[go: up one dir, main page]

CN110995405B - Chaos-based Initial Vector Generation Algorithm and Its IP Core - Google Patents

Chaos-based Initial Vector Generation Algorithm and Its IP Core Download PDF

Info

Publication number
CN110995405B
CN110995405B CN201911232173.5A CN201911232173A CN110995405B CN 110995405 B CN110995405 B CN 110995405B CN 201911232173 A CN201911232173 A CN 201911232173A CN 110995405 B CN110995405 B CN 110995405B
Authority
CN
China
Prior art keywords
module
key
initial vector
bit
sequence
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911232173.5A
Other languages
Chinese (zh)
Other versions
CN110995405A (en
Inventor
丁群
冯凯
王传福
李孝友
余龙飞
唐薪玥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Heilongjiang University
Original Assignee
Heilongjiang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Heilongjiang University filed Critical Heilongjiang University
Priority to CN201911232173.5A priority Critical patent/CN110995405B/en
Publication of CN110995405A publication Critical patent/CN110995405A/en
Application granted granted Critical
Publication of CN110995405B publication Critical patent/CN110995405B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/001Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using chaotic signals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明提供一种基于混沌初始向量生成算法及其IP核,生成算法基于Logistic混沌的序列发生器中输入32比特的初值x0,将ZUC加密算法的128比特的初始密钥KEY划分为16个32比特key[i];将key[0]赋值给32比特x0,并计算x1=4x0(1‑x0);将key[i]赋值给key[i‑1],再将x1赋值给key[15],对按顺序产生的所有x1序列隔1024比特截取末尾128比特序列作为一个初始向量。生成算法的IP核,包括:该方法生成的初始向量生成模块、ZUC加密算法模块、密钥流FIFO模块、运算模块、UART通信模块和控制器模块。本发明利用混沌伪随机序列良好的随机性,大大提高了初始向量的不可预测性。

Figure 201911232173

The present invention provides a chaotic initial vector generation algorithm and its IP core. The generation algorithm is based on Logistic chaotic sequence generator inputting a 32-bit initial value x 0 , and the 128-bit initial key KEY of the ZUC encryption algorithm is divided into 16 a 32-bit key[i]; assign key[0] to 32-bit x 0 , and calculate x 1 =4x 0 (1‑x 0 ); assign key[i] to key[i‑1], and then x 1 is assigned to key[15], and the last 128-bit sequence is truncated at 1024-bit intervals for all the x 1 sequences generated in sequence as an initial vector. An IP core for generating an algorithm includes an initial vector generation module generated by the method, a ZUC encryption algorithm module, a key stream FIFO module, an operation module, a UART communication module and a controller module. The invention utilizes the good randomness of the chaotic pseudo-random sequence and greatly improves the unpredictability of the initial vector.

Figure 201911232173

Description

基于混沌初始向量生成算法及其IP核Chaos-based Initial Vector Generation Algorithm and Its IP Core

技术领域:Technical field:

本发明涉及数据加密领域,具体涉及一种基于混沌初始向量生成算法及其IP核。The invention relates to the field of data encryption, in particular to a chaos-based initial vector generation algorithm and an IP core thereof.

背景技术:Background technique:

祖冲之(简称ZUC)序列密码是一种同步序列密码算法,该算法输入包含两个部分,即位宽为128比特的初始密钥(Initial Key,简称KEY)和位宽为128比特的初始向量(Initial Vector,简称IV)。ZUC序列密码算法是利用输入的128比特KEY和128比特初始向量生成密钥流对数字信息进行加密。Zu Chongzhi (ZUC for short) sequence cipher is a synchronous sequence cipher algorithm. The input of the algorithm consists of two parts, namely, the initial key with a bit width of 128 bits (Initial Key, referred to as KEY) and an initial vector with a bit width of 128 bits (Initial Key) Vector, referred to as IV). The ZUC sequence cipher algorithm uses the input 128-bit KEY and 128-bit initial vector to generate a key stream to encrypt digital information.

ZUC序列密码算法是国际标准化组织3GPP(3rd Generation PartnershipProject)推荐的第三套国际加密算法。根据3GPP所颁布的ZUC序列密码算法,初始向量是利用无线通信过程中相关的控制信息以固定的方式和结构生成的,其表述为:令信号COUNT=COUNT[0]||COUNT[1]||COUNT[2]||COUNT[3],COUNT代表通信过程中的帧计数器,其位宽为32比特,其中COUNT[i](0≦i≦3)为8比特长的字节,且128比特宽度的初始向量表示为IV=IV[0]||IV[1]||IV[2]||...||IV[15],其中IV[i](0≦i≦15)为8比特的字节,则:The ZUC sequence encryption algorithm is the third set of international encryption algorithms recommended by the International Organization for Standardization 3GPP (3rd Generation Partnership Project). According to the ZUC sequence cipher algorithm promulgated by 3GPP, the initial vector is generated in a fixed manner and structure using the relevant control information in the wireless communication process, which is expressed as: let the signal COUNT=COUNT[0]||COUNT[1]| |COUNT[2]||COUNT[3], COUNT represents the frame counter in the communication process, its bit width is 32 bits, and COUNT[i] (0≦i≦3) is an 8-bit long byte, and 128 The initial vector of bit width is expressed as IV=IV[0]||IV[1]||IV[2]||...||IV[15], where IV[i](0≦i≦15) is 8-bit byte, then:

IV[0]=COUNT[0],IV[1]=COUNT[1],IV[0]=COUNT[0],IV[1]=COUNT[1],

IV[2]=COUNT[2],IV[3]=COUNT[3],IV[2]=COUNT[2], IV[3]=COUNT[3],

IV[4]=BEARER||DIRECTION||002,IV[4]=BEARER||DIRECTION||002,

IV[5]=IV[6]=IV[7]=000000002,IV[5]=IV[6]=IV[7]=000000002,

IV[8]=IV[0],IV[9]=IV[1],IV[8]=IV[0], IV[9]=IV[1],

IV[10]=IV[2],IV[11]=IV[3],IV[10]=IV[2], IV[11]=IV[3],

IV[12]=IV[4],IV[13]=IV[5],IV[12]=IV[4], IV[13]=IV[5],

IV[14]=IV[6],IV[15]=IV[7].IV[14]=IV[6], IV[15]=IV[7].

其中符号“||”为位连接符号,信号BEARER位宽为5比特,功能是承载层标识,信号DIRECTION位宽为1比特,功能是传输方向标识。由于初始向量在通信中是非保密的,可以以明文形式传输,并且信号COUNT在每次更新KEY后置0,并以递增的方式改变,而信号DIRECTION又只有上行和下行两种状态,则在整个初始向量中只有5比特的信号BEARER是完全不可预测的。理想情况下,IV中不可预测部分的位数和KEY的位数应该相同,以提高抗TMDTO(Time-Memory-Data Trade-Off)攻击的能力。在一些文献中指出了这一问题,并且也指出了初始向量中较短的不可预测位数会降低替代类型的TMTO攻击的复杂度,而增加初始向量中不可预测的位数有利于改善这一问题。The symbol "||" is the bit connection symbol, the bit width of the signal BEARER is 5 bits, the function is the bearer layer identification, the bit width of the signal DIRECTION is 1 bit, and the function is the transmission direction identification. Since the initial vector is not confidential in the communication, it can be transmitted in plain text, and the signal COUNT is set to 0 after each KEY update, and changes in an incremental manner, while the signal DIRECTION has only two states of uplink and downlink, then in the whole The signal BEARER with only 5 bits in the initial vector is completely unpredictable. Ideally, the number of bits in the unpredictable part of the IV and the number of bits in the KEY should be the same to improve the resistance to TMDTO (Time-Memory-Data Trade-Off) attacks. This problem has been pointed out in some literature, and it has also been pointed out that shorter unpredictable bits in the initial vector reduce the complexity of alternative types of TMTO attacks, while increasing the number of unpredictable bits in the initial vector is beneficial to improve this question.

初始向量在同步序列密码算法中扮演着十分重要的作用。很多情况下,在具体加密过程中,KEY无法经常变更,这时更新使用不同的初始向量便避免了在相同明文和相同密钥下产生相同密文的情况,也避免了相同密钥流被多次用于加密。同时,在无线通信中,信道中的信息容易丢失,当一个加密通信系统只能在信息接收完整的情况下才能进行正确的解密时,这个系统是难以应用的。Initial vectors play a very important role in synchronous sequence cryptography. In many cases, in the specific encryption process, the KEY cannot be changed frequently. At this time, the use of different initial vectors for updating avoids the situation that the same ciphertext is generated under the same plaintext and the same key, and also avoids the same key stream from being used for multiple times. times are used for encryption. At the same time, in wireless communication, the information in the channel is easy to be lost. When an encrypted communication system can only perform correct decryption when the information is received completely, this system is difficult to apply.

发明内容SUMMARY OF THE INVENTION

基于以上不足之处,本发明提供一种基于混沌初始向量生成算法及其IP核,大大提高了初始向量的不可预测性,以改善应对TMTO攻击的能力。Based on the above shortcomings, the present invention provides a chaos-based initial vector generation algorithm and its IP core, which greatly improves the unpredictability of the initial vector and improves the ability to deal with TMTO attacks.

本发明所采用的技术如下:一种基于混沌初始向量生成算法,初始向量生成方法如下:The technology adopted in the present invention is as follows: a chaotic initial vector generation algorithm, the initial vector generation method is as follows:

步骤一、首先要向基于Logistic混沌的序列发生器中输入32比特的初值x0,将ZUC加密算法的128比特的初始密钥KEY划分为16个32比特key[i](0≤i≤15),使key[i](0≤i≤15)分别作为Logistic混沌迭代映射的输入,Step 1. First, input a 32-bit initial value x 0 into the sequence generator based on Logistic chaos, and divide the 128-bit initial key KEY of the ZUC encryption algorithm into 16 32-bit key[i] (0≤i≤ 15), make key[i] (0≤i≤15) as the input of Logistic chaotic iterative map respectively,

其中,Logistic混沌迭代映射的表达式如下:Among them, the expression of Logistic chaotic iterative mapping is as follows:

xn+1=4xn(1-xn) (1)x n+1 = 4x n (1-x n ) (1)

其中x0是初始值,n是迭代次数,且xn由32比特寄存器构成;where x 0 is the initial value, n is the number of iterations, and x n consists of a 32-bit register;

步骤二、将key[0]赋值给32比特x0,并计算x1=4x0(1-x0);Step 2, assign key[0] to 32 bits x 0 , and calculate x 1 =4x 0 (1-x 0 );

步骤三、将key[i]赋值给key[i-1],再将x1赋值给key[15],对按顺序产生的所有x1序列隔1024比特截取末尾128比特序列作为一个初始向量,并转回至步骤二。Step 3. Assign key[i] to key[i-1], and then assign x 1 to key[15]. For all x 1 sequences generated in sequence, truncate the last 128-bit sequence at 1024-bit intervals as an initial vector, and go back to step two.

本发明还具有如下特征:一种基于混沌初始向量生成算法的IP核,包括:如上方法生成的初始向量生成模块、ZUC加密算法模块、密钥流FIFO模块、运算模块、UART通信模块和控制器模块,The present invention also has the following features: an IP core based on a chaotic initial vector generation algorithm, comprising: an initial vector generation module generated by the above method, a ZUC encryption algorithm module, a key stream FIFO module, an operation module, a UART communication module and a controller module,

所述的初始向量生成模块负责生成ZUC加密算法模块工作所需的初始向量;The described initial vector generation module is responsible for generating the initial vector required for the work of the ZUC encryption algorithm module;

所述的ZUC加密算法模块负责根据密钥KEY和初始向量生成用于加解密的密钥序列;Described ZUC encryption algorithm module is responsible for generating the key sequence for encryption and decryption according to key KEY and initial vector;

所述的密钥流FIFO模块用于缓存ZUC加密算法模块输出的密钥流;Described key stream FIFO module is used for buffering the key stream output by ZUC encryption algorithm module;

所述的UART通信模块实现了IP核与上位机通信过程的调制与解调工作;The UART communication module realizes the modulation and demodulation of the communication process between the IP core and the host computer;

所述的运算模块将从UART通信模块的接收器FIFO单元和密钥流FIFO模块中取出的数据进行异或运算,完成数据的加解密,并将处理完成的数据交给UART通信模块的发送器FIFO单元;The operation module performs XOR operation on the data taken out from the receiver FIFO unit of the UART communication module and the key stream FIFO module, completes the encryption and decryption of the data, and delivers the processed data to the transmitter of the UART communication module. FIFO unit;

所述的控制器模块为整个IP核的主控单元,所有的模块在其调度下工作,它控制着数据的流向以及数据所接受的运算。The controller module is the main control unit of the entire IP core, all modules work under its scheduling, and it controls the flow of data and the operations accepted by the data.

本发明的优点及有益效果如下:本发明利用混沌伪随机序列良好的随机性,大大提高了初始向量的不可预测性,以改善应对TMTO攻击的能力,并将其与ZUC序列密码算法相结合,形成了ZUC加密算法IP核的重要组成部分。此外,序列密码算法加入初始向量同时为数据通信设计帧结构使得即使出现部分数据受损或缺失的情况,系统依旧可以继续完成那些被正确接收的数据帧的解密工作。在发送信息是有顺序的情况中,初始向量还可以用作信息帧的编号。The advantages and beneficial effects of the present invention are as follows: the present invention utilizes the good randomness of the chaotic pseudo-random sequence, greatly improves the unpredictability of the initial vector, improves the ability to deal with TMTO attacks, and combines it with the ZUC sequence cryptographic algorithm, It forms an important part of the IP core of the ZUC encryption algorithm. In addition, the sequence cipher algorithm adds the initial vector and designs the frame structure for data communication, so that even if some data is damaged or missing, the system can still continue to complete the decryption of those correctly received data frames. In the case where the transmitted information is sequential, the initial vector can also be used as the number of the information frame.

附图说明Description of drawings

图1为基于FPGA的ZUC加密算法IP核的原理图;Figure 1 is a schematic diagram of the FPGA-based ZUC encryption algorithm IP core;

图2为基于Logistic混沌的初始向量生成算法模块硬件实现的顶层设计图;Fig. 2 is the top-level design diagram of hardware implementation of initial vector generation algorithm module based on Logistic chaos;

图3为初始向量生成模块的流程图;Fig. 3 is the flow chart of initial vector generation module;

图4为FPGA顶层架构图。Figure 4 shows the top-level architecture diagram of the FPGA.

具体实施方式Detailed ways

下面根据说明书附图举例对本发明做进一步的说明:The present invention will be further described below according to the accompanying drawings of the description:

实施例1Example 1

一种基于混沌初始向量生成算法,初始向量生成方法如下:A chaos-based initial vector generation algorithm, the initial vector generation method is as follows:

步骤一、首先要向基于Logistic混沌的序列发生器中输入32比特的初值x0,将ZUC加密算法的128比特的初始密钥KEY划分为16个32比特key[i](0≤i≤15),使key[i](0≤i≤15)分别作为Logistic混沌迭代映射的输入,Step 1. First, input a 32-bit initial value x 0 into the sequence generator based on Logistic chaos, and divide the 128-bit initial key KEY of the ZUC encryption algorithm into 16 32-bit key[i] (0≤i≤ 15), make key[i] (0≤i≤15) as the input of Logistic chaotic iterative map respectively,

其中,Logistic混沌迭代映射的表达式如下:Among them, the expression of Logistic chaotic iterative mapping is as follows:

xn+1=4xn(1-xn) (1)x n+1 = 4x n (1-x n ) (1)

其中x0是初始值,n是迭代次数,且xn由32比特寄存器构成;where x 0 is the initial value, n is the number of iterations, and x n consists of a 32-bit register;

步骤二、将key[0]赋值给32比特x0,并计算x1=4x0(1-x0);Step 2, assign key[0] to 32 bits x 0 , and calculate x 1 =4x 0 (1-x 0 );

步骤三、将key[i]赋值给key[i-1],再将x1赋值给key[15],对按顺序产生的所有x1序列隔1024比特截取末尾128比特序列作为一个初始向量,并转回至步骤二。Step 3. Assign key[i] to key[i-1], and then assign x 1 to key[15]. For all x 1 sequences generated in sequence, truncate the last 128-bit sequence at 1024-bit intervals as an initial vector, and go back to step two.

其中,基于混沌初始向量生成算法的IP核,包括:初始向量生成模块、ZUC加密算法模块、密钥流FIFO模块、运算模块、UART通信模块和控制器模块,所述的初始向量生成模块负责生成ZUC加密算法模块工作所需的初始向量;Among them, the IP core based on the chaotic initial vector generation algorithm includes: an initial vector generation module, a ZUC encryption algorithm module, a key stream FIFO module, an operation module, a UART communication module and a controller module, and the initial vector generation module is responsible for generating The initial vector required for the work of the ZUC encryption algorithm module;

所述的ZUC加密算法模块负责根据密钥KEY和初始向量生成用于加解密的密钥序列;Described ZUC encryption algorithm module is responsible for generating the key sequence for encryption and decryption according to key KEY and initial vector;

所述的密钥流FIFO模块用于缓存ZUC加密算法模块输出的密钥流;Described key stream FIFO module is used for buffering the key stream output by ZUC encryption algorithm module;

所述的UART通信模块实现了IP核与上位机通信过程的调制与解调工作;The UART communication module realizes the modulation and demodulation of the communication process between the IP core and the host computer;

所述的运算模块将从UART通信模块的接收器FIFO单元和密钥流FIFO模块中取出的数据进行异或运算,完成数据的加解密,并将处理完成的数据交给UART通信模块的发送器FIFO单元;The operation module performs XOR operation on the data taken out from the receiver FIFO unit of the UART communication module and the key stream FIFO module, completes the encryption and decryption of the data, and delivers the processed data to the transmitter of the UART communication module. FIFO unit;

所述的控制器模块为整个IP核的主控单元,所有的模块在其调度下工作,它控制着数据的流向以及数据所接受的运算。The controller module is the main control unit of the entire IP core, all modules work under its scheduling, and it controls the flow of data and the operations accepted by the data.

实施例2Example 2

基于混沌初始向量生成算法的IP核的FPGAFPGA of IP Core Based on Chaos Initial Vector Generation Algorithm

如图2所示,初始向量生成模块具有6个输入输出信号,其信号定义在表1中列出。As shown in Figure 2, the initial vector generation module has 6 input and output signals, whose signal definitions are listed in Table 1.

表1顶层模块信号列表Table 1 Top-level module signal list

Figure GDA0002387800230000041
Figure GDA0002387800230000041

Figure GDA0002387800230000051
Figure GDA0002387800230000051

初始向量生成模块除了时钟信号和复位信号之外,还有一个控制信号“开始”,这里对初始向量生成模块的主要工作流程进行说明:当初始向量生成模块上电后,首先进行复位操作,之后初始向量生成模块进入待命状态,当开始信号第一次有效时,初始向量生成模块将下载密钥并运行1024个时钟周期,然后输出一个初始向量,同时初始向量有效标志信号“IV输出有效”拉高一拍,表示此时输出信号“输出IV”上的信号有效,接着模块进入待命状态,若信号“开始”再次有效,模块将紧接之前状态再次运行1024个时钟周期并产生新初始向量,以此类推,这里使用算法流程图来表述主要工作流程,如图3所示。In addition to the clock signal and the reset signal, the initial vector generation module also has a control signal "start". The main workflow of the initial vector generation module is described here: when the initial vector generation module is powered on, it first performs a reset operation, and then The initial vector generation module enters the standby state. When the start signal is valid for the first time, the initial vector generation module will download the key and run for 1024 clock cycles, and then output an initial vector. At the same time, the initial vector valid flag signal "IV output valid" is pulled. A high beat indicates that the signal on the output signal "Output IV" is valid at this time, and then the module enters the standby state. If the signal "Start" is valid again, the module will run again for 1024 clock cycles from the previous state and generate a new initial vector. By analogy, the algorithm flow chart is used here to describe the main workflow, as shown in Figure 3.

图4为的顶层架构设计,其中具有多拍潜伏期的模块其潜伏期(latency)已在图中标注。初始向量生成模块全局的计算精度为32比特,且由式(1)可知系统变量xn∈(0,1),则IVMKAKER的所有运算均为32比特无符号纯小数,例如系统中一个32位二进制数表示为Mb=m31m30m29…m1m0,其中mi∈{0,1}且i=0,1,2,…,31,则它所表示的十进制数可由式(2)表示:Figure 4 shows the top-level architecture design, in which the latency of the module with multi-shot latency has been marked in the figure. The global calculation accuracy of the initial vector generation module is 32 bits, and the system variable x n ∈(0,1) can be known from equation (1), then all operations of IVMKAKER are 32-bit unsigned pure decimals, such as a 32-bit in the system The binary number is represented as M b = m 31 m 30 m 29 . . . m 1 m 0 , where m i ∈ {0,1} and i=0,1,2,...,31, then the decimal number represented by it can be expressed by the formula (2) means:

Figure GDA0002387800230000052
Figure GDA0002387800230000052

控制模块为控制单元,它完成式(1)中初值生成的功能,同时控制各个子模块的使能以及选择器模块的选择信号等功能。延迟模块将输入延迟两个时钟周期输出;安位取反模块的功能表达式如下:The control module is a control unit, which completes the function of generating the initial value in the formula (1), and controls the enabling of each sub-module and the selection signal of the selector module at the same time. The delay module delays the input by two clock cycles and outputs the output; the functional expression of the bit inversion module is as follows:

bn[31:0]=~sel[31:0] (3)bn[31:0]=~sel[31:0] (3)

加法器模块完成了对输入值的加1计算,其表达式如下:The adder module completes the calculation of adding 1 to the input value, and its expression is as follows:

add[31:0]=bn[31:0]+1 (4)add[31:0]=bn[31:0]+1 (4)

按位取反模块与加法器模块级联共同完成了式(1)中(1-xn)部分的计算,其原理类似补码,这里举例说明:例如存在无符号二进制数A=10000、B=1010,很明显,要得到A-B的值,可以通过~B+1得到。这么做是因为在本设计中,系统中所有的数均为32位无符号小数,要表示十进制1,则需要33位位宽,而采用本设计中的方法,既避免了为表示十进制1而单独增加一位位宽,又避免了在数字电路中使用减法,此外,取反操作对于数字电路来说,实现起来也是十分简单的;乘法器模块完成了xn(1-xn)的计算工作,当两个位宽为32位的数据在进行乘法运算后,乘法器内部将会产生一个64比特位宽的乘积。The bitwise negation module and the adder module are cascaded together to complete the calculation of the (1-x n ) part of formula (1). =1010, obviously, to get the value of AB, you can get it by ~B+1. This is because in this design, all numbers in the system are 32-bit unsigned decimals. To represent decimal 1, a 33-bit width is required, and the method in this design avoids the need to represent decimal 1. The single-bit width is increased, and the use of subtraction in digital circuits is avoided. In addition, the inversion operation is very simple to implement for digital circuits; the multiplier module completes the calculation of x n (1-x n ) Work, when two data with a bit width of 32 bits are multiplied, a 64-bit bit wide product will be generated inside the multiplier.

我们对实现的初始向量生成模块所占用的资源和速度情况进行了统计,并与使用常规的Logistic混沌序列生成算法实现相同功能的电路进行了对比,结果如表2所示,可见我们所实现的初始向量生成模块在FPGA芯片上的逻辑资源Slice消耗增加16.3%的情况下,使得电路的最高运行频率增加了2.4倍,在使生成的初始向量获得了更好的不可预测性的基础上,同时获得了不错的资源消耗和速度水平。We made statistics on the resources and speed occupied by the implemented initial vector generation module, and compared it with the circuit that uses the conventional Logistic chaotic sequence generation algorithm to achieve the same function. The results are shown in Table 2. It can be seen that our implementation The initial vector generation module increases the maximum operating frequency of the circuit by 2.4 times when the logic resource slice consumption on the FPGA chip increases by 16.3%. On the basis of better unpredictability of the generated initial vector, at the same time Got a decent level of resource consumption and speed.

表2资源与速度对比Table 2 Comparison of resources and speed

Figure GDA0002387800230000061
Figure GDA0002387800230000061

Claims (1)

1. An IP core based on a chaos initial vector generation algorithm comprises the following steps: an initial vector generation module, a ZUC encryption algorithm module, a key stream FIFO module, an operation module, a UART communication module and a controller module,
the initial vector generation module is responsible for generating an initial vector required by the ZUC encryption algorithm module;
the ZUC encryption algorithm module is responsible for generating a KEY sequence for encryption and decryption according to a KEY KEY and an initial vector;
the key stream FIFO module is used for caching the key stream output by the ZUC encryption algorithm module;
the UART communication module realizes the modulation and demodulation work of the communication process of the IP core and the upper computer;
the arithmetic module carries out XOR operation on the data taken out from the receiver FIFO unit and the key stream FIFO module of the UART communication module to finish the encryption and decryption of the data, and the processed data is delivered to the transmitter FIFO unit of the UART communication module;
the controller module is a main control unit of the whole IP core, all modules work under the scheduling of the controller module, and the controller module controls the flow direction of data and the operation received by the data;
the method for generating the initial vector module comprises the following steps:
firstly, inputting an initial value x of 32 bits into a sequence generator based on Logistic chaos0Dividing 128-bit initial KEY KEY of ZUC encryption algorithm into 16 32-bit KEYs [ i]I is not less than 0 and not more than 15, so that key [ i ≦]Respectively as the input of Logistic chaotic iterative mapping,
the Logistic chaotic iterative mapping expression is as follows:
xn+1=4xn(1-xn) (1)
wherein x0Is an initial value, n is the number of iterations, and xnThe device is composed of a 32-bit register;
step two, key [0]]Assigned to 32 bits x0And calculate x1=4x0(1-x0);
Step three, key [ i ]]Assign a key [ i-1 ]]Then x is added1Assign value to key [15]For all x generated in sequence1The sequence intercepts the last 128-bit sequence as an initial vector at 1024-bit intervals, and returns to step two.
CN201911232173.5A 2019-12-05 2019-12-05 Chaos-based Initial Vector Generation Algorithm and Its IP Core Active CN110995405B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911232173.5A CN110995405B (en) 2019-12-05 2019-12-05 Chaos-based Initial Vector Generation Algorithm and Its IP Core

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911232173.5A CN110995405B (en) 2019-12-05 2019-12-05 Chaos-based Initial Vector Generation Algorithm and Its IP Core

Publications (2)

Publication Number Publication Date
CN110995405A CN110995405A (en) 2020-04-10
CN110995405B true CN110995405B (en) 2022-04-22

Family

ID=70090134

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911232173.5A Active CN110995405B (en) 2019-12-05 2019-12-05 Chaos-based Initial Vector Generation Algorithm and Its IP Core

Country Status (1)

Country Link
CN (1) CN110995405B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112367155B (en) * 2020-10-13 2022-06-07 黑龙江大学 A Construction Method of IP Core of ZUC Encryption System Based on FPGA
CN115277977B (en) * 2022-07-25 2023-11-10 重庆邮电大学 Hybrid chaotic image encryption method based on FPGA (field programmable Gate array) configurable floating point precision

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103731822A (en) * 2012-10-15 2014-04-16 中国科学院微电子研究所 System and method for implementing Zuichong algorithm
CN105808207A (en) * 2016-03-22 2016-07-27 中国科学院半导体研究所 Chaotic pseudo random number generator, and circuit and system on chip thereby
CN105916141A (en) * 2016-07-12 2016-08-31 黑龙江大学 Self-synchronizing realization system and self-synchronizing realization method for Zu Chongzhi encryption and decryption algorithm
CN106209358A (en) * 2016-07-12 2016-12-07 黑龙江大学 A kind of SM4 key schedule based on long key realize system and method
CN109508175A (en) * 2018-11-14 2019-03-22 重庆邮电大学 The FPGA design of pseudorandom number generator based on fractional order chaos and Zu Chongzhi's algorithm

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003216037A (en) * 2001-11-16 2003-07-30 Yazaki Corp Cipher key, enciphering device, enciphering/deciphering device, cipher key management device, and deciphering device
US20160234009A1 (en) * 2015-02-08 2016-08-11 Wenhua Li Chaotic Baseband Modulation Hopping Based Post-Quantum Physical-Layer Encryption
CN108377180A (en) * 2018-03-29 2018-08-07 哈尔滨理工大学 A wireless security communication system based on STM32

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103731822A (en) * 2012-10-15 2014-04-16 中国科学院微电子研究所 System and method for implementing Zuichong algorithm
CN105808207A (en) * 2016-03-22 2016-07-27 中国科学院半导体研究所 Chaotic pseudo random number generator, and circuit and system on chip thereby
CN105916141A (en) * 2016-07-12 2016-08-31 黑龙江大学 Self-synchronizing realization system and self-synchronizing realization method for Zu Chongzhi encryption and decryption algorithm
CN106209358A (en) * 2016-07-12 2016-12-07 黑龙江大学 A kind of SM4 key schedule based on long key realize system and method
CN109508175A (en) * 2018-11-14 2019-03-22 重庆邮电大学 The FPGA design of pseudorandom number generator based on fractional order chaos and Zu Chongzhi's algorithm

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
An Efficient Image Encryption Scheme Based on ZUC Stream Cipher and Chaotic Logistic Map;Hai Cheng ect.;《Intelligent Data analysis and its Applications》;20141231;正文第2-3节 *
Design and Implementation of Pseudo-Random Sequence Generator Based on Logistic Chaotic System and m-Sequence Using FPGA;Kai Feng and Qun Ding;《International Conference on Intelligent Information Hiding and Multimedia Signal Processing》;20170718;全文 *
基于混沌S盒的无线传感器网络分组加密算法;何远等;《计算机应用》;20130401(第04期);全文 *
基于置乱、混淆与掩蔽规则融合3D混沌映射的图像加密算法研究;尹燕等;《科学技术与工程》;20140218(第05期);全文 *
祖冲之算法在数字图像加密中的应用与实现;任高峰等;《科学技术与工程》;20130128(第03期);全文 *

Also Published As

Publication number Publication date
CN110995405A (en) 2020-04-10

Similar Documents

Publication Publication Date Title
Kowsalya et al. Low area PRESENT cryptography in FPGA using TRNGPRNG key generation
JP6244429B2 (en) Stream cipher encryption apparatus, stream cipher decryption apparatus, stream cipher encryption method, stream cipher decryption method, and program
Kitsos et al. FPGA-based performance analysis of stream ciphers ZUC, Snow3g, Grain V1, Mickey V2, Trivium and E0
Samir et al. ASIC and FPGA comparative study for IoT lightweight hardware security algorithms
KR100800468B1 (en) Hardware encryption / decryption device and method for low power high speed operation
Ragab et al. Design, analysis, and implementation of a new lightweight block cipher for protecting IoT smart devices
EP3371928B1 (en) Key sequence generation for cryptographic operations
Rouvroy et al. Efficient uses of FPGAs for implementations of DES and its experimental linear cryptanalysis
Oukili et al. Hardware implementation of AES algorithm with logic S-box
CN110995405B (en) Chaos-based Initial Vector Generation Algorithm and Its IP Core
Chawla et al. FPGA implementation of an optimized 8-bit AES architecture: A masked S-Box and pipelined approach
Singh et al. An efficient hardware design and implementation of advanced encryption standard (AES) algorithm
Elango et al. High-performance multi-RNS-assisted concurrent RSA cryptosystem architectures
Lin et al. The design of a high-throughput hardware architecture for the AES-GCM algorithm
Hani et al. Design and implementation of a private and public key crypto processor for next-generation it security applications
CN114826560A (en) Method and system for realizing lightweight block cipher CREF
Buell Modern symmetric ciphers—Des and Aes
Negi et al. Implementation of AES employing systolic array and pipelining approach
Tamilselvi et al. A novel based mix-column architecture for AES-128 bit algorithm
Rashidi et al. FPGA based a new low power and self-timed AES 128-bit encryption algorithm for encryption audio signal
Oukili et al. High throughput parallel implementation of Blowfish algorithm
Yang et al. A new block cipher based on chaotic map and group theory
CN115664634A (en) AES encryption algorithm hardware realization method and system for resisting side channel attack
Sumathi et al. Study of Data Security Algorithms using Verilog HDL.
Shet et al. Implementation of aes algorithm using verilog

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant