The various embodiments described herein relate to cipher and decipher operations within microprocessors.
In cryptography, a block cipher operates on blocks of fixed length (e.g., 64 bits or 128 bits). Because messages may be of any length, and because encrypting the same plaintext under the same key always produces the same output, i.e. ciphertext, several modes of operation have been developed that allow block ciphers to provide confidentiality for messages of arbitrary length.
In the cipher-block chaining (CBC) mode of cipher operation, each block of plaintext is XORed with the previous ciphertext block before being encrypted. Accordingly, each ciphertext block is dependent on all plaintext blocks processed up to that point. Encrypted information is transmitted via a chaining value that is updated with each ciphertext block. The same principle is used in decipher operation, wherein the roles of plaintext and ciphertext are interchanged.
In FIG. 1, a scheme of CBC is shown that depicts the data flow of CBC mode for symmetric ciphers. Input data 01 in a symmetric cipher engine 02 may comprise both a chaining value 03 and input text, which is plaintext (PT) for a cipher operation (FIG. 1a) and ciphertext (CT) for a decipher operation (FIG. 1b). To make each message unique, an initial chaining value 04 may be used to initiate the process for the first real block. FIG. 1 also includes XOR stages 05 (indicated by “=1” components) for XORing data in accordance with the CBC mode.
In FIG. 2, a hardware implementation 06 of CBC according to the state of the art is provided. The hardware implementation 06 may be used for both cipher operation and decipher operation. An input data buffer 07 and an output data buffer 08 (e.g., working according to a first in, first out (FIFO) principle), allow successive (i.e., back-to-back) operations without unnecessary wait cycles. Consequently, software can fill the input data buffer 07 asynchronously to the cipher operation. The input data 01 (FIG. 1) is supplied to a crypto operation hardware 09. The crypto operation hardware 09 includes a symmetric cipher engine (SCE) 02 and XOR stages 05 (indicated by “=1” components). A key 11 is used by the SCE 02 during processing.
At least for cipher operation (FIG. 1a), an initial chaining value (ICV) 04 is used for ciphering a first block of input data 01 (i.e., plaintext (PT)). For a subsequent block of input data 01, the crypto operation hardware 09 stores a ciphertext block processed from the previous block of input data for use as a chaining value 03 for ciphering the subsequent block. For decipher operation (FIG. 1b), an ICV 04 is used for deciphering a first block of input data 01 (i.e., ciphertext (CT)). For a subsequent block of input data 01, the crypto operation hardware 09 stores the previous block of input data 01 for the duration of one decipher operation for use as a chaining value 03 for deciphering the subsequent block.
To store the relevant data for use as a chaining value for cipher operation or for decipher operation, the crypto operation hardware 09 according to the state of the art comprises a dedicated chaining value register (CVR) 10. The width of the CVR 10 is equal to the width of a basic block of the relevant symmetric cipher algorithm. The CVR 10 is necessary according to the state of the art to store a chaining value for ciphering or deciphering. Specifically, for cipher operation the CVR 10 stores a chaining value to be XORed with a plaintext block of input data 01, and the result is processed by the SCE 02. For decipher operation the CVR 10 stores a chaining value that is XORed with a ciphertext block of input data 01 that has been processed by the SCE 02. While the CVR 10 is required for hardware implementation of CBC according to the state of the art, it is disadvantageous in that it requires area and power.