CN105939190A - AES data encryption method for offline key generation based on FPGA - Google Patents
AES data encryption method for offline key generation based on FPGA Download PDFInfo
- Publication number
- CN105939190A CN105939190A CN201610462944.XA CN201610462944A CN105939190A CN 105939190 A CN105939190 A CN 105939190A CN 201610462944 A CN201610462944 A CN 201610462944A CN 105939190 A CN105939190 A CN 105939190A
- Authority
- CN
- China
- Prior art keywords
- key
- round
- fpga
- invaddroundkey
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to an AES (Advanced Encryption Standard) data encryption method for offline key generation based on an FPGA (Field Programmable Gate Array). The AES data encryption method for offline key generation based on the FPGA comprises the steps of generating 10-round keys offline by utilizing a seed key and a key extension algorithm and storing the keys; firstly carrying out zero-round round key encryption operation for state data formed through premonitory segmentation by using the seed key; and then inputting the 10-round keys according to a sequence so as to respectively encrypt an array which is formed after the previous round of encryption. The AES data encryption method for offline key generation based on the FPGA provided by the invention greatly improves the encryption processing performance of an encryption algorithm through the technical scheme abovementioned.
Description
Technical field
The invention belongs to Painting Technology for Automobile field, be specifically related to a kind of off-line based on FPGA and generate the AES data ciphering method of key.
Background technology
The every aspect being deep into during life and work produces along with informationalized development, computer and the Internet.Corresponding, Network Information Security Problem becomes one of current vital problem the most therewith.
Network security master is intended to for network attack, network attack of controlling flood.For network attack, on the one hand build firm fort from network structure to carry out taking precautions against and improve malicious act monitoring mechanism is, on the other hand data safety, i.e. the safety that data transmission, data store is most important.And revealing of data uses in plain text or the information leakage caused only with simple encryption mode mainly due in data transmission storing process.Assault is hard to guard against, in the transmission and storing process of data, data decimation safely and effectively encrypting algorithm is encrypted be to ensure that data safely, to prevent the most common of information leakage be also most important mode.
Safety and effectiveness aspect to the algorithm that data encryption uses, AES(Advanced
Encryption Standard) algorithm is the most long-tested.Rijndael algorithm is the selection assessment test through 5 years, the of new generation data encryption standards the most selected by National Institute of Standards and Technology (NIST), i.e. AES.What aes algorithm referred to is exactly Rijndael algorithm, and it is a kind of open symmetric block cipher algorithm.Aes algorithm not only possesses the strongest attack tolerant to the crypt analytical attack being currently known, and is realizing aspect, and algorithm is simple and clear, and amount of calculation is relatively small.As current classic symmetric encipherment algorithm, each security fields have been goed deep in its application, are de facto standards.
But for the most large-scale high-speed data-flow, data encryption aspect of performance, traditional software cryptography is used to process, not only can drag slow transmission speed in real-time, and take the CPU of main frame in a large number so that host performance degradation, if the implementation realizing employing specialized high-speed hardware of encrypting module, the shortcoming that just can get around traditional software encryption, is better achieved performance requirement.But at home, the research for high performance hardware encryption module is few, and more research concentrates on the encrypting module design in the embedded device of low-power consumption.Therefore, design can realize high-performance hardware encrypting module, and the data encryption performance requirement current for reply China is significant.
Summary of the invention
It is an object of the invention to solve above-mentioned technical problem and provide a kind of off-line based on FPGA to generate the AES data ciphering method of key.
For achieving the above object, the present invention adopts the following technical scheme that
A kind of off-line based on FPGA generates the AES data ciphering method of key, comprises the following steps:
By pending data stream by the processing method pretreatment preset, it is divided into the state array of multiple predetermined length;
Seed key and key schedule off-line is utilized to generate 10 round key and store;
First with described seed key, described state array is carried out the 0th and take turns InvAddRoundKey operation, input the array formed after previous round is encrypted by described 10 round key respectively the most in sequential order and be encrypted;
Wherein, the ciphering process of 1-9 wheel includes that byte is replaced, row shifts, arrange mixing and the operation of InvAddRoundKey successively, and the step merging arranging mixing and InvAddRoundKey often taken turns in 1-9 wheel forms a step, described row mix and the step of InvAddRoundKey uses three XOR gates to carry out successively often taking turns InvAddRoundKey process;10th ciphering process taken turns includes that byte is replaced, row shifts and the operation of InvAddRoundKey.
Described seed key and 10 round key are during before InvAddRoundKey operates, off-line forms and be stored in default depositor in advance.
The generation employing following steps of each round key of described 10 round key:
Safeguard a key schedule table, be used for storing seed key and ten round key;This key schedule table is the two-dimensional array of 4 row 4 × 11 row, and each array location is a byte, and every string of two-dimensional array is as a word;Described seed key is copied in front four words of key schedule table, then four words after the key of first round cipher key spreading generation occupies, layout according to this, after ten take turns extension, key schedule table can be filled, cipher key spreading process terminates, and wherein, it is by replacing four words of previous round key and the sequence of steps operation formation of wheel constant XOR through word cyclic shift, byte that each round key generates.
It is all to realize by the way of S box look-up table that byte in each cryptographic operation taken turns and each cipher key spreading operation taken turns is replaced.
It is by using the reconfigurable logic unit of FPGA to realize that described S box realizes look-up table.
The off-line based on FPGA that the present invention proposes generates the AES data ciphering method of key, 10 round key are formed by off-line in advance, by standby with seed key storage for key, sequentially input seed key when encryption by default encryption round sequence for several times and 10 round key carry out 10 and take turns encryption, and when front 9 take turns encryption, the step of row mixing and InvAddRoundKey is merged into three steps, thus substantially increase the performance of the encryption of AES, improve processing speed, decrease delay time.
Accompanying drawing explanation
Fig. 1 generates the encryption flow schematic diagram of the AES data ciphering method of key for the off-line based on FPGA that the embodiment of the present invention provides;
Fig. 2 generates the circuit theory schematic diagram of the AES data ciphering method of key for the off-line based on FPGA that the embodiment of the present invention provides.
Detailed description of the invention
Below, in conjunction with example, substantive distinguishing features and the advantage of the present invention are further described, but the invention is not limited in listed embodiment.
Seeing shown in Fig. 1-2, a kind of off-line based on FPGA generates the AES data ciphering method of key, comprises the following steps:
By pending data stream by the processing method pretreatment preset, it is divided into the state array of multiple predetermined length;
Seed key and key schedule off-line is utilized to generate 10 round key and store;
First with described seed key, described state array is carried out the 0th and take turns InvAddRoundKey operation, input the array formed after previous round is encrypted by described 10 round key respectively the most in sequential order and be encrypted;
Wherein, the ciphering process of 1-9 wheel includes that byte is replaced, row shifts, arrange mixing and the operation of InvAddRoundKey successively, and the step merging arranging mixing and InvAddRoundKey often taken turns in 1-9 wheel forms a step, described row mix and the step of InvAddRoundKey uses three XOR gates to carry out successively often taking turns InvAddRoundKey process;10th ciphering process taken turns includes that byte is replaced, row shifts and the operation of InvAddRoundKey.
Described row mixing and the step of InvAddRoundKey use three XOR gate ROX, as it is shown in figure 1, be respectively row mixing and first XOR gate ROX of InvAddRoundKey, row mixing and second XOR gate ROX of InvAddRoundKey, row mixing and the 3rd XOR gate ROX of InvAddRoundKey.
Wherein, in the present invention, described seed key and 10 round key are during before InvAddRoundKey operates, off-line forms and be stored in default depositor in advance.
Specifically when one group of state array is encrypted, by first determining whether that whether encryption round number R is 0 to carry out 10 encryption processing operation taken turns by above-mentioned method step successively, terminate when encryption round number is 11, the encryption of such one group of state array completes, carry out the encryption of next group state array the most again by same cryptographic operation processing method, finally export corresponding ciphertext.
Described seed key is the input key of AES encryption algorithm, and this input key participates in the 0th as input and takes turns InvAddRoundKey operation, be also simultaneously cipher key spreading uniquely input parameter.
In the present invention, the generation employing following steps of each round key of described 1-10 round key:
Safeguard a key schedule table, be used for storing seed key and ten round key;This key schedule table is the two-dimensional array of 4 row 4 × 11 row, and each array location is a byte, and every string of two-dimensional array is as a word;Described seed key is copied in front four words of key schedule table, then four words after the key of first round cipher key spreading generation occupies, layout according to this, after ten take turns extension, key schedule table can be filled, cipher key spreading process terminates, and wherein, it is by replacing four words of previous round key and the sequence of steps operation formation of wheel constant XOR through word cyclic shift, byte that each round key generates.
Concrete, as the initial key of a 128bit length is considered a packet, according to the state array rules of arrangement identical with packet, initial key is grouped layout and becomes the form of state array, key exists with same state array form, and such design makes key more intuitively to participate in easily in ciphering process.
It should be noted that in the present invention, each described key taken turns specifically can use three XOR gate ROX to pass sequentially through wheel constant XOR after word cyclic shift, byte are replaced and generate.
The step that each key taken turns is formed specifically, is circulated displacement to the last character of last round of key, then carries out byte replacement and wheel constant XOR and is formed.
Described byte is replaced the result produced cyclic shift exactly and is carried out byte replacement;
Wheel constant XOR is exactly that the result of byte replacement generation needs to carry out XOR with a constant, and this constant is referred to as taking turns constant, and this xor operation referred to herein as takes turns constant XOR.The wheel constant that ten round key extensions use is different, represents by an array.
Concrete, the processing procedure producing three XOR gates often taking turns described key corresponds respectively to the row mixing of cryptographic operation and the process step of three XOR gates of InvAddRoundKey respectively, the each round key generated is respectively used to the row mixing of often wheel and the step of InvAddRoundKey of correspondence, respectively carry out the 0th take turns InvAddRoundKey operation and 1-10 wheel row mixing and InvAddRoundKey operate accordingly time input (wherein, 10th takes turns middle column free blend step, only the operating procedure of round key frame) carry out wheel sealing add operation.
It is all to realize by the way of S box (S-BOX) look-up table that byte in each cryptographic operation taken turns and each cipher key operation taken turns is replaced.
It is by using the reconfigurable logic unit of FPGA to realize that described S box realizes look-up table.Access this look-up table by reconfigurable logic unit with there being quick exchange channels between other modules of AES not through bus memory access, this look-up table, so to greatly speed up processing speed, and reduce time delay.
In the present invention, byte in each cryptographic operation taken turns and key is replaced and is used S box to realize, the effect of described S box is each byte for state array or key array, finds the result after the nonlinear transformation of its correspondence, is replaced it in state array or key array.
It should be noted that, in the present invention, described FPGA device can be adopted as the Stratix IV series of altera corp, ALM(High-performance adaptive logic modules in this Series FPGA, reconfigurable cell) quantity is between 23 ten thousand to 36 ten thousand, and ALM at least can be equivalent to the RAM of 256, is equivalent to realize the RAM of 6-9Mbit, for realizing not at the S box of 40Kbit or 400Kbit of an order of magnitude, and do not affect other designs.
The inventive method is used in the Stratix IV Series FPGA environment of Altera, and when key off-line generates, the throughput of feedback model can reach 3.86Gbps.
Visible, the off-line based on FPGA that the present invention proposes generates the AES data ciphering method of key, 10 round key are formed by off-line in advance, by standby with seed key storage for key, sequentially input seed key when encryption by default encryption round sequence for several times and 10 round key carry out 10 and take turns encryption, and when front 9 take turns encryption, the step of row mixing and InvAddRoundKey is merged into three steps, thus substantially increase the performance of the encryption of AES, improve processing speed, decrease delay time.
The above is only the preferred embodiment of the present invention; it should be pointed out that, for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications also should be regarded as protection scope of the present invention.
Claims (5)
1. the AES data ciphering method of off-line based on a FPGA generation key, it is characterised in that comprise the following steps:
By pending data stream by the processing method pretreatment preset, it is divided into the state array of multiple predetermined length;
Seed key and key schedule off-line is utilized to generate 10 round key and store;
First with described seed key, described state array is carried out the 0th and take turns InvAddRoundKey operation, input the array formed after previous round is encrypted by described 10 round key respectively the most in sequential order and be encrypted;
Wherein, the ciphering process of 1-9 wheel includes that byte is replaced, row shifts, arrange mixing and the operation of InvAddRoundKey successively, and the step merging arranging mixing and InvAddRoundKey often taken turns in 1-9 wheel forms a step, described row mix and the step of InvAddRoundKey uses three XOR gates to carry out successively often taking turns InvAddRoundKey process;10th ciphering process taken turns includes that byte is replaced, row shifts and the operation of InvAddRoundKey.
The most according to claim 1, off-line based on FPGA generates the AES data ciphering method of key, it is characterised in that described seed key and 10 round key are during before InvAddRoundKey operates, off-line forms and be stored in default depositor in advance.
Off-line based on FPGA the most according to claim 1 or claim 2 generates the AES data ciphering method of key, it is characterised in that the generation employing following steps of each round key of described 10 round key:
Safeguard a key schedule table, be used for storing seed key and ten round key;This key schedule table is the two-dimensional array of 4 row 4 × 11 row, and each array location is a byte, and every string of two-dimensional array is as a word;Described seed key is copied in front four words of key schedule table, then four words after the key of first round cipher key spreading generation occupies, layout according to this, after ten take turns extension, key schedule table can be filled, cipher key spreading process terminates, and wherein, it is to be replaced and the sequence of steps operation formation of wheel constant XOR through word cyclic shift, byte by four words of previous round key that each round key generates.
The most according to claim 1, off-line based on FPGA generates the AES data ciphering method of key, it is characterised in that it is all to realize by the way of S box look-up table that the byte in each cryptographic operation taken turns and each cipher key spreading operation taken turns is replaced.
The most according to claim 4, off-line based on FPGA generates the AES data ciphering method of key, it is characterised in that it is by using the reconfigurable logic unit of FPGA to realize that described S box realizes look-up table.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610462944.XA CN105939190A (en) | 2016-06-23 | 2016-06-23 | AES data encryption method for offline key generation based on FPGA |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610462944.XA CN105939190A (en) | 2016-06-23 | 2016-06-23 | AES data encryption method for offline key generation based on FPGA |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105939190A true CN105939190A (en) | 2016-09-14 |
Family
ID=56872218
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610462944.XA Pending CN105939190A (en) | 2016-06-23 | 2016-06-23 | AES data encryption method for offline key generation based on FPGA |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105939190A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108763401A (en) * | 2018-05-22 | 2018-11-06 | 平安科技(深圳)有限公司 | A kind of reading/writing method and equipment of file |
| CN110135176A (en) * | 2019-04-26 | 2019-08-16 | 深圳市金城保密技术有限公司 | A kind of encryption method of print data transmission |
| CN111600867A (en) * | 2020-05-12 | 2020-08-28 | 腾讯科技(深圳)有限公司 | Data encryption method and related equipment |
| CN112235098A (en) * | 2020-09-17 | 2021-01-15 | 成都万江港利科技股份有限公司 | Simple and rapid communication encryption and decryption algorithm |
| CN113452508A (en) * | 2021-08-27 | 2021-09-28 | 北京华云安信息技术有限公司 | Data encryption method, device, equipment and computer readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1445681A (en) * | 2003-05-01 | 2003-10-01 | 南京邮电学院 | Encryption, decryption method using high security level symmetry secret key algorithm and its encipherer |
| CN102857334A (en) * | 2012-07-10 | 2013-01-02 | 记忆科技(深圳)有限公司 | Method and device for realizing AES (advanced encryption standard) encryption and decryption |
| CN104753662A (en) * | 2013-12-27 | 2015-07-01 | 重庆重邮信科通信技术有限公司 | Encryption key stream generating method based on AES (Advanced Encryption Standard) algorithm |
-
2016
- 2016-06-23 CN CN201610462944.XA patent/CN105939190A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1445681A (en) * | 2003-05-01 | 2003-10-01 | 南京邮电学院 | Encryption, decryption method using high security level symmetry secret key algorithm and its encipherer |
| CN102857334A (en) * | 2012-07-10 | 2013-01-02 | 记忆科技(深圳)有限公司 | Method and device for realizing AES (advanced encryption standard) encryption and decryption |
| CN104753662A (en) * | 2013-12-27 | 2015-07-01 | 重庆重邮信科通信技术有限公司 | Encryption key stream generating method based on AES (Advanced Encryption Standard) algorithm |
Non-Patent Citations (3)
| Title |
|---|
| XIAOTAO ZHANG,HUI LI: "《On a High-performance and Balanced Method of Hardware Implementation for AES》", 《2013 IEEE SEVENTH INTERNATIONAL CONFERENCE ON SOFTWARE SECURITY AND RELIABILITY COMPANION》 * |
| 林娟娟: "《基于FPGA的 AES算法优化与设计研究》", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 洪开: "《基于FPGA的AES算法研究与设计》", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108763401A (en) * | 2018-05-22 | 2018-11-06 | 平安科技(深圳)有限公司 | A kind of reading/writing method and equipment of file |
| WO2019223098A1 (en) * | 2018-05-22 | 2019-11-28 | 平安科技(深圳)有限公司 | File reading and writing method and device |
| CN110135176A (en) * | 2019-04-26 | 2019-08-16 | 深圳市金城保密技术有限公司 | A kind of encryption method of print data transmission |
| CN111600867A (en) * | 2020-05-12 | 2020-08-28 | 腾讯科技(深圳)有限公司 | Data encryption method and related equipment |
| CN112235098A (en) * | 2020-09-17 | 2021-01-15 | 成都万江港利科技股份有限公司 | Simple and rapid communication encryption and decryption algorithm |
| CN113452508A (en) * | 2021-08-27 | 2021-09-28 | 北京华云安信息技术有限公司 | Data encryption method, device, equipment and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105939190A (en) | AES data encryption method for offline key generation based on FPGA | |
| CN102546157B (en) | Random mixed encryption system for resisting energy analysis and implementation method thereof | |
| CN105959100A (en) | Field programmable gate array (FPGA)-based online generated key advanced encryption standard (AES) data encryption method | |
| CN102238003B (en) | A kind of production method of root key | |
| Wang et al. | A quantum circuit design of AES requiring fewer quantum qubits and gate operations | |
| CN104618094B (en) | A kind of password Mask method strengthening anti-attack ability | |
| CN107147487A (en) | The random block cipher of symmetric key | |
| CN108429613A (en) | A kind of electric network information encryption method based on EN-PRESENT algorithms | |
| CN103051442A (en) | Cipher device adopting Feistel-PG structure and encryption method | |
| CN105916141B (en) | A kind of realization system and method for self synchronous Zu Chongzhi's enciphering and deciphering algorithm | |
| Yihan et al. | Improved design of DES algorithm based on symmetric encryption algorithm | |
| CN109861809A (en) | A kind of random encipher-decipher method of grouping of functionization | |
| CN103346878B (en) | A kind of secret communication method based on FPGA high-speed serial I/O | |
| CN102664730B (en) | 128 bit secret key expansion method based on AES (Advanced Encryption Standard) | |
| CN101826959B (en) | Byte-oriented key stream generation method and encryption method | |
| CN104484615A (en) | Space-randomization-based fault attacking resisting method applicable to reconfigurable array framework | |
| CN106982116A (en) | A kind of local file encryption method of the AES based on reversible logic circuits | |
| CN107171782B (en) | AES private log encryption method based on reversible logic circuit | |
| CN109150495A (en) | A kind of round transformation multiplex circuit and its AES decrypt circuit | |
| CN101958790A (en) | Encryption or decryption method of wireless communication network digital information | |
| Singh et al. | Study & analysis of cryptography algorithms: RSA, AES, DES, T-DES, blowfish | |
| Ray et al. | Encryption algorithm for block ciphers based on programmable cellular automata | |
| Li et al. | An implementation method for SM4-GCM on FPGA | |
| CN101355423B (en) | Method for generating stream cipher | |
| Chen et al. | An image encryption algorithm based on SM4 and Base64 |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160914 |
|
| RJ01 | Rejection of invention patent application after publication |