Building encryption circuitry for a known encryption application is easy. If the number of channels to be encrypted and authenticated, and the data rate of each channel, are known, an appropriate number of lanes of encryption circuitry can be provided. There could be one lane per channel, or if the data rate is higher than the speed of the device, there could be a correspondingly higher number of lanes per channel.
However, if the encryption and authentication circuitry is being built for an unknown encryption application—whether as a fixed multi-purpose encryption and authentication circuit or as part of a programmable integrated circuit device such as a field-programmable gate array (FPGA) or other programmable logic device (PLD)—then the problem becomes more difficult. Whatever number of lanes may be provided may not easily map to the particular application that a user may attempt to implement.
In one application, a user may need fewer channels than there are lanes. If the data rate is lower than the device speed, that application is trivial; each channel could be encrypted in one lane. But once the number of channels exceeds the number of lanes, or if the data rate exceeds the device speed so that more than one lane is needed per channel, complications can arise.
For example, if there are three lanes and four channels, the four channels will have to be multiplexed onto the three lanes (e.g., by time-division multiplexing). That in itself is not difficult. However, the different channels may have different encryption keys and different hash keys, and even for a given channel the encryption key or hash key may change over time. In such a case, for any time slice, the correct key for the correct channel will have to be delivered to the appropriate lane.
Similarly, it may be necessary to divide each channel among multiple lanes because the data rate exceeds the device speed. If so, the same problem of delivering the correct key or hash to the correct lane at the correct time will arise. In addition, depending on the number of channels and the number of lanes, the actual encryption or authentication operations may not be able to complete within the number of clock cycles between appearances of a particular channel in a particular lane.