1. Field of the Invention
The present invention relates to an AES encryption/decryption circuit for executing AES (Advanced Encryption Standard) processing that is defined by FIPS (Federal Information Processing Standards) 197.
2. Description of the Related Art
Along with the recent improvement of optical fiber networks, everybody can readily use high-speed communications on the Internet. This also facilitates mass data communication such as high-quality video distribution. However, there are threats on the networks, including wiretapping, alteration, and spoofing. To protect network communications from these threats, needs for cryptography have grown.
Although encryption is essential for secure communications, any decrease in the transfer rate is not preferable. This tendency is especially conspicuous in the video distribution field where an enormous quantity of data is processed. High-speed encryption is necessary for securely transmitting a large quantity of data at a high speed.
Mass encryption communication generally uses symmetric block cipher.
The most widely used symmetric block cipher is AES defined by FIPS (Federal Information Processing Standards) 197.
To cope with high-speed encryption communication, the AES needs to be accelerated using a dedicated hardware accelerator.
FIGS. 60A and 60B show the AES encryption and decryption algorithms. AddRoundKey, SubBytes, ShiftRows, MixColumns, InvSubBytes, InvShiftRows, and InvMixColumns in FIGS. 60A and 60B are processes of the same names, which are defined as sub-block transformations in FIPS197. NR is a number of rounds which is determined in accordance with the key length and is 10 in AES-128, 12 in AES-192, or 14 in AES-256.
As shown in FIGS. 60A and 60B, the AES algorithm repeats a round function defined by the standards NR times after AddRoundKey Transformation. The round function includes four processes SubBytes, ShiftRows, MixColumns, and AddRoundKey for encryption, and four processes InvShiftRows, InvSubBytes, AddRoundKey, and InvMixColumns for decryption. As an exception, the round function of NRth time includes three processes SubBytes, ShiftRows, and AddRoundKey for encryption, and three processes InvShiftRows, InvSubBytes, and AddRoundKey for decryption. The AddRoundKey Transformation requires a Round Key wkeyi (Round Key described in FIPS197; i is the round number) generated from a cipher key and having a value that changes every round. However, wkey0 is equal to the cipher key.
In order to implement the AES algorithm as a hardware, all of the AES signal processing must be divided into the one that can be executed within the 1 clock cycle period that is supplied into the AES circuit. For example, one round function is executed within one clock cycle, two round functions are executed within one clock cycle, or one round function is executed within two clock cycles in the general implementation method.
In the conventional method, encryption and decryption of AES-128 require 11 clock cycles when one round function is executed within one clock cycle, 6 clock cycles when two round functions are executed within one clock cycle, and 22 clock cycles when one round function is executed within two clock cycles.
The AES implemented by hardware can achieve high-speed processing of a predetermined level. However, the AES process speed is required to be higher.