CN104852798B - A kind of data encrypting and deciphering system and method - Google Patents
A kind of data encrypting and deciphering system and method Download PDFInfo
- Publication number
- CN104852798B CN104852798B CN201510238121.4A CN201510238121A CN104852798B CN 104852798 B CN104852798 B CN 104852798B CN 201510238121 A CN201510238121 A CN 201510238121A CN 104852798 B CN104852798 B CN 104852798B
- Authority
- CN
- China
- Prior art keywords
- module
- data
- mrow
- decryption
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The invention discloses a kind of data encrypting and deciphering system and method, the system includes input data buffer module, main control module, adjusted value generation module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and data outputting module;The input data buffer module keeps in the data of outside input;The master control module controls input data buffer module, adjusted value generation module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and data outputting module;The adjusted value that the adjusted value generation module generation XTS encryption modes need;Initial key is extended to the round key needed for the main encryption/decryption module by the wheel arithmetic operation that the main encryption/decryption module is encrypted or decrypted to the state matrix of the data, the cipher key expansion module;The Cipher-Text Stealing module realizes the Cipher-Text Stealing in XTS encryption modes;The Cipher-Text Stealing register module keeps in the middle encryption and decryption data required for Cipher-Text Stealing;The data outputting module is encrypted or decrypted result to outside output.
Description
Technical field
The present invention relates to information science technology field, more particularly to a kind of data encrypting and deciphering system and method.
Background technology
In area information storage, the implementation method for carrying out encryption and decryption for hard disc data can be divided into soft encryption and hardware encryption two
Major class.Hardware encryption is to coordinate corresponding software by special process chip, to realize the encryption process to hard disc data.
Compared with not needing the soft encryption of additional hardware, hardware encryption has the spies such as speed is fast, occupying system resources are few, Cipher Strength is high
Point.
The disclosure of upper background technology content is only used for inventive concept and the technical scheme that auxiliary understands the present invention, and it is not necessarily
So belong to the prior art of present patent application, without tangible proof show the above present patent application the applying date
In the case of disclosed, above-mentioned background technology should not be taken to evaluate the novelty and creativeness of the application.
The content of the invention
(main) purpose of the invention is to propose a kind of data encrypting and deciphering system and method, to solve above-mentioned existing skill
The slow technical problem of enciphering rate that art is present.
Therefore, the present invention proposes a kind of data encrypting and deciphering system, including input data buffer module, main control module, adjustment
It is worth generation module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and data defeated
Go out module;The input data buffer module keeps in the data of outside input;The master control module controls input data buffers mould
Block, adjusted value generation module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and
Data outputting module;The adjusted value that the adjusted value generation module generation XTS encryption modes need;The main encryption/decryption module pair
Initial key is extended to by the wheel arithmetic operation that the state matrix of the data is encrypted or decrypted, the cipher key expansion module
Round key needed for the main encryption/decryption module;The Cipher-Text Stealing module realizes the Cipher-Text Stealing in XTS encryption modes;It is described
Cipher-Text Stealing register module keeps in the middle encryption and decryption data required for Cipher-Text Stealing;The data outputting module is defeated to outside
Go out encryption or decrypted result.
A kind of data encryption/decryption method, comprises the following steps:Main control module carries out Initialize installation, according to outside input
Signal, starts encryption and decryption functions;The S boxes for setting main encryption/decryption module and adjusted value generation module to use;Cipher key spreading mould is set
The S boxes that block is used;Data and signal that cipher key expansion module is transmitted according to main control module, produce what is used in main encryption/decryption module
Round key, produces the round key used in adjusted value generation module;Input data buffer module keeps in outer input data, and
The signal sent according to main control module, by temporary data input Cipher-Text Stealing module;The main control module will be received
Logical place value sends into adjusted value generation module;Cipher-Text Stealing module selects to enable or do not enable according to the signal of main control module
Cipher-Text Stealing pattern;Main encryption module and adjusted value generation module are under the control of main control module, respectively from cipher key expansion module
Corresponding round key is called, the tune handle encryption generation adjusted value of input is sent to main encryption mould by adjusted value generation module
Block, main encryption/decryption module obtains data, the parallel encryption and decryption operation of execution pipeline, by the number after processing from Cipher-Text Stealing module
According in feeding data outputting module.
The beneficial effect that the present invention is compared with the prior art includes:Add present invention employs the XTS for adapting to pile line operation
Decryption mode so that security and efficiency are superior to traditional encryption and decryption pattern.
Brief description of the drawings
Fig. 1 is the overall construction drawing of invention;
Fig. 2 is the block diagram of the adjusted value generation module of the present invention;
Fig. 3 is the block diagram of the main encryption/decryption module of the present invention;
Fig. 4 is cipher key expansion module schematic diagram;
Fig. 5 is the structured flowchart of cipher key expansion module;
Fig. 6 is the structured flowchart of composite S cartridge module;
Fig. 7 is the structured flowchart that row displacement row obscure module;
Fig. 8 is the schematic diagram of Cipher-Text Stealing module;
Fig. 9 is the structured flowchart of Cipher-Text Stealing module;
Figure 10 is the structured flowchart of register module;
Figure 11 is the state transition diagram of data encrypting and deciphering system;
Figure 12 is the workflow diagram of the present invention.
Embodiment
With reference to embodiment and compare accompanying drawing the present invention is described in further detail.It is emphasized that
What the description below was merely exemplary, the scope being not intended to be limiting of the invention and its application.
With reference to the following drawings, the embodiment of non-limiting and nonexcludability will be described, wherein identical reference is represented
Identical part, unless stated otherwise.
It would be recognized by those skilled in the art that it is possible that numerous accommodations are made to above description, so embodiment is only
For describing one or more particular implementations.
As shown in figure 1, a kind of data encrypting and deciphering system includes input data buffer module, main control module, adjusted value generation
Module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and data outputting module.
Input data buffer module is used for the data for keeping in external bus input.Main control module is used for the encryption and decryption of conversioning wheel computing module
Pattern, coordinate cipher key expansion module, adjusted value generation module and main encryption/decryption module work, provide necessity for cipher key expansion module
Data, control Cipher-Text Stealing flow and input and output flow.Adjusted value generation module is used to generate XTS encryption modes needs
Adjusted value.Main encryption/decryption module is responsible for the wheel arithmetic operation that the state matrix of data is encrypted or decrypted, and takes turns arithmetic operation
Obscure including byte substitution, inverse byte substitution, row displacement, Retrograde transposition, row, it is inverse arrange obscure, the child-operation such as InvAddRoundKey.Key
Expansion module is used to being extended to initial key into the round key needed for main encryption/decryption module.Cipher-Text Stealing module is used to realize XTS
Cipher-Text Stealing function in encryption mode.Cipher-Text Stealing register module is used to keep in the middle encryption and decryption required for Cipher-Text Stealing
Data.Data outputting module is used for outside output encryption or decrypted result.Each signal name explanation in Fig. 1 is as shown in table 1:
Each external signal title explanation of table 1
Fig. 2 is adjusted value generation module block diagram.Tweak is 128 preset tune handles, is carried out the wheel encryption fortune of 14 wheels
Calculate, and taking turns the round key that cryptographic calculation uses is obtained using the Key2 extensions of outside input.Handle is adjusted after third wheel computing
Data are put into adjustment value register, are then entered together in adjusted value power operation module with Ln signals, after power operation, will
Tdone signals are placed in high level, start output adjustment value.Adjusted value power operation module, will when Tdone signals are placed in high level
Value in register is sent out, then within the Ln-1 subsequent cycle, and circulation performs following operate:First determine whether 128 inputs
The highest order of data is 1 or 0, if highest order is 0, overall data directly is moved to left into 1;, will if highest order is 1
Overall data is moved to left after 1, will most least-significant byte and 0x87 step-by-step XORs;Then exported data as adjusted value, and utilize output
Value updates the value in adjustment value register.
Each part is described in detail as follows in Fig. 2:First run InvAddRoundKey module is responsible for the preset wheel for adjusting handle and the 0th wheel
Key carries out xor operation;Adjusted value byte substitution module 1 is to adjusted value byte substitution module 14 by the data of input according to reflecting
Penetrate rule and be converted to corresponding output data;Adjusted value row displacement row obscure module 1 to adjusted value row displacement row and obscure module 13
The data of input are subjected to position adjustment, and obscure processing by what multiplying and XOR realized data;Adjusted value wheel
Key adds module 1 that the round key of current data and each round is carried out into step-by-step xor operation to adjusted value InvAddRoundKey module 13;
Adjusted value row shifts InvAddRoundKey module by position adjustment and xor operation, while realizing the row shift function of data and taking turns close
Key adds function;Adjusted value register module is used to keep in intermediate result;Adjusted value power operation module passes through shifting function and XOR
Operation, realizes the power operation function of data.Each signal name and its explanation are as shown in Table 2:
The adjusted value generation module signal explanation of table 2
Fig. 3 is main encryption/decryption module block diagram, and input data can be be-encrypted data or data to be decrypted, will input number first
XOR is carried out according to adjusted value and the 0th round key taken turns, the wheel computing of 14 wheels is then carried out to it, the wheel used in wheel computing is close
Key is obtained using the Key1 extensions of outside input, if decryption mode, then round key is that encryption round key passes through inverse row
Obtained after conversion process.Data after 14 next round computings again with output result after adjusted value XOR.Each part in Fig. 3
It is described in detail as follows:Main encryption and decryption byte substitution module 1 is to main encryption and decryption byte substitution module 14 by the data of input according to reflecting
Penetrate rule and be converted to corresponding output data;Main encryption and decryption row displacement row obscure module 1 to main encryption and decryption row displacement row and obscure mould
The data of input are carried out position adjustment by block 13, and realize obscuring for data by multiplying and XOR;Main encryption and decryption
InvAddRoundKey module 1 to main encryption and decryption InvAddRoundKey module 13 is responsible for input data carrying out XOR fortune with corresponding round key
Calculate;First main encryption and decryption XOR module is responsible for the round key of input data and adjusted value and the 0th wheel carrying out xor operation;It is main to add
Solve space-in and shift InvAddRoundKey module by position adjustment and xor operation, while realizing the row shift function and round key of data
Plus function;Second main encryption and decryption XOR module is responsible for input data and adjusted value carrying out XOR and exported.Each signal name
Claim and its illustrate as shown in Table 3:
The main encryption/decryption module signal instruction of table 3
Fig. 4 is cipher key expansion module schematic diagram.W4iTo W4i+3For the 1st in current round key to the 4th 32 words, W4i-8
To W4i-1For 8 32 words in preceding two-wheeled round key, functionWherein symbolFor step-by-step XOR;SubBytes operates for byte substitution;RotBytes is the circulative shift operation in units of byte,
Assuming that W={ b1, b2, b3, b4 }, wherein b1, b2, b3, b4 is octet, then RotBytes (W)=b2, b3, b4,
b1};Rcon is the wheel constant of 32, and high 24 are 0, and least-significant byte is Rc, and Rc is determined according to the wheel sequence number i when front-wheel, such as table 1
It is shown.
Fig. 5 is cipher key expansion module structured flowchart.Two-wheeled round key key1 and key2 before cipher key spreading control unit is received,
And send into XOR module.In addition key1 the 3rd word and key2 the 4th word are sent into F function modules, the output of F modules
Data be also sent to the generation that round key is participated in first key extension XOR module, the function of F function modules isSymbolFor step-by-step XOR;SubBytes operates for byte substitution;
RotBytes is the circulative shift operation in units of byte.The function of each part is respectively in Figure 5:Cipher key spreading control is single
Member is responsible for reception external data and signal, coordinates the collaborative work of key schedule modules, generated to outside output key
Complete signal;First F function modules are responsible for carrying out F function operations to the round key of 1 wheel before current;2nd F function modules are born
Blame and F function operations are carried out to the round key of 2 wheels before current;First key extension XOR module is responsible for the principle according to formula (1),
Data to input carry out the current round key of xor operation generation;Mul9 modules are responsible for carrying out input data the behaviour with 9 modular multiplications
Make;MulB modules are responsible for carrying out input data the operation with 11 modular multiplications;MulD modules are responsible for carrying out and 13 moulds input data
The operation multiplied;MulE modules are responsible for carrying out input data the operation with 14 modular multiplications;Second cipher key spreading XOR module be responsible for by
The data of input carry out xor operation, the corresponding inverse round key of generation epicycle round key.Due to round key generation independent of
Inverse round key, so the generation of inverse round key can't be impacted to the formation speed of round key.
The pass of inverse round key and round key is close to be shown below, wherein k1,j',k2,j',k3,j',k4,j' it is inverse round key
Column element, k1,j,k2,j,k3,j,k4,jIt is byte for the column element of round key:
Each signal name of cipher key expansion module and its explanation are as shown in table 4:
Each signal name of the cipher key expansion module of table 4 and its implication
Title | Digit | Explanation |
Clk | 1 | Clock signal |
Reset | 1 | Reset signal, high level is effective |
RC | 8 | The wheel constant least-significant byte that F functions need |
Saddr | 4 | S box selection signals |
En1 | 1 | Key1 enables signal, and high level is effective |
En2 | 1 | Key2 enables signal, and high level is effective |
Key1 | 128 | Round key before 1 wheel |
Key2 | 128 | Round key before 2 wheels |
Key_ready | 1 | Round key completes signal, and high level is effective |
Invkey_ready | 1 | Inverse key completes signal, and high level is effective |
Key | 128 | Epicycle round key output port |
Invkey | 128 | Epicycle is against round key output port |
Fig. 6 is composite S cartridge module block diagram, the byte generation that composite S box applies in main encryption/decryption module, whole value generation module
Change the mold in block, and in the F function modules in cipher key expansion module.S boxes and its inverse S boxes that composite S box is exported by 88 inputs 8
Composition, composite S box is realized that it is 12 to search address by look-up table ROM cell, and high 4 are used for selecting S boxes or inverse S boxes, least-significant byte
For byte substitution input data.Composite S box is present in byte substitution module and F function modules, and adds applied to the master in Fig. 1
In deciphering module, adjusted value generation module, cipher key expansion module.The signal name and its explanation of composite S box are given in table 5.
The composite S cartridge module signal instruction of table 5
Title | Digit | Explanation |
Clk | 1 | External timing signal |
Addr | 4 | For the S boxes and inverse S boxes for selecting to use |
Datain | 8 | Need the input data of progress byte substitution |
Dataout | 8 | Output data after byte substitution |
Fig. 7 obscures module frame chart for row displacement row, and this module can realize that row displacement, row are obscured and its inverse operation operation, and
Apply in adjusted value generation module and main encryption/decryption module.Row displacement, Retrograde transposition, the mathematical table that row are obscured, inverse row are obscured
Up to form as shown in table 6, wherein bi,1',bi,2',bi,3',bi,4' and b1,j',b2,j',b3,j',b4,j' for word after operation
Section, bi,1,bi,2,bi,3,bi,4And b1,j,b2,j,b3,j,b4,jFor preoperative byte.Row displacement row obscure module and utilize look-up table
Function realizes the multiplying in finite field, realizes row displacement and Retrograde transposition operation using line in XOR module, and select
Select corresponding data XOR and obtain row and obscure and inverse row confusion result, finally exported by Mode signal-line choosings, Mode is low electricity
Usually export row displacement and row obscure rear result, output Retrograde transposition and inverse row obscure rear result when Mode is high level.In Fig. 7
Each module is described in detail as follows:Mul2 modules are responsible for carrying out input data the operation with 2 modular multiplications;Mul3 modules are responsible for defeated
Enter data progress and the operation of 3 modular multiplications;Mul9 modules are responsible for carrying out input data the operation with 9 modular multiplications;MulB modules are responsible for
Operation with 11 modular multiplications is carried out to input data;MulD modules are responsible for carrying out input data the operation with 13 modular multiplications;MulE moulds
Block is responsible for carrying out input data the operation with 14 modular multiplications;It is defeated that positive XOR module is responsible for receiving Datain data, Mul2, Mul3
The data gone out, and xor operation is carried out, then the data output after obscuring will be shifted and arranged through space;Reverse XOR module is responsible for
The data of Mul9, MulB, MulD, MulE module output are received, and carry out xor operation, then will be by Retrograde transposition and inverse row
Data output after obscuring;Row displacement row obscure the number that register is responsible for temporary positive XOR module and the output of reverse XOR module
According to, and according to Mode signal behaviors first, output final data.These modular multiplications of mul2, mul3, mul9, mulB, mulD, mulE
Unit is based on look-up tables'implementation, and table 7 to table 12 sets forth their value table.
The row displacement of table 6, Retrograde transposition, the mathematical expression form that row are obscured, inverse row are obscured
The mul2 module value tables of table 7
The mul3 module value tables of table 8
The mul9 module value tables of table 9
The mulB module value tables of table 10
The mulD module value tables of table 11
The mulE module value tables of table 12
Fig. 8 is Cipher-Text Stealing module fundamental diagram, it is assumed that altogether comprising n data cell in pending data block,
Data cell 1 to data cell n-1 length is 16 bytes.When data cell n length is discontented with 16 byte, if its length
For P bytes, the data after data cell n-1 encryption and decryption are divided into two parts, front portion is middle output 1, and length is P words
Section, rear portion is middle output 2, and length is 16-P bytes, and using centre output 1 as final output n, centre output 2 is added
Enter a data cell n high position, after the length for being combined into 16 bytes, send into main encryption/decryption module, obtained result is middle output 3,
And it regard centre output 3 as final output n-1.
Fig. 9 is the structured flowchart of Cipher-Text Stealing module, and Cipher-Text Stealing scheduling unit is obtained from input data buffer module
The data of whole cryptographic block, and schedule register 1 is stored in into schedule register 32, each schedule register deposits 1 number
According to the data of unit, 32 data cells can be at most supported, the byte number of each data cell is no more than 16.Signal Len1 is number
According to the number of unit, signal Len2 is the byte number of last data cell, when last data cell byte number not
For 16 when, Smode lines are set to high level by main control module, enable Cipher-Text Stealing function.Assuming that Len1 value is n, Cipher-Text Stealing
Scheduling unit is first sent into data cell n-1 in main encryption/decryption module, then successively presses data cell 1 to data cell n-2
Order is sent into main encryption/decryption module, data of the data cell n-1 after encryption and decryption is finally read from Sdata, and take out
High position data section and data cell n are merged into the data that length is 16 bytes, send into main encryption/decryption module, while by Sdone
High level is placed in, represents that data conveying is finished.If data cell n byte number is just 16, control module is by Smode lines
Low level is set to, Cipher-Text Stealing scheduling unit is first sent into data cell n-1 in main encryption/decryption module, then successively by data sheet
Member 1 to data cell n-2 is sent into main encryption/decryption module in order, last that data cell n directly is sent into main encryption/decryption module
In, and Sdone signal wires are drawn high to indicate the completion of Cipher-Text Stealing work.Each signal name and explanation are as shown in table 13:
Each signal instruction of Cipher-Text Stealing module of table 13
Figure 10 is Cipher-Text Stealing register module structured flowchart, and Cipher-Text Stealing register module is mainly used in temporal data list
Results of first n-1 after encryption and decryption computing.When reset signal Reset is placed in high level, Cipher-Text Stealing register, which enters, to be treated
Machine state, waits main encryption/decryption module output result, and the completion of its write enable signal port En and main encryption/decryption module indicates to believe
Number port Isdone is connected, and when main encryption/decryption module completes encryption and decryption work, sends and refers to Cipher-Text Stealing register module
Show signal, Cipher-Text Stealing register module latches encryption and decryption result, is called for Cipher-Text Stealing module.Each part is detailed in Figure 10
Carefully it is described as follows:Ciphertext deposit control unit is responsible for receiving the Isdone indication signals of main encryption/decryption module, and according to this signal
Indicate ciphertext registers latch data;Ciphertext register is connected with the output data line of main encryption/decryption module, and is posted according to ciphertext
Deposit the indication signal latch data of control unit.Each signal name of Cipher-Text Stealing register module is given in table 14 and its is said
It is bright.
Each signal instruction of Cipher-Text Stealing module of table 14
Figure 11 is the state transition diagram of data encrypting and deciphering system, when Reset puts high level, system reset to Idle states
It is standby, under Idle states, when system detectio to Start signals is in high level state, it is introduced into round key extended mode
Keyexpand, when round key extension is finished, is placed in high level, into encryption and decryption flow by Key_ready signals.Encryption and decryption
Flow is determined, in encryption or decrypted state, to be decided whether to enable Cipher-Text Stealing by Smode signals by Mode signals
Function.Work as Key_ready=1, Mode=0, during Smode=1, into Cipher-Text Stealing type encrypted state Enc_Steal;Work as Key_
When ready=1, Mode=0, Smode=0, into non-Cipher-Text Stealing type encrypted state Enc_Normal;Work as Key_ready=
When 1, Mode=1, Smode=0, into non-Cipher-Text Stealing type decrypted state Dec_Normal;Work as Key_ready=1, Mode=
When 1, Smode=1, into Cipher-Text Stealing type decrypted state Dec_Steal.After the completion of encryption and decryption work, by Isdone signals
High level is placed in, system enters external output data state Output, when data output is finished or Reset signals are set to high level
When, system returns to Idle states and waits Start signals.
Embodiment:
The present embodiment is that test is completed on the Virtex5 of Xilinx companies family chip XC5VFX130T, specifically
Comprise the following steps:
Step 1:System electrification, initializes S box data, the composite S box in embodiment by the S boxes of 88 output of input 8 with
And their inverse S boxes arrange in ROM form in order, low level deposits 1 to No. 8 S box in order, high-order to deposit 1 to 8 in order
Number inverse S boxes.The data of composite S box decimally represent, such as table 15:
The composite S box tables of data used in the embodiment of table 15
Step 2:The S boxes built-up sequence 1 and main encryption/decryption module, adjusted value generation module that selection cipher key spreading is used make
S boxes built-up sequence 2.The S boxes built-up sequence 1 used in embodiment is:{S8,S7,S6,S5,S4,S3,S2,S1,S8,
S7, S6, S5, S4 }, S boxes built-up sequence 2 is:{S1,S2,S3,S4,S5,S6,S7,S8,S1,S2,S3,S4,S5,S6}.
Step 3:Input the master key made by oneself, secondary key, handle adjusted, with hexadecimal representation, such as table 16:
The master key that is inputted in the embodiment of table 16, secondary key, adjust bin value
Step 4:Input test clear data, with hexadecimal representation, such as table 17:
The test clear data inputted in the embodiment of table 17
Data cell 1 | 0102030405060708090A0B0C0D0E0F10 |
Data cell 2 | 1112131415161718191A1B1C1D1E1F20 |
Data cell 3 | 2122232425262728292A2B2C2D2E2F30 |
Data cell 4 | 3132333435363738393A3B3C3D3E3F40 |
Data cell 5 | 4142434445464748494A4B4C4D4E4F50 |
Data cell 6 | 5152535455565758595A5B5C5D5E5F60 |
Data cell 7 | 6162636465666768696A6B6C6D6E6F70 |
Data cell 8 | 7172737475767778797A7B7C7D7E7F80 |
Data cell 9 | 8182838485868788898A8B8C8D8E8F90 |
Data cell 10 | 9192939495969798999A9B9C9D9E9FA0 |
Data cell 11 | 0102030405060708090A0B0C0D0E0F10 |
Data cell 12 | 1112131415161718191A1B1C1D1E1F20 |
Data cell 13 | 2122232425262728292A2B2C2D2E2F30 |
Data cell 14 | 3132333435363738393A3B3C3D3E3F40 |
Data cell 15 | 4142434445464748494A4B4C4D4E4F50 |
Data cell 16 | 5152535455565758595A5B5C5D5E5F60 |
Data cell 17 | 6162636465666768696A6B6C6D6E6F70 |
Data cell 18 | 7172737475767778797A7B7C7D7E7F80 |
Data cell 19 | 8182838485868788898A8B8C8D8E8F90 |
Data cell 20 | 9192939495969798999A9B9C9D9E9FA0 |
Data cell 21 | 0102030405060708090A0B0C0D0E0F10 |
Data cell 22 | 1112131415161718191A1B1C1D1E1F20 |
Data cell 23 | 2122232425262728292A2B2C2D2E2F30 |
Data cell 24 | 3132333435363738393A3B3C3D3E3F40 |
Data cell 25 | 4142434445464748494A4B4C4D4E4F50 |
Data cell 26 | 5152535455565758595A5B5C5D5E5F60 |
Data cell 27 | 6162636465666768696A6B6C6D6E6F70 |
Data cell 28 | 7172737475767778797A7B7C7D7E7F80 |
Data cell 29 | 8182838485868788898A8B8C8D8E8F90 |
Data cell 30 | 9192939495969798999A9B9C |
Step 5:Mode is set to low level, Smode is set to high level, is set to XTS encryption modes.Then by Start
Signal is placed in high level, synchronous averaging cipher key expansion module, adjusted value generation module.Adjusted value module is given birth to after 28 cycles
Into finishing, round key is also ready, now starts main encryption/decryption module, and system carries out data cell with streamline XTS patterns and added
Close work, after 28 cycles, streamline is formally set up, and each cycle exports the ciphertext of 128, round key, inverse round key,
Adjusted value, ciphertext hexadecimal representation, respectively as shown in table 18, table 19, table 20, table 21:
Expanded obtained round key in the embodiment of table 18
Round key 1 | 201F1E1D1C1B1A191817161514131211 |
Round key 2 | 100F0E0D0C0B0A090807060504030201 |
Round key 3 | DFCE154C14030201D7C61D4444D4F04B |
Round key 4 | BE66D369DBC21940EEB1212339FA9720 |
Round key 5 | B2C08FAD7DA3CC2C50F801CDF5CD79F9 |
Round key 6 | 572BE54487B3B7CEDF4550918749419E |
Round key 7 | 0D407C187A7028A50DBA8A48E35237B4 |
Round key 8 | 05F9378755B69B479CDB2896C1386CC7 |
Round key 9 | E53D0E927233956A71B3F9126D6898B3 |
Round key 10 | 295892E32C50BD4336039F3A13DE31F8 |
Round key 11 | 7CC4A01A2AD8FE9B434A2CA18910A219 |
Round key 12 | 96B364C766978263357B3845C3CABA50 |
Round key 13 | CAAAB866FF21B6FD6FF780556B9241CF |
Round key 14 | E324E1CF99460240779716FD506135E1 |
Round key 15 | CFED178D73F2D76706CA202CC4E6D15B |
Expanded obtained inverse round key in the embodiment of table 19
Inverse round key 1 | 201F1E1D1C1B1A191817161514131211 |
Inverse round key 2 | AAF98CC33E25302F4261547B362D3827 |
Inverse round key 3 | C6639C71D6BDE897CE6B9479F1BE1377 |
Inverse round key 4 | E5744CBFBA27F825C277B75FD39C95AE |
Inverse round key 5 | 4417D9DAFDA230512DACB4518C616B3E |
Inverse round key 6 | 3E642DAA3C4796A04FA776C5ACB14844 |
Inverse round key 7 | 32391133EE6AA9AAA2CFCFD75E94EE16 |
Inverse round key 8 | 34879E6141D9F1568479D9DD5EB557EE |
Inverse round key 9 | 9D83FEA47822F81C82EF581CDB977210 |
Inverse round key 10 | 110DAAB65823D62FB2B820BA3EA71489 |
Inverse round key 11 | 584B8091EBC00AB63ECF423725624A2F |
Inverse round key 12 | E3170674B2D076042DB546ED94CE3089 |
Inverse round key 13 | E0AAF50136184EF5C6B4B38CC8A20C11 |
Inverse round key 14 | 9ED455F67FCFC5E8606E171231738522 |
Inverse round key 15 | CFED178D73F2D76706CA202CC4E6D15B |
The adjusted value generated in the embodiment of table 20
Adjusted value 1 | A3D507777787B8A1BB1474CA8D6947BB |
Adjusted value 2 | C1AB0FEEEE0E71437729E8941BD38E76 |
Adjusted value 3 | 82571FDCDD1DE286EE52D02937A61DED |
Adjusted value 4 | 83AF3EB8BB3BC40DDDA5A0536E4C3BDA |
Adjusted value 5 | 815F7D707777881BBA4B41A7DC9876B4 |
Adjusted value 6 | 85BFFAE0EEEE10377497824EB931ED68 |
Adjusted value 7 | 0A7FF5C1DDDD216EE82E059D7263DAD1 |
Adjusted value 8 | 93FEEA83BBBB43DCD05D0A3AE5C6B4A3 |
Adjusted value 9 | A1FDD507777787B8A1BB1474CA8D6947 |
Adjusted value 10 | 42FBAB0FEEEE0E71437729E8941BD38E |
Adjusted value 11 | 03F6571FDCDD1DE286EE52D02937A61D |
Adjusted value 12 | 06ECAF3EB8BB3BC40DDDA5A0536E4C3B |
Adjusted value 13 | 0CD85F7D707777881BBA4B41A7DC9876 |
Adjusted value 14 | 18B0BFFAE0EEEE10377497824EB931ED |
Adjusted value 15 | B7607FF5C1DDDD216EE82E059D7263DA |
Adjusted value 16 | E9C1FEEA83BBBB43DCD05D0A3AE5C6B4 |
Adjusted value 17 | 5583FDD507777787B8A1BB1474CA8D69 |
Adjusted value 18 | AA06FBAB0FEEEE0E71437729E8941BD3 |
Adjusted value 19 | D30DF6571FDCDD1DE286EE52D02937A6 |
Adjusted value 20 | 211BECAF3EB8BB3BC40DDDA5A0536E4C |
Adjusted value 21 | 4236D85F7D707777881BBA4B41A7DC98 |
Adjusted value 22 | 036CB0BFFAE0EEEE10377497824EB931 |
Adjusted value 23 | 06D8607FF5C1DDDD216EE82E059D7263 |
Adjusted value 24 | 0CB0C1FEEA83BBBB43DCD05D0A3AE5C6 |
Adjusted value 25 | 9F6083FDD507777787B8A1BB1474CA8D |
Adjusted value 26 | B9C106FBAB0FEEEE0E71437729E8941B |
Adjusted value 27 | 72830DF6571FDCDD1DE286EE52D02937 |
Adjusted value 28 | E4061BECAF3EB8BB3BC40DDDA5A0536E |
Adjusted value 29 | C80D36D85F7D707777881BBA4B41A7DC |
Adjusted value 30 | 171B6CB0BFFAE0EEEE10377497824EB9 |
Obtained ciphertext data are encrypted in the embodiment of table 21
Data cell 1 | FBCFB5D6BC01762BDC72F6F6B69DA861 |
Data cell 2 | 3999BA886A05597CE8EB697E2D54D78A |
Data cell 3 | 2BC53708573957D439AA6A8DDAB4D8C8 |
Data cell 4 | FFAA277342B499F9CA85AA21C190A4E7 |
Data cell 5 | CA3E91D8C36D167E164DB6ED7C0E73C2 |
Data cell 6 | 59D06CC449C5217F647E640E716ED444 |
Data cell 7 | 297BC9C547C92BEFA0DB4C1802486089 |
Data cell 8 | 95A8DFF1C6782B481943A7510ABCDA52 |
Data cell 9 | E5B7D052D8314ED3503F22507E65045E |
Data cell 10 | BE574D498331B5690A1FB732C62ECBDB |
Data cell 11 | 775C7089F7BDD5307A1051982635D830 |
Data cell 12 | 0DA363875A2A6D58296695449A9E6D94 |
Data cell 13 | 92BF63149A25A709E8397406A5F47FE9 |
Data cell 14 | C98DABCC9D21542F6ABAD1C46726650A |
Data cell 15 | 29526F45BFFEF80564948A006B1EC329 |
Data cell 16 | 881C0B277169AB89EB536644744A7474 |
Data cell 17 | 3ECB9F75F8F0F09AFC41345E061823A9 |
Data cell 18 | 7B9740FED4547F425581644B0102212A |
Data cell 19 | 59E8C1F89ED02DA7DB72A77C06A4D1A8 |
Data cell 20 | F47A268597601F768103726B6F67F8FD |
Data cell 21 | 14CAD8B4AE00A011968826FA66B1390A |
Data cell 22 | C272717BAD4B2480044394B9C6841B9F |
Data cell 23 | 7A3027B6E415C4D47B106239A58D768F |
Data cell 24 | 40B44094C9ADDF6CE43BB012238B7B99 |
Data cell 25 | AFDF8D86978AB7C0B92E6675782B856E |
Data cell 26 | D0AF4847BA973EF13D1D723BA086004D |
Data cell 27 | F1A5D06EA842F2A13984206BE7B592CB |
Data cell 28 | C2059F9646BBAFBDDFC6196350E52829 |
Data cell 29 | 6B321331EE5A5B9F0FE0E2D1863D7BA4 |
Data cell 30 | EABFA35DC647AE2329F43E99 |
Step 6:Reset is set to after high level reset, repeat step 1 to step 3.Then by the ciphertext data in table 21
As data input to be decrypted, Mode is set to high level by input after finishing, and Smode is set to high level, is set to XTS decryption moulds
Formula.Then Start signals are placed in high level, synchronous averaging cipher key expansion module, adjusted value generation module.By 28 cycles
Adjusted value module generation afterwards is finished, and inverse round key is also ready, now starts main encryption/decryption module, system is with streamline XTS moulds
Formula carries out data cell decryption work, and after 28 cycles, streamline is formally set up, and each cycle exports the decryption of 128
Text, solution ciphertext data are as shown in table 22:
The solution ciphertext data obtained in the embodiment of table 22
Data cell 1 | 0102030405060708090A0B0C0D0E0F10 |
Data cell 2 | 1112131415161718191A1B1C1D1E1F20 |
Data cell 3 | 2122232425262728292A2B2C2D2E2F30 |
Data cell 4 | 3132333435363738393A3B3C3D3E3F40 |
Data cell 5 | 4142434445464748494A4B4C4D4E4F50 |
Data cell 6 | 5152535455565758595A5B5C5D5E5F60 |
Data cell 7 | 6162636465666768696A6B6C6D6E6F70 |
Data cell 8 | 7172737475767778797A7B7C7D7E7F80 |
Data cell 9 | 8182838485868788898A8B8C8D8E8F90 |
Data cell 10 | 9192939495969798999A9B9C9D9E9FA0 |
Data cell 11 | 0102030405060708090A0B0C0D0E0F10 |
Data cell 12 | 1112131415161718191A1B1C1D1E1F20 |
Data cell 13 | 2122232425262728292A2B2C2D2E2F30 |
Data cell 14 | 3132333435363738393A3B3C3D3E3F40 |
Data cell 15 | 4142434445464748494A4B4C4D4E4F50 |
Data cell 16 | 5152535455565758595A5B5C5D5E5F60 |
Data cell 17 | 6162636465666768696A6B6C6D6E6F70 |
Data cell 18 | 7172737475767778797A7B7C7D7E7F80 |
Data cell 19 | 8182838485868788898A8B8C8D8E8F90 |
Data cell 20 | 9192939495969798999A9B9C9D9E9FA0 |
Data cell 21 | 0102030405060708090A0B0C0D0E0F10 |
Data cell 22 | 1112131415161718191A1B1C1D1E1F20 |
Data cell 23 | 2122232425262728292A2B2C2D2E2F30 |
Data cell 24 | 3132333435363738393A3B3C3D3E3F40 |
Data cell 25 | 4142434445464748494A4B4C4D4E4F50 |
Data cell 26 | 5152535455565758595A5B5C5D5E5F60 |
Data cell 27 | 6162636465666768696A6B6C6D6E6F70 |
Data cell 28 | 7172737475767778797A7B7C7D7E7F80 |
Data cell 29 | 8182838485868788898A8B8C8D8E8F90 |
Data cell 30 | 9192939495969798999A9B9C |
From examples it can be seen that the present invention hard disc data encryption and decryption process chip with selectable composite S box,
Key schedule after improvement, success has carried out encryption and decryption to data block with XTS encryption and decryption pattern, and encryption and decryption result is completely just
Really.Same plaintext can obtain different ciphertexts on different logical places, and each clock cycle can export 128
Processing data, illustrates that process chip has also reached the treatment effeciency of high speed while ensure that reliability.
As shown in figure 12, the data encryption/decryption method in the present invention comprises the following steps:(1) main control module is according to Reset
Signal carries out Initialize installation, according to the Start signals of outside input, starts encryption and decryption functions, core is determined according to mode signals
Piece is operated in encryption or decryption mode, and sets the S box groups that main encryption/decryption module and adjusted value generation module are used according to Sn1
Close, combined according to the Sn2 S boxes for setting cipher key expansion module to use.(2) data that cipher key expansion module is transmitted according to main control module
And signal, Key1 is extended into the round key to be used in main encryption/decryption module, Key2 is expanded to be made in adjusted value generation module
Round key.(3) input data buffer module keeps in outer input data, and the signal sent according to main control module, will
In temporary data input Cipher-Text Stealing module;Meanwhile, preset tune handle and the Ln values received are sent into and adjusted by main control module
It is worth generation module.(4) Cipher-Text Stealing module selects to enable or do not enable Cipher-Text Stealing pattern according to the signal of main control module.(5)
Main encryption module and adjusted value generation module call from cipher key expansion module under the control of main control module, respectively and take turns close accordingly
Key, adjusted value generation module generates adjusted value after preset tune handle is encrypted, and is sent to main encryption module, main encryption and decryption mould
Block obtains data from Cipher-Text Stealing module, and the data after processing are sent into data defeated by the parallel encryption and decryption operation of execution pipeline
Go out in module.(6) after the completion of encryption and decryption work, main encryption/decryption module sends signal, main control module coordination data to main control module
Output module output encryption or decrypted result.
Sn1 and Sn2 in step 1 are the S box sequential combinations that user selects, and the higher limit of number of combinations depends on composite S box
In the S box numbers that include, be required in main encryption/decryption module and in adjusted value module using 14 S boxes, in cipher key expansion module
Need to use in 13 S boxes, encryption chip of the invention, 8 different S boxes are contained in composite S box, therefore Sn1 is selectable
The number of combinations upper limit is 814, the selectable number of combinations upper limits of Sn2 are 813。
Key schedule in step 2, is provided according to following formula:
Wherein i=2,3,4 ..., 14.W4iTo W4i+3Represent the 1st to the 4th 32 words in round key respectively, and W0To W7
Directly provided by the initial key of 256.FunctionWherein symbolFor step-by-step
XOR;SubBytes operates for byte substitution;RotBytes is the circulative shift operation in units of byte, it is assumed that W=
{ b1, b2, b3, b4 }, wherein b1, b2, b3, b4 is octet, then RotBytes (W)={ b2, b3, b4, b1 };Rcon
For the wheel constant of 32, latter 24 are 0, and first 8 are Rc, and Rc is determined according to the wheel sequence number i when front-wheel, as shown in table 23:
The Rcon first eight bits value tables (hexadecimal) of table 23
i | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 |
RC | 01 | 02 | 04 | 08 | 10 | 20 | 40 | 80 | 1b | 36 | 6c | d8 | ab |
Ln in step 3 is logical place of the ciphering unit in cryptographic block, is most started as 0, maximum is 31.
Whether the Cipher-Text Stealing module in step 4 uses Cipher-Text Stealing pattern according to the signal behavior of main control module, it is assumed that
Data block, which has altogether, is divided into n data cell, and preceding n-1 data unit length is 16 bytes, the length of nth data element
No more than 16 bytes.Data cell n-1 is sent into encryption and decryption operation is carried out in main encryption/decryption module first by Cipher-Text Stealing module, so
Data cell 1 to data cell n-2 is sent into successively afterwards encryption and decryption operation is carried out in main encryption module.Finally, if data sheet
First n length is just 16 bytes, then main control module drags down Smode signal wires, and Cipher-Text Stealing module is directly data cell n
Send into main encryption/decryption module;If data cell n length is not 16 bytes, it is assumed that for p byte (p < 16), then master control
Module draws high Smode signal wires, and Cipher-Text Stealing module takes out the height after data cell n-1 encryption and decryption from register module
The data of the 16-p byte in position, the data of 16 bytes are spliced into nth data element, are sent into main encryption/decryption module, are passed through
The data obtained after encryption and decryption are used as (n-1)th unit of final output, and the low level after original data cell n-1 encryption and decryption
P byte as final output n-th of unit.
Adjusted value generation module in step 5 includes 1 first run InvAddRoundKey module, 14 adjusted value wheel computing modules, 1
Individual adjusted value register module and 1 adjusted value power operation module.First run InvAddRoundKey module be responsible for preset tune handle and
First run round key carries out XOR operation;Adjusted value wheel computing module is responsible for input value carrying out 14 next round computings encryption behaviour
Make, preceding 13 adjusted value wheels computing module obscures module, adjusted value comprising adjusted value byte substitution module, adjusted value row displacement row
InvAddRoundKey module, last 1 adjusted value wheel computing module includes adjusted value byte substitution module, adjusted value row displacement round key
Plus module;Adjusted value register module is used to deposit the adjusted value currently exported;Adjusted value power operation module is responsible for adjusted value
The data of register module output carry out finite field gf (2128) on power operation and modular multiplication.Main encryption/decryption module includes
First main encryption and decryption XOR module, the second main encryption and decryption XOR module, 14 main encryption and decryption wheel computing modules.First main encryption and decryption
XOR module is responsible for input data and adjusted value, the round key of the 0th wheel carrying out xor operation;Second main encryption and decryption XOR module
It is responsible for the data after third wheel computing and adjusted value carrying out xor operation;Main encryption and decryption wheel computing module is responsible for entering input value
The next round computing cryptographic operation of row 14, preceding 13 main encryption and decryption wheel computing modules add solution comprising main encryption and decryption byte substitution module, master
Space-in displacement row obscure module, main encryption and decryption InvAddRoundKey module, and last 1 main encryption and decryption wheel computing module includes main encryption and decryption
Byte substitution module, main encryption and decryption row displacement InvAddRoundKey module.
In the data encrypting and deciphering system and method for the present invention, the algorithm that encryption and decryption is used is based on XTS-AES improvement
Come, the byte substitution operation being related in main encryption/decryption module, cipher key expansion module, adjusted value generation module utilizes composite S box
Realize, composite S box exports S boxes by multiple 8 inputs 8 and its inverse S boxes are combined, and the S boxes that can be used by address line options;It is close
Key schedule used in key expansion module is provided by formula (1);Encryption chip is integrally using the XTS for adapting to pile line operation
Data cell n-1 is sent into encryption and decryption operation is carried out in main encryption/decryption module first by Cipher-Text Stealing pattern, Cipher-Text Stealing module, so
Data cell 1 to data cell n-2 is sent into successively afterwards encryption and decryption operation is carried out in main encryption module, finally according to main control module
Signal pin to data cell n processing;Main encryption/decryption module, adjusted value generation module, cipher key expansion module use flowing water
The byte substitution operation being related in cable architecture, these modules, displacement row of going obscure operation and are based on look-up table and line function
Realize.
The present invention is realized based on FPGA and the streamline encryption and decryption of hard disc data is operated, and is employed and is adapted to pile line operation
XTS encryption and decryption patterns so that security and efficiency are superior to traditional encryption and decryption pattern.In terms of security, for byte generation
Mold changing block and cipher key expansion module are improved, and byte substitution module can specify encryption and decryption using compound S boxes by user
The S box built-up sequences used in flow, while ensure that the speed of byte substitution;The cipher key spreading that cipher key expansion module is used is calculated
Method use can not derive type function, and the round key often taken turns is converted by the round key of preceding two-wheeled, and attacker can not be by known
Round key derives remaining round key so that key schedule has stronger security than aes algorithm.
The present invention is directed to the safety issue of key schedule and single fixed S boxes in current aes algorithm, and tradition
A kind of safety issue of block cipher encryption mode, it is proposed that data encrypting and deciphering system and method.Encryption in the present invention is calculated
Method changes key schedule on the basis of aes algorithm so that attacker can not release remaining by known round key
Round key.XTS encryption modes are taken, not only cause security performance to be further better than traditional encryption mode, stream can be more utilized
Waterline parallel data processing, improves the data throughput of encryption chip.In addition, multiple S boxes mechanism is introduced, the choosing according to user
Select, different wheel computings will use different S boxes.
In data encrypting and deciphering system proposed by the present invention, the permutation function used in byte substitution operation is by multiple 8
Input, the S boxes of 8 outputs are constituted, and the output data of displacement layer is together decided on by clear data and displacement box selection data.Make
With the initial key of 256, in key schedule, the round key of each round needs to be determined jointly by the round key of preceding two-wheeled
It is fixed.Encryption chip uses XTS encryption modes, except master key and plaintext, adds the input of adjusted value, adjusted value is will be preset
Tune handle be encrypted what is generated after computing and modular multiplication.For each Plaintext block, ciphertext is obtained using Cipher-Text Stealing pattern
Last 32 bytes of block.Encryption/decryption module uses identical pipeline organization, is encryption by control unit control present mode
Pattern or decryption mode.Byte manipulation and row in wheel computing are obscured operation and realized by look-up table ROM module, row displacement behaviour
Make to realize using line function.
Although having been described above and describing the example embodiment for being counted as the present invention, it will be apparent to those skilled in the art that
It can be variously modified and replaced, without departing from the spirit of the present invention.Furthermore it is possible to make many modifications with by spy
Condition of pledging love is fitted to the religious doctrine of the present invention, without departing from invention described herein central concept.So, the present invention is unrestricted
In specific embodiment disclosed here, but the present invention all embodiments that may also include belonging to the scope of the invention and its equivalent
Thing.
Claims (8)
1. a kind of data encrypting and deciphering system, it is characterised in that:Including input data buffer module, main control module, adjusted value generation
Module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and data outputting module;
The input data buffer module keeps in the data of outside input;The master control module controls input data buffer module, adjustment
It is worth generation module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and data defeated
Go out module;The adjusted value that the adjusted value generation module generation XTS encryption modes need;The main encryption/decryption module is to the number
According to the state matrix wheel arithmetic operation that is encrypted or decrypts, initial key is extended to the master by the cipher key expansion module
Round key needed for encryption/decryption module;The Cipher-Text Stealing module realizes the Cipher-Text Stealing in XTS encryption modes;The ciphertext is stolen
Register module is taken to keep in the middle encryption and decryption data required for Cipher-Text Stealing;The data outputting module is encrypted to outside output
Or decrypted result;
The adjusted value generation module includes first run InvAddRoundKey module, multiple adjusted value byte substitution modules, multiple adjusted values
Row displacement row obscure module, multiple adjusted value InvAddRoundKey modules, adjusted value row displacement InvAddRoundKey module, adjustment value register
Module, adjusted value power operation module;Preset is adjusted handle and the round key of the 0th wheel to carry out XOR by the first run InvAddRoundKey module
Operation;The data of input are converted to corresponding output data by the multiple adjusted value byte substitution module according to mapping ruler;
The multiple adjusted value row displacement row obscure module and the data of input are carried out into position adjustment, and are transported by multiplying and XOR
Calculate realize data obscure processing;The multiple adjusted value InvAddRoundKey module carries out the round key of current data and each round
Step-by-step xor operation;The adjusted value row shifts InvAddRoundKey module by position adjustment and xor operation, while realizing data
Row shift function and InvAddRoundKey function;The adjusted value register module keeps in intermediate result;The adjusted value power operation
Module realizes the power operation function of data by shifting function and xor operation.
2. data encrypting and deciphering system as claimed in claim 1, it is characterised in that:The main encryption/decryption module adds including multiple masters
Decryption byte substitution module, multiple main encryption and decryption row displacement row obscure module, multiple main encryption and decryption InvAddRoundKey modules, the first master
Encryption and decryption XOR module, main encryption and decryption row displacement InvAddRoundKey module, the second main encryption and decryption XOR module;The main encryption and decryption word
The data of input are converted to corresponding output data by section replacement module according to mapping ruler;The main encryption and decryption row displacement row are mixed
The data of input are carried out position adjustment by module of confusing, and realize obscuring for data by multiplying and XOR;The master
Input data is carried out XOR by encryption and decryption InvAddRoundKey module with corresponding round key;The first main encryption and decryption XOR mould
The round key of input data and adjusted value and the 0th wheel is carried out xor operation by block;The main encryption and decryption row displacement InvAddRoundKey mould
Block is by position adjustment and xor operation, while realizing the row shift function and InvAddRoundKey function of data;Second master adds
Input data and adjusted value are carried out XOR and exported by decryption XOR module.
3. data encrypting and deciphering system as claimed in claim 1, it is characterised in that:The cipher key expansion module includes cipher key spreading
Control unit, the first F function modules, the 2nd F function modules, first key extension XOR module, the second cipher key spreading XOR mould
Block, Mul9 modules, MulB modules, MulD modules and MulE modules;The cipher key spreading control unit is responsible for receiving external data
Cooperated with signal, coordination key schedule modules, generate completion signal to outside output key;First F
Function module carries out F function operations to the round key of 1 wheel before current;Wheels of the 2nd F function modules to 2 wheels before current
Key carries out F function operations;The first key extension XOR module carries out xor operation generation to the data of input and works as front-wheel
Key;The Mul9 modules carry out the operation with 9 modular multiplications to input data;The MulB modules are carried out and 11 moulds to input data
The operation multiplied;The MulD modules carry out the operation with 13 modular multiplications to input data;The MulE modules are carried out to input data
With the operation of 14 modular multiplications;The data of input are carried out xor operation by the second cipher key spreading XOR module, and generation epicycle wheel is close
The corresponding inverse round key of key.
4. data encrypting and deciphering system as claimed in claim 1, it is characterised in that:The Cipher-Text Stealing module includes Cipher-Text Stealing
Scheduling unit and multiple schedule registers;The Cipher-Text Stealing scheduling unit is obtained entirely from the input data buffer module
The data of cryptographic block, and be stored in the schedule register, the schedule register storage is defeated through input data buffer module
The data entered.
5. data encrypting and deciphering system as claimed in claim 1, it is characterised in that:The adjusted value generation module, main encryption and decryption
Byte substitution operation in module and cipher key expansion module realizes that composite S box includes multiple 8 inputs 8 and exports S using composite S box
Box and its inverse S boxes, and the S boxes that can be used by address line options.
6. data encrypting and deciphering system as claimed in claim 1, it is characterised in that:The main encryption/decryption module, adjusted value generation
Module and cipher key expansion module use pipeline organization, the adjusted value generation module, main encryption/decryption module and cipher key spreading mould
Byte substitution operation and row displacement row in block obscure operation and are based on look-up table and line function realization.
7. a kind of data encryption/decryption method, it is characterised in that comprise the following steps:
(1) main control module carries out Initialize installation, according to the signal of outside input, starts encryption and decryption functions;
(2) the S boxes that main encryption/decryption module and adjusted value generation module are used are set;
(3) the S boxes that cipher key expansion module is used are set;
(4) cipher key expansion module is transmitted according to main control module data and signal, produce the wheel used in main encryption/decryption module close
Key, produces the round key used in adjusted value generation module;
(5) input data buffer module keeps in outer input data, and the signal sent according to main control module, by temporary number
According in input Cipher-Text Stealing module;The logical place value received is sent into adjusted value generation module by the main control module;
(6) Cipher-Text Stealing module selects to enable or do not enable Cipher-Text Stealing pattern according to the signal of main control module;
(7) main encryption module and adjusted value generation module call phase from cipher key expansion module respectively under the control of main control module
The tune handle encryption generation adjusted value of input is sent to main encryption module by the round key answered, adjusted value generation module, main to add
Deciphering module obtains data from Cipher-Text Stealing module, and the data after processing are sent into the parallel encryption and decryption operation of execution pipeline
In data outputting module;
Using following key schedule,
<mfenced open = "{" close = "">
<mtable>
<mtr>
<mtd>
<mrow>
<msub>
<mi>W</mi>
<mrow>
<mn>4</mn>
<mi>i</mi>
</mrow>
</msub>
<mo>=</mo>
<msub>
<mi>W</mi>
<mrow>
<mn>4</mn>
<mi>i</mi>
<mo>-</mo>
<mn>8</mn>
</mrow>
</msub>
<mo>&CirclePlus;</mo>
<msub>
<mi>W</mi>
<mrow>
<mn>4</mn>
<mi>i</mi>
<mo>-</mo>
<mn>5</mn>
</mrow>
</msub>
<mo>&CirclePlus;</mo>
<mi>F</mi>
<mrow>
<mo>(</mo>
<msub>
<mi>W</mi>
<mrow>
<mn>4</mn>
<mi>i</mi>
<mo>-</mo>
<mn>2</mn>
</mrow>
</msub>
<mo>)</mo>
</mrow>
</mrow>
</mtd>
</mtr>
<mtr>
<mtd>
<mrow>
<msub>
<mi>W</mi>
<mrow>
<mn>4</mn>
<mi>i</mi>
<mo>+</mo>
<mn>1</mn>
</mrow>
</msub>
<mo>=</mo>
<msub>
<mi>W</mi>
<mrow>
<mn>4</mn>
<mi>i</mi>
<mo>-</mo>
<mn>7</mn>
</mrow>
</msub>
<mo>&CirclePlus;</mo>
<msub>
<mi>W</mi>
<mrow>
<mn>4</mn>
<mi>i</mi>
<mo>-</mo>
<mn>6</mn>
</mrow>
</msub>
<mo>&CirclePlus;</mo>
<msub>
<mi>W</mi>
<mrow>
<mn>4</mn>
<mi>i</mi>
<mo>-</mo>
<mn>4</mn>
</mrow>
</msub>
</mrow>
</mtd>
</mtr>
<mtr>
<mtd>
<mrow>
<msub>
<mi>W</mi>
<mrow>
<mn>4</mn>
<mi>i</mi>
<mo>+</mo>
<mn>2</mn>
</mrow>
</msub>
<mo>=</mo>
<msub>
<mi>W</mi>
<mrow>
<mn>4</mn>
<mi>i</mi>
</mrow>
</msub>
<mo>&CirclePlus;</mo>
<msub>
<mi>W</mi>
<mrow>
<mn>4</mn>
<mi>i</mi>
<mo>-</mo>
<mn>3</mn>
</mrow>
</msub>
<mo>&CirclePlus;</mo>
<msub>
<mi>W</mi>
<mrow>
<mn>4</mn>
<mi>i</mi>
<mo>-</mo>
<mn>1</mn>
</mrow>
</msub>
<mo>=</mo>
<msub>
<mi>W</mi>
<mrow>
<mn>4</mn>
<mi>i</mi>
<mo>-</mo>
<mn>8</mn>
</mrow>
</msub>
<mo>&CirclePlus;</mo>
<msub>
<mi>W</mi>
<mrow>
<mn>4</mn>
<mi>i</mi>
<mo>-</mo>
<mn>5</mn>
</mrow>
</msub>
<mo>&CirclePlus;</mo>
<mi>F</mi>
<mrow>
<mo>(</mo>
<msub>
<mi>W</mi>
<mrow>
<mn>4</mn>
<mi>i</mi>
<mo>-</mo>
<mn>2</mn>
</mrow>
</msub>
<mo>)</mo>
</mrow>
<mo>&CirclePlus;</mo>
<msub>
<mi>W</mi>
<mrow>
<mn>4</mn>
<mi>i</mi>
<mo>-</mo>
<mn>3</mn>
</mrow>
</msub>
<mo>&CirclePlus;</mo>
<msub>
<mi>W</mi>
<mrow>
<mn>4</mn>
<mi>i</mi>
<mo>-</mo>
<mn>1</mn>
</mrow>
</msub>
</mrow>
</mtd>
</mtr>
<mtr>
<mtd>
<mrow>
<msub>
<mi>W</mi>
<mrow>
<mn>4</mn>
<mi>i</mi>
<mo>+</mo>
<mn>3</mn>
</mrow>
</msub>
<mo>=</mo>
<mi>F</mi>
<mrow>
<mo>(</mo>
<msub>
<mi>W</mi>
<mrow>
<mn>4</mn>
<mi>i</mi>
<mo>-</mo>
<mn>5</mn>
</mrow>
</msub>
<mo>)</mo>
</mrow>
<mo>&CirclePlus;</mo>
<msub>
<mi>W</mi>
<mrow>
<mn>4</mn>
<mi>i</mi>
<mo>-</mo>
<mn>4</mn>
</mrow>
</msub>
<mo>&CirclePlus;</mo>
<msub>
<mi>W</mi>
<mrow>
<mn>4</mn>
<mi>i</mi>
<mo>-</mo>
<mn>2</mn>
</mrow>
</msub>
</mrow>
</mtd>
</mtr>
</mtable>
</mfenced>
Wherein i=2,3,4 ..., 14;W4iTo W4i+3Represent the 1st to the 4th 32 words in round key respectively, and W0To W7Directly
Provided by the initial key of 256;FunctionWherein symbolFor step-by-step XOR
Computing;SubBytes operates for byte substitution;RotBytes is the circulative shift operation in units of byte.
8. data encryption/decryption method as claimed in claim 7, it is characterised in that also comprise the following steps:
After the completion of encryption and decryption work, main encryption/decryption module sends signal, main control module coordination data output module to main control module
Output encryption or decrypted result.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510238121.4A CN104852798B (en) | 2015-05-11 | 2015-05-11 | A kind of data encrypting and deciphering system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510238121.4A CN104852798B (en) | 2015-05-11 | 2015-05-11 | A kind of data encrypting and deciphering system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104852798A CN104852798A (en) | 2015-08-19 |
CN104852798B true CN104852798B (en) | 2017-10-03 |
Family
ID=53852168
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510238121.4A Expired - Fee Related CN104852798B (en) | 2015-05-11 | 2015-05-11 | A kind of data encrypting and deciphering system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104852798B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11838402B2 (en) | 2019-03-13 | 2023-12-05 | The Research Foundation For The State University Of New York | Ultra low power core for lightweight encryption |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105356996B (en) * | 2015-12-14 | 2018-11-09 | 联想(北京)有限公司 | A kind of ciphertext processing method, electronic equipment and ciphertext processing unit |
CN106254061B (en) * | 2016-08-14 | 2019-08-23 | 北京数盾信息科技有限公司 | A kind of high speed network storage encipher-decipher method |
CN107888373A (en) * | 2016-09-29 | 2018-04-06 | 北京忆芯科技有限公司 | XTS AES encryptions circuit, decryption circuit and its method |
CN106341419B (en) * | 2016-10-17 | 2019-04-19 | 重庆邮电大学 | A kind of method that calling external encryption/decryption module and mobile terminal |
CN109150497B (en) * | 2018-07-26 | 2020-07-24 | 南京航空航天大学 | XTS-SM4 encryption circuit with high performance and small area |
CN111047849B (en) * | 2019-12-30 | 2021-05-18 | 江苏大周基业智能科技有限公司 | Networking remote control password module and safe remote control system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8155308B1 (en) * | 2006-10-10 | 2012-04-10 | Marvell International Ltd. | Advanced encryption system hardware architecture |
CN103109296A (en) * | 2010-09-24 | 2013-05-15 | 英特尔公司 | A tweakable encrypion mode for memory encryption with protection against replay attacks |
-
2015
- 2015-05-11 CN CN201510238121.4A patent/CN104852798B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8155308B1 (en) * | 2006-10-10 | 2012-04-10 | Marvell International Ltd. | Advanced encryption system hardware architecture |
CN103109296A (en) * | 2010-09-24 | 2013-05-15 | 英特尔公司 | A tweakable encrypion mode for memory encryption with protection against replay attacks |
Non-Patent Citations (3)
Title |
---|
《SMS4算法应用于空间数据加密的研究及实现》;贾艳梅、陶新;《空间电子技术》;20150425(第2期);全文 * |
《基于XTS-AES的主机加密卡的FPGA的设计与实现》;冉飞;《中国优秀硕士学位论文全文数据库 信息科技辑》;20110415;全文 * |
《高吞吐率XTS-AES加密算法的硬件实现》;李子磊;《中国优秀硕士学位论文全文数据库 信息科技辑》;20120715;参见第3.2.1、3.2.3节,图2-7、3-2、3-4 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11838402B2 (en) | 2019-03-13 | 2023-12-05 | The Research Foundation For The State University Of New York | Ultra low power core for lightweight encryption |
Also Published As
Publication number | Publication date |
---|---|
CN104852798A (en) | 2015-08-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104852798B (en) | A kind of data encrypting and deciphering system and method | |
CN106788974B (en) | Mask S box, grouping key calculation unit, device and corresponding construction method | |
CN107707343B (en) | SP network structure lightweight block cipher realization method with consistent encryption and decryption | |
CN101350714B (en) | Efficient advanced encryption standard (AES) data path using hybrid RIJNDAEL S-BOX | |
CN1921382B (en) | Encrypting-decrypting method based on AES algorithm and encrypting-decrypting device | |
CN104639314A (en) | Device based on AES (advanced encryption standard) encryption/decryption algorithm and pipelining control method | |
CN103516512A (en) | Encryption and decryption method and encryption and decryption device based on AES (advanced encryption standard) algorithm | |
CN104065474B (en) | Novel low-resource efficient lightweight Surge block cipher implementation method | |
JP4025722B2 (en) | Method and apparatus for data encryption | |
CN101764684A (en) | Encrypting and deciphering system for realizing SMS4 algorithm | |
Mane et al. | High speed area efficient FPGA implementation of AES algorithm | |
CN105959107B (en) | A kind of lightweight SFN block cipher implementation method of new high safety | |
CN101764685A (en) | Encrypting and deciphering system for realizing SMS4 algorithm | |
CN105007154B (en) | A kind of encrypting and decrypting device based on aes algorithm | |
CN111431697A (en) | Novel method for realizing lightweight block cipher COR L | |
CN108933653A (en) | A kind of AES encrypting and deciphering system and method based on large-scale data | |
CN109150495A (en) | A kind of round transformation multiplex circuit and its AES decrypt circuit | |
JP2005513541A (en) | Programmable data encryption engine for AES algorithm | |
JP2005513541A6 (en) | Programmable data encryption engine for AES algorithm | |
CN107896149A (en) | 128 symmetric encryption methods based on three group operationes | |
CN109033893B (en) | AES encryption unit based on synthetic matrix, AES encryption circuit and encryption method thereof | |
CN108809627B (en) | Round conversion multiplexing circuit and AES decryption circuit | |
CN109033847B (en) | AES encryption operation unit, AES encryption circuit and encryption method thereof | |
CN102857334B (en) | Method and device for realizing AES (advanced encryption standard) encryption and decryption | |
CN102780557B (en) | Method and device for AES (advanced encryption standard) encryption/decryption with selection gate optimization |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
EXSB | Decision made by sipo to initiate substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20171003 |
|
CF01 | Termination of patent right due to non-payment of annual fee |