+

CN119646902A - Encryption circuit, decryption circuit, chip and electronic device - Google Patents

Encryption circuit, decryption circuit, chip and electronic device Download PDF

Info

Publication number
CN119646902A
CN119646902A CN202411760311.8A CN202411760311A CN119646902A CN 119646902 A CN119646902 A CN 119646902A CN 202411760311 A CN202411760311 A CN 202411760311A CN 119646902 A CN119646902 A CN 119646902A
Authority
CN
China
Prior art keywords
encryption
decryption
sub
round
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202411760311.8A
Other languages
Chinese (zh)
Inventor
赵创
华力
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Haining Yisiwei Computing Technology Co ltd
Beijing Eswin Computing Technology Co Ltd
Original Assignee
Haining Yisiwei Computing Technology Co ltd
Beijing Eswin Computing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Haining Yisiwei Computing Technology Co ltd, Beijing Eswin Computing Technology Co Ltd filed Critical Haining Yisiwei Computing Technology Co ltd
Priority to CN202411760311.8A priority Critical patent/CN119646902A/en
Publication of CN119646902A publication Critical patent/CN119646902A/en
Pending legal-status Critical Current

Links

Landscapes

  • Hardware Redundancy (AREA)

Abstract

本申请公开了一种加密电路、解密电路、芯片以及电子设备,属于安全技术领域。以加密电路为例,该加密电路包括加密操作模块和错误检测模块;加密操作模块,用于对输入的第一数据执行至少两次的加密操作,得到加密后的至少两个第二数据;错误检测模块,用于比较至少两个第二数据是否一致,在至少两个第二数据不一致的情况下,确定加密操作过程中存在错误注入。该加密电路通过多次执行加密操作,比较多次执行的加密结果是否一致,来检测加密操作过程中是否存在错误注入,使得加密电路具备检测错误注入的能力,提高了加密安全性。

The present application discloses an encryption circuit, a decryption circuit, a chip and an electronic device, which belong to the field of security technology. Taking the encryption circuit as an example, the encryption circuit includes an encryption operation module and an error detection module; the encryption operation module is used to perform at least two encryption operations on the input first data to obtain at least two encrypted second data; the error detection module is used to compare whether the at least two second data are consistent, and when the at least two second data are inconsistent, it is determined that there is an error injection during the encryption operation. The encryption circuit performs the encryption operation multiple times and compares whether the encryption results of the multiple executions are consistent to detect whether there is an error injection during the encryption operation, so that the encryption circuit has the ability to detect error injection, thereby improving the encryption security.

