| With the rapid development of national network information technology,more and more attention has been paid to the security of information data,especially all kinds of information data in industrial control systems.Because the traditional industrial control system in the design often focus on improving the timeliness,and the security of the information is not considered enough,easy to leave more information security risks.After the appearance of trusted computing,the credibility of platform identity and the security of data in the transmission process are ensured to a certain extent by the national password algorithm in the trusted password module,which effectively reduces the information security problems that may be faced in the industrial control system.However,due to the limited computing power and complex architecture of the industrial control system itself,and the system emphasizes the characteristics of real-time,information requirements of confidentiality,so from the perspective of improving operational efficiency and improving security,it is still necessary to optimize and improve the cryptographic algorithm.Based on the analysis of relevant research at home and abroad,aiming at the problems and characteristics of industrial control system itself,this paper studies the use of hardware to optimize and improve the trusted computing Chinese secret SM2 encryption and decryption algorithm,so as to further improve the security of industrial control system information data.The main contents of this paper are as follows:1.Introduce the connection and application of cryptographic algorithm in the industrial control system of trusted computing,comb out and study the theoretical knowledge of cryptographic algorithm.Among them,SM2 encryption and decryption algorithm and SM3 algorithm are emphasized.From the hardware point of view,the SM2 encryption and decryption algorithm is modular divided from low to high,and combined with the characteristics of industrial control system,the speed optimization and resource optimization of key modules are targeted.2.In the finite domain modulo multiplication module of SM2 encryption and decryption algorithm,in order to reduce the delay of calling addition operation in modulo multiplication operation,a hybrid modulo multiplication method based on 2-Montgomery operation + parallel prefix adder is designed in this paper to realize modulo multiplication operation.The simulation results show that the time of one modulo multiplication operation is 0.26 us,which improves the modulo multiplication operation rate.In the module of elliptic curve layer,Jacobi coordinate system is used to realize the point doubling module of elliptic curve layer,and the improved binary method is used to implement the dot multiplication.The simulation results show that the time of one dot multiplication is 3.6us and occupies 22623 lookup table.3.In the SM3 algorithm,this paper designs a carry save adder + carry propagation adder structure to realize a series of iterative compression operations in the password hash function operation.The simulation results verify that the SM3 password hash operation time is 0.755 us and the throughput rate is 902 Mbps.In this paper,the SM2 encryption and decryption algorithm is written in verilog language,compiled on Vivado software and verified on ZYNQ-7020.The results show that the method designed in this paper can complete the encryption and decryption work of SM2 algorithm correctly.The average encryption performance of SM2 algorithm is 857 times/s,and the average decryption performance of SM2 algorithm is 420 times/s. |
PDF Full Text Request