基于FPGA的高速国密SM4光纤通信系统方案

doi:10.11959/j.issn.2096-109x.2023082

摘要/Abstract

摘要：

随着光纤通信技术在工业物联网中的广泛应用，越来越多的密码算法被应用到物联网嵌入式设备中来保障数据传输的安全性。其中，SM4 分组密码算法是我国自主研发的商用密码算法，应用于无线局域网和物联网数据加密。嵌入式设备在光纤保密通信中对加解密速度要求很高，通过软件进行加解密的速度较慢，满足不了实时性高的应用场景。因此，基于现场可编程门阵列（FPGA，field programmable gate array）和SM4算法，设计了实时性高、安全性强的光纤通信系统。通过FPGA实现SM4算法加解密以及数据传输的介质访问控制（MAC，medium access control）层接口处理，提出SM4算法硬件实现架构的优化方案，采用流水线的方式缩短关键路径，提高系统时钟频率，并通过S盒变换并行处理加快数据的替换操作，结合双缓存的处理方式，减小数据读取时延，使缓存区数据处理更加容易，丢包率大大减小，所提方案极大地提高了系统数据的吞吐量。实验结果表明，所提方案的 SM4 算法加解密模块与同类型设计相比，在资源消耗相差不大的情况下吞吐量更大，可达 25.6 Gbit/s，受限于万兆 SFP+光模块，整个光纤通信系统吞吐量最高为 9.4 Gbit/s，对于128 bit数据加密平均耗时为0.47 μs，解密平均耗时为0.28 μs，可应用于多种物联网保密通信场景。

关键词: 光纤通信, FPGA, 数据加密, SM4, 流水线

Abstract:

With the increasing use of optical fiber communication technology in the Industrial Internet of Things, cryptographic algorithms play a crucial role in ensuring the security of data transmission in embedded device environments.The SM4 packet cipher algorithm, developed independently in our country, is widely applied to wireless LAN and Internet of Things data encryption.However, the software-based encryption and decryption processes are relatively slow, which hampers their application in scenarios requiring high real-time performance, especially for embedded devices.To address this issue, a high-performance and secure optical fiber communication system was designed based on the FPGA platform and the SM4 algorithm.The FPGA was used to implement the MAC layer interface for SM4 algorithm encryption and decryption, as well as data transmission.Besides, an optimization scheme for the hardware implementation architecture of the SM4 algorithm was proposed.The critical path was shortened by employing a pipeline method, thereby improving the system clock frequency.Additionally, parallel processing of S-box transformation was accelerated to enable efficient data replacement.To reduce data reading delays, a dual-cache processing method was combined to facilitate easier processing of cache data and significantly reduce packet loss rates.This scheme greatly enhanced system data throughput.Experimental results demonstrate that compared to similar designs, the throughput of the SM4 algorithm encryption and decryption module in this scheme reaches up to 25.6 Gbit/s, with minimal differences in resource consumption.Due to limitations imposed by the 10-gigabit SFP+ optical module, the throughput of the entire optical fiber communication system reaches 9.4 Gbit/s.For 128-bit data, the average encryption speed is 0.47 μs/bit and the average decryption speed is 0.28 μs/bit, which can be applied to a variety of secure communication scenarios in the internet of things.

Key words: optical fiber communication, FPGA, data encryption, SM4, pipeline

中图分类号:

TN918

黄沛昱, 宋佳波, 贾洋凡. 基于FPGA的高速国密SM4光纤通信系统方案[J]. 网络与信息安全学报, 2023, 9(6): 46-55.

Peiyu HUANG, Jiabo SONG, Yangfan JIA. High speed national secret SM4 optical fiber communication system scheme based on FPGA[J]. Chinese Journal of Network and Information Security, 2023, 9(6): 46-55.

图/表 22

图1

图2

图3

图4

图5

表1

符号说明Table 1 Symbol specification"

符号	说明
$Z_{2}^{e}$	说明	$Z_{2}^{32}$ 中，32 bit元素称为字， $Z_{2}^{8}$ 中，8 bit元素称为字节
Sbox(.)	S盒非线性置换函数
⊕	32 bit异或运算
M_K	加密密钥，其长度为128 bit
< < < i	32 bit的循环左移计算
rki(i=0,...,31)	轮密钥，其长度为32 bit
cki(i=0,...,31)	固定参数，其长度为32 bit

表1

图7

图6

图8

图9

图10

图11

表2

表3

图12

图13

图14

表4

图15

图16

表5

表6

参考文献 20

[1]	连鸿鹏, 程志强, 余丰盈 . 光纤通信网络中链路数据篡改攻击与防御方法[J]. 激光杂志, 2022,43(8): 125-129.
	LIAN H P , CHENG Z Q , YU F Y . Link data tampering attack and defense methods in optical fiber communication networks[J]. Laser Journal, 2022,43(8): 125-129.
[2]	JOSEPH S , SUHAS H S , SUMANTH B K ,et al. Implementation of AES algorithm on FPGA and on software[C]// IEEE International Conference for Innovation in Technology (INOCON). 2020: 1-4.
[3]	TIANSHU F , SHUGUO L . A 3DES ASIC implementation with feedback path in the CBC mode[C]// International Conference on Electron Devices and Solid-State Circuits (EDSSC). 2017: 1-2.
[4]	FATEN H M A , HUDA A M , NEVART A M . Speed up image encryption by using RSA algorithm[C]// 6th International Conference on Advanced Computing and Communication Systems (IC ACCS). 2020: 1302-1307.
[5]	刘丁丽, 张大方, 宁佐廷 ,等. 基于SM1算法的文件安全机制设计与实现[J]. 计算机应用与软件, 2015,32(12): 316-320.
	LIU D L , ZHANG D F , NING Z T ,et al. Design and implementation of file security mechanism based on SM1 algorithm[J]. Computer Applications and Software, 2015,32(12): 316-320.
[6]	朱辉, 黄煜坤, 王枫为 ,等. 一种基于图形处理器的高吞吐量SM2数字签名计算方案[J]. 电子与信息学报, 2022,44(10): 1-10.
	ZHU H , HUANG Y K , WANG F W ,et al. A high throughput SM2 digital signature computing scheme based on graphics processor[J]. Journal of Electronics and Information Technology, 2022,44(10): 1-10.
[7]	刘赣秦, 李晖, 朱辉 ,等. 低功耗嵌入式平台的SM2国密算法优化实现[J]. 网络与信息安全学报. 2022,8(6): 29-38.
	LIU G Q , LI H , ZHU H ,et al. Optimization of SM2 national secret algorithm for low power embedded platform[J]. Chinese Journal of Network and Information Security. 2022,8(6): 29-38.
[8]	方轶, 丛林虎, 邓建球 ,等. 基于FPGA的SM3算法快速实现方案[J]. 计算机应用与软件, 2020,37(6): 259-262.
	FANG Y , CONG L H , DENG J Q ,et al. Fast implementation of SM3 Algorithm based on FPGA[J]. Computer Applications and Software, 2019,37(6): 259-262.
[9]	赵睿斌, 杨绍亮, 王毛路 ,等. 基于商密体系的政务链解决数据安全共享交换的研究[J]. 信息安全与通信保密, 2018,(5): 83-88.
	ZHAO R B , YANG S L , WANG M L ,et al. Research on solving data security sharing exchange by government chain based on business security system[J]. Information Security and Communication Security, 2018,(5): 83-88.
[10]	周威, 王博, 张卫东 . SM3算法硬件实现研究与应用[J]. 电子测量技术, 2015,38(12): 67-71.
	ZHOU W , WANG B , ZHANG W D . Research and application of sm3 algorithm[J]. Electronic Measurement Technology, 2015,38(12): 67-71.
[11]	SA'ED A , REEM J , BASSAM J M ,et al. Performance evaluation of the SM4 cipher based on field-programmable gate array implementation[J]. IET Circuits,Devices ＆ Systems, 2021,15(2): 121-135.
[12]	GUANZY , LLY H , SHANGT ,et al. Implementation of SM4 on FPGA:trade-off analysis between area and speed[C]// Proceedings of the 2018 IEEE International Conference on Intelligence and Safety for Robotics(ISR). 2018: 192-197.
[13]	王晨光, 乔树山, 黑勇 . 分组密码算法 SM4 的低复杂度实现[J]. 计算机工程, 2013,39(7): 177-l80.
	WANG C G , QIAO S S , HEI Y . Low Complexity implementation of Block Cipher Algorithm SM4[J]. Computer Engineering, 2013,39(7): 177-l80.
[14]	李敏, 陈付龙, 庞辉 . 基于国密算法 SM4的车载PEPS和EMS安全认证方法研究[J]. 南京信息工程大学学报(自然科学版), 2022,14(5): 543-550.
	LI M , CHEN F L , PANG H . Research on vehicle PEPS and EMS security authentication method based on SM4[J]. Journal of Nanjing University of Information Science and Technology (Natural Science Edition). 2022,14(5): 543-550.
[15]	GAO X , LU E , XIAN L ,et al. FPGA Implementation of the SMS block cipher in the Chinese WAPI Standard[C]// Proceedings of the 2008 International Conference on Embedded Software and Systems Symposia. 2008: 104-106.
[16]	ZHAO J , GUO Z C , .ZENG X W . High throughput implementation of SMS4 on FPGA[J]. IEEE Access, 2019(7): 88836-88844.
[17]	ABHISHEK S , PRAJYANT P . A novel approach for implementing of UDP/IP stack in FPGA[J]. International Journal of Modern Engineering ＆ Management Research. 2017,5(1): 24-27.
[18]	郭辉, 罗勇, 郭晓潞 . 基于国密算法的车载以太网控制器身份认证方法[J]. 网络与信息安全学报, 2022,8(6): 20-28.
	GUO H , LUO Y , GUO X L . Identity authentication method of vehicle rthernet controller based on national secret algorithm[J]. Journal of Network and Information Security, 2022,8(6): 20-28.
[19]	杨钞翔, 孔宪伟, 栾文焕 ,等. 基于以太网 10Gbase-R 协议的PCS层设计[J]. 微电子学与计算机. 2019,36(2): 16-20.
	YANG C X , KONG X W , LUAN W H ,et al. PCS layer design based on ethernet 10Gbase-R protocol[J]. Microelectronics and Computers, 2019,36(2): 16-20.
[20]	WANG Y , ZHAO Q , LIEHUI J ,et al. Ultra high throughput implementations for MD5 hash algorithm on FPGA[C]// High Performance Computing and Applications. 2010: 433-441.

硬件资源类型	资源总量	实际消耗
DSP	900个	0个
BRAM	17.6 Mbit	1.51 Mbit
LUT	171 900个	9 653个
FIFO存储器	343 800个	10 027个

模块名称	BRAM/Mbit	LUT/个	FF/个
UDP模块	0	202	217
UDP模块	0	202
IP模块	0.11	1 809	2 032
SM4加解密	1.13	2 017	962

UDP包长/byte	TX/byte	RX/byte	吞吐量/(Gbit.s^-1)
16	192 000	192 000	2.0
512	6 144 000	6 144 000	8.4
1 000	12 000 000	12 000 000	9.1
1 472	17 664 000	17 664 000	9.4

方案	资源消耗	吞吐量/(Gbit.s^-1)	硬件平台
文献[7]	8373 ALM	20.74	Straitx II
文献[8]	1365 LUT 1351 FF	1.9	Kintex UltraScale
本文	2017 LUT 962 FF	25.6	Zynq-7

运算类型	测试平台	平均耗时/μs
SM4加密	i5-9300	3.89
	XC7Z035	0.47
SM4解密	i5-9300	2.51
	XC7Z035	0.28