CN115834044A - Data encryption and decryption system, data encryption method and data decryption method - Google Patents

Data encryption and decryption system, data encryption method and data decryption method Download PDF

Info

Publication number
CN115834044A
CN115834044A CN202211384036.5A CN202211384036A CN115834044A CN 115834044 A CN115834044 A CN 115834044A CN 202211384036 A CN202211384036 A CN 202211384036A CN 115834044 A CN115834044 A CN 115834044A
Authority
CN
China
Prior art keywords
round
key
module
decryption
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211384036.5A
Other languages
Chinese (zh)
Inventor
汪涛
刘宏伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Core Optical Smart Network Integrated Circuit Design Wuxi Co ltd
Wuxi Core Optical Interconnect Technology Research Institute Co ltd
Original Assignee
Core Optical Smart Network Integrated Circuit Design Wuxi Co ltd
Wuxi Core Optical Interconnect Technology Research Institute Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Core Optical Smart Network Integrated Circuit Design Wuxi Co ltd, Wuxi Core Optical Interconnect Technology Research Institute Co ltd filed Critical Core Optical Smart Network Integrated Circuit Design Wuxi Co ltd
Priority to CN202211384036.5A priority Critical patent/CN115834044A/en
Publication of CN115834044A publication Critical patent/CN115834044A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a data encryption and decryption system, a data encryption method and a data decryption method. The method comprises the following steps: the control module is used for acquiring data to be encrypted and data to be decrypted, sending the data to be encrypted to the encryption module and sending the data to be decrypted to the decryption module; the encryption module is used for determining an encryption round, acquiring a first extraction key corresponding to the encryption round, and encrypting the received data to be encrypted according to the first extraction key to generate final encrypted data; and the decryption module is used for determining the decryption round, acquiring a second extraction key corresponding to the decryption round, and decrypting the received data to be decrypted according to the second extraction key to generate final decrypted data. The encryption module is used for receiving the data to be encrypted sent by the control module, the tail wheel and the common encryption wheel are processed separately according to the encryption round, the decryption module is used for receiving the data to be decrypted, and the first wheel and the common decryption wheel are processed separately according to the decryption round, so that the processing period is saved, and the processing efficiency is improved.

Description

Data encryption and decryption system, data encryption method and data decryption method
Technical Field
The present invention relates to the field of data encryption and decryption technologies, and in particular, to a data encryption and decryption system, a data encryption method, and a data decryption method.
Background
Data Encryption is a reliable method for guaranteeing data security of data nodes of the internet of things, data is converted into ciphertext through an Encryption algorithm and an Encryption key, so that the data security is protected, and an Advanced Encryption Standard (AES) algorithm is a new generation of block symmetric cipher algorithm established in 2001 by the American national institute of standards and technology.
In the prior art, the encryption and decryption process of the AES adopts the same processing for each round, so that the consumption period is long and the processing efficiency is low.
Disclosure of Invention
The invention provides a data encryption and decryption system, a data encryption method and a data decryption method, which are used for reducing the time consumption of an AES algorithm encryption and decryption process.
According to an aspect of the present invention, there is provided a data encryption and decryption system, the system including: the control module comprises an encryption module, a decryption module and a key expansion module which are connected with the control module, and a storage module which is connected with the control module and the key expansion module;
the control module is used for acquiring data to be encrypted, data to be decrypted and a secret key, sending the data to be encrypted to the encryption module, sending the data to be decrypted to the decryption module and sending the secret key to the secret key expansion module;
the encryption module is used for determining an encryption round, acquiring a first extraction key corresponding to the encryption round, and encrypting the received data to be encrypted according to the first extraction key to generate final encrypted data, wherein the period of a tail round in the encryption round is smaller than that of a common encryption round;
the decryption module is used for determining a decryption round, acquiring a second extraction key corresponding to the decryption round, and decrypting the received data to be decrypted according to the second extraction key to generate final decrypted data, wherein the first round period in the decryption round is less than the ordinary decryption round period;
the key expansion module is used for expanding the received key to generate a round key, determining an index value corresponding to the round key and sending the round key and the index value to the storage module;
and the storage module is used for receiving and storing the round key and the index value.
Optionally, the encryption module is further configured to send the encryption round to the control module; the control module is used for generating a first extraction instruction according to the received encryption round and sending the first extraction instruction to the storage module; the storage module is used for determining an index value matched with the received first extraction instruction, taking a round key corresponding to the index value as a first extraction key, and sending the first extraction key to the control module; the control module is used for sending the received first extraction key to the encryption module; and the encryption module is used for encrypting the data to be encrypted according to the received first extraction key to generate final encrypted data.
Optionally, the decryption module is further configured to send the decryption round to the control module; the control module is used for generating a second extraction instruction according to the received decryption round and sending the second extraction instruction to the storage module; the storage module is used for determining an index value matched with the received second extraction instruction, taking a round key corresponding to the index value as a second extraction key, and sending the second extraction key to the control module; the control module is used for sending the received second extraction key to the decryption module; and the decryption module is used for decrypting the data to be decrypted according to the received second extraction key to generate final decrypted data.
Optionally, the encryption module is configured to send the final encrypted data to the storage module; the decryption module is used for sending the final decrypted data to the storage module; and the storage module is used for storing the received final encrypted data and the final decrypted data.
Optionally, the encryption module includes: a common encryption processing unit and a tail processing unit; the device comprises a common encryption processing unit, a tail processing unit and a data processing unit, wherein the common encryption processing unit is used for carrying out byte substitution, row shifting, column mixing and round key addition processing on data to be encrypted in a common encryption round to generate initial encrypted data and sending the initial encrypted data to the tail processing unit, and the common encryption round is the round except the tail round in the encryption round; and the tail processing unit is used for carrying out byte substitution, line shift and round key addition processing on the received initial encrypted data at a tail wheel to generate final encrypted data.
Optionally, the decryption module includes: a general decryption processing unit and a header processing unit; the head processing unit is used for carrying out reverse byte substitution, reverse shift and round key encryption processing on the to-be-decrypted data in the first round to generate initial decrypted data and sending the initial decrypted data to the common decryption processing unit; and the common decryption processing unit is used for carrying out inverse byte substitution, inverse row shift, inverse column mixing and round key encryption processing on the received initial decryption data at the common decryption wheel to generate final decryption data, wherein the common decryption wheel is the round except the first round in the decryption round.
According to another aspect of the present invention, there is provided a data encryption method, including:
acquiring data to be encrypted and a secret key through a control module, sending the data to be encrypted to an encryption module, and sending the secret key to a secret key expansion module;
expanding the received key through the key expansion module to generate a round key, determining an index value corresponding to the round key, and sending the round key and the index value to a storage module;
receiving and storing the round key and the index value through the storage module;
the encryption round is determined through the encryption module, a first extraction key corresponding to the encryption round is obtained, the received data to be encrypted is encrypted according to the first extraction key to generate final encrypted data, and the period of a tail round in the encryption round is smaller than that of a common encryption round.
Optionally, obtaining the first extraction key corresponding to the encryption round includes: sending the encryption round to the control module through the encryption module; generating a first extraction instruction according to the received encryption round through a control module, and sending the first extraction instruction to a storage module; determining an index value matched with the received first extraction instruction through a storage module, taking a round key corresponding to the index value as a first extraction key, and sending the first extraction key to a control module; and sending the received first extraction key to the encryption module through the control module.
According to another aspect of the present invention, there is provided a data decryption method, the method including:
acquiring a key through the control module, and sending the key to a key expansion module;
expanding the received key through the key expansion module to generate a round key, determining an index value corresponding to the round key, and sending the round key and the index value to a storage module;
receiving and storing the round key and the index value through the storage module;
acquiring data to be decrypted through a control module, and sending the data to be decrypted to a decryption module;
and determining a decryption round through the decryption module, acquiring a second extraction key corresponding to the decryption round, and decrypting the received data to be decrypted according to the second extraction key to generate final decrypted data, wherein the period of the first round in the decryption round is less than the period of the common decryption round.
Optionally, obtaining a second extraction key corresponding to the decryption round includes: sending the decryption round to the control module through the decryption module; generating a second extraction instruction according to the received decryption round through the control module, and sending the second extraction instruction to the storage module; determining an index value matched with the received second extraction instruction through a storage module, taking a round key corresponding to the index value as a second extraction key, and sending the second extraction key to a control module; and sending the received second extraction key to the decryption module through the control module.
According to the technical scheme of the embodiment of the invention, the encryption module is used for receiving the data to be encrypted sent by the control module, the tail wheel and the common encryption wheel are processed separately according to the encryption round, the decryption module is also used for receiving the data to be decrypted, and the first wheel and the common decryption wheel are processed separately according to the decryption round, so that the processing period is saved, and the processing efficiency is improved.
It should be understood that the statements in this section are not intended to identify key or critical features of the embodiments of the present invention, nor are they intended to limit the scope of the invention. Other features of the present invention will become apparent from the following description.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a data encryption and decryption system according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of another data encryption and decryption system according to an embodiment of the present invention;
FIG. 3 is a schematic diagram illustrating a connection relationship between module circuits in a data encryption/decryption system according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a general AES algorithm implementation process according to an embodiment of the invention;
fig. 5 is a schematic diagram of a data encryption implementation process according to an embodiment of the present invention;
fig. 6 is a schematic diagram of a data decryption implementation process provided in accordance with an embodiment of the present invention;
fig. 7 is a flowchart of a data encryption method according to a second embodiment of the present invention;
fig. 8 is a flowchart of a data decryption method according to a third embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example one
Fig. 1 is a schematic structural diagram of a data encryption and decryption system according to an embodiment of the present invention, where the system includes: a control module 110, an encryption module 120 and a decryption module 130 connected to the control module 110; a key expansion module 140 coupled to the control module 110, and a storage module 150 coupled to the control module 110 and to the key expansion module 140.
The control module 110 is a module for controlling execution of an Advanced Encryption Standard (AES) Encryption and decryption algorithm, the control module 110 is responsible for data interaction with a bus, controlling an Encryption and decryption process and controlling a key expansion process, the Encryption module 120 is responsible for encrypting data to be encrypted, and the decryption module 130 is responsible for decrypting data to be decrypted. The AES is a block cipher system, the block length is 128 bits, the key length can be 3 kinds of 128, 192 and 256 bits, the unit of processing of AES encryption algorithm is byte, the block information of 128 bits is divided into 16 bytes, the concept of matrix is introduced in ASE algorithm, 16 bytes of grouping are copied to a 4*4 matrix according to the order, called as state, all transformations in AES are based on the transformation of state, AES transformation is realized by round function through multi-round iteration, according to the difference of key length, the iteration times of round function are different, corresponding to the above 3 key lengths, the iteration times are 10, 12 and 14 rounds respectively, in this embodiment, the description is given when the AES key length is 128 bits.
Optionally, the control module 110 is configured to obtain data to be encrypted, data to be decrypted and a key, send the data to be encrypted to the encryption module 120, send the data to be decrypted to the decryption module 130, and send the key to the key expansion module 140; the encryption module 120 is configured to determine an encryption round, obtain a first extraction key corresponding to the encryption round, and encrypt the received data to be encrypted according to the first extraction key to generate final encrypted data, where a period of a tail round in the encryption round is smaller than a period of a common encryption round; the decryption module 130 is configured to determine a decryption round, obtain a second extraction key corresponding to the decryption round, and decrypt the received data to be decrypted according to the second extraction key to generate final decrypted data, where a first round period in the decryption round is smaller than a common decryption round period; the key expansion module 140 is configured to expand the received key to generate a round key, determine an index value corresponding to the round key, and send the round key and the index value to the storage module 150; and a storage module 150 for receiving and storing the round key and the index value.
Specifically, the control module 110 is a controller, and the controller may acquire data to be encrypted and decrypted stored in the internal configuration register by the bus, send the data to be encrypted to the encryption module 120, and send the data to be decrypted to the decryption module 130. When each round of encryption is performed, the encryption module 120 may determine the current encryption round, acquire the first extraction key corresponding to the encryption round, encrypt the received data to be encrypted according to the first extraction key to generate final encrypted data, and determine the encryption round because the cycle of the tail round is smaller than the cycle of the ordinary encryption round, so that the encryption module 120 may perform different encryption processes on the tail round and the ordinary encryption round to generate the final encrypted data, so as to save the cycle. Similarly, when the decryption module 130 performs each round of decryption, it may also determine the current decryption round, acquire the second extraction key corresponding to the decryption round, and encrypt the received data to be decrypted according to the second extraction key to generate final decrypted data, where a first round period in the decryption round is smaller than a common decryption round period, so that the decryption module 130 performs different decryption processes on the first round and the common decryption round to generate final decrypted data.
Specifically, the control module 110 may further obtain a key stored in the internal configuration register by the bus, and send the key to the key expansion module 140; the key expansion module 140 may expand the received key to generate a round key, and may determine an index value corresponding to the round key, where the index value is used to indicate an encryption round or a decryption round corresponding to the round key, for example, A1 may represent a round key corresponding to a first round of encryption, and B1 may represent a round key corresponding to a first round of decryption.
Specifically, when the key expansion module 140 performs key expansion, the round key is continuously transmitted to the storage module 150 for storage, and an index value corresponding to the round key is attached, and when it needs to be described, taking AES128 as an example, when the key expansion module 140 generates the round key for the encryption module 120, the order of the generated round key index values is A1, A2 … … a10, and when the key expansion module 140 generates the round key for the decryption module 130, the order of the generated round key index values is B10, B9 … … B1, and the first round of the decryption module 130 needs to use the round key generated last time by the key expansion module 140.
Optionally, the encryption module 120 is further configured to send the encryption round to the control module 110; the control module 110 is configured to generate a first extraction instruction according to the received encryption round, and send the first extraction instruction to the storage module 150; the storage module 150 is configured to determine an index value matching the received first extraction instruction, use a round key corresponding to the index value as a first extraction key, and send the first extraction key to the control module 110; a control module 110 for sending the received first extraction key to the encryption module 120; the encryption module 120 is configured to encrypt the data to be encrypted according to the received first extraction key to generate final encrypted data.
Specifically, in the process of encrypting, the encryption module 120 determines a current encryption round first, and then sends the encryption round to the control module 110, the control module 110 may generate a first extraction instruction according to the received encryption round, and extract a corresponding round key from the storage module 150 as a first extraction key through the first extraction instruction, and finally, the control module 110 sends the first extraction key to the encryption module 120, so that the encryption module 120 encrypts the data to be encrypted according to the first extraction key to generate final encrypted data. For example, when the encryption round determined by the encryption module 120 is the second round, the first extraction instruction includes A2, that is, the round key corresponding to the extraction index value A2 is taken as the first extraction key.
Fig. 2 is a schematic structural diagram of a data encryption and decryption system according to an embodiment of the present invention, in fig. 2, an encryption module 120 includes: the general encryption processing unit 121 and the tail processing unit 122, the decryption module 130 includes: a general decryption processing unit 132 and a header processing unit 131.
Optionally, the encryption module 120 includes: a normal encryption processing unit 121 and a tail processing unit 122; the common encryption processing unit 121 is configured to perform byte substitution, row shifting, column mixing, and round key addition processing on data to be encrypted in a common encryption round to generate initial encrypted data, and send the initial encrypted data to the tail processing unit 122, where the common encryption round is a round except a tail round in an encryption round; and a tail processing unit 122, configured to perform byte substitution, line shift, and round key addition processing on the received initial encrypted data at a tail round to generate final encrypted data.
Specifically, the encryption module 120 includes a normal encryption processing unit 121 and a tail processing unit 122, where the normal encryption processing unit 121 performs byte substitution, row shifting, column mixing and round key addition on data to be encrypted, the tail processing unit 122 does not include the step of column mixing, and the tail processing unit 122 is configured to process an encryption process of a last round. The byte substitution refers to a process of substituting a specified byte in the data to be encrypted through a predefined substitution table. Line shifting refers to a linear transformation whose purpose is to achieve sufficient chaos of the data to be encrypted, to improve the non-linearity, with line shifting every time a state is reachedThe inter-row shifting is specifically performed by circularly shifting each row, the shifting bit number is byte unit, the lowest byte is shifted to the high bit, the high byte is shifted to the low bit, namely circularly right shifting, the shifting byte number is determined according to the row number, the 0 th row is not shifted, the first row is circularly right shifted by one byte, the second row is two, and the like. Column blending is a linear transformation of the columns of states, each column of states having 4 bytes, the column transformation being the taking of a column from a state, expressed in polynomial form, multiplying it by a fixed polynomial a (x), and then modulo the result by x 4 + l. The round key addition means that each byte of the round key is XOR-ed with each byte in the state respectively to realize the mixing of the password and the key.
Optionally, the decryption module 130 is further configured to send the decryption round to the control module 110; the control module 110 is configured to generate a second extraction instruction according to the received decryption round, and send the second extraction instruction to the storage module 150; the storage module 150 is configured to determine an index value matching the received second extraction instruction, use a round key corresponding to the index value as a second extraction key, and send the second extraction key to the control module 110; the control module 110 is configured to send the received second extraction key to the decryption module 130; and the decryption module 130 is configured to decrypt the data to be decrypted according to the received second extraction key to generate final decrypted data.
Specifically, during the decryption process of the decryption module 130, a current decryption round is determined first, and then the decryption round is sent to the control module 110, the control module 110 may generate a second extraction instruction according to the received decryption round, and extract a corresponding round key from the storage module 150 as a second extraction key through the second extraction instruction, and finally, the control module 110 sends the second extraction key to the decryption module 130, so that the decryption module 130 decrypts the data to be decrypted according to the second extraction key to generate final decrypted data. For example, when the decryption round determined by the decryption module 130 is the second round, the second extraction instruction includes B2, that is, the round key corresponding to the extraction index value B2 is taken as the second extraction key.
Optionally, the decryption module 130 includes: a general decryption processing unit 132 and a header processing unit 131; the head processing unit 131 is configured to perform inverse byte substitution, inverse shift, and round key encryption processing on the first round to be decrypted to generate initial decrypted data, and send the initial decrypted data to the ordinary decryption processing unit 132; and the ordinary decryption processing unit 132 is configured to perform inverse byte substitution, inverse row shift, inverse column mixing, and round key encryption processing on the received initial decrypted data at the ordinary decryption round to generate final decrypted data, where the ordinary decryption round is a round except a first round in the decryption round.
Specifically, the decryption module 130 includes a general decryption processing unit 132 and a header processing unit 131, the general decryption processing unit 132 performs inverse byte substitution, inverse row shift, inverse column mixing and round key addition on data to be decrypted, the header processing unit 131 does not include the step of inverse column mixing, and the header processing unit 131 is configured to process a first round of decryption process. Wherein, the reverse byte substitution, the reverse row shift and the reverse column mixing are reverse transformations corresponding to the byte substitution, the row shift and the column mixing.
Fig. 3 is a schematic diagram of a connection relationship of a module circuit in a data encryption and decryption system according to this embodiment, where fig. 3 includes a connection relationship among a control module, a key expansion module, a storage module, a normal encryption processing unit, a tail processing unit, a header processing unit, and a normal decryption processing unit, and a direction of an arrow indicates a data transmission direction.
Further, in the process of performing encryption, the key expansion and the encryption process are parallel, which can save round key generation time in the encryption process, taking AES128 as an example, 10 clock cycles can be saved, fig. 4 is a schematic diagram of a process for implementing a common AES algorithm in the present embodiment, in fig. 4, after data to be encrypted or decrypted is input, key expansion is performed first, 11 cycles are consumed by the first round of key expansion to the last round of key expansion, and then the data encryption and decryption are performed, 18 cycles are consumed by the first round of encryption and decryption cycles to the last round of encryption and decryption cycles, and 29 cycles are consumed in total. Fig. 5 is a schematic diagram of a data encryption implementation process provided in this embodiment, in fig. 5, step 1 represents byte substitution and row shifting performed by the normal encryption processing unit 121, step 2 represents column mixing and round key addition performed by the normal encryption processing unit 121, each step consumes 1 cycle, the tail processing unit 122 consumes 1 cycle, and 19 cycles are consumed in total for processing the data M1 to be encrypted, and key expansion is parallel to the encryption process, and only one cycle needs to be added to implement processing of the data M2 to be encrypted.
It should be noted that, since decryption needs to use the round key upside down, rather than using the round key just like encryption, decryption needs to wait for all round keys to be generated before decryption, fig. 6 is a schematic diagram of a data decryption implementation process according to this embodiment, in fig. 6, key expansion consumes 10 cycles in total, the header processing unit 131 consumes 1 cycle, step 1 represents inverse byte substitution and inverse shift performed by the normal decryption processing unit 132, step 2 represents inverse column mixing and round key encryption performed by the normal decryption processing unit 132, each step consumes 1 cycle, and processing the data N1 to be decrypted consumes 28 cycles in total, if processing the data N2 to be decrypted at the same time, 30 cycles are consumed. Compared with the implementation process of the common AES algorithm, the period is saved in both the encryption process and the decryption process, and the processing efficiency is improved.
Optionally, the encryption module 120 is configured to send the final encrypted data to the storage module 150; a decryption module 130 for sending the final decrypted data to the storage module 150; and a storage module 150 for storing the received final encrypted data and the final decrypted data.
Specifically, the encryption module 120 may further send the final encrypted data to the storage module 150, the decryption module 130 may also send the final decrypted data to the storage module 150, and the storage module 150 may store the received final encrypted data and the final decrypted data, where the storage may be performed by a storage device disposed inside the storage module 150, and the storage device may be a computer disk, a hard disk, a Random Access Memory (RAM), a Read Only Memory (ROM), an erasable programmable read only memory (EPROM or flash memory), an optical fiber, a portable compact disc read only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
According to the technical scheme of the embodiment of the invention, the encryption module is used for receiving the data to be encrypted sent by the control module, the tail wheel and the common encryption wheel are processed separately according to the encryption round, the decryption module is also used for receiving the data to be decrypted, and the first wheel and the common decryption wheel are processed separately according to the decryption round, so that the processing period is saved, and the processing efficiency is improved.
Example two
Fig. 7 is a flowchart of a data encryption method according to a second embodiment of the present invention, which is applicable to an AES encryption scenario in this embodiment. As shown in fig. 7, the method includes:
s210, obtaining the data to be encrypted and the secret key through the control module, sending the data to be encrypted to the encryption module, and sending the secret key to the secret key expansion module.
Specifically, the controller may obtain data to be encrypted, which is stored in the internal configuration register by the bus, and send the data to be encrypted to the encryption module.
S220, the received key is expanded through the key expansion module to generate a round key, an index value corresponding to the round key is determined, and the round key and the index value are sent to the storage module.
Specifically, the control module may further obtain a key stored in an internal configuration register by the bus, and send the key to the key expansion module; the key expansion module can expand the received key to generate a round key and can determine an index value corresponding to the round key. And when the key expansion module expands the key, the round key is continuously transmitted to the storage module to be stored, and the index value corresponding to the round key is attached.
And S230, receiving and storing the round key and the index value through the storage module.
S240, determining an encryption round through the encryption module, acquiring a first extraction key corresponding to the encryption round, and encrypting the received data to be encrypted according to the first extraction key to generate final encrypted data.
Specifically, when each round of encryption is performed, the encryption module can determine the current encryption round, acquire a first extraction key corresponding to the encryption round, encrypt the received data to be encrypted according to the first extraction key to generate final encrypted data, and determine the encryption round because the period of the tail round is smaller than the period of the common encryption round, so that the encryption module can perform different encryption processes on the tail round and the common encryption round to generate the final encrypted data, thereby saving the period.
Optionally, the obtaining a first extraction key corresponding to the encryption round includes: sending the encryption round to the control module through the encryption module; generating a first extraction instruction according to the received encryption round through a control module, and sending the first extraction instruction to a storage module; determining an index value matched with the received first extraction instruction through a storage module, taking a round key corresponding to the index value as a first extraction key, and sending the first extraction key to a control module; and sending the received first extraction key to the encryption module through the control module.
Specifically, in the process of encrypting, the encryption module determines a current encryption round first, and then sends the encryption round to the control module, the control module can generate a first extraction instruction according to the received encryption round, and extracts a corresponding round key from the storage module as a first extraction key through the first extraction instruction, and finally, the control module sends the first extraction key to the encryption module, so that the encryption module encrypts the data to be encrypted according to the first extraction key to generate final encrypted data. For example, when the encryption round determined by the encryption module is the second round, the first extraction instruction includes A2, that is, the round key corresponding to the extraction index value A2 is taken as the first extraction key.
According to the technical scheme of the embodiment of the invention, the encryption module is used for receiving the data to be encrypted sent by the control module, the tail wheel and the common encryption wheel are processed separately according to the encryption round, and a parallel processing mode of the key expansion module and the encryption module is adopted, so that the processing period is saved, and the processing efficiency is improved.
EXAMPLE III
Fig. 8 is a flowchart of a data decryption method according to a second embodiment of the present invention, which is applicable to an AES decryption scenario in this embodiment. As shown in fig. 8, the method includes:
s310, obtaining the key through the control module, and sending the key to the key expansion module.
S320, expanding the received key through the key expansion module to generate a round key, determining an index value corresponding to the round key, and sending the round key and the index value to the storage module.
Specifically, when the key expansion module performs key expansion, the round key is continuously transmitted to the storage module for storage, and an index value corresponding to the round key is attached, and when the key expansion module generates the round key for the encryption module, taking AES128 as an example, the order of the generated round key index values is A1 and A2 … … a10, and when the key expansion module generates the round key for the decryption module, the order of the generated round key index values is B10 and B9 … … B1, and the first round of the decryption module needs to use the round key generated by the key expansion module last time.
And S330, receiving and storing the round key and the index value through the storage module.
And S340, acquiring the data to be decrypted through the control module, and sending the data to be decrypted to the decryption module.
Specifically, the controller may acquire the data to be decrypted, which is stored in the internal configuration register by the bus, and send the data to be decrypted to the decryption module. When the decryption module performs each round of decryption, the decryption module can also determine the current decryption round, acquire a second extraction key corresponding to the decryption round, and perform encryption on the received data to be decrypted according to the second extraction key to generate final decrypted data, wherein the first round period in the decryption round is smaller than the ordinary decryption round period, so that the decryption module performs different decryption processes on the first round and the ordinary decryption round to generate the final decrypted data.
And S350, determining the decryption round through the decryption module, acquiring a second extraction key corresponding to the decryption round, and decrypting the received data to be decrypted according to the second extraction key to generate final decrypted data. Wherein, the first round period in the decryption round is less than the ordinary decryption round period.
Optionally, obtaining a second extraction key corresponding to the decryption round includes: sending the decryption round to the control module through the decryption module; generating a second extraction instruction according to the received decryption round through the control module, and sending the second extraction instruction to the storage module; determining an index value matched with the received second extraction instruction through a storage module, taking a round key corresponding to the index value as a second extraction key, and sending the second extraction key to a control module; and sending the received second extraction key to the decryption module through the control module.
Specifically, in the process of decryption, the decryption module determines a current decryption round first, and then sends the decryption round to the control module, the control module can generate a second extraction instruction according to the received decryption round, and extracts a corresponding round key from the storage module through the second extraction instruction to serve as a second extraction key, and finally, the control module sends the second extraction key to the decryption module, so that the decryption module decrypts the data to be decrypted according to the second extraction key to generate final decrypted data. For example, when the decryption round determined by the decryption module is the second round, the second extraction instruction includes B2, that is, the round key corresponding to the extraction index value B2 is taken as the second extraction key.
According to the technical scheme of the embodiment of the invention, the data to be decrypted sent by the control module is received by the decryption module, and the first round and the common decryption round are processed separately according to the decryption round, so that the processing period is saved, and the processing efficiency is improved.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present invention may be executed in parallel, sequentially, or in different orders, and are not limited herein as long as the desired result of the technical solution of the present invention can be achieved.
The above-described embodiments should not be construed as limiting the scope of the invention. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A data encryption/decryption system, comprising: the control module comprises an encryption module, a decryption module and a key expansion module which are connected with the control module, and a storage module which is connected with the control module and the key expansion module;
the control module is used for acquiring data to be encrypted, data to be decrypted and a secret key, sending the data to be encrypted to the encryption module, sending the data to be decrypted to the decryption module and sending the secret key to the secret key expansion module;
the encryption module is used for determining an encryption round, acquiring a first extraction key corresponding to the encryption round, and encrypting the received data to be encrypted according to the first extraction key to generate final encrypted data, wherein the period of a tail round in the encryption round is smaller than the period of a common encryption round;
the decryption module is used for determining a decryption round, acquiring a second extraction key corresponding to the decryption round, and decrypting the received data to be decrypted according to the second extraction key to generate final decrypted data, wherein the first round period in the decryption round is less than the ordinary decryption round period;
the key expansion module is used for expanding the received key to generate a round key, determining an index value corresponding to the round key, and sending the round key and the index value to the storage module;
and the storage module is used for receiving and storing the round key and the index value.
2. The system of claim 1, wherein the encryption module is further configured to send the encryption round to the control module;
the control module is used for generating a first extraction instruction according to the received encryption round and sending the first extraction instruction to the storage module;
the storage module is configured to determine the index value matched with the received first extraction instruction, use the round key corresponding to the index value as a first extraction key, and send the first extraction key to the control module;
the control module is used for sending the received first extraction key to the encryption module;
and the encryption module is used for encrypting the data to be encrypted according to the received first extraction key to generate the final encrypted data.
3. The system of claim 1, wherein the decryption module is further configured to send the decryption round to the control module;
the control module is used for generating a second extraction instruction according to the received decryption round and sending the second extraction instruction to the storage module;
the storage module is configured to determine the index value matched with the received second extraction instruction, use the round key corresponding to the index value as a second extraction key, and send the second extraction key to the control module;
the control module is used for sending the received second extraction key to the decryption module;
and the decryption module is used for decrypting the data to be decrypted according to the received second extraction key to generate the final decrypted data.
4. The system according to claim 2 or 3, wherein the encryption module is configured to send the final encrypted data to the storage module;
the decryption module is used for sending the final decrypted data to the storage module;
and the storage module is used for storing the received final encrypted data and the final decrypted data.
5. The system of claim 2, wherein the encryption module comprises: a common encryption processing unit and a tail processing unit;
the common encryption processing unit is used for performing byte substitution, row shifting, column mixing and round key addition processing on the data to be encrypted at a common encryption wheel to generate initial encryption data, and sending the initial encryption data to the tail processing unit, wherein the common encryption wheel is a round except a tail wheel in the encryption round;
and the tail processing unit is used for carrying out byte substitution, line shift and round key addition processing on the received initial encrypted data at a tail wheel to generate the final encrypted data.
6. The system of claim 3, wherein the decryption module comprises: a general decryption processing unit and a header processing unit;
the head processing unit is used for carrying out reverse byte substitution, reverse shift and round key encryption processing on the data to be decrypted in the first round to generate initial decrypted data and sending the initial decrypted data to the common decryption processing unit;
the ordinary decryption processing unit is configured to perform inverse byte substitution, inverse row shift, inverse column mixing, and round key encryption processing on the initial decryption data received by an ordinary decryption round to generate the final decryption data, where the ordinary decryption round is a round except a first round in the decryption rounds.
7. A data encryption method applied to the encryption and decryption system according to any one of claims 1 to 6, comprising:
acquiring data to be encrypted and a secret key through a control module, sending the data to be encrypted to an encryption module, and sending the secret key to a secret key expansion module;
expanding the received key through the key expansion module to generate a round key, determining an index value corresponding to the round key, and sending the round key and the index value to a storage module;
receiving and storing the round key and the index value through the storage module;
and determining an encryption round through the encryption module, acquiring a first extraction key corresponding to the encryption round, and encrypting the received data to be encrypted according to the first extraction key to generate final encrypted data, wherein the period of a tail round in the encryption round is smaller than the period of a common encryption round.
8. The method according to claim 7, wherein the obtaining the first extraction key corresponding to the encryption round comprises:
sending the encryption round to the control module through the encryption module;
generating a first extraction instruction according to the received encryption round through the control module, and sending the first extraction instruction to the storage module;
determining the index value matched with the received first extraction instruction through the storage module, taking the round key corresponding to the index value as a first extraction key, and sending the first extraction key to the control module;
and sending the received first extraction key to the encryption module through the control module.
9. A data decryption method applied to the encryption and decryption system according to any one of claims 1 to 6, comprising:
acquiring a key through the control module, and sending the key to a key expansion module;
expanding the received key through the key expansion module to generate a round key, determining an index value corresponding to the round key, and sending the round key and the index value to a storage module;
receiving and storing the round key and the index value through the storage module;
acquiring data to be decrypted through a control module, and sending the data to be decrypted to a decryption module;
and determining a decryption round through the decryption module, acquiring a second extraction key corresponding to the decryption round, and decrypting the received data to be decrypted according to the second extraction key to generate final decrypted data, wherein the first round period in the decryption round is less than the ordinary decryption round period.
10. The method of claim 9, wherein obtaining the second extraction key corresponding to the decryption round comprises:
sending the decryption round to the control module through the decryption module;
generating a second extraction instruction according to the received decryption turn through the control module, and sending the second extraction instruction to the storage module;
determining the index value matched with the received second extraction instruction through the storage module, taking the round key corresponding to the index value as a second extraction key, and sending the second extraction key to the control module;
and sending the received second extraction key to the decryption module through the control module.
CN202211384036.5A 2022-11-07 2022-11-07 Data encryption and decryption system, data encryption method and data decryption method Pending CN115834044A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211384036.5A CN115834044A (en) 2022-11-07 2022-11-07 Data encryption and decryption system, data encryption method and data decryption method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211384036.5A CN115834044A (en) 2022-11-07 2022-11-07 Data encryption and decryption system, data encryption method and data decryption method

Publications (1)

Publication Number Publication Date
CN115834044A true CN115834044A (en) 2023-03-21

Family

ID=85526858

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211384036.5A Pending CN115834044A (en) 2022-11-07 2022-11-07 Data encryption and decryption system, data encryption method and data decryption method

Country Status (1)

Country Link
CN (1) CN115834044A (en)

Similar Documents

Publication Publication Date Title
US7561689B2 (en) Generating keys having one of a number of key sizes
US10320554B1 (en) Differential power analysis resistant encryption and decryption functions
KR20020006475A (en) Encryption device, decryption device, expanded key generating device, expanded key generating method and recording medium
JP2005531023A (en) Round key generation for AES (Rijndael) block ciphers
RU2000122712A (en) METHOD FOR ENCRYPTION, DEVICE FOR ENCRYPTION, METHOD FOR DECryption, AND DEVICE FOR DECryption
CN116488794B (en) Method and device for realizing high-speed SM4 password module based on FPGA
US11258579B2 (en) Method and circuit for implementing a substitution table
CN101378314A (en) Method for generating key sequence and apparatus for generating cipher key
EP3272060B1 (en) Datastream block encryption
US9418245B2 (en) Encryption processing device, encryption processing method, and program
US20040252831A1 (en) Key expander, key expansion method, and key expansion program
KR100734877B1 (en) ARIA crypto module and method
US20150058639A1 (en) Encryption processing device and storage device
CN104219045A (en) RC4 (Rivest cipher 4) stream cipher generator
US20120321079A1 (en) System and method for generating round keys
US20240097880A1 (en) High-speed circuit combining aes and sm4 encryption and decryption
CN116684067A (en) AES encryption and decryption device and method
CN115834044A (en) Data encryption and decryption system, data encryption method and data decryption method
CN112887800B (en) Method for PVR encryption protection of set top box
CN110071927B (en) Information encryption method, system and related components
JP4287397B2 (en) Ciphertext generation apparatus, ciphertext decryption apparatus, ciphertext generation program, and ciphertext decryption program
EP1629626B1 (en) Method and apparatus for a low memory hardware implementation of the key expansion function
KR100494560B1 (en) Real time block data encryption/decryption processor using Rijndael block cipher and method therefor
US7564972B2 (en) Arithmetic device and encryption/decryption device
CN115801227B (en) Method and device for generating substitution table

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination