An cryptographic algorithm of a symmetric-key is designed to conceal data formed of a plurality of blocks, each of which having a predetermined block length. For this reason, using the symmetric-key algorithm, there has been developed an operation method of concealing data longer than the block length or an operation method of generating an authentication code for detecting manipulation of original data. An operation method for a variety of uses based on the symmetric-key encryption type is called an mode of operation.
A standard mode of operation is disclosed in FIPS PUB SP800 series. For example, as an operation method for encrypting data that is longer than the block length, there is a cipher-block chaining (CBC) mode disclosed in FIPS PUB SP800-38A.
In the CBC mode, at the time of storage in a storage device, plain text and encrypted data may be different in data length. Specifically, when the length of plain text is not an integer multiple of the block length, the data length of cipher text is longer than the data length of the plain text. Therefore, there has been required a mode of operation in which the data length is same before and after encryption, and so a mode of operation for a storage device has been developed.
A mode of operation for a storage device has been standardized by IEEE P1619-Std-2007. The mode of operation standardized by IEEE P1619-Std-2007 has been approved as SP800-38E (an XEX encryption mode with tweak and ciphertext stealing (XTS) mode) in FIPS PUB SP800-38 Series that has set the mode of operation.
In the past, however, the CBC mode has been mainly used. Thus, in order to maintain compatibility with a conventional system, it is necessary to support the conventional CBC mode as well as the XTS mode as the encryption type of data inside the storage device. That is, it is necessary to prepare an encryption circuit that supports two use modes, the XTS mode and the CBC mode.