CN1833399B - Ryan Doll block cipher device and its encryption/decryption method - Google Patents

Abstract

Disclosed are a rijndael block cipher apparatus including an operation unit and an encryption/decryption method thereof, which efficiently perform round operations for encryption/decryption of the rijndael block cipher. The rijndael block cipher device is installed in mobile terminals such as cellular phones and PDAs or smart cards, which require high-speed and small-sized cryptographic processors, and can encrypt and decrypt important data requiring security at high speed, and about from 128 bits The upper 64 bits and lower 64 bits of the input data split perform round operations. Therefore, the cryptographic device can reduce the time required to encrypt/decrypt the rijndael block cipher and the size of the device.

Description

Ryan Doll block cipher device and its encryption/decryption method

technical field

The present invention generally relates to a rijndael block cipher (cipher) device and an encryption/decryption method thereof, and more particularly to a rijndael block installed in a cellular phone, a PDA, a smart card, etc. and capable of high-speed encryption and decryption of important data requiring security A cryptographic device and an encryption/decryption method thereof.

Background technique

The Rijndael algorithm is a symmetric key encryption algorithm developed by Belgian encryption developers Joan Daemen and Vincent Rijmen, and then selected by the US NIST (National Institute of Standards and Technology) as the new AES (Advanced Encryption) in or around October 2000 standard).

The rijndael algorithm supports variable block lengths of the SPN (Substitution-Permutation Network) structure, and enables the use of 128-bit, 192-bit, and 256-bit keys with respect to each block length.

The number of rounds in the rijndael algorithm is determined by the key length, and where 128-bit blocks are used, 10, 12, and 14 rounds are recommended for 128-bit, 192-bit, and 256-bit keys, respectively.

It has recently been known that the rijndael algorithm does not pose a security problem even if a key of 128 bits is used, and therefore, research on hardware implementation of the rijndael algorithm using a key having a length of 128 bits has been underway.

Because the rijndael algorithm encrypts/decrypts data used for rijndael block encryption/decryption by repeated round operations, and is specially provided to support variable block lengths of the SPN structure, the encryption process of the rijndael block cipher is different from its decryption process. Usually, the round operation for the encryption process of the rijndael block cipher contains four transformations: substitution (substitution), row shift (shift_row), mix column (mixcolumn) and add round key (add-round-key), and use The round operation in the decryption process consists of four transformations: inverse row shift, inverse permutation, addition of round key and unmix column. Depending on the method of performing these transformations, round operations for the rijndael block cipher require different times and hardware resources to be used, and the method of further performing transformations is critical to the performance of the rijndael cipher processor. Therefore, it is important to reduce the amount of hardware resources required to implement round operations and the time required to perform round operations.

Contents of the invention

Accordingly, the applicant has developed a rijndael block cipher device and an encryption/decryption method including an operation unit that efficiently performs round operations for encrypting/decrypting the rijndael block cipher.

The object of the present invention is to solve the problems involved in the prior art and provide a rijndael block cipher device and its encryption/decryption method, which is installed in mobile terminals such as cellular phones and PDAs or smart cards, which require high speed and small size cryptography processor, and it is capable of high-speed encryption and decryption of important data requiring security.

In order to achieve the above object, the rijndael block cipher device according to the embodiment of the present invention includes: a round operation unit for converting a 128-bit input key into a 128-bit round key for encryption or decryption, and performing an encryption or decryption operation from the input After the start signal and the mode signal, input the round operation start signal, the round number signal and the bit selection signal to divide the 128-bit input data into upper 64 bits and lower 64 bits and select the upper or lower 64 bits, according to the value storage of the mode signal 128-bit round key, by splitting 128-bit input data into upper 64 bits and lower 64 bits, and by performing row shifting, permutation, mixing columns and adding round keys on the split upper 64 bits and lower 64 bits, respectively The round operation of transformation, to encrypt 128-bit input data, and by dividing the 128-bit input data into high 64 bits and low 64 bits, and performing anti-row shift, inverse The round operation of permutation, adding round key and anti-column mixed transformation to decrypt 128-bit input data; the round operation control unit is used to input the 128-bit input data from the input encryption or decryption operation start signal and mode signal The data is divided into high 64 bits and low 64 bits and the bit selection signal of high or low 64 bits, the round operation start signal and the round number signal are sent to the round operation unit to control the round operation of the round operation unit; the 64-bit data register is used intermediate encryption or decryption data for storing the upper 64 bits of input data generated during each round operation performed by the round operation unit; and a 128-bit data register for storing the lower 64 bits generated during each round operation performed by the round operation unit The intermediate encrypted or decrypted data of the 64-bit input data is taken as its lower 64 bits, and the encrypted or decrypted data generated as a result of the previous round operation and stored in the 64-bit data register is stored as its upper 64 bits.

In order to achieve the above object, the rijndael block encryption method according to the first embodiment of the present invention includes the following steps: after inputting the encryption or decryption operation start signal and the mode signal through the bus, input the four-clock round operation start signal and the round operation start signal from the round operation control unit The round number signal, then according to the value of the mode signal input through the bus when the first clock from the round operation start signal becomes '1', the round key generation unit of the round operation unit converts the 128-bit input key into a 128-bit The round key is used for encryption, and the 128-bit round key is stored in the internal 128-bit round key register; if the four-clock round operation start signal and the bit selection signal are input from the round operation control unit, then when the first clock becomes When '1', the row shift/inverse row shift transformation unit performs the byte shift of the high 64-bit data of the 128-bit input data input through the bus, and outputs the byte-shifted high byte through the first multiplexer 64-bit data, and the permutation/reverse permutation transformation unit continuously performs the permutation of the upper 64-bit data, outputs the permuted high-64-bit data to the first demultiplexer, and stores the permuted high-64 bits in the 64-bit data register Data; when the second clock of the round operation start signal becomes '1', the column mixing/inverse column mixing conversion unit performs the encryption output output through the first demultiplexer and stored in the 64-bit data register Column mixing of the high 64-bit data, output the high 64-bit data of the column mixing transformation to the second demultiplexer, and store the high 64-bit data of the column mixing transformation in the 64-bit data register, row shift/reverse row shift The bit transformation unit simultaneously performs the byte shift of the lower 64-bit data of the 128-bit input data input through the bus, and outputs the byte-shifted lower 64-bit data through the first multiplexer, and the replacement/reverse replacement conversion unit Continuously perform the replacement of the lower 64-bit data, output the replaced lower 64-bit data to the first demultiplexer, and store the replaced lower 64-bit data in the lower 64 bits of the 128-bit data register; when the round operation starts signal When the third clock becomes '1', the adding round key transformation unit will add the high 64-bit data outputted by the encryption output terminal of the second demultiplexer and stored in the 64-bit data register to the round encryption The upper 64-bit round key generated by the key generation unit, and the added upper 64-bit data is stored in the upper 64 bits of the 128-bit data register, and the column mixing/anti-column mixing transformation unit is simultaneously performed by the first demultiplexing The encrypted output terminal of the device outputs and stores the column mix of the lower 64-bit data in the 128-bit data register, outputs the lower 64-bit data converted by the column mix to the second demultiplexer, and stores the lower 64-bit data in the 128-bit data register The lower 64-bit data of the column mix transformation is stored in the bit; and when the fourth clock of the round operation start signal becomes '1', the addition round key transformation unit will output through the encryption output of the second demultiplexer and stored in the 128-bit data register The lower 64-bit data in the register is added to the lower 64-bit round key generated by the round key generation unit, and the added lower 64-bit data is stored in the lower 64 bits of the 128-bit data register.

In order to achieve the above object, the rijndael block decryption method according to the first embodiment of the present invention includes the following steps: after inputting the encryption or decryption operation start signal and the mode signal through the bus, input the four-clock round operation start signal and the round operation start signal from the round operation control unit The round number signal, then according to the value of the mode signal input through the bus when the first clock from the round operation start signal becomes '1', the round key generation unit of the round operation unit converts the 128-bit input key into a 128-bit The round key is used for encryption, and the 128-bit round key is stored in the internal 128-bit round key register; if the four-clock round operation start signal and the bit selection signal are input from the round operation control unit, then when the first clock becomes When '1', the row shift/reverse row shift transformation unit performs the reverse byte shift of the upper 64-bit data of the 128-bit input data input through the bus, and outputs the reverse byte shift through the first multiplexer The upper 64-bit data of the upper 64 bits, and the permutation/inverse permutation transformation unit continuously performs the inverse permutation of the upper 64-bit data, outputs the upper 64-bit data of the inverse permutation to the first demultiplexer, and stores the inversion in the 64-bit data register Permuted high 64-bit data; when the second clock of the round operation start signal becomes '1', the addition round key conversion unit will output through the decryption output of the first demultiplexer and store in the 64-bit data The upper 64-bit data in the register is added to the upper 64-bit round key generated by the round key generation unit, and the added upper 64-bit data is output to the third demultiplexer, and stored in the 64-bit data register. The added high 64-bit data, the row shift/reverse row shift transformation unit simultaneously performs the byte reverse shift of the low 64-bit data of the 128-bit input data input through the bus, and outputs the byte through the first multiplexer The lower 64-bit data of the reverse shift, and the replacement/reverse replacement transformation unit continuously performs the reverse replacement of the lower 64-bit data, outputs the lower 64-bit data of the reverse replacement to the first demultiplexer, and in the 128-bit data register The lower 64 bits of the reverse permutation are stored in the lower 64 bits of the data; when the third clock of the round operation start signal becomes '1', the column mixing/anti-column mixing conversion unit performs decryption through the third demultiplexer The output terminal outputs and stores the high 64-bit data in the 64-bit data register, and outputs the high-order 64-bit data through the second demultiplexer, and the high-order 64-bit data in the 128-bit data register Store the high 64-bit data of anti-column mixed transformation, and add the round key transformation unit to add the low 64-bit data that is output by the decryption output terminal of the first demultiplexer and stored in the 128-bit data register to the The low 64-bit round key generated by the round key generation unit outputs the added low 64-bit data through the third demultiplexer, and stores the added low 64-bit data in the low 64 bits of the 128-bit data register ; and when the fourth clock of the round operation start signal becomes When '1', the column mixing/anti-column mixing transformation unit performs the anti-column mixing of the lower 64-bit data output through the decryption output terminal of the third demultiplexer and stored in the 128-bit data register. The multiplexer outputs the lower 64-bit data of the inverse-column mixing transformation, and stores the lower 64-bit data of the inverse-column mixing transformation in the lower 64 bits of the 128-bit data register.

