This application claims the priority of Korean Patent Application No. 2004-12992, filed on Feb. 26, 2004, in the Korean Intellectual Property Office, the disclosure of which is incorporated herein in its entirety by reference.
1. Field of the Invention
Exemplary embodiments of the present invention relate to an encryption/decryption system and a key scheduler with variable key length.
2. Description of the Conventional Art
A block cipher algorithm (e.g., AES algorithm) may divide a real time data stream into data blocks and may encrypt or decrypt the data blocks. The length of one block may be 128 bits, and the algorithm may be implemented in software or hardware. An encryption/decryption system implemented in hardware may be used for higher speed application products.
Encryption using the block cipher algorithm may be performed through, for example, SubBytes conversion, ShiftRows conversion, MixColumns conversion and AddRoundKey conversion processes. Decryption using the block cipher algorithm may be performed through, for example, InvShiftRows conversion, InvSubBytes conversion, InvMixColumns conversion and AddRoundKey conversion processes. All, or substantially all, of the conversion processes for encryption or decryption may be performed in rounds. After one round is completed, the round may be repeated multiple times to encrypt or decrypt of data.
In the AddRoundKey conversion process, data blocks, processed by previous conversion processes, may be mixed with round keys generated by a key scheduler, and may be converted to an encrypted or decrypted data stream. An initial input key, which may be input to the key scheduler in order to generate a round key, which may have, for example, a key length of 128 bits, 192 bits or 256 bits. As the length of the initial input key may increase, the level of data encryption may increase. The number of repetitions of the round may be determined by the length of the initial input key. For example, the encryption/decryption system may perform 10 rounds when the length of the initial input key is 128 bits, 12 rounds when 192 bits, and 14 rounds when 256 bits. The key scheduler may provide the round key whenever the encryption/decryption system performs a round.
The key scheduler may be constructed, for example, in an on-the-fly method or pre-computation method. The on-the-fly method may generate the round key, for example, simultaneously, with encryption or decryption of data. The on-the-fly method may generate and output the round key used for each round when the round is executed. The pre-computation method may previously generate round keys, which may be used for all of the rounds, may store the round keys in a memory, and may read and output a round key used for each round from the memory.
The pre-computation method may use a larger capacity memory for storing the previously generated round keys. According to the pre-computation method, a round key may be read from the memory for each round, and the corresponding operating speed of an encryption may be lower. The length of all, or substantially all, of the round keys may correspond to the number of bits in one block, which may be encrypted or decrypted (128 bits×(the number of rounds+1)). For example, the number of rounds may be 10 when each round key is 128 bits. The length of all, or substantially all, of the round keys stored in the memory may be 1408(128×11) bits. Alternatively, the round key may be 192 bits and 256 bits, and the length of all, or substantially all, of the round keys may correspond to 1644(128×13) bits and 1920(128×15) bits, respectively.
A register may be used to store the round keys, and hardware, which may have, for example, at least 15,000 gates, may be used when the round key length is 256 bits. The key scheduler need not include a larger capacity memory for storing the round keys and may use a smaller space for storing one round key.
FIG. 1 is a block diagram of a conventional encryption/decryption system using a block cipher algorithm (e.g., an AES algorithm), which may include a key scheduler. Referring to FIG. 1, the conventional encryption/decryption system 10 may include a controller 11, an encryption key scheduler 12, a decryption key scheduler 13, and a block round processor 14. The encryption key scheduler 12 may generate an encryption round key R_KEY from an initial round key E_INKEY received from an external apparatus and may output the encryption round key R_KEY to the block round processor 14. The decryption key scheduler 13 may generate a decryption round key IR_KEY from an initial round key D_INKEY received from an external apparatus and may output the decryption round key IR_KEY to the block round processor 14.
The conventional encryption key scheduler 12 and the decryption key scheduler 13 may be constructed in hardware devices.
The encryption key scheduler 12 and the decryption key scheduler 13 may perform word substitution processes when generating the encryption round key and decryption round key. In the word substitution processes, the encryption key scheduler 12 and the decryption key scheduler 13 may divide 32-bit key data into four words of 8 bits and substitute for the four words using four substitution tables. The initial round key E_INKEY and the initial round key D_INKEY may be 256 bits, and the encryption key scheduler 12 and the decryption key scheduler 13 may perform the word substitution process twice per clock cycle. The encryption key scheduler 12 and the decryption key scheduler 13 may have eight substitution tables. The substitution tables may be constructed in hardware having between 800 and 2200 gates. Eight substitution tables may use between 6400 and 17600 gates. The encryption key scheduler 12 and the decryption key scheduler 13 may increase the size of the encryption/decryption system.