1. Field of the Invention
The present invention relates to Galois Field computation, and more particularly, to a SubByte circuit and an InvSubByte circuit applied in an advanced encryption standard (AES) system, and a method thereof.
2. Description of the Prior Art
Advanced Encryption Standards (AES) is an encryption standard approbated by the Federal Information Processing Standards (FIPS) wherein, in A.D. 2000, the National Institute of Standards and Technology (NIST) adopted a Rijndael algorithm to realize the AES system. AES is provided for protecting the privacy of electric data, and the Rijndael algorithm is a commensurate encryption/decryption standard, which can be applied for both encrypting electric data to derive a corresponding ciphertext, and for decrypting the ciphertext into the original plaintext (i.e., the electric data); in this way, the privacy of the electric data is further ensured. In the AES process, the used cryptographic key can be selectively 128 bits, 192 bits, or 256 bits to encrypt/decrypt a 128 bit data block.
The encryption process of AES includes several operations while the decryption process of AES includes several inverse operations corresponding to the operations applied in the encryption process. The operations of the encryption/decryption process include: AddRoundKey operations, SubByte operations/InvSubByte (inverse SubByte) operations, ShiftRow operations/InvShiftRow (Inverse ShiftRow) operations and MixColumn/InvMixColumn (inverse MixColumn) operations. The AES process encrypts/decrypts the electric data by executing a plurality of the above-mentioned operations repeatedly. There is therefore a demand for providing an efficient and compact operating circuit (for executing the aforementioned encryption operations) and corresponding inverse operating circuit for the decryption operations to reduce the processing time and the circuit area.
In the AES process, the SubByte operation is a nonlinear operation, wherein each input byte needs an individual S-Box for executing the corresponding operation. The operations of the S-Box and the operations of the inverse S-Box both include a multiplicative inverse operation, and an affine transform/inverse affine transform; the difference between the S-Box operations and the inverse S-Box operations is merely the applied order of the multiplicative inverse operation and the affine/inverse affine transform. However, executing the S-Box operations and the inverse S-Box operations in the corresponding finite field (Galois Field) is excessively complex due to the fact that the used finite field in AES is a Galois Field GF(28); therefore, for avoiding the difficulty of performing complex computation in the Galois Field GF(28), a lookup table is used for the process of S-Box and inverse S-Box. The required lookup table is large and needs a huge memory for storage, however, leading to the huge circuit area and a restricted throughput.
There is therefore a demand for providing a novel S-Box structure and the corresponding inverse S-Box structure with an excellent operating efficiency and smaller-size, to solve the existing problems of the AES process.