Design of An Application Specific Instruction Set Cryptographic Processor by 蒋小刚
学校编码：10384                                     分类号      密级  内部  




硕  士  学  位  论  文 
                                           
专用指令集密码处理器的设计研究 
Design of An Application Specific Instruction Set 
Cryptographic Processor 
蒋小刚 
指导教师姓名：陈 辉 煌  教授 
周 剑 扬  博士 
专 业  名 称：电 路 与 系 统 
论文提交日期：2006  年  5 月 
论文答辩时间：2006  年  5 月 
学位授予日期：2006  年    月 
  
答辩委员会主席：           
评    阅    人：           
 






















                        声明人（签名）： 










































  1、保密（ ），在   年解密后适用本授权书。 




作者签名：      日期：  年 月 日 



















中 文 摘 要 
I 
中 文 摘 要 
高级加密标准（AES）和椭圆曲线密码学算法（ECC），作为当今主流的对



















用该模型对 AES 算法和 GF(2m)上的域运算进行软件实现和性能评估，实验结果
表明，该密码处理器能显著地提高目标密码算法的性能，对目标密码算法的实现
具有充分的灵活性； 后使用 Verilog 语言对处理器进行了寄存器传输级（RTL）
































As the main symmetric-key and public-key cryptography respectively, 
Advanced Encryption Standard (AES) and Elliptic Curve Cryptography (ECC) are 
exploited increasingly widely. The requirements of high performance，lower power 
consumption and high flexibility to implement AES and ECC is also increasing 
correspondingly, especially in embedded systems. The two kinds of conventional 
methods to implement cryptographic algorithms are software implementation on 
embedded microprocessor or DSPs, and hardware implementation using ASIC or IP 
cores. The software implementation cannot meet the performance requirements, 
while the hardware implementation reduce the flexibility. Therefore, this thesis 
exploit the Application Specific Instruction-set Processors (ASIPs) design 
methodology to explore the design of a cryptographic processor mainly targeting the 
algorithms of AES and ECC. 
This thesis analyzes and summarizes the design flow, design methodology and 
design space of ASIPs in industries and academies, presents a practical design flow 
and method. Basing on the proposed design flow and method, the research is carried 
out in there parts: ① We analyze and implement the AES and Elliptic Curve Digital 
Signature Algorithm (ECDSA) respectively. Both of them are implemented on 
embedded microprocessor, and the performance is evaluated. ② We present two 
strategies to accelerate the implementation of ECC on System on Programmable 
Chip (SOPC). Firstly, custom instructions are designed and its functional unit is 
implemented and integrated with the data path of Nios II processor. Secondly, The 
multiplication and division accelerators in GF(2m) are designed and integrated as 
slaves on Avalon on-chip-bus. The experiments show that both of these strategies 
can improve the performance obviously. ③ In this thesis, the emphasis and goal is 
to design a cryptographic processor which can accelerate the implementation of both 















and implements the proposed cryptographic processor CryptoPro. Firstly, the 
Instruction Set Architecture (ISA), pipeline, micro-architecture, and the detailed 
architecture of functional units of the cryptographic processor CryptoPro are 
proposed. Secondly, The proposed processor are modeled using SystemC, and 
evaluated basing on the software implementation of AES and field arithmetics in 
GF(2m) using the assemble language of CryptoPro. The experimental results 
demonstrate that the proposed CryptoPro can improve the performance of 
implementation of objective cryptographic algorithms remarkably while maintaining 
adequate flexibility. Finally, a prototype processor of CryptoPro is described with 
Verilog at Register Transfer Level (RTL), and implemented with FPGA and SMIC 
0.18um library respectively. 
Key Words: Application Specific Instruction-set Processor; Advanced 













目  录 
V 
目  录 
中 文 摘 要·································································································I 
目  录 ········································································································· V 
第一章  绪  论 ························································································· 1 
1.1 密码编码学的发展概况 ·················································································1 
1.2 本文研究的背景和意义 ·················································································3 
1.3 论文的主要内容 ·····························································································4 
第二章  专用指令集处理器设计方法学 ················································ 6 
2.1 专用指令集处理器设计的研究现状 ·····························································6 
2.1.1 设计流程 ······························································································6 
2.1.2 自动化设计（EDA）工具 ··································································8 
2.1.3 专用指令集处理器的设计任务·························································10 
2.1.4 可配置和可扩展的处理器 ································································11 
2.2 专用指令集处理器的架构设计空间 ···························································14 
2.2.1 处理器架构的选择 ············································································14 
2.2.2 处理器的功能运算单元 ····································································17 
2.2.3 处理器的流水线 ················································································19 
2.2.4 存储系统 ····························································································21 
2.2.5 硬件加速器 ························································································23 
2.2.6 处理器的外设和接口 ········································································23 
2.3 专用指令集处理器的设计流程 ···································································23 
2.4 本章小结 ·······································································································27 
第三章  密码算法的分析和实现研究 ·················································· 29 
3.1 高级加密标准（AES）算法········································································29 
3.1.1 高级加密标准（AES）算法原理 ·····················································29 
3.1.2 AES 的硬件实现结构 ·········································································39 
3.1.3 AES 的软件实现 ·················································································43 
3.2 椭圆曲线数字签名算法（ECDSA） ··························································45 
3.2.1 椭圆曲线数字签名算法 ····································································45 
3.2.2 椭圆曲线算术 ····················································································49 
3.2.3 二元有限域 GF(2m)算术····································································51 
3.2.4 安全哈希算法 ····················································································54 
3.2.5 ECDSA 的软件实现和性能评估························································57 
3.3 ECC 在可编程片上系统（SOPC）上的加速实现 ····································59 
3.3.1 定制指令 ····························································································61 















3.4 本章小结 ·······································································································69 
第四章  密码处理器 CryptoPro 的设计和实现·································· 71 
4.1 针对密码算法的设计考虑 ···········································································71 
4.2 处理器 CryptoPro 的指令集体系结构设计 ···············································72 
4.2.1 编程模式 ····························································································72 
4.2.2 指令集设计 ························································································75 
4.3 处理器 CryptoPro 的流水线和结构设计 ···················································81 
4.3.1 处理器 CryptoPro 的流水线和微架构设计 ······································81 
4.3.2 处理器 CryptoPro 的功能运算单元设计 ··········································84 
4.4 处理器 CryptoPro 的性能评估 ···································································90 
4.4.1 处理器的行为模型设计 ····································································90 
4.4.2 汇编器设计 ························································································91 
4.4.3 AES 算法的软件实现 ·········································································91 
4.4.4 二元有限域 GF(2m)域运算的实现 ····················································92 
4.5 处理器 CryptoPro 的实现 ···········································································94 
4.5.1 处理器的 FPGA 实现 ········································································97 
4.5.2 处理器的 ASIC 实现 ·········································································97 
4.6 密码处理器 CryptoPro 的应用探讨 ···························································99 
4.6.1 独立的专用指令集处理器 ································································99 
4.6.2 通用处理器的指令集扩展 ······························································101 
4.7 本章小结 ·····································································································101 
第五章  总 结························································································ 103 
参考文献 ·································································································· 107 
致  谢 ······································································································ 112 
附录 A  CryptoPro 指令集的编码······················································ 113 
附录 B  AES 算法的实现代码 ···························································· 115 
















Abstract ·································································································· III 
Contents ································································································VII 
Chapter 1  Introduction ········································································ 1 
1.1 Development of Cryptography ······································································1 
1.2 Background and Motivation ··········································································3 
1.3 Overview ··········································································································4 
Chapter 2  Design Methodology of ASIPs ··········································· 6 
2.1 Research Status of ASIPs Design ···································································6 
2.1.1 Design Flow ··························································································6 
2.1.2 EDA Design Tools ·················································································8 
2.1.3 Design Tasks of ASIPs·········································································10 
2.1.4 Configurable and Extensible Processors ··············································11 
2.2 Architecture Design Space of ASIPs····························································14 
2.2.1 Arhitecture Selection of ASIPs ····························································14 
2.2.2 Functional Units of ASIPs ···································································17 
2.2.3 Pipelines of ASIPs ···············································································19 
2.2.4 Memory Subsystem ·············································································21 
2.2.5 Hardware Accelerators·········································································23 
2.2.6 Peripherals and Interfaces of ASIPs·····················································23 
2.3 Design Flow of ASIPs····················································································23 
2.4 Summary········································································································27 
Chapter 3  Analysis and Implementation of Cryptopraphic 
Algorithms ······························································································ 29 
3.1 Advanced Encryption Standard ··································································29 
3.1.1 AES Algorithm ····················································································29 
3.1.2 Hardware Architecture of AES ····························································39 
3.1.3 Software Implementation of AES ························································43 
3.2 Elliptical Curve Digital Signature Algorithm·············································45 
3.2.1 ECDSA································································································45 
3.2.2 Elliptic Curve Arithmetic·····································································49 
3.2.3 Binary Finite Field Arithmetic ·····························································51 
3.2.4 Secure Hash Algorithm········································································54 
3.2.5 Software Implementation and Profiling of ECDSA·····························57 















3.3.1 Custom Instructions·············································································61 
3.3.2 Hardware Accelerators·········································································64 
3.4 Summary········································································································69 
Chapter 4  Design and Implementation of A Cryptographic 
Processor —— CryptoPro ···································································· 71 
4.1 Design Consideration on Cryptographic Algorithms ································71 
4.2 ISA Design of CryptoPro··············································································72 
4.2.1 Programming Mode·············································································72 
4.2.2 Design of Instruction Set ·····································································75 
4.3 Pipeline and Architecture Design of CryptoPro·········································81 
4.3.1 Pipeline and Microarchitecture Design of CryptoPro ··························81 
4.3.2 Functional Unit Design of CryptoPro ··················································84 
4.4 Benchmarking of CryptoPro········································································90 
4.4.1 Behaviroal Model Design of CryptoPro···············································90 
4.4.2 Assembler Design················································································91 
4.4.3 Software Implementation of AES Algorithm ·······································91 
4.4.4 Software Implementation of Arithmetics on Binary Finite Field ·········92 
4.5 Implementation of CryptoPro······································································94 
4.5.1 FPGA Implementation ·········································································97 
4.5.2 ASIC Implementation ··········································································97 
4.6 Discuss on Application of CryptoPro ··························································99 
4.6.1 Standalone ASIP for Cryptographic Algorithms ··································99 
4.6.2 Instruction Set Extension on General Purpose Processors ·················101 
4.7 Summary······································································································101 
Chapter 5  Conclusions ····································································· 103 
Reference ······························································································· 107 
Acknowlegement ·················································································· 112 
Appendix A  Coding of CryptoPro Instruction Set ······················· 113 
Appendix B  Software Code Implementing AES ··························· 115 
Appendix C  Software Code Implementing Modular Multiplication 













第一章  绪  论 
1 












在分组加密算法中，美国 1976 年发布的数据加密标准（DES）算法 为引
人瞩目，DES 也一度成为广大研究者和工程师研究与开发、分析和攻击的目标。
随着大量科研人员的开发、分析和改进工作的进行，DES 及其改进算法(如：3DES)




经过两轮的评估，于 2000 年 10 月 终选取了比利时的密码专家 Joan Daemen 和
























带来了新的生机。对于相同安全等级的 ECC 和 RSA，ECC 具有较短的密钥长度；
例如：163 比特密钥长度的 ECC 具有 1024 比特密钥长度的 RSA 算法相当的安




整性和消息认证。它的基本思想是把哈希函数值 h(x)看作消息 x 的摘要，或当作
x 的压缩代表图像[2]。数字签名算法中的签名产生和签名验证都需要使用安全哈
希算法（secure hash algorithm, SHA）。目前使用的安全哈希算法主要是 SHA-1
和 SHA-2[3]。 
表 1-1-1 表示了常用的分组密码算法、公钥密码算法和安全哈希算法的安全
等级[1, 3, 4, 5]，每一行表示同等安全等级。在对称密码中，AES 算法能够提供 128
比特、192 比特和 256 比特三个等级的安全性能。在公钥密码中，在提供相同的
安全等级前提下，ECC 的密钥长度远远小于 RSA 的密钥长度，可见使用 ECC 可
以减少运算复杂度、存储空间和传输带宽。随着应用对安全等级需求的不断增加，
AES 和 ECC 将会得到越来越广泛的应用。 
 






80 SKIPJACK 192 163 1024 SHA-1 
112 Triple-DES 224 233 2048 SHA-224 
128 AES-128 256 283 3072 SHA-256 
192 AES-192 384 409 7680 SHA-384 




















































































































进行了评估； 后探讨了 ECC 在可编程系统芯片(SOPC)上的实现问题，使用了
























Degree papers are in the “Xiamen University Electronic Theses and Dissertations Database”. Full
texts are available in the following ways: 
1. If your library is a CALIS member libraries, please log on http://etd.calis.edu.cn/ and submit
requests online, or consult the interlibrary loan department in your library. 
2. For users of non-CALIS member libraries, please mail to etd@xmu.edu.cn for delivery details.
厦
门
大
学
博
硕
士
论
文
摘
要
库
