1. Field of the Invention
The present invention relates generally to a wireless communications system, and in particular, to an encryption apparatus and method for implementing confidentiality and integrity algorithms in a wireless communications system.
2. Description of the Related Art
As the first generation analog encryption system has evolved into the second generation digital encryption system, more advanced encryption techniques have been used. The current third generation encryption system provides encryption service for multimedia service i.e., audio and video information. Thus, the importance of encryption has increased in order to provide confidentiality to voice signals, multimedia service, and user data. An integrity algorithm is required to authenticate control signals between mobile terminals in a wireless communication system and a network. The 3rd Generation Project Partnership (3GPP) has selected the KASUMI algorithm as the f8 confidentiality and f9 integrity algorithms for a third generation system based on a Global System for Mobile communication (GSM) core network, and a Universal Mobile Telecommunication System (UMTS).
FIG. 1 is a block diagram illustrating an example of a conventional KASUMI algorithm. Referring to FIG. 1, KASUMI is an 8-round Feistel unit cipher that provides a 64-bit output ciphertext from a 64-bit input plaintext with 8-round encryption. The 64-bit input signal is divided into a 32-bit signal L0 and a 32-bit signal R0. FLi units (1≦i≦8) 110 to 180 and FOi units (1≦i≦8) 210 to 280 encrypt the signals L0 and R0 under corresponding encryption keys KLi (1≦i≦8), KOi (1≦i≦8), and KIi (1≦i≦8) and output the 64-bit ciphertext.
Encryption in accordance with FIG. 1 occurs in the following manner. An FL1 unit 110 encrypts the input 32-bit signal L0 with an encryption key KL1 and outputs a ciphertext L01. An FO1 unit 210 encrypts the 32-bit ciphertext L01 with encryption keys KO1 and KI1 and outputs a ciphertext L02. An Exclusive-OR operation is performed to logically “exclusive OR” the ciphertext L02 and the 32-bit signal R0 to provide a 64-bit ciphertext. This encryption occurs eight times and a final 64-bit ciphertext is generated in the KASUMI.
FIG. 2A is a block diagram illustrating an example of FOi units. Referring to FIG. 2A, FOi denotes an ith FO unit. The FOi unit comprises a plurality of f1i,j sub-ciphers (1≦i≦3, 1≦i≦3) to provide 3-rounds of encryption. Here, the operation of the FO1 unit 210 will be described by way of example. The 32-bit input signal is divided into two 16-bit signals L0 and R0. An Exclusive-OR operation is performed to logically “exclusive OR” the 16-bit signal L0 and a 16-bit sub-encryption key KO1,1, to provide a signal L1. A f11,1 sub-cipher 201 encrypts the signal L1 with a 16-bit sub-encryption key KI1,1 and outputs a signal L1D. Meanwhile, a first delay (D1) 10 delays the 16-bit signal R0, which is equivalent to the signal R1, in order to synchronize the 16-bit signal R0 with the signal L1D and output a delayed signal R1D. For a second-round of encryption, an Exclusive-OR operation is performed to logically “exclusive OR” the 16-bit signal RID and a 16-bit sub-encryption key KO1,2 to provide a signal L2. A f11,2 sub-cipher 203 encrypts the signal L2 with a 16-bit sub-encryption key KI1,2 and outputs a signal L2D. Meanwhile, an Exclusive-OR operation is performed to logically “exclusive OR” the 16-bit signal R1D and the signal L1D, to provide a signal R2. A second delay (D2) 20 delays the signal R2 in order to synchronize the signal R2 with the signal L2D and output a delayed signal R2D. For a third-round of encryption, an Exclusive-OR operation is performed to logically “exclusive OR” the 16-bit signal R2D and a 16-bit sub-encryption key KO1,3, resulting in a signal L3. A f11,3 sub-cipher 205 encrypts the signal L3 with a 16-bit sub-encryption key KI1,3 and outputs a signal L3D. Meanwhile, an Exclusive-OR operation is performed to logically “exclusive OR” the 16-bit signal R2D and the signal L2D to provide a signal R3. A third delay (D3) 30 delays the signal R3 in order to synchronize the signal R3 with the signal L3D and output a delayed signal R3D. An Exclusive-OR operation is performed to logically “exclusive OR” the 16-bit signal R3D and the signal L3D, to provide a signal R4. The 16-bit signal R4 is operated with the 16-bit signal R3D (=L4), resulting in a 32-bit ciphertext L4//R4.
The FO1 unit uses the three delays 10, 20 and 30 to synchronize to the output timings of the sub-ciphers 201, 203 and 205.
