Summary of the invention
[subject to be solved by the invention]
As information security is in the increasingly extensive of the fields such as data processing, data storage, cloud computing and large-scale data centerApplication, data encrypting and deciphering processing and storage encryption and decryption processing be also concerned and pay attention to.For example, DDR data encryption,NVMFlash data encryption, such encryption protect data safety, from attacking and destroying.
In addition, encryption safe intensity and implementation complexity have substantial connection, such as AES, DES, SM4 (former wireless office of SMS4Domain net algorithm standard rules) etc. symmetry algorithms be applied since its security intensity is higher.But then, data encrypting and deciphering is handledChallenge is proposed to memory performance, performance loss also becomes the Tradeoff point whether user uses security function.It realizes highSafe and high performance data storage is the innovative point place of this patent.
In addition, the key generation time is longer in symmetry algorithm higher using implementation complexity such as AES, DES, SM4,Along with data storage read data used in the long period, can make the time used in entire reading data and the process of decryption intoOne step lengthens.Shorten decryption time and the first technical problem to be solved by the present invention.
[for solving the technical solution of technical task]
The present invention relates to a kind of data encryption device writing data and being encrypted to memory to be written, feature existsIn, comprising: key scrambler will be written into the write address when memory based on write data, scramble to keyIt calculates, generates the descrambling key for being encrypted to write data, and write data encryptor, scrambled using the keyThe descrambling key that device generates, encrypts write data, generates ciphertext data;Wherein, write data encryption equipmentWrite data are encrypted using symmetry algorithm.
In above-mentioned data encryption device, cipher key change is different with address information change, accomplishes that address one is closeKey increases the safety of data in this way.
In above-mentioned data encryption device, be also possible to the key scrambler to the address information of the write address intoRow hash transformation, and linear transformation or nonlinear transformation are carried out together with the key, to export the descrambling key.
It in above-mentioned data encryption device, will be scrambled together with key after address mapping, increase cracks difficulty.
In above-mentioned data encryption device, it is also possible to the symmetry algorithm that write data encryption equipment uses for baseIn the symmetry algorithm of N wheel operation, the descrambling key generated using the key scrambler is described in the execution of first round round keyEncryption, wherein N is 2 integral multiple natural number;Write data encryption equipment uses the pipelining with M grades, flows at every gradeThe N/M wheel operation in the symmetry algorithm is executed in water, wherein M is the approximate number of N.
In above-mentioned data encryption device, write data encryption equipment uses pipeline organization, promotes data throughput, mentionsHigh data-handling efficiency.
In above-mentioned data encryption device, it is also possible to, further includes: write address scrambler adds the write addressCalculating is disturbed, scrambling write address is generated, for making the ciphertext data that the memory be written according to the scrambling write address;It is described to writeAddress scrambler carries out linear transformation or nonlinear transformation to the address information of the write address, writes ground to generate the scramblingLocation.
In above-mentioned data encryption device, data writing address is scrambled, upsets the physical address of write-in memory,Increase attack difficulty.
In above-mentioned data encryption device, being also possible to descrambling key described in one group of the key scrambler generation canFor the different size of encryption for writing data block;Write data block can be the data block as unit of storing physical unit,The data block being also possible to as unit of performance data block.
Above-mentioned data encryption device can encrypt different size of data block, more convenient when being encrypted.
This patent is related to a kind of data decryption apparatus that the ciphertext data read from memory are decrypted, and feature existsIn, comprising: key scrambler adds key based on the read address for reading the ciphertext data from the memoryCalculating is disturbed, the descrambling key for the ciphertext data to be decrypted is generated, reads data decryptor, is scrambled based on the keyThe ciphertext data are decrypted in the descrambling key that device generates, and obtain clear data;Wherein, the reading data decryptorThe ciphertext data are decrypted using symmetry algorithm.
In above-mentioned data decryption apparatus, be also possible to the key scrambler to the address information of the read address intoRow hash transformation, and linear transformation or nonlinear transformation are carried out together with the key, to export the descrambling key.
In above-mentioned data decryption apparatus, being also possible to the ciphertext data is by the symmetrical calculation by taking turns operation based on NMethod encryption made of, wherein N be 2 integral multiple natural number;Notebook data decryption device also has key preprocessor, based on describedThe descrambling key that key scrambler generates, the wheel generated for carrying out first round decryption operation to the ciphertext data are closeKey;The round key that operation is decrypted for carrying out the first round read data decryptor and the key preprocessor is utilized to generate,The clear data is obtained after executing N wheel decryption operation.
In above-mentioned data decryption apparatus, the N wheel operation of key pretreated whole is completed before reading data and returning, noAdded influence is generated to reading to be delayed, improves the treatment effeciency of ciphertext data.
In above-mentioned data decryption apparatus, it is also possible to the key preprocessor and uses the assembly line skill with L gradesArt executes N/L in every grade of flowing water and takes turns operation, wherein L is the approximate number of N.
In above-mentioned data decryption apparatus, it is also possible to the reading data decryptor and uses the assembly line skill with K gradesArt executes N/K in every grade of flowing water and takes turns operation, wherein K is the approximate number of N.
In above-mentioned data decryption apparatus, it is also possible to, further includes: read address scrambler adds the read addressCalculating is disturbed, scrambling read address is generated, so that the ciphertext data are read according to the scrambling read address from the memory;It is describedRead address scrambler carries out linear transformation or nonlinear transformation to the address information of the read address, reads ground to generate the scramblingLocation.
In above-mentioned data decryption apparatus, the movement for being also possible to the key preprocessor is read with from the memoryThe movement of the ciphertext data executes parallel out;The key preprocessor is read in ciphertext data to be decrypted from memoryBefore or while, it completes described for carrying out the generation of the round key of first round decryption operation.
This patent is related to a kind of data encrypting and deciphering device, comprising: to the number of memory to be written writing data and being encryptedIt is filled according to encryption device, and to the data deciphering that the ciphertext data for having been carried out the encryption read from memory are decryptedIt sets;Wherein, the data encryption device and the data decryption apparatus use the symmetry algorithm based on N wheel operation, wherein N is 2Integral multiple natural number;The data encryption device includes: to write key scrambler, to be written into described deposit based on write dataWrite address when reservoir carries out scrambling calculating to key is write, generates the scrambling for being encrypted to write data and write key,And data encryptor is write, it is close to write the wheel that key is progress first round encryption with the scrambling for writing the generation of key scramblerKey carries out N wheel cryptographic calculation to write data and generates the ciphertext data;The data decryption apparatus includes: reading keyScrambler is carried out scrambling calculating to key is read, is generated based on the read address for reading the ciphertext data from the memoryKey is read in scrambling for the ciphertext data to be decrypted, and key preprocessor is generated based on the reading key scramblerThe scrambling read key, generates the round key for carrying out first round decryption, and reading data decryptor, utilizes the keyPreprocessor generates described for carrying out the round key of first round decryption, to ciphertext data progress N wheel decryption operationClear data after generating decryption.
In above-mentioned data encrypting and deciphering device, write address scrambler scrambles data writing address, upsets write-in and depositsThe physical address of reservoir increases attack difficulty.Data encrypting and deciphering uses pipeline organization, promotes data throughput, improves numberAccording to treatment effeciency.The N wheel operation of key pretreated whole is completed before reading data return, and does not generate additional shadow to reading to be delayedIt rings, improves the treatment effeciency of ciphertext data.
In above-mentioned data encrypting and deciphering device, being also possible to the data encryption device further includes write address scrambler, rightThe write address carries out scrambling calculating, scrambling write address is generated, for the ciphertext data to be written according to the scrambling write addressThe memory;The write address scrambler carries out linear transformation or nonlinear transformation to the address information of the write address, comesGenerate the scrambling write address;The data decryption apparatus further includes read address scrambler, carries out scrambling meter to the read addressIt calculates, scrambling read address is generated, so that the ciphertext data are read according to the scrambling read address from the memory;The reading groundLocation scrambler carries out linear transformation or nonlinear transformation to the address information of the read address, to generate the scrambling read address.
In above-mentioned data encrypting and deciphering device, it is also possible to the key preprocessor and uses the assembly line skill with L gradesArt executes N/L in every grade of flowing water and takes turns operation, wherein L is the approximate number of N;Write data encryption equipment uses the stream with M gradesWaterline technology executes N/M in every grade of flowing water and takes turns operation, wherein M is the approximate number of N;The reading data decryptor, which uses, has KThe pipelining of grade executes N/K in every grade of flowing water and takes turns operation, wherein K is the approximate number of N.
The present invention relates to a kind of data encrypting and deciphering devices, using the symmetry algorithm based on N wheel operation, to the plaintext inputtedData are encrypted, or the ciphertext data inputted are decrypted, wherein N is 2 integral multiple natural number;The data add solutionClose device includes: key scrambler, based on the access address to memory that system is specified, carries out scrambling calculating to key and gives birth toAt descrambling key, key preprocessor is generated based on the descrambling key that the key scrambler generates for carrying out firstWheel decryption operation round key and data encrypting and deciphering device, based on the key scrambler generate the descrambling key, forThe clear data inputted executes the N wheel operation, generates the ciphertext data, or generate based on the key preprocessorIt is described for carrying out the round key of first round decryption operation, execute the N for the ciphertext data that are inputted and take turns operation,Generate the clear data.
In the data encrypting and deciphering device, data writing address is scrambled, and upsets the physical address of write-in memory, is increasedAdd attack difficulty.Data encrypting and deciphering uses pipeline organization, promotes data throughput, improves data-handling efficiency.Key is pre-The N wheel operation of the whole of processing is completed before reading data and returning, and is not generated added influence to reading to be delayed, is improved ciphertext dataTreatment effeciency.
In above-mentioned data encrypting and deciphering device, it is also possible to add the access address with write address scramblerDisturb calculating, generate scrambling access address, for according to the address to ciphertext data described in the memory read/write;The address addsIt disturbs device and linear transformation or nonlinear transformation is carried out to the address information of the access address, to generate the scrambling access address.
In above-mentioned data encrypting and deciphering device, it is also possible to the key preprocessor and uses the assembly line skill with L gradesArt executes N/L in every grade of flowing water and takes turns operation, wherein L is the approximate number of N;The data encrypting and deciphering device uses the stream with M gradesWaterline technology executes N/M in every grade of flowing water and takes turns operation, wherein M is the approximate number of N.
In above-mentioned data encrypting and deciphering device, be also possible to the movement of the key preprocessor with from the memoryThe movement for reading the ciphertext data carries out parallel;The key preprocessor is read in ciphertext data to be decrypted from memoryBefore or while out, complete described for carrying out the generation of the round key of first round decryption operation.
In above-mentioned data encrypting and deciphering device, be also possible to one group described in descrambling key can be used for different size of dataThe encryption of block;The data block can be the data block as unit of storing physical unit, be also possible to be with performance data blockThe data block of unit.
In above-mentioned data encrypting and deciphering device, being also possible to the symmetry algorithm is any in DES, AES, SM4 algorithmKind.
The present invention relates to a kind of data-storage systems, comprising: data encrypting and deciphering device described in any of the above embodiments, Yi JiyongIn the storage control to ciphertext data described in memory read/write.
In above-mentioned data-storage system, it is also possible to the data encrypting and deciphering device and is built in the storage controlInside device, close to context port, or close to bottom port memory.
In above-mentioned data-storage system, it is also possible to add the data that data are encrypted of writing of memory to be writtenClose process, and to the data decrypting process that the ciphertext data for having been carried out the encryption read from memory are decrypted;ItsIn, the data encryption process and the data decrypting process use the symmetry algorithm based on N wheel operation, wherein N be 2 it is wholeSeveral times natural number;The data encryption process includes: to write key scrambling step, to be written into the storage based on write dataWrite address when device carries out scrambling calculating to key is write, generates the scrambling for being encrypted to write data and write key, withAnd data encryption step is write, writing key with the scrambling is the round key for carrying out first round encryption, carries out N wheel to write dataCryptographic calculation and generate the ciphertext data;The data decrypting process includes: to read key scrambling step, based on for from describedMemory reads the read address of the ciphertext data, carries out scrambling calculating to key is read, generate for the ciphertext data intoKey is read in the scrambling of row decryption, and key pre-treatment step is read key based on the scrambling, generated for carrying out first round decryptionRound key, and read data decryption step, using described for carrying out the round key of first round decryption, to the ciphertext data intoRow N wheel decrypts operation and generates the clear data after decryption.
The present invention relates to a kind of storage medium, record has following data encrypting and deciphering program: the data encrypting and deciphering journeySequence is used to execute the data encryption process writing data and being encrypted to memory to be written, and to read from memory by intoThe data decrypting process that the ciphertext data of the encryption of having gone are decrypted;Wherein, the data encryption process and the dataDecrypting process uses the symmetry algorithm based on N wheel operation, wherein N is 2 integral multiple natural number;The data encryption process packetIt includes: writing key scrambling step, the write address when memory is written into based on write data, is scrambled to key is writeIt calculates, generates the scrambling for being encrypted to write data and write key, and write data encryption step, write with the scramblingKey is the round key for carrying out first round encryption, carries out N wheel cryptographic calculation to write data and generates the ciphertext data;InstituteStating data decrypting process includes: to read key scrambling step, based on the reading for reading the ciphertext data from the memoryLocation carries out scrambling calculating to key is read, and generates the scrambling for the ciphertext data to be decrypted and reads key, key pretreatmentStep reads key based on the scrambling, generates the round key for carrying out first round decryption, and read data decryption step, benefitWith described for carrying out the round key of first round decryption, after generating decryption to ciphertext data progress N wheel decryption operationClear data.
[invention effect]
The present invention uses different keys in each encryption or decryption, and the key is with memory read/writeThe difference of location and it is different, when using symmetry algorithm encryption and decryption data, can further promote the safety of memory encryption and decryption.
In addition, using pipelining in the implementation procedure of enciphering and deciphering algorithm of the invention, data greatly improvedThroughput.
In addition, the present invention uses decruption key precomputation technology, return is initiated request to using to memory read accessThe calculating of key is decrypted in the time interval of data, to reduce in data decrypting process caused by the generation of decruption keyOverall time delay.
Specific embodiment
Before being specifically described, by taking SM4 algorithm as an example, simply SM4 algorithm is illustrated.SM4 algorithm is domesticImportant commercial cipher algorithm, wherein all there are more wheel nonlinear iterations to calculate, for example for enciphering and deciphering algorithm and key schedule32 wheel nonlinear iterations calculate.As shown in (A) and (B) of Fig. 3, decipherment algorithm is similar with the implementation procedure of Encryption Algorithm, onlyRound key is opposite using sequence in decipherment algorithm and Encryption Algorithm, that is, decryption round key is the backward of encryption round key.
Enciphering and deciphering algorithm is briefly introduced below:
As shown in (A) of Fig. 3, based on round key rK0...rK31 to as encrypted object one group of clear data (X0,X1, X2, X3) carry out 32 wheel interative computations after, obtain data (X32, X33, X34, X35) and obtain ciphertext after replacement TreatmentData (Y0, Y1, Y2, Y3), that is, (Y0, Y1, Y2, Y3)=(X35, X34, X33, X32).
In addition, when the ciphertext data are decrypted, backward uses round key, that is, by rK31 as shown in (B) of Fig. 3As the first round round key of decrypting process, backward using round key rk31, rk30 ..., rk0 to ciphertext data (Y0, Y1,Y2, Y3), i.e. (X35, X34, X33, X32) carry out 32 wheel interative computations, data (X3, X2, X1, X0) is obtained, by replacement TreatmentAfterwards, clear data (M0, M1, M2, M3) is obtained, that is,
(M0, M1, M2, M3)=(X3, X2, X1, X0).
Therefore decryption transformation is similar with enciphering transformation process, but the round key of decryption transformation and enciphering transformation makesIt is different with sequence.In encryption, round key is rk0 (round key 0) using sequence, and (wheel is close by rk1 (round key 1) ..., rk31Key 31);In decryption, round key is rk31 (round key 31), rk30 (round key 30) ..., rk0 (round key using sequence0)。
In addition, synthesis displacement T is an inverible transform, it is combined by nonlinear transformation τ and linear transformation L1, i.e. T1()=L1 (τ ()).Nonlinear transformation τ is made of 4 parallel S boxes, and S box is the transformation of fixed bit output, is denoted asSbox(.).That is,
B=τ (A)=(Sbox (a0), Sbox (a1), Sbox (a2), Sbox (a3)).
A indicates operation input, the input of T transformation in corresponding diagram 3.The B output that T is converted in corresponding diagram 3 after L is converted.Since the particular content of synthesis transformation T belongs to well-known technique, therefore description is omitted herein.
Round key expansion algorithm is briefly introduced below:
The round key of the first round in Encryption Algorithm is generated by descrambling key by round key expansion algorithm, and next roundRound key is generated by last round of round key by round key expansion algorithm;Similarly, the wheel of the first round in decipherment algorithm is closeKey is actually the last round key in Encryption Algorithm, and the round key of next round is close by taking turns by the last round of round key usedWhat key expansion algorithm generated.That is, in the algorithm, round key is also that each wheel operation with Encryption Algorithm synchronously calculates generation's.Since the operation and generation of the round key also belong to well-known technique, therefore description is omitted herein.
It is for a better understanding of the present invention, by taking SM4 algorithm as an example, to be carried out to the encrypting and decrypting process of symmetry algorithm aboveBrief description, but the explanation not indicates that symmetry algorithm of the present invention is defined in SM4 algorithm.AES, DES, SMS4 etc.Other symmetry algorithms also include similar algorithm structure, and belong to well-known technique, therefore in this detailed description will be omitted.
In the following, detailed description of embodiments of the present invention referring to attached drawing.
Fig. 1 is the explanatory diagram for showing the data encrypting and deciphering device 100 of the embodiment of the present invention.The data encrypting and deciphering device 100With write data encryption device 101 and read data decryption apparatus 102.Wherein, write data encryption device 101, to being writtenThe data of writing of memory 116 are encrypted;The reading data decryption apparatus 102, for the ciphertext number read from memory 116According to being decrypted.
It includes: to write key scrambler 103,107 and of write address scrambler that the embodiment of the present invention, which writes data encryption device 101,Write data encryptor 105.Writing data encryption device 101, there are three input signals: writing data, i.e., the plaintext number that encryptedAccording to;The specified address that will be write data and memory is written of write address, i.e. system;And key, i.e., system it is specified for pairWrite the key that data are encrypted.Writing data encryption device 101, there are two output signals: ciphertext data, i.e., by writing data encryptionDevice completes encrypted data to data are write;And scrambling write address, i.e., write address system specified by write address scramblerAfter being scrambled according to scheduled algorithm, ciphertext data will be actually written into the address of memory.
It is described to write key scrambler 103, based on system specify by write data write-in memory when write address, to closeKey carries out scrambling calculating, generates new for the descrambling key writing data and being encrypted.The key scrambler 103 of writing will be defeatedThe address information that enters carries out such as hash transformation, then carries out linear transformation or nonlinear transformation together with key and to export scrambling closeKey writes data for encrypting.Descrambling key will be different with address information change as a result, realize the key of address one.?This, is not particularly limited to the scrambled algorithm of key progress is write, can according to need using arbitrary scrambling algorithms.
Write data encryption equipment 105 carries out scheduled transformation based on the descrambling key for writing the generation of key scrambler 103Afterwards or directly as the first round round key for being encrypted to clear data come using, clear data is encrypted, it is rawAt ciphertext data.In order to promote encryption intensity, writing data encryptor can be used symmetry algorithm such as DES/AES/SM4 scheduling algorithmEcb mode.Symmetry algorithm structure is usually more wheel operations, if DES algorithm is 16 wheel operations, the wheel fortune of aes algorithm 10,12,14It calculates, SM4 algorithm supports 32 wheel operations.In addition, writing data encryptor in the present embodiment using stream to promote data throughputThe encryption of a packet data can be performed in waterline technology, each clock cycle.
In addition, delay is written caused by cryptographic calculation in order to reduce, it is more using every grade of flowing water execution to write data encryptor 105The method for taking turns operation.Fig. 4 is the figure that the pipelining used to the present invention is illustrated.In fig. 4 it is shown that 32 wheel SM4Algorithm, every grade of flowing water execute the example of two-wheeled (round) operation.Specifically, in the first order flowing water operation of cryptographic calculation,System deploys associated hardware resource etc., so that simultaneously for being handled using the preceding two-wheeled operation of round key rk0, rk1, theAfter the completion of the operation of level-one flowing water, the trigger of the first level production line is triggered, the data then obtained for its operation result, thenThe second level flowing water operation for using round key rk2, rk3 is executed, and so on, round key is used in the 16th level production lineRk30, rk31, which are calculated, obtains data output.Practical every grade of flowing water executes how many wheel operations, and those skilled in the art can rootIt is set according to the work dominant frequency and production technology etc. of writing data encryptor 105, such as meets timing requirements in calculation resourcesUnder the premise of, most bull wheel number can be supported to calculate, i.e., only level-one flowing water, 32 wheel operations of execution also can be set as needed 32 gradesFlowing water, every grade executes 1 wheel operation.
Summary will be handled above are as follows: write data encryptor 105 and carried out based on scrambling using by the symmetry algorithm of N wheel operationIt calculates, and using the pipelining with M grades, executes N/M in each stage and take turns operation, wherein N is 2 integral multiple natural number, MIt is the approximate number of N.
Referring to (A) of Fig. 3, the course of work of write data encryption equipment 105 is described in detail.Fig. 3 be withFor 32 wheel SM4 algorithms.By taking first round operation as an example, firstly, to be encrypted is write data according to defined rule in advance, exampleSuch as, divided according to every 128bit, by using 128bit be one group of X0, X1, X2, X3 marked off, tetra- groups of data as input, baseIn by by key scrambler scrambling after descrambling key carry out as defined in transformation obtain the round key rK0 of the first round (can alsoWithout transformation, directly using descrambling key as the round key rK0 of the first round) carry out first round operation.Specifically, it will take turns closeKey rk0 and data X1, X2, X3 carry out the nonlinear operation of symbol " T " expression, by the result obtained by the nonlinear operation withX0 carries out linear operation represented by symbol "+", obtains one group of new data X4, completes the operation of the first round.Then, then withX1, X2, X3 and data X4The operation of next round is continued based on the round key rk1 of the second wheel for input.Specifically,The nonlinear operation that round key rk1 and data X2, X3, X4 are carried out to symbol " T " expression, by what is obtained by the nonlinear operationAs a result linear operation represented by symbol "+" is carried out with X1, obtains one group of new data X5, to complete the operation of the second wheel.Next again with X2, X3, X4 and data X5 for input, the round key rk2 based on next round continues the fortune of next roundIt calculates.Such interative computation, until carry out 32 wheel operations after, generate (X32, X33, X34, X35), finally to it is generated (X32,X33, X34, X35) replacement Treatment is carried out, finally obtain the ciphertext data (Y0, Y1, Y2, Y3) for memory to be written.
Wherein, in addition to the round key rK0 of the first round, the round key that the round key of each round is all based on previous round is advisedObtained from fixed operation, for example, rK1 is to be obtained by rK0 by defined operation, rk2 is to be obtained by rK1 by regulation operationArrive ... ... and so on, last round key rK31 is to be obtained by rK30 by defined operation.Due to the process of algorithm aboveBelong to well-known technique, therefore omits more detailed description herein.
In addition, the write address scrambler 107, the address information of the write address for specifying to system carries out for example linearTransformation or nonlinear transformation and obtain a new address so that ciphertext data are actually written into storage according to the new addressDevice upsets the object of write-in memory so that the practical address being written into of ciphertext data is different from the originally specified write address of systemAddress is managed, attack difficulty is increased.
New key is generated it is found that scramble to key based on write address by above, to realize an addressOne key, and conceal actual ciphertext data writing address.The security intensity of data protection is greatly strengthened as a result,.In addition, 103 generated one groups of descrambling keys of key scrambler of writing for writing data encryption device of the invention can be used for protecting notWith the data block of size, so that the flexibility of data protection increases.
The scrambling write address of the ciphertext data and the output of write address scrambler of writing the output of data encryptor 105 is synchronized to exportMemory is written according to timing sequence process to storage control.
Even if also can it should be noted that write data encryption device 101 does not have write address scrambler 107The encryption of realization data, therefore the essential features of the write address scrambler 107 and non-present invention, but a kind of preferred implementationMode.
Above writing writes key scrambler 103, writes data encryptor 105, write address possessed by data encryption device 101Scrambler 107 is only to illustrate, however it is not limited to which the constituted mode and specific algorithm mentioned in text, those skilled in the art can of courseIt is encrypted as needed using other Encryption Algorithm etc. in the case where understanding technical idea of the invention.
Next, illustrating the reading data decryption apparatus 102 of the present embodiment.Data decryption apparatus 102 is read to be used for from storageThe ciphertext data that device 116 is read are decrypted.
Referring to Fig.1, the reading data decryption apparatus 102 of the present embodiment includes reading key scrambler 104, reading key preprocessor108, read address scrambler 106, reading data decryptor 110.
Reading data decryption apparatus 102, there are three input information: read address, i.e. system it is specified for from memory read toThe address of the ciphertext data of decryption;The specified key for reading data to be decrypted of key, i.e. system;And from memoryThe ciphertext data to be decrypted read.
Reading data decryption apparatus 102, there are two output informations: scrambling read address specifies system by read address scramblerRead address scrambled according to scheduled algorithm after, the practical address that ciphertext data are read from memory;And by readingAccording to the clear data after decryptor decryption.
The read address reading key scrambler 104 and being provided based on system, the key provided system carry out scrambling calculating,Generate the descrambling key for the ciphertext data to be decrypted.In one embodiment, reading key scrambler 104 can be withThe key scrambler 103 of writing being described above uses identical logical algorithm, that is, reads key scrambler 104 and is based on specifying with systemEncrypted stored data originally when the identical read address of write address address information, according to identical as key scrambler 103 is writeLogical algorithm, scrambling calculating is carried out to key identical with the key that uses when encryption, to obtain and write key scramblerThe 103 identical descrambling keys of descrambling key generated, the decryption for ciphertext data.It configures in this way, enables to systemThe management of key and write address, read address is become simply, system resource can be saved.
When the N of the symmetry algorithm of N that system uses wheel operation is 1, it can be directly based upon and read the output of key scrambler 104Operation is decrypted in descrambling key.Such as the reading data decryptor 110 utilizes the descrambling key, when executing and encrypting originallyOpposite inverse operation is encrypted, ciphertext data to be decrypted.
In addition, adding when system using such as SM4 algorithm based on the symmetry algorithm for taking turns operations more with data above-mentioned of writingClose device 105 accordingly, reads data decryptor 110 and calculating also is decrypted using the symmetry algorithm based on N wheel operation, but due to readingLast round key when used first round round key actually corresponds to encryption is decrypted in data decryptor 110, therefore needsPrecompute end round key rK31.Certainly, which is also possible to take turns at the end generated in data encryption process closeAfter key rK31 is saved, directly transfers and use in decryption.
In the present embodiment, the descrambling key next life provided by reading key preprocessor 108 based on reading key scrambler 104At the round key rK31 for first round decryption operation.
By taking (B) of Fig. 3 as an example, the course of work for reading data decryptor 110 is briefly described.Fig. 3 is with 32 wheel SM4For algorithm.It reads key preprocessor 108 and carries out 32 wheel operations based on the descrambling key that key scrambler 104 provides is read, obtainTo the first round key rK31 for ciphertext data to be decrypted.Then, add for what is exported according to read address scrambler 106Read address is disturbed (that is, the read address specified to system carries out the ciphertext data obtained after scrambling transformation actually depositing in memoryStorage address) four groups of data X35, X34, X33, X32 reading from memory are by writing data encryptor 105 (that is, with originally being generatedCiphertext data Y0, Y1, Y2, Y3 are corresponding), by the line that round key rK31 and data X34, X33, X32 are carried out to symbol " T " expressionProperty operation, the result and X35 that then will be obtained again by the linear operation carry out nonlinear operation represented by "+", countedAccording to X31, the operation of the first round is completed.Then continue the fortune of next round using the X31 and X34, X33, X32 and rK30 as object againIt calculates.Specifically, the linear operation that round key rK30 and data X33, X32, X31 are carried out to symbol " T " expression, then will pass throughThe result and X34 that the linear operation obtains carry out nonlinear operation represented by "+", obtain data X30, to complete the second wheelOperation.Then continue the operation of next round using the X30 and X33, X32, X31 and rK29 as object again.So iterative calculationAfter 32 wheels, data (X3, X2, X1, X0) is obtained.Backward processing is carried out to the data (X3, X2, X1, X0), finally obtains plaintext numberAccording to (M0, M1, M2, M3).
Wherein, similar with ciphering process, in addition to the round key rK31 of the first round, the round key of each round is all based on previousObtained from the round key of wheel carries out defined operation, for example, rK30 is to be obtained by rK31 by defined operation, rk29 isObtained by rK30 by regulation operation ... ... and so on, last round key rK0 is to be obtained by rK1 by defined operation.Since the process of algorithm above belongs to well-known technique, therefore more detailed description is omitted herein.
As described above, either in DES still in other symmetry algorithms such as SM4, it is every since the first round in encryptionWheel requires a round key for this wheel encryption;And when decryption, and since the first round, every wheel requires a useIn the round key of this wheel decryption.By taking the symmetry algorithm of 32 wheel operations as an example, 32 round key rk0- are successively used in ciphering processRk31, and backward uses these round key, i.e. rk31-rk0 in decrypting process, that is, it is different from ciphering process, it is needed in decryptionThe key for being equivalent to the last round key rK31 of ciphering process is first calculated, therefore obtains decrypting used first round round key needWant the regular hour.It is raw due to the complexity of algorithm itself especially in the symmetry algorithm based on more wheel operations such as SM4 algorithmNeeding for 64 periods when needing for 32 periods at encryption round key, and generating decryption round key, (calculating a wheel operation with each cycle isExample), which can consume the regular hour.
It is close in reading in the past in addition, the regular hour also can be expended when reading data from memory 116 known to previousFirst round round key needed for calculating its decryption after literary data again, then the time needed for the two is added, and data deciphering is caused to prolongWhen it is longer.
For the efficiency for improving data deciphering, the embodiment of the present invention, which is equipped with, reads key preprocessor, is reading ciphertext dataMeanwhile first round round key needed for as the reading key preprocessor calculating data deciphering, thus improve the effect of decryption processingRate shortens the delay of data deciphering.That is, the generation wheel that the reading key preprocessor 108 for reading data decryption apparatus 102 is carried out is closeKey movement with from memory reading ciphertext data movement carry out parallel, preferably read out from memory 116 it is to be decryptedBefore or while the movement of ciphertext data is completed, reads key preprocessor 108 and complete whole N wheel operations, obtain for ciphertextThe first round round key that data are decrypted.For memories such as DRAM, NandFlash, read access time of return is deposited according to differenceReservoir has differences, as long as reading the hardware resource etc. needed for key pretreatment calculates according to the suitably distribution such as performance of memory,So that it is before obtaining read ciphertext data or is completed at the same time the calculating of the first round round key for decryption.SpecificallyFor, read key preprocessor based on the descrambling key reading key scrambler 104 and providing, converted according to scheduled rule andObtain round key rK0 (or round key rK0 can also be then based on directly using descrambling key as round key rK0), according toDefined operation obtains round key rK1 and obtains the first round round key for being decrypted after such iteration executes 32 wheelsrK31.It reads data decryptor 110 and is based on the foregoing decryption operation of round key rk31 progress.Due to the calculating of each round keyBelong to well-known technique, therefore details are not described herein.
In the present embodiment, as writing data encryptor 105 with what is be described above, in reading key preprocessor 108Pipelining can be used, each cycle is supported to generate one group of decryption round key, to promote data throughput, adapt to one-time pad keyRequirement.That is, reading key preprocessor can be used the pipelining with K grades, N/K is executed in each stage and takes turns operation,Wherein, N is 2 integral multiple natural number, and K is the approximate number of N.In addition, reading data decryptor also can be used the assembly line skill with L gradesArt executes N/L in each stage and takes turns operation, wherein N is 2 integral multiple natural number, and L is the approximate number of N.Here, writing data encryptor105 pipeline series, the pipeline series for reading key preprocessor 108 and the pipeline series for reading data decryptor 110It may be the same or different.The pipeline series of preferred write data encryptor 105 and the assembly line for reading data decryptor 110Series is identical.Those skilled in the art can be according to the work dominant frequency and life read key preprocessor 108, read data decryptor 110Production. art etc. is set, such as under the premise of calculation resources meet timing requirements, and most bull wheel number can be supported to calculate, that is, only hadLevel-one flowing water, execute SM4 algorithm all 32 takes turns operation, also can be set as needed 32 grades of flowing water, and every grade only carries out 1 wheel fortuneIt calculates.
The round key reading data decryptor 110 and being generated using key preprocessor 108, to the ciphertext state of inputOperation is decrypted in the progress of ciphertext data as shown in (B) of Fig. 3, and output is in plain text.
In addition, reading data decryption apparatus 102 has read address scrambler 106, it is used to read ciphertext to what system providedThe read address of data carries out scrambling calculating according to the algorithm of regulation, generates scrambling read address, so that real according to the scrambling read addressBorder reads ciphertext data from memory 116.In one embodiment, the read address scrambler 106 of data decryption apparatus 102 is readScrambling algorithms can be identical as the write address scrambler 107 of data encryption device 101 is write, that is, write address scrambler 107 is by predeterminedScrambling write address is generated after the write address scrambling that algorithm specifies system, so that ciphertext data are by practical according to the scrambling write addressMemory is written, and when the ciphertext data are read out and be decrypted, read address scrambler 106 system is specified with work asThe just read address of write address system when encryption, is scrambled according to algorithm identical with write address scrambler 107, to obtainScrambling read address identical with scrambling write address when ciphertext data are actually written into memory originally, i.e. ciphertext data are storingActual storage address in device, thereby, it is possible to accurately read the ciphertext data.It configures in this way, enables to system pairThe management of write address and read address becomes that simply, system resource can be saved.
Storage control 114 is used to control the read and write access to memory, generates the control signal for being directed to memory interfaceDeng access of the adaptation to memory 116.
Writing data encryption device 101 and reading data decryption apparatus 102 in data encrypting and deciphering device 100 of the invention usesSymmetrical enciphering and deciphering algorithm, and different address corresponds to different keys, thus stores to the data of DRAM, Nand Flash memorizerImplement protection.
It in the above description, is that explanation writes data encryption device 101 and reads data decryption apparatus 102 respectively, the two canTo be respectively set in different chip or equipment, but the two also can integrate and be integrated, and fill as a data encrypting and decipheringIt sets to use.At this point, being filled if making to write writing key scrambler 103 and reading data deciphering in data encryption device 101 as previously describedIt sets reading key scrambler 104 in 102 and uses identical scrambling algorithms, then the two can be independently arranged, can also be byA device or module are shared, such as is arranged to time-multiplexed mode.In addition, write address scrambler ought be made as described above107 and read address scrambler 106 using identical scrambling algorithms when, the two can be independently arranged, can also be with shared oneA device or module, such as it is arranged to time-multiplexed mode.
Fig. 2 shows a variations of such data encrypting and deciphering device.Data encrypting and deciphering device shown in Fig. 2In 200, writing key scrambler 103 and reading key scrambler 104 in Fig. 1 is shared as key scrambler 204, by write addressScrambler 107 and read address scrambler 106, which share, becomes address scrambler 206, will write data encryptor 105 and reads data decipheringDevice 110, which shares, becomes data encrypting and deciphering device 210, and has two link roads from key scrambler 204 to data encrypting and deciphering device 210Diameter, that is, pass straight through to the first path of data encrypting and deciphering device 210 from key scrambler 204, and be connected to from key scrambler 204Key preprocessor 208, then it is connected to from key preprocessor 208 second path of data encrypting and deciphering device 210.
When to writing data and encrypting, it is controlled such that first path is effective, the scrambling that key scrambler 204 exportsKey is provided directly to data encrypting and deciphering device 210, carries out foregoing data encryption processing;And to from memory 116When the ciphertext data of reading are decrypted, it is controlled such that the second path is effective, the descrambling key that key scrambler 204 exportsIt is provided to key preprocessor 208, executes the foregoing processing for generating the first round round key for decryption, the generationFor decryption first round round key be exported to data encrypting and deciphering device 210, carry out at foregoing ciphertext data decipheringReason.
In example deformed above, two link roads are provided between key scrambler 204 and data encrypting and deciphering device 210Diameter switches connection path according to encrypting different with the process of decryption.In another variation, can also only it be arranged above-mentionedSecond path, but in data encryption to be carried out, so that key preprocessor is for example executed vacancy reason, i.e., key scrambler 204 is defeatedDescrambling key out is not directly output to data encrypting and deciphering device 210 with carrying out any processing by key preprocessor 208;Another partyFace is controlled such that key preprocessor 208 effectively works, executes aforementioned in the decryption processing of ciphertext data to be carried outGeneration for decryption first round round key processing.
In addition, embodiments of the present invention are also possible to a kind of data encryption storage system comprising: it is above-mentioned to write dataEncryption device, and for the memory for being write the encrypted ciphertext data of data encryption device by this to be written.
In addition, embodiments of the present invention can also be a kind of storing data decryption system comprising: it is stored with aforementionedThe memory and reading data decryption apparatus above-mentioned for writing the encrypted ciphertext data of data encryption device, for ciphertextData are decrypted.
In addition, embodiments of the present invention can also be a kind of data-storage system, comprising: data encrypting and deciphering dress above-mentionedIt sets, for storing the memory of ciphertext data, and controls the storage control of the read-write of the memory.
In addition, embodiments of the present invention can also be a kind of data ciphering method, data are write to memory to be writtenEncrypted comprising: write key scrambling step, based on by write data write-in memory when write address, to key carry outScrambling calculates, and generates new for the descrambling key writing data and being encrypted;And data encryption step is write, it is close using scramblingKey is encrypted to data are write, and generates ciphertext data.
In addition, data ciphering method as described above of the invention, is also possible to, further includes: write address scrambling step, it is rightWrite address carries out scrambling calculating, generates scrambling write address and ciphertext data write step, according to scrambling write address by ciphertext numberAccording to write-in memory.
In addition, embodiments of the present invention can also be a kind of data encryption/decryption method comprising: to memory to be writtenThe data encryption process writing data and being encrypted, and to the ciphertext data for having been carried out the encryption read from memory intoThe data decrypting process of row decryption;Wherein, the data encryption process and the data decrypting process are used based on N wheel operationSymmetry algorithm, wherein N is 2 integral multiple natural number;The data encryption process includes: to write key scrambling step, based on describedThe write address that data are write when being written into the memory carries out scrambling calculating to key is write, generates for write dataKey is write in the scrambling encrypted, and writes data encryption step, and writing key with the scrambling is the wheel for carrying out first round encryptionKey carries out N wheel cryptographic calculation to write data and generates the ciphertext data;The data decrypting process includes: that reading is closeKey scrambling step carries out scrambling calculating to key is read based on the read address for reading the ciphertext data from the memory,It generating the scrambling for the ciphertext data to be decrypted and reads key, key pre-treatment step reads key based on the scrambling,The round key for carrying out first round decryption is generated, and reads data decryption step, using described for carrying out first round decryptionRound key, to the ciphertext data carry out N wheel decryption operation and generate decryption after clear data.
In addition, embodiments of the present invention can also be following data decryption method, it is used to add to by aforementioned dataThe ciphertext data that decryption method has encrypted are decrypted, comprising: read address scrambling step, to identical as write address when encrypting originallyRead address, carry out scrambling calculating according to algorithm identical with write address scrambling step, generate scrambling read address;Ciphertext data are readStep is taken, reads ciphertext data from memory according to scrambling read address;Key scrambling step is read, read address is based on, key is pressedIt is calculated according to algorithm identical with key scrambling step was write originally, the decryption generated for ciphertext data to be decrypted is closeKey;And data decryption step is read, using decruption key, the ciphertext data that ciphertext data reading step is read out are executed and worked asThe opposite inverse operation of the encryption of data encryption step is write, just to be decrypted.
In addition, data decryption method as described above of the invention can use base in the reading data decryption stepThe key is scrambled in the symmetry algorithm of N wheel operation, and using the pipelining with L grades, is executed in each stageN/L takes turns operation, wherein N is 2 integral multiple natural number, and L is the approximate number of N.
In addition, data decryption method as described above of the invention can also have key pre-treatment step, the keyPre-treatment step and the ciphertext data reading step carry out parallel, and before the completion of ciphertext data reading step orMeanwhile reading key scrambling step and completing all N wheel operations, the first round wheel obtained for ciphertext data to be decrypted is closeKey.
Data encryption device, reading data decryption apparatus and data encrypting and deciphering device, data are write disclosed in this patent adds solutionDecryption method can be used for multiple memorizers, and memory feature is the write request of write access and to write data time sequence compact, and read access is readRequest and reading returned data have certain time interval, by that can save from reading using reading key pretreatment is carried out this periodTotal time required for ciphertext data to ciphertext data.
Data encrypting and deciphering device of the present invention can also be integrated into inside storage control, close to context endMouthful, or near-bottom port memory is leaned on, constitute data-storage system.Another way is data encrypting and deciphering of the present inventionDevice can also be set to outside storage control, be docked with storage control, and data-storage system is constituted.It is of the present inventionMemory can be hard disk, DDR memory, the various adaptable memories such as NVMFlash memory, DRAM.
In data encrypting and deciphering device of the invention, Encryption Algorithm and decipherment algorithm are conciliate suitable for all symmetric encipherment algorithmsClose algorithm.Write that data encryptor, to read data decryptor, the pipelining used in key preprocessor and algorithm wheel number poorDifferent, working frequency, physics realization are different and variant, and pipeline series for example can be N, N/2, N/4 series etc., and (N is algorithmTake turns number).
The reading key scrambler in the present invention and to write key scrambler descrambling key generated be based on writing groundLocation and generate, data protection can be carried out using different descrambling key for different write addresses, a group key can be used for protectingProtect the data block of arbitrary size.
Key preconditioning technique in the present invention can be adapted for arriving using standalone module in read ciphertext dataBefore, complete the usage scenario that first round decryption round key generates.
More than, referring to above embodiment, the present invention is described, but the present invention is not limited to above-mentioned each embodiment partyFormula, is appropriately combined or replaces for the structure of each embodiment and be also contained within the present invention.In addition, being based on this fieldThe knowledge the case where sequence of the combination of each embodiment or processing capable of suitably being adapted or various design alterationsDeng deformation be appended to each embodiment, be added such embodiment deformed can also be contained in the scope of the present invention itIt is interior.