Circuit and method for implementing the advanced encryption standard block cipher algorithm in a system having a plurality of channels
First Claim
1. A circuit for implementing the Advanced Encryption Standard (AES) block cipher algorithm in a system having a plurality of channels, the circuit comprising:
- round key generation means for (i) selectively receiving a cipher key and (ii) generating a round key of a first predetermined bit length from the received cipher key a predetermined number of times based on the AES Rijndael key expansion algorithm;
encryption/decryption means for (i) selectively receiving a data block of the first predetermined bit length from one of the plurality of system channels and a round key from the round key generation means and (ii) encrypting/decrypting the received data block a predetermined number of rounds based on the AES block cipher algorithm; and
controller means, responsive to control signals from each of the plurality of system channels, for controlling the round key generation means and the encryption/decryption means to selectively encrypt or decrypt the data block from individual ones of the plurality of system channels in a round-robin fashion.
3 Assignments
0 Petitions
Accused Products
Abstract
A circuit includes a single circuit portion for implementing the Advanced Encryption Standard (AES) block cipher algorithm in a system having a plurality of channels. The circuit portion includes a circuit for individually generating, on the fly, the round keys used during each round of the AES block cipher algorithm. The circuit portion also includes shared logic circuits that implement the transformations used to encrypt and decrypt data blocks according to the AES block cipher. The single circuit portion encrypts or decrypts data blocks from each of the plurality of system channels in turn, in round-robin fashion. The circuit portion also includes a circuit for determining S-box values for the AES block cipher algorithm. The circuit additionally implements an efficient method for generating round keys on the fly for the AES block cipher decryption process.
-
Citations
52 Claims
-
1. A circuit for implementing the Advanced Encryption Standard (AES) block cipher algorithm in a system having a plurality of channels, the circuit comprising:
-
round key generation means for (i) selectively receiving a cipher key and (ii) generating a round key of a first predetermined bit length from the received cipher key a predetermined number of times based on the AES Rijndael key expansion algorithm;
encryption/decryption means for (i) selectively receiving a data block of the first predetermined bit length from one of the plurality of system channels and a round key from the round key generation means and (ii) encrypting/decrypting the received data block a predetermined number of rounds based on the AES block cipher algorithm; and
controller means, responsive to control signals from each of the plurality of system channels, for controlling the round key generation means and the encryption/decryption means to selectively encrypt or decrypt the data block from individual ones of the plurality of system channels in a round-robin fashion. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A circuit for implementing the Advanced Encryption Standard (AES) block cipher algorithm in a system having a plurality of channels, the circuit comprising:
-
a plurality of cipher key storage means, one coupled to each of the plurality of system channels, for storing a cipher key received from one of the system channels;
buffer register means for selectively receiving and concatenating a plurality of data strings of a first predetermined bit length from one of the plurality of system channels into a data block of a second predetermined bit length. round key generation means for (i) selectively receiving one of the stored cipher keys from one of the plurality of cipher key storage means and (ii) generating a round key of the second predetermined bit length from the received cipher key a predetermined number of times based on the AES Rijndael key expansion algorithm;
encryption/decryption means for (i) selectively receiving a data block of the second predetermined bit length from the buffer register means and a round key from the round key generation means and (ii) encrypting/decrypting the received data block a predetermined number of rounds based on the AES block cipher algorithm; and
controller means, responsive to control signals from each of the plurality of system channels, for controlling the round key generation means and the encryption/decryption means to selectively encrypt or decrypt a data block from individual ones of the plurality of system channels in a round-robin fashion. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A circuit for selectively determining S-box and inverse S-box data substitution values for a data string, the substitution values being associated with the ByteSub and InvByteSub functions, respectively, of the Advanced Encryption Standard (AES) block cipher algorithm, the circuit comprising:
-
inverse affine means for receiving a vector data byte and performing an inverse affine transformation thereon to generate a transformed vector data byte;
first data switching means for;
(i) receiving the vector data byte, the transformed vector data byte, and an encrypt/decrypt control signal; and
(ii) transmitting the vector data byte when the control signal indicates the circuit is in an encrypt state and transmitting the transformed vector data byte when the control signal indicates the circuit is in a decrypt state;
inverse vector data byte determination means for;
(i) selectively receiving one of the vector data byte and the transformed vector data byte, in accordance with the control signal received by the first data switching means; and
(ii) determining an inverse vector data byte;
affine transformation means for receiving the inverse vector byte and applying an affine transformation thereon to generate a transformed inverse vector data byte; and
second data switching means for;
(i) receiving the inverse vector data byte, the transformed inverse vector data byte, and the encrypt/decrypt control signal; and
(ii) transmitting the inverse vector data when the control signal indicates the circuit is in an encrypt state and transmitting the transformed inverse vector data byte when the control signal indicates the circuit is in a decrypt state. - View Dependent Claims (30, 31, 32)
-
-
33. A method of efficiently generating round keys on-the-fly for use in decryption rounds of the AES cipher block algorithm, comprising:
-
generating a key used to encrypt a block of data in a final encryption round of the AES algorithm;
storing the generated key;
retrieving the stored key; and
generating a new key for use in each subsequent decryption round, without storing the new key each time one is generated and used. - View Dependent Claims (34, 35)
-
-
36. A circuit for implementing the Advanced Encryption Standard (AES) block cipher algorithm in a system having a plurality of channels, the circuit comprising:
-
a plurality of cipher key storage means, one coupled to each of the plurality of system channels, for storing a cipher key received from one of the system channels, buffer register means for selectively receiving and concatenating a plurality of data strings of a first predetermined bit length from one of the plurality of system channels into a data block of a second predetermined bit length;
round key generation means for (i) selectively receiving one of the stored cipher keys from one of the plurality of cipher key storage means and (ii) generating a round key of the second predetermined bit length from the received cipher key a predetermined number of times based on the AES Rijndael key expansion algorithm;
encryption/decryption means for (i) selectively receiving a data block of the second predetermined bit length from the buffer register means and a round key from the round key generation means and (ii) encrypting/decrypting the received data block a predetermined number of rounds based on the AES block cipher algorithm; and
controller means, responsive to control signals from each of the plurality of system channels, for controlling the round key generation means and the encryption/decryption means to selectively encrypt or decrypt a data block from individual ones of the plurality of system channels in a round-robin fashion, wherein the encryption/decryption means comprises;
bytesub/invbytesub means for transforming the received data string according to either the ByteSub or InvByteSub function, as defined by the AES block cipher algorithm, based on the received control signal;
shiftrow/invshiftrow means, coupled to receive data from the bytesub/invbytesub mean, for transforming the received data according either the ShiftRow or InvShiftRow function, as defined by the AES block cipher algorithm, based on the received control signal; and
mixcol/invmixcol means, coupled to receive data from the shiftrow/invshiftrow means, for transforming the received data according to either the MixCol or InvMixCol function, as defined by the AES block cipher algorithm, based on the received control signal. - View Dependent Claims (37)
-
-
38. A circuit for implementing the Advanced Encryption Standard (AES) block cipher algorithm in a system having a plurality of channels, the circuit comprising:
-
a round key generation circuit operable to (i) selectively receive a cipher key and (ii) generate a round key of a first predetermined bit length from the received cipher key a predetermined number of times based on the AES Rijndael key expansion algorithm;
an encryption/decryption circuit operable to (i) selectively receive a data block of the first predetermined bit length from one of the plurality of system channels and a round key from the round key generation circuit and (ii) encrypt/decrypt the received data block a predetermined number of rounds based on the AES block cipher algorithm; and
a controller, responsive to control signals from each of the plurality of system channels, operable to control the round key generation circuit and the encryption/decryption circuit to selectively encrypt or decrypt the data block from individual ones of the plurality of system channels in a round-robin fashion. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
-
Specification