面向窄带物联网的ZUC算法紧凑硬件实现  

作　　者：宋锐 向泽军 张若琳 张莎莎[1] 陈思维 Rui SONG;Zejun XIANG;Ruolin ZHANG;Shasha ZHANG;Siwei CHEN(School of Cyber Science and Technology,Hubei University,Wuhan 430062,China;State Key Laboratory of Cryptology,Beijing 100878,China;Faculty of Mathematics and Statistics,Hubei University,Wuhan 430062,China)

机构地区：[1]湖北大学网络空间安全学院,武汉430062 [2]密码科学技术全国重点实验室,北京100878 [3]湖北大学数学与统计学学院,武汉430062

出　　处：《中国科学:信息科学》2025年第1期64-79,共16页Scientia Sinica(Informationis)

基　　金：国家自然科学基金(批准号:62272147);湖北省自然科学基金(批准号:2024AFB573);国家重点研发计划青年科学家项目(批准号:2023YFA1011200)资助。

摘　　要：物联网(Internet of Things,Io T)领域当前正面临着无法回避且持续存在的网络安全威胁以及设备资源受限的双重挑战.针对前述问题,本文在ASIC(application specific integrated circuit)平台上,利用时序复用与门控时钟技术,设计了一种高效的低面积ZUC算法硬件实现电路.此电路通过确保每个功能模块仅被实例化一次,实现了电路面积的极小化.在S盒的设计上,本文借鉴了塔域分解的思想,并提出了一种算法,用于在有限域F_(2^(n))到有限域F′_(2^(n))之间搜索同构映射矩阵.该算法旨在找到一种同构映射,当它与S盒运算的仿射矩阵及其他相关矩阵相乘后,能够以最少的异或逻辑门数实现映射.基于上述两点,本文所实现的S1-box在面积上与当前AES算法的Sbox相当.在线性变换部分,本文采用了最大距离可分(maximum distance separable,MDS)矩阵拆解的思想,使得整个线性层的实现仅需164个异或门.在加法链的设计上,本文采用了进位存储加法器、32比特加法器、单加数的31比特加法器与中间寄存器的组合.这一设计使得线性反馈移位寄存器层与有限状态自动机层能够共享同一条加法链,从而进一步优化了电路结构.在TSMC 90 nm工艺下综合验证,本文所提出的硬件实现方案在时钟频率为250 MHz时,吞吐率可达2 Gbps,同时面积开销仅为6.67 k GE.与当前主流方案相比,本设计在保持吞吐率不变的前提下,面积开销降低了44%.The Internet of Things(IoT)domain is currently facing unavoidable and persistent challenges in the form of cybersecurity threats and constrained device resources.To address the aforementioned issues,this paper designs an efficient low-area hardware implementation of the ZUC algorithm on an ASIC platform,utilizing timemultiplexing and clock gating techniques.This circuit minimizes area by ensuring that each functional module is instantiated only once.In the design of the S-box,this paper draws on the concept of tower field decomposition and proposes an algorithm to search for isomorphic mapping matrices between the finite field F_(2^(n)) and the finite field F′_(2^(n)).The algorithm aims to find an isomorphic mapping that,when multiplied by the affine matrix of the S-box operation and other related matrices,can achieve the mapping with the least number of XOR logic gates.Based on these two points,the implemented S1-box in this paper has an area comparable to the current AES algorithm’s S-box.In the linear transformation part,the paper adopts the idea of maximum distance separable(MDS)matrix decomposition,allowing the entire linear layer to be implemented with only 164 XOR gates.For the design of the addition chain,the paper employs a carry-save adder,a 32-bit adder,a single operand 31-bit adder,and intermediate registers.This design enables the linear feedback shift register layer and the finite state machine layer to share the same addition chain,further optimizing the circuit structure.The proposed hardware implementation achieves a throughput of 2 Gbps at a clock frequency of 250 MHz,with an area overhead of only 6.67 kGE,under the TSMC 90 nm process.Compared to current mainstream designs,this paper reduces area overhead by 44%while maintaining the same throughput.

关 键 词：ZUC 面积优化 复合域 时序复用 窄带物联网 

分 类 号：TN929.5[电子电信—通信与信息系统] TP393[电子电信—信息与通信工程]