Advanced encryption standard (AES) hardware cryptographic engine
First Claim
1. In a key generator configured to perform a key expansion routine according to the Advanced Encryption Standard (AES)—
- Rijndael block cipher algorithm so as to generate, from a given cipher key of Nk words, a key schedule of Nb(Nr+1) round-key words w[i], where Nb is the cipher block size in words and Nr is the number of rounds employed by the cipher algorithm, the key generator configured to generate the round-key words w[i] “
on-the-fly”
as needed on a round-by-round basis, the improvement comprising a method for generating round-key words “
on-the-fly”
in a reverse direction for use in a decrypt operation of the cipher algorithm, the method including the steps of;
providing memory for storing a final set of Nk round-key words;
performing the key expansion routine in a forward direction during an encrypt operation to obtain said final set of Nk round-key words and storing the same in said memory provided therefor;
setting the key generator for the decrypt operation;
deriving preceding round-key words w[i−
Nk] “
on-the-fly”
by an XOR logic operation involving stored round-key words w[i] and w[i−
1], wherein w[i−
1] is first modified by a transformation sequence prior to applying the XOR logic operation whenever i mod Nk=0 and also whenever both Nk>
6 and i mod Nk=4, the transformation sequence involving a cyclic byte shift, an S-box byte substitution and an XOR operation with a round constant when i mod Nk=0, the transformation sequence involving only an S-box byte substitution when Nk>
6 and i mod Nk=4, said transformation sequence upon w[i−
1] being identical in the forward and reverse directions of the key expansion routine and in accord with the AES—
Rijndael block cipher algorithm; and
wherein the key generator is implemented as a hardware circuit and multiple S-boxes are provided to carry out the S-box byte substitutions, each S-box having the same functionality, as specified for AES—
Rijndael, but with different hardware implementations characterized by different power consumption signatures, and wherein a pseudo-random generator selects variable pathways to the different S-boxes for the various bytes to be substituted in the key expansion routine.
17 Assignments
0 Petitions
Accused Products
Abstract
A cryptographic method and related implements the Rijndael—AES encryption standard. In one improvement, the decryption round keys are generated on a round by round basis from the final Nk round keys saved from a previous encryption key scheduling operation. Latency and memory requirements are thereby minimized. S-boxes for the AES key generation and cipher operation itself, may be implemented multiple times in different ways with different power signatures, with a pseudo-random selection of the pathway for the different bytes to be substituted. The premix operation occurs simultaneously with the generation of first round keys, and a dummy circuit with substantially identical timing as the real premix circuitry adds power consumption noise to the premix.
91 Citations
6 Claims
-
1. In a key generator configured to perform a key expansion routine according to the Advanced Encryption Standard (AES)—
- Rijndael block cipher algorithm so as to generate, from a given cipher key of Nk words, a key schedule of Nb(Nr+1) round-key words w[i], where Nb is the cipher block size in words and Nr is the number of rounds employed by the cipher algorithm, the key generator configured to generate the round-key words w[i] “
on-the-fly”
as needed on a round-by-round basis, the improvement comprising a method for generating round-key words “
on-the-fly”
in a reverse direction for use in a decrypt operation of the cipher algorithm, the method including the steps of;providing memory for storing a final set of Nk round-key words; performing the key expansion routine in a forward direction during an encrypt operation to obtain said final set of Nk round-key words and storing the same in said memory provided therefor; setting the key generator for the decrypt operation; deriving preceding round-key words w[i−
Nk] “
on-the-fly”
by an XOR logic operation involving stored round-key words w[i] and w[i−
1], wherein w[i−
1] is first modified by a transformation sequence prior to applying the XOR logic operation whenever i mod Nk=0 and also whenever both Nk>
6 and i mod Nk=4, the transformation sequence involving a cyclic byte shift, an S-box byte substitution and an XOR operation with a round constant when i mod Nk=0, the transformation sequence involving only an S-box byte substitution when Nk>
6 and i mod Nk=4, said transformation sequence upon w[i−
1] being identical in the forward and reverse directions of the key expansion routine and in accord with the AES—
Rijndael block cipher algorithm; andwherein the key generator is implemented as a hardware circuit and multiple S-boxes are provided to carry out the S-box byte substitutions, each S-box having the same functionality, as specified for AES—
Rijndael, but with different hardware implementations characterized by different power consumption signatures, and wherein a pseudo-random generator selects variable pathways to the different S-boxes for the various bytes to be substituted in the key expansion routine. - View Dependent Claims (2)
- Rijndael block cipher algorithm so as to generate, from a given cipher key of Nk words, a key schedule of Nb(Nr+1) round-key words w[i], where Nb is the cipher block size in words and Nr is the number of rounds employed by the cipher algorithm, the key generator configured to generate the round-key words w[i] “
-
3. In a hardware block cipher circuit having a pre-mix subcircuit for performing an initial pre-mix XOR operation of a cipher block algorithm that mixes plaintext with a cipher key prior to beginning a sequence of cipher encryption rounds to generate a ciphertext, a differential power analysis countermeasure comprising:
a pre-mix dummy circuit active during said initial pre-mix XOR operation and characterized by a propagation delay that substantially matches that of said pre-mix subcircuit, the dummy circuit comprising a pseudo-random generator and an XOR array, the XOR array with first inputs connected to outputs of the pseudo-random generator, second inputs connected to receive the same cipher key bits as said pre-mix subcircuit, and outputs feeding back to the pseudo-random generator, whereby the dummy circuit inserts pseudo-random noise into the overall power signature of all XOR gate switching of the hardware block cipher circuit during the initial pre-mix XOR operation. - View Dependent Claims (4, 5)
-
6. In a hardware block cipher circuit configured to perform a cipher algorithm having an initial pre-mix XOR operation that mixes plaintext with a cipher key prior to beginning a sequence of cipher encryption rounds to generate a ciphertext, the improvement comprising a method that combines the pre-mix operation with the first cipher encryption round, the method including the steps of:
-
pre-processing the cipher key to generate round-key words for the first cipher encryption round while plaintext is loaded, the pre-mix XOR operation also occurring as plaintext is being loaded; and executing the first cipher encryption round upon the loaded pre-mixed plaintext using the pre-generated first round-key words.
-
Specification