KR20080073348A - Multi-lane high-speed encryption and decryption - Google Patents

Abstract

An encryption system is configured to include a combination of block (130) and stream (150) cipher generators. The block cipher generator (130) provides a changing key (149) that is used to periodically re-key one or more stream cipher generators (150). Preferably an AES block encryptor (135) provides a set of 128-bit ciphers (139) that are used to provide a stream of 576-bit keys (149) that is used to periodically re-key one or more SNO W-2 stream cipher generators (150). The output (159) of the stream cipher generators (150) are used to encrypt multiple input data streams (263-264), or 'lanes' of data, using an optimized arrangement of the block (130) and stream (150) ciphers relative to these multiple lanes of data (263-264).

Description

MULTI-LANE HIGH-SPEED ENCRYPTION AND DECRYPTION}

This application claims the benefit of US Provisional Application No. 60 / 739,219, filed November 23, 2005.

TECHNICAL FIELD The present invention relates to the field of communication and data security, and more particularly, to a method and system for facilitating high speed multi lanes, parallel data channels, encryption and decryption.

A stream cipher is a cipher in which one data unit (words / bytes / bits) is common at any time the input stream is sequentially encrypted and the transformation of subsequent data units is changed during encryption. Block ciphers, on the other hand, are ciphers that operate on large blocks of data that are fixed and unchanging transformations. That is, the block cipher of a given data block and a given encryption key will always produce the same encrypted output block. On the other hand, the output of the stream cipher depends on the state of the cipher system at the time when the data unit is encrypted.

In general, a stream cipher combines an input stream with a generated keystream, which is generated pseudorandomly based on a given encryption key or set of keys. Sequential generation of key streams is typically a less complex operation than block encryption of data blocks, and stream ciphers are generally substantially faster than block ciphers and require substantially fewer hardware components.

Stream ciphers are particularly well suited for high speed encryption / decryption of unknown lengths of streams of data such as phone calls, streaming video and the like. When block ciphers are used for this data, the design must include facilities for padding the input stream that terminates before filling the block.

Many stream ciphers are configured to produce a multiple bit output in each clock period. SNOW cryptography and its successors SNOW-2 by Exdal and Johansson of Lund University, for example, a linear feedback shift register that drives a state machine configured to output 32-bit words in each period. ). In order to effectively utilize this multi-bit cipher output, parallel encryption is often used, the input stream is demultiplexed into a data set containing the same number of bits as the output cipher, and the data set uses a multi-bit cipher. It is encrypted and then multiplexed into the output stream in the same form as the input stream. For example, the input stream contains data bytes on an 8 bit wide bus, a 32 bit encrypted word is available, and each set of four 8 bit bytes on the bus is spread out to a 32 bit word. (spread), a 32 bit word is encrypted using a 32 bit encrypted word, and the resulting 32 bit output word is de-spread into 4 output bytes corresponding to the encryption of 4 input bytes. In such an embodiment, the cryptographic generator may support the throughput rate of the input stream four times faster than the cryptographic generator.

In such cases, the input data rate may be substantially less than the maximum rate that a particular cryptographic generator can support. In such cases, multiple data streams may be supported by a single cryptographic generator. In the previous example, the speed of the 8 bit wide input data stream is twice the speed of the 32 bit cryptographic generator, and two such 8 bit data streams can be supported by this 32 bit cryptographic generator; If the speed of the 8-bit wide input data stream is the same as that of the 32-bit cryptographic generator, then four such input data streams can be supported by the cryptographic generator.

However, it is generally known that stream ciphers are less secure than block ciphers, ie they are more susceptible to distinctive attacts, which are less utilized than consuming retrieval. In addition, all stream ciphers are vulnerable to attack if the keystream is repeated. Ideally, with a 128-bit key, the repetition length of the keystream is 2 ¹²⁸ bits, which is acceptable for most applications, but at an encryption rate of 100 Mb per second, the recycle time of such a cipher is less than 25 minutes. And renders an unsuitable cipher for long running applications such as streaming video. On the other hand, the complexity of block ciphers renders them too expensive or too slow for these consumer applications.

It would be advantageous to provide a cipher that provides the speed of the stream cipher and the security of the block cipher.

According to one embodiment of the invention, the cryptographic system comprises a combination of block and stream ciphers. The block cipher provides a changing key that is used to periodically re-key one or more stream ciphers. Preferably, the AES (Advanced Encryption Standard, from the US National Institute of Standards and Technology (NIST)) block cipher is used to provide a stream of 576-bit keys used to reclaim one or more SNOW-2 stream ciphers. Provides a set of 128 bit keys. The output of the stream ciphers is used to encrypt multiple input data streams, or 'lanes' of data, using an optimized alignment of block and stream ciphers associated with these multi lane data.

The invention will be explained in more detail with reference to the accompanying drawings by way of example.

1A-1C illustrate an exemplary multi-bit stream encryption system in accordance with an embodiment of the present invention that is systematically rekeyed using keys provided by a block cipher generator.

2A and 2B and 3A and 3B illustrate other exemplary multi-bit stream encryption systems in accordance with other embodiments of the present invention that are systematically rekeyed using keys provided by a block cipher generator.

4A and 4B illustrate mixing systems in accordance with various embodiments of the present invention for encrypting data bytes using a cipher in the several byte range.

Throughout the drawings, like reference numerals refer to like elements or elements performing substantially the same function. The drawings are included for illustrative purposes and are not intended to limit the scope of the invention.

In the following detailed description, for purposes of explanation rather than limitation, specific details are set forth such as specific architectures, interfaces, techniques, etc., to provide a thorough understanding of the present invention. However, it will be apparent to those skilled in the art that the present invention may be practiced in other embodiments that depart from these specific details. For purposes of brevity and clarity, detailed descriptions of well-known devices, circuits, and methods have been omitted so as not to be unnecessarily obscure in the specification of the present invention.

1A illustrates an example block and stream encryption in accordance with one embodiment of the present invention for multi-bit parallel encryption of an input stream 163 having a word size less than the word size of the stream cipher generator 150. The system is shown. For example, the input stream contains 8 bit data bytes, and the SNOW-2 stream cipher generator is used to provide the stream cipher. As is known in the art, the SNOW-2 process uses the 576-bit key 149 as an initial state to generate a sequence of 32 bit wide cryptographic output words 159.

The mixing unit 160 is used to perform encryption of the input stream 163 by mixing the cipher output words 159 of the stream cipher generator 150 with the input stream 163. To optimize the use of the sequence of 32 bit wide cipher words 159 from the stream cipher generator 150, the 8 bit input bytes 163 are four 8 bit channels by a one input, four output demultiplexer 164. Are 'spread' to form them. The 32 bit cipher word 159 is similarly divided into 8 bit cipher bytes, 1 cipher byte for each channel. In each channel, mixer 165 combines the 8-bit data bytes on the channel with the cipher bytes assigned to the channel to produce an encrypted byte. Preferably, mixer 165 performs an exclusive-OR function to combine data and cipher bytes. Four channels of encrypted bytes are provided to a four-input, one-output multiplexer 164 'to form a sequence of encrypted output bytes 169 corresponding to each byte in the input stream 163.

FIG. 1B shows a timing diagram corresponding to the operation of the encryption system of FIG. 1A. The first line shows the sequence of bytes in the input stream 163. The second line shows the sequence of cipher output words 159 of the stream cipher generator 150. Since each cryptographic output word 159 is used to encode 4 bytes of input stream 163, the sequence of output words from the stream cryptographic generator has a frequency of 1/4 of the input byte rate. That is, in FIG. 1A, the crypto clock CLK-2 151 used to provide each crypto word is operated at a quarter frequency of the clock CLK-3 161 used to input each input data byte. do.

Those skilled in the art will appreciate that the encryption-channel structure of FIG. 1A is provided merely for ease of reference, and other structures may also be used. For example, input stream 163 may contain 16 bit words, and demultiplexer 164 may be configured to provide two 16 bit channels. In such a case, the cryptographic clock CLK-2 151 will operate at one-half frequency of the clock CLK-3 161 used to input each input data word. In a similar manner, a serial register configuration or other structures may be used instead of the multiplexer structure shown as described further below with respect to FIGS. 4 and 5.

According to one aspect of the invention, the stream cipher generator 150 receives its 576-bit key 149 from the block cipher generator 130. Preferably, the block cipher generator 130 receives its key from a session key generator 110 which generates a different key at each time a user starts an encryption session. Preferably, the session key is updated regularly to improve security.

In the example encryption system of FIG. 1A, the AES encryptor 135 generates a 128-bit block cipher output 139 that is an encryption of the current content of the drive counter 132 at each period controlling the clock CLK-1 131. . As described above, the example SNOW-2 stream cipher generator uses a 576-bit key; As such, the five periods controlling clock CLK-1 131 are required to provide a sufficient number of bits to form this key. The 576-bit key corresponds to four and one-half 128-bit cipher words from AES encryptor 135 and block cipher generator 130 is configured to store three and one-half these cipher words. It includes. When a fifth 128-bit cipher word is generated, a 576-bit output is generated using the current word and previously stored three and one-half words in register 140.

As described above, although stream ciphers are generally considerably faster than block ciphers, stream ciphers are less secure than block ciphers because the stream cipher itself is repeated. If the attacker can determine some or all of the generated cipher sequences and the repetition rate, the attacker will be able to decrypt the encrypted material at each iteration of the determined sequence. Preferably, to avoid this vulnerability of the stream cipher generator 150, a new 576 bit key 149 is generated by the block cipher generator 130 and before the stream cipher generator 150 repeats itself. It is used to leak generator 150. In this way, decoding of the previous segment of the stream-password-encrypted output cannot be used to facilitate decoding of future segments.

1C illustrates an example timing sequence for use and generation of keys in the example embodiment of FIG. 1A. In each clock period CLK-1, the 128-bit block cipher output 139 of the AES encryptor 135 is identified by cipher words A ₀ , A ₁ , A ₂ , and the like. The contents of register 140 of FIG. 1A are identified as stream 142 of FIG. 1C for easy reference. In a period after the fourth output A ₃ , current output A ₄ and stream 142 are available for keying stream cipher generator 150. Then, five other cipher words A ₅ -A ₉ are generated and used to re-key stream cipher generator 150. As described above, this re-keying preferably occurs before the stream cipher generator 150 repeats itself.

One skilled in the art will, after the first generation of five cipher words, a new key become available to the stream cipher generator 150 when each new cipher word is generated, the new cipher word being a subset of the bits of the previous key. Will recognize the replacement. However, optimal security is obtained by rekeying after all bits of the old key are replaced with new crypto words.

FIG. 2A illustrates an example embodiment of a “dual lane” cryptographic system, where two input streams 263, 264 are used for session key generator 110, block cryptographic generator 130 as described above. And a stream cipher generator 150, which is encrypted using a single block-stream cipher system.

In one embodiment of FIG. 2, the clock CLK-2 251 is twice the speed, and two cipher words 259 encrypt the two input streams 263, 264 of the dual lane mixing unit 260. It is available for However, instead of selectively applying each word to each lane, each cipher word 259 is demultiplexed across respective lanes corresponding to input streams 263 and 264. The 1-input 2 output demultiplexer 220 provides each even cipher word 259 to each first two bytes of the input streams 263 and 264, and each odd cipher word 259 to the input streams ( 263, 264) to each next two bytes.

2B shows an example timing arrangement for the embodiment of FIG. 2A. As shown, each cipher word 259 is applied to each pair of input data bytes of the input streams 263, 264. As described above, the block cipher generator 130 preferably uses a new key for the stream cipher generator using five new AES words (indicated by reference numeral 139 of FIG. 1A) before the stream period repeats itself. Clocked to provide 249.

Those skilled in the art will appreciate that, depending on the timing and structural limitations of a given application, alternative configurations may be used to encrypt two streams of input data using the single block-stream encoder of the present invention. For example, each lane may consist of two byte lanes as opposed to the four byte lanes of FIGS. 1A and 2A. In such an embodiment, an odd / even demultiplexer 220 would not be required. On the other hand, the advantage of the four byte lane example of FIG. 2A is that one or two (or four, as described below) input streams of the same lane structure regardless of whether they are encrypted using the block-stream encryption system of the present invention. It is use.

3A illustrates the use of multi-stream cryptographic generators with a single block cryptographic generator, for example, to encode four lane input data.

As described above, it is often beneficial to use / reuse common circuits in other applications. In this embodiment, the dual lane mixing unit 260 is used to encrypt each pair of four lane input data, and the two stream cipher generators 150, 150 'are the two mixing units 260. To provide stream ciphers. Because of the dual structure, encryption of four lanes can be achieved at the same speed as encryption of two lanes of FIG. 2A. However, since each rekeying of the stream cipher generators 150, 150 'occurs at a rate much lower than the rate at which the stream ciphers are generated, the dual architecture provides a pair of blocks to provide keys to the pair of stream cipher generators. There is no need to include password generators.

Also as described above, the 576 bit key 349 used in the stream cipher generator 150 requires four and a half 128 bit cipher words 339 from the AES encryptor 135. In the example embodiment of FIG. 3A, multiplexer 342 is used to provide alternate half words 344 to register 340. In this way, two full keys 349 can be generated from nine cryptographic words 339 instead of ten words 339. That is, instead of requiring a doubling of the speed of the CLK-1 331 to support the two stream cipher generators 150, 150 ', the speed of the CLK-1 331 is only 1.8 factors. It needs to be increased. Since power consumption is generally related to speed, this 10% reduction in speed for AES components can be significant. Alternatively, if the speed of the AES encryptor 135 is a limiting factor in the overall speed of the block stream encryptor system, this 10% efficiency increase in speed may also be important. Additionally, by alternating rekeying of each stream cipher system 150, 150 ′, a single 576 bit wide register 340 provides a 576 bit key 349 to both stream cipher systems 150, 150 ′. Can be used to provide a significant amount of circuit and layout area savings.

FIG. 3B shows an example timing diagram for the embodiment of FIG. 3A. As in the conventional embodiments, upon generation of five 128-bit cipher words 339, the 576-bit key 349 takes four of these words and half 344 of the cipher word stored in the register 341. Can be generated. This first key is used to key the “even” stream cipher generator 150. In generating four additional cryptographic words 339, another key 349 may be generated using these four new words and half 344 of the cryptographic word that were not used for the first key. This second key is used to key the "odd" stream cipher generator 150 '. This five word / 4 word sequence repeats providing alternative unique keys for each of the cryptographic generators 150, 150 ′ every nine cycles of CLK-1 133.

Those skilled in the art will appreciate that alternative structures may be implemented herein. For example, the use of nine cryptographic words 339 to provide two keys 349 may also apply to the embodiments of FIGS. 1A and 2A. However, the relative speeds of block and stream cipher generators generally do not require such an effect when the block cipher generator is coupled to a single stream cipher generator. In a similar manner, a single 32-bit stream cipher generator can be simply configured to directly encrypt each of the four data 8-bit input streams, although the stream cipher generator operates at twice the speed of the generators of FIG. 3A, or It will require that the data rate of the input data of FIG. 3A be reduced by half.

Those skilled in the art will also recognize that the concepts presented herein are not limited to the examples and can be applied in a more general sense. For example, depending on the relative speeds of the input data, stream cipher rate, and block cipher rate, a single block cipher generator can be used to provide keys to two or more stream cipher generators; Single stream cryptographic generators may be used to encrypt four or more data lanes, and the like.

4A and 4B show example alternative embodiments of a mixing system that applies a 32 bit cipher word to the lane of 8 bit data words.

In FIG. 4A, four shift registers R1-R4 420 are used to sequentially receive the 8 bit words of the data input stream clocked by the input data clock CLK-3. The 32 bit cryptographic output 450 is divided into four 8 bit segments provided to registers R1-R4 via cryptographic multiplexer 410. Each cryptographic multiplexer 410 determines whether each register receives unencrypted data input from a previous stage or encrypted data input from a previous stage. Each cryptographic multiplexer 410 includes an 8 bit wide XOR gate 412, and an input switch 411 that determines one of the inputs of the XOR gate. To achieve pass-through of input data without encryption, switch 411 provides a fixed "0" output and XOR gate 412 has no effect on the input data. The encryption signal is enabled when three input data words are clocked into registers R1-R3 420 and a fourth data word is available for input of the first encryption multiplexer 410. The registers are then clocked while the encryption signal is enabled, and registers R1-R4 420 will be loaded into the encrypted data word. Thereafter, the encryption signal is disabled and the process is repeated. While each subsequent data input word is clocked into registers, the encrypted data words are clocked out, thereby achieving continuous encryption with minimal delay. As described above, the encryption signal is enabled once for every four data clock K-3 periods so that the cryptographic output 450 needs to be provided only one quarter of the data input rate, as expected.

In FIG. 4B, switch 440 is used to sequentially select each of the four 8 bit segments of cryptographic output 450. The selected cipher segment is currently XORed with an 8 bit data input word and is preferably clocked into register 420 to avoid switching transients. The cryptographic output 450 is preferably updated every four cycles of the data input clock CLK-3 and the 8 bit cryptographic segment is reused from the switch 440.

Those skilled in the art will appreciate that alternative cryptographic configurations may be used to ensure optimal / effective use of each of the cipher bits provided by the stream cipher generator.

The principles of the invention are only illustrated above. Therefore, those skilled in the art will recognize that although not explicitly disclosed or shown in the present invention, it is possible to implement the principles of the present invention and to design various configurations within the scope and spirit of the following claims.

In interpreting these claims, the following will be understood:

a) The term "comprising" does not exclude the presence of elements or acts other than those described in a given claim.

b) The singular term preceding the element does not exclude the presence of such a plurality of elements.

c) Certain reference signs in the claims do not limit their scope.

d) Several "means" may be represented in the same item or hardware or software in which a structure or function is implemented.

e) Each of the disclosed elements may be comprised of hardware portions (eg, including discrete and integrated electronic circuits), software portions (eg, computer programming), and other combinations thereof.

f) The hardware parts may consist of one or both of the analog and digital parts.

g) Certain disclosed devices or portions thereof may be combined together or divided into other portions, unless specifically noted otherwise.

h) Unless specifically indicated, it is not intended that a specific sequence of operations be required.

i) The term "plurality" of elements includes two or more of the claimed elements and does not imply any particular range of number of elements; That is, the plurality of elements may be only two elements.

Claims (20)

In a system for encrypting data, A block cipher unit 130, configured to generate at least one cipher key 149, 249, 349; A stream cipher unit (150) configured to generate a sequence of cipher words (159, 259, 358-359) based on the at least one cryptographic key (149, 249, 349); And A mixer unit (160, 260) configured to combine multiple bits of each of the cipher words (159, 259, 358-359) and multiple bits of data input items (163, 263-264) in parallel. , Data encryption system. The method of claim 1, Each cipher word 159, 259, 358-359 includes 'n' bits, The mixer unit 160, 260 may be configured to facilitate parallel encryption of 'n' bits of the data input items 163, 263-264 with the data input items 163, 263-264. Configured to sort the data encryption system. The method of claim 1, Each data entry item 163, 263-264 includes 'm' bits reaching the input data rate CLK-3, The mixer unit 160, 260 is capable of the encryption words 159 to facilitate parallel encryption of the data entry items 163, 263-264 of the 'm' bits at the input data rate CLK-3. 259, 358-359. The method of claim 1, The stream cipher unit 150 is characterized by a repeat cycle rate (repeat cycle rate), The block cipher unit 130 is configured to provide different cipher keys 149, 249, 349 at an cipher key rate CLK-1 that is equal to or less than the repetition period rate, And the stream cipher unit (150) is configured to be rekeyed by the other cipher key (149, 249, 349) at a re-key rate that is less than or equal to the cipher key rate (CLK-1). The method of claim 4, wherein And said cryptographic key rate (CLK-1) is equal to said repetition period rate. The method of claim 4, wherein And the re-key rate is equal to the cryptographic key rate (CLK-1). The method of claim 4, wherein The block cipher unit (130) is configured to generate a plurality of block cipher outputs (139, 339) forming respective different cipher keys (149, 249, 349). The method of claim 7, wherein The at least one other cryptographic key (349) comprises one or more block cipher outputs (339) of the previous cryptographic key (349). The method of claim 1, The block cipher unit (130) is configured to generate a plurality of block cipher outputs (139, 339) forming respective different cipher keys (149, 249, 349). The method of claim 8, The at least one other cryptographic key (349) comprises one or more block cryptographic outputs (339) of the previous cryptographic key (349). The method of claim 1, The block cipher unit (130) comprises an AES encryptor (135). The method of claim 11, wherein The stream cipher unit (150) comprises a SNOW-2 stream cipher generator. In a method of encrypting data, Generating 130 at least one block cipher key 149, 249, 349; Generating (150) a sequence of cipher words (159, 259, 358-359) based on the at least one block cipher key (149, 249, 349); And Parallel encrypting (160, 260) multiple bits of data input items (163, 263-264) using the cipher words of each of the multiple bits. The method of claim 13, aligning the data entry items 163, 263-264 to facilitate parallel encryption of the 'n' bits of the data entry items 163, 263-264, wherein 'n' are each; And a bit width of the cipher words (159, 259, 358-359). The method of claim 13, Generating (130) other block cipher keys (149, 249, 349) at an encryption key rate (CLK-1) that is less than or equal to the repetition period rate of the sequence of cipher words (159, 259, 358-359); And Generating (150) additional sequences of cipher words (159, 259, 358-359) based on the other block cipher keys (149, 249, 349). The method of claim 13, Generating (135) a plurality of block cipher outputs (139, 339) to provide the at least one block cipher key (149, 249, 349). The method of claim 13, Generating (135) the at least one block cipher key (149, 249, 349) comprises generating an AES cipher. The method of claim 13, Generating (150) the sequence of cipher words (159, 259, 358-359) comprises generating a SNOW-2 cipher. A computer program provided on the computer readable media, When the computer program is run on a processing system, the processing system is: Generate (130) at least one block cryptographic key (149, 249, 349), Generate a sequence of encryption words 159, 259, 358-359 based on the at least one block encryption key 149, 249, 349 (150), Configured to encrypt 160 multiple bits of data input items 159, 259, 358-359 in parallel using the cipher words 159, 259, 358-359 of each of the multiple bits, Computer programs. The method of claim 19, The processing system is: Generate (130) the at least one block cipher key 149, 249, 349 using an AES cipher; And generate (150) the sequence of cipher words (159, 259, 358-359) using a SNOW-2 cipher.

Images