CN112765614A - Module and method for realizing SM4 encryption algorithm on FPGA - Google Patents

Module and method for realizing SM4 encryption algorithm on FPGA Download PDF

Info

Publication number
CN112765614A
CN112765614A CN202011347469.4A CN202011347469A CN112765614A CN 112765614 A CN112765614 A CN 112765614A CN 202011347469 A CN202011347469 A CN 202011347469A CN 112765614 A CN112765614 A CN 112765614A
Authority
CN
China
Prior art keywords
module
round
key
encryption
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011347469.4A
Other languages
Chinese (zh)
Inventor
肖隆腾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhou Longxin Intelligent Technology Co ltd
Original Assignee
Shenzhou Longxin Intelligent Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhou Longxin Intelligent Technology Co ltd filed Critical Shenzhou Longxin Intelligent Technology Co ltd
Priority to CN202011347469.4A priority Critical patent/CN112765614A/en
Publication of CN112765614A publication Critical patent/CN112765614A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/76Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]

Abstract

The invention discloses a module and a method for realizing SM4 encryption algorithm on FPGA, wherein the module comprises a key expansion algorithm module and an encryption operation module, the key expansion algorithm module receives initial key data, and performs multiple rounds of iterative operations on the initial key data, each round of iteration requires the round of keys to participate in the operation, and round of key data is generated; the encryption operation module receives plaintext data to be encrypted and round key data, and performs multiple rounds of iterative encryption operation on the plaintext data by using the round key data, wherein each round of iteration requires the round key of the round to participate in the operation, so as to generate final ciphertext data. The invention greatly saves clock resources occupied by SM4 operation, occupies less resources in FPGA, and improves the operation speed of the encryption algorithm.

Description

Module and method for realizing SM4 encryption algorithm on FPGA
Technical Field
The invention relates to a realization method of an SM4 encryption algorithm (national commercial cipher algorithm) on an FPGA (field Programmable Gate array) Programmable logic device, in particular to a module and a method for realizing the SM4 encryption algorithm on the Programmable logic device by using a circuit.
Background
The SMS4 block encryption algorithm is a block encryption algorithm used in China wireless standard, has been determined as a national password industry standard by the State commercial password administration in 2012, has the standard number GM/T0002 + 2012 and is renamed to SM4 encryption algorithm, and has an extremely important position in the China password industry as the industry standard of the national password together with SM2 elliptic curve public key encryption algorithm and SM3 password hash algorithm. The SM4 encryption algorithm is described in detail in SMS4 cryptographic algorithm for WLAN products (download address: https:// www.oscca.gov.cn/sca/c100061/201611/1002423/files/330480 f731f64e1ea75138211ea0dc27. pdf), which is published by the State cryptography Authority official network.
The SM4 encryption algorithm is a packet algorithm. The packet length of the algorithm is 128 bits and the key length is 128 bits. Both the encryption algorithm and the key expansion algorithm adopt 32-round nonlinear iteration structures. The decryption algorithm has the same structure as the encryption algorithm, but the use sequence of the round keys is opposite, and the decryption round keys are the reverse sequence of the encryption round keys.
FPGA (field Programmable Gate array) is a product of further development on the basis of Programmable devices such as PAL, GAL and the like. The circuit is a semi-custom circuit in the field of Application Specific Integrated Circuits (ASIC), not only overcomes the defects of the custom circuit, but also overcomes the defect that the number of gate circuits of the original programmable device is limited.
The essence of implementing the SM4 algorithm with FPGA is to use the internal logic circuit of FPGA to complete the encryption and decryption functions of SM4 algorithm. Compared with the algorithm realized by software, the FPGA has higher operation rate; compared with a professional algorithm chip ASIC, the FPGA is more flexible in engineering application. However, the traditional method for realizing the SM4 encryption algorithm on the FPGA occupies large resources and is slow in operation speed, and needs to be solved urgently.
Disclosure of Invention
In order to enable the SM4 encryption algorithm to occupy less resources in the FPGA and have higher operation speed, the invention provides a module and a method for realizing the SM4 encryption algorithm on a programmable logic device, which can greatly save clock resources occupied by SM4 operation, thereby improving the operation speed of the encryption algorithm.
In order to achieve the purpose, the invention adopts the following technical scheme:
a module for realizing SM4 encryption algorithm on FPGA comprises a key expansion algorithm module and an encryption operation module, wherein the key expansion algorithm module receives initial key data, and performs multiple rounds of iterative operation on the initial key data, and each round of iteration requires the round of key of the round to participate in the operation to generate round key data; the encryption operation module receives plaintext data to be encrypted and round key data, and performs multiple rounds of iterative encryption operation on the plaintext data by using the round key data, wherein each round of iteration requires the round key of the round to participate in the operation, so as to generate final ciphertext data.
Further, the key expansion algorithm module and the encryption algorithm module receive a START signal, a CLK clock signal, and a RST reset signal at the same time, the START signal is used to START the key expansion algorithm module and the encryption algorithm module, the CLK clock signal is used as the operation beat of the circuits of the key expansion algorithm module and the encryption algorithm module, and the RST reset signal is used to clear and reset the states of the key expansion algorithm module and the encryption algorithm module.
Further, the initial key data, the plaintext data, and the final ciphertext data are 128 bits, and each round key is 32 bits.
Further, the key expansion algorithm module and the encryption operation module both perform 32 rounds of iterative operations.
Further, the key expansion algorithm module mainly comprises 6 2-to-1 multiplexers, 5D flip-flops and 16 input exclusive-OR gate.
Further, the key expansion algorithm module performs iterative computation by using a key expansion algorithm.
Furthermore, the encryption algorithm module mainly comprises 6 2-to-1 multiplexers, 5D flip-flops and 16 input exclusive-OR gate.
Further, the encryption operation module performs iterative computation by using an encryption algorithm.
A method for realizing SM4 encryption algorithm on FPGA includes the following steps based on the above modules:
1) electrifying the FPGA and initializing the module;
2) the module is started, and plaintext data to be encrypted and initial key data are received;
3) the key expansion algorithm module receives initial key data, starts a first iteration and generates a first round key;
4) the encryption algorithm module receives plaintext data to be encrypted and a first round of secret key, starts a first round of iterative encryption operation and generates first round of ciphertext data;
5) performing parallel operation steps 3) and 4) at the same clock beat, and performing multiple rounds of iteration; the initial value of the first round of iteration participation of the encryption algorithm module is plaintext data to be encrypted, and the value of each round of iteration participation is ciphertext data generated after the previous round of encryption operation;
6) and after the encryption operation module finishes the encryption, outputting final ciphertext data.
Further, the initial key data, the plaintext data and the final ciphertext data are 128 bits, and each round of key is 32 bits; the number of iterations is 32 rounds in total.
Compared with the prior art, the invention has the following beneficial effects:
(1) the encryption method makes full use of the parallel operation characteristic of the FPGA programmable logic device to realize the encryption function of the SM4 commercial cryptographic algorithm. In the conventional implementation method, 32 CLK clocks are needed for generation of round keys, and another 32 CLK clocks are needed for encryption operation. I.e., the conventional method needs to occupy 64 CLK clocks in total. Compared with the traditional method for realizing the SM4 encryption algorithm on the FPGA, the SM4 encryption algorithm can be completed only by occupying 32 CLK clocks, the needed clock resources are less, the time for realizing the algorithm is greatly saved, and the SM4 encryption operation rate is greatly improved.
(2) The invention also saves the memory resource in the FPGA chip. In the existing implementation method, 32 round keys need to be registered, each round key is 32 bits, and thus 32-bit registers are needed, which belong to a serial model, and encryption operation is started after the 32 round keys are generated. The invention adopts a method for generating and using immediately, which fully utilizes the characteristics of FPGA parallel operation, namely, generating a round key and using the round key to carry out encryption operation, namely, when SM4 key expansion algorithm is operated, the key expansion algorithm generates a new round key every time, namely, the round key is used for encryption operation of plaintext data, and encryption operation of the plaintext data is started without waiting for all 32 round keys to be generated, thereby improving the operation speed of SM4 encryption algorithm, and only a 32-bit register is needed to store the round key generated in the round, thereby greatly reducing the occupation of resources in the FPGA chip.
Drawings
Fig. 1 is a block diagram of modules for implementing the SM4 encryption algorithm on an FPGA.
Fig. 2 is a block diagram of the internal connections of the key expansion algorithm module.
Fig. 3 is a block diagram of the internal connections of the encryption algorithm module.
Fig. 4 is a flowchart of parallel operation of the key expansion algorithm and the encryption algorithm.
Fig. 5 is a simplified flow chart of an FPGA implementing the SM4 encryption algorithm.
Fig. 6 is a waveform diagram of a functional simulation of the method of the present invention using vivado software.
Detailed Description
In order to make the technical solution of the present invention more comprehensible, embodiments accompanied with figures are described in detail below.
The embodiment provides a MODULE (hereinafter referred to as SM4 encryption algorithm MODULE, SM4 crypto MODULE) for implementing an SM4 encryption algorithm on an FPGA, and the MODULE is internally composed of a key expansion algorithm MODULE (RK MODULE) and an encryption operation MODULE (CP MODULE) (see a connection block diagram of SM4 encryption algorithm circuit function MODULEs shown in fig. 1), which is described in detail below.
The SM4 encryption algorithm module contains the following input signals:
1: 128 bits of plaintext data;
2: 128 bits of key data;
3: a START signal;
4: a CLK clock signal;
5: the RST reset signal.
The SM4 encryption algorithm module contains the following output signals:
1: 128 bits of cipher text data;
2: FINISH encrypts the end signal.
The SM4 encryption algorithm module internally comprises the following two functional modules:
1: a key expansion algorithm MODULE (RK MODULE);
2: encryption algorithm MODULE (CP MODULE).
The signal connection relationship between the modules is as follows:
1: the 128-bit plaintext is directly input to a cryptographic algorithm MODULE (CP MODULE);
2: the 128-bit key is directly input to a key expansion algorithm MODULE (RK MODULE);
3: the START signal is connected to both a key expansion algorithm MODULE (RK MODULE) and an encryption algorithm MODULE (CP MODULE);
4: the CLK clock signal is connected to both the key expansion algorithm MODULE (RK MODEL) and the encryption algorithm MODULE (CP MODEL);
5: the RST reset signal is simultaneously connected to a key expansion algorithm MODULE (RK MODEL) and an encryption algorithm MODULE (CP MODEL);
6: an RK round key data output signal of the key expansion algorithm MODULE (RK MODEL) is connected to a round key input port of the encryption algorithm MODULE (CP MODEL). Each round key is 32 bits, so the RK round key ports are data ports of 32 bits width.
Wherein the 128-bit plaintext is data to be encrypted, the data being originated by a caller who calls an SM4 encryption algorithm MODULE (SM4 CRYPT MODEL);
the 128-bit key is used for the initial key value of the key expansion algorithm, which data is initiated by the calling SM4 cryptographic algorithm MODULE (SM4 CRYPT MODULE);
the START signal is used to START a START identification signal of the SM4 cryptographic algorithm MODULE (SM4 crypto MODULE), which is initiated by the caller invoking the SM4 cryptographic algorithm MODULE (SM4 crypto MODULE);
the CLK clock signal is used for the running beat of an SM4 encryption algorithm MODULE (SM4 CRYPT MODULE) circuit;
the RST reset signal is used for resetting the SM4 encryption algorithm MODULE (SM4 CRYPT MODELE) state;
the RK round key signal is an SM4 encryption algorithm MODULE (SM4 CRYPT MODELE) internal signal, is generated by a key expansion algorithm MODULE (RK MODELE), and is provided for the encryption algorithm MODULE (CP MODELE). The data bit width is 32 bits;
the 128-bit ciphertext is a result of the plaintext after being subjected to the encryption algorithm operation, and the data is output to a SM4 encryption algorithm MODULE (SM4 CRYPT MODEL);
the FINISH ending signal is used for the identification of the completion of the encryption operation, and the signal is output to a SM4 encryption algorithm MODULE (SM4 CRYPT MODEL);
the SM4 encryption algorithm MODULE (SM4 CRYPT MODEL) is used for encrypting 128-bit plaintext data;
the key expansion algorithm MODULE (RK MODULE) is used for performing key expansion on 128-bit key data, and performs 32 rounds of iterative operations on the 128-bit key data, wherein a 32-bit round key is generated in each iteration round;
the encryption algorithm MODULE (CP MODULE) is used for encrypting 128-bit plaintext data, 32 rounds of iteration operations are required in the encryption process, and each round of iteration requires a round of key participation operation of the round.
Further, the internal connection relationship of the key expansion algorithm MODULE (RK MODULE) is shown in fig. 2, and mainly comprises 6 2-to-1 multiplexers, 5D flip-flops, and 16 input exclusive or gates.
The 6 1-from-2 multiplexers are S0, S1, S2, S3, S4 and S5 respectively;
the 5D flip-flops are respectively Q0, Q1, Q2, Q3 and Q4;
the 16 input exclusive or gate is an XOR.
The input signal CK [31:0] of the 1-from-2 multiplexer S4 represents 32 fixed parameters, the fixed parameter CK0 participates in the 1 st round of iterative operation, the fixed parameter CK1 participates in the 2 nd round of iterative operation, the fixed parameter CK2 participates in the 3 rd round of iterative operation, and so on, and the fixed parameter CK31 participates in the 32 th round of iterative operation.
The 1-out-of-2 multiplexer S0 has an input signal of MK 0;
the 1-out-of-2 multiplexer S1 has an input signal of MK 1;
the 1-out-of-2 multiplexer S2 has an input signal of MK 2;
the 1-out-of-2 multiplexer S3 has an input signal of MK 3;
the MK0, MK1, MK2 and MK3 are split into 4 32-bit numbers MK0, MK1, MK2 and MK3 by a 128-bit encryption key, and the 4 32-bit numbers participate in iteration of a key expansion algorithm.
The K4 is a value obtained after each round of key expansion algorithm iteration, and is output to a cryptographic algorithm MODULE (CP MODEL) as a value obtained in the current round of iteration; the K4 participates in the next iteration of the key expansion algorithm as a parameter at the same time.
The mathematical expression of the key expansion algorithm (RK MODULE) is as follows, and the meaning of each symbol in the following algorithms and codes is detailed in the cryptographic algorithm of SMS4 used by wireless local area network products:
Figure RE-GDA0002980334320000051
the key expansion algorithm (RK MODULE) iterative process, the hardware description language (verilog) key code of which is as follows:
assign k4 ═ k0^ T _ Skim _ Data _ out; // connect the XOR of k0 and T _ Skim _ Data _ out to the k4 signal
assign T _ Skim _ MK ^ k1^ k2^ k3^ ck; // connect the XOR of k1, k2, k3, ck to the T _ Skim _ MK signal
always @ (nesting Clk or neighbor Rst _ n)// when the rising edge of CLK or the falling edge of Rst _ n comes, the following statement is executed
if (! Rst _ n)// Rst _ n is low, indicating that the reset signal is active, the statement between begin and end is executed.
All operations in begin// reset state begin
k3_ r < ═ 32' h0000_ 0000; // reset State, the value of the k3_ r register is cleared
k2_ r < ═ 32' h0000_ 0000; // reset State, the value of the k2_ r register is cleared
k1_ r < ═ 32' h0000_ 0000; // reset State, the value of the k1_ r register is cleared
k0_ r < ═ 32' h0000_ 0000; // reset State, the value of the k0_ r register is cleared
end/reset all operations in the end state
In the else if (Load)// non-reset state, the Load signal is valid, the data is loaded successfully, and the first iteration is carried out
{ k3_ r, k2_ r, k1_ r, k0_ r } < { MK3, MK2, MK1, MK0 }; // iteration 1
else if (Load _ Flag)// data is not initially loaded, go from iteration 2 to iteration 32
{ k3_ r, k2_ r, k1_ r, k0_ r } < { k4, k3_ r, k2_ r, k1_ r }// iteration 2 to 32
Further, the internal connection relationship of the encryption algorithm MODULE (CP MODULE) is shown in fig. 3, and mainly includes 6 1-from-2 multiplexers, 5D flip-flops, and 1 exclusive or gate with 6 inputs.
The 6 1-from-2 multiplexers are S0, S1, S2, S3, S4 and S5 respectively;
the 5D flip-flops are respectively Q0, Q1, Q2, Q3 and Q4;
the 16 input exclusive or gate is an XOR.
The input signal RK [31:0] of the 1-from-2 multiplexer S4 represents 32 round keys, a round key CK0 participates in the 1 st round of iterative operation, a round key CK1 participates in the 2 nd round of iterative operation, a round key CK2 participates in the 3 rd round of iterative operation, and so on, and a round key CK31 participates in the 32 th round of iterative operation.
The 1-out-of-2 multiplexer S0 has an input signal of X0;
the 1-out-of-2 multiplexer S1 has an input signal of X1;
the 1-out-of-2 multiplexer S2 has an input signal of X2;
the 1-out-of-2 multiplexer S3 has an input signal of X3;
the X0, X1, X2 and X3 are split into 4 32-bit numbers X0, X1, X2 and X3 by a 128-bit encryption key, and the 4 32-bit numbers participate in the iteration of the encryption algorithm.
The X4 is a value obtained after each round of encryption algorithm iteration, and it is used as a parameter to participate in the next round of encryption algorithm iteration.
The mathematical expression of the encryption algorithm (CP MODULE) is as follows, and the meaning of each symbol in the following algorithms and codes is detailed in "SMS 4 cryptographic algorithm used by wireless local area network products":
Figure RE-GDA0002980334320000071
the encryption algorithm MODULE (CP MODULE) iteration process has the following hardware description language (verilog) key code:
assign x4 ═ x0^ T _ Data _ out; // connect the XOR of x0 and T _ Skim _ Data _ out to the x4 signal
assign T _ Data _ in ^ x1^ x2^ x3^ rk; // connecting the exclusive OR values of x1, x2, x3, rk to the T _ Data _ in signal
assign Data _ out? { Y3, Y2, Y1, Y0}:32'd 0; v/after the iteration is complete, the words are converted (32bit) sequentially
always @ (nesting Clk or neighbor Rst _ n)// when the rising edge of CLK or the falling edge of Rst _ n comes, the following statement is executed
if (! Rst _ n)// Rst _ n is low, indicating that the reset signal is active, the statement between begin and end is executed.
All operations in begin// reset state begin
x3_ r < ═ 32' h0000_ 0000; // reset State, the value of the x3_ r register is cleared
x2_ r < ═ 32' h0000_ 0000; // reset State, the value of the x2_ r register is cleared
x1_ r < ═ 32' h0000_ 0000; // reset State, the value of the x1_ r register is cleared
x0_ r < ═ 32' h0000_ 0000; // reset State, the value of the x0_ r register is cleared
end// all operations in reset State end else if (Start _ Flag)// non-reset State, Start _ Flag Signal is valid, data just loaded successfully, 1 st iteration is performed
{ X3_ r, X2_ r, X1_ r, X0_ r } < { X3, X2, X1, X0 }; // iteration 1
else if (Start _ Flag _2)// data is not initially loaded, iteration 2 to 32 is performed below
{ x3_ r, x2_ r, x1_ r, x0_ r } < { x4, x3_ r, x2_ r, x1_ r }// iteration 2 to 32
The { Y3, Y2, Y1, Y0} is a 128-bit number, is composed of 4 32-bit numbers Y3, Y2, Y1, and Y0, and is a ciphertext finally obtained after an encryption operation.
The embodiment also provides a method for implementing an SM4 encryption algorithm on an FPGA, which is based on an operation flow of an SM4 encryption algorithm module, and as shown in fig. 5, the method specifically includes the following steps:
step 1: the FPGA is electrified, the CLK clock is generated and stable, the RST reset signal is effective, and the algorithm module is initialized;
step 2: after initialization is completed, the RST reset signal is released, and the arrival of a START initial signal is detected;
and step 3: the algorithm module inquires plaintext data and key data and imports the data;
and 4, step 4: a key expansion algorithm MODULE (RK MODEL) starts a first iteration and generates a first round key;
and 5: an encryption algorithm MODULE (CP MODEL) receives the 128-bit plaintext value and a first round key and starts a first round of iterative encryption operation to generate first round ciphertext data;
step 6: the operations of step 4 and step 5 are performed in parallel at the same clock tick for a total of 32 rounds, i.e., 32 CLK clock ticks. The initial value of the first round of iteration participation of an encryption algorithm MODULE (CP MODELE) is a 128-bit plain text value, and the value of each round of iteration participation in the future is a ciphertext value generated after the previous round of encryption operation;
and 7: and (4) ending encryption, outputting a ciphertext value by the 128-bit ciphertext port, and setting a FINISH encryption ending identification bit as valid.
The method of the invention is functionally simulated by adopting vivado software, and the simulated oscillogram is shown in figure 6. From this figure, it can be seen that the encryption process uses only 32 CLK clocks from the START signal until the FINISH signal is active. The encryption result is correct as can be seen from the document "SMS 4 Cryptographic Algorithm for Wireless local area network products".
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. A module for realizing SM4 encryption algorithm on FPGA is characterized by comprising a key expansion algorithm module and an encryption operation module, wherein the key expansion algorithm module receives initial key data and performs multiple rounds of iterative operations on the initial key data, and each round of iteration requires the round of keys to participate in the operation to generate round key data; the encryption operation module receives plaintext data to be encrypted and round key data, and performs multiple rounds of iterative encryption operation on the plaintext data by using the round key data, wherein each round of iteration requires the round key of the round to participate in the operation, so as to generate final ciphertext data.
2. The module for implementing the SM4 encryption algorithm on FPGA as claimed in claim 1, wherein the key expansion algorithm module and the encryption algorithm module simultaneously receive a START signal, a CLK clock signal, and a RST reset signal, the START signal is used for starting the key expansion algorithm module and the encryption algorithm module, the CLK clock signal is used for operating the clock of the circuit as the key expansion algorithm module and the encryption algorithm module, and the RST reset signal is used for clearing and resetting the states of the key expansion algorithm module and the encryption algorithm module.
3. The module for implementing the SM4 encryption algorithm on FPGAs of claim 1, wherein the initial key data, plaintext data, and final ciphertext data are 128 bits each, and each round key is 32 bits.
4. The module for implementing the SM4 encryption algorithm on FPGA of claim 1, wherein the key expansion algorithm module and the encryption operation module each perform 32 rounds of iterative operations.
5. The module for implementing SM4 encryption algorithm on FPGA as claimed in claim 1, wherein the key expansion algorithm module is mainly composed of 6 2-to-1 multiplexers, 5D flip-flops, and 16 input xor gate.
6. The module for implementing the SM4 encryption algorithm on an FPGA of claim 1, wherein the key expansion algorithm module performs iterative computations using a key expansion algorithm.
7. The module for implementing SM4 encryption algorithm on FPGA as claimed in claim 1, wherein the encryption algorithm module is mainly composed of 6 2-to-1 multiplexers, 5D flip-flops, and 16 input xor gate.
8. The module for implementing the SM4 encryption algorithm on an FPGA of claim 1, wherein the encryption operation module performs iterative computations using the encryption algorithm.
9. A method for implementing SM4 encryption algorithm on FPGA, based on any one of the modules of claims 1-8 for implementing SM4 encryption algorithm on FPGA, comprising the following steps:
1) electrifying the FPGA and initializing the module;
2) the module is started, and plaintext data to be encrypted and initial key data are received;
3) the key expansion algorithm module receives initial key data, starts a first iteration and generates a first round key;
4) the encryption algorithm module receives plaintext data to be encrypted and a first round of secret key, starts a first round of iterative encryption operation and generates first round of ciphertext data;
5) performing parallel operation steps 3) and 4) at the same clock beat, and performing multiple rounds of iteration; the initial value of the first round of iteration participation of the encryption algorithm module is plaintext data to be encrypted, and the value of each round of iteration participation is ciphertext data generated after the previous round of encryption operation;
6) and after the encryption operation module finishes the encryption, outputting final ciphertext data.
10. The method of claim 9, wherein the initial key data, the plaintext data, and the final ciphertext data are 128 bits, and each round key is 32 bits; the number of iterations is 32 rounds in total.
CN202011347469.4A 2020-11-26 2020-11-26 Module and method for realizing SM4 encryption algorithm on FPGA Pending CN112765614A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011347469.4A CN112765614A (en) 2020-11-26 2020-11-26 Module and method for realizing SM4 encryption algorithm on FPGA

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011347469.4A CN112765614A (en) 2020-11-26 2020-11-26 Module and method for realizing SM4 encryption algorithm on FPGA

Publications (1)

Publication Number Publication Date
CN112765614A true CN112765614A (en) 2021-05-07

Family

ID=75693198

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011347469.4A Pending CN112765614A (en) 2020-11-26 2020-11-26 Module and method for realizing SM4 encryption algorithm on FPGA

Country Status (1)

Country Link
CN (1) CN112765614A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113949504A (en) * 2021-10-15 2022-01-18 中国计量大学 High-speed SM4 cryptographic algorithm circuit suitable for mobile device
CN116070292A (en) * 2023-03-07 2023-05-05 苏州宏存芯捷科技有限公司 SM4 encryption heterogeneous acceleration system based on FPGA

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103812641A (en) * 2012-11-07 2014-05-21 中国科学院微电子研究所 System for realizing SM4 block symmetric cipher algorithm
US20160191238A1 (en) * 2014-12-24 2016-06-30 Kirk Yap Sms4 acceleration hardware
CN109299614A (en) * 2018-10-30 2019-02-01 天津津航计算技术研究所 A kind of system and method for realizing SM4 cryptographic algorithm using pipeline system
CN110311771A (en) * 2018-03-20 2019-10-08 北京松果电子有限公司 SM4 encipher-decipher method and circuit
CN111431706A (en) * 2020-03-18 2020-07-17 中孚信息股份有限公司 Method, system and equipment for improving SM4 algorithm speed by using FPGA logic

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103812641A (en) * 2012-11-07 2014-05-21 中国科学院微电子研究所 System for realizing SM4 block symmetric cipher algorithm
US20160191238A1 (en) * 2014-12-24 2016-06-30 Kirk Yap Sms4 acceleration hardware
CN110311771A (en) * 2018-03-20 2019-10-08 北京松果电子有限公司 SM4 encipher-decipher method and circuit
CN109299614A (en) * 2018-10-30 2019-02-01 天津津航计算技术研究所 A kind of system and method for realizing SM4 cryptographic algorithm using pipeline system
CN111431706A (en) * 2020-03-18 2020-07-17 中孚信息股份有限公司 Method, system and equipment for improving SM4 algorithm speed by using FPGA logic

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
XIANWEI GAO ET AL.: "FPGA Implementation of the SMS4 Block Cipher in the Chinese WAPI Standard", 2008 INTERNATIONAL CONFERENCE ON EMBEDDED SOFTWARE AND SYSTEMS SYMPOSIA, 19 September 2008 (2008-09-19), pages 104 - 106 *
冯春雨;胡波;刘会忠;: "基于FPGA的SMS4密码算法的高速实现", 河北省科学院学报, no. 02, 15 June 2010 (2010-06-15), pages 8 - 11 *
刘俊杰 等: "SM4算法在无线通信中的硬件实现与应用", 计算机工程与应用, vol. 52, no. 17, 1 September 2016 (2016-09-01), pages 118 - 122 *
张远洋;李峥;徐建;张少武;: "面积优先的分组密码算法SMS4 IP核设计", 电子技术应用, no. 01, 6 January 2007 (2007-01-06), pages 127 - 129 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113949504A (en) * 2021-10-15 2022-01-18 中国计量大学 High-speed SM4 cryptographic algorithm circuit suitable for mobile device
CN113949504B (en) * 2021-10-15 2023-09-19 中国计量大学 High-speed SM4 cryptographic algorithm circuit suitable for mobile device
CN116070292A (en) * 2023-03-07 2023-05-05 苏州宏存芯捷科技有限公司 SM4 encryption heterogeneous acceleration system based on FPGA

Similar Documents

Publication Publication Date Title
US20220138349A1 (en) Cryptographic architecture for cryptographic permutation
Kasianchuk et al. Rabin's modified method of encryption using various forms of system of residual classes
CN112765614A (en) Module and method for realizing SM4 encryption algorithm on FPGA
KR100800468B1 (en) Hardware cryptographic engine and method improving power consumption and operation speed
WO2009067928A1 (en) A packet cipher algorithm based encryption processing method
Kim et al. A 2.3 Gb/s fully integrated and synthesizable AES Rijndael core
US6873707B1 (en) Hardware-based encryption/decryption employing cycle stealing
Mulani et al. Area optimization of cryptographic algorithm on less dense reconfigurable platform
WO2017209890A1 (en) Single clock cycle cryptographic engine
Priya et al. FPGA implementation of efficient AES encryption
Jothi et al. Parallel RC4 Key Searching System Based on FPGA
US11973754B2 (en) Fast unbreakable cipher
WO2008017261A1 (en) High-efficient encryption and decryption processing method for implementing sms4 algorithm
CN108134665B (en) IoT application-oriented 8-bit AES circuit
Peng et al. FPGA implementation of AES encryption optimization algorithm
CN112988235B (en) Hardware implementation circuit and method of high-efficiency third-generation secure hash algorithm
Orhanou et al. Analytical evaluation of the stream cipher ZUC
Li et al. Implementation of PRINCE with resource-efficient structures based on FPGAs
Sen Gupta et al. One byte per clock: A novel rc4 hardware
Lam et al. Implementation of Lightweight Cryptography Core PRESENT and DM-PRESENT on FPGA
CN110493003B (en) Rapid encryption system based on four-base binary system bottom layer modular operation
Lee et al. Lightweight and Low-Latency AES Accelerator Using Shared SRAM
Chen et al. Research and implementation of reconfigurable architecture of DES and ZUC
JP2000075785A (en) High-speed cipher processing circuit and processing method
Devika et al. VLSI implementation of crypto coprocessor using AES and LFSR

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination