) 7 1 0 2 E C E C ( g n ir e e n i g n E n o it a c i n u m m o C d n a s c i n o r t c e l E , r e t u p m o C n o e c n e r e f n o C l a n o it a n r e t n I 7 1 0 2 : N B S
I 978-1-60595-476-9
t
n
e
m
e
v
o
r
p
m
I
S
B
o
x
o
f
A
E
S
A
l
g
o
r
ti
h
m
B
a
s
e
d
o
n
F
P
G
A
n
a
u
H
-
q
i
n
g
X
U
,
Y
u
-
m
i
n
g
Z
H
A
N
G
a
n
d
J
u
n
Y
A
N
G
l o o h c
S fo InformaitonScience da n Engineering,Yunnan Universtiy, KunMing,China
s d r o w y e
K :FPGA,AESencrypiton,Chaoitcneuralnetwork,Secureprocessormodel.
.t c a r t s b
A AES isthemostmainstreamand commonencryptionstandard inthe21stcentury. Ithas e
h
t advantagesofhighefficiency,goodstabiiltyandstrongflexibiltiy.Itiswidelyusedine-commerce, n o i t p y r c n
e hard disk and network transmission encryption. Howeve,r in recent years, someAES m h t i r o g l
a hasbeenattacked,whichisexposingitsS-boxsimple,single-keyandotherdefects,sothe l a n o i t i d a r
t AESalgorithmoughttobefurtherimproved. d
e s a
B onFPGAtechnology,thispaperdesignsanddesignsasecureprocessormodelofchaoitcneural , k r o w t e
n reailzesthechaoticcharacteristicsofS-boxandimprovestheabiltiyofanti-attacksystem. e
h
T system has the advantages of good reconfiguraiton, simple circuit structure, low resource n o i t p m u s n o
c and fastrunning speed, and hasgood practicabiilty and good application prospectin y t i r u c e
s encrypitonandotherfields.
Introduciton
n
I thispape,r theAES encrypiton system isdesigned forthetradiitonalAES algorithm, and the e r u t c u r t
s of the S-box is improved by using the chaotic neural network. The nonlinear chaotic p i h s n o it a l e
r between theround keysisreailzed. Ciphertextcrack difficulty. In the design process, t
s r i
f of al,l we use VHDL hardware language, FPGA-based design and implementation ofAES n o i t p y r c n
e and decrypiton system, according to the top-down ideas, the system is divided into n o i t p y r c n
e and decryptionmodule, key expansion moduleand controlscheduling module, In order o
t solvethesimpledefectionoftheS-box,thispaperimprovesthestructureoftheS-boxbyusingthe c
it o a h
c neuralnetwork.According to thetrainingsamplesand logisticfunctions,thechaoitcneural k r o w t e
n isused toimprovethestructureof theS-Function which isdetermined theweightofthe l
a r u e
n network, and the outputsequenceto replace thetradiitonalS box;again, thispaperwill be d e t a r g e t n
i intoasafeprocessormode,lthesystemspaceismapping toallocate,andtheuseofNios I
I processoristoachievetheassociatedcallaswellascomputercommunicationcontro.lFinally,we e
s
u theQuartusII13.0 to integratethecabling and simulation tests.Thetestresultsshow thatthe l
e d o
m canmeettherequirementsofAESencryptionanddecryptionsystem,andtoacertainexten ,t h
c i h
w isenhancingthesecurityperformanceandcalculation rateofthealgorithm.
S B xo Transform Module(Sub-byte) da In nverse S B xo Transform Module(Inv_Sub-byte)
Stransformboxalsoknownasbytetransform,isthesafetygradeofthealgorithmplaysadecisive e
l o
r in theonlynonlinearoperation,in ordertofully reducethe tierativecorrelation finallyresults h
t i
w theplaintex,tS transformbox foreach byteconversion.Thebytesubsittutionmainlyhastwo s
d n i
k ofdesign methods, oneisbased on algebraicoperations, each inputbytetothe intiialStatus x
i r t a
m wtihmathemaitcalcalculationoffinitefield(mulitplicaitveinverseandaffinetransformaiton), e
h
t finalcompletion ofthetransformaiton,which isthetransformaitonfunction;thesecondmethod s
i throughthespecificreplacementtableforthereplacemen,ttheinputofeachaccordingtothefinite n
i a m o
d bytesubsttiu itontablelookuptableoperationthroughmappingtransformaiton,theinputdata s
a theaddress,thecorrespondingunitcontentasoutpu ,ttoachievethesamebytesubstitutioneffec,t n o i t u t it s b u
s obtained after the output values are stored in the matrix, called [52] for subsequent . s n o i t a r e t
i Sincethesecondmethodshaveadvantagesinprogramming,hardwareimplementationand g n i t u p m o
n
I ordertomakethelookup tableoperation isfaste,r thelogicresourceutliizaiton rateishighe,r e
w willRAMunitreplacementtableisstoredintheFPGAchipintheencryptionprocessaccording o
t thelengthoftheinputdatatofindRAMinthereplacementtabletocompletethefastcomputation f
o each byte. Thedesign of theS box with reconfigurablefunciton, improveits securtiy leveland n
o it a c i l p p
a scope, reducepowerconsumpiton,can betterresistdifferentialattack.According to the n
o it p i r c s e
d ofthesecond chapte,rweusethemu tlipilcativeinverseandaffinetransformationofthe e
t i n i
f field toconstructthefollowingSboxmodule,asshowninFigure1,theSboxisalsosu tiable r
o
f theSboxtransformmodule(Inv_Sub-byte).
g i
F ure1.Sboxmodulediagram. n
I ordertoimprovethespaceutilization raito,weusethesameRAMlogicunitfortheinverseS x
o
b transformation module, and only one port signal is needed to control the encryption and n
o i t p y r c e
d process.Portsignalsettingsareshownintable1. e
l b a
T 1.Portsignalsetitngtable. l
a i r e
S number p ort length direciton describe
1 c lk 1 bit i n Clocksignal ,Highpotenitaleffective
2 Address_a 8b it i n Inputdatainencryptedmode ,Encryptedbytestobereplaced 3 Address_b 8b it i n Decryptionmodeinputdata ,Decryptedbytetobereplaced
4 q _a 8b it o ut Encryptedoutputdata
5 q _b 8b it o ut Decryptedoutputdata
t n e m e v o r p m
I fo S B xo B dase no Chao itcNeuralNetwork
n
I ordertofurtherimprovethesystemsecurity leve,l strengthenthecycilcnonilnearcharacteristics f
o roundkeysbetween us,thechaoitcneuralnetworktoimprovetheS box basedon chaoticneural k
r o w t e
n with chaotic characteristics due to maintain good, and has strong spaital and temporal y
t i x e l p m o
c andrandomness,soweusedtheoutputsequenceofthechaoticneuralnetworktoreplace e
h
t traditionalS box lookup tablethekeydifficulty ofcrack, enhancethesystemand improvethe l
e v e
l ofsecurity. c i t o a h
C neuralnetworkisdesigned inthispaperhas250 Sbox asthetraining samples, they are d
e c u d o r
p by256inputnodesandLogisticchaoticmappingfunctionineachiteration,thenonilnear Sboxwithdifferentialuniformityofweightratio,whichcansatisfythecharacterisitcsofchaosGod Sboxthroughthenetwork,andgetsthedesigntheformulaofSbox.Partofthetrainingsampledata
s
a shownintable2,afterthe150thiterationoftheweightdistribuitonmapshowninfigure2. Table2.Partoftrainingsampledata.
l a i r e
S number Nonilnearmean Mean fo differenceunfiormtiy raito
1 1 08 1 23 0.88
2 1 09 1 21 0 .9
3 1 06 1 29 0.82
4 1 05 1 38 0.76
5 1 08 1 66 0.65
6 1 04 1 41 0.74
7 1 07 1 24 0.86
8 1 08 1 42 0.76
9 1 06 1 56 0.68
0
1 1 03 1 37 0.75
k l c
] 0 . . 7 [ a _ s s e r d d a
] 0 . . 7 [ b _ s s e r d d a
] 0 . . 7 [ a _ q
] 0 . . 7 [ b _ q
x o b s
g i
F ure2.150weightdistributionofSboxaftertheseconditeration.
n g is e
D ofSBoxBasedonChao itcNeuralNetwork
e
W candesigntheSboxbasedonthechaoitcneuralnetworkbytheSboxformulawhichisobtained y
b thetrainingsamplesofthelastsection.Inthedesignprocess,thefunctionisusedintheLogistic c
it o a h
c mapfunction:
1 n(1 n)
n x x
x + =λ − (1)
l o r t n o
C parameter:λ∈(0,4),xn∈[0,1] d
e li a t e
D designoftheSboxalgorithmisasfollows: )
a
( the integer sequence about {0,1,2,..,.255}will arbtirarily permute, any sequence of
I , transform ti into the corresponding floating point sequence D , Transform funciton is ,
6 5 2 .. . , 3 , 2 , 1 , 6 5 2 / ) 1 . 0 ( k
k I k
D = + = among Dka nd Ik representatively representative sequences DandthesequenceI aboutthekitems,astheinputsequenceofneuralnetwork.
) b
( DefineIntegerarray Sx,theiniitalstateofthearrayisempty. )
c
( Set the parameters of the neural network. Iteration Logistic chaotic mapping function M s
e m i
t ,toeliminatetransienteffects,whichMareconstant.Then,theLogisticchaoitcmapfuncitonis d
e t a r e t
i and set X(M +1),X(M+2), ..,.X(M+4096)
� as the weigh.t
6 1 , 6 5 2 2 , 2 1 , 2 6 1 , 1 2 , 1 1 ,
1 ,WI .,..WI ,WI ,WI ,..,.WI
I
W ;Representatively X(M+4097),X(M+4098),..,.X(M +4112)�
t e
s deviation BI1,BI2,...,BI16 . In the output laye,r it will set the )
0 4 2 4 ( ,. .. ,) 4 1 1 4 ( ,) 3 1 1 4
(M X M X M
X + + +
�as the weight WO1,1,WO1,2 .,..WO1,8,WO2,1,WO2,2,..,.WO16,8,
) 8 4 2 4 ( ,. .. ,) 2 4 2 4 ( ,) 1 4 2 4
(M X M X M
X + + +
�andissettoadeviationBO1,BO2,..,.BO8.
) d
( In the input laye,r the input sequence is transformed D i nto the output sequence C , 6
1 2 1 ..,. ] [C C C C=
�
� .
6 5 2
, 1
)
)
1
,
(
d
o
m
(
j ji ii
j
I
B
I
W
D
f
C
τ=
+
×
=
∑
2 ( ) e
h
T transferfunctionofthefislogarithmicmapping,τisthenumberof tierations, i=1,2, ..,.16 e
( )In theoutputlaye,r thedata sequence C is transformed into output databy calculating the g
n i w o l l o
f equation, Out=[Out1 Out2 Out8]
�
�...,
6 5 2
, 1
)
)
1
,
(
d
o
m
(
j ji ii
j
O
B
O
W
C
f
t
u
O
τ=
+
×
=
∑
(3) e
h
a
( )accordingtotheformula,extracttheintegersSbetween0and255.
7
0
2 ) 1 , 5 . 0 (
d o
m i
i i
t u O S
=
× +
=
∑
(4) )
b
( IfSdonotinSx,itwlilbeaddtheStotheSx.IftheSxhave256data,thatSx willbeconverted o
t the8-8aboutSbox,thealgorithmiscomplete.Otherwise,swapDsandDx gotostep4(the
x
is eh
t numberofdataintherepresentaitonabout Sx) c
( )ifno,t itwillbeadded to the. Ifthereare256datathatwillbeconvertedto the8-8 box, the m
h t i r o g l
a iscomplete.Otherwise,swapandgotostep4(thenumberofdataintherepresentation). e
h
T algorithmgetstheSboxasshowninFigure3,willbeconvertedtodecimalsixteenSbox,as n
w o h
s infigure4.
g i
F ure3.DecimalSbox.
g i
F ure4.SixteenbinarySbox.
n o it a l u m i
S ofSBoxBasedonChao itcNeuralNetwork
n
I ordertofurtherimprovethesecurityofthesystem,reducethecyclekeythe ilnearcorrelation,we c
it o a h
c neural network to improve the S box based on the Logistic chaos mapping funciton as n
o it a v i t c
a function,andreplacethetrad tiionalSboxlookuptableusingtheoutputsequence.Figure 5isbasedonchaoticneuralnetworkSboxsimulation,wheretheCLKgeneratesapulsesigna,lafter acertain itmedelay,whentheinputis[25],[20],[13],[00],[25]...Thecorrespondingoutputis[15],
, ] 4 2
n e h
W theweightoftheimprovedSboxischanged,thelook-uptablealsochanges,andthemapping p
i h s n o it a l e
r betweeninputandoutputischanged.
g i
F u 5. re Simulation fo S xb o based no ChaoticNeuralNetwork.
Conclude
n o i t a l u m i
S testandperformanceanalysis.Firslty,theAESencryptionanddecryptionsubsystem,the d
e v o r p m
i Sneuralnetworkandthesecurityprocessormodelaretestedandsimulated.Secondly,for e
h
t improved S box, the performance indexes such as nonlinea,r avalanche and difference n
o i t a m i x o r p p
a probabilityareevaluated.Finally,theperformanceofthewholeplatformisanalyzed y
b comparingwtihotherschemes.Analysisshowsthatthehardwareresourceconsumptionandhigher s
i h
t scheme has less throughput than, and the comprehensive performance is very good, can y
l e v it c e f f
e improvetheutliization rateofthesecurityprocessormodelofresources, canbewidely d
e s
u inthefieldofsecurityencrypiton.
t n e m e g d e l w o n k c A
s i h
T researchwasfinanciallysupportedbytheYunnanUniverstiyfoundaitonprojec.t
References
] 1
[ Imaña J.L. Low-delayAES polynomial basis mulitplier[J]. Electronics Letters, 2016, 52(11): 0
3 9 -932.
] 2
[ Jankowski K., Laurent P. Packed AES-GCM Algorithm Suitable for AES/PCLMULQDQ s
n o i t c u r t s n
I [J].IEEETransactionsonComputers,2011,60(1):135-138. ]
3
[ RahimunnisaK.,KarthigaikumarP.,KirubavathyJ.,eta.lA0.13-µmimplementation of5Gb/s d
n
a 3-mW folded parallelarchtiectureforAES algortihm [J]. International JournalofElectronics, ,
4 1 0
2 101(2):182-193. ]
4
[ PriyaS.S.S.,KarthigaikumarP.,SivamangaiN.M.,eta.lHighThroughputAESAlgorithmUsing l
e ll a r a
P SubbytesandMixColumn[J].WirelessPersonalCommunicaitons,2016:1-1 7. ]
5
[ Cho J.,SoekamtoputraS., ChoiK.,eta.l Powerdissipation andareacomparisonof512-btiand 4
2 0
1 -bitkeyAES[J].Computers&MathematicswtihAppilcaitons,2013,65(9):1378-1383. ]
6
[ AlzahraniA.,DemaraR.F.FastOnilneDiagnosisandRecoveryofReconfigurableLogicFabrics g
n i s
u DesignDisjunciton[J].IEEETransactionsonComputers,2016,65(10):1-1 . ]
7
[ JunY.,JunD.,NaL.,eta.lFPGA-BasedDesignandImplementaitonofReducedAESAlgorithm .
] J