Method and apparatus for advanced encryption standard (AES) block cipher

US 8,391,475 B2
Filed: 03/30/2007
Issued: 03/05/2013
Est. Priority Date: 03/30/2007
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

an aes encrypt data path to receive a data block and an encrypt round key for an aes encrypt round, the aes encrypt data path to perform a sequence of round operations on the received data block using the encrypt round key to provide a next encrypted data to a next aes encrypt round;

an aes decrypt data path to receive the data block and a decrypt round key for an aes decrypt round, the aes decrypt data path to perform a sequence of inverse round operations on the received data block using the decrypt round key in parallel with the aes encrypt data path to provide a next decrypted data to a next aes decrypt round, a first round operation performed on the received data block in the aes encrypt data path while an inverse first round operation is performed in parallel on the received data block in the aes decrypt data path, the aes encrypt data path and the aes decrypt data path are independent, the data block received in parallel by both the aes encrypt data path and the aes decrypt data path has a same value and one state is shared across the aes encrypt data path and the aes decrypt data path, the first round operation is shift rows;

a last aes encrypt round having fewer stages of micro-operations than previous aes encrypt rounds, the last aes encrypt round being separated from the aes encrypt data path and to receive a subbytes operation result for the last aes encrypt round and to perform an exclusive OR (XOR) operation on the subbytes operation result and the last encrypt round key to produce an encrypted result;

a last aes decrypt round having fewer stages of micro-operations than previous aes decrypt rounds, the last aes decrypt round being separated from the aes decrypt data path and to receive an inverse subbytes operation result for the last aes decrypt round and to perform an exclusive OR (XOR) operation on the inverse subbytes operation result and the last decrypt round key to produce a decrypted result; and

a selector with a selectable mode to select between outputting the encrypted result and the decrypted result.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The speed at which encrypt and decrypt operations may be performed in a general purpose processor is increased by providing a separate encrypt data path and decrypt data path. With separate data paths, each of the data paths may be individually optimized in order to reduce delays in a critical path. In addition, delays may be hidden in a non-critical last round.

Citations

13 Claims

1. An apparatus comprising:
- an aes encrypt data path to receive a data block and an encrypt round key for an aes encrypt round, the aes encrypt data path to perform a sequence of round operations on the received data block using the encrypt round key to provide a next encrypted data to a next aes encrypt round;
  
  an aes decrypt data path to receive the data block and a decrypt round key for an aes decrypt round, the aes decrypt data path to perform a sequence of inverse round operations on the received data block using the decrypt round key in parallel with the aes encrypt data path to provide a next decrypted data to a next aes decrypt round, a first round operation performed on the received data block in the aes encrypt data path while an inverse first round operation is performed in parallel on the received data block in the aes decrypt data path, the aes encrypt data path and the aes decrypt data path are independent, the data block received in parallel by both the aes encrypt data path and the aes decrypt data path has a same value and one state is shared across the aes encrypt data path and the aes decrypt data path, the first round operation is shift rows;
  
  a last aes encrypt round having fewer stages of micro-operations than previous aes encrypt rounds, the last aes encrypt round being separated from the aes encrypt data path and to receive a subbytes operation result for the last aes encrypt round and to perform an exclusive OR (XOR) operation on the subbytes operation result and the last encrypt round key to produce an encrypted result;
  
  a last aes decrypt round having fewer stages of micro-operations than previous aes decrypt rounds, the last aes decrypt round being separated from the aes decrypt data path and to receive an inverse subbytes operation result for the last aes decrypt round and to perform an exclusive OR (XOR) operation on the inverse subbytes operation result and the last decrypt round key to produce a decrypted result; and
  
  a selector with a selectable mode to select between outputting the encrypted result and the decrypted result.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The apparatus of claim 1, wherein the selectable mode is encrypt and the encrypted result is selected as a valid result.
  - 3. The apparatus of claim 1, wherein the selectable mode is decrypt and the decrypted result is selected as a valid result.
  - 4. The apparatus of claim 1, further comprising:
    - a first register to store the encrypted result; and
      
      a second register to store the decrypted result.
  - 5. The apparatus of claim 1, wherein the inverse first round operation is inverse shift rows.

6. A method comprising:
- in an aes encrypt data path, performing a sequence of round operations on a received data block using an encrypt round key to provide a next encrypted data to a next aes encrypt round;
  
  in an aes decrypt data path, performing a sequence of inverse round operations on the received data block using a decrypt round key to provide a next decrypted data to a next aes decrypt round, the sequence of inverse round operations to be performed in parallel with the sequence of round operations, a first round operation performed on the received data block in the aes encrypt data path while an inverse first round operation is performed in parallel on the received data block in the aes decrypt data path, the aes encrypt data path and the aes decrypt data path are independent, the data block received in parallel by both the aes encrypt data path and the aes decrypt data path has a same value and one state is shared across the aes encrypt data path and the aes decrypt data path, the first round operation is shift rows;
  
  receiving a subbytes operation result for a last aes encrypt round having fewer stages of micro-operations than previous aes encrypt rounds, the last aes encrypt round separated from the aes encrypt data path;
  
  performing an exclusive OR (XOR) operation on the subbytes operation result the last encrypt round key to produce the encrypted result;
  
  receiving an inverse subbytes operation result for a last aes decrypt round having fewer stages of microperations than previous aes decrypt rounds, the last aes decrypt round separated from the aes decrypt data path;
  
  performing an exclusive OR (XOR) operation on the inverse subbytes operation result the last decrypt round key to produce the decrypted result; and
  
  selecting between the encrypted result or the decrypted result as a valid result dependent on a selectable mode.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, wherein the selectable mode is encrypt and the encrypted result is selected as a valid result.
  - 8. The method of claim 6, wherein the selectable mode is decrypt and the decrypted result is selected as a valid result.
  - 9. The method of claim 6, further comprising:
    - storing the encrypted result in a first register; and
      
      storing the decrypted result in a second register.
  - 10. The method of claim 6, wherein the inverse first round operation is inverse shift rows.

11. A system comprising:
- a dynamic random access memory to store data and instructions; and
  
  a processor coupled to said memory to execute the instructions, the processor comprising;
  
  an execution unit to perform a sequence of operations for an aes instruction, the execution unit comprising an aes data path, the aes data path comprising;
  
  an aes encrypt data path to receive a data block and an encrypt round key for an aes encrypt round, the aes encrypt data path to perform a sequence of round operations on the received data block using the encrypt round key to provide a next encrypted data to a next aes encrypt round;
  
  an aes decrypt data path to receive the data block and a decrypt round key for the aes decrypt round, the aes decrypt data path to perform a sequence of inverse round operations on the received data block using the decrypt round key in parallel with the aes encrypt data path to provide a next decrypted data to a next aes decrypt round, a first round operation performed on the received data block in the aes encrypt data path while an inverse first round operation is performed in parallel on the received data block in the aes decrypt data path, the aes encrypt data path and the aes decrypt data path are independent, the data block received in parallel by both the aes encrypt data path and the aes decrypt data path has a same value and one state is shared across the aes encrypt data path and the aes decrypt data path, the first round operation is shift rows;
  
  a last aes encrypt round having fewer stages of micro-operations than previous aes encrypt rounds, the last aes encrypt round being separated from the aes encrypt data path and to receive a subbytes operation result for the last encrypt round and to perform an exclusive OR (XOR) operation on the subbytes operation result and the last encrypt round key to produce an encrypted result;
  
  a last aes decrypt round having fewer stages of micro-operations than previous aes decrypt rounds, the last aes decrypt round being separated from the aes decrypt data path and to receive an inverse subbytes operation result for the last decrypt round and to perform an exclusive OR (XOR) operation on the inverse subbytes operation result and the last decrypt round key to produce a decrypted result; and
  
  a selector to select between the encrypted result or the decrypted result dependent on a selectable mode.

12. An apparatus comprising:
- an aes encrypt data path to receive a data block and encrypt the data block, the aes encrypt data path coupled to receive an encrypt round key for an aes encrypt round that includes performing a sequence of round operations on the data block using the encrypt round key;
  
  an aes decrypt data path to receive the data block and decrypt the data block in parallel with the aes encrypt data path encrypting the data block, the aes decrypt data path coupled to receive a decrypt round key for an aes decrypt round that includes performing a sequence of inverse round operations on the data block using the decrypt round key, wherein a first inverse round operations is performed on the data block while a first round operations is performed on the data block in the aes encrypt data path, and wherein the data block has a same value and one state is shared across the aes encrypt data path and the aes decrypt data path;
  
  a last aes encrypt round having fewer stages of micro-operations than previous aes encrypt rounds and being separated from the aes encrypt data path to receive a subbytes operation result for the last aes encrypt round and to perform an exclusive OR (XOR) operation on the subbytes operation result, the last aes encrypt round coupled to output a final encrypted data block generated in the last aes encrypt round;
  
  a last aes decrypt round having fewer stages of micro-operations than previous aes decrypt rounds and being separated from the aes decrypt data path to receive an inverse subbytes operation result for a last decrypt round and to perform an exclusive OR (XOR) operation on the inverse subbytes operation result, the last aes decrypt round coupled to output a final decrypted data block generated in the last aes decrypt round; and
  
  selection logic coupled to receive the final encrypted data block and coupled to output the final encrypted data block when an input to the selection logic receives an encryption mode signal, and wherein the selection logic is coupled to receive the final decrypted data block and coupled to output the final decrypted data block when the input to the selection logic receives a decryption mode signal.
- View Dependent Claims (13)
- - 13. The apparatus of claim 12, wherein the data block is a 128 bit data block.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Gopal, Vinodh, Ozturk, Erdinc, Wolrich, Gilbert, Feghali, Wajdi K., Yap, Kirk S.
Primary Examiner(s)
Patel, Ashok
Assistant Examiner(s)
Shaw, Brian

Application Number

US11/731,158
Publication Number

US 20080240421A1
Time in Patent Office

2,167 Days
Field of Search

380/28, 380/37, 380/46
US Class Current

380/28
CPC Class Codes

G06F 9/30007   to perform operations on da...

H04L 2209/125   Parallelization or pipelini...

H04L 9/0631   Substitution permutation ne...

Method and apparatus for advanced encryption standard (AES) block cipher

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for advanced encryption standard (AES) block cipher

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links