CN118101200A - Reconfigurable cryptographic algorithm system and method based on spine structure - Google Patents

Reconfigurable cryptographic algorithm system and method based on spine structure Download PDF

Info

Publication number
CN118101200A
CN118101200A CN202410209500.XA CN202410209500A CN118101200A CN 118101200 A CN118101200 A CN 118101200A CN 202410209500 A CN202410209500 A CN 202410209500A CN 118101200 A CN118101200 A CN 118101200A
Authority
CN
China
Prior art keywords
unit
processing
algorithm
shift
reconfigurable
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410209500.XA
Other languages
Chinese (zh)
Inventor
黄海
高焕琦
于斌
刘志伟
赵石磊
马超
吴英东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongshu Shenzhen Times Technology Co ltd
Harbin University of Science and Technology
Original Assignee
Zhongshu Shenzhen Times Technology Co ltd
Harbin University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongshu Shenzhen Times Technology Co ltd, Harbin University of Science and Technology filed Critical Zhongshu Shenzhen Times Technology Co ltd
Priority to CN202410209500.XA priority Critical patent/CN118101200A/en
Publication of CN118101200A publication Critical patent/CN118101200A/en
Pending legal-status Critical Current

Links

Landscapes

  • Logic Circuits (AREA)

Abstract

A reconfigurable cryptographic algorithm system and method based on a spine structure relate to the field of hardware information security. The invention aims to ensure the mapping of various cryptographic algorithms on a framework so as to solve the problems of low efficiency of a programmable logic device, insufficient flexibility of an application-specific integrated circuit and the like. The device comprises a processing calculation unit, a control configuration unit, a storage unit, a preprocessing buffer unit and an interconnection unit. The processing operation unit in the reconfigurable computing framework comprises a logic operation unit, a shift operation unit and an S box unit. The processing and calculating unit mainly bears the core function of the reconfigurable calculating framework and completes the realization of round functions in the algorithm under the dispatching of the control configuration unit; the control configuration unit is used for controlling and scheduling different algorithms; the storage unit is used for storing data constants required by the whole system framework and intermediate data generated in the round operation process; the preprocessing unit is mainly responsible for filling and partitioning the algorithm and caching data between other units; the interconnection unit is mainly responsible for data transmission between the processing calculation units of each level. The method meets the requirements of an information security solution for processing mapping by different algorithms of a spine structure at a certain processing speed.

Description

Reconfigurable cryptographic algorithm system and method based on spine structure
Technical Field
The invention relates to the fields of hardware information security, computers, cryptography and the like, in particular to a reconfigurable system (computing framework) and a reconfigurable method of a cryptographic algorithm based on a spine structure.
Background
With the rapid development and large-scale application of the high-speed internet, the number of ways to store personal data in digital form is rapidly increasing. The importance of encryption is therefore also formally gaining importance. While conventional symmetric encryption algorithms mainly satisfy message confidentiality, message authentication algorithms are used solely to provide message integrity. But in many application scenarios the algorithm is required to meet both properties simultaneously. The authentication encryption (Authenticated encryption) integrates encryption and message authentication, so the authentication encryption (Authenticated encryption) stands out by virtue of wide research and application prospects. Algorithms based on the Sponge structure can resist collision attack, and can theoretically generate higher complexity by amplifying small differences generated by round functions in the Sponge structure, and the Sponge structure can be used for processing any length input and generating any given length output although the Sponge structure itself has an internal state with a fixed size, so that the algorithm is widely applied to hash functions, MAC (media access control) and authentication encryption (Authenticated encryption) algorithms in recent years. Various algorithms based on a lock structure can be used for ensuring confidentiality and integrity of information in a specific application, so that the safety, flexibility and high efficiency of the lock structure algorithm are important indexes.
Algorithms based on the Sponge architecture conventional implementations generally include both programmable logic devices (FPGAs) and Application Specific Integrated Circuits (ASICs). Because the reconfigurable computing cryptoprocessor has the characteristics of dynamic reconfiguration and local reconfiguration, the reconfiguration can be completed in the time of tens of nanoseconds to tens of nanoseconds, which is far superior to a programmable logic device (FPGA) with the reconfiguration time of hundreds of milliseconds to seconds, and the reconfigurable cryptoprocessor can support the powerful functions of software programming and hardware programming by virtue of the reconfigurable cryptoprocessor, and can dynamically and flexibly modify the functions according to requirements. Therefore, the reconfigurable computing cryptoprocessor is an implementation mode based on a spine structure algorithm, which can solve the problems of low efficiency of a programmable logic device (FPGA) and insufficient flexibility of an Application Specific Integrated Circuit (ASIC). Cryptographic algorithm reconfigurable method based on Sponge structure is not mentioned in the prior art.
Disclosure of Invention
The invention aims to solve the technical problems that:
The invention aims to provide a reconfigurable system and method of a cryptographic algorithm based on a spine structure, which ensure the mapping of various cryptographic algorithms SHA-3, ASSON and ICEPOLE on a framework so as to solve the problems of low efficiency of a programmable logic device (FPGA), insufficient flexibility of an Application Specific Integrated Circuit (ASIC) and the like.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
A cryptographic algorithm reconfigurable system based on a spine structure, comprising: a processing calculation Unit (Processing Computing Unit), a control configuration Unit (Control Configuration Unit), a Memory Unit (Memory Unit), a preprocessing buffer Unit (Processing Buffer Unit), and an interconnection Unit (Interconnection Unit); the processing calculation unit (Processing Computing Unit) mainly bears the core function of the reconfigurable calculation framework and completes the realization of round functions in the algorithm under the dispatching of the control configuration unit (Control Configuration Unit); the control configuration unit (Control Configuration Unit) is used for controlling and scheduling different algorithms; the Memory Unit is used for storing data constants required by the whole system framework and intermediate data generated in the round operation process; the preprocessing unit (Processing Buffer Unit) is mainly responsible for filling and partitioning the algorithm and caching data between other units; the interconnection unit (Interconnection Unit) is mainly responsible for data transmission between the processing and calculating units at all levels;
The processing calculation Unit (Processing Computing Unit) comprises a logic operation Unit (Logic Processing Unit), a shift operation Unit (Shifting Processing Unit) and an S-box Unit (S-box Unit); wherein the logic operation unit (Logic Processing Unit) is mainly used for realizing the operation in SHA-3 and the operation in ICEPOLE; the shift operation unit (Shifting Processing Unit) is mainly used for realizing the operation in SHA-3, the linear diffusion layer operation in ASCON and the operation in ICEPOLE; the S-box Unit (S-box Unit) is mainly used to implement the operations in SHA-3, the nonlinear substitution layer operations in ASCON, and the operations in ICEPOLE.
The system is a reconfigurable system implemented by a circuit. The system is applied to a reconstruction cipher processor.
A cryptographic algorithm reconfigurable method based on a spine structure, the method comprising: a processing calculation step, a control configuration step, a storage step, a preprocessing buffer step and an interconnection step; the processing and calculating steps are as follows: the core function of the reconfigurable computing framework is born, and the realization of round functions in the algorithm is completed under the scheduling of the control configuration steps; the control configuration step is used for controlling and scheduling different algorithms; the storage step is used for storing data constants required by the whole system framework and intermediate data generated in the round operation process; the preprocessing step is mainly responsible for filling and partitioning an algorithm and caching data among other units; the interconnection step is used for transmitting data between the processing calculation units of each stage.
A computer readable storage medium storing a computer program configured to, when invoked by a processor, implement the steps of the above-described cryptographic algorithm reconfigurable method based on a Sponge structure.
Compared with the prior art, the invention has the beneficial effects that:
The computing architecture of the invention can be used for three cryptographic algorithms based on a spine structure: SHA-3, ascon, iconole performs an algorithmic mapping, wherein implementing the computational framework includes the following elements: the device comprises a processing calculation Unit (Processing Computing Unit), a control configuration Unit (Control Configuration Unit), a Memory Unit (Memory Unit), a preprocessing buffer Unit (Processing Buffer Unit) and an interconnection Unit (Interconnection Unit). Wherein the processing operation Unit (Processing Computing Unit) in the reconfigurable computing framework comprises a logic operation Unit (Logic Processing Unit), a shift operation Unit (Shifting Processing Unit) and an S-box Unit (S-box Unit). The processing and calculating unit mainly bears the core function of the reconfigurable calculating framework and completes the realization of round functions in the algorithm under the dispatching of the control configuration unit; the control configuration unit is used for controlling and scheduling different algorithms; the storage unit is used for storing data constants required by the whole system framework and intermediate data generated in the round operation process; the preprocessing unit is mainly responsible for filling and partitioning the algorithm and data caching between other units. The interconnection unit is mainly responsible for data transmission between the processing calculation units of each level. The invention can meet the requirements of an information security solution for processing mapping of different algorithms of a Sponge structure under the condition of ensuring a certain processing speed.
The invention can ensure the mapping of various cryptographic algorithms SHA-3, ASSON and ICEPOLE on the framework, effectively solves the problems of low efficiency of a programmable logic device (FPGA), insufficient flexibility of an Application Specific Integrated Circuit (ASIC) and the like, and can meet the requirements of an information security solution on the processing mapping of different algorithms of a Sponge structure under the condition of ensuring certain processing speed from the aspects of application and protocol. The invention can ensure that more cryptographic algorithms based on the Sponge structure process related data on the reconfigurable data path facing the Sponge structure algorithm, thereby improving the implementation flexibility of the Sponge structure algorithm. From the point of view of practical application of algorithms based on a plurality of Sponge structures, the requirements of one information security solution for processing mapping of different algorithms of the Sponge structures can be met under the condition of ensuring a certain processing speed.
Drawings
FIG. 1 is a block diagram of a reconfigurable cryptographic processing architecture based on a spine architecture in accordance with the present invention;
FIG. 2 is a diagram showing the structure of a logic operation unit (Logic Processing Unit) in the processing and computing unit according to the present invention;
FIG. 3 is a block diagram of a shift operation unit (Shifting Processing Unit) in the processing and computing unit according to the present invention;
fig. 4 is a block diagram of an S-box Unit (S-box Unit) in the processing and computing Unit according to the present invention.
Reference numerals illustrate: the CCU is a control configuration unit, the MU is a storage unit, the PBU is a preprocessing unit, IU1, IU2 … IU5 is a 5-level interconnection unit, PCU1 represents a first-level processing operation unit, PCU2 represents a second-level processing operation unit … PCU4 represents a fourth-level processing operation unit, and MUX (2-select 1) represents a 2-select 1 multiplexer.
Detailed Description
Embodiments of the present invention will now be described more fully hereinafter with reference to the accompanying drawings, in which embodiments of the invention are shown. These embodiments are merely illustrative of specific implementations and technical principles of the invention and are not intended to limit the scope of the invention.
The first embodiment is as follows: the reconfigurable system of the cryptographic algorithm based on the lock structure according to the present embodiment includes: a processing calculation Unit (Processing Computing Unit), a control configuration Unit (Control Configuration Unit), a Memory Unit (Memory Unit), a preprocessing buffer Unit (Processing Buffer Unit), and an interconnection Unit (Interconnection Unit); the processing calculation unit (Processing Computing Unit) mainly bears the core function of the reconfigurable calculation framework and completes the realization of round functions in the algorithm under the dispatching of the control configuration unit (Control Configuration Unit); the control configuration unit (Control Configuration Unit) is used for controlling and scheduling different algorithms; the Memory Unit is used for storing data constants required by the whole system framework and intermediate data generated in the round operation process; the preprocessing unit (Processing Buffer Unit) is mainly responsible for filling and partitioning the algorithm and caching data between other units; the interconnection unit (Interconnection Unit) is mainly responsible for data transmission between the processing and calculating units at all levels;
the processing calculation Unit (Processing Computing Unit) comprises a logic operation Unit (Logic Processing Unit), a shift operation Unit (Shifting Processing Unit) and an S-box Unit (S-box Unit); wherein the logic operation unit (Logic Processing Unit) is mainly used for realizing theta operation in SHA-3 and mu operation in ICEPOLE; the shift operation unit (Shifting Processing Unit) is mainly used for realizing rho operation in SHA-3, linear diffusion layer operation in ASCON and rho operation in ICEPOLE; the S-box Unit (S-box Unit) is mainly used for realizing χ operation in SHA-3, nonlinear substitution layer operation in ASCON and non-linear substitution layer operation in ICEPOLE And (5) calculating.
According to three control signals (0, 1 and 2) output to the processing and calculating unit by the control configuration unit, the processing and calculating unit invokes the corresponding mapping algorithm configured by the processing and calculating unit:
Mapping algorithm SHA-3: the round operation in the mapping algorithm SHA-3 consists of 5 steps, namely θ, ρ, pi, χ and τ; a logic operation Unit (Logic Processing Unit), a shift operation Unit (Shifting Processing Unit) and an S-box Unit (S-box Unit) are used in a processing calculation Unit (Processing Computing Unit) to complete mapping of round operation functions of the SHA-3 algorithm; the five steps are specifically described as follows:
wherein x, y, z represents three dimensions, a [ x ] [ y ] [ z ] represents a bit element in the array, θ operation means that parity of vectors along the y-axis direction is calculated first, and then for each bit of data, the result of the step is an exclusive or result of parity of adjacent 2 vectors along the y-axis direction and itself;
ρ is the rotation of each bit along the z-axis by a certain length, called the offset, the value of the offset
Depending on the x and y coordinates along the z-axis; t represents from 1 cycle to 24; the above formula can obtain
A result of cyclic shift of each element in the state array;
the pi operation is to rearrange the order of the 64-bit element arrangement along the y-axis, with the new element pair (x ', y') passing through the above matrix
Obtaining;
χ:
The χ operation is to exclusive-or each bit element a [ x ] with the nonlinear function a [ x+1], a [ x+2] of the other two bits along the x-axis row, with the specific calculation method shown above
τ:
The τ operation is an exclusive-or operation that modifies only 64-bit elements (x=0, y=0) along the y-axis according to the number of loop iterations;
Mapping algorithm ASCON: the minimum data processing module of the mapping algorithm ASCON, the permutation function, is composed of 3 steps, namely adding a round function, an S box nonlinear substitution layer and a linear diffusion layer; the S box Unit (S-box Unit), the shift operation Unit (Shifting Processing Unit) and the logic operation Unit (Logic Processing Unit) are used in the cryptographic algorithm reconfigurable computing framework processing and calculating Unit (Processing Computing Unit) to complete the mapping of the arrangement function of the ASCON algorithm;
The three steps are specifically described as follows:
Addition of the wheel constant:
x 0,x2,x3,x4,x4 represents 5 64-bit numbers, and the addition step of the round constants is to obtain a new x 2 according to different exclusive or different constants c r of the cycle times;
the S-box nonlinear replacement layer code is described as follows:
x0^=x4;x4^=x3;x2^=x1;
t0=x0;t1=x1;t2=x2;t3=x3;t4=x4;
t0=~t0;t1=~t1;t2=~t2;t3=~t3;t4=~t4;
t0&=x1;t1&=x2;t2&=x3;t3&=x4;t4&=x0;
x0^=t1;x1^=t2;x2^=t3;x3^=t4;x4^=t0;
x1^=x0;x0^=x4;x3^=x2;x2=~x2;
X 0,x1,x2,x3,x4 in the S box nonlinear substitution layer operation respectively represent 5 64-bit initial variables, t 0,t1,t2,t3,t4 represents an intermediate variable, and 5 new 64-bit variables x 0,x2,x3,x4,x4 can be obtained according to the codes;
linear diffusion layer:
Each 64-bit element x 0,x1,x2,x3,x4 in the linear diffusion layer needs to obtain a new 64-bit element according to two different cyclic shifts, and performs exclusive-or operation with the new 64-bit element x 0,x1,x2,x3,x4 to obtain 5 new 64-bit elements x 0,x1,x2,x3,x4;
mapping algorithm ICEPOLE: the round operation in mapping algorithm ICEPOLE consists of 5 steps, μ, ρ, pi, Kappa; a logic operation Unit (Logic Processing Unit), a shift operation Unit (Shifting Processing Unit) and an S box Unit (S-box Unit) are used in a cryptographic algorithm reconfigurable computing framework processing and calculating Unit (Processing Computing Unit) to complete the mapping of the round operation function of the ICEPOLE algorithm;
the five steps are specifically described as follows:
the mu operation multiplies a column vector by a constant matrix through the matrix operation to obtain a new matrix consisting of new 5 64 bits;
ρICEPOLE:S[x][y]:=S[x][y]<<<offsets[x][y],(0≤x≤3),(0≤y≤4)
ρ is to rotate each bit along the z-axis by a certain length, a total of the cyclically shifted elements being 20 64-bit elements
πICEPOLE:x′:=(x+y)mod4,y′:=(((x+y)mod4)+y+1)mod5
The pi operation is to rearrange the order of 64-bit element arrangement along the y-axis, and the new element pair (x ', y') is calculated by the above operations
Obtaining; wherein mod4 represents the last result modulo 4 and mod5 represents the last result modulo 5;
the operation is that 5 64-bit elements M 0M1M2M3M4 in each row are respectively subjected to inverting and exclusive-or operation, and different M k+1Mk+2 are selected according to different k values to be inverted and exclusive-or with the element;
κ:
The κ operation is an exclusive-or operation that modifies only 64-bit elements (x=0, y=0) along the y-axis according to the number of loop iterations.
The logic operation unit (Logic Pro cessing Unit) in the processing calculation unit (Processing Computing Unit) consists of a unit formed by combining three-level exclusive-or tree and cyclic left shift and two path selectors; each processing and computing unit has 5 64-bit inputs in0, in1, in2, in3, in4 and 3 64-bit outputs out1, out2, out3; the selection of the input and output ports is configured by controlling the configuration unit respectively;
When mapping SHA-3 round operation theta-1, five input ports in0, in1, in2, in3 and in4 are configured to complete the exclusive-or operation, output results out1 and out2 are stored in a heterogeneous lookup table Unit (LUT), when mapping SHA-3 round operation theta-2, three input ports in0, in1 and in2 are configured to acquire data from the LUT1 and the LUT2 and complete the exclusive-or operation, and the output results are directly transmitted to a next-stage processing calculation Unit (Processing Computing Unit) through an interconnection network (Interconnection Unit) or stored data enter a Memory Unit (Memory Unit);
When mapping ASCON algorithm linear diffusion layers, the processing calculation Unit (Processing Computing Unit) has completed execution of the S box Unit (S-box Unit) and the shift operation Unit (Shifting Processing Unit), three input ports in0, in1 and in2 in the logic operation Unit (Logic Processing Unit) are configured to complete exclusive-OR operation of the linear diffusion layers, and output results are directly stored in the storage Unit (Memory Unit) through the internet (Interconnection Unit);
When the ICEPOLE rounds of operation mu are mapped, the configuration Unit flexibly configures three input ports in0, in1 and in2 or four input ports in0, in1, in2 and in3 to complete the exclusive-or operation, and stores an output result out3 into a Memory Unit (Memory Unit) so as to more effectively configure information on the premise of ensuring the speed and realize a logic operation related function.
The shift operation unit (Shifting Processing Unit) in the processing calculation unit (Processing Computing Unit) can realize 64-bit cyclic shift due to requirements in three algorithm functions, and the reconfigurability of the cyclic shift of the reconfigurable calculation frame is met by using a barrel shifter due to the fact that the structure of the barrel shifter adopts the power of 2 hierarchical principle; the number of shift operation bits required by the three algorithms is 64 bits, so that 6 stages of shift structures are required in total, each stage is regulated and controlled according to a corresponding control signal, and the stage is controlled to be shifted by 2 i(0≤i≤log2 N-1) or not; the number of shift bits and the shift mode are also controlled by the decoding circuit to take charge of the control of the multiplexer and the shift circuit of each stage; let the shift length be: b 5b4b3b2b1b0 (binary original code), b 5 is a first-stage shift signal, and b 4 is a second-stage shift signal; when the i-th level control signal is 1, the i-th level shifts to the power of 2, and when the control signal is 0, the i-th level does not shift;
The shift bits for the mapping algorithm SHA-3 round operation ρ are 25, 39,3, 10, 43, 55, 20, 36, 44,6, 28, 27,0,1,0, 62, 56, 14, 18,2, 61, 21,8, 41, 45, 15, respectively;
The shift numbers for the operations of the mapping algorithm ICEPOLE rounds of operations ρ are 0, 36,3, 41, 18,1, 44, 10, 45,2, 62,6, 43, 15, 61, 28, 55, 25, 21, 56, respectively;
the number of shift bits in the mapping algorithm ASCON linear diffusion layer step are 19, 28,1,6,7, 41, 61, 39, 10, 17, respectively.
An S box Unit (S-box Unit) in the processing calculation Unit (Processing Computing Unit) is realized by adopting a combinational logic circuit; the S box Unit (S-box Unit) has unique nonlinear effect in the implementation process of three mapping algorithms, and is used for confusing the three mapping algorithms, and the complexity of the S box Unit (S-box Unit) is in direct proportion to the password protection intensity; the construction of the S-box Unit is accomplished by using a plurality of one-out-of-two multiplexers and exclusive-or gates, nor gates, and nor gates.
The system is a reconfigurable system implemented by a circuit. The system is applied to a reconstruction cipher processor.
A cryptographic algorithm reconfigurable method based on a spine structure, the method comprising: a processing calculation step, a control configuration step, a storage step, a preprocessing buffer step and an interconnection step; the processing and calculating steps are as follows: the core function of the reconfigurable computing framework is born, and the realization of round functions in the algorithm is completed under the scheduling of the control configuration steps; the control configuration step is used for controlling and scheduling different algorithms; the storage step is used for storing data constants required by the whole system framework and intermediate data generated in the round operation process; the preprocessing step is mainly responsible for filling and partitioning an algorithm and caching data among other units; the interconnection step is used for transmitting data between the processing calculation units of each stage.
A computer readable storage medium storing a computer program configured to, when invoked by a processor, implement the steps of the above-described cryptographic algorithm reconfigurable method based on a Sponge structure.
The second embodiment is as follows: the invention provides a reconfigurable computing framework of a cryptographic algorithm based on a spine structure, which comprises a processing computing Unit (Processing Computing Unit), a control configuration Unit (Control Configuration Unit), a Memory Unit (Memory Unit), a preprocessing buffer Unit (Processing Buffer Unit) and an interconnection Unit (Interconnection Unit). The processing computing unit (Processing Computing Unit) mainly bears the core function of the reconfigurable computing framework and completes the realization of the round function in the algorithm under the dispatching of the control configuration unit (Control Configuration Unit); the control configuration unit (Control Configuration Unit) is used for performing control scheduling on different algorithms; a Memory Unit (Memory Unit) for storing data constants required for the whole system frame and intermediate data generated during the round operation; the preprocessing unit (Processing Buffer Unit) is primarily responsible for filling and partitioning algorithms and data caching between other units. The interconnection unit (Interconnection Unit) is mainly responsible for data transmission between the processing and computing units of each stage. The round operation in the mapping algorithm SHA-3 consists of 5 steps, θ, ρ, π, χ and τ, respectively. A logical operation Unit (Logic Processing Unit), a shift operation Unit (Shifting Processing Unit) and an S-box Unit (S-box Unit) are used in a cryptographic algorithm reconfigurable computing framework processing and calculating Unit (Processing Computing Unit) to complete mapping of round operation functions of the SHA-3 algorithm. The minimum data processing module of the mapping algorithm ASCON, the permutation function, is composed of 3 steps, namely adding round functions, S-box nonlinear substitution layers and linear diffusion layers. The mapping of the permutation function functions of the ASCON algorithm is accomplished in a cryptographic reconfigurable computing framework processing computing Unit (Processing Computing Unit) using an S-box Unit, a shift operation Unit (Shifting Processing Unit), and a logic operation Unit (Logic Processing Unit). The round operation in mapping algorithm ICEPOLE consists of 5 steps, μ, ρ, pi,Kappa. A logical operation Unit (Logic Processing Unit), a shift operation Unit (Shifting Processing Unit) and an S-box Unit (S-box Unit) are used in a cryptographic algorithm reconfigurable computing framework processing and calculating Unit (Processing Computing Unit) to complete the mapping of the round operation functions of the ICEPOLE algorithm. A logic operation unit (Logic Processing Unit) in the processing calculation unit (Processing Computing Unit) consists of a unit in which a three-level exclusive-or tree is combined with a cyclic shift left and two path selectors. Each processing computation unit has 5 64-bit inputs in0, in1, in2, in3, in4 and 3 64-bit outputs out1, out2, out3. The selection of the input and output ports is configured by controlling the configuration unit, respectively. When mapping SHA-3 round operation theta-1, five input ports in0, in1, in2, in3 and in4 are configured to complete the exclusive-or operation, and output results out1 and out2 are stored in a heterogeneous lookup table Unit (LUT), when mapping SHA-3 round operation theta-1, three input ports in0, in1 and in2 are configured to acquire data from LUT1 and LUT2 and complete the exclusive-or operation, and the output results are directly transmitted to a next-stage processing calculation Unit (Processing Computing Unit) through an interconnection network (Interconnection Unit) or stored data enter a Memory Unit (Memory Unit). When the linear diffusion layer is mapped ASCON, the processing and calculating Unit (Processing Computing Unit) has completed execution of the S box Unit (S-box Unit) and the shift operation Unit (Shifting Processing Unit), three input ports in0, in1 and in2 in the scheduling logic operation Unit (Logic Processing Unit) are configured to complete exclusive-OR operation of the linear diffusion layer, and output results are directly stored in the Memory Unit (Memory Unit) through the internet (Interconnection Unit). When the ICEPOLE rounds of operation mu are mapped, the configuration Unit flexibly configures three input ports in0, in1 and in2 or four input ports in0, in1, in2 and in3 to complete the exclusive-or operation, and stores an output result out3 into a Memory Unit (Memory Unit), so that more effective configuration information can be obtained on the premise of ensuring the speed, and a logic operation related function is realized; a shift operation unit (Shifting Processing Unit) in the processing calculation unit (Processing Computing Unit) can realize 64-bit cyclic shift due to requirements in three algorithm functions, and the reconfigurability of the cyclic shift of the reconfigurable calculation frame is met by using a barrel shifter due to the fact that the structure of the barrel shifter adopts a power of 2 hierarchical principle; the number of shift operations required by the three algorithms is 64, so that a total of 6 stages of shift structures are required, wherein each stage is regulated and controlled according to a corresponding control signal, and the stage is controlled to be shifted by 2 i(0≤i≤log2 N-1) or not. The number of shift bits and the shift mode are also controlled by the decoding circuit to take charge of the control of the multiplexer and the shift circuit of each stage. Let the shift length be: b 5b4b3b2b1b0 (binary original code), b 5 is defined as a first-stage shift signal, and b 4 is defined as a second-stage shift signal. When the i-th stage control signal is 1, the i-th stage shifts by "power of 2", and when the control signal is 0, no shift is performed. The shift bits for the round ρ operation of the mapping algorithm SHA-3 are 25, 39,3, 10, 43, 55, 20, 36, 44,6, 28, 27,0,1,0, 62, 56, 14, 18,2, 61, 21,8, 41, 45, 15, respectively. The shift bits for the round ρ operations of the mapping algorithm ICEPOLE are 0, 36,3, 41, 18,1, 44, 10, 45,2, 62,6, 43, 15, 61, 28, 55, 25, 21, 56, respectively. The number of shift bits in the mapping algorithm ASCON linear diffusion layer step are 19, 28,1,6,7, 41, 61, 39, 10, 17, respectively. An S-box Unit (S-box Unit) in the processing calculation Unit (Processing Computing Unit) is implemented by adopting a combinational logic circuit. The S-box Unit (S-box Unit) is the only nonlinear component in the mapping algorithm and mainly plays a role in confusing the whole algorithm, and the complexity of the S-box Unit (S-box Unit) is also an important component of the password protection intensity. The construction of the S-box Unit is accomplished by using a plurality of one-out-of-two multiplexers and exclusive-or gates, nor gates, and nor gates.
Examples: please refer to fig. 1: referring to fig. 1, the present invention provides a reconfigurable computing framework based on a lock structure, wherein an internal structure of the reconfigurable computing framework includes: the device comprises a processing calculation Unit (Processing Computing Unit), a control configuration Unit (Control Configuration Unit), a Memory Unit (Memory Unit), a preprocessing buffer Unit (Processing Buffer Unit) and an interconnection Unit (Interconnection Unit). The processing calculation unit (Processing Computing Unit) is mainly used for the operation processing of the mapping cryptographic algorithm. The control configuration unit (Control Configuration Unit) is used for configuring the whole password processing structure frame and guaranteeing the stability of the whole circuit time sequence; a Memory Unit (Memory Unit) for storing data constants required for the whole system frame and intermediate data generated during the round operation; the preprocessing unit (Processing Buffer Unit) is primarily responsible for filling and partitioning algorithms and data caching between other units. The interconnection unit (Interconnection Unit) is mainly responsible for data transmission between the processing and computing units of each stage.
Please refer to fig. 2: as shown in fig. 2, the logic operation unit (Logic Processing Unit) in the processing calculation unit (Processing Computing Unit) of the present invention is composed of a unit that combines a three-level exclusive-or tree with cyclic left shift and two path selectors. Each processing computation unit has 5 64-bit inputs in0, in1, in2, in3, in4 and 3 64-bit outputs out1, out2, out3. The selection of the input and output ports is configured by controlling the configuration unit, respectively. According to the requirements, the control configuration unit completes relevant scheduling: when mapping SHA-3 round operation theta-1, five input ports in0, in1, in2, in3 and in4 are configured to complete the exclusive-or operation, and output results out1 and out2 are stored in a heterogeneous lookup table Unit (LUT), when mapping SHA-3 round operation theta-1, three input ports in0, in1 and in2 are configured to acquire data from LUT1 and LUT2 and complete the exclusive-or operation, and the output results are directly transmitted to a next-stage processing calculation Unit (Processing Computing Unit) through an interconnection network (Interconnection Unit) or stored data enter a Memory Unit (Memory Unit). When the linear diffusion layer is mapped ASCON, the processing and calculating Unit (Processing Computing Unit) has completed execution of the S box Unit (S-box Unit) and the shift operation Unit (Shifting Processing Unit), three input ports in0, in1 and in2 in the scheduling logic operation Unit (Logic Processing Unit) are configured to complete exclusive-OR operation of the linear diffusion layer, and output results are directly stored in the Memory Unit (Memory Unit) through the internet (Interconnection Unit). When the ICEPOLE rounds of operation mu are mapped, the configuration Unit flexibly configures three input ports in0, in1 and in2 or four input ports in0, in1, in2 and in3 to complete the exclusive-or operation, and stores an output result out3 into a Memory Unit (Memory Unit), so that more effective configuration information can be obtained on the premise of ensuring the speed, and a logic operation related function is realized;
Please refer to fig. 3: as shown in fig. 3, the shift operation unit (Shifting Processing Unit) in the processing calculation unit (Processing Computing Unit) can realize 64-bit cyclic shift due to requirements in three algorithm functions, and the bucket shifter is used for meeting the reconfigurability of the cyclic shift of the reconfigurable calculation framework due to the fact that the structure of the bucket shifter adopts the power of 2 hierarchical principle; according to the characteristics of three mapping algorithms: the number of shift operations required by the three algorithms is 64, so that a total of 6 stages of shift structures are required, wherein each stage is regulated and controlled according to a corresponding control signal, and the stage is controlled to be shifted by 2 i(0≤i≤log2 N-1) or not. The number of shift bits and the shift mode are also controlled by the decoding circuit to take charge of the control of the multiplexer and the shift circuit of each stage. Let the shift length be: b 5b4b3b2b1b0 (binary original code), b 5 is defined as a first-stage shift signal, and b 4 is defined as a second-stage shift signal. When the i-th stage control signal is 1, the i-th stage shifts by "power of 2", and when the control signal is 0, no shift is performed. The shift bits for the round ρ operation of the mapping algorithm SHA-3 are 25, 39,3, 10, 43, 55, 20, 36, 44,6, 28, 27,0,1,0, 62, 56, 14, 18,2, 61, 21,8, 41, 45, 15, respectively. The shift bits for the round ρ operations of the mapping algorithm ICEPOLE are 0, 36,3, 41, 18,1, 44, 10, 45,2, 62,6, 43, 15, 61, 28, 55, 25, 21, 56, respectively. The number of shift bits in the mapping algorithm ASCON linear diffusion layer step are 19, 28,1,6,7, 41, 61, 39, 10, 17, respectively.
Please refer to fig. 4: as shown in fig. 4, the S-box Unit (S-box Unit) in the processing calculation Unit (Processing Computing Unit) is implemented using a combinational logic circuit. The S-box Unit (S-box Unit) is the only nonlinear component in the mapping algorithm and mainly plays a role in confusing the whole algorithm, and the complexity of the S-box Unit (S-box Unit) is also an important component of the password protection intensity. The S box Unit (S-box Unit) only needs to be configured in a related mode when the algorithm is switched, and different data paths are selected to complete the realization of the function of the S box Unit (S-box Unit) by using a plurality of two-out-of-one multiplexers and giving the multiplexers 0 or 1 according to the requirements.
In summary, the present invention is only the preferred embodiments, but the scope of the invention is not limited thereto, and any person skilled in the art should be able to apply equally to the present invention, and all changes and modifications made according to the technical solution and the inventive concept thereof are included in the scope of the present invention.

Claims (9)

1. A reconfigurable cryptographic algorithm system based on a spine structure, the system comprising: a processing calculation Unit (Processing Computing Unit), a control configuration Unit (Control Configuration Unit), a Memory Unit (Memory Unit), a preprocessing buffer Unit (Processing Buffer Unit), and an interconnection Unit (Interconnection Unit); the processing calculation unit (Processing Computing Unit) mainly bears the core function of the reconfigurable calculation framework and completes the realization of round functions in the algorithm under the dispatching of the control configuration unit (Control Configuration Unit); the control configuration unit (Control Configuration Unit) is used for controlling and scheduling different algorithms; the Memory Unit is used for storing data constants required by the whole system framework and intermediate data generated in the round operation process; the preprocessing unit (Processing Buffer Unit) is mainly responsible for filling and partitioning the algorithm and caching data between other units; the interconnection unit (Interconnection Unit) is mainly responsible for data transmission between the processing and calculating units at all levels;
the processing calculation Unit (Processing Computing Unit) comprises a logic operation Unit (Logic Processing Unit), a shift operation Unit (Shifting Processing Unit) and an S-box Unit (S-box Unit); wherein the logic operation unit (Logic Processing Unit) is mainly used for realizing theta operation in SHA-3 and mu operation in ICEPOLE; the shift operation unit (Shifting Processing Unit) is mainly used for realizing rho operation in SHA-3, linear diffusion layer operation in ASCON and rho operation in ICEPOLE; the S-box Unit (S-box Unit) is mainly used for realizing χ operation in SHA-3, nonlinear substitution layer operation in ASCON and non-linear substitution layer operation in ICEPOLE And (5) calculating.
2. A reconfigurable cryptographic algorithm system based on a spine structure according to claim 1, wherein the processing computing unit invokes its configured mapping algorithm according to three control signals (0, 1, 2) output by the control configuration unit to the processing computing unit:
Mapping algorithm SHA-3: the round operation in the mapping algorithm SHA-3 consists of 5 steps, namely θ, ρ, pi, χ and τ; a logic operation Unit (Logic Processing Unit), a shift operation Unit (Shifting Processing Unit) and an S-box Unit (S-box Unit) are used in a processing calculation Unit (Processing Computing Unit) to complete mapping of round operation functions of the SHA-3 algorithm; the five steps are specifically described as follows:
wherein x, y, z represents three dimensions, a [ x ] [ y ] [ z ] represents a bit element in the array, θ operation means that parity of vectors along the y-axis direction is calculated first, and then for each bit of data, the result of the step is an exclusive or result of parity of adjacent 2 vectors along the y-axis direction and itself;
ρ is the rotation of each bit along the z-axis by a certain length, called offset, the value of which depends on the x and y coordinates along the z-axis; t represents from 1 cycle to 24; the result of each element in the state array after cyclic shift can be obtained through the formula;
pi operation is the rearrangement of the order of 64 bit element arrangements along the y-axis, with the new element pairs (x ', y') being derived by the above matrix;
The χ operation is to exclusive-or each bit element a [ x ] with the nonlinear function a [ x+1], a [ x+2] of the other two bits along the x-axis row, with the specific calculation method shown above
The τ operation is an exclusive-or operation that modifies only 64-bit elements (x=0, y=0) along the y-axis according to the number of loop iterations;
Mapping algorithm ASCON: the minimum data processing module of the mapping algorithm ASCON, the permutation function, is composed of 3 steps, namely adding a round function, an S box nonlinear substitution layer and a linear diffusion layer; the S box Unit (S-box Unit), the shift operation Unit (Shifting Processing Unit) and the logic operation Unit (Logic Processing Unit) are used in the cryptographic algorithm reconfigurable computing framework processing and calculating Unit (Processing Computing Unit) to complete the mapping of the arrangement function of the ASCON algorithm;
The three steps are specifically described as follows:
Addition of the wheel constant:
x 0,x2,x3,x4,x4 represents 5 64-bit numbers, and the addition step of the round constants is to obtain a new x 2 according to different exclusive or different constants c r of the cycle times;
the S-box nonlinear replacement layer code is described as follows:
x0^=x4;x4^=x3;x2^=x1;
t0=x0;t1=x1;t2=x2;t3=x3;t4=x4;
t0=~t0;t1=~t1;t2=~t2;t3=~t3;t4=~t4;
t0&=x1;t1&=x2;t2&=x3;t3&=x4;t4&=x0;
x0^=t1;x1^=t2;x2^=t3;x3^=t4;x4^=t0;
x1^=x0;x0^=x4;x3^=x2;x2=~x2;
X 0,x1,x2,x3,x4 in the S box nonlinear substitution layer operation respectively represent 5 64-bit initial variables, t 0,t1,t2,t3,t4 represents an intermediate variable, and 5 new 64-bit variables x 0,x2,x3,x4,x4 can be obtained according to the codes;
linear diffusion layer:
Each 64-bit element x 0,x1,x2,x3,x4 in the linear diffusion layer needs to obtain a new 64-bit element according to two different cyclic shifts, and performs exclusive-or operation with the new 64-bit element x 0,x1,x2,x3,x4 to obtain 5 new 64-bit elements x 0,x1,x2,x3,x4;
mapping algorithm ICEPOLE: the round operation in mapping algorithm ICEPOLE consists of 5 steps, μ, ρ, pi, Kappa; a logic operation Unit (Logic Processing Unit), a shift operation Unit (Shifting Processing Unit) and an S box Unit (S-box Unit) are used in a cryptographic algorithm reconfigurable computing framework processing and calculating Unit (Processing Computing Unit) to complete the mapping of the round operation function of the ICEPOLE algorithm;
the five steps are specifically described as follows:
the mu operation multiplies a column vector by a constant matrix through the matrix operation to obtain a new matrix consisting of new 5 64 bits;
ρICEPOLE:S[x][y]:=S[x][y]<<<offsets[x][y],(0≤x≤3),(0≤y≤4)
ρ is to rotate each bit along the z-axis by a certain length, a total of the cyclically shifted elements being 20 64-bit elements
πICEPOLE:x′:=(x+y)mod4,y′:=(((x+y)mod4)+y+1)mod5
Pi operation is to rearrange the order of 64-bit element arrangement along the y-axis, and the new element pair (x ', y') is derived by the above operation; wherein mod4 represents the last result modulo 4 and mod5 represents the last result modulo 5;
the operation is that 5 64-bit elements M 0M1M2M3M4 in each row are respectively subjected to inverting and exclusive-or operation, and different M k+1Mk+2 are selected according to different k values to be inverted and exclusive-or with the element;
The κ operation is an exclusive-or operation that modifies only 64-bit elements (x=0, y=0) along the y-axis according to the number of loop iterations.
3. The reconfigurable cryptographic algorithm system based on the spine structure according to claim 2, wherein the logic operation unit (Logic Processing Unit) in the processing calculation unit (Processing Computing Unit) is composed of a unit of three-level exclusive-or tree combined with cyclic left shift and two path selectors; each processing and computing unit has 5 64-bit inputs in0, in1, in2, in3, in4 and 3 64-bit outputs out1, out2, out3; the selection of the input and output ports is configured by controlling the configuration unit respectively;
When mapping SHA-3 round operation theta-1, five input ports in0, in1, in2, in3 and in4 are configured to complete the exclusive-or operation, output results out1 and out2 are stored in a heterogeneous lookup table Unit (LUT), when mapping SHA-3 round operation theta-2, three input ports in0, in1 and in2 are configured to acquire data from the LUT1 and the LUT2 and complete the exclusive-or operation, and the output results are directly transmitted to a next-stage processing calculation Unit (Processing Computing Unit) through an interconnection network (Interconnection Unit) or stored data enter a Memory Unit (Memory Unit);
When mapping ASCON algorithm linear diffusion layers, the processing calculation Unit (Processing Computing Unit) has completed execution of the S box Unit (S-box Unit) and the shift operation Unit (Shifting Processing Unit), three input ports in0, in1 and in2 in the logic operation Unit (Logic Processing Unit) are configured to complete exclusive-OR operation of the linear diffusion layers, and output results are directly stored in the storage Unit (Memory Unit) through the internet (Interconnection Unit);
When the ICEPOLE rounds of operation mu are mapped, the configuration Unit flexibly configures three input ports in0, in1 and in2 or four input ports in0, in1, in2 and in3 to complete the exclusive-or operation, and stores an output result out3 into a Memory Unit (Memory Unit) so as to more effectively configure information on the premise of ensuring the speed and realize a logic operation related function.
4. A cryptographic algorithm reconfigurable system based on a spine structure according to claim 3, wherein the shift operation unit (Shifting Processing Unit) in the processing calculation unit (Processing Computing Unit) can realize 64-bit cyclic shift due to requirements in three algorithm functions, and the bucket shifter is used for meeting the reconfigurability of the cyclic shift of the reconfigurable computing framework due to the adoption of the "power of 2" hierarchical principle of the structure; the number of shift operation bits required by the three algorithms is 64 bits, so that 6 stages of shift structures are required in total, each stage is regulated and controlled according to a corresponding control signal, and the stage is controlled to be shifted by 2 i(0≤i≤log2 N-1) or not; the number of shift bits and the shift mode are also controlled by the decoding circuit to take charge of the control of the multiplexer and the shift circuit of each stage; let the shift length be: b 5b4b3b2b1b0 (binary original code), b 5 is a first-stage shift signal, and b 4 is a second-stage shift signal; when the i-th level control signal is 1, the i-th level shifts to the power of 2, and when the control signal is 0, the i-th level does not shift;
The shift bits for the mapping algorithm SHA-3 round operation ρ are 25, 39,3, 10, 43, 55, 20, 36, 44,6, 28, 27,0,1,0, 62, 56, 14, 18,2, 61, 21,8, 41, 45, 15, respectively;
The shift numbers for the operations of the mapping algorithm ICEPOLE rounds of operations ρ are 0, 36,3, 41, 18,1, 44, 10, 45,2, 62,6, 43, 15, 61, 28, 55, 25, 21, 56, respectively;
the number of shift bits in the mapping algorithm ASCON linear diffusion layer step are 19, 28,1,6,7, 41, 61, 39, 10, 17, respectively.
5. The reconfigurable cryptographic algorithm system based on the spine structure of claim 4, wherein the S-box Unit (S-box Unit) in the processing calculation Unit (Processing Computing Unit) is implemented by a combinational logic circuit; the S box Unit (S-box Unit) has unique nonlinear effect in the implementation process of three mapping algorithms, and is used for confusing the three mapping algorithms, and the complexity of the S box Unit (S-box Unit) is in direct proportion to the password protection intensity; the construction of the S-box Unit is accomplished by using a plurality of one-out-of-two multiplexers and exclusive-or gates, nor gates, and nor gates.
6. The reconfigurable cryptographic algorithm system based on the spine structure according to claim 5, wherein the system is a reconfigurable system implemented by a circuit.
7. The reconfigurable cryptographic algorithm system based on the spine structure of claim 6, wherein the system is applied to a reconfigurable cryptographic processor.
8. A reconfigurable method of cryptographic algorithm based on a spine structure, the method comprising:
a processing calculation step, a control configuration step, a storage step, a preprocessing buffer step and an interconnection step; the processing and calculating steps are as follows: the core function of the reconfigurable computing framework is born, and the realization of round functions in the algorithm is completed under the scheduling of the control configuration steps; the control configuration step is used for controlling and scheduling different algorithms; the storage step is used for storing data constants required by the whole system framework and intermediate data generated in the round operation process; the preprocessing step is mainly responsible for filling and partitioning an algorithm and caching data among other units; the interconnection step is used for transmitting data between the processing calculation units of each stage.
9. A computer-readable storage medium, characterized by: the computer readable storage medium stores a computer program configured to implement the steps of the lock-structure-based cryptographic algorithm reconfigurable method of claim 8 when called by a processor.
CN202410209500.XA 2024-02-26 2024-02-26 Reconfigurable cryptographic algorithm system and method based on spine structure Pending CN118101200A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410209500.XA CN118101200A (en) 2024-02-26 2024-02-26 Reconfigurable cryptographic algorithm system and method based on spine structure

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410209500.XA CN118101200A (en) 2024-02-26 2024-02-26 Reconfigurable cryptographic algorithm system and method based on spine structure

Publications (1)

Publication Number Publication Date
CN118101200A true CN118101200A (en) 2024-05-28

Family

ID=91162672

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410209500.XA Pending CN118101200A (en) 2024-02-26 2024-02-26 Reconfigurable cryptographic algorithm system and method based on spine structure

Country Status (1)

Country Link
CN (1) CN118101200A (en)

Similar Documents

Publication Publication Date Title
Boyle et al. Function secret sharing for mixed-mode and fixed-point secure computation
Feng et al. Cryptanalysis and improvement of the hyper-chaotic image encryption scheme based on DNA encoding and scrambling
Liao et al. A novel image encryption algorithm based on self-adaptive wave transmission
Kumaravel et al. An application of non-uniform cellular automata for efficient cryptography
Shahbazi et al. Area-efficient nano-AES implementation for Internet-of-Things devices
CN100435505C (en) Data converter and data converting method
KR100800468B1 (en) Hardware cryptographic engine and method improving power consumption and operation speed
Al-Neaimi et al. New Approach for Modifying Blowfish Algorithm by Using Multiple Keys
JP3088337B2 (en) Cryptographic processing device, IC card and cryptographic processing method
Yoon et al. A 55nm 50nJ/encode 13nJ/decode Homomorphic Encryption Crypto-Engine for IoT Nodes to Enable Secure Computation on Encrypted Data
Cheng et al. A reconfigurable and compact hardware architecture of CLEFIA block cipher with multi-configuration
Gangadari et al. FPGA implementation of compact S-box for AES algorithm using composite field arithmetic
CN116366248B (en) Kyber implementation method and system based on compact instruction set expansion
CN118101200A (en) Reconfigurable cryptographic algorithm system and method based on spine structure
KR20040055550A (en) Serial-Parallel Multiplier to Multiply Two Elements in the Finite Field
Singh et al. Study & analysis of cryptography algorithms: RSA, AES, DES, T-DES, blowfish
Ray et al. Encryption algorithm for block ciphers based on programmable cellular automata
Majzoub et al. MorphoSys reconfigurable hardware for cryptography: the twofish case
JP2004004603A (en) Extension key generation apparatus, enciphering apparatus and enciphering system
Pieprzyk et al. Rotation-symmetric functions and fast hashing
CN115037485B (en) Method, device and equipment for realizing lightweight authentication encryption algorithm
Kothandan Modified Blowfish Algorithm to Enhance its Performance and Security
Yu et al. Image encryption algorithm based on self-adaptive symmetrical-coupled toggle cellular automata
JPH10153954A (en) Ciphering device
CN115765990B (en) NTRU security co-processor of post quantum cryptography algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination