KEY EXPANSION LOGIC USING DECRYPTION KEY PRIMITIVES

US 20160105282A1
Filed: 10/15/2015
Published: 04/14/2016
Est. Priority Date: 05/25/2010
Status: Active Grant

First Claim

Patent Images

1. A microprocessor comprising:

an instruction cache operable to store encrypted instructions;

fetch logic configured to fetch encrypted instructions from the instruction cache;

a secure memory configured to store a plurality of decryption key primitives;

key expansion logic configured to derive a decryption key from two or more of the plurality of decryption key primitives; and

decryption logic configured to decrypt an encrypted instruction fetched from the instruction cache with the decryption key derived from the two or more decryption key primitives.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure memory, key expansion logic, and decryption logic are provided for a microprocessor that executes encrypted instructions. The secure memory stores a plurality of decryption key primitives. The key expansion logic selects two or more decryption key primitives from the secure memory and then derives a decryption key from them. The decryption logic uses the decryption key to decrypt an encrypted instruction fetched from the instruction cache. The decryption key primitives are selected on the basis of an encrypted instruction address, one of them is rotated by an amount also determined by the encrypted instruction address, and then they are additively or subtractively accumulated, also on the basis of the encrypted instruction address.

Citations

27 Claims

1. A microprocessor comprising:
- an instruction cache operable to store encrypted instructions;
  
  fetch logic configured to fetch encrypted instructions from the instruction cache;
  
  a secure memory configured to store a plurality of decryption key primitives;
  
  key expansion logic configured to derive a decryption key from two or more of the plurality of decryption key primitives; and
  
  decryption logic configured to decrypt an encrypted instruction fetched from the instruction cache with the decryption key derived from the two or more decryption key primitives.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The microprocessor of claim 1, wherein the instruction cache is also operable to store plaintext instructions.
  - 3. The microprocessor of claim 2, wherein both plaintext and encrypted instructions fetched from the instruction cache are configured to be pipelined through the decryption logic.
  - 4. The microprocessor of claim 3, wherein the microprocessor is configured to use equal amounts of time to fetch and decrypt encrypted instructions as it uses to fetch and decrypt plaintext instructions.
  - 5. The microprocessor of claim 1, wherein the decryption logic comprises XOR logic gates configured to XOR an encrypted instruction fetched from the instruction cache with the decryption key derived from the two or more decryption key primitives.
  - 6. The microprocessor of claim 1, wherein the secure memory area is accessible only by secure execution mode programs.
  - 7. The microprocessor of claim 1, wherein the decryption key primitives are subject to update prior to being used by the key expansion logic to derive the decryption key.
  - 8. The microprocessor of claim 1, wherein the key expansion logic is configured to select two or more of the plurality of decryption key primitives based upon an encrypted instruction address.
  - 9. The microprocessor of claim 1, wherein the key expansion logic is configured to rotate a decryption key primitive to generate a rotated decryption key primitive.
  - 10. The microprocessor of claim 9, wherein the key expansion logic is configured to rotate the decryption key primitive by an amount that is a function of an encrypted instruction address.
  - 11. The microprocessor of claim 9, wherein the key expansion logic is configured to accumulate the rotated decryption key primitive to a second decryption key primitive.
  - 12. The microprocessor of claim 11, wherein the key expansion logic is configured to select between subtractively accumulating and additively accumulating the rotated decryption key primitive to the second decryption key primitive, wherein the selection is a function of an encrypted instruction address.
  - 13. The microprocessor of claim 1, wherein:
    - the key expansion logic is configured to derive a decryption key using a numerical operation on the at least two decryption key primitives;
      
      the key expansion logic is configured to derive a decryption key that has an effective key length equal to a product of a number of possible selections of decryption key primitives used to generate the decryption key times a number of possible numerical combinations of those keys that can be produced by the numerical operation; and
      
      the key expansion logic is configured to apply decryption keys to chunks of encrypted instructions having a length no greater than the effective key length, and for each successive chunk, to apply a new and different decryption key using at least one different decryption key primitive.

14. A method of securely executing encrypted instructions within a microprocessor, the method comprising:
- storing a plurality of decryption key primitives in a secure memory;
  
  fetching encrypted instructions from an instruction cache;
  
  receiving two or more of the plurality of decryption key primitives from the secure memory;
  
  deriving a decryption key from the two or more decryption key primitives received from the secure memory;
  
  decrypting an encrypted instruction fetched from the instruction cache with the decryption key derived from the two or more decryption key primitives; and
  
  securely executing the decrypted instruction within the microprocessor.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The method of claim 14, further comprising preventing observation of the encrypted instruction outside the microprocessor.
  - 16. The method of claim 14, further comprising fetching plaintext instructions from the instruction cache.
  - 17. The method of claim 14, further comprising pipelining both the plaintext instructions and encrypted instructions through the decryption logic.
  - 18. The method of claim 14, further comprising using equal amounts of time to fetch and decrypt encrypted instructions as it uses to fetch and decrypt plaintext instructions.
  - 19. The method of claim 14, wherein the action of decrypting an encrypted instruction comprises XORing an encrypted instruction fetched from the instruction cache with the decryption key derived from the two or more decryption key primitives.
  - 20. The method of claim 14, further comprising updating the decrypting key primitives prior to deriving the decryption key.
  - 21. The method of claim 14, further comprising selecting two or more of the plurality of decryption key primitives based upon an encrypted instruction address.
  - 22. The method of claim 14, further comprising rotating a decryption key primitive to generate a rotated decryption key primitive.
  - 23. The method of claim 22, further comprising rotating the decryption key primitive by an amount that is a function of an encrypted instruction address.
  - 24. The method of claim 22, further comprising accumulating the rotated decryption key primitive to a second decryption key primitive.
  - 25. The method of claim 24, further comprising selecting between subtractively accumulating and additively accumulating the rotated decryption key primitive to the second decryption key primitive, wherein the selection is a function of an encrypted instruction address.
  - 26. The method of claim 14, wherein:
    - the action of deriving a decryption key uses a numerical operation on the at least two decryption key primitives;
      
      the action of deriving a decryption key generates a decryption key that has an effective key length equal to a product of a number of possible selections of decryption key primitives used to generate the decryption key times a number of possible numerical combinations of those keys that can be produced by the numerical operation; and
      
      further comprising applying the decryption keys to chunks of encrypted instructions having a length no greater than the effective key length, and for each successive chunk, applying a new and different decryption key using at least one different decryption key primitive.

27. A computer program product encoded in at least one non-transitory computer usable medium for use with a computing device, the computer program product comprising:
- computer usable program code embodied in said medium, for specifying a microprocessor, the computer usable program code comprising;
  
  first program code for specifying an instruction cache operable to store encrypted instructions;
  
  second program code for specifying fetch logic configured to fetch encrypted instructions from the instruction cache;
  
  third program code for specifying a secure memory configured to store a plurality of decryption key primitives;
  
  fourth program code for specifying key expansion logic configured to derive a decryption key from two or more of the plurality of decryption key primitives; and
  
  fifth program code for specifying decryption logic configured to decrypt an encrypted instruction fetched from the instruction cache with the decryption key derived from the two or more decryption key primitives.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VIA Technologies Incorporated (VIA Technologies)
Original Assignee
VIA Technologies Incorporated (VIA Technologies)
Inventors
HENRY, G. GLENN, PARKS, TERRY, BEAN, BRENT, CRISPIN, THOMAS A.

Granted Patent

US 9,967,092 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 12/0855   Overlapped cache accessing,...

G06F 12/0862   with prefetch

G06F 12/0875   with dedicated cache, e.g. ...

G06F 12/1408   by using cryptography for d...

G06F 21/52   during program execution, e...

G06F 21/54   by adding security routines...

G06F 21/602   Providing cryptographic fac...

G06F 21/71   to assure secure computing ...

G06F 21/72   in cryptographic circuits

G06F 2212/1052   Security improvement

G06F 2212/402   Encrypted data

G06F 2212/452   Instruction code

G06F 2212/6026   Prefetching based on access...

G06F 2221/2107   File encryption

G06F 9/30003   Arrangements for executing ...

G06F 9/30079   Pipeline control instructio...

G06F 9/30178   of compressed or encrypted ...

G06F 9/30189   according to execution mode...

H04L 2209/12   Details relating to cryptog...

H04L 2209/20   Manipulating the length of ...

H04L 9/0618 : Block ciphers, i.e. encrypt...

H04L 9/0825 : using asymmetric-key encryp...

H04L 9/0827 : involving distinctive inter...

H04L 9/0861 : Generation of secret inform...

H04L 9/0891 : Revocation or update of sec...

H04L 9/0894 : Escrow, recovery or storing...

View All

KEY EXPANSION LOGIC USING DECRYPTION KEY PRIMITIVES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

KEY EXPANSION LOGIC USING DECRYPTION KEY PRIMITIVES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links