基于AXI接口的多模式AES加解密IP核设计与实现
摘要
AES(Advance Encrypt Standard)高级加密标准是国家标准技术研究所于2000年通过征选确定的取代数据加密标准DES(Data Encrypt Standard)的加密算法。AES的算法称为RIJNAEL,它具有软硬件实现方式灵活,安全性强,能够适应差异很大的工作环境等特点,自颁布以来,就成为了研究热点。
本文设计了具备低硬件开销,较好的处理能力,兼容多种加密工作模式以适应不同安全性需求的AES IP核,适合工作在手持设备的SoC芯片中。
设计从算法入手,从AES算法的每个步骤,都作了低硬件开销的复用设计。在字节变换中,采用复合域变换的方式取代查找表方法;在列混合中,通过矩阵变形将电路全部采用异或门实现;在加密和解密两种不同的过程中,通过采用等效解密方法实现了最大程度的硬件复用;在兼容性方面,设计了四种工作模式,包括两种反馈,两种非反馈模式以适应不同的加密工作需求等。AES IP核作为SoC设计,必须选择片上总线作为接口,本文采用了ARM公司最新的AXI(Advanced eXtensible Interface)总线,该总线具备高带宽、低延时、设计非常灵活等特点,目前已经成为SoC中使用最为广泛的片上总线标准。AES核做为SoC系统中的从设备,整个IP核包含了AXI接口,两个非对称FIFO与DMA接口,以及AES加解密核。其中AXI从接口本文采用了状态机设计,最大程度减小了硬件开销,并设计了低功耗接口,接口逻辑仅占用992门。
本文利用仿真工具Synopsys VCS以及Novas Verdi在Synopsys公司的的验证平台VMT(Verification Modeling Technology)下通过了功能验证,并且在Xilinx公司的VIRTEX5系列XC5VLX330T芯片中通过FPGA验证。使用90nm工艺库在Design Compiler中完成逻辑综合,总门数仅为24.3K,在133Mhz的工作频率下,拥有1.4Gbps的吞吐量,说明其具有较好的处理能力与相对低的硬件开销,完全可以胜任手持设备的通讯需求。
AES (Advance Encrypt Standard) is an encryption algorithm through the levy election set to replace DES (Data Encrypt Standard) by National Institute of Standards and Technology (NIST) in 2000. The algorithm of AES is called RIJNAEL, it is flexible to implement either hardware or software, and it is security and strong and able to adapt to very different working environment, it becomes a research hot spot since its birth.
This thesis designed an AES IP core with low hardware cost and good process ability, and it is compatible with many different modes to work in different security level, it’s suitable to use in SoC for handheld device. This IP core is starting from the algorithm design, using low cost and reuse method in each step from the AES algorithm. In SubBytebytes, using Galois field calculation instead of LUT; In Mixcolumns, using all XOR gates to implement through the deformation of the matrix; In encryption and decryption, using equivalent decryption method to achieve the greatest degree of hardware multiplexing; In compatibility, there are four operating modes, including two feedback and two non-feedback modes to accommodate different encryption requirements. As a SoC design, an on-chip bus interface is necessary, in this thesis, the latest ARM AXI (Advanced eXtensible Interface) bus is adopted. It has high bandwidth, low latency and it is flexible to design. It has become the most widely used on-chip bus standard in SoC. As a slave device, the IP core includes AXI interface, two non-symmetrical FIFO, DMA interface and AES encryption core. AXI interface is designed using state machine design, minimizing hardware cost, and the low power interface is using, its gate count is only 992.
By using Synopsys VCS and Novas Verdi, under the Synopsys platform VMT (Verification Modeling Technology), AES IP passed the functional verification. FPGA verification is passed through under Xilinx VIRTEX5 series XC5VLX330T chip. Using 90nm technology to complete synthesis by Design Compiler, the total gate count is 24.3K, under the frequency of 133 MHz, its throughput is about 1.4Gbps. Therefore, it is fully capable for communications needs of handheld device.
本文设计了具备低硬件开销,较好的处理能力,兼容多种加密工作模式以适应不同安全性需求的AES IP核,适合工作在手持设备的SoC芯片中。
设计从算法入手,从AES算法的每个步骤,都作了低硬件开销的复用设计。在字节变换中,采用复合域变换的方式取代查找表方法;在列混合中,通过矩阵变形将电路全部采用异或门实现;在加密和解密两种不同的过程中,通过采用等效解密方法实现了最大程度的硬件复用;在兼容性方面,设计了四种工作模式,包括两种反馈,两种非反馈模式以适应不同的加密工作需求等。AES IP核作为SoC设计,必须选择片上总线作为接口,本文采用了ARM公司最新的AXI(Advanced eXtensible Interface)总线,该总线具备高带宽、低延时、设计非常灵活等特点,目前已经成为SoC中使用最为广泛的片上总线标准。AES核做为SoC系统中的从设备,整个IP核包含了AXI接口,两个非对称FIFO与DMA接口,以及AES加解密核。其中AXI从接口本文采用了状态机设计,最大程度减小了硬件开销,并设计了低功耗接口,接口逻辑仅占用992门。
本文利用仿真工具Synopsys VCS以及Novas Verdi在Synopsys公司的的验证平台VMT(Verification Modeling Technology)下通过了功能验证,并且在Xilinx公司的VIRTEX5系列XC5VLX330T芯片中通过FPGA验证。使用90nm工艺库在Design Compiler中完成逻辑综合,总门数仅为24.3K,在133Mhz的工作频率下,拥有1.4Gbps的吞吐量,说明其具有较好的处理能力与相对低的硬件开销,完全可以胜任手持设备的通讯需求。
AES (Advance Encrypt Standard) is an encryption algorithm through the levy election set to replace DES (Data Encrypt Standard) by National Institute of Standards and Technology (NIST) in 2000. The algorithm of AES is called RIJNAEL, it is flexible to implement either hardware or software, and it is security and strong and able to adapt to very different working environment, it becomes a research hot spot since its birth.
This thesis designed an AES IP core with low hardware cost and good process ability, and it is compatible with many different modes to work in different security level, it’s suitable to use in SoC for handheld device. This IP core is starting from the algorithm design, using low cost and reuse method in each step from the AES algorithm. In SubBytebytes, using Galois field calculation instead of LUT; In Mixcolumns, using all XOR gates to implement through the deformation of the matrix; In encryption and decryption, using equivalent decryption method to achieve the greatest degree of hardware multiplexing; In compatibility, there are four operating modes, including two feedback and two non-feedback modes to accommodate different encryption requirements. As a SoC design, an on-chip bus interface is necessary, in this thesis, the latest ARM AXI (Advanced eXtensible Interface) bus is adopted. It has high bandwidth, low latency and it is flexible to design. It has become the most widely used on-chip bus standard in SoC. As a slave device, the IP core includes AXI interface, two non-symmetrical FIFO, DMA interface and AES encryption core. AXI interface is designed using state machine design, minimizing hardware cost, and the low power interface is using, its gate count is only 992.
By using Synopsys VCS and Novas Verdi, under the Synopsys platform VMT (Verification Modeling Technology), AES IP passed the functional verification. FPGA verification is passed through under Xilinx VIRTEX5 series XC5VLX330T chip. Using 90nm technology to complete synthesis by Design Compiler, the total gate count is 24.3K, under the frequency of 133 MHz, its throughput is about 1.4Gbps. Therefore, it is fully capable for communications needs of handheld device.
引文
[1]密码学[DB/OL]. http://zh.wikipedia.org/zh-cn/%E5%AF%86%E7%A0%81%E5%AD%A6
[2] Joan Daemen, Vincent Rijmen.高级加密标准(AES)算法—Rijndael的设计[M].谷大武,徐胜波译.北京:清华大学出版社,2003:1-8,31-52
[3]朱其伟.应用进阶加密标准之硅智产产生器进行设计空间之探讨[D].台湾国立中山大学资讯工程学系硕士论文,2006
[4] AES1,Ultra-Compact Advanced Encryption Standard Core[CP/OL]. http://www.ipcores.com, 2005
[5] AMBA AXI Protocol Specification[S]. ARM Ltd, June 2003
[6]万哲先.代数和编码[M].第三版.高等教育出版社,2007:406-443
[7]林东岱.代数学基础与有限域[M].高等教育出版社,2006:55-82
[8] ADVANCED ENCRYPTION STANDARD (AES)[S].Federal Information Processing Standards Publication 197,November 26, 2001
[9] C. Su, T. Lin, et al. A High-Throughput Low-Cost AES Processor[J]. Communications Magazine, IEEE ,2003,41(12):86-91
[10] J. Wang,S. Chang, et al. A Novel Round Function Architecture for AES Encryption/Decryption Utilizing Look-up Table[R], IEEE 37th Annual 2003 International Carnahan Conference on Digital Object Identifier, 2003
[11]张西,邱智亮. AES协处理器IP核的设计与实现[J],电子科技,2007, 7: 1-3,8
[12] C.C Lu, S.Y Tseng. Integrated Design of AES (Advanced Encryption Standard) Encrypter and Decrypter[J], IEEE Transaction on Information Theory, 2002, 37(5):1241-1260
[13] C.Paar, M. Rosner. Comparison of Arithmetic Architectures for Reed-Solomon Decoders in Reconfigurable Hardware[J], Fifth annual IEEE symposium on field-programmable custom computing mashines,1997
[14] Vincent Rijmen. Efficient Implementation of the Rijndael S-box[DB/OL]. http://www.east.kuleuven.ac.be/~rijmen/rijndael
[15] Xinmiao Zhang, Keshab K. Parhi. High-Speed VLSI Architectures for the AES Algorithm[J], IEEE TRANSACTIONS ON VERY LARGE SCALE INTEGRATION (VLSI) SYSTEMS, 2004,12(9):957-966
[16] H. Brunner. A.Curiger, et al. On Computing Multiplicative Inverses in GF(2m)[J], IEEETRANSACTION ON COMPUTER, 1993,42(8):1010-1015
[17] T. Itoh, S.Tsujii. A fast algorithm for computing Multiplicative inverses in GF(2m) using normal bases[J], Information and computation,1988,78:171-177
[18] Erik De Win, A.Bosselaers,et al. Advances in Cryptology—ASIACRYPT '96[M]. Springer Berlin / Heidelberg, 2006:65-76
[19] C.Paar, Efficient VLSI architecture for bit-parallel computations in Galois field[D],Institute for Experimental Mathematics,University of Essen, Essen, Germany, 1994.
[20] C.Paar, P.Roelse, Efficient Multiplier Architectures for Galois Fields GF(24n)[J], IEEE TRANSACTIONS ON COMPUTERS,1998,47(2):162-170
[21]李海山.基于AMBA总线的AES算法IP软核研究[D].浙江大学, 2007
[22] H.Kuo, I.Verbauwhede, Architectual Optimization for a 1.82 Gbits/sec VLSI Implementation of the AES Rijndael Algorithm[R], Proceedings CHES 2001, Paris, France, 2001
[23] V. Fisher, Realization of the Round 2 Candidates Using Altera FPGA[R], Proceedings. The Third AES Conference(AES3), New York, 2000
[24]钟国煌.针对高效能SoC应用之资讯安全及网路协同处理器设计与实作[D].台湾国立中山大学资讯工程学系,2002
[25] J.H. Shim, D.W.Kim,et al. A Rijndael cryptoprocessor using shred on-the-fly key scheduler[R]. Proceedings of IEEE Asia-Pacific Conference on ASIC,2002
[26] ANSI X3[1].106-1983[S], American National Standards Institute, 1983
[27] Xinmiao Zhang, Keshab K. Parhi. Implementation Approaches for the Advanced Encryption Standard Algorithm[J], IEEE Circuits and Systems Magazine,2002,2:24-46
[28]华为技术有限公司上海研究所. VMT在AMBA部件验证中的应用[EB/OL].电子技术交流网,2004
[29] DesignWare Verification IP Vera Modeling Technology (VMT)[Z],Synopsys, Inc,2010
[30] Successful Mixed-Language Code Coverage with VCS[Z], Synopsys, Inc,2004
[31] T Ichikawa, T Kasuya, et al. Hardware Evaluation of the AES Finalists[R]. Proc. 3th AES Candidate Conference, New York, 2000
[32] S. Morioka and A. Satoh. A 10Gb/s full-AES Crypto Design with a Twisted-BDD S-Box Architecture[R],IEEE Int’l. Conf. Comp. Des., Freiburg, Germany, 2002
[2] Joan Daemen, Vincent Rijmen.高级加密标准(AES)算法—Rijndael的设计[M].谷大武,徐胜波译.北京:清华大学出版社,2003:1-8,31-52
[3]朱其伟.应用进阶加密标准之硅智产产生器进行设计空间之探讨[D].台湾国立中山大学资讯工程学系硕士论文,2006
[4] AES1,Ultra-Compact Advanced Encryption Standard Core[CP/OL]. http://www.ipcores.com, 2005
[5] AMBA AXI Protocol Specification[S]. ARM Ltd, June 2003
[6]万哲先.代数和编码[M].第三版.高等教育出版社,2007:406-443
[7]林东岱.代数学基础与有限域[M].高等教育出版社,2006:55-82
[8] ADVANCED ENCRYPTION STANDARD (AES)[S].Federal Information Processing Standards Publication 197,November 26, 2001
[9] C. Su, T. Lin, et al. A High-Throughput Low-Cost AES Processor[J]. Communications Magazine, IEEE ,2003,41(12):86-91
[10] J. Wang,S. Chang, et al. A Novel Round Function Architecture for AES Encryption/Decryption Utilizing Look-up Table[R], IEEE 37th Annual 2003 International Carnahan Conference on Digital Object Identifier, 2003
[11]张西,邱智亮. AES协处理器IP核的设计与实现[J],电子科技,2007, 7: 1-3,8
[12] C.C Lu, S.Y Tseng. Integrated Design of AES (Advanced Encryption Standard) Encrypter and Decrypter[J], IEEE Transaction on Information Theory, 2002, 37(5):1241-1260
[13] C.Paar, M. Rosner. Comparison of Arithmetic Architectures for Reed-Solomon Decoders in Reconfigurable Hardware[J], Fifth annual IEEE symposium on field-programmable custom computing mashines,1997
[14] Vincent Rijmen. Efficient Implementation of the Rijndael S-box[DB/OL]. http://www.east.kuleuven.ac.be/~rijmen/rijndael
[15] Xinmiao Zhang, Keshab K. Parhi. High-Speed VLSI Architectures for the AES Algorithm[J], IEEE TRANSACTIONS ON VERY LARGE SCALE INTEGRATION (VLSI) SYSTEMS, 2004,12(9):957-966
[16] H. Brunner. A.Curiger, et al. On Computing Multiplicative Inverses in GF(2m)[J], IEEETRANSACTION ON COMPUTER, 1993,42(8):1010-1015
[17] T. Itoh, S.Tsujii. A fast algorithm for computing Multiplicative inverses in GF(2m) using normal bases[J], Information and computation,1988,78:171-177
[18] Erik De Win, A.Bosselaers,et al. Advances in Cryptology—ASIACRYPT '96[M]. Springer Berlin / Heidelberg, 2006:65-76
[19] C.Paar, Efficient VLSI architecture for bit-parallel computations in Galois field[D],Institute for Experimental Mathematics,University of Essen, Essen, Germany, 1994.
[20] C.Paar, P.Roelse, Efficient Multiplier Architectures for Galois Fields GF(24n)[J], IEEE TRANSACTIONS ON COMPUTERS,1998,47(2):162-170
[21]李海山.基于AMBA总线的AES算法IP软核研究[D].浙江大学, 2007
[22] H.Kuo, I.Verbauwhede, Architectual Optimization for a 1.82 Gbits/sec VLSI Implementation of the AES Rijndael Algorithm[R], Proceedings CHES 2001, Paris, France, 2001
[23] V. Fisher, Realization of the Round 2 Candidates Using Altera FPGA[R], Proceedings. The Third AES Conference(AES3), New York, 2000
[24]钟国煌.针对高效能SoC应用之资讯安全及网路协同处理器设计与实作[D].台湾国立中山大学资讯工程学系,2002
[25] J.H. Shim, D.W.Kim,et al. A Rijndael cryptoprocessor using shred on-the-fly key scheduler[R]. Proceedings of IEEE Asia-Pacific Conference on ASIC,2002
[26] ANSI X3[1].106-1983[S], American National Standards Institute, 1983
[27] Xinmiao Zhang, Keshab K. Parhi. Implementation Approaches for the Advanced Encryption Standard Algorithm[J], IEEE Circuits and Systems Magazine,2002,2:24-46
[28]华为技术有限公司上海研究所. VMT在AMBA部件验证中的应用[EB/OL].电子技术交流网,2004
[29] DesignWare Verification IP Vera Modeling Technology (VMT)[Z],Synopsys, Inc,2010
[30] Successful Mixed-Language Code Coverage with VCS[Z], Synopsys, Inc,2004
[31] T Ichikawa, T Kasuya, et al. Hardware Evaluation of the AES Finalists[R]. Proc. 3th AES Candidate Conference, New York, 2000
[32] S. Morioka and A. Satoh. A 10Gb/s full-AES Crypto Design with a Twisted-BDD S-Box Architecture[R],IEEE Int’l. Conf. Comp. Des., Freiburg, Germany, 2002