1. Field of the Invention
The present invention relates generally to an apparatus and a method of performing the advanced encryption standard (AES) Rijndael algorithm. More specifically, the present invention is directed to an apparatus and a method of implementing the Rijndael algorithm in a hardware, which can rapidly perform an encryption by dividing data into blocks for parallel-processing operations.
2. Description of the Related Art
The Rijndael algorithm has been selected as the Advanced Encryption Standard (AES) for performing an encryption of documents and data information which are transmitted through a network or stored into a smart card or a computer storage. According to the AES, the Rijndael algorithm is a symmetric block cipher that can process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits, and outputs 128-bit encrypted data. Other block sizes are possible in addition to 128-bit blocks, but the AES selected 128 bits.
FIG. 1 illustrates structures of an input data, a state array that is transformed from the input data, and an encrypted or decrypted output data according to the conventional Rijndael algorithm.
Referring to FIG. 1, the input data 101, the state array 102, and the output data 103 of 128 bit blocks are structured with four rows of 32 bits each. The input data 101 are encrypted or decrypted to generate the output data 103. The state array 102 is generated by executing the encryption or decryption operations on the input data 101.
In general, the AES Rijndael algorithm is iteratively performed in, what is called, the number of rounds. FIGS. 2A and 2B are flowcharts of a round of the general Rijndael algorithm.
Referring to FIG. 2A, an input state array is processed by several operations which are called AES rounds. The input state array is processed by a byte substitution operation at operation S201, a shiftrow operation at operation S203, a mixed columns operation at operation S205, and a round key addition operation at operation S207, thus performing one AES round.
The byte substitution operation at operation S201 is a non-linear byte substitution that independently operates on each byte of the data using a substitution table which is called S-box. The S-box is constructed by the multiplicative inverse in the finite field Galois Field (GF) GF(28) and the affine transformation over GF(28).
The shiftrow operation at operation S203 shifts positions of the last three rows, excluding the first row, of the state array 102 without changing the byte values. The mix columns operation at operation S205 treats elements of each column of the state array 102 as a coefficient of a four-term, order-3, polynomial over GF(28), and transforms the coefficients of the four-term polynomial corresponding to a remainder obtained by multiplying the polynomial by a fixed polynomial a(x)={03}x3+{01}x2+{01}x+{02} and dividing by x4+1.
The round key addition operation at operation S207 adds a round key to the state data 102 by a simple bit-wise exclusive-or (XOR) operation. Specific operations of the round of the AES Rijndael algorithm are well-known technologies, and thus, the detailed descriptions are omitted for conciseness.
FIG. 2B illustrates an alterative AES round. Referring to FIG. 2B, the alternative AES round includes a shiftrow operation S211, a byte substitution operation S213, a mixed columns operation S215, and a round key addition operation S217.
The alternative AES round of FIG. 2B has the same operations as the AES round of FIG. 2A. The only difference lies in that the order of the shiftrow operation S211 and the byte substitution operation S213 are switched. The alternative AES round of FIG. 2B acquires the same results as the AES round of the FIG. 2A since the switch of the shiftrow operation S211 and the byte substitution operation S213 produces the same results.
According to the AES algorithm, the data encryption is performed by processing the AES round for a predetermined number of times. The number of the AES rounds Nr depends on a cipher key length. Specifically, the Nr is “10” for a 128-bit cipher key, “12” for a 192-bit cipher key, and “14” for a 256-bit cipher key.
After the predetermined number of the AES rounds are iteratively processed, a final AES round includes the shiftrow operation S211 and the byte substitution operation S213 (or vice versa) followed by the round key addition operation S217 while omitting the mixed columns operation S215, to thus generate the output data 103 of FIG. 1.
The AES Rijndael decryption algorithm is a reverse order of the AES Rijndael encryption algorithm. Accordingly, the decryption of the input data is performed through the inverse byte substitution operation, the inverse shiftrow operation, the inverse mix columns operation, and the round key addition operation S207. The alternative AES decryption is similar to the AES Rijndael decryption, thus the detailed description thereof is omitted for conciseness.
A number of apparatuses have been devised to implement the AES Rijndael algorithm. For example, an apparatus to implement the conventional AES Rijndael algorithm uses only one data processing module to implement all the rounds. Hence, Nr-ary rounds denote that the data processing module performs operations for a single data Nr times. As a result, a time for performing the entire rounds is Nr times as long as a time for performing one round.
Since the AES Rijndael algorithm requires the additional round key addition operation at the first round execution, the conventional Rijndael algorithm implementation apparatus of iterative loop architecture requires an additional process to operate the data processing module, thus decreasing throughput of the Rijndael algorithm implementation apparatus.
The conventional Rijndael algorithm implementation apparatus processes a single state array as a whole, and accordingly, requires more resources to configure the data processing modules so as to perform the operations with respect to the whole 128-bit data.
When the AES Rijndael algorithm implementation apparatus is used in a resource-constrained environment, such as a smart card, a certain level of processing speed should be maintained while keeping the scale of the apparatus small. Thus, the data input to the AES Rijndael apparatus and the data processing are not executed at the same time. In addition, the data processing speed is deteriorated since the data processing modules have to stand by during the data input.