1. Field of the Invention
The present invention relates generally to the area of data security and in particular relates to a method and apparatus for integrated ciphering and hashing.
2. Description of the Related Art
Cryptographic applications are frequently employed to insure the secure transmission of messages. Cryptographic applications encrypt the message (also referred to herein as plaintext) on the transmission side and decrypt or decode the encrypted message (also referred to herein as ciphering) on the receiving side. This encryption and decryption of messages is commonly known in the art as the ciphering.
In recent years, a number of cryptographic applications also include a feature that allows a user to append a digital signature to a particular message. This digital signature is employed to authenticate the source of a message. This process of signing or authentication is commonly known in the art as signature processing. Both ciphering and signature processing are important components in insuring the secure transmission of messages.
One of the key elements of signature generation and processing is computing a hash value corresponding to a message (e.g., plaintext). In the prior art, the ciphering and hashing occurred in series. For example, a cipher unit processed a message first. Thereafter, the message is passed to a hash unit to perform the hash computation on the message.
The primary disadvantage of this serial implementation of the cipher unit and hash unit is that hash computation cannot begin until the cipher unit completed the encryption or decryption. In other words, the serial implementation suffered in terms of performance. In addition, a two pass system suffers from security issues since the message can be tampered with between the two passes.
First, ciphering algorithms and hash algorithms typically operate on data having different block sizes. For example, whereas a ciphering algorithm would operate on data having a first size (e.g., 64 bits in DES) a hash algorithm may operate on data having a second block size (e.g., 512 bits in MD5 and SHA).
Second, the ciphering algorithms and hash algorithms typically have a different number of processing steps. For example, the DES encryption algorithm, which is a National Bureau of Standard""s protocol, specified by Data Encryption Standard, Federal Information Processing Publication 46 includes 16 steps, while the MD5 (R. L. Rivest, xe2x80x9cThe MD5 Message Digest Algorithm,xe2x80x9d Request for Comment 1321, April 1992) hashing algorithm includes 64 steps. In a hardware implementation, each step typically is performed in one clock cycle. It is understood by those skilled in the art that the actual number of cycles for each step is variable and depends on the process technology employed to implement the cipher and hash operations. It is appreciated that the time for the cipher unit to complete its processing is different from the time for the hash unit to complete its processing.
Accordingly, a method and apparatus for integrated ciphering and hashing that overcomes the disadvantages noted previously is needed.
A method and apparatus for integrating the ciphering and hashing of a message is disclosed. The present invention includes a cipher unit for providing encryption and decryption services and a hash unit for generating a hash value corresponding to the message. The cipher unit operates on a block of data having a first predetermined size M, and the hash unit operates on a data block having a second predetermined size N. A storage unit is provided by the present invention having a size Q which is an integer multiple of M and N. Moreover, security enhancement unit of the present invention ensures that the cipher unit and the hash unit operate on the same block of data of size Q. The security enhancement unit ensures that the cipher unit and hash unit do not accept a next block of data (i.e., new data) until both units have completed processing the current block of data.