The block cipher algorithm mainly includes Data Encryption Standard (DES) algorithm, Triple DES (3DES) algorithm, Advanced Encryption Standard (AES) algorithm, International Data Encryption Algorithmic (IDEA) and SMS4 algorithm published by the State Cryptography Administration of China. The key components for implementing block cipher algorithm are key expansion unit, encryption unit and sub-key array storage unit. Wherein, the key expansion unit and the encryption unit have similar internal structure, which mainly includes a data registration component and a data conversion component.
The data registration component mainly employs a universal trigger for registering data. During a clock period, the data registered by the component will not be changed. The universal trigger is a data registration device which inputs the data on the data input port to the output port of the trigger at the rising edge or falling edge of a clock period; but at other moments, the data on the output port of the trigger will not be changed.
The data conversion component is a component for data processing according to block cipher algorithm, for example, a component for data processing according to SMS4 cipher algorithm. The operation carried out by the data conversion component has only one synthetic replacement as specified by the cipher algorithm.
The sub-key array storage unit is adapted to store a sub-key array. In the existing technology, the sub-key array is generally a data array that is preconfigured before the encryption and decryption processing and generated by a key expansion unit. In SMS4 cipher algorithm, the data of a sub-key array storage unit are arranged in the order of addresses and may be named as rk0, rk1 . . . rk31.
At present, the process for the data encryption and decryption process according to the SMS4 cipher algorithm includes two independent stages: key expansion stage and data encryption stage. As shown in FIG. 1, first of all, a key expansion unit expands a key to a sub-key array and stores it in a sub-key array storage unit according to the precedence order, and then an encryption unit accomplishes the data encryption by using the sub-key array generated by the key expansion unit.
A) Key Expansion Stage
1) Inputting an External Key to Data Registration Component of the Key Expansion Unit
After a preliminary processing, the external key is input to the data registration component 100 of the key expansion unit for registration.
2) Data Conversion
The data registered in the data registration component 100 of the key expansion unit are input to the data conversion component 101 of the key expansion unit for conversion, and sub-keys are obtained.
3) Data Iteration
The data after the previous conversion processing are stored in the data conversion component 100 of the key expansion unit, and at the same time, the sub-keys obtained are stored in the first line of the sub-key array storage unit 2, then the data registered in the data registration component 100 of the key expansion unit are again input to the data conversion component 101 of the key expansion unit for data conversion, and the sub-keys obtained after processing are stored in the next line of sub-key array storage unit 2, and the data conversion processing is repeated 32 time, thus a sub-key array of 32×32 bit=1024 bit is obtained.
B) Data Encryption Stage
1) Inputting External Data to the Data Registration Component of the Encryption Unit
External data are input to the data registration component 300 of an encryption unit for registration.
2) Data Conversion
The data registered in the data registration component 300 of the encryption unit are input to the data conversion component 301 of the encryption unit, and at the same time, the data corresponding to the first line of the sub-key array stored in sub-key array storage unit 2 are input to the data conversion component 301 of the encryption unit for conversion.
3) Data Iteration
The data after the previous data conversion processing are registered in the data registration component 300 of the encryption unit, then the data registered in the data registration component 300 of the encryption unit are again input to the data registration component 301 of the encryption unit, and at the same time, the sub-keys at the next line of the sub-key array storage unit 2 are also input to the data conversion component 301 of the encryption unit for data conversion again, and the processing is repeated 32 times and the final data processing result is obtained.
In the above encryption algorithm, 32 clock periods are needed to process a set of data and the efficiency is low. To solve this problem, the processing efficiency can be improved by increasing the number of data conversion components, for example, in the solution shown in FIG. 2, a set of data of 128 bit may be processed in 16 clock periods.
In the existing technology, the sub-key array storage component is a necessary component. If a register is employed in an integrated circuit to implement the sub-key array storage component of 1024 bit, a logical resource of about 10,000 gates are consumed (in the solution of FIG. 1, the total resource consumption is about 25,000 gates), which occupies about 40% of the total resources, thus the implementation cost is very high.