CN104852798B - A kind of data encrypting and deciphering system and method - Google Patents

A kind of data encrypting and deciphering system and method Download PDF

Info

Publication number
CN104852798B
CN104852798B CN201510238121.4A CN201510238121A CN104852798B CN 104852798 B CN104852798 B CN 104852798B CN 201510238121 A CN201510238121 A CN 201510238121A CN 104852798 B CN104852798 B CN 104852798B
Authority
CN
China
Prior art keywords
module
data
mrow
decryption
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201510238121.4A
Other languages
Chinese (zh)
Other versions
CN104852798A (en
Inventor
程雪岷
覃冠杰
马建设
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Graduate School Tsinghua University
Original Assignee
Shenzhen Graduate School Tsinghua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Graduate School Tsinghua University filed Critical Shenzhen Graduate School Tsinghua University
Priority to CN201510238121.4A priority Critical patent/CN104852798B/en
Publication of CN104852798A publication Critical patent/CN104852798A/en
Application granted granted Critical
Publication of CN104852798B publication Critical patent/CN104852798B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention discloses a kind of data encrypting and deciphering system and method, the system includes input data buffer module, main control module, adjusted value generation module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and data outputting module;The input data buffer module keeps in the data of outside input;The master control module controls input data buffer module, adjusted value generation module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and data outputting module;The adjusted value that the adjusted value generation module generation XTS encryption modes need;Initial key is extended to the round key needed for the main encryption/decryption module by the wheel arithmetic operation that the main encryption/decryption module is encrypted or decrypted to the state matrix of the data, the cipher key expansion module;The Cipher-Text Stealing module realizes the Cipher-Text Stealing in XTS encryption modes;The Cipher-Text Stealing register module keeps in the middle encryption and decryption data required for Cipher-Text Stealing;The data outputting module is encrypted or decrypted result to outside output.

Description

A kind of data encrypting and deciphering system and method
Technical field
The present invention relates to information science technology field, more particularly to a kind of data encrypting and deciphering system and method.
Background technology
In area information storage, the implementation method for carrying out encryption and decryption for hard disc data can be divided into soft encryption and hardware encryption two Major class.Hardware encryption is to coordinate corresponding software by special process chip, to realize the encryption process to hard disc data. Compared with not needing the soft encryption of additional hardware, hardware encryption has the spies such as speed is fast, occupying system resources are few, Cipher Strength is high Point.
The disclosure of upper background technology content is only used for inventive concept and the technical scheme that auxiliary understands the present invention, and it is not necessarily So belong to the prior art of present patent application, without tangible proof show the above present patent application the applying date In the case of disclosed, above-mentioned background technology should not be taken to evaluate the novelty and creativeness of the application.
The content of the invention
(main) purpose of the invention is to propose a kind of data encrypting and deciphering system and method, to solve above-mentioned existing skill The slow technical problem of enciphering rate that art is present.
Therefore, the present invention proposes a kind of data encrypting and deciphering system, including input data buffer module, main control module, adjustment It is worth generation module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and data defeated Go out module;The input data buffer module keeps in the data of outside input;The master control module controls input data buffers mould Block, adjusted value generation module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and Data outputting module;The adjusted value that the adjusted value generation module generation XTS encryption modes need;The main encryption/decryption module pair Initial key is extended to by the wheel arithmetic operation that the state matrix of the data is encrypted or decrypted, the cipher key expansion module Round key needed for the main encryption/decryption module;The Cipher-Text Stealing module realizes the Cipher-Text Stealing in XTS encryption modes;It is described Cipher-Text Stealing register module keeps in the middle encryption and decryption data required for Cipher-Text Stealing;The data outputting module is defeated to outside Go out encryption or decrypted result.
A kind of data encryption/decryption method, comprises the following steps:Main control module carries out Initialize installation, according to outside input Signal, starts encryption and decryption functions;The S boxes for setting main encryption/decryption module and adjusted value generation module to use;Cipher key spreading mould is set The S boxes that block is used;Data and signal that cipher key expansion module is transmitted according to main control module, produce what is used in main encryption/decryption module Round key, produces the round key used in adjusted value generation module;Input data buffer module keeps in outer input data, and The signal sent according to main control module, by temporary data input Cipher-Text Stealing module;The main control module will be received Logical place value sends into adjusted value generation module;Cipher-Text Stealing module selects to enable or do not enable according to the signal of main control module Cipher-Text Stealing pattern;Main encryption module and adjusted value generation module are under the control of main control module, respectively from cipher key expansion module Corresponding round key is called, the tune handle encryption generation adjusted value of input is sent to main encryption mould by adjusted value generation module Block, main encryption/decryption module obtains data, the parallel encryption and decryption operation of execution pipeline, by the number after processing from Cipher-Text Stealing module According in feeding data outputting module.
The beneficial effect that the present invention is compared with the prior art includes:Add present invention employs the XTS for adapting to pile line operation Decryption mode so that security and efficiency are superior to traditional encryption and decryption pattern.
Brief description of the drawings
Fig. 1 is the overall construction drawing of invention;
Fig. 2 is the block diagram of the adjusted value generation module of the present invention;
Fig. 3 is the block diagram of the main encryption/decryption module of the present invention;
Fig. 4 is cipher key expansion module schematic diagram;
Fig. 5 is the structured flowchart of cipher key expansion module;
Fig. 6 is the structured flowchart of composite S cartridge module;
Fig. 7 is the structured flowchart that row displacement row obscure module;
Fig. 8 is the schematic diagram of Cipher-Text Stealing module;
Fig. 9 is the structured flowchart of Cipher-Text Stealing module;
Figure 10 is the structured flowchart of register module;
Figure 11 is the state transition diagram of data encrypting and deciphering system;
Figure 12 is the workflow diagram of the present invention.
Embodiment
With reference to embodiment and compare accompanying drawing the present invention is described in further detail.It is emphasized that What the description below was merely exemplary, the scope being not intended to be limiting of the invention and its application.
With reference to the following drawings, the embodiment of non-limiting and nonexcludability will be described, wherein identical reference is represented Identical part, unless stated otherwise.
It would be recognized by those skilled in the art that it is possible that numerous accommodations are made to above description, so embodiment is only For describing one or more particular implementations.
As shown in figure 1, a kind of data encrypting and deciphering system includes input data buffer module, main control module, adjusted value generation Module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and data outputting module. Input data buffer module is used for the data for keeping in external bus input.Main control module is used for the encryption and decryption of conversioning wheel computing module Pattern, coordinate cipher key expansion module, adjusted value generation module and main encryption/decryption module work, provide necessity for cipher key expansion module Data, control Cipher-Text Stealing flow and input and output flow.Adjusted value generation module is used to generate XTS encryption modes needs Adjusted value.Main encryption/decryption module is responsible for the wheel arithmetic operation that the state matrix of data is encrypted or decrypted, and takes turns arithmetic operation Obscure including byte substitution, inverse byte substitution, row displacement, Retrograde transposition, row, it is inverse arrange obscure, the child-operation such as InvAddRoundKey.Key Expansion module is used to being extended to initial key into the round key needed for main encryption/decryption module.Cipher-Text Stealing module is used to realize XTS Cipher-Text Stealing function in encryption mode.Cipher-Text Stealing register module is used to keep in the middle encryption and decryption required for Cipher-Text Stealing Data.Data outputting module is used for outside output encryption or decrypted result.Each signal name explanation in Fig. 1 is as shown in table 1:
Each external signal title explanation of table 1
Fig. 2 is adjusted value generation module block diagram.Tweak is 128 preset tune handles, is carried out the wheel encryption fortune of 14 wheels Calculate, and taking turns the round key that cryptographic calculation uses is obtained using the Key2 extensions of outside input.Handle is adjusted after third wheel computing Data are put into adjustment value register, are then entered together in adjusted value power operation module with Ln signals, after power operation, will Tdone signals are placed in high level, start output adjustment value.Adjusted value power operation module, will when Tdone signals are placed in high level Value in register is sent out, then within the Ln-1 subsequent cycle, and circulation performs following operate:First determine whether 128 inputs The highest order of data is 1 or 0, if highest order is 0, overall data directly is moved to left into 1;, will if highest order is 1 Overall data is moved to left after 1, will most least-significant byte and 0x87 step-by-step XORs;Then exported data as adjusted value, and utilize output Value updates the value in adjustment value register.
Each part is described in detail as follows in Fig. 2:First run InvAddRoundKey module is responsible for the preset wheel for adjusting handle and the 0th wheel Key carries out xor operation;Adjusted value byte substitution module 1 is to adjusted value byte substitution module 14 by the data of input according to reflecting Penetrate rule and be converted to corresponding output data;Adjusted value row displacement row obscure module 1 to adjusted value row displacement row and obscure module 13 The data of input are subjected to position adjustment, and obscure processing by what multiplying and XOR realized data;Adjusted value wheel Key adds module 1 that the round key of current data and each round is carried out into step-by-step xor operation to adjusted value InvAddRoundKey module 13; Adjusted value row shifts InvAddRoundKey module by position adjustment and xor operation, while realizing the row shift function of data and taking turns close Key adds function;Adjusted value register module is used to keep in intermediate result;Adjusted value power operation module passes through shifting function and XOR Operation, realizes the power operation function of data.Each signal name and its explanation are as shown in Table 2:
