Search

CN-122001599-A - Method and device for realizing AES encryption operation

CN122001599ACN 122001599 ACN122001599 ACN 122001599ACN-122001599-A

Abstract

The application discloses a method and a device for realizing AES encryption operation, which support the implementation mode of multiplexing an AES hardware computing core to accelerate the AES encryption operation in a first mode, wherein the AES hardware core can be effectively utilized in the two modes, thereby not only ensuring the safety and the reliability, but also improving the encryption operation speed through parallel processing when required.

Inventors

  • ZHANG WEI
  • WANG DONGYU

Assignees

  • 加特兰微电子科技(上海)有限公司

Dates

Publication Date
20260508
Application Date
20241105

Claims (14)

  1. 1. A method of performing an AES encryption operation, comprising: In the first mode, different tasks are processed in parallel by different advanced encryption standard AES computing cores participating in the AES CCM encryption operation, wherein the different tasks comprise counter mode CTR encryption/decryption and cipher block chaining message authentication code CBC-MAC calculation, and when the AES computing core processing CTR encryption/decryption decrypts the current data block, the AES computing core processing CBC-MAC calculation verifies the decrypted data block.
  2. 2. The method of claim 1, further comprising: Selecting the first mode of the scene applied to the non-functional safety requirement or a second mode of the scene applied to the functional safety requirement; For the case of selecting the second mode, the different AES computing cores participating in the AES CCM encryption operation process and compare input data at the same time, so as to ensure the accuracy of the computation.
  3. 3. The method of claim 1 or 2, further comprising, in the first mode: the different AES compute cores participating in the AES CCM encryption operation serially compute CTR and CBC MAC.
  4. 4. The method of claim 3, wherein the AES compute core that handles CTR encryption/decryption comprises one or more than one.
  5. 5. The method according to claim 1 or 2, wherein, The different tasks are CTR encryption; And the AES computing core for processing the CBC-MAC computation processes the CBC-MAC computation of the corresponding data block in parallel to generate an authentication tag.
  6. 6. The method according to claim 1 or 2, wherein, The different tasks are CTR decryption; The AES computing core for processing the CTR encryption/decryption is responsible for the CTR decryption of data to generate a plaintext; and the AES computing core for processing the CBC-MAC computation performs CBC-MAC verification according to the decryption result to ensure the data integrity, and simultaneously the AES computing core for processing the CTR encryption/decryption and the AES computing core for processing the CBC-MAC computation process the next data block in parallel through a pipeline.
  7. 7. The method according to claim 1 or 2, wherein the second mode and the first mode are selected by setting a configuration register.
  8. 8. The method of claim 7, wherein the first mode is a performance mode and the second mode is a lockstep mode.
  9. 9. A method of performing an AES encryption operation, comprising: in a first mode, different AES computation cores participating in an AES encryption operation process different blocks of plaintext data/blocks of ciphertext data in parallel, wherein the data before and after AES encryption has no dependency.
  10. 10. The method of claim 9, further comprising: Selecting the first mode of the scene applied to the non-functional safety requirement or a second mode of the scene applied to the functional safety requirement; for the case of selecting the second mode, the different AES computing cores participating in the AES encryption operation process and compare input data at the same time, so as to ensure the accuracy of the computation.
  11. 11. The method of claim 9 or 10, wherein the AES encryption with no dependency on the front and back data comprises an electronic codebook ECB encryption mode of AES, a counter mode of AES, CTR.
  12. 12. The method of claim 9 or 10, wherein the different AES compute cores participating in the AES encryption operation process different blocks of plaintext data/blocks of ciphertext data in parallel, comprising: Different AES calculation cores participating in the AES encryption operation simultaneously input different plaintext data blocks or ciphertext data blocks so as to process different data blocks in parallel.
  13. 13. A computer readable storage medium storing computer executable instructions for performing the method of implementing an AES encryption operation of any one of claims 1 to 8, and/or 9 to 12.
  14. 14. A computer device comprising a memory and a processor, wherein the memory has stored therein instructions executable by the processor for performing the steps of the method for performing an AES encryption operation of any of claims 1-8, and/or 9-12.

Description

Method and device for realizing AES encryption operation Technical Field The present application relates to, but not limited to, information security technologies, and in particular, to a method and apparatus for implementing AES encryption operations. Background The CCM mode (Counter with CBC-MAC) of the Advanced Encryption Standard (AES) (abbreviated herein as AES CCM encryption operation) is an encryption mode that combines encryption and authentication functions. It uses a Counter Mode (CTR) to encrypt data, and a Cipher Block chaining message authentication code (CBC-MAC, cipher Block CHAINING MESSAGE Authentication Code) to generate an authentication tag to ensure data integrity and authenticity. AES, as a symmetric encryption algorithm, is responsible for encrypting and decrypting data, ensuring confidentiality. In the encryption process, the CTR combines the incremented counter with the key to encrypt the data block to generate a pseudo-random number stream. As for CBC-MAC, it is responsible for verifying the integrity and authenticity of data, preventing tampering. The CCM mode combines CTR and CBC-MAC to provide encryption function and perform data authentication. The CCM mode can realize double protection under limited computing resources, and is widely applied in environments with limited resources such as wireless communication, internet of things equipment and the like. In the context of functional security, another layer of security is introduced through lockstep (lockstep) mode. By using two sets of AES computation cores, namely a first AES computation core (AES core 0) and a second AES computation core (AES core 1), the input data is computed through two independent paths, and the final results are compared, ensuring the accuracy of the computation. This mode is particularly suitable for systems requiring high security. However, in practical applications, if such strict functional security is not required, one of the AES computing cores, such as AES core1, is idle and in a wasteful state. Disclosure of Invention The application provides a method and a device for realizing AES encryption operation, which can reasonably utilize AES calculation resources and improve encryption operation speed on the premise of ensuring safety and reliability slightly. The embodiment of the invention provides a method for realizing AES encryption operation, which comprises the following steps: In the first mode, different tasks are processed in parallel by different advanced encryption standard AES computing cores participating in the AES CCM encryption operation, wherein the different tasks comprise counter mode CTR encryption/decryption and cipher block chaining message authentication code CBC-MAC calculation, and when the AES computing core processing CTR encryption/decryption decrypts the current data block, the AES computing core processing CBC-MAC calculation verifies the decrypted data block. In an exemplary embodiment, the method further includes: Selecting the first mode of the scene applied to the non-functional safety requirement or a second mode of the scene applied to the functional safety requirement; For the case of selecting the second mode, the different AES computing cores participating in the AES CCM encryption operation process and compare input data at the same time, so as to ensure the accuracy of the computation. In an exemplary embodiment, in the first mode, the method further includes: the different AES compute cores participating in the AES CCM encryption operation serially compute CTR and CBC MAC. In one illustrative example, the AES compute core that handles CTR encryption/decryption includes one or more than one. In one illustrative example, the different task is CTR encryption; And the AES computing core for processing the CBC-MAC computation processes the CBC-MAC computation of the corresponding data block in parallel to generate an authentication tag. In one illustrative example, the different task is CTR decryption; The AES computing core for processing the CTR encryption/decryption is responsible for the CTR decryption of data to generate a plaintext; and the AES computing core for processing the CBC-MAC computation performs CBC-MAC verification according to the decryption result to ensure the data integrity, and simultaneously the AES computing core for processing the CTR encryption/decryption and the AES computing core for processing the CBC-MAC computation process the next data block in parallel through a pipeline. In one illustrative example, the second mode and the first mode are selected by setting a configuration register. In one illustrative example, the first mode is a performance mode and the second mode is a lockstep mode. The embodiment of the application also provides a method for realizing AES encryption operation, which comprises the following steps: in a first mode, different AES computation cores participating in an AES encryption operation process different bl