The subject matter of the present disclosure relates generally to cryptography. More particularly, the present disclosure relates to improvements in block cipher techniques.
In block cipher systems such as the Advanced Encryption System (AES), encryption of plaintext into ciphertext proceeds in several iterations, referred to as “rounds.” Each round employs one of several cryptographic keys, referred to as “round keys,” that result from key expansion of a shared cryptographic key referred to as a “cipher key.” AES specifies three different key lengths, each using a different number of rounds and round keys, as shown in Table 1. Referring to Table 1, while the size Nb of the plaintext block is always four 32-bit words, the key length Nk and number of rounds Nr can vary, as can the number of round keys Nr+1, which includes the cipher key and a round key for each of the Nr rounds.
TABLE 1Key LengthBlock SizeNumber of Rounds(Nk words)(Nb words)(Nr)AES-1284410AES-1926412AES-2568414
While AES specifies the number of rounds for encryption or decryption as Nr, conventional implementations generally require Nr+1 cycles or more, primarily due to the fact that the total number of round keys is Nr+1, therefore requiring Nr+1 key addition operations. FIG. 1 shows a conventional AES encryption implementation 100.
Referring to FIG. 1, implementation 100 includes a key module 102 and a cipher module 104. Cipher module 104 is implemented in two sections 106 and 108. Section 106 includes a key addition module 110A, a SubBytes module 112A, a ShiftRow module 114A, and a MixColumn module 116A. Section 108 includes two further key addition modules 110B and 110C, a further SubBytes module 112B, and a further ShiftRow module 114B. Each of these modules is defined by the AES standard. Key module 102 is also implemented in two sections 118 and 120.
Sections 106 and 118 perform rounds 1 through Nr−1 of encryption, while sections 108 and 120 perform encryption for the final round Nr. Furthermore, the key addition modules 110B and 110C in section 108 are generally implemented in two respective cycles, resulting in Nr+1 total cycles of operation for cipher module 104. Note especially the redundant modules in implementation 100, which are conventionally implemented as redundant circuits, resulting in inefficiencies such as increased integrated circuit die area, power consumption, and the like.