WO2007112672A1 - A device for implementing sms4 algorithm - Google Patents

A device for implementing sms4 algorithm Download PDF

Info

Publication number
WO2007112672A1
WO2007112672A1 PCT/CN2007/001017 CN2007001017W WO2007112672A1 WO 2007112672 A1 WO2007112672 A1 WO 2007112672A1 CN 2007001017 W CN2007001017 W CN 2007001017W WO 2007112672 A1 WO2007112672 A1 WO 2007112672A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
additional
constant array
encryption
decryption
Prior art date
Application number
PCT/CN2007/001017
Other languages
French (fr)
Chinese (zh)
Inventor
Jiayin Lu
Jun Cao
Xiang Yan
Zhenhai Huang
Original Assignee
China Iwncomm Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Iwncomm Co., Ltd. filed Critical China Iwncomm Co., Ltd.
Publication of WO2007112672A1 publication Critical patent/WO2007112672A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention relates to the field of information technology, and in particular, to an apparatus for implementing an SMS4 encryption and decryption algorithm. Background technique
  • the key components that implement the SMS4 encryption and decryption algorithm are the key extension component and the encryption and decryption component.
  • the key extension component and the internal structure and processing of the encryption and decryption component are basically the same.
  • the encryption and decryption component is mainly composed of three parts, namely, a data registration component, a constant array storage component, and a data conversion component.
  • the data register component uses a generic trigger for data registration.
  • the data registered by the part does not change in one clock cycle.
  • a general-purpose flip-flop is a data temporary storage device that inputs data at the data input to the output of the flip-flop at the upper or lower edge of the clock, while the data at the output of the flip-flop does not change at other times.
  • the constant array storage component is a storage component that stores a constant array.
  • the constant array in the prior art is generally a data array having a width of 32 bits and a depth of 32 which has been prepared before the encryption and decryption process.
  • the data of the constant array storage unit is arranged in the order of the address, and can be named as rk0, rkl, ... rk31 0.
  • the data conversion unit is a component that performs data processing according to the cryptographic algorithm. For example, data processing is performed in accordance with the requirements of the national SMS4 cryptographic algorithm, and the data conversion component performs only one synthetic permutation specified by the cryptographic algorithm.
  • the method of encrypting and decrypting data according to the SMS4 cryptographic algorithm is as follows:
  • the output of the data register unit outputs the data.
  • 128-bit external data is divided into four 32-bit data blocks, which can be named AO, Al, A2, and A3.
  • the data at the output is still 128 bits, and is divided into four 32-bit data blocks, which are respectively named a0, al, a2, and a3.
  • the data at the output of the data registration unit is input to the data conversion unit for data conversion processing.
  • the data a0, al, a2, a3 at the output of the data register component are condensed: converted to a conversion component 128bit data C0, Cl, C2, C3.
  • the data after the previous data conversion processing is again stored in the data registration unit, and then the data at the output of the data registration unit is again input to the data conversion unit, and the data conversion processing is performed again.
  • the data conversion processing For 128-bit external data, the data conversion processing must be cyclically processed 30 times, that is, the data conversion processing must be performed 32 times in total to obtain the final data processing result.
  • a constant array having a width of 32 bits and a depth of 32 is prepared by the encryption and decryption processing, and an operation of synthesizing the replacement specified by only one cipher algorithm by the data conversion unit is performed, so that the number of cycles of the data conversion processing is large. For example, to encrypt 128-bit data, at least 32 data conversion processing cycles must be run to get the final data processing result.
  • the efficiency of encryption and decryption is the amount of data encrypted and decrypted per unit time. For example, encrypting 128-bit data requires data conversion processing 32 times, which requires 32 clock cycles. Since the clock frequency in the actual application is relatively low, the amount of data encrypted per unit time is small and the efficiency is low. If the encryption and decryption efficiency is specified, the clock frequency needs to be increased, and the clock frequency in practical applications is often difficult to increase, so the actual encryption and decryption efficiency is still low. If the clock frequency is to be increased, the design and implementation of the existing integrated circuit will be difficult; the signal integrity is not good; and the design cost is high.
  • the integrated circuit designed in the prior art which is applied to the system, also causes an increase in the cost of the printed circuit board (PCB); difficulty in PCB design, difficulty in product implementation; and large interference in the system, which may affect Normal and efficient operation of other devices and devices.
  • PCB printed circuit board
  • the invention provides a device for realizing the SMS4 encryption and decryption algorithm, which can reduce the number of cycles of data conversion processing and improve the encryption and decryption efficiency.
  • a device for implementing an SMS4 encryption and decryption algorithm comprising:
  • a cyclic encryption/decryption data processing device comprising a data registering component, a data conversion component group and a constant array storage component;
  • the data registering component is configured to register external data and a result of a previous data conversion process;
  • the data conversion component group is composed of at least two data conversion components sequentially connected in series, the data The input part of the conversion component is connected to the output end of the data registration component, and the output end of the data conversion component is connected to the input end of the data registration component;
  • the constant array storage unit is configured to store constant array data used for encryption and decryption processing, and an output end thereof is respectively connected to an input end of each of the data conversion unit groups.
  • the constant array data satisfies the following conditions:
  • the number of data conversion sections of the data conversion component group in the cyclic encryption/decryption data processing apparatus is a divisor of 32.
  • the method further includes: a first additional encryption and decryption data processing device, coupled to the input end of the cyclic encryption/decryption data processing device, for supplementing processing data conversion processing that is not completed by the cyclic encryption/decryption data processing device;
  • the first additional encryption and decryption data processing device includes:
  • a first additional data registration component for registering external data
  • the first additional data conversion component group is composed of a data conversion component or two or more serially connected data conversion components, and the first additional data conversion component group input terminal is connected to the output end of the first additional data registration component The output end of the first additional data conversion component group is connected to the input end of the cyclic encryption/decryption data processing device;
  • the first additional constant array storage unit is configured to store constant array data for use in the encryption and decryption process, and an output end thereof is respectively connected to an input end of each of the data conversion units in the first additional data conversion unit group.
  • the constant array data stored by the constant array storage unit satisfies the following conditions:
  • the width of the constant array data in the first additional constant array storage unit is the number of data conversion units in the first additional data conversion unit group multiplied by 32, and the depth of the constant array data in the first additional constant array storage unit is 1.
  • the method further includes: a second additional encryption and decryption data processing device, coupled to the output end of the cyclic encryption/decryption data processing device, for supplementing processing, the data processing of the cyclic encryption/decryption data processing device is not completed;
  • the second additional encryption and decryption data processing device includes:
  • a second additional data registering component for registering a result of said cyclic encryption/decryption data processing process;
  • a second additional data conversion component group consisting of a data conversion component or two or more data conversion components sequentially connected in series
  • the second additional data conversion component group input terminal is connected to the second additional data registration component output end, and the second additional data conversion component group output terminal is connected to the second additional data registration component input terminal;
  • a second additional constant array storage unit for storing constant array data for use in the encryption and decryption processing, the output ends of which are respectively connected to the input ends of the respective data conversion units in the second additional data conversion unit group.
  • the constant array data stored by the constant array storage unit satisfies the following conditions:
  • the width of the constant array data in the second additional constant array storage unit is the number of data conversion components in the second additional data conversion component group multiplied by 32,
  • the depth of the constant array data in the second additional constant array storage unit is one.
  • the method further includes: a second additional encryption and decryption data processing device, coupled to the output end of the cyclic encryption/decryption data processing device, for supplementing processing, the data processing of the cyclic encryption/decryption data processing device is not completed;
  • the second additional encryption and decryption data processing device includes:
  • a second additional data registering component for registering a result of the cyclic encryption/decryption data processing process;
  • the second additional data conversion component group being constituted by a data conversion component or by two or more data conversion components sequentially connected in series, The second additional data conversion component group input is terminated to the second additional data a register component output end, the second additional data conversion component group output end is connected to the second additional data register component input end;
  • a second additional constant array storage unit for storing constant array data for use in the encryption and decryption processing, the output ends of which are respectively connected to the input ends of the respective data conversion units in the second additional data conversion unit group.
  • the constant array data stored by the first additional constant array storage unit and the second additional constant array storage unit satisfies the following conditions:
  • the first additional constant array storage unit stores result data obtained by key expansion processing
  • the second additional constant array storage unit stores result data obtained by key expansion processing
  • a fifth product of a constant array data width and a depth of the constant array storage unit in the cyclic encryption/decryption data processing device, and a constant array data width and depth of the first additional constant array storage unit in the first additional encryption/decryption data processing device a sixth product, a seventh additional product of a constant array data width and a depth of the second additional constant array storage unit in the second additional encryption/decryption data processing device, wherein the sum of the fifth product, the sixth product, and the seventh product is 1024
  • the width of the constant array data in the first additional constant array storage unit is the number of data conversion units in the first additional data conversion unit group multiplied by 32
  • the depth of the constant array data in the first additional constant array storage unit a width of the constant array data in the second additional constant array storage unit is the number of data conversion components in the second additional data conversion component group multiplied by 32, and the second additional constant array storage component constant array data
  • the depth is 1.
  • the data registering component is a data temporary storage device that transmits input data to the output terminal at the time of the upper edge or the lower edge of the clock, and the data of the output terminal does not change at other times; the data conversion component group and the first additional data
  • the data conversion unit in the conversion component group and the second additional data conversion component group is a data processing device that performs data processing in accordance with a cryptographic algorithm and performs synthesis replacement as defined by only one cryptographic algorithm in the operation.
  • the device for realizing the SMS4 encryption and decryption algorithm of the present invention can reduce the number of cycles of data conversion processing by arranging the constant array and setting the corresponding data conversion component. Since the amount of data encrypted and decrypted per unit time is greatly increased, the efficiency of encryption and decryption is improved. For example, encrypting 128-bit data, With four data conversion components, the final data processing result can be output by running only 8 clock cycles. Therefore, in the case of the same clock frequency, the encryption efficiency can be increased by 4 times.
  • the device for realizing the SMS4 encryption and decryption algorithm of the present invention in the case that the required encryption and decryption efficiency is satisfied, since the clock frequency is only the original 1/n, the clock frequency only needs the original l/n. For example, to encrypt 128-bit data, if four data conversion components are used, the clock frequency is only 1/4 of the original.
  • the design and implementation of the integrated circuit implementing the inventive scheme are relatively easy; the signal integrity is greatly optimized; and the design cost is reduced.
  • the clock frequency is only 1/n, and the clock frequency only needs the original l/n, when the required encryption and decryption efficiency is satisfied.
  • PCB cost is reduced with the same processing efficiency; PCB design and product are easy to implement; interference in the system is reduced, and the impact on the normal and efficient operation of other devices and devices is greatly reduced.
  • FIG. 1 is a schematic structural diagram of cyclic encryption and decryption data processing according to an embodiment of the present invention
  • FIG. 2 is a schematic structural diagram of data processing of cyclic encryption and decryption according to Embodiment 2 of the present invention
  • FIG. 3 is a schematic structural diagram of the process of adding additional encryption and decryption data before the data processing of the cyclic encryption/decryption according to the embodiment of the present invention
  • FIG. 4 is a schematic structural diagram of processing of adding and decrypting data after cyclic data processing in accordance with an embodiment of the present invention
  • FIG. 5 is a schematic structural diagram of the process of adding additional encryption and decryption data before and after the cyclic data is processed and decrypted according to the fifth embodiment of the present invention.
  • FIG. 1 a schematic structural diagram of cyclic encryption and decryption data processing according to an embodiment of the present invention is shown. As shown in FIG. 1, it mainly includes: a data registering component 1, a constant array storage component 3, and a data conversion component group 2; wherein:
  • the data register unit 1 is used to register external data and the result of the last data conversion process, and a general-purpose flip-flop such as a D flip-flop, a JK flip-flop, or the like can be used.
  • This type of general-purpose flip-flop is a data temporary storage device that transfers data at the data input end to the output of the flip-flop at the upper or lower edge of the clock, and the data at the output of the flip-flop does not change at other times. During the same data conversion processing cycle, the data registered by the data registration unit 1 is unchanged.
  • the data conversion component group 2 is a component that performs data processing in accordance with a cryptographic algorithm. For example, data processing is performed in accordance with the national SMS4 cryptographic algorithm, and the data conversion component group 2 performs only one synthetic interrupt per stipulated by the cryptographic algorithm.
  • the constant array storage unit 3 is for storing constant array data.
  • the constant array used in the present invention is the result data obtained by the key expansion process, arranged in order of address level, and the width and depth corresponding to the constant array are arranged according to the number of data conversion components in the data conversion component group 2, and the width and the depth are The product is 1024.
  • the constant array has a width of 128 bits and a depth of 8.
  • the constant array has a width of 256 bits and a depth of four.
  • the number of data conversion units in the data conversion unit group 2 of the present invention is a divisor of 32, it is preferable to use a structure in which only cyclic encryption/decryption data is processed.
  • the input end of the data registering component 1 is connected to the input terminal of the external data
  • the output terminal of the data registering component 1 is connected to the data conversion component group 2, and the output of the constant array storage section 3
  • the terminals are respectively connected to the respective data conversion sections of the data conversion component group 2, that is, the input ends of the first data conversion component 200, the second data conversion component 201, the third data conversion component 202, and the fourth data conversion component 203.
  • the respective data conversion sections 200 - 203 are sequentially connected in series, and the output thereof is input to the input terminal of the data registration section 1.
  • the data conversion unit group 2 is composed of at least two data conversion units which are sequentially connected in series.
  • the data conversion unit group 2 takes four data conversion units 200 - 203 as an example, and has a constant array width of 128 bits and a depth of 8, and performs encryption and decryption processing by means of cyclic encryption and decryption data processing.
  • the process is as follows:
  • the constant array is stored in the constant array storage unit 3. If there are four data conversion processing units in the data conversion processing, the constant array has a width of 128 bits and a depth of 8.
  • the 128-bit constant array data is divided into 8 lines corresponding to the depth 8, and each line is named rkO, rkl 5 ... rk7; the constant array data of 128 bits per line is divided into four 32-bit data.
  • rkO is divided into rk0a, rk0b, rk0c, rkOd; rkl is divided into rkla, rklb, rklc, rkld.
  • the external data is 128-bit data, which is divided into four 32-bit data, named A0, Al, A2, and A3.
  • A0, Al, A2, and A3 On the upper or lower edge of the clock, the data at the input of the data register unit 1 is transferred to the output of the data register unit 1, and the data register unit 1 outputs 128 bits, which are divided into four pieces of 32-bit data, which are named a0, al, a2, respectively. , a3.
  • the data corresponding to the first row of the constant array stored in the constant array storage unit 3 is respectively output to all of the data conversion sections 200 - 203.
  • the data of the output of the data registration unit 1 is input to the first data conversion unit 200 for data conversion processing; the data output by the first data conversion unit 200 is input to the next data conversion unit, that is, the second data conversion unit 201.
  • Data conversion processing in this manner, until all the data conversion sections, that is, the data conversion sections 200-203, sequentially perform the data conversion processing. details as follows:
  • the data a0, a1, a2, a3 at the output of the data register unit 1 and the data rkOa output from the constant array storage unit 3 are input to the first data conversion unit 200, and the converted data is still 128 bits, and are named B0, Bl, B2, respectively. , B3;
  • the data B0, Bl, B2, B3 output by the first data conversion unit 200 and the data rkOb outputted by the constant array storage unit 3 are input to the second data conversion unit 201, and the converted data is still 128 bits, respectively named C0, Cl. , C2, C3;
  • the data C0, Cl, C2, C3 outputted by the second data conversion unit 201 and the data rkOc outputted by the constant array storage unit 3 are input to the third data conversion unit 202, and the converted data is still 128 bits, respectively named D0, Dl. , D2, D3;
  • the data D0, D1, D2, D3 output by the third data conversion unit 202 and the data rkOd output from the constant array storage unit 3 are input to the fourth data conversion unit 203, and the converted data is still 128 bits, respectively named E0, El. , E2, E3; E0, El, E2, and E3 are the result data of the first data conversion process.
  • the data E0, El, E2, E3 of the previous data conversion processing are stored in the data registration unit 1; the output data e0, el, e2, e3 of the data registration unit 1 are sequentially input to the data conversion unit.
  • 200 - 203 The data rkla, rklb, rklc, rkld corresponding to the next row of the constant array stored in the constant array storage unit 3 are input to the data conversion sections 200 - 203, respectively.
  • the cyclic encryption/decryption data processing When two data conversion units are used, the cyclic encryption/decryption data processing performs a total of 16 clock cycles to complete the encryption and decryption processing. When eight data conversion components are used, the cyclic encryption/decryption data processing performs a total of four clock cycles to complete the encryption and decryption process. When sixteen data conversion units are used, the cyclic encryption/decryption data processing performs a total of two clock cycles to complete the encryption and decryption processing.
  • the additional encryption/decryption data processing is used to supplement the completion of the cyclic encryption/decryption data processing 4, and the data conversion processing is not completed, especially when the number of data conversion components in the data conversion component group 2 is not a divisor of 32, the data can be encrypted and decrypted by cyclic
  • the process 4 performs data conversion processing together with the additional encryption and decryption data processing.
  • the input end of the cyclic encryption/decryption data processing device 4 is connected to the first additional encryption/decryption data processing device 501 for supplementing the data conversion processing that is not completed by the cyclic encryption/decryption data processing device 4.
  • the first additional encryption/decryption data processing device 501 is mainly composed of a first additional data registration unit 101 for registering external data, and the input terminal is connected to the output end of the first additional data registration unit 101, and the output terminal is connected to the cyclic encryption/decryption data processing device 4.
  • the first additional data conversion component group 21 at the input end and the output terminal are connected to the first additional constant array storage component 301 at the input end of the first additional data conversion component group 21.
  • the first additional data conversion component group 21 can be constructed by one, two or more data conversion components which are sequentially connected in series.
  • the outputs of the first additional constant array storage unit 301 are respectively coupled to the input terminals of each of the data conversion units 210, 211, ... in the additional data conversion unit group 21.
  • the constant array stored by the first additional constant array storage unit 301 is a data array that satisfies the following conditions:
  • the process of data processing by the first additional encryption/decryption data processing device 501 is as follows:
  • the data corresponding to the constant array stored in the first additional constant array storage unit 301 is respectively input to all the data conversion units 210, 211 and the like in the first additional encryption/decryption data processing device 501.
  • the data of the output of the data registration unit 1 is input to the first additional data conversion unit 210 for data conversion processing; the data output by the first additional data conversion unit 210 is input to the next data conversion unit, that is, The second additional data conversion unit 211 performs data conversion processing; in this manner, until all the additional data conversion units in the first additional data conversion unit group 21 in the first additional encryption/decryption data processing unit 501 sequentially complete the data conversion processing.
  • the processing result of the first additional encryption/decryption data processing means 501 is used as external data in the cyclic encryption/decryption data processing for completing the cyclic encryption/decryption data processing.
  • a second additional encryption/decryption data processing means 502 is provided at the output of the cyclic encryption/decryption data processing 4 for supplementing the data conversion processing which is not completed by the processing cyclic encryption/decryption data processing apparatus 4.
  • the second additional encryption/decryption data processing means 502 is mainly composed of a second additional data registration means 102 for registering the result of the cyclic encryption/decryption data processing 4, and a second additional data conversion means which is connected to the output of the second additional data registration means 102.
  • the group 22 is configured to be coupled to a second additional constant array storage component 302 at the input of the second additional data conversion component group 22.
  • the second additional data conversion component group 22 may be constituted by one data conversion component or by two or more data conversion components sequentially connected in series.
  • the output of the second additional constant array storage unit 302 and the second additional data conversion unit The inputs of each of the data conversion sections 220, 221, ... in the set 22 are coupled.
  • the constant array stored by the second additional constant array storage unit 302 is a data array that satisfies the following conditions:
  • the process of data processing by the second additional encryption/decryption data processing means 502 is similar to that of the first additional encrypted data processing means 501, which performs conversion processing on the data processed by the cyclic encryption/decryption data processing means 4.
  • the data processing result of the second additional encryption/decryption data processing means 502 is the final encryption/decryption data processing result.
  • the data conversion processing means in the first additional encryption/decryption data processing means 501 or the second additional encryption/decryption data processing means 502 may be one, two or more.
  • the additional encryption/decryption data processing means may be added before or after the cyclic encryption/decryption data processing means 4, or may be added before and after the cyclic encryption/decryption data processing means 4, see Fig. 5.
  • the constant array stored by the first additional constant array storage unit 301 and the second additional constant array storage unit 302 in the structure is a data array that satisfies the following conditions:
  • the first additional constant array storage unit 301 stores result data obtained by key expansion processing
  • the second additional constant array storage unit 302 stores result data obtained by key expansion processing
  • the device for realizing the SMS4 encryption and decryption algorithm of the present invention can reduce the number of cycles of data conversion processing by arranging the constant array and setting the corresponding data conversion unit. Since the amount of data added and decrypted per unit time is greatly increased, the efficiency of encryption and decryption is improved. For example, to encrypt 128-bit data, if four data conversion components are used, it is only necessary to cycle through 8 clock cycles to output the final data processing result. Therefore, when the clock frequency is the same, the encryption efficiency can be increased by 4 times.
  • the device for realizing the SMS4 encryption and decryption algorithm of the present invention in the case of satisfying the required encryption and decryption efficiency, requires only the original l/n because the clock frequency is only 1/n of the original. For example, to encrypt 128-bit data, if four data conversion components are used, the clock frequency is only 1/4 of the original.
  • the design and implementation of the integrated circuit implementing the inventive scheme are relatively easy; the signal integrity is greatly optimized; and the design cost is reduced.
  • the clock frequency is only 1/n, and the clock frequency only needs the original l/n, when the required encryption and decryption efficiency is satisfied.
  • PCB cost is reduced with the same processing efficiency; PCB design and product are easy to implement; interference in the system is reduced, and the impact on the normal and efficient operation of other devices and devices is greatly reduced.

Abstract

A device for implementing SMS4 algorithm includes a device for encrypting/decrypting data circularly, which includes data register, a set of data conversing components, and constant array memory. The data register stores external data and result of the last data conversing.The set of data conversing components includes at least two components in series. The input of data conversing component connects to the output of the data register, and the output of data conversing component connects to the input of data register. The constant array memory stores the constant data array utilized in encrypting and decrypting. The output of the constant array memory connects to the input of each component of the set of data conversing components. The present invention solves problems such as cycling too many times and low efficiency in the prior art. The integrated circuit of present invention can make the integrity of chip signal much better, easier to manufacture the products, and lower producing cost. Interference in the system can also be dropped greatly.

Description

一种实现 SMS4加解密算法的设备  A device for realizing SMS4 encryption and decryption algorithm
本申请要求于 2006 年 3 月 31 日提交中国专利局、 申请号为 200610042608.6, 发明名称为"一种实现 SMS4加解密算法的设备"的中国专利 申请的优先权, 其全部内容通过引用结合在本申请中。  This application claims priority to Chinese Patent Application No. 200610042608.6, entitled "A device for implementing SMS4 encryption and decryption algorithm", filed on March 31, 2006, the entire contents of which are incorporated herein by reference. In the application.
技术领域 Technical field
本发明涉及信息技术领域, 尤其涉及一种实现 SMS4加解密算法的设备。 背景技术  The present invention relates to the field of information technology, and in particular, to an apparatus for implementing an SMS4 encryption and decryption algorithm. Background technique
实现 SMS4加解密算法的关键部件是密钥扩展部件和加解密部件。密钥扩 展部件与加解密部件的内部结构及处理过程基本相同。其中,加解密部件主要 由三部分构成, 即数据寄存部件、 常数阵列存储部件、 及数据转换部件。  The key components that implement the SMS4 encryption and decryption algorithm are the key extension component and the encryption and decryption component. The key extension component and the internal structure and processing of the encryption and decryption component are basically the same. Among them, the encryption and decryption component is mainly composed of three parts, namely, a data registration component, a constant array storage component, and a data conversion component.
数据寄存部件采用通用触发器, 用于数据的寄存。 在一个时钟周期内, 该 部件所寄存的数据是不改变的。通用触发器是在时钟上沿或下沿把数据输入端 的数据输至触发器输出端,而在其他时刻触发器输出端的数据不发生变化的数 据暂存器件。  The data register component uses a generic trigger for data registration. The data registered by the part does not change in one clock cycle. A general-purpose flip-flop is a data temporary storage device that inputs data at the data input to the output of the flip-flop at the upper or lower edge of the clock, while the data at the output of the flip-flop does not change at other times.
常数阵列存储部件是存储常数阵列的存储部件。现有技术中的常数阵列一 般是加解密处理之前已经准备好的宽度为 32 bit、深度为 32的数据阵列。常数 阵列存储部件的数据按照地址的高低顺序排列, 可命名为 rk0, rkl,...rk310 数据转换部件是按照密码算法要求进行数据处理的部件。例如,按照国家 的 SMS4密码算法要求进行数据处理,数据转换部件完成的操作中只有一次密 码算法所规定的合成置换。 The constant array storage component is a storage component that stores a constant array. The constant array in the prior art is generally a data array having a width of 32 bits and a depth of 32 which has been prepared before the encryption and decryption process. The data of the constant array storage unit is arranged in the order of the address, and can be named as rk0, rkl, ... rk31 0. The data conversion unit is a component that performs data processing according to the cryptographic algorithm. For example, data processing is performed in accordance with the requirements of the national SMS4 cryptographic algorithm, and the data conversion component performs only one synthetic permutation specified by the cryptographic algorithm.
目前, 按照 SMS4密码算法要求进行加解密数据处理的方法如下:  At present, the method of encrypting and decrypting data according to the SMS4 cryptographic algorithm is as follows:
1 )将外部数据输入数据寄存部件;  1) input external data into the data registration component;
外部数据输入到数据寄存部件后,数据寄存部件的输出端输出数据。例如, 128bit的外部数据, 分为 4个 32bit的数据块, 可分别命名为 AO、 Al、 A2、 A3。 经数据寄存部件后输出端的数据仍为 128bit, 分为 4个 32bit的数据块, 分别相应地命名为 a0、 al、 a2、 a3。  After the external data is input to the data register unit, the output of the data register unit outputs the data. For example, 128-bit external data is divided into four 32-bit data blocks, which can be named AO, Al, A2, and A3. After the data registration component, the data at the output is still 128 bits, and is divided into four 32-bit data blocks, which are respectively named a0, al, a2, and a3.
2 )进行数据转换处理;  2) performing data conversion processing;
将数据寄存部件的输出端的数据输入至数据转换部件进行数据转换处理。 例如, 数据寄存部件的输出端的数据 a0、 al、 a2、 a3经凝:据转换部件转换为 128bit的数据 C0、 Cl、 C2、 C3。 The data at the output of the data registration unit is input to the data conversion unit for data conversion processing. For example, the data a0, al, a2, a3 at the output of the data register component are condensed: converted to a conversion component 128bit data C0, Cl, C2, C3.
3 )进行再次数据转换处理;  3) performing data conversion processing again;
将前次数据转换处理后的数据再次存储至数据寄存部件,然后将数据寄存 部件输出端的数据再次输入数据转换部件, 进行再次数据转换处理。  The data after the previous data conversion processing is again stored in the data registration unit, and then the data at the output of the data registration unit is again input to the data conversion unit, and the data conversion processing is performed again.
4 )重复再次数据转换处理, 得到最终的数据处理结果。  4) Repeat the data conversion process again to obtain the final data processing result.
对 128bit的外部数据, 再次数据转换处理须循环处理 30次, 即数据转换 处理总共要进行 32次, 才能得到最终的数据处理结果。  For 128-bit external data, the data conversion processing must be cyclically processed 30 times, that is, the data conversion processing must be performed 32 times in total to obtain the final data processing result.
上述现有技术通过加解密处理之前准备宽度为 32bit、深度为 32的常数阵 列, 以及通过数据转换部件完成只有一次密码算法所规定的合成置换的操作, 从而使得数据转换处理的循环次数较多。 例如, 加密 128bit数据, 至少需运行 32个数据转换处理周期才能得到最终数据处理结果。  In the above prior art, a constant array having a width of 32 bits and a depth of 32 is prepared by the encryption and decryption processing, and an operation of synthesizing the replacement specified by only one cipher algorithm by the data conversion unit is performed, so that the number of cycles of the data conversion processing is large. For example, to encrypt 128-bit data, at least 32 data conversion processing cycles must be run to get the final data processing result.
此外,上述现有技术加解密效率较低。加解密效率即单位时间内加解密的 数据数量。 例如, 加密 128bit数据需要进行数据转换处理 32次, 即需要 32 个时钟周期。 由于目前实际应用中的时钟频率一 都较^ ί氐,使得单位时间内加 密的数据数量少, 效率低。 如果指定加解密效率, 则需提高时钟频率, 而实际 应用中的时钟频率往往很难提高,所以实际加解密效率仍然较低。如果要提高 时钟频率, 还会导致现有集成电路的设计、 实施困难; 信号完整性不好; 设计 成本较高。 此外, 现有技术设计的集成电路, 应用于系统中, 也会导致印制电 路板(PCB, Printed circuit board )成本增加; PCB设计困难, 产品实施困难; 以及系统中的干扰很大, 会影响其他设备、 器件的正常、 高效工作。  In addition, the above prior art encryption and decryption efficiency is low. The efficiency of encryption and decryption is the amount of data encrypted and decrypted per unit time. For example, encrypting 128-bit data requires data conversion processing 32 times, which requires 32 clock cycles. Since the clock frequency in the actual application is relatively low, the amount of data encrypted per unit time is small and the efficiency is low. If the encryption and decryption efficiency is specified, the clock frequency needs to be increased, and the clock frequency in practical applications is often difficult to increase, so the actual encryption and decryption efficiency is still low. If the clock frequency is to be increased, the design and implementation of the existing integrated circuit will be difficult; the signal integrity is not good; and the design cost is high. In addition, the integrated circuit designed in the prior art, which is applied to the system, also causes an increase in the cost of the printed circuit board (PCB); difficulty in PCB design, difficulty in product implementation; and large interference in the system, which may affect Normal and efficient operation of other devices and devices.
发明内容 Summary of the invention
本发明提供一种实现 SMS4加解密算法的设备,能够减少数据转换处理的 循环次数, 提高加解密效率。  The invention provides a device for realizing the SMS4 encryption and decryption algorithm, which can reduce the number of cycles of data conversion processing and improve the encryption and decryption efficiency.
本发明的技术解决方案是:  The technical solution of the present invention is:
一种实现 SMS4加解密算法的设备, 包括:  A device for implementing an SMS4 encryption and decryption algorithm, comprising:
由数据寄存部件、数据转换部件组和常数阵列存储部件构成的循环加解密 数据处理装置;  a cyclic encryption/decryption data processing device comprising a data registering component, a data conversion component group and a constant array storage component;
所述的数据寄存部件, 用于寄存外部数据及上一次数据转换处理的结果; 所述的数据转换部件组由依次串接的至少二个数据转换部件构成,该数据 转换部件输入端接于数据寄存部件输出端、该数据转换部件输出端接入数据寄 存部件的输入端; The data registering component is configured to register external data and a result of a previous data conversion process; the data conversion component group is composed of at least two data conversion components sequentially connected in series, the data The input part of the conversion component is connected to the output end of the data registration component, and the output end of the data conversion component is connected to the input end of the data registration component;
所述的常数阵列存储部件, 用于存储加解密处理所用的常数阵列数据, 其 输出端分别与所述数据转换部件组中每个数据转换部件的输入端相接。  The constant array storage unit is configured to store constant array data used for encryption and decryption processing, and an output end thereof is respectively connected to an input end of each of the data conversion unit groups.
所述的常数阵列数据满足下列条件:  The constant array data satisfies the following conditions:
1 ) 密钥扩展处理所得到的结果数据;  1) result data obtained by key expansion processing;
2 )按照地址高低顺序排列;  2) Arrange in order of address;
3 )按照数据转换部件组中数据转换部件的个数安排数阵列对应的宽度和 深度;  3) arranging the width and depth corresponding to the array according to the number of data conversion components in the data conversion component group;
4)宽度与深度的乘积为 1024。  4) The product of width and depth is 1024.
所述循环加解密数据处理装置中的数据转换部件组的数据转换部件的个 数是 32的约数。  The number of data conversion sections of the data conversion component group in the cyclic encryption/decryption data processing apparatus is a divisor of 32.
其中, 还包括: 第一附加加解密数据处理装置, 其与所述的循环加解密数 据处理装置的输入端相接,用于补充处理所述循环加解密数据处理装置未完成 的数据转换处理; 所述的第一附加加解密数据处理装置包括:  The method further includes: a first additional encryption and decryption data processing device, coupled to the input end of the cyclic encryption/decryption data processing device, for supplementing processing data conversion processing that is not completed by the cyclic encryption/decryption data processing device; The first additional encryption and decryption data processing device includes:
第一附加数据寄存部件, 用于寄存外部数据;  a first additional data registration component for registering external data;
第一附加数据转换部件组, 由一个数据转换部件、或由二个或多个依次串 接的数据转换部件构成,该第一附加数据转换部件组输入端接于第一附加数据 寄存部件输出端、该第一附加数据转换部件组输出端接入循环加解密数据处理 装置输入端;  The first additional data conversion component group is composed of a data conversion component or two or more serially connected data conversion components, and the first additional data conversion component group input terminal is connected to the output end of the first additional data registration component The output end of the first additional data conversion component group is connected to the input end of the cyclic encryption/decryption data processing device;
第一附加常数阵列存储部件, 用于存储加解密处理所用的常数阵列数据, 其输出端分别与所述第一附加数据转换部件组中的各数据转换部件的输入端 相接。  The first additional constant array storage unit is configured to store constant array data for use in the encryption and decryption process, and an output end thereof is respectively connected to an input end of each of the data conversion units in the first additional data conversion unit group.
所述常数阵列存储部件所存储的常数阵列数据满足下列条件:  The constant array data stored by the constant array storage unit satisfies the following conditions:
1 ) 密钥扩展处理所得到的结果数据;  1) result data obtained by key expansion processing;
2 )按照地址高低顺序排列;  2) Arrange in order of address;
3 )循环加解密数据处理装置中常数阵列存储部件的常数阵列数据宽度与 深度的第一乘积,第一附加加解密数据处理装置中第一附加常数阵列存储部件 的常数阵列数据宽度与深度的第二乘积, 该第一乘积与第二乘积之和为 1024; 所述第一附加常数阵列存储部件中常数阵列数据的宽度为第一附加数据转换 部件组中数据转换部件的个数乘以 32, 所述第一附加常数阵列存储部件中常 数阵列数据的深度为 1。 3) a first product of a constant array data width and a depth of the constant array storage unit in the cyclic encryption/decryption data processing device, and a constant array data width and depth of the first additional constant array storage unit in the first additional encryption/decryption data processing device a product of the second product, the sum of the first product and the second product is 1024; The width of the constant array data in the first additional constant array storage unit is the number of data conversion units in the first additional data conversion unit group multiplied by 32, and the depth of the constant array data in the first additional constant array storage unit is 1.
其中, 还包括: 第二附加加解密数据处理装置, 其与所述的循环加解密数 据处理装置的输出端相接,用于补充处理所述循环加解密数据处理装置未完成 数据转换处理; 所述的第二附加加解密数据处理装置包括:  The method further includes: a second additional encryption and decryption data processing device, coupled to the output end of the cyclic encryption/decryption data processing device, for supplementing processing, the data processing of the cyclic encryption/decryption data processing device is not completed; The second additional encryption and decryption data processing device includes:
第二附加数据寄存部件, 用于寄存所述循环加解密数据处理处理的结果; 第二附加数据转换部件组, 由一个数据转换部件、或由二个或多个依次串 接的数据转换部件构成,该第二附加数据转换部件组输入端接于第二附加数据 寄存部件输出端、该第二附加数据转换部件组输出端接入第二附加数据寄存部 件输入端;  a second additional data registering component for registering a result of said cyclic encryption/decryption data processing process; a second additional data conversion component group consisting of a data conversion component or two or more data conversion components sequentially connected in series The second additional data conversion component group input terminal is connected to the second additional data registration component output end, and the second additional data conversion component group output terminal is connected to the second additional data registration component input terminal;
第二附加常数阵列存储部件, 用于存储加解密处理所用的常数阵列数据, 其输出端分别与所述第二附加数据转换部件组中的各数据转换部件的输入端 相接。  And a second additional constant array storage unit for storing constant array data for use in the encryption and decryption processing, the output ends of which are respectively connected to the input ends of the respective data conversion units in the second additional data conversion unit group.
所述常数阵列存储部件所存储的常数阵列数据满足下列条件:  The constant array data stored by the constant array storage unit satisfies the following conditions:
1 )循环加解密数据处理装置所用到的常数阵列数据;  1) cyclically encrypting and decrypting the constant array data used by the data processing device;
2 )按照地址高低顺序排列;  2) Arrange in order of address;
3 )循环加解密数据处理装置中常数阵列存储部件的常数阵列数据宽度与 深度的第三乘积,第二附加加解密数据处理装置中第二附加常数阵列存储部件 的常数阵列数据宽度与深度的第四乘积, 该第三乘积与第四乘积之和为 1024; 所述第二附加常数阵列存储部件中常数阵列数据的宽度为第二附加数据转换 部件组中数据转换部件的个数乘以 32, 所述第二附加常数阵列存储部件中常 数阵列数据的深度为 1。  3) a third product of a constant array data width and a depth of the constant array storage unit in the cyclic encryption/decryption data processing device, and a constant array data width and depth of the second additional constant array storage unit in the second additional encryption/decryption data processing device a quad product, the sum of the third product and the fourth product is 1024; the width of the constant array data in the second additional constant array storage unit is the number of data conversion components in the second additional data conversion component group multiplied by 32, The depth of the constant array data in the second additional constant array storage unit is one.
其中, 还包括: 第二附加加解密数据处理装置, 其与所述的循环加解密数 据处理装置的输出端相接,用于补充处理所述循环加解密数据处理装置未完成 数据转换处理; 所述的第二附加加解密数据处理装置包括:  The method further includes: a second additional encryption and decryption data processing device, coupled to the output end of the cyclic encryption/decryption data processing device, for supplementing processing, the data processing of the cyclic encryption/decryption data processing device is not completed; The second additional encryption and decryption data processing device includes:
第二附加数据寄存部件, 用于寄存循环加解密数据处理处理的结果; 第二附加数据转换部件组, 由一个数据转换部件、或由二个或多个依次串 接的数据转换部件构成,该第二附加数据转换部件组输入端接于第二附加数据 寄存部件输出端、、 该第二附加数据转换部件组输出端接入第二附加数据寄存 部件输入端; a second additional data registering component for registering a result of the cyclic encryption/decryption data processing process; the second additional data conversion component group being constituted by a data conversion component or by two or more data conversion components sequentially connected in series, The second additional data conversion component group input is terminated to the second additional data a register component output end, the second additional data conversion component group output end is connected to the second additional data register component input end;
第二附加常数阵列存储部件, 用于存储加解密处理所用的常数阵列数据, 其输出端分别与所述第二附加数据转换部件组中的各数据转换部件的输入端 相接。  And a second additional constant array storage unit for storing constant array data for use in the encryption and decryption processing, the output ends of which are respectively connected to the input ends of the respective data conversion units in the second additional data conversion unit group.
所述第一附加常数阵列存储部件和第二附加常数阵列存储部件所存储的 常数阵列数据满足下列条件:  The constant array data stored by the first additional constant array storage unit and the second additional constant array storage unit satisfies the following conditions:
1 )所述第一附加常数阵列存储部件存储的是密钥扩展处理所得到的结果 数据;所述第二附加常数阵列存储部件存储的是密钥扩展处理所得到的结果数 据;  1) the first additional constant array storage unit stores result data obtained by key expansion processing; and the second additional constant array storage unit stores result data obtained by key expansion processing;
2 )按照地址高低顺序排列;  2) Arrange in order of address;
3 )循环加解密数据处理装置中常数阵列存储部件的常数阵列数据宽度与 深度的第五乘积,第一附加加解密数据处理装置中第一附加常数阵列存储部件 的常数阵列数据宽度与深度的第六乘积,第二附加加解密数据处理装置中第二 附加常数阵列存储部件的常数阵列数据宽度与深度的第七乘积, 该第五乘积、 第六乘积、 及第七乘积三者之和为 1024; 所述第一附加常数阵列存储部件中 常数阵列数据的宽度为第一附加数据转换部件组中数据转换部件的个数乘以 32, 所述第一附加常数阵列存储部件中常数阵列数据的深度为 1; 所述第二附 加常数阵列存储部件中常数阵列数据的宽度为第二附加数据转换部件组中数 据转换部件的个数乘以 32, 所述第二附加常数阵列存储部件中常数阵列数据 的深度为 1。  3) a fifth product of a constant array data width and a depth of the constant array storage unit in the cyclic encryption/decryption data processing device, and a constant array data width and depth of the first additional constant array storage unit in the first additional encryption/decryption data processing device a sixth product, a seventh additional product of a constant array data width and a depth of the second additional constant array storage unit in the second additional encryption/decryption data processing device, wherein the sum of the fifth product, the sixth product, and the seventh product is 1024 The width of the constant array data in the first additional constant array storage unit is the number of data conversion units in the first additional data conversion unit group multiplied by 32, and the depth of the constant array data in the first additional constant array storage unit a width of the constant array data in the second additional constant array storage unit is the number of data conversion components in the second additional data conversion component group multiplied by 32, and the second additional constant array storage component constant array data The depth is 1.
所述的数据寄存部件是在时钟上沿或下沿时刻将输入端数据传至输出端、 而其他时刻输出端数据不发生变化的数据暂存器件; 所述数据转换部件组、第 一附加数据转换部件组及第二附加数据转换部件组中的数据转换部件是按照 密码算法要求进行数据处理、操作中只有一次密码算法所规定的合成置换的数 据处理器件。  The data registering component is a data temporary storage device that transmits input data to the output terminal at the time of the upper edge or the lower edge of the clock, and the data of the output terminal does not change at other times; the data conversion component group and the first additional data The data conversion unit in the conversion component group and the second additional data conversion component group is a data processing device that performs data processing in accordance with a cryptographic algorithm and performs synthesis replacement as defined by only one cryptographic algorithm in the operation.
本发明实现 SMS4加解密算法的设备,通过对常数阵列的安排以及对应数 据转换部件的设置, 能够减少数据转换处理的循环次数。 由于单位时间内加解 密的数据数量大大增加,从而提高了加解密的效率。例如,加密 128bit的数据, 若采用 4个数据转换部件,只需循环运行 8个时钟周期就能输出最终数据处理 结果。 所以, 在时钟频率相同的情况下, 可以使加密效率提高 4倍。 The device for realizing the SMS4 encryption and decryption algorithm of the present invention can reduce the number of cycles of data conversion processing by arranging the constant array and setting the corresponding data conversion component. Since the amount of data encrypted and decrypted per unit time is greatly increased, the efficiency of encryption and decryption is improved. For example, encrypting 128-bit data, With four data conversion components, the final data processing result can be output by running only 8 clock cycles. Therefore, in the case of the same clock frequency, the encryption efficiency can be increased by 4 times.
本发明实现 SMS4加解密算法的设备, 在满足所要求加解密效率的情况 下, 由于时钟频率仅为原来的 1/n, 故时钟频率只需原来的 l/n。 例如, 加密 128bit的数据, 若采用 4个数据转换部件, 时钟频率只需原来的 1/4。  The device for realizing the SMS4 encryption and decryption algorithm of the present invention, in the case that the required encryption and decryption efficiency is satisfied, since the clock frequency is only the original 1/n, the clock frequency only needs the original l/n. For example, to encrypt 128-bit data, if four data conversion components are used, the clock frequency is only 1/4 of the original.
此外, 在相同处理效率的情况下, 实现本发明方案的集成电路的设计、 实 施比较容易; 信号的完整性大大优化; 设计成本降低。 此外, 采用本发明设计 集成电路,在满足所要求加解密效率的情况下, 由于时钟频率仅为原来的 1/n, 故时钟频率只需原来的 l/n。在相同处理效率的情况下 PCB成本降低; PCB设 计、 产品易于实现; 系统中的干扰降低, 对其他设备、 器件正常、 高效工作的 影响也大幅度降低。  In addition, in the case of the same processing efficiency, the design and implementation of the integrated circuit implementing the inventive scheme are relatively easy; the signal integrity is greatly optimized; and the design cost is reduced. In addition, with the integrated circuit designed by the present invention, the clock frequency is only 1/n, and the clock frequency only needs the original l/n, when the required encryption and decryption efficiency is satisfied. PCB cost is reduced with the same processing efficiency; PCB design and product are easy to implement; interference in the system is reduced, and the impact on the normal and efficient operation of other devices and devices is greatly reduced.
附图说明 DRAWINGS
图 1为本发明实施例一循环加解密数据处理的结构示意图;  1 is a schematic structural diagram of cyclic encryption and decryption data processing according to an embodiment of the present invention;
图 2为本发明实施例二循环加解密数据处理的结构示意图;  2 is a schematic structural diagram of data processing of cyclic encryption and decryption according to Embodiment 2 of the present invention;
图 3 为本发明实施例三循环加解密数据处理之前设附加加解密数据处理 的结构示意图;  FIG. 3 is a schematic structural diagram of the process of adding additional encryption and decryption data before the data processing of the cyclic encryption/decryption according to the embodiment of the present invention; FIG.
图 4 为本发明实施例四循环加解密数据处理之后设附加加解密数据处理 的结构示意图;  4 is a schematic structural diagram of processing of adding and decrypting data after cyclic data processing in accordance with an embodiment of the present invention;
图 5为本发明实施例五循环加解密数据处理之前、之后均设有附加加解密 数据处理的结构示意图。  FIG. 5 is a schematic structural diagram of the process of adding additional encryption and decryption data before and after the cyclic data is processed and decrypted according to the fifth embodiment of the present invention.
附图标号说明: 1一数据寄存部件, 2—数据转换部件组, 3—常数阵列存 储部件, 4一循环加解密数据处理装置; 21—第一附加数据转换部件組, 22— 第二附加数据转换部件组; 101—第一附加数据寄存部件, 102—第二附加数据 寄存部件; 200—第一数据转换部件, 201—第二数据转换部件, 202—第三数 据转换部件, 203—第四数据转换部件; 210—第一附加数据转换部件, 211— 第二附加数据转换部件; 220—第三附加数据转换部件, 221—第四附加数据转 换部件; 301—第一附加常数阵列存储部件, 302—第二附加常数阵列存储部件; 501—第一附加加解密数据处理装置, 502—第二附加加解密数据处理装置。 具体实施方式 参见图 1 , 为本发明实施例一循环加解密数据处理的结构示意图。 如图 1 所示, 主要包括: 数据寄存部件 1、 常数阵列存储部件 3及数据转换部件组 2; 其中: DESCRIPTION OF REFERENCE NUMERALS: 1 data registering component, 2 - data conversion component group, 3 - constant array storage component, 4 - cyclic encryption and decryption data processing device; 21 - first additional data conversion component group, 22 - second additional data Conversion component group; 101 - first additional data registration component, 102 - second additional data registration component; 200 - first data conversion component, 201 - second data conversion component, 202 - third data conversion component, 203 - fourth Data conversion component; 210 - first additional data conversion component, 211 - second additional data conversion component; 220 - third additional data conversion component, 221 - fourth additional data conversion component; 301 - first additional constant array storage component, 302 - a second additional constant array storage component; 501 - a first additional encryption and decryption data processing device, 502 - a second additional encryption and decryption data processing device. detailed description Referring to FIG. 1, a schematic structural diagram of cyclic encryption and decryption data processing according to an embodiment of the present invention is shown. As shown in FIG. 1, it mainly includes: a data registering component 1, a constant array storage component 3, and a data conversion component group 2; wherein:
数据寄存部件 1用于寄存外部数据及上一次数据转换处理的结果,可采用 通用触发器, 如 D触发器、 JK触发器等。 该类通用触发器是在时钟上沿或下 沿把数据输入端的数据传至触发器的输出端,在其他时刻触发器输出端的数据 不发生变化的数据暂存器件。 在同一个数据转换处理周期内, 数据寄存部件 1 所寄存的数据是不改变的。  The data register unit 1 is used to register external data and the result of the last data conversion process, and a general-purpose flip-flop such as a D flip-flop, a JK flip-flop, or the like can be used. This type of general-purpose flip-flop is a data temporary storage device that transfers data at the data input end to the output of the flip-flop at the upper or lower edge of the clock, and the data at the output of the flip-flop does not change at other times. During the same data conversion processing cycle, the data registered by the data registration unit 1 is unchanged.
数据转换部件组 2是按照密码算法要求进行数据处理的部件。例如,按照 国家的 SMS4密码算法要求进行数据处理,数据转换部件组 2完成的操作中只 有一次密码算法所规定的合成置换。  The data conversion component group 2 is a component that performs data processing in accordance with a cryptographic algorithm. For example, data processing is performed in accordance with the national SMS4 cryptographic algorithm, and the data conversion component group 2 performs only one synthetic interrupt per stipulated by the cryptographic algorithm.
常数阵列存储部件 3用于存储常数阵列数据。本发明采用的常数阵列是密 钥扩展处理所得到的结果数据,按照地址高低顺序排列,按照数据转换部件組 2中数据转换部件的个数安排常数阵列对应的宽度和深度, 并且宽度与深度的 乘积为 1024。 例如, 采用 4个数据转换部件, 那么常数阵列的宽度是 128bit, 深度是 8。 若采用 8个数据转换部件, 常数阵列的宽度则是 256bit, 深度是 4。  The constant array storage unit 3 is for storing constant array data. The constant array used in the present invention is the result data obtained by the key expansion process, arranged in order of address level, and the width and depth corresponding to the constant array are arranged according to the number of data conversion components in the data conversion component group 2, and the width and the depth are The product is 1024. For example, with four data conversion components, the constant array has a width of 128 bits and a depth of 8. With eight data conversion components, the constant array has a width of 256 bits and a depth of four.
本发明数据转换部件组 2中数据转换部件的个数是 32的约数时, 以仅釆 用循环加解密数据处理的结构为佳。  When the number of data conversion units in the data conversion unit group 2 of the present invention is a divisor of 32, it is preferable to use a structure in which only cyclic encryption/decryption data is processed.
参见图 2, 本发明的循环加解密数据处理中, 数据寄存部件 1的输入端与 外部数据的输入端相连, 数据寄存部件 1的输出端接数据转换部件组 2, 常数 阵列存储部件 3的输出端分别与数据转换部件組 2中各个数据转换部件,即第 一数据转换部件 200、 第二数据转换部件 201、 第三数据转换部件 202、 以及 第四数据转换部件 203的输入端相连接。 各个数据转换部件 200 - 203依次串 接,其输出接入数据寄存部件 1的输入端。数据转换部件组 2由依次串接的至 少二个数据转换部件构成。  Referring to Fig. 2, in the cyclic encryption/decryption data processing of the present invention, the input end of the data registering component 1 is connected to the input terminal of the external data, and the output terminal of the data registering component 1 is connected to the data conversion component group 2, and the output of the constant array storage section 3 The terminals are respectively connected to the respective data conversion sections of the data conversion component group 2, that is, the input ends of the first data conversion component 200, the second data conversion component 201, the third data conversion component 202, and the fourth data conversion component 203. The respective data conversion sections 200 - 203 are sequentially connected in series, and the output thereof is input to the input terminal of the data registration section 1. The data conversion unit group 2 is composed of at least two data conversion units which are sequentially connected in series.
数据转换部件组 2以采用 4个数据转换部件 200 - 203为例, 常数阵列宽 度为 128bit, 深度为 8, 采用循环加解密数据处理的方式进行加解密处理。 过 程如下:  The data conversion unit group 2 takes four data conversion units 200 - 203 as an example, and has a constant array width of 128 bits and a depth of 8, and performs encryption and decryption processing by means of cyclic encryption and decryption data processing. The process is as follows:
1 ) 准备常数阵列; 将常数阵列存入常数阵列存储部件 3。 若数据转换处理中的数据转换处理 部件为 4个, 则常数阵列的宽度为 128bit、 深度为 8。 将 128bit的常数阵列数 据与深度 8对应划分为 8行, 每行分别命名为 rkO, rkl5...rk7; 将每行 128bit 的常数阵列数据分为 4个 32bit的数据。 rkO分为 rk0a、 rk0b、 rk0c、 rkOd; rkl 分为 rkla、 rklb、 rklc、 rkld 。 1) Prepare a constant array; The constant array is stored in the constant array storage unit 3. If there are four data conversion processing units in the data conversion processing, the constant array has a width of 128 bits and a depth of 8. The 128-bit constant array data is divided into 8 lines corresponding to the depth 8, and each line is named rkO, rkl 5 ... rk7; the constant array data of 128 bits per line is divided into four 32-bit data. rkO is divided into rk0a, rk0b, rk0c, rkOd; rkl is divided into rkla, rklb, rklc, rkld.
2 )将外部数据输至数据寄存部件 1的输入端;  2) inputting external data to the input end of the data storage unit 1;
外部数据是 128bit的数据, 分为 4个 32bit的数据, 分別命名为 A0、 Al、 A2、 A3。 在时钟上沿或下沿, 把数据寄存部件 1输入端的数据传送至数据寄 存部件 1的输出端, 数据寄存部件 1输出 128bit, 分为 4个 32bit数据的数据, 分别命名为 a0、 al、 a2、 a3。  The external data is 128-bit data, which is divided into four 32-bit data, named A0, Al, A2, and A3. On the upper or lower edge of the clock, the data at the input of the data register unit 1 is transferred to the output of the data register unit 1, and the data register unit 1 outputs 128 bits, which are divided into four pieces of 32-bit data, which are named a0, al, a2, respectively. , a3.
3 )进行首次数据转换处理;  3) Perform the first data conversion process;
在该时钟周期内,将常数阵列存储部件 3所存储常数阵列的第一行对应的 数据分别输至所有的数据转换部件 200 - 203。 在同一个时钟周期内, 数据寄 存部件 1输出端的数据输入第一数据转换部件 200进行数据转换处理;第一数 据转换部件 200输出的数据再输入下一个数据转换部件即第二数据转换部件 201进行数据转换处理; 依此方式, 直至所有的数据转换部件即数据转换部件 200 - 203顺序完成数据转换处理。 具体如下:  In the clock cycle, the data corresponding to the first row of the constant array stored in the constant array storage unit 3 is respectively output to all of the data conversion sections 200 - 203. In the same clock cycle, the data of the output of the data registration unit 1 is input to the first data conversion unit 200 for data conversion processing; the data output by the first data conversion unit 200 is input to the next data conversion unit, that is, the second data conversion unit 201. Data conversion processing; in this manner, until all the data conversion sections, that is, the data conversion sections 200-203, sequentially perform the data conversion processing. details as follows:
数据寄存部件 1输出端的数据 a0、 al、 a2、 a3及常数阵列存储部件 3输 出的数据 rkOa输至第一数据转换部件 200, 转换处理后的数据仍然是 128bit, 分别命名为 B0、 Bl、 B2、 B3;  The data a0, a1, a2, a3 at the output of the data register unit 1 and the data rkOa output from the constant array storage unit 3 are input to the first data conversion unit 200, and the converted data is still 128 bits, and are named B0, Bl, B2, respectively. , B3;
第一数据转换部件 200输出的数据 B0、 Bl、 B2、 B3及常数阵列存储部 件 3输出的数据 rkOb输至第二数据转换部件 201, 转换处理后的数据仍然是 128bit, 分别命名为 C0、 Cl、 C2、 C3;  The data B0, Bl, B2, B3 output by the first data conversion unit 200 and the data rkOb outputted by the constant array storage unit 3 are input to the second data conversion unit 201, and the converted data is still 128 bits, respectively named C0, Cl. , C2, C3;
第二数据转换部件 201输出的数据 C0、 Cl、 C2、 C3及常数阵列存储部 件 3输出的数据 rkOc输至第三数据转换部件 202, 转换处理后的数据仍然是 128bit, 分别命名为 D0、 Dl、 D2、 D3;  The data C0, Cl, C2, C3 outputted by the second data conversion unit 201 and the data rkOc outputted by the constant array storage unit 3 are input to the third data conversion unit 202, and the converted data is still 128 bits, respectively named D0, Dl. , D2, D3;
第三数据转换部件 202输出的数据 D0、 Dl、 D2、 D3及常数阵列存储部 件 3输出的数据 rkOd输至第四数据转换部件 203 , 转换处理后的数据仍然是 128bit, 分别命名为 E0、 El、 E2、 E3; E0、 El、 E2、 E3即是首次数据转换处理的结果数据。 The data D0, D1, D2, D3 output by the third data conversion unit 202 and the data rkOd output from the constant array storage unit 3 are input to the fourth data conversion unit 203, and the converted data is still 128 bits, respectively named E0, El. , E2, E3; E0, El, E2, and E3 are the result data of the first data conversion process.
4 )进行再次数据转换处理;  4) performing data conversion processing again;
在时钟沿到来的时刻, 将前次数据转换处理的数据 E0、 El、 E2、 E3存至 数据寄存部件 1 ; 将数据寄存部件 1的输出端数据 e0、 el、 e2、 e3依次输入数 据转换部件 200 - 203„ 将常数阵列存储部件 3所存储的常数阵列的下一行对 应的数据 rkla、 rklb、 rklc、 rkld分别输入数据转换部件 200 - 203。  At the time when the clock edge arrives, the data E0, El, E2, E3 of the previous data conversion processing are stored in the data registration unit 1; the output data e0, el, e2, e3 of the data registration unit 1 are sequentially input to the data conversion unit. 200 - 203 „ The data rkla, rklb, rklc, rkld corresponding to the next row of the constant array stored in the constant array storage unit 3 are input to the data conversion sections 200 - 203, respectively.
5 )重复再次数据转换处理, 得到加解密数据处理结果。 再次数据转换处 理每进行一次, 即完成一个数据转换处理周期。将再次数据转换处理循环处理 6次, 即数共进行 8次, 最后一次数据转换处理后输出的数据即为最终数据处 理结果。  5) Repeat the data conversion process again to obtain the encryption and decryption data processing result. Once again, the data conversion process is performed once, that is, a data conversion processing cycle is completed. The data conversion processing is processed again six times, that is, the number is performed eight times in total, and the data output after the last data conversion processing is the final data processing result.
采用二个数据转换部件时, 循环加解密数据处理共进行 16个时钟周期完 成一次加解密处理。 采用八个数据转换部件时, 循环加解密数据处理共进行 4 个时钟周期完成一次加解密处理。采用十六个数据转换部件时,循环加解密数 据处理共进行 2个时钟周期完成一次加解密处理。  When two data conversion units are used, the cyclic encryption/decryption data processing performs a total of 16 clock cycles to complete the encryption and decryption processing. When eight data conversion components are used, the cyclic encryption/decryption data processing performs a total of four clock cycles to complete the encryption and decryption process. When sixteen data conversion units are used, the cyclic encryption/decryption data processing performs a total of two clock cycles to complete the encryption and decryption processing.
附加加解密数据处理用于补充完成循环加解密数据处理 4 未完成的数据 转换处理, 尤其是当数据转换部件组 2中数据转换部件的个数不是 32的约数 时,可通过循环加解密数据处理 4与附加加解密数据处理共同完成数据转换处 理。  The additional encryption/decryption data processing is used to supplement the completion of the cyclic encryption/decryption data processing 4, and the data conversion processing is not completed, especially when the number of data conversion components in the data conversion component group 2 is not a divisor of 32, the data can be encrypted and decrypted by cyclic The process 4 performs data conversion processing together with the additional encryption and decryption data processing.
参见图 3 , 循环加解密数据处理装置 4的输入端可接第一附加加解密数据 处理装置 501 , 用于补充处理循环加解密数据处理装置 4未完成的数据转换处 理。第一附加加解密数据处理装置 501主要由用于寄存外部数据的第一附加数 据寄存部件 101 , 输入端接于第一附加数据寄存部件 101输出端、 输出端接入 循环加解密数据处理装置 4输入端的第一附加数据转换部件组 21, 输出端接 入第一附加数据转换部件組 21输入端的第一附加常数阵列存储部件 301构成。 第一附加数据转换部件组 21可采用一个、 二个或多个依次串接的数据转换部 件构成。第一附加常数阵列存储部件 301的输出端分别与笫一附加数据转换部 件组 21中的每个数据转换部件 210、 211......的输入端相接。 第一附加常数阵 列存储部件 301所存储的常数阵列是满足下列条件的数据阵列:  Referring to Fig. 3, the input end of the cyclic encryption/decryption data processing device 4 is connected to the first additional encryption/decryption data processing device 501 for supplementing the data conversion processing that is not completed by the cyclic encryption/decryption data processing device 4. The first additional encryption/decryption data processing device 501 is mainly composed of a first additional data registration unit 101 for registering external data, and the input terminal is connected to the output end of the first additional data registration unit 101, and the output terminal is connected to the cyclic encryption/decryption data processing device 4. The first additional data conversion component group 21 at the input end and the output terminal are connected to the first additional constant array storage component 301 at the input end of the first additional data conversion component group 21. The first additional data conversion component group 21 can be constructed by one, two or more data conversion components which are sequentially connected in series. The outputs of the first additional constant array storage unit 301 are respectively coupled to the input terminals of each of the data conversion units 210, 211, ... in the additional data conversion unit group 21. The constant array stored by the first additional constant array storage unit 301 is a data array that satisfies the following conditions:
1 ) 密钥扩展处理所得到的结果数据; 2 )按照地址高低顺序排列; 1) result data obtained by key expansion processing; 2) Arrange in order of address;
3 )循环加解密数据处理装置 4中常数阵列存储部件 3的常数阵列数据宽 度与深度的第一乘积,第一附加加解密数据处理装置 501中第一附加常数阵列 存储部件 301的常数阵列数据宽度与深度的第二乘积,该第一乘积与第二乘积 两者之和为 1024; 所述第一附加常数阵列存储部件 3Q1 中常数阵列数据的宽 度为第一附加数据转换部件组 21中数据转换部件的个数乘以 32, 所述第一附 加常数阵列存储部件 301中常数阵列数据的深度为 1。  3) a first product of the constant array data width and depth of the constant array storage unit 3 in the cyclic encryption/decryption data processing device 4, and a constant array data width of the first additional constant array storage unit 301 in the first additional encryption/decryption data processing device 501 a second product of the depth, the sum of the first product and the second product is 1024; the width of the constant array data in the first additional constant array storage unit 3Q1 is the data conversion in the first additional data conversion unit group 21 The number of components is multiplied by 32, and the depth of the constant array data in the first additional constant array storage section 301 is 1.
第一附加加解密数据处理装置 501进行数据处理的过程如下:  The process of data processing by the first additional encryption/decryption data processing device 501 is as follows:
1 )将外部数据输至数据寄存部件 1的输入端, 在时钟上沿或下沿, 把数 据寄存部件 1输入端的数据传送至数据寄存部件 1的输出端。  1) The external data is input to the input terminal of the data register unit 1, and the data of the input terminal of the data register unit 1 is transferred to the output terminal of the data register unit 1 at the upper or lower edge of the clock.
2 )在该时钟周期内, 将第一附加常数阵列存储部件 301所存储常数阵列 对应的数据分别输至第一附加加解密数据处理装置 501 中的所有数据转换部 件 210、 211等。  2) In the clock cycle, the data corresponding to the constant array stored in the first additional constant array storage unit 301 is respectively input to all the data conversion units 210, 211 and the like in the first additional encryption/decryption data processing device 501.
3 )在同一个时钟周期内, 数据寄存部件 1输出端的数据输入到第一附加 数据转换部件 210进行数据转换处理;第一附加数据转换部件 210输出的数据 再输入到下一个数据转换部件,即第二附加数据转换部件 211进行数据转换处 理; 依此方式, 直至第一附加加解密数据处理装置 501中第一附加数据转换部 件组 21 中的所有附加数据转换部件顺序完成数据转换处理., 得到第一附加加 解密数据处理装置 501的数据处理结果。  3) In the same clock cycle, the data of the output of the data registration unit 1 is input to the first additional data conversion unit 210 for data conversion processing; the data output by the first additional data conversion unit 210 is input to the next data conversion unit, that is, The second additional data conversion unit 211 performs data conversion processing; in this manner, until all the additional data conversion units in the first additional data conversion unit group 21 in the first additional encryption/decryption data processing unit 501 sequentially complete the data conversion processing. The data processing result of the first additional encryption/decryption data processing device 501.
4 ) 以第一附加加解密数据处理装置 501的处理结果作为循环加解密数据 处理中的外部数据, 用来完成循环加解密数据处理。  4) The processing result of the first additional encryption/decryption data processing means 501 is used as external data in the cyclic encryption/decryption data processing for completing the cyclic encryption/decryption data processing.
参见图 4, 以在循环加解密数据处理 4的输出端接有第二附加加解密数据 处理装置 502,用于补充处理循环加解密数据处理装置 4未完成的数据转换处 理。第二附加加解密数据处理装置 502主要由用于寄存循环加解密数据处理 4 处理结果的第二附加数据寄存部件 102, 输入端接于第二附加数据寄存部件 102输出端的第二附加数据转换部件组 22,输出端接入第二附加数据转换部件 组 22输入端的第二附加常数阵列存储部件 302构成。 第二附加数据转换部件 组 22可采用一个数据转换部件构成, 或由二个或多个依次串接的数据转换部 件构成。第二附加常数阵列存储部件 302的输出端分别与第二附加数据转换部 件组 22中的每个数据转换部件 220、 221......的输入端相接。 第二附加常数阵 列存储部件 302所存储的常数阵列是满足下列条件的数据阵列: Referring to Fig. 4, a second additional encryption/decryption data processing means 502 is provided at the output of the cyclic encryption/decryption data processing 4 for supplementing the data conversion processing which is not completed by the processing cyclic encryption/decryption data processing apparatus 4. The second additional encryption/decryption data processing means 502 is mainly composed of a second additional data registration means 102 for registering the result of the cyclic encryption/decryption data processing 4, and a second additional data conversion means which is connected to the output of the second additional data registration means 102. The group 22 is configured to be coupled to a second additional constant array storage component 302 at the input of the second additional data conversion component group 22. The second additional data conversion component group 22 may be constituted by one data conversion component or by two or more data conversion components sequentially connected in series. The output of the second additional constant array storage unit 302 and the second additional data conversion unit The inputs of each of the data conversion sections 220, 221, ... in the set 22 are coupled. The constant array stored by the second additional constant array storage unit 302 is a data array that satisfies the following conditions:
1 )循环加解密数据处理装置 4所用到的常数阵列数据;  1) cyclically encrypting and decrypting the constant array data used by the data processing device 4;
2 )按照地址高低顺序排列;  2) Arrange in order of address;
3 )循环加解密数据处理装置 4中常数阵列存储部件 3的常数阵列数据宽 度与深度的第三乘积,第二附加加解密数据处理装置 502中第二附加常数阵列 存储部件 302的常数阵列数据宽度与深度的第四乘积,该第三乘积与第四乘积 两者之和为 1024; 所述第二附加常数阵列存储部件 302中常数阵列数据的宽 度为第二附加数据转换部件组 22中数据转换部件的个数乘以 32, 所述第二附 加常数阵列存储部件 302中常数阵列数据的深度为 1。  3) a third product of the constant array data width and depth of the constant array storage unit 3 in the cyclic encryption/decryption data processing device 4, and a constant array data width of the second additional constant array storage unit 302 in the second additional encryption/decryption data processing device 502 a fourth product of the depth, the sum of the third product and the fourth product is 1024; the width of the constant array data in the second additional constant array storage unit 302 is the data conversion in the second additional data conversion unit group 22 The number of components is multiplied by 32, and the depth of the constant array data in the second additional constant array storage section 302 is one.
第二附加加解密数据处理装置 502进行数据处理的过程与第一附加加解 密数据处理装置 501相似,其是对循环加解密数据处理装置 4处理的数据进行 转换处理。第二附加加解密数据处理装置 502的数据处理结果为最终加解密数 据处理结果。第一附加加解密数据处理装置 501或第二附加加解密数据处理装 置 502中的数据转换处理部件均可采用是一个、 二个或多个。  The process of data processing by the second additional encryption/decryption data processing means 502 is similar to that of the first additional encrypted data processing means 501, which performs conversion processing on the data processed by the cyclic encryption/decryption data processing means 4. The data processing result of the second additional encryption/decryption data processing means 502 is the final encryption/decryption data processing result. The data conversion processing means in the first additional encryption/decryption data processing means 501 or the second additional encryption/decryption data processing means 502 may be one, two or more.
附加加解密数据处理装置加至循环加解密数据处理装置 4之前或之后进 行均可, 也可在循环加解密数据处理装置 4之前和之后均附加, 参见图 5。 该 结构中的第一附加常数阵列存储部件 301、 第二附加常数阵列存储部件 302所 存储的常数阵列是满足下列条件的数据阵列:  The additional encryption/decryption data processing means may be added before or after the cyclic encryption/decryption data processing means 4, or may be added before and after the cyclic encryption/decryption data processing means 4, see Fig. 5. The constant array stored by the first additional constant array storage unit 301 and the second additional constant array storage unit 302 in the structure is a data array that satisfies the following conditions:
1 )所述第一附加常数阵列存储部件 301存储的是密钥扩展处理所得到的 结果数据;所述第二附加常数阵列存储部件 302存储的是密钥扩展处理所得到 的结果数据;  1) the first additional constant array storage unit 301 stores result data obtained by key expansion processing; and the second additional constant array storage unit 302 stores result data obtained by key expansion processing;
2 )按照地址高低顺序排列;  2) Arrange in order of address;
3 )循环加解密数据处理装置 4中常数阵列存储部件 3的常数阵列数据宽 度与深度的第五乘积,第一附加加解密数据处理装置 501中第一附加常数阵列 存储部件 301的常数阵列数据宽度与深度的第六乘积,第二附加加解密数据处 理装置 502中第二附加常数阵列存储部件 302的常数阵列数据宽度与深度的第 七乘积, 该第五乘积、 第六乘积、 及第七乘积三者之和为 1024; 所述第一附 加常数阵列存储部件 301 中常数阵列数据的宽度为第一附加数据转换部件组 21中数据转换部件的个数乘以 32, 所述第一附加常数阵列存储部件 301中常 数阵列数据的深度为 1; 所述第二附加常数阵列存储部件 302中常数阵列数据 的宽度为第二附加数据转换部件组 22中数据转换部件的个数乘以 32, 所述第 二附加常数阵列存储部件 302中常数阵列数据的深度为 1。 3) a fifth product of the constant array data width and depth of the constant array storage unit 3 in the cyclic encryption/decryption data processing device 4, and a constant array data width of the first additional constant array storage unit 301 in the first additional encryption/decryption data processing device 501 a sixth product of depth, a seventh product of a constant array data width and a depth of the second additional constant array storage unit 302 in the second additional encryption/decryption data processing device 502, the fifth product, the sixth product, and the seventh product The sum of the three is 1024; the width of the constant array data in the first additional constant array storage unit 301 is the first additional data conversion component group The number of data conversion components in 21 is multiplied by 32, the depth of the constant array data in the first additional constant array storage unit 301 is 1; the width of the constant array data in the second additional constant array storage unit 302 is the second The number of data conversion sections in the additional data conversion component group 2 2 is multiplied by 32, and the depth of the constant array data in the second additional constant array storage section 302 is 1.
本发明实现 SMS4加解密算法的设备,通过对常数阵列的安排以及对应数 据转换部件的设置, 能够减少数据转换处理的循环次数。 由于单位时间内加解 密的数据数量大大增加,从而提高了加解密的效率。例如,加密 128bit的数据, 若采用 4个数据转换部件,只需循环运行 8个时钟周期就能输出最终数据处理 结果。 所以, 在时钟频率相同的情况下, 可以使加密效率提高 4倍。  The device for realizing the SMS4 encryption and decryption algorithm of the present invention can reduce the number of cycles of data conversion processing by arranging the constant array and setting the corresponding data conversion unit. Since the amount of data added and decrypted per unit time is greatly increased, the efficiency of encryption and decryption is improved. For example, to encrypt 128-bit data, if four data conversion components are used, it is only necessary to cycle through 8 clock cycles to output the final data processing result. Therefore, when the clock frequency is the same, the encryption efficiency can be increased by 4 times.
本发明实现 SMS4 加解密算法的设备, 在满足所要求加解密效率的情况 下, 由于时钟频率仅为原来的 1/n, 故时钟频率只需原来的 l/n。 例如, 加密 128bit的数据, 若采用 4个数据转换部件, 时钟频率只需原来的 1/4。  The device for realizing the SMS4 encryption and decryption algorithm of the present invention, in the case of satisfying the required encryption and decryption efficiency, requires only the original l/n because the clock frequency is only 1/n of the original. For example, to encrypt 128-bit data, if four data conversion components are used, the clock frequency is only 1/4 of the original.
此外, 在相同处理效率的情况下, 实现本发明方案的集成电路的设计、 实 施比较容易; 信号的完整性大大优化; 设计成本降低。 此外, 采用本发明设计 集成电路,在满足所要求加解密效率的情况下, 由于时钟频率仅为原来的 1/n, 故时钟频率只需原来的 l/n。在相同处理效率的情况下 PCB成本降低; PCB设 计、 产品易于实现; 系统中的干扰降低, 对其他设备、 器件正常、 高效工作的 影响也大幅度降低。  In addition, in the case of the same processing efficiency, the design and implementation of the integrated circuit implementing the inventive scheme are relatively easy; the signal integrity is greatly optimized; and the design cost is reduced. In addition, with the integrated circuit designed by the present invention, the clock frequency is only 1/n, and the clock frequency only needs the original l/n, when the required encryption and decryption efficiency is satisfied. PCB cost is reduced with the same processing efficiency; PCB design and product are easy to implement; interference in the system is reduced, and the impact on the normal and efficient operation of other devices and devices is greatly reduced.
上述实施例是用于说明和解幹本发明的原理的。 可以理解,本发明的具体 实施方式不限于此。对于本领域技术人员而言,在不脱离本发明的实质和范围 的前提下进行的各种变更和修改均涵盖在本发明的保护范围之内。 因此,本发 明的保护范围由权利要求确定。  The above embodiments are intended to illustrate and solve the principles of the present invention. It is to be understood that the specific embodiments of the present invention are not limited thereto. Various changes and modifications may be made without departing from the spirit and scope of the invention. Accordingly, the scope of the invention is defined by the claims.

Claims

权 利 要 求 Rights request
1.一种实现 SMS4加解密算法的设备, 其特征在于, 包括:  An apparatus for implementing an SMS4 encryption and decryption algorithm, comprising:
由数据寄存部件( 1 )、 数据转换部件组( 2 )和常数阵列存储部件( 3 )构 成的循环加解密数据处理装置(4 );  a cyclic encryption/decryption data processing device (4) comprising a data registering component (1), a data conversion component group (2) and a constant array storage component (3);
所述的数据寄存部件( 1 ), 用于寄存外部数据及上一次数据转换处理的结 果;  The data registering component (1) is configured to register external data and a result of a previous data conversion process;
所述的数据转换部件组(2 ) 由依次串接的至少二个数据转换部件构成, 该数据转换部件输入端接于数据寄存部件(1 )输出端、 该数据转换部件输出 端接入数据寄存部件 (1 ) 的输入端;  The data conversion component group (2) is composed of at least two data conversion components serially connected in series, and the data conversion component input terminal is connected to the output end of the data registration component (1), and the data conversion component output terminal is connected to the data registration. The input of component (1);
所述的常数阵列存储部件( 3 ),用于存储加解密处理所用的常数阵列数据, 其输出端分别与所述数据转换部件組(2 )中每个数据转换部件的输入端相接。  The constant array storage unit (3) is configured to store constant array data for encryption and decryption processing, and an output end thereof is respectively connected to an input end of each of the data conversion unit groups (2).
2.根据权利要求 1所述的实现 SMS4加解密算法的设备, 其特征在于: 所 述的常数阵列数据满足下列条件:  The apparatus for implementing an SMS4 encryption/decryption algorithm according to claim 1, wherein: said constant array data satisfies the following conditions:
1 ) 密钥扩展处理所得到的结果数据;  1) result data obtained by key expansion processing;
2 )按照地址高低顺序排列;  2) Arrange in order of address;
3 )按照数据转换部件组(2 )中数据转换部件的个数安排数阵列对应的宽 度和深度;  3) arranging the width and depth corresponding to the array according to the number of data conversion components in the data conversion component group (2);
4)宽度与深度的乘积为 1024。  4) The product of width and depth is 1024.
3.根据权利要求 1或 2所述的实现 SMS4加解密算法的设备,其特征在于: 所述循环加解密数据处理装置( 4 )中的数据转换部件组( 2 )的数据转换部件 的个数是 32的约数。  The apparatus for implementing an SMS4 encryption/decryption algorithm according to claim 1 or 2, wherein: the number of data conversion components of the data conversion component group (2) in the cyclic encryption/decryption data processing device (4) It is the approximate number of 32.
4.根据权利要求 1所述的实现 SMS4加解密算法的设备, 其特征在于, 还 包括: 第一附加加解密数据处理装置(501 ), 其与所述的循环加解密数据处理 装置(4 )的输入端相接, 用于补充处理所述循环加解密数据处理装置(4 )未 完成的 据转换处理; 所述的第一附加加解密数据处理装置 (501 ) 包括: 第一附加数据寄存部件(101 ), 用于寄存外部数据;  The device for implementing the SMS4 encryption and decryption algorithm according to claim 1, further comprising: a first additional encryption and decryption data processing device (501), and the cyclic encryption/decryption data processing device (4) The input end is connected to supplement the data conversion processing of the cyclic encryption/decryption data processing device (4); the first additional encryption/decryption data processing device (501) includes: a first additional data registration unit (101), for registering external data;
第一附加数据转换部件组(21 ), 由一个数据转换部件、 或由二个或多个 依次串接的数据转换部件构成, 该第一附加数据转换部件组(21 )输入端接于 第一附加数据寄存部件 (101 )输出端、 该第一附加数据转换部件组(21 )输 出端接入循环加解密数据处理装置(4)输入端; The first additional data conversion component group (21) is composed of a data conversion component or two or more data conversion components sequentially connected in series, and the first additional data conversion component group (21) is input to the first terminal. An additional data registering component (101) output, the first additional data conversion component group (21) The output end of the loop access encryption and decryption data processing device (4);
第一附加常数阵列存储部件( 301 ),用于存储加解密处理所用的常数阵列 数据, 其输出端分别与所述第一附加数据转换部件组(21 )中的各数据转换部 件的输入端相接。  a first additional constant array storage unit (301) for storing constant array data for use in the encryption and decryption process, the output ends of which are respectively associated with the input ends of the respective data conversion components in the first additional data conversion component group (21) Pick up.
5.根据权利要求 4所述的实现 SMS4加解密算法的设备, 其特征在于: 所 述常数阵列存储部件(301)所存储的常数阵列数据满足下列条件:  The apparatus for implementing the SMS4 encryption and decryption algorithm according to claim 4, characterized in that: the constant array data stored by the constant array storage unit (301) satisfies the following conditions:
1) 密钥扩展处理所得到的结果数据;  1) result data obtained by key expansion processing;
2)按照地址高低顺序排列;  2) Arrange in order of address;
3)循环加解密数据处理装置(4) 中常数阵列存储部件 (3) 的常数阵列 数据宽度与深度的第一乘积, 第一附加加解密数据处理装置 (501) 中第一附 加常数阵列存储部件(301 ) 的常数阵列数据宽度与深度的第二乘积, 该第一 乘积与第二乘积之和为 1024; 所述第一附加常数阵列存储部件(301) 中常数 阵列数据的宽度为第一附加数据转换部件组(21 )中数据转换部件的个数乘以 32, 所述第一附加常数阵列存储部件(301) 中常数阵列数据的深度为 1。  3) a first product of a constant array data width and a depth of the constant array storage unit (3) in the cyclic encryption/decryption data processing device (4), and a first additional constant array storage unit in the first additional encryption/decryption data processing device (501) a second product of a constant array data width and a depth of (301), a sum of the first product and the second product is 1024; a width of the constant array data in the first additional constant array storage unit (301) is a first addition The number of data conversion sections in the data conversion component group (21) is multiplied by 32, and the depth of the constant array data in the first additional constant array storage section (301) is 1.
6.根据权利要求 1所述的实现 SMS4加解密算法的设备, 其特征在于, 还 包括: 第二附加加解密数据处理装置(502), 其与所述的循环加解密数据处理 装置(4)的输出端相接, 用于补充处理所述循环加解密数据处理装置(4)未 完成数据转换处理; 所述的第二附加加解密数据处理装置 (502) 包括:  The apparatus for implementing an SMS4 encryption/decryption algorithm according to claim 1, further comprising: a second additional encryption/decryption data processing device (502), and the cyclic encryption/decryption data processing device (4) And the output of the second encryption and decryption data processing device (502) is:
第二附加数据寄存部件(102), 用于寄存所述循环加解密数据处理(4) 处理的结果;  a second additional data registration unit (102) for registering a result of the cyclic encryption/decryption data processing (4) processing;
第二附加数据转换部件组(22), 由一个数据转换部件、 或由二个或多个 依次串接的数据转换部件构成, 该第二附加数据转换部件组(22)输入端接于 第二附加数据寄存部件(102)输出端、 该第二附加数据转换部件组(22)输 出端接入第二附加数据寄存部件(102)输入端;  The second additional data conversion component group (22) is composed of a data conversion component, or two or more data conversion components sequentially connected in series, and the second additional data conversion component group (22) is terminated at the second input. An output of the additional data registration unit (102), the output of the second additional data conversion unit group (22) is connected to the input end of the second additional data registration unit (102);
第二附加常数阵列存储部件( 302 ), 用于存储加解密处理所用的常数阵列 数据, 其输出端分别与所述第二附加数据转换部件组(22)中的各数据转换部 件的输入端相接。  a second additional constant array storage unit (302) for storing constant array data for encryption and decryption processing, the output ends of which are respectively associated with the input ends of the data conversion units of the second additional data conversion unit group (22) Pick up.
7.根据权利要求 6所述的实现 SMS4加解密算法的设备, 其特征在于: 所 述常数阵列存储部件(302)所存储的常数阵列数据满足下列条件: 1 )循环加解密数据处理装置(4)所用到的常数阵列数据; The apparatus for implementing an SMS4 encryption/decryption algorithm according to claim 6, wherein: the constant array data stored by the constant array storage unit (302) satisfies the following conditions: 1) cyclically encrypting and decrypting the constant array data used by the data processing device (4);
2)按照地址高^ ί氏顺序排列;  2) Arrange in the order of address high ^ ί;
3)循环加解密数据处理装置(4) 中常数阵列存储部件(3) 的常数阵列 数据宽度与深度的第三乘积, 第二附加加解密数据处理装置(502) 中第二附 加常数阵列存储部件 (302) 的常数阵列数据宽度与深度的第四乘积, 该第三 乘积与第四乘积之和为 1024; 所述第二附加常数阵列存储部件(302) 中常数 阵列数据的宽度为第二附加数据转换部件组( 22 )中数据转换部件的个数乘以 32, 所述第二附加常数阵列存储部件(302) 中常数阵列数据的深度为 1。  3) a third product of the constant array data width and depth of the constant array storage unit (3) in the cyclic encryption/decryption data processing device (4), and a second additional constant array storage unit in the second additional encryption/decryption data processing device (502) (302) a constant array data width and a fourth product of the depth, the sum of the third product and the fourth product is 1024; the width of the constant array data in the second additional constant array storage unit (302) is a second addition The number of data conversion sections in the data conversion component group (22) is multiplied by 32, and the depth of the constant array data in the second additional constant array storage section (302) is one.
8.根据权利要求 4所述的实现 SMS4加解密算法的设备, 其特征在于, 还 包括: 第二附加加解密数据处理装置(502), 其与所述的循环加解密数据处理 装置(4)的输出端相接, 用于补充处理所述循环加解密数据处理装置(4)未 完成数据转换处理; 所述的第二附加加解密数据处理装置 (502) 包括:  The device for implementing the SMS4 encryption and decryption algorithm according to claim 4, further comprising: a second additional encryption and decryption data processing device (502), and the cyclic encryption/decryption data processing device (4) And the output of the second encryption and decryption data processing device (502) is:
第二附加数据寄存部件(102), 用于寄存循环加解密数据处理(4)处理 的结果;  a second additional data registration unit (102) for registering a result of the cyclic encryption/decryption data processing (4) processing;
第二附加数据转换部件組(22), 由一个数据转换部件、 或由二个或多个 依次串接的数据转换部件构成, 该第二附加数据转换部件组(22)输入端接于 第二附加数据寄存部件( 102)输出端、、 该第二附加数据转换部件组(22)输 出端接入第二附加凄 t据寄存部件(102)输入端;  The second additional data conversion component group (22) is composed of a data conversion component, or two or more data conversion components sequentially connected in series, and the second additional data conversion component group (22) is terminated at the second input. An output of the additional data registering component (102), and an output of the second additional data conversion component group (22) is coupled to the input end of the second additional data register component (102);
第二附加常数阵列存储部件( 302 ), 用于存储加解密处理所用的常数阵列 数据, 其输出端分别与所述第二附加数据转换部件组(22)中的各数据转换部 件的输入端相接。  a second additional constant array storage unit (302) for storing constant array data for encryption and decryption processing, the output ends of which are respectively associated with the input ends of the data conversion units of the second additional data conversion unit group (22) Pick up.
9.根据权利要求 8所述的实现 SMS4加解密算法的设备, 其特征在于: 所 述第一附加常数阵列存储部件(301)和第二附加常数阵列存储部件(302)所 存储的常数阵列数据满足下列奈件:  9. The apparatus for implementing an SMS4 encryption and decryption algorithm according to claim 8, wherein: said constant array data stored by said first additional constant array storage unit (301) and said second additional constant array storage unit (302) Meet the following pieces:
1 )所述第一附加常数阵列存储部件( 301 )存储的是密钥扩展处理所得到 的结果数据; 所述第二附加常数阵列存储部件(302)存储的是密钥扩展处理 所得到的结果数据;  1) the first additional constant array storage unit (301) stores result data obtained by key expansion processing; and the second additional constant array storage unit (302) stores results obtained by key expansion processing. Data
2)按照地址高低顺序排列;  2) Arrange in order of address;
3)循环加解密数据处理装置(4) 中常数阵列存储部件(3) 的常数阵列 数据宽度与深度的第五乘积, 第一附加加解密数据处理装置 (501 ) 中第一附 加常数阵列存储部件(301 ) 的常数阵列数据宽度与深度的第六乘积, 第二附 加加解密数据处理装置( 502 )中笫二附加常数阵列存储部件(302 )的常数阵 列数据宽度与深度的第七乘积, 该第五乘积、 第六乘积、 及第七乘积三者之和 为 1024; 所述第一附加常数阵列存储部件(301 ) 中常数阵列数据的宽度为第 一附加数据转换部件组(21 ) 中数据转换部件的个数乘以 32, 所述第一附加 常数阵列存储部件(301 ) 中常数阵列数据的深度为 1 ; 所述第二附加常数阵 列存储部件 (302 ) 中常数阵列数据的宽度为第二附加数据转换部件组(22 ) 中数据转换部件的个数乘以 32, 所述第二附加常数阵列存储部件(302 ) 中常 数阵列数据的深度为 1。 3) Constant array of constant array storage unit (3) in the cyclic encryption/decryption data processing device (4) a fifth product of the data width and the depth, a sixth product of the constant array data width and the depth of the first additional constant array storage unit (301) in the first additional encryption/decryption data processing device (501), and a second additional encryption and decryption data processing a seventh product of a constant array data width and a depth of the second constant array storage unit (302) in the device (502), wherein the sum of the fifth product, the sixth product, and the seventh product is 1024; The width of the constant array data in an additional constant array storage unit (301) is the number of data conversion units in the first additional data conversion unit group (21) multiplied by 32, the first additional constant array storage unit (301) The depth of the constant array data is 1; the width of the constant array data in the second additional constant array storage unit (302) is the number of data conversion components in the second additional data conversion component group (22) multiplied by 32, The depth of the constant array data in the second additional constant array storage unit (302) is one.
10.根据权利要求 1或 5或 7所述的实现 SMS4加解密算法的设备, 其特 征在于: 所述的数据寄存部件 (1 )是在时钟上沿或下沿时刻将输入端数据传 至输出端、而其他时刻输出端数据不发生变化的数据暂存器件; 所述数据转换 部件组( 2 )、第一附加数据转换部件组( 21 )及第二附加数据转换部件组( 22 ) 中的数据转换部件是按照密码算法要求进行数据处理、操作中只有一次密码算 法所规定的合成置换的数据处理器件。  10. The apparatus for implementing an SMS4 encryption/decryption algorithm according to claim 1 or 5 or 7, wherein: said data registering component (1) transmits input data to an output at a time of a clock edge or a lower edge. a data temporary storage device in which the output data does not change at other times; in the data conversion component group (2), the first additional data conversion component group (21), and the second additional data conversion component group (22) The data conversion unit is a data processing device that performs data processing in accordance with a cryptographic algorithm and performs synthesis replacement as defined by only one cryptographic algorithm in the operation.
PCT/CN2007/001017 2006-03-31 2007-03-29 A device for implementing sms4 algorithm WO2007112672A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN 200610042608 CN100525183C (en) 2006-03-31 2006-03-31 Apparatus for realizing SMS4 enciphering and deciphering algorithm
CN200610042608.6 2006-03-31

Publications (1)

Publication Number Publication Date
WO2007112672A1 true WO2007112672A1 (en) 2007-10-11

Family

ID=38166186

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/001017 WO2007112672A1 (en) 2006-03-31 2007-03-29 A device for implementing sms4 algorithm

Country Status (2)

Country Link
CN (1) CN100525183C (en)
WO (1) WO2007112672A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100389554C (en) * 2006-07-31 2008-05-21 西安西电捷通无线网络通信有限公司 High-efficient encryption and decryption processing method for implementing SMS4 algorithm
CN100495961C (en) 2007-11-19 2009-06-03 西安西电捷通无线网络通信有限公司 Packet cipher algorithm based encryption processing method
CN103269482A (en) * 2010-09-06 2013-08-28 苏州国芯科技有限公司 Encryption method for wireless local area network

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6185304B1 (en) * 1998-02-23 2001-02-06 International Business Machines Corporation Method and apparatus for a symmetric block cipher using multiple stages
CN1845213A (en) * 2006-03-02 2006-10-11 西安西电捷通无线网络通信有限公司 Method for realizing encryption/decryption processing in SMS4 cipher algorithm

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6185304B1 (en) * 1998-02-23 2001-02-06 International Business Machines Corporation Method and apparatus for a symmetric block cipher using multiple stages
CN1845213A (en) * 2006-03-02 2006-10-11 西安西电捷通无线网络通信有限公司 Method for realizing encryption/decryption processing in SMS4 cipher algorithm

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
SHEN H. AND GAN M.: "The Implementation of Rijndael Cipher Algorithm in Low-cost FPGAs", COMPUTER ENGINEERING AND APPLICATIONS, no. 22, 1 August 2004 (2004-08-01), pages 116 - 119, 134 *
WU Y. AND DUAN B.: "Design and Application of AES Cipher Calculation Component", COMPUTER ENGINEERING, vol. 31, no. 21, 5 November 2005 (2005-11-05), pages 181 - 183, 186 *

Also Published As

Publication number Publication date
CN1983925A (en) 2007-06-20
CN100525183C (en) 2009-08-05

Similar Documents

Publication Publication Date Title
WO2007098687A1 (en) Encryption and decryption processing method of achieving sms4 cryptographic algorithm and system thereof
US7043017B2 (en) Key stream cipher device
CN111082925B (en) Embedded system encryption protection device and method based on AES algorithm and PUF technology
CN101431405B (en) DES encrypted method and its hardware circuit implementing method
CN108183790B (en) AES encryption device, chip and system
CN105916141A (en) Self-synchronizing realization system and self-synchronizing realization method for Zu Chongzhi encryption and decryption algorithm
WO2007112672A1 (en) A device for implementing sms4 algorithm
CN102411683A (en) Cache-based AES (Advanced Encryption Standard) accelerator suitable for embedded system
WO2008017261A1 (en) High-efficient encryption and decryption processing method for implementing sms4 algorithm
CN110120867A (en) A kind of implementation method of the AES hardware encryption system based on quantum reversible link
CN104219045A (en) RC4 (Rivest cipher 4) stream cipher generator
CN108494547B (en) AES encryption system and chip
US20040096059A1 (en) Encryption apparatus with parallel Data Encryption Standard (DES) structure
CN112287333B (en) Lightweight adjustable block cipher realization method, system, electronic equipment and readable storage medium
WO2020037981A1 (en) Dual s-core-based 8-bit aes circuit
WO2009034393A1 (en) Aes-encryption apparatus and method
CN111510296A (en) SM4/AES dual-mode encryption circuit
RU2503135C1 (en) Method for cryptographic transformation of information and apparatus for realising said method
WO2008017260A1 (en) High efficient encryption and decryption processing device for implementing sms4 algorithm
KR20110105678A (en) Encryption method and encryption device using differential fault analysis in round key generation of data encryption standard
Palka et al. Design Flow of Blowfish Symmetric-Key Block Cipher on FPGA
ES2293665T3 (en) METHOD FOR THE CRYPTOGRAPHIC CONVERSION OF INPUT BLOCKS OF L DIGITAL DATA INFORMATION BITS IN OUTPUT BLOCKS OF L BITS.
JP2003288009A (en) Cryptograph system and data transfer controller
CN212115336U (en) SM4/AES dual-mode encryption circuit
CN201178468Y (en) AES algorithm ciphering apparatus and digital television frontend bidirectional authentication system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07720591

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07720591

Country of ref document: EP

Kind code of ref document: A1