Multi-gigabit per second concurrent encryption in block cipher modes

US 7,885,405 B1
Filed: 06/04/2004
Issued: 02/08/2011
Est. Priority Date: 06/04/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A system adapted to encrypt one or more packets of plaintext data in CBC mode, comprising:

a plurality of digital logic components connected in series, respective components operative to process one or more rounds of a block cipher algorithm, wherein the plurality of digital logic components are configured to concurrently process different blocks of data that correspond to different plaintext packets with the one or more rounds of the block cipher algorithm;

a plurality of N bit registers, N being a positive integer, respective registers interleaved between respective logic components;

an XOR component that receives blocks of plaintext data and blocks of ciphertext data, the XOR component XORing blocks of plaintext data for respective plaintext packets with previously encrypted blocks of ciphertext data for those plaintext packets, the XOR component iteratively feeding the XOR'"'"'d blocks of data into a first of the plurality of the digital logic components, wherein the blocks of plaintext data are distinguishable from an initialization vector;

a circuit component operative to selectively pass blocks of ciphertext data fed back from an output of a final logic component to the XOR component;

a data select component that facilitates selective application of blocks of plaintext data to the XOR component; and

a clock operatively coupled to respective N bit registers, the circuit component, the key select component and the data select component, the clock adapted to provide a signal to which keys and packets of data are selectively concurrently advanced into and through the system.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment is a system adapted to encrypt one or more packets of plaintext data in cipher-block chaining (CBC) mode. The system includes a plurality of digital logic components connected in series, where respective components are operative to process one or more rounds of a block cipher algorithm. A plurality of N bit registers are respectively coupled to the plurality of digital logic components. An XOR component receives blocks of plaintext data and blocks of ciphertext data, and XORs blocks of plaintext data for respective plaintext packets with previously encrypted blocks of ciphertext data for those plaintext packets. The XOR component iteratively feeds the XOR'"'"'d blocks of data into a first of the plurality of the digital logic components. In addition, a circuit component is operative to selectively pass blocks of ciphertext data fed back from an output of a final logic component to the XOR component.

Citations

15 Claims

1. A system adapted to encrypt one or more packets of plaintext data in CBC mode, comprising:
- a plurality of digital logic components connected in series, respective components operative to process one or more rounds of a block cipher algorithm, wherein the plurality of digital logic components are configured to concurrently process different blocks of data that correspond to different plaintext packets with the one or more rounds of the block cipher algorithm;
  
  a plurality of N bit registers, N being a positive integer, respective registers interleaved between respective logic components;
  
  an XOR component that receives blocks of plaintext data and blocks of ciphertext data, the XOR component XORing blocks of plaintext data for respective plaintext packets with previously encrypted blocks of ciphertext data for those plaintext packets, the XOR component iteratively feeding the XOR'"'"'d blocks of data into a first of the plurality of the digital logic components, wherein the blocks of plaintext data are distinguishable from an initialization vector;
  
  a circuit component operative to selectively pass blocks of ciphertext data fed back from an output of a final logic component to the XOR component;
  
  a data select component that facilitates selective application of blocks of plaintext data to the XOR component; and
  
  a clock operatively coupled to respective N bit registers, the circuit component, the key select component and the data select component, the clock adapted to provide a signal to which keys and packets of data are selectively concurrently advanced into and through the system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The system of claim 1, further comprising:
    - a plurality of cipher key processing stages corresponding to the plurality of digital logic components and operative to process one or more round key schedules and provide respective digital logic components with appropriate round keys for encryption.
  - 3. The system of claim 1, wherein an initialization vector is fed into the XOR component via the circuit component when respective first blocks of plaintext data are fed into the XOR component for the plaintext packets and thus no respective blocks of ciphertext data are available for the plaintext packets.
  - 4. The system of claim 3, further comprising:
    - one or more plaintext queues for holding the blocks of plaintext data prior to be being selectively applied to the XOR component.
  - 5. The system of claim 4, further comprising:
    - one or more ciphertext queues for holding the blocks of ciphertext data after exiting the final logic component.
  - 6. The system of claim 5, wherein respective logic components are operative to process one or more rounds of the encryption algorithm.
  - 7. The system of claim 6, wherein the encryption algorithm includes at least one of DES, 3DES, AES, Rijndael, Square, Twofish or Serpent.
  - 8. The system of claim 7, wherein the system is implemented in an IPsec module.
  - 9. The system of claim 8, wherein the encryption is performed for at least one of encapsulation security protocol (ESP) and authentication header (AH) protocols.
  - 10. The system of claim 9, wherein the clock cycles at a frequency of about 500 mega-hertz.
  - 11. The system of claim 1, wherein the blocks of data are at least one of 64 and 128 bits.
  - 12. The system of claim 1, wherein N is equal to at least one of 64 and 128.
  - 13. The system of claim 7, wherein the throughput for the system is about 16 giga-bits per second for DES.
  - 14. The system of claim 7, wherein the throughput for the system is about 5.33 giga-bits per second for 3DES.
  - 15. The system of claim 1, further comprising:
    - a plurality of cipher key processing stages interleaved with a plurality of registers, collectively configured to generate the cipher key data for respective ones of the digital logic components for processing the one or more rounds of the block cipher algorithm in a concurrent fashion.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GlobalFoundries, Inc.
Original Assignee
GlobalFoundries, Inc.
Inventors
Bong, William Hock Soon
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
ABEDIN, SHANTO

Application Number

US10/860,966
Time in Patent Office

2,440 Days
Field of Search

380/28, 380/29, 380/37, 380/255, 380/256, 380/30, 380/42, 726/26, 726/27, 713/150, 713/168, 713/174, 713/181, 713/153, 708/505, 708/700, 708/708, 708/253, 708/507, 708/682, 708/702
US Class Current

380/37
CPC Class Codes

H04L 2209/125   Parallelization or pipelini...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 9/0637   Modes of operation, e.g. ci...

Multi-gigabit per second concurrent encryption in block cipher modes

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-gigabit per second concurrent encryption in block cipher modes

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links