Method and apparatus for advanced encryption standard (AES) block cipher
First Claim
Patent Images
1. An apparatus comprising:
- an aes encrypt data path to receive a data block and an encrypt round key for an aes encrypt round, the aes encrypt data path to perform a sequence of round operations on the received data block using the encrypt round key to provide a next encrypted data to a next aes encrypt round;
an aes decrypt data path to receive the data block and a decrypt round key for an aes decrypt round, the aes decrypt data path to perform a sequence of inverse round operations on the received data block using the decrypt round key in parallel with the aes encrypt data path to provide a next decrypted data to a next aes decrypt round, a first round operation performed on the received data block in the aes encrypt data path while an inverse first round operation is performed in parallel on the received data block in the aes decrypt data path, the aes encrypt data path and the aes decrypt data path are independent, the data block received in parallel by both the aes encrypt data path and the aes decrypt data path has a same value and one state is shared across the aes encrypt data path and the aes decrypt data path, the first round operation is shift rows;
a last aes encrypt round having fewer stages of micro-operations than previous aes encrypt rounds, the last aes encrypt round being separated from the aes encrypt data path and to receive a subbytes operation result for the last aes encrypt round and to perform an exclusive OR (XOR) operation on the subbytes operation result and the last encrypt round key to produce an encrypted result;
a last aes decrypt round having fewer stages of micro-operations than previous aes decrypt rounds, the last aes decrypt round being separated from the aes decrypt data path and to receive an inverse subbytes operation result for the last aes decrypt round and to perform an exclusive OR (XOR) operation on the inverse subbytes operation result and the last decrypt round key to produce a decrypted result; and
a selector with a selectable mode to select between outputting the encrypted result and the decrypted result.
1 Assignment
0 Petitions
Accused Products
Abstract
The speed at which encrypt and decrypt operations may be performed in a general purpose processor is increased by providing a separate encrypt data path and decrypt data path. With separate data paths, each of the data paths may be individually optimized in order to reduce delays in a critical path. In addition, delays may be hidden in a non-critical last round.
-
Citations
13 Claims
-
1. An apparatus comprising:
-
an aes encrypt data path to receive a data block and an encrypt round key for an aes encrypt round, the aes encrypt data path to perform a sequence of round operations on the received data block using the encrypt round key to provide a next encrypted data to a next aes encrypt round; an aes decrypt data path to receive the data block and a decrypt round key for an aes decrypt round, the aes decrypt data path to perform a sequence of inverse round operations on the received data block using the decrypt round key in parallel with the aes encrypt data path to provide a next decrypted data to a next aes decrypt round, a first round operation performed on the received data block in the aes encrypt data path while an inverse first round operation is performed in parallel on the received data block in the aes decrypt data path, the aes encrypt data path and the aes decrypt data path are independent, the data block received in parallel by both the aes encrypt data path and the aes decrypt data path has a same value and one state is shared across the aes encrypt data path and the aes decrypt data path, the first round operation is shift rows; a last aes encrypt round having fewer stages of micro-operations than previous aes encrypt rounds, the last aes encrypt round being separated from the aes encrypt data path and to receive a subbytes operation result for the last aes encrypt round and to perform an exclusive OR (XOR) operation on the subbytes operation result and the last encrypt round key to produce an encrypted result; a last aes decrypt round having fewer stages of micro-operations than previous aes decrypt rounds, the last aes decrypt round being separated from the aes decrypt data path and to receive an inverse subbytes operation result for the last aes decrypt round and to perform an exclusive OR (XOR) operation on the inverse subbytes operation result and the last decrypt round key to produce a decrypted result; and a selector with a selectable mode to select between outputting the encrypted result and the decrypted result. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
in an aes encrypt data path, performing a sequence of round operations on a received data block using an encrypt round key to provide a next encrypted data to a next aes encrypt round; in an aes decrypt data path, performing a sequence of inverse round operations on the received data block using a decrypt round key to provide a next decrypted data to a next aes decrypt round, the sequence of inverse round operations to be performed in parallel with the sequence of round operations, a first round operation performed on the received data block in the aes encrypt data path while an inverse first round operation is performed in parallel on the received data block in the aes decrypt data path, the aes encrypt data path and the aes decrypt data path are independent, the data block received in parallel by both the aes encrypt data path and the aes decrypt data path has a same value and one state is shared across the aes encrypt data path and the aes decrypt data path, the first round operation is shift rows; receiving a subbytes operation result for a last aes encrypt round having fewer stages of micro-operations than previous aes encrypt rounds, the last aes encrypt round separated from the aes encrypt data path; performing an exclusive OR (XOR) operation on the subbytes operation result the last encrypt round key to produce the encrypted result; receiving an inverse subbytes operation result for a last aes decrypt round having fewer stages of microperations than previous aes decrypt rounds, the last aes decrypt round separated from the aes decrypt data path; performing an exclusive OR (XOR) operation on the inverse subbytes operation result the last decrypt round key to produce the decrypted result; and selecting between the encrypted result or the decrypted result as a valid result dependent on a selectable mode. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system comprising:
-
a dynamic random access memory to store data and instructions; and a processor coupled to said memory to execute the instructions, the processor comprising; an execution unit to perform a sequence of operations for an aes instruction, the execution unit comprising an aes data path, the aes data path comprising; an aes encrypt data path to receive a data block and an encrypt round key for an aes encrypt round, the aes encrypt data path to perform a sequence of round operations on the received data block using the encrypt round key to provide a next encrypted data to a next aes encrypt round; an aes decrypt data path to receive the data block and a decrypt round key for the aes decrypt round, the aes decrypt data path to perform a sequence of inverse round operations on the received data block using the decrypt round key in parallel with the aes encrypt data path to provide a next decrypted data to a next aes decrypt round, a first round operation performed on the received data block in the aes encrypt data path while an inverse first round operation is performed in parallel on the received data block in the aes decrypt data path, the aes encrypt data path and the aes decrypt data path are independent, the data block received in parallel by both the aes encrypt data path and the aes decrypt data path has a same value and one state is shared across the aes encrypt data path and the aes decrypt data path, the first round operation is shift rows; a last aes encrypt round having fewer stages of micro-operations than previous aes encrypt rounds, the last aes encrypt round being separated from the aes encrypt data path and to receive a subbytes operation result for the last encrypt round and to perform an exclusive OR (XOR) operation on the subbytes operation result and the last encrypt round key to produce an encrypted result; a last aes decrypt round having fewer stages of micro-operations than previous aes decrypt rounds, the last aes decrypt round being separated from the aes decrypt data path and to receive an inverse subbytes operation result for the last decrypt round and to perform an exclusive OR (XOR) operation on the inverse subbytes operation result and the last decrypt round key to produce a decrypted result; and a selector to select between the encrypted result or the decrypted result dependent on a selectable mode.
-
-
12. An apparatus comprising:
-
an aes encrypt data path to receive a data block and encrypt the data block, the aes encrypt data path coupled to receive an encrypt round key for an aes encrypt round that includes performing a sequence of round operations on the data block using the encrypt round key; an aes decrypt data path to receive the data block and decrypt the data block in parallel with the aes encrypt data path encrypting the data block, the aes decrypt data path coupled to receive a decrypt round key for an aes decrypt round that includes performing a sequence of inverse round operations on the data block using the decrypt round key, wherein a first inverse round operations is performed on the data block while a first round operations is performed on the data block in the aes encrypt data path, and wherein the data block has a same value and one state is shared across the aes encrypt data path and the aes decrypt data path; a last aes encrypt round having fewer stages of micro-operations than previous aes encrypt rounds and being separated from the aes encrypt data path to receive a subbytes operation result for the last aes encrypt round and to perform an exclusive OR (XOR) operation on the subbytes operation result, the last aes encrypt round coupled to output a final encrypted data block generated in the last aes encrypt round; a last aes decrypt round having fewer stages of micro-operations than previous aes decrypt rounds and being separated from the aes decrypt data path to receive an inverse subbytes operation result for a last decrypt round and to perform an exclusive OR (XOR) operation on the inverse subbytes operation result, the last aes decrypt round coupled to output a final decrypted data block generated in the last aes decrypt round; and selection logic coupled to receive the final encrypted data block and coupled to output the final encrypted data block when an input to the selection logic receives an encryption mode signal, and wherein the selection logic is coupled to receive the final decrypted data block and coupled to output the final decrypted data block when the input to the selection logic receives a decryption mode signal. - View Dependent Claims (13)
-
Specification