Method and system for high throughput blockwise independent encryption/decryption
First Claim
Patent Images
1. An apparatus comprising:
- an encryption circuit for encrypting a plurality of data blocks of a data segment, the encryption circuit configured to selectively switch between a blockwise independent randomized (BIR) encryption mode and a cipher block chaining (CBC) encryption mode based on a configurable feedback stride;
wherein the encryption circuit comprises a combiner circuit, a block cipher circuit, and a sequence generator circuit;
the block cipher circuit comprising a plurality m of pipelined stages for simultaneously processing, in a pipelined fashion, a plurality m of different bit vector-data block combinations corresponding to m data blocks of the data segment that are generated by the combiner circuit to thereby generate a plurality of encrypted data blocks, the value for m being configurable to define the feedback stride; and
the sequence generator configured to selectively switch between the BIR encryption mode and the CBC encryption mode, wherein the sequence generator is further configured to (1) generate and output a plurality of randomized blockwise independent bit vectors while in the BIR encryption mode, and (2) generate and output a plurality of blockwise dependent bit vectors while in the CBC encryption mode, the blockwise dependent bit vectors being based on a previously encrypted bit vector-data block combination fed back from the block cipher circuit;
the combiner circuit being configured to (1) receive a streaming input of the data blocks, (2) receive an input of the bit vectors output by the sequence generator circuit, and (3) reversibly combine the received bit vectors with the received streaming data blocks to generate a plurality of bit vector-data block combinations for delivery to the block cipher circuit; and
wherein the sequence generator is further configured to (1) operate in the BIR encryption mode while the block cipher circuit is processing the bit vector-data block combinations corresponding to the first m data blocks of the same data segment, and (2) switch to the CBC encryption mode in response to the block cipher circuit completing encryption of at least the bit vector-data block combination corresponding to the first of the m data blocks, the block cipher circuit thereby being configured to generate the plurality of encrypted data blocks wherein at least the first m encrypted data blocks of the same data segment are encrypted in combination with blockwise independent bit vectors and wherein a plurality of the other encrypted data blocks of the same data segment are encrypted in combination with blockwise dependent bit vectors.
2 Assignments
0 Petitions
Accused Products
Abstract
An encryption technique is disclosed for encrypting a plurality of data blocks of a data segment where the encryption selectively switches between a blockwise independent randomized (BIR) encryption mode and a cipher block chaining (CBC) encryption mode based on a configurable feedback stride. A corresponding decryption technique is also disclosed.
-
Citations
20 Claims
-
1. An apparatus comprising:
-
an encryption circuit for encrypting a plurality of data blocks of a data segment, the encryption circuit configured to selectively switch between a blockwise independent randomized (BIR) encryption mode and a cipher block chaining (CBC) encryption mode based on a configurable feedback stride; wherein the encryption circuit comprises a combiner circuit, a block cipher circuit, and a sequence generator circuit; the block cipher circuit comprising a plurality m of pipelined stages for simultaneously processing, in a pipelined fashion, a plurality m of different bit vector-data block combinations corresponding to m data blocks of the data segment that are generated by the combiner circuit to thereby generate a plurality of encrypted data blocks, the value for m being configurable to define the feedback stride; and the sequence generator configured to selectively switch between the BIR encryption mode and the CBC encryption mode, wherein the sequence generator is further configured to (1) generate and output a plurality of randomized blockwise independent bit vectors while in the BIR encryption mode, and (2) generate and output a plurality of blockwise dependent bit vectors while in the CBC encryption mode, the blockwise dependent bit vectors being based on a previously encrypted bit vector-data block combination fed back from the block cipher circuit; the combiner circuit being configured to (1) receive a streaming input of the data blocks, (2) receive an input of the bit vectors output by the sequence generator circuit, and (3) reversibly combine the received bit vectors with the received streaming data blocks to generate a plurality of bit vector-data block combinations for delivery to the block cipher circuit; and wherein the sequence generator is further configured to (1) operate in the BIR encryption mode while the block cipher circuit is processing the bit vector-data block combinations corresponding to the first m data blocks of the same data segment, and (2) switch to the CBC encryption mode in response to the block cipher circuit completing encryption of at least the bit vector-data block combination corresponding to the first of the m data blocks, the block cipher circuit thereby being configured to generate the plurality of encrypted data blocks wherein at least the first m encrypted data blocks of the same data segment are encrypted in combination with blockwise independent bit vectors and wherein a plurality of the other encrypted data blocks of the same data segment are encrypted in combination with blockwise dependent bit vectors. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
an encryption circuit encrypting a plurality of data blocks of a data segment, wherein the encryption circuit comprises a combiner circuit, a block cipher circuit, and a sequence generator circuit, wherein the block cipher circuit comprises a plurality m of pipelined stages, and wherein the encrypting step comprises; the m pipelined stages simultaneously processing, in a pipelined fashion, a plurality m of different bit vector-data block combinations corresponding to m data blocks of the data segment that are generated by the combiner circuit to thereby generate a plurality of encrypted data blocks, the value for m being configurable to define a feedback stride; the sequence generator selectively switching between a blockwise independent randomized (BIR) encryption mode and a cipher block chaining (CBC) encryption mode based on the configurable feedback stride, the sequence generator (1) generating and outputting a plurality of randomized blockwise independent bit vectors while in the BIR encryption mode, and (2) generating and outputting a plurality of blockwise dependent bit vectors while in the CBC encryption mode, the blockwise dependent bit vectors being based on a previously encrypted bit vector-data block combination fed back from the block cipher circuit; the combiner circuit (1) receiving a streaming input of the data blocks, (2) receiving an input of the bit vectors output by the sequence generator circuit, and (3) reversibly combining the received bit vectors with the received streaming data blocks to generate a plurality of bit vector-data block combinations for delivery to the block cipher circuit; and the sequence generator (1) operating in the BIR encryption mode while the block cipher circuit is processing the bit vector-data block combinations corresponding to the first m data blocks of the same data segment, and (2) switching to the CBC encryption mode in response to the block cipher circuit completing encryption of at least the bit vector-data block combination corresponding to the first of the m data blocks, the block cipher circuit thereby generating the plurality of encrypted data blocks wherein at least the first m encrypted data blocks of the same data segment are encrypted in combination with blockwise independent bit vectors and wherein a plurality of the other encrypted data blocks of the same data segment are encrypted in combination with blockwise dependent bit vectors. - View Dependent Claims (7, 8, 9, 10)
-
-
11. An apparatus comprising:
-
a decryption circuit for decrypting a plurality of encrypted data blocks of a data segment, the decryption circuit configured to selectively switch between a blockwise independent randomized (BIR) decryption mode and a cipher block chaining (CBC) decryption mode based on a configurable feedback stride; wherein the decryption circuit comprises a combiner circuit, a block cipher circuit, and a sequence generator circuit; the block cipher circuit comprising a plurality m of pipelined stages for simultaneously processing, in a pipelined fashion, a plurality m of different bit vector-data block combinations corresponding to m data blocks of the data segment that are generated by the combiner circuit to thereby generate a plurality of decrypted data blocks, the value for m being configurable to define the feedback stride; and the sequence generator configured to selectively switch between the BIR decryption mode and the CBC decryption mode, wherein the sequence generator is further configured to (1) generate and output a plurality of randomized blockwise independent bit vectors while in the BIR decryption mode, and (2) generate and output a plurality of blockwise dependent bit vectors while in the CBC decryption mode, the blockwise dependent bit vectors being based on a previously decrypted bit vector-data block combination fed back from the block cipher circuit; the combiner circuit being configured to (1) receive a streaming input of the encrypted data blocks, (2) receive an input of the bit vectors output by the sequence generator circuit, and (3) reversibly combine the received bit vectors with the received streaming encrypted data blocks to generate a plurality of bit vector-data block combinations for delivery to the block cipher circuit; and wherein the sequence generator is further configured to (1) operate in the BIR decryption mode while the block cipher circuit is processing the bit vector-data block combinations corresponding to the first m encrypted data blocks of the same data segment, and (2) switch to the CBC decryption mode in response to the block cipher circuit completing decryption of at least the bit vector-data block combination corresponding to the first of the m encrypted data blocks, the block cipher circuit thereby being configured to generate the plurality of decrypted data blocks wherein at least the first m decrypted data blocks of the same data segment are decrypted in combination with blockwise independent bit vectors and wherein a plurality of the other decrypted data blocks of the same data segment are decrypted in combination with blockwise dependent bit vectors. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method comprising:
a decryption circuit decrypting a plurality of encrypted data blocks of a data segment, wherein the decryption circuit comprises a combiner circuit, a block cipher circuit, and a sequence generator circuit, wherein the block cipher circuit comprises a plurality m of pipelined stages, and wherein the decrypting step comprises; the m pipelined stages simultaneously processing, in a pipelined fashion, a plurality m of different bit vector-data block combinations corresponding to m encrypted data blocks of the data segment that are generated by the combiner circuit to thereby generate a plurality of decrypted data blocks, the value for m being configurable to define a feedback stride; the sequence generator selectively switching between a blockwise independent randomized (BIR) decryption mode and a cipher block chaining (CBC) decryption mode based on the configurable feedback stride, the sequence generator (1) generating and outputting a plurality of randomized blockwise independent bit vectors while in the BIR decryption mode, and (2) generating and outputting a plurality of blockwise dependent bit vectors while in the CBC decryption mode, the blockwise dependent bit vectors being based on a previously decrypted bit vector-data block combination fed back from the block cipher circuit; the combiner circuit (1) receiving a streaming input of the encrypted data blocks, (2) receiving an input of the bit vectors output by the sequence generator circuit, and (3) reversibly combining the received bit vectors with the received streaming encrypted data blocks to generate a plurality of bit vector-data block combinations for delivery to the block cipher circuit; and the sequence generator (1) operating in the BIR decryption mode while the block cipher circuit is processing the bit vector-data block combinations corresponding to the first m encrypted data blocks of the same data segment, and (2) switching to the CBC decryption mode in response to the block cipher circuit completing decryption of at least the bit vector-data block combination corresponding to the first of the m encrypted data blocks, the block cipher circuit thereby generating the plurality of decrypted data blocks wherein at least the first m decrypted data blocks of the same data segment are decrypted in combination with blockwise independent bit vectors and wherein a plurality of the other decrypted data blocks of the same data segment are decrypted in combination with blockwise dependent bit vectors. - View Dependent Claims (17, 18, 19, 20)
Specification