The present invention relates to a device for implementing a block-ciphering process using an encryption/decryption arithmetic-logic module which is supplied with a data stream of word length n that is to be ciphered.
The German Patent No. 4016203 describes a device of this type for implementing a block-ciphering process. The conventional arithmetic-logic module has a plurality of encryption/decryption elements, each of which forms a stage of a computing pipeline. The individual stages of the computing pipeline are able to operate with different keys.
The disadvantage of the conventional device is that different operating modes are not executable, to be named in particular being the operating modes defined in the ISO-10116 standard (ECB, CBC, CBC-MAC, CFB, OFB).
The European Patent No. 0 454 187 describes a random-data generator, usable for ciphering operations, having an arithmetic-logic module with a pipeline structure which is subdivided into a plurality of processing channels. When generating the random data in this generator, the data in all channels are linked to one another. It is not possible to process a plurality of input-data streams simultaneously.
Therefore, an object of the invention is a device capable of encrypting/decrypting different data streams in various ISO-10116 modes of operation simultaneously.
According to the present invention, upstream of an arithmetic-logic module is an exclusive OR gate that carries out a bit-by-bit logical combination of two input words of word length n, one input of the exclusive OR gate is connected to a first multiplexer device, and the second input is connected to a second multiplexer device. According to the present invention, the input-data stream is fed to the first multiplexer device. In addition, the present invention provides for one input of the second multiplexer device to be connected to an output of a temporary storage device designed to store a plurality of start and initialization values for the ciphering process, as well as data-input and feedback values. Because a plurality of start and initialization values, i.e., data-input and feedback values for the ciphering processes are held ready in the temporary storage device, it is advantageously possible to provide a single device that can be operated in different operating modes. Furthermore, the temporary storage of data-input and feedback values by the temporary storage device provided in the present invention also makes it possible to switch over to a different operating mode within a data stream to be ciphered. Therefore, the device according to the present invention makes it possible to provide the ISO-10116 operating modes in terms of hardware. Moreover, due to the layout of the data paths according to the present invention between the devices connected in incoming circuit to the arithmetic-logic module, in particular the exclusive OR gate and a first and second multiplexer device, and due to the provision according to the present invention of a temporary storage device, it is also possible to encrypt and/or decrypt different data streams in different ISO-10116 operating modes simultaneously. In addition, a conflict-free change of the operating modes for the various data streams to be processed is possible without at the same time interrupting the processing. Particularly because of the provision of a temporary storage device, it is also possible to take advantage of the processing of a plurality of data streams in time-division multiplex operation. Security is also advantageously increased, such that decryption by unauthorized persons is nearly ruled out, since using an operating mode (CBC, CFB, OFB), and given the same key, a greater xe2x80x9cscramblingxe2x80x9d of the data is achieved due to the feedback of (intermediate-) results than in the case of the simpler ECB operating mode.
Owing to the multi-stage computing pipeline, hardware resources are made available for simultaneously processing a number of data streams, corresponding to the number of stages, which are independent of one another and shall be designated as physical channels.
The independence of the physical channels makes it possible to create independent logical channels and to map them onto the physical channels. It is possible for the number of logical channels to exceed the number of physical channels. The use of the physical channels by the logical channels takes place in time-division multiplex operation. Such a logical channel is characterized by a data stream for the encryption/decryption of the respective mode of operation, as well as the associated key and, if applicable, a start/initialization value. In order to make a clearer distinction, in the following, the logical channels are also referred to as contexts.
The device according to the present invention allows ISO 10116 modes of operation to be implemented in encryption processes, the computing pipeline is operated in several rounds for carrying out the encryption/decryption operation. Typical examples of encryption processes are the IDEA (International Data Encryption Algorithm) or the DES (Data Encryption Standard) processes.
A further advantage of the device according to the invention is that it is hot necessary to observe any restrictions whatsoever with regard to the combinations, occurring in the event of a context change, of the preceding mode of operation (for a context which is to be swapped out) and the following mode of operation (for the context to be newly initialized).
In an appropriate design of the device on conflict-free data transmission paths, given the simultaneous conclusion of operation in one context (transmission and securing of the results or of the start value for restarting the encryption/decryption process in the context now ended) and the start of operation in the new context, no additional delay is needed in the event of a context change.
Context changes without additional delays are achieved by an operation-overlapping change of subkey or key. The subkeys or keys required for the new context are loaded in the storage elements allocated to the encryption/decryption elements in such a manner that keys, which have already been executed by the presently still active context, are overwritten in the storage elements.
During normal operation (start/continuation/end of a further encryption/decryption in a currently active context without a directly preceding/following change of context), all data paths outside the arithmetic-logic module are assigned to a channel for the duration of a clock-pulse period. Conversely, when there is a change of context (the old logical channel is ended, its newly calculated start value is stored outside the present device for a resumption of the context, and the new logical channel is initialized and commences execution in the same clock pulse), both the old context to be swapped out (in the output area of the device) and the new context to be swapped in (in the input area of the device) are simultaneously active.
The incorporation of data-valid information for characterizing the data located in a pipeline stage guarantees continuous operation even in cases where, due to different data rates in the different active contexts, temporarily no valid input data is available for one or more channels. In such cases, the computing pipeline is not stopped, but continues in operation while the channel(s).without valid input data is (are) marked. The incorporation of valid-data bits and the mode of operation in each channel of the pipeline (i.e. in a separate lookup table) is necessary for the conditional storage of intermediate results in the register elements provided, or in a data buffer connected to the data output and also in order to determine the data paths used by the channel.