1. The encryption and decryption chip framework with the mixed multiple algorithm rules comprises a Central Processing Unit (CPU), a storage module, an input module, an output module, an encryption and decryption module and an access verification module, and is characterized in that: the central processing unit CPU is used for coordinating other modules in the chip to ensure that the whole chip can normally run; the storage module, the input module, the output module, the encryption and decryption module and the access verification module are all connected with the central processing unit CPU; the storage module is provided with two Flash storage chips, wherein the Flash storage chip 1 is used for storing non-encrypted information which is not encrypted, and the Flash storage chip 2 is used for storing encrypted data information which is encrypted. The input module is connected with peripheral equipment, and data information needing to be written is input through the peripheral equipment through the input module; the output module is connected with the peripheral equipment and transmits the data information to be output to the peripheral equipment through the output interface; the encryption and decryption module is used for encrypting and decrypting data information which needs to be encrypted in the data information input in the input module.

2. The encryption and decryption chip framework with multiple algorithm rules mixed according to claim 1, characterized in that when an external device writes data information into a chip, a request for writing the data information is sent to a Central Processing Unit (CPU), the CPU preliminarily verifies the validity of the access chip according to an account number and a password in an access verification module, when the verification is passed, the peripheral device writes the data information to be written into the CPU, then encrypts the data information through an encryption and decryption module, and stores the encrypted data information into a Flash chip 2; if the authentication is not passed, the access is refused.

3. The encryption and decryption chip framework with multiple mixed algorithm rules according to claim 1, characterized in that when data information stored in the chip storage module needs to be read, a read-write access request is sent to the central processing unit CPU, the central processing unit CPU preliminarily verifies the validity of the access operation according to an account number and a password in the access verification module, when the verification is passed, the encryption and decryption module decrypts the data to be read through the coordination of the CPU, and a decrypted result is transmitted to the peripheral equipment through the output module; if the authentication is not passed, the access is denied.

4. The encryption and decryption chip architecture with multiple algorithm rules mixed according to claim 1, wherein the encryption and decryption module comprises an AES encryption unit, an AES decryption unit, an RSA encryption unit and an RSA decryption unit, the AES encryption unit and the AES decryption unit form an AES encryption and decryption algorithm, the RSA encryption unit and the RSA decryption unit form an RSA encryption and decryption algorithm, and the AES encryption and decryption algorithm and the RSA encryption and decryption algorithm form multiple algorithm mixed encryption and decryption algorithms.

5. The encryption and decryption chip architecture with a mixture of multiple algorithm rules according to claims 1 and 4, characterized in that when external data information is written, the operation of encryption input is performed by the following method: when the access verification module verifies that the operation is legal, the data information to be input is finally transmitted to the encryption module from the peripheral equipment through the input module for encryption, the AES encryption unit generates an AES key during encryption, the AES key is input, the data information is encrypted based on the AES encryption algorithm in the AES encryption unit to obtain a ciphertext, then the key generation unit in the RSA encryption unit generates a key pair of the RSA, namely a public key and a private key respectively, after the public key of the RSA is input, the RAS encryption unit encrypts the AES key, and finally the RAS key and the encrypted AES key are coordinated by the central processing unit to store the ciphertext and the encrypted AES key.

6. The encryption and decryption chip architecture with multiple algorithm rules mixed according to claims 1 and 4, characterized in that when the encrypted data information stored in the chip needs to be output to the peripheral device, the operation of decryption output is performed by the following method: when the access verification module passes verification and the output access is considered to be legal, the central processing unit coordinates to transmit the encrypted data information to be output from the storage module to the encryption and decryption module for decryption, firstly, the AES key is decrypted by using the RSA private key, then, the encrypted text is decrypted by using the AES key in the AES decryption unit to obtain the data plaintext, and the data plaintext is transmitted to the peripheral equipment through the output module.

7. The encryption and decryption chip framework with multiple algorithm rules mixed according to claim 1, characterized in that the AES encryption algorithm employs block cipher to divide the received plaintext into n groups, each group has equal length, and encrypts a group of data each time until the whole plaintext is encrypted; the plaintext blocks are in bytes, each block being 16 bytes, forming a 4 x 4 matrix. In the encryption function, a round function is executed, and each round of function is subjected to 4 steps of byte substitution operation, row displacement transformation, column mixing transformation and round key addition transformation in each round of iteration.

8. The architecture of claim 4, wherein the RSA asymmetric cryptographic algorithm is generated by:

s1: independently and randomly selecting two different prime numbers p and q, and calculating p x q;

s2 obtaining the target object according to Euler' S theorem

S3: selecting an integer e, (e andmutual prime number), calculating

S4: taking a public key: PU ═ e, n }, and PR ═ d, n }, as the private key.

9. The encryption and decryption chip framework with multiple algorithm rules mixed according to claim 4, wherein the encryption mode of the RSA asymmetric encryption algorithm to the key of the AES algorithm is as follows: cipher text key becoming AES key^e(mod n)。

10. The encryption and decryption chip framework with multiple algorithm rules mixed according to claim 4, wherein the decryption mode of the RSA asymmetric encryption algorithm on the AES key is as follows: AES key as cipher text key^d(mod n)。

Background

With the continuous development of chip technology and internet of things technology, more and more attention is paid to data security problems caused by the chip technology and the internet of things technology. The chip can store data information, but the stored content is often easily pirated, so the security of the stored data is also important for the chip, at the present stage, a plurality of encryption methods are designed for the secure storage of the chip, the applied technical methods are different, but the encryption methods are designed for a single fixed encryption method. For the encryption technology of data information in a chip, the mainstream symmetric encryption algorithm rule is an AES (advanced encryption standard) encryption algorithm, the current encryption algorithm is an iterative block cipher algorithm rule with highest security and fastest operation speed in all algorithms, each group is 128 bits, the length of a key is three, namely 128 bits, 192 bits and 256 bits, and the number of corresponding iteration rounds is 10, 12 and 14 respectively. However, when the AES encryption algorithm encrypts data information, an encrypted key is usually fixed, so that a potential safety hazard is brought to data storage and transmission, and once the key of the AES encryption algorithm is cracked, the AES algorithm may be cracked. The security of the data information cannot be absolutely ensured.

The RAS encryption algorithm is an asymmetric encryption algorithm and is also the most widely applied public key encryption algorithm at present, and is based on the difficulty degree of factorization of large integers (two are products of prime numbers) in number theory, namely the greater the prime number selection is, the greater the difficulty degree of factorization of the large integers is, the greater the difficulty degree of breaking keys is correspondingly, and the safer the algorithm is. In addition to protecting against the vast majority of cryptographic attacks currently known, the RAS algorithm can be used to encrypt data messages and to authenticate the sender of the message, usually in combination with other encryption algorithms.

The existing chip encryption mode is single, the encryption and decryption of most chips are realized by a single chip microcomputer or a digital signal processor through software programming, and the encryption and decryption method is low in operation speed and low in safety.

Disclosure of Invention

In order to solve the above technical problems, the present invention mainly provides an encryption/decryption chip architecture based on a mixture of multiple algorithm rules to ensure the security of data information in a chip.

The encryption and decryption chip framework with the mixed multiple algorithm rules comprises a Central Processing Unit (CPU), a storage module, an input module, an output module, an encryption and decryption module and an access verification module, and is characterized in that: the central processing unit CPU is used for coordinating other modules in the chip to ensure that the whole chip can normally run; the storage module, the input module, the output module, the encryption and decryption module and the access verification module are all connected with the central processing unit CPU; the storage module is provided with two Flash storage chips, wherein the Flash storage chip 1 is used for storing non-encrypted information which is not encrypted, and the Flash storage chip 2 is used for storing encrypted data information which is encrypted. The input module is connected with peripheral equipment, and data information needing to be written is input through the peripheral equipment through the input module; the output module is connected with the peripheral equipment and transmits the data information to be output to the peripheral equipment through the output interface; the encryption and decryption module is used for encrypting and decrypting data information which needs to be encrypted in the data information input in the input module.

Further, when the external device writes data information into the chip, firstly, a data information writing request is sent to the central processing unit CPU, the central processing unit CPU preliminarily verifies the validity of the access chip according to the account number and the password in the access verification module, when the verification is passed, the peripheral device writes the data information to be written into the central processing unit CPU, then, the data information is encrypted through the encryption and decryption module, and the encrypted data information is stored in the Flash chip 2; if the authentication is not passed, the access is refused.

Furthermore, when data information stored in the chip storage module needs to be read, a read-write access request is sent to the central processing unit CPU, the central processing unit CPU preliminarily verifies the validity of the access operation according to an account number and a password in the access verification module, when the verification is passed, the encryption and decryption module decrypts the data needing to be read through the coordination of the CPU, and a decrypted result is transmitted to the peripheral equipment through the output module; if the authentication is not passed, the access is denied.

Furthermore, the encryption and decryption module is composed of an AES encryption unit, an AES decryption unit, an RSA encryption unit and an RSA decryption unit, the AES encryption unit and the AES decryption unit form an AES encryption and decryption algorithm, the RSA encryption unit and the RSA decryption unit form an RSA encryption and decryption algorithm, and the AES encryption and decryption algorithm and the RSA encryption and decryption algorithm form a multi-algorithm mixed encryption and decryption algorithm.

Further, when the external data information is written, the operation of the encrypted input is performed by the following method:

when the access verification module verifies that the operation is legal, the data information to be input is finally transmitted to the encryption module from the peripheral equipment through the input module for encryption, the AES encryption unit generates an AES key during encryption, the AES key is input, the data information is encrypted based on the AES encryption algorithm in the AES encryption unit to obtain a ciphertext, then the key generation unit in the RSA encryption unit generates a key pair of the RSA, namely a public key and a private key respectively, after the public key of the RSA is input, the RAS encryption unit encrypts the AES key, and finally the RAS key and the encrypted AES key are coordinated by the central processing unit to store the ciphertext and the encrypted AES key.

Further, when the encrypted data information stored in the chip needs to be output to the peripheral device, the operation of decryption output is performed by the following method: when the access verification module passes verification and the output access is considered to be legal, the central processing unit coordinates to transmit the encrypted data information to be output from the storage module to the encryption and decryption module for decryption, firstly, the AES key is decrypted by using the RSA private key, then, the encrypted text is decrypted by using the AES key in the AES decryption unit to obtain the data plaintext, and the data plaintext is transmitted to the peripheral equipment through the output module.

Further, the AES encryption algorithm adopts block cipher, divides the received plaintext into n groups, each group has equal length, encrypts a group of data each time until the complete plaintext is encrypted; the plaintext blocks are in bytes, each block being 16 bytes, forming a 4 x 4 matrix. In the encryption function, a round function is executed, and each round of function is subjected to 4 steps of byte substitution operation, row displacement transformation, column confusion transformation and round key addition transformation in each round of iteration.

Further, the RSA asymmetric encryption algorithm is generated by:

s1: independently and randomly selecting two different prime numbers p and q, and calculating p x q;

s2 obtaining the target object according to Euler' S theorem

S3: selecting an integer e, (e andmutual prime number), calculating

S4: taking a public key: PU ═ e, n }, and PR ═ d, n }, as the private key.

Further onThe encryption mode of the RSA asymmetric encryption algorithm to the key of the AES algorithm is as follows: cipher text key becoming AES key^e(mod n)。

Further, the decryption mode of the RSA asymmetric encryption algorithm on the AES key is: AES key as cipher text key^d(mod n)。

Compared with the encryption and decryption technology of the existing chip, the encryption and decryption method of the invention carries out encryption and decryption operation on the data information stored in the chip by a method of mixing the AES encryption algorithm and the RSA encryption algorithm, so that the data information stored in the chip has higher security.

Description of the drawings:

FIG. 1 is a schematic diagram of an encryption/decryption chip architecture with a mixture of various algorithm rules according to the present invention;

FIG. 2 is a schematic diagram of an encryption infrastructure for a hybrid encryption/decryption algorithm;

FIG. 3 is a schematic diagram of a decryption infrastructure for a hybrid encryption/decryption algorithm;

FIG. 4 is a detailed flow chart of the AES encryption algorithm;

FIG. 5 is a flow chart of an RSA encryption algorithm;

Detailed Description

The invention is further described below with reference to the figures and examples.

As shown in fig. 1, the encryption and decryption chip architecture with multiple mixed algorithm rules according to the present invention includes a central processing unit CPU, a storage module, an input module, an output module, an encryption and decryption module, and an access verification module. The central processing unit is used as a core element of the chip and coordinates the operation of other modules in the whole chip, so that the whole chip can work normally. The central processing unit is connected with the storage module, the input module, the output module, the encryption and decryption module and the access verification module through an internal bus, and the storage module is used for storing data information; the input module and the output module are connected with peripheral equipment to realize the input and output of data information.

The access verification module is used for verifying the validity of the access operation when peripheral equipment needs to store information into a chip or read data information in the chip, when external equipment inputs the data information into the chip, a data information writing request is sent to a Central Processing Unit (CPU), the CPU judges the validity of the access chip according to the verification information in the access verification module, if the access operation is legal, the writing operation is carried out, foreign equipment writes the data information needing to be written into the CPU, then encryption is carried out through the encryption and decryption module, and the encrypted data information is stored in a storage Flash space of the chip; and if the access is considered to be illegal in the access verification module, the access is refused. When data information stored in Flash in a chip storage module needs to be read, a phenomenon that a central processing unit sends a read-write access request is the same, the central processing unit judges the legality of the access operation according to verification information in a man-in-the-middle module, if the verification is passed, the access is determined to be legal, the data needing to be read is decrypted, and the decrypted result is output to an external interface; if the authentication is not passed, the access is considered to be illegal. This access is denied.

The encryption and decryption module is used for carrying out encryption operation on data information from the input module and carrying out decryption operation on data information output to the output module to ensure the safety of data, the encryption and decryption module comprises an AES encryption unit, an AES decryption unit, an RSA encryption unit and an RSA decryption unit, as shown in figure 4, the encryption and decryption flow chart of the AES encryption algorithm is shown, the AES encryption algorithm belongs to a symmetric encryption algorithm and is divided into three types, namely AES-128, AES-192 and AES-256, the difference between the three types is that the length of a key and the encryption times are different, taking the AES-128 as an example, the encryption algorithm mainly comprises 4 operation steps, namely byte substitution, row displacement, column confusion and round key addition. After the plaintext data information is obtained, the plaintext data information is subjected to 1 round of key addition; then 10 operation steps are circulated, and the 10 th circulation does not carry out column aliasing transformation. The AES encryption algorithm is a symmetric encryption algorithm, the decryption process is opposite to the encryption process, and the cipher text is subjected to round key addition for one time; then executing 10 rounds of reverse row displacement, reverse byte substitution, round key addition and reverse column confusion; but there is no reverse column confusion at cycle 10. And finally, completing the AES decryption process.

The specific encryption process is shown as the encryption infrastructure of the hybrid encryption-decryption algorithm in fig. 2, the decryption process is shown as the decryption infrastructure of the hybrid encryption-decryption algorithm in fig. 3, and the encryption process is implemented by the following method when data information needs to be input into a chip or when related encrypted information in the chip needs to be read; the data information is input by the peripheral equipment through the input module and then is sent to the encryption module, an AES encryption unit in the encryption module randomly generates an AES key, the input data information is encrypted in the AES encryption unit by using the AES key to obtain ciphertext data, an RSA key generation unit in an RSA algorithm unit in the encryption and decryption module generates an RSA public key and a private key, and the RSA encryption unit encrypts the key of the AES by using the RSA public key to complete the encryption process of the whole data information. If the encrypted data information in the chip needs to be decrypted and output to the peripheral equipment, the decryption process is carried out, the encrypted AES key is firstly decrypted by utilizing an RSA private key to obtain the AES key, and then the encrypted data information is decrypted by utilizing the AES key to obtain the decrypted plaintext data information. And finally, transmitting the obtained data information to peripheral equipment through an output module. And finishing the output process of the data. The mixed encryption and decryption of the AES and RSA encryption rules are adopted, so that the encryption efficiency can be effectively improved, and the security of the AES on key management can be improved to a great extent.