CN105897406B - A kind of device for the AES encryption and decryption that bright ciphertext is isometric - Google Patents

A kind of device for the AES encryption and decryption that bright ciphertext is isometric Download PDF

Info

Publication number
CN105897406B
CN105897406B CN201610388115.1A CN201610388115A CN105897406B CN 105897406 B CN105897406 B CN 105897406B CN 201610388115 A CN201610388115 A CN 201610388115A CN 105897406 B CN105897406 B CN 105897406B
Authority
CN
China
Prior art keywords
data
module
key
ciphertext
sent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610388115.1A
Other languages
Chinese (zh)
Other versions
CN105897406A (en
Inventor
李高超
徐晓燕
周渊
张露晨
马秀娟
唐积强
徐小磊
毛洪亮
刘俊贤
苏沐冉
刘庆良
杨帆
何万江
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING SCISTOR TECHNOLOGY Co Ltd
National Computer Network and Information Security Management Center
Original Assignee
BEIJING SCISTOR TECHNOLOGY Co Ltd
National Computer Network and Information Security Management Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING SCISTOR TECHNOLOGY Co Ltd, National Computer Network and Information Security Management Center filed Critical BEIJING SCISTOR TECHNOLOGY Co Ltd
Priority to CN201610388115.1A priority Critical patent/CN105897406B/en
Publication of CN105897406A publication Critical patent/CN105897406A/en
Application granted granted Critical
Publication of CN105897406B publication Critical patent/CN105897406B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Abstract

The invention discloses a kind of devices of AES encryption and decryption that bright ciphertext is isometric, are related to field of information security technology.Described device includes encrypting module, deciphering module and key management module;Encrypting module includes at least one first data input module, at least one first data management module, at least one aes algorithm encrypting module and at least one first data transmission blocks;Deciphering module includes at least one second data input module, at least one second data management module, at least one aes algorithm deciphering module and at least one second data transmission blocks.Key management module for storing the key that host issues, and can according to the application of host by multiple groups delivering key to encrypting module or deciphering module.Each nucleus module passes through FPGA and realizes in the present invention, and FPGA is communicated by Pcie interface with host, the key that the non-readable key management module of host is stored, and so as to avoid the risk of key exposure, improves safety.

Description

A kind of device for the AES encryption and decryption that bright ciphertext is isometric
Technical field
The present invention relates to field of information security technology more particularly to a kind of devices for the AES encryption and decryption that bright ciphertext is isometric.
Background technique
Advanced Encryption Standard (English: Advanced Encryption Standard, abbreviation: AES) is by American National mark It is quasi- to be asserted effective standard on May 26th, 2002 with Institute for Research and Technology (NIST).2006, Advanced Encryption Standard already at For one of most popular algorithm in the encryption of symmetrical packet key.
With the fast development of information technology, aes algorithm is widely used in various industries, but common application is all logical Cross software realization.Although the arithmetic speed and core number of current CPU have all greatly enhanced, fortune handled by CPU Calculation is also more complicated, so that the still comparable preciousness of cpu resource, then being accelerated by hardware realization aes algorithm to CPU Also become a meaningful project.
Aes algorithm is a kind of symmetric block ciphers Encryption Algorithm, and the data for encryption and decryption are required by grouping, data The length of block is fixed as 16 bytes, needs to carry out polishing filling, such bring when a data block length is less than 16 byte The result is that ciphertext is longer than in plain text, so that not being available aes algorithm in the case where needing cleartext-ciphertext isometric.
Summary of the invention
The present invention provides a kind of device of AES encryption and decryption that bright ciphertext is isometric, can support the CBC of AES enciphering and deciphering algorithm Mode (also referred to as cipher block chaining mode), cleartext-ciphertext data are isometric, and CPU usage is effectively reduced and improves the peace of encryption and decryption Quan Xing.Described device, which is based on FPGA platform, realizes the isometric encryption of clear data by the multiple calling to aes algorithm, and has Effect reduces CPU usage.
The present invention provides a kind of device of AES encryption and decryption that bright ciphertext is isometric, including the encrypting module for data processing With deciphering module and key management module;Wherein encrypting module includes:
At least one first data input module, for obtaining data and queuing message to be encrypted from host.
At least one first data management module, be used for regular data block, and will be regular after data be sent into aes algorithm add Close module;It is ciphertext is regular and be sent into data transmission blocks.
At least one aes algorithm encrypting module, for by data management module be sent into it is regular after data encrypt, Ciphertext is formed, and ciphertext is passed back to data management module.
At least one first data transmission blocks, for ciphertext and queuing message to be passed back to host.
Deciphering module includes:
At least one second data input module, for obtaining data and queuing message to be decrypted from host.
At least one second data management module, be used for regular data block, and will be regular after data be sent into aes algorithm solution Close module;It will be regular and be sent into data transmission blocks in plain text.
At least one aes algorithm deciphering module, for by data management module be sent into it is regular after data be decrypted, It is formed in plain text, and data management module will be passed back in plain text.
At least one second data transmission blocks, for plaintext and queuing message to be passed back to host.
Key management module can store multiple groups key, and can be according to host for storing the key that host issues Application by multiple groups delivering key to encrypting module or deciphering module.
A kind of device nucleus module of the isometric AES encryption and decryption of bright ciphertext provided by the invention is carried out by FPGA real Existing, FPGA is communicated by Pcie interface with host, for reception and return data and information.The non-readable key pipe of host The key that reason module is stored improves safety so as to avoid the risk of key exposure.
Detailed description of the invention
Fig. 1 is encrypting module structural schematic diagram of the present invention.
Fig. 2 is deciphering module structural schematic diagram of the present invention.
Fig. 3 is key management module schematic diagram of the present invention.
Fig. 4 is data encryption flow diagram of the present invention.
Fig. 5 is data deciphering flow diagram of the present invention.
Fig. 6 is key management flow diagram of the present invention.
Specific embodiment
Technical solution of the present invention is described in detail with reference to the accompanying drawing.
The present invention provides a kind of device of AES encryption and decryption that bright ciphertext is isometric, including the encrypting module for data processing With deciphering module and key management module.
Fig. 1 shows the structure of encrypting module in the present invention, and the encrypting module is by the first data input module, first Data management module, aes algorithm encrypting module and the first data transmission blocks are constituted.First data input module is responsible for host Incoming queuing message and clear data is cached, and close to key management module application according to the queuing message that host is passed to Key notifies the first data management module to handle the clear data cached;First data management module is responsible for from first Data input module reads queuing message, key and the clear data cached, and queuing message, key and plaintext are sent into Aes algorithm encrypting module;Aes algorithm encrypting module obtains ciphertext after carrying out data encryption, and data management module receives ciphertext, and According to plaintext to ciphertext carry out it is regular, will be regular after ciphertext and queuing message be sent into the first data transmission blocks;First data Sending module is responsible for ciphertext passing back to host by Pcie interface.
For the hardware resource reproducibility of FPGA, an encrypting module can be copied as multiple encrypting modules, such as same Multiple encrypting modules are placed simultaneously inside one fpga chip, area is carried out to multiple encrypting modules by defining different address spaces Point, host computer side accesses different encrypting modules by accessing different address spaces, to realize the parallel reality of multichannel encryption It is existing;Deciphering module can carry out identical duplication and definition with encrypting module, to realize the Parallel Implementation of multichannel decryption.Fig. 4 is aobvious Show that encrypting module carries out the process of data encryption, below with reference to Fig. 4 and has assumed the case where length of the plaintext is 23 byte to encryption Process carries out detailed description gradually:
Step 1: host input rank information indicates the length of the plaintext, Key Sequence Number, the sequence of operation number of this cryptographic operation And the offset address of passback host;First data input module controls reception and the key of plaintext by analysis queuing message It obtains.
Step 2: according to the Key Sequence Number in queuing message to key management module application key, and key being sent to Aes algorithm encrypting module.
Step 3: in plain text, since the plaintext bit wide of input is 64, and the data bit width that AES is capable of handling is for host input 128, so the first data input module is when caching plaintext, by 64 plaintexts that host inputs be spliced into again 128 it is bright Text, the rule of splicing are the data buffer storage that first inputs to the high data buffer storage 64, inputted afterwards to low 64, effective when input When plaintext is less than 128,0 will be added after effective plaintext and is supplied and is cached;When at least one 128 plaintext of caching Afterwards, notify the first data management module to handling in plain text.In this example, first by received two 8 bytes in plain text according to rule Then it is spliced into 128 Plaintext blocks;Again by last 7 byte caches to 56 high, 0 is mended by low 72, is then notified Data management module to handling in plain text.
Step 4: after the first data management module receives the notice of data input module, analyzing this secondary encryption first Length of the plaintext reads data from the caching of data input module according to length, reads a data block, i.e., 128 every time In plain text, if this read it is effective be in plain text 128, aes algorithm encrypting module will be sent in plain text and encrypted, when adding After the completion of close operation, ciphertext is fetched and cached from aes algorithm encrypting module, while the ciphertext fetched is sent to first Data transmission blocks;Data are read from the first data input module caching again, and are repeated above operation;When from the first data When the effective plaintext read in input module caching is less than 128, the ciphertext fetched to plaintext and last time is spliced, is spliced At 128 data blocks, reinitialize aes algorithm encrypting module, by spliced data be sent into aes algorithm encrypting module into Row encryption, the ciphertext that this is fetched are spliced and are shifted with the ciphertext that last time fetches, the ciphertext after splicing and displacement is sent Enter to the first data transmission blocks;Notify all plaintexts of the first data transmission blocks have encrypted to complete and sent;To complete At the isometric encryption of one whole section of plaintext.
In this example, first 128 Plaintext block is sent into aes algorithm encrypting module first and is encrypted, after fetching ciphertext It is cached;Low 72 of the ciphertext fetched are spliced with remaining 56 plaintexts again, the rule of splicing is the low of ciphertext 72 are a high position, and 56 plaintexts are low level;Aes algorithm encrypting module is reinitialized, spliced plaintext is sent into AES and is calculated Method encrypting module is encrypted;After fetching the last one ciphertext, by the low of the high last ciphertext fetched of 72 coverings of ciphertext 72, by low 56 bit shift of the last one ciphertext to 56 high, remaining low 72 are covered with 0;To constitute most Two ciphertext blocks of result afterwards, first piece of ciphertext are 128, and second piece of ciphertext is 56, totally 23 byte, isometric with plaintext.It will The two ciphertext blocks are sent to the first data transmission blocks and are cached, and notify that the first sending module is sent.
Step 5: after the first data transmission blocks receive the transmission request of the first data management module, being requested according to sending The information such as length, sending deviation address, sent first using queuing message as first transmission unit, then from caching In read ciphertext one by one and sent, after the last one effective ciphertext is sent completely, send a queuing message unit again Terminate this transmission, while the first data input module this cryptographic operation being notified to complete, the first data input module enters New reception data mode.
Fig. 2 shows the structure of deciphering module of the present invention, and the deciphering module is by the second data input module, the second number It is constituted according to management module, aes algorithm deciphering module and the second data transmission blocks.Second data input module is responsible for passing in host The queuing message and ciphertext entered is cached, and the queuing message being passed to according to host is to key management module application key, root Ciphertext is spliced according to ciphertext length information, notifies the second data management module to queuing message, the key and close cached Literary data are handled;Second data management module be responsible for from data input module read cached queuing message, key and Ciphertext, and queuing message, key and ciphertext are sent into aes algorithm deciphering module;Ciphertext is decrypted in aes algorithm deciphering module It obtains in plain text;Second data management module receives the plaintext of aes algorithm deciphering module output, and according to ciphertext to advising in plain text It is whole, will be regular after plaintext and queuing message be sent into the second data transmission blocks;Second data transmission blocks are responsible for plaintext is logical It crosses Pcie interface and passes back to host.
Fig. 5 shows that deciphering module carries out the process of data deciphering, below with reference to Fig. 5 and assumes that length of the plaintext is 23 bytes The case where detailed description gradually is carried out to decryption process:
Step 1: host input rank information indicates ciphertext length, Key Sequence Number, the sequence of operation number of this decryption oprerations And the offset address of passback host;Second data input module controls reception and the key of ciphertext by analysis queuing message It obtains.
Step 2: according to the Key Sequence Number in queuing message to key management module application key, and key being sent to Aes algorithm deciphering module.
Step 3: host inputs ciphertext, and since the ciphertext bit wide of input is 64, and the data bit width that AES is capable of handling is It 128, so data input module is spliced into 128 plaintexts when caching ciphertext, by 64 ciphertexts that host inputs again, spells The rule connect is the data buffer storage that first inputs to the high data buffer storage 64, inputted afterwards to low 64, when effective ciphertext of input When less than 128,0 will be added after effective ciphertext and is supplied and is cached;After the completion of all ciphertexts caching, according to ciphertext Length splices ciphertext again.In this example, received two 8 byte cryptograms are spliced into one 128 according to rule first Position ciphertext blocks;Again by last 7 byte caches to 56 high, 0 is mended by low 72;According to the ciphertext length of this operation letter Breath, by high 56 bitwise shift right of the last one ciphertext blocks to low 56, covers the last one for low 72 of first ciphertext blocks Ciphertext blocks it is 72 high, to be spliced into the last one 128 ciphertext blocks;By first ciphertext blocks and it is spliced last A ciphertext blocks caching, and the second data management module is notified to start to process ciphertext.
Step 4: after the second data management module receives the notice of data input module, analyzing this secondary decryption first Ciphertext length, if the integral multiple that ciphertext length is 128, reads from the caching of the second data input module according to length Data read a data block every time, i.e., ciphertext is sent to aes algorithm deciphering module and is decrypted by 128 ciphertexts, when After the completion of decryption oprerations, plaintext is fetched from aes algorithm encrypting module and is sent to the second data transmission blocks;Again from second Data are read in data input module caching, and are repeated above operation;The second number is notified after the completion of the processing of all ciphertext blocks It is sent according to sending module.If non-128 integral multiples of ciphertext length, first from the second data input module caching The ciphertext of the last one caching is read, aes algorithm deciphering module is sent into and is decrypted for the first time, the plaintext after decryption is delayed It deposits;Aes algorithm deciphering module is initialized again, reads ciphertext one by one from data input module caching, is sent into aes algorithm decryption Module is decrypted, and the plaintext after decryption is sent into the second data transmission blocks and is cached;When reading the last one ciphertext When, the high-order portion in the plaintext decrypted for the first time is taken out, is spliced with the last one ciphertext, aes algorithm decryption is re-fed into Module is decrypted, and the plaintext which obtains is spliced with the plaintext decrypted for the first time, is sent to data transmission blocks It is sent, to complete a decryption oprerations.In this example, being decrypted for the first time is to pass through the ciphertext spliced again, this 128 Position ciphertext contains the 56 high of low 72 of first piece of ciphertext and last block ciphertext;128 ciphertexts generate after decrypted Plaintext, include 72 ciphertexts and 56 plaintexts that need to carry out second of decryption;Second of decryption need to be carried out by 72 After ciphertext covers low 72 of low one piece of ciphertext, it is sent to aes algorithm deciphering module and is decrypted, the plaintext decrypted is i.e. For first piece of plaintext of final decrypted result;By decrypt for the first time 56 plaintexts move left to high 56 obtain second piece it is bright Text;First piece of plaintext and second piece of plaintext are sent to the second data transmission blocks to send;To complete 23 bytes The ciphertext of length is decrypted.
Step 5: after the second data transmission blocks receive the transmission request of the second data management module, being requested according to sending Length, send the information such as address, sent first using queuing message as first transmission unit, then from caching by A reading is sent in plain text, after the last one is effectively sent completely in plain text, sends a queuing message unit again to tie Shu Benci is sent, while this decryption oprerations of the second data input module being notified to complete, and the second data input module enters new Receive data mode.
Fig. 3 shows the structure of key management module, and the key management module is by cipher key storage block, key verification Module and key distribution module are constituted.The key storage that cipher key storage block is responsible for issuing in host is in ram in slice;Key school Test the correctness that module is responsible for check key;Key distribution module is responsible for according to key application, and key is sent to encryption or solution Close module.
Fig. 6 shows that key management module carries out the process of key management, carries out below with reference to Fig. 6 to key management process It is described in detail:
Step 1: host issues key to key management module, can once issue most 256 group keys.
Step 2: host application issues key verification instruction, and for host again by delivering key, key verification module will again The key issued is compared with the key issued for the first time, if the key issued for the first time and the key issued again differ, " return " key" mistake number, returns to 0 if equal;Host repeats key verification movement, until all key verifications are completed.When When there is wrong cipher key, host needs, which re-start, issues key and checkout action.It is returned since apparatus of the present invention do not provide host Cipher key function is read, so using the correctness for issuing and being used to ensure key with verification scheme.
Step 3: when data encryption or deciphering module are to key management module application key, Key Sequence Number is provided first, Key management module chooses key according to Key Sequence Number, and key is sent to corresponding deciphering module or encrypting module.
In conclusion a kind of device of the isometric AES encryption and decryption of bright ciphertext provided by the present invention uses hardware realization The core of aes algorithm and by secondary calling aes algorithm and to the rational joint of plain/cipher text realize in plain text, ciphertext Stringent isometric encryption/decryption.
The present invention can realize that the parallel processing of multichannel encryption and decryption has compared to software realization on same fpga chip Reduce CPU consumption, the processing speed characteristics such as faster;Key therein can not readback mechanism greatly reduce key exposure wind Danger, to improve safety.

Claims (2)

1. a kind of device for the AES encryption and decryption that bright ciphertext is isometric, it is characterised in that: including encrypting module, deciphering module and key Management module;Wherein encrypting module includes:
At least one first data input module, for obtaining data and queuing message to be encrypted from host;
At least one first data management module, be used for regular data block, and will be regular after data be sent into aes algorithm encrypt mould Block;By ciphertext it is regular and be sent into the first data transmission blocks;
At least one aes algorithm encrypting module, for by the first data management module be sent into it is regular after data encrypt, Ciphertext is formed, and ciphertext is passed back to the first data management module;
At least one first data transmission blocks, for ciphertext and queuing message to be passed back to host;
Deciphering module includes:
At least one second data input module, for obtaining data and queuing message to be decrypted from host;
At least one second data management module, be used for regular data block, and will be regular after data be sent into aes algorithm decrypt mould Block;It will regular in plain text and the second data transmission blocks of feeding;
At least one aes algorithm deciphering module, for by the second data management module be sent into it is regular after data be decrypted, It is formed in plain text, and cleartext-ciphertext is passed back to the second data management module;
At least one second data transmission blocks, for ciphertext and queuing message to be passed back to host;
Key management module gives multiple groups delivering key to encryption for storing the key that host issues, and according to the application of host Module or deciphering module;
The process that data are encrypted are as follows:
Step 1: host input rank information indicates the length of the plaintext of this cryptographic operation, Key Sequence Number, the sequence of operation number and returns The offset address of hero of biography machine;First data input module controls the reception of plaintext and obtaining for key by analysis queuing message It takes;
Step 2: according to the Key Sequence Number in queuing message to key management module application key, and key being sent to AES and is calculated Method encrypting module;
Step 3: in plain text, since the plaintext bit wide of input is 64, and the data bit width that AES is capable of handling is 128 for host input Position, so the first data input module is spliced into 128 plaintexts when caching plaintext, by 64 plaintexts that host inputs again, The rule of splicing is the data buffer storage that first inputs to the high data buffer storage 64, inputted afterwards to low 64, effective bright when input It is literary less than 128 when, addition 0 will be supplied and cached after effective plaintext;After caching at least one 128 plaintext, Notify the first data management module to handling in plain text;
Step 4: after the first data management module receives the notice of the first data input module, according to the length of the plaintext to be encrypted Read data from the caching of the first data input module, every time one data block of reading, i.e., 128 plaintexts, if this The effective plaintext read is 128, then will be sent to aes algorithm encrypting module in plain text and encrypt, after the completion of cryptographic operation, Ciphertext is fetched and cached from aes algorithm encrypting module, while the ciphertext fetched is sent to the first data transmission blocks; Data are read from the first data input module caching again, and are repeated above operation;It is cached when from the first data input module When effective plaintext of middle reading is less than 128, the ciphertext fetched to plaintext and last time is spliced, 128 numbers are spliced into According to block, aes algorithm encrypting module is reinitialized, spliced data feeding aes algorithm encrypting module is encrypted, incite somebody to action this The secondary ciphertext fetched is spliced and is shifted with the ciphertext that last time fetches, and the ciphertext after splicing and displacement is sent to the first data Sending module;Notify all plaintexts of the first data transmission blocks have encrypted to complete and sent;So that one whole section of completion is bright The isometric encryption of text;
Step 5: after the first data transmission blocks receive the transmission request of the first data management module, according to the length for sending request Degree, sending deviation address information, send queuing message as first transmission unit, then from caching one by one first It reads ciphertext to be sent, after the last one effective ciphertext is sent completely, sends a queuing message unit again to terminate This sends, while this cryptographic operation of the first data input module being notified to complete, and the first data input module enters new connect Receive data mode;
