Data encryption in a symmetric multiprocessor electronic apparatus
First Claim
Patent Images
1. A method of encryption in a first circuit of an electronic apparatus, of data to be stored in a memory external to the circuit, comprising:
- selecting a secret key, from a list of a plurality of secret keys respectively stored in a specified order in a set of registers of the first circuit each in association with a respective key identifier, wherein a number of the plurality of secret keys are shared secret keys that are also stored in a set of registers of a second circuit of the electronic apparatus, wherein the selected secret key is a shared secret key, wherein for each of the number of shared secret keys, the respective identifier associated with the respective shared secret key is a respective index to a respective register of the set of registers of the first circuit and to a respective register of the set of registers of the second circuit;
segmenting the data into a stream of data words of determined size; and
,continuously for each data word,generating a pseudorandom number of determined size by means of a pseudorandom generator implementing a generating algorithm based on the selected secret key and on an initialization vector changing value with each data word;
combining the data word and the corresponding pseudorandom number, so as to generate an encrypted data word;
then,storing in said external memory each data word encrypted in association with the initialization vector and the key identifier associated with the secret key that has served to encrypt same.
2 Assignments
0 Petitions
Accused Products
Abstract
For the encryption of data to be stored in a memory external to a circuit, provision is made to store in the external memory encrypted data words in association with an initialization vector and a key identifier associated with a secret key that has served to encrypt same.
-
Citations
20 Claims
-
1. A method of encryption in a first circuit of an electronic apparatus, of data to be stored in a memory external to the circuit, comprising:
-
selecting a secret key, from a list of a plurality of secret keys respectively stored in a specified order in a set of registers of the first circuit each in association with a respective key identifier, wherein a number of the plurality of secret keys are shared secret keys that are also stored in a set of registers of a second circuit of the electronic apparatus, wherein the selected secret key is a shared secret key, wherein for each of the number of shared secret keys, the respective identifier associated with the respective shared secret key is a respective index to a respective register of the set of registers of the first circuit and to a respective register of the set of registers of the second circuit; segmenting the data into a stream of data words of determined size; and
,continuously for each data word, generating a pseudorandom number of determined size by means of a pseudorandom generator implementing a generating algorithm based on the selected secret key and on an initialization vector changing value with each data word; combining the data word and the corresponding pseudorandom number, so as to generate an encrypted data word;
then,storing in said external memory each data word encrypted in association with the initialization vector and the key identifier associated with the secret key that has served to encrypt same. - View Dependent Claims (2, 3, 15)
-
-
4. A method of decryption, in a circuit of an electronic apparatus, of data stored in the form of data words encrypted in a memory external to the circuit, comprising:
-
reading from said external memory an encrypted data word together with an initialization vector and with a secret-key identifier which are respectively associated with said encrypted data word; selecting a secret key based on a list of a plurality of secret keys respectively stored in a specified order in a set of registers of the circuit, one of the secret keys being a key shared with another circuit of the electronic apparatus, and based on said secret-key identifier, wherein the selected secret key is a shared secret key, wherein the secret-key identifier associated with the secret key shared with said another circuit is an index to a respective register of the set of registers of the circuit and to a respective register of the set of registers of said another circuit; and
,continuously for each encrypted data word, generating a pseudorandom number of determined size, by means of a pseudorandom generator implementing a generating algorithm based on said secret key and on said initialization vector; and combining the data word and the corresponding pseudorandom number, to generate a decrypted data word. - View Dependent Claims (5, 6)
-
-
7. An encryption device, comprising:
-
a set of registers of a first circuit configured to store a number of secret keys in a specified order, at least one of the secret keys is a respective key shared with another circuit of the device, each secret key is associated with a respective key identifier, wherein for said at least one secret key shared with said another circuit, the respective key identifier associated therewith is an index to a respective register of the set of registers of the first circuit and to a respective register of a set of registers of said another circuit; a secret keys selection unit configured to select a respective secret key from a list of the number of secret keys stored in the set of registers, wherein said respective secret key selected by the secret keys selection unit is said at least one secret key shared with said another circuit; a segmentation unit configured to segment data in such a way as to form a stream of data words of determined size; a generator of initialization vectors configured to generate a stream of initialization vectors changing value with each data word; a generator of pseudorandom numbers configured to generate, for each data word, based on said secret key and on a determined one of the initialization vectors, a pseudorandom number of determined size; a combination unit configured to combine the data word and the corresponding pseudorandom number, so as to generate an encrypted data word; and means for storing in an external memory each data word encrypted in association with the determined initialization vector and the key identifier associated with the secret key that has served to encrypt same.
-
-
8. A decryption device, comprising:
-
a set of registers of a first circuit configured to store a number of secret keys in a specified order, at least one of the secret keys is a respective secret key shared with another circuit, wherein each secret key is associated with a respective key identifier, wherein for the at least one secret key shared with said another circuit, the respective key identifier associated therewith is an index to a respective register of the set of registers of the first circuit and to a respective register of a set of registers of said another circuit; reading means for reading from an external memory a data word together with an initialization vector and with an identifier of a respective secret key which are respectively associated with said data word; selection means for selecting, for each data word, a respective secret key based on a list of keys stored in said registers and based on the key identifier, wherein said respective secret key selected by the selection means is said at least one secret key shared with said another circuit; a generator of pseudorandom numbers configured to generate, for each data word, based on said selected secret key and on said initialization vector, a pseudorandom number of determined size; and a combination unit suitably configured to combine the data word and the corresponding pseudorandom number, in such a way as to decrypt said data word.
-
-
9. An electronic apparatus, comprising:
a first encryption/decryption unit that includes; a first set of registers configured to store a plurality of secret keys in a specified order, one of which is a respective secret key shared with a second encryption/decryption unit, each in association with a respective key identifier, wherein the respective key identifier associated with the shared secret key is an index to a register of the first set of registers of the first encryption/decryption unit and is an index to a register of a second set of registers of the second encryption/decryption unit; a first secret keys selection unit configured to select a secret key from the plurality of secret keys stored in the set of registers; a first segmentation unit configured to segment data in such a way as to form a stream of data words of determined size; a first generator of initialization vectors configured to generate a stream of initialization vectors changing value with each data word; a first generator of pseudorandom numbers configured to generate, for each data word, based on said selected secret key and on a determined one of the initialization vectors, a pseudorandom number of determined size; a first combination unit configured to combine the data word and the corresponding pseudorandom number, so as to generate an encrypted data word; first means for storing in an external memory each data word encrypted in association with the determined initialization vector and the key identifier associated with the selected secret key that has served to encrypt same; first reading means for reading from the external memory one of the encrypted data words together with the determined initialization vector and with the key identifier of the selected secret key that has served to encrypt the encrypted data word being read; and first selection means for selecting a respective secret key based on the list of keys stored in said registers and based on the key identifier read from the external memory, wherein the generator of pseudorandom numbers is structured to generate, for the encrypted data word read from the external memory, based on said secret key and on said initialization vector, a pseudorandom number of determined size; and
wherein the combination unit is structured to combine the data word and the corresponding pseudorandom number, in such a way as to decrypt said encrypted data word read from the external memory.- View Dependent Claims (10, 11, 12, 13, 14)
-
16. An electronic cryptographic apparatus having a number of shared secret keys, comprising:
-
a first circuit including; a respective set of protected key registers configured to store the number of shared secret keys in a specified order, wherein each shared secret key is associated with a respective key identifier that is an index to a respective register of the respective set of protected key registers of the first circuit and to a respective register of a respective set of protected key registers of a second circuit; a respective encryption unit configured to encrypt segmentized data words into encrypted data words based at least in part on an initialization vector and a respective shared secret key of the number of shared secret keys stored in the respective set of protected key registers of the first circuit; and a respective processor unit configured to store the encrypted data words in an external memory; and the second circuit including; the respective set of protected key registers configured to store the number of shared secret keys in the specified order; a respective processor unit configured to read the encrypted data words in the external memory; and a respective decryption unit configured to decrypt the encrypted data words based at least in part on the initialization vector and a respective shared secret key of the set of the number of shared secret keys stored in the respective set of protected key registers of the second circuit. - View Dependent Claims (17, 18, 19, 20)
-
Specification