Architecture and instruction set for implementing advanced encryption standard (AES)

US 7,949,130 B2
Filed: 12/28/2006
Issued: 05/24/2011
Est. Priority Date: 12/28/2006
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

an execution unit to perform a sequence of operations for an aes instruction, the sequence of operations to perform a programmable number of aes rounds, the operations to cause the execution unit to;

if the number of aes rounds is greater than 1;

load a key into a temporary key register; and

prior to performing each aes round, generate a round key for the aes round based on the key; and

for each aes round, perform a sequence of aes round operations on an input to the aes round and the round key for the aes round to provide a next input to a next aes round or a result for the aes instruction; and

if the number of aes rounds is equal to 1, prior to performing the sequence of aes round operations, the execution unit to;

load a pre-computed round key for the aes round based on the key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A flexible aes instruction for a general purpose processor is provided that performs aes encryption or decryption using n rounds, where n includes the standard aes set of rounds {10, 12, 14}. A parameter is provided to allow the type of aes round to be selected, that is, whether it is a “last round”. In addition to standard aes, the flexible aes instruction allows an AES-like cipher with 20 rounds to be specified or a “one round” pass.

Citations

18 Claims

1. An apparatus comprising:
- an execution unit to perform a sequence of operations for an aes instruction, the sequence of operations to perform a programmable number of aes rounds, the operations to cause the execution unit to;
  
  if the number of aes rounds is greater than 1;
  
  load a key into a temporary key register; and
  
  prior to performing each aes round, generate a round key for the aes round based on the key; and
  
  for each aes round, perform a sequence of aes round operations on an input to the aes round and the round key for the aes round to provide a next input to a next aes round or a result for the aes instruction; and
  
  if the number of aes rounds is equal to 1, prior to performing the sequence of aes round operations, the execution unit to;
  
  load a pre-computed round key for the aes round based on the key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus of claim 1, wherein the sequence of aes round operations cause the execution unit to:
    - perform an exclusive OR (XOR) operation on an input to the round and the round key for the aes round to produce an intermediate value;
      
      perform a substitution operation for each byte in the intermediate value based on values stored in a lookup table; and
      
      pass results of the substitution operation through a bit-linear transform that shifts rows in the intermediate value.
  - 3. The apparatus of claim 1, wherein the sequence of aes round operations for the number of aes rounds−
    - 1 cause the execution unit to;
      
      perform an exclusive OR (XOR) operation on the input to the aes round and the round key for the aes round to produce an intermediate value;
      
      perform a substitution operation for each byte in the intermediate value based on values stored in a lookup table;
      
      pass results of the substitution operation through a bit-linear transform that shifts rows in the intermediate value; and
      
      pass results of the substitution operation through bit linear transform that mixes columns in the intermediate value.
  - 4. The apparatus of claim 3, wherein the sequence of aes round operations for the last round cause the execution unit to:
    - perform an exclusive OR (XOR) operation on an input to the round and the round key for the aes round to produce an intermediate value;
      
      perform a substitution operation for each byte in the intermediate value based on values stored in a lookup table; and
      
      pass results of the substitution operation through a bit-linear transform that shifts rows in the intermediate value.
  - 5. The apparatus of claim 1, wherein the result is an encrypted value.
  - 6. The apparatus of claim 1, wherein the result is a decrypted value.
  - 7. The apparatus of claim 1, wherein the key and the input for a first aes round are stored in a register file.
  - 8. The apparatus of claim 1, wherein the register file includes a plurality of 128-bit registers.

9. A method comprising:
- if a number of programmable aes rounds for an aes instruction is greater than 1, loading a key into a temporary key register and prior to performing each aes round, generating a round key for the aes round based on the key; and
  
  for each aes round, performing a sequence of aes round operations on an input to the aes round and the round key for the aes round to provide a next input to a next aes round or a result for the aes instruction; and
  
  if a number of aes rounds is equal to 1, prior to performing the sequence of aes round operations, loading a pre-computed round key for the aes round based on the key.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein performing the sequence of aes round operations comprises:
    - performing an exclusive OR (XOR) operation on an input to the round and the round key for the aes round to produce an intermediate value;
      
      performing a substitution operation for each byte in the intermediate value based on values stored in a lookup table; and
      
      passing results of the substitution operation through a bit-linear transform that shifts rows in the intermediate value.
  - 11. The method of claim 9, wherein performing the sequence of aes round operations for the number of rounds−
    - 1 comprises;
      
      performing an exclusive OR (XOR) operation on the input to the aes round and the round key for the aes round to produce an intermediate value;
      
      performing a substitution operation for each byte in the intermediate value based on values stored in a lookup table;
      
      passing results of the substitution operation through a bit-linear transform that shifts rows in the intermediate value; and
      
      passing results of the substitution operation through bit linear transform that mixes columns in the intermediate value.
  - 12. The method of claim 11, wherein performing the sequence of aes round operations for a last aes round comprises:
    - performing an exclusive OR (XOR) operation on an input to the round and the round key for the aes round to produce an intermediate value;
      
      performing a substitution operation for each byte in the intermediate value based on values stored in a lookup table; and
      
      passing results of the substitution operation through a bit-linear transform that shifts rows in the intermediate value.
  - 13. The method of claim 9, wherein the result is an encrypted value.
  - 14. The method of claim 9, wherein the result is a decrypted value.
  - 15. The method of claim 9, wherein the key and the input for a first aes round are stored in a register file.
  - 16. The method of claim 9, wherein the register file includes a plurality of 128-bit registers.

17. An article including a machine-accessible a machine accessible non-transitory storage medium having associated information,wherein the information, when accessed, results in a machine performing:
- if the number of programmable aes rounds for an aes instruction is greater than 1, loading a key into a temporary key register and prior to performing each aes round, generating a round key for the aes round based on the key; and
  
  for each aes round, performing a sequence of aes round operations on an input to the aes round and the round key for the aes round to provide a next input to a next aes round or a result for the aes instruction; and
  
  if the number of aes rounds is equal to 1, prior to performing the sequence of aes round operations, loading a pre-computed round key for the aes round based on the key.

18. A system comprising:
- a dynamic random access memory to store data and instructions; and
  
  a processor coupled to said memory to execute the instructions, the processor comprising;
  
  an execution unit to perform a sequence of operations for an aes instruction, the sequence of operations to perform a programmable number of aes rounds, the operations to cause the execution unit to;
  
  if the number of aes rounds is greater than 1;
  
  load a key into a temporary key register; and
  
  prior to performing each aes round, generate a round key for the aes round based on the key; and
  
  for each aes round, perform a sequence of aes round operations on an input to the aes round and the round key for the aes round to provide a next input to a next aes round or a result for the aes instruction; and
  
  if the number of aes rounds is equal to 1, prior to performing the sequence of aes round operations, the execution unit to;
  
  load a pre-computed round key for the aes round based on the key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Feghali, Wajdi K., Gopal, Vinodh, Gueron, Shay
Primary Examiner(s)
Orgad; Edan
Assistant Examiner(s)
Baum; Ronald

Application Number

US11/648,434
Publication Number

US 20080159526A1
Time in Patent Office

1,608 Days
Field of Search

380/29
US Class Current

380/29
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 9/30007   to perform operations on da...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 9/0631   Substitution permutation ne...

H04L 9/14   using a plurality of keys o...

Architecture and instruction set for implementing advanced encryption standard (AES)

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Architecture and instruction set for implementing advanced encryption standard (AES)

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links