A Flexible HW/SW Co-design System Based On SM2/3/4 For Encryption/Decryption And Signature/Verification

With the popularity of intelligent hardware,the security of smart devices is facing great challenges,most smart devices have serious security flaws which allow attackers to easily invade the user's network.Security chips can undoubtedly play an important role in the field of network security.SM2,SM3,and SM4 encryption technologies are developing rapidly,but there is still room for optimization in practical applications,both pure software or hardware implementation have their own drawbacks.Software and hardware co-design has emerged in this field,which avoids the deficiency of software and hardware,combines the advantages of both to achieve maximum performance and efficiency,so that it has great research value.The encryption and decryption is still an important branch of the security field.In order to ensure that data is not cracked in the transmission process,we need a more secure encryption and decryption algorithm to enhance the system security level.And digital signature can ensure the authenticity of user's identity,the integrity of the information,the security of the data and non-repudiation during the process of storage,transmission and processing.In order to ensure the secure communication of smart devices,for the lightweight encryption,especially the encryption chips applied to the Internet of Things,there are widespread defects such as large chip area and high power consumption while ensuring the speed and security of the chip.For the sake of breaking this bottleneck,this paper presents a flexible software and hardware co-design system based on SM2,SM3,SM4 encryption technology.Firstly,the algorithms are implemented through pure software,and then the performance and resource utilization of pure software implementation are further analyzed.The module which occupies large resources and has a slow operation speed(such as Point-and-multiply operation)is realized by hardware,and the high flexibility and low speed effect module is realized through software.Secondly,through the AHB bus interface IP,AHB bus clock drive and software scheduling to control the operation and data transmission of each software and hardware module.Finally,the entire system based on secure chip is realized through resource allocation,co-design and scheduling of software and hardware.By studying the principle and complexity of each encryption module,a set of hardware and software partitioning scheme that can achieve encryption/decryption and signature/verification is obtained.Through FPGA verification,functional verification and performance testing of the chip after tapeout,the results show that the system meets the design requirements and security requirements of the Internet of Things.Under the SMIC 11Onm technology process and 36MHz clocks,the design can generate public-private key pair at the speed of 75 times per second.71 digital signatures and 37 verifications per second respectively in typical case.The throughput is about 12.36 Mbps of encryption/decryption.The total power consumption of SM2/3/4 is about 6.8mW and the area is about lmm2,which has the characteristics of simple structure,low power consumption,small area and low frequency,it is suitable for the current security chip application scenario.