TW200536332A - Microprocessor apparatus and method for enabling configurable data block size in a cryptographic engine - Google Patents

Abstract

The present invention provides an apparatus and method for performing cryptographic operations on a plurality of input data blocks within a processor, where the size of the input data blocks is programmable. In one embodiment, an apparatus for performing cryptographic operations is provided. The apparatus includes a cryptographic instruction and execution logic. The cryptographic instruction is received by a computing device as part of an instruction flow executing on the computing device. The cryptographic instruction prescribes one of the cryptographic operations, and also one of a plurality of data block sizes. The execution logic is operatively coupled to the cryptographic instruction. The execution logic executes the one of the cryptographic operations. The execution logic has a block size controller that employs the one of a plurality of data block sizes during execution of the one of the cryptographic operations.

Description

200536332 IX. Description of the invention: [Related reference patents] This application claims the priority of the following US patent provisional applications:

Serial Number Application Title 60/506971 9/29/2003 MICROPROCESSOR APPARATUS AND METHOD FOR OPTIMIZING BLOCK CIPHER CRYPTOGRAPHIC FUNCTIONS 60/507001 9/29/2003 APPARATUS AND METHOD FOR PERFORMING OPERATING SYSTEM TRANSPARENT BLOCK CIPHER CRYPTOGRAPHIC FUNCTIONS 60/506978 // 2003 MICROPROCESSOR APPARATUS AND METHOD FOR EMPLOYING CONFIGURABLE BLOCK CIPHER CRYPTOGRAPHIC ALGORITHMS 60/507004 9/29/2003 APPARATUS AND METHOD FOR PROVIDING USER-GENERATED KEY SCHEDULE IN A MICROPROCCESSOR CRYPTOGRAPHIC ENGINE 60/503002 PRODUCTION 2003 / METHOD002 PRODUCTION 2003 APPROVED

i CONFIGURABLE CRYPTOGRAPHIC BLOCK CIPHER ROUND RESULTS 60/506991 9/29/2003 MICROPROCESSOR APPARATUS AND METHOD FOR ENABLING CONFIGURABLE DATA BLOCK SIZE IN A CRYPTOGRAPHIC ENGINE 60/507003 9/29/2003 APPARATUS FOR ACCELERATING BLOCK CIPHER CRYPROMCTOPROCTROC PORTOGRAPH 4/18/2003 ADVANCED CRYPTOGRAPHY UNIT 60/506979 9/29/2003 MICROPROCESSOR APPARATUS AND METHOD FOR PROVIDING CONFIGURABLE CRYPTOGRAPHIC KEY SIZE 60/508927 10/3/2003 APPARATUS AND METHOD FOR PERFORMING OPERATING SYSTEM TRANSPARENT CIPHER BLOCK CHAINING MODE CRYPTO TO 508679 10/3/2003 APPARATUS AND METHOD FOR PERFORMING OPERATING 200536332

SYSTEM TRANSPARENT CIPHER BLOCK FEEDBACK MODE CRYPTOGRAPHIC FUNCTIONS 60/508076 10/3/2003 APPARATUS AND METHOD FOR PERFORMING OPERATING SYSTEM TRANSPARENT OUTPUT BLOCK FEEDBACK MODE CRYPTOGRAPHIC FUNCTIONS 60/508604 10/3/2003 APPARATUS AND METHOD FOR SECURITY PROCESSING CERTIFICATION This application is part of the following pending US patent provisional applications, which have the same assignee and inventor.

Serial Number Application Title 10/674057 9/29/2003 MICROPROCESSOR APPARATUS AND METHOD FOR PERFORMING BLOCK CIPHER CRYPTOGRAPHIC FUNCTIONS This application is related to the following pending US patent provisional applications, which have the same assignee and invention people.

Serial number Application title 10/730167 12/5/2003 MICROPROCESSOR APPARATUS AND METHOD FOR PERFORMING BLOCK CIPHER CRYPTOGRAPHIC 200536332

FUNCTIONS 1 10800768 3/15/2004 MICROPROCESSOR APPARATUS AND METHOD FOR OPTIMIZING BLOCK CIPHER CRYPTOGRAPHIC FUNCTIONS 10/727973 12/4/2003 APPARATUS AND METHOD FOR PERFORMING TRANSPARENT BLOCK CIPHER CRYPTOGRAPHIC FUNCTIONS 10/800938 FORROCING APPLICATION CONFIGURABLE BLOCK CIPHER CRYPTOGRAPHIC ALGORITHMS 10/800983 3/15/2004 APPARATUS AND METHOD FOR PROVIDING USER-GENERATED KEY SCHEDULE IN A MICROPROCESSOR CRYPTOGRAPHIC ENGINE 10/826435 4/16/2004 MICROPROCESSOR APPARATUS AND METHOD FOR PRODURING CRYPTOGRAPHIC PROCESS 826475 4/16/2004 MICROPROCESSOR APPARATUS AND METHOD FOR PROVIDING 200536332

CONFIGURABLE CRYPTOGRAPHIC KEY SIZE 10 / 826,814 4/16/2004 APPARATUS AND METHOD FOR PERFORMING TRANSPARENT CIPHER BLOCK CHAINING MODE CRYPTOGRAPHIC FUNCTIONS 10/826428 4/16/2004 APPARATUS AND METHOD FOR PERFORMING TRANSPARENT CIPHER BLOCK FEPTO CRYPTO 745 CRYPTOGRAPHIC CRYPTO BLOCK UNCEDTOPHIC / 2004 APPARATUS AND METHOD FOR PERFORMING TRANSPARENT OUTPUT FEEDBACK MODE CRYPTOGRAPHIC FUNCTIONS 10/826632 4/16/2004 APPARATUS AND METHOD FOR GENERATING A CRYPTOGRAPHIC KEY SCHEDULE IN A MICROPROCESSOR

This case refers to the priority of US Patent Application No. 10/826433, the application date is April 16, 2004, and the name is "MICROPROCESSOR APPARATUS AND METHOD FOR ENABLING CONFIGURABLE DATA BLOCK SIZE IN A

CRYPTOGRAPHIC ENGINE 200536332 [Technical field to which the invention belongs] The present invention relates to the field of microelectronics, and more particularly to a device and method for performing cryptographic operations in a computing device, where the computing device allows the size of the data block to be based on the program in the instruction phase And operate. [Previous technology] Early computer systems operated independently of other computer systems. According to this, the input data required by applications running in this computer system, if not stored in this computer system, was designed by application programmers. Provided at the time of execution; and the application execution results and the output data generated are generally in the form of printed output paper or files written on magnetic tapes, disks, or other types of storage devices of this computer system. The output file can be used as an input file for an application program that subsequently executes on the same computer system, or, when the output data was previously stored as a file on a removable or transportable storage device, it can also be provided to a different but compatible Application of computer system. In these early systems, the need to protect confidential information was recognized, and among other information security measures, password applications were developed and applied to prevent unauthorized disclosure of confidential information. These password programs are generally encrypted or decrypted and stored as output files in a storage device. Within a few years, users began to realize that the benefits of information sharing access can be provided by connecting computers through the Internet. Therefore, the network architecture, operating system, and data transfer protocols have been developed to not only support the ability to access shared data. , Is its remarkable feature. For example, users' computer workstations can access files on different workstations or network file servers, or use the Internet to obtain news and other information, or send and receive electronic messages (such as email) to hundreds of other computers , Or connect with the dealer's computer system and provide credit card or bank information to purchase products, or use a non-woven network to perform any of the above activities in restaurants, airports or other public places. 10 200536332 As a result, the need to protect confidential information and transmissions from unauthorized disclosure has grown rapidly, and under certain circumstances, users have been forced to protect their confidential information. At present, news headlines usually focus on computer information security issues, such as Sparrl, hacking, identity theft, reverse engineering, pranks, and credit card fraud, among the top public concerns. And when these motives for invading the private sphere from various aspects range from unintentional mistakes to premeditated cyber attacks, the responsible enforcement unit responds with new laws, rigorous enforcement, and public education programs. However, these responses have not effectively stopped the wave of endangered computer information. The spies that used to be the focus of government, financial institutions, and the military are now becoming an important issue for the average person; spies read their e-mails or access transactions from their home computers to check their accounts. Prior to commercialization, those skilled in the art could know that corporate legal persons from small to large are currently using the outstanding parts of their resources to protect property information. In the field of information security, we provide our technology and equipment to encrypt data and make it decoded only by specified individuals. This is known as cryptography: when special applications are used to protect information stored or transmitted between computers At this time, passwords are most often used to convert confidential information (called "plaintext"; plaintext or cleartext) into an incomprehensible form (called "ciphertext"; ciphertext). The conversion process from plaintext to ciphertext is called encryption; enciphering; ciphering, and the reverse conversion from ciphertext to plaintext is called decryption; deciphering; inverse ciphering. Such procedures and protocols have been developed to allow users to perform cryptographic operations without requiring a lot of knowledge and effort, and for these users to enable them to transmit or provide their products in encrypted form to different users. Along with the encrypted information, the sender usually provides the receiver with a "crypto§raPhic key" so that the receiver can decode the encrypted data, thus enabling the recipient to recover or obtain 200536332 access to unencrypted data. Original information. Those skilled in the art will know that these procedures and protocols are generally implemented in the form of password protection, mathematical algorithms R, and applications specially designed to encrypt and decrypt confidential information. Several variant algorithms are currently used to encrypt and decrypt data. The algorithm uses two cryptographic keys (a public key and ~ private key) to encrypt or decrypt data according to the above type (such as an RSA algorithm and a public key algorithm). According to some public key algorithms, the receiver's public key is used by the sender to encrypt the data transmitted to the receiver. Because a mathematical relationship exists between the user's public key and the private key, the receiver must use its private The key decrypts this transmission to recover this information. Although this type of cryptographic algorithm is widely used today, its encryption and decryption operations are extremely slow or even a small amount of data. A second type of algorithm, known as the symmetric key algorithm, provides the same level of data security and can be executed faster. These algorithms are called symmetric key algorithms because they use a single cryptographic key for encrypting and decrypting information. In the public sector, there are currently three popular single-key cryptographic algorithms: Data Encryption Standard (DES), Triple DES, and Advanced Encryption Standard (AES). Because of the strength of these algorithms to protect confidential information 'US government agencies are currently using these algorithms, but those skilled in the art expect that at least one of these algorithms will become the standard for commercial and unofficial transactions in the near future According to all these symmetric key algorithms, plaintext and ciphertext are divided into blocks of a specified size for encryption and decryption. For example, the advanced encryption standard performs cryptographic operations on a 128-bit block size and uses 128 Bit, 192-bit, and 256-bit password input length. Other symmetric key-recording algorithms, such as Rijndael Cipher, also allow 192-bit and 256-bit data blocks. According to 12 200536332, a block is encrypted. In terms of operation, a 1G 2 4-bit plaintext message is encrypted into 8 128-bit blocks. All symmetric key algorithms Using the same form of secondary operations to encrypt a block of plaintext, and according to many more commonly used symmetric key algorithms, an initial password recording key is expanded into a plurality of recording keys (eg, a "recording key schedule") Each key is used as a corresponding password “round” of the secondary operation and is executed in the plaintext block. For example, the first key of the key schedule is the first password used to perform the secondary operation in the plaintext block. The result of one round is used as the input of the second round, where the second round uses the second key scheduled by the key to produce the second result, and a specific specified number of subsequent rounds ► The execution of the round produces a final round result, ie The cipher text body. According to the advanced encryption standard algorithm, the sub-operations in each round refer to the sub-bits (or S-box), shift shift (ShiftRows), mixed blocks (MixColums), and add round keys. (AddRoundKey), etc. The decryption of a block of ciphertext is similarly processed with exceptions in each round, and the final result of a round is the plaintext of a block, and the above exception refers to the ciphertext Inverse encryption and inverse operations (such as · Inverse MixColumns, Inverse ShiftRows) 〇 Data encryption standards and triple data encryption standard algorithms use different special operations, but these operations are similar to the advanced encryption standard algorithms This operation uses a similar method to convert a block of plaintext to a block of ciphertext. To perform cryptographic operations on multiple consecutive text blocks, all symmetric key algorithms use the same kind of patterns, which include electrons Electronic code book (ECB) mode, cipher block chaining (CBC) mode, cipher feedback mode (CFB), and output feedback mode (output feedback; FB). Some of these modes use an additional initialization to 13 200536332

During the execution of the second operation, some ciphertext output using the first position password round executed in the plaintext of the first block is used as additional input to the second position password round executed in the plaintext of the second block. In addition to this, the field of this application provides a deeper discussion of every cryptographic algorithm and sub-operation applied to today's symmetric recording cryptographic algorithms. As far as specific implementation standards are specified, readers can obtain the details of data encryption standards and triple data encryption standards from Federal Information Processing Standards Publication 46_3 (FIPS-46-3), published on October 25, 1999. Discussions; and Federal Information Processing Standards Bulletin 197 (FIPS-197), published on November 26, 2001, for a detailed discussion of advanced encryption standards. The two standards mentioned above are issued and claimed by the National Institute of Standards and Technology (NIST), which are hereby incorporated by reference for the purpose of describing all intents and purposes of the present invention. In addition to the standards mentioned above, tutorials, white papers, toolkits, and resource articles can be accessed via the Internet: http://csrc.nist.gov/ at NIST's Computer Resource Security Center (c〇rnputer Security

Resource Center; CSRC). Those skilled in the art will know that there are many applications that can run on computer systems that can perform cryptographic operations (such as encryption and decryption). In fact, some operating systems (for example: Microsoft Window xp, Linux) provide encryption / decryption in the form of cryptographic primitives, passwords 3, and the like. However, 'the present inventor has observed ==; = defects in some respects'. Therefore, the block diagram 10 of the computer password application by the first-ioioi i, block diagram == Erdian =? R connection area Network (i〇cai 102, _ Lu Anan ^ 7 domain network 105 is also connected to the second computer to work 2 network 4 field storage device (k file stomge device 14 200536332 106, first router) ) 107 or other interface forms to a wide area network (WAN) 110 (for example, the Internet) and wireless network router 108 such as IEEE 802.11, a laptop (laptoop) computer) 104 is an interface through wireless network 109 and wireless router 108. In wide area network 11, the second router write, (second router) 111 provides the interface to the third computer workstation 103. As outlined above, Today's users face many problems of computer information security during work. For example, under the control of the current multi-tasking operation system, the user workstation 101 can perform multiple tasks simultaneously (task And each task Require cryptographic calculations. User workstation 101 requests encryption / decryption application 112 (either part of the operating system or invoked by the operating system) to store area files in network files The storage device 106, while the file is stored, the user can send an encrypted message to the second user at the workstation 102, where the workstation 102 also requires an example of the encryption / decryption application 112 to be executed, and the encrypted message may be Real-time (for example: instant messaging) or non-real-time (for example: email). In addition, users can access from workstations 103 through the wide area network 11 〇 • or provide their financial information (such as credit card numbers, financial transactions, etc.) ) Or other forms of confidential information. Workstation 103 can also represent a home office or other remote computer 103, which can allow users of workstation 101 to access any shared resources of local area network 105 when they leave the office. 101, 102, 106, 107, 108, and 109. Every activity mentioned above requires encryption / decryption Using the relative example of the program i 12, and the wireless network 109 is currently commonly provided in coffee shops, airports, schools, and other public places, thus prompting the user's notebook computer 104 to not only perform messages sent / received by other users Encrypt / decrypt, and also encrypt and decrypt all communications 15 200536332 through wireless network 109 to wireless router 1Q8. Those skilled in the art can therefore understand that in the workstation 101-1CK, together with every activity that requires cryptographic operations, there must be a relative request to invoke the secret / decryption application 1 12 example, so the computer 101-104 It is possible to perform hundreds of cryptographic operations simultaneously in the near future. The inventor noticed the limitation of the above-mentioned computer systems 101-104 to perform a cryptographic operation by activating at least one example of the encryption / decryption application 112. For example, it is slower to perform a specified function through software programmed than to perform the same function through hardware. And every time you execute the encryption / decryption > application 112, the tasks being performed on the computer 101-104 must be suspended, and the parameters of the cryptographic operations (such as plaintext, ciphertext, mode, and key) must be transmitted through the operating system. An example of the encryption / decryption application 112 being used to complete a cryptographic operation. And because the cryptographic calculation needs to induce many rounds of secondary operations in a specified data block, the execution of the encryption / decryption application 112 leads to the execution of many computer instructions, which adversely affects the processing speed of the overall system. Those skilled in the art will know that sending a small amount of encrypted e-mail messages in Microsoft Outlook will take five times as long as sending only unencrypted e-mail messages. ® In addition, current technology is limited by delays in operating system intervention. Most applications do not provide complete key generation or encryption / decryption components; they use operating system components or plug-in applications to accomplish the above tasks, and the operating system transfers them due to interruptions and requests from other running applications carried out. Also, the inventors noticed that the cryptographic operation system of the current computer systems 101-104 is similar to the floating-point mathematical operation when the microprocessor has no floating-point unit. Early floating-point unit operations were performed by software, so they were very slow. As with floating-point operations, cryptographic operations performed by software were extremely slow. When the floating-point technology further issues% instructions for execution, these floating-point helpers ^ 'Fu-point auxiliary processors provide floating-point execution much faster, but increase "' ^ = = the processor performs floating-point operations than software-assisted processing At present, the cost of the device is added to the electrical system. Similarly, the password auxiliary exists through a parallel connection or other interfaces ^^ or external devices and the main processor type, these auxiliary processing can be used as an interface. The execution is much faster. But the completion of the code calculation is more costly than pure software. It requires additional power and processing. It adds a data path to the system configuration, unlike the main microprocessor, which increases the reliability of the system. The execution of the processor is easier to be monitored. Δ-on the module, so the password is shared, so the inventor = tolerate the need to add cryptographic hardware to today's microprocessors, so that applications requiring clever noses can use a A separate, 7L (at 0 miC) -based password instructs the microprocessor to perform cryptographic operations. The inventor also confirmed that this function should be used to limit the requirements for operating system intervention and management, and it is expected that the password means that $ can be used in applications The privilege level and coded hardware can be matched with the current microprocessors. It is clever, and the cryptographic hardware and associated cryptographic commands can support compatible preemption. ^ Operating system and applications. It is more desirable to provide clothes and methods for performing cryptographic operations, which can prevent unauthorized surveillance, which can support and personalize related multi-password calculations; which can support verification and testing of entity-specific It can allow users to provide keys or generate keys themselves; it supports multiple data block sizes and key sizes; and it provides programmable block encryption / decryption modes such as electronic Mimaben mode, Mima block chain mode, password feedback mode and output feedback mode. [Summary] The present invention is to solve the problems and disadvantages of the above-mentioned conventional techniques. The present invention provides a better technology to Cryptographic operations are performed in a microprocessor. 17 200536332 A preferred embodiment of the present invention provides a device for performing cryptographic operations. The device includes a cryptographic instruction circuit. To generate a cryptographic instruction and an execution logic circuit. The cryptographic instruction is received by a computing device as part of an instruction stream executed on the computing device, and the cryptographic instruction specifies one of a plurality of cryptographic operations, and One of a plurality of data block sizes is also specified. The execution logic circuit is operatively coupled to a cryptographic instruction circuit, the execution logic circuit performs a designated cryptographic operation, and the execution logic circuit includes a block size controller, and this area The block size controller uses the specified data block size during the execution of the specified cryptographic operation. ≫ A preferred embodiment of the present invention provides a device for performing cryptographic operation, the device includes a cryptographic device located in a component Unit and a block size logic circuit. The cryptographic unit performs one of a plurality of cryptographic operations in response to receiving a cryptographic instruction in an instruction stream, wherein the cryptographic instruction specifies a designated cryptographic operation. The password instruction also specifies the use of a block size when performing the specified cryptographic operation. The designated block size logic circuit is operatively coupled to the cryptographic unit, and when the designated cryptographic operation is performed, the aforementioned device is designated to use the designated block size. A preferred embodiment of the present invention provides a method for performing a cryptographic operation on a component. The method includes receiving a cryptographic instruction that specifies a data block size during execution of one of the cryptographic operations; and When performing the specified cryptographic operation, use the specified data block size / J, 〇 [Embodiment] The following describes the examples of the present invention that are manufactured or used for the application of known technologies for specific applications and requirements. However, various modifications mentioned in the embodiments are used to highlight the differences from the conventional technology. This general principle 18 200536332 can be applied to other embodiments. Hence the examples. Not inventing sub-fraud is limited to a specific reality in view of the cryptographic operations discussed above / ^ ^ t # ^ ^ #, ^ ib ^ ^ ^ ^ f ^ ^ / / continue to explore, and then the present invention ^: Gang, This is discussed in the second figure. According to the present invention, the present invention is shown on the right. According to the brother-picture to the fifteenth picture, Zeng 0 Fan Shi Shiyue ^ for seeding in the modern computer system to perform poor tread, propaganda method, which demonstrates excellent through the main mechanism

Legacy architecture compatibility, imagery = pre-prevention, hacking prevention, and testability, etc. / / sigma mastery, clear reference 'Second picture, block diagram 2000 depicts today's computers Department of cryptographic operations. Block diagram 200 includes-micro processing cry, 2 its fetching instructions, and a system called application memory (aPPhCation memory) 203 to access application-related information & program control and application The access to the data in the memory 203 is usually managed by the operating system software 202 (the system software) 202 which is protected by the system memory. As mentioned above, when an execution application (such as an e-mail program or a file storage program) requests execution of a password exception, the execution application must direct the microprocessor 201 to execute a considerable number of instructions to complete the password. Operation. These instructions may be subroutines that execute the application itself, or plug-ins that link to this execution application, or services provided by the operating system 202. Regardless of their relevance, those skilled in the art will know that these instructions will reside in certain designated or allocated memory ranges. For discussion purposes, these memory ranges are shown in the application memory 203 and include a key generation application 204, where the key generation application 204 generates or receives a key entry and expands the key into a Key schedule 205 used in crypto round operations. In terms of multi-block encryption 19 200536332 operation, the block encryption application 206 is invoked. The encryption application 206 executes instructions for accessing the plaintext block 210, the key recording schedule 205, and the cryptographic parameters 209, where the cryptographic parameter 209 further indicates a clear cryptographic operation, such as a mode and a key input schedule. Location, etc., and the encryption application 206 can also access the initialization vector 208 when a specific mode is required. The cryptographic application 206 executes instructions therein to generate a corresponding ciphertext block 2 11. Similarly, a block decryption application 207 is invoked to perform a block decryption operation. The decryption application program 207 executes the instructions for accessing the ciphertext block 211, the key recording schedule 205, and the password number 209. The password parameter 209 further indicates a clear password operation and is also accessible when a specific mode is required. Initial vector 208. The decryption application 207 executes instructions therein to generate a corresponding plaintext block 210. It is worth noting that a considerable number of instructions must be executed to generate a cryptographic key and encrypt or decrypt a block of text. The FIPS specification mentioned above contains many examples of virtual code enabling a considerable number of instructions. Therefore, those skilled in the art of negotiating can perceive that a simple cryptographic operation will require hundreds of instructions, and each instruction must pass through a microprocessor. 201 executes to complete the required cryptographic operation. In addition, the execution of the instruction to complete the cryptographic operation is generally an unnecessary package for the main purpose of the running application (for example: file management, instant messaging, email, remote file access, credit card transactions). Inefficient execution for currently running applications. As for independent or external encryption and decryption applications 206 and 207, the activation and management of these applications 206 and 207 must also comply with other requests from the operating system & 202, such as support for interruptions, exceptions, and worsening problems Similar events. And the computer system requires that every instance of cryptographic operations, cryptographic key generation application 204, decryption application 20 200536332 2 0 7 and initial vector 2 0 8 must be configured in the application memory 203, and is expected to be processed by the micro processor The number of simultaneous cryptographic operations required by the processor 201 will also increase over time. The inventors noticed the problems and limitations of the current cryptographic technology of computer systems, and confirmed the need to provide a device and method for performing cryptographic operations in a microprocessor. Accordingly, the present invention provides a microprocessor and a related method for performing cryptographic operations through a cryptographic unit therein. The cryptographic unit performs cryptographic operations by a program of a single cryptographic instruction. The invention will now be discussed with reference to the third to twelfth drawings. Please refer to the third figure, which is a block diagram 300 of a microprocessor for performing cryptographic operations according to a preferred embodiment of the present invention. Block diagram 300 depicts a microprocessor 301 that is coupled to system memory 321 through a memory bus 319, and the microprocessor 301 includes a translation logic that receives instructions from an instruction register. Circuit (translation logic) 303. The translation logic circuit 303 includes a logic circuit, a device, or a microcode (for example, a micro instruction or a native instruction), or a combination of a logic circuit, a device, or a microcode, or an equivalent element for translating an instruction into a sequence related to an instruction. These translation elements in the translation logic circuit 303 may be used in conjunction with circuits and microcodes that perform other functions in the microprocessor 301. According to the scope of this application, microcode is a term referring to at least one microinstruction. A microinstruction (also referred to as a local instruction) is an instruction executed at a unit level. For example, a microinstruction is directly executed by a reduced instruction set computer (RISC) microprocessor. As for a complex instruction set computer (CISC) microprocessor, such as an x86-compatible microprocessor, its x86 instructions are translated into associated micro instructions and executed directly by units in the microprocessor of the complex instruction set computer . The translation logic circuit 303 is coupled to a micro instruction queue 304, and the micro instruction queue 304 has a plurality of micro instruction channels (micro instruction 21

In the embodiment of the row logic circuit, the cryptographic unit 316 operates in parallel with the in-execution and floating-point numbers. ° Other execution units (not shown) within 28, such as integer single logic circuit, 1 fan, etc. The implementation of a "unit" in this application scope includes clothing or microcode (for example: microinstructions or local instructions), or logic 200536332 entries) 305, 306. The microinstruction is provided by the microinstruction array 304 to the temporary stage logic circuit including a register file 307, and the register group 307 includes a plurality of registers 308-313, the contents of which It was created before performing a specified cryptographic operation. The registers 308-313 refer to the corresponding locations 323-327 in the system memory 321 that contain data for performing the specified exhaustive operation. The temporary storage stage is coupled to a load logic circuit 314, which is used as a data cache 315 interface to fetch data to perform a specified password operation, and this data cache 315 uses the memory bus 319 to light himself to the system memory 321. Execution logic 32f is coupled to the load logic circuit 314 and executes the operations specified by the instructions passed in the previous stages. The execution logic circuit 328 contains a logic device or a government code (for example, a micro instruction or a local instruction), or a logic circuit, a combination of = $ or a micro code, or an equivalent and The elements that perform operations in the execution logic circuit 328 may perform circuits and microcodes that perform other functions in ^ Erlei = 301. This code single-way contains a cryptograPhy unit 316, which is received from the loading logic circuit 314 and is required to execute the password operation. The microinstruction instructs the cryptographic unit 316 to execute the designation corresponding to the number J of the input text blocks (inpu ttext) 3 2 6 to generate the element 316 including the output text block 327. Password instructions), or a series of circuits, devices, or microcodes (for example, microinstructions or native code calculations, etc.)-a combination of ear-circuits, devices, or microcodes, or used to perform dense components and components. These A circuit that performs operations in the crypto unit 316 and performs other functions in the code sharing processor 301, micro 22 200536332

A combination of editing circuits, devices, or microcode, or equivalent components used to perform specified functions or operations. These components that perform a specific function or a specific operation in a specific unit may be shared with a circuit or microcode that performs other functions in the microprocessor 301. For example, in one embodiment, an integer unit includes a logic circuit, device, or microcode (eg, a microinstruction or a native instruction), a combination of a logic circuit, a device, or a microcode, or an equivalent element for executing an integer instruction ; A floating-point unit contains a logic circuit, device, or microcode (for example, a microinstruction or a native instruction), or a combination of a logic circuit, device, or microcode, or an equivalent element used to execute a floating-point instruction. Elements that execute integer instructions in integer units may be shared with other circuits, microcode, etc. that execute floating-point instructions in floating-point units. In an embodiment compatible with the x86 architecture, the cryptographic unit 316 operates in parallel with integer units, floating point units, Mathematic Matrix Extension (MMX) units, and Streaming SIMD Extensions (SSE) units. According to the scope of this application, when an embodiment can correctly execute most of the applications designed for χ86 and the processor, this embodiment ϋ χ86 m ΐ 'An application executes correctly and gets its expected result. The Mao X86 compatible embodiment anticipates that the cryptographic unit operates in parallel with a subset of the X86 execution units. The password units 316 to ^ also provide corresponding output text fields. The storage logic circuit is also coupled to the designated output J 27 ′ at 7 and the data cache 315 stored in this J memory 321.枓 327 Here! Two to write back to the logic circuit (write back to 10 bytes cache 315 to complete the operation, write back to the logic circuit 318 / report: when the specified register 30 in 2008 07_313. On-every broadcast update in the temporary storage Device-level synchronization passes through each-: The above-mentioned lyi instruction and the logic difference of the white slave 302, 303, 304, 307, and 3) can be performed simultaneously, similar to the online execution of operations 316-318, so that the In the system memory 321, it is necessary to use ^ ° to calculate the application of the password. 23 200536332 The program can directly instruct the microprocessor 301 to perform this operation through a single password instruction 322 (refer to the XCRYPT instruction 322). In an embodiment of a complex instruction set computer microprocessor, the cryptographic instruction 322 includes a microinstruction that specifies a cryptographic operation. In one embodiment, the cryptographic instruction 322 utilizes an idle or unused instruction operation stored in an instruction set architecture. In an x86-compatible embodiment, the cryptographic instruction 322 is a 4-byte instruction that includes an x86 repeat prefix (such as 0xF3), and the two-byte unused x86 opcode. (Such as 0x0FA7), one bit The invention relates to a designated block password mode to be applied to perform a designated cryptographic operation. In one embodiment, the cryptographic instruction 322 according to the present invention can be executed at the system permission supply application level, and thus can be programmed in the program of the instruction. The stream is provided to the microprocessor 301, either directly by the application or under the control of the operating system 320. Because there is only a cryptographic instruction 322 instructing the microprocessor 301 to perform a specified cryptographic operation, the completion of the operation should be to the operating system 320 Obviously, in operation, the operating system 320 causes an application program to execute on the microprocessor 301. If some instructions flow during the execution of the application program, a password instruction 322 is provided from the system memory 321 to the fetch logic circuit (fetch logic ) 302. However, before the execution of the password instruction 322, the instructions in the program flow instruct the microprocessor 301 to initialize the contents of the registers 308-312 so that they point to the locations 323-327 in the system memory 321, which contains a Cryptographic control word 323, an initial cryptographic key 324 A key schedule 324, an initialization vector 325 (if needed), input text 326 for operation, and output text 327 〇 Before executing password instruction 322 Initialize the temporary register 308-312, because the password instruction 322 and a temporary register attached to the temporary register 24 200536332 3308-312 5 have a block count of the temporary buffer 3ι3, where the block count is encrypted in the input 326 block or The number of deblocks. Therefore, the translating logic circuit retrieves the password instruction from the fetching logic circuit and translates: pen 10%: serial production, counting instructions to instruct the microprocessor 301 to execute the start and code of the instruction. A first plurality of orders 3005_306 in the corresponding microinstruction sequence instructs the dense scale element 316 to load the human data from the logic circuit 3M, and starts to execute the specified number of password rounds to generate the output of the corresponding block. Poor material, providing cache 315

The carousel characters 327 stored in the system memory 321 are provided to the storage logic circuit 317. -Second: a plurality of microinstructions (in the sequence of non-green response microinstructions, instructing other execution in the microprocessor 3101) to perform other operations required for the unfinished cryptographic operation, such as management of temporary results and counting Non-architecture register (not shown), update output and input sub-pointer temporary state 311-312, update initial / encrypted initial vector pointer register of input text block 326 310 ( If needed), handling unhandled interrupts, and so on. In one embodiment, the registers 308-313 are architectural registers. The architectural registers 308-313 are a type of registers defined in the instruction set architecture (ISA) of a particular microprocessor. In one embodiment, the cryptographic unit 316 is divided into a plurality of stages thus allowing pipeline processing of successive input text blocks 326. The block diagram 300 of the third figure teaches the elements required by the present invention, and therefore many of the logic in the current microprocessor 301 is omitted for simplicity of illustration. However, those skilled in the art will recognize that today's specific implementation of the microprocessor 301 contains many stages and logic circuits, and for the sake of brevity in the illustration, some of them are combined. For example, the load logic circuit 314 may be embedded after a cache line alignment stage to generate h I with a bit address in a cache interface stage. However, it is important and should be > the idea is that one of the complete cryptographic operations on the plurality of input word blocks 25 200536332 326 is based on the consideration of the operating system 320 by a single instruction 322 operation according to the present invention. And the execution of the single instruction 322 is completed by a cryptographic unit 316 which is operated and coordinated in parallel with other execution units in the microprocessor 301. An alternative embodiment of the cryptographic unit 316 of the present invention in the implementation configuration is similar to the hardware of a floating point unit in a microprocessor of previous years. The operation of the password unit 316 and the related password instruction 322 are fully compatible with the simultaneous operation of the previous operating system and programs, and will be discussed in more detail later. Please refer to the fourth figure, which is a block diagram of an embodiment of an atomic cipher instruction 400 according to the present invention. The password instruction 400 includes an optional prefix field 401, a repeat prefix field 402, an opcode field 403, and a block password mode. (Block cipher mode) field 404. In one embodiment, the contents of fields 401-404 are commensurate with the x86 instruction set architecture, and alternative embodiments may be considered compatible with other instruction set architectures. Operationally, the option leading field 401 is used in many instruction set architectures to enable or disable part of the master. It requires the processing characteristics of the microprocessor, such as indicating 16-bit or 32-bit Computing, instructing to process or access specific memory segments, etc. The repeated leading block 402 uses Φ to indicate that the cryptographic operation specified by the cryptographic instruction 400 is completed in a plurality of input data blocks (such as plaintext or ciphertext). The repeated leading bit 402 also shows that a symmetric microprocessor uses the contents of a plurality of architectural registers therein. The index refers to the position in the system memory that contains the number required to complete the specified cryptographic operation. As described above, in an x86 compatible embodiment, the value of the repeated pre-stop 402 is 0xF3 'and according to the x86 architecture agreement, the cryptographic instruction and the x86 repeated string instruction, such as: rEp.m0v, are in the form Up & is often similar. For example, when the present invention is implemented by an X86 compatible microprocessor embodiment, the repeated pre-stop 402 refers to a block count variable stored in the ECX architecture, a source stored in the register ESI26 200536332 Address indicator (refers to the input data for password calculation) and @ address indicator (refers to the output to the memory in ED!) @@ An embodiment of UM6 Township, China's Keming expands the tradition The concept of repeater = $ becomes more referable to a register stored in the register £ DX = control = sub I and the index, a cryptographic key stored in the register EBB refers to the initial vector in the register predicate. Index (if it is only required by the imaginary board). The f-code block 403 specifies that the microprocessor completes a cryptographic operation, which is implicitly referenced by the control block index and stored in memory. The present invention considers that the better choice of opcode values refers to the following: in the first-idle or unused opcode values, thereby maintaining compatibility with the previous operating system and application software in a symmetric microprocessor. For example: As described above, the opcode field 403 of a χ86 compatible embodiment Use Γ 0 / = 7 to indicate the specified cryptographic operation. The block cipher mode column indicates the special block cipher mode for specific cryptographic use, and will be discussed with reference to the fifth figure. Inverse #Hi and Hi are 50 in the block cipher mode of the fourth figure of the elementary cryptographic operation instruction. The value QxC8 indicates the use of the electronic code in the way of the π shoulder code. End of the method == χ; 0 indicates the use of a cryptographic feedback party = Ϊ block cipher mode χ 襕 bit: formula f into a cryptographic operation. All the values above are reserved, and these modes are described in the above mentioned Please refer to the sixth figure, which is a block diagram of the comparative example in the present invention-compatible microprocessor_. The microprocessor 600 includes the target example of the enemy and the broad gold target. To translate logic 4 members of electricity = order then f execute. Extract logic circuit translatl0nl0gic 6〇; 2, and 27 200536332

The translation logic circuit 602 includes a logic circuit, device, or microcode (for example, a microinstruction or a native instruction), or a combination of a logic circuit, a device, or a microcode, or an equivalent element for translating an instruction into a related sequence of microinstructions. These elements that perform translation in the translation logic circuit 602 may be shared with circuits and microcode that perform other functions in the microprocessor 600. The translating logic circuit 602 includes a translator 603, and the translator 603 is coupled to a microcode RQM 604. Interrupt logic 626 is coupled to the translation logic 602 via a bus 634. The plurality of software and hardware interrupt signals 627 are processed by an interrupt logic circuit 626 which indicates unprocessed interrupts to the translation logic circuit 602. The successive stages of the translation logic circuit 602 coupled to the microprocessor 600 include a register stage 605, an address stage 606, a loading stage (607), and an execution stage (execution stage). ) 608, a store stage 618, and a write back stage 619. Each successive stage contains logic circuits to perform the specific functions provided by the fetch logic circuits, as previously discussed in the microprocessor of the third figure, with similarly named components. The embodiment of the χ86 compatible microprocessor 600 depicted in the sixth figure is characterized by execution logic 632 in the execution phase 608, which includes parallel execution units 610, 612, 614, 616, 617. An integer unit 610 receives and executes integer microinstructions from branch instruction queue 609; a floating point unit 612 receives and executes floating point microinstructions from instruction queue 611; a multimedia extension ft & 614 receives and executes multimedia from microinstructions 613 Extension set micro / 7, a stream extension set unit 616 receives and executes from the micro instruction queue 615, and the stream extension set micro instruction. In one χ86 embodiment of the present invention, a password 617 is connected to the stream extension set unit 6 by a loading bus 620, a stall signal bus, and a storage bus 622. Cryptographic early instruction 617 shared micro-instruction unit of stream extension set 28 200536332

Column 615. An alternative embodiment may operate cryptographic units 617 independently in parallel, such as units 610, 612, and 614. The integer unit 610 is coupled to an x86 flag (EFLAGS) register 624. The flag register contains an X bit 6 2 5 and the state of the X bit 6 2 5 is configured to indicate whether a cryptographic operation is performed. Processing. In one embodiment, the X bit 625 is the 30th bit of an x86 flag register 624. In addition, the integer unit 610 accesses a machine specific register 628 to evaluate the state of an E bit 629, and the state of the E bit 629 indicates whether the crypto unit 617 is located in the microprocessor 600 or not. The integer unit 6 10 also accesses a D bit 631 in a feature control register 630 to enable or disable the password unit 617. As shown in the second embodiment of the microprocessor 301, the sixth microprocessor of the sixth embodiment features the necessary components to teach the content of an x86 compatible embodiment of the present invention, and for the sake of concise illustration, the microcomputer is merged or omitted. Other components of the processor. Those skilled in the art can perceive other components used for a complete interface, such as data cache, bus interface units, clock generation, and distribution logic circuits. In operation, the instruction is fetched from the memory (not shown) by the fetch logic circuit 601 and supplied to the & interpret logic circuit 602 in synchronization with a clock signal (not shown). The translation logic circuit 602 translates each instruction ^ into a two-phase corresponding sequence of micro-instructions, which continuously synchronizes with the clock signal to the subsequent stages 605-608, 618, 619 of the processor 600. ^ Each microinstruction in the two ί instructions indicates the execution of a secondary operation, and the secondary operation is required to be transformed into an overall operation specified by a relative instruction, such as the address phase 606 to generate a single address and the temporary storage phase. 605 from the designated ^ Crying ^ == full of two. The operation is to add in integer units, and to borrow the results produced by the first stage into memory, etc. According to the instructions in the translation circuit 602, it is directly generated by the translator 6G3-the micro of the sequence = logic 29 200536332

Either the sequence is retrieved from the Weimar read-only memory 604, or a part of this sequence is directly generated using the translator 603 and the rest of the sequence is retrieved from the microcode read-only memory 604. The micro-instructions are continuously synchronized with the clock through the successive stages 605-608, 618, 619 of the microprocessor 600. When the microinstruction reaches the execution stage 608, the execution logic circuit 63 ^ together with its operands (recovered from the register in the temporary storage stage 605, or generated by the logical circuit in stage 606, or by loading the logic circuit material cache (Recovered), by placing a micro instruction in a corresponding micro instruction row 609, 611, 613, 615 and transmitting it to the execution unit 610, 612, 614, 616, 617 according to a specified route. The execution unit 61, 612, 614, 616, 617 executes micro instructions and provides a result segment 618. In one embodiment, the micro-instruction includes a stop indicating whether it is 6; rich tube X Bieber. 4 sub. / 、 Respond to the retrieval of a password instruction described by Jing Jing, the translation logic 602 generates the relevant microinstruction 'which means that the logic circuit in the microprocessor 600 and subsequent 605-608 ^ 8 ^ 9 executes the specified dense stone horse ^ Count. According to this, a first plurality of related micro-instructions directly follow the path password unit 617 and instruct the password unit 617 to load data from the loading bus 6, or load a block of input data and start executing the target password round to Generate a block of output data, or save the generated block output data to memory through storage bank 622 through storage 618. One or two related micro-instructions are based on its &# ^ implementation units 61〇, 12, 614, 616; Yu = necessary to complete the specified cryptographic operation with a 1st order operation system, such as the test of E bit ^, Enable ^ Li Yuan 631, set χ bit 625 to indicate the age code ^ is in progress ^ Temporary stage 605 to update the temporary cache (for example, count ^, input text: what standard register, output text indicator register丨 The micro-instructions such as the processing of the interrupt signal 627 indicated by the logic circuit 626 are used to provide the best execution of the specified cryptographic operation. J 30 200536332 Let v be the medium φ, and ③, code list 70 micro-instruction sequence towel The integer unit # 于: becomes two sides, so the integer operation can be included in the relevant micro-fingers * 仃 凡 成. No. 027 recovery. Tian or So Gu Yunhui or Ya from the pending interrupt letter added at χ86 * The port is all indicators and information on the grab parameters. Ignore: 86 architecture register, when the execution is interrupted, I :: can =, for $ when returning from the interrupt, these states are restored ^ Save 'and make Test the return of X bit 625, the micro-finger line. If it is, when the interrupt occurs: Dagger ::-: Code operation Enter the input data block. The related differences are repeated before the special 627 in processing # 'to allow the processing of interrupted letters to cut six pounds in one of the sequence input text blocks.払 Temporary register and intermediate results. 汴 Magic mountain code knows operation: 2f; The seventh figure, which is the method in the microprocessor in the sixth figure, indicates the code 700 field of the dry instruction microinstruction of the factory. A micro opcode block (micro opcode fi contains ^ HMdata register fiL) (two egist ^ r system 703. Micro opcode block 7〇i designated block = 运 times the difference and designated logic circuit in the microprocessor 60〇 一 特

Segment to perform secondary operations. An instruction of the micro-operation code block 701 indicates a micro-instruction executed by a cryptographic unit. Specify the value of J 2 solid in a real two roots. -The first-value loading (XL〇AD) means that the data is restored from the location of the body, and its address is specified by the data register block 702, which is the content of one of the architecture registers. . This data is: The data in the cipher unit specified by the content of the register block 703—Choose = recovered data (for example: cipher key data, control block: ^ state. Word data, initial vector) are provided to the cipher unit. . The second value store (XST〇R) of the micro-operation code = $ indicates that there is a memory location generated by the cryptographic unit, and its address is blocked by the data register = one of the architecture registers that the content refers to Specified by the content. In the embodiment of the code phase, the content of the register field 703 indicates ‘number 31 200536332. One of the data blocks is stored in & r (data Md) 704, the inner body. The output data block is accessed by the data bit. According to the details of the logic circuit body for the age provided by the code unit of the present invention, the manned and stored micro instructions executed by the unit are further discussed in the eighth figure and the ninth figure. Please refer to the eighth figure. The letter of the register field 703 is the loader micro-instruction format 700 of the seventh figure. The response-password form is generated. As mentioned before ... sequence microinstructions A plurality of microinstructions: This sequence of micro-instructions includes -the first-number of micro-instructions, which are not executed by the n ^ code early fingers, and at least one other than the password unit in Qianli 11 such as the update counter, health A plurality of micro-instructions indicate sub-operations, and the example bit is at the machine H. Special pin =, the structure temporarily stores 11, tests and sets the state data, and the password spring number f. My brother provided a plurality of micro-instructions with a key to produce miso and turn into poor materials to the cipher unit and instructed the cipher to enter and encrypt the key (schedule with the two memory recovery key schedule) to load the material. -Load, and store and output the text data. Load a code key and two ^ $ for the code unit to load control block data, enter text data and indicate a password list, $ enter the initial vector lean material, and load the round microinstruction in Register field: Specifies that Mi Shimayun will load a control word la to its internal control. ^ G indicates that the cryptographic unit is loaded with pipeline processing, and is in the temporary stage P subgroup register. When this micro-instruction is used to store the control word I in the memory, the control register pointer register is accessed as a physical address for the memory address logic circuit to translate this address to take the control word, and then pass it to the secret. rf take. The loading logic circuit fetches ObO 10 from the cache and instructs the crypto unit to load ^ early ^. Similarly, the register block value is text data, and after being loaded by the rotation block provided by the breeding block 704, the input data is calculated by storing the password specified by f f f. Similar to controller access. A value of 0b0l0 is temporarily stored in the +9 memory of the Fanwood structure. It is used to store the data in the internal register, which is provided by the data bit 704. The data loaded into the round-in-1 register is either input text (when the pipeline is processing) or an initial vector. The values Ob 110 and Obl 11 instruct the cryptographic unit to load a cryptographic key or the lower and higher bits of a key in the user's key generation schedule, respectively. According to this application, a user is defined to perform a specific function or a specific operation, and the user can be embodied as an application program, an operating system, a machine, or a person. Therefore, in one embodiment, the user-generated key schedule is generated by an application, and in another embodiment, the user-generated key schedule is generated by one person. In one embodiment, the register block values Ob 100 and Ob 101 take into account that a cryptographic unit has two stages, whereby the pipeline can process successive input text block leans. Therefore, for pipeline processing of successive input lean blocks, a first load microinstruction execution provides a first block of input text data to input -1, and then executes a second load microinstruction to provide a second The input text of the block is given to input -0, and instructs the cryptographic unit to start the specified cryptographic operation. When a key recording schedule generated by a user is used to perform a cryptographic operation, a load microcommand corresponding to the number of remaining keys in the key recording schedule generated by the user is transmitted to the password unit according to a set path, and the password unit instructs to load the key. Record the key for each round in the recording schedule. All other values in the register field 703 in the load microinstruction are reserved. Please refer to the ninth figure, which is a table storing the values of the register buffer 700 of the micro instruction format 700 in the seventh figure. A storage microinstruction is issued to the crypto unit to instruct it to provide the generated output text block to the storage logic circuit and store it in the memory at the address provided by the data register field 702. Accordingly, a storage microinstruction issued by the translation logic circuit of the present invention for a specific output text block is after a storage microinstruction issued for a corresponding input text block. The value of register 100 in field 703 is Ob 100, which instructs the crypto unit to provide its internal output. ,], 2 associations. : ^ ’芩, the register block value Obioi association. According to this, the two registers and the two ^^ text data are provided to input -1 phase input text to make the block data. After that, the plural passwords ^ ^ can be reached by the f-line wheel, which is through the Mimar unit. Instruction passwords are sent in order, 4 turns into loading. Enter -0 (load.enter -〇 也 -〇, load. Rotation into the first two dense t), save.output -1, save. Output block operation) and so on. ~, Load. Enter -0 (start the next two rounds of text area

The control word loon f, which is an example of specifying cryptographic operation parameters according to the present invention, is programmed as a block diagram of the formula t. Control word group 1 _ is used by group 1000, and the control word cries before performing a cryptographic operation. According to this, when the architecture provided by the itt to the commensurate microprocessor—the temporary storage input sequence corresponds to the password instruction—a structure is temporarily “…” means that the microprocessor does not read the frame containing the index = σσ, memory (cache) recovery control block 1000, and internal control block register that loads binary block 1000 into the crypto unit. Control block 1000 contains a reserved (RSVD) block 1001, a data Block size (DSIZE) block 1002, a key size (KSIZE) block 1003, an encryption / decryption (E / D) block 1004, an intermediate result (IRSLT) field 1005, a key generation ( KGEN) field 1006, a calculation (ALG) field 1007, and a round calculation (RCNT) field 1008. All values in the reserved field 1001 are reserved. The content of the data block size field 1002 indicates that encryption and decryption are performed The size of the input and output text blocks is used. In one embodiment, the data block size field 1002 indicates either a 128-bit block, a 192-bit block, or a 256-bit block. The key The internal core of the size field 003 indicates that one is used to complete encryption or decryption. The size of the cipher key. In one embodiment, each of the size slots 103 is either an indication of a 128-bit recording key, a 192 34 200536332-bit recording key, or a 256-bit recording key. The encryption / decryption block 1004 indicates that the cryptographic operation is an encryption operation or indicates that the cryptographic operation is a decryption operation. The key generation block 1006 indicates that the user generates a key schedule in the memory or a single cryptographic key in the memory; if it is In the case of a single key, a micro instruction is issued to a cryptographic unit and a cryptographic key to instruct the unit to expand the key into a recording key schedule according to the cryptographic calculation specified in the content of the calculation field 1007. In one embodiment, the calculation stall 1 ◦ The specific value of 7 specifically indicates the data encryption standard algorithm, triple data encryption standard algorithm, or advanced encryption standard algorithm as discussed previously. Alternative embodiments may consider other cryptographic algorithms, such as Rijndael Cipher, Twofish I Cipher, etc. The content of the round calculation field 1008 indicates a number of password rounds, which are completed in each input text area according to the algorithm of the specific instructions Although the above-mentioned standard indicates a fixed number of cipher rounds per input text block, the round calculation field 1008 allows a programmer to modify the number of rounds from the standard instructions. In one embodiment, the programmer Each block can be specified from 0-15 rounds. Finally, the intermediate result field 1005 indicates whether the encryption / decryption of an input text block is based on the password algorithm specified in the calculation field 1007, and the block 1008 is calculated by round. The specified number of rounds is executed, or encryption / decryption is performed according to the cryptographic algorithm specified in calculus block 1007, with the number of rounds specified in round calculation field 1008, and the execution of its final round represents an intermediate result instead of one Final Results. Those skilled in the art will know that many cryptographic algorithms perform the same number of operations in each round except for the number of operations in the final round. Therefore, the programming intermediate result field 1005 provides an intermediate result instead of a final result, thereby allowing the programmer to check the intermediate steps of the algorithm implementation. For example, to obtain an increased intermediate value to check the implementation of the algorithm. Assume that one round of encryption is performed in a text block, then two rounds are performed in the same text block, and then three rounds are performed. Provides the function of programmable rounds and median results to allow users to check the secret 35 200536332 code execution, debug, and change the key structure and round count. Please refer to the eleventh figure, which is a table 1100 of example values of the data block size field 1002 of the control block 1QOO in the tenth figure. The value of 000 in the data block size field 1002 indicates that a computing device performs a cryptographic operation using a 128-bit block size input and output block according to the present invention, where these blocks are provided by the memory and are each provided by a Refers to the contents of the input indicator register and an output indicator register. The value 001 of the data block size field 1002 instructs the computing device to perform a cryptographic operation using an input and output block of a 192-bit block size. A value of 010 in the data block size field 1002 indicates that the computing device performs cryptographic operations using input and output blocks of a .256-bit block size. All other values in the block size field 1002 are reserved. Please refer to FIG. 12, which is a block diagram of a preferred embodiment of a cryptographic unit 1200 of the present invention. The crypto unit 1200 includes a micro instruction register 1203. The micro instruction register 1203 receives password micro instructions (for example, load and store ~ micro instructions) through a micro instruction bus 1214. The password unit 1200 also includes a control word register 1204, a first input (input-0) register 1205, a second input (input-1) register 1206, and a first_ A key (key-◦) register 1207 and a second key (key-1) register 1208. The data is provided to the register 1204-1208 through a load bus 1211, as specified by the contents of a micro instruction in the micro instruction register 1203. The crypto unit 1200 also includes a block crypto logic circuit 1201, which is coupled to all the registers 1203-1208 and also to a cryptographic key random access memory (RAM) 1202. The block code logic circuit 1201 provides a stall signal 1213 and also provides a block result to a first output (output-◦) register 1209 and a second output (output-1) register 1210. The output register 1209-1210 transmits the content to a successive stage in a symmetric microprocessor through a storage bus 1212 36 200536332 according to a specified path. In one embodiment, the micro-instruction register 1203 is a 32-bit size; the registers 1204, 1207, and 1208 are a 128-bit size; and the registers 1205-1206 and 1209-1210 are 256-bit sizes. In operation, the password microinstruction is continuously provided to the microinstruction register 1203 together with the data, wherein the data is assigned to the control block register 1204, or one of the input registers 1205-1206, or the key register 1207. One of -1208. In the embodiment discussed with reference to Figures 8 and 9, the control word is loaded into the control word register 1204 by a load microinstruction. Therefore, the password recording or key scheduling is performed by successive loading micro-instructions. When a 128-bit cipher key is loaded, a load microinstruction is therefore provided to the designated key-0 register 1207. When a larger than 128-bit cryptographic key is loaded, a load microinstruction is therefore provided to the designated key-0 register 1207, and the same load microinstruction is provided to the designated key-1 register 1208. When a user-generated key schedule is loaded, the continuous load microinstruction is provided to the designated key-0 register 1207. Each key in the key schedule is loaded and sequentially placed in the key random access memory 1202 for its corresponding password round. Following this, the input text data (if an initial vector is not required) is loaded into the input-1 register φ 1206, and if an initial vector is required, it is loaded into the input-1 register 1206 via a load microinstruction. A load micro-instruction of the input-0 register 1205 instructs the password unit to load the input text data to the input-register 1205, and starts a password round in the input text data in the input-0 register 1205 , Which uses the initial vector in input_1 or in the two input registers 1205-1206 (when the input data is processed by the pipeline) according to the parameters provided by the content of the control block register 1204. Upon receiving the load microinstruction of the designated input-zero register 1205, the block password logic circuit 1201 starts to perform the password operation specified by the content of the control block. When a single cryptographic key is requested to be expanded, the block cryptographic logic circuit 37 200536332 1201 generates a backup in the key shopping schedule — a, ⑯, ⑯ access note ㈣ H㈣ deposit key randomly generates a iron key schedule 1 2 0 or not; The key schedule of the first round of the block cipher logic circuit is loaded with a key schedule, so that the first block cipher logic 1201 is processed by the body 1202. -The value starts from the random access memory of Huayu Key and continues to execute the specified dense stone horse opcode logic circuit 1201. The operation is completed. Continue from #input μ material block until it must be retrieved from the twister access memory 1202. Claim. Cryptographic Unit · Execution

X 2 "day input text block, and successive input = text: & block through successive corresponding loading and: display pause signal 1213. Register 1209-1210, register 1201012 / 〇 的 内 内 谷 接 者 is transferred to the storage bus 1212. A ΜΜ 芩 α brother thirteen pictures, which is a block cipher logic circuit that implements one of the advanced encryption standard / different method of the present invention related to the encryption code The block diagram of the 13 00 embodiment. The block cipher logic circuit 1300 includes a round engine 1320, and this round of bows U20 through the buses 1311-1314 and the bus 1316-1318 | Round engine controller 131〇. Round engine controller 13 10 includes a block size controller 1330 'and accesses the microinstruction register 1301. Control sub-register (control word register) 1302, first key (key-〇) register 1303, and second key (key_1) register 1304 to access key data, micro-instructions and indicated fees Different code transport parameters. Enter the contents of register 13 0 5-13 0 6 The round engine 1320 is supplied and the face engine 1320 provides the corresponding output text 38 200536332 to the input register 1307-1308. The output register 1307-1308 is also coupled to the round engine controller 1310 through the bus 1316-1317, so that The round engine controller can access the result of each successive password round, and this result is provided to the next round of passwords by the round engine 1320 through the NEXTIN bus 1318. The password entry key in the key random access memory (not shown) It is accessed through the recording key random access memory bus 1315. The signal of the encryption / decryption bus (ENC / DEC bus) 1311 instructs the round engine to use the secondary operation to perform either encryption (such as S-Box) or decryption (such as reverse S-Box). The content of the round calculation bus (rnDCON bus) 1312 instructs the round engine 1320 to execute either a first advanced encryption standard round, an intermediate advanced encryption standard round or a last advanced encryption standard round. The response indicates a One of the password keys automatically expands the control block to generate the content of the block. The recording controller 1330 displays the key to generate the bus (GENKEY bus). The signal of 13 14 instructs the round engine 1320 to generate a recording key schedule based on the recording keys provided by the remaining key bus 1313. The recording key bus 1313 is also used to provide each round recording key to the round engine 1320 in its corresponding During round execution. The response is provided to one of the round engine controllers 1310 via the control block register 1302. A block size of data in the control block is bad. This block size controller 1330 sets the block size bus. (BLKSIZE bus) The value of 1319 indicates the size of the input and output text blocks used during encryption and decryption operations. In one embodiment, the value of the block size bus 1319 indicates a 128-bit block, a 192-bit block, or a 256-bit block. The round engine 1320 includes a first key mutex or (x〇r) logic circuit 1321, and this first recording key mutex or logic circuit 1321 is combined into a first register (temporary-0) 1322, this first The register 1322 is coupled to the S-Box logic circuit 1323, and the S-Box logic circuit 1323 is coupled to the shift logic circuit Shift 1324 'This shift logic circuit 1324 is coupled to 39 200536332 1325 'This second register 1325 handles C01Um) logic circuit 1326, this mixed logic circuit series: Post ^ a third register (temporary_2) 1327. The first key is mutually exclusive, 1321 '& Βχχ logic circuit 1323, shift logic circuit HC) > ^ and the mixed column logic circuit 1326 is configured based on block size. Enter textual information, such as the advanced encryption standard FIpS standard that can be discussed. Mixed logic logic is used to perform advanced encryption during the middle round when additional round keys provided by the recording bus and tablet are required.

Tin ^ or function for entering data. First key mutually exclusive OR logic circuit, m: ^ BOX logic circuit 1323, shift logic circuit 1324, and

[Circuit 1326 is also configured to perform its relative inverse white-quasi-quadratic operation during decryption by using the encryption / decryption bus (ENC / DEC +11 status indication). Those skilled in the art may know the M material It is returned to the round engine 1320 according to the encryption mode specified by the control block register 1302. The initial vector data (if required) is provided to the round engine 1320 through the ΝΕΤΙΝ bus 1318. In the embodiment shown in the figure, the round engine is divided into two stages. A first stage is between the first register (temporary_0) U22 and the second register (temporary-1) 1325 and a first register The second stage is between the second register (temporary — 1325 and the third register (temporary_2) 1327). The data of the middle round is synchronized _ clock signals (not shown) are processed in the pipeline between the stages. The round of the block = the second time completes the cryptographic operation, and its associated output data is placed in the corresponding round-out register 1307-1308. The execution of a stored micro-instruction makes the contents of the designated output register 1307-1308 provided to the storage Bus bar (not ^ please refer to the fourteenth figure, which is an implementation of the present invention For example, a flowchart of a method for preserving the state of password parameters during an interruption. When a micro-processing cry ^ 200536332 according to the present invention, an instruction flow is executed, the method flow starts from step 1402. The above instruction flow does not need to include something like this The password instruction described. Then the method flow is processed to decision step 1404. At decision step 1404, it is determined whether to process an interrupt event (such as a maskable interrupt, non-maskable interrupt) that requires the instruction stream to be changed by an instruction stream (interrupt handler). Mask interrupts, page faults, task switches, etc.) If yes, the method flow proceeds to step 1406; if not, the method flow skips to step 1404, and its instruction execution continues until an interrupt event occurs. Step 1406, because an interrupt event has occurred, before transmitting the control program to a corresponding interrupt handler, the interrupt logic circuit clears the X bit in a flag register according to the instructions of the present invention. The X bit clearing ensures the interruption from the interrupt When the handler returns, if a block cipher operation is in progress, it instructs to exclude at least one interrupt event and indicates The display control block data and key data must be reloaded before the input data block currently pointed to by the input index register is continued with the block password calculation. Then the process proceeds to step 1408. At step 1408, all architectures are temporarily stored. The device includes the relevant indexes and counts of the block cryptographic operation of the present invention and are stored in the memory. Those skilled in the art can know that the storage of the structure register is completed on the current data computing device before transferring control to the interrupt routine. Therefore, in an embodiment of the present invention, the current data structure is explored to provide transparency of the execution output volume of the interrupt event. After the temporary register is stored, the method flow proceeds to step 1410. In step 1410, the program flow is transferred to an interrupt handler. Therefore, the method flow proceeds to step 1412. At step 1412, the method flow is completed. Those skilled in the art may know that the method of FIG. 14 starts from step 1402 according to the return of the interrupt handler. 41 200536332 Please refer to the fifteenth figure, which is a flowchart of a method for performing a cryptographic operation on a plurality of input data blocks and using a user-specified block size when there is at least one interrupt event in a preferred embodiment of the present invention. 1500. For the sake of brevity, the process of performing the specified cryptographic operation according to the block cipher mode is omitted. The block cipher mode requires the update and storage of the initial vector equivalent between blocks (such as output feedback mode and password feedback mode). However, the method of the present invention includes other block cipher modes. The method flow starts from step 1502, wherein a cryptographic instruction according to the present invention instructs a cryptographic operation to begin. The above-mentioned cryptographic instruction execution can be executed first or after the first > execution is executed due to the interrupted execution of an interrupt event, thereby transferring program control back to the cryptographic instruction after the execution of the interrupt processing program is completed. The process proceeds to step 1504. In step 1504, a data block in the memory is loaded and a specified cryptographic operation is started, wherein the above-mentioned block data is specified by the content of the input index register according to an embodiment of the present invention. In one embodiment, the block size used to load the data blocks is 128 bits. Therefore, when the block size used is not 128 bits, before issuing a password instruction, the instruction must be executed to clear the X bits. In an x86 compatible embodiment, it utilizes the 30th bit in an x86 flag register. This X bit can be cleared by sequentially executing a PUSHFD instruction and a POPFD instruction. However, those skilled in the art will know that in another embodiment, there are other instructions for clearing X bits. In one embodiment, the specified cryptographic operation is performed according to the advanced encryption standard rules. The method flow then proceeds to decision step 1506. In decision step 1506, it is determined whether to set an X bit in a flag register. If the X bit is set, it indicates that the control word group and key schedule currently loaded into a cryptographic unit according to the present invention are valid. If the X bit is cleared, it indicates that the control word of the above-mentioned cryptographic unit is currently loaded. 42 200536332 Group and key scheduling are invalid. As discussed above with reference to Figure 14, when an interrupt event occurs, the X bit is cleared. If the X-bit system is set, the method flow proceeds to step 1524; if the X-bit system is cleared, the method flow proceeds to step 1508. At step 1508, because a clear X bit indicates that either an interrupt event was generated or a new control word and / or key data was loaded, a control word is loaded from memory. In one embodiment, the loading control block stops the cryptographic unit from performing the cryptographic operations mentioned in step 1504 above. Step 1504 in this embodiment starts a cryptographic calculation, taking into account the optimization of multiple 128-bit blocks using the electronic codebook mode, which is based on the assumption that the currently loaded control word and key data are used , And assuming that the implementation of the electronic codebook mode in a 12-bit input block is the most commonly used block cipher mode. According to the above, before determining the reset of the X bit in the decision step 1506, the current input data block is loaded and the password operation is started. The method flow then proceeds to decision step 1514. In decision step 1514, the data block size block in the retrieved control block in step 1508 is evaluated to determine the size of the input and output text blocks used during the execution of the specified cryptographic operation. If the value of the data block size field specifies a 192-bit block, then the method flow proceeds to step 1510. If the value of the size of the tribute block specifies a 128-bit block, the method flow proceeds to step 1516. If the value of the size block of the tribute block specifies a 256-bit block ', the method flow proceeds to step 1518. In step 1510, the block size bus in the block password stitching circuit of the present invention is set to instruct its round engine to perform a cipher operation of a 192-bit data block. The method flow then proceeds to step 1512. At step 1512, the cryptographic key data is loaded from the memory. According to the status of the remaining key generation field and the key size field in the control word group, the key asset 43 200536332 ~ 佞, the user generates a key row—the remaining key schedule. Then, the “not” part is loaded from the memory (for example:,), which is to carry an initial key and expand it into the process of processing to step 1522. At step 1516, because the block password logic bus is preset For the 128-bit data = the block size in step 1512, the block is described, so you must load / expand the secret purchase material by referring to the above process to = 2. Then, in step 1518, the block cipher logic of the present invention is The small bus is set to instruct its turn engine to perform the cryptographic operation of the 256 ^^^ data block. Then the method flow is processed to step ⑸〇, step 152, refer to the loading described in step 1S12 above. / Extend the fork code key data. Then the method flow is processed to step 1522. ^ Step 1518, the input block is referenced in step 1504, and the block size specified by the control and the block size block value of the medium material is reloaded ^, And start the password operation according to the newly loaded control word group and key schedule. Then the method proceeds to step 1524. In step 1524, an output block corresponding to the loaded input block is generated. In terms of encryption, The input block is a plaintext block and the output block is a corresponding ciphertext block. For decryption, the input block is a ciphertext block and the rotation block is a corresponding plaintext block. Then the method The process is processed to step 1526. At step 1526, the generated output block is stored in the memory. Then the method process is processed to step 1528. At step 1528, the content of the input and output block index register is based on the data in the control block. The value of the block size block is modified to refer to the next input and rotation of the data block. In addition, the content of the block count register is modified to indicate the current cryptographic operation of the input data block. Refer to the fifteenth 44 200536332 In one embodiment discussed in the figure, the block count register is decremented. However, those skilled in the art can consider and process the content of the block count register to consider the input text in another embodiment. The pipeline of the block is executed. Then the method flow is processed to step 1530. At decision step 1530, it is decided whether to continue to calculate an input data block. In the embodiment for describing the characteristics, the evaluation area is evaluated. It is determined whether the block counter is equal to zero. If there are no remaining blocks available for operation, the method flow is processed to step 1534; if there are remaining blocks available for operation, the method flow is processed to step 1532. g In step 1532, load The next input data block is as indicated by the content of the input indicator register. Then the method flow is processed to step 1524. At step 1530, the method flow is completed. Although the present invention and its objects, features and advantages have been described in detail, However, other embodiments should also be included in the present invention. For example, the present invention has discussed length according to embodiments compatible with the x86 architecture, but these discussions have provided such a way because the x86 architecture is easy to understand and provides enough ways to teach this invention. However, the present invention includes embodiments commensurate with other instruction set architectures, such as: PowerPC, MIPS, and the like, as well as a new instruction set architecture with a full φ. The present invention further includes the execution of cryptographic operations of other components outside the microprocessor in the computer system. For example, the cryptographic instructions according to the present invention can be easily applied to an embodiment of a cryptographic unit. This embodiment is not as a microprocessor part. The same integrated circuit is implemented in some computer systems. Such an embodiment of the present invention is to incorporate a chipset (such as Northbridge, Nanqiao) surrounding a microprocessor, or when a processor is used to perform cryptographic operations, its cryptographic instructions are transferred by the main microprocessor ( hand off) to this processor. The invention can be applied to embedded controllers, industrial controllers, signal processors, array processors, and any similar devices that process data. The present invention also includes an embodiment that includes only components necessary for performing cryptographic operations. Such embedded devices not only perform cryptographic operations, but also provide low cost, low power, such as encryption / decryption processors in communication systems. For brevity, the present invention refers to these alternative processing elements as the aforementioned processors. In addition, although the present invention refers to 128-bit blocks, the size of many different blocks can be applied by changing the size of the register, where the register transmits input data, output data, keys, and control words. And, although this application is significantly characterized by data encryption standards, triple data encryption standards, and advanced encryption / quasi-algorithms, the present invention also includes less-known block cipher algorithms, such as MARS ciphers, Rijndael ciphers, Twofish password, Blowfish password, Serpent password, and RC6 password. It is well understood that the present invention provides a device and a supported algorithm for block ciphers in a microprocessor, and the primitive block cipher operations can be initiated by the execution of a single instruction. Moreover, although the present invention is characterized by the implementation of the block cipher algorithm and its related technology here, other forms of passwords besides the block cipher are also included in the scope of application of the present invention. It is sufficient to observe that a single instruction is provided, whereby the user can instruct a corresponding microprocessor to perform a cryptographic operation, such as encryption or decryption. The microprocessor includes a cryptographic unit, and the cryptographic unit is completed according to the instructions. The password function specified by the instruction. Moreover, the round engine discussed here provides a two-stage device that can pipeline input data of two blocks, but other embodiments may also consider more than two-stage devices. The allocation of phases to pipeline processing that supports more blocks of input data will develop and coordinate the allocation of other phases in a symmetric microprocessor. Finally, although the present invention specifically discusses supporting a single cryptographic unit of a plurality of algorithms, the present invention also provides multiple cryptographic units that are understood to operate side-by-side with other execution units in a symmetric microprocessor. The 200536332 code unit is configured to perform a specific cryptographic calculation, for example: a first unit is configured to perform an advanced encryption standard algorithm, a second unit is configured to perform a data encryption standard algorithm, and the like. The above is only a preferred embodiment of the present invention, and is not intended to limit the scope of patent application of the present invention; all other equivalent changes or modifications made without departing from the spirit disclosed by the present invention shall be included in the following The scope of patent application. [Schematic description] The first diagram is a block diagram of a current cryptographic application; the second diagram is a block diagram of a cryptographic operation technique; the third diagram is a block diagram of a microprocessor device that performs a cryptographic operation in the embodiment of the present invention; The fourth figure is a block diagram of an embodiment of an atomic cryptographic instruction in the embodiment of the present invention; the fifth figure is a table of an example of the field encryption mode block value of the primitive cryptographic instruction of the fourth figure; the sixth figure It is a block diagram of a cryptographic unit in an x86-compatible microprocessor of the present invention. The seventh diagram is a block diagram of an example microinstruction stall indicating a cryptographic operation in the microprocessor of FIG. 6. The eighth diagram is the seventh. Figure 9 is a table for loading the micro-instruction temporary field value format; Figure 9 is a table for storing the micro-instruction temporary field value format in Figure 7; Figure 10 is an example of a control block format for specifying a password operation parameter of the present invention. Block diagram, 47 200536332 The eleventh figure is a table of unique values of the control subgroup data size of the tenth figure; the twelfth figure is a block diagram of a preferred implementation of the cryptographic unit of the present invention; the thirteenth figure is the present invention Execute there A block diagram of an embodiment of the Advanced Encryption Standard (AES) algorithm cryptographic cryptographic block encryption logic circuit embodiment; the fourteenth figure is a flowchart of a method for preserving the state of cryptographic parameters during an interruption event of the present invention; and The fifteenth figure is a flowchart of a method for performing a cryptographic operation on a plurality of input data blocks using a user-specified block size during one or more interrupt events of the present invention. [Description of main component symbols] 100 Block diagram of computer password application 101, 102, 103 Computer workstation 104 Notebook computer 105 Local area network 106 Network file storage device 107, 111 Router 108 Wireless network router 109 Wireless network 110 Wide area network 112 Encryption / Decryption Application 200 Block Diagram of Cryptographic Operation Technology 201 Microprocessor 202 Operating System 203 Application Memory 204 Password Key Generation Application 205 Key Schedule 206 Encryption Application 207 Decryption Application 208 Initial Vector 209 Password Parameters 210 plaintext 43 200536332 211 ciphertext

300 301 303 305 307 309 311 313 315 317 319 321 323 324 325 327 400 402 404 Execute cryptographic operation microprocessor microprocessor translation logic circuit storage instruction register group remaining index input text indicator block count data cache storage Logic circuit block diagram of the memory password control block of the memory bus system 302 Draw logic circuit 304 Microinstruction 彳 Column 306 Load instruction 308 Control block index 310 Initial vector index 312 Round-out text index 314 Load logic circuit 316 password unit 318 write back logic circuit 320 operating system 322 password instruction initial password key or key schedule initial vector output text password instruction repeat pre-block block block password mode block 326 328 401 enter text to execute logic circuit option pre-block Bit Opcode Field 500 600 602 Table of Block Password Mode Field Values Microprocessor Translation Logic Circuit Extraction Logic Circuit Translator 49 200536332 609, 611, 613, 615 micro-queue

Load the table of microinstruction register field values Store the table of microinstruction register field values 605 Staging stage 607 Loading stage 612 Floating point unit 616 Streaming extension unit 618 Storage stage 620 Loading bus 622 Storage bus 625 X-bit 627 Interrupt signal 629 E-bit 631 D-bit 634 Bus 700 Microinstruction 702 Data register block 604 Microcode read-only memory 606 Addressing phase 608 Execution phase 610 Integer unit 614 Multimedia extension Set unit 617 Password unit 619 Write back stage 621 Suspend signal bus 624 Flag register 626 Interrupt logic circuit 628 Machine special register 630 Feature control register 632 Execute logic circuit 640 Key generation logic circuit 701 Micro operation Code block 703 Register field 800 900 1000 Control block format 1002 Data block size field 1004 Encryption / decryption field 1006 Key generation field 1001 Reserved field 1003 Key size field 1005 Intermediate result Field 1007 Calculation field 50 200536332 1008 Round calculation field 1 100 Data block size field value table

1200 password unit 1201 block password logic circuit 1202 key random access memory 1203 micro instructions are temporarily stored as 1204 control block register 1205, 1206 input register 1207, 1208 key register 1209, 1210 output register 1211 loading bus 1212 storage bus 1213 pause signal 1214 block diagram of the microinstruction bus 1300 block password logic circuit 1301 microinstruction register 1302 control block register 1303, 1304 key register 1305, 1306 Input register 1307, 1308 output register 1310 round engine controller 1311 encryption / decryption bus 1312 round calculation bus 1313 key bus 1314 key generation bus 1315 key random access memory bus 1316, 1317 bus 1318 NEXTIN bus 1319 block size bus 1320 round engine 1321 first key mutex or logic circuit 1322 first register 1323 S-BOX logic circuit 1324 shift logic circuit 1325 second register 1326 mixed column logic circuit 1327 Third register 1402 starts 1404 interrupt? 1406 Clear X bit 1408 Storage architecture register 51 200536332 1410 Processing interrupt 1412 End 1502 Start 1504 Load the rotation block (default) and start 1506 Is the X bit set? 1508 Load control word and reset 1510 Set 192-bit block round engine 1512 Load / extend spare key schedule 1514 Data block size? 1516 Load / Expand key schedule 1518 Set 256-bit block turn engine 1520 Load / Expand key schedule 1522 Load input block (again) and start 1524 Generate output block 1526 Save output block to memory 1528 Update block count and indicator 1530 Is the block count zero? 1532 Load input block and start 1534 End 52

Claims (1)

200536332 10. Scope of patent application 1. A device for performing cryptographic operations, including a cryptographic instruction circuit, used to generate a computing device to receive and rob each of them. The cryptographic instruction is composed of The password instruction specifies one of the instruction block's one of the instruction stream's-part block size; calculates it with a ^ code-and a plurality of assets are executed on the logic circuit, and the operation is performed by a person. The specified cryptographic operation; df makes the circuit, and is configured to make the miscellaneous specified data iitr fee code operation during the implementation of the device described in item 1, wherein the cryptographic operation further includes: text = cryptographic operation Encryption of a plurality of plaintext blocks to generate a prostitute as described in phase 3, wherein the cryptographic operation further includes: "Unlocking the Heroes, Dissimilarity Contains Decryption of a plurality of ciphertext blocks to generate relatively plural plaintexts Block. Brother Songshan used the prostitute described in item 1 in the housing 4 · 1 ^ ί8 ^ Cai to shoot the designated data. The block size is 5. If the device described in the package is described, its towel is _ mirror block size is 6 . As a prostitute in item No. 〖, the quilt ㈣The block size is 256 bits 70. 7. As for the device described in the scope of the patent application, the rules for the encryption standard of bribes are implemented. 8. If a prostitute is used, it is used for configuration. The size of a data block in one of the control blocks is reflected by the translation code instruction. 9. The device according to item 丨 of the patent application scope, wherein the password instruction is based on the χ86 53 200536332 instruction The format is specified. The device and the bribe code age are implied. 11. The device as described in item 1G of the patent application scope, wherein the temporary-number-registers are included. °° bit, the -th-indicator, the first-memory address is calculated according to the specified cryptographic operation to specify a first position in the memory to access the plural = input = the size of the input text blocks is determined by Min's information is small and & 疋 0 12 · The device as described in item 10 of the scope of patent application, wherein the two temporary registers are stored in the second register: wherein the content of the second register includes a pointer to a second memory -The second index of the body address, the second memory address refers to ^ A plurality of output text blocks in the memory. Relative to these output text blocks, the specified password calculation is performed according to _ input text blocks. The device described above, wherein the registers include:?: The content of the third register is indicative of a plural number of entries: === Let the size of the input text blocks in the system be based on 14. = Please follow the _ 1G, where the content of the fourth register contains a pointer to a third record, the third memory address specifies the first memory in the memory! Completion of the specified cryptographic calculations. The first reward is narrative, and its finders include: Recall L: i: 第 = Register The content of the register contains the pointing-fourth note 番 Fangu Dizhi 軚, the brother's four memories The first and second brothers in the body address designation memory include an initial vector position 'the initial vector position, or the initial vector equivalent, which is used to complete the specified 200536332 cryptographic operation. 16 The device described in ΓΛΛ, where the registers include: The address of the emotional body: Knowing the content of temporary storage 11 refers to pointing to a fifth record ^ set to summarize the date ΐ 'the fifth memory address The first control word group in the designated memory organizes the word magic—if word group is used to complete the specified password operation, in which the person controls the password parameters of the specified password operation, and 3 · = District used to do the calculation of the calculation 17 · 17 ·: = The device for performing cryptographic operations described in item 1 'where the execution two' is configured to execute multiple passwords in each input text block to generate a mother —Relative text block, in which the specified data block size is 18 · —A device for performing cryptographic operations, including one of the cryptographic units in the component, the cryptographic unit is configured to execute a plurality of First, in response to receiving a cryptographic instruction in a command stream, the cryptographic reference is provided by a cryptographic instruction circuit, and the cryptographic instruction specifies a designated cryptographic operation, and specifies one of the to-be-used when performing the designated cryptographic operation. Block size; and a block size logic circuit operatively coupled to the cryptographic unit to 'designate' the component to use the block size during the designated period during which your code is shipped. 19. The device according to item 18 of the scope of patent application, wherein the specified block size includes 128 bits. 20. The device described in item 18 of the scope of patent application, wherein the specified block size includes 192 bits. 21 • The device as described in item 18 of the scope of patent application, wherein the specified block size includes 256 bits. 55 200536332 22. As described in item 18 of the scope of patent application a. Implementation according to the rules of the advanced encryption standard It is configured to translate the password refers to the setting of the password, the size of the circuit block, the size of the circuit block, 7 h, and one of the control words in the control block. 24. If the scope of patent application Item 18 specifies the x86 instruction format. Clothing, / ,,,,,,,, and the code privacy order are based on 25 ·-a method of performing complement code calculations on the-device, including the specified data block size when the specified password operation is performed. The method according to item 25, wherein the reception contains a 'control block' which is referred to by the cryptographic command. [Bamboo dagger] /, the 27. If you apply for the method described in Section 26 Gu, the designation includes: Designating 128 bits as the specified data block size. 28. The method according to item 26 of the scope of patent application, wherein the designation includes: designating 192 bits as the designated data block size. 29. The method according to item 26 of the scope of patent application, wherein the designation includes: designating 256 bits as the designated data block size. 30. The method according to item 25 of the scope of patent application, wherein the use includes: performing a specified cryptographic operation in accordance with the rules of an advanced encryption standard. 31. The method according to item 25 of the scope of patent application, wherein the receiving includes: specifying that the password instruction is based on the x86 instruction format. 56