本文選題：AES　切入點：面積優(yōu)化　出處：《南京航空航天大學(xué)》2016年博士論文　論文類型：學(xué)位論文

【摘要】：信息安全的核心是密碼技術(shù),高級加密標(biāo)準(zhǔn)(Adavanced Encryption Standard,AES)作為最新的分組密碼算法,已被廣泛應(yīng)用于信息安全的各個領(lǐng)域,包括無線傳感網(wǎng)和射頻識別技術(shù)(Radio Frequency Identification,RFID)等資源受限場合。然而如何在這種低成本、低功耗、資源受限的硬件平臺上實現(xiàn)AES密碼算法,給電路設(shè)計帶來新的挑戰(zhàn)。論文針對資源受限的應(yīng)用領(lǐng)域,研究基于復(fù)合域運算的AES密碼電路優(yōu)化設(shè)計方法,降低加密電路面積和延時。在AES密碼電路的算法級,重點解決了公共項消除(Common Subexpression Elimination,CSE)算法優(yōu)化過程中的延時控制、最優(yōu)GF((2~4)~2)域乘法逆結(jié)構(gòu)、GF(((2~2)~2)~2)乘法逆運算單元之間的公共項(Common Subexpressions,CSs)消除等關(guān)鍵問題,在結(jié)構(gòu)級研究了基于復(fù)合域的S盒與行移位、列混合之間的運算合并方法,在系統(tǒng)級研究了面向ZigBee節(jié)點芯片的AES-CCM*協(xié)處理器實現(xiàn)方法。論文主要工作與創(chuàng)新點如下�；谧疃搪窂蕉鏄浣Y(jié)構(gòu)理論,研究了CSE優(yōu)化過程中的延時控制方法,解決了CSE算法在優(yōu)化過程中容易造成延時增加問題。首先根據(jù)最短路徑二叉樹構(gòu)造理論,從數(shù)學(xué)形式證明消除CSs會增加路徑長度,并得出一個保持最短路徑不變的充分非必要條件。根據(jù)這個充分非必要條件,提出了最短路徑CSE(Shortest Path CSE,SPCSE)算法,在CSs消除過程中保持各個輸出信號的路徑長度不變。在SPCSE基礎(chǔ)上,提出了基于最短路徑二叉樹構(gòu)造理論的延時敏感CSE(Delay Aware CSE,DACSE)算法,DACSE算法能夠在給定延時約束條件下對CSs消除,不僅擴大了CSs選擇范圍,提高了面積優(yōu)化效率,還能夠給出從最小電路面積到最小關(guān)鍵路徑延時之間更廣泛的面積—延時折衷設(shè)計。針對目前GF((2~4)~2)域S盒結(jié)構(gòu)單一,電路實現(xiàn)面積和延時都較大的問題,全面分析了GF((2~4)~2)域乘法逆結(jié)構(gòu),提出了一種短延時GF((2~4)~2)域S盒電路,降低了電路延時。分析了GF(2~4)域乘法逆和GF(2~4)乘法器的電路特點,提出了基于AND-XOR陣列結(jié)構(gòu)的GF(2~4)域乘法逆單元和乘法器單元,減少了電路實現(xiàn)面積和延時。在此基礎(chǔ)上,分析了不可約多項式和基對GF((2~4)~2)乘法逆和映射矩陣硬件復(fù)雜度的影響,基于最優(yōu)映射矩陣和最優(yōu)乘法逆結(jié)構(gòu)構(gòu)造出短延時GF((2~4)~2)S盒電路結(jié)構(gòu)。為消除GF(((2~2)~2)~2)乘法逆運算單元之間的冗余邏輯,提出了基于DACSE分組聯(lián)合優(yōu)化方法,減少了GF(((2~2)~2)~2)S盒電路實現(xiàn)的面積和延時。根據(jù)GF(((2~2)~2)~2)乘法逆結(jié)構(gòu)特點,對乘法逆中的運算單元進(jìn)行分組,推導(dǎo)出各個運算單元在GF((2~2)~2)域上的邏輯表達(dá)式,采用DACSE對每個分組內(nèi)的運算單元分別進(jìn)行聯(lián)合優(yōu)化和單獨優(yōu)化。優(yōu)化之后的GF(((2~2)~2)~2)S盒進(jìn)一步減少了電路面積和延時。研究了復(fù)合域S盒、行移位和列混合之間的運算合并方法,提出了基于運算合并的輪變換電路優(yōu)化設(shè)計方法,以進(jìn)一步減少AES電路實現(xiàn)的面積和延時。首先推導(dǎo)了列混合運算中乘常數(shù)的矩陣形式,根據(jù)輪變換公式將復(fù)合域S盒與行移位、列混合進(jìn)行合并�；贒ACSE算法,對合并矩陣進(jìn)行聯(lián)合優(yōu)化。最后,基于分時復(fù)用方法實現(xiàn)了AES加/解密復(fù)用電路,相比于加密電路和解密電路的單獨實現(xiàn),AES加/解密復(fù)用電路減少了28.12%電路面積,與未采用任何優(yōu)化技術(shù)的AES加/解密復(fù)用電路相比,基于運算合并和聯(lián)合優(yōu)化的AES加/解密復(fù)用電路減少了46.06%電路面積。在AES密碼電路優(yōu)化設(shè)計基礎(chǔ)上,提出了一個面向ZigBee節(jié)點芯片的基于單個AES處理單元的AES-CCM*協(xié)處理器架構(gòu)�；趩蝹�AES處理單元完成了ZigBee安全模式中的AES-CCM*運算和ZigBee密鑰傳輸協(xié)議中的HMAC運算,有效減小了ZigBee系統(tǒng)中的資源開銷。
[Abstract]:Is the core of the information security encryption technology, advanced encryption standard (Adavanced Encryption Standard, AES) as a new block cipher algorithm, has been widely used in various fields of information security, including wireless sensor network and RFID (Radio Frequency Identification, RFID) and other resource constrained occasions. However in this low cost low power consumption, implementation of AES algorithm for resource constrained hardware platform, which brings new challenges to the circuit design. Aiming at the application of limited resource, optimization of AES cipher circuit design method based on composite field arithmetic, reduce the encryption circuit area and delay. In the algorithm level AES password circuit, mainly to solve the public elimination (Common Subexpression Elimination CSE) control algorithm in the process of optimizing delay, the optimal GF ((2~4) ~2) multiplicative inverse structure (GF ((2~2) ~2) ~2) multiplicative inverse unit Between the public (Common Subexpressions, CSs) key issues to eliminate, in the structure level of composite domain S box and line shift based on the combined method of mixed column operation between, at the system level of AES-CCM* co processor for ZigBee node chip implementation method. The main work and innovations are as follows. The theory of the two shortest path tree structure based on delay control method of CSE in the optimization process, CSE algorithm is solved easily in the optimization process caused by the increased delay problem. According to the two shortest path tree structure theory, from the mathematical form of proof elimination of CSs will increase the length of the path and get a shortest path keep unchanged sufficient but not necessary. According to the sufficient but not necessary condition, put forward the shortest path CSE (Shortest Path CSE, SPCSE CSs) algorithm, in the elimination process to keep the output signal path length Variable. On the basis of SPCSE, we propose a delay sensitive CSE shortest path tree is constructed based on the theory of two (Delay Aware CSE DACSE) algorithm, DACSE algorithm can eliminate the CSs at a given delay constraint conditions, not only to expand the CSs range of choices, improve the area optimization efficiency, but also be able to give the minimum circuit area to the minimum critical path delay of the broader area and delay tradeoff design. Aiming at the GF ((2~4) ~2) S box single structure, circuit area and delay are big problems, a comprehensive analysis of the GF ((2~4) ~2) multiplicative inverse structure, this paper presents a short delay ((GF 2~4) ~2) S box circuit, reduces the circuit delay. Analysis of GF (2~4) multiplicative inverse and GF (2~4) circuit characteristic multiplier, put forward the structure of AND-XOR array based on GF (2~4) multiplicative inverse unit and multiplier unit, reduce the area and delay circuit. On the basis of, 鍒嗘瀽浜嗕笉鍙害澶氶」寮忓拰鍩哄GF((2~4)~2)涔樻硶閫嗗拰鏄犲皠鐭╅樀紜歡澶嶆潅搴︾殑褰卞搷,鍩轟簬鏈，

本文編號：1624748