Cryptography, the science of keeping data secure, has expanded significantly in the private sector over the last decade. What was once almost exclusively the domain of the military is now practiced by private citizens and business entities worldwide to ensure secrecy of information and messages. Rights of privacy, business and political strategies are just a few of the many reasons why data encryption may be desired. The proliferation of computer use and global computer networks has caused the demand for secure computer practices to increase dramatically.
Various encryption techniques have resulted from the great demand for information security. Other encryption techniques have existed for quite some time, and although were originally conceived for use by the military, are used extensively by the public. Once such encryption technique is the data encryption standard (DES) which has been a worldwide standard for over 20 years. DES inputs a 64-bit block of plaintext, and outputs a 64-bit block of encrypted data using a digital key. The same algorithm that is used to encrypt the information is also used to decrypt information that was DES encrypted.
Many encryption techniques, such as DES, work as block ciphers which encrypt and decrypt data in blocks of a predetermined number of bits. For example, DES encrypts and decrypts data in 64-bit blocks which therefore requires a 64-bit input. However, there are many situations where a smaller data segment is being used. For example, where a 16-bit data segment is to be read from an encrypted memory, 64-bits are read into the DES engine to perform the decryption. This results in inefficiencies which directly affect the speed of the system.
It would be desirable for users to be able to use known encryption standards such as DES without accepting an efficiency penalty. Some prior art systems have simply accepted this penalty in accessing information of lesser byte counts than the encryption block supports. Other prior art systems have incorporated cache memories to store blocks of decrypted data. However, cache memory is complex and expensive.
The problem of fixed-size encryption/decryption algorithms is particularly evident in the context of computer power up and initialization. In less sophisticated computer systems of the past, information stored in boot ROMs (read-only memories) may have been held to a minimum. In today's computer systems, the boot ROM may involve very complicated algorithms in which information security may be desired. Encrypting the information stored in the boot ROM can provide this security, but at a cost. Because many computer systems access boot ROM information in segments much less than the 8-byte input required in decryption engines such as DES, each data segment requested results in eight bytes being fetched from the boot ROM to the decryption engine. This is very inefficient, particularly where only one or two bytes were requested at a time. If each successive boot ROM request of one or two bytes requires fetching eight bytes, the resulting inefficiency can cause significant delay during the bootstrap process.
Accordingly, there is a need for a system and method to allow utilization of encryption/decryption techniques that operate on data widths larger than the data width of the requested data, without suffering the aforementioned efficiency penalties. The present invention provides a solution to this and other shortcomings of the prior art, and offers other advantages over the prior art.