Implementation method of SM4-GCM network encryption transmission system based on FPGA

Abstract

The invention relates to an SM4-GCM network encryption transmission system implementation method based on an FPGA, and the method comprises the following steps: S1, receiving required data from a data preparation module, and respectively sending a parameter and a secret key into a random number module and a secret key extension module to generate a corresponding random number and an extension secret key; S2, sending the random number and the plaintext into an encryption module for encryption; S3, sending the obtained ciphertext, key and random number to a message authentication module to generate an HMAC value; S4, during encryption / decryption, enabling the system to update a key required for the next time through an SM3 algorithm and a Pascal algorithm. According to the invention, the shake-128 algorithm in the Keccak is utilized to realize the generation of the random number, the security of the random number is improved, and the resource utilization rate and the working frequency of the random number are improved by optimizing the nonlinear transformation operation and the message authentication operation, so the method is more suitable for the environment of a high-speed network; the SM3 algorithm and the Pascal algorithm are utilized to realize the safe change of the secret key, and the GMAC module is combined to ensure the correctness of the system secret key update.

Description

technical field [0001] The invention belongs to the technical field of information security, and in particular relates to an implementation method of an FPGA-based SM4-GCM network encrypted transmission system. Background technique [0002] In recent years, with the development of 5G network technology, the rate of network transmission data has become faster and faster, and the amount of data has become larger and larger; at the same time, the attacks on the data transmission process have become more and more acute. In order to ensure the security of data transmission, data is often encrypted before transmission. However, due to the improvement of network data transmission rate and the upper limit of software encryption itself, the encryption rate requirements cannot be fully met in high-speed networks, so using hardware to implement encrypted transmission has become a feasible solution. [0003] In the implementation process, in order to meet the high throughput of network...

AI Technical Summary

Problems solved by technology

However, the traditional hardware-based key exchange is implemented by asymmetric encryption method. The disadvantage is that the call of this part is not frequent, but it occupies a lot of resources and increases the cost.

And the encryption must wait for the key exchange to be completed. For a system with frequent key changes, the key exchange will undoubtedly greatly slow down the overall encryption / decryption efficiency of the system.

Secondly, due to the calculation method of GMAC, the message authentication part often slows down the operation of encryption / decryption in the environment of network encrypted transmission, which becomes the bottleneck of system performance.

[0005] In view of the key update and message authentication problems in the SM4_GCM method in the encrypted transmission network mentioned above, it is urgent to design an implementation method for improvement

Images