In order to achieve the above object, the rijndael block encryption method according to the second embodiment of the present invention includes the following steps: after inputting the encryption or decryption operation start signal and the mode signal through the bus, input the three-clock round operation start signal and the round operation start signal from the round operation control unit The round number signal, then according to the value of the mode signal input through the bus when the first clock from the round operation start signal becomes '1', the round key generation unit of the round operation unit converts the 128-bit input key into a 128-bit The round key is used for encryption, and the 128-bit round key is stored in the internal 128-bit round key register; if the three-clock round operation start signal and the bit selection signal are input from the round operation control unit, then when the first clock becomes When '1', the row shift/inverse row shift transformation unit performs the byte shift of the high 64-bit data of the 128-bit input data input through the bus, and outputs the byte-shifted high byte through the first multiplexer 64-bit data, and the permutation/reverse permutation transformation unit continuously performs the permutation of the upper 64-bit data, outputs the permuted high-64-bit data to the first demultiplexer, and stores the permuted high-64 bits in the 64-bit data register Data; when the second clock of the round operation start signal becomes '1', the column mixing/inverse column mixing conversion unit performs the encryption output output through the first demultiplexer and stored in the 64-bit data register The columns of the high 64-bit data are mixed, and the high 64-bit data of the output column mixing transformation is sent to the second demultiplexer, and the round key conversion unit is continuously added to the high 64-bit data generated by the round key generation unit The high 64-bit round key, and the added high 64-bit data is stored in the 64-bit data register, and the row shift/inverse row shift transformation unit simultaneously performs the conversion of the low 64-bit data of the 128-bit input data input through the bus The byte is shifted, and the byte-shifted low 64-bit data is output through the first multiplexer, and the permutation/reverse permutation transformation unit continuously performs permutation of the low 64-bit data, and outputs the permuted low 64-bit data to the first multiplexer A demultiplexer, and store the permuted lower 64-bit data in the lower 64 bits of the 128-bit data register; and when the third clock of the round operation start signal becomes '1', add and then store in 64 The 64-bit data in the bit data register is stored in the upper 64 bits of the 128-bit data register, and the column mixing/reversing column mixing transformation unit is simultaneously executed and output through the encrypted output of the first demultiplexer and stored in the 128-bit data register The columns of the lower 64-bit data are mixed, and the lower 64-bit data of the output column mixed transformation is sent to the second demultiplexer, and the adding round key conversion unit continuously adds the lower 64-bit data to the generated by the round key The lower 64-bit round key generated by the unit, and the added lower 64-bit data are stored in the lower 64 bits of the 128-bit data register.

In order to achieve the above object, the rijndael block decryption method according to the second embodiment of the present invention includes the following steps: if the encryption or decryption operation start signal and the mode signal are input through the bus, input the three-clock round operation start signal and the round operation start signal from the round operation control unit The round number signal, then according to the value of the mode signal input through the bus when the first clock from the round operation start signal becomes '1', the round key generation unit of the round operation unit converts the 128-bit input key into a 128-bit The round key is used for encryption, and the 128-bit round key is stored in the internal 128-bit round key register; if the three-clock round operation start signal and the bit selection signal are input from the round operation control unit, then when the first clock becomes When '1', the row shift/reverse row shift transformation unit performs the reverse byte shift of the upper 64-bit data of the 128-bit input data input through the bus, and outputs the reverse byte shift through the first multiplexer The upper 64-bit data of the upper 64 bits, and the permutation/inverse permutation transformation unit continuously performs the inverse permutation of the upper 64-bit data, outputs the upper 64-bit data of the inverse permutation to the first demultiplexer, and stores the inversion in the 64-bit data register Permuted high 64-bit data; when the second clock of the round operation start signal becomes '1', the addition round key conversion unit will output through the decryption output of the first demultiplexer and store in the 64-bit data The upper 64-bit data in the register is added to the upper 64-bit round key generated by the round key generation unit, and the added upper 64-bit data is output to the third demultiplexer, column mixing/inverse column mixing transformation unit Continuously perform the anti-column mixing of the added upper 64-bit data, output the upper 64-bit data of the anti-column mixing transformation through the second demultiplexer, and store the upper 64 bits of the anti-column mixing transformation in the 64-bit data register The data, row shift/reverse row shift transformation unit simultaneously performs the byte reverse shift of the low 64-bit data of the 128-bit input data input through the bus, and outputs the low byte reverse shift through the first multiplexer 64-bit data, and the permutation/reverse permutation transformation unit continuously performs the reverse permutation of the lower 64-bit data, outputs the reverse permuted lower 64-bit data to the first demultiplexer, and in the lower 64 bits of the 128-bit data register Store the low 64-bit data of reverse permutation; and when the third clock of the round operation start signal becomes '1', the adding round key conversion unit will output through the decryption output of the first demultiplexer and store in The lower 64-bit data in the 128-bit data register is added to the lower 64-bit round key generated by the round key generation unit, and the added lower 64-bit data is output to the third demultiplexer, column mixing/reverse column The mixed transformation unit continuously performs the anti-column mixing of the added lower 64-bit data, outputs the lower 64-bit data of the anti-column mixed transformation through the second demultiplexer, and stores the reversed in the lower 64 bits of the 128-bit data register. The lower 64-bit data of the column mixed transformation, and will be stored in the 64-bit data register at the same time The upper 64 bits of data in the register are stored in the upper 64 bits of the 128-bit data register.

In order to achieve the above object, the rijndael block encryption method according to the third embodiment of the present invention includes the following steps: after inputting the encryption or decryption operation start signal and the mode signal through the bus, input the two-clock round operation start signal and the round operation start signal from the round operation control unit The round number signal, then according to the value of the mode signal input through the bus when the first clock from the round operation start signal becomes '1', the round key generation unit of the round operation unit converts the 128-bit input key into a 128-bit The round key is used for encryption, and the 128-bit round key is stored in the internal 128-bit round key register; if the two-clock round operation start signal and the bit selection signal are input from the round operation control unit, then when the first clock becomes When '1', the row shift/inverse row shift transformation unit performs the byte shift of the high 64-bit data of the 128-bit input data input through the bus, and outputs the byte-shifted high byte through the first multiplexer 64-bit data, the permutation/reverse permutation transformation unit continuously performs the permutation of the high 64-bit data, outputs the permuted high 64-bit data to the first demultiplexer, and outputs the permuted high 64 bits through the first demultiplexer bit data, the column mixing/anti-column mixing transformation unit performs column mixing of the upper 64-bit data output through the encrypted output terminal of the first demultiplexer, and outputs the upper 64-bit data of the column mixing transformation to the second demultiplexer user, and the adding round key conversion unit continuously adds this high 64-bit data to the high 64-bit round key generated by the round key generation unit, and stores the added high 64-bit data in the 64-bit data register ; and when the second clock of the round operation start signal becomes '1', the row shift/inverse row shift conversion unit performs byte shift of the lower 64-bit data of the 128-bit input data input through the bus, and Output byte-shifted lower 64-bit data through the first multiplexer, and the permutation/reverse permutation transformation unit continuously performs permutation of the lower 64-bit data, and outputs the permuted lower 64-bit data to the first demultiplexer The column mixing/anti-column mixing transformation unit continuously performs the column mixing of the low 64-bit data, and outputs the low 64-bit data of the column mixing transformation to the second demultiplexer, and the round key transformation unit continuously converts this The lower 64-bit data is added to the lower 64-bit round key generated by the round key generation unit, and the added lower 64-bit data is stored in the lower 64 bits of the 128-bit data register, and will be stored in the 64-bit data register at the same time The upper 64 bits of data are stored in the upper 64 bits of the 128-bit data register.

In order to achieve the above object, the rijndael block decryption method according to the second embodiment of the present invention includes the following steps: after inputting the encryption or decryption operation start signal and the mode signal through the bus, input the two-clock round operation start signal and the round operation start signal from the round operation control unit The round number signal, then according to the value of the mode signal input through the bus when the first clock from the round operation start signal becomes '1', the round key generation unit of the round operation unit converts the 128-bit input key into a 128-bit The round key is used for encryption, and a 128-bit round key is stored in the internal 128-bit round key register; if a two-clock round operation start signal and a bit selection signal are input from the round operation control unit, then when the first clock becomes When '1', the row shift/reverse row shift transformation unit performs the reverse byte shift of the upper 64-bit data of the 128-bit input data input through the bus, and outputs the reverse byte shift through the first multiplexer The high 64-bit data of the high 64-bit data, the permutation/reverse permutation transformation unit continuously performs the reverse permutation of the high 64-bit data, and outputs the high 64-bit data of the reverse permutation to the first demultiplexer, and the round key transformation unit continuously converts The upper 64-bit data output by the decryption output of the first demultiplexer is added to the upper 64-bit round key generated by the round key generation unit, and the added upper 64-bit data is output to the third demultiplexer use device, and the column mixing/anti-column mixing transformation unit continuously performs the anti-column mixing of the added high 64-bit data, and outputs the high-order 64-bit data of the anti-column mixing transformation through the second demultiplexer, and in the 64-bit The data register stores the upper 64-bit data of the reverse-column mixed transformation; and when the second clock of the round operation start signal becomes '1', the row shift/reverse row shift transformation unit executes the 128-bit input through the bus The byte inverse shift of the low 64-bit data of the data, and the low 64-bit data of the byte inverse shift is output through the first multiplexer, and the permutation/reverse permutation transformation unit continuously performs the inverse permutation of the low 64-bit data, And output the low 64-bit data of anti-permutation to the first demultiplexer, add the round key conversion unit to continuously add the low 64-bit data output by the decryption output end of the first demultiplexer to the round encryption The low 64-bit round key generated by the key generation unit, and output the added low 64-bit data to the third demultiplexer, and the column mixing/reverse column mixing transformation unit continuously performs the reverse of the added low 64-bit data Column mixing, output the low 64-bit data of anti-column mixing transformation through the second demultiplexer, and store the low 64-bit data of anti-column mixing transformation in the low 64 bits of the 128-bit data register, and store the low 64-bit data in the 64-bit The upper 64 bits of data in the data register are stored in the upper 64 bits of the 128-bit data register.

Description of drawings

The above objects, other features and advantages of the present invention will become more apparent by illustrating preferred embodiments of the present invention with reference to the accompanying drawings, in which:

FIG. 1 is a view illustrating the construction of a rijndael block cipher device according to the present invention.

FIG. 2 is a view illustrating the configuration of a turn operation unit.

FIG. 3 is a view illustrating the configuration of a round key generation unit.

FIG. 4 is a first sequence diagram illustrating a method of encrypting a rijndael block cipher according to the present invention.

FIG. 5 is a first sequence diagram illustrating a method of decrypting a rijndael block cipher according to the present invention.

FIG. 6 is a second sequence diagram illustrating a method of encrypting a rijndael block cipher according to the present invention.

FIG. 7 is a second sequence diagram illustrating a method of decrypting a rijndael block cipher according to the present invention.

FIG. 8 is a third sequence diagram illustrating a method of encrypting a rijndael block cipher according to the present invention.

FIG. 9 is a third sequence diagram illustrating a method of decrypting a rijndael block cipher according to the present invention.

Detailed ways

Now, a rijndael block cipher device and an encryption/decryption method thereof according to preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings.

Referring to FIG. 1, the main purpose of the rijndael block cipher device according to the present invention is to: perform all round operations for encrypting and decrypting input data for rijndael block encryption/decryption in units of 64 bits; and perform simultaneous generation of round operations The round key required by the round operation.

