KR101655862B1 - Lightweight cryptographic apparatus using PRINTcipher - Google Patents

Abstract

The present invention relates to a lightweight encryption apparatus using a PRINT cipher, and includes a GEZEL co-processor communicating with a hardware processor and a hardware processor according to a block cipher operating method, and the GEZEL co- (intellectual property) block and a hardware IP that operates a lightweight cryptographic PRINT cipher scheme in a finite state machine with datapath (FSMD) scheme.

Description

[0001] Lightweight cryptographic apparatus using PRINTcipher [

The present invention relates to a hardware design method for a lightweight cryptographic PRINT cipher, and more particularly, to a lightweight cryptographic apparatus for optimizing performance with hardware in order to efficiently perform encryption of lightweight cryptography using a PRINT cipher.

The cryptosystem is largely classified into a public key cryptosystem and a symmetric key cryptosystem using the same key for encryption / decryption. In low-power / light-weight environments such as RFID and USN, efficient encryption algorithms are required while ensuring safety. In this environment, a symmetric key lightweight cipher that performs encryption on a plaintext block basis is often used. And, lightweight cryptography operates with various operating modes to encrypt messages of various lengths rather than being used alone.

PRINTcipher-48/96 is a 48/96-bit block cipher with SPN structure and consists of 48/96 rounds and uses 80/160 bit secret key. So far, no PRINTcipher has been implemented in hardware.

The optimal design of the existing lightweight cryptosystem is mostly done by software, and most of the related researches are based on software. Although research on a small number of hardware design optimizations has been carried out, such a hardware optimal design has been primarily focused on optimization of hardware independent design of lightweight cryptosystems. The following prior art documents suggest a design methodology using hardware and software together.

Patrick R. Schaumont, "A Practical Introduction to Hardware / Software Codesign," Springer, Dec. 2012.

SUMMARY OF THE INVENTION The present invention has been made in view of the above problems, and it is an object of the present invention to solve the above problems in that there is no optimization technique that integrally design hardware and software in a conventional symmetric key encryption algorithm, PRINTcipher, latency, and race condition.

According to an aspect of the present invention, there is provided a lightweight encryption apparatus including: a hardware processor according to a block cipher; And a GEZEL co-processor communicatively coupled to the hardware processor, the GEZEL co-processor comprising: a GEZEL IP (intellectual property) block; And a hardware IP that operates a lightweight cryptographic PRINT cipher scheme in a finite state machine (FSMD) scheme using a data path.

In the lightweight encryption apparatus according to an exemplary embodiment, the hardware IP includes: a controller for defining and controlling each data path of the lightweight encryption PRINT cipher technique as a finite state machine; 'PRINTcipher_round_dp' data path that performs the encryption algorithm of the lightweight cryptographic PRINT cipher technique; And a plurality of SP-box data paths for performing permutation and S-box substitution.

In the lightweight encryption apparatus according to an exemplary embodiment, the controller sets the preprocessing portion of the permutation and the S-box substitution according to the PRINT cipher technique in advance as one table to reduce the amount of computation, ) Logic may be reconfigured to apply unfolding to reduce the number of cycles by increasing the number of times data is read and written per loop.

In the lightweight encryption apparatus according to an embodiment, the finite state machine may include a 'Check_start' state for confirming whether communication between the communication module and the software is connected, receiving a plain text and a key value from the communication module, An 'Init' state in which the input plain text and the key value are stored in the PRINTcipher_round_dp internal register, and when the initialized register is stored in the initial register, Key XOR is performed and stored; PRINTcipher performs a 2-round function, performs 3-bit SP-box datapath in which permutation and Sbox substitution process are set in advance as a table, performs Key XOR in the SP-box datapath, and executes SP-box datapath in PRINTcipher_round_dp A '2R-Round' state in which two rounds are performed in one cycle while receiving the output value of the '2R-Round' state; And a 'Finish' state in which a ciphertext is transmitted to the external communication module when the final round is performed, and a register indicating the start state of the PRINT cipher is initialized.

In the lightweight encryption apparatus according to an embodiment, the GEZEL co-processor separates and processes the encryption process and the data transmission / reception process of the PRINTcipher hardware core when messages are exchanged between the hardware and the software, A done signal that informs the user can immediately send and receive data without waiting time on arrival.

Embodiments of the present invention can be implemented by optimizing the lightweight cryptographic PRINT cipher to be compatible with the operation modes developed in a software development language such as C language or the like on an 8051 processor or another software operation platform, It is possible to efficiently implement PRINTcipher hardware IP that can be applied immediately without additional operation verification in integrated design. In addition, in order to minimize the delay time when data is transferred between software and hardware, The overall hardware performance can be improved.

1 is a diagram for explaining a total encryption process of the PRINT cipher algorithm.
FIGS. 2 and 3 are views for explaining an adaptive unfolding technique.
FIG. 4 is a diagram illustrating the entire flow of a PRINTcipher finite state machine (FSM) according to one embodiment of the present invention.
FIG. 5 is a diagram illustrating an overall structure of an integrated design using a HW / SW integrated design technique of a PRINT cipher according to an exemplary embodiment of the present invention. Referring to FIG.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. In the following description and the accompanying drawings, detailed description of well-known functions or constructions that may obscure the subject matter of the present invention will be omitted.

The hardware design of the PRINTcipher optimized according to the embodiments of the present invention is not only optimized for hardware use and design but also can be used in a case where the PRINTcipher is interlocked with the software and deadlock occurs and damages may occur in terms of latency The hardware optimal design was performed. In addition, the embodiments of the present invention are designed using the GEZEL hardware design language, and minimize the race condition that may occur when the hardware IP presented through the present invention is interlocked with software.

To solve this problem, we designed GEZEL using cycle - based design method and solved the above problems that may occur depending on the operating environment at the implementation stage. Also, it is designed to be implemented with minimum area due to the characteristics of lightweight cryptosystem, and lightweight cryptosystem is considered to operate in low power equipment.

In general, although the block cipher sets different operating modes according to the operating environment, it has focused on the problem that the optimization is focused on the hardware optimization without considering this aspect. Therefore, embodiments of the present invention can be applied to hardware / software integrated operation in which block ciphers including lightweight cryptosystems equipped with such an operation mode are operated so that the developed optimized hardware IP core can be operated without degradation in performance in connection with various operation modes Respectively.

PRINTcipher-48/96 is a 48/96-bit block cipher with SPN structure and consists of 48/96 rounds and uses 80/160 bit secret key. No PRINTcipher is implemented in hardware so far, and PRINTcipher-48 is designed as hardware in the embodiments of the present invention for the first time.

FIG. 1 shows an overall structure of a PRINTcipher-48 encryption algorithm, which includes a round-key XOR, a linear diffusion layer, and an RC XOR process.

1) Key XOR

)와 XOR를 수행한다.
PRINTcipher-48 uses the same key for all rounds, and the upper 48 bits of the key (

And XOR.

2) Linear diffusion layer

We mix each bit by the following diffusion function.

3) RC (round constant) XOR

라고 할 때, n-bit shift register는 다음과 같은 방식으로 갱신된다. The round constant is made to the XOR value of the rightmost bits of the current state. The state of the register

, The n-bit shift register is updated in the following manner.

는 도 3과 같이 Linear diffusion layer 상태의 마지막 6비트와 XOR과정을 수행한다.
The generated

As shown in FIG. 3, performs the XOR process with the last 6 bits of the linear diffusion layer state.

4) Three bit permutation & S-box substitution

)에 의해 결정된다. 3비트 단위의 입력을 16개 받아서 출력되는 값은 permutation과 substitution 과정을 거쳐서 출력되는 값은 다음과 같다. The permutation and substitution process of PRINTcipher-48 uses the lower 32 bits of the secret key (

). The values that are output after receiving 16 input of 3 bit unit are outputted through permutation and substitution process.

의 2비트가 11이고 permutation & S-box layer의 입력값이 4라면 그 출력값은 1이 된다. 위와 같은 방식으로 나머지 permutation & S-box를 처리한다.
E.g

2 is 11 and the input value of the permutation & S-box layer is 4, the output value is 1. The remaining permutation & S-box is processed in the same manner as above.

In the embodiments of the present invention described below, an efficient lightweight encryption PRINTcipher is designed to be suitable for hardware / software integrated design and operation so that the PRINT cipher can effectively operate with a module developed by a software such as C language in a CPU platform, and PRINTcipher In hardware optimization, finite state machine (FSM), which defines and controls datapaths as finite state machines, is optimized by applying optimization theory such as unfolding and retiming. In order to minimize the delay time in communication between software and hardware, communication protocol between software and hardware is optimized by PRINTcipher hardware. In particular, since there is no existing hardware design result for PRINTcipher, the present invention can provide a guideline for future hardware design of PRINTcipher.

The details of the hardware implementation of the PRINT cipher proposed in the embodiments of the present invention are as follows.

(One) PRINTcipher  Hardware Implementation Optimization

PRINTcipher implements the PR-cipher_round_dp data path, which performs the entire encryption algorithm, and the SP-box data path, which performs permutation and S-box substitution in 3-bit units, in a look-up table form. The data path was designed by dividing. Also. PRINT_round_dp We designed the FSM controller to control the data path with the FSM to perform encryption.

PRINTcipher's cryptographic design aims to reduce the execution cycle because the structure itself is simple. Therefore, the round function reduced the total cycle by applying an unfolding technique to perform 2 rounds per cycle. In addition, during encryption of PRINTcipher-48, permutation and S-box substitution are not processed separately, and the amount of computation is reduced by setting in advance as one table. Therefore, we designed Key XOR - Permutation - S - box Substitution, which is an existing structure of PRINTcipher, in Key XOR - SP - box structure. When rounding operation is performed, register is placed before SP - box, The key XOR of the process is assembled into one process. And the above process is configured to perform twice per cycle.

Unfolding is a way of loosening the program's loop logic and performing multiple operations at once. Because there is space consumption at this time, speed aspect and space efficiency should be considered.

Referring to FIG. 2, it takes 3 cycles to read the register a [i], 1 cycle to assign the calculated value to the register b [i], 2 cycles to write the assigned value to the register b [i] The total execution cycle is 6N. If this is changed to the structure of FIG. 3, the calculation is completed in a total of 8 cycles. Since the calculation is repeated N / 3 times, the total execution cycle can be reduced from 6N to 8 × N / 3.

Furthermore, SP-box data path input values are declared as 16-bit 3-bit registers and the Key XOR process is designed to be performed within the SP-box data path. Accordingly, the key XOR process is divided into three bits rather than the 48-bit Key XOR process, thereby achieving efficiency in terms of speed.

(2) PRINTcipher Of each finite state machine ( FSM ).

Figure 4 shows the FLOW of the entire finite state machine (FSM) of PRINTcipher.

2-1) Check_start state 410

Make sure that the communications module and software are connected in the same way as other ciphers. If not, the encryption will not start. If the connection is normally established and the plaintext and the key value are input from the communication module, the process proceeds to the next step, Init.

2-2) Init  In state 420,

After receiving the plaintext and key value from the external communication module, it stores it in PRINTcipher_round_dp internal register. In this implementation, since the round execution algorithm of PRINTcipher is configured not to perform the first round key XOR process, it carries out Key XOR beforehand when it is stored in the initial register.

2-3) 2R-Round state 430

Performs a two round function of PRINTcipher. Permutation - Designs a 3-bit SP-box datapath with the Sbox Substitution process set as a table in advance and performs Key XOR within the SP-box datapath.

In PRINTcipher_round_dp, the output value of the SP-box data path is input and the above process is executed twice per cycle, so that two rounds are performed in one cycle.

2-4) Finish state (450)

If it is performed until the final round, the ciphertext is transmitted to the external communication module. Then initialize the register to indicate the start state of PRINTcipher.

(3) PRINTcipher HW / SW integrated design of Between modules  Communication optimization

A PRINT cipher hardware IP (cipher block IP) developed through embodiments of the present invention, such as an ECC (Electronic Code Block), a Cipher Block Chaining (CBC), a Counter Counter (CTR), a Cipher FeedBack And improve the latency by improving the operation protocol on the hardware IP in order to communicate effectively with each other.

The method used in the present invention separately calculates a portion for transmitting and receiving a communication message between the encryption and the HW / SW, and when the completion signal (done) arrives, the message can be transmitted / received immediately without additional waiting time.

FIG. 5 is an overall structure diagram of the application of the PRINTcipher hardware IP in the HW / SW integrated design for the PRINTcipher algorithm.

The hardware processor 10 is in accordance with a block cipher operating system and can be implemented as an 8051 microprocessor. A symmetric key cipher that is encrypted in units of blocks can use an operating mode to secure input and output of various lengths. In FIG. 5, the operation mode of symmetric key cipher can be implemented in C language using an 8051 microprocessor.

The GEZEL co-processor 20 is connected to the hardware processor 10 in a port-mapped or memory-mapped manner and communicates with GEZEL IP (intellectual property) Block 21 and hardware IPs 23 and 24 that operate the lightweight cryptographic PRINTcipher scheme in a finite state machine with datapath (FSMD) scheme.

Since GEZEL supports the integrated design with ARM and 8051 microprocessors, it can transmit plain text and ciphertext by communicating with 8051 microprocessor by inserting only the IP blocks provided by GEZEL in code without any additional implementation and compilation.

In embodiments of the present invention, a core of a cryptographic algorithm implemented by GEZEL and an ECB (Electronic Code Block), CBC (Cipher Block Chaining), CTR (Counter), CFB (Cipher FeedBack), and OFB ) To build an integrated design of hardware / software.

The 8051 processor accepts user input and can select one of five operating modes: ECB, CBC, CTR, CFB, and OFB. It provides the flexibility to choose the operating mode and password for your platform and situation. In addition, since the master key is input from software rather than being stored in hardware, it has flexibility in terms of safety that it can be easily corrected and updated when a key is leaked later.

In terms of design, it is also possible to implement the key schedule part of each symmetric key cryptographic algorithm in the hardware and software integrated design, and to pre-calculate each round key value in advance and send the round key to hardware. Therefore, since the hardware does not need to process the key schedule calculation, the area reduction and the speed increase effect can be expected.

In the integrated design using GEZEL, the 8051 microprocessor communicates with the hardware I / O devices using memory mapped I / O and port mapped I / O. The memory map I / O method does not separate input / output and memory address space when communicating, and the port map input / output method separates input / output circuit and memory address space. If the I / O circuitry is slower than the memory, there is speed and space efficiency when these two spaces are separated. In the embodiments of the present invention, the efficiency of speed and space is improved by using a port map input / output method when connecting IP blocks.

To improve reliability when communicating between hardware and software, an improved handshake protocol (22) was used between the 8051 microprocessor and the hardware co-processor. Once the communication is established, a done signal indicating that the communication has been completed is sent to check whether data can be exchanged. In the embodiment of FIG. 5, the handshake protocol 22 is improved so that the encryption and message transmission / reception portions are designed in different modules. Hence, the hardware co-processor 20 is able to send and receive messages to and from the 8051 microprocessor 10 during encryption.

According to the embodiments of the present invention described above, the present invention can be applied to an efficient encryption operation by being mounted on an IoT product, a RFID / USN, a smart card, etc. in which a lightweight password can be used, Based electronic products, and it can be directly applied to various operation modes, so that it can be applied regardless of products and platforms.

The present invention has been described above with reference to various embodiments. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. Therefore, the disclosed embodiments should be considered in an illustrative rather than a restrictive sense. The scope of the present invention is defined by the appended claims rather than by the foregoing description, and all differences within the scope of equivalents thereof should be construed as being included in the present invention.

10: Hardware Handler
20: GEZEL co-processor
21: GEZEL IP block
22: Handshake Protocol
23: PRINTcipher finite state machine controller
24: PRINTcipher data pass

Claims (5)

A hardware processor according to a block cipher operation; And
And a GEZEL co-processor communicatively coupled to the hardware processor,
The GEZEL co-
GEZEL intellectual property (IP) block; And
A hardware IP for operating a lightweight cryptographic PRINT cipher scheme in a finite state machine with datapath (FSMD) scheme,
The GEZEL co-
When a message is transmitted between hardware and software, the encryption process and data transmission / reception process of the PRINTcipher hardware core are separated and processed. When a communication is established with each other, a completion signal (done signal) Wherein the light cryptographic apparatus further comprises: The method according to claim 1,
The hardware IP includes:
A controller for defining and controlling each data path of the lightweight cryptographic PRINT cipher technique as a finite state machine;
'PRINTcipher_round_dp' data path that performs the encryption algorithm of the lightweight cryptographic PRINT cipher technique; And
And a plurality of SP-box data paths for performing permutation and S-box substitution. 3. The method of claim 2,
The controller comprising:
The pre-processing part of permutation and S-box substitution according to PRINTcipher method is set in advance as one table,
Wherein a loop logic of a round operation to be repeatedly performed is reconfigured to increase the number of times of reading and writing data for each loop to apply unfolding to reduce a cycle. . The method according to claim 1,
The finite state machine includes:
'Check_start' status that confirms whether communication between communication module and software is connected, receives plain text and key value from communication module;
An 'Init' state in which the input plain text and the key value are stored in the PRINTcipher_round_dp internal register, and when the initialized register is stored in the initial register, Key XOR is performed and stored;
PRINTcipher performs a 2-round function, performs 3-bit SP-box datapath in which permutation and Sbox substitution process are set in advance as a table, performs Key XOR in the SP-box datapath, and executes SP-box datapath in PRINTcipher_round_dp A '2R-Round' state in which two rounds are performed in one cycle while receiving the output value of the '2R-Round'state; And
And a 'Finish' state in which a cipher text is transmitted to an external communication module when a final round is performed, and a register indicating a start state of the PRINT cipher is initialized. delete

Images