Key expansion logic using decryption key primitives

US 9,967,092 B2
Filed: 10/15/2015
Issued: 05/08/2018
Est. Priority Date: 05/25/2010
Status: Active Grant

First Claim

Patent Images

1. A microprocessor comprising:

an instruction cache storing both encrypted instructions and non-encrypted instructions;

an instruction fetcher, coupled to the instruction cache, for fetching both the encrypted instructions and the non-encrypted instructions from the instruction cache;

a secure memory, coupled to the instruction fetcher, having a secure memory area for storing a plurality of decryption key primitives;

a key expander, coupled to the secure memory, having a plurality of multiplexers to select two or more of the plurality of decryption key primitives and to derive a singular decryption key from the two or more of the plurality of decryption key primitives;

a decryptor for decrypting an encrypted instruction fetched from the instruction cache by the instruction fetcher using the singular decryption key derived from the two or more decryption key primitives; and

an execution unit, coupled to the decryptor, for executing both instructions decrypted by the decrypter and the non-encrypted instructions wherein the key expander, couple to the secure memory is configured to rotate a decryption key primitive to generate a rotated decryption key primitive; and

wherein the key expander, couple to the secure memory is configured to accumulate the rotated decryption key primitive to a second decryption key primitive; and

securely executing the decrypted instruction within the microprocessor.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure memory, key expansion logic, and decryption logic are provided for a microprocessor that executes encrypted instructions. The secure memory stores a plurality of decryption key primitives. The key expansion logic selects two or more decryption key primitives from the secure memory and then derives a decryption key from them. The decryption logic uses the decryption key to decrypt an encrypted instruction fetched from the instruction cache. The decryption key primitives are selected on the basis of an encrypted instruction address, one of them is rotated by an amount also determined by the encrypted instruction address, and then they are additively or subtractively accumulated, also on the basis of the encrypted instruction address.

76 Citations

View as Search Results

21 Claims

1. A microprocessor comprising:
- an instruction cache storing both encrypted instructions and non-encrypted instructions;
  
  an instruction fetcher, coupled to the instruction cache, for fetching both the encrypted instructions and the non-encrypted instructions from the instruction cache;
  
  a secure memory, coupled to the instruction fetcher, having a secure memory area for storing a plurality of decryption key primitives;
  
  a key expander, coupled to the secure memory, having a plurality of multiplexers to select two or more of the plurality of decryption key primitives and to derive a singular decryption key from the two or more of the plurality of decryption key primitives;
  
  a decryptor for decrypting an encrypted instruction fetched from the instruction cache by the instruction fetcher using the singular decryption key derived from the two or more decryption key primitives; and
  
  an execution unit, coupled to the decryptor, for executing both instructions decrypted by the decrypter and the non-encrypted instructions wherein the key expander, couple to the secure memory is configured to rotate a decryption key primitive to generate a rotated decryption key primitive; and
  
  wherein the key expander, couple to the secure memory is configured to accumulate the rotated decryption key primitive to a second decryption key primitive; and
  
  securely executing the decrypted instruction within the microprocessor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The microprocessor of claim 1, wherein both plaintext and encrypted instructions fetched from the instruction cache are configured to be pipelined through the decryption logic.
  - 3. The microprocessor of claim 2, wherein the microprocessor is configured to use equal amounts of time to fetch and decrypt encrypted instructions as it uses to fetch and decrypt plaintext instructions.
  - 4. The microprocessor of claim 1, wherein the decryptor comprises XOR logic gates configured to XOR an encrypted instruction fetched from the instruction cache with the decryption key derived from the two or more decryption key primitives.
  - 5. The microprocessor of claim 1, wherein the secure memory area is accessible only by secure execution mode programs.
  - 6. The microprocessor of claim 1, wherein the decryption key primitives are subject to update prior to being used by the key expander to derive the decryption key.
  - 7. The microprocessor of claim 1, wherein the key expander is configured to select two or more of the plurality of decryption key primitives based upon an encrypted instruction address.
  - 8. The microprocessor of claim 1, wherein the key expander is configured to rotate the decryption key primitive by an amount that is a function of an encrypted instruction address.
  - 9. The microprocessor of claim 1, wherein the key expander is configured to select between subtractively accumulating and additively accumulating the rotated decryption key primitive to the second decryption key primitive, wherein the selection is a function of an encrypted instruction address.
  - 10. The microprocessor of claim 1, wherein:
    - the key expander is configured to derive a decryption key using a numerical operation on the at least two decryption key primitives;
      
      the key expander is configured to derive a decryption key that has an effective key length equal to a product of a number of possible selections of decryption key primitives used to generate the decryption key times a number of possible numerical combinations of those keys that producible by the numerical operation; and
      
      the key expander is configured to apply decryption keys to chunks of encrypted instructions having a length no greater than the effective key length, and for each successive chunk, to apply a new and different decryption key using at least one different decryption key primitive.

11. A method of securely executing both non encrypted instructions and encrypted instructions within a microprocessor, the method comprising:
- storing a plurality of decryption key primitives in a secure memory, and storing non encrypted instructions in an instruction cache;
  
  fetching both non encrypted instructions and encrypted instructions from an instruction cache;
  
  selecting two or more of the plurality of decryption key primitives from the secure memory;
  
  utilizing a key expander, coupled to the secure memory, for deriving a singular decryption key from the two or more decryption key primitives received from the secure memory;
  
  decrypting an encrypted instruction fetched from the instruction cache with the singular decryption key derived from the two or more decryption key primitives; and
  
  utilizing an execution unit, coupled to the decryptor, for securely executing the decrypted instruction within the microprocessorwherein the key expander is configured to rotate a decryption key primitive to generate a rotated decryption key primitive; and
  
  wherein the key expander is further configured to accumulate the rotated decryption key primitive to a second decryption key primitive.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 12. The method of claim 11, further comprising preventing observation of the encrypted instruction outside the microprocessor.
  - 13. The method of claim 11, further comprising fetching plaintext instructions from the instruction cache.
  - 14. The method of claim 11, further comprising pipelining both the plaintext instructions and encrypted instructions through the decryption logic.
  - 15. The method of claim 11, further comprising using equal amounts of time to fetch and decrypt encrypted instructions as it uses to fetch and decrypt plaintext instructions.
  - 16. The method of claim 11, wherein the action of decrypting an encrypted instruction comprises XORing an encrypted instruction fetched from the instruction cache with the decryption key derived from the two or more decryption key primitives.
  - 17. The method of claim 11, further comprising updating the decrypting key primitives prior to deriving the decryption key.
  - 18. The method of claim 11, further comprising selecting two or more of the plurality of decryption key primitives based upon an encrypted instruction address.
  - 19. The method of claim 11, further comprising rotating the decryption key primitive by an amount that is a function of an encrypted instruction address.
  - 20. The method of claim 11, further comprising selecting between subtractively accumulating and additively accumulating the rotated decryption key primitive to the second decryption key primitive, wherein the selection is a function of an encrypted instruction address.
  - 21. The method of claim 11, wherein:
    - the action of deriving a decryption key uses a numerical operation on the at least two decryption key primitives;
      
      the action of deriving a decryption key generates a decryption key that has an effective key length equal to a product of a number of possible selections of decryption key primitives used to generate the decryption key times a number of possible numerical combinations of those keys that can be produced by the numerical operation; and
      
      further comprising applying the decryption keys to chunks of encrypted instructions having a length no greater than the effective key length, and for each successive chunk, applying a new and different decryption key using at least one different decryption key primitive.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VIA Technologies Incorporated (VIA Technologies)
Original Assignee
VIA Technologies Incorporated (VIA Technologies)
Inventors
Henry, G. Glenn, Parks, Terry, Bean, Brent, Crispin, Thomas A.
Primary Examiner(s)
Rashid, Harunur

Application Number

US14/884,416
Publication Number

US 20160105282A1
Time in Patent Office

936 Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/0855   Overlapped cache accessing,...

G06F 12/0862   with prefetch

G06F 12/0875   with dedicated cache, e.g. ...

G06F 12/1408   by using cryptography for d...

G06F 21/52   during program execution, e...

G06F 21/54   by adding security routines...

G06F 21/602   Providing cryptographic fac...

G06F 21/71   to assure secure computing ...

G06F 21/72   in cryptographic circuits

G06F 2212/1052   Security improvement

G06F 2212/402   Encrypted data

G06F 2212/452   Instruction code

G06F 2212/6026   Prefetching based on access...

G06F 2221/2107   File encryption

G06F 9/30003   Arrangements for executing ...

G06F 9/30079   Pipeline control instructio...

G06F 9/30178   of compressed or encrypted ...

G06F 9/30189   according to execution mode...

H04L 2209/12   Details relating to cryptog...

H04L 2209/20   Manipulating the length of ...

H04L 9/0618 : Block ciphers, i.e. encrypt...

H04L 9/0825 : using asymmetric-key encryp...

H04L 9/0827 : involving distinctive inter...

H04L 9/0861 : Generation of secret inform...

H04L 9/0891 : Revocation or update of sec...

H04L 9/0894 : Escrow, recovery or storing...

View All

Key expansion logic using decryption key primitives

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

76 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Key expansion logic using decryption key primitives

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

76 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links