	US 12,255,981 B2
	Methods and apparatuses for implementing high-speed cryptographic computation based on software-hardware collaboration, and electronic devices
Bin Wang, Zhejiang (CN); Da Chen, Zhejiang (CN); Xiaohong Guan, Zhejiang (CN); Jiadong Chen, Zhejiang (CN); Wei Wang, Zhejiang (CN); and Xing Wang, Zhejiang (CN)
Assigned to HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO., LTD., Zhejiang (CN)
Filed by Hangzhou Hikvision Digital Technology Co., Ltd., Zhejiang (CN)
Filed on Jun. 14, 2024, as Appl. No. 18/744,248.
Claims priority of application No. 202310710460.2 (CN), filed on Jun. 15, 2023.
Prior Publication US 2024/0421972 A1, Dec. 19, 2024
Int. Cl. H04L 9/06 (2006.01)

CPC H04L 9/06 (2013.01)

9 Claims

1. A method for implementing high-speed cryptographic computation based on software-hardware collaboration, wherein the method is applied to a server equipped with at least one cryptographic device, and comprises:

by a host machine software development kit (SDK) that is compatible with the at least one cryptographic device, performing a compliance check on a current to-be-processed data packet, and performing pre-processing on one or more current to-be-processed data packets that pass the compliance check to obtain one or more reference data packets, wherein the pre-processing comprises at least one of: according to a request type and a packet size of the current to-be-processed data packet, splitting or recombining the one or more current to-be-processed data packets to enable a size of any one of the obtained reference data packets to meet an optimal packet size requirement corresponding to the request type; or performing encoding format conversion on a data packet that is to be transmitted to a cryptographic device driver, wherein a converted encoding format is to reduce redundant encoding data;

by a cryptographic device driver that is compatible with the at least one cryptographic device, according to current weight factors for a plurality of resources for a cryptographic algorithm required by the reference data packets, determining one or more target resources from the plurality of resources with a load balancing principle, wherein the plurality of resources comprise software and/or hardware resources in the server capable of performing cryptographic computation on the reference data packets, and the hardware resources in the plurality of resources comprise the at least one cryptographic device; and

when the one or more target resources comprise a target cryptographic device, performing cryptographic computation on the reference data packets by executing an acceleration operation corresponding to a target cryptographic algorithm, wherein the target cryptographic algorithm is provided by the target cryptographic device for performing cryptographic computation on the reference data packets,

wherein, when the target cryptographic algorithm is an SM4 algorithm in a counter (CTR) mode, the acceleration operation at least comprises:

firstly grouping the reference data packets by the target cryptographic device; according to an Electronic Codebook (ECB) mode different from the CTR mode, concurrently scheduling each group of data packets; and

performing a specified mathematical operation on a processing result of the concurrent scheduling and an iteration result to obtain a concurrent acceleration result of the CTR mode, wherein the iteration result is obtained by a deployed CTR software counter iterating according to a specified iteration specification.