CN110061839A - A kind of decryption device and method of FPGA encryption code stream - Google Patents
A kind of decryption device and method of FPGA encryption code stream Download PDFInfo
- Publication number
- CN110061839A CN110061839A CN201910364922.3A CN201910364922A CN110061839A CN 110061839 A CN110061839 A CN 110061839A CN 201910364922 A CN201910364922 A CN 201910364922A CN 110061839 A CN110061839 A CN 110061839A
- Authority
- CN
- China
- Prior art keywords
- code stream
- data
- key
- bit
- bits
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Abstract
This application discloses a kind of decryption device and methods of FPGA encryption code stream, which includes: input module, receive data code flow, if the data code flow is encryption code stream, key selection instruction is added in the encryption code stream;Data Integration module receives and collects the encryption code stream of the different bit wides of the input module transmission;Cipher key storage block receives the key selection instruction of the input module transmission, selects corresponding key according to the key selection instruction;Deciphering module receives the key and generates decruption key, and generation decryption code stream is decrypted to the encrypted code stream;Data split module, carry out fractionation output to the deciphering stream.
Description
Technical field
The present invention relates to electronic technology field, in particular to a kind of decryption device and method of FPGA encryption code stream.
Background technique
Programmadle logic gate array (FPGA) is in current electronic system design, because it is flexibly and easily widely made
With, but the FPGA based on static memory (SRAM) needs to be configured from outside write-in code stream, and code stream is very in configuration process
It is easy to be trapped, this causes great threat to the safety of fpga chip, therefore the encryption of fpga chip is gradually designed
The attention of personnel.Advanced Encryption Standard (AES) or data encryption standards (DES) is mostly used to add fpga chip greatly at present
It is close.
Summary of the invention
The purpose of the present invention is to provide a kind of decryption device and methods of FPGA encryption code stream, using SM4 block cipher
Standard is decrypted, meet fpga chip encryption high security, encryption/decryption speed be fast, hardware resource occupy it is few.
To solve the above-mentioned problems,
This application discloses a kind of decryption devices of FPGA encryption code stream, comprising:
Input module receives data code flow, if the data code flow is encryption code stream, is added in the encryption code stream close
Key selection instruction;
Data Integration module receives and collects the encryption code stream of the different bit wides of the input module transmission;
Cipher key storage block receives the key selection instruction of the input module transmission, according to the key selection instruction
Select corresponding key;
Deciphering module receives the key and generates decruption key, and generation deciphering is decrypted to the encrypted code stream
Stream;
Data split module, carry out fractionation output to the deciphering stream.
In a preferred embodiment, the deciphering module includes:
Key expansion unit receives the key that the cipher key storage block provides, and is generated and decrypted according to the cipher key spreading
Key;
Data decryption unit is decrypted the encrypted code stream according to the decruption key using SM4 standard, is solved
Password stream.
In a preferred embodiment, the Data Integration module receives clock signal and mode signal, the data code flow packet
Include the data of 1 bit continuously inputted, 2 bits, 4 bits, 8 bits or 16 bit bit wides.
In a preferred embodiment, the encryption code stream is integrated into the data of 128 bit bit wides by the Data Integration module.
In a preferred embodiment, the data split module and are split as connecting by the decryption code stream according to the mode signal
Continue the data of 1 bit exported, 2 bits, 4 bits, 8 bits or 16 bit bit wides.
Disclosed herein as well is a kind of FPGA decryption methods for encrypting code stream to include:
Data code flow is received, judges whether the data code flow is encryption code stream;
If encrypting code stream, key selection instruction is added in the encryption code stream, is selected according to the key selection instruction
It selects corresponding key and extends generation decruption key;
It is 128 full to judge whether the encryption code stream is collected;
If collecting completely 128, the encrypted code stream is decrypted according to the decruption key using SM4 standard, is generated
Decrypt code stream.
In a preferred embodiment, the data code flow includes 1 bit, 2 bits, 4 bits, 8 bits or 16 bit bit wides
Data pattern.
In a preferred embodiment, before encryption code stream decryption, the encryption code stream is integrated into 128 bit bit wides
Data.
In a preferred embodiment, after encryption code stream decryption, the decryption code stream is split as 1 according to mode signal
Bit, 2 bits, 4 bits, 8 bits or 16 bit bit wides data.
Compared with the existing technology, the application has the advantages that
The present invention applies SM4 Encryption Algorithm on FPGA, and block encryption can satisfy high security, encryption/decryption speed
Fastly, hardware resource occupies the performance requirements such as few;The alternative of key further increases the safety of FPGA;Support x1/x2/
The data of x4/x8/16 mode are continuously output and input, and do not need additional caching, and the alternative of data bit width, increase spirit
Activity.
Detailed description of the invention
Fig. 1 shows the block diagram that FPGA in one embodiment of the invention encrypts the decryption device of code stream;
Fig. 2 shows the flow charts that FPGA in one embodiment of the invention encrypts the decryption method of code stream;
Fig. 3 shows the timing diagram of different data mode in one embodiment of the invention.
Specific embodiment
In the following description, in order to make the reader understand this application better, many technical details are proposed.But this
The those of ordinary skill in field is appreciated that even if without these technical details and many variations based on the following respective embodiments
And modification, each claim of the application technical solution claimed can also be realized.
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to implementation of the invention
Mode is described in further detail.
Refering to what is shown in Fig. 1, the first embodiment of the application discloses a kind of decryption device 10 of FPGA encryption code stream, packet
Include: input module 11, Data Integration module 12, deciphering module 13, cipher key storage block 14, data split module 15.
Wherein, input module 11 receives data code flow, if the data code flow is encryption code stream, in the encryption code stream
Key selection instruction is added, Data Integration module 12 receives and collect the encryption code stream that the input module 11 transmits, and key is deposited
Storage module 14 receives the key selection instruction that the input module 11 transmits, and is selected accordingly according to the key selection instruction
Key, deciphering module 13 generates decruption key according to the cipher key spreading, and generation decryption is decrypted to the encrypted code stream
Code stream, data split module 15 and carry out fractionation output to the deciphering stream.In addition, if the data code flow is non-encrypted code
Stream, then do not need to be decrypted, directly be transmitted in memory in data code flow.
In a preferred embodiment, the deciphering module 13 includes: data decryption unit 131, key expansion unit 132, close
Key expanding element 132 receives the key, and generates decruption key according to the cipher key spreading, and data decryption unit receives institute
It states decruption key and the encrypted code stream is decrypted according to the decruption key using SM4 standard, obtain decryption code stream.
SM4 algorithm is the grouping symmetric cryptographic algorithm of China's autonomous Design, for realizing encryption/decryption operation of data,
To guarantee the confidentiality of data and information.SM4 algorithm can also resist the various attack methods for block cipher, including
Exhaustive search attack, differential attack, linear attack etc., can resist these attack means in practical applications.With DES and AES
Algorithm is similar, and SM4 algorithm is a kind of block cipher.Its block length is 128bit, and key length is also 128bit.Encryption
Algorithm and key schedule are all made of 32 wheel nonlinear iteration structures, carry out cryptographic calculation with word (32) for unit, each
Secondary interative computation is a round transformation function.The structure of SM4 algorithm encryption/decryption algorithm is identical, only use round key on the contrary, its
Middle decryption round key is the backward of encryption round key.
In a preferred embodiment, the Data Integration module 12 receives clock signal and mode signal, the data code flow
Data including 1 bit, 2 bits, 4 bits, 8 bits or 16 bit bit wides, i.e. the interior transmission 1bit of a clock cycle clk,
The data of 2bit, 4bit, 8bit or 16bit respectively correspond x1, x2, x4, x8, x16 mode, and data code flow can be continuous
Input the data of 1 bit, 2 bits, 4 bits, 8 bits or 16 bit bit wides.
In a preferred embodiment, the encryption code stream is integrated into the number of 128 bit bit wides by the Data Integration module 12
According to meet the requirement of SM4 password standard algorithm.
In a preferred embodiment, the data split module 15 and are split as the decryption code stream according to the mode signal
1 bit, 2 bits, 4 bits, 8 bits or 16 bit bit wides data, for example, being split as if mode signal is x1 mode
The data of 1bit bit wide export, and if it is x2 mode, are split as the data output of 2bit bit wide, if it is x4 mode, tear open
It is divided into the data output of 4bit bit wide, if it is x8 mode, is split as the data output of 8bit bit wide, if it is x16 mode,
It is then split as the data output of 16bit bit wide, and data code flow can continuously export the data of different bit bit wides.
With reference to shown in Fig. 1, Fig. 2, a kind of decryption method of FPGA encryption code stream is disclosed in the second embodiment of the application
Include:
Firstly, system electrification, resets FPGA and decrypts device;
Step 101, the input port of input module 11 receives data code flow;
Step 103, judge whether the data code flow is encryption code stream;
Step 105, if encryption code stream, Data Integration module 12 receive clock signal and mode signal, the numeric data code
Stream includes the data pattern of 1 bit, 2 bits, 4 bits, 8 bits or 16 bit bit wides, i.e. a clock cycle interior transmission 1bit,
The data of 2bit, 4bit, 8bit or 16bit respectively correspond x1, x2, x4, x8, x16 mode.
Step 115, if encryption code stream, is added key selection instruction, key storage is in key in the encryption code stream
In memory module 14, cipher key storage block 14 selects corresponding key according to key selection instruction, and generates decryption for extending
Key;
Step 107, judge whether the encryption code stream collects completely 128, before encryption code stream decryption, Data Integration
The encryption code stream is integrated into the data of 128 bit bit wides by module 12, to meet the needs of SM4 canonical algorithm;
Step 117, key expansion unit 132 generates decruption key according to key;
Step 109, if collecting completely 128, data decryption unit 131 is using SM4 standard according to the decruption key to institute
It states encrypted code stream to be decrypted, generates decryption code stream.
Step 111, after encryption code stream decryption, data split module 15 according to mode signal for the decryption code stream
The data of 1 bit, 2 bits, 4 bits, 8 bits or 16 bit bit wides are split as, specifically, refering to what is shown in Fig. 3, giving in figure
The timing diagram of data under different data mode, such as date_in_x1 indicate that the mode signal of the encryption code stream of input is x1 mode
Input, then be split as 1bit bit wide data date_out_x1 output, date_in_x2 indicate input encryption code stream mould
Formula signal is the input of x2 mode, then is split as the data date_out_x2 output of 2bit bit wide, and date_in_x4 indicates input
Encryption code stream mode signal be x4 mode input, then be split as 4bit bit wide data date_out_x4 output,
Date_in_x8 indicates that the mode signal of the encryption code stream of input is the input of x8 mode, then is split as the data of 8bit bit wide
Date_out_x8 output, date_in_x16 indicate that the mode signal of the encryption code stream of input is the input of x16 mode, then split
It is exported for the data date_out_x16 of 16bit bit wide;
Step 113, judge whether to complete the decryption for all encrypting code stream, if being fully completed, decryption terminates.
First embodiment is device embodiments corresponding with present embodiment, and the technology in first embodiment is thin
Section can be applied to present embodiment, and the technical detail in present embodiment also can be applied to first embodiment.
It should be noted that it will be appreciated by those skilled in the art that the implementation of the decryption device of above-mentioned FPGA encryption code stream
The realization function of each module shown in mode can refer to the associated description of foregoing logic circuitry optimization method and understand.FPGA adds
The function of each module shown in the embodiment of the decryption device of password stream (can be held by running on the program on processor
Row instruction) and realize, it can also be realized by specific logic circuit.
It should be noted that relational terms such as first and second and the like are only in the application documents of this patent
For distinguishing one entity or operation from another entity or operation, without necessarily requiring or implying these entities
Or there are any actual relationship or orders between operation.Moreover, the terms "include", "comprise" or its any other
Variant is intended to non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only
It including those elements, but also including other elements that are not explicitly listed, or further include for this process, method, object
Product or the intrinsic element of equipment.In the absence of more restrictions, the element limited by sentence " including one ", not
There is also other identical elements in the process, method, article or apparatus that includes the element for exclusion.The application of this patent
In file, if it is mentioned that certain behavior is executed according to certain element, then refers to the meaning for executing the behavior according at least to the element, wherein
Include two kinds of situations: executing the behavior according only to the element and the behavior is executed according to the element and other elements.Multiple,
Repeatedly, the expression such as a variety of include 2,2 times, 2 kinds and 2 or more, 2 times or more, two or more.
It is included in disclosure of this application with being considered as globality in all documents that this specification refers to, with
Just it can be used as the foundation of modification if necessary.In addition, it should also be understood that, the foregoing is merely the preferred embodiment of this specification,
It is not intended to limit the protection scope of this specification.It is all this specification one or more embodiment spirit and principle within,
Any modification, equivalent replacement, improvement and so on, should be included in this specification one or more embodiment protection scope it
It is interior.
In some cases, the movement recorded in detail in the claims or step can be suitable in embodiment according to being different from
Sequence executes and still may be implemented desired result.In addition, process depicted in the drawing not necessarily requires the spy shown
Fixed sequence or consecutive order are just able to achieve desired result.In some embodiments, multitasking and parallel processing
It is possible or may be advantageous.
Claims (9)
1. a kind of decryption device of FPGA encryption code stream characterized by comprising
Input module receives data code flow, if the data code flow is encryption code stream, key choosing is added in the encryption code stream
Select instruction;
Data Integration module receives and collects the encryption code stream of the different bit wides of the input module transmission;
Cipher key storage block receives the key selection instruction of the input module transmission, is selected according to the key selection instruction
Corresponding key;
Deciphering module receives the key and generates decruption key, and generation decryption code stream is decrypted to the encrypted code stream;
Data split module, carry out fractionation output to the deciphering stream.
2. device as described in claim 1, which is characterized in that the deciphering module includes:
Key expansion unit receives the key that the cipher key storage block provides, and generates decruption key according to the cipher key spreading;
Data decryption unit is decrypted the encrypted code stream according to the decruption key using SM4 standard, obtains deciphering
Stream.
3. device as described in claim 1, which is characterized in that the Data Integration module receives clock signal and mode letter
Number, the data code flow includes the data of 1 bit continuously inputted, 2 bits, 4 bits, 8 bits or 16 bit bit wides.
4. device as claimed in claim 3, which is characterized in that the encryption code stream is integrated by the Data Integration module
The data of 128 bit bit wides.
5. device as claimed in claim 3, which is characterized in that the data split module will be described according to the mode signal
Decryption code stream is split as the data of 1 bit continuously exported, 2 bits, 4 bits, 8 bits or 16 bit bit wides.
6. a kind of decryption method of FPGA encryption code stream characterized by comprising
Data code flow is received, judges whether the data code flow is encryption code stream;
If encrypting code stream, key selection instruction is added in the encryption code stream, phase is selected according to the key selection instruction
The key answered simultaneously extends generation decruption key;
It is 128 full to judge whether the encryption code stream is collected;
If collecting completely 128, the encrypted code stream is decrypted according to the decruption key using SM4 standard, generates decryption
Code stream.
7. method as claimed in claim 6, which is characterized in that the data code flow includes 1 bit, 2 bits, 4 bits, 8 ratios
Special or 16 bit bit wides data patterns.
8. the method for claim 7, which is characterized in that before encryption code stream decryption, the encryption code stream is whole
It is combined into the data of 128 bit bit wides.
9. the method for claim 7, which is characterized in that after the encryption code stream is decrypted, according to mode signal by institute
State the data that decryption code stream is split as 1 bit, 2 bits, 4 bits, 8 bits or 16 bit bit wides.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910364922.3A CN110061839A (en) | 2019-04-30 | 2019-04-30 | A kind of decryption device and method of FPGA encryption code stream |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910364922.3A CN110061839A (en) | 2019-04-30 | 2019-04-30 | A kind of decryption device and method of FPGA encryption code stream |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110061839A true CN110061839A (en) | 2019-07-26 |
Family
ID=67321962
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910364922.3A Pending CN110061839A (en) | 2019-04-30 | 2019-04-30 | A kind of decryption device and method of FPGA encryption code stream |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110061839A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120060037A1 (en) * | 2010-09-08 | 2012-03-08 | Xilinx, Inc. | Protecting against differential power analysis attacks on decryption keys |
| CN103338447A (en) * | 2013-07-09 | 2013-10-02 | 东南大学 | Self-access encryption and decryption circuit applied to short distance transmission |
| CN103873227A (en) * | 2012-12-13 | 2014-06-18 | 艺伦半导体技术股份有限公司 | Decoding circuit and decoding method for FPGA encryption data flow |
| CN105187198A (en) * | 2015-08-25 | 2015-12-23 | 东南大学 | AES algorithm hardware achievement method for IPSec protocol |
-
2019
- 2019-04-30 CN CN201910364922.3A patent/CN110061839A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120060037A1 (en) * | 2010-09-08 | 2012-03-08 | Xilinx, Inc. | Protecting against differential power analysis attacks on decryption keys |
| CN103873227A (en) * | 2012-12-13 | 2014-06-18 | 艺伦半导体技术股份有限公司 | Decoding circuit and decoding method for FPGA encryption data flow |
| CN103338447A (en) * | 2013-07-09 | 2013-10-02 | 东南大学 | Self-access encryption and decryption circuit applied to short distance transmission |
| CN105187198A (en) * | 2015-08-25 | 2015-12-23 | 东南大学 | AES algorithm hardware achievement method for IPSec protocol |
Non-Patent Citations (4)
| Title |
|---|
| XIANWEI GAO等: ""FPGA Implementation of the SMS4 Block Cipher in the Chinese WAPI Standard", 《2008 INTERNATIONAL CONFERENCE ON EMBEDDED SOFTWARE AND SYSTEMS SYMPOSIA》 * |
| 张利华等: "基于FPGA的SMS4算法实现及在线验证", 《华东交通大学学报》 * |
| 狄超等: "《FPGA之道》", 31 August 2014 * |
| 龚进: "AES加密算法在电子系统中的优化及应用研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101626289B (en) | Design method of AES encryption chip and computer encryptor | |
| CN102025484B (en) | Block cipher encryption and decryption method | |
| US7659837B2 (en) | Operation processing apparatus, operation processing control method, and computer program | |
| CN101162557B (en) | Encryption processing apparatus, encryption processing method | |
| CN101304314B (en) | Methods of encrypting and decrypting data and bus system using the methods | |
| CN101496342B (en) | Encryption device, program, and method | |
| CN101034978B (en) | Method and computing device for executing cryptographic processes for resisting cipher attack | |
| CN104639314A (en) | Device based on AES (advanced encryption standard) encryption/decryption algorithm and pipelining control method | |
| CN104202145A (en) | Plaintext or ciphertext selection based side channel power analysis attack method on round function output of SM4 cipher algorithm | |
| Roy et al. | Symmetric key encryption technique: a cellular automata based approach in wireless sensor networks | |
| CN105007154B (en) | A kind of encrypting and decrypting device based on aes algorithm | |
| CN106034021B (en) | Lightweight dual-mode compatible AES encryption and decryption module and method thereof | |
| CN103973432A (en) | SM4 algorithm encryption unit based on FPGA chip and USB interface chip | |
| CN101431405B (en) | DES encrypted method and its hardware circuit implementing method | |
| CN104348625A (en) | Encryption and decryption device and encryption and decryption method thereof | |
| CN105119715A (en) | FPGA intra-IO sheet interconnecting digital circuit based on re-encryption algorithm | |
| CN103444125A (en) | Encryption processing device, encryption processing method, and programme | |
| CN103346878A (en) | Secret communication method based on FPGA high-speed serial IO | |
| CN104219045A (en) | RC4 (Rivest cipher 4) stream cipher generator | |
| CN206585573U (en) | reconfigurable S-box circuit structure | |
| CN105049203A (en) | Configurable 3DES encryption and decryption algorism circuit capable of supporting multiple work modes | |
| US20120321079A1 (en) | System and method for generating round keys | |
| CN110061839A (en) | A kind of decryption device and method of FPGA encryption code stream | |
| WO2004102870A8 (en) | A hardware implementation of the mixcolumn/ invmixcolumn functions | |
| Bajaj et al. | AES algorithm for encryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 200434 Room 202, building 5, No. 500, Memorial Road, Hongkou District, Shanghai Applicant after: Shanghai Anlu Information Technology Co.,Ltd. Address before: Room a4246, 4th floor, 391-393 dongdaming Road, Hongkou District, Shanghai 200080 Applicant before: SHANGHAI ANLOGIC INFORMATION TECHNOLOGY Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190726 |
|
| RJ01 | Rejection of invention patent application after publication |