1. Field of the Invention
The present invention relates to the field of ciphering and deciphering. More specifically, the present invention relates to line rate deciphering having special application in network traffic routing.
2. Background Information
With advances in integrated circuit, microprocessor, networking and communication technologies, increasing number of devices, in particular, digital computing devices, are being networked together. Devices are often first coupled to a local area network, such as an Ethernet based office/home network. In turn, the local area networks are interconnected together through wide area networks, such as ATM networks, Frame Relays, and the like. Of particular notoriety is the TCP/IP based global inter-networks, Internet.
As a result of this trend of increased connectivity, increasing number of applications that are network dependent are being deployed. Examples of these network dependent applications include but are not limited to, email, net based telephony, world wide web and various types of e-commerce. Successes of many of these content/service providers as well as commerce sites depend on high speed delivery of a large volume of data.
At the same time, with increased concern over privacy and security, increasing amount of data are being transferred in a ciphered basis. As a result, successes of the content/service providers as well as commerce sites are also dependent on the routing devices, as well as the servers and client devices being able to cipher and decipher data at a very high rate.
The fundamentals of ciphering and deciphering are well known in the art. Typically, a plain text is ciphered using a ciphering “master” key. The ciphering is effectuated incrementally over a number of iterations, employing a number of corresponding ciphering round keys. The ciphering round keys are generated from the ciphering “master” key using a round function, with the first ciphering round key generated directly from the ciphering “master” key and thereafter, each subsequent ciphering round key, from the immediately preceding ciphering round key, the original “master” key plus one or more pseudo random factors or other algorithmic approaches. The ciphered text is deciphered by applying the ciphering round keys backward. In other words, the first deciphering round key is the last ciphering round key.
The emphasis under the prior art to-date typically has been on the robustness of ciphering, that is, ensuring it is difficult for any attacker to uncover the deciphering round keys. Generally, the “undetectability” of the ciphering/deciphering round keys are enhanced by increasing the pseudo randomness injected between successive rounds of ciphering. As a result, if a deciphering unit, or a unit responsible for providing the deciphering unit with the deciphering round keys, is required to generate the deciphering round keys (e.g. in symmetric ciphering/deciphering), the deciphering round keys are fully generated (by re-generating the ciphering round keys in the conventional forward manner), before deciphering can take place (applying the re-generated ciphering round keys in reverse order as deciphering round keys).
The prior art approach of having the deciphering round keys fully generated is inefficient. In addition to having to wait for the generation of the last ciphering round key before deciphering can take place, the amount of storage elements required to generate and hold all the deciphering round keys could be significant, especially for deciphering/deciphering processes that employ long ciphering/deciphering round keys and/or great numbers of rounds. The delay in the start of deciphering and the large amount of storage required are especially problematic for high speed applications that require high line rate deciphering for multiple data streams at the same time, such as high speed optical networking, where multiple network traffic flows often have to be deciphered substantially at the same time. The reason being, the desired high line rate deciphering typically means that all the deciphering has to be performed on-chip in parallel. However, the large memory requirement, and the resulting substantial IC real estate consumption render these prior art approaches less than desirable.
Thus, a more efficient approach to deciphering, in particular, deciphering round key generation is desired.