The present invention relates to encryption apparatus and, particularly, to an encryption apparatus that encrypts packets having arbitrary lengths.
Of public communication networks for transferring data such as audio and video, there are used telephone subscriber network, ADSL, and other networks to implement an access network in which users are accommodated in a central office. Recently introduction of an optical access system has been started.
A known example of the optical access system is PON (Passive Optical Network) as a mode of 1 to n connection between the central office side and the subscriber side. The PON provides data communication between an OLT (Optical Line Terminal) located in a central office and plural ONTs (Optical Network Terminals) located in subscribers homes, using a shared bandwidth in such a way that each optical wavelength is assigned for ascending and descending. In the case of signals on the descending side from the OLT to the ONTs, an optical signal is split into signals halfway through in a splitter. The ONT side extracts only a signal addressed to the own terminal. Thus communication is established therebetween. In the case of signals on the ascending side, the OLT notifies the ONTs of transmission time timing. The ONTs transmit signals to the OLT in accordance with the timing. In this way plural ONTs communicate with the OLT by sharing a single wavelength.
Known examples of such an optical access system are B-PON (Broadband PON), A-PON (ATM PON), GE-PON (Gigabit Ether PON), and G-PON (Gigabit-capable PON). Particularly G-PON attracts attention for the following reasons. That is, G-PON is the fastest with a maximum ascending speed of 1.25 Gbits/s and a maximum descending speed of 2.5 Gbits/s, serving plural protocols by adopting a native GEM (Gigabit-capable Encapsulation Method/G-PON Encapsulation Method) that provides support for ATM, Ethernet, and WDM protocols.
In the G-PON, a downlink PON frame has a fixed length and a downlink PON header has a fixed length. On the other hand, an uplink PON frame has a variable length and an uplink PON header has a nearly fixed length. As for encryption, it is prescribed for G-PON that downlink signals be encrypted in compliance with Advanced Encryption Standard (AES)-128. However, there is no standard for encrypting uplink signals which are transmitted in variable-length frames. Nevertheless, encrypting variable-length frames will be necessary in future. To comply with ITU-T G984 3, a sequence of GEM packets having arbitrary lengths (especially, GEM packets with a length equaling a minimum unit of 6 bytes) must be taken into consideration.
An AES-128 cipher which is used for G-PON frames has a key length of 128 bits and an encryption block length of 128 bits and needs 10 rounds of calculation. If one round of calculation can be executed in one clock period, calculation for one encryption block can be completed in 11 clock periods including data loading. In other words, cryptographic calculation requires a given processing time which is denoted by “P” in the drawings which will be referred to later. Considering that P=11 in AES-128 and a throughput of 2.4 Gbps for processing GEM packets having arbitrary lengths, two planes of cryptographic calculation are needed, when an 8-bit parallel circuit which processes one byte per clock is used. Four planes of cryptographic calculation are needed, when a 16-bit parallel circuit which processes two bytes per clock is used.
With current VLSI technology, the operating rate of components such as transistors is, at a maximum, on the order of 150 Mbps for one data line (for one bit). To realize the throughput of 2.4 Gbits (or 2.4 GHz) with an ordinary large scale integrated circuit, a 16-bit parallel circuit architecture which processes 16 data lines simultaneously in one clock period is necessary. In consequence, in the case of implementation using a less costly manufacturing process and an inexpensive chip size (10 mm×10 mm), a cryptographic calculation circuit with four planes of cryptographic calculation occupies 70% of the whole chip area and a PON processing circuit and an Ether processing circuit cannot be packed in the same chip. Even if a more costly manufacturing process with a higher packaging density is used, the cryptographic calculation circuit still occupies about 40% of the chip area. To integrate the PON processing circuit and an Ether processing circuit into the same chip, quite an expensive chip size (15 mm×15 mm) has to be used.