For rijndael block encryption/decryption, after an encryption or decryption operation start signal "start" and a mode signal are input through the bus 200, a round operation start signal Round_start, a round number signal Round_number, and a bit selection signal sel are input for dividing 128-bit input data When the upper 64 bits and lower 64 bits are selected for each round operation, the round operation unit 100 converts the 128-bit input key into a 128-bit round key RK for encryption or decryption, and according to the mode signal The value stores the 128-bit round key.

If the value of the mode signal indicates '0', by dividing the 128-bit input data into upper 64 bits and lower 64 bits, and performing row shift (shift_row), permutation, column A round operation of mixing and adding round-key transformations, the round operation unit 100 encrypts 128-bit input data.

If the value of the mode signal indicates '1', by dividing the 128-bit input data into upper 64 bits and lower 64 bits, and performing a round including inverse row shift, inverse permutation, and addition on the upper 64 bits and lower 64 bits of the split, respectively A round operation of the transformation of the key and anticolumn mix, the round operation unit 100 decrypts 128-bit input data.

If the encryption or decryption operation start signal and the mode signal are input through the bus 200, when the encryption or decryption operation start signal and the mode signal are input, the round operation start signal Round_start, the round number signal Round_number and the bit selection signal are sent to the round operation unit 100. For dividing 128-bit input data into upper 64 bits and lower 64 bits and selecting upper or lower 64 bits for each round operation, the round operation control unit 300 controls the round operation of the round operation unit 100 .

The 64-bit data register 400 stores intermediate encrypted or decrypted data of upper 64-bit input data generated during each round operation performed by the round operation unit 100 .

The 128-bit data register 500 stores the intermediate encrypted or decrypted data of the lower 64-bit input data generated during each round operation performed by the round operation unit 100 as its lower 64 bits, and stores the result generated and stored as the last round operation The encrypted or decrypted data in the 64-bit data register 400 as its upper 64 bits.

2, if the round operation start signal and the round number signal are input from the round operation control unit 300, the round key generation unit 110 of the round operation unit 100 converts the 128-bit input key according to the value of the mode signal input through the bus 200. is the 128-bit round key RK and stores the 128-bit round key in the internal 128-bit round key register.

If the round operation start signal and the bit selection signal are input from the round operation control unit 300, then the row shift/inverse row shift conversion unit 120 of the round operation unit 100 performs the operation from the bus 200 according to the value of the mode signal input through the bus 200. The high 64 bits and low 64 bits of the byte shift of the input 128-bit input data division are different numbers, and the high 64 bits and low 64 bits of the byte shift are output through the first multiplexer 121, according to the bit selection signal The value of controls the output of this multiplexer.

The permutation/reverse permutation transformation unit 130 of the round operation unit 100 performs slave row shift/reverse row using a permutation box (S-box) or an inverse permutation box (SI-box) that provides one byte output with respect to one byte input The permutation or inverse permutation of the high 64-bit data and low 64-bit data output by the shift transformation unit 120 .

The first demultiplexer (demultiplexer) 140 of the round operation unit 100 converts from permutation/inverse permutation through any one of its encryption output '0' and its decryption output '1' according to the value of the mode signal. The upper 64-bit data or the lower 64-bit data output by the unit 130.

The column mixing/anti-column mixing transformation unit 150 of the round operation unit 100 performs the column mixing of the upper 64-bit data or the lower 64-bit data input through the encryption output terminal "0" of the first demultiplexer 140, or performs Add the inverse column mix of the upper 64-bit data or lower 64-bit data transformed by the round key.

The second demultiplexer 160 of the round operation unit 100 outputs from the column mixing/anti-column mixing transformation unit through any one of its encryption output terminal '0' and its decryption output terminal '1' according to the value of the mode signal 150 output high 64 bit data or low 64 bit data.

The addition round key transformation unit 170 of the round operation unit 100 converts the upper 64 bits input through the decryption output terminal '1' of the first demultiplexer 140 or the encryption output terminal '0' of the second demultiplexer 160 Data or lower 64-bit data is added to the 128-bit round key RK output from the round key generation unit 110 for encryption or decryption.

The third demultiplexer 180 of the round operation unit 100 outputs from the addition round key transformation unit 170 through any one of its encryption output '0' and its decryption output '1' according to the value of the mode signal The upper 64-bit data or the lower 64-bit data.

Referring to Fig. 3, the 128-bit pre-key register 111 of the round key generation unit 110 stores the 128-bit input key inputted through the bus 200 as a pre-key, and is used to convert the 128-bit input key into a key for encryption or decryption. 128-bit round key RK, and store the 128-bit round key RK generated after each round operation as a pre-key for generating the round key used in the next round operation.

The 128-bit round key register 111a of the round key generating unit 110 stores the 128-bit round key RK used for encryption or decryption for each round operation. In FIG. 3, after each round operation, the 128-bit round key RK to be stored in the 128-bit round key register 111a is backed up to the 128-bit pre-key register 111, and is used as the key in the next round operation. The round key (ie, pre-key) of the previous round.

The constant storage unit 112 of the round key generation unit 110 stores a constant value Rcon determined according to the order of the round indicated by the round number signal input from the round operation control unit 300 . Preferably, the constant storage unit 112 includes a ROM.

Control the second multiplexer 113 of the round key generating unit 110 according to the value of the mode signal input through the bus 200, and select and output the input data from the 128-bit pre-key register 111 and the 128-bit round key register 111a. Either of the 32-bit keys for encryption or decryption.

The shifter 114 of the round key generation unit 110 performs a cyclic shift to the left by one byte on the 32-bit key input through the second multiplexer 113 .

The permutation transformation unit 115 of the round key generation unit 110 includes a permutation box (S-box) for performing a permutation operation, and performs permutation on the 32-bit key shifted by the shifter 114 .

The first XOR gate 116 of the round key generation unit 110 performs an XOR operation of the most significant byte of the 32-bit key output from the permutation transformation unit 115 and the constant value stored in the constant storage unit 112 .

The round XOR operation unit 117 of the round key generation unit 110 stores in The 128-bit round key (i.e. pre-key) of the previous round in the 128-bit pre-key register 111 and the 128-bit round key RK of the new round stored in the 128-bit round key register 111a perform an XOR operation, For each round of the round operation, a 128-bit round key RK for encryption or decryption to be stored in the 128-bit round key register 111a is newly generated.

The second XOR gate 118 of the round XOR operation unit 117 generates the most effective 32-bit round key RK0 of the 128-bit round key by performing the XOR operation of the following two, for encryption or decryption of a new round: by The output bits of an XOR gate 116 are added to the 32-bit value obtained by permuting the remaining 24 bits of the most significant byte of the transformation unit 115; and the most significant 32-bit round key PK0 of the previous round's 128-bit round key.

The third XOR gate 118a of the round XOR operation unit 117 generates the 32-bit (that is, the 95th bit to the 64th bit) round key RK1 of the 128-bit round key by performing the XOR operation of the following two, using Encryption for the new round: the most significant 32-bit (i.e., 127th to 96th) round key RK0 of the 128-bit round key of the new round, and the most significant A 32-bit (ie, 95th bit to 64th bit) round key PK1 of 32 bits.

The third XOR gate 118a of the round XOR operation unit 117 also generates a 32-bit (i.e., 95th bit to 64th bit) round key RK1 of a 128-bit round key by performing an XOR operation of the following two, For decryption of the new round: the most significant 32 bits (i.e., bits 127 to 96) of the round key PK0 of the 128-bit round key of the previous round, and the next 32 bits of the most significant 32 bits (i.e. , the 95th bit to the 64th bit) round key PK1.

The third multiplexer 119 of the round XOR operation unit 117 is controlled according to the value of the mode signal input through the bus 200, and selectively determines the input signal of the third XOR gate 118a.

The fourth XOR gate 118b of the round XOR operation unit 117 generates the 32-bit (that is, the 63rd bit to the 32nd bit) round key RK2 of the 128-bit round key by performing the XOR operation of the following two, using Encryption for the new round: the 32-bit (i.e., 95th to 64th bits) round key RK1 of the 128-bit round key of the new round, and the 32 bits of the 128-bit round key of the previous round (i.e., 63rd bit to 32nd bit) round key PK2.

The fourth XOR gate 118b also generates a 32-bit (i.e., 63rd bit to 32nd bit) round key RK2 of the 128-bit round key for decryption of the new round by performing the XOR operation of the two : the 32-bit (i.e., 95th bit to 64th bit) round key PK1 of the 128-bit round key of the previous round, and the next 32-bit (i.e., 63rd bit to 32nd bit) round key Key PK2.

The fourth multiplexer 119a of the round XOR operation unit 117 is controlled according to the value of the mode signal input through the bus 200, and selectively determines the input signal of the fourth XOR gate 118b.

The fifth XOR gate 118c of the round XOR operation unit 117 performs the XOR operation of the following two: the 32-bit (i.e., the 63rd bit to the 32nd bit) round key RK2 of the 128-bit round key of the new round , and the 32-bit (i.e., 31st bit to 0th bit) round key PK3 of the 128-bit round key of the previous round, yielding the 32-bit (i.e., 31st bit to 0th bit) of the 128-bit round key bits) round key RK3, which is used for the encryption of the new round.

The fifth XOR gate 118c operates by performing an XOR of the 32-bit (i.e., 63rd bit to 32nd bit) round key PK2 of the previous round's 128-bit round key, and the next 32-bit round key PK2. bit (i.e., bit 31 to bit 0) round key PK3, which also generates a 32-bit (i.e., bit 31 to bit 0) round key RK3 of the 128-bit round key for the new Round decryption.

The fifth multiplexer 119b of the round XOR operation unit 117 is controlled according to the value of the mode signal input through the bus 200, and selectively determines the input signal of the fifth XOR gate 118c.

The rijndael block cipher device constructed as above according to the present invention performs encryption and decryption process as follows:

First, the encryption and decryption operations of the rijndael block cipher device will be explained with reference to FIGS. 1 and 2 .

If the round operation starts, the round key generation process is performed when an initial 128-bit input key is input to the round key generation unit 100 through the bus 200, and the 128-bit input data is input to the row shift/inverse row shift conversion unit 120.

At this time, the row shift/reverse row shift transformation unit 120 performs shift/reverse shift of different byte numbers as defined in the rijndael block cipher algorithm.

If the round operation control unit 300 sends a signal to select the upper 64 bits (sel='1'), then the row shift/inverse row shift conversion unit 120 outputs the upper 64 bits through the first multiplexer 121, and if the round operation The control unit 300 sends a signal to select the lower 64 bits (sel='0'), then the row shift/inverse row shift conversion unit 120 outputs the lower 64 bits through the first multiplexer 121 .

After performing the byte row shift/reverse row shift operation as described above, the high or low 64-bit data is input to the permutation/reverse permutation transformation unit 130, and is replaced by a permutation box (S-box) or an inverse permutation box (SI-box) box) performs permutation or inverse permutation of data. At this time, the S-box and SI-box serve as a permutation transformation unit, which outputs a byte output with respect to a byte input, as defined in the specification of the rijndael algorithm. Also, since it is sufficient for the permutation/inverse permutation transformation unit 130 proposed according to the present invention to process only 64 bits of data at a time, it requires only 8 S-boxes or 8 SI-boxes.

If the mode signal for selecting the encryption process (mode='0') is input through the bus 200 after performing the permutation/inverse permutation operation as described above, then the high or low 64-bit data passes through the encrypted output of the first demultiplexer 140 '0' is input to the column mixing/inverse column mixing transformation unit 150, and if the mode signal for selecting the decryption process (mode='1') is input through the bus 200, then the high or low 64-bit data passes through the first demultiplexer The decryption output '1' of 140 is input to the addition round key transformation unit 170 through the column mix/inverse column mix transform unit 150 .

If the mode signal that selects the encryption process (mode='0') is input through the bus 200, the 64-bit data that has passed through the column mixing/inverse column mixing transformation unit passes through the encryption output terminal '0' of the second demultiplexer 160 Input to the addition round key transformation unit 170, and if the mode signal for selecting the decryption process (mode='1') is input through the bus 200, then the 64 bits are output through the decryption output '1' of the second demultiplexer 160 The data is the result data of the round operation.

Similarly, if the mode signal for selecting the encryption process (mode='0') is input through the bus 200, the 64-bit data that has been added to the round key transformation unit 170 passes through the encryption output terminal '0 of the third demultiplexer 180 ' is output as a result of the round operation, and if the mode signal for selecting the decryption process (mode='1') is input through the bus 200, the 64-bit data is input through the decryption output '1' of the third demultiplexer 180 to Column blending/anti-column blending transformation unit 150 .

As described above, since the present invention intends to reduce the use of hardware resources by sharing common constituent elements in the encryption process and the decryption process, each transformation unit has the functions of encryption and decryption.

Meanwhile, generation of a round key for encryption or decryption required by encryption and decryption operations of the rijndael block cipher device according to the present invention and performed by the round key generation unit 100 will be described with reference to FIG. 3 .

If a 4-clock or 3-clock round operation start signal and a round number signal are input from the round operation control unit 300 to the round operation unit 100, the round operation starts.

If the round operation starts, the round key generating unit 110 starts generating the round key RK of a new round using the 128-bit round key (ie, pre-key) of the previous round stored in the 128-bit pre-key register 111 .

If a mode signal selecting encryption (mode = '0') is input via bus 200, the least significant 32 bits (PK3) of the previous round's 128-bit round key of the 128-bit pre-key register 111 are passed through the second multiplexer 113 is input to shifter 114.

In contrast, if a mode signal that selects decryption (mode='1') is input through the bus 200, the fifth XOR gate 118c performs an XOR operation of the lower 64 bits PK2 and PK3 of the round key of the previous round, and temporarily Store the 32 bits of the XOR as the least significant 32 bits RK3 of the new round key. At the same time, this value RK3 is input to the shifter 114 via the second multiplexer 113 .

The 32-bit key input to the shifter 114 is left-shifted by one byte, and then replaced by a permutation transformation unit 115 including 4 S-boxes.

As described above, the most significant 8-bit key of the permuted transformed 32-bit key is exclusive-ORed (XORed) by the first XOR gate 116 with a constant value Rcon according to the round number input from the round operation control unit 300 The order of the round indicated by the signal is determined. The resulting 8 bits output from the first XOR gate 116 are added to the remaining 24 bits output from the permutation transform unit 115 , and the added bits are input to the second XOR gate 118 of the round XOR operation unit 117 .

Especially by limiting the portion in which the constant value about the round number is XORed only with the upper 8 bits of the 32-bit data that has passed through the permutation transformation unit 115 during the round key generation process, an effect of hardware size reduction can be obtained. For this reason, the rijndael algorithm specification has described such a structure: generate 32-bit constant value about the number of rounds by filling 24-bit '0' to 8-bit constant value, then perform 32-bit constant value and 32 that have passed through permutation transformation unit 115 XOR operation of bit values.

Then, the second XOR gate 118 performs an XOR operation of the 32 bits obtained by adding the resulting 8 bits output from the first XOR gate 116 to the remaining 24 bits output from the permutation transform unit 115 , and the most significant 32-bit round key PK0 of the previous round, and store the result value of the XOR operation as the most significant 32-bit round key RK0 of the new round.

After generating the most significant 32-bit round key RK0 required for encryption or decryption of the new round as described above, the third XOR gate 118a, in the case of the encryption process, performs an XOR operation of the new round's most significant 32 bits Bit round key RK0 and the upper 32 bits (95th to 64th bits) round key PK1 of the previous round generate the next 32-bit round key RK1 of the new round. In the case of the decryption process, the third XOR gate 118a operates by performing the XOR operation of the most significant 32-bit round key PK0 of the previous round, and the next upper 32-bit round key PK1 of the previous round, The next 32-bit round key RK1 of the new round is generated.

At this time, the third multiplexer 119 determines the input value of the third XOR gate 118a based on the mode signal input through the bus 200 and indicating the encryption process or the decryption process.

After generating the 32-bit round key RK1 next to the most significant 32-bit round key RK0 of the new round as described above, the fourth XOR gate 118b and the fifth XOR gate 118b operated in the same manner as the third XOR gate 118a Gate 118c generates the next 32-bit round key RK2 and the least significant 32-bit round key RK3 for encryption or decryption. The fourth multiplexer 119a determines the input value of the fourth XOR gate 118b, and the fifth multiplexer 119b determines the input value of the fifth XOR gate 118c.

In particular, the time required to generate a 128-bit round key for a new round in units of 32 bits corresponds to the entire 4 clock cycles of the round operation start signal input from the round operation control unit 300 in the case of the encryption process, while in the decryption process case corresponds to a full 2 clock cycles.

In fact, when the first clock of the encryption round operation start signal becomes '1', the most effective 32-bit round key RK0 of a new round is generated through the second XOR gate 118, and whenever the second, second When the third and fourth clocks become '1', the third XOR gate 118a, the fourth XOR gate 118b and the fifth XOR gate 118c generate new round 32-bit round keys RK1, RK2 and RK3 respectively . Likewise, when the first clock of the decryption round operation start signal becomes '1', the most significant 32-bit round key PK0 of a new round is generated through the second XOR gate 118, and when the second clock becomes '1' 1', the third XOR gate 118a, the fourth XOR gate 118b and the fifth XOR gate 118c simultaneously generate new round 32-bit round keys RK1, RK2 and RK3.

In a case where a 3 clock round operation start signal is input from the round operation control unit 300 to the round operation unit 100, the round key generation unit 110 generates an encryption round key during 2 clock cycles.

At this time, when the first clock of the round operation start signal becomes '1', perform the most significant 32 bits (that is, the 127th bit to the 96th bit) round encryption of the 128-bit round key that generates a new round The process of key RK0.

If the second clock of the Round Operation Start signal goes '1', then by performing an XOR operation of: the most significant 32 bits (i.e., bits 127 through 96) of the new round's 128-bit Round Key bits) round key RK0 and the most significant 32-bit 32-bit round key PK1 of the previous round of 128-bit round key PK1, the third XOR gate 118a produces 32 bits of the 128-bit round key (i.e., 95 bits to 64th bits) the round key RK1 is used for the encryption of the new round.

PK1)——该结果值由新回合的128比特回合密钥的最高有效32比特(即，第127个比特到第96个比特)回合密钥RK0和紧接先前回合的128比特回合密钥的最高有效32比特回合密钥的32比特(即，第95个比特到第64个比特)回合密钥PK1的第三个XOR门的XOR操作得到——以及先前回合的32比特(即，第63个比特到第32个比特)回合密钥PK2，第四个XOR门118b产生128比特回合密钥的32比特(即，第63个比特到第32个比特)回合密钥RK2用于新回合的加密。At the same time, by performing an XOR operation of the following two: the resulting value (RK0

PK1) - This result value consists of the most significant 32 bits (i.e., bits 127 to 96) of the round key RK0 of the new round's 128-bit round key and the value of the immediately preceding round's 128-bit round key The XOR operation of the third XOR gate of the round key PK1 yields the 32 bits (i.e., 95th to 64th bits) of the most significant 32-bit round key—and the 32 bits of the previous round (i.e., the 63rd bits to the 32nd bit) round key PK2, the fourth XOR gate 118b generates 32 bits (i.e., the 63rd bit to the 32nd bit) round key RK2 of the 128-bit round key for the new round encryption.

PK1)——该结果值由已经由第三个XOR门118a异或的、新回合的128比特回合密钥的最高有效32比特(即，第127个比特到第96个比特)回合密钥RK0，与紧接先前回合的128比特回合密钥的最高有效32比特回合密钥的32比特(即，第95个比特到第64个比特)回合密钥PK1，进行第四个XOR门的XOR操作来得到——以及先前回合的32比特(即，第63个比特到第32个比特)回合密钥PK2，从而产生XOR操作的结果值(RK0

PK1

PK2)，然后通过执行结果值(RK0

PK1

PK2)和先前回合的32比特(即，第31个比特到第0个比特)回合密钥PK3的XOR操作，第五个XOR门118c产生128比特回合密钥的32比特(即，第31个比特到第0个比特)回合密钥RK3用于新回合的加密。At the same time, by performing an XOR operation of the following two: the resulting value (RK0

PK1) - This result value is formed by the most significant 32 bits (i.e., 127th bit to 96th bit) of the round key RK0 of the new round's 128-bit round key that has been XORed by the third XOR gate 118a , with the 32-bit (i.e., 95th to 64th bits) round key PK1 of the most significant 32-bit round key immediately preceding the 128-bit round key of the previous round, XORed by the fourth XOR gate to get - and the previous round's 32-bit (i.e., 63rd bit to 32nd bit) round key PK2, resulting in the resulting value of the XOR operation (RK0

PK1

PK2), and then pass the execution result value (RK0

PK1

PK2) and the 32 bits (i.e., the 31st bit to the 0th bit) round key PK3 of the previous round of XOR operation, the fifth XOR gate 118c produces 32 bits (i.e., the 31st bit) of the 128-bit round key bit to 0th bit) the round key RK3 is used for the encryption of the new round.

In a case where a 2-clock round operation start signal is input from the round operation control unit 300 to the round operation unit 100 , the round key generation unit 110 generates an encryption round key during one clock cycle.

At this time, when the round operation start signal is input and the clock is in the '0' state at the same time, the most significant 32 bits of the 128-bit round key (that is, the 127th bit to the 127th bit to the 96 bits) round key RK0 process.

If the first clock of the round operation start signal becomes '1', then by performing an XOR operation of: the most significant 32 bits (i.e., bits 127 to 96) of the new round's 128-bit round key bits) round key RK0 and the most significant 32-bit 32-bit round key PK1 of the previous round of 128-bit round key PK1, the third XOR gate 118a produces 32 bits of the 128-bit round key (i.e., 95 bits to 64th bits) the round key RK1 is used for the encryption of the new round.

At the same time, by performing an XOR operation of the following two: the resulting value (RK0 PK1) - This result value consists of the most significant 32 bits (i.e., bits 127 to 96) of the round key RK0 of the new round's 128-bit round key and the value of the immediately preceding round's 128-bit round key The XOR operation of the third XOR gate of the round key PK1 yields the 32 bits (i.e., 95th to 64th bits) of the most significant 32-bit round key—and the 32 bits of the previous round (i.e., the 63rd bits to the 32nd bit) round key PK2, the fourth XOR gate 118b generates 32 bits (i.e., the 63rd bit to the 32nd bit) round key RK2 of the 128-bit round key for the new round encryption.

PK1PK2)，然后通过执行结果值(RK0PK1

PK2)和先前回合的32比特(即，第31个比特到第0个比特)回合密钥PK3的XOR操作，第五个XOR门118c产生128比特回合密钥的32比特(即，第31个比特到第0个比特)回合密钥RK3用于新回合的加密。At the same time, by performing an XOR operation of the following two: the resulting value (RK0 PK1) - This result value is formed by the most significant 32 bits (i.e., 127th bit to 96th bit) of the round key RK0 of the new round's 128-bit round key that has been XORed by the third XOR gate 118a , with the 32-bit (i.e., 95th to 64th bits) round key PK1 of the most significant 32-bit round key immediately preceding the 128-bit round key of the previous round, XORed by the fourth XOR gate to get - and the previous round's 32-bit (i.e., 63rd bit to 32nd bit) round key PK2, resulting in the resulting value of the XOR operation (RK0

PK1 PK2), and then pass the execution result value (RK0 PK1

PK2) and the previous round's 32-bit (i.e., 31st bit to 0th bit) round key PK3 XOR operation, the fifth XOR gate 118c produces 32 bits of the 128-bit round key (i.e., the 31st bit) bit to 0th bit) the round key RK3 is used for the encryption of the new round.

In a case where a 2-clock round operation start signal is input from the round operation control unit 300 to the round operation unit 100 , the round key generation unit 110 generates a decryption round key during one clock cycle.

At this time, when the round operation start signal is input and the clock is in the '0' state at the same time, the most significant 32 bits of the 128-bit round key (that is, the 127th bit to the 127th bit to the 96 bits) round key RK0 process.

If the first clock of the round operation start signal becomes '1', then by performing an XOR operation of: the most significant 32 bits PK0 of the previous round and the next high 32 bits PK1 of the previous round, the third The XOR gate 118a generates the next 32-bit round key RK1 for the new round, and then the fourth XOR gate 118b and the fifth XOR gate 118c, which operate in the same way as the third XOR gate 118a, generate The next 32-bit round key RK2 and the least significant 32-bit round key RK3. These processes are executed simultaneously during the first clock cycle.

Now, the operation of the rijndael block cipher device performing the encryption and decryption processes as described above will be described in more detail according to the clock count of the round operation start signal input from the round operation control unit 300 to the round operation unit 100.

FIG. 4 is a first sequence diagram illustrating a method of encrypting a rijndael block cipher according to the present invention.

Referring to FIG. 4, if a four-clock round operation start signal and a round number signal are input from the round operation control unit 300 to the round operation unit 100 (step S400), then at the moment when the first clock becomes '1', the 128-bit round Operate the upper 64-bit data of the input data, continuously perform byte shift transformation and permutation operations (step S401), and these two processes are executed within one clock. The results of these processes are stored in 64-bit data registers 400 . Likewise, at the moment when the first clock of the round operation start signal becomes '1', the 128-bit round key generation process using the 128-bit round input key starts (step S401a).

At the moment when the second clock of the round operation start signal becomes '1', the column mixing transformation using the 64-bit data stored in the 64-bit data register 400 is performed with its result value stored in the 64-bit data register 400 ( Step S402), while continuously performing the byte shift transformation and replacement operation of the lower 64-bit data of the round operation input data (step S402). These two processes are performed within one clock. Likewise, the result data of the byte shift transformation and permutation operation of the lower 64-bit data is stored in the lower 64-bit position of the 128-bit data register 500 storing the result of the round operation.

At the moment when the third clock of the round operation start signal becomes '1', the 64 bits stored in the 64-bit data register 400 are input to the addition round key transformation unit 170, so as to be added to the round key generation unit 110 to generate The upper 64 bits of the round key, and the result value is stored in the upper 64 bits of the 128-bit data register 500 (step S403). Also, the lower 64-bit data of the 128-bit data register 500 is also subjected to column mixing transformation, and the resultant value is stored in the lower 64-bit position of the 128-bit data register 500 (step S403).

At the moment when the fourth clock of the round operation start signal becomes '1', the lower 64 bits of the 128-bit data register 500 are input to the addition round key conversion unit 170, so as to be added to the round key generated by the round key generation unit 110 The lower 64 bits of the key, and the resulting value is stored in the lower 64 bits of the 128-bit data register 500 (step S404).

Therefore, in the rijndael block cipher device performing the above encryption process, the 128-bit data of the 128-bit data register 500 is used as the 128-bit round operation input data of the next round, and is newly generated by the round key generation unit 110 and then stored in the 128 The round key RK in the bit round key register 111a is also stored in the 128-bit pre-key register 111 and used as the 128-bit round input key for the next round. Therefore, one round of encryption operation is completed within four clock cycles.

In the case of performing the encryption method as illustrated in FIG. 4 by the rijndael block cipher device according to the present invention, the round key generation unit 110 completes the round key generation process within four clock cycles of the round operation start signal. That is, as shown in FIG. 4, after the third clock from the start of the round operation, an addition round key conversion process (step S403), which is a process of adding upper 64-bit data to the round key, is performed. After the second clock from the start of the round operation, only the upper 64-bit round key of the new round is generated, and since only the upper 64-bit round key is used at this time, there is no problem in performing the encryption operation of the round operation. Likewise, because the time point of the fourth clock after the third clock used for the round operation is consistent with the time point of generating all 128-bit round keys, there is no problem in performing the addition round key conversion process (step S404) , the process adds the lower 64 bits of data to the lower 64 bits of the round key.

Likewise, in the rijndael block cipher device that performs the encryption process described above, the 64-bit data register 400 is used as a storage space for intermediate data generated during the encryption process, so the result of the byte shift transformation of the upper 64-bit data does not affect the lower 64-bit data register 400. Byte-shift transformation of bit data. Likewise, because the upper 64-bit data and lower 64-bit data are transformed simultaneously, but not in the same way during the same clock cycle, the number of hardware blocks required for the transformation can be halved. In particular, updates are generated for each clock and stored in a memory space, so no additional memory space is required. That is, this situation leads to a structure that uses a pipeline structure but does not require additional hardware, and this structure will be applied in the same manner to the methods of encrypting and decrypting rijndael block ciphers according to other embodiments of the present invention to be described later .

FIG. 5 is a first sequence diagram illustrating a method of decrypting a rijndael block cipher according to the present invention.

Referring to FIG. 5, if a four-clock round operation start signal and a round number signal are input from the round operation control unit 300 to the round operation unit 100 (step S500), then at the moment when the first clock becomes '1', the 128-bit round The upper 64-bit data of the operation input data continuously performs byte inverse shift transformation and inverse permutation operations (step S501), and these two processes are performed within one clock. At this time, the result data is stored in the 64-bit data register 400 . Likewise, if the first clock of the round operation start signal becomes '1', the 128-bit round key generation process using the 128-bit round input key starts (step S501a).

At the moment when the second clock of the round operation start signal becomes '1', an addition round key conversion is performed, which is used to convert the 64-bit data stored in the 64-bit data register 400 with the round key generation unit 110. The upper 64 bits of the round key are added, and the resulting data is stored in the 64-bit data register 400 (step S502). At the same time, byte inverse shift transformation and inverse permutation of the lower 64-bit data of the round operation input data are continuously performed, and the resultant data is stored in the lower 64-bit position of the 128-bit data register (step S502).

At the moment when the third clock of the round operation start signal becomes '1', the 64-bit data stored in the 64-bit data register 400 is input to the column mixing/inverse column mixing transformation unit 150, and the result data of the inverse column mixing transformation stored in the upper 64-bit position of the 128-bit data register 500 (step S503). Simultaneously perform addition round key conversion for adding the lower 64-bit data that has passed the reverse permutation operation to the round key generated from the round key generation unit 110, and the resulting data is stored in the lower 64 bits of the 128-bit data register location (step S503).

At the moment when the fourth clock of the round operation start signal becomes '1', the lower 64-bit data that has been transformed by adding the round key is input to the column mixing/anti-column mixing transformation unit 150 for anti-column mixing transformation, and the resulting data stored in the lower 64-bit position of the 128-bit data register 500 (step S504).

At this time, the 128-bit data of the 128-bit data register 500 is used as the 128-bit round operation input data of the next decryption round operation, and the 128-bit round key RK as the result of the round key generation is stored in the 128-bit pre-key register 111 in order to be used as the 128-bit round input key for the next round operation. Therefore, one round of decryption operation is completed within four clock cycles.

In the case of performing the decryption method as illustrated in FIG. 5 by the rijndael block cipher device according to the present invention, the round key generation unit 110 completes the round key generation process within two clock cycles of the round operation start signal. That is, as shown in FIG. 5, since after the second clock from the start of the round operation, the addition round key transformation process is performed, which is a process of adding the upper 64-bit round key to 64-bit data (step S502), So at the point in time of the second clock all 128-bit round keys have been generated, so there is no problem performing round operations.

FIG. 6 is a second sequence diagram illustrating a method of encrypting a rijndael block cipher according to the present invention.

Referring to FIG. 6, if a three-clock round operation start signal and a round number signal are input from the round operation control unit 300 to the round operation unit 100 (step S600), then at the moment when the first clock becomes '1', the high A byte shift operation and a permutation operation of 64-bit data, and the resultant data is stored in a 64-bit data register (step S601). Likewise, the round key generation process (step S601a) is executed at the same time.

At the moment when the second clock of the round operation start signal becomes '1', the column mix transforms the 64-bit data stored in the 64-bit data register 400, and then adds to the high 64 bits of the result data added to the round key transform unit 110 Bit round key. The result data of the addition round key transformation is stored in the 64-bit data register 400 (step S602). At the same time, byte shift transformation and permutation operations of the lower 64-bit data are continuously performed, and the resultant data is stored in the lower 64-bit position of the 128-bit data register 500 (step S602).

At the moment when the third clock of the round operation start signal becomes '1', the 64-bit data stored in the 64-bit data register 400 is input to the upper 64-bit position of the 128-bit data register 500, and the columns mix and transform the 128-bit data The lower 64-bit data of the register 500 is then added to the lower 64-bit round key of the round key generated by the round key generation unit 110 . The resulting data is stored in the lower 64-bit positions of the 128-bit data register 500 (step S603).

At this time, the 128-bit data of the 128-bit data register 500 is used as the 128-bit round operation input data of the next round operation, and the round key RK generated by the round key generation unit 110 is stored in the 128-bit pre-key register 111 , which is then used as the 128-bit round input key for the next round. Therefore, one round of encryption operation is completed within three clock cycles.

In the case of performing the encryption method as illustrated in FIG. 6 by the rijndael block cipher device according to the present invention, the round key generation unit 110 completes the round key generation process within two clock cycles of the round operation start signal. That is, as shown in FIG. 6, because after the second clock from the start of the round operation, the addition round key conversion process (step S602), which is a process of adding the upper 64-bit round key to the upper 64-bit data, is performed , so at the time point of the second clock all 128-bit round keys have been generated, so there is no problem in performing the round operation.

FIG. 7 is a second sequence diagram illustrating a method of decrypting a rijndael block cipher according to the present invention.

Referring to FIG. 7, if a three-clock round operation start signal and a round number signal are input from the round operation control unit 300 to the round operation unit 100 (step S700), then at the moment when the first clock becomes '1', the 128-bit round The upper 64-bit data of the operation input data is continuously subjected to byte inverse shift transformation and inverse permutation operations, and the resultant data is stored in the 64-bit data register 400 (step S701). Likewise, the round key generation process starts simultaneously with these transformations (step S701a).

When the second clock of the round operation start signal becomes '1', an addition round key transformation is performed for combining the 64-bit data stored in the 64-bit data register 400 with the round key generated by the round key generation unit 110 The upper 64-bit round keys of the keys are summed, and the resulting data is input to the column mix/inverse column mix transformation unit 150 . The data of inverse column mixing transformation is stored in the 64-bit data register 400 (step S702). At the same time, byte inverse shift transformation and inverse permutation transformation of the lower 64-bit data of the round operation input data are continuously performed, and the resultant data is stored in the lower 64-bit position of the 128-bit data register (step S702).

At the moment when the third clock of the round operation start signal becomes '1', the 64-bit data stored in the 64-bit data register 400 is stored in the upper 64-bit position of the 128-bit data register 500, and the addition round key transformation is performed , for adding the lower 64-bit data of the 128-bit data register 500 to the lower 64-bit round key of the round key generation unit 110 . Then, the result data of the inverse column mixing transformation plus the round key transformation is stored in the lower 64-bit position of the 128-bit data register (step S703 ).

At this time, the 128-bit data of the 128-bit data register 500 is used as the 128-bit round operation input data of the next round operation, and the 128-bit round key RK generated by the round key generation unit 110 is stored in the 128-bit pre-key register 111 in order to be used as the 128-bit round input key for the next round operation. Therefore, one round of decryption operation is completed within three clock cycles.

In the case of performing the decryption method as illustrated in FIG. 7 by the rijndael block cipher device according to the present invention, the round key generation unit 110 completes the round key generation process within two clock cycles of the round operation start signal. That is, as shown in FIG. 7, since the addition round key transformation process (step S702) is performed after the second clock from the start of the round operation for adding the upper 64-bit round key to the upper 64-bit data, At the point in time of the second clock all 128-bit round keys have been generated, so there is no problem performing round operations.

FIG. 8 is a third sequence diagram illustrating a method of encrypting a rijndael block cipher according to the present invention.

Referring to FIG. 8, if the two-clock round operation start signal and the round number signal are input from the round operation control unit 300 to the round operation unit 100 (step S800), then when the first clock becomes '1', the round input data The upper 64-bit data is successively subjected to byte shift transformation, permutation transformation, column mix transformation, and addition round key transformation, and the resultant data is stored in the 64-bit data register 400 (step S801). At the same time, the round key generation process (step S801a) is executed, and round key conversion of the upper 64-bit round key of the generated round key is performed. These processes are executed in one clock cycle.

When the second clock of the round operation start signal becomes '1', byte shift transformation, permutation transformation, column mixing transformation and addition round key transformation are continuously performed on the lower 64-bit data of the round input data, and the result Data is stored in the lower 64-bit positions of the 128-bit data register 500 (step S802). Likewise, round key transformation by addition of the lower 64 bits of the round key generated in the round key generation process is performed. At this time, the 64-bit data stored in the 64-bit data register 400 is stored in the upper 64-bit position of the 128-bit data register 500, and the 128-bit round key RK newly generated by the round key generation unit 110 is stored in the 128-bit in the round key register 111a, and is backed up in the 128-bit pre-key register 111. Therefore, one round of encryption operation is completed within two clock cycles.

In the case of performing the encryption method as illustrated in FIG. 8 by the rijndael block cipher device according to the present invention, the round key generation unit 110 completes the round key generation process within one clock cycle of the round operation start signal. That is, as shown in FIG. 8, since after the first clock from the start of the round operation, the addition round key conversion process (step S801) is performed for adding the upper 64-bit round key to the upper 64-bit data, so All 128-bit round keys have been generated at the time of the first clock, so there is no problem performing round operations.

Actually, the round key generation unit 110 as illustrated in FIG. 3 generates RK1 using RK0 and generates RK2 using RK1. The round key generating unit 110 does not generate RK3 using RK2, but generates RK0 in a state where a round operation start signal is input and the clock becomes '0' at the same time. When the first clock becomes '1', the round key generation unit 110 simultaneously generates RK1 through XOR RK0 and PK1, generates RK2 through XOR RK0 with PK1 and PK2, and generates RK2 through XOR RK0 with PK1, PK2 and PK3 RK3 is generated.

FIG. 9 is a third sequence diagram illustrating a method of decrypting a rijndael block cipher according to the present invention.

Referring to FIG. 9, if the two-clock round operation start signal and the round number signal are input from the round operation control unit 300 to the round operation unit 100 (step S900), then when the first clock becomes '1', the round input data The upper 64-bit data is successively subjected to byte inverse shift transformation, inverse permutation transformation, addition round key transformation and inverse column mixing transformation, and the resultant data is stored in the 64-bit data register 400 (step S901). These processes are executed in one clock cycle. Simultaneously, the round key generation process (step S901a) is performed for decryption, and the addition round key transformation of the upper 64-bit round key of the round key generated by the round key generation unit 110 is performed.

When the second clock of the round operation start signal becomes '1', the low 64-bit data of the round input data continuously performs byte reverse shift transformation, reverse permutation transformation, addition round key transformation and reverse column mixing transformation , and the resulting data is stored in the lower 64-bit positions of the 128-bit data register 500 (step S902). These processes are executed in one clock cycle. Likewise, the lower 64-bit round key of the round key generated by the round key generating unit 110 one clock before is used for adding the round key transformation. At this time, the 64-bit data stored in the 64-bit data register 400 is stored in the upper 64-bit position of the 128-bit data register 500, and the 128-bit round key RK newly generated by the round key generation unit 110 is stored in the 128-bit in the round key register 111a, and is backed up in the 128-bit pre-key register 111. Therefore, one round of decryption operation is completed within two clock cycles.

In the case of performing the decryption method as illustrated in FIG. 9 by the rijndael block cipher device according to the present invention, the round key generation unit 110 completes the round key generation process within one clock cycle of the round operation start signal. That is, as shown in FIG. 9, after the first clock from the start of the round operation, an addition round key transformation process (step S901) is performed for adding the upper 64-bit round key to the upper 64-bit data, but at At the point in time of the first clock all 128-bit round keys have been generated, so there is no problem performing round operations.

Actually, the round key generation unit 110 as illustrated in FIG. 3 generates RK0 in a state where a round operation start signal is input and at the same time the clock becomes '0'. When the first clock becomes '1', the round key generating unit 110 simultaneously generates RK1 by XORing RK0 and PK1, generates RK2 by XORing PK1 and PK2, and generates RK3 by XORing PK2 and PK3.

As described above, the rijndael block cipher device according to the encryption method illustrated in FIG. 8 and the decryption method illustrated in FIG. 9 is a model suitable for application to smart cards, USIM (User Subscriber Identity Module) cards, SIM cards, etc., which are small in size , With low power consumption and low operating frequency characteristics.

Industrial availability

As can be seen from the above description, according to the rijndael block cipher device and encryption/decryption method thereof of the present invention, by being installed in mobile terminals such as cellular phones and PDAs or smart cards, important data requiring security can be encrypted and decrypted at high speed, the mobile The terminal requires a cryptographic processor of high speed and small size, and can perform a round operation with respect to upper 64 bits and lower 64 bits split from 128-bit input data. The present invention has following effect:

First, the cryptographic device according to the present invention has a small size and can encrypt/decrypt real-time data at high speed by repeatedly using round operation devices in the device.

Second, since the cryptographic apparatus according to the present invention encrypts/decrypts block cipher data in real time using a round operation device applying the rijndael algorithm, it can provide a higher level security.

Third, the rijndael encryption/decryption round operation device of the cryptographic device according to the present invention has the advantage that it can encrypt/decrypt block cipher data in real time by adding a simple controller that repeats the round operation a predetermined number of times.

Fourth, the round operation device of the cryptographic device according to the present invention can quickly encrypt/decrypt data in real time although it has a small size which is almost half the size of the existing round operation device in units of 128 bits.

Fifth, the round operation device of the cryptographic device according to the present invention can be realized using an appropriate method according to its application field, and in the case of being applied to a system regardless of the amount of hardware resources used, by applying a 128-bit unit Instead of the round process with 64 bits as the unit, it can get twice as high data encryption/decryption speed.

The foregoing embodiments are exemplary only, and are not to be construed as limiting the invention. The present teachings are readily applicable to other types of devices. The description of the present invention is intended to be illustrative, not to limit the scope of the claims. Many alternatives, modifications and variations will be apparent to those skilled in the art.

Claims (16)

1. A Ryan Dole block encryption device having 128-bit input data and a 128-bit input key, and encrypting the 128-bit input data by performing a round operation comprising row shifting, permutation, column mixing and adding Transformation of the round key, the device contains: A round operation unit for converting a 128-bit input key into a 128-bit round key for encryption, and after inputting an encryption operation start signal and a mode signal, inputting a round operation start signal, a round number signal, and a bit selection signal When the 128-bit input data is divided into high 64 bits and low 64 bits and high or low 64 bits are selected, the 128-bit round key is stored according to the value of the mode signal, and by dividing the 128-bit input data into high 64 bits and low 64 bits, and encrypt 128-bit input data by performing a round operation on the split upper 64 bits and lower 64 bits respectively; The round operation control unit is used to divide the 128-bit input data into high 64 bits and low 64 bits and select the high or low 64 bits bit selection signal, round operation when the encryption operation start signal and the mode signal are input. The start signal and the round number signal are sent to the round operation unit to control the round operation of the round operation unit; a 64-bit data register for storing intermediate encrypted data of upper 64-bit input data generated during each round operation performed by the round operation unit; and 128-bit data register for storing the intermediate encrypted data of the lower 64-bit input data generated during each round operation performed by the round operation unit as its lower 64 bits, and stored as the result of the last round operation and stored in The encrypted data in the 64-bit data register is used as its upper 64-bit data. 2. A Ruindall block decryption device has 128-bit input data and a 128-bit input key, and decrypts the 128-bit input data by performing a round operation, the round operation including reverse row shift, reverse permutation, and addition rounds A key and anti-column mix of transforms, the set contains: A round operation unit for converting a 128-bit input key into a 128-bit round key for decryption, and after inputting a decryption operation start signal and a mode signal, inputting a round operation start signal, a round number signal, and a bit selection signal When the 128-bit input data is divided into high 64 bits and low 64 bits and high or low 64 bits are selected, the 128-bit round key is stored according to the value of the mode signal, and by dividing the 128-bit input data into high 64 bits and low 64 bits, and decrypt the 128-bit input data by performing a round operation on the split upper 64 bits and lower 64 bits respectively; The round operation control unit is used to divide the 128-bit input data into high 64 bits and low 64 bits and select the high or low 64 bits bit selection signal, round operation when the decryption operation start signal and the mode signal are input. The start signal and the round number signal are sent to the round operation unit to control the round operation of the round operation unit; a 64-bit data register for storing intermediate decryption data of the upper 64-bit input data generated during each round operation performed by the round operation unit; and 128-bit data register for storing the intermediate decrypted data of the lower 64-bit input data generated during each round operation performed by the round operation unit as its lower 64 bits, and stored as the result of the last round operation and stored in The decrypted data in the 64-bit data register is used as its upper 64-bit data. 3. A Ryan Doll block cipher device having 128-bit input data and a 128-bit input key, and encrypting or decrypting the 128-bit input data by performing a round operation for encryption comprising Transformation of row shift, permutation, column mix, and add round keys, or decrypt 128-bit input data by performing round operations for decryption consisting of inverse row shift, inverse permutation, add rounds A key and anti-column mix of transformations, the device contains: A round operation unit for converting a 128-bit input key into a 128-bit round key for encryption or decryption, and after inputting an encryption or decryption operation start signal and a mode signal, inputting a round operation start signal, a round number signal, and The bit selection signal is used to divide the 128-bit input data into high 64 bits and low 64 bits and select high or low 64 bits, store the 128-bit round key according to the value of the mode signal, by dividing the 128-bit input data into high 64 bits bits and lower 64 bits, and encrypt 128-bit input data by performing the round operation for encryption on the split upper 64 bits and lower 64 bits, respectively, and by splitting the 128-bit input data into upper 64 bits and lower 64 bits , and respectively perform a round operation for decryption on the divided upper 64 bits and lower 64 bits to decrypt the 128-bit input data; The round operation control unit is used to divide the 128-bit input data into upper 64 bits and lower 64 bits and select the upper or lower 64 bits by bit selection signal when inputting the encryption or decryption operation start signal and mode signal, The round operation start signal and the round number signal are sent to the round operation unit to control the round operation of the round operation unit; a 64-bit data register for storing intermediate encryption or decryption data of the upper 64-bit input data generated during each round operation performed by the round operation unit; and 128-bit data register for storing the intermediate encryption or decryption data of the lower 64-bit input data generated during each round operation performed by the round operation unit as its lower 64 bits, and storing the result generated as the last round operation and Encrypted or decrypted data stored in the 64-bit data register as its upper 64-bit data. 4. The device according to claim 3, wherein the turn operation unit comprises: The round key generating unit converts the 128-bit input key into a 128-bit round key RK for encryption according to the value of the mode signal input through the bus if the round operation start signal and the round number signal are input from the round operation control unit or decrypt, and store the 128-bit round key in the internal 128-bit round key register; The row shift/reverse row shift conversion unit, if the round operation start signal and the bit selection signal are input from the round operation control unit, performs the division of the 128-bit input data input through the bus according to the value of the mode signal input through the bus High 64 bits and low 64 bits of different byte shifts, and the high 64 bits and low 64 bits of the byte shift are output through the first multiplexer, and the multiplexer is controlled according to the value of the bit selection signal output; A permutation/inverse permutation transformation unit, using a permutation box (S-box) or an inverse permutation box (SI-box) that provides one byte output with respect to one byte input, performs the output from the row shift/inverse row shift transformation unit Permutation or reverse permutation of high 64-bit data and low 64-bit data; The first demultiplexer, according to the value of the mode signal, outputs the high 64-bit data or the low 64-bit data output from the permutation/inverse permutation transformation unit through any one of its encryption output terminal and its decryption output terminal; Column mixing/anti-column mixing transformation unit, which performs column mixing of the upper 64-bit data or lower 64-bit data input through the encrypted output of the first demultiplexer, or performs the upper 64-bit data that has been added to the round key transformation or an inverse mix of lower 64-bit data; The second demultiplexer, according to the value of the mode signal, outputs the upper 64-bit data or the lower 64-bit data output from the column mixing/anti-column mixing transformation unit through any one of its encrypted output terminal and its decrypted output terminal data; The adding round key conversion unit is used to add the high 64-bit data or low 64-bit data inputted through the decryption output end of the first demultiplexer or the encryption output end of the second demultiplexer to the slave round encryption The 128-bit round key RK for encryption or decryption output by the key generation unit; and The third demultiplexer outputs the upper 64-bit data or the lower 64-bit data output from the adding round key conversion unit through any one of its encryption output terminal and its decryption output terminal according to the value of the mode signal. 5. A Ryan Dole block encryption method, comprising the following steps: If the four-clock round operation start signal and the round number signal are input from the round operation control unit after the encryption operation start signal and the mode signal are input through the bus, then by the bus when the first clock from the round operation start signal becomes '1' The value of the input mode signal, the round key generation unit of the round operation unit converts the 128-bit input key into a 128-bit round key for encryption, and stores the 128-bit round key in the internal 128-bit round key register; If the four-clock round operation start signal and the bit selection signal are input from the round operation control unit, when the first clock becomes '1', the row shift/inverse row shift conversion unit performs 128-bit input data input through the bus The byte shift of the high 64-bit data, and output the byte-shifted high 64-bit data through the first multiplexer, and the permutation/reverse permutation transformation unit continuously performs permutation of the high 64-bit data, and outputs the permuted The high 64-bit data is sent to the first demultiplexer, and the permuted high 64-bit data is stored in the 64-bit data register; When the second clock of the round operation start signal becomes '1', the column mixing/inverse column mixing transformation unit performs the high 64 output through the encryption output of the first demultiplexer and stored in the 64-bit data register. Column mixing of bit data, output the high 64-bit data of the column mixing transformation to the second demultiplexer, and store the high 64-bit data of the column mixing transformation in the 64-bit data register, row shift/reverse row shift transformation The unit simultaneously performs the byte shift of the lower 64-bit data of the 128-bit input data input through the bus, and outputs the byte-shifted lower 64-bit data through the first multiplexer, and the permutation/reverse permutation transformation unit successively Perform the permutation of the lower 64-bit data, output the permuted lower 64-bit data to the first demultiplexer, and store the permuted lower 64-bit data in the lower 64 bits of the 128-bit data register; When the third clock of the round operation start signal becomes '1', the adding round key transformation unit will output the encrypted output of the second demultiplexer and store the high 64-bit data in the 64-bit data register Add to the upper 64-bit round key generated by the round key generation unit, and store the added upper 64-bit data in the upper 64 bits of the 128-bit data register, and the column mixing/anti-column mixing conversion unit performs simultaneously through the first The encrypted output of a demultiplexer outputs and stores the column mix of the lower 64-bit data in the 128-bit data register, and outputs the lower 64-bit data of the column mix transformation to the second demultiplexer, and in the 128-bit The lower 64-bit data of column mixing transformation is stored in the lower 64 bits of the data register; and When the fourth clock of the round operation start signal becomes '1', the adding round key transformation unit will output the encrypted output of the second demultiplexer and store the lower 64-bit data in the 128-bit data register is added to the lower 64-bit round key generated by the round key generation unit, and the added lower 64-bit data is stored in the lower 64 bits of the 128-bit data register. 6. The encryption method according to claim 5, wherein according to the value of the mode signal input by the bus, the round key generation unit converts the 128-bit input key into a 128-bit round key for encryption, and internally 128 The step of storing the 128-bit round key in the bit round key register is to generate a 128-bit round key for encryption in four clock cycles of the round operation start signal. 7. A Ryan Dole block decryption method, comprising the following steps: If the round operation start signal and the round number signal are input from the round operation control unit for four clocks after the decryption operation start signal and the mode signal are input through the bus, then when the first clock from the round operation start signal becomes '1' through the bus The value of the input mode signal, the round key generation unit of the round operation unit converts the 128-bit input key into a 128-bit round key for decryption, and stores the 128-bit round key in the internal 128-bit round key register; If the four-clock round operation start signal and the bit selection signal are input from the round operation control unit, when the first clock becomes '1', the row shift/inverse row shift conversion unit performs 128-bit input data input through the bus The byte inverse shift of the upper 64-bit data, and the upper 64-bit data of the byte inverse shift is output through the first multiplexer, and the permutation/reverse permutation transformation unit continuously performs the inverse permutation of the upper 64-bit data, Output the high 64-bit data of reverse permutation to the first demultiplexer, and store the high 64-bit data of reverse permutation in the 64-bit data register; When the second clock of the round operation start signal becomes '1', the adding round key transformation unit will output the upper 64-bit data through the decryption output of the first demultiplexer and store in the 64-bit data register Add to the high 64-bit round key generated by the round key generation unit, output the high 64-bit data added to the third demultiplexer, and store the high 64-bit data added in the 64-bit data register, The row shift/reverse row shift transformation unit simultaneously performs the byte reverse shift of the low 64-bit data of the 128-bit input data input through the bus, and outputs the byte reverse-shifted low 64 bits through the first multiplexer data, and the permutation/reverse permutation transformation unit continuously performs the inverse permutation of the lower 64-bit data, outputs the reverse permuted lower 64-bit data to the first demultiplexer, and stores the inverse in the lower 64 bits of the 128-bit data register Permuted lower 64-bit data; When the third clock of the round operation start signal becomes '1', the column mixing/inverse column mixing conversion unit performs the high 64 output through the decryption output of the third demultiplexer and stored in the 64-bit data register. The anti-column mixing of bit data, output the high 64-bit data of the anti-column mixed transformation through the second demultiplexer, and store the high 64-bit data of the anti-column mixed transformation in the high 64 bits of the 128-bit data register, and add The round key conversion unit simultaneously adds the low 64-bit data that is output by the decryption output of the first demultiplexer and stored in the 128-bit data register to the low 64-bit round key generated by the round key generation unit, Output the added lower 64-bit data through the third demultiplexer, and store the added lower 64-bit data in the lower 64 bits of the 128-bit data register; and When the fourth clock of the round operation start signal becomes '1', the column mixing/inverse column mixing conversion unit executes the lower 64 bits that are output through the decryption output of the third demultiplexer and stored in the 128-bit data register. For the anti-column mixing of bit data, output the lower 64-bit data of the anti-column mixing transformation through the second demultiplexer, and store the lower 64-bit data of the anti-column mixing transformation in the lower 64 bits of the 128-bit data register. 8. The decryption method according to claim 7, wherein the round key generation unit converts the 128-bit input key into a 128-bit round key for decryption according to the value of the mode signal input through the bus, and internally In the step of storing the 128-bit round key in the 128-bit round key register, the 128-bit round key for decryption is generated in two clock cycles of the round operation start signal. 9. A Ryan Dole block encryption method, comprising steps: If the three-clock round operation start signal and the round number signal are input from the round operation control unit after the encryption operation start signal and the mode signal are input through the bus, then the first clock from the round operation start signal becomes '1' through the bus The value of the input mode signal, the round key generation unit of the round operation unit converts the 128-bit input key into a 128-bit round key for encryption, and stores the 128-bit round key in the internal 128-bit round key register; If the three-clock round operation start signal and the bit selection signal are input from the round operation control unit, when the first clock becomes '1', the row shift/inverse row shift conversion unit performs 128-bit input data input through the bus The byte shift of the high 64-bit data, and output the byte-shifted high 64-bit data through the first multiplexer, and the permutation/reverse permutation transformation unit continuously performs permutation of the high 64-bit data, and outputs the permuted The high 64-bit data is sent to the first demultiplexer, and the permuted high 64-bit data is stored in the 64-bit data register; When the second clock of the round operation start signal becomes '1', the column mixing/inverse column mixing transformation unit performs the high 64 output through the encryption output of the first demultiplexer and stored in the 64-bit data register. The columns of the bit data are mixed, and the high 64-bit data of the output column mixed transformation is sent to the second demultiplexer, and the high 64-bit data is continuously added to the high 64-bit data produced by the round key generation unit by adding the round key conversion unit 64-bit round key, and store the added high 64-bit data in the 64-bit data register, the row shift/reverse row shift transformation unit simultaneously executes the byte of the low 64-bit data of the 128-bit input data input through the bus Shift, and output byte-shifted lower 64-bit data through the first multiplexer, and the permutation/reverse permutation transformation unit continuously performs permutation of the lower 64-bit data, and outputs the permuted lower 64-bit data to the first a demultiplexer, and store the permuted lower 64-bit data in the lower 64 bits of the 128-bit data register; and When the third clock of the round operation start signal becomes '1', the 64-bit data that is added and then stored in the 64-bit data register is stored in the upper 64 bits of the 128-bit data register, and the column mix/reverse column mix conversion The unit simultaneously performs the column mixing of the lower 64-bit data output through the encryption output of the first demultiplexer and stored in the 128-bit data register, and outputs the lower 64-bit data of the column mixing transformation to the second demultiplexer device, and the adding round key conversion unit continuously adds the lower 64-bit data to the lower 64-bit round key generated by the round key generation unit, and stores the added lower 64 bits in the lower 64 bits of the 128-bit data register bit data. 10. The encryption method according to claim 9, wherein according to the value of the mode signal input through the bus, the round key generation unit converts the 128-bit input key into a 128-bit round key for encryption, and internally 128 In the step of storing the 128-bit round key in the bit round key register, the 128-bit round key used for encryption is generated in two clock cycles of the round operation start signal. 11. A Ryan Dole block decryption method, comprising the following steps: If the three-clock round operation start signal and the round number signal are input from the round operation control unit after the decryption operation start signal and the mode signal are input through the bus, then the first clock from the round operation start signal becomes '1' through the bus The value of the input mode signal, the round key generation unit of the round operation unit converts the 128-bit input key into a 128-bit round key for decryption, and stores the 128-bit round key in the internal 128-bit round key register; If the three-clock round operation start signal and the bit selection signal are input from the round operation control unit, when the first clock becomes '1', the row shift/inverse row shift conversion unit performs 128-bit input data input through the bus The byte inverse shift of the upper 64-bit data, and the upper 64-bit data of the byte inverse shift is output through the first multiplexer, and the permutation/reverse permutation transformation unit continuously performs the inverse permutation of the upper 64-bit data, Output the high 64-bit data of reverse permutation to the first demultiplexer, and store the high 64-bit data of reverse permutation in the 64-bit data register; When the second clock of the round operation start signal becomes '1', the adding round key transformation unit will output the upper 64-bit data through the decryption output of the first demultiplexer and store in the 64-bit data register Added to the upper 64-bit round key generated by the round key generation unit, and output the added upper 64-bit data to the third demultiplexer, the column mixing/anti-column mixing transformation unit continuously performs the added high The anti-column mixing of 64-bit data, the high 64-bit data of the anti-column mixed transformation is output through the second demultiplexer, and the high 64-bit data of the anti-column mixed transformation is stored in the 64-bit data register, and the row shift/inverse The line shift transformation unit simultaneously performs reverse byte shift of the lower 64-bit data of the 128-bit input data input through the bus, and outputs the lower 64-bit data of byte reverse shift through the first multiplexer, and replaces/ The reverse permutation transformation unit continuously performs reverse permutation of the lower 64-bit data, outputs the reverse permuted lower 64-bit data to the first demultiplexer, and stores the reverse permuted lower 64 bits in the lower 64 bits of the 128-bit data register data; and When the third clock of the round operation start signal becomes '1', the adding round key transformation unit will output the decrypted output of the first demultiplexer and store the lower 64-bit data in the 128-bit data register Added to the low 64-bit round key generated by the round key generation unit, and output the added low 64-bit data to the third demultiplexer, the column mixing/anti-column mixing transformation unit continuously performs the adding low The anti-column mixing of 64-bit data, output the low 64-bit data of anti-column mixing transformation through the second demultiplexer, and store the low 64-bit data of anti-column mixing transformation in the low 64 bits of the 128-bit data register, and at the same time The upper 64 bits of data stored in the 64-bit data register are stored in the upper 64 bits of the 128-bit data register. 12. The decryption method according to claim 11, wherein the round key generation unit converts the 128-bit input key into a 128-bit round key for decryption according to the value of the mode signal input through the bus, and internally In the step of storing the 128-bit round key in the 128-bit round key register, the 128-bit round key for decryption is generated in two clock cycles of the round operation start signal. 13. A Ryan Dole block encryption method, comprising the following steps: If after the encryption operation start signal and the mode signal are input through the bus, the round operation start signal and the round number signal are input from the round operation control unit for two clocks, then when the first clock from the round operation start signal becomes '1', pass the bus The value of the input mode signal, the round key generation unit of the round operation unit converts the 128-bit input key into a 128-bit round key for encryption, and stores the 128-bit round key in the internal 128-bit round key register; If the two-clock round operation start signal and the bit selection signal are input from the round operation control unit, then when the first clock becomes '1', the row shift/inverse row shift transformation unit executes the 128-bit input data input through the bus The byte shift of the high 64-bit data, and output the byte-shifted high 64-bit data through the first multiplexer, the permutation/reverse permutation transformation unit continuously performs permutation of the high 64-bit data, and outputs the permuted high The 64-bit data is sent to the first demultiplexer, and the permuted high 64-bit data is output through the first demultiplexer, and the column mixing/anti-column mixing transformation unit performs the encrypted output through the first demultiplexer The column of the high 64-bit data of the output is mixed, and the high 64-bit data of the output column mixing transformation is sent to the second demultiplexer, and the adding round key conversion unit continuously adds this high 64-bit data to the data generated by the round key generating the high 64-bit round key generated by the unit, and storing the added high 64-bit data in the 64-bit data register; and When the second clock of the round operation start signal becomes '1', the row shift/inverse row shift transformation unit performs the byte shift of the lower 64-bit data of the 128-bit input data input through the bus, and passes the A multiplexer outputs byte-shifted lower 64-bit data, and the permutation/inverse permutation transformation unit continuously performs permutation of the lower 64-bit data, and outputs the permuted lower 64-bit data to the first demultiplexer, The column mixing/anti-column mixing transformation unit continuously performs the column mixing of the low 64-bit data, and outputs the low 64-bit data of the column mixing transformation to the second demultiplexer, and adds the round key transformation unit to continuously convert the low 64 bits to the second demultiplexer. The bit data is added to the low 64-bit round key generated by the round key generation unit, and the added low 64-bit data is stored in the low 64 bits of the 128-bit data register, and the high 64-bit data is stored in the upper 64 bits of the 128-bit data register. 14. The encryption method according to claim 13, wherein the round key generation unit converts the 128-bit input key into a 128-bit round key for encryption according to the value of the mode signal input through the bus, and internally In the step of storing the 128-bit round key in the 128-bit round key register, the 128-bit round key used for encryption is generated in one clock cycle of the round operation start signal. 15. A Ryan Dole block decryption method, comprising the following steps: If the round operation start signal and the round number signal are input from the round operation control unit for two clocks after the decryption operation start signal and the mode signal are input through the bus, then when the first clock from the round operation start signal becomes '1' through the bus The value of the input mode signal, the round key generation unit of the round operation unit converts the 128-bit input key into a 128-bit round key for decryption, and stores the 128-bit round key in the internal 128-bit round key register; If the two-clock round operation start signal and the bit selection signal are input from the round operation control unit, when the first clock becomes '1', the row shift/inverse row shift conversion unit performs 128-bit input data input through the bus The byte reverse shift of the high 64-bit data, and output the high 64-bit data of the byte reverse shift through the first multiplexer, the permutation/reverse permutation transformation unit continuously performs the reverse permutation of the high 64-bit data, and The high 64-bit data of the reverse permutation is output to the first demultiplexer, and the round key conversion unit continuously adds the high 64-bit data output by the decryption output of the first demultiplexer to the round key The upper 64-bit round key generated by the generation unit, and output the added upper 64-bit data to the third demultiplexer, and the column mixing/reverse column mixing transformation unit continuously performs the reverse of the added upper 64-bit data Column mixing, outputting the high 64-bit data of the anti-column mixing transformation through the second demultiplexer, and storing the high 64-bit data of the anti-column mixing transformation in the 64-bit data register; and When the second clock of the round operation start signal becomes '1', the row shift/reverse row shift conversion unit performs byte reverse shift of the lower 64-bit data of the 128-bit input data input through the bus, and passes The first multiplexer outputs the lower 64-bit data of the reverse byte shift, and the permutation/reverse permutation transformation unit continuously performs the reverse permutation of the lower 64-bit data, and outputs the reverse permuted lower 64-bit data to the first demultiplexer The user, adding the round key conversion unit continuously adds the low 64-bit data outputted by the decryption output of the first demultiplexer to the low 64-bit round key generated by the round key generation unit, and outputs the corresponding The added low 64-bit data is sent to the third demultiplexer, and the column mixing/anti-column mixing transformation unit continuously performs the anti-column mixing of the added low 64-bit data, and the anti-column mixing is output through the second demultiplexer Transformed low 64-bit data, and store the low 64-bit data of anti-column mixed transformation in the low 64 bits of the 128-bit data register, and store the high 64-bit data stored in the 64-bit data register in the low 64-bit data of the 128-bit data register High 64 bits. 16. The decryption method according to claim 15, wherein according to the value of the mode signal input through the bus, the round key generation unit converts the 128-bit input key into a 128-bit round key for decryption, and internally 128 In the step of storing the 128-bit round key in the bit round key register, the 128-bit round key for decryption is generated in one clock cycle of the round operation start signal.

Images