CN112398641A

Movatterモバイル変換

Info

Publication number: CN112398641A
Application number: CN202011282787.7A
Authority: CN
Inventors: 叶新忠
Original assignee: Shanghai Guiyao Information Technology Co ltd
Current assignee: Shanghai Guiyao Information Technology Co ltd
Priority date: 2020-11-17
Filing date: 2020-11-17
Publication date: 2021-02-23

Abstract

The invention discloses an application method of an AES encryption algorithm on an encryption chip, which comprises the following steps: s1, obtaining a fuse value and a trimming value of a chip; s2, setting an AES encryption algorithm; s3, setting an image anti-interference encryption algorithm; s4, setting an encryption algorithm for preventing the code from being maliciously tampered; s5, taking the fuse wire value and the trimming value as parameters of the algorithms in S2, S3 and S4, and calculating the key of the chip by using the algorithms in S2, S3 and S4, wherein the key of the chip is unique; s6, writing the fuse value, the trimming value and the secret key of the chip into the chip. The invention adjusts the parameters of the chip algorithm by writing the trimming value and the fuse value of the chip into the chip, because the trimming value and the fuse value of each chip have slight difference in the actual production process, the trimming value and the fuse value are written into the chip as the parameters of the calculation key algorithm, thereby ensuring the uniqueness of the key of the chip and improving the safety and reliability of the chip during encryption.

Description

Application method of AES encryption algorithm on encryption chip

Technical Field

The invention belongs to the technical field of encryption algorithms, and particularly relates to an application method of an AES (advanced encryption standard) encryption algorithm on an encryption chip.

Background

The basic process of data encryption is to process the original file or data in plain text according to a certain algorithm to make it become an unreadable segment of code as "ciphertext", so that the original content can be displayed only after inputting the corresponding key, and the purpose of protecting the data from being stolen and read by an illegal person is achieved through the way. The reverse process of the process is decryption, i.e. the process of converting the encoded information into the original data), however, various methods based on the AES encryption algorithm applied to the encryption chip in the market still have various problems.

As disclosed in the publication No. CN109376543A, the AES-based database encryption method, although it is implemented to set the encryption strength, the key length, and the key period according to the data attributes by using the AES algorithm, does not solve the problems of the existing AES-based application method of the encryption algorithm to the encryption chip: the chip is not convenient to encrypt by utilizing the trimming value and the fuse wire value of the chip, the safety and the reliability of the chip are reduced, in addition, when the chip is encrypted, the operation speed of the chip is reduced, the image is not convenient to resist interference, and the code cannot be effectively prevented from being maliciously tampered, so that an application method based on an AES encryption algorithm on the encryption chip is provided.

Disclosure of Invention

The invention aims to provide an application method of an encryption chip based on an AES encryption algorithm, so as to solve the problems in the background technology.

In order to achieve the purpose, the invention provides the following technical scheme: an application method based on an AES encryption algorithm on an encryption chip comprises the following steps:

s1, obtaining a fuse value and a trimming value of a chip;

s2, setting an AES encryption algorithm;

s3, setting an image anti-interference encryption algorithm;

s4, setting an encryption algorithm for preventing the code from being maliciously tampered;

s5, taking the fuse wire value and the trimming value as parameters of the algorithms in S2, S3 and S4, and calculating the key of the chip by using the algorithms in S2, S3 and S4, wherein the key of the chip is unique;

s6, writing the fuse value, the trimming value and the secret key of the chip into the chip.

Preferably, the trimming value in S1 is the trimming value of the current, voltage or resistance of the analog circuit of the chip during the test, and the trimming value of the chip is unique, wherein the analog circuit includes one or more of LDO, BRG or OSC circuits.

Preferably, the fuse value in S1 is a fuse value of a fuse in a chip, and the fuse value is obtained in a test process, and the fuse value of the chip is unique.

Preferably, the setting of the AES encryption algorithm in S2 includes the steps of:

s21, performing round key addition on the input plaintext according to the input initial key to obtain an initial ciphertext;

s22, round key processing is carried out according to the initial key to obtain a first key, wherein the round key processing has N clock cycles, and each clock cycle corresponds to M rounds of key generation operation;

s23, performing first encryption processing according to the initial ciphertext to obtain a first ciphertext, wherein the first encryption processing has N clock cycles, and each clock cycle corresponds to M times of circulative iterative operation;

and S24, carrying out second encryption processing according to the first ciphertext and the first key to obtain a final ciphertext corresponding to the plaintext.

