The present invention relates to encryption engines.
A traditional encryption engine utilizing Electronic Code Book (ECB) mode of encryption processes a block of data on every clock cycle. The encryption process can thus be pipelined (broken into smaller sequential functions) for increased throughput. However, ECB mode is rarely used in practice because it is vulnerable to certain attacks because identical plaintext blocks produce identical ciphertext blocks.
Cipher Block Chaining (CBC) mode is the preferred mode in practice because CBC mode encryption requires feedback from the previous computation. The CBC mode of encryption is, therefore, difficult to pipeline because each subsequent block of data requires the results of the encryption of the previous block of data.
The present invention provides solutions to the problem of keeping an encryption engine (such as those employing the Data Encryption Standard (DES) or other encryption algorithm) pipeline full so that the encryption engine can run at full capacity in CBC mode. The traditional concern with CBC mode encryption using pipelined implementations is that the pipeline must be “flushed” or “run dry” before a ciphertext value is obtained and fed back to Exclusively-OR with the next block of plaintext. In the prior art, a single engine only processes data from a single stream at any one time. The present invention allows the encryption engine pipeline to be kept full, thus permitting full-rate operation.
The prior art includes ANSI Standard X9.52, Triple-DES Cipher Block Chaining—Interleaved Mode (TCBC-I), approved Jul. 29, 1998, and published by the American Bankers Association. In that standard there are three encryptors/decryptors operating in parallel, each performing one encryption/decryption per clock cycle. These are not pipelined encryptors, where each encryptor stage requires a clock cycle, but performs much less work. Rather, these use a slower clock and perform all the work in a combinatorial fashion during one clock cycle. The results from one encryptor are pipelined to the next, but the individual encryptors are not pipelined. (See especially chapter 7). The referenced X9.52 standard specifies 3 input sub-streams (one stream triparted, not 3 different streams) and 3 stages of encryption. Because some of the modern encryptors have each of the 3 portions (encrypt-decrypt-encrypt) subdivided into 18 or more stages, the method of X9.52 is insufficient to keep a 54 (or more) stage encryptor fully fed. Using a 54 stage encryptor and the method of X9.52 would produce 3 results in quick succession, then would stall for 51 clock cycles before the next 3 results come forth.