Microprocessor that fetches and decrypts encrypted instructions in same time as plain text instructions

US 8,671,285 B2
Filed: 04/21/2011
Issued: 03/11/2014
Est. Priority Date: 05/25/2010
Status: Active Grant

First Claim

Patent Images

1. A microprocessor, comprising:

an instruction cache;

an instruction decode unit; and

a fetch unit, configured to;

(a) fetch a block of instruction data from the instruction cache;

(b) perform a Boolean exclusive-OR (XOR) operation on the block with a data entity to generate plain text instruction data; and

(c) provide the plain text instruction data to the instruction decode unit;

wherein in a first instance the block comprises encrypted instruction data and the data entity is a decryption key;

wherein in a second instance the block comprises unencrypted instruction data and the data entity is Boolean zeroes;

wherein the microprocessor is configured to use equal amounts of time to perform feats (a), (b), and (c) in the first and second instances regardless of whether the block of instruction data is encrypted or unencrypted;

wherein the plain text instruction data decrypted from the encrypted instruction data is unobservable outside the microprocessor; and

wherein the time to perform said feats (a), (b), and (c) is the same independent of whether a branch instruction is present or absent within the fetched block of instruction data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A fetch unit (a) fetches a block of instruction data from an instruction cache of the microprocessor; (b) performs an XOR on the block with a data entity to generate plain text instruction data; and (c) provides the plain text instruction data to an instruction decode unit. In a first instance the block comprises encrypted instruction data and the data entity is a decryption key. In a second instance the block comprises unencrypted instruction data and the data entity is Boolean zeroes. The time required to perform (a), (b), and (c) is the same in the first and second instances regardless of whether the block is encrypted or unencrypted. A decryption key generator selects first and second keys from a plurality of keys, rotates the first key, and adds/subtracts the rotated first key to/from the second key, all based on portions of the fetch address, to generate the decryption key.

46 Citations

22 Claims

1. A microprocessor, comprising:
- an instruction cache;
  
  an instruction decode unit; and
  
  a fetch unit, configured to;
  
  (a) fetch a block of instruction data from the instruction cache;
  
  (b) perform a Boolean exclusive-OR (XOR) operation on the block with a data entity to generate plain text instruction data; and
  
  (c) provide the plain text instruction data to the instruction decode unit;
  
  wherein in a first instance the block comprises encrypted instruction data and the data entity is a decryption key;
  
  wherein in a second instance the block comprises unencrypted instruction data and the data entity is Boolean zeroes;
  
  wherein the microprocessor is configured to use equal amounts of time to perform feats (a), (b), and (c) in the first and second instances regardless of whether the block of instruction data is encrypted or unencrypted;
  
  wherein the plain text instruction data decrypted from the encrypted instruction data is unobservable outside the microprocessor; and
  
  wherein the time to perform said feats (a), (b), and (c) is the same independent of whether a branch instruction is present or absent within the fetched block of instruction data.
- View Dependent Claims (2, 3, 4)
- - 2. The microprocessor of claim 1, wherein the decryption key is a function only of a portion of a fetch address and a plurality of key values.
  - 3. The microprocessor of claim 1, wherein to generate the decryption key as a function of a fetch address and a plurality of key values, the fetch unit is configured to:
    - select a first key value and a second key value of the plurality of key values based on a first portion of the fetch address;
      
      rotate the first key value based on a second portion of the fetch address;
      
      add or subtract the rotated selected key value to or from the second key value based on a third portion of the fetch address to generate the decryption key.
  - 4. The microprocessor of claim 1, wherein a plurality of key values is K, wherein a width of the decryption key and each of the plurality of key values is W bytes, wherein the fetch unit is configured to generate a sequence of decryption keys for a sequence of blocks of instruction data fetched from the instruction cache to yield approximately W²* (K!/(2*(K−
    - 2)!)) different combination of bytes of the plurality of key values with which to decrypt the sequence of fetched blocks.

5. A microprocessor, comprising:
- an instruction cache;
  
  an instruction decode unit; and
  
  a fetch unit, configured to;
  
  (a) fetch a block of instruction data from the instruction cache;
  
  (b) perform a Boolean exclusive-OR (XOR) operation on the block with a data entity to generate plain text instruction data; and
  
  (c) provide the plain text instruction data to the instruction decode unit;
  
  wherein in a first instance the block comprises encrypted instruction data and the data entity is a decryption key;
  
  wherein in a second instance the block comprises unencrypted instruction data and the data entity is Boolean zeroes;
  
  wherein the microprocessor is configured to use equal amounts of time to perform feats (a), (b), and (c) in the first and second instances regardless of whether the block of instruction data is encrypted or unencrypted;
  
  wherein to fetch the block of instruction data from the instruction cache the fetch unit is configured to apply a fetch address to the instruction cache, wherein the fetch unit if further configured to generate the decryption key as a function of a portion of the fetch address and a plurality of key values within a time required to fetch the block of instruction data from the instruction cache.
- View Dependent Claims (6, 7, 8)
- - 6. The microprocessor of claim 5, wherein the decryption key is a function only of the portion of the fetch address and the plurality of key values.
  - 7. The microprocessor of claim 5, wherein to generate the decryption key as a function of the fetch address and the plurality of key values, the fetch unit is configured to:
    - select a first key value and a second key value of the plurality of key values based on a first portion of the fetch address;
      
      rotate the first key value based on a second portion of the fetch address;
      
      add or subtract the rotated selected key value to or from the second key value based on a third portion of the fetch address to generate the decryption key.
  - 8. The microprocessor of claim 5, wherein the plurality of key values is K, wherein a width of the decryption key and each of the plurality of key values is W bytes, wherein the fetch unit is configured to generate a sequence of decryption keys for a sequence of blocks of instruction data fetched from the instruction cache to yield approximately W²*(K!/(2*(K−
    - 2)!)) different combination of bytes of the plurality of key values with which to decrypt the sequence of fetched blocks.

9. A microprocessor, comprising:
- an instruction cache;
  
  an instruction decode unit; and
  
  a fetch unit, configured to;
  
  (a) fetch a block of instruction data from the instruction cache;
  
  (b) perform a Boolean exclusive-OR (XOR) operation on the block with a data entity to generate plain text instruction data; and
  
  (c) provide the plain text instruction data to the instruction decode unit;
  
  wherein in a first instance the block comprises encrypted instruction data and the data entity is a decryption key;
  
  wherein in a second instance the block comprises unencrypted instruction data and the data entity is Boolean zeroes;
  
  wherein the microprocessor is configured to use equal amounts of time to perform feats (a), (b), and (c) in the first and second instances regardless of whether the block of instruction data is encrypted or unencrypted;
  
  wherein the fetch unit comprises;
  
  a control bit, configured to store an indication of whether the fetch unit is in a decryption mode or a plain text mode;
  
  a multiplexer, comprising;
  
  an output;
  
  a first data input configured to receive the decryption key;
  
  a second data input, configured to receive the Boolean zeroes; and
  
  a selection control input, configured to receive the value of the control bit and to cause the decryption key to be provided on the output when the value of the control bit indicates the decryption mode in the first instance and to cause the Boolean zeroes to be provided on the output when the value of the control bit indicates the plain text mode in the second instance; and
  
  an XOR gate, comprising;
  
  a first data input, configured to the output of the multiplexer;
  
  a second data input, configured to receive the fetched block of instruction data; and
  
  an output, coupled to the instruction decode unit for providing the plain text instruction data which is the Boolean XOR of the first and second data inputs.
- View Dependent Claims (10, 11, 12)
- - 10. The microprocessor of claim 9, wherein the decryption key is a function only of a portion of a fetch address and a plurality of key values.
  - 11. The microprocessor of claim 9, wherein to generate the decryption key as a function of a fetch address and a plurality of key values, the fetch unit is configured to:
    - select a first key value and a second key value of the plurality of key values based on a first portion of the fetch address;
      
      rotate the first key value based on a second portion of the fetch address;
      
      add or subtract the rotated selected key value to or from the second key value based on a third portion of the fetch address to generate the decryption key.
  - 12. The microprocessor of claim 9, wherein a plurality of key values is K, wherein a width of the decryption key and each of the plurality of key values is W bytes, wherein the fetch unit is configured to generate a sequence of decryption keys for a sequence of blocks of instruction data fetched from the instruction cache to yield approximately W²*(K!/(2*(K−
    - 2)!)) different combination of bytes of the plurality of key values with which to decrypt the sequence of fetched blocks.

13. A method for operating a microprocessor having an instruction cache, the method comprising the following computer-implemented steps:
- (a) fetching a block of instruction data from the instruction cache;
  
  (b) performing a Boolean exclusive-OR (XOR) operation on the block with a data entity for generating plain text instruction data; and
  
  (c) providing the plain text instruction data to an instruction decode unit;
  
  wherein in a first instance the block comprises encrypted instruction data and the data entity is a decryption key;
  
  wherein in a second instance the block comprises unencrypted instruction data and the data entity is Boolean zeroes;
  
  wherein the microprocessor is configured to use equal amounts of time to perform said feats (a), (b), and (c) in the first and second instances regardless of whether the block of instruction data is encrypted or unencrypted;
  
  wherein the plain text instruction data decrypted from the encrypted instruction data is unobservable outside the microprocessor; and
  
  wherein the time to perform said feats (a), (b), and (c) is the same independent of whether a branch instruction is present or absent within the fetched block of instruction data.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, wherein the decryption key is a function only of a portion of a fetch address and a plurality of key values.
  - 15. The method of claim 13, wherein the decryption key is generated as a function of a fetch address and a plurality of key values by:
    - selecting a first key value and a second key value of the plurality of key values based on a first portion of the fetch address;
      
      rotating the first key value based on a second portion of the fetch address; and
      
      adding or subtracting the rotated selected key value to or from the second key value based on a third portion of the fetch address to generate the decryption key.
  - 16. The method of claim 15, wherein the plurality of key values is K, wherein a width of the decryption key and each of the plurality of key values is W bytes, wherein said selecting, rotating, and adding or subtracting yields approximately W²*(K!/(2*(K−
    - 2)!)) different combination of bytes of the plurality of key values over a sequence of fetch addresses used to fetch a sequence of blocks of instruction data from the instruction cache.
  - 17. The method of claim 13, wherein said generating the decryption key as a function of a fetch address and a plurality of key values for a plurality of sequential blocks of instruction data yields an effective decryption key length of approximately W²*(K!/(2*(K−
    - 2)!)) bytes, wherein width of the decryption key and each of the plurality of key values is W bytes, wherein the plurality of key values is K.

18. A method for operating a microprocessor having an instruction cache, the method comprising the following computer-implemented steps:
- (a) fetching a block of instruction data from the instruction cache by applying a fetch address to the instruction cache;
  
  (b) performing a Boolean exclusive-OR (XOR) operation on the block with a data entity for generating plain text instruction data; and
  
  (c) providing the plain text instruction data to an instruction decode unit;
  
  wherein in a first instance the block comprises encrypted instruction data and the data entity is a decryption key, which is generated as a function of a portion of the fetch address and a plurality of key values;
  
  wherein in a second instance the block comprises unencrypted instruction data and the data entity is Boolean zeroes;
  
  wherein the microprocessor is configured to use equal amounts of time to perform said feats (a), (b), and (c) in the first and second instances regardless of whether the block of instruction data is encrypted or unencrypted;
  
  wherein said generating the decryption key is performed within a time required to perform said fetching the block of instruction data from the instruction cache.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The method of claim 18, wherein the decryption key is a function only of the portion of the fetch address and the plurality of key values.
  - 20. The method of claim 18, wherein the decryption key is generated as a function of the fetch address and the plurality of key values by:
    - selecting a first key value and a second key value of the plurality of key values based on a first portion of the fetch address;
      
      rotating the first key value based on a second portion of the fetch address; and
      
      adding or subtracting the rotated selected key value to or from the second key value based on a third portion of the fetch address to generate the decryption key.
  - 21. The method of claim 20, wherein the plurality of key values is K, wherein a width of the decryption key and each of the plurality of key values is W bytes, wherein said selecting, rotating, and adding or subtracting yields approximately W²*(K!/(2*(K−
    - 2)!)) different combination of bytes of the plurality of key values over a sequence of fetch addresses used to fetch a sequence of blocks of instruction data from the instruction cache.
  - 22. The method of claim 18, wherein said generating the decryption key as a function of the fetch address and the plurality of key values for a plurality of sequential blocks of instruction data yields an effective decryption key length of approximately W²*(K!/(2*(K−
    - 2)!)) bytes, wherein a width of the decryption key and each of the plurality of key values is W bytes, wherein the plurality of key values is K.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VIA Technologies Incorporated (VIA Technologies)
Original Assignee
VIA Technologies Incorporated (VIA Technologies)
Inventors
Henry, G. Glenn, Parks, Terry, Bean, Brent, Crispin, Thomas A.
Primary Examiner(s)
Rahman, Mahfuzur

Application Number

US13/091,487
Publication Number

US 20120096282A1
Time in Patent Office

1,055 Days
Field of Search

713/190, 713/192
US Class Current

713/190
CPC Class Codes

G06F 12/0875   with dedicated cache, e.g. ...

G06F 21/52   during program execution, e...

G06F 21/54   by adding security routines...

G06F 21/602   Providing cryptographic fac...

G06F 21/71   to assure secure computing ...

G06F 21/72   in cryptographic circuits

G06F 2212/402   Encrypted data

G06F 2212/452   Instruction code

G06F 2221/2107   File encryption

G06F 9/30003   Arrangements for executing ...

G06F 9/30058   Conditional branch instruct...

G06F 9/30079   Pipeline control instructio...

G06F 9/30178   of compressed or encrypted ...

G06F 9/30189   according to execution mode...

H04L 2209/12   Details relating to cryptog...

H04L 2209/20   Manipulating the length of ...

H04L 9/0618   Block ciphers, i.e. encrypt...

H04L 9/0827   involving distinctive inter...

H04L 9/0861   Generation of secret inform...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894 : Escrow, recovery or storing...

View All

Microprocessor that fetches and decrypts encrypted instructions in same time as plain text instructions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

46 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Microprocessor that fetches and decrypts encrypted instructions in same time as plain text instructions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links