CN109818733B - Advanced encryption standard operation circuit and encryption and decryption method thereof - Google Patents

Advanced encryption standard operation circuit and encryption and decryption method thereof Download PDF

Info

Publication number
CN109818733B
CN109818733B CN201910241014.5A CN201910241014A CN109818733B CN 109818733 B CN109818733 B CN 109818733B CN 201910241014 A CN201910241014 A CN 201910241014A CN 109818733 B CN109818733 B CN 109818733B
Authority
CN
China
Prior art keywords
module
circuit
selection module
encryption
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910241014.5A
Other languages
Chinese (zh)
Other versions
CN109818733A (en
Inventor
刘刚
冯春阳
彭琅
张兴革
王俊杰
黄晶
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hexin Technology Co.,Ltd.
Hexin Technology Suzhou Co ltd
Original Assignee
Suzhou Powercore Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Powercore Technology Co ltd filed Critical Suzhou Powercore Technology Co ltd
Priority to CN201910241014.5A priority Critical patent/CN109818733B/en
Publication of CN109818733A publication Critical patent/CN109818733A/en
Application granted granted Critical
Publication of CN109818733B publication Critical patent/CN109818733B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention discloses a high-grade encryption standard operation circuit and an encryption and decryption method thereof, wherein the operation circuit comprises: the advanced encryption standard operation circuit provided by the embodiment of the invention divides the encryption and decryption process of each round of the AES algorithm into a plurality of pipeline stages for operation, and controls each pipeline stage in the AES algorithm to perform corresponding combined calculation through a selection signal instruction provided by the control circuit to complete the whole encryption and decryption process of the AES; in the process of completing AES encryption and decryption, the calculation of each step in the AES encryption and decryption process can be initiated, terminated and checked at any time; in the process of executing data AES encryption and decryption, processor instructions with high priority can be executed preferentially, and flush is not needed to drop encryption and decryption instructions, so that the execution efficiency of the processor can be improved better.

Description

Advanced encryption standard operation circuit and encryption and decryption method thereof
Technical Field
The invention relates to the technical field of communication, in particular to an advanced encryption standard operation circuit and an encryption and decryption method thereof.
Background
With the progress of science and technology, information exchange is more frequent in people's life, and the guarantee of safe transmission of information becomes a crucial link in communication. The National Institute of Standards and Technology (NIST) developed and published Advanced Encryption Standard (AES) algorithm in 2001, which is one of the most popular Encryption methods today instead of DES Encryption algorithm. The AES encryption algorithm has the characteristics of high safety, simple flow, compact coding and the like, and can meet the requirement of information encryption under most conditions.
AES is an encryption algorithm for symmetric key packets. To meet different scenario requirements, the AES encryption algorithm may use 128, 192, or 256 bit keys, respectively. As an iterative encryption algorithm, AES includes 10, 12, or 14 rounds of cycles according to different key lengths, each round of cycles is also called round transformation, and an output of a previous round of transformation is an input of a next round of transformation. Although each round of circulation is cut by the method, the calculation in the round cannot be cut, and the frequency requirement of the processor cannot be met during the calculation in the processor.
Disclosure of Invention
In view of this, embodiments of the present invention provide an advanced encryption standard operation circuit and an encryption and decryption method thereof to solve the problem that operations in an AES round cannot be divided and the frequency requirement of a processor cannot be met during operations in the processor.
The technical scheme provided by the invention is as follows:
a first aspect of an embodiment of the present invention provides an advanced encryption standard operation circuit, where the operation circuit includes: the circuit comprises a first-stage circuit, a second-stage circuit, a third-stage circuit and a control circuit, wherein the first-stage circuit comprises a reverse shift module and a first selection module, two paths of input data are input at the input end of the first-stage circuit, and one path of input data is transmitted to the first selection module; the reverse shift module is used for performing reverse shift operation on the other path of input data and transmitting the reverse shift operation to the first selection module; the first selection module is used for selecting one path of input data to transmit; the second-stage circuit comprises a byte substitution module, an inverse byte substitution module and a second selection module, and is used for dividing the data output by the first selection module into two paths of input data; the byte substitution module is used for carrying out byte substitution operation on one path of input data and transmitting the input data to the second selection module; the reverse byte substitution module is used for performing reverse byte substitution operation on the other path of input data and transmitting the data to the second selection module; the second selection module is used for selecting one path of data output by the byte substitution module and the reverse byte substitution module for output; the third-stage circuit comprises a row shifting module, a column mixing module, an encryption round key adding module, a decryption round key adding module, an inverse column mixing module, a third selection module, a fourth selection module, a fifth selection module, a sixth selection module and a seventh selection module; the third-stage circuit is used for dividing the data output by the second selection module into four paths of input data; the row shifting module is used for performing row shifting operation on the first path of input data and transmitting the first path of input data to the column mixing module and the third selection module; the third selection module is used for selecting one of the data after the line shift operation and the second path of input data to be transmitted to the fourth selection module; the fourth selection module is used for selecting one of the third path of input data and the data output by the third selection module to output; the column mixing module is used for performing column mixing operation on the data subjected to the row shift operation and transmitting the data to the fifth selection module; the decryption round key addition module is used for performing second round key addition operation on fourth path input data and transmitting the fourth path input data to the reverse column mixing module or directly outputting the fourth path input data to the third-stage circuit; the reverse column mixing module is used for performing reverse column mixing operation on the data subjected to the second round of key addition operation and transmitting the data to the fifth selection module; the fifth selection module is used for selecting one path of data output by the column mixing module and the reverse column mixing module for output; the sixth selection module is used for selecting one of the data output by the fourth selection module and the data output by the fifth selection module to output; the encryption round key adding module is used for performing first round key adding operation on the data output by the sixth selection module and then outputting the data; the seventh selection module is used for selecting one of the data output by the encryption round key adding module and the data output by the sixth selection module to output, so as to obtain an encrypted or decrypted calculation result; the control circuit is used for providing selection signals to control the operation processes in the first-stage circuit, the second-stage circuit and the third-stage circuit according to the encryption and decryption working modes.
Optionally, the column mixing module includes a first operational circuit and a second operational circuit, the inverse column mixing module includes a third operational circuit and a fourth operational circuit, and the second operational circuit and the fourth operational circuit are the same operational circuit.
Optionally, the advanced encryption standard operation circuit further includes: the eighth selection module is used for selecting one of the data output by the sixth selection module and the data output by the first calculation circuit to output; the ninth selection module is used for selecting one path of the round key and the data output by the first calculation circuit to be output; the encryption round key module is used for performing encryption round key addition operation on the data output by the eighth selection module and the data output by the ninth selection module and outputting the data; and the register is used for storing the data output by the encryption round key adding module.
Optionally, the advanced encryption standard operation circuit further includes: and the sum of the plurality of filling circuits, the first-stage circuit, the second-stage circuit and the third-stage circuit is consistent with the number of pipelines of the processor.
Optionally, the byte substitution module maps each byte in the input data to another byte according to a truth table, and the operation performed by the inverse byte substitution module is an inverse operation of the byte substitution operation.
Optionally, the row shifting module performs a row-based cyclic shift operation on the input data subjected to the byte substitution operation, and the operation performed by the reverse shifting module is an inverse operation of the row shifting operation.
Optionally, the column mixing module performs multiplication and addition operations on the input data subjected to the row shift operation and a polynomial, and the operation performed by the inverse column mixing module is an inverse operation of the column mixing operation.
Optionally, the encryption round key addition module performs an exclusive or operation with the round key on the input data after the column mixing operation, and the operation performed by the decryption round key addition module is the same as the operation performed by the encryption round key addition module.
A second aspect of the embodiments of the present invention provides an encryption and decryption method based on an advanced encryption standard, where the encryption and decryption method includes: according to the advanced encryption standard operation circuit of any one of the first aspect and the first aspect of the embodiment of the invention, the control circuit controls the first-stage circuit, the second-stage circuit and the third-stage circuit to complete a round of encryption or decryption process; and completing the encryption or decryption operation of the corresponding round number according to the length of the key.
The technical scheme provided by the invention has the following effects:
the advanced encryption standard operation circuit and the encryption and decryption method thereof provided by the embodiment of the invention divide each round of encryption and decryption process of an AES algorithm into a plurality of pipeline stages for operation, and control each pipeline stage in the AES algorithm to perform corresponding combined calculation through a selection signal instruction provided by a control circuit to complete the whole encryption and decryption process of the AES algorithm; in the process of completing AES encryption and decryption, the calculation of each step, the calculation of each round and the calculation of the key of each round in the AES encryption and decryption process can be initiated, terminated and checked at any time; meanwhile, in a processor, an AES encryption and decryption program (taking a 128-bit key as an example) for executing a section of data needs a very large number of processor cycles to implement, so that other processor instructions with higher priority cannot be executed in time in the encryption and decryption processes, or other processor instructions with higher priority can be executed only by clearing (flush) the encryption and decryption instructions; the advanced encryption standard arithmetic circuit provided by the embodiment of the invention can be applied to a processor to flexibly arrange the execution of a data encryption and decryption program, can realize the priority execution of processor instructions with high priority in the process of executing data AES encryption and decryption, does not need flush to remove encryption and decryption instructions, and can better improve the execution efficiency of the processor.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a block diagram of an advanced encryption Standard operational circuit according to an embodiment of the present invention;
FIG. 2 is a block diagram of an advanced encryption Standard operational circuit according to another embodiment of the present invention;
FIG. 3 is a block diagram of an advanced encryption Standard operational circuit according to another embodiment of the present invention;
fig. 4 is a block diagram of an advanced encryption standard operation circuit according to another embodiment of the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings, and it should be understood that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc., indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, but do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; the two elements may be directly connected or indirectly connected through an intermediate medium, or may be communicated with each other inside the two elements, or may be wirelessly connected or wired connected. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
In addition, the technical features involved in the different embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
An embodiment of the present invention provides an advanced encryption standard operation circuit, as shown in fig. 1, the operation circuit includes: the circuit comprises a first-stage circuit 1, a second-stage circuit 2, a third-stage circuit 3 and a control circuit.
The first-stage circuit 1 comprises a reverse shift module 11 and a first selection module 12, two paths of input data are input at the input end of the first-stage circuit 1, and one path of input data is transmitted to the first selection module 12; the reverse shift module 11 is configured to perform reverse shift operation on the other path of input data, and transmit the result to the first selection module 12; the first selection module 12 is configured to select one of the input data paths for transmission.
The second-stage circuit 2 comprises a byte substitution module 21, an inverse byte substitution module 22 and a second selection module 23, and the second-stage circuit 2 is used for dividing data output by the first selection module 23 into two paths of input data; the byte substitution module 21 is configured to perform byte substitution operation on one of the input data paths, and transmit the result to the second selection module 23; the reverse byte substitution module 22 is used for performing reverse byte substitution operation on the other path of input data and transmitting the result to the second selection module 23; the second selection module 23 is configured to select one of the data output by the byte substitution module 21 and the inverse byte substitution module 22 for output.
The third stage circuit 3 comprises a row shifting module 31, a column mixing module 32, an encryption round key adding module 33, a decryption round key adding module 34, an inverse column mixing module 35, a third selecting module 36, a fourth selecting module 37, a fifth selecting module 38 and a sixth selecting module 39; the third stage circuit 3 is configured to divide the data output by the second selection module 36 into four paths of input data; the row shifting module 31 is used for performing row shifting operation on the first path of input data and transmitting the first path of input data to the row mixing module 32 and the third selection module 36; the third selection module 36 is configured to select one of the data after the row shift operation and the second input data to transmit to the fourth selection module 37; the fourth selecting module 37 is configured to select one of the third path of input data and the data output by the third selecting module 36 for output; the row mixing module 32 is configured to perform row mixing operation on the data subjected to the row shifting operation, and then transmit the data to the fifth selecting module 38; the decryption round key adding module 34 is configured to perform a second round key adding operation on the fourth path of input data, and transmit the result to the inverse column mixing module 35 or directly output the result to the third-stage circuit 3; the reverse column mixing module 35 is configured to perform reverse column mixing operation on the data after the second round of key addition operation, and transmit the data to the fifth selecting module 38; the fifth selection module 38 is configured to select one of the data output by the column mixing module 32 and the inverse column mixing module 35 for output; the sixth selecting module 39 is configured to select one of the data output by the fourth selecting module 37 and the data output by the fifth selecting module 38 for output; the encryption round key adding module 33 is configured to perform a first round key adding operation on the data output by the sixth selecting module 39 and output the data; the seventh selection module is used for selecting one of the data output by the encryption round key adding module and the data output by the sixth selection module to output, so as to obtain an encrypted or decrypted calculation result.
The control circuit is used for providing selection signals to control the operation processes in the first-stage circuit 1, the second-stage circuit 2 and the third-stage circuit 3 according to the working modes of encryption and decryption.
The advanced encryption standard operation circuit provided by the embodiment of the invention divides the encryption and decryption process of each round of the AES algorithm into a plurality of pipeline stages for operation, and controls each pipeline stage in the AES algorithm to perform corresponding combined calculation through a selection signal instruction provided by the control circuit to complete the whole encryption and decryption process of the AES algorithm; in the process of completing AES encryption and decryption, the calculation of each step, the calculation of each round and the calculation of the key of each round in the AES encryption and decryption process can be initiated, terminated and checked at any time; meanwhile, in a processor, an AES encryption and decryption program (taking a 128-bit key as an example) for executing a section of data needs a very large number of processor cycles to implement, so that other processor instructions with higher priority cannot be executed in time in the encryption and decryption processes, or other processor instructions with higher priority can be executed only by clearing (flush) the encryption and decryption instructions; the advanced encryption standard arithmetic circuit provided by the embodiment of the invention can be applied to a processor to flexibly arrange the execution of a data encryption and decryption program, can realize the priority execution of processor instructions with high priority in the process of executing data AES encryption and decryption, does not need flush to remove encryption and decryption instructions, and can better improve the execution efficiency of the processor.
The advanced encryption standard operation circuit provided by the embodiment of the invention divides the encryption and decryption process of each round of the AES algorithm into a plurality of pipeline stages for operation, and simultaneously sets a selection module in each pipeline stage, because the data output by the previous stage can enter each parallel module in the next stage for operation, the control circuit can control the selection module to select different encryption and decryption modules for operation through a selection signal, and then the data obtained by operation is input into the next module for operation, thereby completing the encryption and decryption process of the data, for example, when the data needs to be decrypted, the selection module can select the data obtained by operation of the reverse shift module 11, the reverse byte substitution module 22, the decryption round key encryption module 33 and the reverse mixing module 35, and the decryption process of different rounds is selected according to the bit number of the key, thereby realizing the decryption operation.
In addition, in the embodiment of the present invention, by providing the third selection module 36, the fourth selection module 37, the fifth selection module 38, and the sixth selection module 39 in the third stage circuit 3, the operation results of any one of the byte substitution module 21, the reverse byte substitution module 22, the row shift module 31, the column mixing module 32, and the reverse column mixing module 35 can be controlled according to the selection output of the plurality of modules by the control circuit, so as to meet the requirements of different users.
In the embodiment of the present invention, the round keys used in the encryption round key adding module and the decryption round key adding module may be round keys generated by the existing key expansion operation. This step is defined by the present application.
As an optional implementation manner of the embodiment of the present invention, as shown in fig. 2, the advanced encryption standard operation circuit further includes: the eighth selecting module 42, the ninth selecting module 43, the register 44 and the first calculating circuit 41, wherein the eighth selecting module 42 is configured to select one of the data output by the sixth selecting module 39 and the data output by the first calculating circuit 41 for output; the ninth selection module 43 is configured to select one of the round keys and the data output by the first calculation circuit 41 for output; the encryption round key module 34 is configured to perform encryption round key addition operation on the data output by the eighth selecting module 42 and the data output by the ninth selecting module 43, and then output the result; the register 44 is used for storing the data output by the encryption round key adding module 34.
In the embodiment of the present invention, an eighth selecting module 42, a ninth selecting module 43, a register 44 and a first calculating circuit 41 are disposed in the advanced encryption standard calculating circuit, and the control circuit may control the selecting module to select the data and the round key output by the column mixing module 32 to perform encryption round key addition operation by controlling the selecting signal, or select two data output by the first calculating circuit 41 to perform round key addition operation to obtain a round key, and store the round key in the register 44, and the round key stored in the register 44 may be used in the next round of encryption or decryption process.
As an alternative implementation manner of the embodiment of the present invention, as shown in fig. 3, in the advanced encryption standard operation circuit, the column mixing module 32 includes a first operation circuit 301 and a second operation circuit 303, the inverse column mixing module 35 includes a third operation circuit 302 and a fourth operation circuit, and the second operation circuit 303 and the fourth operation circuit are the same operation circuit. Specifically, the first arithmetic circuit 301 is configured to perform a first row mixing operation on the data subjected to the row shifting operation, and transmit the data to the fifth selection module 38; the third arithmetic circuit 302 is configured to perform a first inverse column mixing operation on the data after the second round of key addition operation, and transmit the data to the fifth selection module 38; the fifth selection module 38 is configured to select one of the data output by the first operational circuit 301 and the third operational circuit 302 for output; the second arithmetic circuit 303 (a fourth arithmetic circuit) is configured to perform a second mixing operation on the data output by the fifth selection module 38 and output the data to the sixth selection module 39, and the sixth selection module 39 is configured to select one of the second mixing operation data and the data output by the fourth selection module 37 for output.
Specifically, the inverse column mixing module includes a third arithmetic circuit and a fourth arithmetic circuit, the third arithmetic circuit 0x09 x.word [ c ] byte [ i ], 0x0b x.word [ c ] byte [ i ], 0x0d x.word [ c ] byte [ i ], 0x0e x.word [ c ] byte [ i ]. The fourth arithmetic circuit is the four-number exclusive OR of the arithmetic result of the third arithmetic circuit and is divided into two-stage exclusive OR.
In the embodiment of the invention, the first step of column mixing operation and the inverse column mixing operation can be calculated by the first operation circuit and the second operation circuit, and the second step of operation can be realized by the same operation circuit (the second operation circuit or the fourth operation circuit), namely, the operation is realized by sharing hardware, so that the circuit cost is reduced.
As an optional implementation manner of the embodiment of the present invention, as shown in fig. 4, the advanced encryption standard operation circuit further includes: and the sum of the plurality of filling circuits, the first-stage circuit 1, the second-stage circuit 2 and the third-stage circuit 3 is consistent with the number of pipelines of the processor. Specifically, when the pipeline stage of the processor is six stages, the arithmetic circuit may further include a fourth-stage circuit 5, a fifth-stage circuit 6, and a sixth-stage circuit 7 in addition to the first-stage circuit 1, the second-stage circuit 2, and the third-stage circuit 3 in the above embodiment, and the fourth-stage circuit 5, the fifth-stage circuit 6, and the sixth-stage circuit 7 are filling circuits, that is, pipeline stages having three non-logic circuits are filled in the processor.
As an alternative implementation manner of the embodiment of the present invention, the byte substitution module 21 in the advanced encryption standard operation circuit maps each byte in the input data to another byte according to the truth table, and the operation performed by the inverse byte substitution module 22 is the inverse operation of the byte substitution operation. The byte substitution is a non-linear substitution based on S-boxes, and is used for mapping each byte of an input or intermediate state into another byte through a simple table look-up operation. The mapping method comprises the following steps: the high 4 bits of the input byte are used as the row value of the S-box, the low 4 bits are used as the column value, and then the elements of the corresponding row and column in the S-box are taken out as the output. For example, the row value of the S-box corresponding to the value input as "89" (hexadecimal) is "8", the column value is "9", and the value of the corresponding position in the S-box is "a 7", which means that "89" is mapped to "87".
As an optional implementation manner of the embodiment of the present invention, the line shifting module 31 in the advanced encryption standard operation circuit performs a line-based circular shifting operation on the input data after performing the byte substitution operation, and the operation performed by the reverse line shifting module 11 is an inverse operation of the line shifting operation. The row shifting module 31 reorders the data format, that is, the row shifting transformation acts on the row in the intermediate state, the 0 th row is not moved, the 1 st row is circularly shifted to the left by 1 byte, the 2 nd row is circularly shifted to the left by 2 bytes, and the 3 rd row is circularly shifted to the left by 3 bytes. The reverse shift module 11 is opposite to the row shift module 31, and the reverse shift module 11 shifts the last three rows of the State in the opposite direction, that is, the 0 th row remains unchanged, the 1 st row is shifted to the right by 1 byte, the 2 nd row is shifted to the right by 2 bytes, and the 3 rd row is shifted to the right by 3 bytes.
As an optional implementation manner of the embodiment of the present invention, in the advanced encryption standard operation circuit, the column mixing module 32 performs multiplication and addition operations on the input data subjected to the row shift operation and the polynomial, and the operation performed by the inverse column mixing module 35 is an inverse operation of the column mixing operation. Where the column mixing module 32 actually uses a multiplication matrix to ensure that the result of the operation does not overflow the domain. Wherein the multiplication and addition involved are both defined at GF (2)8) In (1).
As an optional implementation manner of the embodiment of the present invention, in the advanced encryption standard operation circuit, the encryption round key addition module 34 performs an exclusive or operation with the round key on the input data after the column mixing operation, and the operation performed by the decryption round key addition module 33 is the same as the operation performed by the encryption round key addition module 34. Wherein the round key adding module is used for adding each column of the input or intermediate state withA secret key word W [ i ]]Performing a bitwise XOR where W [ i](i=0,1,…,4(Nr+1) -1) is generated by the original key through a key expansion algorithm, that is, by the calculation circuit 4 provided in the embodiment of the present invention, the calculation circuit 4 generates a key word by completing 4 finite field polynomial multiply-add instructions in an instruction set, where the key word is a round key in the advanced encryption standard operation circuit in the embodiment of the present invention.
The embodiment of the invention also provides an encryption and decryption method based on the advanced encryption standard, which comprises the following steps: according to the advanced encryption standard operation circuit of any one of the first aspect and the first aspect of the embodiment of the invention, the control circuit controls the first-stage circuit, the second-stage circuit and the third-stage circuit to complete a round of encryption or decryption process; and completing the encryption or decryption operation of the corresponding round number according to the length of the key.
Although the embodiments of the present invention have been described in conjunction with the accompanying drawings, those skilled in the art may make various modifications and variations without departing from the spirit and scope of the invention, and such modifications and variations fall within the scope defined by the appended claims.

Claims (9)

1. An advanced encryption standard arithmetic circuit, comprising: a first stage circuit, a second stage circuit, a third stage circuit and a control circuit,
the first-stage circuit comprises a reverse shift module and a first selection module, two paths of input data are input at the input end of the first-stage circuit, and one path of input data is transmitted to the first selection module; the reverse shift module is used for performing reverse shift operation on the other path of input data and transmitting the reverse shift operation to the first selection module; the first selection module is used for selecting one path of input data to transmit;
the second-stage circuit comprises a byte substitution module, an inverse byte substitution module and a second selection module, and is used for dividing the data output by the first selection module into two paths of input data; the byte substitution module is used for carrying out byte substitution operation on one path of input data and transmitting the input data to the second selection module; the reverse byte substitution module is used for performing reverse byte substitution operation on the other path of input data and transmitting the other path of input data to the second selection module; the second selection module is used for selecting one path of data output by the byte substitution module and the reverse byte substitution module for output;
the third-stage circuit comprises a row shifting module, a column mixing module, an encryption round key adding module, a decryption round key adding module, an inverse column mixing module, a third selection module, a fourth selection module, a fifth selection module, a sixth selection module and a seventh selection module; the third-stage circuit is used for dividing the data output by the second selection module into four paths of input data; the row shifting module is used for performing row shifting operation on the first path of input data and transmitting the first path of input data to the column mixing module and the third selection module; the third selection module is used for selecting one of the data after the line shift operation and the second path of input data to be transmitted to the fourth selection module; the fourth selection module is used for selecting one of the third path of input data and the data output by the third selection module to output; the row mixing module is used for performing row mixing operation on the data subjected to the row shifting operation and transmitting the data to the fifth selection module; the decryption round key adding module is used for performing decryption round key adding operation on the fourth path of input data and then transmitting the fourth path of input data to the reverse row mixing module or directly outputting the fourth path of input data to the third-stage circuit; the inverse column mixing module is used for performing inverse column mixing operation on the data subjected to the encryption and decryption round key addition operation and transmitting the data to the fifth selection module; the fifth selection module is used for selecting one path of data output by the column mixing module and the reverse column mixing module for output; the sixth selection module is used for selecting one of the data output by the fourth selection module and the data output by the fifth selection module to output; the encryption round key adding module is used for performing encryption round key adding operation on the data output by the sixth selection module and outputting the data; the seventh selection module is used for selecting one of the data output by the encryption round key adding module and the data output by the sixth selection module to output, so as to obtain an encrypted or decrypted calculation result;
the control circuit is used for providing selection signals to control the operation processes in the first-stage circuit, the second-stage circuit and the third-stage circuit according to the encryption and decryption working modes.
2. The advanced encryption standard operational circuit of claim 1, wherein the column mixing module comprises a first operational circuit and a second operational circuit, and wherein the inverse column mixing module comprises a third operational circuit and a fourth operational circuit, the second operational circuit and the fourth operational circuit being the same operational circuit.
3. The advanced encryption standard arithmetic circuit of claim 1, further comprising: an eighth selection module, a ninth selection module, a register and a first calculation circuit,
the eighth selection module is used for selecting one of the data output by the sixth selection module and the data output by the first calculation circuit to output; the ninth selection module is used for selecting one path of the round key and the data output by the first calculation circuit to be output; the encryption round key adding module is used for performing encryption round key adding operation on the data output by the eighth selection module and the data output by the ninth selection module and outputting the data; and the register is used for storing the data output by the encryption round key adding module.
4. The advanced encryption standard arithmetic circuit of claim 1, further comprising: and the sum of the plurality of filling circuits, the first-stage circuit, the second-stage circuit and the third-stage circuit is consistent with the number of pipelines of the processor.
5. The ADM circuitry of claim 1, wherein the byte substitution module maps each byte of input data to another byte according to a truth table, and the inverse byte substitution module performs the inverse operation of the byte substitution operation.
6. The ADM arithmetic circuit of claim 5, wherein the row shifting module performs a row-based circular shifting operation on the input data after the byte substitution operation, and the inverse row shifting module performs an inverse operation of the row shifting operation.
7. The advanced encryption standard operation circuit according to claim 6, wherein the column mixing module performs multiplication and addition operations of a polynomial on the input data subjected to the row shift operation, and the operation performed by the inverse column mixing module is an inverse operation of the column mixing operation.
8. The advanced encryption standard operation circuit according to claim 7, wherein the encryption round key adding module performs XOR operation with round key on the input data after column mixing operation, and the operation performed by the decryption round key adding module is the same as the operation performed by the encryption round key adding module.
9. An encryption and decryption method based on advanced encryption standard, comprising:
the advanced encryption standard operation circuit as claimed in any one of claims 1 to 8, wherein the control circuit controls the first stage circuit, the second stage circuit and the third stage circuit to complete a round of encryption or decryption process;
and completing the encryption or decryption operation of the corresponding round number according to the length of the key.
CN201910241014.5A 2019-03-27 2019-03-27 Advanced encryption standard operation circuit and encryption and decryption method thereof Active CN109818733B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910241014.5A CN109818733B (en) 2019-03-27 2019-03-27 Advanced encryption standard operation circuit and encryption and decryption method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910241014.5A CN109818733B (en) 2019-03-27 2019-03-27 Advanced encryption standard operation circuit and encryption and decryption method thereof

Publications (2)

Publication Number Publication Date
CN109818733A CN109818733A (en) 2019-05-28
CN109818733B true CN109818733B (en) 2022-04-26

Family

ID=66610690

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910241014.5A Active CN109818733B (en) 2019-03-27 2019-03-27 Advanced encryption standard operation circuit and encryption and decryption method thereof

Country Status (1)

Country Link
CN (1) CN109818733B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104639314A (en) * 2014-12-31 2015-05-20 深圳先进技术研究院 Device based on AES (advanced encryption standard) encryption/decryption algorithm and pipelining control method
CN105404494A (en) * 2015-12-18 2016-03-16 苏州中晟宏芯信息科技有限公司 Floating point fusion multiplication and addition method based on interior forward-push, apparatus and processor
CN106034021A (en) * 2015-03-12 2016-10-19 中国科学院上海高等研究院 Light-weight dual-mode-compatible AES encryption and decryption module and method thereof
CN106656470A (en) * 2016-12-16 2017-05-10 南开大学 Data encryption method based on improved AES (Advanced Encryption Standard) algorithm
CN107395603A (en) * 2017-07-28 2017-11-24 移康智能科技(上海)股份有限公司 The encryption and decryption method of control instruction transmission, terminal device/server

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070174916A1 (en) * 2005-10-28 2007-07-26 Ching Peter N Method and apparatus for secure data transfer
CN102780557B (en) * 2012-07-10 2015-05-27 记忆科技(深圳)有限公司 Method and device for AES (advanced encryption standard) encryption/decryption with selection gate optimization
TWI712915B (en) * 2014-06-12 2020-12-11 美商密碼研究公司 Methods of executing a cryptographic operation, and computer-readable non-transitory storage medium
EP3086503B1 (en) * 2015-04-23 2018-06-06 Inside Secure Fault detection for systems implementing a block cipher

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104639314A (en) * 2014-12-31 2015-05-20 深圳先进技术研究院 Device based on AES (advanced encryption standard) encryption/decryption algorithm and pipelining control method
CN106034021A (en) * 2015-03-12 2016-10-19 中国科学院上海高等研究院 Light-weight dual-mode-compatible AES encryption and decryption module and method thereof
CN105404494A (en) * 2015-12-18 2016-03-16 苏州中晟宏芯信息科技有限公司 Floating point fusion multiplication and addition method based on interior forward-push, apparatus and processor
CN106656470A (en) * 2016-12-16 2017-05-10 南开大学 Data encryption method based on improved AES (Advanced Encryption Standard) algorithm
CN107395603A (en) * 2017-07-28 2017-11-24 移康智能科技(上海)股份有限公司 The encryption and decryption method of control instruction transmission, terminal device/server

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
AES 算法中基于流水线的可逆S盒设计与实现;程桂花,罗永龙,齐学梅,左开中;《小型微型计算机系统》;20120315;全文 *
Successful Implementation of AES Algorithm in Hardware;Rozita Borhan ect.;《2012 IEEE International Conference on Electronics Design, Systems and Applications (ICEDSA)》;20130429;全文 *
一种AES密码算法的硬件实现;王赜坤、陈松涛;《https://wenku.baidu.com/view/2ec2457fa32d7375a5178028.html?fr=xueshu》;20140427;全文 *
基于密码流处理器的AES算法软件流水实现;张舜标;《信息技术与信息化》;20180625;全文 *

Also Published As

Publication number Publication date
CN109818733A (en) 2019-05-28

Similar Documents

Publication Publication Date Title
US8265273B2 (en) Encryption device using mask value to convert plain text into encrypted text
Lim CRYPTON: A new 128-bit block cipher
Knudsen et al. Integral cryptanalysis
US7236593B2 (en) Apparatus for encryption and decryption, capable of use in encryption and decryption of advanced encryption standard
US20080276106A1 (en) Data Conversion Apparatus and Data Conversion Method
EP2316189B1 (en) Method for generating a cipher-based message authentication code
KR100377176B1 (en) Encryption device using data encryption standard algorithm
US20090003589A1 (en) Native Composite-Field AES Encryption/Decryption Accelerator Circuit
JP2007094377A (en) Encryption processor
Fischer Realization of the round 2 AES candidates using Altera FPGA
CN111064562A (en) Implementation method of AES algorithm on FPGA
US20040202318A1 (en) Apparatus for supporting advanced encryption standard encryption and decryption
Chang et al. High throughput 32-bit AES implementation in FPGA
CN109327276B (en) Security coding method, decoding method and device
JP2015191107A (en) Encryption processing device, encryption processing method, and program
CN109818733B (en) Advanced encryption standard operation circuit and encryption and decryption method thereof
JP4395527B2 (en) Information processing device
EP1202488B1 (en) Encryption sub-key generation circuit
Sireesha et al. A novel approach of area optimized and pipelined FPGA implementation of AES encryption and decryption
KR100788902B1 (en) Mixcolum block device and method of multiplication calculation thereof
Keliher Cryptanalysis of a modified Hill Cipher
Lin et al. Improved meet-in-the-middle attacks on reduced-round kalyna-128/256 and kalyna-256/512
JP2008040244A (en) Aes encryption circuit
Kumar et al. FPGA Implementation of High Performance Hybrid Encryption Standard
KR100316024B1 (en) Encryption device using data encryption standard algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: No.9, Xuesen Road, science and Technology City, Suzhou high tech Zone, Suzhou City, Jiangsu Province

Patentee after: Hexin Technology (Suzhou) Co.,Ltd.

Address before: 215163 building 3, No.9 Xuesen Road, science and Technology City, high tech Zone, Suzhou City, Jiangsu Province

Patentee before: SUZHOU POWERCORE TECHNOLOGY Co.,Ltd.

CP03 Change of name, title or address
TR01 Transfer of patent right

Effective date of registration: 20221208

Address after: Room 301, No. 45, Ruiji Second Street, Huangpu District, Guangzhou, Guangdong 510799

Patentee after: Hexin Technology Co.,Ltd.

Address before: No.9, Xuesen Road, science and Technology City, Suzhou high tech Zone, Suzhou City, Jiangsu Province

Patentee before: Hexin Technology (Suzhou) Co.,Ltd.

TR01 Transfer of patent right