KR101508495B1 - ARIA encryption apparatus and method - Google Patents

ARIA encryption apparatus and method Download PDF

Info

Publication number
KR101508495B1
KR101508495B1 KR20130136214A KR20130136214A KR101508495B1 KR 101508495 B1 KR101508495 B1 KR 101508495B1 KR 20130136214 A KR20130136214 A KR 20130136214A KR 20130136214 A KR20130136214 A KR 20130136214A KR 101508495 B1 KR101508495 B1 KR 101508495B1
Authority
KR
South Korea
Prior art keywords
round
data
clock
key
plurality
Prior art date
Application number
KR20130136214A
Other languages
Korean (ko)
Inventor
권태웅
김현민
홍석희
Original Assignee
고려대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 고려대학교 산학협력단 filed Critical 고려대학교 산학협력단
Priority to KR20130136214A priority Critical patent/KR101508495B1/en
Application granted granted Critical
Publication of KR101508495B1 publication Critical patent/KR101508495B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 – G06F13/00 and G06F21/00
    • G06F1/04Generating or distributing clock signals or signals derived directly therefrom
    • G06F1/06Clock generators producing several clock signals

Abstract

The present invention relates to an apparatus and method for encrypting an aria, and more particularly, to a data input unit receiving data to be encrypted. A key scheduler for generating a round key used in encrypting the data; A clock generator for generating a plurality of clocks having different speeds; And a plurality of S-boxes, wherein a clock having a speed higher than a reference clock among the plurality of clocks is applied to the S box, and each round operation on the data is performed based on the round key And a cryptographic operation unit.
With this configuration, the aria encryption apparatus and method of the present invention can generate a clock faster than the reference clock and apply the generated clock to the single port block RAM, thereby remarkably improving the processing speed of the single port block RAM .

Description

[0001] ARIA encryption apparatus and method [0002]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an apparatus and method for encrypting an aria, and in particular, to an apparatus and method for encrypting an aria that can improve the processing speed while reducing the implementation area of the aria circuit.

In recent years, as social and economic activities based on the Internet have increased, there has been an increasing demand for the safety and reliability of electronic transactions and the protection of user privacy. Accordingly, techniques for encrypting transmission / reception data have been actively studied. Among them, the ARIA algorithm is the national standard 128-bit block encryption algorithm, which is the first letter of academy, research and government institute. It is an encryption method optimized to improve hardware efficiency to be.

In order to realize such aria algorithm in hardware, since the single port block RAM which is commonly used is synchronized by the clock, the processing speed is significantly slower than the implementation method which does not use the block RAM.

In order to solve the above problems, the present invention provides an aria encryption device capable of remarkably improving the processing speed of a single port block RAM by generating a separate clock faster than a reference clock and applying it to a single port block RAM, Method.

According to an aspect of the present invention, there is provided an aria encryption apparatus including a data input unit receiving data to be encrypted; A key scheduler for generating a round key used in encrypting the data; A clock generator for generating a plurality of clocks having different speeds; And a plurality of S-boxes, wherein a clock having a speed higher than a reference clock among the plurality of clocks is applied to the S box, and each round operation on the data is performed based on the round key A cryptographic operation unit; .

In particular, it may include a key scheduling unit receiving a master key and generating a plurality of round keys by performing a round function operation on the input master key.

In particular, it may include a key scheduling unit for performing bit rotation and XOR operations on the master key to generate a plurality of round keys.

And a clock generator for generating a first clock having the same speed as the reference clock and a second clock having a speed higher than the reference clock speed, respectively.

A plurality of S-boxes for performing a round operation of the data; A MUX formed at an input / output end of the S box to change an input / output order of data input to or output from the S box according to each round to be performed; A register for storing data output from the S box; And a spreading unit for performing a matrix transformation on the stored data when the data is stored in the register by a predetermined number of bits. And a cryptographic computation unit.

In particular, it may include a plurality of single port block RAMs, and may include an S box constituting a substitution layer of a round function.

In particular, it may include a register for dividing data output from the S box by a rising edge or a falling edge of a reference clock.

According to another aspect of the present invention, there is provided a method for encrypting an Aria, the method comprising: receiving data to be encrypted by a data input unit; Generating a round key for use in encrypting the data by the key scheduling unit; Generating a plurality of clocks having different speeds; And performing a round operation on the data based on the round key when a clock having a speed higher than a reference clock among the plurality of clocks is applied to the S box inside the cryptographic operation unit.

More preferably, the step of generating the round key may include generating the round key by receiving the master key, performing a bit rotation movement and an XOR operation on the input master key through the round function to generate a plurality of round keys have.

More preferably, the clock generator may generate a plurality of clocks, each of which generates a first clock having the same speed as the reference clock and a second clock having a speed higher than the speed of the reference clock, respectively.

The apparatus and method of the present invention can generate a clock faster than the reference clock and apply the generated clock to the single port block RAM, thereby significantly improving the processing speed of the single port block RAM.

In addition, the apparatus and method for encrypting the aria of the present invention have an effect of reducing the use area when implementing the circuit state by hardware.

In addition, the apparatus and method for encrypting aria of the present invention include a mux at the input / output end of S-box to minimize the number of single-port block RAMs used by changing the input / output order of data, There is an effect that can be.

1 is a block diagram of an aria encryption apparatus according to an embodiment of the present invention.
Figure 2 is a schematic diagram of the aria encryption method.
FIG. 3 is a diagram illustrating a transformation representing a matrix used in a spreading layer. FIG.
4 is a schematic diagram illustrating a process of generating a key element for round key generation using a master key.
5 is a schematic diagram illustrating a round key generation process using a key element for generating a round key.
6 is a block diagram showing an input / output stage of the S-box.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT Hereinafter, the present invention will be described in detail with reference to preferred embodiments and accompanying drawings, which will be easily understood by those skilled in the art. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein.

Hereinafter, referring to FIG. 1, an aria encryption apparatus according to an embodiment of the present invention will be described.

The aria encryption apparatus 100 of the present invention includes a data input unit 110, a key scheduling unit 120, a clock generating unit 130, and a cryptographic operation unit 140.

The data input unit 110 divides the 128 bits of the plaintext data to be encrypted into four 32-bit data.

The key scheduling unit 120 generates a round key used in encrypting the data. The key scheduling unit 120 receives a master key, and generates a plurality of round keys by performing a round function operation on the input master key. At this time, the round function can perform bit rotation and XOR operations. For example, the key scheduling unit 120 divides the 128-bit master key into 32-bit portions and divides the 32-bit master key into four 32-bit portions and generates three round keys through three round function operations on the master key .

The clock generating unit 130 generates a plurality of clocks having different speeds. The clock generating unit 130 may generate a first clock having the same speed as the reference clock and a second clock having a speed higher than the speed of the reference clock, respectively. In particular, the second clock may be twice as fast as the reference clock.

The cryptographic operation unit 140 includes a plurality of S-boxes, a second clock having a speed higher than a reference clock among the plurality of clocks is applied to the S box, and the key scheduling unit 120 And performs each round operation on the plaintext data input through the data input unit 110 based on the generated round key. The cryptographic operation unit 140 includes an S box 142, a multiplexer 144, a register 146, and a spreading layer unit 148.

The S-box 142 performs the round operation of the plaintext data. The S-box 142 includes a plurality of single-port block RAMs and can constitute a substitution layer of a round function. Particularly, the S box 142 has four different types (

Figure 112013102378807-pat00001
,
Figure 112013102378807-pat00002
,
Figure 112013102378807-pat00003
,
Figure 112013102378807-pat00004
) Can be used. At this time,
Figure 112013102378807-pat00005
,
Figure 112013102378807-pat00006
Respectively
Figure 112013102378807-pat00007
,
Figure 112013102378807-pat00008
.

The MUX 144 is formed at the input / output ends of the S box 142 and changes the input / output order of data input to or output from the S box 142 according to each round performed.

A plurality of registers 146 are provided at the rear end of the S box 142 to store data output from the S box 142. [ The register 146 may store the data output from the S box by a rising edge or a falling edge of the reference clock. For example, the data output from the first S box S1 is stored in the first register R1 when the rising edge of the reference clock, and the output data of the second S box S2 is stored on the falling edge of the reference clock Is stored in the second register (R2). The output data of the third S box IS1 is stored in the first register R1 after the data stored in the first register R1 is transferred to the third register R3 by the control unit 150 and stored. The output data of the fourth S-box IS2 is transferred to the fourth register R4 by the control unit 150 and then stored in the second register R2.

When the data is stored in the register by a predetermined number of bits, the spreading layer unit 148 performs matrix conversion on the stored data and outputs the converted data.

The aria encryption method according to another embodiment of the present invention will be described in detail.

First, the data input unit receives the plaintext data to be encrypted by dividing the 128 bits into 32 bits in 4 times.

The key scheduling unit generates a round key used in encrypting the data. At this time, the key scheduling unit receives the 128-bit master key divided into four 32-bit keys, and performs a bit-rotation movement and an XOR operation on the input master key through the round function to generate a plurality of round keys.

The clock generating unit generates a plurality of clocks having different speeds. The clock generating unit may generate a first clock having the same speed as the reference clock input to the clock generating unit and a second clock having a speed higher than the speed of the reference clock, have. In particular, the second clock may be twice as fast as the reference clock.

The cryptographic operation unit is applied to the internal S box with a clock having a speed higher than the reference clock among the plurality of clocks and performs each round operation on the received plain text data based on the round key in response to the second clock .

Hereinafter, the aria encryption method will be described in more detail with reference to FIG.

Figure 2 is a schematic diagram of the aria encryption method.

The ARIA encryption method (ARIA) according to the present invention is a 128-bit block encryption algorithm of an ISPN structure. A master key having three lengths of 128, 192, and 256 bits can be selectively used, 16 rounds. The aria encryption method consists of a substitution, a diffusion, and a round key addition method using a multiplication operation in a finite field. In the present invention, a 128-bit aria encryption method will be described.

As shown in FIG. 2, the aria encryption method includes a plurality of odd round functions F o , an even round function F e , and an odd round function F e using a round key corresponding to each round for 128- And calculates the final round function F 1 . That is, the plaintext data received by the cryptographic operation unit through the S box,

Round key of 128-bit input from the key scheduling unit which performs an exclusive OR operation is XOR operation between (ek1, ek2, n ... ek, ek n +1), and after performing the conversion through the matrix multiplication in the diffusion layer section And then outputs the result value.

At this time, the used S box is composed of a substitution layer which is a non-linear substitution operation for outputting an internal state value corresponding to an input value. Particularly, in the present invention,

Figure 112013102378807-pat00009
,
Figure 112013102378807-pat00010
,
Figure 112013102378807-pat00011
,
Figure 112013102378807-pat00012
There are four different kinds of S boxes,
Figure 112013102378807-pat00013
,
Figure 112013102378807-pat00014
Respectively
Figure 112013102378807-pat00015
,
Figure 112013102378807-pat00016
.

In addition, the diffusion layer of the cryptographic operation unit converts 16 current state values through multiplication of a matrix. This diffusion layer has an involution property (

Figure 112013102378807-pat00017
)
Figure 112013102378807-pat00018
Binary matrix
Figure 112013102378807-pat00019
Lt; / RTI >

FIG. 3 is a diagram illustrating a transformation representing a matrix used in a spreading layer. FIG.

As shown in FIG. 3, when the input value of the diffusion function is

Figure 112013102378807-pat00020
And the output value
Figure 112013102378807-pat00021
, The binary matrix < RTI ID = 0.0 >
Figure 112013102378807-pat00022
Is fixed
Figure 112013102378807-pat00023
Even if any value is input
Figure 112013102378807-pat00024
Is configured in advance, and an operation is configured according to the setting, and the XOR operation is performed between input bytes.

Hereinafter, the round key generation process will be described in detail with reference to FIGS.

4 is a schematic diagram illustrating a process of generating a key element for round key generation using a master key.

As shown in FIG. 4, the length of the master key input to the key scheduling unit may be 128, 192, or 256 bits. The input master key is divided into 128 bits

Figure 112013102378807-pat00025
,
Figure 112013102378807-pat00026
, And if
Figure 112013102378807-pat00027
The missing bits of the padding are padded with zeros.

For example, when a 128-bit or 192-bit master key is input,

Figure 112013102378807-pat00028
Is padded with 128 bits,
Figure 112013102378807-pat00029
Is generated by padding with 0 or 64 bits. As such,
Figure 112013102378807-pat00030
,
Figure 112013102378807-pat00031
A key element for round key generation of 128 bits is calculated by the following equation (1)
Figure 112013102378807-pat00032
,
Figure 112013102378807-pat00033
,
Figure 112013102378807-pat00034
,
Figure 112013102378807-pat00035
Respectively.

[Equation 1]

Figure 112013102378807-pat00036

Figure 112013102378807-pat00037

Figure 112013102378807-pat00038

Figure 112013102378807-pat00039

5 is a schematic diagram illustrating a round key generation process using a key element for generating a round key.

As shown in FIG. 5, each round key (ek 1 , ek 17 ) is generated by performing bit rotation and XOR operations on the key elements generated for round key generation according to each round.

6 is a block diagram showing an input / output stage of the S-box.

As shown in FIG. 6, the first data input to the S-box is performed in units of 32 bits, and rounding is performed by selecting one of the results of the round and the first data to be input. That is, the MUX first receives 128 bits of the master key divided into 4 bits in 32 bits, and then performs the round three times. Thereafter, a key element for round key generation

Figure 112013102378807-pat00040
~
Figure 112013102378807-pat00041
Is generated, 128 bits of the plaintext data are divided into 4 bits by 32 bits. The input 32 bits are divided into 8 bits and applied to the input of each S-box.

In particular, the aria encryption method according to the present invention

Figure 112013102378807-pat00042
,
Figure 112013102378807-pat00043
,
Figure 112013102378807-pat00044
,
Figure 112013102378807-pat00045
Four kinds of S boxes are used. Therefore, when the ariya encryption method is implemented using a single port block RAM, four S boxes are used. Accordingly, in the odd round of each round
Figure 112013102378807-pat00046
,
Figure 112013102378807-pat00047
,
Figure 112013102378807-pat00048
,
Figure 112013102378807-pat00049
,
Figure 112013102378807-pat00050
,
Figure 112013102378807-pat00051
,
Figure 112013102378807-pat00052
,
Figure 112013102378807-pat00053
,
Figure 112013102378807-pat00054
,
Figure 112013102378807-pat00055
,
Figure 112013102378807-pat00056
,
Figure 112013102378807-pat00057
,
Figure 112013102378807-pat00058
,
Figure 112013102378807-pat00059
,
Figure 112013102378807-pat00060
,
Figure 112013102378807-pat00061
The S box is arranged in order, and the even round
Figure 112013102378807-pat00062
,
Figure 112013102378807-pat00063
,
Figure 112013102378807-pat00064
,
Figure 112013102378807-pat00065
,
Figure 112013102378807-pat00066
,
Figure 112013102378807-pat00067
,
Figure 112013102378807-pat00068
,
Figure 112013102378807-pat00069
,
Figure 112013102378807-pat00070
,
Figure 112013102378807-pat00071
,
Figure 112013102378807-pat00072
,
Figure 112013102378807-pat00073
,
Figure 112013102378807-pat00074
,
Figure 112013102378807-pat00075
,
Figure 112013102378807-pat00076
,
Figure 112013102378807-pat00077
The S box is arranged in order.

As described above, by changing the order of input / output of data for each round performed by forming muxes at the input / output terminals of S-box, by expressing two substitution layers with only four S-boxes, Encryption methods can be implemented.

In order to actually implement the present invention, programming and compilation were performed with the ISE_v.14.1 tool provided by Xilinx, and the simulation was performed. As a result, the circuit implementation area of the present invention using four single port block RAMs has a 1311 slice as a result of the simulation, and the throughput is about 180 Mbps. In addition to using the single port block RAM as much as possible from the conventional results, It can also be seen that it is reduced. Particularly, the performance test of the present invention was performed by using one round as a whole in two clocks and using the whole 24 clocks. As a result, the area of use of the hardware was reduced by 13% as compared with the prior art and the processing speed was about 30 times higher.

In addition, such an aria encryption apparatus and method can be stored in a computer-readable recording medium on which a program for executing by a computer is recorded. At this time, the computer-readable recording medium includes all kinds of recording apparatuses in which data that can be read by a computer system is stored. Examples of the computer readable recording medium include ROM, RAM, CD-ROM, DVD 占 ROM, DVD-RAM, magnetic tape, floppy disk, hard disk, optical data storage, and the like. In addition, the computer-readable recording medium may be distributed to network-connected computer devices so that computer-readable codes can be stored and executed in a distributed manner.

The apparatus and method of the present invention can generate a clock faster than the reference clock and apply the generated clock to the single port block RAM, thereby significantly improving the processing speed of the single port block RAM.

In addition, the apparatus and method for encrypting the aria of the present invention have an effect of reducing the use area when implementing the circuit state by hardware.

In addition, the apparatus and method for encrypting aria of the present invention include a mux at the input / output end of S-box to minimize the number of single-port block RAMs used by changing the input / output order of data, There is an effect that can be.

While the present invention has been described in connection with what is presently considered to be practical exemplary embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, Do.

110: Data input unit 120: Key scheduling unit
130: clock generator 140: cryptographic operation unit
150:

Claims (11)

  1. A data input unit for receiving data to be encrypted;
    A key scheduler for generating a round key used in encrypting the data;
    A clock generator for generating a plurality of clocks having different speeds; And
    A clock having a speed higher than a reference clock among the plurality of clocks is applied to the S box and each round operation is performed on the data based on the round key A cryptographic operation unit;
    , ≪ / RTI &
    The key scheduling unit
    And receives a master key, and generates a plurality of round keys by performing a round function on the input master key.
  2. delete
  3. The method according to claim 1,
    The key scheduling unit
    And performing bit rotation and XOR operations on the master key to generate a plurality of round keys.
  4. The method according to claim 1,
    The clock generator
    And generates a first clock having the same speed as the reference clock and a second clock having a speed higher than the speed of the reference clock, respectively.
  5. The method according to claim 1,
    The encryption operation unit
    A plurality of S-boxes for performing a round operation of the data;
    A MUX formed at an input / output end of the S box to change an input / output order of data input to or output from the S box according to each round to be performed;
    A register for storing data output from the S box; And
    A diffusion layer for performing a matrix transformation on the stored data when data is stored in the register by a predetermined number of bits;
    And an encryption unit for encrypting the encryption key.
  6. 5. The method of claim 4,
    The S box
    And a plurality of single-port block RAMs, and constitutes a substitution layer of a round function.
  7. 6. The method of claim 5,
    The register
    Wherein the data output from the S box is divided by a rising edge or a falling edge of a reference clock.
  8. Receiving data to be encrypted by a data input unit;
    Generating a round key for use in encrypting the data by the key scheduling unit;
    Generating a plurality of clocks having different speeds; And
    Performing a round operation on the data based on the round key when a cryptographic operation unit applies a clock having a speed higher than a reference clock among the plurality of clocks to an internal S box;
    , ≪ / RTI &
    The step of generating the round key by the key scheduling unit
    A plurality of round keys are generated by receiving a master key and performing a bit rotation movement and an XOR operation on a received master key through a round function.
  9. delete
  10. 9. The method of claim 8,
    The step of the clock generator generating a plurality of clocks
    And generating a first clock having the same speed as the reference clock and a second clock having a speed higher than the speed of the reference clock, respectively.
  11. 10. A computer-readable recording medium on which a program for executing the method according to claim 8 or 10 is recorded.
KR20130136214A 2013-11-11 2013-11-11 ARIA encryption apparatus and method KR101508495B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR20130136214A KR101508495B1 (en) 2013-11-11 2013-11-11 ARIA encryption apparatus and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR20130136214A KR101508495B1 (en) 2013-11-11 2013-11-11 ARIA encryption apparatus and method

Publications (1)

Publication Number Publication Date
KR101508495B1 true KR101508495B1 (en) 2015-04-07

Family

ID=53032392

Family Applications (1)

Application Number Title Priority Date Filing Date
KR20130136214A KR101508495B1 (en) 2013-11-11 2013-11-11 ARIA encryption apparatus and method

Country Status (1)

Country Link
KR (1) KR101508495B1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20010110162A (en) * 2000-05-31 2001-12-12 박종섭 Encryption device using data encryption standard algorithm
KR20070021883A (en) * 2005-08-19 2007-02-23 한국전자통신연구원 ARIA crypto module and method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20010110162A (en) * 2000-05-31 2001-12-12 박종섭 Encryption device using data encryption standard algorithm
KR20070021883A (en) * 2005-08-19 2007-02-23 한국전자통신연구원 ARIA crypto module and method

Similar Documents

Publication Publication Date Title
JP6083234B2 (en) Cryptographic processing device
US20120134491A1 (en) Cloud Storage Data Encryption Method, Apparatus and System
US7532721B2 (en) Implementation of a switch-box using a subfield method
Macé et al. FPGA implementation (s) of a scalable encryption algorithm
Courtois How fast can be algebraic attacks on block ciphers?
JP4180094B2 (en) Program conversion apparatus, cryptographic processing apparatus, and cryptographic processing method
Borkar et al. FPGA implementation of AES algorithm
JP5402632B2 (en) Common key block encryption apparatus, common key block encryption method, and program
US7546461B2 (en) Strengthening secure hash functions
US8369516B2 (en) Encryption apparatus having common key encryption function and embedded apparatus
US10164771B2 (en) Encryption method and encryption device
US20020041685A1 (en) Data encryption apparatus
EP3014800B1 (en) Method and apparatus to encrypt plaintext data
US8050401B2 (en) High speed configurable cryptographic architecture
Wong et al. Construction of optimum composite field architecture for compact high-throughput aes s-boxes
US20050240764A1 (en) Apparatus and method for performing RC4 ciphering
Kumar et al. Development of modified AES algorithm for data security
Karthigaikumar et al. Simulation of image encryption using AES algorithm
Standaert et al. A methodology to implement block ciphers in reconfigurable hardware and its application to fast and compact AES RIJNDAEL
US9762384B2 (en) Generation and verification of alternate data having specific format
JP5711681B2 (en) Cryptographic processing device
WO2014093708A1 (en) Masking with shared random bits
EP2693682B1 (en) Data processing device, data processing method, and programme
US8010587B2 (en) Random number generator
WO2004010638A1 (en) Cryptographic key distribution using key unfolding

Legal Events

Date Code Title Description
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20180108

Year of fee payment: 4

FPAY Annual fee payment

Payment date: 20190211

Year of fee payment: 5