可信计算中对称密码算法的FPGA设计与实现

论文总字数：35831字

摘 要

近些年来，信息技术和互联网技术的正在高速发展，各种网络应用与服务已经渗透到各行各业以及生活中的各个角落。然而，许多信息安全隐患随之产生，如信息泄露、恶意软件的攻击等。为了对抗扑面而来的各种信息安全的问题，可信计算平台(TCG)的概念被提出。目前，国际范围内已经形成了以TPM安全芯片为信任根的可信计算体系，中国也随之确立了以自主研发的TCM安全芯片为信任根的可信计算标准。然而，当下国内以TCM为核心的安全产品种类较少，技术不够成熟，未能将国密算法封装在硬件芯片内部，所搭建的可信计算平台也不够完整。所以，如何以TCM标准芯片为可信根，搭建一个严谨完善的可信计算平台成为了当务之急。硬件层作为可信计算架构的底层，搭载了多种国密算法。其中，对称密码算法是不可或缺的一部分。

本文将结合中国可信计算行业标准，针对SM4.0分组密码算法与祖冲之序列密码算法(ZUC)这两种对称加密算法展开深入研究并在FPGA硬件平台上实现与验证，得到如下成果：

1. 针对SM4算吞吐量较低，延时较高的问题，本文通过改进其算法架构，以相对较低输出延时为代价，在100MHz系统主频下将算法的极限吞吐量提升至48.5MB/s。
2. 针对ZUC算法中线性反馈移位寄存器LFSR更新路径较长的问题，本文通过改进LFSR更新路径中的模2³¹-1加法器，大大缩短了更新路径的长度，从而在100MHz系统主频下将系统吞吐量提升至66.7MB/s。同时，由于该算法的实现采用了串行运算架构，对硬件资源的消耗极少，所以可以更方便被地封装在硬件芯片中。另外，在本文中首次完成了对ZUC-256算法的FPGA实现与验证，对于搭建安全可靠的5G通信与应用环境具有重要意义。

关键词：可信计算，TCM，对称密码算法，SM4.0，祖冲之序列密码

ABSTRACT

In recent years, with the fast development of information technology and, various network applications and services have penetrated into all walks of life and every corner. However, many hidden risks of information security occurs, including information leakage, malware attacks, etc. The concept of trusted computing platform (TCG) is proposed to counter the various information security problems. At present, a trusted computing system with TPM security chip as the root of trust has been formed internationally, and China has also established a trusted computing standard with TCM security chip developed by itself as the root of trust. However, at present, there are few kinds of security products with TCM as the core in China, and the technology is not mature enough to encapsulate the national secret algorithm in the hardware chip, and the established trusted computing platform is not complete enough. Therefore, how to build a rigorous and perfect trusted computing platform with TCM chip as the trusted root has become a top priority. As the bottom layer of trusted computing architecture, the hardware layer is equipped with various state secret algorithms. Among them, symmetric cryptography is an indispensable part.

In this paper, combined with China's trusted computing industry standards, SM4.0 block cipher algorithm and ZUC sequence cipher algorithm (ZUC), two symmetric encryption algorithms, are deeply studied and implemented and verified on the FPGA hardware platform. The results are as follows:

1. In order to solve the problem of low throughput and high delay of SM4, this paper improves its algorithm architecture to increase the maximum throughput of the algorithm to 48.5MB/s under the 100MHz system main frequency at the cost of relatively low output delay.
2. Aiming at the long update path of LFSR, the linear feedback shift register in ZUC algorithm, this paper improves the modulo 2³¹-1 adder in the update path of LFSR to greatly shorten the length of the update path, thus improving the system throughput to 66.7MB/s under the 100MHz system main frequency. At the same time, because the implementation of the algorithm adopts the serial computing architecture, the consumption of hardware resources is minimal, so it can be more easily encapsulated in the hardware chip. In addition, the FPGA implementation and verification of ZUC-256 algorithm is completed for the first time in this paper, which is of great significance for building a safe and reliable 5G communication and application environment.

Key words：trusted computing，TCM，symmetric cryptography，sm4.0，ZUC sequential cipher

目 录

摘要Ⅰ

AbstractⅡ

第一章 绪论1

1.1 可信计算简述1

1.1.1可信计算的由来和发展1

1.1.2 可信计算解决的问题1

1.1.3 国内安全芯片发展现状2

1.2 对称密码简述3

1.3 SM4和ZUC算法发展现状5

1.4 本文研究成果6

1.5 文章结构6

第二章 算法基本原理7

2.1 SM4.0算法简述7

2.1.1 术语定义7

2.1.2 轮函数F7

2.1.3 密钥扩展算法8

2.1.4 加解密算法9

2.2 ZUC序列密码简述10

2.2.1 术语定义10

2.2.2 线性反馈移位寄存器11

2.2.3 比特重组(BR)12

2.2.4 非线性函数F12

2.2.5 密钥装入13

2.2.6 算法的运行13

2.2.7 128-EEA3算法14

2.2.8 128-EIA3算法16

2.2.9 ZUC-256算法17

2.3 本章小结19

第三章 方案设计与实现20

3.1 SM4算法FPGA设计20

3.1.1 顶层设计20

3.1.2 加密通道设计21

3.1.3 加密模块详解22

3.1.4 解密通道简述26

3.1.5 流水线架构26

3.2 ZUC算法FPGA设计26

3.2.1 软件流程设计26

3.2.2 硬件模块设计27

3.2.3 性能优化28

3.3 本章小结29

第四章 方案验证与性能评估30

4.1 SM4算法验证与分析30

4.1.1 实验环境30

4.1.2 仿真参数设置30

4.1.3 仿真结果分析30

4.1.4 算法性能分析31

4.2 ZUC算法验证与分析32

4.2.1 实验环境32

4.2.2 仿真参数设置32

4.2.3 仿真结果分析32

4.2.4 算法性能分析35

4.3 本章小结35

第五章 总结与展望37

参考文献38

致 谢41

1 绪论

剩余内容已隐藏，请支付后下载全文，论文总字数：35831字