Block cipher algorithms generally include a Data Encryption Standard (DES) algorithm, a tri-DES (3DES) algorithm, an Advanced Encryption Standard (AES) algorithm, an International Data Encryption Algorithm (IDEA), an SMS4 algorithm published by the State Secret Code Regulatory Commission Office, etc. Key components implementing a block cipher algorithm include a key expansion unit, an encryption unit and a sub-key array storage unit. Particularly, internal structures of the key expansion unit and the encryption unit are similar in that they generally consist of a data register component and a data conversion component.
The data register component is generally implemented with a general flip flop to register data. Data registered in this component is invariant in a clock cycle. The general flip flop is a data register device in which data at a data input is transmitted to an output of the flip flop at a rising or falling edge of a clock and the data at the output of the flip flop is invariant at other instances of time.
The data conversion component is a component to process data as required in the block cipher algorithm, e.g., a component to process data as required in the national SMS4 cipher algorithm. Operations performed by the data conversion component include only one integration and permutation as specified in the cipher algorithm.
The sub-key array storage unit is adapted to store an array of sub-keys. An array of sub-keys in the existing technology is typically an array of data already prepared prior to encryption and decryption and generated by the key expansion unit. In the SMS4 cipher algorithm, data of the sub-key array storage unit is arranged in a descending/ascending order of addresses and can be named rk0, rk1, rk31.
A current process of encrypting and decrypting data as required in the SMS4 cipher algorithm includes two separate phases of expanding a key and encrypting data. As illustrated in FIG. 1, firstly a key expansion unit expands a key into an array of sub-keys and stores them sequentially into a sub-key array storage unit, and then an encryption unit encrypts data using the array of sub-keys into which the key is expanded.
A. The phase of expanding a key:
1) An external key is input to a data register component of a key expansion unit.
An external key subject to preliminary processing is input to a data register component 100 of a key expansion unit for registering.
2) Conversion of data.
The data registered in the data register component 100 of the key expansion unit is input to a data conversion component 101 of the key expansion unit for conversion to result in sub-keys.
3) Iterative Processing of the Data.
Data resulting from previous conversion is stored in the data register component 100 of the key expansion unit while the resulting sub-keys are stored in a first line of a sub-key array storage unit 2, and then the data registered in the data register component 100 of the key expansion unit is input again to the data conversion component 101 of the key expansion unit for conversion and resulting sub-keys are stored in a next line of the sub-key array storage unit 2. This process of converting the data is repeated for thirty-two times to result in an array of sub-keys of 32×32 bits=1024 bits.
B. The Phase of Encrypting the Data:
1) External data is input to a data register component of an encryption unit.
External data is input to a data register component 300 of an encryption unit for registering.
2) Conversion of the Data.
The data registered in the data register component 300 of the encryption unit is input to a data conversion component 301 of the encryption unit, and the data corresponding to the first line of the array of sub-keys stored in the sub-key array storage unit 2 is input to the data conversion component 301 of the encryption unit for conversion.
3) Iterative Processing of the Data.
Data resulting from previous conversion is stored in the data register component 300 of the encryption unit, and then the data registered in the data register component 300 of the encryption unit is input again to the data conversion component 301 of the encryption unit for conversion and also the next line of sub-keys of the sub-key array storage unit 2 are input to the data conversion component 301 of the encryption unit for conversion of the data. This process is repeated for thirty-two times to result in data.
It takes thirty-two clock cycles in the foregoing encryption algorithm to process a set of data with low efficiency. In order to improve this circumstance, the processing efficiency can be improved with an increased number of data conversion components. For example, a set of 128-bit data can be processed in sixteen clock cycles as illustrated in FIG. 2.
A sub-key array storage component is an indispensable component in the existing technology. If a 1024-bit sub-key array storage component is implemented with a register in an integrated circuit, then a logic resource of approximately ten thousands gates, which occupies approximately 40% of a total resource (a total resource of approximately twenty-five thousands gates is consumed in the solution of FIG. 1) will be consumed at a high cost.