CN116488814A

CN116488814A - FPGA-based data encryption secure computing method

Info

Publication number: CN116488814A
Application number: CN202310350117.1A
Authority: CN
Inventors: 司小平; 贺素霞; 马苗苗; 庄文高; 席阳阳; 刘旭
Original assignee: Huanghe Science and Technology College
Current assignee: Huanghe Science and Technology College
Priority date: 2023-03-31
Filing date: 2023-03-31
Publication date: 2023-07-25

Abstract

The invention discloses a safe calculation method for data encryption based on an FPGA, which comprises the following steps: s1, establishing a data transmission channel between a user host and an FPGA encryption calculation unit; s2, dividing data encryption levels according to data types and importance of the data types and constructing an index catalog; s3, compressing and encrypting the data with different encryption grades by using the parallel encryption computing channel; s4, storing the encrypted data of each encryption level in a grading manner through the corresponding directory address; s5, recording and feeding back key information of the encrypted data of each level in the off-network environment. According to the invention, by constructing the multi-parallel encryption computing channel based on the FPGA, independent parallel data processing and encryption computing of data with different encryption grades can be realized, and different encryption strategies and control rules are formulated according to the characteristics and the sensitivity degree of different data types, so that more accurate safety control is realized, and the data computing efficiency is effectively improved.

Description

FPGA-based data encryption secure computing method

Technical Field

The invention relates to the technical field of data security encryption, in particular to a security calculation method for data encryption based on an FPGA.

Background

The secure computation of data encryption is caused by information security requirements. With the continued development of computer technology, data exchange and transmission have become an integral part of people's work and lives. However, during the process of data exchange and transmission, data is easily stolen, modified, destroyed, etc. by hackers and other attackers, and thus encryption of data has become a necessary means for protecting information security.

As the amount of data increases, the computational efficiency of conventional software encryption algorithms becomes lower and lower, and thus, secure computing applications based on FPGA data encryption are increasingly being widely focused and studied. The FPGA has the characteristics of parallel processing capability and high performance, and can realize quick encryption and decryption through hardware design and programming, so that the data encryption application based on the FPGA can improve the calculation efficiency and the safety performance.

With the development of FPGA technology, more and more application scenarios begin to adopt data encryption technology based on FPGA. For example, the fields of cloud computing, internet of things, big data processing and the like all need to protect the safety of data, so that the data encryption technology based on the FPGA is widely applied. In these applications, FPGA-based data encryption techniques can quickly encrypt and decrypt data, improving data processing efficiency and security.

However, FPGA-based data encryption techniques also have some drawbacks and problems to be solved. For example, since the design and programming difficulty of FPGA chips is high, expertise and experience are required, and thus the cost of developing data encryption technology based on FPGA is high. In addition, the data encryption technology based on the FPGA also needs to consider the problems of security of an encryption algorithm, complexity of hardware design and the like.

For a large-scale data encryption scene, the storage capacity and the computing capacity of the FPGA are still limited, and the processing capacity and the capacity of hardware are required to be further improved so as to meet the requirement of large-scale data encryption processing. The large-scale data also has different security levels, and multiple encryption algorithms or multiple data processing modes are required to be supported for different security levels and different types of data, so that a more flexible and efficient implementation mode needs to be found based on FPGA hardware.

For the problems in the related art, no effective solution has been proposed at present.

Disclosure of Invention

Aiming at the problems in the related art, the invention provides a safe calculation method for data encryption based on an FPGA, which aims to overcome the technical problems existing in the prior related art.

For this purpose, the invention adopts the following specific technical scheme:

a secure computing method for data encryption based on an FPGA, the method comprising the steps of:

s1, establishing a data transmission channel between a user host and an FPGA encryption calculation unit;

s2, dividing data encryption levels according to data types and importance of the data types and constructing an index catalog;

s3, compressing and encrypting the data with different encryption grades by using the parallel encryption computing channel;

s4, storing the encrypted data of each encryption level in a grading manner through the corresponding directory address;

s5, recording and feeding back key information of the encrypted data of each level in the off-network environment.

Further, dividing the data encryption level and constructing the index directory according to the data type and the importance thereof comprises the following steps:

s21, dividing the data of different data types into three encryption levels according to importance;

s22, distributing a data identifier to each piece of data to be encrypted received by the data transmission channel;

s23, establishing a directory structure according to encryption levels and data types corresponding to different data to be encrypted;

s24, recording the data identifier of each data to be encrypted and the position of each data identifier in the directory structure by using an index table, and constructing an index directory for recording the data types and the positions.

Further, the encryption level comprises common level data, important level data and secret level data;

the data identifier comprises an encryption grade and a data type corresponding to the data;

the common data comprises system service data, system public data and system conventional data;

the important data comprises user behavior data, user application data and sensitive operation logs;

the confidential data includes personal identity information, financial information, and confidential information.

Further, the compressing and encrypting the data with different encryption levels by using the parallel encryption computing channel comprises the following steps:

s31, constructing three parallel encryption computing channels with corresponding levels according to the three encryption levels;

s32, compressing the data to be encrypted by using a fusion lossless compression algorithm to obtain compressed data;

s33, transferring the compressed data to a corresponding encryption calculation channel according to the data identifier;

s34, carrying out encryption calculation on the common level data by using a common encryption calculation channel;

s35, carrying out encryption calculation on important data by using an important encryption calculation channel;

s36, carrying out encryption calculation on the secret data by utilizing the secret encryption calculation channel.

Further, the compressing the data to be encrypted by using the fusion lossless compression algorithm to obtain the compressed file comprises the following steps:

s321, preprocessing data to be encrypted by using run-length coding to reduce data redundancy;

s322, adding suffix characteristics for the string table compression algorithm to improve so as to obtain a fusion lossless compression algorithm;

s323, sequentially carrying out compression coding on character strings in the data to be encrypted by utilizing a fusion lossless compression algorithm;

s324, when the single characters are compressed by the fusion lossless compression algorithm, the encoded output is an input character, statistics is carried out on the output single characters after compression encoding is finished, huffman encoding is carried out, and complete compressed data is obtained by combining character string compression encoding.

Further, adding suffix characteristics to the string table compression algorithm for improvement to obtain a fusion lossless compression algorithm comprises the following steps:

s3221, initializing a dictionary, wherein all possible single character strings are contained in the dictionary;

s3222, assigning a unique identification number to any one character string in the string table, wherein the character string x=yz=yz, where Y is a prefix string of the character string X, and Z is a suffix string of the character string X;

s3223, reading a first character in data to be encrypted, and taking the first character as a prefix string K;

s3224, reading the next character in the data to be encrypted as an extended character x, judging whether Kx is in a current dictionary, if so, K=Kx, and if not, outputting a dictionary index of K as an output codeword, and storing Kx into the dictionary;

s3225, judging whether the suffix string Z of Kx is in the current dictionary, if so, not performing any processing, and if not, storing the suffix string Z into the dictionary.

Further, the encryption calculation of the secret data by using the secret encryption calculation channel comprises the following steps:

s361, respectively introducing an RSA algorithm and a DES algorithm into the confidential encryption channel;

s362, utilizing a prime number optimizing algorithm to improve an RSA algorithm to improve the operation efficiency;

s363, optimizing the key management of the DES algorithm by the improved RSA algorithm;

s364, encrypting the data to be encrypted by using a DES algorithm to obtain an encrypted file;

s365, encrypting the decryption subkey by utilizing an RSA algorithm to obtain an encryption key;

s366, the encrypted file and the encryption key are packaged and input to the corresponding directory address.

Further, the improvement of the RSA algorithm by using the prime number optimizing algorithm to improve the operation efficiency comprises the following steps:

s3621, searching large prime numbers in an RSA algorithm by utilizing a random increment searching method;

s3622, preprocessing the prime character of the large prime number obtained by searching, and removing the pseudo prime number;

s3623, carrying out prime repetition detection on the pseudo prime numbers, and determining a final safety large prime factor.

Further, preprocessing the primality of the large prime number obtained by searching, and removing part of the pseudo prime numbers comprises the following steps:

s36221, setting a random binary number a with high and low bits of 1, and filtering even numbers in pseudo prime numbers by using the binary number a;

s36222, dividing a by a small prime number in 100, if a small prime number can be divided by a, executing step S36224, otherwise executing step S36223;

s36223, detecting the prime of the pseudo prime number for 5 times by using a Miller-Rabin algorithm, if the detection passes, indicating that a is the pseudo prime number to finish preprocessing, otherwise, executing the step S36224;

s36224, a=a+2, step S36222 is performed.

Further, optimizing the key management of the DES algorithm by the improved RSA algorithm includes the following steps:

s3631, a key coding formula for defining a DES algorithm is built by fusing an RSA algorithm, wherein the formula is as follows:

F _DES ＝R′ ^-1 ×T ₁₆ ×T ₁₅ ×…×T ₁ ×R′

F _DES f-functions representing DES algorithms; r' represents an initial transformation; r's' ^-1 An inverse transform representing the initial transform; t represents the coding operation round;

s3632, iterating the DES algorithm;

s3633, re-ordering the original secret key into two parts, obtaining two parts of the sub-secret key by cyclic shift, and finally synthesizing and re-ordering to form the decryption sub-secret key.

The beneficial effects of the invention are as follows:

1. by constructing a multi-parallel encryption computing channel based on the FPGA, independent parallel data processing and encryption computing of data with different encryption grades can be realized, namely, security control can be more accurately carried out on the data with different types by carrying out encryption grade grading according to the data types, and different encryption strategies and control rules are formulated according to the characteristics and the sensitivity degree of the different data types, so that more accurate security control is realized, and the data computing efficiency is effectively improved; meanwhile, different encryption measures are adopted for the data with different levels, so that the safety of the data can be effectively improved, the differential safety protection of the data with different types is realized, namely, for the data with higher sensitivity, more strict mixed encryption measures are adopted, and the safety of the data is improved.

2. By grading the encryption grade according to the data type, different encryption measures can be adopted for different types of data, so that the usability of the data is ensured, and for common grade data with huge scale and large access quantity, a low-strength encryption algorithm is adopted, so that the usability and the access speed of the data are improved; and the encryption grade grading is carried out according to the data type, so that the data management can be simplified, and the security and the usability of the data are better ensured.

3. By carrying out lossless compression on the data before encryption, redundant information can be removed, the data is compressed into a smaller space, time and space expenditure required by encryption are reduced, the data volume after compression is smaller, encryption calculation can be faster, and encryption efficiency is improved; meanwhile, the transmission bandwidth occupied by the compressed data is smaller, so that the data transmission cost can be reduced, and the transmission time is shortened; in addition, the encrypted data is more difficult to be cracked by an attacker than before compression, the compressed data is more difficult to be obtained by the attacker to obtain useful information, more data can be stored under the condition of limited storage capacity, and the expandability of the system is improved.

4. On the basis of improving an RSA algorithm, the method is combined with a DES algorithm, has stronger encryption performance, realizes searching of large prime numbers by using a random increment searching method, performs prime number detection by using a Miller-Rabin algorithm after preprocessing the obtained pseudo prime numbers by using means of even elimination method, small prime number integer division and the like, thereby reducing the prime detection time, effectively improving the efficiency of the RSA encryption algorithm, namely realizing the combination of software and related hardware systems, and laying a firmer foundation for guaranteeing the data security.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1 is a flow chart of a secure computing method for FPGA-based data encryption in accordance with an embodiment of the present invention.

Detailed Description

According to an embodiment of the invention, a secure computing method for data encryption based on an FPGA is provided.

The invention will be further described with reference to the accompanying drawings and detailed description, as shown in fig. 1, a secure computation method based on data encryption of FPGA according to an embodiment of the invention, the method includes the following steps:

s1, establishing a data transmission channel between a user host and an FPGA encryption calculation unit.

The transmission protocol of the data transmission channel of the invention comprises: PCIe interface, AXI interface, and TCP/IP protocol, each of which features are as follows:

PCIe interface: PCIe is one of the mainstream computer buses at present, which has the characteristics of fast speed, large bandwidth, supporting hot plug and multi-core parallelism, etc., and can be used for high-speed data transmission between a user host and an FPGA encryption computation unit.

AXI interface: AXI is a bus-based interface protocol, is commonly used for data transmission between FPGA and other hardware, has characteristics of high performance, flexibility, expandability, etc., and can be used for data transmission between user host and FPGA encryption computation unit.

TCP/IP protocol: TCP/IP is a commonly used network protocol, can realize data transmission between different computers, and can be used for data transmission between a user host and an FPGA encryption calculation unit.

S2, dividing data encryption levels according to data types and importance thereof and constructing an index catalog, wherein the method comprises the following steps of:

s21, dividing the data of different data types into three encryption levels according to importance.

The encryption level comprises common level data, important level data and secret level data.

The common data includes system service data, system public data and system regular data.

The general-level data may be referred to as public data, including public information of a computer system or user, an enterprise, personal public information, and the like. Such data does not require encryption protection, but basic access control and auditing measures are required to ensure data integrity and availability. Such data may be listed in an index directory, but need not be encrypted.

The importance data includes user behavior data, user application data, and sensitive operation logs.

The importance data is protected by using a basic encryption algorithm and a key management system, and basic access control and audit measures are adopted. In the index directory, the data types and the importance are classified, and corresponding encryption strategies and key management schemes are set so as to better manage and maintain the security of the data.

The secret data needs to be protected by using the highest-level encryption algorithm and key management system, and the most strict access control and audit measures are adopted. In the index directory, such data is listed separately, and independent encryption policies and key management schemes are set to ensure security and traceability thereof.

S22, distributing a data identifier to each piece of data to be encrypted received by the data transmission channel.

A data identifier refers to a symbol, number, or string that uniquely identifies a particular data in a set of data, typically used to identify information such as the type, attribute, source, version, etc. of the data. In data encryption, the data identifier may also be used to specify information such as encryption level, key, encryption algorithm, etc. of the data for targeted encryption processing and decryption operations. The design and management of data identifiers is important to the security and efficiency of data encryption.

In the invention, the data identifier comprises an encryption level and a data type corresponding to the data.

S23, establishing a directory structure according to encryption levels and data types corresponding to different data to be encrypted.

Classifying all data according to the type of the data, such as text, images, video and the like; for each class of data, it is classified into different encryption levels according to its importance and confidentiality.

And establishing a corresponding directory structure to take the encryption level and the data type as directory names.

Under each directory, data files of corresponding encryption levels and data types are stored, and unique data identifiers are allocated to each file so as to facilitate indexing and management.

After the directory structure is established, the encrypted data can be precisely positioned and accessed through the data identifier, and meanwhile, flexible management and control can be carried out according to the encryption level and the data type.

S3, compressing and encrypting the data with different encryption grades by using the parallel encryption computing channel, wherein the method comprises the following steps:

s31, constructing three parallel encryption computing channels with corresponding levels according to the three encryption levels.

Parallel encryption computation channels a channel that can perform encryption computation on multiple data simultaneously, typically consists of multiple encryption computation units. The encryption mode can improve encryption efficiency, save time and resources and can meet the requirement of large-scale data encryption calculation.

S32, compressing the data to be encrypted by using a fusion lossless compression algorithm to obtain compressed data, wherein the method comprises the following steps of:

s321, preprocessing the data to be encrypted by using run-length coding to reduce data redundancy.

Run-length encoding (RLE) is a data compression algorithm that is commonly used to losslessly compress data such as images and audio. The basic idea is to replace the consecutively repeated data values or symbols with a count value and the data values or symbols themselves, thereby achieving the effect of compression. In RLE, repeated data values or symbols are referred to as "run", and a run is made up of run symbols, which represent data values or symbols that are repeated consecutively in the run, and run lengths, which represent the number of times that the data values or symbols are repeated consecutively in the original data. For example, a segment of text string "AAAAABBBCCCC" may be denoted as "5A3B4C". The RLE algorithm may be implemented by traversing the data stream to be compressed, counting the number of occurrences of adjacent repeated data or symbols, and storing the run symbols and run lengths into a compressed data stream. When decompressing, only the compressed data stream is traversed, and the original data is restored according to the run symbol and the run length.

S322, adding suffix characteristics for the string table compression algorithm to improve so as to obtain a fusion lossless compression algorithm, comprising the following steps:

s3221, initializing a dictionary, wherein all possible single character strings are contained in the dictionary.

S3222, a unique identification number is assigned to any one character string in the string table, and the character string x=yz=yz, where Y is a prefix string of the character string X, and Z is a suffix string of the character string X.

S3223, reading a first character in data to be encrypted as a prefix string K.

S3224, reading the next character in the data to be encrypted as an extended character x, judging whether Kx is in the current dictionary, if so, K=Kx, and if not, outputting the dictionary index of K as an output codeword, and storing Kx into the dictionary.

S323, sequentially performing compression coding on character strings in the data to be encrypted by using a fusion lossless compression algorithm.

The above procedure completes the compression of the whole data, and the combined compression of this method considers the advantages of 3 algorithms to achieve a larger compression ratio. If the continuous repeated characters are too many, the run-length coding compression plays an important role, and if the continuous repeated characters are not too many, the improved algorithm of the invention can compensate the deficiency, achieve the effect of higher compression rate and improve the instantaneity.

S33, transferring the compressed data to a corresponding encryption calculation channel according to the data identifier.

S34, performing encryption calculation on the common level data by using a common encryption calculation channel, wherein the method comprises the following steps of:

s341, controlling the access of the common level data, and only allowing the authorized user to access.

S342, performing authority management on users accessing data, and only allowing users with corresponding authorities to access.

S343, auditing the operation of the common level data, and recording the access condition and the operation condition of the data so as to facilitate the subsequent audit.

S344, safety training is carried out on the data access user, so that the safety awareness and the precaution capability of the user are enhanced, and the risk of data access is reduced.

S345, performing security exercise on the data access user, checking the security and emergency response capability of the data access, and improving the availability and security of the data.

S35, carrying out encryption calculation on the important data by using an important encryption calculation channel.

And encrypting the important data by adopting a common-level DES algorithm.

S36, carrying out encryption calculation on the confidential data by utilizing a confidential encryption calculation channel, wherein the method comprises the following steps of:

s361, respectively introducing an RSA algorithm and a DES algorithm into the confidential encryption channel.

Among them, the RSA encryption algorithm is a public key encryption algorithm. The security of the RSA algorithm is based on the difficulty of prime factorization.

The following is the basic flow of the RSA encryption algorithm:

1. two different large primes p and q are chosen, and their product n=p×q is calculated.

2. The euler function phi (n) = (p-1) (q-1) is calculated.

3. An integer e is selected such that 1<e < phi (n) and e is prime to phi (n).

4. D is calculated to satisfy d.times.e.ident.1 (mod. Phi. (n)), i.e., d is the multiplicative inverse of e at modulo. Phi. (n).

5. The public key is (n, e), and the private key is (n, d).

6. When encrypting plaintext m, c≡m≡e (mod n) is calculated.

7. When decrypting ciphertext c, m≡c≡d (mod n) is calculated.

Wherein steps 1 to 4 are key generation processes, step 6 is encryption process, and step 7 is decryption process.

The RSA encryption algorithm has the following characteristics:

public key encryption, private key decryption, security relies on the difficulty of large integer prime factorization.

The data may be encrypted and digitally signed.

The method is suitable for encrypting a small amount of data, and the encrypting speed for a large amount of data is slower.

The method has better provable safety, and the safety of the algorithm can be proved through a mathematical method.

The DES encryption algorithm is a symmetric key encryption algorithm, which is all called a data encryption standard (Data Encryption Standard). The algorithm adopts a block cipher mode to divide a plaintext into 64-bit groups, and a 56-bit key is used for encryption through a series of operations such as replacement, shift and the like to obtain a 64-bit ciphertext.

The DES encryption algorithm mainly comprises the following parts:

1. initial substitution (IP substitution): and replacing the 64-bit plaintext according to a fixed rule to obtain replaced 64-bit data.

2. Generating a subkey: the 64-bit key is converted into 56 bits according to a certain rule, and a 48-bit subkey is generated through 16 rounds of iteration.

F function: the function performs operations such as expansion, replacement, merging and the like on 32-bit data to obtain a 32-bit result.

4. Round function: the 32-bit data and 48-bit subkey of the previous round are input into the F function, and a 32-bit result is obtained and is used as the input of the next round.

5. Last substitution (IP-1 substitution): and performing final replacement on the encrypted 64-bit ciphertext to obtain an encryption result.

The security of the DES encryption algorithm is limited, and the key length is short (only 56 bits), so that the DES encryption algorithm is vulnerable to attack means such as brute force cracking. Therefore, in practical application, a more secure encryption manner such as 3DES (Triple DES) algorithm is generally adopted to protect the security of data.

S362, utilizing prime number optimizing algorithm to improve RSA algorithm to increase operation efficiency, comprising the following steps:

s3621, searching large prime numbers in the RSA algorithm by utilizing a random increment searching method.

S3622, preprocessing the searched prime factors, removing the pseudo prime factors, and comprising the following steps:

s36221, setting a random binary number a with high and low bits of 1, and filtering even numbers in the pseudo prime numbers by using the binary number a.

S36222, divide a by small prime number in 100, if a small prime number can be divided by a, then step S36224 is performed, otherwise step S36223 is performed.

S36223, detecting the prime of the pseudo prime number for 5 times by using a Miller-Rabin algorithm, if the detection passes, indicating that a is the pseudo prime number to finish preprocessing, otherwise, executing the step S36224.

S36224, a=a+2, step S36222 is performed.

S363, optimizing the key management of the DES algorithm by the improved RSA algorithm, comprising the following steps:

F _DES ＝R′ ^-1 ×T ₁₆ ×T ₁₅ ×…×T ₁ ×R′

F _DES f function representing DES algorithm, R 'represents initial transformation, R' ^-1 Representing the inverse of the initial transform, T represents the encoding operation pass.

S3632, iterating the DES algorithm.

S364, encrypting the data to be encrypted by using a DES algorithm to obtain an encrypted file.

S365, encrypting the decryption subkey by utilizing an RSA algorithm to obtain an encryption key.

S4, storing the encrypted data of each encryption level in a grading manner through the corresponding directory address.

In summary, by means of the technical scheme of the invention, 1, independent parallel data processing and encryption calculation of data with different encryption grades can be realized by constructing a multi-parallel encryption calculation channel based on an FPGA, namely, safety control can be more accurately carried out on the data with different types by carrying out encryption grade grading according to the data types, different encryption strategies and control rules are formulated according to the characteristics and the sensitivity of the different data types, so that more accurate safety control is realized, and the data calculation efficiency is effectively improved; meanwhile, different encryption measures are adopted for the data with different levels, so that the safety of the data can be effectively improved, the differential safety protection of the data with different types is realized, namely, for the data with higher sensitivity, more strict mixed encryption measures are adopted, and the safety of the data is improved. By grading the encryption grade according to the data type, different encryption measures can be adopted for different types of data, so that the usability of the data is ensured, and for common grade data with huge scale and large access quantity, a low-strength encryption algorithm is adopted, so that the usability and the access speed of the data are improved; and the encryption grade grading is carried out according to the data type, so that the data management can be simplified, and the security and the usability of the data are better ensured.

By carrying out lossless compression on the data before encryption, redundant information can be removed, the data is compressed into a smaller space, time and space expenditure required by encryption are reduced, the data volume after compression is smaller, encryption calculation can be faster, and encryption efficiency is improved; meanwhile, the transmission bandwidth occupied by the compressed data is smaller, so that the data transmission cost can be reduced, and the transmission time is shortened; in addition, the encrypted data is more difficult to be cracked by an attacker than before compression, the compressed data is more difficult to be obtained by the attacker to obtain useful information, more data can be stored under the condition of limited storage capacity, and the expandability of the system is improved. On the basis of improving an RSA algorithm, the method is combined with a DES algorithm, has stronger encryption performance, realizes searching of large prime numbers by using a random increment searching method, performs prime number detection by using a Miller-Rabin algorithm after preprocessing the obtained pseudo prime numbers by using means of even elimination method, small prime number integer division and the like, thereby reducing the prime detection time, effectively improving the efficiency of the RSA encryption algorithm, namely realizing the combination of software and related hardware systems, and laying a firmer foundation for guaranteeing the data security.

The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, alternatives, and improvements that fall within the spirit and scope of the invention.

Claims

1. The safe calculation method for data encryption based on the FPGA is characterized by comprising the following steps:

2. The method for securely computing the encryption of data based on the FPGA of claim 1, wherein said dividing the encryption level of the data according to the type of the data and the importance thereof and constructing the index directory comprises the steps of:

s24, recording the data identifier of each piece of data to be encrypted and the position of the data identifier in the directory structure by using an index table, and constructing an index directory for recording the data types and the positions.

3. The method for securely computing the FPGA-based data encryption of claim 2, wherein the encryption level comprises normal level data, importance level data, and secret level data;

the secret data includes personal identity information, financial information, and secret information.

4. A method of secure computation of FPGA-based data encryption as claimed in claim 3, wherein said compressing and encrypting data of different encryption classes using parallel encryption computation channels comprises the steps of:

s35, carrying out encryption calculation on the important level data by using an important encryption calculation channel;

s36, carrying out encryption calculation on the secret data by utilizing a secret encryption calculation channel.

5. The method for securely computing the encryption of data based on the FPGA of claim 4, wherein the compressing the data to be encrypted by the fusion lossless compression algorithm to obtain the compressed file comprises the steps of:

s321, preprocessing the data to be encrypted by using run-length coding to reduce data redundancy;

s323, sequentially performing compression coding on character strings in the data to be encrypted by using the fusion lossless compression algorithm;

s324, when the fusion lossless compression algorithm compresses the single character, the output of the code is an input character, statistics is carried out on the single character after the compression coding is finished, huffman coding is carried out, and the complete compressed data is obtained by combining the character string compression coding.

6. The method for securely computing the data encryption based on the FPGA according to claim 5, wherein the adding the suffix characteristic to the string table compression algorithm for improvement to obtain the fusion lossless compression algorithm comprises the following steps:

s3223, reading a first character in the data to be encrypted, and taking the first character as a prefix string K;

7. The method for securely computing FPGA-based data encryption of claim 5, wherein said computing said secret data using a secret encryption computing channel comprises the steps of:

s362, improving the RSA algorithm by using a prime number optimizing algorithm to improve the operation efficiency;

s364, encrypting the data to be encrypted by utilizing the DES algorithm to obtain an encrypted file;

s365, encrypting the decryption subkey by utilizing the RSA algorithm to obtain an encryption key;

s366, packaging the encrypted file and the encryption key and inputting the packaged encrypted file and the encrypted key into a corresponding directory address.

8. The method for securely computing data encryption based on FPGA of claim 7, wherein said improving said RSA algorithm with prime number optimizing algorithm to increase the operational efficiency comprises the steps of:

s3623, carrying out prime repeated detection on the pseudo prime numbers to determine a final safe large prime factor.

9. The method for securely computing the encryption of the data based on the FPGA according to claim 8, wherein the preprocessing of the searched prime numbers and the elimination of part of the pseudo prime numbers comprises the following steps:

s36224, a=a+2, step S36222 is performed.

10. The method for securely computing data encryption based on FPGA of claim 7, wherein said optimizing the modified RSA algorithm for key management of DES algorithm comprises the steps of:

F _DES ＝R′ ^-1 ×T ₁₆ ×T ₁₅ ×…×T ₁ ×R′

F _DES f-functions representing DES algorithms;

r' represents an initial transformation;

R′ ^-1 an inverse transform representing the initial transform;

t represents the coding operation round;

s3632, iterating the DES algorithm;