+

CN118965403A - Data encryption method, device, equipment and medium - Google Patents

Data encryption method, device, equipment and medium Download PDF

Info

Publication number
CN118965403A
CN118965403A CN202411155767.1A CN202411155767A CN118965403A CN 118965403 A CN118965403 A CN 118965403A CN 202411155767 A CN202411155767 A CN 202411155767A CN 118965403 A CN118965403 A CN 118965403A
Authority
CN
China
Prior art keywords
data
encryption
fragment
encryption algorithm
encrypt
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202411155767.1A
Other languages
Chinese (zh)
Inventor
郑茳
董德壮
沈贽
肖佐楠
匡启和
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CCore Technology Suzhou Co Ltd
Original Assignee
CCore Technology Suzhou Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CCore Technology Suzhou Co Ltd filed Critical CCore Technology Suzhou Co Ltd
Priority to CN202411155767.1A priority Critical patent/CN118965403A/en
Publication of CN118965403A publication Critical patent/CN118965403A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

本发明涉及微电子技术领域,公开了一种数据加密方法、装置、设备及介质,应用于片上系统,包括:对源地址里的明文数据进行分段,得到按照设定顺序排列的多个片段数据;采用多个加密算法模块分别对相应的片段数据进行加密处理,得到每个片段数据对应的密文数据;将每个片段数据对应的密文数据按照设定顺序传输至目的地址。此种方式为并行加密方式,采用分段截取数据源,利用多个加密算法模块进行加密,不但能够减少加密时间,提高加密速度,而且可以实现大量数据的加密,提高数据的保密程度,保证加密的准确性,进而大大提高了片上系统的整体工作性能。

The present invention relates to the field of microelectronics technology, and discloses a data encryption method, device, equipment and medium, which are applied to a system on chip, including: segmenting the plaintext data in the source address to obtain multiple fragment data arranged in a set order; using multiple encryption algorithm modules to encrypt the corresponding fragment data respectively to obtain the ciphertext data corresponding to each fragment data; transmitting the ciphertext data corresponding to each fragment data to the destination address in a set order. This method is a parallel encryption method, which adopts segmented interception of the data source and uses multiple encryption algorithm modules for encryption, which can not only reduce the encryption time and improve the encryption speed, but also realize the encryption of a large amount of data, improve the confidentiality of the data, ensure the accuracy of encryption, and thus greatly improve the overall working performance of the system on chip.

Description

Data encryption method, device, equipment and medium
Technical Field
The present invention relates to the field of microelectronics technologies, and in particular, to a data encryption method, apparatus, device, and medium.
Background
With the development of microelectronic technology, integrated circuits are developing toward high integration, high performance and miniaturization, and a System on Chip (SoC) is a mainstream design method, which has many advantages of high reliability, small area, low power consumption and the like. In view of importance of information security, encryption processing of data on an SoC system has become an important development trend.
In the related technical scheme, when encrypting a large amount of data, the common practice is to encrypt only part of the data, or sequentially read the data from a source address, then encrypt the data successively, wait for the encryption to finish, and finally write all ciphertext back to a destination address, when encrypting and decrypting the large amount of data in a serial encryption mode, the encryption and decryption can only be sequentially carried out by adopting a key, a large amount of time is consumed for accessing data, the encryption efficiency cannot be improved, the overall working efficiency is low, and only partial encryption is realized for a large amount of data, so that the confidentiality of the data is greatly reduced.
Disclosure of Invention
The invention aims to provide a data encryption method, a device, equipment and a medium, which can realize the encryption of a large amount of data, improve the confidentiality degree and encryption speed of the data, ensure the accuracy of encryption and further greatly improve the overall working performance of a system on a chip.
In order to solve the technical problem, the present invention provides a data encryption method, applied to a system on a chip, the method comprising:
segmenting plaintext data in a source address to obtain a plurality of segment data arranged according to a set sequence;
Respectively carrying out encryption processing on the corresponding fragment data by adopting a plurality of encryption algorithm modules to obtain ciphertext data corresponding to each fragment data;
And transmitting ciphertext data corresponding to each fragment data to a destination address according to the set sequence.
In a first aspect of the present invention, in the above data encryption method, plaintext data in a source address is segmented to obtain a plurality of segment data arranged according to a set order, including:
Determining the number of target bytes of the segmentation; the number of the segmented target bytes is an integer multiple of the length of the single encrypted data;
And segmenting the plaintext data in the source address according to the determined number of the segmented target bytes to obtain a plurality of segment data arranged according to a set sequence.
On the other hand, in the above data encryption method provided by the present invention, a plurality of encryption algorithm modules are adopted to encrypt corresponding fragment data respectively, including:
Receiving a first control instruction sent by a processor;
in response to the first control instruction, sequentially starting an encryption algorithm module by an input controller to encrypt fragment data corresponding to the started encryption algorithm module; the total number of the fragment data is an integer multiple of the total number of the encryption algorithm modules.
In another aspect, in the above data encryption method provided by the present invention, sequentially starting an encryption algorithm module to encrypt fragment data corresponding to the started encryption algorithm module, including:
starting a first encryption algorithm module to encrypt the first fragment data;
After all bytes of the first fragment data are encrypted, jumping to the nth fragment data, and utilizing the first encryption algorithm module to encrypt the nth fragment data, and simultaneously starting a second encryption algorithm to encrypt the second fragment data; wherein N is the value of the total number of the encryption algorithm modules plus 1;
after all bytes of the second fragment data are encrypted, jumping to the (N+1) th fragment data, and utilizing the second encryption algorithm module to encrypt the (N+1) th fragment data, and simultaneously starting a third encryption algorithm to encrypt the third fragment data until the encryption of all fragment data is completed.
In another aspect, in the above data encryption method provided by the present invention, the step of transmitting ciphertext data corresponding to each piece of data to a destination address according to the set sequence includes:
receiving a second control instruction sent by the processor, and reading ciphertext data corresponding to each piece of data by the output controller;
And filling the read ciphertext data to the corresponding position of the destination address according to the set sequence.
On the other hand, in the above data encryption method provided by the present invention, before the respective encryption algorithm modules are adopted to encrypt the corresponding fragment data, the method further includes:
and confirming the total number of the encryption algorithm modules according to the whole power consumption area of the system on chip.
On the other hand, in the above data encryption method provided by the present invention, the encryption type and encryption mode of each encryption algorithm module are random.
In order to solve the above technical problem, the present invention further provides a data encryption device, applied to a system on a chip, the device includes:
The data segmentation unit is used for segmenting the plaintext data in the source address to obtain a plurality of segment data which are arranged according to a set sequence;
The data encryption unit is used for respectively encrypting the corresponding fragment data by adopting a plurality of encryption algorithm modules to obtain ciphertext data corresponding to each fragment data;
And the ciphertext transmission unit is used for transmitting ciphertext data corresponding to each piece of data to the destination address according to the set sequence.
In order to solve the technical problem, the present invention further provides a data encryption device, including:
a memory for storing a computer program;
and the processor is used for realizing the steps of the data encryption method when executing the computer program.
In order to solve the above technical problem, the present invention further provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the steps of the data encryption method described above.
From the above technical solution, the data encryption method provided by the present invention is applied to a system on a chip, and the method includes: segmenting plaintext data in a source address to obtain a plurality of segment data arranged according to a set sequence; respectively carrying out encryption processing on the corresponding fragment data by adopting a plurality of encryption algorithm modules to obtain ciphertext data corresponding to each fragment data; and transmitting the ciphertext data corresponding to each fragment data to the destination address according to the set sequence.
The data encryption method provided by the invention has the beneficial effects that the data encryption method is used for reading the plaintext data in the source address in a segmented manner, then a plurality of encryption algorithm modules are used for encrypting the segmented plaintext data respectively, and finally the obtained ciphertext is transmitted to the destination address according to a certain sequence.
In addition, the invention also provides a corresponding data encryption device, data encryption equipment and a computer readable storage medium for the data encryption method, and the data encryption method has the same or corresponding technical characteristics and effects as the data encryption method.
Drawings
For a clearer description of embodiments of the present invention, the drawings that are required to be used in the embodiments will be briefly described, it being apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to the drawings without inventive effort for those skilled in the art.
FIG. 1 is a flow chart of a data encryption method according to an embodiment of the present invention;
Fig. 2 is a schematic diagram of a data encryption method according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of an operation mode of an encryption algorithm module according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a data encryption device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a data encryption device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without making any inventive effort are within the scope of the present invention.
In order to better understand the aspects of the present invention, the present invention will be described in further detail with reference to the accompanying drawings and detailed description. Fig. 1 is a flowchart of a data encryption method according to an embodiment of the present invention, as shown in fig. 1, where the method is applied to a system on a chip, and includes:
S101, segmenting plaintext data in a source address to obtain a plurality of segment data which are arranged according to a set sequence.
When executing step S101, plaintext data in the source address may be read, and during the reading process, the plaintext data in the source address may be read in segments, so as to obtain a plurality of fragment data arranged according to a set sequence. The set order may be an ordering of the plaintext data itself.
S102, respectively carrying out encryption processing on the corresponding fragment data by adopting a plurality of encryption algorithm modules to obtain ciphertext data corresponding to each fragment data.
It should be noted that, for a large amount of data, if a single encryption algorithm module is adopted, only the source address data can be sequentially read and then operated, so that the encryption efficiency is greatly reduced. The invention adopts a plurality of encryption algorithm modules, can encrypt by the same type or different types of algorithms, and can decrypt according to the corresponding ciphertext only by storing the secret key.
In implementation, the present invention supports multiple types of symmetric parallel encryption. When executing step S102, a plurality of encryption algorithm modules are adopted to perform symmetric encryption processing on the corresponding fragment data respectively. For decryption, only the relevant key needs to be held.
The symmetric algorithm included in the encryption algorithm module may include advanced encryption standard (Advanced Encryption Standard, AES), a Block symmetric Cipher algorithm (SM 4), a symmetric Cipher algorithm (SM 1), and a data encryption standard (Data Encryption Standard, DES), and each algorithm may further include multiple modes such as Cipher Block Chaining (CBC), output Feedback (OFB), and the like.
In particular implementations, the encryption type and encryption mode of each encryption algorithm module may be random, i.e., the encryption type and encryption mode of each encryption algorithm module may be randomly selected.
S103, the ciphertext data corresponding to each piece of data is transmitted to the destination address according to the set sequence.
In the above data encryption method provided by the embodiment of the invention, the plaintext data in the source address is read in segments, then a plurality of encryption algorithm modules are adopted to encrypt the segmented plaintext data respectively, and finally the obtained ciphertext is transmitted to the destination address according to a certain sequence, because the processor does not bear the data carrying work any more, the serial encryption mode is changed into the parallel encryption mode, the data source is intercepted in a segmented mode, and the encryption is carried out by utilizing a plurality of encryption algorithm modules, so that the encryption time can be reduced, the encryption speed can be improved, the encryption of a large amount of data can be realized, the confidentiality degree of the data can be improved, the encryption accuracy can be ensured, and the overall working performance of the system on chip can be greatly improved.
Further, in the embodiment of the present invention, in the above data encryption method, step S101 segments plaintext data in a source address to obtain a plurality of segment data arranged according to a set sequence, which may specifically include: determining the number of target bytes of the segmentation; the number of the segmented target bytes is an integer multiple of the length of the single encrypted data; and segmenting the plaintext data in the source address according to the determined number of segmented target bytes to obtain a plurality of segment data arranged according to a set sequence.
In practice, the present invention may first determine the target number of bytes n for segmentation; the value of n may be an integer multiple of the length of the single encrypted data (e.g., 128 bits). Based on the number n of the segmented target bytes, the plaintext data in the source address is segmented to obtain a plurality of segment data arranged according to a set sequence, and each segment data has n byte numbers.
Further, in a specific implementation, in the above data encryption method provided by the embodiment of the present invention, before executing the step S102 to perform encryption processing on the corresponding fragment data by using a plurality of encryption algorithm modules, the method may further include: and confirming the total number of the encryption algorithm modules according to the whole power consumption area of the system on chip.
In the implementation, the invention can flexibly and reasonably select the number of the encryption algorithm modules according to the whole power consumption area of the whole system on chip, improve the flexible compatibility of the encryption of the whole system on chip, reduce the power consumption of the whole system on chip and is suitable for processing large data volume. In combination with the system application scene, the more the encryption algorithm modules are, the higher the encryption efficiency is.
Further, in a specific implementation, in the above data encryption method provided by the embodiment of the present invention, step S102 adopts a plurality of encryption algorithm modules to encrypt corresponding segment data respectively, and may specifically include: receiving a first control instruction sent by a processor; in response to a first control instruction, sequentially starting an encryption algorithm module by an input controller to encrypt fragment data corresponding to the started encryption algorithm module; the total number of the fragment data is an integer multiple of the total number of the encryption algorithm modules.
Fig. 2 is a schematic diagram of a data encryption method according to an embodiment of the present invention. As shown in fig. 2, the overall architecture may be composed of a central processing unit (Central Processing Unit, CPU) module, a Static Random-Access Memory (SRAM), an input controller module, an output controller module, and an algorithm module. The modules may be connected by an advanced micro control bus architecture (Advanced Microcontroller Bus Architecture, AMBA) bus to complete the communication between the modules.
In implementation, a first control instruction sent by a CPU module is received; in response to a first control instruction, sequentially starting an encryption algorithm module by an input controller module to encrypt fragment data corresponding to the started encryption algorithm module; the total number of the fragment data is an integer multiple of the total number of the encryption algorithm modules.
Fig. 3 is a schematic diagram of an operation mode of an encryption algorithm module according to an embodiment of the present invention. Taking fig. 3 as an example, assume that there are four encryption algorithm modules, the total number of fragment data may be 4n, where n is a positive integer. The number of target bytes of segmentation n can be adjusted according to the total number of segment data. In the encryption process, each encryption algorithm module corresponds to one piece of data, and each piece of data has n bytes. The invention changes the reading and writing of the source address data and the destination address data from a serial mode into a parallel working mode, improves the working efficiency, reduces the encryption error probability and improves the stability of the whole work.
Further, in the implementation, the step of sequentially starting an encryption algorithm module to encrypt the fragment data corresponding to the started encryption algorithm module may specifically include: starting a first encryption algorithm module to encrypt the first fragment data; after all bytes of the first fragment data are encrypted, jumping to the nth fragment data, encrypting the nth fragment data by using a first encryption algorithm module, and simultaneously starting a second encryption algorithm to encrypt the second fragment data; wherein N is the value of the total number of the encryption algorithm modules plus 1; after the encryption of all bytes of the second fragment data is completed, jumping to the (N+1) th fragment data, and using a second encryption algorithm module to encrypt the (N+1) th fragment data, and simultaneously starting a third encryption algorithm to encrypt the third fragment data until the encryption of all fragment data is completed.
In implementation, as shown in fig. 3, the first encryption algorithm module is started to encrypt the first segment data, and at this time, the encryption key of the first segment is adopted until the encryption of n bytes in the first segment data is finished, and then the first segment data is jumped to the fifth segment data, and the encryption is continued. The second segment data, the third segment data and the fourth segment data are encrypted in sequence in the same way, and then the sixth segment data, the seventh segment data and the eighth segment data are correspondingly jumped to, and the like until the encryption of all the segment data is completed.
Further, in the data encryption method provided in the embodiment of the present invention, step S103 transmits ciphertext data corresponding to each piece of data to a destination address according to a set order, including: receiving a second control instruction sent by the processor, and reading ciphertext data corresponding to each piece of data by the output controller; and filling the read ciphertext data to the corresponding position of the destination address according to the set sequence.
In implementation, similar to encryption, the second control instruction can be sent by the CPU module, and the output controller module reads the ciphertext data and fills the ciphertext data to the corresponding position of the destination address. Even if the encryption algorithm modules adopt different types of encryption modes, the encryption speed is inconsistent, the change of the data position is not influenced, and all data can be decrypted only by storing the key used by each encryption algorithm module and filling in the corresponding key according to the data of different address fields when decrypting.
It should be noted that the invention changes the whole data source from serial reading and writing into parallel operation mode, and because the plaintext data is divided into a plurality of segments, each segment is encrypted by adopting one encryption algorithm module, the number of the encryption algorithm modules determines the whole encryption efficiency. Taking fig. 3 as an example, 4 encryption algorithm modules can increase the overall encryption efficiency by four times. The number of the encryption algorithm modules can be controlled at will according to the integral requirement of the system on chip, so that the mode is flexible and configurable when the encryption of a large amount of data is faced, and the encryption efficiency is higher. The processor only needs to play a role in control, so that the control of the initial data source and the configuration work of the input/output controller are completed, and the processor is not directly interacted with the encryption algorithm module, so that the occupancy rate of the processor is greatly reduced, the overall encryption efficiency of the system on chip is improved, and the encryption effect is good.
In the above embodiments, the data encryption method is described in detail, and the invention also provides a data encryption device and a corresponding embodiment of the data encryption equipment. It should be noted that the present invention describes an embodiment of the device portion from two angles, one based on the angle of the functional module and the other based on the angle of the hardware.
Fig. 4 is a schematic structural diagram of a data encryption device according to an embodiment of the present invention. The embodiment is based on the angle of the functional module, as shown in fig. 4, and the device is applied to a system on a chip, and includes:
A data segmentation unit 10, configured to segment plaintext data in a source address to obtain a plurality of segment data arranged according to a set sequence;
the data encryption unit 11 is configured to encrypt the corresponding fragment data by using a plurality of encryption algorithm modules, so as to obtain ciphertext data corresponding to each fragment data;
The ciphertext transmission unit 12 is configured to transmit ciphertext data corresponding to each fragment data to the destination address in a set order.
In the data encryption device provided by the embodiment of the invention, the plaintext data in the source address can be read in a segmented way through the interaction of the three modules, a plurality of encryption algorithm modules are adopted to encrypt the segmented plaintext data respectively, and the obtained ciphertext is transmitted to the destination address according to a certain sequence.
Since the embodiments of the apparatus portion and the embodiments of the method portion correspond to each other, the embodiments of the apparatus portion are referred to the description of the embodiments of the method portion, and are not repeated herein. And has the same advantageous effects as the above-mentioned data encryption method.
Further, in the above-mentioned data encryption device provided in the embodiment of the present invention, the data segmentation unit 10 may be specifically configured to determine the number of target bytes for segmentation; the number of the segmented target bytes is an integer multiple of the length of the single encrypted data; and segmenting the plaintext data in the source address according to the determined number of segmented target bytes to obtain a plurality of segment data arranged according to a set sequence.
Further, in a specific implementation, the data encryption device provided in the embodiment of the present invention may further include:
and the module number confirming module is used for confirming the total number of the encryption algorithm modules according to the whole power consumption area of the system on chip.
Further, in the above-mentioned data encryption device provided in the embodiment of the present invention, the data encryption unit 11 may be specifically configured to receive a first control instruction sent by the processor; in response to a first control instruction, sequentially starting an encryption algorithm module by an input controller to encrypt fragment data corresponding to the started encryption algorithm module; the total number of the fragment data is an integer multiple of the total number of the encryption algorithm modules.
Further, in the data encryption device provided in the embodiment of the present invention, the ciphertext transmission unit 12 may be specifically configured to receive the second control instruction sent by the processor, and read ciphertext data corresponding to each piece of data by the output controller; and filling the read ciphertext data to the corresponding position of the destination address according to the set sequence.
Fig. 5 is a schematic structural diagram of a data encryption device according to an embodiment of the present invention. The present embodiment is based on a hardware angle, and as shown in fig. 5, the data encryption apparatus includes:
a memory 20 for storing a computer program;
a processor 21 for implementing the steps of the data encryption method as mentioned in the above embodiments when executing a computer program.
Processor 21 may include one or more processing cores, such as a 4-core processor, an 8-core processor, etc. The Processor 21 may be implemented in at least one hardware form of a digital signal Processor (DIGITAL SIGNAL Processor, DSP), field-Programmable gate array (Field-Programmable GATE ARRAY, FPGA), programmable logic array (Programmable Logic Array, PLA). The processor 21 may also include a main processor, which is a processor for processing data in an awake state, also called CPU, and a coprocessor; a coprocessor is a low-power processor for processing data in a standby state. In some embodiments, the processor 21 may be integrated with a graphics processor (Graphics Processing Unit, GPU) for rendering and drawing of content required to be displayed by the display screen. In some embodiments, the processor 21 may also include an artificial intelligence (ARTIFICIAL INTELLIGENCE, AI) processor for processing computing operations related to machine learning.
Memory 20 may include one or more computer-readable storage media, which may be non-transitory. Memory 20 may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory 20 is at least used for storing a computer program 201, which, when loaded and executed by the processor 21, is capable of implementing the relevant steps of the data encryption method disclosed in any of the foregoing embodiments. In addition, the resources stored in the memory 20 may further include an operating system 202, data 203, and the like, where the storage manner may be transient storage or permanent storage. Operating system 202 may include Windows, unix, linux, among other things. The data 203 may include, but is not limited to, the data related to the above-mentioned data encryption method, and the like.
In some embodiments, the data encryption device may further include a display 22, an input/output interface 23, a communication interface 24, a power supply 25, and a communication bus 26. Those skilled in the art will appreciate that the structure shown in fig. 5 does not constitute a limitation on the data encryption device and may include more or fewer components than shown. The data encryption device provided by the embodiment of the invention comprises a memory and a processor, wherein the processor can realize the data encryption method when executing the program stored in the memory, and the effects are the same as those of the data encryption method.
Finally, the invention also provides a corresponding embodiment of the computer readable storage medium. The computer-readable storage medium has stored thereon a computer program which, when executed by a processor, performs the steps as described in the method embodiments above.
It will be appreciated that the methods of the above embodiments, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored on a computer readable storage medium. Based on this understanding, the technical solution of the present invention may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium for performing all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes. The computer readable storage medium provided by the invention can realize the data encryption method, and has the same effect.
Finally, the invention also provides a corresponding embodiment of the computer program product. The computer program product comprises computer programs/instructions which, when executed by a processor, implement the steps as described in the data encryption method embodiments above. The computer program product provided by the invention can realize the data encryption method, and the effect is the same as that of the data encryption method.
It should also be noted that in this specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The data encryption method, the device, the equipment and the medium provided by the invention are described in detail. In the description, each embodiment is described in a progressive manner, and each embodiment is mainly described by the differences from other embodiments, so that the same similar parts among the embodiments are mutually referred. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section. It should be noted that it will be apparent to those skilled in the art that the present invention may be modified and practiced without departing from the spirit of the present invention.

Claims (10)

1.一种数据加密方法,其特征在于,应用于片上系统,所述方法包括:1. A data encryption method, characterized in that it is applied to a system on chip, the method comprising: 对源地址里的明文数据进行分段,得到按照设定顺序排列的多个片段数据;Segment the plaintext data in the source address to obtain multiple fragment data arranged in a set order; 采用多个加密算法模块分别对相应的片段数据进行加密处理,得到每个片段数据对应的密文数据;Use multiple encryption algorithm modules to encrypt the corresponding fragment data respectively to obtain the ciphertext data corresponding to each fragment data; 将每个片段数据对应的密文数据按照所述设定顺序传输至目的地址。The ciphertext data corresponding to each fragment data is transmitted to the destination address according to the set order. 2.根据权利要求1所述的数据加密方法,其特征在于,对源地址里的明文数据进行分段,得到按照设定顺序排列的多个片段数据,包括:2. The data encryption method according to claim 1 is characterized in that the plaintext data in the source address is segmented to obtain a plurality of fragment data arranged in a set order, including: 确定分段目标字节数量;所述分段目标字节数量为单次加密数据长度的整数倍;Determine the target number of bytes for segmentation; the target number of bytes for segmentation is an integer multiple of the length of single encrypted data; 根据确定的所述分段目标字节数量,对源地址里的明文数据进行分段,得到按照设定顺序排列的多个片段数据。According to the determined segmentation target byte quantity, the plaintext data in the source address is segmented to obtain a plurality of fragment data arranged in a set order. 3.根据权利要求1所述的数据加密方法,其特征在于,采用多个加密算法模块分别对相应的片段数据进行加密处理,包括:3. The data encryption method according to claim 1 is characterized in that a plurality of encryption algorithm modules are used to encrypt corresponding fragment data respectively, including: 接收处理器发出的第一控制指令;receiving a first control instruction issued by a processor; 响应于所述第一控制指令,由输入控制器依次启动一个加密算法模块对与启动的加密算法模块对应的片段数据进行加密处理;片段数据的总个数为加密算法模块的总个数的整数倍。In response to the first control instruction, the input controller starts one encryption algorithm module in turn to encrypt the fragment data corresponding to the started encryption algorithm module; the total number of fragment data is an integer multiple of the total number of encryption algorithm modules. 4.根据权利要求3所述的数据加密方法,其特征在于,依次启动一个加密算法模块对与启动的加密算法模块对应的片段数据进行加密处理,包括:4. The data encryption method according to claim 3, characterized in that starting one encryption algorithm module at a time to encrypt the fragment data corresponding to the started encryption algorithm module comprises: 启动第一加密算法模块对第一个片段数据进行加密处理;Starting the first encryption algorithm module to encrypt the first fragment data; 待所述第一个片段数据的所有字节加密完成后,跳至第N个片段数据,利用所述第一加密算法模块对第N个片段数据进行加密处理,同时启动第二加密算法对第二个片段数据进行加密处理;其中,N为加密算法模块的总个数加1的值;After all bytes of the first data segment are encrypted, jump to the Nth data segment, use the first encryption algorithm module to encrypt the Nth data segment, and start the second encryption algorithm to encrypt the second data segment; wherein N is the total number of encryption algorithm modules plus 1; 待所述第二个片段数据的所有字节加密完成后,跳至第N+1个片段数据,利用所述第二加密算法模块对第N+1个片段数据进行加密处理,同时启动第三加密算法对第三个片段数据进行加密处理,直至完成所有片段数据的加密。After all bytes of the second data fragment are encrypted, jump to the N+1th data fragment, use the second encryption algorithm module to encrypt the N+1th data fragment, and start the third encryption algorithm to encrypt the third data fragment at the same time until the encryption of all data fragments is completed. 5.根据权利要求1所述的数据加密方法,其特征在于,将每个片段数据对应的密文数据按照所述设定顺序传输至目的地址,包括:5. The data encryption method according to claim 1, characterized in that the ciphertext data corresponding to each fragment data is transmitted to the destination address according to the set order, comprising: 接收处理器发出的第二控制指令,由输出控制器读取每个片段数据对应的密文数据;A second control instruction is received from the processor, and the output controller reads the ciphertext data corresponding to each fragment data; 将读取的密文数据按照所述设定顺序填写至目的地址相应的位置。Fill the read ciphertext data into the corresponding position of the destination address according to the set order. 6.根据权利要求1所述的数据加密方法,其特征在于,在采用多个加密算法模块分别对相应的片段数据进行加密处理之前,还包括:6. The data encryption method according to claim 1, characterized in that before using multiple encryption algorithm modules to encrypt corresponding fragment data respectively, it also includes: 根据所述片上系统的整体功耗面积,确认加密算法模块的总个数。The total number of encryption algorithm modules is determined based on the overall power consumption area of the system on chip. 7.根据权利要求1所述的数据加密方法,其特征在于,各加密算法模块的加密类型和加密模式是随机的。7. The data encryption method according to claim 1 is characterized in that the encryption type and encryption mode of each encryption algorithm module are random. 8.一种数据加密装置,其特征在于,应用于片上系统,所述装置包括:8. A data encryption device, characterized in that it is applied to a system on a chip, the device comprising: 数据分段单元,用于对源地址里的明文数据进行分段,得到按照设定顺序排列的多个片段数据;A data segmentation unit is used to segment the plaintext data in the source address to obtain a plurality of fragment data arranged in a set order; 数据加密单元,用于采用多个加密算法模块分别对相应的片段数据进行加密处理,得到每个片段数据对应的密文数据;A data encryption unit, used to encrypt corresponding fragment data respectively using multiple encryption algorithm modules to obtain ciphertext data corresponding to each fragment data; 密文传输单元,用于将每个片段数据对应的密文数据按照所述设定顺序传输至目的地址。The ciphertext transmission unit is used to transmit the ciphertext data corresponding to each fragment data to the destination address according to the set order. 9.一种数据加密设备,其特征在于,所述设备包括:9. A data encryption device, characterized in that the device comprises: 存储器,用于存储计算机程序;Memory for storing computer programs; 处理器,用于执行所述计算机程序时实现如权利要求1至7任一项所述的数据加密方法的步骤。A processor, configured to implement the steps of the data encryption method according to any one of claims 1 to 7 when executing the computer program. 10.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如权利要求1至7任一项所述的数据加密方法的步骤。10. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the data encryption method according to any one of claims 1 to 7 are implemented.
CN202411155767.1A 2024-08-22 2024-08-22 Data encryption method, device, equipment and medium Pending CN118965403A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411155767.1A CN118965403A (en) 2024-08-22 2024-08-22 Data encryption method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411155767.1A CN118965403A (en) 2024-08-22 2024-08-22 Data encryption method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN118965403A true CN118965403A (en) 2024-11-15

Family

ID=93385408

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411155767.1A Pending CN118965403A (en) 2024-08-22 2024-08-22 Data encryption method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN118965403A (en)

Similar Documents

Publication Publication Date Title
JP7646625B2 (en) Cryptographic architecture for cipher substitution
JP4684550B2 (en) Cryptographic device that supports multiple modes of operation
CN102411694B (en) Encryption device and accumulator system
US8856198B2 (en) Random value production methods and systems
KR20110129932A (en) Key Recovery Mechanisms for Cryptographic Systems
KR102628010B1 (en) Encryption circuit for virtual encryption operation
US11429751B2 (en) Method and apparatus for encrypting and decrypting data on an integrated circuit
US20100128874A1 (en) Encryption / decryption in parallelized data storage using media associated keys
US6549622B1 (en) System and method for a fast hardware implementation of RC4
US20220321361A1 (en) Federal information processing standard (fips) compliant device identifier composition engine (dice) certificate chain architecture for embedded systems
WO2021217939A1 (en) Data processing method and apparatus for blockchain, and readable storage medium
CN111566987A (en) Data processing method, circuit, terminal device and storage medium
CN115017554A (en) Storage device and operation method of storage device
US12309256B2 (en) Apparatus for cryptographic operations on information and associated methods
CN106933510A (en) A kind of storage control
KR101126596B1 (en) Dual mode aes implementation to support single and multiple aes operations
CN118965403A (en) Data encryption method, device, equipment and medium
US9092283B2 (en) Systems with multiple port random number generators and methods of their operation
CN114258660B (en) Cipher architecture for cipher permutation
CN112487448B (en) Encryption information processing device, method and computer equipment
JP2002358008A (en) Data encryption circuit
US20240378057A1 (en) Data padding method and apparatus
US8363828B2 (en) Diffusion and cryptographic-related operations

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载