Description

Encryption circuit, decryption circuit, chip and electronic equipment
Technical Field
The present application relates to the field of security technologies, and in particular, to an encryption circuit, a decryption circuit, a chip, and an electronic device.
Background
The data is encrypted and transmitted through the encryption circuit, so that a receiver with a secret key can correctly decrypt the data through the decryption circuit, and the safety of data transmission can be ensured. The data before encryption is plaintext, and the data after encryption is ciphertext. However, during the encryption operation performed by the encryption circuit or during the decryption operation performed by the decryption circuit, there may be an external malicious error injection, and by analyzing the ciphertext after the injection error, certain information of the plaintext or the key may be deduced, so that a potential safety hazard exists.
Therefore, how to provide the encryption circuit or the decryption circuit with the capability of detecting the external error injection is a problem to be solved.
Disclosure of Invention
The application provides an encryption circuit, a decryption circuit, a chip and electronic equipment, which have the capability of detecting external error injection. The technical proposal is as follows:
In one aspect, an encryption circuit is provided, which comprises an encryption operation module and an error detection module, wherein the encryption operation module is used for executing encryption operation on input first data at least twice to obtain encrypted at least two second data, and the error detection module is used for comparing whether the at least two second data are consistent or not and determining that error injection exists in the encryption operation process under the condition that the at least two second data are inconsistent.
In one possible implementation manner, the encryption operation comprises a front half-wheel encryption operation and a rear half-wheel encryption operation, the encryption operation module comprises a first encryption sub-module and a second encryption sub-module, the error detection module comprises a first comparator and a second comparator, the first encryption sub-module is used for executing the front half-wheel encryption operation on the first data at least twice to obtain at least two front half-wheel encryption results, the first comparator is used for comparing whether the at least two front half-wheel encryption results are consistent, the second encryption sub-module is used for executing the rear half-wheel encryption operation on the at least two front half-wheel encryption results respectively to obtain at least two rear half-wheel encryption results, and the second comparator is used for comparing whether the at least two rear half-wheel encryption results are consistent.
In one possible implementation manner, the encryption operation includes multiple rounds of encryption sub-operations, the encryption operation module is configured to perform at least two times when each round of encryption sub-operation in the multiple rounds of encryption sub-operations is performed on the first data, to obtain at least two encryption sub-results of each round of encryption sub-operation, and the error detection module is configured to compare whether at least two encryption sub-results of each round of encryption sub-operation are consistent, and determine that error injection exists in the encryption operation process if at least two encryption sub-results of any round of encryption sub-operation are inconsistent.
In one possible implementation manner, each round of encryption sub-operation comprises a front half round of encryption operation and a rear half round of encryption operation, the encryption operation module comprises a first encryption sub-module and a second encryption sub-module, the error detection module comprises a first comparator and a second comparator, the first encryption sub-module is used for executing the front half round of encryption operation in each round of encryption sub-operation at least twice to obtain at least two front half round of encryption sub-results of each round of encryption sub-operation, the first comparator is used for comparing whether the at least two front half round of encryption sub-results of each round of encryption sub-operation are consistent, the second encryption sub-module is used for executing the rear half round of encryption operation in each round of encryption sub-operation at least twice to obtain at least two rear half round of encryption sub-results of each round of encryption sub-operation, and the second comparator is used for comparing whether the at least two rear half round of encryption sub-results of each round of encryption sub-operation are consistent.
In a possible implementation manner, the error detection module further comprises at least one of a first demultiplexer and a second demultiplexer, and further comprises a third register in the case of comprising the first demultiplexer and a fourth register in the case of comprising the second demultiplexer;
the first demultiplexer is configured to assign a first half round encryption sub-result executed for the 1 st time to the third register when the first encryption sub-module executes the first half round encryption operation for the 1 st time, and send a first half round encryption sub-result executed for the 2 nd time to the first comparator when the first encryption sub-module executes the first half round operation for the 2 nd time;
The second demultiplexer is configured to assign a second-half encryption sub-result executed for the 1 st time to the fourth register when the second encryption sub-module executes the second-half encryption operation for the 1 st time, send the second-half encryption sub-result executed for the 2 nd time to the second comparator when the second encryption sub-module executes the second-half encryption operation for the 2 nd time, and compare whether the second-half encryption sub-result executed for the 2 nd time is consistent with the value of the fourth register.
In a possible implementation manner, the error detection module is further configured to send out fault alarm information when it is determined that error injection exists during the encryption operation.
In one possible implementation, the encryption operation is an AES (Advanced Encryption Standard ) based encryption operation.
On the other hand, the decryption circuit comprises a decryption operation module and an error detection module, wherein the decryption operation module is used for executing decryption operation on input second data at least twice to obtain decrypted at least two first data, and the error detection module is used for comparing whether the at least two first data are consistent or not and determining that error injection exists in the decryption operation process under the condition that the at least two first data are inconsistent.
In one possible implementation manner, the decryption operation includes a first half-round decryption operation and a second half-round decryption operation, the decryption operation module includes a first decryption sub-module and a second decryption sub-module, the error detection module includes a first comparator and a second comparator, the first decryption sub-module is configured to perform the first half-round decryption operation on the second data at least twice to obtain at least two first half-round decryption results, the first comparator is configured to compare whether the at least two first half-round decryption results are consistent, the second decryption sub-module is configured to perform the second half-round decryption operation on the at least two first half-round decryption results to obtain at least two second half-round decryption results, and the second comparator is configured to compare whether the at least two second half-round decryption results are consistent.
In one possible implementation manner, the decryption operation includes multiple rounds of decryption sub-operations, the decryption operation module is configured to perform at least two times when each round of decryption sub-operation in the multiple rounds of decryption sub-operations is performed on the second data, to obtain at least two decryption sub-results of each round of decryption sub-operation, and the error detection module is configured to compare whether at least two decryption sub-results of each round of decryption sub-operation are consistent, and determine that error injection exists in the decryption operation process if at least two decryption sub-results of any round of decryption sub-operation are inconsistent.
In one possible implementation manner, each round of decryption sub-operation comprises a first half round of decryption operation and a second half round of decryption operation, the decryption operation module comprises a first decryption sub-module and a second decryption sub-module, the error detection module comprises a first comparator and a second comparator, the first decryption sub-module is used for executing the first half round of decryption operation in each round of decryption sub-operation at least twice to obtain at least two first half round decryption sub-results of each round of decryption sub-operation, the first comparator is used for comparing whether the at least two first half round decryption sub-results of each round of decryption sub-operation are consistent, the second decryption sub-module is used for executing the second half round decryption operation in each round of decryption sub-operation at least twice to obtain at least two second half round decryption sub-results of each round of decryption sub-operation, and the second comparator is used for comparing whether the at least two second half round decryption sub-results of each round of decryption sub-operation are consistent.
In a possible implementation manner, the error detection module further comprises at least one of a first demultiplexer and a second demultiplexer, and further comprises a third register in the case of comprising the first demultiplexer and a fourth register in the case of comprising the second demultiplexer;
The first demultiplexer is configured to assign a first half round decryption sub result executed for the 1 st time to the third register when the first decryption sub module executes the first half round decryption operation for the 1 st time, send a first half round decryption sub result executed for the 2 nd time to the first comparator when the first decryption sub module executes the first half round decryption operation for the 2 nd time, and compare whether the first half round decryption sub result executed for the 2 nd time is consistent with the value of the third register;
the second demultiplexer is configured to assign a second-half decryption sub-result executed for the 1 st time to the fourth register when the second decryption sub-module executes the second-half decryption operation for the 1 st time, send the second-half decryption sub-result executed for the 2 nd time to the second comparator when the second decryption sub-module executes the second-half decryption operation for the 2 nd time, and compare whether the second-half decryption sub-result executed for the 2 nd time is consistent with the value of the fourth register.
In a possible implementation manner, the error detection module is further configured to issue a fault alarm message when it is determined that there is error injection during the decryption operation.
In one possible implementation, the decryption operation is an AES-based decryption operation.
In yet another aspect, a chip is provided, the chip comprising at least one of the encryption circuit as described in the above aspect or the decryption circuit as described in the above aspect.
In a further aspect, an electronic device is provided, which comprises a chip as described in the further aspect above.
In summary, the technical scheme provided by the application at least has the following beneficial effects:
The encryption circuit detects whether error injection exists in the encryption operation process by executing the encryption operation for multiple times and comparing whether encryption results executed for multiple times are consistent, so that the encryption circuit has the capability of detecting error injection, and the encryption security is improved. The decryption circuit detects whether error injection exists in the decryption operation process by executing the decryption operation for multiple times and comparing whether decryption results executed for multiple times are consistent, so that the decryption circuit has the capability of detecting error injection and improves decryption security.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of an encryption circuit according to an embodiment of the present application;
FIG. 2 is a schematic diagram of another encryption circuit according to an embodiment of the present application;
FIG. 3 is a schematic diagram of another encryption circuit according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a wheel operation module of an AES according to an embodiment of the application;
FIG. 5 is a schematic diagram of an encryption timing sequence according to an embodiment of the present application;
fig. 6 is a schematic diagram of a decryption circuit according to an embodiment of the present application;
FIG. 7 is a schematic diagram of another decryption circuit according to an embodiment of the present application;
FIG. 8 is a schematic diagram of another decryption circuit according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of an AES module according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the embodiments of the present application will be described in further detail with reference to the accompanying drawings.
The problem of data leakage caused by error injection of an encryption circuit or a decryption circuit is solved. The embodiment of the application provides an encryption circuit capable of detecting error injection in the encryption operation process and a decryption circuit capable of detecting error injection in the decryption operation process.
Referring to fig. 1, fig. 1 is a schematic structural diagram of an encryption circuit according to an embodiment of the present application. As shown in fig. 1, the encryption circuit 00 includes an encryption operation module 01 and an error detection module 02. The device comprises an encryption operation module 01, an error detection module 02 and a data processing module, wherein the encryption operation module 01 is used for executing encryption operation on input first data at least twice to obtain encrypted at least two second data, and the error detection module 02 is used for comparing whether the at least two second data are consistent or not and determining that error injection exists in the encryption operation process under the condition that the at least two second data are inconsistent. In the event that at least two second data are consistent, it is determined that there is no error injection during the encryption operation.
Alternatively, the encryption operation module 01 is connected to the error detection module 02, and each time the encryption operation module 01 performs an encryption operation, the encryption result, that is, the second data, is sent to the error detection module 02. Therefore, the encryption circuit 00 detects whether error injection exists in the encryption operation process by executing the encryption operation for a plurality of times and comparing whether encryption results executed for a plurality of times are consistent, so that the encryption circuit has the capability of detecting error injection, and the encryption security is improved.
In the embodiment of the present application, the error detection module 02 is further configured to send out fault alarm information when it is determined that error injection exists in the encryption operation process. The mode of sending out the fault alarm information is not limited in the embodiment of the application, for example, a fault lamp is turned on to alarm, or a fault audio is sent out to alarm. The error injection can be processed in time, and data leakage is avoided.
In one possible implementation, the encryption operations may include a front half round encryption operation and a back half round encryption operation. The embodiment of the application does not limit the mode of dividing the front half round encryption operation and the rear half round encryption operation, and can arbitrarily divide a plurality of operation steps included in the encryption operation into two parts, wherein the part with the front execution sequence is the front half round encryption operation, and the part with the rear execution sequence is the rear half round encryption operation.
In this case, referring to fig. 2, fig. 2 is a schematic diagram of another encryption circuit according to an embodiment of the present application. As shown in fig. 2, the encryption operation module 01 includes a first encryption sub-module 011 and a second encryption sub-module 012, and the error detection module 02 includes a first comparator 021 and a second comparator 022.
The first encryption sub-module 011 is configured to perform at least two front half round encryption operations on the first data to obtain at least two front half round encryption results, the first comparator 021 is configured to compare whether the at least two front half round encryption results are consistent, the second encryption sub-module 012 is configured to perform at least two rear half round encryption operations on the at least two front half round encryption results to obtain at least two rear half round encryption results, and the second comparator 022 is configured to compare whether the at least two rear half round encryption results are consistent. In the case where the first comparator 021 detects that at least two front-half round encryption results are inconsistent and/or the second comparator 022 detects that at least two front-and-back round encryption results are inconsistent, it is determined that error injection exists during the encryption operation.
Optionally, the first encryption submodule 011 is connected to the first comparator 021, and each time the first encryption submodule 011 performs a first half round encryption operation, the first half round encryption result is sent to the first comparator 021 once. The second encryption sub-module 012 is connected to the second comparator 022, and the second encryption sub-module 012 sends the second-half round encryption result to the second comparator 022 once every time the second-half round encryption operation is performed.
Therefore, each half round of encryption operation is compared and detected once, the detection accuracy is improved, and in the pipeline execution process, the front half round of encryption result can be compared when the rear half round of encryption operation is executed, so that the working efficiency is ensured.
In another possible implementation manner, the encryption operation may include multiple rounds of encryption sub-operations, for example, performing round 1 encryption sub-operation on the first data to obtain round 1 encryption sub-result, performing round 2 encryption sub-operation on the round 1 encryption sub-result to obtain round 2 encryption sub-result, and so on, until all rounds of encryption sub-operation are performed, where the obtained round encryption sub-result is the second data.
In this case, the encryption operation module 01 is configured to perform at least two times to obtain at least two encryption sub-results of each round of encryption sub-operation when each round of encryption sub-operation is performed on the first data, and the error detection module 02 is configured to compare whether the at least two encryption sub-results of each round of encryption sub-operation are consistent, and determine that error injection exists in the encryption operation process when the at least two encryption sub-results of any round of encryption sub-operation are inconsistent.
Optionally, the encryption operation module 01 sequentially executes each round of encryption sub-operation according to the round sequence, which may be to complete all rounds of encryption sub-operation first, then execute all rounds of encryption sub-operation from the beginning again, or directly repeatedly execute the current round of encryption sub-operation once every time the current round of encryption sub-operation is executed, and then start executing the next round of encryption sub-operation after completing at least two times of execution of the current round of encryption sub-operation. Each time the encryption operation module 01 performs a round of encryption sub-operations, the encryption sub-result of the round of encryption sub-operations is sent to the error detection module 02 once.
Therefore, the encryption algorithm for the multi-round encryption operation can compare and detect the encryption sub-result of each round of encryption operation once, so that the detection accuracy is improved, and in the pipeline execution process, the encryption sub-result of the previous round of encryption sub-operation can be compared when the encryption sub-operation of the current round is executed, and the working efficiency is ensured.
In yet another possible implementation, the encryption operation includes multiple rounds of encryption sub-operations, and each round of encryption sub-operation includes a front half round of encryption operation and a back half round of encryption operation. In this case, in the encryption circuit shown in fig. 2, a first encryption sub-module 011 is configured to perform at least two times on a first half round of encryption operation in each round of encryption sub-operation to obtain at least two first half round of encryption sub-results of each round of encryption sub-operation, a first comparator 021 is configured to compare whether the at least two first half round of encryption sub-results of each round of encryption sub-operation are identical, a second encryption sub-module 012 is configured to perform at least two times on a second half round of encryption operation in each round of encryption sub-operation to obtain at least two second half round of encryption sub-results of each round of encryption sub-operation, and a second comparator 022 is configured to compare whether the at least two second half round of encryption sub-results of each round of encryption sub-operation are identical.
In one possible implementation, the error detection module 02 further includes at least one of a first demultiplexer and a second demultiplexer. In case the error detection module 02 comprises a first demultiplexer the error detection module 02 further comprises a third register, and in case the error detection module 02 comprises a second demultiplexer the error detection module 02 further comprises a fourth register.
The first demultiplexer is configured to assign a first half round encryption sub-result executed 1 st time to the third register in the case that the first encryption sub-module 011 executes the first half round encryption operation 1 st time, send the first half round encryption sub-result executed 2 nd time to the first comparator 021 in the case that the first encryption sub-module 011 executes the first half round operation 2 nd time, and the first comparator 021 is configured to compare whether the first half round encryption sub-result executed 2 nd time is consistent with the value of the third register 027.
A second demultiplexer for assigning a second-round encryption sub result of the 1 st execution to the fourth register in case the second encryption sub module 012 performs the second-round encryption operation for the 1 st time, transmitting the second-round encryption sub result of the 2 nd execution to the second comparator 022 in case the second encryption sub module 012 performs the second-round encryption operation for the 2 nd time, and comparing whether the second-round encryption sub result of the 2 nd execution is identical to the value of the fourth register.
In the embodiment of the present application, referring to fig. 3, fig. 3 is a schematic structural diagram of another encryption circuit according to the embodiment of the present application. As shown in fig. 3, taking two execution examples, the error detection module 02 further includes a first register 023 and a second register 024, where the first register 023 is used to store the first half round encryption sub-result of each execution of the first half round encryption operation, and the second register 024 is used to store the second half round encryption sub-result of each execution of the second half round encryption operation.
Optionally, as further shown in fig. 3, the error detection module 02 further includes a first demultiplexer 025, a second demultiplexer 026, a third register 027, and a fourth register 028. The first demultiplexer 025 is configured to assign the value of the first register 023 to the third register 027 when the first encryption submodule 011 performs the first half round of encryption operation for the 1 st time, and assign the value of the first register 023 to the first comparator 021 when the first encryption submodule 011 performs the first half round of operation for the 2 nd time. A first comparator 021 for comparing whether the value of the first register 023 is identical to the value of the third register 027.
The value of the first register 023 and the value of the third register 027 are both the first half round encryption sub-result of the 1 st execution in the clock cycle of the 1 st execution of the first half round encryption operation, the value of the first register 023 becomes the first half round encryption sub-result of the 2 nd execution in the clock cycle of the 2 nd execution of the first half round encryption operation, the value of the third register 027 is still the first half round encryption sub-result of the 1 st execution, the first comparator 021 works in the clock cycle of the 2 nd execution of the first half round encryption operation, and the value of the first register 023 is compared with the value of the third register 027, namely, the comparison of the two execution results.
Similarly, the second demultiplexer 026 is configured to assign the value of the second register 024 to the fourth register 028 in the case where the second encryption sub-module 012 performs the second half round encryption operation for the 1 st time, output the value of the second register 024 to the second comparator 022 in the case where the second encryption sub-module 012 performs the second half round encryption operation for the 2 nd time, and compare whether the value of the second register 024 coincides with the value of the fourth register 028.
Therefore, the intermediate encryption sub-result can be recorded in real time through the register, and the comparison of the encryption sub-result is convenient, so that the normal execution of the encryption operation is not affected in the comparison process.
Next, an encryption operation is described as an example of an AES-based encryption operation. AES is a symmetric cryptographic algorithm, i.e. the same key is used for encryption and decryption. AES is a block cipher, i.e. a grouping of plaintext into groups, each group being of equal length, each time encrypting a group of data until the complete plaintext is encrypted. The encryption formula of AES is c=e (K, P), K is a key, P is plaintext data, the encryption function E is a round function, and C is ciphertext.
The length of the key is different, and the execution times of round functions are also different, taking the key length of 128 bits as an example, the encryption operation needs to be executed 10 times, namely 10 rounds of encryption sub-operations. In AES the round 1 to round 9 round functions of encryption operate identically, e.g. the first 9 rounds of encryption sub-operations may include four steps of byte substitution, row displacement, column mixing and round key addition. The operation of the round function of the last round is different from the first 9 rounds, and the step of column mixing is not performed. In addition, before the round 1 encryption sub-operation is executed, the plaintext and the original key are subjected to exclusive OR encryption operation.
Accordingly, the decryption process is the inverse of the encryption process, i.e., the decryption process includes 10 rounds of decryption sub-operations. The operations of the round functions from round 1 to round 9 of decryption are the same, for example, the first 9 round of decryption sub-operations can comprise four steps of reverse shift, reverse byte substitution, round key encryption and reverse column mixing, and the last round of decryption sub-operation is similar to the encryption operation, does not execute the reverse column mixing operation, and carries out exclusive or decryption operation on ciphertext and an original key before executing the round 1 of decryption sub-operation.
Illustratively, referring to the schematic diagram of the wheel operation module of AES shown in fig. 4, the wheel operation module corresponds to the encryption circuit 00 in the embodiment of the present application, and the multiple times of the wheel operation perform the corresponding multiple rounds of encryption sub-operations. The embodiment of the application detects transient single faults and multiple faults, such as error injection, in the encryption process by adding a time redundancy technology to the wheel operation module of the AES.
Wherein the encryption sub-operation of each round of AES is divided into two parts, an AES front half round operation (R1, i) and an AES rear half round operation (R2, i), R1 representing the front half round, R2 representing the rear half round, i representing the turn. For example, the AES front half round operation may include two steps of byte substitution and row displacement, and the AES back half round operation may include two steps of column mixing and round key. Alternatively, the AES front half round operation may include three steps of byte substitution, row displacement, and column mixing, and the AES back half round operation may include the step of round key.
A pipeline register (i.e., a first register) is inserted between the front half-round operation (R1, i) of AES and the rear half-round operation (R2, i) of AES, and an output register (i.e., a second register) is added after the rear half-round operation (R2, i) of AES. The AES front half round operation (R1, i) and the AES rear half round operation (R2, i) are both performed twice, and the operation results of the two times are compared for detection. Wherein the added pipeline register can increase the maximum working frequency, so that the throughput can be ensured. Thus, the wheel operation of AES is divided into two parts instead of simply repeating the wheel operation of the same wheel twice, so that it is possible to check whether the first-half wheel operation is wrong when the second-half wheel operation is performed.
For the structure shown in fig. 4, the plaintext (first data) is xored with the original key once, the xored result is input to a Multiplexer (MUX), and for the round 1 encryption sub-operation, the MUX selects to input the xored result to the first half of AES operation, where i=1. The pipeline register stores the calculated intermediate value, i.e., the first half round of the encryption sub-result. The first demultiplexer (DEMUX 1) selects to send the first half round of encryption sub-result of the 1 st execution to the comparison register 1, and DEMUX 1 selects to send the first half round of encryption sub-result of the 2 nd repetition to the comparator 1. The comparator 1 is used for comparing the value of the comparison register 1 with the value of the pipeline register, namely comparing the two-time execution of the first half round encryption sub-result, and outputting a comparison result 1.
The DEMUX 1 also selects to send the first-half round encryption sub-result executed each time to the second-half round AES operation, and the output register stores the calculated output value, that is, the second-half round encryption sub-result. The second demultiplexer (DEMUX 2) selects to send the second half round of encryption sub-result of the 1 st execution to the comparison register 2, and DEMUX 2 selects to send the second half round of encryption sub-result of the 2 nd repetition to the comparator 2. The comparator 2 is used for comparing the value of the comparison register 2 with the value of the output line register, namely comparing the two times of the second-half round encryption sub-results, and outputting a comparison result 2.
DEMUX 2 also selects the second half round of encryption sub-results to be output each time. For the non-last round of encryption sub-operation, DEMUX 2 selects to input the result of the second round of encryption sub-operation executed at this time back to the MUX, and for the non-1 st round of encryption sub-operation, the MUX selects to input the result of the second round of encryption sub-operation to the first half of AES, wherein i is larger than 1. And circularly executing the flow until all rounds of encryption sub-operations are completed.
Illustratively, the operating sequence of the round operation module may be as shown in table 1 in each clock cycle (clk). The 1 st clock cycle performs an exclusive or operation of the plaintext, i.e. the plaintext, with the original key, the compare register 1 is loaded to store the first half round of encryption sub-result in the even clock cycles 2, 4, 6, etc., the comparator 2 is operated to detect errors in (R2, i), and the compare register 2 is loaded to store the second half round of encryption sub-result in the odd clock cycles 3, 5, 7, etc., the comparator 2 is operated to detect errors in (R2, i). The pipeline registers and output registers operate in all clock cycles to store the calculation results in real time. The AES front half-round operation (R1, i) and the AES back half-round operation (R2, i) are operated in all clock cycles to improve encryption efficiency.
TABLE 1
It can also be seen from table 1 that the 1 st comparison of comparator 1 will be made in clock cycle 3, comparing the normally encrypted first half round encryption sub-result with the re-encrypted first half round encryption sub-result, i.e. the encryption process is performed in clock cycle 2, but the encryption result is not used until clock cycle 2.
In the embodiment of the present application, the encryption timing diagram of the round operation module may be as shown in fig. 5, where the AES front half round operation and the AES back half round operation are switched between normal encryption and re-encryption every other clock cycle. That is, the re-encryption of the AES back half round operation is performed in the same clock cycle as the normal encryption of the AES front half round operation. For the 128-bit key case, the round operation module shown in fig. 4 rounds up to about 11 round functions to process the incoming 128-bit plaintext, thereby running 22 clock cycles to perform all 11 rounds of encryption sub-operations and comparison checks.
Therefore, the embodiment of the application provides the wheel operation module with the error injection detection function, and the AES wheel operation is divided into two part operations and a pipeline, so that whether the front half wheel operation is wrong or not can be checked during the rear half wheel operation, the area overhead is saved, and the working speed is ensured.
The encryption circuit provided by the embodiment of the application corresponds to the encryption circuit, and the embodiment of the application also provides a decryption circuit. The decryption circuit may be an inverse of the encryption operation as compared to the encryption circuit replacing the encryption operation with the decryption operation. Referring to fig. 6, the decryption circuit 10 includes a decryption operation module 11 and an error detection module 12. The device comprises a decryption operation module 11, an error detection module 12 and a data processing module, wherein the decryption operation module 11 is used for executing decryption operation on input second data at least twice to obtain decrypted at least two first data, and the error detection module 12 is used for comparing whether the at least two first data are consistent or not and determining that error injection exists in the decryption operation process under the condition that the at least two first data are inconsistent.
In the case where the decryption operation includes a first-half-round decryption operation and a second-half-round decryption operation, referring to fig. 7, the decryption operation module 11 includes a first decryption sub-module 111 and a second decryption sub-module 112, and the error detection module 12 includes a first comparator 121 and a second comparator 122. The first decryption sub-module 111 is configured to perform at least two first-half round decryption operations on the second data to obtain at least two first-half round decryption results, the first comparator 121 is configured to compare whether the at least two first-half round decryption results are consistent, the second decryption sub-module 112 is configured to perform at least two second-half round decryption operations on the at least two first-half round decryption results to obtain at least two second-half round decryption results, and the second comparator 122 is configured to compare whether the at least two second-half round decryption results are consistent.
In the case that the decryption operation includes multiple rounds of decryption sub-operations, the decryption operation module 11 in fig. 6 is configured to perform at least two times to obtain at least two decryption sub-results of each round of decryption sub-operation when each round of decryption sub-operation is performed on the second data, and the error detection module 12 is configured to compare whether the at least two decryption sub-results of each round of decryption sub-operation are identical, and determine that error injection exists during the decryption operation if the at least two decryption sub-results of any round of decryption sub-operation are not identical.
In the case that the decryption operation includes multiple rounds of decryption sub-operations, each round of decryption sub-operation includes a first half round of decryption operation and a second half round of decryption operation, the decryption operation module 11 in fig. 7 includes a first decryption sub-module 111 and a second decryption sub-module 112, the error detection module 12 includes a first comparator 121 and a second comparator 122, the first decryption sub-module 111 is configured to perform at least two times on the first half round of decryption operation in each round of decryption sub-operation to obtain at least two first half round of decryption sub-results of each round of decryption sub-operation, the first comparator 121 is configured to compare whether the at least two first half round of decryption sub-results of each round of decryption sub-operation are identical, the second decryption sub-module 112 is configured to perform at least two times on the second half round of decryption operation in each round of decryption sub-operation to obtain at least two second half round of decryption sub-results of each round of decryption sub-operation, and the second comparator 122 is configured to compare whether the at least two second half round of decryption sub-results of each round of decryption sub-operation are identical.
In one possible implementation, the error detection module 12 further includes at least one of a first demultiplexer and a second demultiplexer. In case the error detection module 12 comprises a first demultiplexer the error detection module 12 further comprises a third register, and in case the error detection module 12 comprises a second demultiplexer the error detection module 12 further comprises a fourth register.
The first demultiplexer is configured to assign a first half round decryption sub result executed 1 st time to the third register in case the first decryption sub module 111 executes the first half round decryption operation 1 st time, send a first half round decryption sub result executed 2 nd time to the first comparator 121 in case the first decryption sub module 111 executes the first half round decryption operation 2 nd time, and the first comparator 121 is configured to compare whether the first half round decryption sub result executed 2 nd time is consistent with the value of the third register 127.
The second demultiplexer is configured to assign a second-half decryption sub-result of the 1 st execution to the fourth register 128 in the case that the second decryption sub-module 112 performs the second-half decryption operation for the 1 st time, send the second-half decryption sub-result of the 2 nd execution to the second comparator 122 in the case that the second decryption sub-module 112 performs the second-half decryption operation for the 2 nd time, and compare whether the second-half decryption sub-result of the 2 nd execution matches the value of the fourth register 128.
In a possible implementation, referring to fig. 8, the error detection module 12 further includes a first register 123 and a second register 124, where the first register 123 is used to store a first-half decryption sub-result of each execution of the first-half decryption operation, and the second register 124 is used to store a second-half decryption sub-result of each execution of the second-half decryption operation.
Optionally, with continued reference to FIG. 8, the error detection module 12 also includes a first demultiplexer 125, a second demultiplexer 126, a third register 127, and a fourth register 128. The first demultiplexer 125 is configured to assign a value of the first register 123 to the third register 127 in case the first decryption sub-module 111 performs the first half round of decryption operation for the 1 st time, assign a value of the first register 123 to the first comparator 121 in case the first decryption sub-module 111 performs the first half round of decryption operation for the 2 nd time, the first comparator 121 is configured to compare whether the value of the first register 123 is identical to the value of the third register 127, the second demultiplexer 126 is configured to assign a value of the second register 124 to the fourth register 128 in case the second decryption sub-module 112 performs the second half round of decryption operation for the 1 st time, and output a value of the second register 124 to the second comparator 122 in case the second decryption sub-module 112 performs the second half round of decryption operation for the 2 nd time, and the second comparator 122 is configured to compare whether the value of the second register 124 is identical to the value of the fourth register 128.
In a possible implementation, the error detection module 12 is further configured to issue a fault alert message in case it is determined that there is an error injection during the decryption operation. The decryption operation in the embodiment of the present application may be an AES-based decryption operation.
Other embodiments and advantages of the decryption circuit 10 can be seen from the description of the encryption circuit 00, and will not be described herein.
The chip provided by the embodiment of the application comprises at least one of the encryption circuit 00 or the decryption circuit 10. Thus, the chip can detect the error injection in time through the encryption circuit 00 or the decryption circuit 10, and the security of the AES encryption and decryption circuit is improved. Alternatively, the chip may be any chip that encrypts data or decrypts data using an encryption algorithm.
The chip may be an AES module, and a schematic structure of the AES module may be shown in fig. 9. The AES module comprises an input interface, a state control module, an AES encryption wheel operation module, an AES decryption wheel operation module, a key expansion module, an IV (initialization vector ) management module, an AES function library and an output interface.
The input interface is used for loading an input signal and storing input blocks waiting for encryption/decryption, wherein the input blocks are blocks in the input signal, for example, the length of the input blocks is 128 bits, the input blocks are waiting for encryption when the input blocks are plaintext, and the input blocks are waiting for decryption when the input blocks are ciphertext. Since the input block, key and initialization vector are 32 bits long, but the output block is 128/192/256 bits long, the input interface may include a data buffer, an IV buffer and a key buffer for buffering during loading. The state control module is used for generating control signals for other modules.
The AES encryption wheel operation module is used for encrypting the input block and corresponds to the encryption circuit, and the AES decryption wheel operation module is used for decrypting the input block and corresponds to the decryption circuit. The key expansion module is used to compute a set of internal keys based on a single external key. The IV management module is used for managing the initialization vector in the AES of different modes. The AES function library defines different AES functions such as byte substitution, row displacement, column mixing, or round key addition. The output interface is for receiving the plaintext/ciphertext of 128/192/256 bits in length and converting it into 4/6/8 signals of 32 bits in length, and like the input interface, the output interface includes a data buffer for buffering the output signal.
The embodiment of the application also provides electronic equipment, which comprises the chip. Because the electronic equipment comprises the chip, the electronic equipment can timely detect error injection when encrypting or decrypting data through the chip, and the safety of data transmission is improved.
It is to be understood that the terminology used in the description of the embodiments of the disclosure is for the purpose of describing the embodiments of the disclosure only and is not intended to be limiting of the disclosure. Unless defined otherwise, technical or scientific terms used in the embodiments of the present disclosure should be given the ordinary meaning as understood by one of ordinary skill in the art to which the present disclosure belongs.
As used in the specification and claims of this application, the terms "first," "second," or "third," and the like, do not denote any order, quantity, or importance, but rather are used to distinguish one element from another.
Likewise, the terms "a" or "an" and the like do not denote a limitation of quantity, but rather denote the presence of at least one.
The word "comprising" or "comprises", and the like, is intended to mean that elements or items that are present in front of "comprising" or "comprising" are included in the word "comprising" or "comprising", and equivalents thereof, without excluding other elements or items.
"Upper", "lower", "left" or "right" etc. are only used to indicate relative positional relationships, which may also be changed accordingly when the absolute position of the object to be described is changed. "connected" or "coupled" refers to electrical connections.
"And/or" means that there may be three relationships, e.g., A and/or B, and that there may be three cases where A alone exists, while A and B exist, and B alone exists. The character "/" generally indicates that the context-dependent object is an "or" relationship.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working processes of the gate driving circuit, the shift register unit, each circuit and each sub-circuit described above may refer to corresponding processes in the method embodiments, and are not described herein again.
The foregoing description of the preferred embodiments of the present disclosure is provided for the purpose of illustration only, and is not intended to limit the disclosure to the particular embodiments disclosed, but on the contrary, the intention is to cover all modifications, equivalents, alternatives, and alternatives falling within the spirit and principles of the disclosure.

Claims (14)

1. An encryption circuit is characterized by comprising an encryption operation module and an error detection module;
the encryption operation module is used for executing encryption operation on the input first data at least twice to obtain at least two encrypted second data;
The error detection module is used for comparing whether the at least two second data are consistent or not, and determining that error injection exists in the encryption operation process under the condition that the at least two second data are inconsistent.
2. The encryption circuit of claim 1, wherein the encryption operation comprises a front half encryption operation and a back half encryption operation, the encryption operation module comprises a first encryption sub-module and a second encryption sub-module, and the error detection module comprises a first comparator and a second comparator;
the first encryption sub-module is used for executing the first half round encryption operation on the first data at least twice to obtain at least two first half round encryption results;
the first comparator is used for comparing whether the encryption results of the at least two front half rounds are consistent;
The second encryption sub-module is configured to perform the second-half encryption operation on the at least two first-half encryption results, respectively, to obtain at least two second-half encryption results;
and the second comparator is used for comparing whether the encryption results of the at least two rear half rounds are consistent.
3. The encryption circuit of claim 1, wherein the encryption operation comprises a plurality of rounds of encryption sub-operations, the encryption operation module being configured to perform at least two rounds of encryption sub-operations each of the rounds of encryption sub-operations on the first data, resulting in at least two encryption sub-results for each round of encryption sub-operations;
the error detection module is used for comparing whether at least two encryption sub-results of each round of encryption sub-operation are consistent or not, and determining that error injection exists in the encryption operation process under the condition that at least two encryption sub-results of any round of encryption sub-operation are inconsistent.
4. A cryptographic circuit as in claim 3 wherein each round of cryptographic sub-operations comprises a front half round of cryptographic operations and a back half round of cryptographic operations, the cryptographic operation module comprises a first cryptographic sub-module and a second cryptographic sub-module, the error detection module comprises a first comparator and a second comparator;
the first encryption sub-module is used for executing the first half round of encryption operation in each round of encryption sub-operation at least twice to obtain at least two first half round encryption sub-results of each round of encryption sub-operation;
the first comparator is used for comparing whether at least two first half round encryption sub-results of each round of encryption sub-operation are consistent;
the second encryption sub-module is configured to perform at least two times on a second half round of encryption operation in each round of encryption sub-operation, so as to obtain at least two second half round encryption sub-results of each round of encryption sub-operation;
The second comparator is used for comparing whether at least two second-half round encryption sub-results of each round of encryption sub-operation are consistent.
5. The encryption circuit of claim 4, wherein the error detection module further comprises at least one of a first demultiplexer and a second demultiplexer, and further comprises a third register if the first demultiplexer is included, and a fourth register if the second demultiplexer is included;
The first demultiplexer is configured to assign a first half round encryption sub-result executed for the 1 st time to the third register when the first encryption sub-module executes the first half round encryption operation for the 1 st time, and send a first half round encryption sub-result executed for the 2 nd time to the first comparator when the first encryption sub-module executes the first half round operation for the 2 nd time;
The first comparator is used for comparing whether the first half round encryption sub result executed for the 2 nd time is consistent with the value of the third register;
The second demultiplexer is configured to assign a second half round encryption sub-result executed for the 1 st time to the fourth register when the second encryption sub-module executes the second half round encryption operation for the 1 st time, and send the second half round encryption sub-result executed for the 2 nd time to the second comparator when the second encryption sub-module executes the second half round encryption operation for the 2 nd time;
and the second comparator is used for comparing whether the second half round encryption sub result executed for the 2 nd time is consistent with the value of the fourth register.
6. The encryption circuit of any one of claims 1-5, wherein the error detection module is further configured to issue a fault alert if it is determined that there is an error injection during the encryption operation.
7. A decryption circuit is characterized by comprising a decryption operation module and an error detection module;
the decryption operation module is used for executing decryption operation on the input second data at least twice to obtain at least two decrypted first data;
the error detection module is used for comparing whether the at least two first data are consistent or not, and determining that error injection exists in the decryption operation process under the condition that the at least two first data are inconsistent.
8. The decryption circuit of claim 7, wherein the decryption operation comprises a first half round of decryption operation and a second half round of decryption operation, the decryption operation module comprises a first decryption sub-module and a second decryption sub-module, and the error detection module comprises a first comparator and a second comparator;
the first decryption sub-module is used for executing the first half round decryption operation on the second data at least twice to obtain at least two first half round decryption results;
The first comparator is used for comparing whether the decryption results of the at least two first half rounds are consistent;
The second decryption sub-module is configured to perform the second half round decryption operation on the at least two first half round decryption results, to obtain at least two second half round decryption results;
And the second comparator is used for comparing whether the decryption results of the at least two second half rounds are consistent.
9. The decryption circuit of claim 8, wherein the decryption operation comprises a plurality of rounds of decryption sub-operations, the decryption operation module being configured to perform each of the rounds of decryption sub-operations at least twice when performing each of the rounds of decryption sub-operations on the second data, resulting in at least two decryption sub-results for each round of decryption sub-operations;
The error detection module is used for comparing whether at least two decryption sub-results of each round of decryption sub-operation are consistent or not, and determining that error injection exists in the decryption operation process under the condition that at least two decryption sub-results of any round of decryption sub-operation are inconsistent.
10. The decryption circuit of claim 9, wherein each round of decryption sub-operations comprises a first half round of decryption operations and a second half round of decryption operations, the decryption operation module comprises a first decryption sub-module and a second decryption sub-module, and the error detection module comprises a first comparator and a second comparator;
The first decryption sub-module is configured to perform at least two times on a first half round of decryption operation in each round of decryption sub-operation, so as to obtain at least two first half round decryption sub-results of each round of decryption sub-operation;
the first comparator is used for comparing whether at least two first half round decryption sub-results of each round of decryption sub-operation are consistent or not;
The second decryption sub-module is configured to perform at least two times on a second half round of decryption operation in each round of decryption sub-operation, so as to obtain at least two second half round decryption sub-results of each round of decryption sub-operation;
and the second comparator is used for comparing whether at least two second-half round decryption sub-results of each round of decryption sub-operation are consistent.
11. The decryption circuit of claim 10, wherein the error detection module further comprises at least one of a first demultiplexer and a second demultiplexer, and further comprises a third register if the first demultiplexer is included, and a fourth register if the second demultiplexer is included;
The first demultiplexer is configured to assign a first half round decryption sub-result executed for the 1 st time to the third register when the first decryption sub-module executes the first half round decryption operation for the 1 st time, and send a first half round decryption sub-result executed for the 2 nd time to the first comparator when the first decryption sub-module executes the first half round decryption operation for the 2 nd time;
The first comparator is used for comparing whether the first half round decryption sub result executed for the 2 nd time is consistent with the value of the third register;
The second demultiplexer is configured to assign a second half round decryption sub-result executed for the 1 st time to the fourth register when the second decryption sub-module executes the second half round decryption operation for the 1 st time, and send the second half round decryption sub-result executed for the 2 nd time to the second comparator when the second decryption sub-module executes the second half round decryption operation for the 2 nd time;
And the second comparator is used for comparing whether the second half round decryption sub result executed for the 2 nd time is consistent with the value of the fourth register.
12. The decryption circuit according to any of claims 7-11, wherein the error detection module is further adapted to issue a fault alert in case it is determined that there is an error injection during the decryption operation.
13. A chip comprising at least one of the encryption circuit of any one of claims 1 to 6 or the decryption circuit of any one of claims 7 to 12.
14. An electronic device comprising the chip of claim 13.
CN202411760311.8A 2024-12-02 2024-12-02 Encryption circuit, decryption circuit, chip and electronic device Pending CN119646902A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411760311.8A CN119646902A (en) 2024-12-02 2024-12-02 Encryption circuit, decryption circuit, chip and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411760311.8A CN119646902A (en) 2024-12-02 2024-12-02 Encryption circuit, decryption circuit, chip and electronic device

Publications (1)

Publication Number Publication Date
CN119646902A true CN119646902A (en) 2025-03-18

Family

ID=94948388

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411760311.8A Pending CN119646902A (en) 2024-12-02 2024-12-02 Encryption circuit, decryption circuit, chip and electronic device

Country Status (1)

Country Link
CN (1) CN119646902A (en)

Similar Documents

Publication Publication Date Title
US11743028B2 (en) Protecting block cipher computation operations from external monitoring attacks
Karpovsky et al. Robust protection against fault-injection attacks on smart cards implementing the advanced encryption standard
CN108073353B (en) A method and device for data processing
Guo et al. Recomputing with permuted operands: A concurrent error detection approach
US11546135B2 (en) Key sequence generation for cryptographic operations
US8428251B2 (en) System and method for stream/block cipher with internal random states
JP4684550B2 (en) Cryptographic device that supports multiple modes of operation
US20080143561A1 (en) Operation processing apparatus, operation processing control method, and computer program
JPH08248879A (en) Method and apparatus for encryption by using two keys
CN116488794B (en) Method and device for realizing high-speed SM4 password module based on FPGA
CN1592190B (en) Hardware encryption engine and encryption method
Nara et al. A scan-based attack based on discriminators for AES cryptosystems
KR20050087271A (en) Key schedule apparatus for generating an encryption round key and a decryption round key selectively corresponding to initial round key having variable key length
US8774402B2 (en) Encryption/decryption apparatus and method using AES rijndael algorithm
US12425213B2 (en) Cipher accelerator and differential fault analysis method for encryption/decryption operation
CN110493003B (en) A Fast Encryption System Based on Quadratic Binary Bottom Modulo Operation
CN109450614B (en) An encryption and decryption method suitable for high-speed data transmission path
CN119646902A (en) Encryption circuit, decryption circuit, chip and electronic device
CN114826562A (en) Data encryption method and device, electronic equipment and storage medium
Yu et al. A compact ASIC implementation of the advanced encryption standard with concurrent error detection
US20060050875A1 (en) Apparatus and method for recognizing a failure of a cryptographic unit
Yu et al. A hybrid approach to concurrent error detection for a compact ASIC implementation of the advanced encryption standard
KR100546777B1 (en) SED encryption / decoding device, encryption / decoding method, round processing method, F function processor suitable for this
US20240373077A1 (en) Video transmission method, video transmission apparatus, electronic device and readable medium
JP4708914B2 (en) Decryption method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载