METHOD AND APPARATUS FOR EFFICIENTLY IMPLEMENTING THE ADVANCED ENCRYPTION STANDARD

US 20090172068A1
Filed: 12/28/2007
Published: 07/02/2009
Est. Priority Date: 12/28/2007
Status: Active Grant

First Claim

Patent Images

1. An apparatus implementing an Advanced Encryption Standard (AES) S-box encryption process on a 128-bit block including 16 byte values, the apparatus comprising:

a first field conversion circuit to convert each of the 16 byte values, respectively, from a first corresponding polynomial representation in GF(256) to a second corresponding polynomial representation in GF(2²)⁴),a multiplicative inverse circuit to compute for each of the second corresponding polynomial representations in GF(2²)⁴) of the 16 byte values, respectively, a corresponding multiplicative inverse polynomial representation in GF(2²)⁴); and

a second field conversion circuit to convert each corresponding multiplicative inverse polynomial representation in GF(2²)⁴) and to apply an affine transformation to generate, respectively, a third corresponding polynomial representation in GF(256).

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Implementations of Advanced Encryption Standard (AES) encryption and decryption processes are disclosed. In one embodiment of S-box processing, a block of 16 byte values is converted, each byte value being converted from a polynomial representation in GF(256) to a polynomial representation in GF((2²)⁴). Multiplicative inverse polynomial representations in GF((2²)⁴) are computed for each of the corresponding polynomial representations in GF((2²)⁴). Finally corresponding multiplicative inverse polynomial representations in GF((2²)⁴) are converted and an affine transformation is applied to generate corresponding polynomial representations in GF(256). In an alternative embodiment of S-box processing, powers of the polynomial representations are computed and multiplied together in GF(256) to generate multiplicative inverse polynomial representations in GF(256). In an embodiment of inverse-columns-mixing, the 16 byte values are converted from a polynomial representation in GF(256) to a polynomial representation in GF((2⁴)²). A four-by-four matrix is applied to the transformed polynomial representation in GF((2⁴)²) to implement the inverse-columns-mixing.

13 Citations

View as Search Results

15 Claims

1. An apparatus implementing an Advanced Encryption Standard (AES) S-box encryption process on a 128-bit block including 16 byte values, the apparatus comprising:
- a first field conversion circuit to convert each of the 16 byte values, respectively, from a first corresponding polynomial representation in GF(256) to a second corresponding polynomial representation in GF(2²)⁴),a multiplicative inverse circuit to compute for each of the second corresponding polynomial representations in GF(2²)⁴) of the 16 byte values, respectively, a corresponding multiplicative inverse polynomial representation in GF(2²)⁴); and
  
  a second field conversion circuit to convert each corresponding multiplicative inverse polynomial representation in GF(2²)⁴) and to apply an affine transformation to generate, respectively, a third corresponding polynomial representation in GF(256).
- View Dependent Claims (2, 3, 4, 5)
- - 2. The apparatus of claim 1 wherein converting each of the 16 byte values to a second corresponding polynomial representation in GF(2²)⁴) is performed by a multiplication of each of the 16 byte values with an 8-bit by 8-bit conversion matrix.
  - 3. The apparatus of claim 2 wherein the multiplication of each byte value with an 8-bit by 8-bit conversion matrix is implemented by a series of XORs.
  - 4. The apparatus of claim 1 wherein converting each corresponding multiplicative inverse polynomial representation and applying an affine transformation to generate a third corresponding polynomial representation in GF(256) is performed by a multiplication of each corresponding multiplicative inverse polynomial representation with an 8-bit by 8-bit product matrix and a subsequent XOR with a constant byte value.
  - 5. The apparatus of claim 4 wherein the multiplication of each corresponding multiplicative inverse polynomial representation with an 8-bit by 8-bit product matrix and a subsequent XOR with a constant byte value is implemented by a series of XORs.

6. An apparatus implementing an Advanced Encryption Standard (AES) S-box encryption process on a 128-bit block including a first 16 byte values each byte having a polynomial representation in GF(256), the apparatus comprising:
- a polynomial-powers generating circuit to compute for each of the first 16 byte values, respectively, a plurality of second byte values having polynomial representations in GF(256) corresponding to a plurality of powers of the polynomial representation of their respective byte value of the first 16 byte values;
  
  a multiplier circuit to multiply together in GF(256) the plurality of second byte values for each of the first 16 byte values, respectively, to produce a third 16 byte values each having a polynomial representation in GF(256) corresponding to the multiplicative inverse of their respective byte value of the first 16 byte values; and
  
  an affine transform circuit to apply an affine transformation to the multiplicative inverses of the 16 byte values to generate, respectively, a fourth 16 byte values each having a polynomial representation in GF(256).
- View Dependent Claims (7, 8)
- - 7. The apparatus of claim 6 wherein applying the affine transformation to generate a fourth 16 byte values having polynomial representation in GF(256) is performed by a multiplication of each corresponding multiplicative inverse polynomial representation with an 8-bit by 8-bit product matrix and a subsequent XOR with a constant byte value.
  - 8. The apparatus of claim 7 wherein the multiplication of each corresponding multiplicative inverse polynomial representation with an 8-bit by 8-bit product matrix and a subsequent XOR with a constant byte value is implemented by a series of XORs

