An ARIA algorithm for encrypting or decrypting is a symmetric key block cipher algorithm that has been developed by the Korean National Security Research Institute (NSRI) for the public and private use. In the ARIA algorithm, it is recommended that the number of rounds is twelve for a 128-bit length key, fourteen for a 192-bit length key, and sixteen for a 256-bit length key.
In the ARIA algorithm, encryption/decryption is performed by a round operation, and each round includes a substitution operation and a diffusion operation.
A time consumed for and a hardware resource used for an ARIA block encryption/decryption operation vary in accordance with a method for performing the substitution operation and the diffusion operation and a method for performing a key expansion process, and are directly associated with performance of an ARIA encryption process.
FIG. 1 is a view showing a conventional substitution unit. The substitution unit substitutes a 128-bit input with a result value of a substitution box in the unit of a byte. As shown in FIG. 2, the substitution box includes four types of boxes S1 200, S2 204, S1−1 202, and S2−1 206. The boxes S1−1 202 and S2−1 206 are inverse substitution boxes of S1 and S2, respectively. A first substitution unit 100 of FIG. 1 is used for an odd-numbered round operation and a second substitution unit 102 of FIG. 1 is used for an even-numbered round operation.
FIG. 2 is a view showing the four types of conventional substitution boxes. The substitution boxes 200, 202, 204 and 206 are four types of tables having values described in the ARIA algorithm, each of which stores the values in a storage unit such as a ROM in the form of a table and outputs a value (8 bits) of a table corresponding to a given 8-bit input value, that is, an address.
One substitution box requires a 256-byte ROM and the four types of substitution boxes are composed of a 1024-byte ROM. In order to construct the first substitution unit 100 of FIG. 1, a parallel process should be performed with respect to a 128-bit input. Thus, a 4096-byte ROM is required. In addition, in order to construct the second substitution unit 102 of FIG. 1, a parallel process should be performed with respect to a 128-bit input. Thus, a 4096-byte ROM is required. Consequently, an 8192-byte ROM is required for constructing the above-described substitution units.
As described above, since the ROM or the RAM should be included in order to construct the four types of substitution boxes in the prior art, the size of hardware is increased. In addition, since an access time to the ROM or the RAM is fixed, it is difficult to realize a high-speed operation.