本文選題：AES　切入點：面積優(yōu)化　出處：《南京航空航天大學》2016年博士論文　論文類型：學位論文

【摘要】：信息安全的核心是密碼技術,高級加密標準(Adavanced Encryption Standard,AES)作為最新的分組密碼算法,已被廣泛應用于信息安全的各個領域,包括無線傳感網(wǎng)和射頻識別技術(Radio Frequency Identification,RFID)等資源受限場合。然而如何在這種低成本、低功耗、資源受限的硬件平臺上實現(xiàn)AES密碼算法,給電路設計帶來新的挑戰(zhàn)。論文針對資源受限的應用領域,研究基于復合域運算的AES密碼電路優(yōu)化設計方法,降低加密電路面積和延時。在AES密碼電路的算法級,重點解決了公共項消除(Common Subexpression Elimination,CSE)算法優(yōu)化過程中的延時控制、最優(yōu)GF((2~4)~2)域乘法逆結構、GF(((2~2)~2)~2)乘法逆運算單元之間的公共項(Common Subexpressions,CSs)消除等關鍵問題,在結構級研究了基于復合域的S盒與行移位、列混合之間的運算合并方法,在系統(tǒng)級研究了面向ZigBee節(jié)點芯片的AES-CCM*協(xié)處理器實現(xiàn)方法。論文主要工作與創(chuàng)新點如下�；谧疃搪窂蕉鏄浣Y構理論,研究了CSE優(yōu)化過程中的延時控制方法,解決了CSE算法在優(yōu)化過程中容易造成延時增加問題。首先根據(jù)最短路徑二叉樹構造理論,從數(shù)學形式證明消除CSs會增加路徑長度,并得出一個保持最短路徑不變的充分非必要條件。根據(jù)這個充分非必要條件,提出了最短路徑CSE(Shortest Path CSE,SPCSE)算法,在CSs消除過程中保持各個輸出信號的路徑長度不變。在SPCSE基礎上,提出了基于最短路徑二叉樹構造理論的延時敏感CSE(Delay Aware CSE,DACSE)算法,DACSE算法能夠在給定延時約束條件下對CSs消除,不僅擴大了CSs選擇范圍,提高了面積優(yōu)化效率,還能夠給出從最小電路面積到最小關鍵路徑延時之間更廣泛的面積—延時折衷設計。針對目前GF((2~4)~2)域S盒結構單一,電路實現(xiàn)面積和延時都較大的問題,全面分析了GF((2~4)~2)域乘法逆結構,提出了一種短延時GF((2~4)~2)域S盒電路,降低了電路延時。分析了GF(2~4)域乘法逆和GF(2~4)乘法器的電路特點,提出了基于AND-XOR陣列結構的GF(2~4)域乘法逆單元和乘法器單元,減少了電路實現(xiàn)面積和延時。在此基礎上,分析了不可約多項式和基對GF((2~4)~2)乘法逆和映射矩陣硬件復雜度的影響,基于最優(yōu)映射矩陣和最優(yōu)乘法逆結構構造出短延時GF((2~4)~2)S盒電路結構。為消除GF(((2~2)~2)~2)乘法逆運算單元之間的冗余邏輯,提出了基于DACSE分組聯(lián)合優(yōu)化方法,減少了GF(((2~2)~2)~2)S盒電路實現(xiàn)的面積和延時。根據(jù)GF(((2~2)~2)~2)乘法逆結構特點,對乘法逆中的運算單元進行分組,推導出各個運算單元在GF((2~2)~2)域上的邏輯表達式,采用DACSE對每個分組內的運算單元分別進行聯(lián)合優(yōu)化和單獨優(yōu)化。優(yōu)化之后的GF(((2~2)~2)~2)S盒進一步減少了電路面積和延時。研究了復合域S盒、行移位和列混合之間的運算合并方法,提出了基于運算合并的輪變換電路優(yōu)化設計方法,以進一步減少AES電路實現(xiàn)的面積和延時。首先推導了列混合運算中乘常數(shù)的矩陣形式,根據(jù)輪變換公式將復合域S盒與行移位、列混合進行合并。基于DACSE算法,對合并矩陣進行聯(lián)合優(yōu)化。最后,基于分時復用方法實現(xiàn)了AES加/解密復用電路,相比于加密電路和解密電路的單獨實現(xiàn),AES加/解密復用電路減少了28.12%電路面積,與未采用任何優(yōu)化技術的AES加/解密復用電路相比,基于運算合并和聯(lián)合優(yōu)化的AES加/解密復用電路減少了46.06%電路面積。在AES密碼電路優(yōu)化設計基礎上,提出了一個面向ZigBee節(jié)點芯片的基于單個AES處理單元的AES-CCM*協(xié)處理器架構。基于單個AES處理單元完成了ZigBee安全模式中的AES-CCM*運算和ZigBee密鑰傳輸協(xié)議中的HMAC運算,有效減小了ZigBee系統(tǒng)中的資源開銷。
[Abstract]:Is the core of the information security encryption technology, advanced encryption standard (Adavanced Encryption Standard, AES) as a new block cipher algorithm, has been widely used in various fields of information security, including wireless sensor network and RFID (Radio Frequency Identification, RFID) and other resource constrained occasions. However in this low cost low power consumption, implementation of AES algorithm for resource constrained hardware platform, which brings new challenges to the circuit design. Aiming at the application of limited resource, optimization of AES cipher circuit design method based on composite field arithmetic, reduce the encryption circuit area and delay. In the algorithm level AES password circuit, mainly to solve the public elimination (Common Subexpression Elimination CSE) control algorithm in the process of optimizing delay, the optimal GF ((2~4) ~2) multiplicative inverse structure (GF ((2~2) ~2) ~2) multiplicative inverse unit Between the public (Common Subexpressions, CSs) key issues to eliminate, in the structure level of composite domain S box and line shift based on the combined method of mixed column operation between, at the system level of AES-CCM* co processor for ZigBee node chip implementation method. The main work and innovations are as follows. The theory of the two shortest path tree structure based on delay control method of CSE in the optimization process, CSE algorithm is solved easily in the optimization process caused by the increased delay problem. According to the two shortest path tree structure theory, from the mathematical form of proof elimination of CSs will increase the length of the path and get a shortest path keep unchanged sufficient but not necessary. According to the sufficient but not necessary condition, put forward the shortest path CSE (Shortest Path CSE, SPCSE CSs) algorithm, in the elimination process to keep the output signal path length Variable. On the basis of SPCSE, we propose a delay sensitive CSE shortest path tree is constructed based on the theory of two (Delay Aware CSE DACSE) algorithm, DACSE algorithm can eliminate the CSs at a given delay constraint conditions, not only to expand the CSs range of choices, improve the area optimization efficiency, but also be able to give the minimum circuit area to the minimum critical path delay of the broader area and delay tradeoff design. Aiming at the GF ((2~4) ~2) S box single structure, circuit area and delay are big problems, a comprehensive analysis of the GF ((2~4) ~2) multiplicative inverse structure, this paper presents a short delay ((GF 2~4) ~2) S box circuit, reduces the circuit delay. Analysis of GF (2~4) multiplicative inverse and GF (2~4) circuit characteristic multiplier, put forward the structure of AND-XOR array based on GF (2~4) multiplicative inverse unit and multiplier unit, reduce the area and delay circuit. On the basis of, 鍒嗘瀽浜嗕笉鍙害澶氶」寮忓拰鍩哄GF((2~4)~2)涔樻硶閫嗗拰鏄犲皠鐭╅樀紜歡澶嶆潅搴︾殑褰卞搷,鍩轟簬鏈，

本文編號：1624748