9. An apparatus implementing an Advanced Encryption Standard (AES) decryption process on a 128-bit block including 16 byte values, the apparatus comprising:
- a first field conversion circuit to convert each of the 16 byte values, respectively, from a first corresponding polynomial representation in GF(256) to a second corresponding polynomial representation in GF(2⁴)²),an inverse-columns-mixing circuit to compute an inverse-columns-mixing transformation in GF(2⁴)²) of the 16 byte values to get corresponding transformed polynomial representations in GF(2⁴)²);
  
  a second field conversion circuit to convert each corresponding transformed polynomial representation in GF(2⁴)²) and apply an inverse affine transformation to generate, respectively, a third corresponding polynomial representation in a finite field other than GF(2⁴)²); and
  
  a multiplicative inverse circuit to compute for each of the third corresponding polynomial representations of the 16 byte values, respectively, a corresponding multiplicative inverse polynomial representation in said finite field other than GF(2⁴)²).
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The apparatus of claim 9 wherein the first converting of each of the 16 byte values to a second corresponding polynomial representation in GF(2⁴)²) is performed by a multiplication of each of the 16 byte values with an 8-bit by 8-bit conversion matrix.
  - 11. The apparatus of claim 10 wherein the multiplication of each byte value with an 8-bit by 8-bit conversion matrix is implemented by a series of XORs.
  - 12. The apparatus of claim 9 wherein the third corresponding polynomial representations of the 16 byte values are in GF(256), the multiplicative inverse circuit comprising:
    - a polynomial-powers generating circuit to compute for each of the third corresponding polynomial representations, respectively, a plurality of fourth byte values having polynomial representations in GF(256) corresponding to a plurality of powers of the third polynomial representation of their respective byte value;
      
      a multiplier circuit to multiply together in GF(256) the plurality of fourth byte values for each of the third corresponding polynomial representations, respectively, to produce a fifth 16 byte values each having a polynomial representation in GF(256) corresponding to the multiplicative inverse of their respective byte value of the third corresponding polynomial representations.
  - 13. The apparatus of claim 9 wherein the second converting of each corresponding multiplicative inverse polynomial representation and applying an affine transformation to generate a third corresponding polynomial representation in a finite field other than GF(2⁴)²) is performed by a multiplication of each corresponding multiplicative inverse polynomial representation with an 8-bit by 8-bit product matrix and an XOR with a constant byte value.
  - 14. The apparatus of claim 13 wherein the multiplication of each corresponding multiplicative inverse polynomial representation with an 8-bit by 8-bit product matrix and a XOR with a constant byte value is implemented by a series of XORs.
  - 15. The apparatus of claim 9 wherein the third corresponding polynomial representations of the 16 byte values are in GF(2²)⁴), the multiplicative inverse circuit comprising:
    - an inversion circuit to compute for each of the third corresponding polynomial representations in GF(2²)⁴) of the 16 byte values, respectively, a corresponding multiplicative inverse polynomial representation in GF(2²)⁴); and
      
      a third field conversion circuit to convert each corresponding multiplicative inverse polynomial representation in GF(2²)⁴) to generate, respectively, a fourth corresponding polynomial representation in GF(256).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
KOUNAVIS, MICHAEL E., Krishnamurthy, Ram, Gueron, Shay, Mathew, Sanu K.

Granted Patent

US 8,923,510 B2
Time in Patent Office

Days
Field of Search
US Class Current

708/606
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 7/00   Methods or arrangements for...

G06F 9/30007   to perform operations on da...

G06F 9/30112   comprising data of variable...

G06F 9/30145   Instruction analysis, e.g. ...

G06F 9/30149   of variable length instruct...

G06F 9/30196   using decoder, e.g. decoder...

G06F 9/3887   controlled by a single inst...

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 9/0631   Substitution permutation ne...

METHOD AND APPARATUS FOR EFFICIENTLY IMPLEMENTING THE ADVANCED ENCRYPTION STANDARD

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR EFFICIENTLY IMPLEMENTING THE ADVANCED ENCRYPTION STANDARD

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links