12, data encryption/decryption method in the present invention comprises the following steps: (1) main control module carries out Initialize installation according to Reset signal, according to the Start signal of outside input, start encryption and decryption functions, according to mode signal determination chip operation at encryption or decryption mode, and the S box combination that main encryption/decryption module and adjusted value generation module use is set according to Sn1, according to Sn2, the S box combination that cipher key expansion module uses is set.(2) data that transmit according to main control module of cipher key expansion module and signal, expand to the round key used in main encryption/decryption module, Key2 expanded to the round key used in adjusted value generation module by Key1.(3) input data buffering module outer input data is kept in, and according to the signal that main control module sends, by temporary data input Cipher-Text Stealing module; Meanwhile, preset tune handle and the Ln value received are sent into adjusted value generation module by main control module.(4) Cipher-Text Stealing module is according to the signal of main control module, selects enable or do not enable Cipher-Text Stealing pattern.(5) main encryption module and adjusted value generation module are under the control of main control module, corresponding round key is called respectively from cipher key expansion module, adjusted value generation module generates adjusted value after being encrypted by preset tune handle, and sent into main encryption module, main encryption/decryption module obtains data from Cipher-Text Stealing module, execution pipeline walks abreast encryption and decryption operation, the data after process is sent in data outputting module.(6) after encryption and decryption work completes, main encryption/decryption module sends signal to main control module, and main control module coordination data output module exports encryption or decrypted result.
Sn1 and Sn2 in step 1 is the S box sequential combination that user selects, the higher limit of number of combinations depends on the S box number comprised in composite S box, use 14 S boxes are all needed in main encryption/decryption module He in adjusted value module, use 13 S boxes are needed in cipher key expansion module, in encryption chip of the present invention, contain 8 different S boxes in composite S box, therefore the selectable number of combinations upper limit of Sn1 is 8
14, the selectable number of combinations upper limit of Sn2 is 8
13.
Key schedule in step 2, provides according to following formula:
Wherein i=2,3,4 ..., 14.W
4ito W
4i+3represent the 1st in round key respectively to the 4th 32 words, and W
0to W
7directly provided by the initial key of 256.Function
wherein symbol
for step-by-step XOR; SubBytes is byte substitution operation; RotBytes is the circulative shift operation in units of byte, supposes W={b1, b2, b3, b4}, and wherein b1, b2, b3, b4 are octet, so RotBytes (W)={ b2, b3, b4, b1}; Rcon is the wheel constant of 32, and latter 24 are 0, and first 8 is that Rc, Rc determine according to the wheel sequence number i when front-wheel, shown in table 23:
Table 23 Rcon first eight bits value table (hexadecimal)
i | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 |
RC | 01 | 02 | 04 | 08 | 10 | 20 | 40 | 80 | 1b | 36 | 6c | d8 | ab |
Ln in step 3 is the logical place of ciphering unit in cryptographic block, starts most to be 0, and maximum is 31.
Whether the Cipher-Text Stealing module in step 4 adopts Cipher-Text Stealing pattern according to the signal behavior of main control module, and tentation data block is split into altogether n data cell, and a front n-1 data unit length is 16 bytes, and the length of the n-th data cell is not more than 16 bytes.First data cell n-1 sends in main encryption/decryption module and carries out encryption and decryption operation by Cipher-Text Stealing module, is then sent in main encryption module by data cell 1 to data cell n-2 successively and carries out encryption and decryption operation.Finally, if the length of data cell n is just 16 bytes, then Smode holding wire drags down by main control module, and Cipher-Text Stealing module is directly sent into data cell n in main encryption/decryption module; If the length of data cell n is not 16 bytes, be assumed to be p byte (p < 16), then Smode holding wire is drawn high by main control module, Cipher-Text Stealing module takes out the data of high-order 16-p byte after the encryption and decryption of data cell n-1 from register module, the data of 16 bytes are spliced into the n-th data cell, send in main encryption/decryption module, the data obtained after encryption and decryption are as final (n-1)th unit exported, and the low level P byte after the encryption and decryption of original data cell n-1 is as the final Unit n-th exported.
Adjusted value generation module in step 5 comprises 1 first run InvAddRoundKey module, 14 adjusted value wheels computing module, 1 adjusted value register module and 1 adjusted value power operation module.Preset tune handle and first run round key are carried out XOR operation by first run InvAddRoundKey module in charge; Adjusted value wheel computing module is responsible for input value being carried out 14 next round computing cryptographic operations, computing module comprises adjusted value byte substitution module to front 13 adjusted values wheel, adjusted value capable displacement row obscure module, adjusted value InvAddRoundKey module, and last 1 adjusted value wheel computing module comprises adjusted value byte substitution module, adjusted value capable displacement InvAddRoundKey module; Adjusted value register module is for depositing the adjusted value of current output; The data that adjusted value register module exports are carried out finite field gf (2 by adjusted value power operation module in charge
128) on power operation and modular multiplication.Main encryption/decryption module comprises the first main encryption and decryption XOR module, the second main encryption and decryption XOR module, 14 main encryption and decryption wheel computing modules.Input data and adjusted value, the 0th round key of taking turns are carried out xor operation by the first main encryption and decryption XOR module in charge; Data after third wheel computing and adjusted value are carried out xor operation by the second main encryption and decryption XOR module in charge; Main encryption and decryption wheel computing module is responsible for input value being carried out 14 next round computing cryptographic operations, front 13 main encryption and decryption wheel computing modules comprise main encryption and decryption byte substitution module, main encryption and decryption row displacement row obscure module, main encryption and decryption InvAddRoundKey module, and last 1 main encryption and decryption wheel computing module comprises main encryption and decryption byte substitution module, main encryption and decryption row displacement InvAddRoundKey module.
In data encrypting and deciphering system and method for the present invention, the algorithm that encryption and decryption adopts improves based on XTS-AES, the byte substitution operation related in main encryption/decryption module, cipher key expansion module, adjusted value generation module utilizes composite S box to realize, composite S box exports S boxes by multiple 8 inputs 8 and inverse S box combines, and can select by address wire the S box used; Key schedule used by cipher key expansion module provides by formula (1); Encryption chip entirety adopts the XTS Cipher-Text Stealing pattern adapting to pile line operation, first data cell n-1 sends in main encryption/decryption module and carries out encryption and decryption operation by Cipher-Text Stealing module, then successively data cell 1 to data cell n-2 is sent in main encryption module and carries out encryption and decryption operation, finally according to the signal pin of main control module to data cell n process; Main encryption/decryption module, adjusted value generation module, cipher key expansion module adopt pipeline organization, and the byte substitution related in these modules operation, row displacement row are obscured operation and all realized based on look-up table and line function.
The present invention is based on FPGA to realize operating the streamline encryption and decryption of hard disc data, have employed the XTS encryption and decryption pattern adapting to pile line operation, make fail safe and efficiency all be better than traditional encryption and decryption pattern.In fail safe, improve for byte substitution module and cipher key expansion module, byte substitution module utilizes the S box of compound, and can specify by user the S box built-up sequence used in encryption and decryption flow process, ensure that the speed of byte substitution simultaneously; The key schedule that cipher key expansion module adopts adopts type function of can not deriving, the round key of often taking turns is converted by the round key of front two-wheeled, assailant cannot be derived remaining round key by known round key, make key schedule have stronger fail safe than aes algorithm.
The present invention is directed to the safety issue of key schedule and single fixing S box in current aes algorithm, and the safety issue of legacy packets password encryption pattern, propose a kind of data encrypting and deciphering system and method.Cryptographic algorithm in the present invention, on the basis of aes algorithm, changes key schedule, makes assailant cannot be released remaining round key by known round key.Take XTS encryption mode, not only make security performance be better than traditional encryption mode further, more can utilize pipeline and parallel design data, improve the data throughput of encryption chip.In addition, introduce multiple S box mechanism, according to the selection of user, different wheel computings will adopt different S boxes.
In the data encrypting and deciphering system that the present invention proposes, the permutation function used in byte substitution operation is made up of multiple 8 inputs, 8 S boxes exported, and the output data of displacement layer select data jointly to determine by clear data and displacement box.Use the initial key of 256, in key schedule, each round key of taking turns needs jointly to be determined by the round key of front two-wheeled.Encryption chip adopts XTS encryption mode, and except master key and plaintext, add the input of adjusted value, adjusted value generates after preset tune handle is encrypted computing and modular multiplication.For each Plaintext block, Cipher-Text Stealing pattern is utilized to obtain last 32 bytes of ciphertext blocks.Encryption/decryption module uses identical pipeline organization, and controlling present mode by control unit is encryption mode or decryption mode.Byte manipulation in wheel computing and row are obscured operation and are realized by look-up table ROM module, and row shifting function utilizes line function to realize.
Although described and described and be counted as example embodiment of the present invention, it will be apparent to those skilled in the art that and can make various change and replacement to it, and spirit of the present invention can not have been departed from.In addition, many amendments can be made so that particular case is fitted to religious doctrine of the present invention, and central concept of the present invention described here can not be departed from.So the present invention is not limited to specific embodiment disclosed here, but the present invention also may comprise all embodiments and equivalent thereof that belong to the scope of the invention.
Claims (10)
1. a data encrypting and deciphering system, is characterized in that: comprise input data buffering module, main control module, adjusted value generation module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and data outputting module; Described input data buffering module keeps in the data of outside input; Described master control module controls input data buffering module, adjusted value generation module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and data outputting module; Described adjusted value generation module generates the adjusted value that XTS encryption mode needs; The wheel arithmetic operation that the state matrix of described main encryption/decryption module to described data is encrypted or deciphers, initial key is extended to the round key needed for described main encryption/decryption module by described cipher key expansion module; Described Cipher-Text Stealing module realizes the Cipher-Text Stealing in XTS encryption mode; Described Cipher-Text Stealing register module keeps in the middle encryption and decryption data required for Cipher-Text Stealing; Described data outputting module externally exports encryption or decrypted result.
2. data encrypting and deciphering system as claimed in claim 1, is characterized in that: described adjusted value generation module comprises first run InvAddRoundKey module, multiple adjusted value byte substitution module, multiple adjusted value capable displacement row obscure module, multiple adjusted value InvAddRoundKey module, adjusted value capable displacement InvAddRoundKey module, adjusted value register module, adjusted value power operation module; Preset tune handle and the 0th round key of taking turns are carried out xor operation by described first run InvAddRoundKey module; The data of input are converted to according to mapping ruler and export data accordingly by described multiple adjusted value byte substitution module; Described multiple adjusted value capable displacement row are obscured module and the data of input are carried out position adjustment, and realize data by multiplying and XOR obscure process; The round key that current data and each are taken turns by described multiple adjusted value InvAddRoundKey module carries out step-by-step xor operation; Described adjusted value capable displacement InvAddRoundKey module is adjusted and xor operation by position, realizes row shift function and the InvAddRoundKey function of data simultaneously; Described adjusted value register module keeps in intermediate object program; Described adjusted value power operation module, by shifting function and xor operation, realizes the power operation function of data.
3. data encrypting and deciphering system as claimed in claim 1, is characterized in that: described main encryption/decryption module comprises multiple main encryption and decryption byte substitution module, multiple main encryption and decryption row displacement row obscure module, multiple main encryption and decryption InvAddRoundKey module, the first main encryption and decryption XOR module, main encryption and decryption row displacement InvAddRoundKey module, the second main encryption and decryption XOR module; The data of input are converted to according to mapping ruler and export data accordingly by described main encryption and decryption byte substitution module; Described main encryption and decryption row displacement row are obscured module and the data of input are carried out position adjustment, and realize obscuring of data by multiplying and XOR; Input data and corresponding round key are carried out XOR by described main encryption and decryption InvAddRoundKey module; Described first main encryption and decryption XOR module carries out xor operation by inputting data and adjusted value and the 0th round key of taking turns; Described main encryption and decryption row displacement InvAddRoundKey module is adjusted and xor operation by position, realizes row shift function and the InvAddRoundKey function of data simultaneously; Input data and adjusted value are carried out XOR and to be gone forward side by side line output by described second main encryption and decryption XOR module.
4. data encrypting and deciphering system as claimed in claim 1, is characterized in that: described cipher key expansion module comprises cipher key spreading control unit, a F function module, the 2nd F function module, the first cipher key spreading XOR module, the second cipher key spreading XOR module, Mul9 module, MulB module, MulD module and MulE module; Described cipher key spreading control unit is responsible for receiving external data and signal, the collaborative work of coordination key schedule modules, externally exporting secret generating settling signal; A described F function module carries out F function operation to 1 round key of taking turns before current; Described 2nd F function module carries out F function operation to 2 round key of taking turns before current; The data of described first cipher key spreading XOR module to input are carried out xor operation and are generated current round key; Described Mul9 module carries out the operation taken advantage of with 9 moulds to input data; Described MulB module carries out the operation taken advantage of with 11 moulds to input data; Described MulD module carries out the operation taken advantage of with 13 moulds to input data; Described MulE module carries out the operation taken advantage of with 14 moulds to input data; The data of input are carried out xor operation by described second cipher key spreading XOR module, generate the inverse round key that epicycle round key is corresponding.
5. data encrypting and deciphering system as claimed in claim 1, is characterized in that: described Cipher-Text Stealing module comprises Cipher-Text Stealing scheduling unit and multiple schedule register; Described Cipher-Text Stealing scheduling unit obtains the data of whole cryptographic block from described input data buffering module, and leaves in described schedule register, and described schedule register deposits the data through the input of input data buffering module.
6. data encrypting and deciphering system as claimed in claim 1, it is characterized in that: the byte substitution operation in described adjusted value generation module, main encryption/decryption module and cipher key expansion module utilizes composite S box to realize, composite S box comprises multiple 8 inputs 8 and exports S boxes and inverse S box thereof, and can select by address wire the S box used.
7. data encrypting and deciphering system as claimed in claim 1, it is characterized in that: described main encryption/decryption module, adjusted value generation module and cipher key expansion module adopt pipeline organization, the byte substitution operation in described adjusted value generation module, main encryption/decryption module and cipher key expansion module and row displacement row are obscured operation and are all realized based on look-up table and line function.
8. a data encryption/decryption method, is characterized in that comprising the steps:
(1) main control module carries out Initialize installation, according to the signal of outside input, starts encryption and decryption functions;
(2) the S box that main encryption/decryption module and adjusted value generation module are used is set;
(3) the S box that cipher key expansion module is used is set;
(4) data that transmit according to main control module of cipher key expansion module and signal, produce the round key used in main encryption/decryption module, produce the round key used in adjusted value generation module;
(5) input data buffering module outer input data is kept in, and according to the signal that main control module sends, by temporary data input Cipher-Text Stealing module; The logical place value received is sent into adjusted value generation module by described main control module;
(6) Cipher-Text Stealing module is according to the signal of main control module, selects enable or do not enable Cipher-Text Stealing pattern;
(7) main encryption module and adjusted value generation module are under the control of main control module, corresponding round key is called respectively from cipher key expansion module, the encryption of the tune handle of input is generated adjusted value by adjusted value generation module, and sent into main encryption module, main encryption/decryption module obtains data from Cipher-Text Stealing module, execution pipeline walks abreast encryption and decryption operation, the data after process is sent in data outputting module.
9. data encryption/decryption method as claimed in claim 8, is characterized in that using following key schedule,
Wherein i=2,3,4 ..., 14; W
4ito W
4i+3represent the 1st in round key respectively to the 4th 32 words, and W
0to W
7directly provided by the initial key of 256; Function
wherein symbol
for step-by-step XOR; SubBytes is byte substitution operation; RotBytes is the circulative shift operation in units of byte.
10. data encryption/decryption method as claimed in claim 8, characterized by further comprising following steps:
After encryption and decryption work completes, main encryption/decryption module sends signal to main control module, and main control module coordination data output module exports encryption or decrypted result.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510238121.4A CN104852798B (en) | 2015-05-11 | 2015-05-11 | A kind of data encrypting and deciphering system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510238121.4A CN104852798B (en) | 2015-05-11 | 2015-05-11 | A kind of data encrypting and deciphering system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104852798A true CN104852798A (en) | 2015-08-19 |
CN104852798B CN104852798B (en) | 2017-10-03 |
Family
ID=53852168
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510238121.4A Expired - Fee Related CN104852798B (en) | 2015-05-11 | 2015-05-11 | A kind of data encrypting and deciphering system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104852798B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105356996A (en) * | 2015-12-14 | 2016-02-24 | 联想(北京)有限公司 | Ciphertext processing method, electronic equipment and ciphertext processing device |
CN106254061A (en) * | 2016-08-14 | 2016-12-21 | 北京数盾信息科技有限公司 | A kind of express network storage encipher-decipher method |
CN106341419A (en) * | 2016-10-17 | 2017-01-18 | 重庆邮电大学 | Method and mobile terminal for invoking external encryption and decryption module |
CN107888373A (en) * | 2016-09-29 | 2018-04-06 | 北京忆芯科技有限公司 | XTS AES encryptions circuit, decryption circuit and its method |
CN109150497A (en) * | 2018-07-26 | 2019-01-04 | 南京航空航天大学 | A kind of XTS-SM4 encrypted circuit of high-performance small area |
CN111047849A (en) * | 2019-12-30 | 2020-04-21 | 江苏大周基业智能科技有限公司 | Networking remote control password module and safe remote control system |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11838402B2 (en) | 2019-03-13 | 2023-12-05 | The Research Foundation For The State University Of New York | Ultra low power core for lightweight encryption |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8155308B1 (en) * | 2006-10-10 | 2012-04-10 | Marvell International Ltd. | Advanced encryption system hardware architecture |
CN103109296A (en) * | 2010-09-24 | 2013-05-15 | 英特尔公司 | A tweakable encrypion mode for memory encryption with protection against replay attacks |
-
2015
- 2015-05-11 CN CN201510238121.4A patent/CN104852798B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8155308B1 (en) * | 2006-10-10 | 2012-04-10 | Marvell International Ltd. | Advanced encryption system hardware architecture |
CN103109296A (en) * | 2010-09-24 | 2013-05-15 | 英特尔公司 | A tweakable encrypion mode for memory encryption with protection against replay attacks |
Non-Patent Citations (3)
Title |
---|
冉飞: "《基于XTS-AES的主机加密卡的FPGA的设计与实现》", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
李子磊: "《高吞吐率XTS-AES加密算法的硬件实现》", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
贾艳梅、陶新: "《SMS4算法应用于空间数据加密的研究及实现》", 《空间电子技术》 * |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105356996A (en) * | 2015-12-14 | 2016-02-24 | 联想(北京)有限公司 | Ciphertext processing method, electronic equipment and ciphertext processing device |
CN105356996B (en) * | 2015-12-14 | 2018-11-09 | 联想(北京)有限公司 | A kind of ciphertext processing method, electronic equipment and ciphertext processing unit |
CN106254061A (en) * | 2016-08-14 | 2016-12-21 | 北京数盾信息科技有限公司 | A kind of express network storage encipher-decipher method |
CN106254061B (en) * | 2016-08-14 | 2019-08-23 | 北京数盾信息科技有限公司 | A kind of high speed network storage encipher-decipher method |
CN107888373A (en) * | 2016-09-29 | 2018-04-06 | 北京忆芯科技有限公司 | XTS AES encryptions circuit, decryption circuit and its method |
CN106341419A (en) * | 2016-10-17 | 2017-01-18 | 重庆邮电大学 | Method and mobile terminal for invoking external encryption and decryption module |
CN106341419B (en) * | 2016-10-17 | 2019-04-19 | 重庆邮电大学 | A kind of method that calling external encryption/decryption module and mobile terminal |
CN109150497A (en) * | 2018-07-26 | 2019-01-04 | 南京航空航天大学 | A kind of XTS-SM4 encrypted circuit of high-performance small area |
CN109150497B (en) * | 2018-07-26 | 2020-07-24 | 南京航空航天大学 | XTS-SM4 encryption circuit with high performance and small area |
CN111047849A (en) * | 2019-12-30 | 2020-04-21 | 江苏大周基业智能科技有限公司 | Networking remote control password module and safe remote control system |
CN111047849B (en) * | 2019-12-30 | 2021-05-18 | 江苏大周基业智能科技有限公司 | Networking remote control password module and safe remote control system |
Also Published As
Publication number | Publication date |
---|---|
CN104852798B (en) | 2017-10-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104852798A (en) | Data encryption and decryption system and method thereof | |
Zhang et al. | Implementation approaches for the advanced encryption standard algorithm | |
CN101350714B (en) | Efficient advanced encryption standard (AES) data path using hybrid RIJNDAEL S-BOX | |
US10320554B1 (en) | Differential power analysis resistant encryption and decryption functions | |
CN107707343B (en) | SP network structure lightweight block cipher realization method with consistent encryption and decryption | |
CN106921487B (en) | Reconfigurable S-box circuit structure | |
CN103516512A (en) | Encryption and decryption method and encryption and decryption device based on AES (advanced encryption standard) algorithm | |
Karthigaikumar et al. | Simulation of image encryption using AES algorithm | |
CN104065474B (en) | Novel low-resource efficient lightweight Surge block cipher implementation method | |
CN104639314A (en) | Device based on AES (advanced encryption standard) encryption/decryption algorithm and pipelining control method | |
CN101764684A (en) | Encrypting and deciphering system for realizing SMS4 algorithm | |
CN105959107A (en) | Novel and highly secure lightweight SFN block cipher implementation method | |
CN111431697A (en) | Novel method for realizing lightweight block cipher COR L | |
CN108933653A (en) | A kind of AES encrypting and deciphering system and method based on large-scale data | |
CN111064562A (en) | Implementation method of AES algorithm on FPGA | |
US10237066B1 (en) | Multi-channel encryption and authentication | |
CN109150495B (en) | Round conversion multiplexing circuit and AES decryption circuit thereof | |
CN109039583B (en) | Multiplexing round conversion circuit, AES encryption circuit and encryption method | |
JP4098719B2 (en) | Programmable data encryption engine for AES algorithm | |
CN100561911C (en) | Sbox module optimization method and optimization circuit in a kind of AES decipher circuit | |
JP2005513541A6 (en) | Programmable data encryption engine for AES algorithm | |
CN109033893B (en) | AES encryption unit based on synthetic matrix, AES encryption circuit and encryption method thereof | |
CN109033847B (en) | AES encryption operation unit, AES encryption circuit and encryption method thereof | |
CN108809627B (en) | Round conversion multiplexing circuit and AES decryption circuit | |
CN102780557B (en) | Method and device for AES (advanced encryption standard) encryption/decryption with selection gate optimization |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
EXSB | Decision made by sipo to initiate substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20171003 |