CN117240430A - Encryption and decryption method and circuit based on asynchronous circuit - Google Patents

Encryption and decryption method and circuit based on asynchronous circuit Download PDF

Info

Publication number
CN117240430A
CN117240430A CN202311137555.6A CN202311137555A CN117240430A CN 117240430 A CN117240430 A CN 117240430A CN 202311137555 A CN202311137555 A CN 202311137555A CN 117240430 A CN117240430 A CN 117240430A
Authority
CN
China
Prior art keywords
module
encryption
round
decryption
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311137555.6A
Other languages
Chinese (zh)
Inventor
何旗凯
马德
岳克强
马琪
胡有能
吕宝媛
李一涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dianzi University
Original Assignee
Hangzhou Dianzi University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dianzi University filed Critical Hangzhou Dianzi University
Priority to CN202311137555.6A priority Critical patent/CN117240430A/en
Publication of CN117240430A publication Critical patent/CN117240430A/en
Pending legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses an encryption and decryption method and circuit based on an asynchronous circuit, which aim at the problem of internal storage and transmission data security of a microprocessor with RISC-V instruction set architecture and the like, which are relatively imperfect in safety performance at present. The local control signal is used for replacing the global clock through the AES asynchronous control module, and the CLICK unit circuit of the event-driven network is used for controlling the plaintext encryption module, the ciphertext decryption module and the key expansion and storage module; the three modules all adopt a module iteration mode to realize an integral whole pipeline structure, and the inside of each individual module is also in the structure of the pipeline, so that the module is easy to be integrated in a modularized manner, and the encryption and decryption operation of the AES whole pipeline is controlled more simply and efficiently.

Description

Encryption and decryption method and circuit based on asynchronous circuit
Technical Field
The invention belongs to the field of information security, and particularly relates to an encryption and decryption method and circuit based on an asynchronous circuit.
Background
In recent years, with the increasing increase of the internet of things technology, a great number of operations of data storage, processing and transmission exist between internet of things devices. Information technology and computer technology are continuously developed, digital information is interacted more and more frequently, digital information security is more and more emphasized, encryption of information data becomes an important means for guaranteeing data security, encryption of data is needed by a software end, and hardware digital information security is also indispensable.
Compared with an AES encryption algorithm under the control of a synchronous circuit CLK signal of the same hardware architecture, the asynchronous control circuit can effectively relieve the power consumption problem caused by the addition of the hardware circuit of the encryption algorithm: the triggering mode of the asynchronous control circuit is based on event driving, the original clock inversion is replaced by event-driven level inversion, a plurality of unnecessary clock inversions are reduced, and the power consumption generated by the encryption and decryption circuit is greatly reduced. On the other hand, in the event-driven mode of the asynchronous circuit, in the encryption and decryption circuit using the pipeline structure, useless waiting delay in a module with smaller delay in the original pipeline structure is greatly reduced, and the operation efficiency of an encryption and decryption algorithm is greatly improved. Finally, the asynchronous circuit almost performs irregular level inversion in the circuit, so that the difficulty in breaking the AES encryption algorithm in side channel attack is further improved. The circuit control function can be safely finished with high performance while the low power consumption is ensured.
For the encryption method, the AES algorithm is a block encryption algorithm, the algorithm supports the data plaintext block length of 128 bits, the adopted key length is 128 bits, and the encryption method mainly comprises a key expansion algorithm and an encryption and decryption algorithm. The encryption and decryption algorithm module adopts a full pipeline structure, and compared with the common AES algorithm hardware structure, the encryption and decryption algorithm module has the advantages that the encryption and decryption algorithm module can continuously perform encryption and decryption operation on input data, and the encryption and decryption operation efficiency is greatly improved; the hardware architecture of the key expansion algorithm adopts a hardware structure of generating keys and matching key storage based on a pipeline structure of an asynchronous circuit, and compared with a common AES algorithm hardware circuit, the hardware architecture has the advantages that different keys can be customized for continuously encrypted and decrypted data, and the safety performance of the algorithm hardware circuit is greatly improved under the condition that the normal function of an encryption and decryption module is not affected.
How to combine the asynchronous circuit with the AED algorithm circuit, and further improve the operation efficiency without affecting the encryption function, and optimize the circuit structure of the asynchronous circuit is a problem to be solved urgently.
Disclosure of Invention
In order to solve the defects in the prior art, a large amount of continuous data in transmission is continuously encrypted and decrypted in an improved pipeline mode, the advantages of an asynchronous control circuit are utilized to realize the purposes of avoiding the problem of metastable clock state, reducing power consumption, improving the operation efficiency and the safety and providing convenience for later modularized integration while ensuring the encryption and decryption effect, the invention adopts the following technical scheme:
an AES encryption and decryption circuit based on an asynchronous circuit comprises an asynchronous control module, a key expansion and storage module and an encryption and decryption module, wherein the asynchronous control module is used for constructing a control wheel by decomposing a control channel and a data channel through a CLICK unit thereof, replacing a global clock with a local control signal, controlling each round of operation of a full pipeline of the encryption and decryption module,
each generated round of secret key is used for encryption and decryption operation. The asynchronous control module replaces the CLK clock signal and rst_n reset signal of the original synchronous circuit, the control part module is replaced by an asynchronous circuit, the key expansion and storage module, the encryption module and the decryption module are controlled and scheduled through the irregular output signal level inversion of the asynchronous circuit, the CLICK unit circuit adopts a handshake protocol of restraining binding data, the control communication channel and the transaction processing are divided into different time dynamic modes, and compared with the power consumption of clock inversion under the synchronous circuit, the regular inversion power consumption is avoided, and the power consumption of the whole algorithm circuit is further reduced; in addition, the full pipeline form can carry out continuous encryption and decryption operation on a large amount of data, so that more concise and efficient asynchronous control is realized; the speed of generating a round of round keys by key expansion is faster than the speed of encrypting a group of plaintext, so that all keys can be operated by a round of complete key expansion operation faster than the speed of encrypting the plaintext, the integral encryption and decryption speed is improved, the operation of an encryption pipeline is not influenced, and the safety performance of the algorithm module is enhanced by operating different keys by different data pairs.
Further, the encryption and decryption module comprises an encryption module and a decryption module, wherein the encryption and decryption module adopts a multi-stage pipeline form to form a plurality of single-round encryption and decryption modules with the same cycle iteration and a last-round single-round encryption and decryption module;
the multiple single-round encryption modules respectively comprise a byte substitution module, a row displacement module, a column confusion module and a round key adding module, wherein the last round single-round encryption module comprises the byte substitution module, the row displacement module and the round key adding module, the asynchronous control module is provided with corresponding CLICK unit control modules for data flow, and the round key adding module generates ciphertext based on the output of the last round single-round encryption module and the corresponding expansion subkeys thereof; in the data stream operation, a mode of module multiplexing is not adopted, a pipeline iterative architecture method is integrally adopted, the pipeline data encryption effect is realized on the overall architecture, and the control between modules of an asynchronous control circuit is matched, so that the operation efficiency is higher and the operation speed is faster compared with a common synchronous AES encryption algorithm structure;
the single-round decryption modules respectively comprise an inverse byte substitution module, a retrograde displacement module, an inverse column confusion module and a round key adding module, wherein the last-round single-round decryption module comprises the inverse byte substitution module, the retrograde displacement module and the round key adding module, the asynchronous control modules are respectively provided with corresponding CLICK unit control modules for data flow, and the round key adding module generates plaintext based on the output of the last-round single-round decryption module and the corresponding key expansion and expansion subkeys stored by the storage module; in the data flow operation, a mode of module multiplexing is not adopted, a pipeline iterative architecture method is integrally adopted, the pipeline data decryption effect is realized on the overall architecture, and the control between modules of an asynchronous control circuit is matched, so that the operation efficiency is higher and the operation speed is faster compared with a common synchronous AES encryption algorithm structure.
Further, the byte substitution module adopts pipeline processing inside to split, replace and synthesize the plaintext in sequence; the reverse byte substitution module adopts pipeline processing inside to split and substitute and synthesize ciphertext in sequence by a reverse S box; the byte substitution module and the inverse byte substitution module are used for substituting the split multiple groups of plaintext data S boxes and inverse S boxes in one level inversion through the added register group, so that the speed of data which can be input is improved, and the encryption efficiency is improved; meanwhile, the continuous input and output functions of the five-stage pipeline are realized in a pipeline mode, so that continuous operation of encryption and decryption is ensured not to be interrupted.
Further, the line displacement module converts the plaintext into a matrix to complete each line position replacement algorithm of the generated matrix; and the retrograde displacement module converts the ciphertext into a matrix to finish the retrograde operation of each row of position replacement algorithm of the generated matrix.
Further, the column confusion module converts plaintext into a matrix by using one of the arithmetic characteristics on the field GF (8) instead of the matrix, and completes an algorithm of matrix multiplication for generating the matrix; the reverse column confusion module converts the ciphertext into a matrix by using one of the arithmetic characteristics on the field GF (8) instead of the other, and completes the reverse algorithm of the matrix multiplication algorithm for generating the matrix.
Further, the round key adding module of the encryption module performs bit exclusive OR on the current block plaintext and the current expansion key; and the round key adding module of the decryption module is used for carrying out bitwise exclusive OR on the current block ciphertext and the corresponding expansion key in the current key expansion and storage module.
Further, the round key adding module in the encryption module comprises a key expansion module, so that the current expansion key is obtained after the key is subjected to byte substitution, word circulation and round constant exclusive-OR, and then the current expansion key is bitwise exclusive-OR with the current block plaintext.
In the key expansion module, the word cycle is to shift the 4 bytes in the 1 st word left by 1 byte, the round constants are exclusive-or, and the exclusive-or algorithm is carried out on the 128bit data of the result of the first two steps and the round constant Rcon [ j ].
An AES encryption and decryption method based on an asynchronous circuit comprises the following steps:
step one: acquiring configuration information, operating an encryption or decryption module based on the configuration information, receiving plaintext or ciphertext data, and receiving an initial key;
step two: judging an enabling signal;
step three: judging the encrypted or decrypted signal and executing the encryption or decryption process;
step four: if the encryption flow is executed, the encryption operation and the key expansion operation are carried out in parallel; if the decryption flow is executed, the decryption operation is entered; the control path and the data path are decomposed to construct a control wheel through asynchronous control, a local control signal is used for replacing a global clock, and each wheel operation of a full pipeline of the encryption and decryption module is controlled; storing the sub-keys obtained by each round of calculation of the key in a module iteration mode, and expanding each round of key generated by extension to be used for encryption and decryption operation;
step five: when executing a level period, based on asynchronous control, connecting the next execution module through a handshake signal, judging to execute the next operation or completing the encryption and decryption process and the key expansion process, and outputting corresponding data.
The internal encryption module and the decryption module both adopt a large number of registers to realize the structure of a production line, and the encryption and decryption operation unit is reasonably scheduled through the effective handshake control of the control module, so that the hardware architecture of the AES encryption algorithm which can realize continuous encryption, has lower power consumption and is simpler and more efficient is realized on the basis of ensuring the multiplexing realization function with the traditional state machine module.
Further, in the fourth step, when the start_i is at a high level, the encrypt_i is at a high level, the decrypt_i is at a low level, and the start_req is at a high level, the encryption process is performed including the following steps:
step 4.1.1: based on asynchronous control of the CLICK unit, a round of encryption operation is executed, and byte substitution, row displacement and column confusion are sequentially carried out on a plaintext; sequentially executing a total of eight rounds of encryption loops controlled by Click 6-Click 11, click 12-Click 17 … … Click 48-Click 53, wherein the steps executed in each round of the loops are the same as those executed in the first round;
step 4.1.2: inputting Key Start_req to be high level, performing asynchronous control based on the CLICK unit, performing one round of key expansion, obtaining a sub key corresponding to one round of encryption operation, and storing the sub key; at the same time of each round of circulation, the corresponding key expansion is synchronously executed, 9 rounds of encryption circulation controlled by Click 64-68, click 69-Click 73 … … Click 104-Click 108 are sequentially executed, and the steps executed in each round of circulation are the same as those of the first round;
step 4.1.3: performing round key addition operation based on the output of the step 4.1.1 and the corresponding subkeys thereof to obtain round ciphertext;
step 4.1.4: when the encryption operation is carried out in the last round, carrying out round key addition operation on the output of the line displacement and the sub key corresponding to the encryption operation in the last round to obtain an encrypted ciphertext; and (3) taking the clicks 54-58 as a control unit, and matching with the last round of keys generated by the clicks 104-108 to finish the last round of encryption operation and output an encrypted ciphertext.
Further, in the fourth step, when the start_i is at a high level, the decrypt_i is at a low level, and the invstart_req is at a high level, the decryption process is performed, including the following steps:
step 4.2.1: firstly, async_ctr_inv_round1 is asynchronous control based on a CLICK unit, wherein the asynchronous control comprises the steps of respectively executing one Round of decryption operation in an AES decryption algorithm by using a CLICK109 to a CLICK114, sequentially carrying out reverse displacement, reverse byte substitution and reverse column confusion on a ciphertext, and completing one Round of decryption operation by matching with a stored subkey; sequentially executing a total of eight decryption loops controlled by Click 115-Click 120, click 121-Click 126 … … Click 157-Click 162, wherein the steps executed in each loop are the same as those executed in the first loop;
step 4.2.2: when the last round of decryption operation is carried out, the output of the reverse byte substitution and the sub-key corresponding to the last round of decryption are carried out, and round key encryption operation is carried out, so that a decrypted plaintext is obtained; and taking the clicks 163-167 as a control unit, matching with the key of the last round, finishing the decryption operation of the last round, and outputting a plaintext.
The invention has the advantages that:
compared with the existing AES encryption and decryption circuit, the invention has the advantages of higher efficiency, lower power consumption and safer operation.
More efficient: firstly, in the encryption and decryption circuit using the pipeline structure, the asynchronous circuit design method adopted by the invention greatly reduces useless waiting delay in a module with smaller delay in the original pipeline structure and greatly improves the operation efficiency of the encryption and decryption algorithm; the encryption and decryption module supports continuous data plaintext, ciphertext and secret key simultaneous operation, and the encryption and decryption operation efficiency is greatly improved.
Lower power consumption: the asynchronous circuit control method adopted by the invention can be used for rapidly switching between a zero-power consumption data state and a maximum throughput state, so that unnecessary clock overturn in a plurality of synchronous circuits is reduced, and the power consumption in the process of processing algorithm data is greatly reduced.
Safer: firstly, the advantage of an event driving mode of an asynchronous circuit is that the asynchronous circuit almost irregularly turns over in level in the circuit, and for a side channel attack method of cracking encryption according to clock jump energy, the cracking difficulty of the AES encryption algorithm circuit in side channel attack is further improved; and secondly, the AES algorithm circuit can support real-time updating of the keys, and support that each group of keys can correspond to different data plaintext, so that the safety of the algorithm is further improved.
Drawings
Fig. 1 is a schematic diagram of a system hardware architecture in an embodiment of the present invention.
Fig. 2 is a schematic diagram of a plaintext encryption module according to an embodiment of the present invention.
Fig. 3 is a schematic diagram of the encryption modules from 0 to 9 rounds in the plaintext encryption module according to an embodiment of the present invention.
Fig. 4 is a schematic diagram of a round10 encryption module in a plaintext encryption module according to an embodiment of the present invention.
Fig. 5 is a schematic diagram of a ciphertext decrypting module according to an embodiment of the invention.
Fig. 6 is a schematic diagram of decryption modules from 0 to 9 rounds in the ciphertext decryption module according to an embodiment of the invention.
Fig. 7 is a schematic diagram of a ciphertext decrypting module illustrating a 10 th round of decrypting modules in an embodiment of the invention.
Fig. 8 is a flowchart of a method for implementing a hardware architecture in an embodiment of the present invention.
Detailed Description
The following describes specific embodiments of the present invention in detail with reference to the drawings. It should be understood that the detailed description and specific examples, while indicating and illustrating the invention, are not intended to limit the invention.
An AES encryption and decryption circuit based on an asynchronous circuit is shown in fig. 1, and the system architecture comprises an AES asynchronous control module, a key expansion and storage module, a plaintext encryption module and a ciphertext decryption module;
the AES asynchronous control module replaces data flow of other modules of the clock control circuit through the CLICK unit handshake module; the system specifically comprises an asynchronous encryption control module and an asynchronous decryption control module, wherein a global clock is replaced by a local control signal, so that the asynchronous encryption control module and the asynchronous decryption control module form a control wheel through a CLICK unit circuit of an event-driven network, and each round of operation of an encryption algorithm and a decryption algorithm is controlled according to operation logic, so that simpler and more efficient encryption and decryption operations of an AES full-pipeline are realized;
specifically, through improving the AES encryption hardware architecture, 128-bit original data and 128-bit key input are supported, an asynchronous control circuit formed by a CLICK unit is adopted, and an encryption and decryption module is cooperatively matched through the asynchronous control unit, so that continuous encryption and decryption operation can be carried out on a large amount of data in a full pipeline form.
And the AES asynchronous control module replaces the CLK clock signal and rst_n reset signal of the original synchronous circuit, and simultaneously, the control part module is replaced by an asynchronous circuit, and the control scheduling of the key expansion and storage module, the encryption module and the decryption module is realized through the irregular output signal level inversion of the asynchronous circuit.
The conversion of the synchronous circuit control circuit, the AES asynchronous control logic follows the design of the synchronous circuit, the state conversion among the modules is completed through the CLICK unit, the control level turnover time is uncertain and irregular under the level control of the CLICK unit, and the difficulty of side channel attack and cracking is improved, so that the safety performance of the hardware encryption algorithm is improved.
The AES asynchronous control module adopts a CLICK unit circuit, adopts a handshake protocol of restraining and binding data, decomposes the control path and the data path, divides the control communication path and the transaction processing into different time dynamic modes, has no regular turnover power consumption compared with the power consumption of clock turnover under a synchronous circuit, and further reduces the power consumption of the whole algorithm circuit.
The key expansion and storage module generates a sub-key algorithm and stores the generated sub-key for the encryption and decryption module to use; specifically, by using a design method of adding a storage module, each group of generated subkeys are correspondingly stored, and the subkeys are generated and prepared in advance, so that the overall encryption and decryption speed is improved;
specifically, the key expansion and storage module obtains 10 groups of sub keys after 10 rounds of calculation of an original key through a module iteration mode, the sub keys are input into the key storage module, the speed of generating a round of sub keys through key expansion is faster than the speed of encrypting a group of plaintext, therefore, all keys in a round of complete key expansion operation can be faster than the speed of encrypting the plaintext, the operation of an encryption pipeline is not influenced, and the safety performance of the algorithm module is enhanced through the operation of different data on different keys.
The plaintext encryption module and the ciphertext decryption module instantiate an encryption and decryption circulation unit single round each time, and the whole design can realize the continuous input and output functions of a pipeline for encrypting plaintext and decrypting ciphertext; the plaintext encryption module mobilizes the encryption module to carry out 10 rounds of AES encryption on the plaintext; the ciphertext decrypting module mobilizes the decrypting module to conduct 10 rounds of AES decryption on the plaintext.
The byte conversion unit and the inverse byte conversion unit in the plaintext encryption module and the ciphertext decryption module are added with registers, and the 16 groups of 8bit data S boxes are replaced in one level inversion through the register groups, so that the operation efficiency is improved, and meanwhile, the module also realizes the continuous input and output functions of a five-stage pipeline in a pipeline mode, so that the continuous operation of encryption and decryption is ensured not to be interrupted.
As shown in fig. 2 and 3, the plaintext encryption module adopts a ten-stage pipeline form, wherein Round1 to Round9 in the module are aes_singlerund modules in the same loop iteration, and Round10 is the last Round of encryption aes_lastround module;
the AES_SingleRound module consists of a SubBytes byte substitution module, a ShiftRows displacement module, a mixcolumn confusion module and an AddRoundKey round key adding module;
the AES_LastRound module consists of a SubBytes byte substitution module, a ShiftRows displacement module and an AddRoundKey round key adding module.
The round key adding module is called, and the 9 rounds of AES_SingleRound modules and the round of AES_LastRound modules are used for realizing integral encryption operation. In the data stream operation, a module multiplexing mode is not adopted, a pipeline iterative architecture method is integrally adopted, the pipeline data encryption effect is realized on the overall architecture, and the control between modules of an asynchronous control circuit is matched, so that the operation efficiency is higher and the operation speed is faster compared with a common synchronous AES encryption algorithm structure.
As shown in fig. 3, the encryption modules from 0 to 9 in the plaintext encryption module comprise a byte substitution module, a row displacement module, a column confusion module, and a round key addition module:
the modules adopt a module iterative architecture method, and data flow among the modules is controlled by an asynchronous control module;
the byte substitution module adopts a pipeline processing method in the same way, and the speed of data which can be input is further improved and the encryption efficiency is improved by adopting an asynchronous circuit control module method;
the row displacement module converts the plaintext into a matrix to complete each row position replacement algorithm of the generated matrix;
the column confusion module is used for converting the plaintext into a matrix by using one substitution of the arithmetic characteristics on the field GF (8) to finish an algorithm of matrix multiplication for generating the matrix;
the round key adding module is used for carrying out bitwise exclusive OR on the current block plaintext and the current expansion key;
the method comprises a key expansion part module, wherein the key is subjected to byte substitution, word circulation and round constant exclusive OR algorithm steps at a time:
wherein the word cycle shifts the 4 byte cycle left by 1 byte in the 1 st word;
performing exclusive OR on the round constants, namely performing exclusive OR algorithm on the 128bit data of the result of the previous two steps and the round constants Rcon [ j ]; and finally, inputting the obtained algorithm result into an encryption module to cooperate with round key addition operation.
As shown in fig. 4, the encryption module of the 10 th round in the plaintext encryption module is shown schematically:
compared with the encryption module of the previous 9 rounds, the encryption module of the 10 th round has the advantages that a column confusion module is reduced, the overall structure is the same as that of the encryption module of the previous nine rounds, a module iteration architecture method is adopted, the encryption key is matched for generating and inputting, the data flow among the modules is controlled through an asynchronous control module, and the final ciphertext output is completed.
As shown in fig. 5 and 6, the decryption module does not adopt multiplexing of the encryption module, and also adopts a pipeline architecture mode to re-build the aes_inv_singlerund module and the aes_inv_lastround module;
the AES_inv_SingleRound module consists of a subbytes_inv reverse byte substitution module, a shiftrows_inv reverse displacement module, a mixcolumn_inv reverse column confusion module and an AddRoundKey wheel key adding module;
the AES_inv_LastRound module consists of a subbytes_inv reverse byte substitution module, a shiftrows_inv reverse displacement module and an AddRoundKey round key adding module.
The round key adding module, the 9 rounds of AES_inv_SingleRound module and the round AES_inv_LastRound module are called to realize the integral decryption operation. In the data flow operation, a mode of module multiplexing is not adopted, a pipeline iterative architecture method is integrally adopted, the pipeline data decryption effect is realized on the overall architecture, and the control between modules of an asynchronous control circuit is matched, so that the operation efficiency is higher and the operation speed is faster compared with a common synchronous AES encryption algorithm structure.
As shown in fig. 6, the decryption modules 0 to 9 in the ciphertext decryption module include an inverse byte substitution module, an inverse displacement module, an inverse confusion module, and a round key encryption module:
the modules adopt a module iterative architecture method, and data flow among the modules is controlled by an asynchronous control module;
the reverse byte substitution module adopts a pipeline processing method in the interior, and the reverse byte substitution module is used for substituting corresponding plaintext data through an asynchronous circuit control module method and a reverse S box;
the reverse displacement module converts the ciphertext into a matrix to finish the reverse operation of each row of position replacement algorithm of the generated matrix;
the reverse column confusion module converts the ciphertext into a matrix by using one of the arithmetic characteristics on the field GF (8) instead of the other, and completes the reverse algorithm of the matrix multiplication algorithm for generating the matrix;
the round key adding module is used for carrying out bit exclusive OR on the current grouping ciphertext and the corresponding expansion key in the current key storage module;
as shown in fig. 7, the ciphertext decrypting module shows a schematic diagram of the 10 th round decrypting module;
compared with the previous 9 rounds of decryption modules, the 10 th round of decryption module reduces an inverse confusion module, has the same overall structure as the previous nine rounds of decryption modules, adopts a module iteration architecture method, corresponds to key input, controls data flow among the modules through an asynchronous control module, and completes final plaintext output.
As shown in fig. 8, a hardware architecture implementation of an AES encryption and decryption method based on an asynchronous circuit includes the following specific steps:
step one: the system module receives configuration information, determines whether to operate the module, operates an encryption or decryption module, receives plaintext or ciphertext data, and receives an initial key;
step two: judging an enabling signal by the coprocessor and running the coprocessor module;
step three: judging the encryption and decryption signals by the coprocessor, and judging and executing an encryption or decryption algorithm;
step four: if the encryption flow is judged to be executed, the encryption algorithm operation and the key expansion operation are carried out in parallel; if the decryption flow is judged to be executed, the decryption algorithm operation is entered;
specifically, the encryption flow of the invention: when start_i is high, encrypt_i is high, decrypt_i is low, and start_req is high, the encryption flow is performed as follows:
step 4.1.1: firstly, async_ctr_round1, wherein the steps of executing one Round of encryption algorithm in an AES encryption algorithm respectively from Click0 to Click5 are byte substitution, row displacement and column confusion modules respectively, so as to complete one Round of encryption operation; sequentially executing a total of eight rounds of encryption loops controlled by Click 6-Click 11, click 12-Click 17 … … Click 48-Click 53, wherein the steps executed in each round of the loops are the same as those executed in the first round;
step 4.1.2: meanwhile, the input KeyStart_Req is high level, and 5 different steps in the key expansion round need to be executed in sequence from Click59 to Click63, and sub-keys needed in the first round of encryption operation are output; at the same time of each round of circulation, the corresponding key expansion is synchronously executed, 9 rounds of encryption circulation controlled by Click 64-68, click 69-Click 73 … … Click 104-Click 108 are sequentially executed, and the steps executed in each round of circulation are the same as those of the first round;
step 4.1.3: performing round key addition operation based on the output of the step 4.1.1 and the corresponding subkeys thereof to obtain round ciphertext;
step 4.1.4: and finally, executing the last round of encryption in the encryption loops, taking the clicks 54-58 as a control unit, and matching with the last round of keys generated by the clicks 104-108 to finish the last round of encryption operation and output the encrypted ciphertext.
Specifically, the decryption process of the invention comprises the following steps: when start_i is high, decrypt_i is low, and invstart_req is high, the decryption flow is performed as follows:
step 4.2.1: firstly, async_ctr_inv_round1, wherein the steps of performing a Round of decryption algorithm in an AES decryption algorithm respectively include a step of performing a Round of decryption operation respectively for a reverse shift, a reverse byte substitution, and a reverse column confusion module respectively, and completing a Round of decryption operation by matching with a sub-key stored previously; sequentially executing a total of eight decryption loops controlled by Click 115-Click 120, click 121-Click 126 … … Click 157-Click 162, wherein the steps executed in each loop are the same as those executed in the first loop;
step 4.2.2: and finally, executing the last round of decryption loop, taking the clicks 163-167 as a control unit, matching with the last round of key, completing the last round of decryption operation, and outputting a plaintext.
Step five: when executing a level period, the asynchronous control circuit module is connected with the next execution module through a handshake signal, and judges to execute the next algorithm operation or complete the encryption and decryption algorithm flow and the key expansion flow to output corresponding data.
The internal encryption module and the decryption module both adopt a large number of registers to realize the structure of a production line, and the encryption and decryption operation unit is reasonably scheduled through the effective handshake control of the control module, so that the hardware architecture of the AES encryption algorithm which can realize continuous encryption, has lower power consumption and is simpler and more efficient is realized on the basis of ensuring the multiplexing realization function with the traditional state machine module.
The above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced with equivalents; such modifications and substitutions do not depart from the spirit of the technical solutions according to the embodiments of the present invention.

Claims (10)

1. An AES encryption and decryption circuit based on an asynchronous circuit comprises an asynchronous control module, a key expansion and storage module and an encryption and decryption module, and is characterized in that: the asynchronous control module is used for constructing a control wheel by decomposing a control channel and a data channel through the CLICK unit, replacing a global clock with a local control signal, controlling each round of operation of a full pipeline of the encryption and decryption module, and storing sub-keys obtained by calculating the keys in each round through a key expansion and storage module in a module iteration mode, wherein each round of key generated by expansion is used for encryption and decryption operation.
2. The AES encryption/decryption circuit based on asynchronous circuits according to claim 1, wherein: the encryption and decryption module comprises an encryption module and a decryption module, wherein the encryption and decryption module adopts a multi-stage pipeline form to form a plurality of single-round encryption and decryption modules with the same cycle iteration and a last-round single-round encryption and decryption module;
the multiple single-round encryption modules respectively comprise a byte substitution module, a row displacement module, a column confusion module and a round key adding module, wherein the last round single-round encryption module comprises the byte substitution module, the row displacement module and the round key adding module, the asynchronous control module is provided with corresponding CLICK unit control modules for data flow, and the round key adding module generates ciphertext based on the output of the last round single-round encryption module and the corresponding expansion subkeys thereof;
the single round decryption modules respectively comprise an inverse byte substitution module, an inverse displacement module, an inverse column confusion module and a round key adding module, the last round single round decryption module comprises an inverse byte substitution module, an inverse displacement module and a round key adding module, the asynchronous control modules are all provided with corresponding CLICK unit control modules for data flow, and the round key adding module generates plaintext based on the output of the last round single round decryption module and the corresponding key expansion and expansion subkeys stored by the storage module.
3. The AES encryption/decryption circuit based on asynchronous circuits according to claim 2, wherein: the byte substitution module adopts pipeline processing inside to split, replace and synthesize the plaintext in sequence; the reverse byte substitution module adopts pipeline processing inside to split and substitute and synthesize ciphertext in sequence by a reverse S box; the byte substitution module and the inverse byte substitution module are used for substituting the split multiple groups of plaintext data S boxes and inverse S boxes in one level inversion through the added register set.
4. The AES encryption/decryption circuit based on asynchronous circuits according to claim 2, wherein: the row displacement module converts the plaintext into a matrix to complete each row position replacement algorithm of the generated matrix; and the retrograde displacement module converts the ciphertext into a matrix to finish the retrograde operation of each row of position replacement algorithm of the generated matrix.
5. The AES encryption/decryption circuit based on asynchronous circuits according to claim 2, wherein: the column confusion module converts plaintext into a matrix by utilizing the substitution of the arithmetic characteristic on the field GF, and completes the algorithm of matrix multiplication of the generated matrix; the reverse column confusion module converts the ciphertext into a matrix by utilizing the substitution of the arithmetic characteristic on the field GF, and completes the reverse algorithm of the matrix multiplication algorithm for generating the matrix.
6. The AES encryption/decryption circuit based on asynchronous circuits according to claim 2, wherein: the round key adding module of the encryption module performs bit exclusive OR on the current block plaintext and the current expansion key; and the round key adding module of the decryption module is used for carrying out bitwise exclusive OR on the current block ciphertext and the corresponding expansion key in the current key expansion and storage module.
7. The AES encryption/decryption circuit based on asynchronous circuits according to claim 6, wherein: the round key adding module in the encryption module comprises a key expansion module, so that the current expansion key is obtained after the key is subjected to byte substitution, word circulation and round constant exclusive-OR, and then the current expansion key is subjected to bit exclusive-OR with the current block plaintext.
8. An AES encryption and decryption method based on an asynchronous circuit is characterized by comprising the following steps:
step one: acquiring configuration information, operating an encryption or decryption module based on the configuration information, receiving plaintext or ciphertext data, and receiving an initial key;
step two: judging an enabling signal;
step three: judging the encrypted or decrypted signal and executing the encryption or decryption process;
step four: if the encryption flow is executed, the encryption operation and the key expansion operation are carried out in parallel; if the decryption flow is executed, the decryption operation is entered; the control path and the data path are decomposed to construct a control wheel through asynchronous control, a local control signal is used for replacing a global clock, and each wheel operation of a full pipeline of the encryption and decryption module is controlled; storing the sub-keys obtained by each round of calculation of the key in a module iteration mode, and expanding each round of key generated by extension to be used for encryption and decryption operation;
step five: when executing a level period, based on asynchronous control, connecting the next execution module through a handshake signal, judging to execute the next operation or completing the encryption and decryption process and the key expansion process, and outputting corresponding data.
9. The AES encryption and decryption method based on asynchronous circuits according to claim 8, wherein: in the fourth step, the encryption process is executed, including the following steps:
step 4.1.1: based on asynchronous control of the CLICK unit, a round of encryption operation is executed, and byte substitution, row displacement and column confusion are sequentially carried out on a plaintext;
step 4.1.2: asynchronous control is carried out based on the CLICK unit, a round of key expansion is carried out, and a round of sub-keys corresponding to encryption operation are obtained and stored;
step 4.1.3: performing round key addition operation based on the output of the step 4.1.1 and the corresponding subkeys thereof to obtain round ciphertext;
step 4.1.4: and in the last round of encryption operation, performing round key addition operation on the output of the line displacement and the sub-key corresponding to the last round of encryption to obtain the encrypted ciphertext.
10. The AES encryption and decryption method based on asynchronous circuits according to claim 8, wherein: in the fourth step, the decryption process includes the following steps:
step 4.2.1: based on asynchronous control of the CLICK unit, a round of decryption operation is executed, reverse displacement, reverse byte substitution and reverse column confusion are sequentially carried out on the ciphertext, and a round of decryption operation is completed by matching with the stored subkey;
step 4.2.2: and in the last round of decryption operation, performing round key encryption operation on the output of the inverse byte substitution and the sub key corresponding to the last round of decryption to obtain a decrypted plaintext.
CN202311137555.6A 2023-09-05 2023-09-05 Encryption and decryption method and circuit based on asynchronous circuit Pending CN117240430A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311137555.6A CN117240430A (en) 2023-09-05 2023-09-05 Encryption and decryption method and circuit based on asynchronous circuit

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311137555.6A CN117240430A (en) 2023-09-05 2023-09-05 Encryption and decryption method and circuit based on asynchronous circuit

Publications (1)

Publication Number Publication Date
CN117240430A true CN117240430A (en) 2023-12-15

Family

ID=89088919

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311137555.6A Pending CN117240430A (en) 2023-09-05 2023-09-05 Encryption and decryption method and circuit based on asynchronous circuit

Country Status (1)

Country Link
CN (1) CN117240430A (en)

Similar Documents

Publication Publication Date Title
US7688974B2 (en) Rijndael block cipher apparatus and encryption/decryption method thereof
KR101047265B1 (en) AES encryption / decryption circuit
Rodriguez-Henriquez et al. 4.2 Gbits/sec Single-Chip FPGA Implementation of the AES Algorithm.
US8625781B2 (en) Encrypton processor
US9418245B2 (en) Encryption processing device, encryption processing method, and program
JP3824121B2 (en) Method and apparatus for decrypting encrypted data
Mohurle et al. Review on realization of AES encryption and decryption with power and area optimization
JP5197258B2 (en) Cryptographic processing circuit
CN104219045A (en) RC4 (Rivest cipher 4) stream cipher generator
Manoj Kumar et al. Implementation of a High-Speed and High-Throughput Advanced Encryption Standard.
CN103427981A (en) Encryption and decryption achieving method and device
CN112564890A (en) Method and device for accelerating SM4 algorithm, processor and electronic equipment
CN112134686A (en) AES hardware implementation method based on reconfigurable computing, computer equipment and readable storage medium for operating AES hardware implementation method
CN117240430A (en) Encryption and decryption method and circuit based on asynchronous circuit
Rashidi et al. FPGA based a new low power and self-timed AES 128-bit encryption algorithm for encryption audio signal
JP4395527B2 (en) Information processing device
CN111262685B (en) Novel method and device for realizing Shield block cipher generated by secret key and readable storage medium
Daoud et al. High-level synthesis optimization of aes-128/192/256 encryption algorithms
EP1629626B1 (en) Method and apparatus for a low memory hardware implementation of the key expansion function
CN103888937B (en) A kind of low overhead suitable for wireless sensor network AES encryption quickly takes turns encryption device and method
CN108763982B (en) DES encryption and decryption device suitable for RFID reader
CN106788968A (en) It is applied to the implementation method of the security coprocessor of WIA-PA agreements
KR102348802B1 (en) AES encryption and decryption circuit
Bu et al. ’A Compact Implementation of SM4 Encryption and Decryption Circuit’
Pyrgas et al. An 8-bit compact architecture of lesamnta-LW Hash function for constrained devices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination