Typically, cryptography is used for data storage and/or communication to ensure the security/confidentiality of data. For example, in a communications system, plaintext data can be encrypted (encoded) at a transmission node to generate ciphertext, and the ciphertext can be transmitted to a receiver node, wherein the ciphertext is decrypted (decoded) to obtain the plaintext data. The encryption of data assures the confidentiality of the transmitted data. In certain applications, it is also desirable to implement a cryptographic scheme that enables data authentication as well as data confidentiality.
For example, one cryptographic protocol that provides assurance of the confidentiality and authenticity of data is CCM (Counter with Block Chaining-Message Authentication Code). In general, CCM is mode of operation of a symmetric key block cipher, which combines the techniques of the CTR (Counter) mode for data confidentiality and the CBC-MAC (Cipher Block Chaining-Message Authentication Code) mode for data authentication and integrity. In one proposed and emerging standard, CCM is based on a symmetric key block cipher algorithm whose block size is 128 bits, such as the AES (Advanced Encryption Standard) protocol, for use within the proposed IEEE 802.11i standard for WLAN (wireless local area network) applications.
In general, CCM mode includes a CCM encryption process and a CCM decryption process, wherein the CCM encryption and CCM decryption use the same cryptographic key and only the block cipher encryption function (i.e., the forward cipher function). More specifically, for a given message (e.g., data packet having a header and payload), CCM encryption comprises applying a CBC mode to the header and payload and a nonce (unique value (bit string)) which is assigned to the header/payload pair) to generate a MAC (message authentication code), and applying CTR mode to encrypt the MAC and to encrypt the payload, to thereby generate a ciphertext.
On the other hand, CCM decryption comprises applying CTR mode to decrypt the ciphertext (recover the MAC and payload), and applying CBC mode to generate a MAC, and comparing the generated MAC with the received MAC to authenticate the message.
FIG. 1 is a flow diagram of a conventional CCM mode of operation. More specifically, FIG. 1 illustrates a conventional CCM mode of operation for encrypting one block of data (i.e., block of plaintext). In the following discussion, it is assumed that the data block has a block size equal to 128 bits (16 bytes), which is the size of the block cipher (e.g., AES). Initially, a block of data (plaintext block) will be read from memory (e.g., hard disk memory) (step 10). Assuming an ideal process, the read process will take at least 7 clock cycles to read 16 bytes (128 bits). Next, the plaintext block will be encrypted using the CTR mode (step 11), which requires at least 10 clock cycles in an ideal case. The encrypted block will then be stored in memory (step 12), which requires at least 7 clock cycles in an ideal case.
Next, the same plaintext block (i.e., same plaintext block used for the CTR encryption) will be read from the memory again (step 13), which requires at least 7 clock cycles in an ideal case. The plaintext block will then be encrypted using CBC-MAC mode (step 14), which requires at least 10 clock cycles in an ideal case. The encrypted block is then stored (written) to the memory (step 15), which requires at least 7 clock cycles in an ideal case.
As described above, a conventional method as depicted in FIG. 1 requires, in an ideal case, at least 48 clock cycles for processing one block of data (one plaintext block) for a CCM encryption mode. The conventional encryption method of FIG. 1, however, includes redundant steps that render such method inefficient. For instance, the same plaintext block is read from memory two times, once for CTR encryption (step 10) and once for CBC encryption (step 13), which makes the second memory read operation (step 13) redundant. Furthermore, since the MAC value that is used for CCM is the accumulated MAC value that is obtained after the last plaintext block is processed, the write process (step 15) is not necessary for the CBC encryption process for each block, which further adds to the redundancy of the method of FIG. 1.