CN109426738B - Hardware encryptor, encryption method and electronic device - Google Patents

Hardware encryptor, encryption method and electronic device Download PDF

Info

Publication number
CN109426738B
CN109426738B CN201710740049.4A CN201710740049A CN109426738B CN 109426738 B CN109426738 B CN 109426738B CN 201710740049 A CN201710740049 A CN 201710740049A CN 109426738 B CN109426738 B CN 109426738B
Authority
CN
China
Prior art keywords
unit
shift register
linear feedback
feedback shift
processing unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710740049.4A
Other languages
Chinese (zh)
Other versions
CN109426738A (en
Inventor
林松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Semiconductor Manufacturing International Shanghai Corp
Semiconductor Manufacturing International Beijing Corp
Original Assignee
Semiconductor Manufacturing International Shanghai Corp
Semiconductor Manufacturing International Beijing Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Semiconductor Manufacturing International Shanghai Corp, Semiconductor Manufacturing International Beijing Corp filed Critical Semiconductor Manufacturing International Shanghai Corp
Priority to CN201710740049.4A priority Critical patent/CN109426738B/en
Publication of CN109426738A publication Critical patent/CN109426738A/en
Application granted granted Critical
Publication of CN109426738B publication Critical patent/CN109426738B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher

Abstract

The invention provides a hardware encryptor, an encryption method and an electronic device, wherein the hardware encryptor comprises: the control unit reads source data from computing equipment according to a random address of a codebook, puts the source data into a first operand of a logic unit, sends a pseudo-random number generated by the programmable linear feedback shift register to a general central processing unit or a general graphic processing unit in the computing equipment for floating point hash operation, puts a returned floating point number into a second operand of the logic unit, generates target data through logic operation, and packs the target data and outputs the target data to an output file of the computing equipment. The hardware encryptor can improve the encryption degree and increase the decoding difficulty. The encryption method and the electronic device have similar advantages.

Description

Hardware encryptor, encryption method and electronic device
Technical Field
The invention relates to the technical field of computer encryption, in particular to a hardware encryptor, an encryption method and an electronic device.
Background
Encryption is a typical engine with a long history, and in the advanced field of modern microelectronics, many GPCPUs (general purpose central processing units) or gpgpgpus (general purpose graphics processing units) have encryption features built in a chip. The encryption characteristics are divided into two categories: hardware-based and software-based. Standard encryption algorithms are already available and many have been implemented into hardware. However, as computers evolve to have powerful computing power and ultra-fast computing speeds, more secure cryptographic engines are sought that are not easily hacked.
Therefore, it is necessary to provide a hardware encryptor, an encryption method and an electronic device to at least partially solve the above problems.
Disclosure of Invention
In this summary, concepts in a simplified form are introduced that are further described in the detailed description. This summary of the invention is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.
Aiming at the defects of the prior art, the invention provides a hardware encryptor, an encryption method and an electronic device, which can provide higher security and increase the deciphering difficulty.
In order to overcome the existing problems, the invention provides a hardware encryptor in one aspect, which includes:
the array storage unit is used for storing source data read from the computing equipment;
a logic unit to perform an exclusive OR operation;
a scanner to read the source data stored in the array storage unit into a first operand of the logic unit;
a programmable linear feedback shift register to generate a pseudo-random number;
a buffer for storing an operation result of the logic unit;
the packing unit is used for reading the data stored in the buffer and packing the data;
and the control unit sends the pseudo-random number generated by the programmable linear feedback shift register to a general purpose central processing unit or a general purpose graphic processing unit in the computing equipment for floating point hash operation, puts a floating point number returned by the general purpose central processing unit or the general purpose graphic processing unit in the computing equipment into a second operand of the logic unit, so that the logic unit performs logic operation on the source data and the floating point number, and outputs the data packed by the packing unit as target data to an output file of the computing equipment.
Optionally, the control unit reads a random address from a codebook of the computing device, reads source data according to the random address, and stores the read source data in the array storage unit.
Optionally, the control unit obtains a programming key from the computing device and programs the programmable linear feedback shift register based on the programming key.
Optionally, the programmable linear feedback shift register comprises:
the linear feedback shift register unit group comprises a plurality of linear feedback shift register units which are sequentially connected in series and used for executing selection and shift functions;
a feedback array for enabling the linear feedback shift register units to form a feedback channel therebetween;
and the feedback control unit is arranged in the feedback array and used for controlling the closing and opening of the feedback channel.
Optionally, the linear feedback shift register unit includes a flip-flop, an xor gate, a first inverter, and a first multiplexer connected in series in this order, wherein the input end of the flip-flop is connected with the output end of the previous linear feedback shift register unit, the clock signal end of the trigger is connected with a clock signal, the output end of the trigger is connected with the first input end of the exclusive-OR gate and the feedback channel, a second input terminal of the exclusive-or gate is connected to the feedback path, an output terminal of the exclusive-or gate is connected to an input terminal of the first inverter and a first input terminal of the first multiplexer, the output end of the first inverter is connected with the second input end of the first multiplexer, the control end of the first multiplexer is connected with the output end of the programming key decoder, and the output end of the first multiplexer is connected with the input end of the next linear feedback shift register unit.
Optionally, the linear feedback shift register unit further includes:
and a first input end of the second multiplexer is connected with the output end of the first multiplexer, a second input end of the second multiplexer is connected with the data loading end, a control end of the second multiplexer is connected with the loading command end, and the output end of the second multiplexer is connected with the input end of the next linear feedback shift register unit.
Optionally, the feedback array includes an array of n rows × n columns of exclusive or gates, each column of exclusive or gates is sequentially connected in series, where n is the number of the linear feedback shift register units, an output end of an exclusive or gate at an end of an ith column is connected to the second input end of the exclusive or gate of an ith linear feedback shift register unit, an output end of the flip-flop of the ith linear feedback shift register unit is connected to first input ends of other exclusive or gates in the ith row except the ith column, n is greater than or equal to 2, and i is from 0 to n-1.
Optionally, the feedback control unit includes a third multiplexer, a second inverter and a third inverter, an input of the second inverter is connected to an output of the third inverter and is connected to a programming key decoder, an output of the second inverter is connected to an input of the third inverter and is connected to a control terminal of the third multiplexer, a first input of the third multiplexer is connected to the output of the other flip-flop of the linear feedback shift register unit, a second input of the third multiplexer is grounded, and an output of the third multiplexer is connected to a first input of an xor gate in the feedback array.
Optionally, the number of the programmable linear feedback shift registers is two.
Optionally, the control unit controls the programmable linear feedback shift registers to enable each of the linear feedback shift register units to perform one or more feedback operations, or the linear feedback shift register units of the programmable linear feedback shift registers perform cyclic feedback operations, or feedback operations are performed between two programmable linear feedback shift registers, or seed data is inserted into the programmable linear feedback shift registers.
Optionally, the control unit places a most significant word of a floating point number returned by a general purpose central processing unit or a general purpose graphics processing unit in the computing device in the second operand of the logical unit.
Optionally, the control unit adds buffer data with variable word length when putting the operation result of the logic unit into the buffer based on mantissas of floating point numbers returned by a general purpose central processing unit or a general purpose graphics processing unit in the computing device.
According to the hardware encryptor, the pseudo-random number generated by the programmable linear feedback shift register is sent to a General Central Processing Unit (GCPU) or a General Graphic Processing Unit (GGPU) of a computing device to perform floating point hash operation, the value after the floating point hash operation is used as a random number, the original uniformly distributed random number is changed into the non-linearly distributed random number, so that hackers can hardly crack the random number, and the hardware encryptor does not need to design a special floating point operation unit because the General Central Processing Unit (GCPU) or the General Graphic Processing Unit (GGPU) of the computing device is directly used for performing the floating point hash operation, so that the hardware encryptor not only can use the strong floating point operation capability of the General Central Processing Unit (GCPU) or the General Graphic Processing Unit (GGPU), but also reduces the calculation capability and size required by the hardware encryptor, and reduces the cost.
Furthermore, the hardware encryptor according to the present invention adopts the codebook to read data, i.e. the data is not read out sequentially, which increases the difficulty of deciphering.
Furthermore, according to the hardware encryptor of the present invention, the feedback channel of the programmable linear feedback shift register is programmed in real time according to the key of the user, so that the linear feedback shift register cannot be programmed even if hackers acquire the encryption hardware without the key, and the deciphering difficulty is increased.
The invention also provides an encryption method based on the hardware encryptor, which comprises the following steps:
reading source data from the computing device and putting the source data into an array storage unit of the hardware encryptor;
controlling a programmable linear feedback shift register of a hardware encryptor to generate a pseudo-random number, and sending the pseudo-random number to a general central processing unit and/or a graphic processing unit of the computing device for floating-point hash operation;
controlling a scanner of a hardware encryptor to read the source data stored in the array storage unit into a first operand of the logic unit;
placing floating point numbers returned by a general purpose central processing unit and/or a graphics processing unit of the computing device into a second operand of the logical unit;
controlling the logic unit to carry out logic operation;
putting the operation result of the logic unit into a buffer;
controlling a packing unit to read and pack the data stored in the buffer;
and outputting the data packed by the packing unit as target data to an output file of the computing device.
Optionally, the reading the source data from the computing device and placing the source data into the array storage unit of the hardware encryptor includes:
reading a random address from a codebook of the computing device and reading source data according to the random address;
and storing the read source data to the array storage unit.
Optionally, the method further comprises: a programming key is obtained from the computing device and the programmable linear feedback shift register is programmed based on the programming key.
Optionally, the method further comprises: controlling the programmable linear feedback shift register to enable each linear feedback shift register unit to perform one or more feedbacks, or enabling the linear feedback shift register unit of the programmable linear feedback shift register to perform cyclic feedbacks, or inserting seed data into the programmable linear feedback shift register.
Optionally, a most significant word of a floating point number returned by a general purpose central processing unit or a general purpose graphics processing unit in the computing device is placed in the second operand of the logical unit.
Optionally, the method further comprises: and adding the operation result of the logic unit into the buffer based on the mantissa of the floating point number returned by the general central processing unit or the general graphic processing unit in the computing equipment, wherein the mantissa of the floating point number is added with the buffer data with variable word length.
Optionally, the method further comprises: and if the source data is smaller than the addressing space of the codebook, cloning the source data, and putting the cloned data into the source data to form new source data.
According to the encryption method, the pseudo-random number generated by the programmable linear feedback shift register is sent to a General Central Processing Unit (GCPU) or a General Graphic Processing Unit (GGPU) of the computing equipment to carry out floating point hash operation, the value after the floating point hash operation is taken as a random number, the original uniformly distributed random number is changed into the non-linearly distributed random number, so that hackers are difficult to crack, and the hardware encryptor does not need to design a special floating point operation unit because the General Central Processing Unit (GCPU) or the General Graphic Processing Unit (GGPU) of the computing equipment is directly used for carrying out the floating point hash operation, so that the strong floating point operation capacity of the General Central Processing Unit (GCPU) or the General Graphic Processing Unit (GGPU) can be utilized, the computing capacity and size required by the hardware encryptor are also reduced, and the cost is reduced.
Furthermore, the encryption method according to the invention adopts the codebook to read data, namely the data is not read out in sequence, thus increasing the decoding difficulty.
Furthermore, according to the encryption method provided by the invention, the feedback channel of the programmable linear feedback shift register is programmed in real time according to the key of the user, so that the linear feedback shift register cannot be programmed even if hackers acquire the encryption device hardware without the key, and the deciphering difficulty is increased.
Furthermore, according to the encryption method provided by the invention, buffer data with variable word length is added between data, so that hackers can hardly find a data header and a data trailer without an encryptor, and the deciphering difficulty is increased.
Yet another aspect of the present invention provides an electronic device, comprising:
a disk storage for storing source data;
a first memory for storing a codebook;
a second memory for storing a key;
the memory is used for loading programs and data;
the general central processing unit and/or the graphic processing unit are used for carrying out floating point hash operation; and
a hardware encryptor as described above, the hardware encryptor in communication with the general purpose central processing unit and/or graphics processing unit.
The electronic device provided by the invention has similar advantages due to the hardware encryptor.
Drawings
The following drawings of the invention are included to provide a further understanding of the invention. The drawings illustrate embodiments of the invention and, together with the description, serve to explain the principles of the invention.
In the drawings:
FIG. 1 is a schematic diagram of a hardware encryptor and computing device according to an embodiment of the present invention;
FIG. 2 shows a schematic diagram of a programmable linear feedback shift register according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating a structure of a linear feedback shift register unit according to an embodiment of the present invention;
FIG. 4 shows a schematic structural diagram of a feedback control unit according to an embodiment of the present invention;
FIG. 5 is a detailed structure diagram of a programmable linear feedback shift register according to an embodiment of the present invention;
fig. 6 shows a flow chart of the steps of an encryption method according to an embodiment of the invention.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a more thorough understanding of the present invention. It will be apparent, however, to one skilled in the art, that the present invention may be practiced without one or more of these specific details. In other instances, well-known features have not been described in order to avoid obscuring the invention.
It is to be understood that the present invention may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. In the drawings, the size and relative sizes of layers and regions may be exaggerated for clarity to indicate like elements throughout.
It will be understood that when an element or layer is referred to as being "on" …, "adjacent to …," "connected to" or "coupled to" other elements or layers, it can be directly on, adjacent to, connected to or coupled to the other elements or layers or intervening elements or layers may be present. In contrast, when an element is referred to as being "directly on …," "directly adjacent to …," "directly connected to" or "directly coupled to" other elements or layers, there are no intervening elements or layers present. It will be understood that, although the terms first, second, third, etc. may be used to describe various elements, components, regions, layers and/or sections, these elements, components, regions, layers and/or sections should not be limited by these terms. These terms are only used to distinguish one element, component, region, layer or section from another element, component, region, layer or section. Thus, a first element, component, region, layer or section discussed below could be termed a second element, component, region, layer or section without departing from the teachings of the present invention.
Spatial relationship terms such as "under …", "under …", "below", "under …", "above …", "above", and the like, may be used herein for ease of description to describe the relationship of one element or feature to another element or feature as illustrated in the figures. It will be understood that the spatially relative terms are intended to encompass different orientations of the device in use or operation in addition to the orientation depicted in the figures. For example, if the device in the figures is turned over, then elements or features described as "below" or "beneath" other elements or features would then be oriented "above" the other elements or features. Thus, the exemplary terms "below …" and "below …" can encompass both an orientation of up and down. The device may be otherwise oriented (rotated 90 degrees or at other orientations) and the spatial descriptors used herein interpreted accordingly.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term "and/or" includes any and all combinations of the associated listed items.
In the following description, for purposes of explanation, specific details are set forth in order to provide a thorough understanding of the present invention. The following detailed description of the preferred embodiments of the invention, however, the invention is capable of other embodiments in addition to those detailed.
Example one
A hardware encryptor according to an embodiment of the present invention is described in detail below with reference to fig. 1 to 5.
The present embodiment proposes a hardware encryptor 100 for use as an enhanced function accessory to a general purpose central processing unit (GCPU) or general purpose graphics processing unit (GGPU)26 of a computing device 200, implementing hardware encryption. The computing device 200 includes a Disk Memory (Disk)21, a first Memory (Universal Serial Bus Flash Disk 1, UFD1)22, a second Memory (Universal Serial Bus Flash Disk 2, UFD2)23, a Memory (Memory)24, a Bus (system Bus)25, and a general purpose central processing unit and/or graphics processing unit 26, the Disk Memory (Disk)21 being used for storing source data; a first memory (UFD1)22 for storing a cipher key and a second memory (UFD2)23 for storing a key; the memory 24 is used for loading programs and data; bus 25 is used to enable communication between a general purpose central processing unit and/or graphics processing unit 26, and disk storage (disk)21, first storage (UFD1)22, second storage (UFD2)23, and memory 24. The general purpose central processing unit and/or graphics processing unit 26 is used to implement control and computing functions, and in general the general purpose central processing unit and/or graphics processing unit 26 has powerful floating point computing capabilities and can be used to perform floating point hash operations.
As shown in fig. 1, in the present embodiment, the hardware encryptor 100 includes an array storage unit 11, a scanner 12, a buffer 13, a packing unit 14, a logic unit 15, a dual programmable linear feedback shift register 16 and a control unit 17.
The Array storage unit (e.g., Array)11 is used to store source data read from the computing device 200, such as storing source data read from a disk storage 21 of the computing device 200. In this embodiment, in order to increase the difficulty of hacking for hackers, the control unit 17 reads a random address from the codebook of the computing device 200, reads source data according to the random address, and stores the read source data into the array storage unit 11, which increases the difficulty of hacking because the data is not read out sequentially. Illustratively, in the present embodiment, the control unit reads two random addresses from the codebook in the computing device 200, and reads two high and low double word (Hi & Lo Dword) source data from the disk storage 21 of the storage slave computing device 200 according to the two random addresses, and stores it into the array storage unit 11.
A scanner (e.g. a scanner) 12 is used to read the source data stored in the array storage unit 11 into a first operand of the logic unit 15. Illustratively, in this embodiment, the control unit 17 sends the source data stored in the array storage unit 11 to the scanner 12, and the scanner 12 reads the slice of the source data according to a predetermined rule (i.e., reads one bit (bit) of the first byte (byte), reads one bit of the second byte again, and after reading one bit of all bytes, continues to read another bit of the first byte until all bits are read).
The buffer (buffer)13 is used for storing the operation result of the logic unit 15.
The packing unit (packer)14 is configured to read the data stored in the buffer 13 and pack the data, for example, the packing unit (packer)14 combines the data in the buffer 13 into a double word (double word).
A logic unit (CLU) 15 is used to perform an exclusive or operation. One operand being a floating point number returned from a general purpose central processing unit (GCPU) or general purpose graphics processing unit (GGPU) of the computing device 200 and one operand being source data read by the scanner 12.
A Dual Programmable Linear-Feedback Shift Register (DPLSFR) 16 is used to generate pseudo random numbers for sending to a general purpose central processing unit (GCPU) or general purpose graphics processing unit (GGPU) of the computing device 200 for floating point hash (hashing) operations. In this embodiment, the control unit 17 obtains a programming key from the computing device 200 and programs the dual programmable linear feedback shift register 16 based on the programming key. In this embodiment, since the feedback channel (link) of the programmable linear feedback shift register is programmed in real time according to the key of the user, the linear feedback shift register cannot be programmed even if hackers acquire the encryption hardware without the key, which increases the difficulty of deciphering.
A control unit (CCU) 17 is used to control the operation of the array storage unit 11, the scanner 12, the buffer 13, the packing unit 14, the logic unit 15, and the dual programmable linear feedback shift register 16. In this embodiment, the control unit 17 sends the pseudo random number generated by the dual programmable linear feedback shift register 16 to the general purpose central processing unit or the general purpose graphics processing unit in the computing device 200 for floating point hash operation, and puts the floating point number returned by the general purpose central processing unit or the general purpose graphics processing unit in the computing device into the second operand of the logic unit 15, so that the logic unit 15 performs logic operation on the source data and the floating point number, and outputs the data packed by the packing unit 14 as target data to the output file of the computing device 200.
According to the hardware encryptor of the embodiment, the pseudo-random number generated by the programmable linear feedback shift register is sent to a General Central Processing Unit (GCPU) or a General Graphic Processing Unit (GGPU) of the computing device to perform floating point hash operation, the value after the floating point hash operation is used as a random number, the original uniformly distributed random number is changed into the non-linearly distributed random number, so that hackers are difficult to crack, and the hardware encryptor does not need to design a special floating point operation unit because the General Central Processing Unit (GCPU) or the General Graphic Processing Unit (GGPU) of the computing device is directly used for performing the floating point hash operation, so that the hardware encryptor not only can use the strong floating point operation capability of the General Central Processing Unit (GCPU) or the General Graphic Processing Unit (GGPU), but also reduces the required computing capability and size of the hardware encryptor, and reduces the cost.
A dual programmable linear feedback shift register according to an embodiment of the present invention is described in detail below with reference to fig. 2 to 5.
In this embodiment, the hardware encryptor 100 employs a dual programmable linear feedback shift register 16, i.e., two programmable linear feedback shift registers including a left half and a right half as shown in FIG. 2. Each programmable linear feedback shift register includes a group 161 of linear feedback shift register cells, a feedback array 162, and a feedback control unit 163.
The linear feedback shift register unit group (LFSR cell combos)161 includes 64 linear feedback shift register units 0-63, and the 64 linear feedback shift register units are sequentially connected in series for performing selection and shift functions.
The feedback array 162 is used to make each of the linear feedback shift register units and other linear feedback shift register units form a feedback channel ((link/fabric)) for feedback, for example, there are 63 feedback channels for each linear feedback shift register unit, and the feedback channels are respectively connected to the other 63 linear feedback shift register units for feedback.
A feedback control unit (fabric control unit)163 is arranged in the feedback array 162 for controlling the closing and opening of the feedback channels, so that there is feedback or no feedback between the two linear feedback shift register units.
As shown in fig. 3, in the present embodiment, the linear feedback shift register unit includes a flip-flop 31, an xor gate 32, a first inverter 33, a first multiplexer 34, and a second multiplexer 35, which are connected in series in this order. The input end (d segment) of the flip-flop 31 is connected to the output end of the previous linear feedback shift register unit, that is, to the output end of the second multiplexer 35 of the previous linear feedback shift register unit. The clock signal terminal (clk) of the flip-flop 31 is connected to a clock signal, and starts operating when the clock signal is enabled, and stops operating when the clock signal is disabled. The output (i.e., Q) of the flip-flop 31 is connected to a first input of the xor gate 32 and to second inputs of the xor gates of other linear feedback shift register units via the array 162. The second input of the xor gate 32 is connected to other linear feedback shift register cells through the feedback array 162. The output end of the xor gate 32 is connected to the input end of the first inverter 33 and the first input end of the first multiplexer 34, the output end of the first inverter 33 is connected to the second input end of the first multiplexer 34, the control end of the first multiplexer 34 is connected to the output end of the programming key decoder, the output end of the first multiplexer 34 is connected to the second input end of the second multiplexer 35, the first input end of the second multiplexer 35 is connected to the load data end for inputting load data (Loading data), the control end of the second multiplexer 35 is connected to the load command end (Loading command), and the output end of the second multiplexer 35 is connected to the input end of the next linear feedback shift register unit. Seeds (seed) may be inserted into the programmable linear feedback shift register as needed by the load command and load data to avoid generating similar random numbers.
As shown in fig. 5, in this embodiment, the feedback array 162 includes an array of n rows × n columns of exclusive or gates, where each column of exclusive or gates is connected in series, where n is the number of the linear feedback shift register units, an output terminal of an exclusive or gate at an end of an ith column is connected to the second input terminal of the exclusive or gate of the ith linear feedback shift register unit, an output terminal of the flip-flop of the ith linear feedback shift register unit is connected to first input terminals of other exclusive or gates except the ith column in the ith row, n is greater than or equal to 2, and i is from 0 to n-1. For example, the output terminal of the flip-flop of the 5 th linear feedback shift register unit is connected to the first input terminal of the xor gate in the 5 th row in the feedback array 162, except for the xor gate in the 5 th row located in the 5 th column; the xor gates in the 5 th column of the feedback array 162 are sequentially connected in series, and the output end of the end xor gate is connected to the second input end of the xor gate of the 5 th linear feedback shift register unit, that is, the feedback from other linear feedback shift register units is input to the second input end of the xor gate of the 5 linear feedback shift register units after the xor operation.
Illustratively, n is equal to 64 in this embodiment.
As shown in fig. 4, in the present embodiment, the feedback control unit 163 includes a second inverter 40, a third inverter 41 and a third multiplexer 42, wherein an input terminal of the second inverter 40 and an output terminal of the third inverter 41 are connected and connected to the program key decoder for obtaining the decoded program key; the output end of the second inverter 40 is connected to the input end of the third inverter 41 and is connected to the control end of the third multiplexer 42, so as to select the signal of the third multiplexer, the first input end of the third multiplexer 42 is connected to the output ends of the flip-flops of the other linear feedback shift register units, that is, connected to the output end of the flip-flop 31 of the other linear feedback shift register units through the feedback array 162, the second input end of the third multiplexer 42 is grounded, and the output end of the third multiplexer 42 is connected to the first input end of the xor gate in the feedback array 162. The feedback array can be programmed by a programming key (Program key) as described above, for example, the programming key affirms the feedback from i cells to j cells, the output line of the flip-flop of the ith cell is connected to the first input terminal of the exclusive-or gate of the j column; if not, the ground voltage is connected to the first input terminal of the exclusive-or gate in the j column, and the ground voltage (i.e., zero connection) to the exclusive-or gate equals no operation, i.e., no feedback.
It will be appreciated that for each xor gate in the feedback array, a control unit as shown in fig. 4 is provided to control the feedback of the ith through jth cells. The structure of the whole programmable linear feedback shift register is shown in fig. 5. The control unit 17 decodes the user's key and programs the feedback array 162 of the programmable linear feedback shift register with the decoded key, i.e. the opening and closing of the feedback array 162 of the programmable linear feedback shift register, i.e. whether the feedback signals from the other linear feedback register units in the multiplexer are selected, depends on the decoded key.
It is understood that although the programmable linear feedback shift register is a dual programmable linear feedback shift register in the present embodiment, other structures of registers may be used to generate the random number in other embodiments.
Further, it is understood that, in order to increase the decoding difficulty, the control unit 17 controls the programmable linear feedback shift register to perform various types of feedback, for example, to perform one or more feedback for each linear feedback shift register unit, or to perform cyclic feedback for the linear feedback shift register units of the programmable linear feedback shift register, or perform feedback between the dual programmable linear feedback shift registers (the above embodiment performs feedback only between linear feedback shift register units of a single programmable linear feedback shift register), or insert seed data (seed) into the programmable linear feedback shift register as described above.
An exemplary encryption process for the hardware encryptor and computing device shown in FIG. 1 is as follows:
firstly, entering a user program (user program) of an encryptor; next, the user selects a programming key from the second memory (UFD2) 23; next, the control unit 17 obtains the programming key, and programs the dual programmable linear feedback shift register (i.e., the DPLFSR)16 based on the programming key (i.e., determines whether the feedback channel of the dual programmable linear feedback shift register is connected according to the programming key); next, the user selects a start key (i.e., seed), which is an initial value input to the 128-bit DPLFSR, from the second memory (UFD2) 23; then, the control unit 17 obtains the initial key and starts the dual programmable linear feedback shift register 16; next, the user enters a Password (Password, Password is used to select the codebook because there are several codebooks on first memory (UFD1) 22); next, the user program selects a codebook (map) from the first memory (UFD1) 22; then, the user program outputs an addressing address; next, the user program reads two pieces of source data from the disk memory 21 using the high and low double words (i.e., two random addresses of the high and low double words) of the codebook; next, the control unit 17 acquires the two pieces of source data and stores the two pieces of source data in the array storage unit 11; then, the user program sends out an encryption instruction 1; next, the control unit 17 enables the clock signal of the DPLFDR 16; then, after the set time has elapsed, the control unit 17 stops the clock signal of the DPLFDR 16; next, the control unit 17 collects double word (Dwords, two words, 32 bits) pseudo random numbers from the DPLFDR 16; then, the control unit 17 returns the collected double words to the user program and completes the instruction; then, the user program performs a floating-point hash operation for each double word, specifically, the user program performs a floating-point hash operation (FP, Hashing) through the GCPU and the GGPU of the computing device 200, and uses the operation result as a random number, that is, converts the pseudo random number into a random number through the floating-point hash operation; next, the user program puts the result of the floating point hash operation into a register of the control unit 17, and sends an encryption instruction 2; next, control unit 17 picks the floating point of each doubleword from the register (i.e., picks the hash result of each doubleword generated by each DPLFDR 16); then, the control unit 17 stores the Most Significant Word (MSW) of the returned floating point in the second operand (operand2) of the logic unit 15, that is, the Most Significant Word (MSW) of the floating point number returned by the general central processing unit or the general graphic processing unit in the computing device is put into the second operand (operand2) of the logic unit 15, and exemplarily, the first 16 bits (floating point is single precision, 32 bits in this embodiment) of the returned floating point are stored in the second operand (operand2) of the logic unit 15; next, the control unit 17 stores the remaining bits (for example, the last 16 bits) of the returned floating point into the register of the control unit 17 itself; then, the user program sends out an encryption instruction 3; next, the user program intercepts the instruction (encryption instruction 3); then, the control unit 17 sends the data scanning rule to the scanner 12 (i.e. the control unit 17 tells the scanner 12 that the first bit (bit) of the first byte (byte) in the array storage unit 11 should be scanned out, and the second bit of the second byte should be scanned out); then, the scanner 12 reads the slice of the source data according to a predetermined rule (i.e., reads one bit of the first byte, reads one bit of the second byte, and after reading one bit of all bytes, continues to read the other bit of the first byte until all bits are read), and then puts the read data into the first operand (optional 1) of the logic unit 15; then, continuing to execute the encryption instruction 3, and executing the above-mentioned process circularly, all the data stored in the array storage unit 11 is sent to the first operand (operand 1) of the logic unit 15; then, the user program sends out an encryption instruction 4; next, the control unit 17 executes the encryption instruction 4 to exchange the source data in the first operand (operand 1) of the scrambling logic unit 15; continuing to execute the encryption instruction 4 until the end of the source data is circulated; then, the logic unit 15 performs a logic operation, such as an exclusive-or operation, on the first operand and the second operand; then, the user program sends out an encryption instruction 5; then, the control unit 17 decodes the instruction and stores the remaining bits of the returned floating point stored locally into the buffer 13, that is, the control unit 17 adds buffer data with variable word length when putting the operation result of the logic unit into the buffer based on the mantissa of the floating point number returned by the general purpose central processing unit or the general purpose graphic processing unit in the computing device; then, the control unit 17 transfers one bit of the operation result of the logic unit 15 to the buffer 13; then, the encryption instruction 5 is executed circularly until all the operation results of the logic unit 15 are put into the buffer 13; next, the packing unit 14 packs (assemblies) the data in the buffer 13 into double words (i.e., into 64-bit data); then, the user program sends out an encryption instruction 6; next, the user program collects data from the hardware encryptor 100; next, the user program writes the collected data into the output file of the disk memory 21; the above process is then repeated until the codebook reaches the end, i.e. until the user program finds that the input file is smaller than the addressable space of the codebook, whereas the user program selects another codebook (map) to load from the first memory (UFD1)22 and repeats the above process from the beginning.
It should be understood that, in the above process, steps such as outputting the addressing address by the user program and reading, by the user program, between two pieces of source data from the disk memory 21 by using the high and low double words (i.e. two random addresses of the high and low double words) of the codebook may also be included, and if the user program finds that the source data is small, the user program may clone the source data so that the addressable space of the codebook may be filled with the data, thereby avoiding that the file is too small to be cracked easily. For example, the address space of the codebook is 4GB, while the source file is only 0.5GB, then clone 3.5GB of data is placed behind the source data to make up for 4 GB. Furthermore, when encrypting the last data of the source data, the last data can also be cloned to fill the addressing space of the codebook if the last data is also smaller than the addressing space of the codebook.
It will also be appreciated that at some stage in the above process the user program may also issue an encryption instruction 7, from which the control unit 17 may perform one or more dedicated operations, such as causing one or more feedbacks to each of the linear feedback shift register units, or causing the linear feedback shift register units of the programmable linear feedback shift register to perform a circular feedback, or a feedback between the dual programmable linear feedback shift registers (in the above embodiment, feedback is performed only between linear feedback shift register units of a single programmable linear feedback shift register), or inserting seed data (seed) in the programmable linear feedback shift register as described above.
Example two
An encryption method according to an embodiment of the present invention is described in detail below with reference to fig. 6.
The embodiment discloses an encryption method based on the hardware encryptor, which comprises the following steps:
step 601, reading source data from the computing device and placing the source data into an array storage unit of the hardware encryptor.
Illustratively, in the embodiment, a random address is first read from a codebook of the computing device, source data is read according to the random address, and the read source data is then stored in the array storage unit. For example, a codebook is selected from a first memory of the computing device, two random addresses of high and low doublewords are read from the codebook, and then a piece of source data is read from a disk memory of the computing device according to the two random addresses.
Step 602, controlling a programmable linear feedback shift register of a hardware encryptor to generate a pseudo random number, and sending the pseudo random number to a general central processing unit and/or a graphics processing unit of the computing device for performing a floating point hash operation.
Illustratively, the dual programmable linear feedback shift register is controlled to generate a pseudo random number, and the generated pseudo random number is sent to a general central processing unit and/or a graphics processing unit of the computing device, and a floating point hash operation is performed by utilizing the powerful floating point operation capability of the general central processing unit and/or the graphics processing unit, and a logic operation is performed by using the generated floating point number as a random number, so that the uniformly distributed pseudo random number is converted into a non-linearly distributed random number, and the decoding difficulty is increased.
Further, in the process of controlling the dual programmable linear feedback shift register to generate the pseudo random number, a programming key can be obtained from the computing device, and the dual programmable linear feedback shift register is programmed based on the programming key, so that a feedback channel (link) of the dual programmable linear feedback shift register is flexibly configured, and the decoding difficulty is increased. In addition, the dual programmable linear feedback shift register may be controlled to perform one or more feedbacks per linear feedback shift register unit, or perform cyclic feedbacks for the linear feedback shift register units of the programmable linear feedback shift register, or perform feedbacks between the dual programmable linear feedback shift registers (in the above embodiment, feedbacks only between linear feedback shift register units of a single programmable linear feedback shift register), or insert seed data (seed) into the programmable linear feedback shift register as described above, so as to increase the decoding difficulty through various feedbacks or inserts seeds.
Step 603, controlling the scanner of the hardware encryptor to read the source data stored in the array storage unit into the first operand of the logic unit.
Illustratively, the control unit sends the source data stored in the array storage unit to the scanner, and the scanner slice source data is sent to the first operand (optional rand1) of the logic unit, that is, the scanner reads the slice of the source data according to a predetermined rule (i.e., reads one bit (bit) of the first byte (byte), reads one bit of the second byte, and after finishing reading one bit of all bytes, continues to read the other bit of the first byte until all bits are read), and then puts the read data into the first operand (optional rand1) of the logic unit.
It should be appreciated that this process needs to be performed multiple times until the source data stored in the array memory location is placed in the first operand (operand 1) of the logical unit.
And step 604, putting floating point numbers returned by the general central processing unit and/or the graphic processing unit of the computing device into the second operand of the logic unit.
Illustratively, the most significant word of the floating point number returned by a general purpose central processing unit or a general purpose graphics processing unit in the computing device is placed in the second operand of the logical unit. In addition, the remaining bits of the returned floating point number are stored locally, e.g., in a register of the control unit.
Step 605, controlling the logic unit to perform logic operation.
Illustratively, the data in the first operand and the second operand are xor-ed, e.g., by the logic unit.
Illustratively, a swap scrambling operation (scrambling) may also be performed on the data in the first operand prior to performing the logical operation.
Step 606, the operation result of the logic unit is put into a buffer.
Illustratively, the control unit puts the operation results of the logic unit into the buffer one by one until all the operation results are put into the buffer, for example.
For example, before or after one bit of the logical operation result is put into the buffer, the remaining bits of the returned floating point which are locally stored may also be stored into the buffer, i.e. the control unit adds the buffered data of variable word length when putting the operation result of the logical unit into the buffer based on the mantissa of the floating point number returned by the general purpose central processing unit or general purpose graphics processing unit in the computing device.
Step 607, the control packing unit reads the data stored in the buffer and packs the data.
Illustratively, the packing unit packs the data in the buffer into double doubleword data, i.e., 64-bit data.
Step 608, outputting the data packed by the packing unit as target data to an output file of the computing device.
Illustratively, the control unit outputs the data packed by the packing unit as target data to an output file of the computing device.
It should be understood that the order of the steps in the above process can be adjusted, and if the source data is large, the above process only performs the encryption operation on a part of the source data, so that all the source data also needs to be encrypted by repeatedly performing the above operation.
Furthermore, it should be understood that if the source data is small, e.g. smaller than a set threshold, i.e. smaller than the addressing space of the codebook, the source data may be cloned and the cloned data placed at the end of the addressing space, even if the data fills the addressing space of the codebook.
According to the encryption method of the embodiment, the pseudo-random number generated by the programmable linear feedback shift register is sent to a General Central Processing Unit (GCPU) or a General Graphic Processing Unit (GGPU) of the computing device to perform floating point hash operation, the value after the floating point hash operation is used as a random number, the original uniformly distributed random number is changed into the non-linearly distributed random number, so that hackers are difficult to crack, and the hardware encryptor does not need to design a special floating point operation unit because the General Central Processing Unit (GCPU) or the General Graphic Processing Unit (GGPU) of the computing device is directly used for performing the floating point hash operation, so that the strong floating point operation capability of the General Central Processing Unit (GCPU) or the General Graphic Processing Unit (GGPU) can be utilized, the calculation capability and size required by the hardware encryptor are also reduced, and the cost is reduced.
Furthermore, the encryption method according to the invention adopts the codebook to read data, namely the data is not read out in sequence, thus increasing the decoding difficulty.
Furthermore, according to the encryption method provided by the invention, the feedback channel of the programmable linear feedback shift register is programmed in real time according to the key of the user, so that the linear feedback shift register cannot be programmed even if hackers acquire the encryption device hardware without the key, and the deciphering difficulty is increased.
Furthermore, according to the encryption method provided by the invention, buffer data with variable word length is added between data, so that hackers can hardly find a data header and a data trailer without an encryptor, and the deciphering difficulty is increased.
EXAMPLE III
Yet another embodiment of the present invention provides an electronic device including a hardware encryptor and an electronic component connected to the hardware encryptor.
The hardware encryptor includes an array storage unit for storing source data read from the computing device; a logic unit to perform an exclusive OR operation; a scanner to read the source data stored in the array storage unit into a first operand of the logic unit; a programmable linear feedback shift register to generate a pseudo-random number; a buffer for storing an operation result of the logic unit; the packing unit is used for reading the data stored in the buffer and packing the data; and the control unit sends the pseudo-random number generated by the programmable linear feedback shift register to a general purpose central processing unit or a general purpose graphic processing unit in the computing equipment for floating point hash operation, puts a floating point number returned by the general purpose central processing unit or the general purpose graphic processing unit in the computing equipment into a second operand of the logic unit, so that the logic unit performs logic operation on the source data and the floating point number, and outputs the data packed by the packing unit as target data to an output file of the computing equipment.
The electronic assembly comprises a disk memory for storing source data; a first memory for storing a codebook; a second memory for storing a key; the memory is used for loading programs and data; and the general central processing unit and/or the graphic processing unit are used for carrying out floating point hash operation.
The electronic device of this embodiment may be a computing device such as a notebook computer, a netbook, a desktop computer, or any intermediate product including the semiconductor device.
The electronic device of the embodiment of the invention has similar advantages because the included hardware encryptor improves the encryption degree and increases the decoding difficulty.
The present invention has been illustrated by the above embodiments, but it should be understood that the above embodiments are for illustrative and descriptive purposes only and are not intended to limit the invention to the scope of the described embodiments. Furthermore, it will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, and that many variations and modifications may be made in accordance with the teachings of the present invention, which variations and modifications are within the scope of the present invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (20)

1. A hardware encryptor, comprising:
the array storage unit is used for storing source data read from the computing equipment;
a logic unit to perform an exclusive OR operation;
a scanner to read the source data stored in the array storage unit into a first operand of the logic unit;
a programmable linear feedback shift register to generate a pseudo-random number;
a buffer for storing an operation result of the logic unit;
the packing unit is used for reading the data stored in the buffer and packing the data;
and the control unit sends the pseudo-random number generated by the programmable linear feedback shift register to a general purpose central processing unit or a general purpose graphic processing unit in the computing equipment for floating point hash operation, puts a floating point number returned by the general purpose central processing unit or the general purpose graphic processing unit in the computing equipment into a second operand of the logic unit, so that the logic unit performs logic operation on the source data and the floating point number, and outputs the data packed by the packing unit as target data to an output file of the computing equipment.
2. The hardware encryptor of claim 1,
the control unit reads a random address from a codebook of the computing device, reads source data according to the random address, and stores the read source data to the array storage unit.
3. The hardware encryptor of claim 1, wherein the control unit obtains a programming key from the computing device and programs the programmable linear feedback shift register based on the programming key.
4. The hardware encryptor of claim 3, wherein the programmable linear feedback shift register comprises:
the linear feedback shift register unit group comprises a plurality of linear feedback shift register units which are sequentially connected in series and used for executing selection and shift functions;
a feedback array for enabling the linear feedback shift register units to form a feedback channel therebetween;
and the feedback control unit is arranged in the feedback array and used for controlling the closing and opening of the feedback channel.
5. The hardware encryptor according to claim 4, wherein the linear feedback shift register units comprise a flip-flop, an XOR gate, a first inverter and a first multiplexer connected in series in this order, wherein an input terminal of the flip-flop is connected to an output terminal of a previous linear feedback shift register unit, a clock signal terminal of the flip-flop is connected to a clock signal, an output terminal of the flip-flop is connected to a first input terminal of the XOR gate and the feedback channel, a second input terminal of the XOR gate is connected to the feedback channel, an output terminal of the XOR gate is connected to an input terminal of the first inverter and a first input terminal of the first multiplexer, an output terminal of the first inverter is connected to a second input terminal of the first multiplexer, and a control terminal of the first multiplexer is connected to the program key decoder output terminal, and the output end of the first multiplexer is connected with the input end of the next linear feedback shift register unit.
6. The hardware encryptor of claim 5, wherein the linear feedback shift register unit further comprises:
and a first input end of the second multiplexer is connected with the output end of the first multiplexer, a second input end of the second multiplexer is connected with the data loading end, a control end of the second multiplexer is connected with the loading command end, and the output end of the second multiplexer is connected with the input end of the next linear feedback shift register unit.
7. The hardware encryptor according to claim 5, wherein the feedback array comprises an n row by n column array of exclusive-or gates, each column of exclusive-or gates being connected in series in turn, where n is the number of the linear feedback shift register units, the output terminal of the exclusive-or gate at the end of the ith column is connected to the second input terminal of the exclusive-or gate of the ith linear feedback shift register unit, the output terminal of the flip-flop of the ith linear feedback shift register unit is connected to the first input terminals of the other exclusive-or gates in the ith row except the ith column, n is greater than or equal to 2, and i is from 0 to n-1.
8. The hardware encryptor of claim 7, wherein the feedback control unit includes a third multiplexer, a second inverter and a third inverter, an input terminal of the second inverter is connected to an output terminal of the third inverter and to a program key decoder, an output terminal of the second inverter is connected to an input terminal of the third inverter and to a control terminal of the third multiplexer, a first input terminal of the third multiplexer is connected to output terminals of the flip-flops of the other linear feedback shift register units, a second input terminal of the third multiplexer is connected to ground, and an output terminal of the third multiplexer is connected to a first input terminal of an exclusive-or gate in the feedback array.
9. The hardware encryptor of claim 4, wherein the number of the programmable linear feedback shift registers is two.
10. The hardware encryptor of claim 9, wherein the control unit controls the programmable linear feedback shift registers to make one or more feedbacks per one of the linear feedback shift register units, or the linear feedback shift register units of the programmable linear feedback shift registers to make a cyclic feedback, or a feedback between two of the programmable linear feedback shift registers, or a seed data is inserted in the programmable linear feedback shift registers.
11. The hardware encryptor of claim 1, wherein the control unit places the most significant word of floating point numbers returned by a general purpose central processing unit or a general purpose graphics processing unit in the computing device in the second operand of the logical unit.
12. The hardware encryptor of claim 1, wherein the control unit adds the variable word length buffered data when placing the operation result of the logic unit into the buffer based on mantissas of floating point numbers returned by a general purpose central processing unit or a general purpose graphics processing unit in the computing device.
13. An encryption method based on the hardware encryptor of any one of claims 1-12, comprising:
reading source data from the computing device and putting the source data into an array storage unit of the hardware encryptor;
controlling a programmable linear feedback shift register of a hardware encryptor to generate a pseudo-random number, and sending the pseudo-random number to a general central processing unit and/or a graphic processing unit of the computing device for floating-point hash operation;
controlling a scanner of a hardware encryptor to read the source data stored in the array storage unit into a first operand of the logic unit;
placing floating point numbers returned by a general purpose central processing unit and/or a graphics processing unit of the computing device into a second operand of the logical unit;
controlling the logic unit to carry out logic operation;
putting the operation result of the logic unit into a buffer;
controlling a packing unit to read and pack the data stored in the buffer;
and outputting the data packed by the packing unit as target data to an output file of the computing device.
14. The encryption method of claim 13, wherein reading the source data from the computing device and placing the source data into an array storage location of a hardware encryptor comprises:
reading a random address from a codebook of the computing device and reading source data according to the random address;
and storing the read source data to the array storage unit.
15. The encryption method of claim 13, further comprising:
a programming key is obtained from the computing device and the programmable linear feedback shift register is programmed based on the programming key.
16. The encryption method of claim 15, further comprising:
controlling the programmable linear feedback shift register to enable each linear feedback shift register unit to perform one or more feedbacks, or enabling the linear feedback shift register unit of the programmable linear feedback shift register to perform cyclic feedbacks, or inserting seed data into the programmable linear feedback shift register.
17. The encryption method according to claim 13,
placing a most significant word of a floating point number returned by a general purpose central processing unit or a general purpose graphics processing unit in the computing device into a second operand of the logical unit.
18. The encryption method of claim 13, further comprising:
and adding the operation result of the logic unit into the buffer based on the mantissa of the floating point number returned by the general central processing unit or the general graphic processing unit in the computing equipment, wherein the mantissa of the floating point number is added with the buffer data with variable word length.
19. The encryption method of claim 14, further comprising:
and if the source data is smaller than the addressing space of the codebook, cloning the source data, and putting the cloned data into the source data to form new source data.
20. An electronic device, comprising:
a disk storage for storing source data;
a first memory for storing a codebook;
a second memory for storing a key;
the memory is used for loading programs and data;
the general central processing unit and/or the graphic processing unit are used for carrying out floating point hash operation; and
a hardware encryptor according to any one of claims 1 to 12, in communication with the general purpose central processing unit and/or graphics processing unit.
CN201710740049.4A 2017-08-23 2017-08-23 Hardware encryptor, encryption method and electronic device Active CN109426738B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710740049.4A CN109426738B (en) 2017-08-23 2017-08-23 Hardware encryptor, encryption method and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710740049.4A CN109426738B (en) 2017-08-23 2017-08-23 Hardware encryptor, encryption method and electronic device

Publications (2)

Publication Number Publication Date
CN109426738A CN109426738A (en) 2019-03-05
CN109426738B true CN109426738B (en) 2021-11-12

Family

ID=65500524

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710740049.4A Active CN109426738B (en) 2017-08-23 2017-08-23 Hardware encryptor, encryption method and electronic device

Country Status (1)

Country Link
CN (1) CN109426738B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114846473A (en) 2020-10-27 2022-08-02 京东方科技集团股份有限公司 Data processing circuit, data processing method and electronic equipment
CN112564891B (en) * 2020-12-11 2022-06-21 清华大学无锡应用技术研究院 Sequence cipher algorithm computing system based on feedback shift register array

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101174200A (en) * 2007-05-18 2008-05-07 清华大学 5-grade stream line structure of floating point multiplier adder integrated unit
CN101986264A (en) * 2010-11-25 2011-03-16 中国人民解放军国防科学技术大学 Multifunctional floating-point multiply and add calculation device for single instruction multiple data (SIMD) vector microprocessor
CN102087590A (en) * 2009-12-03 2011-06-08 浙江大学 Execution device of resource-multiplexing floating point SIMD (single instruction multiple data) instruction
US7986940B2 (en) * 2007-07-05 2011-07-26 Azurewave Technologies, Inc. Automatic wireless network linking method with security configuration and device thereof
CN102411683A (en) * 2011-08-15 2012-04-11 复旦大学 Cache-based AES (Advanced Encryption Standard) accelerator suitable for embedded system
CN103019647A (en) * 2012-11-28 2013-04-03 中国人民解放军国防科学技术大学 Floating-point accumulation/gradual decrease operational method with floating-point precision maintaining function
CN103078729A (en) * 2012-01-13 2013-05-01 河南科技大学 Dual-precision chaotic signal generator based on FPGA (field programmable gate array)
CN103984521A (en) * 2014-05-27 2014-08-13 中国人民解放军国防科学技术大学 Method and device for achieving SIMD structure floating point division in general-purpose digital signal processor (GPDSP)
CN104426973A (en) * 2013-09-03 2015-03-18 中国移动通信集团公司 Cloud database encryption method, system and device
CN104506312A (en) * 2015-01-19 2015-04-08 中国人民解放军国防科学技术大学 Method for rapidly generating information theory safety authentication information used for quantum secret communication
CN105335127A (en) * 2015-10-29 2016-02-17 中国人民解放军国防科学技术大学 Scalar operation unit structure supporting floating-point division method in GPDSP

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9589143B2 (en) * 2014-04-17 2017-03-07 Xerox Corporation Semi-trusted Data-as-a-Service platform

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101174200A (en) * 2007-05-18 2008-05-07 清华大学 5-grade stream line structure of floating point multiplier adder integrated unit
US7986940B2 (en) * 2007-07-05 2011-07-26 Azurewave Technologies, Inc. Automatic wireless network linking method with security configuration and device thereof
CN102087590A (en) * 2009-12-03 2011-06-08 浙江大学 Execution device of resource-multiplexing floating point SIMD (single instruction multiple data) instruction
CN101986264A (en) * 2010-11-25 2011-03-16 中国人民解放军国防科学技术大学 Multifunctional floating-point multiply and add calculation device for single instruction multiple data (SIMD) vector microprocessor
CN102411683A (en) * 2011-08-15 2012-04-11 复旦大学 Cache-based AES (Advanced Encryption Standard) accelerator suitable for embedded system
CN103078729A (en) * 2012-01-13 2013-05-01 河南科技大学 Dual-precision chaotic signal generator based on FPGA (field programmable gate array)
CN103019647A (en) * 2012-11-28 2013-04-03 中国人民解放军国防科学技术大学 Floating-point accumulation/gradual decrease operational method with floating-point precision maintaining function
CN104426973A (en) * 2013-09-03 2015-03-18 中国移动通信集团公司 Cloud database encryption method, system and device
CN103984521A (en) * 2014-05-27 2014-08-13 中国人民解放军国防科学技术大学 Method and device for achieving SIMD structure floating point division in general-purpose digital signal processor (GPDSP)
CN104506312A (en) * 2015-01-19 2015-04-08 中国人民解放军国防科学技术大学 Method for rapidly generating information theory safety authentication information used for quantum secret communication
CN105335127A (en) * 2015-10-29 2016-02-17 中国人民解放军国防科学技术大学 Scalar operation unit structure supporting floating-point division method in GPDSP

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
X-DSP 64 位 SIMD 位处理部件及混洗单元的设计与实现;彭浩;《中国优秀硕士学位论文全文数据库 信息科技辑》;20150115;全文 *
X-DSP SIMD浮点算术逻辑部件的设计与实现;宋博荣;《中国优秀硕士学位论文全文数据库 信息科技辑》;20150115;全文 *
基于定点与浮点复用的SIMD乘法器设计与实现;韩珊珊;《第18届全国半导体集成电路、硅材料学术会议》;20140615;全文 *

Also Published As

Publication number Publication date
CN109426738A (en) 2019-03-05

Similar Documents

Publication Publication Date Title
US10454669B2 (en) SM4 acceleration processors, methods, systems, and instructions
US11347898B2 (en) Data protection device and method and storage controller
US11868274B2 (en) Key management in computer processors
US9065654B2 (en) Parallel encryption/decryption
US9418246B2 (en) Decryption systems and related methods for on-the-fly decryption within integrated circuits
WO2017112282A1 (en) Memory integrity with error detection and correction
US20080155273A1 (en) Automatic Bus Encryption And Decryption
US9503256B2 (en) SMS4 acceleration hardware
US20180089108A1 (en) Secure computing
US9280490B2 (en) Secure computing
US11222127B2 (en) Processor hardware and instructions for SHA3 cryptographic operations
CN108011706A (en) Data processing equipment and the method for encryption for data
CN109426738B (en) Hardware encryptor, encryption method and electronic device
TW201918923A (en) Secure logic system and method for operating a secure logic system
CN111008407A (en) Encryption circuit for performing virtual encryption operations
US11914756B2 (en) Data protection in computer processors
WO2017209890A1 (en) Single clock cycle cryptographic engine
US6990199B2 (en) Apparatus and method for cipher processing system using multiple port memory and parallel read/write operations
KR101126596B1 (en) Dual mode aes implementation to support single and multiple aes operations
WO2017023565A1 (en) Symmetric stream cipher
CN112613080A (en) Reconfigurable array unit and array for lightweight block cipher algorithm
KR20180059217A (en) Apparatus and method for secure processing of memory data
Labbe et al. Efficient hardware implementation of a CRYPTO-MEMORY based on AES algorithm and SRAM architecture
Pellett et al. DES Encryption Chip
Shastry et al. On-The-Fly AES Key Expansion For All Key Sizes on ASIC

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant