CN116090029B - Encryption circuit - Google Patents

Encryption circuit Download PDF

Info

Publication number
CN116090029B
CN116090029B CN202310039692.XA CN202310039692A CN116090029B CN 116090029 B CN116090029 B CN 116090029B CN 202310039692 A CN202310039692 A CN 202310039692A CN 116090029 B CN116090029 B CN 116090029B
Authority
CN
China
Prior art keywords
gate
operation unit
input end
input
exclusive
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310039692.XA
Other languages
Chinese (zh)
Other versions
CN116090029A (en
Inventor
朱敏
范炯
孙进军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuxi Muchuang Integrated Circuit Design Co ltd
Original Assignee
Wuxi Muchuang Integrated Circuit Design Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuxi Muchuang Integrated Circuit Design Co ltd filed Critical Wuxi Muchuang Integrated Circuit Design Co ltd
Priority to CN202310039692.XA priority Critical patent/CN116090029B/en
Publication of CN116090029A publication Critical patent/CN116090029A/en
Application granted granted Critical
Publication of CN116090029B publication Critical patent/CN116090029B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Logic Circuits (AREA)

Abstract

The application provides an encryption circuit which can be used in the technical field of chips. The encryption circuit includes: a register module including a plurality of registers; a counter module configured to generate a first count signal and a second count signal based on the clock signal; a state machine module configured to connect the counter module, the state machine module configured to generate a state signal based on the function select signal, the first count signal, and the second count signal; the computing module comprises a plurality of computing units, wherein the computing units are configured to process input data of the computing units by utilizing computing logic determined based on the computing units, so as to obtain output data of the computing units; and a control module configured to control input data of the input terminals of the plurality of operation units and data in the plurality of registers based on the function selection signal, the first count signal, the second count signal, and the status signal, in a case where the start signal is received.

Description

Encryption circuit
Technical Field
The present application relates to the field of chip technologies, and in particular, to the field of information security, and more specifically, to an encryption circuit.
Background
In the field of information security, the encryption technology may be to convert data into ciphertext by using various encryption algorithms, transmit the ciphertext, and restore the ciphertext to obtain original data by using a corresponding decryption algorithm after the ciphertext reaches a destination. Among various encryption algorithms, the hash algorithm is one of the most used encryption algorithms, and it is widely used in various security applications and network protocols.
In the related art, a design for an encryption circuit based on a hash algorithm generally lays out and uses a plurality of adders, exclusive-or gates, and the like in accordance with the principle of the algorithm. Under the scene of mixed application of a plurality of encryption algorithms, the hardware multiplexing rate of the encryption circuit designed by adopting the method of the related technology is lower, and the performance cannot be improved while occupying a larger hardware area.
Disclosure of Invention
In view of this, the present application provides an encryption circuit including:
a register module including a plurality of registers;
a counter module configured to generate a first count signal and a second count signal based on the clock signal;
a state machine module configured to connect the counter module, the state machine module configured to generate a state signal based on a function select signal, the first count signal, and the second count signal, wherein a value of the function select signal represents a selected target encryption algorithm;
an arithmetic module including a plurality of arithmetic units configured to process input data of the arithmetic units using arithmetic logic determined based on the arithmetic units, resulting in output data of the arithmetic units; and
And the control module is configured to control the input data of the input ends of the plurality of operation units and the data in the plurality of registers based on the function selection signal, the first count signal, the second count signal and the state signal under the condition that the starting signal is received, so as to control the plurality of operation units to encrypt plaintext data by utilizing the target encryption algorithm to obtain ciphertext data.
According to the embodiment of the application, the target encryption algorithm used is determined by receiving the function selection signal, the control module can control the data in each register and the input data of each operation unit based on the state signal, the first counting signal and the second counting signal, and multiplexing of a plurality of encryption algorithms to the register and the operation unit can be realized, so that the technical problem that the hardware multiplexing rate of the encryption circuit is low in the related art is at least partially overcome, the hardware multiplexing rate and performance of the encryption circuit are effectively improved, and the area of the encryption circuit is reduced.
Drawings
The above and other objects, features and advantages of the present application will become more apparent from the following description of embodiments thereof with reference to the accompanying drawings in which.
Fig. 1 schematically shows a schematic diagram of an encryption circuit according to an embodiment of the present application.
Fig. 2 schematically shows a schematic diagram of an encryption circuit according to another embodiment of the present application.
Fig. 3A schematically shows a schematic diagram of a first function operation unit according to an embodiment of the present application.
Fig. 3B schematically shows a schematic diagram of a second function operation unit according to an embodiment of the present application.
Fig. 3C schematically shows a schematic diagram of a third function operation unit according to an embodiment of the present application.
Fig. 3D schematically shows a schematic diagram of a fourth function operation unit according to an embodiment of the present application.
Fig. 3E schematically shows a schematic diagram of an exclusive-or operation unit according to an embodiment of the present application.
Fig. 4 schematically shows a schematic diagram of a counter module according to an embodiment of the present application.
Fig. 5 schematically shows a workflow diagram of a counter module and a state machine module according to an embodiment of the present application.
Fig. 6 schematically shows a schematic diagram of an encryption circuit according to a further embodiment of the present application.
Description of the embodiments
Hereinafter, embodiments of the present application will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present application. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present application. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present application.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a formulation similar to at least one of "A, B or C, etc." is used, in general such a formulation should be interpreted in accordance with the ordinary understanding of one skilled in the art (e.g. "a system with at least one of A, B or C" would include but not be limited to systems with a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
In the field of information security, the encryption technology may be to convert data into ciphertext by using various encryption algorithms, transmit the ciphertext, and restore the ciphertext to obtain original data by using a corresponding decryption algorithm after the ciphertext reaches a destination. Among various encryption algorithms, a hash algorithm, particularly a secure hash algorithm, is one of the most used encryption algorithms, and is widely used in various security applications and network protocols.
In the related art, a design for an encryption circuit based on a hash algorithm generally uses a plurality of adders and exclusive-or gates in a layout according to an algorithm principle, or uses only 1 adder and exclusive-or gate in a circuit, and uses the encryption circuit by means of control logic written in a control chip. Under the scene of mixed application of a plurality of encryption algorithms, the hardware multiplexing rate of the encryption circuit designed by adopting the method of the related technology is lower, and the performance cannot be improved while occupying a larger hardware area.
In view of this, the embodiment of the application provides an encryption circuit, which can improve the hardware multiplexing rate when a plurality of encryption algorithms are applied in a composite way, and is suitable for application scenes with higher requirements on performance and area. Specifically, the encryption circuit includes: a register module including a plurality of registers; a counter module configured to generate a first count signal and a second count signal based on the clock signal; a state machine module configured to connect the counter module, the state machine module configured to generate a state signal based on the function select signal, the first count signal, and the second count signal, wherein a value of the function select signal represents the selected target encryption algorithm; the computing module comprises a plurality of computing units, wherein the computing units are configured to process input data of the computing units by utilizing computing logic determined based on the computing units, so as to obtain output data of the computing units; and the control module is configured to control the input data of the input ends of the plurality of operation units and the data in the plurality of registers based on the function selection signal, the first count signal, the second count signal and the state signal under the condition that the starting signal is received, so as to control the plurality of operation units to encrypt the plaintext data by utilizing the target encryption algorithm to obtain ciphertext data.
Fig. 1 schematically shows a schematic diagram of an encryption circuit according to an embodiment of the present application.
As shown in fig. 1, the encryption circuit may include a register module 10, a counter module 20, a state machine module 30, an operation module 40, and a control module 50.
According to embodiments of the present application, the register module 10 may include a plurality of registers, the number of registers not being limited herein, for example, the number of registers included in the register module 10 may be configured according to a maximum number of registers required for a plurality of encryption algorithms configured for the encryption circuit. Each register included in the register module 10 may be used to store initial parameters corresponding to each encryption algorithm, externally input plaintext data to be encrypted, data generated during an encryption operation, and the like.
According to an embodiment of the present application, the register module 10 may be electrically connected to the control module 50, or, as an alternative implementation, at least some of the plurality of registers included in the register module 10 may be directly electrically connected to the operation module 40.
According to an embodiment of the present application, the counter module 20 may be configured to generate the first count signal step_cnt and the second count signal round_cnt based on the clock signal CLK.
According to embodiments of the present application, the clock signal CLK may be a signal provided by other controllers or terminals with a fixed period, e.g., the clock signal CLK may be a periodic step signal.
According to an embodiment of the present application, the first count signal step_cnt and the second count signal round_cnt may be represented as one count value, respectively, which may be adjusted at a fixed time of each period of the clock signal CLK, for example, the count value may be adjusted at a start time or an end time of each period of the clock signal CLK.
According to embodiments of the present application, counter module 20 may be electrically connected to control module 50 and state machine module 30, respectively.
According to an embodiment of the present application, the STATE machine module 30 may be configured to generate the STATE signal STATE based on the function selection signal FUNC, the first count signal step_cnt, and the second count signal round_cnt.
According to an embodiment of the present application, the function selection signal FUNC may represent a function selection value, which may represent a selected target encryption algorithm. The correspondence between the function selection value and the target encryption algorithm may be set according to a specific application scenario, for example, the selectable target encryption algorithm includes SM3, SHA-256 and SHA-1, and the correspondence between the function selection value and the target encryption algorithm may be: 0 is SHA-1,1 is SHA-256, and 2 is SM3.
According to an embodiment of the present application, the STATE signal STATE may represent a STATE value, which may represent different STATEs in which the encryption circuit is located, and by switching the STATE signal STATE, the control module may be caused to operate different control logic.
According to embodiments of the present application, the state machine module 30 may be electrically connected with the control module 50.
According to an embodiment of the present application, the operation module 40 may include a plurality of operation units, and the operation units may be configured to process input data of the operation units using operation logic determined based on the operation units, resulting in output data of the operation units.
According to an embodiment of the present application, the control module 50 may be configured to control input data of the input terminals of the plurality of operation units and data in the plurality of registers based on the function selection signal FUNC, the first count signal step_cnt, the second count signal round_cnt, and the status signal STATE to control the plurality of operation units to encrypt plaintext data using the target encryption algorithm to obtain ciphertext data.
According to an embodiment of the present application, the control module 50 may be constituted by a control chip in which the control logic of the respective encryption algorithm may be written in advance.
According to an embodiment of the present application, the START signal START may be a level signal for controlling the control module 50 to enter an operation state.
According to the embodiment of the application, the control module can control the data in each register and the input data of each operation unit based on the STATE signal STATE, the first count signal step_cnt and the second count signal round_cnt by receiving the function selection signal to determine the used target encryption algorithm, and multiplexing the registers and the operation units by multiple encryption algorithms can be realized, so that the technical problem that the hardware multiplexing rate of the encryption circuit is low in the related art is at least partially overcome, the hardware multiplexing rate and performance of the encryption circuit are effectively improved, and the area of the encryption circuit is reduced.
The encryption circuit shown in fig. 1 is further described with reference to fig. 2, 3A to 3E, and 4 to 6 in conjunction with an embodiment.
Fig. 2 schematically shows a schematic diagram of an encryption circuit according to another embodiment of the present application.
As shown in fig. 2, the plurality of operation units included in the operation module 40 may include a first function operation unit 41, a second function operation unit 42, a third function operation unit 43, a fourth function operation unit 44, an exclusive or operation unit 45, a first addition operation unit 46, a second addition operation unit 47, a third addition operation unit 48, and a parameter operation unit 49.
According to an embodiment of the present application, the input terminal vin1 of the first function operation unit 41 may be configured to be connected to the register module 10, and the output terminal vout1 of the first function operation unit 41 may be configured to be connected to the control module 50.
According to an embodiment of the present application, the input vin2 of the second function operation unit 42 may be configured to be connected to the register module 10, and the output vout2 of the second function operation unit 42 may be configured to be connected to the control module 50.
According to an embodiment of the present application, the input vin3 of the third function operation unit 43 may be configured to be connected to the register module 10, and the output vout3 of the third function operation unit 43 may be configured to be connected to the control module 50.
According to an embodiment of the present application, the input vin4 of the fourth function operation unit 44 may be configured to be connected to the register module 10, and the output vout4 of the fourth function operation unit 44 may be configured to be connected to the control module 50.
According to an embodiment of the present application, the first input terminal vin5_1, the second input terminal vin5_2, and the third input terminal vin5_3 of the exclusive-or operation unit 45 may be configured to be connected to the control module 50, respectively, and the output terminal vout5 of the exclusive-or operation unit 45 may be configured to be connected to the control module 50.
According to an embodiment of the present application, the first input terminal vin6_1 and the second input terminal vin6_2 of the first adding unit 46 may be configured to be connected to the control module 50, respectively, and the output terminal vout6 of the first adding unit 46 may be configured to be connected to the control module 50.
According to an embodiment of the present application, the first input terminal vin7_1 and the second input terminal vin7_2 of the second adding unit 47 may be configured to be connected to the control module 50, respectively, and the output terminal vout7 of the second adding unit 47 may be configured to be connected to the control module 50.
According to an embodiment of the present application, the first input terminal vin8_1, the second input terminal vin8_2, the third input terminal vin8_3, and the fourth input terminal vin8_4 of the third adding unit 48 may be configured to be connected to the control module 50, respectively, and the output terminal vout8 of the third adding unit 48 may be configured to be connected to the control module 50.
According to an embodiment of the present application, the first input terminal vin9_1 of the parameter operation unit 49 may be configured to be connected to the register module 10, the second input terminal vin9_2 of the parameter operation unit 49 may be configured to be connected to the counter module 20, and the output terminal vout9 of the parameter operation unit 49 may be configured to be connected to the register module 10 and the control module 50, respectively.
Fig. 3A schematically shows a schematic diagram of a first function operation unit according to an embodiment of the present application.
As shown in fig. 3A, the first function operation unit 41 may include a first exclusive or gate XOR1 and a second exclusive or gate XOR2.
According to an embodiment of the present application, the input terminal vin1 of the first function operation unit 41 may include a first input terminal vin1_1, a second input terminal vin1_2, and a third input terminal vin1_3.
According to an embodiment of the present application, the first input terminal and the second input terminal of the first exclusive or gate XOR1 may be configured to be connected to the first input terminal vin1 and the second input terminal vin1_2 of the first function operation unit 41, the output terminal of the first exclusive or gate XOR1 may be configured to be connected to the first input terminal of the second exclusive or gate XOR2, the second input terminal of the second exclusive or gate XOR2 may be configured to be connected to the third input terminal vin1_3 of the first function operation unit, and the output terminal of the second exclusive or gate XOR2 may be configured to be connected to the output terminal vout1 of the first function operation unit.
According to an embodiment of the present application, the first exclusive-or gate XOR1 or the second exclusive-or gate XOR2 may perform an exclusive-or operation on the data input from two input ends thereof, the obtained exclusive-or operation result may be output at an output end thereof, and a truth table of the exclusive-or operation may be as shown in table 1:
TABLE 1
Figure SMS_1
Fig. 3B schematically shows a schematic diagram of a second function operation unit according to an embodiment of the present application.
As shown in fig. 3B, the second function operation unit 42 may include a third exclusive or gate XOR3 and a fourth exclusive or gate XOR4.
According to an embodiment of the present application, the input terminal vin2 of the second function operation unit 42 may include a first input terminal vin2_1, a second input terminal vin2_2, and a third input terminal vin2_3.
According to an embodiment of the present application, the first input terminal and the second input terminal of the third exclusive or gate XOR3 may be configured to be connected to the first input terminal vin2_1 and the second input terminal vin2_2 of the second function operation unit 42, respectively, the output terminal of the third exclusive or gate XOR3 may be configured to be connected to the first input terminal of the fourth exclusive or gate XOR4, the second input terminal of the fourth exclusive or gate XOR4 may be configured to be connected to the third input terminal vin2_3 of the second function operation unit 42, and the output terminal of the fourth exclusive or gate XOR4 may be configured to be connected to the output terminal vout2 of the second function operation unit 42.
According to the embodiment of the application, the third exclusive-or gate XOR3 or the fourth exclusive-or gate XOR4 may perform an exclusive-or operation on the data input from the two input ends thereof, and the obtained exclusive-or operation result may be output at the output end thereof.
Fig. 3C schematically shows a schematic diagram of a third function operation unit according to an embodiment of the present application.
As shown in fig. 3C, the third function operation unit 43 may include a first input control subunit 431, a first AND gate AND1, a second AND gate AND2, an NOT gate NOT, a fifth exclusive OR gate XOR5, a first OR gate OR1, AND a first output control subunit 432.
According to an embodiment of the present application, the input terminal of the first input control subunit 431 may be configured to be connected to the input terminal vin3 of the third function operation unit 43, the first output terminal of the first input control subunit 431 may be configured to be connected to the first input terminal of the first AND gate AND1, the second output terminal of the first input control subunit 431 may be configured to be connected to the second input terminal of the first AND gate AND1, AND to the first input terminal of the second AND gate AND2 through the NOT, the third output terminal of the first input control subunit 431 may be configured to be connected to the second input terminal of the second AND gate AND2, the output terminal of the first AND gate AND1 may be configured to be connected to the first input terminal of the fifth exclusive OR gate XOR5 AND the first input terminal of the first OR gate OR1, respectively, the output terminal of the second AND gate AND2 may be configured to be connected to the second input terminal of the fifth exclusive OR gate XOR5 AND the second input terminal of the first OR gate OR1, respectively, the output terminal of the fifth exclusive OR gate XOR5 AND the first output terminal of the first OR gate unit 432 may be configured to be connected to the first input terminal of the third function operation unit 43.
According to embodiments of the present application, the first input control sub-unit 431 or the first output control sub-unit 432 may be constituted by one switching device or other devices or circuits capable of realizing a similar switching function, such as a MUX selection circuit. The first input control subunit 431 or the first output control subunit 432 may change the logic connection relationship between the input end and the output end according to the control signal input from the outside. For example, the input terminals of the first input control subunit 431 are respectively connected to the register a, the register b, the register c and the register d, and when the externally input control signal is 0, the three output terminals of the first input control subunit 431 may respectively output the data of the register a, the register b and the register c, and when the externally input control signal is 1, the three output terminals of the first input control subunit 431 may respectively output the data of the register b, the register c and the register d.
According to the embodiment of the application, the first AND gate AND1 or the second AND gate AND2 may perform a logical AND operation on the data input from the two input ends thereof, the obtained logical AND operation result may be output at the output end thereof, AND a truth table of the logical AND operation may be as shown in table 2:
TABLE 2
Figure SMS_2
According to the embodiment of the application, the NOT gate NOT can perform inverse processing on the data input by the input end and output the data at the output end, and the truth table can be as shown in table 3:
TABLE 3 Table 3
Figure SMS_3
According to the embodiment of the application, the fifth exclusive-or gate XOR5 may perform an exclusive-or operation on the data input from the two input ends thereof, and the obtained exclusive-or operation result may be output at the output end thereof.
According to the embodiment of the application, the first OR gate OR1 may perform a logical OR operation on the data input from two input ends thereof, the obtained logical OR operation result may be output at the output end thereof, and a truth table of the logical OR operation may be as shown in table 4:
TABLE 4 Table 4
Figure SMS_4
Fig. 3D schematically shows a schematic diagram of a fourth function operation unit according to an embodiment of the present application.
As shown in fig. 3D, the fourth function operation unit 44 may include a second input control subunit 441, a third AND gate AND3, a fourth AND gate AND4, a fifth AND gate AND5, a sixth exclusive OR gate XOR6, a seventh exclusive OR gate XOR7, a second OR gate OR2, a third OR gate OR3, AND a second output control subunit 442.
According to an embodiment of the present application, the input terminal of the second input control subunit 441 may be configured to be connected to the input terminal vin4 of the fourth function operation unit 44, the first output terminal of the second input control subunit 441 may be configured to be connected to the first input terminal of the third AND gate AND3 AND the first input terminal of the fourth AND gate AND4, respectively, the second output terminal of the second input control subunit 441 may be configured to be connected to the second input terminal of the third AND gate AND3 AND the first input terminal of the fifth AND gate AND5, respectively, the third output terminal of the second input control subunit 441 may be configured to be connected to the second input terminal of the fourth AND gate AND4 AND the second input terminal of the fifth AND gate AND5, the output terminal of the third AND gate AND3 may be configured to be connected to the first input terminal of the sixth exclusive OR gate XOR6 AND the first input terminal of the second OR gate OR2, respectively, the output terminal of the fourth AND gate AND4 may be configured to be connected to the second input terminal of the fifth AND gate AND the first input terminal of the fifth AND gate AND the fourth output unit of the fifth AND gate AND 2, the output terminal of the third AND gate AND 7 may be configured to be connected to the first input terminal of the fifth AND gate AND the fourth AND gate AND 7, respectively, the output terminal of the third AND the fifth input unit of the fourth AND gate AND 7 may be configured to be connected to the first input terminal of the fifth AND output terminal of the fourth AND XOR 4.
According to embodiments of the present application, the second input control subunit 441 or the second output control subunit 442 may be constituted by one switching device or other devices or circuits capable of implementing similar switching functions, such as a MUX selection circuit. The second input control subunit 441 or the second output control subunit 442 may change the logic connection relationship between the input terminal and the output terminal according to the control signal input from the outside.
According to the embodiment of the present application, the third AND gate AND3, the fourth AND gate AND4, or the fifth AND gate AND5 may perform a logical AND operation on the data input from the two input terminals thereof, AND the resulting logical AND operation result may be output at the output terminal thereof.
According to the embodiment of the present application, the sixth exclusive or gate XOR6 or the seventh exclusive or gate XOR7 may perform an exclusive or operation on the data input from the two input terminals thereof, and the resultant exclusive or operation result may be output at the output terminal thereof.
According to the embodiment of the application, the second OR gate OR2 OR the third OR gate OR3 may perform a logical OR operation on the data input from the two input ends thereof, and the obtained logical OR operation result may be output at the output end thereof.
Fig. 3E schematically shows a schematic diagram of an exclusive-or operation unit according to an embodiment of the present application.
As shown in fig. 3E, the exclusive or operation unit 45 may include an eighth exclusive or gate XOR8 and a ninth exclusive or gate XOR9.
According to an embodiment of the present application, the first input terminal and the second input terminal of the eighth exclusive-or gate XOR8 are configured to be connected to the first input terminal vin5_1 and the second input terminal vin5_2 of the exclusive-or operation unit 45, respectively, the output terminal of the eighth exclusive-or gate XOR8 is configured to be connected to the first input terminal of the ninth exclusive-or gate XOR9, the second input terminal of the ninth exclusive-or gate XOR9 is configured to be connected to the third input terminal vin5_3 of the exclusive-or operation unit 45, and the output terminal of the ninth exclusive-or gate XOR9 is configured to be connected to the output terminal vout5 of the exclusive-or operation unit 45.
According to the embodiment of the application, the eighth exclusive-or gate XOR8 or the ninth exclusive-or gate XOR9 may perform an exclusive-or operation on the data input from the two input terminals thereof, and the resultant exclusive-or operation result may be output at the output terminal thereof.
According to an embodiment of the present application, the first addition unit 46, the second addition unit 47, or the third addition unit 48 may be constituted by one adder or other devices or circuits capable of realizing the adder function. The first addition unit 46, the second addition unit 47 or the third addition unit 48 may be configured to add the input data at its input to obtain the output data at its output.
According to an embodiment of the present application, the parameter operation unit 49 may be configured by a programmable chip, and the parameter operation unit 49 may be configured to output preset data corresponding to the target encryption algorithm at an output terminal of the parameter operation unit 49 based on the first count signal step_cnt and the second count signal round_cnt.
Fig. 4 schematically shows a schematic diagram of a counter module according to an embodiment of the present application.
As shown in fig. 4, the counter module 20 may include a step counter 21 and a wheel counter 22.
According to an embodiment of the present application, the step counter 21 may be configured to connect the wheel counter 22, the state machine module 30, and the control module 50, respectively, and the step counter 21 may be configured to generate the first count signal step_cnt based on the clock signal CLK.
According to an embodiment of the present application, the round counter 22 may be configured to connect the operation module 40, the state machine module 30, and the control module 50, and the round counter 22 may be configured to generate the second count signal round_cnt based on the clock signal CLK and the first count signal step_cnt.
According to embodiments of the present application, state machine module 30 may be comprised of a state machine that may have three states: IDLE, CALC, FINISH, which represent idle, calculate and complete STATEs, respectively, and accordingly, the STATE signal STATE generated by the STATE machine module 30 may represent one of an idle STATE, a calculate STATE and a complete STATE.
According to an embodiment of the present application, the STATE machine module 30 may be configured to output the STATE signal STATE representing the calculation STATE CALC in case of receiving the START signal START, output the STATE signal STATE representing the completion STATE FINISH in case of the first count signal step_cnt and the second count signal round_cnt satisfying the first preset condition corresponding to the target encryption algorithm, and output the STATE signal STATE representing the IDLE STATE IDLE in case of the second count signal round_cnt satisfying the second preset condition corresponding to the target encryption algorithm.
According to embodiments of the present application, the first preset condition and the second preset condition may be determined according to a specifically selected target encryption algorithm and control logic of the control module 50.
According to the embodiment of the present application, the application of the encryption circuit as described above may be implemented by the control logic included in the control module 50, and the control logic of the control module 50 will be explained below taking SHA-1, SHA-256 and SM3 as examples of the target encryption algorithm. In this embodiment, the target encryption algorithm indicated when the function selection signal FUNC is 0 is SHA-1, the target encryption algorithm indicated when the function selection signal FUNC is 1 is SHA-256, and the target encryption algorithm indicated when the function selection signal FUNC is 2 is SM3.
Fig. 5 schematically shows a workflow diagram of a counter module and a state machine module according to an embodiment of the present application.
As shown in fig. 5, the control module 50 may output two operation status signals, namely a DONE signal DONE and a BUSY status signal BUSY.
According to the embodiment of the present application, after receiving the encryption request, the control module 50 may determine whether to start the encryption process according to the current working status signal, specifically, in the case that the BUSY status signal BUSY is 1, it is determined that the computing core of the control module 50 is already in the working status currently, at this time, the control module 50 may suspend the encryption request, and after the BUSY status signal BUSY is 0, start the encryption process.
According to an embodiment of the present application, after starting the encryption processing procedure, the control module 50 may receive the selected function selection signal FUNC, the plaintext data M to be encrypted, the initial parameter H and the START signal START and set the BUSY status signal BUSY to 1.
According to an embodiment of the present application, the received plaintext data M to be encrypted may be the padded plaintext data, and the size thereof may be 64B. As an alternative embodiment, the total size of the data to be processed may be greater than 64B, where the data may be split into multiple data blocks for processing sequentially, where the initial parameter H may be used for processing the first data block, and where the ciphertext obtained by encrypting the last data block may be used as a parameter for processing the subsequent data block.
According to an embodiment of the present application, the START signal START received by the control module 50 may be transmitted to the counter module 20 and the state machine module 30, respectively, and the state machine module 30 may switch the state machine from the IDLE state IDLE to the computation state CALC in response to the START signal START.
According to an embodiment of the present application, the counter module 20 may perform an adjustment of the first count signal step_cnt and the second count signal round_cnt based on the clock signal CLK in response to the START signal START. Specifically, the step counter 21 may be a 1-bit counter, and the output first count signal step_cnt may be 0 or 1, i.e. the first count signal step_cnt may sequentially vary between 0 and 1 along with the clock period of the clock signal CLK, for example, the first count signal step_cnt is 0 at the 1 st clock period, the first count signal step_cnt is 1 at the 2 nd clock period, the first count signal step_cnt is 0 at the 3 rd clock period, and so on. The step counter 21 may operate in a calculation state CALC. The round counter 22 may be a 7-bit counter, and the value of the second count signal round_cnt outputted by the round counter may be accumulated until reaching a preset value, and the modulation mode may be, for example, in the calculating state CALC, when the first count signal step_cnt is 1, the value of the second count signal round_cnt is increased by 1, and in the completion state FINISH, the value of the second count signal round_cnt is increased by 1 every clock cycle.
According to an embodiment of the present application, the state machine module 30 may control the step counter 21 and the wheel counter 22 to set the values of the first count signal step_cnt and the second count signal round_cnt to initial values, respectively, if the received signal satisfies the first preset condition or the second preset condition.
According to the embodiment of the present application, when the state machine module 30 performs the state switching, different judging conditions, that is, different first preset conditions and second preset conditions, may be applied according to different function selection signals FUNC. Specifically, when the function selection signal func=0, the first preset condition may be expressed as round_cnt=79 and step_cnt=1, and the second preset condition may be expressed as round_cnt=2; when the function selection signal func=1, the first preset condition may be expressed as round_cnt=63 and step_cnt=1, and the second preset condition may be expressed as round_cnt=3; when the function selection signal func=2, the first preset condition may be expressed as round_cnt=63 and step_cnt=1, and the second preset condition may be expressed as round_cnt=0. As an alternative embodiment, since the round counter 22 may set the value of the second count signal round_cnt to an initial value, i.e., set the value of round_cnt to 0, when the first preset condition is satisfied, the second preset condition may be set to an empty condition, i.e., no judgment of the second preset condition is made, when the function selection signal func=2.
According to the embodiment of the present application, the state machine module 30 may switch to the FINISH state FINISH after the first preset condition is satisfied, and may switch to the IDLE state IDLE after the second preset condition is satisfied. At this time, the control module 50 sets the BUSY state signal BUSY to 0 and the DONE signal DONE to 1 after detecting that the state machine module 30 enters the IDLE state IDLE to indicate that encryption is completed.
Fig. 6 schematically shows a schematic diagram of an encryption circuit according to a further embodiment of the present application.
As shown in fig. 6, the register module 10 may include 28 32-bit registers, which are a register a, a register b, a register c, a register d, a register e, a register f, a register g, a register h, a register w0, a register w1, a register w2, a register w3, a register w4, a register w5, a register w6, a register w7, a register w8, a register w9, a register w10, a register w11, a register w12, a register w13, a register w14, a register w15, a register temp1, a register temp2, a register temp3, and a register temp4, respectively.
According to an embodiment of the present application, the control module 50 may control the values in the above-mentioned respective registers based on the function selection signal FUNC, the first count signal step_cnt, the second count signal round_cnt and the status signal STATE, in particular:
When the function selection signal func=0, i.e. the target encryption algorithm is SHA-1, the registers f, g and h are not used, the control module 50 may control the values in the registers a, b, c, d, e to be updated according to the rules shown in table 5. In Table 5, H0, H1, H2, H3, H4, H5, H6 and H7 respectively represent 8 sets of initial value outputs, and the 8 sets of initial value outputs are sequentially spliced to obtain the input initial parameters H and ROTR n (x) May be expressed as an x-cycle right shift by n bits, sum1_out representing the output data of the output terminal vout6 of the first addition unit 46, and sum2_out representing the output data of the output terminal vout7 of the second addition unit 47.
TABLE 5
Figure SMS_5
When the function selection signal func=1, i.e. the target encryption algorithm is SHA-256, the control module 50 may control the values in register a, register b, register c, register d, register e, register f, register g and register to be updated according to the rules as shown in table 6:
TABLE 6
Figure SMS_6
When the function selection signal func=2, i.e. the target encryption algorithm is SM3, the control module 50 may control the values in the register a, the register b, the register c, the register d, the register e, the register f, the register g and the register to be updated according to the rules as shown in table 7.
TABLE 7
Figure SMS_7
In table 7, p0 represents an exclusive or operation, and can be calculated by the formula (1):
Figure SMS_8
in equation (1), temp4 may represent data in register temp 4.
When in IDLE state IDLE and the START signal start=1, the control module 50 may control the values of the register W0, the register W1, the register W2, the register W3, the register W4, the register W5, the register W6, the register W7, the register W8, the register W9, the register W10, the register W11, the register W12, the register W13, the register W14 and the register W15 to be 16 groups of input data to be encrypted, and the 16 groups of input data to be encrypted may be spliced to obtain the plaintext data W to be encrypted.
When in the calculating state CALC and the first count signal step_cnt=0, the control module 50 can update the values of the registers w0 to w14 by using the values of the original registers w1 to w15, respectively, i.e. replace the value of the register w0 with the value of the original register w1, replace the value of the register w1 with the value of the original register w2, and so on. The control module 50 can control the register w15The values are updated according to the following rules: when the target encryption algorithm is SHA-1, the value of the control register w15 is ROTR 31 (w0 # -xor_out), wherein w0 represents the value of the original register w0, xor_out represents the output value of the output terminal vout5 of the exclusive-or operation unit 45; when the target encryption algorithm is SHA-256, the value of the control register w15 is sum3_out, where sum3_out represents the output value of the output terminal vout8 of the third adding unit 48; when the target encryption algorithm is SM3, the value of the control register w15 is wj, where wj can be calculated by equation (2):
Figure SMS_9
In formula (2), wi represents data in the register wi, i=0, 1, …,15.
The control module 50 may control the value of the register temp1 to be updated when the state CALC is calculated and the first count signal step_cnt is 0 according to the following rule: when the target encryption algorithm is SHA-1, the value of the control register temp1 is sum3_out; when the target encryption algorithm is SHA-256, the value of the control register temp1 is sum1_out; when the target encryption algorithm is SM3, the value of the control register temp1 is SS2, and SS2 can be calculated by equation (3):
Figure SMS_10
in the formula (3), a represents data in the register a.
The control module 50 may control the value of the register temp2 to be updated when the state CALC is calculated and the first count signal step_cnt is 0 according to the following rule: when the target encryption algorithm is SHA-1, the register temp2 is not used; when the target encryption algorithm is SHA-256, the value of the control register temp2 is sum2_out; when the target encryption algorithm is SM3, the value of the control register temp2 is w0 w4
The control module 50 may control the value of the register temp3 to be updated when the state CALC is calculated and the first count signal step_cnt is 0 according to the following rule: when the target encryption algorithm is SHA-1 or SHA-256, the register temp3 is not used; when the target encryption algorithm is SM3, the value of the control register temp3 is kt, which represents the output value of the output terminal vout9 of the parameter operation unit 49.
The control module 50 may control the value of the register temp4 to be updated when the state CALC is calculated and the first count signal step_cnt is 0 according to the following rule: when the target encryption algorithm is SHA-1 or SHA-256, the register temp4 is not used; when the target encryption algorithm is SM3, the value of the control register temp4 is sum3_out.
According to an embodiment of the present application, the control module 50 may control the input terminals of the above-mentioned respective arithmetic units based on the function selection signal FUNC, the first count signal step_cnt, the second count signal round_cnt and the status signal STATE, specifically:
the control module 50 can control the input data of the first input terminal vin1_1 of the first function operation unit 41 to be ROTR 7 (w 0) the input data of the second input terminal vin1_2 is ROTR 18 (w 0) the input data of the third input terminal vin1_3 is SHR 3 (w 0) represents a right shift of 3 bits to the data logic in register w 0.
The control module 50 can control the input data of the first input terminal vin2_1 of the second function operation unit 42 to be ROTR 17 (w 14) the input data of the second input terminal vin2_2 is ROTR 19 (w 14) the input data of the third input terminal vin2_3 is SHR 10 (w 14) represents a right shift of 10 bits to the data logic in register w 14.
The input data and the output data of the third function operation unit 43 may be determined according to the function selection signal FUNC and the boolean signal func_boost supplied by the control module 50, and the boolean signal func_boost may be determined by the control module 50 according to the function selection signal FUNC, the correspondence of which is shown in table 8. When the function selection signal FUNC is 0, the input data of the third function operation unit 43 are the data in the register b, the register c and the register d, respectively, and the output data are the input data of the first input terminal of the first output control subunit 432; when the function selection signal FUNC is 1, the input data of the third function operation unit 43 are the data in the register e, the register f and the register g, respectively, and the output data are the input data of the first input terminal of the first output control subunit 432; when the function selection signal FUNC is 2, the input data of the third function operation unit 43 is the data in the register e, the register f and the register g, respectively, and the output data is the input data of the second input terminal of the first output control subunit 432.
TABLE 8
Figure SMS_11
The input data and the output data of the fourth function operation unit 44 may be determined according to the function selection signal FUNC and the boolean signal func_boost supplied by the control module 50. When the function selection signal FUNC is 0, the input data of the fourth function operation unit 44 is the data in the register b, the register c and the register d, and the output data is the input data of the first input terminal of the second output control subunit 442; when the function selection signal FUNC is 1, the input data of the fourth function operation unit 44 is the data in the register a, the register b and the register c, and the output data is the input data of the first input terminal of the second output control subunit 442; when the function selection signal FUNC is 2, the input data of the fourth function operation unit 44 is the data in the register a, the register b and the register c, respectively, and the output data is the input data of the second input terminal of the second output control subunit 442.
The control module 50 may control the input data of the first input terminal vin5_1, the second input terminal vin5_2, and the third input terminal vin5_3 of the exclusive-or operation unit 45 to be updated in the calculation state CALC according to the rule shown in table 9:
TABLE 9
Figure SMS_12
In the calculation state CALC, the control module 50 may control the input data of the first input terminal vin6_1 and the second input terminal vin6_2 of the first addition unit 46 to be updated according to the rule shown in table 10. In table 10, temp1 represents data in the register temp1, ch_out represents output data of the output terminal vout3 of the third function operation unit 43, and maj_out represents output data of the output terminal vout4 of the fourth function operation unit 44.
Table 10
Figure SMS_13
In the completion state FINISH, the control module 50 may control the input data of the first input terminal vin6_1 and the second input terminal vin6_2 of the first adding unit 46 to be updated according to the rule shown in table 11:
TABLE 11
Figure SMS_14
In the calculation state CALC, the control module 50 may control the input data of the first input terminal vin7_1 and the second input terminal vin7_2 of the second addition unit 47 to be updated according to the rule shown in table 12, and temp2 represents the data in the register temp2 in table 12.
Table 12
Figure SMS_15
In the completion state FINISH, the control module 50 may control the input data of the first input terminal vin7_1 and the second input terminal vin7_2 of the second adding unit 47 to be updated according to the rule shown in table 13:
TABLE 13
Figure SMS_16
The control module 50 may control the input data of the first input terminal vin8_1, the second input terminal vin8_2, the third input terminal vin8_3, and the fourth input terminal vin8_4 of the third addition unit 48 to be updated in the calculation state CALC according to the rule shown in table 14, wherein, in table 14, delta0_out represents the output value of the output terminal vout1 of the first function operation unit 41, and delta1_out represents the output value of the output terminal vout2 of the second function operation unit 42.
TABLE 14
Figure SMS_17
The control module 50 may control the output value of the parameter operation unit 49 according to the first count signal step_cnt and the second count signal round_cnt. Specifically, when the target encryption algorithm is SHA-1 or SHA-256, the output value of the parameter operation unit 49 may be controlled to be a constant corresponding to the target encryption algorithm; when the target encryption algorithm is SM3, if the second count signal round_cnt=0, the output value of the control parameter operation unit 49 is 0x79cc4519, if the second count signal round_cnt=16, the output value of the control parameter operation unit 49 is 0x9d8a7a87, otherwise, when the first count signal step_cnt is 0, the output value of the control parameter operation unit 49 is ROTR 31 (kt)。
According to an embodiment of the present application, by writing the above control logic to the control module 50, the control module 50 can control the encryption circuit to implement the functions of the encryption algorithms SHA-1, SHA-256 and SM3, respectively.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. Those skilled in the art will appreciate that the features recited in the various embodiments and/or claims of the present application may be combined and/or combined in various combinations, even if such combinations or combinations are not explicitly recited in the present application. In particular, the features recited in the various embodiments and/or the claims of the present application may be combined and/or combined in various ways without departing from the spirit and teachings of the present application. All such combinations and/or combinations fall within the scope of the present application.
The embodiments of the present application are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present application. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the application is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the present application, and such alternatives and modifications are intended to fall within the scope of the present application.

Claims (11)

1. An encryption circuit comprising:
a register module including a plurality of registers;
a counter module configured to generate a first count signal and a second count signal based on the clock signal;
a state machine module configured to connect the counter module, the state machine module configured to generate a state signal based on a function select signal, the first count signal, and the second count signal, wherein a value of the function select signal is representative of a selected target encryption algorithm;
an arithmetic module comprising a plurality of arithmetic units configured to process input data of the arithmetic units using arithmetic logic determined based on the arithmetic units, resulting in output data of the arithmetic units; and
And the control module is configured to control the input data of the input ends of the plurality of operation units and the data in the plurality of registers based on the function selection signal, the first count signal, the second count signal and the state signal under the condition that the starting signal is received, so as to control the plurality of operation units to encrypt plaintext data by utilizing the target encryption algorithm to obtain ciphertext data.
2. The encryption circuit according to claim 1, wherein the plurality of operation units includes a first function operation unit, a second function operation unit, a third function operation unit, a fourth function operation unit, an exclusive-or operation unit, a first addition operation unit, a second addition operation unit, a third addition operation unit, and a parameter operation unit;
the input end of the first function operation unit is configured to be connected with the register module, and the output end of the first function operation unit is configured to be connected with the control module;
the input end of the second function operation unit is configured to be connected with the register module, and the output end of the second function operation unit is configured to be connected with the control module;
The input end of the third function operation unit is configured to be connected with the register module, and the output end of the third function operation unit is configured to be connected with the control module;
the input end of the fourth function operation unit is configured to be connected with the register module, and the output end of the fourth function operation unit is configured to be connected with the control module;
the first input end, the second input end and the third input end of the exclusive-or operation unit are respectively configured to be connected with the control module, and the output end of the exclusive-or operation unit is configured to be connected with the control module;
the first input end and the second input end of the first addition operation unit are respectively configured to be connected with the control module, and the output end of the first addition operation unit is configured to be connected with the control module;
the first input end and the second input end of the second addition operation unit are respectively configured to be connected with the control module, and the output end of the second addition operation unit is configured to be connected with the control module;
the first input end, the second input end, the third input end and the fourth input end of the third addition operation unit are respectively configured to be connected with the control module, and the output end of the third addition operation unit is configured to be connected with the control module; and
The first input end of the parameter operation unit is configured to be connected with the register module, the second input end of the parameter operation unit is configured to be connected with the counter module, and the output end of the parameter operation unit is configured to be connected with the register module and the control module respectively.
3. The encryption circuit of claim 2, wherein the first function operation unit includes a first exclusive-or gate and a second exclusive-or gate, and the input terminal of the first function operation unit includes a first input terminal, a second input terminal, and a third input terminal;
the first input end and the second input end of the first exclusive-OR gate are respectively configured to be connected with the first input end and the second input end of the first function operation unit, the output end of the first exclusive-OR gate is configured to be connected with the first input end of the second exclusive-OR gate, the second input end of the second exclusive-OR gate is configured to be connected with the third input end of the first function operation unit, and the output end of the second exclusive-OR gate is configured to be connected with the output end of the first function operation unit.
4. The encryption circuit of claim 2, wherein the second function operation unit includes a third exclusive-or gate and a fourth exclusive-or gate, and the input terminal of the second function operation unit includes a first input terminal, a second input terminal, and a third input terminal;
The first input end and the second input end of the third exclusive-OR gate are respectively configured to be connected with the first input end and the second input end of the second function operation unit, the output end of the third exclusive-OR gate is configured to be connected with the first input end of the fourth exclusive-OR gate, the second input end of the fourth exclusive-OR gate is configured to be connected with the third input end of the second function operation unit, and the output end of the fourth exclusive-OR gate is configured to be connected with the output end of the second function operation unit.
5. The encryption circuit of claim 2, wherein the third function operation unit includes a first input control subunit, a first and gate, a second and gate, a not gate, a fifth exclusive-or gate, a first or gate, and a first output control subunit;
the input end of the first input control subunit is configured to be connected with the input end of the third function operation unit, the first output end of the first input control subunit is configured to be connected with the first input end of the first and gate, the second output end of the first input control subunit is configured to be connected with the second input end of the first and gate, and is connected with the first input end of the second and gate through the NOT gate, the third output end of the first input control subunit is configured to be connected with the second input end of the second and gate, the output end of the first and gate is configured to be connected with the first input end of the fifth exclusive-OR gate and the first input end of the first or gate, the output end of the second and gate is configured to be connected with the second input end of the fifth exclusive-OR gate and the second input end of the first or gate, the output end of the fifth exclusive-OR gate and the output end of the first or gate are configured to be connected with the first input end of the first output control subunit and the first input end of the first output unit, and the output end of the first output unit is configured to be connected with the output of the third function operation unit.
6. The encryption circuit of claim 2, wherein the fourth function operation unit includes a second input control subunit, a third and gate, a fourth and gate, a fifth and gate, a sixth exclusive or gate, a seventh exclusive or gate, a second or gate, a third or gate, and a second output control subunit;
the input end of the second input control subunit is configured to be connected with the input end of the fourth function operation unit, the first output end of the second input control subunit is configured to be connected with the first input end of the third and gate and the first input end of the fourth and gate, the second output end of the second input control subunit is configured to be connected with the second input end of the third and gate and the first input end of the fifth and gate, the third output end of the second input control subunit is configured to be connected with the second input end of the fourth and gate and the second input end of the fifth and gate, the output end of the third and gate is configured to be connected with the first input end of the sixth and gate, the output end of the fourth and gate is configured to be connected with the second input end of the sixth and gate, the output end of the fifth and gate is configured to be connected with the first input end of the sixth and the first input end of the third and gate, the output end of the seventh and gate is configured to be connected with the second input end of the seventh and gate.
7. The encryption circuit according to claim 2, wherein the exclusive-or operation unit includes an eighth exclusive-or gate and a ninth exclusive-or gate;
the first input end and the second input end of the eighth exclusive-or gate are respectively configured to be connected with the first input end and the second input end of the exclusive-or operation unit, the output end of the eighth exclusive-or gate is configured to be connected with the first input end of the ninth exclusive-or gate, the second input end of the ninth exclusive-or gate is configured to be connected with the third input end of the exclusive-or operation unit, and the output end of the ninth exclusive-or gate is configured to be connected with the output end of the exclusive-or operation unit.
8. The encryption circuit according to claim 2, wherein the addition unit is configured to perform an addition operation on input data of an input terminal of the addition unit to obtain output data of an output terminal of the addition unit, wherein the addition unit includes the first addition unit, the second addition unit, or the third addition unit.
9. The encryption circuit according to claim 2, wherein the parameter operation unit is configured to output preset data corresponding to the target encryption algorithm at an output terminal of the parameter operation unit based on the first count signal and the second count signal.
10. The encryption circuit of claim 1, wherein the counter module comprises a step counter and a wheel counter;
wherein the step counter is configured to connect the wheel counter, the state machine module, and the control module, the step counter being configured to generate the first count signal based on the clock signal; and
the round counter is configured to connect the operation module, the state machine module, and the control module, the round counter being configured to generate the second count signal based on the clock signal and the first count signal.
11. The encryption circuit of claim 1, wherein the status signal is represented as one of an idle state, a computing state, and a completed state;
wherein the state machine module is configured to output the state signal representing the calculation state in a case where the start signal is received, to output the state signal representing the completion state in a case where the first count signal and the second count signal satisfy a first preset condition corresponding to the target encryption algorithm, and to output the state signal representing the idle state in a case where the second count signal satisfies a second preset condition corresponding to the target encryption algorithm.
CN202310039692.XA 2023-01-13 2023-01-13 Encryption circuit Active CN116090029B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310039692.XA CN116090029B (en) 2023-01-13 2023-01-13 Encryption circuit

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310039692.XA CN116090029B (en) 2023-01-13 2023-01-13 Encryption circuit

Publications (2)

Publication Number Publication Date
CN116090029A CN116090029A (en) 2023-05-09
CN116090029B true CN116090029B (en) 2023-06-06

Family

ID=86186496

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310039692.XA Active CN116090029B (en) 2023-01-13 2023-01-13 Encryption circuit

Country Status (1)

Country Link
CN (1) CN116090029B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS6415788A (en) * 1987-07-10 1989-01-19 Oki Electric Ind Co Ltd Enciphering circuit
US5495451A (en) * 1994-05-17 1996-02-27 Goldstar Electron Co., Ltd. Apparatus for detecting data input/output states of a plurality of first-in first-out memories
JP2004029347A (en) * 2002-06-25 2004-01-29 Matsushita Electric Ind Co Ltd Data enciphering/deciphering circuit
CN113922949A (en) * 2021-10-14 2022-01-11 合肥工业大学 Password coprocessor based on CLEFIA-SHA3
CN215833909U (en) * 2021-09-10 2022-02-15 珠海极海半导体有限公司 Secure operation circuit and microprocessor chip
CN114780481A (en) * 2022-04-29 2022-07-22 中国科学技术大学 Reconfigurable processing unit for deep learning

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS6415788A (en) * 1987-07-10 1989-01-19 Oki Electric Ind Co Ltd Enciphering circuit
US5495451A (en) * 1994-05-17 1996-02-27 Goldstar Electron Co., Ltd. Apparatus for detecting data input/output states of a plurality of first-in first-out memories
JP2004029347A (en) * 2002-06-25 2004-01-29 Matsushita Electric Ind Co Ltd Data enciphering/deciphering circuit
CN215833909U (en) * 2021-09-10 2022-02-15 珠海极海半导体有限公司 Secure operation circuit and microprocessor chip
CN113922949A (en) * 2021-10-14 2022-01-11 合肥工业大学 Password coprocessor based on CLEFIA-SHA3
CN114780481A (en) * 2022-04-29 2022-07-22 中国科学技术大学 Reconfigurable processing unit for deep learning

Also Published As

Publication number Publication date
CN116090029A (en) 2023-05-09

Similar Documents

Publication Publication Date Title
US7822196B2 (en) Block cipher apparatus using auxiliary transformation
Guillen et al. Towards post-quantum security for IoT endpoints with NTRU
Karthigaikumar et al. Simulation of image encryption using AES algorithm
US20060002548A1 (en) Method and system for implementing substitution boxes (S-boxes) for advanced encryption standard (AES)
Nogami et al. Mixed bases for efficient inversion in F ((2 2) 2) 2 and conversion matrices of subbytes of AES
EP2835932B1 (en) Encryption device, decryption device, encryption method, decryption method, and program
US7434898B2 (en) Computer system, computer program, and addition method
US9083507B2 (en) Data processing device, data processing method, and program
CN111464308A (en) Method and system for realizing reconstruction of multiple Hash algorithms
EP1557740A2 (en) Methods, circuits and computer program products for processing masked data in an advanced encryption system
US7657757B2 (en) Semiconductor device and method utilizing variable mode control with block ciphers
US8085931B2 (en) Computation method, computing device and computer program
US10891110B2 (en) AES/CRC engine based on resource shared galois field computation
US11695542B2 (en) Technology for generating a keystream while combatting side-channel attacks
JP5273141B2 (en) Block cipher with adjustment value, cipher generation method and recording medium
Wong et al. Circuit and system design for optimal lightweight AES encryption on FPGA
CN116090029B (en) Encryption circuit
US20030002666A1 (en) Method and apparatus for creating a message digest using a parallel, one-way hash algorithm
CN109687972B (en) Circuit supporting multiple Hash algorithms
CN116318660B (en) Message expansion and compression method and related device
US20040091105A1 (en) Apparatus for hyperelliptic-curve cryptography processing
Tillich et al. Boosting AES performance on a tiny processor core
CN115270155A (en) Method for obtaining maximum common divisor of big number expansion and hardware architecture
JP2010107947A (en) Sha-based message schedule operation method, message compression operation method and cryptographic device performing the same
US7627115B2 (en) Method and system for implementing the GEA3 encryption algorithm for GPRS compliant handsets

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant