CN116956321A - Method, device and system for encrypting chip data - Google Patents
Method, device and system for encrypting chip data Download PDFInfo
- Publication number
- CN116956321A CN116956321A CN202310853967.3A CN202310853967A CN116956321A CN 116956321 A CN116956321 A CN 116956321A CN 202310853967 A CN202310853967 A CN 202310853967A CN 116956321 A CN116956321 A CN 116956321A
- Authority
- CN
- China
- Prior art keywords
- data
- bit
- datain
- key
- chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 239000002184 metal Substances 0.000 claims description 4
- 238000012795 verification Methods 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000005286 illumination Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
Abstract
The invention discloses a method, a device and a system for encrypting chip data. The method comprises the following steps: dividing the 32-bit plaintext data, the data key and the address key into 4 bytes of data respectively; performing exclusive OR operation on the 8-bit plaintext data, the 8-bit address key and the 8-bit data key of 1 byte to obtain new high 4-bit data and new low 4-bit data; combining the new high 4-bit data with the new low 4-bit data to obtain 8-bit encrypted data; repeating the steps until all operations of the data of 4 bytes are completed, and combining the data to obtain 32-bit encrypted data; exclusive or is carried out on plaintext data of every 8 bits to obtain parity check bits of 2 bits; and storing the 32-bit encrypted data and the parity check value into a memory to complete the encryption of the chip data. The invention sets the plaintext encryption data and the parity check value independently, so that the chip can find and alarm in time when being attacked or the data is tampered.
Description
Technical Field
The invention relates to a chip data encryption method, a device for executing the data encryption method, a system comprising the data encryption device and the method, and belongs to the technical field of security chips.
Background
Currently, various information technologies such as intelligent terminals, automatic driving, virtual reality, artificial intelligence and the like are widely applied, wherein the bottom technology which is the most basic is a chip. In order to ensure the security of the data in the chip, various technical means are generally adopted to encrypt the data.
The invention discloses a multi-chip data encryption and decryption processing method and device in China patent number ZL 202211027837.6. The method comprises the following steps: determining delay information of a current transmission link and performance information of a transmitting end device; determining a chip encryption mode according to the delay information and the performance information, wherein different chip encryption modes correspondingly use different numbers of security chips; under the condition that the chip encryption mode is a first mode, encrypting transmission data by using a single security chip, and sending the encrypted data to receiving end equipment; and under the condition that the chip encryption mode is the second mode, encrypting transmission data by using two security chips, and sending the encrypted data to the receiving end equipment. The technical scheme solves the problem of unreasonable encryption mechanism in the related technology, and further improves the data security on the premise of ensuring the data processing performance.
However, the technical scheme only performs reasonable selection on transmission and encryption modes, and does not optimize the encryption method, so that the problems of data security and integrity are not solved well.
Disclosure of Invention
The invention aims to provide a chip data encryption method.
Another technical problem to be solved by the present invention is to provide an apparatus including the above-mentioned chip data encryption method.
Another technical problem to be solved by the present invention is to provide a system including the above-mentioned chip data encryption method.
In order to achieve the technical purpose, the invention adopts the following technical scheme:
according to a first aspect of an embodiment of the present invention, there is provided a method for encrypting chip data, including the steps of:
s1: setting a data bit width;
s2: dividing the plaintext data, the data key and the address key into 8-bit data per byte;
s3: performing exclusive OR operation on the 8-bit plaintext data, the 8-bit address key and the 8-bit data key of 1 byte to obtain new high 4-bit data and new low 4-bit data;
s4: combining the new high 4-bit data with the new low 4-bit data to obtain 8-bit encrypted data;
s5: repeating the steps S3-S4 until all operations of the data of 4 bytes are completed, and combining the data to obtain 32-bit encrypted data;
s6: exclusive or is carried out on plaintext data of every 8 bits to obtain parity check bits of 2 bits;
s7: and (3) storing the 32-bit encrypted data obtained in the step (S5) and the parity check value obtained in the step (S6) into a memory to complete the encryption of the chip data.
Wherein preferably the data comprises plaintext data, a data key, an address key, and the data is set to a data bit width of 32 bits.
Preferably, the step S3 further includes the following sub-steps:
s31: exclusive OR operation is carried out on the plaintext data, the address key and the high 4 bits of the data key;
s32: generating new high 4-bit data in a disordered way according to the xor_1 generated in the step S31;
s33: exclusive OR operation is carried out on the plaintext data, the address key and the low 4 bits of the data key;
s34: and (3) generating new low 4-bit data in a re-disordered way according to the xor_2 generated in the step S33.
Preferably, in step S31, the content of the exclusive-or operation is:
xor_1=datain[7:4]^addr[7:4]^key[7:4]
wherein, datain is plaintext data; addr is the read and/or write address issued by the bus; the key is a 32-bit data key.
Preferably, the content of the exclusive-or operation in step S33 is:
xor_2=datain[3:0]^addr[3:0]^key[3:0]。
preferably, in step S6, the content of the exclusive-or operation is:
Parity_bit[0]=
datain[0]^datain[1]^datain[4]^datain[6]^datain[7]
Parity_bit[1]=
~(datain[0]^datain[2]^datain[3]^datain[4]^datain[5]^datain[7])。
preferably, when the chip is attacked or the data is tampered, comparing the parity check values, if the parity check values are inconsistent, generating a parity check value error signal, and generating a corresponding interrupt and/or resetting system according to system setting; and if the parity check values are consistent, the verification is passed.
Wherein preferably the parity related sensitive signals are placed at a different metal layer than the stored data at the time of back-end placement and routing.
According to a second aspect of the embodiment of the present invention, there is provided an apparatus for encrypting chip data, including an encryption processing module; the encryption processing module is used for realizing the method.
According to a third aspect of the embodiment of the present invention, a system for encrypting chip data is provided, which includes the device for encrypting chip data described above.
Compared with the prior art, the invention sets the plaintext encryption data and the parity check value independently, so that the chip can timely find and alarm when being attacked or the data is tampered. When the back-end layout is wired, the sensitive signals related to the parity check are placed on a metal layer different from the stored data, so that the sensitive signals related to the parity check are far away from each other in the actual back-end layout, and the situation that the sensitive signals related to the parity check and the stored data are tampered at the same time when a chip is attacked by laser illumination, so that an alarm cannot be generated is avoided.
Drawings
FIG. 1 is a flow chart of a chip data encryption method provided by the invention;
FIG. 2 is a schematic diagram of a chip data encryption device according to the present invention;
fig. 3 is a schematic diagram of a chip data encryption system provided by the present invention.
Detailed Description
The technical contents of the present invention will be described in detail with reference to the accompanying drawings and specific examples.
< first embodiment >
As shown in fig. 1, the method for encrypting chip data provided in the first embodiment of the present invention includes the following steps:
s1: the data bit width is set.
Wherein the data includes plaintext data, a data key, an address key, and the data is set to a data bit width of 32 bits.
S2: the plaintext data, the data key, and the address key are respectively equally divided into 8-bit data per byte.
S3: and performing exclusive OR operation on the 8-bit plaintext data, the 8-bit address key and the 8-bit data key of 1 byte to obtain new high 4-bit data and new low 4-bit data.
The specific operation mode comprises the following steps:
s31: exclusive OR (xor) operation is carried out on plaintext data, an address key and high 4 bits of a data key, and the operation contents are as follows:
xor_1=datain[7:4]^addr[7:4]^key[7:4]
wherein, datain is plaintext data; addr is the read and/or write address issued by the bus; the key is a 32-bit data key.
The key is 32-bit data loaded from otp when the system is powered up.
S32: and (3) generating new high 4-bit data in a re-disordered way according to the xor_1 generated in the step S31.
The new high 4-bit data generation method comprises the following steps:
Case(xor_1)
4’h0:dataout[7:4]=4’ha;
4’h1:dataout[7:4]=4’h9;
4’h2:dataout[7:4]=4’h8;
4’h3:dataout[7:4]=4’h2;
4’h4:dataout[7:4]=4’h1;
4’h5:dataout[7:4]=4’hb;
4’h6:dataout[7:4]=4’hd;
4’h7:dataout[7:4]=4’hc;
4’h8:dataout[7:4]=4’h5;
4’h9:dataout[7:4]=4’h6;
4’ha:dataout[7:4]=4’h4;
4’hb:dataout[7:4]=4’hf;
4’hc:dataout[7:4]=4’h3;
4’hd:dataout[7:4]=4’h0;
4’he:dataout[7:4]=4’h7;
Default:dataout[7:4]=4’he;
endcase
s33: exclusive OR operation is carried out on plaintext data, an address key and the low 4 bits of the data key, and the operation contents are as follows:
xor_2=datain[3:0]^addr[3:0]^key[3:0]
s34: and (3) generating new low 4-bit data in a re-disordered way according to the xor_2 generated in the step S33.
The new method for generating the low 4-bit data comprises the following steps:
Case(xor_2)
4’h0:dataout[3:0]=4’h4;
4’h1:dataout[3:0]=4’h9;
4’h2:dataout[3:0]=4’hc;
4’h3:dataout[3:0]=4’ha;
4’h4:dataout[3:0]=4’hd;
4’h5:dataout[3:0]=4’hb;
4’h6:dataout[3:0]=4’h0;
4’h7:dataout[3:0]=4’h8;
4’h8:dataout[3:0]=4’h5;
4’h9:dataout[3:0]=4’h1;
4’ha:dataout[3:0]=4’he;
4’hb:dataout[3:0]=4’h6;
4’hc:dataout[3:0]=4’h2;
4’hd:dataout[3:0]=4’h7;
4’he:dataout[3:0]=4’hf;
Default:dataout[3:0]=4’h3;
endcase
s4: combining the new high 4-bit data with the new low 4-bit data to obtain 8-bit encrypted data.
S5: repeating the steps S3-S4 until all operations of the data of 4 bytes are completed, and combining the data to obtain the data after 32-bit encryption.
S6: and carrying out exclusive OR on the plaintext data of every 8 bits to obtain the parity check bit of 2 bits.
The exclusive OR operation content is as follows:
Parity_bit[0]=datain[0]^datain[1]^datain[4]^datain[6]^datain[7]
Parity_bit[1]=~(datain[0]^datain[2]^datain[3]^datain[4]^datain[5]^datain[7])
s7: and (3) storing the 32-bit encrypted data obtained in the step (S5) and the parity check value obtained in the step (S6) into a memory to complete the encryption of the chip data.
The 32-bit encrypted data and the parity check value have no correlation, when the chip is attacked or the data is tampered, the parity check value is compared, if the data are inconsistent, a parity check value error signal (parity_err) is generated, and a corresponding interrupt and/or reset system is generated according to system setting; and if so, the parity check value passes verification.
When the chip is attacked by laser illumination, the sensitive signals related to the parity check and the stored data are tampered at the same time, so that an alarm cannot be generated.
< second embodiment >
As shown in fig. 2, a second embodiment of the present invention provides an apparatus including the chip data encryption method, which includes an encryption processing module.
The method for encrypting the chip data implemented by the encryption processing module is the same as the method described in the first embodiment of the present invention, and will not be described herein.
< third embodiment >
As shown in fig. 3, a third embodiment of the present invention provides a system including the chip data encryption method, which includes a secure chip and a memory. Wherein the security chip comprises the device provided by the second embodiment of the invention.
It should be noted that the foregoing embodiments are only examples, and the technical solutions of the embodiments may be combined, which are all within the protection scope of the present invention.
Compared with the prior art, the invention sets the plaintext encryption data and the parity check value independently, so that the chip can timely find and alarm when being attacked or the data is tampered. When the back-end layout is wired, the sensitive signals related to the parity check are placed on a metal layer different from the stored data, so that the sensitive signals related to the parity check are far away from each other in the actual back-end layout, and the situation that the sensitive signals related to the parity check and the stored data are tampered at the same time when a chip is attacked by laser illumination, so that an alarm cannot be generated is avoided.
The method, the device and the system for encrypting the chip data provided by the invention are described in detail. Any obvious modifications to the present invention, without departing from the spirit thereof, would constitute an infringement of the patent rights of the invention and would take on corresponding legal liabilities.
Claims (10)
1. The method for encrypting the chip data is characterized by comprising the following steps:
s1: setting a data bit width;
s2: dividing the plaintext data, the data key and the address key into 8-bit data per byte;
s3: performing exclusive OR operation on the 8-bit plaintext data, the 8-bit address key and the 8-bit data key of 1 byte to obtain new high 4-bit data and new low 4-bit data;
s4: combining the new high 4-bit data with the new low 4-bit data to obtain 8-bit encrypted data;
s5: repeating the steps S3-S4 until all operations of the data of 4 bytes are completed, and combining the data to obtain 32-bit encrypted data;
s6: exclusive or is carried out on plaintext data of every 8 bits to obtain parity check bits of 2 bits;
s7: and (3) storing the 32-bit encrypted data obtained in the step (S5) and the parity check value obtained in the step (S6) into a memory to complete the encryption of the chip data.
2. The method of claim 1, wherein:
the data includes plaintext data, a data key, an address key, and the data is set to a data bit width of 32 bits.
3. The method of claim 1, wherein step S3 further comprises:
s31: exclusive OR operation is carried out on the plaintext data, the address key and the high 4 bits of the data key;
s32: generating new high 4-bit data in a disordered way according to the xor_1 generated in the step S31;
s33: exclusive OR operation is carried out on the plaintext data, the address key and the low 4 bits of the data key;
s34: and (3) generating new low 4-bit data in a re-disordered way according to the xor_2 generated in the step S33.
4. The method of claim 3, wherein the exclusive-or operation in step S31 comprises:
xor_1=datain[7:4]^addr[7:4]^key[7:4];
wherein, datain is plaintext data; addr is the read and/or write address issued by the bus; the key is a 32-bit data key.
5. The method of claim 3, wherein the exclusive-or operation in step S33 is performed with the following contents:
xor_2=datain[3:0]^addr[3:0]^key[3:0]。
6. the method of claim 1 wherein the exclusive-or operation in step S6 is performed with the following contents:
Parity_bit[0]=
datain[0]^datain[1]^datain[4]^datain[6]^datain[7]
Parity_bit[1]=
~(datain[0]^datain[2]^datain[3]^datain[4]^datain[5]^datain[7])。
7. the method of any one of claims 1-6, wherein:
comparing the parity check values when the chip is attacked or the data is tampered, generating a parity check value error signal if the parity check values are inconsistent, and generating corresponding interruption and/or resetting the system according to system setting; and if the parity check values are consistent, the verification is passed.
8. The method of claim 7, wherein:
in back-end placement and routing, parity-related sensitive signals are placed on a different metal layer than the stored data.
9. The device for encrypting the chip data is characterized by comprising an encryption processing module; wherein the encryption processing module is configured to implement the method according to any one of claims 1 to 8.
10. A system for chip data encryption comprising the apparatus of claim 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310853967.3A CN116956321A (en) | 2023-07-12 | 2023-07-12 | Method, device and system for encrypting chip data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310853967.3A CN116956321A (en) | 2023-07-12 | 2023-07-12 | Method, device and system for encrypting chip data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116956321A true CN116956321A (en) | 2023-10-27 |
Family
ID=88459702
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310853967.3A Pending CN116956321A (en) | 2023-07-12 | 2023-07-12 | Method, device and system for encrypting chip data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116956321A (en) |
-
2023
- 2023-07-12 CN CN202310853967.3A patent/CN116956321A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8054972B2 (en) | Encryption processor of memory card and method for writing and reading data using the same | |
| US9489540B2 (en) | Memory controller with encryption and decryption engine | |
| US7092400B2 (en) | Method of transmitting data through a data bus | |
| TWI609289B (en) | A low-overhead cryptographic method,system,and processor for providing memory confidentiality,integrity and replay protection | |
| CN104156677B (en) | FPGA-based hard disk encryption and decryption system | |
| US9152576B2 (en) | Mode-based secure microcontroller | |
| US20130044881A1 (en) | Key transport method, memory controller and memory storage apparatus | |
| CN112329038B (en) | Data encryption control system and chip based on USB interface | |
| US8015416B2 (en) | Memory information protection system and methods | |
| US11722467B2 (en) | Secured communication from within non-volatile memory device | |
| WO2020131362A1 (en) | Memory device and managed memory system with wireless debug communication port and methods for operating the same | |
| WO2020056398A1 (en) | Security techniques for a peripheral component interconnect (pci) express (pcie) system | |
| TWI761896B (en) | Memory device and method for executing secured commands | |
| CN117640256B (en) | Data encryption method, recommendation device and storage medium of wireless network card | |
| CN104182674A (en) | Protective device for solid-state disk | |
| CN112887077B (en) | SSD main control chip random cache confidentiality method and circuit | |
| CN109784104A (en) | SATA hard disc crypto module and its working method, system and its working method | |
| US11797717B2 (en) | Bus encryption for non-volatile memories | |
| CN116956321A (en) | Method, device and system for encrypting chip data | |
| CN114401081A (en) | Data encryption transmission method, application and system | |
| CN107861892B (en) | Method and terminal for realizing data processing | |
| WO2019210490A1 (en) | Data processing method and apparatus, and system chip | |
| CN114650138A (en) | I2C communication method, system, equipment and medium | |
| CN213876729U (en) | Random cache secret circuit of SSD main control chip | |
| US20230068302A1 (en) | Memory device and method for data encryption/decryption of memory device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |