CN105897406A - AES encryption and decryption device having equal-length plaintexts and ciphertexts - Google Patents
AES encryption and decryption device having equal-length plaintexts and ciphertexts Download PDFInfo
- Publication number
- CN105897406A CN105897406A CN201610388115.1A CN201610388115A CN105897406A CN 105897406 A CN105897406 A CN 105897406A CN 201610388115 A CN201610388115 A CN 201610388115A CN 105897406 A CN105897406 A CN 105897406A
- Authority
- CN
- China
- Prior art keywords
- data
- module
- ciphertext
- key
- main frame
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an AES encryption and decryption device having equal-length plaintexts and ciphertexts, relating to the technical field of information security. The device comprises an encryption module, a decryption module and a key management module; the encryption module comprises at least one first data input module, at least one first data management module, at least one AES algorithm encryption module and at least one first data sending module; the decryption module comprises at least one second data input module, at least one second data management module, at least one AES algorithm decryption module and at least one second data sending module; and the key management module is used for storing keys sent by a host, and sending multiple sets of keys to the encryption module or the decryption module according to the application of the host. In the AES encryption and decryption device disclosed by the invention, various core modules are realized through FPGAs; the FPGAs are communicated with the host through a Pcie interface; the host cannot read the keys stored by the key management module; therefore, the key exposure risk is avoided; and the safety is improved.
Description
Technical field
The present invention relates to field of information security technology, particularly relate to the device of the isometric AES encryption and decryption of a kind of bright ciphertext.
Background technology
Advanced Encryption Standard (English: Advanced Encryption Standard, abbreviation: AES) by American National Standard and skill
Art academy (NIST) is asserted effective standard on May 26th, 2002.2006, Advanced Encryption Standard became already
One of most popular algorithm in symmetrical packet key encryption.
Along with the fast development of information technology, aes algorithm is widely used in industry-by-industry, but common application is all by soft
Part realizes.Although the arithmetic speed of current CPU and core number the most greatly strengthen, but the computing handled by CPU
The most complicated so that the preciousness that cpu resource is the most suitable, then realize aes algorithm by hardware and CPU is added
Speed also becomes a problem highly significant.
Aes algorithm is a kind of symmetric block ciphers AES, and the data for encryption and decryption are required for through packet, data block
Length is fixed as 16 bytes, needs to carry out polishing filling when a data block length is less than 16 byte, the result so brought
It is that ciphertext is than the longest so that aes algorithm cannot be used in the case of needs cleartext-ciphertext is isometric.
Summary of the invention
The present invention provides the device of the isometric AES encryption and decryption of a kind of bright ciphertext, it would be preferable to support the CBC mould of AES enciphering and deciphering algorithm
Formula (also referred to as cipher block chaining pattern), cleartext-ciphertext data are isometric, effectively reduce CPU usage and improve the peace of encryption and decryption
Quan Xing.Described device is based on FPGA platform, by repeatedly calling aes algorithm, it is achieved that the isometric encryption of clear data,
And effectively reduce CPU usage.
The present invention provides the device of the isometric AES encryption and decryption of a kind of bright ciphertext, including the encrypting module processed for data and deciphering
Module and key management module;Wherein encrypting module includes:
At least one first data input module, for obtaining data to be encrypted and queuing message from main frame.
Data after regular for regular data block, and are sent into aes algorithm encryption mould by least one first data management module
Block;By regular for ciphertext and send into data transmission blocks.
At least one aes algorithm encrypting module, for by data management module send into regular after data be encrypted, formed
Ciphertext, and ciphertext is passed back to data management module.
At least one first data transmission blocks, for being passed back to main frame by ciphertext and queuing message.
Deciphering module includes:
At least one second data input module, for obtaining data to be decrypted and queuing message from main frame.
Data after regular for regular data block, and are sent into aes algorithm deciphering mould by least one second data management module
Block;By in plain text the most regular and send into data transmission blocks.
At least one aes algorithm deciphering module, for by data management module send into regular after data be decrypted, formed
In plain text, and by plaintext it is passed back to data management module.
At least one second data transmission blocks, for being passed back to main frame by plaintext and queuing message.
The key that key management module issues for storage host, can store many group keys, and can be according to the application of main frame
Many group keys are handed down to encrypting module or deciphering module.
The device nucleus module of the isometric AES encryption and decryption of a kind of bright ciphertext that the present invention provides all is realized by FPGA,
FPGA carries out communication by Pcie interface and main frame, is used for reception and return data and information.The non-readable key management of main frame
The key that module is stored, thus avoid the risk that key exposes, improve safety.
Accompanying drawing explanation
Fig. 1 is encrypting module structural representation of the present invention.
Fig. 2 is deciphering module structural representation of the present invention.
Fig. 3 is key management module schematic diagram of the present invention.
Fig. 4 is data encryption schematic flow sheet of the present invention.
Fig. 5 is data deciphering schematic flow sheet of the present invention.
Fig. 6 is key management schematic flow sheet of the present invention.
Detailed description of the invention
Below in conjunction with the accompanying drawings technical scheme is described in detail.
The present invention provides the device of the isometric AES encryption and decryption of a kind of bright ciphertext, including the encrypting module processed for data and deciphering
Module and key management module.
Fig. 1 shows the structure of encrypting module in the present invention, and described encrypting module is by the first data input module, the first data
Management module, aes algorithm encrypting module and the first data transmission blocks are constituted.First data input module is responsible for main frame incoming
Queuing message and clear data cache, and according to the incoming queuing message of main frame to key management module application key, logical
Know that the clear data cached is processed by the first data management module;First data management module is responsible for from the first data input
Module reads queuing message, key and the clear data cached, and queuing message, key and plaintext feeding aes algorithm is added
Close module;Aes algorithm encrypting module obtains ciphertext after carrying out data encryption, data management module receives ciphertext, and according in plain text
Ciphertext is carried out regular, the ciphertext after regular and queuing message are sent into the first data transmission blocks;First data transmission blocks is born
Ciphertext is passed back to main frame by Pcie interface by duty.
For the hardware resource reproducibility of FPGA, an encrypting module can be copied as multiple encrypting module, as same
Place multiple encrypting module inside fpga chip simultaneously, by defining different address spaces, multiple encrypting modules made a distinction,
Host computer side accesses different encrypting modules by accessing different address spaces, thus realizes the Parallel Implementation of multichannel encryption;Solve
Close module can carry out identical duplication and definition with encrypting module, thus realizes the Parallel Implementation of multichannel deciphering.Fig. 4 shows and adds
Close module carries out the flow process of data encryption, below in conjunction with Fig. 4 and assume that length of the plaintext is that encryption flow is carried out by the situation of 23 bytes
Detailed description progressively:
Step 1: main frame input rank information, indicate the length of the plaintext of this cryptographic operation, Key Sequence Number, the sequence of operation number and
The offset address of passback main frame;First data input module controls reception in plain text and the acquisition of key by analyzing queuing message.
Step 2: according to the Key Sequence Number in queuing message to key management module application key, and key is sent to AES calculation
Method encrypting module.
Step 3: in plain text, owing to the plaintext bit wide of input is 64, and the data bit width that AES can process is in main frame input
128, thus the first data input module caching in plain text time, 64 plaintexts that main frame inputs are spliced into again 128 bright
Literary composition, the rule of splicing be the data buffer storage first inputted to high 64, the data buffer storage of rear input is to low 64, when having of inputting
When effect is in plain text less than 128, supplies adding 0 after the most in plain text and cache;When at least one 128 bright of caching
Wen Hou, notifies that the first data management module is to processing in plain text.In this example, first by two 8 bytes receiving in plain text according to
Rule is spliced into 128 Plaintext block;Again by last 7 byte cache to high 56, by low 72 benefits 0, so
Rear notice data management module is to processing in plain text.
Step 4: after the first data management module receives the notice of data input module, first analyzes the plaintext of this secondary encryption
Length, reads data according to length from the caching of data input module, every time one data block of reading, the plaintext of i.e. 128,
If what this read is 128 the most in plain text, then it is encrypted being sent to aes algorithm encrypting module in plain text, as encryption behaviour
After completing, ciphertext is fetched, from aes algorithm encrypting module, row cache of going forward side by side, the ciphertext fetched is sent to the first data simultaneously
Sending module;From the first data input module caching, again read data, and repeat above operation;When from the first data input
When the effective plaintext read in module caching is less than 128, by plaintext and the ciphertext fetched last time are spliced, it is spliced into 128
The data block of position, reinitializes aes algorithm encrypting module, is carried out by spliced data feeding aes algorithm encrypting module
Encryption, the ciphertext that the ciphertext this fetched and last time fetch carries out splicing and shifting, and the ciphertext after splicing and displacement is sent to
First data transmission blocks;Notify that the first all plaintexts of data transmission blocks have been encrypted and have been transmitted;Thus it is whole to complete one
The isometric encryption of plaintext of section.
In this example, first first 128 Plaintext block is sent into aes algorithm encrypting module and be encrypted, carry out after fetching ciphertext
Caching;Splicing low 72 of the ciphertext fetched with remaining 56 plaintexts, the rule of splicing is the low 72 of ciphertext again
For a high position, the plaintext of 56 is low level;Reinitialize aes algorithm encrypting module, spliced plaintext is sent into AES and calculates
Method encrypting module is encrypted;After fetching last ciphertext, cover the low of the last ciphertext fetched by high 72 of ciphertext
72, by low 56 bit shifts of last ciphertext to high 56, remaining low 72 use 0 cover;Thus form
Two ciphertext blocks of end product, first piece of ciphertext is 128, second piece of ciphertext is 56, totally 23 byte, and in plain text
Isometric.The two ciphertext blocks is sent to the first data transmission blocks cache, and notifies that the first sending module is transmitted.
Step 5: after the first data transmission blocks receives the transmission request of the first data management module, according to the length sending request
Degree, send the information such as offset address, first queuing message be transmitted as first transmitting element, then from caching by
Individual reading ciphertext is transmitted, and after last effective ciphertext is sent completely, again sends a queuing message unit and terminates
This sends, and notifies that this cryptographic operation of the first data input module completes simultaneously, and the first data input module enters new reception
Data mode.
Fig. 2 shows the structure of deciphering module of the present invention, and described deciphering module is by the second data input module, the second data pipe
Reason module, aes algorithm deciphering module and the second data transmission blocks are constituted.Second data input module is responsible for main frame incoming
Queuing message and ciphertext cache, and according to the incoming queuing message of main frame to key management module application key, according to ciphertext
Ciphertext is spliced by length information, notifies that second data management module queuing message to having cached, key and ciphertext data are entered
Row processes;Second data management module is responsible for reading, from data input module, queuing message, key and the ciphertext cached, and will
Queuing message, key and ciphertext send into aes algorithm deciphering module;Ciphertext is decrypted and obtains in plain text by aes algorithm deciphering module;
Second data management module receives the plaintext of aes algorithm deciphering module output, and regular, by regular to carrying out in plain text according to ciphertext
After plaintext and queuing message send into the second data transmission blocks;Second data transmission blocks is responsible for being returned by Pcie interface in plain text
Pass to main frame.
Fig. 5 shows that deciphering module carries out the flow process of data deciphering, below in conjunction with Fig. 5 and assume that length of the plaintext is the feelings of 23 bytes
Condition carries out detailed description progressively to deciphering flow process:
Step 1: main frame input rank information, indicate the ciphertext length of this decryption oprerations, Key Sequence Number, the sequence of operation number and
The offset address of passback main frame;Second data input module controls the reception of ciphertext and the acquisition of key by analyzing queuing message.
Step 2: according to the Key Sequence Number in queuing message to key management module application key, and key is sent to AES calculation
Method deciphering module.
Step 3: main frame input ciphertext, owing to the ciphertext bit wide of input is 64, and the data bit width that AES can process is
128, so data input module is when caching ciphertext, 64 ciphertexts that main frame inputs are spliced into 128 plaintexts again,
The rule of splicing be the data buffer storage first inputted to high 64, the data buffer storage of rear input is to low 64, the closeest when input
When literary composition is less than 128, supplies adding 0 after effective ciphertext and cache;After all ciphertexts have cached, according to close
Ciphertext is spliced by the length of literary composition again.In this example, first two 8 byte cryptogram received are spliced into one according to rule
128 ciphertext blocks;Again by last 7 byte cache to high 56, mend 0 by low 72;The ciphertext operated according to this
Length information, by high 56 gts of last ciphertext blocks to low 56, covers low 72 of first ciphertext blocks
Later ciphertext blocks high 72, thus it is spliced into last ciphertext blocks of 128;By first ciphertext blocks and spliced
Last ciphertext blocks caches, and notifies that the second data management module starts to process ciphertext.
Step 4: after the second data management module receives the notice of data input module, first analyzes the ciphertext of this secondary deciphering
Length, if the integral multiple of a length of 128 of ciphertext, then reads data according to length from the caching of the second data input module,
Read a data block, the ciphertext of i.e. 128 every time, ciphertext is sent to aes algorithm deciphering module and is decrypted, work as deciphering
After having operated, will fetch and be sent to the second data transmission blocks from aes algorithm encrypting module in plain text;Again from the second data
Input module caching reads data, and repeats above operation;Until all ciphertext blocks notify after having processed that the second data send
Module is transmitted.If the integral multiple that ciphertext length is non-128, first read from the second data input module caching
The ciphertext of later caching, sends into aes algorithm deciphering module and deciphers first, is cached by the plaintext after deciphering;Again
Initialize aes algorithm deciphering module, from data input module caches, read ciphertext one by one, send into aes algorithm deciphering module
It is decrypted, the plaintext after deciphering is sent into the second data transmission blocks and caches;When reading last ciphertext, will
High-order portion in the plaintext deciphered first takes out, and splices with last ciphertext, is re-fed into aes algorithm deciphering module and enters
Row deciphering, the plaintext this deciphering obtained splices with the plaintext deciphered first, is sent to data transmission blocks and is transmitted,
Thus complete a decryption oprerations.In this example, be decrypted first for the ciphertext through again splicing, these 128 ciphertext bags
Contain low 72 and last block ciphertext high 56 of first piece of ciphertext;The plaintext that this 128 ciphertexts produce after decrypted,
Include 72 need and carry out ciphertext and the plaintext of 56 that second time is deciphered;72 need are carried out the ciphertext covering that second time is deciphered
After low 72 of low one piece of ciphertext, being sent to aes algorithm deciphering module and be decrypted, the plaintext decrypted is finally
First piece of plaintext of decrypted result;Move left to high 56 obtain second piece of plaintext by deciphering 56 plaintexts obtained first;By
One piece of plaintext and second piece of plaintext are sent to the second data transmission blocks and are transmitted;Thus complete the ciphertext of 23 byte lengths
Deciphering.
Step 5: after the second data transmission blocks receives the transmission request of the second data management module, according to the length sending request
The information such as degree, transmission address, are first transmitted queuing message as first transmitting element, then read one by one from caching
Take and be transmitted in plain text, after last is sent completely the most in plain text, again sends a queuing message unit and terminate this
Sending, notify that this decryption oprerations of the second data input module completes simultaneously, the second data input module enters new reception data
State.
Fig. 3 shows the structure of key management module, and described key management module is by cipher key storage block, key verification module
And key distribution module is constituted.The key storage that cipher key storage block is responsible for issuing main frame is in ram in slice;Key verification
Module is responsible for the correctness of check key;Key distribution module is responsible for according to key application, and key is sent to encryption or deciphering mould
Block.
Fig. 6 shows that key management module carries out the flow process of key management, carries out key management flow process in detail below in conjunction with Fig. 6
Illustrate:
Step 1: main frame issues key to key management module, can once issue most 256 group keys.
Step 2: main frame application issues key verification instruction, and main frame is again by delivering key, and key verification module will issue again
Key compare with the key issued first, if the key issued first and the key again issued, then return close
Key mistake is numbered, if equal, returns 0;Main frame repeats key verification action, until all key verification complete.Work as appearance
During wrong cipher key, main frame needs to re-start to issue key and checkout action.Main frame retaking of a year or grade key is not provided due to apparatus of the present invention
Function, issues with verification scheme for guaranteeing the correctness of key so have employed.
Step 3: when data encryption or deciphering module are to key management module application key, first provide Key Sequence Number, key
Management module chooses key according to Key Sequence Number, and key is sent to corresponding deciphering module or encrypting module.
In sum, the device of the AES encryption and decryption that a kind of bright ciphertext provided by the present invention is isometric uses hardware to achieve AES
The core of algorithm and call aes algorithm by secondary and the rational joint to plain/cipher text achieves in plain text, ciphertext is strict
Isometric encryption/deciphering.
The present invention can realize the parallel processing of multichannel encryption and decryption on same fpga chip, realizes compared to software, has reduction
CPU consumes, the processing speed characteristic such as faster;Key therein retaking of a year or grade mechanism can not greatly reduce the risk that key exposes, from
And improve safety.
Claims (4)
1. the device of the AES encryption and decryption that a bright ciphertext is isometric, it is characterised in that: include encrypting module, deciphering module and key pipe
Reason module;Wherein encrypting module includes:
At least one first data input module, for obtaining data to be encrypted and queuing message from main frame;
Data after regular for regular data block, and are sent into aes algorithm encryption mould by least one first data management module
Block;By regular for ciphertext and send into data transmission blocks;
At least one aes algorithm encrypting module, for by data management module send into regular after data be encrypted, formed
Ciphertext, and ciphertext is passed back to data management module;
At least one first data transmission blocks, for being passed back to main frame by ciphertext and queuing message;
Deciphering module includes:
At least one second data input module, for obtaining data to be decrypted and queuing message from main frame;
Data after regular for regular data block, and are sent into aes algorithm deciphering mould by least one second data management module
Block;By in plain text the most regular and send into data transmission blocks;
At least one aes algorithm deciphering module, for by data management module send into regular after data be decrypted, formed
In plain text, and by plaintext it is passed back to data management module;
At least one second data transmission blocks, for being passed back to main frame by plaintext and queuing message;
The key that key management module issues for storage host, and be handed down to encrypt mould by many group keys according to the application of main frame
Block or deciphering module.
The device of the AES encryption and decryption that a kind of bright ciphertext the most according to claim 1 is isometric, it is characterised in that: described logarithm
According to the flow process being encrypted it is:
Step 1: main frame input rank information, indicate the length of the plaintext of this cryptographic operation, Key Sequence Number, the sequence of operation number and
The offset address of passback main frame;First data input module controls reception in plain text and the acquisition of key by analyzing queuing message;
Step 2: according to the Key Sequence Number in queuing message to key management module application key, and key is sent to AES calculation
Method encrypting module;
Step 3: in plain text, owing to the plaintext bit wide of input is 64, and the data bit width that AES can process is in main frame input
128, thus the first data input module caching in plain text time, 64 plaintexts that main frame inputs are spliced into again 128 bright
Literary composition, the rule of splicing be the data buffer storage first inputted to high 64, the data buffer storage of rear input is to low 64, when having of inputting
When effect is in plain text less than 128, supplies adding 0 after the most in plain text and cache;When at least one 128 bright of caching
Wen Hou, notifies that the first data management module is to processing in plain text;
Step 4: after the first data management module receives the notice of the first data input module, according to length of the plaintext to be encrypted
Reading data from the caching of the first data input module, every time one data block of reading, the plaintext of i.e. 128, if this
Read is 128 the most in plain text, then be encrypted being sent to aes algorithm encrypting module in plain text, after cryptographic operation completes,
Ciphertext is fetched, from aes algorithm encrypting module, row cache of going forward side by side, the ciphertext fetched is sent to the first data transmission blocks simultaneously;
From the first data input module caching, again read data, and repeat above operation;When from the first data input module caching
When the effective plaintext read is less than 128, by plaintext and the ciphertext fetched last time are spliced, it is spliced into the data of 128
Block, reinitializes aes algorithm encrypting module, is encrypted by spliced data feeding aes algorithm encrypting module, will
This ciphertext fetched and the ciphertext fetched last time carry out splicing and shifting, and the ciphertext after splicing and displacement is sent to the first data
Sending module;Notify that the first all plaintexts of data transmission blocks have been encrypted and have been transmitted;Thus complete the plaintext of whole section
Isometric encryption;
Step 5: after the first data transmission blocks receives the transmission request of the first data management module, according to the length sending request
Degree, transmission offset address information, be first transmitted queuing message as first transmitting element, then from caching one by one
Reading ciphertext is transmitted, and after last effective ciphertext is sent completely, again sends a queuing message unit and terminates this
Secondary transmission, notifies that this cryptographic operation of the first data input module completes simultaneously, and the first data input module enters new reception number
According to state.
The device of the AES encryption and decryption that a kind of bright ciphertext the most according to claim 1 is isometric, it is characterised in that: described logarithm
According to the flow process being decrypted it is:
Step 1: main frame input rank information, indicate the ciphertext length of this decryption oprerations, Key Sequence Number, the sequence of operation number and
The offset address of passback main frame;Second data input module controls the reception of ciphertext and the acquisition of key by analyzing queuing message;
Step 2: according to the Key Sequence Number in queuing message to key management module application key, and key is sent to AES calculation
Method deciphering module;
Step 3: main frame input ciphertext, owing to the ciphertext bit wide of input is 64, and the data bit width that AES can process is
128, so data input module is when caching ciphertext, 64 ciphertexts that main frame inputs are spliced into 128 plaintexts again,
The rule of splicing be the data buffer storage first inputted to high 64, the data buffer storage of rear input is to low 64, the closeest when input
When literary composition is less than 128, supplies adding 0 after effective ciphertext and cache;After all ciphertexts have cached, according to close
Ciphertext is spliced by the length of literary composition again;
Step 4: after the second data management module receives the notice of the second data input module, first analyzes this secondary deciphering
Ciphertext length, if the integral multiple of a length of 128 of ciphertext, then reads from the caching of the second data input module according to length
Data, read a data block, the ciphertext of i.e. 128 every time, ciphertext are sent to aes algorithm deciphering module and are decrypted,
After decryption oprerations completes, will fetch and be sent to the second data transmission blocks from aes algorithm encrypting module in plain text;Again from
Two data input module cachings read data, and repeats above operation;Until all ciphertext blocks notify the second number after having processed
It is transmitted according to sending module;If the integral multiple that ciphertext length is non-128, first from the second data input module caching
Read the ciphertext of last caching, send into aes algorithm deciphering module and decipher first, the plaintext after deciphering is cached;
Again initialize aes algorithm deciphering module, from data input module caches, read ciphertext one by one, send into aes algorithm deciphering
Module is decrypted, and the plaintext after deciphering is sent into the second data transmission blocks and caches;When reading last ciphertext,
High-order portion in the plaintext that will decipher first takes out, and splices with last ciphertext, is re-fed into aes algorithm deciphering module
Being decrypted, the plaintext this deciphering obtained splices with the plaintext deciphered first, is sent to data transmission blocks and carries out sending out
Send, thus complete a decryption oprerations;
Step 5: after the second data transmission blocks receives the transmission request of the second data management module, according to the length sending request
Degree, transmission address information, be first transmitted queuing message as first transmitting element, then read one by one from caching
It is transmitted in plain text, after last is sent completely the most in plain text, again sends a queuing message unit and terminate this
Sending, notify that this decryption oprerations of the second data input module completes simultaneously, the second data input module enters new reception data shape
State.
The device of the AES encryption and decryption that a kind of bright ciphertext the most according to claim 1 is isometric, it is characterised in that: key management mould
Block carries out the flow process of key management:
Step 1: main frame issues key to key management module;
Step 2: main frame application issues key verification instruction, and main frame is again by delivering key, and key verification module will issue again
Key compare with the key issued first, if the key issued first and the key again issued, then return close
Key mistake is numbered, if equal, returns 0;Main frame repeats key verification action, until all key verification complete;Work as appearance
During wrong cipher key, main frame needs to re-start to issue key and checkout action;
Step 3: when data encryption or deciphering module are to key management module application key, first provide Key Sequence Number, key
Management module chooses key according to Key Sequence Number, and key is sent to corresponding deciphering module or encrypting module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610388115.1A CN105897406B (en) | 2016-06-02 | 2016-06-02 | A kind of device for the AES encryption and decryption that bright ciphertext is isometric |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610388115.1A CN105897406B (en) | 2016-06-02 | 2016-06-02 | A kind of device for the AES encryption and decryption that bright ciphertext is isometric |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105897406A true CN105897406A (en) | 2016-08-24 |
CN105897406B CN105897406B (en) | 2019-04-12 |
Family
ID=56710726
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610388115.1A Active CN105897406B (en) | 2016-06-02 | 2016-06-02 | A kind of device for the AES encryption and decryption that bright ciphertext is isometric |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105897406B (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106549970A (en) * | 2016-11-25 | 2017-03-29 | 济南浪潮高新科技投资发展有限公司 | A kind of PCIE interface data encipher-decipher methods based on FPGA |
CN107491317A (en) * | 2017-10-10 | 2017-12-19 | 郑州云海信息技术有限公司 | A kind of symmetrical encryption and decryption method and systems of AES for accelerating platform based on isomery |
CN107566113A (en) * | 2017-09-29 | 2018-01-09 | 郑州云海信息技术有限公司 | The symmetrical encipher-decipher methods of 3DES, system and computer-readable recording medium |
CN107612681A (en) * | 2017-09-25 | 2018-01-19 | 郑州云海信息技术有限公司 | A kind of data processing method based on SM3 algorithms, apparatus and system |
CN107612682A (en) * | 2017-09-25 | 2018-01-19 | 郑州云海信息技术有限公司 | A kind of data processing method based on SHA512 algorithms, apparatus and system |
CN107749792A (en) * | 2017-10-13 | 2018-03-02 | 郑州云海信息技术有限公司 | Realize the method, system and computer-readable recording medium of data encrypting and deciphering |
CN110134621A (en) * | 2018-02-09 | 2019-08-16 | 北京忆芯科技有限公司 | CMB is provided by looping back data access |
CN111400744A (en) * | 2020-04-20 | 2020-07-10 | 深信服科技股份有限公司 | File encryption and decryption processing method, device, equipment and readable storage medium |
CN116070292A (en) * | 2023-03-07 | 2023-05-05 | 苏州宏存芯捷科技有限公司 | SM4 encryption heterogeneous acceleration system based on FPGA |
CN116204911A (en) * | 2023-04-27 | 2023-06-02 | 苏州浪潮智能科技有限公司 | Encryption and decryption system, encryption and decryption control method, computer device and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101534190A (en) * | 2009-05-05 | 2009-09-16 | 成都市华为赛门铁克科技有限公司 | A multi-channel encryption/decryption method, device and system |
CN104363091A (en) * | 2014-12-01 | 2015-02-18 | 国家计算机网络与信息安全管理中心 | Encryption and decryption method capable of automatically retrieving keys and selecting algorithms |
US9002002B1 (en) * | 2006-12-12 | 2015-04-07 | Marvell International Ltd. | Method and apparatus of high speed encryption and decryption |
-
2016
- 2016-06-02 CN CN201610388115.1A patent/CN105897406B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9002002B1 (en) * | 2006-12-12 | 2015-04-07 | Marvell International Ltd. | Method and apparatus of high speed encryption and decryption |
CN101534190A (en) * | 2009-05-05 | 2009-09-16 | 成都市华为赛门铁克科技有限公司 | A multi-channel encryption/decryption method, device and system |
CN104363091A (en) * | 2014-12-01 | 2015-02-18 | 国家计算机网络与信息安全管理中心 | Encryption and decryption method capable of automatically retrieving keys and selecting algorithms |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106549970A (en) * | 2016-11-25 | 2017-03-29 | 济南浪潮高新科技投资发展有限公司 | A kind of PCIE interface data encipher-decipher methods based on FPGA |
CN107612681A (en) * | 2017-09-25 | 2018-01-19 | 郑州云海信息技术有限公司 | A kind of data processing method based on SM3 algorithms, apparatus and system |
CN107612682A (en) * | 2017-09-25 | 2018-01-19 | 郑州云海信息技术有限公司 | A kind of data processing method based on SHA512 algorithms, apparatus and system |
CN107566113A (en) * | 2017-09-29 | 2018-01-09 | 郑州云海信息技术有限公司 | The symmetrical encipher-decipher methods of 3DES, system and computer-readable recording medium |
CN107491317A (en) * | 2017-10-10 | 2017-12-19 | 郑州云海信息技术有限公司 | A kind of symmetrical encryption and decryption method and systems of AES for accelerating platform based on isomery |
CN107749792A (en) * | 2017-10-13 | 2018-03-02 | 郑州云海信息技术有限公司 | Realize the method, system and computer-readable recording medium of data encrypting and deciphering |
CN110134621A (en) * | 2018-02-09 | 2019-08-16 | 北京忆芯科技有限公司 | CMB is provided by looping back data access |
CN110134621B (en) * | 2018-02-09 | 2023-12-19 | 北京忆芯科技有限公司 | Providing CMB via a loopback data path |
CN111400744A (en) * | 2020-04-20 | 2020-07-10 | 深信服科技股份有限公司 | File encryption and decryption processing method, device, equipment and readable storage medium |
CN111400744B (en) * | 2020-04-20 | 2023-09-05 | 深信服科技股份有限公司 | File encryption and decryption processing method, device, equipment and readable storage medium |
CN116070292A (en) * | 2023-03-07 | 2023-05-05 | 苏州宏存芯捷科技有限公司 | SM4 encryption heterogeneous acceleration system based on FPGA |
CN116070292B (en) * | 2023-03-07 | 2023-06-16 | 苏州宏存芯捷科技有限公司 | SM4 encryption heterogeneous acceleration system based on FPGA |
CN116204911A (en) * | 2023-04-27 | 2023-06-02 | 苏州浪潮智能科技有限公司 | Encryption and decryption system, encryption and decryption control method, computer device and storage medium |
CN116204911B (en) * | 2023-04-27 | 2023-08-04 | 苏州浪潮智能科技有限公司 | Encryption and decryption system, encryption and decryption control method, computer device and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN105897406B (en) | 2019-04-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105897406A (en) | AES encryption and decryption device having equal-length plaintexts and ciphertexts | |
US20220027288A1 (en) | Technologies for low-latency cryptography for processor-accelerator communication | |
US8879727B2 (en) | Method and apparatus for hardware-accelerated encryption/decryption | |
US7336783B2 (en) | Cryptographic systems and methods supporting multiple modes | |
US8831221B2 (en) | Unified architecture for crypto functional units | |
US20050053232A1 (en) | Cipher block chaining decryption | |
CN107491317A (en) | A kind of symmetrical encryption and decryption method and systems of AES for accelerating platform based on isomery | |
CN109145568A (en) | A kind of full algorithm cipher card and its encryption method based on PCI-E interface | |
WO2017045484A1 (en) | Xts-sm4-based storage encryption and decryption method and apparatus | |
KR20110129932A (en) | Key recovery mechanism for cryptographic systems | |
CN109245881A (en) | A kind of photograph video cloud encryption storage method | |
CN107528690A (en) | A kind of symmetrical encryption and decryption method and systems of SM4 for accelerating platform based on isomery | |
US20090110189A1 (en) | Apparatus and method for operating a symmetric cipher engine in cipher-block chaining mode | |
US11722313B2 (en) | State synchronization for post-quantum signing facilities | |
CN107566113A (en) | The symmetrical encipher-decipher methods of 3DES, system and computer-readable recording medium | |
CN111555880A (en) | Data collision method and device, storage medium and electronic equipment | |
CA3006700A1 (en) | Systems and methods for facilitating data encryption and decryption and erasing of associated information | |
CN112788001A (en) | Data encryption-based data processing service processing method, device and equipment | |
CN115022076A (en) | Data encryption/decryption method, device, system and medium | |
CN107835071B (en) | Method and device for improving operation speed of key-in-hash method | |
CN116204911B (en) | Encryption and decryption system, encryption and decryption control method, computer device and storage medium | |
CN105721139B (en) | A kind of the AES encipher-decipher method and circuit of the FPGA suitable for limited I/O resource | |
CN114095259B (en) | Authentication encryption and decryption device and method | |
CN114710287A (en) | Encryption method, system, storage medium and encrypted file access method | |
CN105447403B (en) | A kind of encryption method suitable for embedded real time information processing unit |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |