The Advanced Encryption Standard (AES) is a National Institute of Standards and Technology specification for a cryptographic algorithm that can protect electronic data used in symmetric key cryptography. The AES algorithm can encrypt (encipher) and decrypt (decipher) information that is in the form of electronic data. Encryption converts the electronic data to an unintelligible form called ciphertext; decrypting the ciphertext converts the electronic data back into its original form, called plaintext. The AES algorithm is an iterative, symmetric-key block cipher that is capable of using cryptographic keys of 128, 192, and 256 bits to encrypt and decrypt electronic data in blocks of 128 bits.
Public-key ciphers can use a pair of cryptographic keys. However, the AES algorithm uses the same cryptographic key to encrypt and decrypt electronic data. The AES algorithm is a block cipher. Encrypted data returned by block ciphers can have the same number of bits as the input data. The AES algorithm performs its ciphers on blocks of data, making it an iterative cipher. Iterative ciphers can use a loop structure that repeatedly performs permutations and substitutions of the input data.
Each block of data ciphered uses the same cryptographic key to encrypt or decrypt the data. The AES algorithm encrypts or decrypts data in 128 bit blocks. Each encryption or decryption of the 128 bit block of data by the AES algorithm can use a plurality of AES operations. The encryption or decryption of a 128 bit block of data using a plurality of AES operations where a group of successive operations performed iteratively can be referred to as a round. The AES algorithm also takes the cryptographic key and performs a key expansion to generate a key schedule for use in the AES encryption algorithm. Alternatively, in a decryption of a 128 bit block of data, the AES algorithm starts with the scheduled key and performs an inverse key schedule operation to generate the cryptographic key used in the encryption in order to decrypt the data in the 128 bit block.
Each encryption of a 128 bit block of data requires the cryptographic key as input along with a 128 bit block of input data. The input electronic data for encryption that is larger than 128 bits can be divided into a multiple of 128 bit blocks. Each 128 bit block can be encrypted using the AES algorithm. The AES algorithm takes the cryptographic key and performs a key expansion routine to generate a key schedule, transforming the original cryptographic key.
Each decryption of a 128 bit block of data requires the scheduled key as input along with a 128 bit block of input data. The input electronic data for decryption that is larger than 128 bits can be divided into a multiple of 128 bit blocks. Each 128 bit block can be decrypted using the AES algorithm. The AES algorithm can invert and perform in reverse order the AES operations used for encryption. The AES algorithm takes the scheduled key and performs an inverse key schedule operation to determine the original cryptographic key used for encryption.
Conventional cryptographic systems save the key needed for encryption or the key schedule needed for decryption in a buffer that is separate from the workspace buffer used by the AES algorithm during the encryption or decryption operation. Prior to each 128 bit block encryption or decryption, the system restores the key or scheduled key, respectively, from the separate buffer. Alternatively, some conventional cryptographic systems provide the key or scheduled key to a cipher engine performing the encryption or decryption, respectively, for each 128 bit block of data that is encrypted or decrypted. This can result in additional handling and manipulation of the cryptographic key or key schedule. This additional handling and manipulation may compromise the secrecy of the key and its schedule.