CN105472602A - Encryption device and encryption method - Google Patents

Encryption device and encryption method Download PDF

Info

Publication number
CN105472602A
CN105472602A CN201410413320.XA CN201410413320A CN105472602A CN 105472602 A CN105472602 A CN 105472602A CN 201410413320 A CN201410413320 A CN 201410413320A CN 105472602 A CN105472602 A CN 105472602A
Authority
CN
China
Prior art keywords
data
parameter
encryption
processing module
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410413320.XA
Other languages
Chinese (zh)
Inventor
万贤明
冯奎景
周阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen ZTE Microelectronics Technology Co Ltd
Original Assignee
Shenzhen ZTE Microelectronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen ZTE Microelectronics Technology Co Ltd filed Critical Shenzhen ZTE Microelectronics Technology Co Ltd
Priority to CN201410413320.XA priority Critical patent/CN105472602A/en
Priority to PCT/CN2015/074127 priority patent/WO2016026287A1/en
Publication of CN105472602A publication Critical patent/CN105472602A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses an encryption device and an encryption method. The encryption method comprises steps: first parameters are acquired, wherein the first parameters comprise a secret key, encryption parameters, a source address, a destination address and a data length; according to the secret key and the encryption parameters in the first parameters, a secret key stream is generated; and to-be-encrypted data are read, the to-be-encrypted data and the secret key stream are processed according to a first encryption mode, encryption data are acquired, and the encryption data are outputted.

Description

A kind of encryption device and encryption method
Technical field
The present invention relates to wireless communication technology, be specifically related to a kind of encryption device and method.
Background technology
Wireless communication system is just being widely used in various types of communications such as voice, video, data, to transmitted data carry out integrality calculate be a kind of protected data safely, prevent unauthorized effective means of distorting.
In Long Term Evolution (LTE, LongTermEvolution) communication system, be the transfer of data of satisfied high speed, safety, occurred EIA3 integral algorithm.
EIA3 integral algorithm is one of Zu Chongzhi set of algorithms; Zu Chongzhi set of algorithms is by the encryption of Chinese scholar's autonomous Design and integral algorithm, comprises Zu Chongzhi (ZUC) algorithm, cryptographic algorithm 128-EEA3 and integral algorithm 128-EIA3.This cover set of algorithms has been recognized as the international encryption of the 3rd cover of LTE radio communication and the algorithm of integrity criteria.
But, in prior art, only propose algorithm principle and software simulating; And in the LTE communication system of practical application, message transmission rate is very high, and the computational process being produced key stream by ZUC algorithm is very complicated, and needs data to read from memory, by the key stream that produces and after data carry out integrality calculating, then by data stored in memory; Whole process only cannot realize processing demands with software.And at present a kind of hardware system can supporting ZUC algorithm for encryption is not yet proposed.
Summary of the invention
For solving the technical problem of existing existence, the embodiment of the present invention provides a kind of encryption device and method, can solve and be encrypted by ZUC algorithm the problem supported without hardware system.
For achieving the above object, the technical scheme of the embodiment of the present invention is achieved in that
Embodiments provide a kind of encryption device, described encryption device comprises: data memory module, key stream processing module and encryption processing module; Wherein,
Described data memory module, for obtaining the first parameter, when meeting first and being pre-conditioned, is sent to described key stream processing module by the key in described first parameter and encryption parameter; Described first parameter comprises: key, encryption parameter, source address, destination address and data length; Also for reading in data to be encrypted according to the source address in described first parameter and data length, described data to be encrypted are sent to described encryption processing module; Also for receiving the enciphered data that described encryption processing module sends according to the destination address in described first parameter and data length, export described enciphered data;
Described key stream processing module, for receiving key in described first parameter that described data memory module sends and encryption parameter, generating key stream according to described key and encryption parameter, described key stream is sent to described encryption processing module;
Described encryption processing module, for the described key stream that the data described to be encrypted and described key stream processing module that receive the transmission of described data memory module send, described data to be encrypted and described key stream are processed by the first cipher mode, obtain enciphered data, described enciphered data is sent to described data memory module.
In such scheme, described data memory module comprises: bus is from processing module, finite state machine (FSM, FiniteStateMachine) control module, bus main processing block; Wherein,
Described first parameter, from processing module, for obtaining the first parameter, is sent to described FSM control module by described bus; Described first parameter comprises: key, encryption parameter, source address, destination address and data length information;
Described FSM control module, for the first parameter sent from processing module according to described bus, when meeting first and being pre-conditioned, described key and encryption parameter are sent to described key stream processing module, described source address, destination address and data length information are sent to described bus main processing block;
Described bus main processing block, for the described source address that sends according to described FSM control module and data length information, reads in data to be encrypted, described data to be encrypted is sent to described encryption processing module; Also for the described destination address that sends according to described FSM control module and data length information, receive the enciphered data that described encryption processing module sends, export described enciphered data.
In such scheme, described bus main processing block comprises: the first cache module and the second cache module; Wherein,
Described first cache module, for the described source address that sends according to described FSM control module and data length information, reads in data to be encrypted, and when meeting second and being pre-conditioned, described data to be encrypted is sent to described encryption processing module;
Described second cache module, for the described destination address that sends according to described FSM control module and data length information, receives the enciphered data that described encryption processing module sends, and exports described enciphered data when meeting the 3rd and being pre-conditioned.
In such scheme, the interface that described bus main processing block adopts includes but not limited to AXI main interface or AHB main interface.
In such scheme, from the interface that processing module adopts, described bus includes but not limited to that AXI is from interface or AHB from interface.
In such scheme, described key stream processing module, for according to described key and encryption parameter parallel generation multichannel key stream.
The embodiment of the present invention additionally provides a kind of encryption method, and described method comprises:
Obtain the first parameter; Described first parameter comprises: key, encryption parameter, source address, destination address and data length;
Key stream is generated according to the key in described first parameter and encryption parameter;
Read in data to be encrypted, described data to be encrypted and described key stream are processed by the first cipher mode, obtain enciphered data, export described enciphered data.
In such scheme, described according to the key in described first parameter and encryption parameter generation key stream, comprising: according to the key in described first parameter and encryption parameter parallel generation multichannel key stream.
In such scheme, described acquisition first parameter, comprising: the AXI main interface that employing includes but not limited to or AHB main interface obtain the first parameter.
In such scheme, described in read in data to be encrypted, comprising: adopt the AXI main interface that includes but not limited to or AHB main interface to read in data to be encrypted;
Accordingly, the described enciphered data of described output, comprising: the AXI main interface that employing includes but not limited to or AHB main interface export described enciphered data.
The encryption device that the embodiment of the present invention provides and method, described encryption device comprises: data memory module, key stream processing module and encryption processing module; Described data memory module, for obtaining the first parameter, when meeting first and being pre-conditioned, is sent to described key stream processing module by the key in described first parameter and encryption parameter; Described first parameter comprises: key, encryption parameter, source address, destination address and data length; Also for reading in data to be encrypted according to the source address in described first parameter and data length, described data to be encrypted are sent to described encryption processing module; Also for receiving the enciphered data that described encryption processing module sends according to the destination address in described first parameter and data length, export described enciphered data; Described key stream processing module, for receiving key in described first parameter that described data memory module sends and encryption parameter, generating key stream according to described key and encryption parameter, described key stream is sent to described encryption processing module; Described encryption processing module, for the described key stream that the data described to be encrypted and described key stream processing module that receive the transmission of described data memory module send, described data to be encrypted and described key stream are processed by the first cipher mode, obtain enciphered data, described enciphered data is sent to described data memory module.Adopt the technical scheme of the embodiment of the present invention, propose a kind of hardware system be encrypted by ZUC algorithm, solve the problem that in prior art, ZUC algorithm is supported without hardware system; And, the technical scheme that the embodiment of the present invention provides achieves to be carried out at a high speed data, processes efficiently, solves original ZUC algorithm process inefficiency, is unsuitable for the problem that hardware system realizes, reduce power consumption as much as possible simultaneously, greatly improve data processing speed.
Accompanying drawing explanation
Fig. 1 is the first composition structural representation of the encryption device of the embodiment of the present invention;
Fig. 2 is the second composition structural representation of the encryption device of the embodiment of the present invention;
Fig. 3 is the logical schematic of the initialization procedure in the embodiment of the present invention in key stream generative process;
Fig. 4 is the logical schematic of key stream generative process in the embodiment of the present invention;
Fig. 5 is the schematic flow sheet of the encryption method of the embodiment of the present invention.
Embodiment
Below in conjunction with drawings and the specific embodiments, the present invention is further detailed explanation.
Embodiments provide a kind of encryption device; Fig. 1 is the first composition structural representation of the encryption device of the embodiment of the present invention; As shown in Figure 1, described encryption device comprises: data memory module 11, key stream processing module 12 and encryption processing module 13; Wherein,
Described data memory module 11, for obtaining the first parameter, when meeting first and being pre-conditioned, is sent to described key stream processing module 12 by the key in described first parameter and encryption parameter; Described first parameter comprises: key, encryption parameter, source address, destination address and data length; Also for reading in data to be encrypted according to the source address in described first parameter and data length, described data to be encrypted are sent to described encryption processing module 13; Also for receiving the enciphered data that described encryption processing module 13 sends according to the destination address in described first parameter and data length, export described enciphered data;
Described key stream processing module 12, for receiving key in described first parameter that described data memory module 11 sends and encryption parameter, generating key stream according to described key and encryption parameter, described key stream is sent to described encryption processing module 13;
Described encryption processing module 13, for the described key stream that the data described to be encrypted and described key stream processing module 12 that receive the transmission of described data memory module 11 send, described data to be encrypted and described key stream are processed by the first cipher mode, obtain enciphered data, described enciphered data is sent to described data memory module 11.
Fig. 2 is the second composition structural representation of the encryption device of the embodiment of the present invention; As shown in Figure 2, concrete, described data memory module comprises: bus is from processing module 111, FSM control module 112, bus main processing block 113; Wherein,
Described first parameter, from processing module 111, for obtaining the first parameter, is sent to described FSM control module 112 by described bus; Described first parameter comprises: key, encryption parameter, source address, destination address and data length information;
Described FSM control module 112, for the first parameter sent from processing module 111 according to described bus, when meeting first and being pre-conditioned, described key and encryption parameter are sent to described key stream processing module 12, described source address, destination address and data length information are sent to described bus main processing block 113;
Described bus main processing block 113, for the described source address that sends according to described FSM control module 112 and data length information, reads in data to be encrypted, described data to be encrypted is sent to described encryption processing module 13; Also for the described destination address that sends according to described FSM control module 112 and data length information, receive the enciphered data that described encryption processing module 13 sends, export described enciphered data.
Encryption device shown in composition graphs 1 and Fig. 2, concrete, described bus is the interface modules controlling side from processing module 111, for obtaining for the various parameters needed for encryption, in the present embodiment, described parameter is the first parameter, specifically comprises: key, encryption parameter, source address, destination address and data length information; Wherein, described source address is the buffer address that described data memory module 11 reads in data to be encrypted; Described destination address is the buffer address of the enciphered data that described data memory module 11 receives.Preferably, from the interface that processing module 111 adopts, described bus includes but not limited to that AXI is from interface or AHB from interface.
Described FSM control module 112 is control centres of described encryption device; In actual applications, each processing module (specifically comprising: bus main processing block 113, key stream processing module 12, encryption processing module 13) in described encryption device arranges timer clock, and when the timer clock of above-mentioned each processing module is opened, determine that above-mentioned processing module is in mode of operation, namely meet described first pre-conditioned; Now, described key and encryption parameter are sent to described key stream processing module 12 by described FSM control module 112, generate key stream to make described key stream processing module 12 according to described key and described encryption parameter; Described source address, destination address and data length information are sent to described bus main processing block 113, read in data to be encrypted to make described bus main processing block 113 start from external memory storage;
Concrete, described bus main processing block 113 comprises: the first cache module and the second cache module; Wherein,
Described first cache module, for the described source address that sends according to described FSM control module 112 and data length information, reads in data to be encrypted, and when meeting second and being pre-conditioned, described data to be encrypted is sent to described encryption processing module 13;
Described second cache module, for the described destination address that sends according to described FSM control module 112 and data length information, receives the enciphered data that described encryption processing module 13 sends, and exports described enciphered data when meeting the 3rd and being pre-conditioned.
Concrete, described bus main processing block 113 starts and reads in data to be encrypted from external memory storage, the described source address sent according to described FSM control module 112 and data length information, by described first cache module of described data to be encrypted write, when described first cache module is not write completely or described data to be encrypted are not all read in, described data to be encrypted are read in from external memory storage with regard to continuous, until described first cache module is write completely or described data to be encrypted are all read in, then in the present embodiment, described second pre-conditioned for described data to be encrypted all read in or described first cache module writes full time, described data to be encrypted are sent to described encryption processing module 13, described bus main processing block 113 is also according to described destination address and the data length information of described FSM control module 112 transmission, by described second cache module of described enciphered data write, when described second cache module is not write completely or described enciphered data is not all read in, continue the described enciphered data of write, until described second cache module is write completely or described enciphered data all writes, then in the present embodiment, described 3rd pre-conditioned for described enciphered data all write or described second cache module writes full time, export described enciphered data to external memory storage.
Concrete, in the present embodiment, the interface that described bus main processing block 113 adopts includes but not limited to AXI main interface or AHB main interface; Concrete, described bus main processing block 113 can adopt the AXImaster interface of AMBA3.0, is convenient to the read-write operation of data, greatly improves the speed that data store.
Described key stream processing module 12, generates key stream specifically for the described secret key that sends according to described FSM control module 112 and encryption parameter.Concrete, the process generating secret key stream is divided into initial phase and key stream to produce stage two parts.Fig. 3 is the logical schematic of the initialization procedure in the embodiment of the present invention in key stream generative process; Fig. 4 is the logical schematic of key stream generative process in the embodiment of the present invention; As shown in Figure 3 and Figure 4, described key stream processing module 12 is made up of three logical levels: top layer is the linear feedback shift register (LFSR) 31 of 16 grades, intermediate layer is bit recombination (BR) 32, and bottom is nonlinear function (F) layer 33.Wherein, described LFSR31 is by S 0~ S 15deng 16 31 bit register compositions; Described BR32 extracts 128 compositions, 4 32 bits (bit) word (X from the register of described LFSR31 0, X 1, X 2and X 3), first three 32bit word X 0~ X 2for described F layer 33, the last character X 3for generation of key stream; Wherein, described F layer 33 is by 2 32 bit register R 1and R 2composition, output is 32 word W.
The process producing key stream is divided into two parts, is first initial phase, and as shown in Figure 3, the described key (KEY) utilizing described FSM control module 112 to send, described encryption parameter and constant string D are through the register S of certain conversion write LFSR 0~ S 15, wherein, described encryption parameter comprises: COUNT, BEARER, DIRECTION; Described register R 1and R 2be initialized as 0, and the output W of described F layer 33 feeds back to described LFSR31 after being shifted.Following process repetitive cycling performs 32 times: by register S 15a high position (30th ~ 15) and register S 14low level (15th ~ 0) reassemble into X 0, by register S 11low level and register S 9a high position reassemble into X 1, by register S 7low level and register S 5a high position reassemble into X 2, by register S 2low level and register S 0a high position reassemble into X 3; Described F layer 33 is to the X from described BR32 1with register R 1carry out mould 32 to add and be assigned to W 1, to the X from described BR32 2with register R 2carry out XOR and be assigned to W 2; By W 1low level and W 2a high position restructuring after first carry out L 1carry out the conversion of S box after linear transformation and be assigned to register R 1, by W 2low level and W 1a high position restructuring after first carry out L 2carry out the conversion of S box after linear transformation and be assigned to register R 2; By X 0with R 1after XOR again with R 2carry out mould 32 to add and be assigned to W, W is moved to right after 1 and deliver to described LFSR31 to register S 0, by register S 0ring shift left 8, by register S 4ring shift left 20, by register S 10ring shift left 21, by register S 13ring shift left 17, by register S 15ring shift left 15 is added rear mold (2 31-1) register S is assigned to 16, by register S 16be assigned to register S 15, by register S 15be assigned to register S 14, by that analogy, until register S 1be assigned to register S 0, complete and once circulate.
After initial phase completes, start to generate key stream.As shown in Figure 4.By register S 15a high position (30 ~ 15) and register S 14low level (15 ~ 0) reassemble into X 0, by register S 11low level and register S 9a high position reassemble into X 1, by register S 7low level and register S 5a high position reassemble into X 2, by register S 2low level and register S 0a high position reassemble into X 3; Described F layer 33 is to the X from described BR32 1with register R 1carry out mould 32 to add and be assigned to W 1, to the X from described BR32 2with register R 2carry out XOR and be assigned to W 2; By W 1low level and W 2a high position restructuring after first carry out L 1carry out the conversion of S box after linear transformation and be assigned to register R 1, by W 2low level and W 1a high position restructuring after first carry out L 2carry out the conversion of S box after linear transformation and be assigned to register R 2; By X 0with register R 1after XOR again with register R 2carry out mould 32 to add and be assigned to W, abandon this value; Simultaneously by register S 0ring shift left 8, by register S 4ring shift left 20, by register S 10ring shift left 21, by register S 13ring shift left 17, by register S 15ring shift left 15 is added rear mold (2 31-1) register S is assigned to 16, by register S 16be assigned to register S 15, by register S 15be assigned to register S 14, by that analogy, until by register S 1be assigned to register S 0.Repeat following steps, constantly to produce secret key stream: by register S 15a high position (30 ~ 15) and register S 14low level (15 ~ 0) reassemble into X 0, by register S 11low level and register S 9a high position reassemble into X 1, by register S 7low level and register S 5a high position reassemble into X 2, by register S 2low level and register S 0a high position reassemble into X 3; Described F layer 33 is to the X from described BR32 1with register R 1carry out mould 32 to add and be assigned to W 1, to the X from described BR32 2with register R 2carry out XOR and be assigned to W 2; By W 1low level and W 2a high position restructuring after first carry out L 1carry out the conversion of S box after linear transformation and be assigned to register R 1, by W 2low level and W 1a high position restructuring after first carry out L 2carry out the conversion of S box after linear transformation and be assigned to register R 2; By X 0with register R 1after XOR again with register R 2carry out mould 32 to add and be assigned to W, by W and X 3xOR produces secret key stream; Simultaneously by register S 0ring shift left 8, by register S 4ring shift left 20, by register S 10ring shift left 21, by register S 13ring shift left 17, by register S 15ring shift left 15 is added rear mold (2 31-1) register S is assigned to 16, by register S 16be assigned to register S 15, by register S 15be assigned to register S 14, by that analogy, until by register S 1be assigned to register S 0.
In embodiments of the present invention, described key stream processing module 12, for according to described key and encryption parameter parallel generation multichannel key stream.
Be described in further detail with the generation of instantiation to the key stream in the embodiment of the present invention below.
First initial phase is carried out.Concrete, be 16 register S0 ~ S15 initialization of LFSR, the initial value of described 16 registers is preset as following 16 character word strings, as follows:
If D is the constant string of 240bit, is made up of the character substring of 16 15bit, comprises: d0, d1 to d15; 16 substrings of the setting in the present embodiment are only a preferred embodiment, in concrete practical application, can arrange voluntarily by actual conditions;
Then D=d0||d1|| ... || d15;
Wherein,
d0=1000100110101112;
d1=0100110101111002;
d2=1100010011010112;
d3=0010011010111102;
d4=1010111100010012;
d5=0110101111000102;
d6=1110001001101012;
d7=0001001101011112;
d8=1001101011110002;
d9=0101111000100112;
d10=1101011110001002;
d11=0011010111100012;
d12=1011110001001102;
d13=0111100010011012;
d14=1111000100110102;
d15=1000111101011002。
When 0≤i≤15, S i=k i|| di||iv i; Wherein, k iand iv ibe intermediate parameters, in units of byte.
Wherein, IV [0]=COUNT [0];
IV[1]=COUNT[1];
IV[2]=COUNT[2];
IV[3]=COUNT[3];
IV[4]=BEARER||000 2
IV[5]=IV[6]=IV[7]=00000000 2
IV[8]=IV[0]⊕(DIRECTION<<7);
IV[9]=IV[1];
IV[10]=IV[2];
IV[11]=IV[3];
IV[12]=IV[4];
IV[13]=IV[5];
IV[14]=(DIRECTION<<7);
IV[15]=IV[7];
Wherein, || represent splicing, ⊕ represents step-by-step XOR, represent that mould 32 adds, S iHfor a high position of register i, be specially 30 ~ 15 of register i; S iLfor the low level of register i, be specially 15 ~ 0 of register i, (a1, a2 ..., an) → (b1, b2 ..., bn) and represent that the assignment of a to b is parallel; 000 2with 00000000 2represent 2 binary value 0 respectively; COUNT, BEARER and DIRECTION represent encryption parameter respectively.
Further, register R 1with register R 2initialize is 0 respectively.
Following process repeats 32 times:
First the register bit extracted in LFSR is reassembled as word X 0~ word X 3:
Concrete, X 0=S 15H|| S 14L;
X 1=S 11L||S 9H
X 2=S 7L||S 5H
X 3=S 2L||S 0H
Wherein, S 15Hrepresent register S 15a high position; S 14Lrepresent register S 14low level; S 11Lrepresent register S 11low level; S 9Hrepresent register S 9a high position; S 7Lrepresent register S 7low level; S 5Hrepresent register S 5a high position; S 2Lrepresent register S 2low level; S 0Hrepresent register S 0a high position; Wherein, a high position described above is 30th ~ 15, and low level described above is 15th ~ 0.
Further, by X 0~ X 3send into F process respectively, specifically comprise:
W 2=R 2⊕X 2
R 1=S(L 1(W 1L||W 2H));
R 2=S(L 2(W 2L||W 1H)).
Wherein, S represents that S box converts, and described S box conversion is by look-up table S by the input of 32 bits 0or S 1be transformed to the output of 32 bits; L 1and L 2represent a kind of linear transformation respectively, be the output input linear of 32 bits being transformed into 32 bits, be specially:
L 1(X)=X⊕(X<<< 322)⊕(X<<< 3210)⊕(X<<< 3218)⊕(X<<< 3224);
L 2(X)=X⊕(X<<< 328)⊕(X<<< 3214)⊕(X<<< 3222)⊕(X<<< 3230)。
Finally, the W that F produces delivers to LFSR initial phase, carries out the renewal of register:
v=2 15S 15+2 17S 13+2 21S 10+2 20S 4+(1+2 8)S 0mod(2 31-1);
S 16=(v+u)mod(2 31-1);
Wherein, v and u is intermediate parameters; Mod is mod function.
Work as S 16when=0, then S16=2 31-1;
(S 1、S 2、…、S 15、S 16)→(S 0、S 1、…、S 14、S 15)。
After initialization completes, encryption device starts to produce key stream.Process is as follows:
First, the register bit extracted in LFSR is reassembled as X 0~ X 3for:
X 0=S 15H||S 14L
X 1=S 11L||S 9H
X 2=S 7L||S 5H
X 3=S 2L||S 0H
Wherein, S 15Hrepresent register S 15a high position; S 14Lrepresent register S 14low level; S 11Lrepresent register S 11low level; S 9Hrepresent register S 9a high position; S 7Lrepresent register S 7low level; S 5Hrepresent register S 5a high position; S 2Lrepresent register S 2low level; S 0Hrepresent register S 0a high position; Wherein, a high position described above is 30th ~ 15, and low level described above is 15th ~ 0.
Second step, by X 0~ X 3send into F process, directly enter except the 4th step except first time operation abandons W, all the other each runs retain W and deliver to the 3rd step, specifically comprise:
W 2=R 2⊕X 2
R 1=S(L 1(W 1L||W 2H));
R 2=S(L 2(W 2L||W 1H)。
Wherein, S represents that S box converts, and described S box conversion is by look-up table S by the input of 32 bits 0or S 1be transformed to the output of 32 bits; L 1and L 2represent a kind of linear transformation respectively, the input linear of 32 bits be transformed into the output of 32 bits, be specially:
L 1(X)=X⊕(X<<< 322)⊕(X<<< 3210)⊕(X<<< 3218)⊕(X<<< 3224);
L 2(X)=X⊕(X<<< 328)⊕(X<<< 3214)⊕(X<<< 3222)⊕(X<<< 3230)。
3rd step, LFSR key stream produces, and specifically comprises:
Z=W⊕X3;
4th step, in LRSR key stream generative process, register upgrades, and specifically comprises:
S 16=2 15S 15+2 17S 13+2 21S 10+2 20S 4+(1+2 8)S 0mod(2 31-1);
If S 16=0, so S 16=2 31-1;
(S 1、S 2、…、S 15、S 16)→(S 0、S 1、…、S 14、S 15)。
Repeat above-mentioned steps, all generate the secret key stream of 32bit after each iteration.
Wherein, described encryption processing module 13 needs described key stream processing module 12 to produce L=┌ LENGTH/32 ┐+2 32bit key streams, and wherein, ┌ ┐ represents the number that rounds up.The key stream produced can use z irepresent, described z in the present embodiment ican be z [0], z [1] ..., z [32L-1]; Wherein, described z [0] is the most important of first 32bit key stream, and z [31] is the most unessential of first 32bit key stream.For i=0,1,2 ..., 32L-1, if z i=z [i] || z [i+1] || ... || z [i+31], each z iall 32bit.
Concrete, described data to be encrypted and described key stream process by the first cipher mode by described encryption processing module 13, obtain enciphered data; Wherein, described first cipher mode is integral algorithm; Described described data to be encrypted and described key stream are undertaken being treated to prior art process by integral algorithm, repeat no more herein.
Further, after data are processed by integral algorithm by described encryption processing module 13, need to add check code (MAC) at data end, will the data of MAC be carried as enciphered data.
Concrete, the deterministic process of described MAC comprises:
If the span that T is 32 bits 0, i be i=0,1,2 ..., LENGTH-1, LENGTH, 32 (L-1);
As i=0, if M [i+n-1] ..., a certain position in M [i+1], M [i] is 1, then corresponding z i+n-1..., z i+1, z ibe provided with valid value and (can z be set i=z [i] || z [i+1] || ... || z [i+31], each z iall 32bit); Otherwise corresponding z i+n-1..., z i+1, z ibe set to 0, substitute into T=T ⊕ z i+n-1⊕ ... ⊕ z i+1⊕ z iin obtain the result of T parallel computation when i=0;
As i=1, if M [i+2n-1] ..., M [i+n+1], M [i+n] a certain position be 1, then corresponding z i+2n-1..., z i+n+1, z i+nget effective value and (can z be set i=z [i] || z [i+1] || ... || z [i+31], each z iall 32bit); Otherwise corresponding z i+2n-1..., z i+n+1, z i+nget 0, substitute into T=T ⊕ z i+2n-1⊕ ... ⊕ z i+n+1⊕ z i+nin obtain the result of T parallel computation when i=1;
By that analogy.As i=LENGTH, no matter the value of M [i], T=T ⊕ z lENGTH.Final as i=32 (L-1), MAC=T ⊕ z 32 (L-1);
Wherein, z irepresent the key stream that described key stream processing module 12 generates; M [i] represents the data of the pending encryption of described encryption processing module 13, and wherein, i represents bit, and such as M [0] represents the 0th bit of data; T is intermediate variable, and its initial value is 0.
In the present embodiment, described encryption device can be applicable in each node network element of transfer of data, and as enode (eNB) etc., the data memory module 11 in described encryption device in actual applications, can be realized by interface and memory; Key stream processing module 12 in described encryption device in actual applications, can by the central processing unit (CPU in described encryption device, CentralProcessingUnit), digital signal processor (DSP, DigitalSignalProcessor) or programmable gate array (FPGA, Field-ProgrammableGateArray) realize in conjunction with register; Encryption processing module 13 in described encryption device in actual applications, can be realized by CPU, DSP or FPGA.
Based on above-mentioned encryption device, the embodiment of the present invention additionally provides a kind of encryption method; Fig. 5 is the schematic flow sheet of the encryption method of the embodiment of the present invention; As shown in Figure 5, described method comprises:
Step 501: obtain the first parameter; Described first parameter comprises: key, encryption parameter, source address, destination address and data length.
Here, described acquisition first parameter, comprising: the AXI main interface that employing includes but not limited to or AHB main interface obtain the first parameter.
Step 502: generate key stream according to the key in described first parameter and encryption parameter.
Here, described according to the key in described first parameter and encryption parameter generation key stream, comprising: according to the key in described first parameter and encryption parameter parallel generation multichannel key stream.
Described data to be encrypted and described key stream are processed by the first cipher mode by step 503: read in data to be encrypted, obtain enciphered data, export described enciphered data.
Here, described in read in data to be encrypted, comprising: adopt the AXI main interface that includes but not limited to or AHB main interface to read in data to be encrypted;
Accordingly, the described enciphered data of described output, comprising: the AXI main interface that employing includes but not limited to or AHB main interface export described enciphered data; Concrete, described AXI main interface can adopt the AXImaster interface of AMBA3.0, is convenient to the read-write operation of data, greatly improves the speed that data store.
It will be appreciated by those skilled in the art that the encryption method of the embodiment of the present invention, can refer to the associated description of aforementioned encryption device and understand.
Those skilled in the art should understand, embodiments of the invention can be provided as method, device or computer program.Therefore, the present invention can adopt the form of hardware embodiment, software implementation or the embodiment in conjunction with software and hardware aspect.And the present invention can adopt in one or more form wherein including the upper computer program implemented of computer-usable storage medium (including but not limited to magnetic disc store and optical memory etc.) of computer usable program code.
The present invention describes with reference to according to the flow chart of the method for the embodiment of the present invention, device and computer program and/or block diagram.Should understand can by the combination of the flow process in each flow process in computer program instructions realization flow figure and/or block diagram and/or square frame and flow chart and/or block diagram and/or square frame.These computer program instructions can being provided to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce a machine, making the instruction performed by the processor of computer or other programmable data processing device produce device for realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
These computer program instructions also can be stored in can in the computer-readable memory that works in a specific way of vectoring computer or other programmable data processing device, the instruction making to be stored in this computer-readable memory produces the manufacture comprising command device, and this command device realizes the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
These computer program instructions also can be loaded in computer or other programmable data processing device, make on computer or other programmable devices, to perform sequence of operations step to produce computer implemented process, thus the instruction performed on computer or other programmable devices is provided for the step realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
The above, be only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.

Claims (10)

1. an encryption device, is characterized in that, described encryption device comprises: data memory module, key stream processing module and encryption processing module; Wherein,
Described data memory module, for obtaining the first parameter, when meeting first and being pre-conditioned, is sent to described key stream processing module by the key in described first parameter and encryption parameter; Described first parameter comprises: key, encryption parameter, source address, destination address and data length; Also for reading in data to be encrypted according to the source address in described first parameter and data length, described data to be encrypted are sent to described encryption processing module; Also for receiving the enciphered data that described encryption processing module sends according to the destination address in described first parameter and data length, export described enciphered data;
Described key stream processing module, for receiving key in described first parameter that described data memory module sends and encryption parameter, generating key stream according to described key and encryption parameter, described key stream is sent to described encryption processing module;
Described encryption processing module, for the described key stream that the data described to be encrypted and described key stream processing module that receive the transmission of described data memory module send, described data to be encrypted and described key stream are processed by the first cipher mode, obtain enciphered data, described enciphered data is sent to described data memory module.
2. device according to claim 1, is characterized in that, described data memory module comprises: bus is from processing module, finite state machine FSM control module, bus main processing block; Wherein,
Described first parameter, from processing module, for obtaining the first parameter, is sent to described FSM control module by described bus; Described first parameter comprises: key, encryption parameter, source address, destination address and data length information;
Described FSM control module, for the first parameter sent from processing module according to described bus, when meeting first and being pre-conditioned, described key and encryption parameter are sent to described key stream processing module, described source address, destination address and data length information are sent to described bus main processing block;
Described bus main processing block, for the described source address that sends according to described FSM control module and data length information, reads in data to be encrypted, described data to be encrypted is sent to described encryption processing module; Also for the described destination address that sends according to described FSM control module and data length information, receive the enciphered data that described encryption processing module sends, export described enciphered data.
3. device according to claim 2, is characterized in that, described bus main processing block comprises: the first cache module and the second cache module; Wherein,
Described first cache module, for the described source address that sends according to described FSM control module and data length information, reads in data to be encrypted, and when meeting second and being pre-conditioned, described data to be encrypted is sent to described encryption processing module;
Described second cache module, for the described destination address that sends according to described FSM control module and data length information, receives the enciphered data that described encryption processing module sends, and exports described enciphered data when meeting the 3rd and being pre-conditioned.
4. device according to claim 2, is characterized in that, the interface that described bus main processing block adopts includes but not limited to AXI main interface or AHB main interface.
5. device according to claim 2, is characterized in that, from the interface that processing module adopts, described bus includes but not limited to that AXI is from interface or AHB from interface.
6. device according to claim 1, is characterized in that, described key stream processing module, for according to described key and encryption parameter parallel generation multichannel key stream.
7. an encryption method, is characterized in that, described method comprises:
Obtain the first parameter; Described first parameter comprises: key, encryption parameter, source address, destination address and data length;
Key stream is generated according to the key in described first parameter and encryption parameter;
Read in data to be encrypted, described data to be encrypted and described key stream are processed by the first cipher mode, obtain enciphered data, export described enciphered data.
8. method according to claim 7, is characterized in that, described according to the key in described first parameter and encryption parameter generation key stream, comprising: according to the key in described first parameter and encryption parameter parallel generation multichannel key stream.
9. method according to claim 7, is characterized in that, described acquisition first parameter, comprising: the AXI main interface that employing includes but not limited to or AHB main interface obtain the first parameter.
10. method according to claim 7, is characterized in that, described in read in data to be encrypted, comprising: adopt the AXI main interface that includes but not limited to or AHB main interface to read in data to be encrypted;
Accordingly, the described enciphered data of described output, comprising: the AXI main interface that employing includes but not limited to or AHB main interface export described enciphered data.
CN201410413320.XA 2014-08-19 2014-08-19 Encryption device and encryption method Pending CN105472602A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201410413320.XA CN105472602A (en) 2014-08-19 2014-08-19 Encryption device and encryption method
PCT/CN2015/074127 WO2016026287A1 (en) 2014-08-19 2015-03-12 Encryption device, encryption method and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410413320.XA CN105472602A (en) 2014-08-19 2014-08-19 Encryption device and encryption method

Publications (1)

Publication Number Publication Date
CN105472602A true CN105472602A (en) 2016-04-06

Family

ID=55350156

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410413320.XA Pending CN105472602A (en) 2014-08-19 2014-08-19 Encryption device and encryption method

Country Status (2)

Country Link
CN (1) CN105472602A (en)
WO (1) WO2016026287A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108377180A (en) * 2018-03-29 2018-08-07 哈尔滨理工大学 A kind of wireless secret communication system based on STM32
CN109255245A (en) * 2018-08-13 2019-01-22 海南新软软件有限公司 A kind of local cryptographic key protection method, apparatus and system
CN112199325A (en) * 2020-10-27 2021-01-08 南京大学 Reconfigurable computing implementation device and reconfigurable computing method for 3DES encryption and decryption algorithm

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111625843A (en) * 2019-07-23 2020-09-04 方盈金泰科技(北京)有限公司 Data transparent encryption and decryption system suitable for big data platform
CN118074907B (en) * 2024-04-02 2024-06-21 湖北大学 High-performance hardware optimal design realization circuit for ZUC algorithm

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647711A (en) * 2011-02-17 2012-08-22 中兴通讯股份有限公司 Data encryption system and method
US8509424B2 (en) * 2009-11-15 2013-08-13 Ante Deng Fast key-changing hardware apparatus for AES block cipher
CN103517269A (en) * 2012-06-19 2014-01-15 中兴通讯股份有限公司 Data encryption and decryption method and system
CN103874060A (en) * 2012-12-13 2014-06-18 中兴通讯股份有限公司 Data coding/decoding method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103731822B (en) * 2012-10-15 2018-11-30 中国科学院微电子研究所 System and method for implementing Zuichong algorithm

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8509424B2 (en) * 2009-11-15 2013-08-13 Ante Deng Fast key-changing hardware apparatus for AES block cipher
CN102647711A (en) * 2011-02-17 2012-08-22 中兴通讯股份有限公司 Data encryption system and method
CN103517269A (en) * 2012-06-19 2014-01-15 中兴通讯股份有限公司 Data encryption and decryption method and system
CN103874060A (en) * 2012-12-13 2014-06-18 中兴通讯股份有限公司 Data coding/decoding method and device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108377180A (en) * 2018-03-29 2018-08-07 哈尔滨理工大学 A kind of wireless secret communication system based on STM32
CN109255245A (en) * 2018-08-13 2019-01-22 海南新软软件有限公司 A kind of local cryptographic key protection method, apparatus and system
CN112199325A (en) * 2020-10-27 2021-01-08 南京大学 Reconfigurable computing implementation device and reconfigurable computing method for 3DES encryption and decryption algorithm

Also Published As

Publication number Publication date
WO2016026287A1 (en) 2016-02-25

Similar Documents

Publication Publication Date Title
CN105490802B (en) The parallel encryption and decryption communication means of improvement SM4 based on GPU
CN106850221B (en) Information encryption and decryption method and device
CN105472602A (en) Encryption device and encryption method
JP4486680B2 (en) Apparatus and method for performing RC4 encryption
CN105162590B (en) Parallel homomorphism data ciphering method in a kind of cloud computing environment
CN112398639B (en) Device and method for realizing Fountain lightweight encryption algorithm and application
CN107579813A (en) information encryption and decryption method and device
CN103812641A (en) System for realizing SM4 block symmetric cryptographic algorithm
CN103731822B (en) System and method for implementing Zuichong algorithm
CN102737270A (en) Security co-processor of bank smart card chip based on domestic algorithms
CN108933653A (en) A kind of AES encrypting and deciphering system and method based on large-scale data
CN112217646B (en) Device and method for realizing SM3 password hash algorithm
US20150058639A1 (en) Encryption processing device and storage device
CN110213050A (en) Key generation method, device and storage medium
CN104219045A (en) RC4 (Rivest cipher 4) stream cipher generator
CN107733634A (en) A kind of lightweight chaos authentication encryption method based on displacement coupling
CN111832051A (en) Symmetric encryption and decryption method and system based on FPGA
CN101924630B (en) Rapid encoding and decoding method for wireless local area network
CN110034918A (en) A kind of SM4 acceleration method and device
CN107835070B (en) Simple embedded encryption method
CN109714151A (en) Chip data processing method and system based on AES-GCM
CN102135871B (en) Device for generating random number by using chaos theory and dynamic password token thereof
CN108134665A (en) A kind of 8 bit A ES circuits applied towards IoT
CN110071927B (en) Information encryption method, system and related components
CN106059748B (en) A kind of lightweight secure storage method of data regenerating code safely based on block

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20160406