The process that data are decrypted are as follows:
Step 1: host input rank information indicates the ciphertext length of this decryption oprerations, Key Sequence Number, the sequence of operation number and returns The offset address of hero of biography machine;Second data input module controls the reception of ciphertext and obtaining for key by analysis queuing message It takes;
Step 2: according to the Key Sequence Number in queuing message to key management module application key, and key being sent to AES and is calculated Method deciphering module;
Step 3: host inputs ciphertext, and since the ciphertext bit wide of input is 64, and the data bit width that AES is capable of handling is 128 Position, so the second data input module is spliced into 128 plaintexts when caching ciphertext, by 64 ciphertexts that host inputs again, The rule of splicing is the data buffer storage that first inputs to the high data buffer storage 64, inputted afterwards to low 64, effective close when input It is literary less than 128 when, addition 0 will be supplied and cached after effective ciphertext;After the completion of all ciphertexts caching, according to ciphertext Length ciphertext is spliced again;
Step 4: after the second data management module receives the notice of the second data input module, analyzing this secondary decryption first Ciphertext length, if the integral multiple that ciphertext length is 128, reads from the caching of the second data input module according to length Data read a data block every time, i.e., ciphertext is sent to aes algorithm deciphering module and is decrypted by 128 ciphertexts, when After the completion of decryption oprerations, plaintext is fetched from aes algorithm encrypting module and is sent to the second data transmission blocks;Again from second Data are read in data input module caching, and are repeated above operation;The second number is notified after the completion of the processing of all ciphertext blocks It is sent according to sending module;If non-128 integral multiples of ciphertext length, first from the second data input module caching The ciphertext of the last one caching is read, aes algorithm deciphering module is sent into and is decrypted for the first time, the plaintext after decryption is delayed It deposits;Aes algorithm deciphering module is initialized again, is read ciphertext one by one from the second data input module caching, is sent into aes algorithm Deciphering module is decrypted, and the plaintext after decryption is sent into the second data transmission blocks and is cached;When reading the last one When ciphertext, the high-order portion in the plaintext decrypted for the first time is taken out, is spliced with the last one ciphertext, is re-fed into aes algorithm Deciphering module is decrypted, and the plaintext which obtains is spliced with the plaintext decrypted for the first time, is sent to the second data Sending module is sent, to complete a decryption oprerations;
Step 5: after the second data transmission blocks receive the transmission request of the second data management module, according to the length for sending request Degree sends address information, sends queuing message as first transmission unit, then reads one by one from caching first It is sent in plain text, after the last one is effectively sent completely in plain text, sends a queuing message unit again to terminate this It sends, while this decryption oprerations of the second data input module being notified to complete, the second data input module enters new reception number According to state.
2. a kind of device of the isometric AES encryption and decryption of bright ciphertext according to claim 1, it is characterised in that: key management The process of module progress key management are as follows:
Step 1: host issues key to key management module;
Step 2: host application issues key verification instruction, and again by delivering key, key verification module will issue host again Key be compared with the key issued for the first time, if the key issued for the first time and the key issued again differ, return Wrong cipher key number, returns to 0 if equal;Host repeats key verification movement, until all key verifications are completed;Work as appearance When wrong cipher key, host needs, which re-start, issues key and checkout action;
Step 3: when data encryption or deciphering module are to key management module application key, providing Key Sequence Number, key first Management module chooses key according to Key Sequence Number, and key is sent to corresponding deciphering module or encrypting module.
CN201610388115.1A 2016-06-02 2016-06-02 A kind of device for the AES encryption and decryption that bright ciphertext is isometric Active CN105897406B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610388115.1A CN105897406B (en) 2016-06-02 2016-06-02 A kind of device for the AES encryption and decryption that bright ciphertext is isometric

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610388115.1A CN105897406B (en) 2016-06-02 2016-06-02 A kind of device for the AES encryption and decryption that bright ciphertext is isometric

Publications (2)

Publication Number Publication Date
CN105897406A CN105897406A (en) 2016-08-24
CN105897406B true CN105897406B (en) 2019-04-12

Family

ID=56710726

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610388115.1A Active CN105897406B (en) 2016-06-02 2016-06-02 A kind of device for the AES encryption and decryption that bright ciphertext is isometric

Country Status (1)

Country Link
CN (1) CN105897406B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106549970A (en) * 2016-11-25 2017-03-29 济南浪潮高新科技投资发展有限公司 A kind of PCIE interface data encipher-decipher methods based on FPGA
CN107612681A (en) * 2017-09-25 2018-01-19 郑州云海信息技术有限公司 A kind of data processing method based on SM3 algorithms, apparatus and system
CN107612682A (en) * 2017-09-25 2018-01-19 郑州云海信息技术有限公司 A kind of data processing method based on SHA512 algorithms, apparatus and system
CN107566113A (en) * 2017-09-29 2018-01-09 郑州云海信息技术有限公司 The symmetrical encipher-decipher methods of 3DES, system and computer-readable recording medium
CN107491317A (en) * 2017-10-10 2017-12-19 郑州云海信息技术有限公司 A kind of symmetrical encryption and decryption method and systems of AES for accelerating platform based on isomery
CN107749792A (en) * 2017-10-13 2018-03-02 郑州云海信息技术有限公司 Realize the method, system and computer-readable recording medium of data encrypting and deciphering
CN110134621B (en) * 2018-02-09 2023-12-19 北京忆芯科技有限公司 Providing CMB via a loopback data path
CN111400744B (en) * 2020-04-20 2023-09-05 深信服科技股份有限公司 File encryption and decryption processing method, device, equipment and readable storage medium
CN116070292B (en) * 2023-03-07 2023-06-16 苏州宏存芯捷科技有限公司 SM4 encryption heterogeneous acceleration system based on FPGA
CN116204911B (en) * 2023-04-27 2023-08-04 苏州浪潮智能科技有限公司 Encryption and decryption system, encryption and decryption control method, computer device and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101534190A (en) * 2009-05-05 2009-09-16 成都市华为赛门铁克科技有限公司 A multi-channel encryption/decryption method, device and system
CN104363091A (en) * 2014-12-01 2015-02-18 国家计算机网络与信息安全管理中心 Encryption and decryption method capable of automatically retrieving keys and selecting algorithms
US9002002B1 (en) * 2006-12-12 2015-04-07 Marvell International Ltd. Method and apparatus of high speed encryption and decryption

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9002002B1 (en) * 2006-12-12 2015-04-07 Marvell International Ltd. Method and apparatus of high speed encryption and decryption
CN101534190A (en) * 2009-05-05 2009-09-16 成都市华为赛门铁克科技有限公司 A multi-channel encryption/decryption method, device and system
CN104363091A (en) * 2014-12-01 2015-02-18 国家计算机网络与信息安全管理中心 Encryption and decryption method capable of automatically retrieving keys and selecting algorithms

Also Published As

Publication number Publication date
CN105897406A (en) 2016-08-24

Similar Documents

Publication Publication Date Title
CN105897406B (en) A kind of device for the AES encryption and decryption that bright ciphertext is isometric
US20220027288A1 (en) Technologies for low-latency cryptography for processor-accelerator communication
KR102430042B1 (en) Memory Behavior Encryption
CN112751852B (en) Data transmission method and related equipment
US8879727B2 (en) Method and apparatus for hardware-accelerated encryption/decryption
CN102138300B (en) Message authentication code pre-computation with applications to secure memory
CN108073353B (en) Data processing method and device
CN107924448A (en) The one-way cipher art that hardware is implemented
JP7116050B2 (en) Computer program product, computer system, and computer-implemented method for implementing cryptographic messages containing authentication instructions
US20120134495A1 (en) Cloud Storage Data Access Method, Apparatus and System Based on OTP
CN104809407B (en) Cloud storage front end data encryption and decryption and method of calibration and system
CN109245881A (en) A kind of photograph video cloud encryption storage method
CN107491317A (en) A kind of symmetrical encryption and decryption method and systems of AES for accelerating platform based on isomery
CN103368975B (en) A kind of method and system of batch data safe transmission
CN110289946A (en) A kind of generation method and block chain node device of block chain wallet localization file
CN103345609A (en) Method and device for text encryption and decryption
US20220078024A1 (en) State synchronization for post-quantum signing facilities
CN102546156A (en) Method, system and device for grouping encryption
CN110061967A (en) Business datum providing method, device, equipment and computer readable storage medium
CN107566113A (en) The symmetrical encipher-decipher methods of 3DES, system and computer-readable recording medium
JP5689826B2 (en) Secret calculation system, encryption apparatus, secret calculation apparatus and method, program
US9641321B1 (en) Method and apparatus for the virtualization of cryptographic resources
CN103457721B (en) A kind of method and device of Mass production password
CN110113151B (en) Non-invasive real-time encryption and decryption method for ELF format program
CN110457924A (en) Storing data guard method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant