The GCM-based Lightweight Authenticated Encryption Engine And Its System Design

With the development of Internet of Things(Io T)and edge computing,data security has gradually become a research hotspot.Due to the complexity and diversity of Io T scenarios and the existence of many resource-constrained platforms,the traditional cryptographic algorithms are difficult to be deployed effectively.In terms of the problem that the existing authenticated encryption scheme consumes too much resources,this thesis adopts a scheme combining the lightweight block cipher algorithm with Galois/Counter Mode(GCM)to implement a lightweight authenticated encryption engine in Io T scenario.Based on the in-depth study of the GCM authenticated encryption process,this thesis completed the overall design of the authenticated encryption engine based on GCM.The specific work is as follows.Firstly,for the block cipher of GCM,two typical lightweight block cipher algorithms,CLEFIA and SIMON,are studied.Based on the bit parallel mode,the hardware implementation is carried out respectively and the indexes are compared.Finally,SIMON is selected as the block cipher algorithm in the lightweight GCM authenticated encryption engine.The designed SIMON encryption module supports the key length of 128/192/256 bits,which improves the flexibility and applicability of the circuit.Secondly,in terms of the problem of large hardware resource consumption of GHASH function in GCM,the implementation scheme of 32-cycle GF(2¹²⁸)multiplier is adopted to reduce the hardware cost effectively.At the same time,the state machine is used to integrate the SIMON module after the counter mode expansion with the GHASH computing module,so as to complete the design of lightweight SIMON-GCM authenticated encryption engine.Finally,a lightweight authenticated encryption system is constructed with RISC-V processor as the core,WISHBONE as the interconnection bus architecture and supporting simple peripherals.In addition,according to the requirement of SIMON-GCM authenticated encryption engine for random number,this thesis also designed a high speed,high energy efficiency true random number generator.The results of FPGA test show that the SIMON-GCM lightweight authenticated encryption engine only consumes 646 slices,which is much lower than the existing GCM-based authenticated encryption hardware.Among them,the GHASH computing module consumed only 268 slices,while the SIMON encryption module consumed 147slices.The authenticated encryption engine can perform the authentication and encryption tasks correctly,has good flexibility and low resource overhead,and has the prospect of being applied to various Io T devices.