The adjusted value generation module signal explanation of table 2
Fig. 3 is main encryption/decryption module block diagram, and input data can be be-encrypted data or data to be decrypted, will input number first XOR is carried out according to adjusted value and the 0th round key taken turns, the wheel computing of 14 wheels is then carried out to it, the wheel used in wheel computing is close Key is obtained using the Key1 extensions of outside input, if decryption mode, then round key is that encryption round key passes through inverse row Obtained after conversion process.Data after 14 next round computings again with output result after adjusted value XOR.Each part in Fig. 3 It is described in detail as follows:Main encryption and decryption byte substitution module 1 is to main encryption and decryption byte substitution module 14 by the data of input according to reflecting Penetrate rule and be converted to corresponding output data;Main encryption and decryption row displacement row obscure module 1 to main encryption and decryption row displacement row and obscure mould The data of input are carried out position adjustment by block 13, and realize obscuring for data by multiplying and XOR;Main encryption and decryption InvAddRoundKey module 1 to main encryption and decryption InvAddRoundKey module 13 is responsible for input data carrying out XOR fortune with corresponding round key Calculate;First main encryption and decryption XOR module is responsible for the round key of input data and adjusted value and the 0th wheel carrying out xor operation;It is main to add Solve space-in and shift InvAddRoundKey module by position adjustment and xor operation, while realizing the row shift function and round key of data Plus function;Second main encryption and decryption XOR module is responsible for input data and adjusted value carrying out XOR and exported.Each signal name Claim and its illustrate as shown in Table 3:
The main encryption/decryption module signal instruction of table 3
Fig. 4 is cipher key expansion module schematic diagram.W4iTo W4i+3For the 1st in current round key to the 4th 32 words, W4i-8 To W4i-1For 8 32 words in preceding two-wheeled round key, functionWherein symbolFor step-by-step XOR;SubBytes operates for byte substitution;RotBytes is the circulative shift operation in units of byte, Assuming that W={ b1, b2, b3, b4 }, wherein b1, b2, b3, b4 is octet, then RotBytes (W)=b2, b3, b4, b1};Rcon is the wheel constant of 32, and high 24 are 0, and least-significant byte is Rc, and Rc is determined according to the wheel sequence number i when front-wheel, such as table 1 It is shown.
Fig. 5 is cipher key expansion module structured flowchart.Two-wheeled round key key1 and key2 before cipher key spreading control unit is received, And send into XOR module.In addition key1 the 3rd word and key2 the 4th word are sent into F function modules, the output of F modules Data be also sent to the generation that round key is participated in first key extension XOR module, the function of F function modules isSymbolFor step-by-step XOR;SubBytes operates for byte substitution; RotBytes is the circulative shift operation in units of byte.The function of each part is respectively in Figure 5:Cipher key spreading control is single Member is responsible for reception external data and signal, coordinates the collaborative work of key schedule modules, generated to outside output key Complete signal;First F function modules are responsible for carrying out F function operations to the round key of 1 wheel before current;2nd F function modules are born Blame and F function operations are carried out to the round key of 2 wheels before current;First key extension XOR module is responsible for the principle according to formula (1), Data to input carry out the current round key of xor operation generation;Mul9 modules are responsible for carrying out input data the behaviour with 9 modular multiplications Make;MulB modules are responsible for carrying out input data the operation with 11 modular multiplications;MulD modules are responsible for carrying out and 13 moulds input data The operation multiplied;MulE modules are responsible for carrying out input data the operation with 14 modular multiplications;Second cipher key spreading XOR module be responsible for by The data of input carry out xor operation, the corresponding inverse round key of generation epicycle round key.Due to round key generation independent of Inverse round key, so the generation of inverse round key can't be impacted to the formation speed of round key.
The pass of inverse round key and round key is close to be shown below, wherein k1,j',k2,j',k3,j',k4,j' it is inverse round key Column element, k1,j,k2,j,k3,j,k4,jIt is byte for the column element of round key:
Each signal name of cipher key expansion module and its explanation are as shown in table 4:
Each signal name of the cipher key expansion module of table 4 and its implication
Title Digit Explanation
Clk 1 Clock signal
Reset 1 Reset signal, high level is effective
RC 8 The wheel constant least-significant byte that F functions need
Saddr 4 S box selection signals
En1 1 Key1 enables signal, and high level is effective
En2 1 Key2 enables signal, and high level is effective
Key1 128 Round key before 1 wheel
Key2 128 Round key before 2 wheels
Key_ready 1 Round key completes signal, and high level is effective
Invkey_ready 1 Inverse key completes signal, and high level is effective
Key 128 Epicycle round key output port
Invkey 128 Epicycle is against round key output port
Fig. 6 is composite S cartridge module block diagram, the byte generation that composite S box applies in main encryption/decryption module, whole value generation module Change the mold in block, and in the F function modules in cipher key expansion module.S boxes and its inverse S boxes that composite S box is exported by 88 inputs 8 Composition, composite S box is realized that it is 12 to search address by look-up table ROM cell, and high 4 are used for selecting S boxes or inverse S boxes, least-significant byte For byte substitution input data.Composite S box is present in byte substitution module and F function modules, and adds applied to the master in Fig. 1 In deciphering module, adjusted value generation module, cipher key expansion module.The signal name and its explanation of composite S box are given in table 5.
The composite S cartridge module signal instruction of table 5
Title Digit Explanation
Clk 1 External timing signal
Addr 4 For the S boxes and inverse S boxes for selecting to use
Datain 8 Need the input data of progress byte substitution
Dataout 8 Output data after byte substitution
Fig. 7 obscures module frame chart for row displacement row, and this module can realize that row displacement, row are obscured and its inverse operation operation, and Apply in adjusted value generation module and main encryption/decryption module.Row displacement, Retrograde transposition, the mathematical table that row are obscured, inverse row are obscured Up to form as shown in table 6, wherein bi,1',bi,2',bi,3',bi,4' and b1,j',b2,j',b3,j',b4,j' for word after operation Section, bi,1,bi,2,bi,3,bi,4And b1,j,b2,j,b3,j,b4,jFor preoperative byte.Row displacement row obscure module and utilize look-up table Function realizes the multiplying in finite field, realizes row displacement and Retrograde transposition operation using line in XOR module, and select Select corresponding data XOR and obtain row and obscure and inverse row confusion result, finally exported by Mode signal-line choosings, Mode is low electricity Usually export row displacement and row obscure rear result, output Retrograde transposition and inverse row obscure rear result when Mode is high level.In Fig. 7 Each module is described in detail as follows:Mul2 modules are responsible for carrying out input data the operation with 2 modular multiplications;Mul3 modules are responsible for defeated Enter data progress and the operation of 3 modular multiplications;Mul9 modules are responsible for carrying out input data the operation with 9 modular multiplications;MulB modules are responsible for Operation with 11 modular multiplications is carried out to input data;MulD modules are responsible for carrying out input data the operation with 13 modular multiplications;MulE moulds Block is responsible for carrying out input data the operation with 14 modular multiplications;It is defeated that positive XOR module is responsible for receiving Datain data, Mul2, Mul3 The data gone out, and xor operation is carried out, then the data output after obscuring will be shifted and arranged through space;Reverse XOR module is responsible for The data of Mul9, MulB, MulD, MulE module output are received, and carry out xor operation, then will be by Retrograde transposition and inverse row Data output after obscuring;Row displacement row obscure the number that register is responsible for temporary positive XOR module and the output of reverse XOR module According to, and according to Mode signal behaviors first, output final data.These modular multiplications of mul2, mul3, mul9, mulB, mulD, mulE Unit is based on look-up tables'implementation, and table 7 to table 12 sets forth their value table.
The row displacement of table 6, Retrograde transposition, the mathematical expression form that row are obscured, inverse row are obscured
The mul2 module value tables of table 7
The mul3 module value tables of table 8
The mul9 module value tables of table 9
The mulB module value tables of table 10
The mulD module value tables of table 11
The mulE module value tables of table 12
Fig. 8 is Cipher-Text Stealing module fundamental diagram, it is assumed that altogether comprising n data cell in pending data block, Data cell 1 to data cell n-1 length is 16 bytes.When data cell n length is discontented with 16 byte, if its length For P bytes, the data after data cell n-1 encryption and decryption are divided into two parts, front portion is middle output 1, and length is P words Section, rear portion is middle output 2, and length is 16-P bytes, and using centre output 1 as final output n, centre output 2 is added Enter a data cell n high position, after the length for being combined into 16 bytes, send into main encryption/decryption module, obtained result is middle output 3, And it regard centre output 3 as final output n-1.
Fig. 9 is the structured flowchart of Cipher-Text Stealing module, and Cipher-Text Stealing scheduling unit is obtained from input data buffer module The data of whole cryptographic block, and schedule register 1 is stored in into schedule register 32, each schedule register deposits 1 number According to the data of unit, 32 data cells can be at most supported, the byte number of each data cell is no more than 16.Signal Len1 is number According to the number of unit, signal Len2 is the byte number of last data cell, when last data cell byte number not For 16 when, Smode lines are set to high level by main control module, enable Cipher-Text Stealing function.Assuming that Len1 value is n, Cipher-Text Stealing Scheduling unit is first sent into data cell n-1 in main encryption/decryption module, then successively presses data cell 1 to data cell n-2 Order is sent into main encryption/decryption module, data of the data cell n-1 after encryption and decryption is finally read from Sdata, and take out High position data section and data cell n are merged into the data that length is 16 bytes, send into main encryption/decryption module, while by Sdone High level is placed in, represents that data conveying is finished.If data cell n byte number is just 16, control module is by Smode lines Low level is set to, Cipher-Text Stealing scheduling unit is first sent into data cell n-1 in main encryption/decryption module, then successively by data sheet Member 1 to data cell n-2 is sent into main encryption/decryption module in order, last that data cell n directly is sent into main encryption/decryption module In, and Sdone signal wires are drawn high to indicate the completion of Cipher-Text Stealing work.Each signal name and explanation are as shown in table 13:
Each signal instruction of Cipher-Text Stealing module of table 13
Figure 10 is Cipher-Text Stealing register module structured flowchart, and Cipher-Text Stealing register module is mainly used in temporal data list Results of first n-1 after encryption and decryption computing.When reset signal Reset is placed in high level, Cipher-Text Stealing register, which enters, to be treated Machine state, waits main encryption/decryption module output result, and the completion of its write enable signal port En and main encryption/decryption module indicates to believe Number port Isdone is connected, and when main encryption/decryption module completes encryption and decryption work, sends and refers to Cipher-Text Stealing register module Show signal, Cipher-Text Stealing register module latches encryption and decryption result, is called for Cipher-Text Stealing module.Each part is detailed in Figure 10 Carefully it is described as follows:Ciphertext deposit control unit is responsible for receiving the Isdone indication signals of main encryption/decryption module, and according to this signal Indicate ciphertext registers latch data;Ciphertext register is connected with the output data line of main encryption/decryption module, and is posted according to ciphertext Deposit the indication signal latch data of control unit.Each signal name of Cipher-Text Stealing register module is given in table 14 and its is said It is bright.
Each signal instruction of Cipher-Text Stealing module of table 14
Figure 11 is the state transition diagram of data encrypting and deciphering system, when Reset puts high level, system reset to Idle states It is standby, under Idle states, when system detectio to Start signals is in high level state, it is introduced into round key extended mode Keyexpand, when round key extension is finished, is placed in high level, into encryption and decryption flow by Key_ready signals.Encryption and decryption Flow is determined, in encryption or decrypted state, to be decided whether to enable Cipher-Text Stealing by Smode signals by Mode signals Function.Work as Key_ready=1, Mode=0, during Smode=1, into Cipher-Text Stealing type encrypted state Enc_Steal;Work as Key_ When ready=1, Mode=0, Smode=0, into non-Cipher-Text Stealing type encrypted state Enc_Normal;Work as Key_ready= When 1, Mode=1, Smode=0, into non-Cipher-Text Stealing type decrypted state Dec_Normal;Work as Key_ready=1, Mode= When 1, Smode=1, into Cipher-Text Stealing type decrypted state Dec_Steal.After the completion of encryption and decryption work, by Isdone signals High level is placed in, system enters external output data state Output, when data output is finished or Reset signals are set to high level When, system returns to Idle states and waits Start signals.
Embodiment:
The present embodiment is that test is completed on the Virtex5 of Xilinx companies family chip XC5VFX130T, specifically Comprise the following steps:
Step 1:System electrification, initializes S box data, the composite S box in embodiment by the S boxes of 88 output of input 8 with And their inverse S boxes arrange in ROM form in order, low level deposits 1 to No. 8 S box in order, high-order to deposit 1 to 8 in order Number inverse S boxes.The data of composite S box decimally represent, such as table 15:
The composite S box tables of data used in the embodiment of table 15
Step 2:The S boxes built-up sequence 1 and main encryption/decryption module, adjusted value generation module that selection cipher key spreading is used make S boxes built-up sequence 2.The S boxes built-up sequence 1 used in embodiment is:{S8,S7,S6,S5,S4,S3,S2,S1,S8, S7, S6, S5, S4 }, S boxes built-up sequence 2 is:{S1,S2,S3,S4,S5,S6,S7,S8,S1,S2,S3,S4,S5,S6}.
Step 3:Input the master key made by oneself, secondary key, handle adjusted, with hexadecimal representation, such as table 16:
The master key that is inputted in the embodiment of table 16, secondary key, adjust bin value
Step 4:Input test clear data, with hexadecimal representation, such as table 17:
The test clear data inputted in the embodiment of table 17
Data cell 1 0102030405060708090A0B0C0D0E0F10
Data cell 2 1112131415161718191A1B1C1D1E1F20
Data cell 3 2122232425262728292A2B2C2D2E2F30
Data cell 4 3132333435363738393A3B3C3D3E3F40
Data cell 5 4142434445464748494A4B4C4D4E4F50
Data cell 6 5152535455565758595A5B5C5D5E5F60
Data cell 7 6162636465666768696A6B6C6D6E6F70
Data cell 8 7172737475767778797A7B7C7D7E7F80
Data cell 9 8182838485868788898A8B8C8D8E8F90
Data cell 10 9192939495969798999A9B9C9D9E9FA0
Data cell 11 0102030405060708090A0B0C0D0E0F10
Data cell 12 1112131415161718191A1B1C1D1E1F20
Data cell 13 2122232425262728292A2B2C2D2E2F30
Data cell 14 3132333435363738393A3B3C3D3E3F40
Data cell 15 4142434445464748494A4B4C4D4E4F50
Data cell 16 5152535455565758595A5B5C5D5E5F60
Data cell 17 6162636465666768696A6B6C6D6E6F70
Data cell 18 7172737475767778797A7B7C7D7E7F80
Data cell 19 8182838485868788898A8B8C8D8E8F90
Data cell 20 9192939495969798999A9B9C9D9E9FA0
Data cell 21 0102030405060708090A0B0C0D0E0F10
Data cell 22 1112131415161718191A1B1C1D1E1F20
Data cell 23 2122232425262728292A2B2C2D2E2F30
Data cell 24 3132333435363738393A3B3C3D3E3F40
Data cell 25 4142434445464748494A4B4C4D4E4F50
Data cell 26 5152535455565758595A5B5C5D5E5F60
Data cell 27 6162636465666768696A6B6C6D6E6F70
Data cell 28 7172737475767778797A7B7C7D7E7F80
Data cell 29 8182838485868788898A8B8C8D8E8F90
Data cell 30 9192939495969798999A9B9C
Step 5:Mode is set to low level, Smode is set to high level, is set to XTS encryption modes.Then by Start Signal is placed in high level, synchronous averaging cipher key expansion module, adjusted value generation module.Adjusted value module is given birth to after 28 cycles Into finishing, round key is also ready, now starts main encryption/decryption module, and system carries out data cell with streamline XTS patterns and added Close work, after 28 cycles, streamline is formally set up, and each cycle exports the ciphertext of 128, round key, inverse round key, Adjusted value, ciphertext hexadecimal representation, respectively as shown in table 18, table 19, table 20, table 21:
Expanded obtained round key in the embodiment of table 18
Round key 1 201F1E1D1C1B1A191817161514131211
Round key 2 100F0E0D0C0B0A090807060504030201
Round key 3 DFCE154C14030201D7C61D4444D4F04B
Round key 4 BE66D369DBC21940EEB1212339FA9720
Round key 5 B2C08FAD7DA3CC2C50F801CDF5CD79F9
Round key 6 572BE54487B3B7CEDF4550918749419E
Round key 7 0D407C187A7028A50DBA8A48E35237B4
Round key 8 05F9378755B69B479CDB2896C1386CC7
Round key 9 E53D0E927233956A71B3F9126D6898B3
Round key 10 295892E32C50BD4336039F3A13DE31F8
Round key 11 7CC4A01A2AD8FE9B434A2CA18910A219
Round key 12 96B364C766978263357B3845C3CABA50
Round key 13 CAAAB866FF21B6FD6FF780556B9241CF
Round key 14 E324E1CF99460240779716FD506135E1
Round key 15 CFED178D73F2D76706CA202CC4E6D15B
Expanded obtained inverse round key in the embodiment of table 19
Inverse round key 1 201F1E1D1C1B1A191817161514131211
Inverse round key 2 AAF98CC33E25302F4261547B362D3827
Inverse round key 3 C6639C71D6BDE897CE6B9479F1BE1377
Inverse round key 4 E5744CBFBA27F825C277B75FD39C95AE
Inverse round key 5 4417D9DAFDA230512DACB4518C616B3E
Inverse round key 6 3E642DAA3C4796A04FA776C5ACB14844
Inverse round key 7 32391133EE6AA9AAA2CFCFD75E94EE16
Inverse round key 8 34879E6141D9F1568479D9DD5EB557EE
Inverse round key 9 9D83FEA47822F81C82EF581CDB977210
Inverse round key 10 110DAAB65823D62FB2B820BA3EA71489
Inverse round key 11 584B8091EBC00AB63ECF423725624A2F
Inverse round key 12 E3170674B2D076042DB546ED94CE3089
Inverse round key 13 E0AAF50136184EF5C6B4B38CC8A20C11
Inverse round key 14 9ED455F67FCFC5E8606E171231738522
Inverse round key 15 CFED178D73F2D76706CA202CC4E6D15B
The adjusted value generated in the embodiment of table 20
Adjusted value 1 A3D507777787B8A1BB1474CA8D6947BB
Adjusted value 2 C1AB0FEEEE0E71437729E8941BD38E76
Adjusted value 3 82571FDCDD1DE286EE52D02937A61DED
Adjusted value 4 83AF3EB8BB3BC40DDDA5A0536E4C3BDA
Adjusted value 5 815F7D707777881BBA4B41A7DC9876B4
Adjusted value 6 85BFFAE0EEEE10377497824EB931ED68
Adjusted value 7 0A7FF5C1DDDD216EE82E059D7263DAD1
Adjusted value 8 93FEEA83BBBB43DCD05D0A3AE5C6B4A3
Adjusted value 9 A1FDD507777787B8A1BB1474CA8D6947
Adjusted value 10 42FBAB0FEEEE0E71437729E8941BD38E
Adjusted value 11 03F6571FDCDD1DE286EE52D02937A61D
Adjusted value 12 06ECAF3EB8BB3BC40DDDA5A0536E4C3B
Adjusted value 13 0CD85F7D707777881BBA4B41A7DC9876
Adjusted value 14 18B0BFFAE0EEEE10377497824EB931ED
Adjusted value 15 B7607FF5C1DDDD216EE82E059D7263DA
Adjusted value 16 E9C1FEEA83BBBB43DCD05D0A3AE5C6B4
Adjusted value 17 5583FDD507777787B8A1BB1474CA8D69
Adjusted value 18 AA06FBAB0FEEEE0E71437729E8941BD3
Adjusted value 19 D30DF6571FDCDD1DE286EE52D02937A6
Adjusted value 20 211BECAF3EB8BB3BC40DDDA5A0536E4C
Adjusted value 21 4236D85F7D707777881BBA4B41A7DC98
Adjusted value 22 036CB0BFFAE0EEEE10377497824EB931
Adjusted value 23 06D8607FF5C1DDDD216EE82E059D7263
Adjusted value 24 0CB0C1FEEA83BBBB43DCD05D0A3AE5C6
Adjusted value 25 9F6083FDD507777787B8A1BB1474CA8D
Adjusted value 26 B9C106FBAB0FEEEE0E71437729E8941B
Adjusted value 27 72830DF6571FDCDD1DE286EE52D02937
Adjusted value 28 E4061BECAF3EB8BB3BC40DDDA5A0536E
Adjusted value 29 C80D36D85F7D707777881BBA4B41A7DC
Adjusted value 30 171B6CB0BFFAE0EEEE10377497824EB9
Obtained ciphertext data are encrypted in the embodiment of table 21
Data cell 1 FBCFB5D6BC01762BDC72F6F6B69DA861
Data cell 2 3999BA886A05597CE8EB697E2D54D78A
Data cell 3 2BC53708573957D439AA6A8DDAB4D8C8
Data cell 4 FFAA277342B499F9CA85AA21C190A4E7
Data cell 5 CA3E91D8C36D167E164DB6ED7C0E73C2
Data cell 6 59D06CC449C5217F647E640E716ED444
Data cell 7 297BC9C547C92BEFA0DB4C1802486089
Data cell 8 95A8DFF1C6782B481943A7510ABCDA52
Data cell 9 E5B7D052D8314ED3503F22507E65045E
Data cell 10 BE574D498331B5690A1FB732C62ECBDB
Data cell 11 775C7089F7BDD5307A1051982635D830
Data cell 12 0DA363875A2A6D58296695449A9E6D94
Data cell 13 92BF63149A25A709E8397406A5F47FE9
Data cell 14 C98DABCC9D21542F6ABAD1C46726650A
Data cell 15 29526F45BFFEF80564948A006B1EC329
Data cell 16 881C0B277169AB89EB536644744A7474
Data cell 17 3ECB9F75F8F0F09AFC41345E061823A9
Data cell 18 7B9740FED4547F425581644B0102212A
Data cell 19 59E8C1F89ED02DA7DB72A77C06A4D1A8
Data cell 20 F47A268597601F768103726B6F67F8FD
Data cell 21 14CAD8B4AE00A011968826FA66B1390A
Data cell 22 C272717BAD4B2480044394B9C6841B9F
Data cell 23 7A3027B6E415C4D47B106239A58D768F
Data cell 24 40B44094C9ADDF6CE43BB012238B7B99
Data cell 25 AFDF8D86978AB7C0B92E6675782B856E
Data cell 26 D0AF4847BA973EF13D1D723BA086004D
Data cell 27 F1A5D06EA842F2A13984206BE7B592CB
Data cell 28 C2059F9646BBAFBDDFC6196350E52829
Data cell 29 6B321331EE5A5B9F0FE0E2D1863D7BA4
Data cell 30 EABFA35DC647AE2329F43E99
Step 6:Reset is set to after high level reset, repeat step 1 to step 3.Then by the ciphertext data in table 21 As data input to be decrypted, Mode is set to high level by input after finishing, and Smode is set to high level, is set to XTS decryption moulds Formula.Then Start signals are placed in high level, synchronous averaging cipher key expansion module, adjusted value generation module.By 28 cycles Adjusted value module generation afterwards is finished, and inverse round key is also ready, now starts main encryption/decryption module, system is with streamline XTS moulds Formula carries out data cell decryption work, and after 28 cycles, streamline is formally set up, and each cycle exports the decryption of 128 Text, solution ciphertext data are as shown in table 22:
The solution ciphertext data obtained in the embodiment of table 22
Data cell 1 0102030405060708090A0B0C0D0E0F10
Data cell 2 1112131415161718191A1B1C1D1E1F20
Data cell 3 2122232425262728292A2B2C2D2E2F30
Data cell 4 3132333435363738393A3B3C3D3E3F40
Data cell 5 4142434445464748494A4B4C4D4E4F50
Data cell 6 5152535455565758595A5B5C5D5E5F60
Data cell 7 6162636465666768696A6B6C6D6E6F70
Data cell 8 7172737475767778797A7B7C7D7E7F80
Data cell 9 8182838485868788898A8B8C8D8E8F90
Data cell 10 9192939495969798999A9B9C9D9E9FA0
Data cell 11 0102030405060708090A0B0C0D0E0F10
Data cell 12 1112131415161718191A1B1C1D1E1F20
Data cell 13 2122232425262728292A2B2C2D2E2F30
Data cell 14 3132333435363738393A3B3C3D3E3F40
Data cell 15 4142434445464748494A4B4C4D4E4F50
Data cell 16 5152535455565758595A5B5C5D5E5F60
Data cell 17 6162636465666768696A6B6C6D6E6F70
Data cell 18 7172737475767778797A7B7C7D7E7F80
Data cell 19 8182838485868788898A8B8C8D8E8F90
Data cell 20 9192939495969798999A9B9C9D9E9FA0
Data cell 21 0102030405060708090A0B0C0D0E0F10
Data cell 22 1112131415161718191A1B1C1D1E1F20
Data cell 23 2122232425262728292A2B2C2D2E2F30
Data cell 24 3132333435363738393A3B3C3D3E3F40
Data cell 25 4142434445464748494A4B4C4D4E4F50
Data cell 26 5152535455565758595A5B5C5D5E5F60
Data cell 27 6162636465666768696A6B6C6D6E6F70
Data cell 28 7172737475767778797A7B7C7D7E7F80
Data cell 29 8182838485868788898A8B8C8D8E8F90
Data cell 30 9192939495969798999A9B9C
From examples it can be seen that the present invention hard disc data encryption and decryption process chip with selectable composite S box, Key schedule after improvement, success has carried out encryption and decryption to data block with XTS encryption and decryption pattern, and encryption and decryption result is completely just Really.Same plaintext can obtain different ciphertexts on different logical places, and each clock cycle can export 128 Processing data, illustrates that process chip has also reached the treatment effeciency of high speed while ensure that reliability.
As shown in figure 12, the data encryption/decryption method in the present invention comprises the following steps:(1) main control module is according to Reset Signal carries out Initialize installation, according to the Start signals of outside input, starts encryption and decryption functions, core is determined according to mode signals Piece is operated in encryption or decryption mode, and sets the S box groups that main encryption/decryption module and adjusted value generation module are used according to Sn1 Close, combined according to the Sn2 S boxes for setting cipher key expansion module to use.(2) data that cipher key expansion module is transmitted according to main control module And signal, Key1 is extended into the round key to be used in main encryption/decryption module, Key2 is expanded to be made in adjusted value generation module Round key.(3) input data buffer module keeps in outer input data, and the signal sent according to main control module, will In temporary data input Cipher-Text Stealing module;Meanwhile, preset tune handle and the Ln values received are sent into and adjusted by main control module It is worth generation module.(4) Cipher-Text Stealing module selects to enable or do not enable Cipher-Text Stealing pattern according to the signal of main control module.(5) Main encryption module and adjusted value generation module call from cipher key expansion module under the control of main control module, respectively and take turns close accordingly Key, adjusted value generation module generates adjusted value after preset tune handle is encrypted, and is sent to main encryption module, main encryption and decryption mould Block obtains data from Cipher-Text Stealing module, and the data after processing are sent into data defeated by the parallel encryption and decryption operation of execution pipeline Go out in module.(6) after the completion of encryption and decryption work, main encryption/decryption module sends signal, main control module coordination data to main control module Output module output encryption or decrypted result.
Sn1 and Sn2 in step 1 are the S box sequential combinations that user selects, and the higher limit of number of combinations depends on composite S box In the S box numbers that include, be required in main encryption/decryption module and in adjusted value module using 14 S boxes, in cipher key expansion module Need to use in 13 S boxes, encryption chip of the invention, 8 different S boxes are contained in composite S box, therefore Sn1 is selectable The number of combinations upper limit is 814, the selectable number of combinations upper limits of Sn2 are 813
Key schedule in step 2, is provided according to following formula:
Wherein i=2,3,4 ..., 14.W4iTo W4i+3Represent the 1st to the 4th 32 words in round key respectively, and W0To W7 Directly provided by the initial key of 256.FunctionWherein symbolFor step-by-step XOR;SubBytes operates for byte substitution;RotBytes is the circulative shift operation in units of byte, it is assumed that W= { b1, b2, b3, b4 }, wherein b1, b2, b3, b4 is octet, then RotBytes (W)={ b2, b3, b4, b1 };Rcon For the wheel constant of 32, latter 24 are 0, and first 8 are Rc, and Rc is determined according to the wheel sequence number i when front-wheel, as shown in table 23:
The Rcon first eight bits value tables (hexadecimal) of table 23
i 2 3 4 5 6 7 8 9 10 11 12 13 14
RC 01 02 04 08 10 20 40 80 1b 36 6c d8 ab
Ln in step 3 is logical place of the ciphering unit in cryptographic block, is most started as 0, maximum is 31.
Whether the Cipher-Text Stealing module in step 4 uses Cipher-Text Stealing pattern according to the signal behavior of main control module, it is assumed that Data block, which has altogether, is divided into n data cell, and preceding n-1 data unit length is 16 bytes, the length of nth data element No more than 16 bytes.Data cell n-1 is sent into encryption and decryption operation is carried out in main encryption/decryption module first by Cipher-Text Stealing module, so Data cell 1 to data cell n-2 is sent into successively afterwards encryption and decryption operation is carried out in main encryption module.Finally, if data sheet First n length is just 16 bytes, then main control module drags down Smode signal wires, and Cipher-Text Stealing module is directly data cell n Send into main encryption/decryption module;If data cell n length is not 16 bytes, it is assumed that for p byte (p < 16), then master control Module draws high Smode signal wires, and Cipher-Text Stealing module takes out the height after data cell n-1 encryption and decryption from register module The data of the 16-p byte in position, the data of 16 bytes are spliced into nth data element, are sent into main encryption/decryption module, are passed through The data obtained after encryption and decryption are used as (n-1)th unit of final output, and the low level after original data cell n-1 encryption and decryption P byte as final output n-th of unit.
Adjusted value generation module in step 5 includes 1 first run InvAddRoundKey module, 14 adjusted value wheel computing modules, 1 Individual adjusted value register module and 1 adjusted value power operation module.First run InvAddRoundKey module be responsible for preset tune handle and First run round key carries out XOR operation;Adjusted value wheel computing module is responsible for input value carrying out 14 next round computings encryption behaviour Make, preceding 13 adjusted value wheels computing module obscures module, adjusted value comprising adjusted value byte substitution module, adjusted value row displacement row InvAddRoundKey module, last 1 adjusted value wheel computing module includes adjusted value byte substitution module, adjusted value row displacement round key Plus module;Adjusted value register module is used to deposit the adjusted value currently exported;Adjusted value power operation module is responsible for adjusted value The data of register module output carry out finite field gf (2128) on power operation and modular multiplication.Main encryption/decryption module includes First main encryption and decryption XOR module, the second main encryption and decryption XOR module, 14 main encryption and decryption wheel computing modules.First main encryption and decryption XOR module is responsible for input data and adjusted value, the round key of the 0th wheel carrying out xor operation;Second main encryption and decryption XOR module It is responsible for the data after third wheel computing and adjusted value carrying out xor operation;Main encryption and decryption wheel computing module is responsible for entering input value The next round computing cryptographic operation of row 14, preceding 13 main encryption and decryption wheel computing modules add solution comprising main encryption and decryption byte substitution module, master Space-in displacement row obscure module, main encryption and decryption InvAddRoundKey module, and last 1 main encryption and decryption wheel computing module includes main encryption and decryption Byte substitution module, main encryption and decryption row displacement InvAddRoundKey module.
In the data encrypting and deciphering system and method for the present invention, the algorithm that encryption and decryption is used is based on XTS-AES improvement Come, the byte substitution operation being related in main encryption/decryption module, cipher key expansion module, adjusted value generation module utilizes composite S box Realize, composite S box exports S boxes by multiple 8 inputs 8 and its inverse S boxes are combined, and the S boxes that can be used by address line options;It is close Key schedule used in key expansion module is provided by formula (1);Encryption chip is integrally using the XTS for adapting to pile line operation Data cell n-1 is sent into encryption and decryption operation is carried out in main encryption/decryption module first by Cipher-Text Stealing pattern, Cipher-Text Stealing module, so Data cell 1 to data cell n-2 is sent into successively afterwards encryption and decryption operation is carried out in main encryption module, finally according to main control module Signal pin to data cell n processing;Main encryption/decryption module, adjusted value generation module, cipher key expansion module use flowing water The byte substitution operation being related in cable architecture, these modules, displacement row of going obscure operation and are based on look-up table and line function Realize.
The present invention is realized based on FPGA and the streamline encryption and decryption of hard disc data is operated, and is employed and is adapted to pile line operation XTS encryption and decryption patterns so that security and efficiency are superior to traditional encryption and decryption pattern.In terms of security, for byte generation Mold changing block and cipher key expansion module are improved, and byte substitution module can specify encryption and decryption using compound S boxes by user The S box built-up sequences used in flow, while ensure that the speed of byte substitution;The cipher key spreading that cipher key expansion module is used is calculated Method use can not derive type function, and the round key often taken turns is converted by the round key of preceding two-wheeled, and attacker can not be by known Round key derives remaining round key so that key schedule has stronger security than aes algorithm.
The present invention is directed to the safety issue of key schedule and single fixed S boxes in current aes algorithm, and tradition A kind of safety issue of block cipher encryption mode, it is proposed that data encrypting and deciphering system and method.Encryption in the present invention is calculated Method changes key schedule on the basis of aes algorithm so that attacker can not release remaining by known round key Round key.XTS encryption modes are taken, not only cause security performance to be further better than traditional encryption mode, stream can be more utilized Waterline parallel data processing, improves the data throughput of encryption chip.In addition, multiple S boxes mechanism is introduced, the choosing according to user Select, different wheel computings will use different S boxes.
In data encrypting and deciphering system proposed by the present invention, the permutation function used in byte substitution operation is by multiple 8 Input, the S boxes of 8 outputs are constituted, and the output data of displacement layer is together decided on by clear data and displacement box selection data.Make With the initial key of 256, in key schedule, the round key of each round needs to be determined jointly by the round key of preceding two-wheeled It is fixed.Encryption chip uses XTS encryption modes, except master key and plaintext, adds the input of adjusted value, adjusted value is will be preset Tune handle be encrypted what is generated after computing and modular multiplication.For each Plaintext block, ciphertext is obtained using Cipher-Text Stealing pattern Last 32 bytes of block.Encryption/decryption module uses identical pipeline organization, is encryption by control unit control present mode Pattern or decryption mode.Byte manipulation and row in wheel computing are obscured operation and realized by look-up table ROM module, row displacement behaviour Make to realize using line function.
Although having been described above and describing the example embodiment for being counted as the present invention, it will be apparent to those skilled in the art that It can be variously modified and replaced, without departing from the spirit of the present invention.Furthermore it is possible to make many modifications with by spy Condition of pledging love is fitted to the religious doctrine of the present invention, without departing from invention described herein central concept.So, the present invention is unrestricted In specific embodiment disclosed here, but the present invention all embodiments that may also include belonging to the scope of the invention and its equivalent Thing.

Claims (8)

1. a kind of data encrypting and deciphering system, it is characterised in that:Including input data buffer module, main control module, adjusted value generation Module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and data outputting module; The input data buffer module keeps in the data of outside input;The master control module controls input data buffer module, adjustment It is worth generation module, main encryption/decryption module, cipher key expansion module, Cipher-Text Stealing module, Cipher-Text Stealing register module and data defeated Go out module;The adjusted value that the adjusted value generation module generation XTS encryption modes need;The main encryption/decryption module is to the number According to the state matrix wheel arithmetic operation that is encrypted or decrypts, initial key is extended to the master by the cipher key expansion module Round key needed for encryption/decryption module;The Cipher-Text Stealing module realizes the Cipher-Text Stealing in XTS encryption modes;The ciphertext is stolen Register module is taken to keep in the middle encryption and decryption data required for Cipher-Text Stealing;The data outputting module is encrypted to outside output Or decrypted result;
The adjusted value generation module includes first run InvAddRoundKey module, multiple adjusted value byte substitution modules, multiple adjusted values Row displacement row obscure module, multiple adjusted value InvAddRoundKey modules, adjusted value row displacement InvAddRoundKey module, adjustment value register Module, adjusted value power operation module;Preset is adjusted handle and the round key of the 0th wheel to carry out XOR by the first run InvAddRoundKey module Operation;The data of input are converted to corresponding output data by the multiple adjusted value byte substitution module according to mapping ruler; The multiple adjusted value row displacement row obscure module and the data of input are carried out into position adjustment, and are transported by multiplying and XOR Calculate realize data obscure processing;The multiple adjusted value InvAddRoundKey module carries out the round key of current data and each round Step-by-step xor operation;The adjusted value row shifts InvAddRoundKey module by position adjustment and xor operation, while realizing data Row shift function and InvAddRoundKey function;The adjusted value register module keeps in intermediate result;The adjusted value power operation Module realizes the power operation function of data by shifting function and xor operation.
2. data encrypting and deciphering system as claimed in claim 1, it is characterised in that:The main encryption/decryption module adds including multiple masters Decryption byte substitution module, multiple main encryption and decryption row displacement row obscure module, multiple main encryption and decryption InvAddRoundKey modules, the first master Encryption and decryption XOR module, main encryption and decryption row displacement InvAddRoundKey module, the second main encryption and decryption XOR module;The main encryption and decryption word The data of input are converted to corresponding output data by section replacement module according to mapping ruler;The main encryption and decryption row displacement row are mixed The data of input are carried out position adjustment by module of confusing, and realize obscuring for data by multiplying and XOR;The master Input data is carried out XOR by encryption and decryption InvAddRoundKey module with corresponding round key;The first main encryption and decryption XOR mould The round key of input data and adjusted value and the 0th wheel is carried out xor operation by block;The main encryption and decryption row displacement InvAddRoundKey mould Block is by position adjustment and xor operation, while realizing the row shift function and InvAddRoundKey function of data;Second master adds Input data and adjusted value are carried out XOR and exported by decryption XOR module.
3. data encrypting and deciphering system as claimed in claim 1, it is characterised in that:The cipher key expansion module includes cipher key spreading Control unit, the first F function modules, the 2nd F function modules, first key extension XOR module, the second cipher key spreading XOR mould Block, Mul9 modules, MulB modules, MulD modules and MulE modules;The cipher key spreading control unit is responsible for receiving external data Cooperated with signal, coordination key schedule modules, generate completion signal to outside output key;First F Function module carries out F function operations to the round key of 1 wheel before current;Wheels of the 2nd F function modules to 2 wheels before current Key carries out F function operations;The first key extension XOR module carries out xor operation generation to the data of input and works as front-wheel Key;The Mul9 modules carry out the operation with 9 modular multiplications to input data;The MulB modules are carried out and 11 moulds to input data The operation multiplied;The MulD modules carry out the operation with 13 modular multiplications to input data;The MulE modules are carried out to input data With the operation of 14 modular multiplications;The data of input are carried out xor operation by the second cipher key spreading XOR module, and generation epicycle wheel is close The corresponding inverse round key of key.
4. data encrypting and deciphering system as claimed in claim 1, it is characterised in that:The Cipher-Text Stealing module includes Cipher-Text Stealing Scheduling unit and multiple schedule registers;The Cipher-Text Stealing scheduling unit is obtained entirely from the input data buffer module The data of cryptographic block, and be stored in the schedule register, the schedule register storage is defeated through input data buffer module The data entered.
5. data encrypting and deciphering system as claimed in claim 1, it is characterised in that:The adjusted value generation module, main encryption and decryption Byte substitution operation in module and cipher key expansion module realizes that composite S box includes multiple 8 inputs 8 and exports S using composite S box Box and its inverse S boxes, and the S boxes that can be used by address line options.
6. data encrypting and deciphering system as claimed in claim 1, it is characterised in that:The main encryption/decryption module, adjusted value generation Module and cipher key expansion module use pipeline organization, the adjusted value generation module, main encryption/decryption module and cipher key spreading mould Byte substitution operation and row displacement row in block obscure operation and are based on look-up table and line function realization.
7. a kind of data encryption/decryption method, it is characterised in that comprise the following steps:
(1) main control module carries out Initialize installation, according to the signal of outside input, starts encryption and decryption functions;
(2) the S boxes that main encryption/decryption module and adjusted value generation module are used are set;
(3) the S boxes that cipher key expansion module is used are set;
(4) cipher key expansion module is transmitted according to main control module data and signal, produce the wheel used in main encryption/decryption module close Key, produces the round key used in adjusted value generation module;
(5) input data buffer module keeps in outer input data, and the signal sent according to main control module, by temporary number According in input Cipher-Text Stealing module;The logical place value received is sent into adjusted value generation module by the main control module;
(6) Cipher-Text Stealing module selects to enable or do not enable Cipher-Text Stealing pattern according to the signal of main control module;
(7) main encryption module and adjusted value generation module call phase from cipher key expansion module respectively under the control of main control module The tune handle encryption generation adjusted value of input is sent to main encryption module by the round key answered, adjusted value generation module, main to add Deciphering module obtains data from Cipher-Text Stealing module, and the data after processing are sent into the parallel encryption and decryption operation of execution pipeline In data outputting module;
Using following key schedule,
<mfenced open = "{" close = ""> <mtable> <mtr> <mtd> <mrow> <msub> <mi>W</mi> <mrow> <mn>4</mn> <mi>i</mi> </mrow> </msub> <mo>=</mo> <msub> <mi>W</mi> <mrow> <mn>4</mn> <mi>i</mi> <mo>-</mo> <mn>8</mn> </mrow> </msub> <mo>&amp;CirclePlus;</mo> <msub> <mi>W</mi> <mrow> <mn>4</mn> <mi>i</mi> <mo>-</mo> <mn>5</mn> </mrow> </msub> <mo>&amp;CirclePlus;</mo> <mi>F</mi> <mrow> <mo>(</mo> <msub> <mi>W</mi> <mrow> <mn>4</mn> <mi>i</mi> <mo>-</mo> <mn>2</mn> </mrow> </msub> <mo>)</mo> </mrow> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <msub> <mi>W</mi> <mrow> <mn>4</mn> <mi>i</mi> <mo>+</mo> <mn>1</mn> </mrow> </msub> <mo>=</mo> <msub> <mi>W</mi> <mrow> <mn>4</mn> <mi>i</mi> <mo>-</mo> <mn>7</mn> </mrow> </msub> <mo>&amp;CirclePlus;</mo> <msub> <mi>W</mi> <mrow> <mn>4</mn> <mi>i</mi> <mo>-</mo> <mn>6</mn> </mrow> </msub> <mo>&amp;CirclePlus;</mo> <msub> <mi>W</mi> <mrow> <mn>4</mn> <mi>i</mi> <mo>-</mo> <mn>4</mn> </mrow> </msub> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <msub> <mi>W</mi> <mrow> <mn>4</mn> <mi>i</mi> <mo>+</mo> <mn>2</mn> </mrow> </msub> <mo>=</mo> <msub> <mi>W</mi> <mrow> <mn>4</mn> <mi>i</mi> </mrow> </msub> <mo>&amp;CirclePlus;</mo> <msub> <mi>W</mi> <mrow> <mn>4</mn> <mi>i</mi> <mo>-</mo> <mn>3</mn> </mrow> </msub> <mo>&amp;CirclePlus;</mo> <msub> <mi>W</mi> <mrow> <mn>4</mn> <mi>i</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> <mo>=</mo> <msub> <mi>W</mi> <mrow> <mn>4</mn> <mi>i</mi> <mo>-</mo> <mn>8</mn> </mrow> </msub> <mo>&amp;CirclePlus;</mo> <msub> <mi>W</mi> <mrow> <mn>4</mn> <mi>i</mi> <mo>-</mo> <mn>5</mn> </mrow> </msub> <mo>&amp;CirclePlus;</mo> <mi>F</mi> <mrow> <mo>(</mo> <msub> <mi>W</mi> <mrow> <mn>4</mn> <mi>i</mi> <mo>-</mo> <mn>2</mn> </mrow> </msub> <mo>)</mo> </mrow> <mo>&amp;CirclePlus;</mo> <msub> <mi>W</mi> <mrow> <mn>4</mn> <mi>i</mi> <mo>-</mo> <mn>3</mn> </mrow> </msub> <mo>&amp;CirclePlus;</mo> <msub> <mi>W</mi> <mrow> <mn>4</mn> <mi>i</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <msub> <mi>W</mi> <mrow> <mn>4</mn> <mi>i</mi> <mo>+</mo> <mn>3</mn> </mrow> </msub> <mo>=</mo> <mi>F</mi> <mrow> <mo>(</mo> <msub> <mi>W</mi> <mrow> <mn>4</mn> <mi>i</mi> <mo>-</mo> <mn>5</mn> </mrow> </msub> <mo>)</mo> </mrow> <mo>&amp;CirclePlus;</mo> <msub> <mi>W</mi> <mrow> <mn>4</mn> <mi>i</mi> <mo>-</mo> <mn>4</mn> </mrow> </msub> <mo>&amp;CirclePlus;</mo> <msub> <mi>W</mi> <mrow> <mn>4</mn> <mi>i</mi> <mo>-</mo> <mn>2</mn> </mrow> </msub> </mrow> </mtd> </mtr> </mtable> </mfenced>
Wherein i=2,3,4 ..., 14;W4iTo W4i+3Represent the 1st to the 4th 32 words in round key respectively, and W0To W7Directly Provided by the initial key of 256;FunctionWherein symbolFor step-by-step XOR Computing;SubBytes operates for byte substitution;RotBytes is the circulative shift operation in units of byte.
8. data encryption/decryption method as claimed in claim 7, it is characterised in that also comprise the following steps:
After the completion of encryption and decryption work, main encryption/decryption module sends signal, main control module coordination data output module to main control module Output encryption or decrypted result.
CN201510238121.4A 2015-05-11 2015-05-11 A kind of data encrypting and deciphering system and method Expired - Fee Related CN104852798B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510238121.4A CN104852798B (en) 2015-05-11 2015-05-11 A kind of data encrypting and deciphering system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510238121.4A CN104852798B (en) 2015-05-11 2015-05-11 A kind of data encrypting and deciphering system and method

Publications (2)

Publication Number Publication Date
CN104852798A CN104852798A (en) 2015-08-19
CN104852798B true CN104852798B (en) 2017-10-03

Family

ID=53852168

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510238121.4A Expired - Fee Related CN104852798B (en) 2015-05-11 2015-05-11 A kind of data encrypting and deciphering system and method

Country Status (1)

Country Link
CN (1) CN104852798B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11838402B2 (en) 2019-03-13 2023-12-05 The Research Foundation For The State University Of New York Ultra low power core for lightweight encryption

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105356996B (en) * 2015-12-14 2018-11-09 联想(北京)有限公司 A kind of ciphertext processing method, electronic equipment and ciphertext processing unit
CN106254061B (en) * 2016-08-14 2019-08-23 北京数盾信息科技有限公司 A kind of high speed network storage encipher-decipher method
CN107888373A (en) * 2016-09-29 2018-04-06 北京忆芯科技有限公司 XTS AES encryptions circuit, decryption circuit and its method
CN106341419B (en) * 2016-10-17 2019-04-19 重庆邮电大学 A kind of method that calling external encryption/decryption module and mobile terminal
CN109150497B (en) * 2018-07-26 2020-07-24 南京航空航天大学 XTS-SM4 encryption circuit with high performance and small area
CN111047849B (en) * 2019-12-30 2021-05-18 江苏大周基业智能科技有限公司 Networking remote control password module and safe remote control system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8155308B1 (en) * 2006-10-10 2012-04-10 Marvell International Ltd. Advanced encryption system hardware architecture
CN103109296A (en) * 2010-09-24 2013-05-15 英特尔公司 A tweakable encrypion mode for memory encryption with protection against replay attacks

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8155308B1 (en) * 2006-10-10 2012-04-10 Marvell International Ltd. Advanced encryption system hardware architecture
CN103109296A (en) * 2010-09-24 2013-05-15 英特尔公司 A tweakable encrypion mode for memory encryption with protection against replay attacks

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
《SMS4算法应用于空间数据加密的研究及实现》;贾艳梅、陶新;《空间电子技术》;20150425(第2期);全文 *
《基于XTS-AES的主机加密卡的FPGA的设计与实现》;冉飞;《中国优秀硕士学位论文全文数据库 信息科技辑》;20110415;全文 *
《高吞吐率XTS-AES加密算法的硬件实现》;李子磊;《中国优秀硕士学位论文全文数据库 信息科技辑》;20120715;参见第3.2.1、3.2.3节,图2-7、3-2、3-4 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11838402B2 (en) 2019-03-13 2023-12-05 The Research Foundation For The State University Of New York Ultra low power core for lightweight encryption

Also Published As

Publication number Publication date
CN104852798A (en) 2015-08-19

Similar Documents

Publication Publication Date Title
CN104852798B (en) A kind of data encrypting and deciphering system and method
CN106788974B (en) Mask S box, grouping key calculation unit, device and corresponding construction method
CN107707343B (en) SP network structure lightweight block cipher realization method with consistent encryption and decryption
CN101350714B (en) Efficient advanced encryption standard (AES) data path using hybrid RIJNDAEL S-BOX
CN1921382B (en) Encrypting-decrypting method based on AES algorithm and encrypting-decrypting device
CN104639314A (en) Device based on AES (advanced encryption standard) encryption/decryption algorithm and pipelining control method
CN103516512A (en) Encryption and decryption method and encryption and decryption device based on AES (advanced encryption standard) algorithm
CN104065474B (en) Novel low-resource efficient lightweight Surge block cipher implementation method
JP4025722B2 (en) Method and apparatus for data encryption
CN101764684A (en) Encrypting and deciphering system for realizing SMS4 algorithm
Mane et al. High speed area efficient FPGA implementation of AES algorithm
CN105959107B (en) A kind of lightweight SFN block cipher implementation method of new high safety
CN101764685A (en) Encrypting and deciphering system for realizing SMS4 algorithm
CN105007154B (en) A kind of encrypting and decrypting device based on aes algorithm
CN111431697A (en) Novel method for realizing lightweight block cipher COR L
CN108933653A (en) A kind of AES encrypting and deciphering system and method based on large-scale data
CN109150495A (en) A kind of round transformation multiplex circuit and its AES decrypt circuit
JP2005513541A (en) Programmable data encryption engine for AES algorithm
JP2005513541A6 (en) Programmable data encryption engine for AES algorithm
CN107896149A (en) 128 symmetric encryption methods based on three group operationes
CN109033893B (en) AES encryption unit based on synthetic matrix, AES encryption circuit and encryption method thereof
CN108809627B (en) Round conversion multiplexing circuit and AES decryption circuit
CN109033847B (en) AES encryption operation unit, AES encryption circuit and encryption method thereof
CN102857334B (en) Method and device for realizing AES (advanced encryption standard) encryption and decryption
CN102780557B (en) Method and device for AES (advanced encryption standard) encryption/decryption with selection gate optimization

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
EXSB Decision made by sipo to initiate substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20171003

CF01 Termination of patent right due to non-payment of annual fee