FIG. 2B is a block diagram illustrating another example of the FOi units. Referring to FIG. 2B, a FOi unit comprises a plurality of f1i′,j′ sub-ciphers (1≦i′≦3 1≦j′≦3), for 3-rounds of encryption. Here, the FO1 unit 210 will be described by way of example. The 32-bit input signal is divided into two 16-bit signals L0′ and R0′. An Exclusive-OR operation is performed to logically “exclusive OR” the 16-bit signal L0′ and a 16-bit sub-encryption key KO1,1, to provide a signal L1′. A f11′,1′ sub-cipher 211 encrypts the signal L1′ with the 16-bit sub-encryption key KI1,1 and outputs a signal L1D′. Meanwhile, a fourth delay (D4) 40 delays the 16-bit signal R0′ (=R1′) and outputs a delayed signal R1D′. An Exclusive-OR operation is performed to logically “exclusive OR” the signals L1D′ and R1D′ to provide a signal L2′. Simultaneously, an Exclusive-OR operation is performed to logically “exclusive OR” the 16-bit signal R0′ and a 16-bit sub-encryption key KO1,2, to provide a signal R2′. A f11′,2′ sub-cipher 213 encrypts the signal R2′ with a 16-bit sub-encryption key KI1,2 and outputs a signal R2D′. An Exclusive-OR operation is performed to logically “exclusive OR” the signals L2′ and R2D′ to provide a signal R3′. Another Exclusive-OR operation is performed to logically “exclusive OR” the signal L2′ and a 16-bit sub-encryption key KO1,3, to provide a signal L3′. A f11′,3′ sub-cipher 215 encrypts the signal L3′ with a 16-bit sub-encryption key KI1,3 and outputs a signal L3D′. Meanwhile, a fifth delay (D5) 50 delays the signal R3′ and outputs a delayed signal R3D′. An Exclusive-OR operation is performed to logically “exclusive OR” the signals L3D′ and R3D′ to provide a 16-bit signal L4′. The 16-bit signal L4′ is operated with the 16-bit signal R3D′ (=R4′), resulting in a 32-bit ciphertext L4′//R4′.
The above advanced FOi unit uses the two delays 40 and 50 to synchronize to the output timings of the F1 sub-ciphers 211 and 215. However, due to the use of the delays, a large chip capacity is required.
FIG. 3 is a block diagram illustrating an example of the f1i,j sub-ciphers illustrated in FIGS. 2A and 2B. By way of example, the f11,1 sub-cipher 201 will be described below. Referring to FIG. 3, the 16-bit input signal is divided into a 9-bit signal RL0 and a 7-bit signal RR0. An SBox91 (S91) operator 310 generates a 9-bit signal y0, y1, . . . , y8 from the input signal RL0 usingy0=(x0x2)⊕x3⊕(x2x5)⊕(x5x6)⊕(x0x7)⊕(x1x7)⊕(x2x7)⊕(x4x8)⊕(x5x3)⊕(x7x8)⊕‘1’;y1=x1⊕(x0x1)⊕(x2x3)⊕(x0x4)⊕(x1x4)⊕(x0x5)⊕(x3x5)⊕x6⊕(x1x7)⊕(x2x7)⊕(x5x8)⊕‘1’;y2=x1⊕(x0x3)⊕(x3x4)⊕(x0x5)⊕(x2x6)⊕(x3x6)⊕(x5x6)⊕(x4x7)⊕(x5x7)⊕(x6x7)⊕x8⊕(x0x8)⊕‘1’;y3=x0⊕(x1x2)⊕(x0x3)⊕(x2x4)⊕x5⊕(x0x6)⊕(x1x6)⊕(x4x7)⊕(x0x8)⊕(x1x8)⊕(x7x8);y4=(x0x1)⊕(x1x3)⊕x4⊕(x0x5)⊕(x3x6)⊕(x0x7)⊕(x6x7)⊕(x1x0)⊕(x2x3)⊕(x3x0);y5=x2⊕(x1x4)⊕(x4x5)⊕(x0x6)⊕(x0x6)⊕(x3x7)⊕(x4x7)⊕(x6x7)⊕(x5x3)⊕(x6x8)⊕(x7x8)⊕‘1’;y6=x0⊕(x2x3)⊕(x1x5)⊕(x2x5)⊕(x4x5)⊕(x3x6)⊕(x4x6)⊕(x5x6)⊕x7⊕(x1x8)⊕(x3x8)⊕(x5x8)⊕(x7x8);y7=(x0x1)⊕(x0x2)⊕(x1x2)⊕x3⊕(x0x3)⊕(x2x3)⊕(x4x5)⊕(x2x6)⊕(x3x5)⊕(x2x7)⊕(x5x7)⊕(x8⊕‘1’;y8=(x0x1)⊕x2⊕(x1x2)⊕(x3x4)⊕(x1x5)⊕(x2x5)⊕(x1x6)⊕(x4x6)⊕x7⊕(x2x8)⊕(x3x8);   (1)
A ZE1 unit 320 receives the signal RR0, adds two zeroes to the Most Significant Bit (MSB) of the signal RR0, and outputs a 9-bit signal. An Exclusive-OR operation is performed to logically “exclusive OR” the outputs of the S91 operator 310 and the ZE1 unit 320 to provide a 9-bit signal RL1. Another Exclusive-OR operation is performed to logically “exclusive OR” the signal RL1 and a 9-bit sub-encryption key KI1,1,2, to provide a 9-bit signal RL2.
A TR1 unit 330 removes two zero bits from the MSBs of the 9-bit signal RL1. An SBox71 (S71) operator 340 generates a 7-bit signal y0, y1, . . . , y6 from the input signal RR0 (=RR1) byy0=(x1x3)⊕x4⊕(x0x1x1)⊕x5⊕(x2x5)⊕(x3x4x5)⊕x6⊕(x0x6)⊕(x1x6)⊕(x3x6)⊕(x2x4x6)⊕(x1x5x6)⊕(x4x5x6);y1=(x0x1)⊕(x1x4)⊕(x2x4)⊕x5⊕(x1x2x5)⊕(x0x3x5)⊕x5⊕(x0x2x3)⊕(x3x6)⊕(x4x5x6)‘1’;y2=x0⊕(x0x3)⊕(x2x3)⊕(x1x2x4)⊕(x0x3x4)⊕(x1x5)⊕(x0x2x5)⊕(x0x5)⊕(x0x1x6)⊕(x2x6)⊕(x1x6)⊕‘1’;y3=x1⊕(x0x1x2)⊕(x1x4)⊕(x3x4)⊕(x0x5)⊕(x0x1x5)⊕(x2x3x5)⊕(x1x4x5)⊕(x2x6)⊕(x1x3x6);y4=(x0x2)⊕x3⊕(x1x3)⊕(x1x4)⊕(x0x1x4)⊕(x2x3x4)⊕(x0x5)⊕(x1x3x5)⊕(x0x4x5)⊕(x1x6)⊕(x3x6)⊕(x0x3x6)⊕(x5x6)⊕‘1’;y5=x2⊕(x0x2)⊕(x0x3)⊕(x1x2x3)⊕(x0x1x4)⊕(x0x5)⊕(x2x5)⊕(x4x5)⊕(x1x6)⊕(x1x2x6)⊕(x0x3x6)⊕(x3x4x6)⊕(x2x5x6)⊕‘1’;y6=(x1x2)⊕(x1x1x3)⊕(x0x4)⊕(x1x5)⊕(x3x5)⊕x6⊕(x0x1x6)⊕(x2x3x6)⊕(x1x4x5)⊕(x0x5x6);  (2)
An Exclusive-OR operation is performed to logically “exclusive OR” the outputs of the TR1 330 and the S71 operator 340 via a sub-encryption key KI1,1,1, to provide a 7-bit signal RR2.
A SBox92 (S92) Operator 350 generates a 9-bit signal y0, y1, . . . , y8 from the signal RL2 by Eq. (1). A ZE2 unit 360 receives the signal RR2, adds two zeroes to the MSB of the signal RR2, and outputs a 9-bit signal. An Exclusive-OR operation is performed to logically “exclusive OR” the outputs of the S92 operator 350 and the ZE2 unit 360 to provide a 9-bit signal RL3. A TR2 unit 370 removes two zero bits from the MSBs of the 9-bit signal RL3. A SBox72 (S72) operator 380 generates a 7-bit signal y0, y1, . . . , y6 from the input signal RR2 (=RR3) using Eq. (2). Another Exclusive-OR operation is performed to logically “exclusive OR” the outputs of the TR2 370 and the S72 operator 380 to provide a 7-bit signal RR4.
The 9-bit signal RL3 (=RL4) and the 7-bit signal RR4 are operated, resulting in a 16-bit ciphertext RL4//RR4.
As described above, the S91 operator 310 and the S92 operator 350 each sequentially perform an AND operation to perform a logical “AND” and an exclusive-OR operation to perform a logical “Exclusive-OR” using Eq. (1), to thereby generate an output signal y0, y1, . . . , y8. Similarly, the S71 operator 340 and the S72 operator 380 sequentially perform an AND operation to perform a logical “AND” and an exclusive-OR operation to perform a logical “Exclusive-OR” using Eq. (2), to thereby generate an output signal y0, y1, . . . , y6. Consequently, the encryption speed is decreased. Moreover, a gate delay involved in the operations of the S91, S92, S71 and S72 operators 310, 350, 340, and 360 gradually increases glitch.