Method and apparatus for efficiently implementing the advanced encryption standard
First Claim
Patent Images
1. An apparatus implementing an Advanced Encryption Standard (AES) S-box encryption process on a 128-bit block including 16 byte values, the apparatus comprising:
- a first field conversion circuit to convert each of the 16 byte values, respectively, from a first corresponding polynomial representation in GF(256) to a second corresponding polynomial representation in GF((22)4);
a multiplicative inverse circuit to compute for each of the second corresponding polynomial representations in GF((22)4) of the 16 byte values, respectively, a corresponding multiplicative inverse polynomial representation in GF((22)4); and
a second field conversion circuit to convert each corresponding multiplicative inverse polynomial representation in GF((22)4) and to apply an affine transformation to generate, respectively, a third corresponding polynomial representation in GF(256), wherein the conversion, in the second field conversion circuit, of each corresponding multiplicative inverse polynomial representation in GF((22)4) and application of the affine transformation is performed by multiplication of each byte value with an 8-bit by 8-bit matrix and XORs with a set of constants according to;
b0=a0⊕
a1⊕
a2,b1=a0⊕
a3⊕
a5,b2=a0⊕
a2⊕
a6,b3=a0⊕
a1 ⊕
a3 ⊕
a4⊕
a5,b4=a0⊕
a1 ⊕
a4 ⊕
a5⊕
a7,b5=a4,b6=a 3⊕
a6,b7=a2⊕
a3,where [a7, a6, a5, a4, a3, a2, a1, a0] is the multiplicative inverse polynomial representation in GF((22)4) and [b7, b6, b5, b4, b3, b2, b1, b0] is the third corresponding polynomial representation in GF(256).
0 Assignments
0 Petitions
Accused Products
Abstract
Implementations of Advanced Encryption Standard (AES) encryption and decryption processes are disclosed. In one embodiment of S-box processing, a block of 16 byte values is converted, each byte value being converted from a polynomial representation in GF(256) to a polynomial representation in GF((22)4). Multiplicative inverse polynomial representations in GF((22)4) are computed for each of the corresponding polynomial representations in GF((22)4). Finally corresponding multiplicative inverse polynomial representations in GF((22)4) are converted and an affine transformation is applied to generate corresponding polynomial representations in GF(256). In an alternative embodiment of S-box processing, powers of the polynomial representations are computed and multiplied together in GF(256) to generate multiplicative inverse polynomial representations in GF(256). In an embodiment of inverse-columns-mixing, the 16 byte values are converted from a polynomial representation in GF(256) to a polynomial representation in GF((24)2). A four-by-four matrix is applied to the transformed polynomial representation in GF((24)2) to implement the inverse-columns-mixing.
23 Citations
8 Claims
-
1. An apparatus implementing an Advanced Encryption Standard (AES) S-box encryption process on a 128-bit block including 16 byte values, the apparatus comprising:
-
a first field conversion circuit to convert each of the 16 byte values, respectively, from a first corresponding polynomial representation in GF(256) to a second corresponding polynomial representation in GF((22)4); a multiplicative inverse circuit to compute for each of the second corresponding polynomial representations in GF((22)4) of the 16 byte values, respectively, a corresponding multiplicative inverse polynomial representation in GF((22)4); and a second field conversion circuit to convert each corresponding multiplicative inverse polynomial representation in GF((22)4) and to apply an affine transformation to generate, respectively, a third corresponding polynomial representation in GF(256), wherein the conversion, in the second field conversion circuit, of each corresponding multiplicative inverse polynomial representation in GF((22)4) and application of the affine transformation is performed by multiplication of each byte value with an 8-bit by 8-bit matrix and XORs with a set of constants according to; b0=a0⊕
a1⊕
a2,b1=a0⊕
a3⊕
a5,b2=a0⊕
a2⊕
a6,b3=a0⊕
a1 ⊕
a3 ⊕
a4⊕
a5,b4=a0⊕
a1 ⊕
a4 ⊕
a5⊕
a7,b5=a4, b6=a 3⊕
a6,b7=a2⊕
a3,where [a7, a6, a5, a4, a3, a2, a1, a0] is the multiplicative inverse polynomial representation in GF((22)4) and [b7, b6, b5, b4, b3, b2, b1, b0] is the third corresponding polynomial representation in GF(256). - View Dependent Claims (2, 3)
-
-
4. A method comprising:
-
converting, in a first field conversion circuit, each of a plurality of 16 byte values of a block, respectively, from a first corresponding polynomial representation in GF(256) to a second corresponding polynomial representation in GF((22)4); computing, in a multiplicative inverse circuit, for each of the second corresponding polynomial representations in GF((22)4) of the 16 byte values, respectively, a corresponding multiplicative inverse polynomial representation in GF((22)4); converting, in a second field conversion circuit, each corresponding multiplicative inverse polynomial representation in GF((22)4) and applying an affine transformation to generate, respectively, a third corresponding polynomial representation in GF(256), wherein the conversing, in the second field conversion circuit, each corresponding multiplicative inverse polynomial representation in GF((22)4) and applying the affine transformation is performed by multiplication of each byte value with an 8-bit by 8-bit matrix and XORs with a set of constants according to; b0=a0⊕
a1⊕
a2,b1=a0⊕
a3⊕
a5,b2=a0⊕
a2⊕
a6,b3=a0⊕
a1⊕
a3⊕
a4 ⊕
a5,b4=a0⊕
a1⊕
a4⊕
a5⊕
a7,b5=a4, b6=a3⊕
a6,b7=a2⊕
a3,where [a7, a6, a5, a4, a3, a2, a1, a0] is the multiplicative inverse polynomial representation in GF((22)4) and [b7, b6, b5, b4, b3, b2, b1, b0] is the third corresponding polynomial representation in GF(256). - View Dependent Claims (5, 6)
-
-
7. An apparatus implementing an Advanced Encryption Standard (AES) S-box encryption process on a 128-bit block including 16 byte values, the apparatus comprising:
-
a first field conversion circuit to convert each of the 16 byte values, respectively, from a first corresponding polynomial representation in GF(256) to a second corresponding polynomial representation in GF((22)4), wherein converting each of the 16 byte values to a second corresponding polynomial representation in GF((22)4) is performed by a multiplication of each of the 16 byte values with an 8-bit by 8-bit conversion matrix and the multiplication of each byte value with an 8-bit by 8-bit conversion matrix is implemented by a series of XORs according to; b0=a0⊕
a1⊕
a6,b1=a1⊕
a4⊕
a6,b2=a5⊕
a6⊕
a7,b3=a3⊕
a4,b4=a1⊕
a2⊕
a3⊕
a4⊕
a5,b5=a3⊕
a4⊕
a5⊕
a7,b6=a2⊕
a5⊕
a6,b7=a3⊕
a7,where [a7, a6, a5, a4, a3, a2, a1, a0] is the first corresponding polynomial representation in GF(256) and [b7, b6, b5, b4, b3, b2, b1, b0] is the second corresponding polynomial representation in GF((22)4); a multiplicative inverse circuit to compute for each of the second corresponding polynomial representations in GF((22)4) of the 16 byte values, respectively, a corresponding multiplicative inverse polynomial representation in GF((22)4); and a second field conversion circuit to convert each corresponding multiplicative inverse polynomial representation in GF((22)4) and to apply an affine transformation to generate, respectively, a third corresponding polynomial representation in GF(256).
-
-
8. A method comprising:
-
converting, in a first field conversion circuit, each of a plurality of 16 byte values of a block, respectively, from a first corresponding polynomial representation in GF(256) to a second corresponding polynomial representation in GF((22)4), wherein converting each of the 16 byte values to a second corresponding polynomial representation in GF((22)4) is performed by a multiplication of each of the 16 byte values with an 8-bit by 8-bit conversion matrix and multiplying each byte value with the 8-bit by 8-bit conversion matrix according to; b0=a0⊕
a1⊕
a6,b1=a1⊕
a4⊕
a6,b2=a5⊕
a6⊕
a7,b3=a3⊕
a4,b4=a1⊕
a2⊕
a3⊕
a4⊕
a5,b5=a3⊕
a4⊕
a5⊕
a7,b6=a2⊕
a5⊕
a6,b7=a3⊕
a7,where [a7, a6, a5, a4, a3, a2, a1, a0] is the first corresponding polynomial representation in GF(256) and [b7, b6, b5, b4, b3, b2, b1, b0] is the second corresponding polynomial representation in GF((22)4); computing, in a multiplicative inverse circuit, for each of the second corresponding polynomial representations in GF((22)4) of the 16 byte values, respectively, a corresponding multiplicative inverse polynomial representation in GF((22)4); converting, in a second field conversion circuit, each corresponding multiplicative inverse polynomial representation in GF((22)4) and applying an affine transformation to generate, respectively, a third corresponding polynomial representation in GF(256).
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeIntel Corporation
-
Original AssigneeIntel Corporation
-
InventorsKounavis, Michael E., Gueron, Shay, Krishnamurthy, Ram, Mathew, Sanu K.
-
Primary Examiner(s)Rashid, Harunur
-
Application NumberUS14/569,428Publication NumberTime in Patent Office1,341 DaysField of Search380 28, 380 29US Class CurrentCPC Class CodesG06F 21/602 Providing cryptographic fac...G06F 7/00 Methods or arrangements for...G06F 9/30007 to perform operations on da...G06F 9/30112 comprising data of variable...G06F 9/30145 Instruction analysis, e.g. ...G06F 9/30149 of variable length instruct...G06F 9/30196 using decoder, e.g. decoder...G06F 9/3887 controlled by a single inst...H04L 2209/34 Encoding or coding, e.g. Hu...H04L 9/0631 Substitution permutation ne...
