基于复合域运算的AES密码电路优化设计方法研究

发布时间：2018-03-17 12:29

  本文选题：AES　切入点：面积优化　出处：《南京航空航天大学》2016年博士论文　论文类型：学位论文

【摘要】：信息安全的核心是密码技术,高级加密标准(Adavanced Encryption Standard,AES)作为最新的分组密码算法,已被广泛应用于信息安全的各个领域,包括无线传感网和射频识别技术(Radio Frequency Identification,RFID)等资源受限场合。然而如何在这种低成本、低功耗、资源受限的硬件平台上实现AES密码算法,给电路设计带来新的挑战。论文针对资源受限的应用领域,研究基于复合域运算的AES密码电路优化设计方法,降低加密电路面积和延时。在AES密码电路的算法级,重点解决了公共项消除(Common Subexpression Elimination,CSE)算法优化过程中的延时控制、最优GF((2~4)~2)域乘法逆结构、GF(((2~2)~2)~2)乘法逆运算单元之间的公共项(Common Subexpressions,CSs)消除等关键问题,在结构级研究了基于复合域的S盒与行移位、列混合之间的运算合并方法,在系统级研究了面向ZigBee节点芯片的AES-CCM*协处理器实现方法。论文主要工作与创新点如下。基于最短路径二叉树结构理论,研究了CSE优化过程中的延时控制方法,解决了CSE算法在优化过程中容易造成延时增加问题。首先根据最短路径二叉树构造理论,从数学形式证明消除CSs会增加路径长度,并得出一个保持最短路径不变的充分非必要条件。根据这个充分非必要条件,提出了最短路径CSE(Shortest Path CSE,SPCSE)算法,在CSs消除过程中保持各个输出信号的路径长度不变。在SPCSE基础上,提出了基于最短路径二叉树构造理论的延时敏感CSE(Delay Aware CSE,DACSE)算法,DACSE算法能够在给定延时约束条件下对CSs消除,不仅扩大了CSs选择范围,提高了面积优化效率,还能够给出从最小电路面积到最小关键路径延时之间更广泛的面积—延时折衷设计。针对目前GF((2~4)~2)域S盒结构单一,电路实现面积和延时都较大的问题,全面分析了GF((2~4)~2)域乘法逆结构,提出了一种短延时GF((2~4)~2)域S盒电路,降低了电路延时。分析了GF(2~4)域乘法逆和GF(2~4)乘法器的电路特点,提出了基于AND-XOR阵列结构的GF(2~4)域乘法逆单元和乘法器单元,减少了电路实现面积和延时。在此基础上,分析了不可约多项式和基对GF((2~4)~2)乘法逆和映射矩阵硬件复杂度的影响,基于最优映射矩阵和最优乘法逆结构构造出短延时GF((2~4)~2)S盒电路结构。为消除GF(((2~2)~2)~2)乘法逆运算单元之间的冗余逻辑,提出了基于DACSE分组联合优化方法,减少了GF(((2~2)~2)~2)S盒电路实现的面积和延时。根据GF(((2~2)~2)~2)乘法逆结构特点,对乘法逆中的运算单元进行分组,推导出各个运算单元在GF((2~2)~2)域上的逻辑表达式,采用DACSE对每个分组内的运算单元分别进行联合优化和单独优化。优化之后的GF(((2~2)~2)~2)S盒进一步减少了电路面积和延时。研究了复合域S盒、行移位和列混合之间的运算合并方法,提出了基于运算合并的轮变换电路优化设计方法,以进一步减少AES电路实现的面积和延时。首先推导了列混合运算中乘常数的矩阵形式,根据轮变换公式将复合域S盒与行移位、列混合进行合并。基于DACSE算法,对合并矩阵进行联合优化。最后,基于分时复用方法实现了AES加/解密复用电路,相比于加密电路和解密电路的单独实现,AES加/解密复用电路减少了28.12%电路面积,与未采用任何优化技术的AES加/解密复用电路相比,基于运算合并和联合优化的AES加/解密复用电路减少了46.06%电路面积。在AES密码电路优化设计基础上,提出了一个面向ZigBee节点芯片的基于单个AES处理单元的AES-CCM*协处理器架构。基于单个AES处理单元完成了ZigBee安全模式中的AES-CCM*运算和ZigBee密钥传输协议中的HMAC运算,有效减小了ZigBee系统中的资源开销。
[Abstract]:Is the core of the information security encryption technology, advanced encryption standard (Adavanced Encryption Standard, AES) as a new block cipher algorithm, has been widely used in various fields of information security, including wireless sensor network and RFID (Radio Frequency Identification, RFID) and other resource constrained occasions. However in this low cost low power consumption, implementation of AES algorithm for resource constrained hardware platform, which brings new challenges to the circuit design. Aiming at the application of limited resource, optimization of AES cipher circuit design method based on composite field arithmetic, reduce the encryption circuit area and delay. In the algorithm level AES password circuit, mainly to solve the public elimination (Common Subexpression Elimination CSE) control algorithm in the process of optimizing delay, the optimal GF ((2~4) ~2) multiplicative inverse structure (GF ((2~2) ~2) ~2) multiplicative inverse unit Between the public (Common Subexpressions, CSs) key issues to eliminate, in the structure level of composite domain S box and line shift based on the combined method of mixed column operation between, at the system level of AES-CCM* co processor for ZigBee node chip implementation method. The main work and innovations are as follows. The theory of the two shortest path tree structure based on delay control method of CSE in the optimization process, CSE algorithm is solved easily in the optimization process caused by the increased delay problem. According to the two shortest path tree structure theory, from the mathematical form of proof elimination of CSs will increase the length of the path and get a shortest path keep unchanged sufficient but not necessary. According to the sufficient but not necessary condition, put forward the shortest path CSE (Shortest Path CSE, SPCSE CSs) algorithm, in the elimination process to keep the output signal path length Variable. On the basis of SPCSE, we propose a delay sensitive CSE shortest path tree is constructed based on the theory of two (Delay Aware CSE DACSE) algorithm, DACSE algorithm can eliminate the CSs at a given delay constraint conditions, not only to expand the CSs range of choices, improve the area optimization efficiency, but also be able to give the minimum circuit area to the minimum critical path delay of the broader area and delay tradeoff design. Aiming at the GF ((2~4) ~2) S box single structure, circuit area and delay are big problems, a comprehensive analysis of the GF ((2~4) ~2) multiplicative inverse structure, this paper presents a short delay ((GF 2~4) ~2) S box circuit, reduces the circuit delay. Analysis of GF (2~4) multiplicative inverse and GF (2~4) circuit characteristic multiplier, put forward the structure of AND-XOR array based on GF (2~4) multiplicative inverse unit and multiplier unit, reduce the area and delay circuit. On the basis of, 鍒嗘瀽浜嗕笉鍙�绾﹀�氶」寮忓拰鍩哄�笹F((2~4)~2)涔樻硶閫嗗拰鏄犲皠鐭╅樀纭�浠跺�嶆潅搴︾殑褰卞搷,鍩轰簬鏈，

本文编号：1624748