Preferably, the step of setting the image anti-interference encryption algorithm in S3 includes the following steps:

s31, constructing an original handwriting volume data set and preprocessing an image;

s32, encrypting the original handwriting volume data set by using an image encryption technology based on matrix transformation to construct encrypted data;

s33, constructing a generating type confrontation network and training by utilizing an original data set, wherein the network comprises a generator and a discriminator;

s34, constructing a convolutional neural network and respectively training by using an original data set and an encrypted data set;

s35, label prediction of handwritten image data is conducted on the basis of the trained convolutional neural network and the generating countermeasure network.

Preferably, in S31, a handwritten digital image data set and a label set including different writing situations and writing habits are created, the data set is preprocessed, the preprocessing process is to graye the color image, the graying is performed by a three-component weighted average method, and the grayscale image is normalized to a uniform size.

Preferably, in S32, an encryption matrix is constructed by using an image encryption technique based on matrix transformation, and the original handwriting volume data set is encrypted, so that the size of the encrypted image matrix is consistent with the size of the original image matrix, thereby obtaining an encrypted data set.

Preferably, in S34, a seven-layer convolutional neural network is constructed, where the network includes an input layer, two convolutional layers, two pooling layers, a full-link layer, and an output layer, the original data set and the encrypted data set are input during training, after basic parameters and specifications of the network are set, a fixed number of samples are selected and input into the convolutional neural network each time, an actual label of the training sample can be obtained at the output layer, the actual output is compared with the label to obtain a residual error, and the network weight and bias are adjusted by combining a back propagation algorithm.

Preferably, the step of setting an encryption algorithm for preventing the code from being maliciously tampered in S4 includes the following steps:

s41, dividing original system software into a boot program and an application program;

s42, modifying the original project entry address to other positions in the flash, and placing the boot program at the beginning of the flash;

s43, compiling an original project to obtain an executable binary code, and respectively programming the boot program and the application program into a flash of a main control chip;

and S44, judging whether the system needs to be upgraded or not by the boot program, executing the application program if the system does not need to be upgraded, and entering the upgrading program if the system needs to be upgraded.

Preferably, the step S44 includes the following steps:

modifying the application program, increasing read-write operation on the main control chip which can not be programmed, and testing the robustness of a new application program;

encrypting the application program by using an encryption algorithm corresponding to the decryption algorithm of the boot program;

thirdly, the encrypted application program is placed on a network server for downloading by an embedded system;

step four, the embedded system is electrified and detects that a new version which can be upgraded exists, then the embedded system enters the upgrading process of the boot program, and a code which is put on the network server is downloaded;

fifthly, the boot program decrypts the downloaded encrypted application program codes, and the decrypted application program codes are firstly put into an RAM (random access memory) so as to be convenient for being written into a flash for preparation in the next step;

and step six, burning the source code of the decrypted application program into the flash of the main control chip by the boot program.

Compared with the prior art, the invention has the beneficial effects that:

(1) the invention adjusts the parameters of the chip algorithm by writing the trimming value and the fuse value of the chip into the chip, because the trimming value and the fuse value of each chip have slight difference in the actual production process, the trimming value and the fuse value are written into the chip as the parameters of the calculation key algorithm, thereby ensuring the uniqueness of the key of the chip and improving the safety and reliability of the chip during encryption.

(2) The AES encryption algorithm provided by the invention can greatly reduce the clock period consumed by a complete AES encryption algorithm flow by finishing at least two iterations in the AES encryption algorithm flow in one clock period, thereby greatly improving the operation speed of a single AES operation unit.

(3) The anti-interference image encryption algorithm provided by the invention is used for constructing and preprocessing handwritten image data, encrypting the handwritten image data by using the encryption algorithm, constructing and training a generating type countermeasure network and a convolutional neural network, and realizing the judgment of an interfered image through label prediction.

(4) The encryption algorithm for preventing the code from being maliciously tampered is arranged in the invention, and the code is encrypted and protected through the RSA algorithm, so that the code can be effectively prevented from being maliciously tampered, and the function of protecting the system per se is realized.

Drawings

FIG. 1 is a block flow diagram of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Referring to fig. 1, the present invention provides a technical solution: an application method based on an AES encryption algorithm on an encryption chip comprises the following steps:

s1, obtaining a fuse value and a trimming value of a chip;

s2, setting an AES encryption algorithm;

s3, setting an image anti-interference encryption algorithm;

In this embodiment, preferably, the trimming value in S1 is a trimming value of a current, a voltage, or a resistance of an analog circuit of the chip during the test, and the trimming value of the chip is unique, where the analog circuit includes one or more of an LDO circuit, a BRG circuit, or an OSC circuit.

In this embodiment, preferably, the fuse value in S1 is a fuse value of a fuse in a chip, and the fuse value is obtained in a test process, and the fuse value of the chip is unique.

In this embodiment, preferably, the setting of the AES encryption algorithm in S2 includes the following steps:

In this embodiment, preferably, the setting of the image anti-interference encryption algorithm in S3 includes the following steps:

In this embodiment, in S31, it is preferable that a handwritten digital image data set and a label set including different writing situations and writing habits are created, the data set is preprocessed, the preprocessing process includes graying the color image, the graying is performed by a three-component weighted average method, and the grayscale image is normalized to a uniform size.

In this embodiment, in S32, it is preferable that an encryption matrix is constructed by using an image encryption technique based on matrix transformation, and the original handwritten volume data set is encrypted, so that the size of the encrypted image matrix is the same as the size of the original image matrix, and an encrypted data set is obtained.

In this embodiment, preferably, in S34, a seven-layer convolutional neural network is constructed, where the network includes an input layer, two convolutional layers, two pooling layers, a full-link layer, and an output layer, the original data set and the encrypted data set are input during training, after basic parameters and specification of the network are set, a fixed number of samples are selected and input into the convolutional neural network each time, an actual label of the training sample can be obtained at the output layer, the actual output is compared with the label to obtain a residual error, and the network weight and bias are adjusted by combining a back propagation algorithm.

In this embodiment, preferably, the setting of the encryption algorithm for preventing the code from being maliciously tampered in S4 includes the following steps:

In this embodiment, preferably, the step S44 includes the following steps:

The working principle and the advantages of the invention are as follows: the parameters of the chip algorithm are adjusted by writing the trimming value and the fuse value of the chip into the chip, and because the trimming value and the fuse value of each chip have slight difference in the actual production process, the trimming value and the fuse value are written into the chip as the parameters of the calculation key algorithm, so that the uniqueness of the key of the chip is ensured, and the safety and reliability of the chip during encryption are improved; the AES encryption algorithm provided by the invention can greatly reduce the clock period consumed by a complete AES encryption algorithm flow by finishing at least two iterations in the AES encryption algorithm flow within one clock period, thereby greatly improving the operation speed of a single AES operation unit; the anti-interference image encryption algorithm provided by the invention is used for constructing and preprocessing handwritten image data, encrypting the handwritten image data by using the encryption algorithm, constructing and training a generating type countermeasure network and a convolutional neural network, and realizing the judgment of an interfered image through label prediction; the encryption algorithm for preventing the code from being maliciously tampered is arranged in the invention, and the code is encrypted and protected through the RSA algorithm, so that the code can be effectively prevented from being maliciously tampered, and the function of protecting the system per se is realized.

Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims

1. An application method based on an AES encryption algorithm on an encryption chip is characterized by comprising the following steps:

s1, obtaining a fuse value and a trimming value of a chip;

s2, setting an AES encryption algorithm;

s3, setting an image anti-interference encryption algorithm;

2. The method according to claim 1, wherein the method comprises the following steps: the trimming value in S1 is the trimming value of the current, voltage or resistance of the analog circuit of the chip during the test, and the trimming value of the chip is unique, the analog circuit includes one or more of LDO, BRG or OSC circuits.

3. The method according to claim 1, wherein the method comprises the following steps: and the fuse value in the S1 is the fuse value of the fuse in the chip, the fuse value is obtained in the test process, and the fuse value of the chip is unique.

4. The method according to claim 1, wherein the method comprises the following steps: the setting of the AES encryption algorithm in S2 includes the steps of:

5. The method according to claim 1, wherein the method comprises the following steps: the step of setting the image anti-interference encryption algorithm in the step S3 includes the following steps:

6. The method according to claim 5, wherein the method comprises the following steps: in S31, a handwritten digital image data set and a label set are created that include different writing situations and writing habits, and the data set is preprocessed by graying the color image by a three-component weighted average method and then normalizing the grayscale image to a uniform size.

7. The method according to claim 5, wherein the method comprises the following steps: in S32, an encryption matrix is constructed by using an image encryption technique based on matrix transformation, and the original handwriting volume data set is encrypted, and the size of the encrypted image matrix is consistent with that of the original image matrix, so as to obtain an encrypted data set.

8. The method according to claim 5, wherein the method comprises the following steps: and in the step S34, constructing a seven-layer convolutional neural network, wherein the network comprises an input layer, two convolutional layers, two pooling layers, a full-link layer and an output layer, an original data set and an encrypted data set are respectively input during training, a fixed number of samples are selected and input into the convolutional neural network each time after basic parameters and specifications of the network are set, an actual label of a training sample can be obtained at the output layer, the actual output is compared with the label to obtain a residual error, and the weight and the bias of the network are adjusted by combining a back propagation algorithm.

9. The method according to claim 1, wherein the method comprises the following steps: the setting of the encryption algorithm for preventing the code from being maliciously tampered in S4 includes the following steps:

10. The method according to claim 9, wherein the method comprises the following steps: the step of S44 includes the following steps: