Block cipher algorithms generally include two paired algorithms; one for encryption and one for decryption. Block ciphers typically receive as input a fixed-length group of bits, or a block, and a key. A cipher mode specifies how an input packet, which may be of a variable length and larger than the fixed-length block required by the block cipher algorithm, is partitioned such that the data may be fed into the cipher algorithm as required. A key schedule algorithm (also referred to as key expansion) receives as input a compact key and generates a set of round keys derived from the compact key. The round keys are then utilized in the cipher algorithm along with the input block of data to be ciphered.
Both the key scheduling and cipher algorithms are iterative processes. For example, expanding a compact key conventionally applies an expansion function to the compact key to generate a first round key, and then applies the expansion function to the first round key to generate a second round key, and so forth, until a set of round keys of a desired size for the particular cipher algorithm is attained. The number of round keys in a set is dependent on the duration of the particular key schedule algorithm.
Similarly, a cipher algorithm conventionally applies a cipher function to an input block or packet using the first round key, and then applies the cipher function on the result of the first algorithm application using the second round key, and so forth, until all round keys in the set have been utilized. As a result of the iterative nature of these processes, the calculation of a set of round keys and subsequent use in a cipher algorithm to cipher a packet is a time consuming process.
Conventionally, hardware-based key schedule implementations (i.e., calculation or generation of the set of round keys from a compact key) are either performed in an “online” or “offline” manner. Online key scheduling leverages a pipelined approach to both the key expansion and the application of the cipher algorithm. In this implementation, each stage of the pipeline contains both hardware to support the application of an expansion function to a previous stage's round key (or compact key in the case of the first stage) and hardware to support the application of a cipher function to a previous stage's result (i.e., both the round key and the result of the application of the cipher function generated by the previous stage). Online key scheduling offers a reduction in latency; however, because each stage of the pipeline requires hardware to apply the key expansion, online key scheduling requires more space to implement.
Offline key scheduling utilizes a single hardware block to perform the iterative key expansion. The round key computed in each iteration may be stored in a memory. The same hardware block is used over and over. Subsequently, once the key expansion is complete (i.e., a set of round keys of a desired size for the particular cipher algorithm is attained), the cipher algorithm is carried out in a pipelined or iterative manner as explained above. Although the size of hardware is reduced by only utilizing one implementation of the key expansion hardware to iteratively generate the set of round keys, latency is greatly increased any time a new compact key is to be utilized (i.e., a key context switch), since the set of round keys must be generated before the cipher algorithm is applied to an input packet.