CN109639408A - A kind of AES decryption multiplexing round transformation circuit structure - Google Patents
A kind of AES decryption multiplexing round transformation circuit structure Download PDFInfo
- Publication number
- CN109639408A CN109639408A CN201910070852.0A CN201910070852A CN109639408A CN 109639408 A CN109639408 A CN 109639408A CN 201910070852 A CN201910070852 A CN 201910070852A CN 109639408 A CN109639408 A CN 109639408A
- Authority
- CN
- China
- Prior art keywords
- constant
- constant matrices
- round transformation
- inverse
- composite matrix
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Abstract
The present invention disclose AES decryption circuit in multiplexing round transformation arithmetic element structure, including be sequentially connected connect with lower component: the first composite matrix multiplying unit, selector, constant add arithmetic element, compositum inverse of multiplication unit, second selector, the second composite matrix multiplying unit and third selector;Wherein, the input terminal of the first composite matrix multiplying unit is set as data-in port, and the input terminal of the second composite matrix multiplying unit is set as key input mouth;The selector, second selector and third selector are additionally provided with selection signal input port;The output end of the third selector is set as data-out port.The AES, which decrypts the multiplexing round transformation arithmetic element structure in circuit, reduces circuit realization area, saves a large amount of circuit resources when loop structure AES cryptochannel is realized.
Description
Technical field
The present invention relates to cryptochannels to realize technical field, and in particular, to AES decrypts the multiplexing round transformation fortune in circuit
Calculate cellular construction.
Background technique
AES (Advanced Encryption Standard, Advanced Encryption Standard) is by American National Standard and technology
A new generation's grouping symmetric cryptographic algorithm that research institute formulates for 2001, for replacing original DES (Data Encryption
Standard, data encryption standards).Currently, AES cryptographic algorithm is used by multiple International Standards Organization, it is to make at present
With widest block cipher.
The data packet length of AES cryptographic algorithm is 128 bits, and key length has three kinds of 128,192 and 256 bit, point
It is also known as AES-128, AES-192, AES-256.Aes algorithm is an iterative algorithm, each iteration is properly termed as round transformation,
Key length is different, and round transformation quantity is also different, AES-128, AES-192, and the round transformation quantity Nr of AES-256 is respectively 10,
12,14.AES encryption process is as shown in Fig. 1, and the clear data of input carries out key first and adds operation;Then pass through Nr- 1 wheel
Common round transformation carries out byte replacement, row displacement, column mixing and key in order in each common round transformation and adds four son fortune
It calculates;Last round transformation finally is taken turns by one, last round transformation carries out byte replacement, row displacement and key in order and adds three sub- operations.
It is a process opposite with ciphering process that AES, which decrypts process, as shown in Fig. 2, the ciphertext data of input carry out a wheel head first
Round transformation, the first run are transformed to the inverse operation of last round transformation in encryption flow, including key plus Retrograde transposition, inverse byte replacement three
A sub- operation;Then N is carried outr- 1 common round transformation of wheel, ordinary wheel are transformed to the inverse operation of common round transformation in encryption flow, wrap
Key is included to add, replace against column mixing, Retrograde transposition and inverse byte;It finally carries out a key and adds operation.Inverse column mixing is driven in the wrong direction and is moved
Position and inverse byte replacement are respectively the inverse operation of column mixing in encryption flow, row displacement and byte replacement.
Full deployed configuration and loop structure are two kinds of basic structures that AES cryptochannel is realized, attached drawing 3 is both circuits
The schematic diagram of structure.As shown in figure 3, needing N in full deployed configuration AES cryptochannelrA round transformation unit is successively to input
Clear data handled.Full deployed configuration AES cryptochannel can greatly improve at circuit by using pipelining
Speed is managed, therefore suitable for high-speed data processing circuit.In loop structure AES cryptochannel, only with a round transformation
Unit completes all AES encryption operations, therefore is suitable for the application that circuit area is limited.Round transformation as shown in Figure 1
In operation, since last round transformation does not need column hybrid operation, in loop structure AES cryptochannel, round transformation circuit needs
It is designed to reconfigurable circuit, while supporting ordinary wheel transform operation function and last round transformation calculation function.
In existing open source literature, the AES round transformation circuit based on union operation proposed, is all to increase circuit
Area is that critical path depth is optimized in cost.
Summary of the invention
The object of the present invention is to provide the multiplexing round transformation arithmetic element structure in a kind of AES decryption circuit, AES decryption
Multiplexing round transformation arithmetic element structure in circuit reduces circuit and realizes area, realizes the time in loop structure AES cryptochannel
Save a large amount of circuit resources.
To achieve the goals above, the present invention provides the multiplexing round transformation arithmetic element knots in a kind of AES decryption circuit
Structure, the AES decryption circuit in multiplexing round transformation arithmetic element structure include be sequentially connected connect with lower component:
First composite matrix multiplying unit, selector, constant add arithmetic element, compositum inverse of multiplication unit,
Second selector, the second composite matrix multiplying unit and third selector;Wherein, the first composite matrix multiplying
The input terminal of unit is set as data-in port, and the input terminal of the second composite matrix multiplying unit is set as key
Input port;The selector, second selector and third selector are additionally provided with selection signal input port;The third choosing
The output end for selecting device is set as data-out port.
Preferably, the input terminal of the first composite matrix multiplying unit and two output ends are all four bytes,
And two output ends of the first composite matrix multiplying unit are both connected to the input terminal of the selector.
Preferably, the constant adds the input terminal of arithmetic element and output end is all four bytes, and the constant adds operation
The input terminal of unit is connected to the output end of the selector.
Preferably, two input terminals of the second composite matrix multiplying unit and two output ends are all four words
Section, and two output ends of the first composite matrix multiplying unit are both connected to the input terminal of the third selector,
One input terminal of the first composite matrix multiplying unit is connected to the output end of the second selector, another is defeated
Enter end and is set as key input mouth.
Preferably, the first composite matrix multiplying unit is by the one group of column of input being made of four byte datas
Vector and composite matrixCarry out multiplying;
Composite matrixBy constant matricesIt is composed;Constant matricesFor constant matrices δ and often
The product of matrix number τ ';Constant matricesFor constant matrices δ, constant matrices τ ' and constant matricesProduct;Constant matrices
For constant matrices δ, constant matrices τ ' and constant matricesProduct;Constant matricesFor constant matrices δ, constant matrices τ ' and often
Matrix numberProduct;Constant matricesFor constant matrices δ, constant matrices τ ' and constant matricesProduct;Constant matrices δ is
Mapping matrix, effect is by GF (28) element on domain is mapped on compositum;Constant matrices τ ' is inverse imitative in inverse S box operation
Penetrate constant matrices specified by operation;Constant matricesRespectively GF (28) multiplying constant × { 09 } on domain16、×
{0b}16、×{0d}16、×{0e}16Matrix form.
Preferably, two output numbers that the alternative selector is exported from the first composite matrix multiplying unit
Constant is sent into according to middle one output data of selection to add in arithmetic element.
Preferably, the constant adds the additive constant ω of four byte datas of arithmetic element realization inputλOperation;Constant ωλ
For the product of constant matrices δ, constant matrices τ ' and constant ω;Constant ω is word specified by inverse Affine arithmetic in inverse S box operation
Save constant.
Preferably, the compositum inverse of multiplication unit realizes multiplication of four byte datas of input on compositum
Inverse operation;The compositum be arbitrarily with GF (28) domain isomorphism compositum.
Preferably, the second composite matrix multiplying unit is by four byte datas and four byte keys of input
The one group of column vector and composite matrix of compositionCarry out multiplying;Composite matrixBy constant matrices δ ' and constant matricesGroup
It closes;Constant matrices δ ' is mapping matrix, and effect is that the operation result on compositum is mapped back GF (28) on domain;Constant
MatrixRespectively GF (28) multiplying constant × { 01 } on domain16Matrix form.
It is restructural that first run transformation/common transform may be implemented in AES decryption multiplexing round transformation arithmetic element proposed by the present invention
Operation, based on above-mentioned AES decryption multiplexing round transformation arithmetic element structure, the present invention also provides a kind of AES decryption method, the party
The decryption step of method includes:
Step 1, a wheel first run transformation is carried out;
Step 2, N is carried outr- 1 common round transformation of wheel;
Preferentially, in step 1, first run transformation successively carries out following operation: key adds, shift operation, against byte
Replacement operation and key add operation;
Preferentially, in step 2, the common round transformation successively carries out following operation: inverse column hybrid operation, Retrograde transposition
Operation, inverse byte replacement operation and key add operation.
According to the above technical scheme, composite matrix of the present inventionWith composite matrixCompositum in AES decipherment algorithm is reflected
Penetrating operation, Affine arithmetic, column hybrid operation and key adds operation to merge, and in hardware realization, can greatly reduce circuit
Critical path depth.Public keys elimination algorithm is the most effective circuit optimization method of linear operation unit, research shows that circuit
Scale is bigger, and circuit efficiency is higher, therefore the present invention is merged by matrix and synthesized several small-scale linear operation unit groups
Large-scale linear operation is synthesized, the raising of circuit optimization efficiency is conducive to, circuit is reduced and realizes area.
Other features and advantages of the present invention will the following detailed description will be given in the detailed implementation section.
Detailed description of the invention
The drawings are intended to provide a further understanding of the invention, and constitutes part of specification, with following tool
Body embodiment is used to explain the present invention together, but is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is AES cipher algorithm encryption process;
Fig. 2 is that AES cryptographic algorithm decrypts process;
Fig. 3 is that AES cryptochannel realizes structure substantially: (a) full deployed configuration, (b) loop structure;
Fig. 4 is that AES proposed by the present invention decrypts round transformation construction method flow chart;
Fig. 5 is that AES proposed by the present invention decrypts round transformation multiplex circuit structure;
Fig. 6 is that multiplexing round transformation arithmetic element decryption multiplexing round transformation arithmetic element is decrypted based on AES proposed by the present invention
32bit bit wide loop structure AES decrypt circuit;
Fig. 7 is that multiplexing round transformation arithmetic element decryption multiplexing round transformation arithmetic element is decrypted based on AES proposed by the present invention
64bit bit wide loop structure AES decrypt circuit;
Fig. 8 is that multiplexing round transformation arithmetic element decryption multiplexing round transformation arithmetic element is decrypted based on AES proposed by the present invention
128bit bit wide loop structure AES decrypt circuit.
Specific embodiment
Below in conjunction with attached drawing, detailed description of the preferred embodiments.It should be understood that this place is retouched
The specific embodiment stated is merely to illustrate and explain the present invention, and is not intended to restrict the invention.
The present invention provides the multiplexing round transformation arithmetic element structure in a kind of AES decryption circuit, which decrypts in circuit
Multiplexing round transformation arithmetic element structure include be sequentially connected connect with lower component:
First composite matrix multiplying unit, selector, constant add arithmetic element, compositum inverse of multiplication unit and
Second composite matrix multiplying unit;Wherein, the input terminal of the first composite matrix multiplying unit is set as data
The input terminal of input port, the second composite matrix multiplying unit is set as key input mouth;The selector is also
It is provided with selection signal input port;The output end of the second composite matrix multiplying unit is set as data output end
Mouthful.
As shown in figure 4, AES decryption process carries out one first in decryption round transformation construction method proposed by the present invention
Key adds operation, then carries out a wheel first run transformation, finally carries out Nr -1 and take turns common round transformation.First run transformation is sequentially completed retrograde
Shift operation, inverse byte replacement operation and key add operation, and common round transformation is sequentially completed inverse column hybrid operation, Retrograde transposition is transported
It calculates, add operation against byte replacement operation and key, the operational formula of above-mentioned arithmetic element is specific as follows:
AES round transformation is progress map function in the matrix form, and decipherment algorithm regards 128 bit packet datas of input
For 4 × 4 byte matrixes, the element of each matrix is 1 byte.It is 4 × 4 words that the intermediate result of round transformation, which is referred to as state matrix,
Save matrix.Assuming that the state matrix of common round transformation input are as follows:
Each operation in AES decrypting process is described in detail as follows:
1. against column hybrid operation
Inverse column hybrid operation is the mixed inverse operation of column, and it is more can be equally considered as each column and a constant in state matrix
Product of the item formula on ring R.Assuming that the state matrix after inverse column hybrid operation are as follows:
The expression formula of inverse column hybrid operation are as follows:
Wherein matrixFor column mixed constant matrix, constant matricesInRespectively GF (28) on domain
Multiplying constant × { 09 }16、×{0b}16、×{0d}16、×{0e}16Matrix form, the present invention in { }16Indicate constant 16 into
Form processed.
2. Retrograde transposition operation
Retrograde transposition operation is the inverse operation of row displacement, i.e. the first row of state matrix does not convert, second, three, four rows point
One byte of other right shift, two bytes and three bytes.Assuming that the state matrix after Retrograde transposition operation are as follows:
State matrix after Retrograde transposition can be expressed as:
Retrograde transposition operation does not need to consume any logic circuit resource in hardware realization yet, need to only adjust bus location
?.
3. against byte replacement operation
Inverse byte replacement operation is the inverse operation of byte replacement, also referred to as against S box operation.Inverse S box operation is equally by shape
Each byte in state matrix carries out inverse replacement operation according to byte substitution table.Assuming that the state matrix after inverse S box operation
Are as follows:
Then it can be expressed as against S box operation:
WhereinFor inverse S box operation function.Inverse S box operation is unique nonlinear operation in four operations of round transformation,
It is the highest operation of computational complexity, therefore inverse S box computing circuit occupies most circuit faces of entire AES decryption circuit
Long-pending and power consumption.
In inverse S box operation, input byte carries out an inverse Affine arithmetic first, and inverse Affine arithmetic is that encryption S box is affine
Then the inverse operation of operation carries out a finite field gf (28) domain comultiplication inverse operation, expression formula are as follows:
Wherein x is input byte, and it is constant matrices τ in encryption S box that ω, which is byte constant, and τ ' is 8 × 8bit constant matrices
Inverse matrix, τ ' and ω are for completing inverse Affine arithmetic, ()A -1For GF (28) inverse of multiplication on domain.It is according to the present invention
GF(28) domain is GF (2 specified in AES cryptographic algorithm8) domain, irreducible function is
F (x)=x8+x4+x3+x+1
In numerous S box implementations, the S box based on compositum, which is realized, has the smallest circuit area.Compositum S box is logical
Mathematic(al) manipulation is crossed by major calculations unit-GF (2 in S box8) domain inverse of multiplication unit is mapped in compositum and realizes.It is multiple
The computation complexity for closing domain inverse of multiplication will be far smaller than GF (28) the inverse computation complexity of domain multiplication, thus can subtract significantly
The hardware complexity that few S box circuit is realized.
Inverse S box operation expression based on compositum are as follows:
Wherein ()C -1For the inverse of multiplication on compositum, compositum be arbitrarily with GF (28) domain isomorphism compositum, δ is
8 × 8bit mapping matrix, effect is will to input byte x from GF (28) for domain mapping to compositum, δ ' is δ inverse matrix, effect
It is that compositum inverse of multiplication result is mapped back into GF (2 from compositum8) domain.
In finite field, add operation is the operation of position XOR logic.According toX ⊕ y ⊕ 1=x ⊕ y=x
⊙ y, therefore, constant adds operation+ω in hardware realization, adds 0 operation that can directly dispense, and add-one operation can use two kinds of sides
Method replaces XOR logic operation: the XOR logic of 1. any two variables uses same or logic to replace;2. any two variable
It is realized using XOR logic+negate logic.Since same or logic gate is almost the same with the circuit area of exclusive or logic gate and delay,
It can ignore compared to exclusive or logic gate, the circuit area of reverse logic door and delay simultaneously, therefore, in inverse S box hardware realization
When, constant adds operation+ω circuit area and delay can be ignored.
4. key adds operation
Key adds operation to add operation identical with the key in encryption flow.Assuming that the state matrix after key adds operation
Are as follows:
Key adds operation expression are as follows:
Wherein matrixIt for sub-key matrix, is generated by key schedule, sub-key matrix uses sequence and encryption
Process neutron cipher key matrix uses sequence opposite.
5. ordinary wheel transformation for mula
Four arithmetic elements in round transformation can be implemented separately, and adjacent several arithmetic elements can also be merged into one
A arithmetic element is realized.The round transformation circuit that arithmetic element is implemented separately not only wastes circuit resource, and critical path compared with
It is long.The present invention is according to ordinary wheel transformation for mula, by the merging and synthesis operation of constant matrices, to linear in common round transformation
Operation merges.Add as shown in figure 4, common round transformation successively carries out inverse column mixing, Retrograde transposition, inverse byte replacement and key
Equal operations, according to each sub- operational formula in round transformation among the above, it can be deduced that ordinary wheel transformation for mula are as follows:
WhereinFor constant matricesIn row vector,WithRespectively data matrixWith key square
Battle arrayIn column vector, it may be assumed that
To there is the output variable r of identical input in above-mentioned formulax,yOne group is divided, four groupings can be divided into altogether.This
Four groupings have identical operation operation, and the circuit computing unit having the same in hardware realization.Each grouping output becomes
Amount can be expressed as linear equation form:
Input variable and output variable in the above formula corresponding variable in each grouping are as follows:
Group I:Group II:
Group III:Group IV:
Area is realized in order to reduce circuit, and the present invention is further by the GF (2 in inverse S box8) multiplication inverse mapping is to compositum
In, the common round transformation after mapping is grouped formula are as follows:
6. first run transformation for mula
As shown in figure 4, common round transformation successively carries out, key adds, Retrograde transposition, inverse byte is replaced and the operations such as key adds,
According to above-mentioned each sub- operational formula, equally it can be concluded that first run transformation for mula are as follows:
Wherein
The son that respectively first key adds the sub-key matrix of operation and second key to add operation in first run transformation is close
Key matrix.
First run transformation for mula is also equally segmented into four groupings, first run transformation grouping formula are as follows:
Input variable and output variable in the above formula corresponding variable in each grouping are as follows:
Group I:
Group II:
Group III:
Group IV:
The output variable r being grouped in formula0~r3With input variable d0~d3The corresponding variable and common in each grouping
Round transformation is identical, input variable kn0~kn1Input variable k in each grouping in corresponding variable and common round transformation0~k1
It is identical.
Last round transformation based on compositum is grouped formula are as follows:
The present invention provides a kind of AES to decrypt multiplexing round transformation arithmetic element structure decryption multiplexing round transformation arithmetic element,
First run transformation/two kinds of operations of common round transformation reconfigurable function in Fig. 4 may be implemented.The round transformation that invention proposes is multiplexed electricity
All linear transformation operations in AES decipherment algorithm are combined into two conjunctions by the merging and synthesis operation of constant matrices by road
At matrix, composite matrixWith composite matrixSo as to shorten the critical path of AES decryption circuit, it is real to reduce AES decryption circuit
Existing area.
Fig. 5 is that the AES of the specific embodiment of the invention decrypts round transformation multiplex circuit structural schematic diagram.This specific embodiment party
The AES that formula provides decrypts round transformation multiplex circuit structure, comprising: first selector, the first composite matrix multiplying unit, the
Two selectors, constant add arithmetic element, compositum inverse of multiplication unit, the second composite matrix multiplying unit, further includes:
Ciphertext data-in port, feedback data input port, first run key input mouth, common key input port, selection signal
s1Input port, selection signal s2Input port and data-out port.Ciphertext data-in port, feedback data input terminal
Mouthful, the data bit width of first run key input mouth, common key input port and data-out port be all four bytes.
As shown in figure 5, first selector includes three input terminals and an output end, two of them input terminal is for inputting
Data, data bit width are four bytes, are connected respectively with ciphertext data-in port, feedback data input port, one defeated
Enter end and be used for input select signal, with selection signal s1Input port is connected, and output end data bit width is four bytes, with the
One composite matrix multiplying unit.First composite matrix multiplying unit include two input terminals and two output ends, two
The data bit width of a input terminal and two output ends is all four bytes, two input terminals respectively with first selector output end and
First run key input mouth is connected, and two output ends are connected with two input terminals of alternative selector.Second selector
Including three input terminals and an output end, two of them input terminal is used for input data, and data bit width is four bytes, respectively
It is connected with two output ends of the first composite matrix multiplying unit, an input terminal is used for input select signal, with choosing
Select signal s2Input port is connected, and output end data bit width is four bytes, the input terminal with constant plus arithmetic element.Constant
Adding arithmetic element includes an input terminal and an output end, and the data bit width of input terminal and output end is all four bytes, defeated
Enter end to be connected with the output end of second selector, output end is connected with the input terminal of compositum inverse of multiplication unit.It is multiple
Closing domain inverse of multiplication unit includes an input terminal and an output end, and the data bit width of input terminal and output end is all four
Byte, input terminal add arithmetic element output end to be connected with constant, and the one of output end and the second composite matrix multiplying unit
A input terminal is connected.Second composite matrix multiplying unit includes two input terminals and an output end, two input terminals
Data bit width with output end is all four bytes, and an input terminal is used for input data, with compositum inverse of multiplication unit
Output end is connected, another input terminal is connected, output end is defeated with data for inputting key with common key input port
Exit port is connected.
In a kind of specific embodiment of the invention, the input terminal and two of the first composite matrix multiplying unit
A output end is all four bytes, and two output ends of the first composite matrix multiplying unit are both connected to the choosing
Select the input terminal of device.
In a kind of specific embodiment of the invention, the constant adds the input terminal of arithmetic element and output end is all four
A byte, the constant add the input terminal of arithmetic element to be connected to the output end of the selector.
In a kind of specific embodiment of the invention, the input terminal of the second composite matrix multiplying unit and defeated
Outlet is all four bytes, and the output end of the second composite matrix multiplying unit is set as data-out port.
The calculating process of each arithmetic element in Fig. 5 is as follows:
The round transformation multiplex circuit is from ciphertext data-in port input data vectorCiphertext data-in port is defeated
Enter data vectorKey vector is inputted from first run key input mouthKey vector is inputted from common key input portVectorWithIt is all made of four bytes, is denoted as respectively
The first selector, when carrying out first run transform operation, according to selection signal s1=0 selects vectorIt is sent into
Data-out port.When carrying out ordinary wheel transform operation, according to selection signal s1=1, it selects vectorIt is defeated to be sent into data
Exit port.Selector 1 embodies form are as follows:
Selector 1 exports resultFurther it is output to the first composite matrix multiplication unit
In.
The first composite matrix multiplying unit is by input by four byte datas With
Four byte first run keysOne group of column vector of composition And
With composite matrixCarry out multiplying.Composite matrixBy constant matrices It is composed:
First composite matrix multiplying unit is by the one group of column vector of input being made of four byte datas and synthesizes
MatrixCarry out multiplying;Composite matrixBy constant matricesIt is composed;Constant matricesIt is normal
The product of matrix number δ and constant matrices τ ';Constant matricesFor constant matrices δ, constant matrices τ ' and constant matricesProduct;
Constant matricesFor constant matrices δ, constant matrices τ ' and constant matricesProduct;Constant matricesFor constant matrices δ, constant
Matrix τ ' and constant matricesProduct;Constant matricesFor constant matrices δ, constant matrices τ ' and constant matricesProduct;
Constant matrices δ is mapping matrix, and effect is by GF (28) element on domain is mapped on compositum;Constant matrices τ ' is inverse S
Constant matrices specified by inverse Affine arithmetic in box operation;Constant matricesRespectively GF (28) domain it is superior often
Number × { 09 }16、×{0b}16、×{0d}16、×{0e}16Matrix form.
First composite matrix multiplying unit can be expressed with specific formula are as follows:
Operation resultAnd operation resultFurther it is output to alternative
Selector.
The second selector is according to selection signal s2From two groups of output datasWithOne group of feeding feedback coefficient of middle selection
According to output port.When selection signal is s2When=0, second selector willIt is sent into feedback data output port.Work as selection signal
For s2When=1, second selector willIt is sent into feedback data output port.Second selector embodies form are as follows:
Selector exports resultConstant is further output to add in arithmetic element.
The constant adds arithmetic element to realize vectorWith constant vector ΩλSum operation.Constant vector
ΩλBy four constant ωλIt is composed, i.e. Ωλ=[ωλ,ωλ,ωλ,ωλ]T, wherein constant ωλFor constant matrices δ, constant square
The product of battle array τ ' and constant ω, i.e. ωλ=δ × τ ' × ω, constant ω are byte specified by inverse Affine arithmetic in inverse S box operation
Constant.What constant added arithmetic element embodies form are as follows:
Operation resultIt is further output in compositum inverse of multiplication unit.
The compositum inverse of multiplication unit willCarry out compositum inverse of multiplication.Here compound
Domain be arbitrarily with GF (28) domain isomorphism compositum.Compositum inverse of multiplication unit embodies form are as follows:
Operation resultFurther it is output to the second composite matrix multiplying unit.
It is described in the second composite matrix multiplying unit, data vectorWith key vectorIt is further combined into a column vector And with
Composite matrixCarry out multiplying.Composite matrixBy constant matrices δ ',It is composed:
Wherein constant matricesRespectively GF (28) multiplying constant × { 01 } on domain16Matrix form;Constant matrices δ ' is to reflect
Matrix is penetrated, effect is that the element on compositum is mapped to GF (28) on domain.Second composite matrix multiplying unit can be with
It is expressed with specific formula are as follows:
Operation resultFurther it is output to data-out port.
The data-out port exports operation result
Decryption multiplexing round transformation arithmetic element proposed by the present invention passes through the merging and synthesis operation of constant matrices, by AES
All linear transformation operations in decipherment algorithm are combined into two composite matrix, composite matrixWith composite matrixSo as to shorten
AES decrypts the critical path of circuit, while reducing AES decryption circuit and realizing area, research shows that circuit scale is bigger, circuit effect
Rate is higher, therefore the present invention is merged by matrix and several small-scale linear operation units are combined on a large scale linearly by synthesis
Operation is conducive to the raising of circuit optimization efficiency, reduces AES decryption circuit and realizes area;And by constant add arithmetic element and
Compositum inverse of multiplication unit constructs first run transformation/common round transformation Multiplexing Unit, saves a large amount of circuit resources.
Loop structure is the basic structure that AES decryption circuit is realized, is multiplexed round transformation operation list based on the decryption proposed
Member constitutes the AES of loop structure in such a way that time-sharing multiplex processing mode either time-sharing multiplex is combined with parallel processing
Decrypt circuit.
Fig. 6 is that the structural schematic diagram for the AES decryption circuit that the embodiment of the present invention one provides only is shown for ease of description
In the relevant part of the embodiment of the present invention.
The AES decrypts circuit
The data bit width of one multiplexing round transformation circuit, register 1 and register 2, register 1 and register 2 is 16 words
Section, the data-out port of decryption multiplexing round transformation arithmetic element and the input terminal and clear data output port of register 1
It is connected, the output end of register 1 is connect with the input terminal of register 2, the output end and decryption multiplexing round transformation fortune of register 2
Calculate the feedback data input terminal connection of unit;
The decryption method for the AES decryption circuit that embodiment one provides includes the following steps:
S1, preceding 4 operations constitute first run transform operation, and first run transform operation refers to that the ciphertext data of four groups of nybbles are successive
It is input in decryption multiplexing round transformation unit from ciphertext data-in port, selector 1 send the ciphertext data of input to synthesis
Matrix multiplication operation unit 1, selector 2 form the first row of 1 operation result of composite matrix multiplying unit to fourth line
VectorOutput to constant adds arithmetic element, by constant plus arithmetic element, compositum inverse of multiplication unit, composite matrix
The operation of the units such as multiplying unit 2, operation result are sent by feedback data circuit to register 1, by four operations it
Afterwards, register 1 transports to 16 bytes of storage in register 2;
S2, the 5~4N for being multiplexed round transformation circuitrSecondary operation constitutes the first run and leads to round transformation, and register 2 exports 4 words every time
The data of section are multiplexed the feedback data input terminal of round transformation unit to decryption, and feedback data is sent to composite matrix by selector 1
In multiplying unit 1, by the operation of composite matrix multiplying unit 1, selector 2 is by the fifth line of operation result to
The vector of eight row vectors compositionOutput to constant adds arithmetic element, by constant plus arithmetic element, compositum inverse of multiplication
The operation of the units such as unit, composite matrix multiplying unit 2, operation result are sent by feedback data circuit to register 1, often
After four operations, register 1 transports to 16 bytes of storage in register 2, wherein (4Nr- 3)~4NrOperation result conduct
Final operation result is exported from clear data port.
Fig. 7 is that the structural schematic diagram of AES provided by Embodiment 2 of the present invention decryption circuit is only shown for ease of description
In the relevant part of the embodiment of the present invention.
The AES decrypts circuit
The data bit width of two multiplexing round transformation arithmetic elements, register 1 and register 2, register 1 and register 2 is
16 bytes, input terminal and the clear data output of the data-out port and register 1 of two decryption multiplexing round transformation units
Port is connected, and the output end of register 1 is connect with the input terminal of register 2, and the output end of register 2 and two decryption are multiplexed
The feedback data input terminal of round transformation unit connects.
The decryption method for the AES decryption circuit that embodiment two provides includes the following steps:
S1, preceding 2 operations constitute first run transform operation, and first run transform operation refers to that the ciphertext data of four groups of nybbles are successive
It is input in two decryption multiplexing round transformation units from ciphertext data-in port twice, two decryption multiplexing round transformation units are adopted
With parallel processing manner, each decryption multiplexing round transformation unit inputs four bytes every time, and decryption is multiplexed in round transformation unit
Selector 1 send the ciphertext data of input to composite matrix multiplying unit 1, and selector 2 is by composite matrix multiplying list
The vector that the first row of first 1 operation result is formed to fourth lineOutput to constant adds arithmetic element, by constant plus operation list
The operation of the units such as member, compositum inverse of multiplication unit, composite matrix multiplying unit 2, operation result pass through feedback coefficient
It send according to circuit to register 1, after being multiplexed the operations twice of round transformation unit by two decryption, register 1 is by 16 words of storage
Section is transported in register 2;
S2, the 3~2N for being multiplexed round transformation circuitrSecondary operation constitutes common round transformation, and register 2 exports 8 bytes every time
Data to the feedback data input terminal of two decryption multiplexing round transformation units, two decryption multiplexing round transformation units are using parallel
Processing mode, each decryption multiplexing round transformation unit input 4 bytes, and in decryption multiplexing round transformation unit, selector 1 will be anti-
Feedback data are sent in composite matrix multiplying unit 1, and by the operation of composite matrix multiplying unit 1, selector 2 will
The vector that the fifth line of operation result is formed to the 8th row vectorOutput to constant adds arithmetic element, by constant plus operation
The operation of the units such as unit, compositum inverse of multiplication unit, composite matrix multiplying unit 2, operation result pass through feedback
Data loop is sent to register 1, and after two decryption multiplexing round transformation units are per operations twice, register 1 is by 16 words of storage
Section is transported in register 2, wherein (2Nr- 1)~2NrOperation result is defeated from clear data output port as final operation result
Out.
Fig. 8 is that the structural schematic diagram for the AES decryption circuit that the embodiment of the present invention three provides only is shown for ease of description
In the relevant part of the embodiment of the present invention.
The AES decrypts circuit
Four multiplexing round transformation circuits and register, the data bit width of register are 16 bytes, and four decryption multiplexing wheels become
Change the data-out port of arithmetic element and the input terminal of register and the connection of clear data output port, the output of register
It holds and is connect with the feedback data input terminal of four decryption multiplexing round transformation arithmetic elements.
The decryption method for the AES decryption circuit that embodiment three provides includes the following steps:
S1, first time operation constitute first run transform operation, and first run transform operation refers to the ciphertext data point of four groups of nybbles
Four decryption are not inputted from ciphertext data-in port and are multiplexed round transformation arithmetic element, and four decryption multiplexing round transformation units use
Parallel processing manner, each decryption multiplexing round transformation unit input four bytes, the selector 1 in decryption multiplexing round transformation unit
The ciphertext data of input are sent to composite matrix multiplying unit 1, selector 2 is by 1 operation of composite matrix multiplying unit
As a result the vector that the first row is formed to fourth lineOutput adds arithmetic element to constant, by constant plus arithmetic element, compound
The operation of the units such as domain inverse of multiplication unit, composite matrix multiplying unit 2, operation result are sent by feedback data circuit
Into register;
S2, the 2~N for being multiplexed round transformation circuitrSecondary operation constitutes ordinary wheel transform operation, and register exports 8 words every time
The data of section are to the feedback data input terminal of four decryption multiplexing round transformation units, and four decryption multiplexing round transformation units are using simultaneously
Row processing mode, each decryption multiplexing round transformation unit input 4 bytes, and in decryption multiplexing round transformation unit, selector 1 will
Feedback data is sent in composite matrix multiplying unit 1, by the operation of composite matrix multiplying unit 1, selector 2
The vector that the fifth line of operation result is formed to the 8th row vectorOutput to constant adds arithmetic element, by constant plus fortune
The operation of the units such as unit, compositum inverse of multiplication unit, composite matrix multiplying unit 2 is calculated, operation result passes through anti-
Feedback data loop is sent to register, wherein NrOperation result is exported as final operation result from clear data output port.
The AES decryption circuit of loop structure passes through the identical operation list in multiplexing first run transform operation and common transform operation
Member, circuit area greatly reduce, therefore suitable for the data processing circuit that area is limited.
It is described the prefered embodiments of the present invention in detail above in conjunction with attached drawing, still, the present invention is not limited to above-mentioned realities
The detail in mode is applied, within the scope of the technical concept of the present invention, a variety of letters can be carried out to technical solution of the present invention
Monotropic type, these simple variants all belong to the scope of protection of the present invention.
It is further to note that specific technical features described in the above specific embodiments, in not lance
In the case where shield, can be combined in any appropriate way, in order to avoid unnecessary repetition, the present invention to it is various can
No further explanation will be given for the combination of energy.
In addition, various embodiments of the present invention can be combined randomly, as long as it is without prejudice to originally
The thought of invention, it should also be regarded as the disclosure of the present invention.
Claims (10)
1. a kind of AES decryption multiplexing round transformation circuit structure, which is characterized in that AES decryption multiplexing round transformation circuit structure packet
Include be sequentially connected connect with lower component:
First composite matrix multiplying unit, selector, constant add arithmetic element, compositum inverse of multiplication unit and second
Composite matrix multiplying unit;Wherein, the input terminal of the first composite matrix multiplying unit is set as data input
The input terminal of port, the second composite matrix multiplying unit is set as key input mouth;The selector is also set up
There is selection signal input port;The output end of the second composite matrix multiplying unit is set as data-out port.
2. AES decryption multiplexing round transformation circuit structure according to claim 1, which is characterized in that the first synthesis square
The input terminal and two output ends of battle array multiplying unit are all four bytes, and the first composite matrix multiplying unit
Two output ends be both connected to the input terminal of the selector.
3. AES decryption multiplexing round transformation circuit structure according to claim 1, which is characterized in that the constant adds operation
The input terminal and output end of unit are all four bytes, and the constant adds the input terminal of arithmetic element to be connected to the selector
Output end.
4. AES decryption multiplexing round transformation circuit structure according to claim 1, which is characterized in that the second synthesis square
The input terminal and output end of battle array multiplying unit are all four bytes, and the second composite matrix multiplying unit is defeated
Outlet is set as data-out port.
5. AES decryption multiplexing round transformation circuit structure according to claim 1, which is characterized in that
The first composite matrix multiplying unit is by the one group of column vector of input being made of four byte datas and synthesizes
MatrixCarry out multiplying;
Composite matrixBy constant matricesIt is composed;Constant matricesFor constant matrices δ and constant
The product of matrix τ ';Constant matricesFor constant matrices δ, constant matrices τ ' and constant matricesProduct;Constant matricesFor
Constant matrices δ, constant matrices τ ' and constant matricesProduct;Constant matricesFor constant matrices δ, constant matrices τ ' and often
Matrix numberProduct;Constant matricesFor constant matrices δ, constant matrices τ ' and constant matricesProduct;Constant matrices δ
For mapping matrix, effect is by GF (28) element on domain is mapped on compositum;Constant matrices τ ' is inverse in inverse S box operation
Constant matrices specified by Affine arithmetic;Constant matricesRespectively GF (28) multiplying constant on domain ×
{09}16、×{0b}16、×{0d}16、×{0e}16Matrix form, matrixIt embodies are as follows:
6. AES decryption multiplexing round transformation circuit structure according to claim 1, which is characterized in that the alternative selection
Device selects an output data to be sent into constant from two output datas that the first composite matrix multiplying unit exports
Add in arithmetic element.
7. AES decryption multiplexing round transformation circuit structure according to claim 1, which is characterized in that the constant adds operation
Unit realizes the additive constant ω of four byte datas of inputλOperation;Constant ωλFor constant matrices δ, constant matrices τ ' and constant
The product of ω;Constant ω is byte constant specified by inverse Affine arithmetic, matrix in inverse S box operationIt embodies are as follows:
8. AES decryption multiplexing round transformation circuit structure according to claim 1, which is characterized in that the compositum multiplication
Inverse operation unit realizes inverse of multiplication of four byte datas of input on compositum;The compositum be arbitrarily with GF (28)
The compositum of domain isomorphism.
9. AES decryption multiplexing round transformation circuit structure according to claim 1, which is characterized in that the second synthesis square
The one group of column vector and composite matrix that battle array multiplying unit forms four byte datas of input and four byte keys
Carry out multiplying;Composite matrixBy constant matrices δ ' and constant matricesIt is composed;Constant matrices δ ' is mapping matrix,
Its effect is that the operation result on compositum is mapped back GF (28) on domain;Constant matricesRespectively GF (28) multiplying constant on domain
×{01}16Matrix form.
10. the present invention provides a kind of AES decryption method, this method uses above-mentioned AES decryption multiplexing round transformation arithmetic element knot
Structure is decrypted, and decryption step includes:
Step 1, a wheel first run transformation is carried out;
Step 2, N is carried outr- 1 common round transformation of wheel;
In step 1, first run transformation includes: that key adds, shift operation, inverse byte replacement operation and key add operation;
In step 2, the common round transformation includes: inverse column hybrid operation, Retrograde transposition operation, inverse byte replacement operation and close
Key adds operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910070852.0A CN109639408A (en) | 2019-01-25 | 2019-01-25 | A kind of AES decryption multiplexing round transformation circuit structure |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910070852.0A CN109639408A (en) | 2019-01-25 | 2019-01-25 | A kind of AES decryption multiplexing round transformation circuit structure |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109639408A true CN109639408A (en) | 2019-04-16 |
Family
ID=66063617
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910070852.0A Pending CN109639408A (en) | 2019-01-25 | 2019-01-25 | A kind of AES decryption multiplexing round transformation circuit structure |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109639408A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113193950A (en) * | 2021-07-01 | 2021-07-30 | 广东省新一代通信与网络创新研究院 | Data encryption method, data decryption method and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108566271A (en) * | 2018-06-11 | 2018-09-21 | 安徽工程大学 | It is multiplexed round transformation circuit, AES encryption circuit and its encryption method |
| CN108809627A (en) * | 2018-06-11 | 2018-11-13 | 安徽工程大学 | Round transformation multiplex circuit and AES decrypt circuit |
| CN109033892A (en) * | 2018-06-11 | 2018-12-18 | 安徽工程大学 | Round transformation multiplex circuit and AES based on composite matrix decrypt circuit |
| CN109033847A (en) * | 2018-06-11 | 2018-12-18 | 安徽工程大学 | AES encryption arithmetic element, AES encryption circuit and its encryption method |
-
2019
- 2019-01-25 CN CN201910070852.0A patent/CN109639408A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108566271A (en) * | 2018-06-11 | 2018-09-21 | 安徽工程大学 | It is multiplexed round transformation circuit, AES encryption circuit and its encryption method |
| CN108809627A (en) * | 2018-06-11 | 2018-11-13 | 安徽工程大学 | Round transformation multiplex circuit and AES decrypt circuit |
| CN109033892A (en) * | 2018-06-11 | 2018-12-18 | 安徽工程大学 | Round transformation multiplex circuit and AES based on composite matrix decrypt circuit |
| CN109033847A (en) * | 2018-06-11 | 2018-12-18 | 安徽工程大学 | AES encryption arithmetic element, AES encryption circuit and its encryption method |
Non-Patent Citations (2)
| Title |
|---|
| XIAOQIANG ZHANG等: "The Design Method of Compact Composite Field AES S-Box Based on AND-XOR Array Structure", 《IEEE》 * |
| 张肖强: "基于复合域运算的AES密码电路优化设计方法研究", 《中国博士学位论文全文数据库 信息科技辑》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113193950A (en) * | 2021-07-01 | 2021-07-30 | 广东省新一代通信与网络创新研究院 | Data encryption method, data decryption method and storage medium |
| CN113193950B (en) * | 2021-07-01 | 2021-12-10 | 广东省新一代通信与网络创新研究院 | Data encryption method, data decryption method and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1921382B (en) | Encrypting-decrypting method based on AES algorithm and encrypting-decrypting device | |
| CN104639314A (en) | Device based on AES (advanced encryption standard) encryption/decryption algorithm and pipelining control method | |
| Moldovyan et al. | A cipher based on data-dependent permutations | |
| CN106921487A (en) | Reconfigurable S-box circuit structure | |
| CN109033892B (en) | Round conversion multiplexing circuit based on synthetic matrix and AES decryption circuit | |
| CN109150495B (en) | Round conversion multiplexing circuit and AES decryption circuit thereof | |
| CN108933652B (en) | Ordinary round of transform arithmetic element, ordinary round of transform circuit and AES decryption circuit | |
| CN109039583B (en) | Multiplexing round conversion circuit, AES encryption circuit and encryption method | |
| CN108809627B (en) | Round conversion multiplexing circuit and AES decryption circuit | |
| CN109033847B (en) | AES encryption operation unit, AES encryption circuit and encryption method thereof | |
| CN109639408A (en) | A kind of AES decryption multiplexing round transformation circuit structure | |
| CN108566271B (en) | Multiplexing round conversion circuit, AES encryption circuit and encryption method thereof | |
| CN109033893B (en) | AES encryption unit based on synthetic matrix, AES encryption circuit and encryption method thereof | |
| Wei et al. | Searching the space of tower field implementations of the 𝔽28 inverter-with applications to AES, Camellia and SM4 | |
| CN102857334B (en) | Method and device for realizing AES (advanced encryption standard) encryption and decryption | |
| Rais et al. | A novel FPGA implementation of AES-128 using reduced residue of prime numbers based S-Box | |
| CN108989018B (en) | AES encryption unit, AES encryption circuit and encryption method | |
| CN109033023B (en) | Ordinary round conversion operation unit, ordinary round conversion circuit and AES encryption circuit | |
| CN108964875B (en) | Ordinary round conversion arithmetic unit, ordinary round conversion circuit and AES decryption circuit | |
| CN109660333A (en) | AES decryption multiplexing round transformation arithmetic element structure | |
| CN109936440A (en) | AES decrypts multiplexing round transformation arithmetic element structure and construction method in circuit | |
| Mourad et al. | AES embedded hardware implementation | |
| CN109150496B (en) | AES encryption operation unit, AES encryption circuit and encryption method | |
| Thirer | A pipelined FPGA implementation of an encryption algorithm based on genetic algorithm | |
| CN108964876B (en) | Ordinary round conversion arithmetic unit, ordinary round conversion circuit and AES encryption circuit |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190416 |
|
| RJ01 | Rejection of invention patent application after publication |