The present invention pertains to the encryption/decryption of data. More particularly, the present invention pertains to cipher block chaining mode in the Data Encryption Standard (DES).
There are a variety of encryption schemes known in the art. DES (Data Encryption Standard), is the name of the Federal Information Processing Standard (FIPS) 46-3, which describes the data encryption algorithm (DEA). The DEA is also defined in the ANSI (American National Standards Institute) standard X9.32. DES uses a 56-bit key to encrypt and decrypt 64-bit blocks of data. As known in the art, the DES algorithm is implemented with software and/or hardware components. In particular, the data to be encrypted is exclusive ORed (XOR) with the encryption key and forwarded to a substitution box (SBOX). In the SBOX, six bits of input data are replaced with a four-bit value depending on preset tables. Each of these tables is made up of sixteen columns and four rows of four-bit values (i.e., from 0 to 15 in decimal). To select the appropriate four-bit value, four of the bits of the input data are used to select one column and two of the bits are used to select a row. The corresponding four-bit value in the table is then output.
The output value of the SBOX is supplied to a permutation box (PBOX) component, which performs a permutation operation on the concatenation of the output values from the SBOX component. In a DES system, these steps are repeated sixteen times. In a Triple DES system, these steps are repeated 48 times with up to three key values.
A common way of performing encryption using DES is referred to as Electronic CodeBook (ECB) mode. In ECB mode, each 64-bit block of “plaintext” is encrypted using the DES processing core. One problem with ECB mode is that it is relatively easy to break the encryption in that once a single 64-bit block has been inappropriately decrypted (e.g., by trying different “keys”) the remaining blocks of the data can be easily decrypted using the same key.
A solution to these problems is cipher block chaining (CBC). In CBC, the first 64-bit block of plaintext is XORed with a random 64-bit block, and then transmitted to the DES processing core. The resultant 64-bit block is referred to as ciphertext and is then XORed with the next 64-bit block of plaintext. Again, the resultant 64-bit block is transmitted to the DES processing core. The process is repeated until all of the plaintext information is encrypted. CBC mode improves the encryption because in order to even try different keys, one must have the entire body of encrypted plaintext.
In implementing cipher block chaining with decryption and encryption provided by the processing core, one or more multiplexers are often used to ensure that the appropriate 64-bit block is transmitted to the processing core. A problem with multiplexers is that they take up valuable space of a processing chip such as a field programmable gate array. In view of the above, there is a need for an improved method and apparatus for implementing cipher block chaining.