首页|期刊导航|集成电路与嵌入式系统|高效高安全FPGA配置比特流密码算法及实现

高效高安全FPGA配置比特流密码算法及实现

张彦龙周婧邰瑜蔡海洋王硕肖克张雪婷董晗杜忠

集成电路与嵌入式系统2025，Vol.25Issue(6)：48-57,10.

集成电路与嵌入式系统2025，Vol.25Issue(6)：48-57,10.DOI:10.20193/j.ices2097-4191.2025.0022

高效高安全FPGA配置比特流密码算法及实现

Efficient and high-security FPGA configuration bit-stream cryptographic algorithm and implementation

张彦龙 ¹周婧 ²邰瑜 ³蔡海洋 ³王硕 ⁴肖克 ⁴张雪婷 ⁴董晗 ⁴杜忠⁴

作者信息

1. 清华大学,北京 100084||北京微电子技术研究所,北京 100076
2. 北京微电子技术研究所,北京 100076||西北工业大学网络空间安全学院,西安 710072
3. 西北工业大学网络空间安全学院,西安 710072
4. 北京微电子技术研究所,北京 100076
折叠

摘要

Abstract

To address the current issues of high resource overhead and low efficiency in FPGA configuration bitstream decryption and au-thentication,this paper proposes the GMAC_GF32 authentication algorithm based on finite field GF(232)multiplication operations.Combined with AES encryption in CTR mode,we design and implement an efficient and highly secure FPGA configuration bitstream de-cryption and authentication method.The method employs a four-stage pipeline design for the AES256_CTR decryption module,ensu-ring that each decryption cycle aligns with the time required to transmit 128 bits of data,thereby maximizing the decryption throughput of the FPGA.Additionally,each pipeline stage enhances power side-channel security by utilizingsixteen S-Boxes operating in parallel.The authentication module improves existing verification codes to 32 bits through GF(232)operations,effectively mitigating the ineffi-ciency of serial verification code computation,improving clock utilization.The authentication module enhances security by incorporating built-in polynomial functions to prevent the loading of malicious code streams.Experimental validation on an FPGA prototype board demonstrates that the proposed pipeline decryption approach optimizes the AES256_CTR algorithm,compressing the decryption process to four clock cycles.The authentication method significantly reduces additional authentication data volume and hidden time costs while maintaining security strength,achieving a 96.5％reduction in area resource consumption for the authentication algorithm;thereby achie-ving no noticeable increase in the overall decryption-authentication circuit area.The proposed method is well-suited for FPGA chip de-sign scenarios requiring high performance and robust security.

关键词

FPGA/配置比特流/解密认证/AES256/有限域运算

Key words

FPGA/configuration bitstream/decryption authentication/AES256/finite field operation

分类

计算机与自动化

引用本文复制引用

张彦龙,周婧,邰瑜,蔡海洋,王硕,肖克,张雪婷,董晗,杜忠..高效高安全FPGA配置比特流密码算法及实现[J].集成电路与嵌入式系统,2025,25(6):48-57,10.

基金项目

某部委预研项目(31513010203) （31513010203）

集成电路与嵌入式系统

ISSN：1009-623X

访问量0

下载量0

段落导航