+

CN105472602A - Encryption device and encryption method - Google Patents

Encryption device and encryption method Download PDF

Info

Publication number
CN105472602A
CN105472602A CN201410413320.XA CN201410413320A CN105472602A CN 105472602 A CN105472602 A CN 105472602A CN 201410413320 A CN201410413320 A CN 201410413320A CN 105472602 A CN105472602 A CN 105472602A
Authority
CN
China
Prior art keywords
data
encryption
encrypted
processing module
parameter
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410413320.XA
Other languages
Chinese (zh)
Inventor
万贤明
冯奎景
周阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sanechips Technology Co Ltd
Original Assignee
Shenzhen ZTE Microelectronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen ZTE Microelectronics Technology Co Ltd filed Critical Shenzhen ZTE Microelectronics Technology Co Ltd
Priority to CN201410413320.XA priority Critical patent/CN105472602A/en
Priority to PCT/CN2015/074127 priority patent/WO2016026287A1/en
Publication of CN105472602A publication Critical patent/CN105472602A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

本发明实施例公开了一种加密装置及方法;其中,所述加密方法包括:获取第一参数;所述第一参数包括:密钥、加密参数、源地址、目的地址以及数据长度;根据所述第一参数中的密钥及加密参数生成密钥流;读入待加密的数据,将所述待加密的数据和所述密钥流按第一加密方式进行处理,获得加密数据,输出所述加密数据。

The embodiment of the present invention discloses an encryption device and method; wherein, the encryption method includes: obtaining a first parameter; the first parameter includes: a key, an encryption parameter, a source address, a destination address, and a data length; according to the The key in the first parameter and the encryption parameter generate a key stream; read in the data to be encrypted, process the data to be encrypted and the key stream according to the first encryption method, obtain encrypted data, and output the the encrypted data.

Description

一种加密装置及加密方法An encryption device and encryption method

技术领域technical field

本发明涉及无线通信技术,具体涉及一种加密装置及方法。The present invention relates to wireless communication technology, in particular to an encryption device and method.

背景技术Background technique

无线通信系统正广泛应用于语音、视频、数据等各种类型的通信中,对所传输的数据进行完整性计算是一种保护数据安全、防止非授权篡改的有效手段。Wireless communication systems are widely used in various types of communications such as voice, video, and data. Computing the integrity of transmitted data is an effective means to protect data security and prevent unauthorized tampering.

在长期演进(LTE,LongTermEvolution)通信系统中,为满足高速、安全的数据传输,出现了EIA3完整性算法。In a Long Term Evolution (LTE, Long Term Evolution) communication system, in order to meet high-speed and secure data transmission, an EIA3 integrity algorithm appears.

EIA3完整性算法是祖冲之算法集之一;祖冲之算法集是由中国学者自主设计的加密和完整性算法,包括祖冲之(ZUC)算法、加密算法128-EEA3和完整性算法128-EIA3。这套算法集已被认可为LTE无线通信的第三套国际加密和完整性标准的算法。The EIA3 integrity algorithm is one of the Zu Chongzhi algorithm sets; the Zu Chongzhi algorithm set is an encryption and integrity algorithm independently designed by Chinese scholars, including Zu Chongzhi (ZUC) algorithm, encryption algorithm 128-EEA3 and integrity algorithm 128-EIA3. This set of algorithms has been approved as the third set of algorithms for international encryption and integrity standards for LTE wireless communications.

但是,现有技术中只提出了算法原理和软件实现;而在实际应用的LTE通信系统中,数据传输速率很高,通过ZUC算法产生密钥流的计算过程非常复杂,并且需要将数据从存储器中读出,通过产生的密钥流与数据进行完整性计算后,再将数据存入存储器中;整个过程仅凭软件是无法实现处理需求的。而目前尚未提出一种能够支持ZUC算法加密的硬件系统。However, only the algorithm principle and software implementation are proposed in the prior art; and in the practical LTE communication system, the data transmission rate is very high, the calculation process of generating the key stream by the ZUC algorithm is very complicated, and the data needs to be transferred from the memory After the data is read out, the integrity calculation is performed through the generated key stream and data, and then the data is stored in the memory; the whole process cannot be realized by software alone. However, a hardware system capable of supporting ZUC algorithm encryption has not yet been proposed.

发明内容Contents of the invention

为解决现有存在的技术问题,本发明实施例提供一种加密装置及方法,能够解决通过ZUC算法进行加密无硬件系统支持的问题。In order to solve the existing technical problems, the embodiment of the present invention provides an encryption device and method, which can solve the problem that the ZUC algorithm is used for encryption without hardware system support.

为达到上述目的,本发明实施例的技术方案是这样实现的:In order to achieve the above object, the technical solution of the embodiment of the present invention is achieved in this way:

本发明实施例提供了一种加密装置,所述加密装置包括:数据存储模块、密钥流处理模块和加密处理模块;其中,An embodiment of the present invention provides an encryption device, which includes: a data storage module, a key stream processing module, and an encryption processing module; wherein,

所述数据存储模块,用于获取第一参数,在满足第一预设条件时,将所述第一参数中的密钥及加密参数发送至所述密钥流处理模块;所述第一参数包括:密钥、加密参数、源地址、目的地址以及数据长度;还用于根据所述第一参数中的源地址及数据长度读入待加密的数据,将所述待加密的数据发送至所述加密处理模块;还用于根据所述第一参数中的目的地址及数据长度接收所述加密处理模块发送的加密数据,输出所述加密数据;The data storage module is configured to obtain a first parameter, and when a first preset condition is met, send the key and encryption parameters in the first parameter to the key stream processing module; the first parameter Including: key, encryption parameter, source address, destination address and data length; it is also used to read in the data to be encrypted according to the source address and data length in the first parameter, and send the data to be encrypted to the The encryption processing module; also used for receiving the encrypted data sent by the encryption processing module according to the destination address and data length in the first parameter, and outputting the encrypted data;

所述密钥流处理模块,用于接收所述数据存储模块发送的所述第一参数中的密钥及加密参数,根据所述密钥及加密参数生成密钥流,将所述密钥流发送至所述加密处理模块;The key stream processing module is configured to receive the key and encryption parameters in the first parameter sent by the data storage module, generate a key stream according to the key and encryption parameters, and convert the key stream to sent to the encryption processing module;

所述加密处理模块,用于接收所述数据存储模块发送的所述待加密的数据和所述密钥流处理模块发送的所述密钥流,将所述待加密的数据和所述密钥流按第一加密方式进行处理,获得加密数据,将所述加密数据发送至所述数据存储模块。The encryption processing module is configured to receive the data to be encrypted sent by the data storage module and the key stream sent by the key stream processing module, and convert the data to be encrypted and the key The stream is processed according to the first encryption method to obtain encrypted data, and the encrypted data is sent to the data storage module.

上述方案中,所述数据存储模块包括:总线从处理模块、有限状态机(FSM,FiniteStateMachine)控制模块、总线主处理模块;其中,In the above scheme, the data storage module includes: a bus slave processing module, a finite state machine (FSM, FiniteStateMachine) control module, and a bus master processing module; wherein,

所述总线从处理模块,用于获取第一参数,将所述第一参数发送至所述FSM控制模块;所述第一参数包括:密钥、加密参数、源地址、目的地址以及数据长度信息;The bus slave processing module is used to obtain a first parameter, and send the first parameter to the FSM control module; the first parameter includes: key, encryption parameter, source address, destination address and data length information ;

所述FSM控制模块,用于根据所述总线从处理模块发送的第一参数,在满足第一预设条件时,将所述密钥和加密参数发送至所述密钥流处理模块,将所述源地址、目的地址及数据长度信息发送至所述总线主处理模块;The FSM control module is configured to send the key and encryption parameters to the key stream processing module when the first preset condition is met according to the first parameter sent by the bus from the processing module, and send the Send the source address, destination address and data length information to the main bus processing module;

所述总线主处理模块,用于根据所述FSM控制模块发送的所述源地址及数据长度信息,读入待加密的数据,将所述待加密的数据发送至所述加密处理模块;还用于根据所述FSM控制模块发送的所述目的地址及数据长度信息,接收所述加密处理模块发送的加密数据,输出所述加密数据。The main bus processing module is used to read the data to be encrypted according to the source address and data length information sent by the FSM control module, and send the data to be encrypted to the encryption processing module; Receive the encrypted data sent by the encryption processing module according to the destination address and data length information sent by the FSM control module, and output the encrypted data.

上述方案中,所述总线主处理模块包括:第一缓存模块和第二缓存模块;其中,In the above solution, the bus master processing module includes: a first cache module and a second cache module; wherein,

所述第一缓存模块,用于根据所述FSM控制模块发送的所述源地址及数据长度信息,读入待加密的数据,并在满足第二预设条件时将所述待加密的数据发送至所述加密处理模块;The first cache module is configured to read in the data to be encrypted according to the source address and data length information sent by the FSM control module, and send the data to be encrypted when a second preset condition is met to the encryption processing module;

所述第二缓存模块,用于根据所述FSM控制模块发送的所述目的地址及数据长度信息,接收所述加密处理模块发送的加密数据,并在满足第三预设条件时输出所述加密数据。The second cache module is configured to receive the encrypted data sent by the encryption processing module according to the destination address and data length information sent by the FSM control module, and output the encrypted data when a third preset condition is met. data.

上述方案中,所述总线主处理模块采用的接口包括但不限于AXI主接口或AHB主接口。In the above solution, the interface adopted by the bus master processing module includes but is not limited to an AXI master interface or an AHB master interface.

上述方案中,所述总线从处理模块采用的接口包括但不限于AXI从接口或AHB从接口。In the above solution, the interface adopted by the bus slave processing module includes but is not limited to an AXI slave interface or an AHB slave interface.

上述方案中,所述密钥流处理模块,用于根据所述密钥及加密参数并行生成多路密钥流。In the above solution, the key stream processing module is configured to generate multiple key streams in parallel according to the key and encryption parameters.

本发明实施例还提供了一种加密方法,所述方法包括:The embodiment of the present invention also provides an encryption method, the method comprising:

获取第一参数;所述第一参数包括:密钥、加密参数、源地址、目的地址以及数据长度;Obtain a first parameter; the first parameter includes: a key, an encryption parameter, a source address, a destination address, and a data length;

根据所述第一参数中的密钥及加密参数生成密钥流;generating a key stream according to the key and encryption parameters in the first parameter;

读入待加密的数据,将所述待加密的数据和所述密钥流按第一加密方式进行处理,获得加密数据,输出所述加密数据。Reading in the data to be encrypted, processing the data to be encrypted and the key stream according to a first encryption method to obtain encrypted data, and outputting the encrypted data.

上述方案中,所述根据所述第一参数中的密钥及加密参数生成密钥流,包括:根据所述第一参数中的密钥及加密参数并行生成多路密钥流。In the above solution, the generating a key stream according to the key and encryption parameters in the first parameter includes: parallelly generating multiple key streams according to the key and encryption parameters in the first parameter.

上述方案中,所述获取第一参数,包括:采用包括但不限于的AXI主接口或AHB主接口获取第一参数。In the above solution, the acquiring the first parameter includes: acquiring the first parameter by using an AXI master interface or an AHB master interface including but not limited to.

上述方案中,所述读入待加密的数据,包括:采用包括但不限于的AXI主接口或AHB主接口读入待加密的数据;In the above scheme, the reading of the data to be encrypted includes: reading the data to be encrypted by using an AXI master interface or an AHB master interface including but not limited to;

相应的,所述输出所述加密数据,包括:采用包括但不限于的AXI主接口或AHB主接口输出所述加密数据。Correspondingly, the outputting the encrypted data includes: outputting the encrypted data by using an AXI master interface or an AHB master interface including but not limited to.

本发明实施例提供的加密装置及方法,所述加密装置包括:数据存储模块、密钥流处理模块和加密处理模块;所述数据存储模块,用于获取第一参数,在满足第一预设条件时,将所述第一参数中的密钥及加密参数发送至所述密钥流处理模块;所述第一参数包括:密钥、加密参数、源地址、目的地址以及数据长度;还用于根据所述第一参数中的源地址及数据长度读入待加密的数据,将所述待加密的数据发送至所述加密处理模块;还用于根据所述第一参数中的目的地址及数据长度接收所述加密处理模块发送的加密数据,输出所述加密数据;所述密钥流处理模块,用于接收所述数据存储模块发送的所述第一参数中的密钥及加密参数,根据所述密钥及加密参数生成密钥流,将所述密钥流发送至所述加密处理模块;所述加密处理模块,用于接收所述数据存储模块发送的所述待加密的数据和所述密钥流处理模块发送的所述密钥流,将所述待加密的数据和所述密钥流按第一加密方式进行处理,获得加密数据,将所述加密数据发送至所述数据存储模块。采用本发明实施例的技术方案,提出了一种通过ZUC算法进行加密的硬件系统,解决了现有技术中ZUC算法无硬件系统支持的问题;并且,本发明实施例提供的技术方案实现了对数据进行高速、高效的处理,解决了原有的ZUC算法处理效率低下,不适于硬件系统实现的问题,同时尽可能的降低了功耗,大大提升了数据处理速度。The encryption device and method provided by the embodiments of the present invention, the encryption device includes: a data storage module, a key stream processing module, and an encryption processing module; the data storage module is used to obtain the first parameter, and the first preset is satisfied condition, send the key and encryption parameter in the first parameter to the key stream processing module; the first parameter includes: key, encryption parameter, source address, destination address, and data length; Read in the data to be encrypted according to the source address and data length in the first parameter, and send the data to be encrypted to the encryption processing module; The data length receives the encrypted data sent by the encryption processing module, and outputs the encrypted data; the key stream processing module is used to receive the key and the encryption parameter in the first parameter sent by the data storage module, Generate a key stream according to the key and encryption parameters, and send the key stream to the encryption processing module; the encryption processing module is configured to receive the data to be encrypted and the data to be encrypted sent by the data storage module The key stream sent by the key stream processing module processes the data to be encrypted and the key stream according to a first encryption method to obtain encrypted data, and sends the encrypted data to the data storage module. By adopting the technical solution of the embodiment of the present invention, a hardware system for encrypting by the ZUC algorithm is proposed, which solves the problem that the ZUC algorithm has no hardware system support in the prior art; and, the technical solution provided by the embodiment of the present invention realizes the The high-speed and efficient data processing solves the problem that the original ZUC algorithm has low processing efficiency and is not suitable for hardware system implementation. At the same time, the power consumption is reduced as much as possible, and the data processing speed is greatly improved.

附图说明Description of drawings

图1为本发明实施例的加密装置的第一种组成结构示意图;FIG. 1 is a schematic diagram of a first compositional structure of an encryption device according to an embodiment of the present invention;

图2为本发明实施例的加密装置的第二种组成结构示意图;FIG. 2 is a schematic diagram of a second composition structure of an encryption device according to an embodiment of the present invention;

图3为本发明实施例中密钥流生成过程中的初始化过程的逻辑示意图;FIG. 3 is a logical schematic diagram of an initialization process in a key stream generation process in an embodiment of the present invention;

图4为本发明实施例中密钥流生成过程的逻辑示意图;FIG. 4 is a logical schematic diagram of a key stream generation process in an embodiment of the present invention;

图5为本发明实施例的加密方法的流程示意图。FIG. 5 is a schematic flowchart of an encryption method according to an embodiment of the present invention.

具体实施方式detailed description

下面结合附图及具体实施例对本发明作进一步详细的说明。The present invention will be described in further detail below in conjunction with the accompanying drawings and specific embodiments.

本发明实施例提供了一种加密装置;图1为本发明实施例的加密装置的第一种组成结构示意图;如图1所示,所述加密装置包括:数据存储模块11、密钥流处理模块12和加密处理模块13;其中,The embodiment of the present invention provides an encryption device; FIG. 1 is a schematic diagram of the first composition structure of the encryption device according to the embodiment of the present invention; as shown in FIG. 1 , the encryption device includes: a data storage module 11, a key stream processing Module 12 and encryption processing module 13; Wherein,

所述数据存储模块11,用于获取第一参数,在满足第一预设条件时,将所述第一参数中的密钥及加密参数发送至所述密钥流处理模块12;所述第一参数包括:密钥、加密参数、源地址、目的地址以及数据长度;还用于根据所述第一参数中的源地址及数据长度读入待加密的数据,将所述待加密的数据发送至所述加密处理模块13;还用于根据所述第一参数中的目的地址及数据长度接收所述加密处理模块13发送的加密数据,输出所述加密数据;The data storage module 11 is configured to obtain a first parameter, and when a first preset condition is met, send the key and encryption parameters in the first parameter to the key stream processing module 12; the second A parameter includes: a key, an encryption parameter, a source address, a destination address, and a data length; it is also used to read in data to be encrypted according to the source address and data length in the first parameter, and send the data to be encrypted To the encryption processing module 13; also for receiving the encrypted data sent by the encryption processing module 13 according to the destination address and data length in the first parameter, and outputting the encrypted data;

所述密钥流处理模块12,用于接收所述数据存储模块11发送的所述第一参数中的密钥及加密参数,根据所述密钥及加密参数生成密钥流,将所述密钥流发送至所述加密处理模块13;The key stream processing module 12 is configured to receive the key and encryption parameters in the first parameter sent by the data storage module 11, generate a key stream according to the key and encryption parameters, and convert the encryption The key stream is sent to the encryption processing module 13;

所述加密处理模块13,用于接收所述数据存储模块11发送的所述待加密的数据和所述密钥流处理模块12发送的所述密钥流,将所述待加密的数据和所述密钥流按第一加密方式进行处理,获得加密数据,将所述加密数据发送至所述数据存储模块11。The encryption processing module 13 is configured to receive the data to be encrypted sent by the data storage module 11 and the key stream sent by the key stream processing module 12, and convert the data to be encrypted and the The key stream is processed according to the first encryption method to obtain encrypted data, and the encrypted data is sent to the data storage module 11 .

图2为本发明实施例的加密装置的第二种组成结构示意图;如图2所示,具体的,所述数据存储模块包括:总线从处理模块111、FSM控制模块112、总线主处理模块113;其中,FIG. 2 is a schematic diagram of the second composition structure of the encryption device according to the embodiment of the present invention; as shown in FIG. 2 , specifically, the data storage module includes: a bus slave processing module 111, an FSM control module 112, and a bus master processing module 113 ;in,

所述总线从处理模块111,用于获取第一参数,将所述第一参数发送至所述FSM控制模块112;所述第一参数包括:密钥、加密参数、源地址、目的地址以及数据长度信息;The bus slave processing module 111 is configured to obtain a first parameter, and send the first parameter to the FSM control module 112; the first parameter includes: a key, an encryption parameter, a source address, a destination address, and data length information;

所述FSM控制模块112,用于根据所述总线从处理模块111发送的第一参数,在满足第一预设条件时,将所述密钥和加密参数发送至所述密钥流处理模块12,将所述源地址、目的地址及数据长度信息发送至所述总线主处理模块113;The FSM control module 112 is configured to send the key and encryption parameters to the key stream processing module 12 when a first preset condition is met according to the first parameter sent by the bus from the processing module 111 , sending the source address, destination address and data length information to the bus main processing module 113;

所述总线主处理模块113,用于根据所述FSM控制模块112发送的所述源地址及数据长度信息,读入待加密的数据,将所述待加密的数据发送至所述加密处理模块13;还用于根据所述FSM控制模块112发送的所述目的地址及数据长度信息,接收所述加密处理模块13发送的加密数据,输出所述加密数据。The main bus processing module 113 is configured to read the data to be encrypted according to the source address and data length information sent by the FSM control module 112, and send the data to be encrypted to the encryption processing module 13 ; It is also used to receive the encrypted data sent by the encryption processing module 13 according to the destination address and data length information sent by the FSM control module 112, and output the encrypted data.

结合图1和图2所示的加密装置,具体的,所述总线从处理模块111是控制侧的接口模块,用于获取用于加密处理所需的各种参数,在本实施例中,所述参数为第一参数,具体包括:密钥、加密参数、源地址、目的地址以及数据长度信息;其中,所述源地址为所述数据存储模块11读入待加密的数据的缓存地址;所述目的地址为所述数据存储模块11接收到的加密数据的缓存地址。优选地,所述总线从处理模块111采用的接口包括但不限于AXI从接口或AHB从接口。In conjunction with the encryption device shown in Figures 1 and 2, specifically, the bus slave processing module 111 is an interface module on the control side, and is used to obtain various parameters required for encryption processing. In this embodiment, the The parameter is the first parameter, which specifically includes: key, encryption parameter, source address, destination address and data length information; wherein, the source address is the buffer address of the data to be encrypted read by the data storage module 11; the The destination address is the cache address of the encrypted data received by the data storage module 11 . Preferably, the interface adopted by the bus slave processing module 111 includes but not limited to an AXI slave interface or an AHB slave interface.

所述FSM控制模块112是所述加密装置的控制中心;在实际应用中,所述加密装置中的各处理模块(具体包括:总线主处理模块113、密钥流处理模块12、加密处理模块13)设置定时器时钟,并在上述每个处理模块的定时器时钟开启时,确定上述处理模块处于工作模式,即满足所述第一预设条件;此时,所述FSM控制模块112将所述密钥和加密参数发送至所述密钥流处理模块12,以使所述密钥流处理模块12根据所述密钥和所述加密参数生成密钥流;将所述源地址、目的地址及数据长度信息发送至所述总线主处理模块113,以使所述总线主处理模块113启动从外部存储器读入待加密的数据;Described FSM control module 112 is the control center of described encryption device; ) to set the timer clock, and when the timer clock of each of the above-mentioned processing modules is turned on, it is determined that the above-mentioned processing modules are in the working mode, that is, the first preset condition is met; at this time, the FSM control module 112 will The key and encryption parameters are sent to the key stream processing module 12, so that the key stream processing module 12 generates a key stream according to the key and the encryption parameters; the source address, destination address and The data length information is sent to the bus main processing module 113, so that the bus main processing module 113 starts to read in the data to be encrypted from the external memory;

具体的,所述总线主处理模块113包括:第一缓存模块和第二缓存模块;其中,Specifically, the bus master processing module 113 includes: a first cache module and a second cache module; wherein,

所述第一缓存模块,用于根据所述FSM控制模块112发送的所述源地址及数据长度信息,读入待加密的数据,并在满足第二预设条件时将所述待加密的数据发送至所述加密处理模块13;The first cache module is configured to read in the data to be encrypted according to the source address and data length information sent by the FSM control module 112, and store the data to be encrypted when a second preset condition is met. Send to the encryption processing module 13;

所述第二缓存模块,用于根据所述FSM控制模块112发送的所述目的地址及数据长度信息,接收所述加密处理模块13发送的加密数据,并在满足第三预设条件时输出所述加密数据。The second cache module is configured to receive the encrypted data sent by the encryption processing module 13 according to the destination address and data length information sent by the FSM control module 112, and output the encrypted data when the third preset condition is satisfied. the encrypted data.

具体的,所述总线主处理模块113启动从外部存储器读入待加密的数据,根据所述FSM控制模块112发送的所述源地址及数据长度信息,将所述待加密的数据写入所述第一缓存模块,当所述第一缓存模块没有写满或者所述待加密的数据没有全部读入时,就不断从外部存储器读入所述待加密的数据,直至所述第一缓存模块写满或者所述待加密的数据全部读入,则在本实施例中,所述第二预设条件为所述待加密的数据全部读入或者所述第一缓存模块写满时,将所述待加密的数据发送至所述加密处理模块13;所述总线主处理模块113还根据所述FSM控制模块112发送的所述目的地址及数据长度信息,将所述加密数据写入所述第二缓存模块,当所述第二缓存模块没有写满或者所述加密数据没有全部读入时,继续写入所述加密数据,直至所述第二缓存模块写满或者所述加密数据全部写入,则在本实施例中,所述第三预设条件为所述加密数据全部写入或者所述第二缓存模块写满时,将所述加密数据输出至外部存储器。Specifically, the bus main processing module 113 starts to read the data to be encrypted from the external memory, and writes the data to be encrypted into the The first cache module, when the first cache module is not fully written or the data to be encrypted is not all read in, it continuously reads the data to be encrypted from the external memory until the first cache module writes is full or all the data to be encrypted is read in, then in this embodiment, the second preset condition is that when all the data to be encrypted is read in or the first cache module is full, the The data to be encrypted is sent to the encryption processing module 13; the bus main processing module 113 also writes the encrypted data into the second The cache module, when the second cache module is not full or the encrypted data is not all read in, continue to write the encrypted data until the second cache module is full or the encrypted data is all written, Then in this embodiment, the third preset condition is that when all the encrypted data is written or the second cache module is full, the encrypted data is output to the external memory.

具体的,在本实施例中,所述总线主处理模块113采用的接口包括但不限于AXI主接口或AHB主接口;具体的,所述总线主处理模块113可采用AMBA3.0的AXImaster接口,便于数据的读写操作,极大的提高了数据存储的速度。Specifically, in this embodiment, the interface adopted by the bus master processing module 113 includes but is not limited to an AXI master interface or an AHB master interface; specifically, the bus master processing module 113 can adopt the AXImaster interface of AMBA3.0, It is convenient for data read and write operations, which greatly improves the speed of data storage.

所述密钥流处理模块12,具体用于根据所述FSM控制模块112发送的所述秘钥和加密参数生成密钥流。具体的,生成秘钥流的过程分为初始化阶段和密钥流产生阶段两个部分。图3为本发明实施例中密钥流生成过程中的初始化过程的逻辑示意图;图4为本发明实施例中密钥流生成过程的逻辑示意图;如图3和图4所示,所述密钥流处理模块12由三个逻辑层次组成:顶层是16级的线性反馈移位寄存器(LFSR)31,中间层是比特重组(BR)32,底层是非线性函数(F)层33。其中,所述LFSR31由S0~S15等16个31位寄存器组成;所述BR32从所述LFSR31的寄存器中抽取128位组成4个32比特(bit)字(X0、X1、X2和X3),前三个32bit字X0~X2用于所述F层33,最后一个字X3用于产生密钥流;其中,所述F层33由2个32位寄存器R1和R2组成,输出为32位字W。The key stream processing module 12 is specifically configured to generate a key stream according to the secret key and encryption parameters sent by the FSM control module 112 . Specifically, the process of generating the key stream is divided into two parts: an initialization phase and a key stream generation phase. Fig. 3 is a logical schematic diagram of the initialization process in the key stream generation process in the embodiment of the present invention; Fig. 4 is a logical schematic diagram of the key stream generation process in the embodiment of the present invention; as shown in Fig. 3 and Fig. 4, the key The key stream processing module 12 is composed of three logical levels: the top level is a 16-level linear feedback shift register (LFSR) 31 , the middle level is a bit reorganization (BR) 32 , and the bottom level is a nonlinear function (F) level 33 . Wherein, the LFSR31 is composed of 16 31-bit registers such as S 0 to S 15 ; the BR32 extracts 128 bits from the registers of the LFSR31 to form four 32-bit (bit) words (X 0 , X 1 , X 2 and X 3 ), the first three 32-bit words X 0 to X 2 are used for the F layer 33, and the last word X 3 is used to generate the key stream; wherein, the F layer 33 consists of two 32-bit registers R 1 and R 2 , the output is a 32-bit word W.

产生密钥流的过程分为两部分,首先是初始化阶段,如图3所示,利用所述FSM控制模块112发送的所述密钥(KEY)、所述加密参数及常数串D经过一定的变换写入LFSR的寄存器S0~S15,其中,所述加密参数包括:COUNT、BEARER、DIRECTION;所述寄存器R1和R2初始化为0,且所述F层33的输出W移位后反馈给所述LFSR31。以下过程重复循环执行32次:将寄存器S15的高位(第30~15位)和寄存器S14的低位(第15~0位)重组成X0,将寄存器S11的低位和寄存器S9的高位重组成X1,将寄存器S7的低位和寄存器S5的高位重组成X2,将寄存器S2的低位和寄存器S0的高位重组成X3;所述F层33对来自所述BR32的X1与寄存器R1进行模32加赋给W1,对来自所述BR32的X2与寄存器R2进行异或赋给W2;将W1的低位和W2的高位重组后先进行L1线性变换后进行S盒变换赋给寄存器R1,将W2的低位和W1的高位重组后先进行L2线性变换后进行S盒变换赋给寄存器R2;将X0与R1异或后再与R2进行模32加赋给W,将W右移1位后送到所述LFSR31至寄存器S0,将寄存器S0循环左移8位,将寄存器S4循环左移20位,将寄存器S10循环左移21位,将寄存器S13循环左移17位,将寄存器S15循环左移15位相加后模(231-1)赋给寄存器S16,将寄存器S16赋给寄存器S15,将寄存器S15赋给寄存器S14,以此类推,直到寄存器S1赋给寄存器S0,完成一次循环。The process of generating the key stream is divided into two parts, at first is the initialization stage, as shown in Figure 3, utilizes the described key (KEY) that described FSM control module 112 sends, described encryption parameter and constant string D to pass through certain Transform and write to the registers S 0 ~ S 15 of the LFSR, wherein the encryption parameters include: COUNT, BEARER, DIRECTION; the registers R 1 and R 2 are initialized to 0, and the output W of the F layer 33 is shifted feedback to the LFSR31. The following process is repeated 32 times: reorganize the high bit (bit 30-15) of register S 15 and the low bit (bit 15-0) of register S 14 into X 0 , combine the low bit of register S 11 and the low bit of register S 9 The high bits are reorganized into X 1 , the low bits of register S 7 and the high bits of register S 5 are reorganized into X 2 , the low bits of register S 2 and the high bits of register S 0 are reorganized into X 3 ; the F layer 33 pair comes from the BR32 Modulo 32 addition of X 1 and register R 1 is assigned to W 1 , X 2 from the BR32 and register R 2 is XORed and assigned to W 2 ; the low bits of W 1 and the high bits of W 2 are recombined first After the linear transformation of L 1 , carry out S-box transformation and assign it to register R 1 , after reorganizing the low bits of W 2 and the high bits of W 1 , first perform L 2 linear transformation and then perform S-box transformation and assign it to register R 2 ; put X 0 and R 1 Exclusive OR and then perform modulo 32 addition with R 2 and assign it to W, shift W to the right by 1 bit and send it to the LFSR31 to register S 0 , shift register S 0 to the left by 8 bits, and register S 4 to the left by 20 bit, shift register S 10 to the left by 21 bits, register S 13 to the left by 17 bits, register S 15 to the left by 15 bits and add the modulus (2 31 -1) to register S 16 , and register S to 16 is assigned to register S 15 , register S 15 is assigned to register S 14 , and so on, until register S 1 is assigned to register S 0 , and a cycle is completed.

在初始化阶段完成之后,开始生成密钥流。如图4所示。将寄存器S15的高位(30~15位)和寄存器S14的低位(15~0位)重组成X0,将寄存器S11的低位和寄存器S9的高位重组成X1,将寄存器S7的低位和寄存器S5的高位重组成X2,将寄存器S2的低位和寄存器S0的高位重组成X3;所述F层33对来自所述BR32的X1与寄存器R1进行模32加赋给W1,对来自所述BR32的X2与寄存器R2进行异或赋给W2;将W1的低位和W2的高位重组后先进行L1线性变换后进行S盒变换赋给寄存器R1,将W2的低位和W1的高位重组后先进行L2线性变换后进行S盒变换赋给寄存器R2;将X0与寄存器R1异或后再与寄存器R2进行模32加赋给W,丢弃这个值;同时将寄存器S0循环左移8位,将寄存器S4循环左移20位,将寄存器S10循环左移21位,将寄存器S13循环左移17位,将寄存器S15循环左移15位相加后模(231-1)赋给寄存器S16,将寄存器S16赋给寄存器S15,将寄存器S15赋给寄存器S14,以此类推,直到将寄存器S1赋给寄存器S0。重复以下步骤,以不断产生秘钥流:将寄存器S15的高位(30~15位)和寄存器S14的低位(15~0位)重组成X0,将寄存器S11的低位和寄存器S9的高位重组成X1,将寄存器S7的低位和寄存器S5的高位重组成X2,将寄存器S2的低位和寄存器S0的高位重组成X3;所述F层33对来自所述BR32的X1与寄存器R1进行模32加赋给W1,对来自所述BR32的X2与寄存器R2进行异或赋给W2;将W1的低位和W2的高位重组后先进行L1线性变换后进行S盒变换赋给寄存器R1,将W2的低位和W1的高位重组后先进行L2线性变换后进行S盒变换赋给寄存器R2;将X0与寄存器R1异或后再与寄存器R2进行模32加赋给W,将W与X3异或产生秘钥流;同时将寄存器S0循环左移8位,将寄存器S4循环左移20位,将寄存器S10循环左移21位,将寄存器S13循环左移17位,将寄存器S15循环左移15位相加后模(231-1)赋给寄存器S16,将寄存器S16赋给寄存器S15,将寄存器S15赋给寄存器S14,以此类推,直至将寄存器S1赋给寄存器S0After the initialization phase is complete, keystream generation begins. As shown in Figure 4. Reorganize the high bits (30~15 bits) of register S 15 and the low bits (15~0 bits) of register S 14 into X 0 , reorganize the low bits of register S 11 and the high bits of register S 9 into X 1 , and reorganize register S 7 The low bits of register S 5 and the high bits of register S 5 are recombined into X 2 , and the low bits of register S 2 and the high bits of register S 0 are reorganized into X 3 ; the F layer 33 modulo 32 the X 1 from the BR32 and the register R 1 Add and assign to W 1 , XOR the X 2 and register R 2 from the BR32 and assign to W 2 ; after recombining the low bits of W 1 and the high bits of W 2 , first perform L 1 linear transformation and then perform S box transformation assignment For register R 1 , after reorganizing the low bits of W 2 and the high bits of W 1 , first perform L 2 linear transformation and then perform S-box transformation and assign it to register R 2 ; X 0 is XORed with register R 1 and then performed with register R 2 Modulo 32 is added to W, and this value is discarded; at the same time, register S 0 is rotated to the left by 8 bits, register S 4 is rotated to the left by 20 bits, register S 10 is rotated to the left by 21 bits, and register S 13 is rotated to the left by 17 bit, assign register S 15 to register S 16 after circularly shifting 15 bits to the left and add modulus (2 31 -1), assign register S 16 to register S 15 , assign register S 15 to register S 14 , and so on , until register S 1 is assigned to register S 0 . Repeat the following steps to continuously generate the key stream: recombine the high bits (30-15 bits) of register S 15 and the low bits (15-0 bits) of register S 14 into X 0 , combine the low bits of register S 11 and register S 9 The high bits of register S 7 and the high bits of register S 5 are reorganized into X 1 , the low bits of register S 7 and the high bits of register S 5 are reorganized into X 2 , and the low bits of register S 2 and the high bits of register S 0 are reorganized into X 3 ; the F layer 33 pair comes from the X 1 of BR32 and register R 1 are modulo-32 added and assigned to W 1 , and X 2 from the BR32 and register R 2 are XORed and assigned to W 2 ; after recombining the low bits of W 1 and the high bits of W 2 After performing L1 linear transformation, perform S - box transformation and assign it to register R1, recombine the low bits of W2 and the high bits of W1, then perform L2 linear transformation and then perform S - box transformation and assign it to register R2 ; combine X0 with register After XOR of R 1 , add modulo 32 with register R 2 and assign it to W, and XOR W with X 3 to generate the key stream; at the same time, register S 0 is rotated to the left by 8 bits, and register S 4 is rotated to the left by 20 bits , the register S 10 is rotated to the left by 21 bits, the register S 13 is rotated to the left by 17 bits, the register S 15 is rotated to the left by 15 bits and the modulus (2 31 -1) is added to the register S 16 , and the register S 16 assign to register S 15 , assign register S 15 to register S 14 , and so on until register S 1 is assigned to register S 0 .

在本发明实施例中,所述密钥流处理模块12,用于根据所述密钥及加密参数并行生成多路密钥流。In the embodiment of the present invention, the key stream processing module 12 is configured to generate multiple key streams in parallel according to the key and encryption parameters.

下面以具体实例对本发明实施例中的密钥流的生成作进一步详细的说明。The generation of the key stream in the embodiment of the present invention will be further described in detail below with specific examples.

首先进行初始化阶段。具体的,为LFSR的16个寄存器S0~S15预置初值,所述16个寄存器的初值预设为下述16个字符字串,如下所示:The initialization phase is performed first. Specifically, the initial values of the 16 registers S0-S15 of the LFSR are preset, and the initial values of the 16 registers are preset as the following 16 character strings, as follows:

设D为240bit的常数串,由16个15bit的字符子串组成,包括:d0、d1至d15;本实施例中的设置的16个子串仅为一优选实施例,在具体实际应用中,可按实际情况自行设置;Let D be the constant string of 240bit, be made up of 16 character substrings of 15bit, comprise: d0, d1 to d15; The 16 substrings of setting in the present embodiment are only a preferred embodiment, in specific practical application, can Set up according to the actual situation;

则D=d0||d1||…||d15;Then D=d0||d1||...||d15;

其中,in,

d0=1000100110101112;d0=1000100110101112;

d1=0100110101111002;d1=0100110101111002;

d2=1100010011010112;d2=1100010011010112;

d3=0010011010111102;d3=0010011010111102;

d4=1010111100010012;d4=1010111100010012;

d5=0110101111000102;d5=0110101111000102;

d6=1110001001101012;d6=1110001001101012;

d7=0001001101011112;d7=0001001101011112;

d8=1001101011110002;d8=1001101011110002;

d9=0101111000100112;d9=0101111000100112;

d10=1101011110001002;d10=1101011110001002;

d11=0011010111100012;d11=0011010111100012;

d12=1011110001001102;d12=1011110001001102;

d13=0111100010011012;d13=0111100010011012;

d14=1111000100110102;d14=1111000100110102;

d15=1000111101011002。d15=1000111101011002.

当0≤i≤15时,Si=ki||di||ivi;其中,ki和ivi均为中间参数,以字节为单位。When 0≤i≤15, S i =k i ||di||iv i ; wherein, ki and iv i are intermediate parameters, and the unit is byte.

其中,IV[0]=COUNT[0];Among them, IV[0]=COUNT[0];

IV[1]=COUNT[1];IV[1]=COUNT[1];

IV[2]=COUNT[2];IV[2]=COUNT[2];

IV[3]=COUNT[3];IV[3]=COUNT[3];

IV[4]=BEARER||0002IV[4]=BEARER||000 2 ;

IV[5]=IV[6]=IV[7]=000000002IV[5]=IV[6]=IV[7]=000000002 ;

IV[8]=IV[0]⊕(DIRECTION<<7);IV[8]=IV[0]⊕(DIRECTION<<7);

IV[9]=IV[1];IV[9]=IV[1];

IV[10]=IV[2];IV[10]=IV[2];

IV[11]=IV[3];IV[11]=IV[3];

IV[12]=IV[4];IV[12]=IV[4];

IV[13]=IV[5];IV[13]=IV[5];

IV[14]=(DIRECTION<<7);IV[14]=(DIRECTION<<7);

IV[15]=IV[7];IV[15]=IV[7];

其中,||表示拼接,⊕表示按位异或,表示模32加,SiH为寄存器i的高位,具体为寄存器i的30~15位;SiL为寄存器i的低位,具体为寄存器i的15~0位,(a1,a2,…,an)→(b1,b2,…,bn)表示a到b的赋值是并行的;0002和000000002分别表示2进制数值0;COUNT、BEARER和DIRECTION分别表示加密参数。Among them, || means splicing, ⊕ means bitwise XOR, Indicates modulo 32 addition, S iH is the high bit of register i, specifically 30~15 bits of register i; S iL is the low bit of register i, specifically 15~0 bits of register i, (a1, a2,...,an) →(b1,b2,…,bn) indicates that the assignment from a to b is parallel; 000 2 and 00000000 2 respectively indicate the binary value 0; COUNT, BEARER and DIRECTION respectively indicate encryption parameters.

进一步地,寄存器R1和寄存器R2分别赋初值为0。Further, register R 1 and register R 2 are assigned an initial value of 0 respectively.

以下过程重复32次:The following process is repeated 32 times:

首先抽取LFSR中的寄存器比特重组为字X0~字X3First extract the register bits in the LFSR and reorganize them into word X 0 ~ word X 3 :

具体的,X0=S15H||S14LSpecifically, X 0 =S 15H ||S 14L ;

X1=S11L||S9HX 1 =S 11L ||S 9H ;

X2=S7L||S5HX 2 =S 7L ||S 5H ;

X3=S2L||S0HX 3 =S 2L ||S 0H ;

其中,S15H表示寄存器S15的高位;S14L表示寄存器S14的低位;S11L表示寄存器S11的低位;S9H表示寄存器S9的高位;S7L表示寄存器S7的低位;S5H表示寄存器S5的高位;S2L表示寄存器S2的低位;S0H表示寄存器S0的高位;其中,上述所述的高位为第30~15位,上述所述的低位为第15~0位。Among them, S 15H represents the high bit of register S 15 ; S 14L represents the low position of register S 14 ; S 11L represents the low position of register S 11 ; S 9H represents the high position of register S 9 ; S 7L represents the low position of register S 7 ; S 5H represents The high bit of the register S5 ; S2L means the low bit of the register S2; S0H means the high bit of the register S0 ; wherein, the above-mentioned high bits are the 30th to 15th bits, and the above-mentioned low bits are the 15th to 0th bits.

进一步地,将X0~X3分别送入F进行处理,具体包括:Further, X 0 ~ X 3 are respectively sent to F for processing, specifically including:

W2=R2⊕X2W 2 =R 2 ⊕X 2 ;

R1=S(L1(W1L||W2H));R 1 =S(L 1 (W 1L ||W 2H ));

R2=S(L2(W2L||W1H)).R 2 =S(L 2 (W 2L ||W 1H )).

其中,S表示S盒变换,所述S盒变换是将32比特的输入通过查找表S0或S1变换为32比特的输出;L1和L2分别表示一种线性变换,是将32比特的输入线性变换成32比特的输出,具体为:Among them, S represents the S-box transformation, and the S-box transformation is to transform the 32-bit input into a 32-bit output through the lookup table S 0 or S 1 ; L 1 and L 2 represent a linear transformation respectively, which is to transform the 32-bit The input linearly transforms into a 32-bit output, specifically:

L1(X)=X⊕(X<<<322)⊕(X<<<3210)⊕(X<<<3218)⊕(X<<<3224);L 1 (X)=X⊕(X<<< 32 2)⊕(X<<< 32 10)⊕(X<<< 32 18)⊕(X<<< 32 24);

L2(X)=X⊕(X<<<328)⊕(X<<<3214)⊕(X<<<3222)⊕(X<<<3230)。L 2 (X)=X⊕(X<<< 32 8)⊕(X<<< 32 14)⊕(X<<< 32 22)⊕(X<<< 32 30).

最后,F产生的W送到LFSR初始化阶段,进行寄存器的更新:Finally, the W generated by F is sent to the LFSR initialization stage to update the register:

v=215S15+217S13+221S10+220S4+(1+28)S0mod(231-1);v=2 15 S 15 +2 17 S 13 +2 21 S 10 +2 20 S 4 +(1+2 8 )S 0 mod(2 31 -1);

S16=(v+u)mod(231-1);S 16 =(v+u)mod(2 31 -1);

其中,v和u均为中间参数;mod为求模函数。Among them, v and u are intermediate parameters; mod is a modulo function.

当S16=0时,则S16=231-1;When S 16 =0, then S16=2 31 -1;

(S1、S2、…、S15、S16)→(S0、S1、…、S14、S15)。(S 1 , S 2 , . . . , S 15 , S 16 ) → (S 0 , S 1 , . . . , S 14 , S 15 ).

初始化完成之后,加密装置开始产生密钥流。过程如下:After the initialization is completed, the encryption device starts to generate the key stream. The process is as follows:

首先,抽取LFSR中的寄存器比特重组为X0~X3为:First, extract the register bits in the LFSR and reorganize them into X 0 ~ X 3 as:

X0=S15H||S14LX 0 =S 15H ||S 14L ;

X1=S11L||S9HX 1 =S 11L ||S 9H ;

X2=S7L||S5HX 2 =S 7L ||S 5H ;

X3=S2L||S0HX 3 =S 2L ||S 0H ;

其中,S15H表示寄存器S15的高位;S14L表示寄存器S14的低位;S11L表示寄存器S11的低位;S9H表示寄存器S9的高位;S7L表示寄存器S7的低位;S5H表示寄存器S5的高位;S2L表示寄存器S2的低位;S0H表示寄存器S0的高位;其中,上述所述的高位为第30~15位,上述所述的低位为第15~0位。Among them, S 15H represents the high bit of register S 15 ; S 14L represents the low position of register S 14 ; S 11L represents the low position of register S 11 ; S 9H represents the high position of register S 9 ; S 7L represents the low position of register S 7 ; S 5H represents The high bit of the register S5 ; S2L means the low bit of the register S2; S0H means the high bit of the register S0 ; wherein, the above-mentioned high bits are the 30th to 15th bits, and the above-mentioned low bits are the 15th to 0th bits.

第二步,将X0~X3送入F进行处理,除第一次运行丢弃W直接进入第四步之外,其余每次运行保留W送到第三步,具体包括:In the second step, X 0 ~ X 3 are sent to F for processing. Except for discarding W in the first run and directly entering the fourth step, the remaining W is retained in each run and sent to the third step, specifically including:

W2=R2⊕X2W 2 =R 2 ⊕X 2 ;

R1=S(L1(W1L||W2H));R 1 =S(L 1 (W 1L ||W 2H ));

R2=S(L2(W2L||W1H)。R 2 =S(L 2 (W 2L ||W 1H ).

其中,S表示S盒变换,所述S盒变换是将32比特的输入通过查找表S0或S1变换为32比特的输出;L1和L2分别表示一种线性变换,将32比特的输入线性变换成32比特的输出,具体为:Wherein, S represents the S-box transformation, and the S-box transformation is to transform the 32-bit input into a 32-bit output through the lookup table S 0 or S 1 ; L 1 and L 2 represent a linear transformation respectively, and the 32-bit The input is linearly transformed into a 32-bit output, specifically:

L1(X)=X⊕(X<<<322)⊕(X<<<3210)⊕(X<<<3218)⊕(X<<<3224);L 1 (X)=X⊕(X<<< 32 2)⊕(X<<< 32 10)⊕(X<<< 32 18)⊕(X<<< 32 24);

L2(X)=X⊕(X<<<328)⊕(X<<<3214)⊕(X<<<3222)⊕(X<<<3230)。L 2 (X)=X⊕(X<<< 32 8)⊕(X<<< 32 14)⊕(X<<< 32 22)⊕(X<<< 32 30).

第三步,LFSR密钥流产生,具体包括:The third step, LFSR key stream generation, specifically includes:

Z=W⊕X3;Z=W⊕X3;

第四步,在LRSR密钥流生成过程中寄存器更新,具体包括:The fourth step is to update the register during the LRSR key stream generation process, including:

S16=215S15+217S13+221S10+220S4+(1+28)S0mod(231-1);S 16 =2 15 S 15 +2 17 S 13 +2 21 S 10 +2 20 S 4 +(1+2 8 )S 0 mod(2 31 -1);

如果S16=0,那么S16=231-1;If S 16 =0, then S 16 =2 31 -1;

(S1、S2、…、S15、S16)→(S0、S1、…、S14、S15)。(S 1 , S 2 , . . . , S 15 , S 16 ) → (S 0 , S 1 , . . . , S 14 , S 15 ).

重复上述步骤,在每次重复后皆生成32bit的秘钥流。Repeat the above steps to generate a 32-bit key stream after each repetition.

其中,所述加密处理模块13需要所述密钥流处理模块12产生L=┌LENGTH/32┐+2个32bit密钥流,其中,┌┐表示向上取整数。产生的密钥流可以用zi表示,在本实施例中所述zi可以是z[0]、z[1]、…、z[32L-1];其中,所述z[0]是第一个32bit密钥流的最重要的,z[31]是第一个32bit密钥流的最不重要的。对于i=0、1、2、…、32L-1,设zi=z[i]||z[i+1]||…||z[i+31],每个zi都是32bit。Wherein, the encryption processing module 13 requires the key stream processing module 12 to generate L=┌LENGTH/32┐+2 32-bit key streams, wherein, ┌┐ means rounding up. The generated key stream can be represented by zi , and in this embodiment, the zi can be z[0], z[1], ..., z[32L-1]; wherein, the z[0] is The most significant of the first 32bit keystream, z[31] is the least significant of the first 32bit keystream. For i=0, 1, 2,..., 32L-1, set z i =z[i]||z[i+1]||...||z[i+31], each z i is 32bit .

具体的,所述加密处理模块13将所述待加密的数据和所述密钥流按第一加密方式进行处理,获得加密数据;其中,所述第一加密方式为完整性算法;所述将所述待加密的数据和所述密钥流按完整性算法进行处理为现有技术过程,此处不再赘述。Specifically, the encryption processing module 13 processes the data to be encrypted and the key stream according to a first encryption method to obtain encrypted data; wherein, the first encryption method is an integrity algorithm; Processing the data to be encrypted and the key stream according to the integrity algorithm is a prior art process, which will not be repeated here.

进一步地,所述加密处理模块13将数据通过完整性算法进行处理后,需要在数据末尾加上校验码(MAC),将携带有MAC的数据作为加密数据。Further, after the encryption processing module 13 processes the data through the integrity algorithm, it needs to add a check code (MAC) at the end of the data, and use the data carrying the MAC as encrypted data.

具体的,所述MAC的确定过程包括:Specifically, the process of determining the MAC includes:

设T为32比特0,i的取值范围为i=0、1、2、…、LENGTH-1、LENGTH、32(L-1);Let T be 32 bits 0, and the value range of i is i=0, 1, 2, ..., LENGTH-1, LENGTH, 32(L-1);

当i=0时,如果M[i+n-1]、…、M[i+1]、M[i]中的某一位为1,则相对应的zi+n-1、…、zi+1、zi设置有效值(可设定zi=z[i]||z[i+1]||…||z[i+31],每个zi都是32bit);否则相对应的zi+n-1、…、zi+1、zi设置为0,代入T=T⊕zi+n-1⊕…⊕zi+1⊕zi中得到T在i=0时一次并行计算的结果;When i=0, if a certain bit in M[i+n-1], ..., M[i+1], M[i] is 1, then the corresponding z i+n-1 , ..., Set valid values for z i+1 and z i (you can set z i =z[i]||z[i+1]||...||z[i+31], each z i is 32bit); Otherwise, the corresponding z i+n-1 ,..., z i+1 , z i are set to 0, and substituting T=T⊕z i+n-1 ⊕...⊕z i+1 ⊕z i to get T in i = 0, the result of a parallel calculation;

当i=1时,如果M[i+2n-1]、…、M[i+n+1]、M[i+n]的某一位为1,则相对应的zi+2n-1、…、zi+n+1、zi+n取有效值(可设定zi=z[i]||z[i+1]||…||z[i+31],每个zi都是32bit);否则相对应的zi+2n-1、…、zi+n+1、zi+n取0,代入T=T⊕zi+2n-1⊕…⊕zi+n+1⊕zi+n中得到T在i=1时一次并行计算的结果;When i=1, if a certain bit of M[i+2n-1], ..., M[i+n+1], M[i+n] is 1, then the corresponding z i+2n-1 , ..., z i+n+1 , z i+n take valid values (zi i =z[i]||z[i+1]||...||z[i+31] can be set, each z i are all 32bit); otherwise the corresponding z i+2n-1 , ..., z i+n+1 , z i+n take 0, and substitute T=T⊕z i+2n-1 ⊕…⊕z i +n+1 ⊕z i+n to get the result of a parallel calculation of T when i=1;

以此类推。当i=LENGTH时,不论M[i]的值,T=T⊕zLENGTH。最终当i=32(L-1)时,MAC=T⊕z32(L-1)and so on. When i=LENGTH, regardless of the value of M[i], T=T⊕z LENGTH . Finally when i=32(L-1), MAC=T⊕z 32(L-1) ;

其中,zi表示所述密钥流处理模块12生成的密钥流;M[i]表示所述加密处理模块13待进行加密处理的数据,其中,i表示比特,例如M[0]表示数据的第0比特;T为中间变量,其初始值为0。Wherein, zi represents the key stream generated by the key stream processing module 12; M[i] represents the data to be encrypted by the encryption processing module 13, wherein, i represents a bit, for example, M[0] represents data Bit 0 of ; T is an intermediate variable whose initial value is 0.

本实施例中,所述加密装置可应用在数据传输的各个节点网元中,如演进节点(eNB)等等,所述加密装置中的数据存储模块11在实际应用中,可由接口及存储器实现;所述加密装置中的密钥流处理模块12在实际应用中,可由所述加密装置中的中央处理器(CPU,CentralProcessingUnit)、数字信号处理器(DSP,DigitalSignalProcessor)或可编程门阵列(FPGA,Field-ProgrammableGateArray)结合寄存器实现;所述加密装置中的加密处理模块13在实际应用中,可由CPU、DSP或FPGA实现。In this embodiment, the encryption device can be applied in each node network element of data transmission, such as an evolved node (eNB), etc., and the data storage module 11 in the encryption device can be implemented by an interface and a memory in practical applications ; The key stream processing module 12 in the encryption device can be used in practical applications by a central processing unit (CPU, Central Processing Unit), a digital signal processor (DSP, Digital Signal Processor) or a programmable gate array (FPGA) in the encryption device. , Field-ProgrammableGateArray) combined with registers; the encryption processing module 13 in the encryption device can be implemented by CPU, DSP or FPGA in practical applications.

基于上述加密装置,本发明实施例还提供了一种加密方法;图5为本发明实施例的加密方法的流程示意图;如图5所示,所述方法包括:Based on the encryption device described above, an embodiment of the present invention also provides an encryption method; FIG. 5 is a schematic flow diagram of the encryption method in an embodiment of the present invention; as shown in FIG. 5 , the method includes:

步骤501:获取第一参数;所述第一参数包括:密钥、加密参数、源地址、目的地址以及数据长度。Step 501: Obtain a first parameter; the first parameter includes: a key, an encryption parameter, a source address, a destination address, and a data length.

这里,所述获取第一参数,包括:采用包括但不限于的AXI主接口或AHB主接口获取第一参数。Here, the acquiring the first parameter includes: acquiring the first parameter by using an AXI master interface or an AHB master interface including but not limited to.

步骤502:根据所述第一参数中的密钥及加密参数生成密钥流。Step 502: Generate a key stream according to the key and encryption parameters in the first parameter.

这里,所述根据所述第一参数中的密钥及加密参数生成密钥流,包括:根据所述第一参数中的密钥及加密参数并行生成多路密钥流。Here, the generating a key stream according to the key and encryption parameters in the first parameter includes: generating multiple key streams in parallel according to the key and encryption parameters in the first parameter.

步骤503:读入待加密的数据,将所述待加密的数据和所述密钥流按第一加密方式进行处理,获得加密数据,输出所述加密数据。Step 503: Read in the data to be encrypted, process the data to be encrypted and the key stream according to the first encryption method to obtain encrypted data, and output the encrypted data.

这里,所述读入待加密的数据,包括:采用包括但不限于的AXI主接口或AHB主接口读入待加密的数据;Here, the reading of the data to be encrypted includes: reading the data to be encrypted by using an AXI master interface or an AHB master interface including but not limited to;

相应的,所述输出所述加密数据,包括:采用包括但不限于的AXI主接口或AHB主接口输出所述加密数据;具体的,所述AXI主接口可采用AMBA3.0的AXImaster接口,便于数据的读写操作,极大的提高了数据存储的速度。Correspondingly, said outputting said encrypted data includes: adopting but not limited to AXI main interface or AHB main interface to output said encrypted data; specifically, said AXI main interface can adopt AMBA3.0 AXImaster interface, convenient Data read and write operations greatly improve the speed of data storage.

本领域技术人员应当理解,本发明实施例的加密方法,可参照前述加密装置的相关描述而理解。Those skilled in the art should understand that the encryption method in the embodiment of the present invention can be understood with reference to the relevant description of the foregoing encryption device.

本领域内的技术人员应明白,本发明的实施例可提供为方法、装置、或计算机程序产品。因此,本发明可采用硬件实施例、软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器和光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present invention may be provided as methods, apparatuses, or computer program products. Accordingly, the present invention can take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, optical storage, etc.) having computer-usable program code embodied therein.

本发明是参照根据本发明实施例的方法、装置、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus, and computer program products according to embodiments of the invention. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.

以上所述,仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the protection scope of the present invention.

Claims (10)

1.一种加密装置,其特征在于,所述加密装置包括:数据存储模块、密钥流处理模块和加密处理模块;其中,1. An encryption device, characterized in that the encryption device comprises: a data storage module, a key stream processing module and an encryption processing module; wherein, 所述数据存储模块,用于获取第一参数,在满足第一预设条件时,将所述第一参数中的密钥及加密参数发送至所述密钥流处理模块;所述第一参数包括:密钥、加密参数、源地址、目的地址以及数据长度;还用于根据所述第一参数中的源地址及数据长度读入待加密的数据,将所述待加密的数据发送至所述加密处理模块;还用于根据所述第一参数中的目的地址及数据长度接收所述加密处理模块发送的加密数据,输出所述加密数据;The data storage module is configured to obtain a first parameter, and when a first preset condition is met, send the key and encryption parameters in the first parameter to the key stream processing module; the first parameter Including: key, encryption parameter, source address, destination address and data length; it is also used to read in the data to be encrypted according to the source address and data length in the first parameter, and send the data to be encrypted to the The encryption processing module; also used for receiving the encrypted data sent by the encryption processing module according to the destination address and data length in the first parameter, and outputting the encrypted data; 所述密钥流处理模块,用于接收所述数据存储模块发送的所述第一参数中的密钥及加密参数,根据所述密钥及加密参数生成密钥流,将所述密钥流发送至所述加密处理模块;The key stream processing module is configured to receive the key and encryption parameters in the first parameter sent by the data storage module, generate a key stream according to the key and encryption parameters, and convert the key stream to sent to the encryption processing module; 所述加密处理模块,用于接收所述数据存储模块发送的所述待加密的数据和所述密钥流处理模块发送的所述密钥流,将所述待加密的数据和所述密钥流按第一加密方式进行处理,获得加密数据,将所述加密数据发送至所述数据存储模块。The encryption processing module is configured to receive the data to be encrypted sent by the data storage module and the key stream sent by the key stream processing module, and convert the data to be encrypted and the key The stream is processed according to the first encryption method to obtain encrypted data, and the encrypted data is sent to the data storage module. 2.根据权利要求1所述的装置,其特征在于,所述数据存储模块包括:总线从处理模块、有限状态机FSM控制模块、总线主处理模块;其中,2. The device according to claim 1, wherein the data storage module comprises: a bus slave processing module, a finite state machine (FSM) control module, and a bus master processing module; wherein, 所述总线从处理模块,用于获取第一参数,将所述第一参数发送至所述FSM控制模块;所述第一参数包括:密钥、加密参数、源地址、目的地址以及数据长度信息;The bus slave processing module is used to obtain a first parameter, and send the first parameter to the FSM control module; the first parameter includes: key, encryption parameter, source address, destination address and data length information ; 所述FSM控制模块,用于根据所述总线从处理模块发送的第一参数,在满足第一预设条件时,将所述密钥和加密参数发送至所述密钥流处理模块,将所述源地址、目的地址及数据长度信息发送至所述总线主处理模块;The FSM control module is configured to send the key and encryption parameters to the key stream processing module when the first preset condition is met according to the first parameter sent by the bus from the processing module, and send the Send the source address, destination address and data length information to the main bus processing module; 所述总线主处理模块,用于根据所述FSM控制模块发送的所述源地址及数据长度信息,读入待加密的数据,将所述待加密的数据发送至所述加密处理模块;还用于根据所述FSM控制模块发送的所述目的地址及数据长度信息,接收所述加密处理模块发送的加密数据,输出所述加密数据。The main bus processing module is used to read the data to be encrypted according to the source address and data length information sent by the FSM control module, and send the data to be encrypted to the encryption processing module; Receive the encrypted data sent by the encryption processing module according to the destination address and data length information sent by the FSM control module, and output the encrypted data. 3.根据权利要求2所述的装置,其特征在于,所述总线主处理模块包括:第一缓存模块和第二缓存模块;其中,3. The device according to claim 2, wherein the bus master processing module comprises: a first cache module and a second cache module; wherein, 所述第一缓存模块,用于根据所述FSM控制模块发送的所述源地址及数据长度信息,读入待加密的数据,并在满足第二预设条件时将所述待加密的数据发送至所述加密处理模块;The first cache module is configured to read in the data to be encrypted according to the source address and data length information sent by the FSM control module, and send the data to be encrypted when a second preset condition is met to the encryption processing module; 所述第二缓存模块,用于根据所述FSM控制模块发送的所述目的地址及数据长度信息,接收所述加密处理模块发送的加密数据,并在满足第三预设条件时输出所述加密数据。The second cache module is configured to receive the encrypted data sent by the encryption processing module according to the destination address and data length information sent by the FSM control module, and output the encrypted data when a third preset condition is met. data. 4.根据权利要求2所述的装置,其特征在于,所述总线主处理模块采用的接口包括但不限于AXI主接口或AHB主接口。4. The device according to claim 2, wherein the interface adopted by the bus master processing module includes but is not limited to an AXI master interface or an AHB master interface. 5.根据权利要求2所述的装置,其特征在于,所述总线从处理模块采用的接口包括但不限于AXI从接口或AHB从接口。5. The device according to claim 2, wherein the interface adopted by the bus slave processing module includes but not limited to an AXI slave interface or an AHB slave interface. 6.根据权利要求1所述的装置,其特征在于,所述密钥流处理模块,用于根据所述密钥及加密参数并行生成多路密钥流。6. The device according to claim 1, wherein the key stream processing module is configured to generate multiple key streams in parallel according to the key and encryption parameters. 7.一种加密方法,其特征在于,所述方法包括:7. An encryption method, characterized in that the method comprises: 获取第一参数;所述第一参数包括:密钥、加密参数、源地址、目的地址以及数据长度;Obtain a first parameter; the first parameter includes: a key, an encryption parameter, a source address, a destination address, and a data length; 根据所述第一参数中的密钥及加密参数生成密钥流;generating a key stream according to the key and encryption parameters in the first parameter; 读入待加密的数据,将所述待加密的数据和所述密钥流按第一加密方式进行处理,获得加密数据,输出所述加密数据。Reading in the data to be encrypted, processing the data to be encrypted and the key stream according to a first encryption method to obtain encrypted data, and outputting the encrypted data. 8.根据权利要求7所述的方法,其特征在于,所述根据所述第一参数中的密钥及加密参数生成密钥流,包括:根据所述第一参数中的密钥及加密参数并行生成多路密钥流。8. The method according to claim 7, wherein said generating a key stream according to the key and encryption parameters in the first parameter comprises: according to the key and encryption parameters in the first parameter Generate multiple keystreams in parallel. 9.根据权利要求7所述的方法,其特征在于,所述获取第一参数,包括:采用包括但不限于的AXI主接口或AHB主接口获取第一参数。9. The method according to claim 7, wherein said obtaining the first parameter comprises: obtaining the first parameter by using an AXI master interface or an AHB master interface including but not limited to. 10.根据权利要求7所述的方法,其特征在于,所述读入待加密的数据,包括:采用包括但不限于的AXI主接口或AHB主接口读入待加密的数据;10. The method according to claim 7, wherein said reading in the data to be encrypted comprises: reading in the data to be encrypted by using an AXI master interface or an AHB master interface including but not limited to; 相应的,所述输出所述加密数据,包括:采用包括但不限于的AXI主接口或AHB主接口输出所述加密数据。Correspondingly, the outputting the encrypted data includes: outputting the encrypted data by using an AXI master interface or an AHB master interface including but not limited to.
CN201410413320.XA 2014-08-19 2014-08-19 Encryption device and encryption method Pending CN105472602A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201410413320.XA CN105472602A (en) 2014-08-19 2014-08-19 Encryption device and encryption method
PCT/CN2015/074127 WO2016026287A1 (en) 2014-08-19 2015-03-12 Encryption device, encryption method and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410413320.XA CN105472602A (en) 2014-08-19 2014-08-19 Encryption device and encryption method

Publications (1)

Publication Number Publication Date
CN105472602A true CN105472602A (en) 2016-04-06

Family

ID=55350156

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410413320.XA Pending CN105472602A (en) 2014-08-19 2014-08-19 Encryption device and encryption method

Country Status (2)

Country Link
CN (1) CN105472602A (en)
WO (1) WO2016026287A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108377180A (en) * 2018-03-29 2018-08-07 哈尔滨理工大学 A wireless security communication system based on STM32
CN109255245A (en) * 2018-08-13 2019-01-22 海南新软软件有限公司 A kind of local cryptographic key protection method, apparatus and system
CN112199325A (en) * 2020-10-27 2021-01-08 南京大学 Reconfigurable computing implementation device and reconfigurable computing method for 3DES encryption and decryption algorithm

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111625843A (en) * 2019-07-23 2020-09-04 方盈金泰科技(北京)有限公司 Data transparent encryption and decryption system suitable for big data platform
CN118074907B (en) * 2024-04-02 2024-06-21 湖北大学 High-performance hardware optimal design realization circuit for ZUC algorithm

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647711A (en) * 2011-02-17 2012-08-22 中兴通讯股份有限公司 A data encryption system and method
US8509424B2 (en) * 2009-11-15 2013-08-13 Ante Deng Fast key-changing hardware apparatus for AES block cipher
CN103517269A (en) * 2012-06-19 2014-01-15 中兴通讯股份有限公司 Data encryption and decryption method and system
CN103874060A (en) * 2012-12-13 2014-06-18 中兴通讯股份有限公司 Data coding/decoding method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103731822B (en) * 2012-10-15 2018-11-30 中国科学院微电子研究所 System and method for implementing Zuichong algorithm

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8509424B2 (en) * 2009-11-15 2013-08-13 Ante Deng Fast key-changing hardware apparatus for AES block cipher
CN102647711A (en) * 2011-02-17 2012-08-22 中兴通讯股份有限公司 A data encryption system and method
CN103517269A (en) * 2012-06-19 2014-01-15 中兴通讯股份有限公司 Data encryption and decryption method and system
CN103874060A (en) * 2012-12-13 2014-06-18 中兴通讯股份有限公司 Data coding/decoding method and device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108377180A (en) * 2018-03-29 2018-08-07 哈尔滨理工大学 A wireless security communication system based on STM32
CN109255245A (en) * 2018-08-13 2019-01-22 海南新软软件有限公司 A kind of local cryptographic key protection method, apparatus and system
CN112199325A (en) * 2020-10-27 2021-01-08 南京大学 Reconfigurable computing implementation device and reconfigurable computing method for 3DES encryption and decryption algorithm

Also Published As

Publication number Publication date
WO2016026287A1 (en) 2016-02-25

Similar Documents

Publication Publication Date Title
US20190207745A1 (en) Sequential Encryption Method Based On Multi-Key Stream Ciphers
CN112202547B (en) A lightweight block cipher GFCS implementation method, device and readable storage medium
CN101114903B (en) High grade encrypting criterion encrypter in Gbpassive optical network system and implementing method thereof
CN104639314A (en) Device based on AES (advanced encryption standard) encryption/decryption algorithm and pipelining control method
CN109981249B (en) Encryption and decryption method and device based on zipper type dynamic hash and NLFSR
CN105472602A (en) Encryption device and encryption method
EP4152681A1 (en) Low overhead side channel protection for number theoretic transform
CN106209358A (en) A kind of SM4 key schedule based on long key realize system and method
CN106992852B (en) Reconfigurable S-box circuit structure applied to AES and Camellia cryptographic algorithms
JP2019519801A (en) Method and apparatus for secure and efficient block cipher algorithm
CN108933653A (en) A kind of AES encrypting and deciphering system and method based on large-scale data
CN102664730B (en) 128 bit secret key expansion method based on AES (Advanced Encryption Standard)
CN113922949B (en) Cryptographic coprocessor based on CLEFIA-SHA3
WO2019043921A1 (en) Encryption device, decryption device, encryption method, decryption method, encryption program, and decryption program
CN102624520B (en) 192 bit key expansion system and method based on AES (Advanced Encryption Standard)
CN104219045B (en) RC4 stream cipher generators
TW201624268A (en) Input-dependent random number generation apparatus and methods thereof
Ferozpuri et al. Hardware api for post-quantum public key cryptosystems
US20150058639A1 (en) Encryption processing device and storage device
CN106998249A (en) Applied to SM4 and the Reconfigurable S-box circuit structure of Camellia cryptographic algorithms
CN114826560A (en) Method and system for realizing lightweight block cipher CREF
CN103684748B (en) Symmetric encryption and decryption method, and symmetric encryption and decryption system
CN117725605B (en) Method and system for remotely and automatically compiling electronic archive file information confidentiality
CN110071927B (en) Information encryption method, system and related components
CN105162579A (en) Lightweight stream cipher LSNRR based on non-linear cyclic shift register

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20160406

RJ01 Rejection of invention patent application after publication
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载