TWI253268B - Microprocessor apparatus and method for optimizing block cipher cryptographic functions - Google Patents

Abstract

The present invention provides an apparatus and method for performing cryptographic operations on a plurality of input data blocks within a processor. In one embodiment, an apparatus for performing cryptographic operations is provided. The apparatus includes a cryptographic instruction and translation logic. The cryptographic instruction is received by a computing device as part of an instruction flow. The cryptographic instruction prescribes one of the cryptographic operations. The translation logic translates the cryptographic instruction into micro instructions. The micro instructions are ordered to direct the computing device to load a second input text block and to execute the one of the cryptographic operations on the second input text block prior to directing the computing device to store an output text block corresponding to a first input text block. Consequently, the output text block is stored during execution of the one of the cryptographic operations on the second input text block.

Description

[Technical field to which the invention pertains] _ and ^ inventions relate to the field of microelectronics, >, calculations and methods for optimizing the order of U commands, thereby increasing the number of computing devices 2 [prior art] Early computer systems are independent The operation of i in the computer system is stored in the computer system is stored in the computer system is provided by the application 2; and the application execution results are generated, printed for the output of the paper, or write to other types of storage devices Archives. The output of the application executed in the same computer system was previously saved as a file and can be removed. It can also be supplied to different but compatible power. In these early systems, protection of confidential assets In other information security measures, password-based confidential information was not authorized to be disclosed. These are scrambled and unscrambled in the output data. In the next few years, users began to discover the benefits of providing information sharing access, and therefore data transfer agreements and the like have evolved into not only forces, but also their distinctive features. For example, it is especially useful for a type of 3 to perform cryptographic operations. The output tape, the output file input file, or the input program that can be used to transmit the brain system is stored in the code program. The information on the input of the brains, the disk or the case can be filed, or the application of the storage to be sent to the public development and the general system is outside the storage, the data, in the form of execution of the electricity is the latter, when The storage device program recognizes and applies the computer workstation that connects the computer to the network architecture and the operating system supports access to the shared data by using the network to store the data. Take

Page 8 "i", Invention Description (2) Access news and other information on different workstations or network file servers, or log in and receive electronic messages (such as e-mail), or Connect and provide credit card or bank information to purchase products, airports or other public places using wireless networks. Therefore, protect confidential information and transmission from unauthorized growth, and in certain circumstances, use confidential information. The situation has also increased greatly. At present, news-minded security issues, such as spam (spam), reverse engineering, mischief and credit card fraud, are several. When these intrusions into the private sector from various aspects, there are premeditated plans. The cyberattack, the execution of the responsible executive unit and the response to the public education program. However, this has curbed the wave of computer information. The old government is the spy of concern, and now it is the same as the average person; the spy reads them. E-mail or check the account transaction from his ^. Before the business, familiar with the corporate body from small to large Before applying its resources, it is the most important information. The information security field provides our technology and devices so that they can only be depleted by designated individuals. This is the cryptography. When it is especially used to protect the information in the storage room, the password is the most Often used in the conversion of secret ''plaintext or cleartext) to become difficult to understand 'or other profit-making goods, or the above-mentioned needs of the need to be forced to protect the bar usually set the target of the hacker, the public In response to the lack of new laws and financial institutions have become part of the heavy-duty computer program to use the Internet computer to transmit the computer system in the restaurant, the activity has been urgently guarded against the mistakes in the machine. Strictly uneffective, the military wants to access him to know the protection of the coded information, and the password or the information transmitted to the computer (called "clear text" (called '' dense

.-Τί ί2$3268 1 V. Description of invention (3) - text ''; ciphertext). The conversion process of transforming plaintext into ciphertext is called encryption (enciphering; ciphering), and the reverse conversion process of transforming ciphertext is called decryption (decryption; deciphering; inverse ciphering). In the field, several programs and protocols have been developed to allow users to perform cryptographic operations without much knowledge and effort, and to enable these users to transmit or provide informational forms of information products for different uses. By. Along with the encoded information, the sender typically provides the recipient a 'cryptographic key' to enable the recipient to decode the encoded information, thus enabling the recipient to recover or obtain the original information of the access code. Experts can be aware that these programs are generally implemented in the form of password protection, mathematical algorithms, and application programming to encrypt and decrypt confidential information. The types of algorithms currently used to encrypt and decrypt data.演曾篡=According to the above type (for example, an RSA algorithm, public key cipher = ΪΪ ,, two cipher keys) - open material and private key, encryption, key system. Root Ϊ some public key calculus In the law, the recipient's public key is used to encrypt the data transmitted to the recipient, because there is a number of receivers 2 / sub-users between the user's public key and the private key, so the use of this private secret The key decrypts this wheel to recover this data. Although the operation ί, the cryptographic algorithm is widely used in today, its encryption and decryption is extremely slow. As for a small amount of data.—The second type of algorithm can be symmetric key algorithm, providing the same level of data security and execution. These algorithms are called symmetric key algorithms because he

12„ 2 3 1353263⁄4 V. Description of invention (4) Use a single cipher key for encryption and decryption information. In the public section, there are three popular single key (sing le_key) cipher algorithms: data syllabus standard (Data Encryption Standard; DES), triple des, and Advanced Encryption Standard (AES). Because these algorithms protect the strength of confidential data, US agencies are currently using these algorithms, but those skilled in the art anticipate these calculations. In the future, one or more algorithms will become the standard for commercial and unofficial transactions in the near future. According to all these symmetric key algorithms, plaintext and ciphertext are divided into blocks of specified size for encryption and decryption. For example, AES performs a cryptographic operation on the size of a 128-bit block, and uses a cipher key length of 1 2 8 bits, 1 9 2 bits, and 2 5 6 bits. Other symmetric key calculus goes 'for example Rijndael Cipher also allows 192-bit and 256-bit blocks. According to this, for a block cipher operation, a plain message of 1 0 2 4 bits It is used as a block of 8 1 28 bits. All symmetric key algorithms use the same form of sub-operation to encrypt the plaintext of a block, and are extended according to many more commonly used symmetric key algorithms 'an initial cipher key A plurality of keys (for example: a "key row &") 'each key is used as a secondary operation corresponding to your code round and executed in the plaintext block. For example, the first key of the shot schedule is used to perform the first password round of the secondary operation in the plaintext block, and the result of the first round is used as the input of the second round, wherein the second round utilizes the key scheduling The second key is used to generate the second result, and a specific specified number of subsequent rounds of execution produces a final round result, ie, a secret text body. According to the AES algorithm, the sub-operations in each round refer to the SubBy tes in the literature (or

.S-box), SluftRows, MixColums, and AddR〇und. The decryption of a piece of ciphertext is similarly processed and accompanied by the execution of the exception at each time. The final result of the round is the plaintext of a block. The above exceptions are: text input anti-encryption and reverse-order execution (eg: Ιηνα% ''Mountain

MixColumns, Inverse ShiftRows) 〇DES and Triple DES use different specific sub-operations, but the calculation is similar to the AES sub-operation 'because it uses a similar way to turn the plaintext of a transport block into a ciphertext of one block. .

Perform cryptographic operations on multiple consecutive blocks of text. All symmetric key algorithms utilize the same type of pattern, including electronic code book (ECB) mode, cipher block chaining (CBC) mode. , cipher feedback (CFB) and output feedback mode (〇utpi^ feedback; 0FB). Some of these modes utilize an additional initialization vector during the execution of the secondary operation, and some use the ciphertext output that is executed in the first set of the first block of the plaintext after the code round as an additional input to the second block of clear text. The second set of password rounds. In addition, the field of this application provides a deeper discussion of each of the cryptographic and sub-operations used in today's symmetric key cryptography algorithms. For specific specified implementation criteria, the reader may be notified by the Federal Information Processing Standards Bulletin 46-3 (Federal Irif0rmatiQn,

Processing Standards Publication; FIPS-46-3), published on October 25, 1999, with a detailed discussion of DES and Triple DES; and US Federal Information Processing Standards Bulletin 197 (FIPS-197), published November 26, 2001 'Get a detailed discussion of AES. The two standards mentioned above are

Page 12

ιΙ25356§ I _^一-^ V. Description of the invention (6) - Published and claimed by the National Institute of Standards and Technology (NIST), which is hereby incorporated by reference for all intents of the present invention. Description of purpose. In addition to the standard 'tutorials, white papers, kits, and resource articles mentioned above, you can use the Internet http:// /csrc· ni st. gov/ at the Computer Security Center at NI ST (Computer Secur i ty Resource Center; CSRC). Those skilled in the art will recognize that many applications can execute on computer systems that can perform cryptographic operations (eg, encryption and decryption). In fact, some operating systems (e.g., Microsoft Windows XP, Linux) provide direct encryption/decryption services in the form of cryptographic primitives (p r i m i t i v e ), cryptographic application interfaces, and the like. However, the inventors have observed defects in some aspects of today's computer cryptography, and therefore these defects are emphasized and discussed by the first figure. The first picture is a block diagram. Figure 1 〇 〇 illustrates the current computer password application. The block diagram 100 depicts the first computer workstation 101 connecting to the local area network 〇5, and the area network 105 is also connected to the second computer workstation 1, 2, the network file storage device 1-6, the first router 107 or other interface form. The wide area network 11 (for example, the Internet) and the IEEE 802.1 1 compliant wireless network router 108, the notebook computer 104 is interfaced with the wireless router 108 via the wireless network 1-9. In the wide area network 11() aspect, the second router provides an interface to the third computer workstation 103. As outlined above, today's users face many times of computer information security issues during their work. For example: in today's multiplex (multi_tasking) operation

1253263⁄4 ' : .. j V. Invention description (7) ' '~' --- Under the control of the system, the user workstation 1〇1 can execute multiple tasks at the same time and each task requires cryptographic operations. The user workstation 101 requires an encryption/decryption application 11 2 (whether part of the operating system or invoked by the operating system) to store the zone file in the network slot storage device 106, in file storage. At the same time, the user can transmit an encrypted message to the second user at the workstation 102, wherein the workstation ι2 also requests an example of the encryption/decryption application 112, and the encrypted message may be instant (eg, instant message). Or it is not instant (for example: e-mail). In addition, users can access or provide their financial information (such as · credit card numbers, financial transactions, etc.) or other forms of confidential information from workstations 1〇3 via the WAN. The workstation 1〇3 may also represent a home office or other remote computer 103 that allows the user of the workstation 101 to access any shared resources of the regional network 105, 1〇1, 1〇2, when leaving the office. 106, 107, 108 and 1〇9. Each of the activities mentioned above requires a relative example of priming the encryption/decryption application 12, and the wireless network 〇9 is currently generally available in coffee shops, airports, schools, and other public places, thereby facilitating user notebooks. The computer 4 not only encrypts/decrypts the messages transmitted/received by other users, but also encrypts and decrypts all communications through the wireless network 1 to the wireless router 108. Those skilled in the art will thus be aware that in the workstation 丨Obi 〇4, along with each activity requiring a cryptographic operation, there must be a relative requirement to invoke an example of the encryption/decryption application 112, thus the computer 101-104 is recently In the future, it is possible to execute hundreds of passwords at the same time.

Milk i厶2 ;5 H53268

V. Description of invention (8) The person in charge of the day, the month of the second month, the t9, the decryption, the use of the r弋%, the above-mentioned electric system 1 〇1 -1 0 4 by citing encryption / limit one of the second example 2 Or more examples of the method of performing cryptographic operations. The software of the procedural plan performs a specified function, which is slower than the same function. And each time the encryption/decryption application is executed and the password* computer 1 104 104 execution tasks must be suspended, etc.) must be transparent (for example: plaintext, ciphertext, mode and key into a densely transported system) Communicating to the encryption/decryption application 112 is an example that is motivated by the difference in the horse's movement. And because of the weight, the control area, such as the data area, please quote #々Α 口巧在码 Shoulder The operation of the fingerprint 112; r ^ private Xu Xi back to the beta operation, the encryption / decryption application speed produces Ding not L many computer instructions to perform the processing of the overall system 〇u11 ook偻, / The artist can be aware of Microsoft

# ^ λ ^迗1 The time to encrypt an email message will be equivalent to five times that of an unencrypted email message. In addition, the current technology is limited by the application of Lisi's application and provides a complete second-person delay. Most. Straight Lear π to generate or encrypt/decrypt components::? Systematic: A component or plug-in application to perform the above tasks, in addition to knowing that the system is being transferred due to interruptions and other ongoing operations.仃 Apply private printing and the 'inventors have noticed that in today's mines, the symphony operation is similar to the microprocessor's secret operation. The early floating-point unit operation was very slow by the floating-point mathematics of the meta-time; (5) the floating 'point operation' was performed by the software. The floating-point technique of the line was further developed, and the floating-point aid was used: the transport was also extremely slow. For execution, these floating-point assisted processing = 柃 柃 柃 指令 TM TM 仃 仃 仃 仃 仃 仃 仃 仃 仃 仃 仃

1253268 _ _____—--—" V. Invention Description (9) - A lot faster, but it increases the cost of the system. Similarly, the microprocessor is currently attached to the circuit board or the external device and the main processing device, or other interface bus (for example, USB) to form the interface w, the sub-Asian, these auxiliary processors It can make the completion of cryptographic operations much faster than pure software "^^. However, the cryptographic auxiliary processor increases the system's lighting requirements to require additional power and reduce the overall reliability of the system. The implementation of the cryptographic auxiliary processor has its weaknesses for deliberate snooping because the data channel is not on the same die (d i e ) as the main microprocessor. The inventor therefore confirmed the need to add a cryptographic hardware to the present microprocessor, whereby an application requiring cryptographic operations can instruct the microprocessor to perform cryptographic operations by a single id (o om ic ) cryptographic instruction. The inventor has also confirmed that this function should be used to limit the requirements for operating system intervention and management, and that password commands can be used for the application's privilege level and the password hardware can be commensurate (c〇mp〇rt with). The general architecture of today's microprocessors, and the cryptographic hardware and associated cryptographic instructions support compatibility with previous operating systems and applications. It is more desirable to provide means and methods for performing cryptographic operations that prevent unauthorized surveillance. It supports and can be programmed for multi-password calculus; it supports verification and testing of entity-specific cryptographic calculations; it allows users to provide keys and generate their own keys; it supports multiple data block sizes and key lengths (key Size ); it provides efficient multi-block pipeline processing; and it provides a programmable block encryption/decryption mode ECB, CBC, CFB and 0FB billion

Page 16

2S326S

V. SUMMARY OF THE INVENTION (10) SUMMARY OF THE INVENTION The present invention provides an embodiment in which a cryptographic logic command is used to translate a logical code instruction from a program stream to a first device to load a password. Operation. In the above, the present invention is configured to rotate (micro ins includes a first direct output to the second output, and the output text corresponds to an issue % - the present invention is used for better, and the code is used. The instruction means the secret device, and the circuit is connected to the micro-finger input. Therefore, the output file solves the above-mentioned prior art to perform for an execution circuit and a transcoding instruction circuit to receive and the code is operatively light. Let the micro-finger block block the input text block and provide a translation micro-instruction and a second micro-loading a second input to the second input sub-block. Text into the text block. The above block, the first output of the first input text block - the micro-instruction is issued after the first instruction provides a problem and a disadvantage in the art of a device. This password is computed in a microprocessor. a device for cryptographic operations, and the device translates a logic circuit (translation generates a cryptographic command, the password means that a command operation is performed on the computing device to specify a cryptographic operation. The cryptographic command circuit is used in conjunction with the cryptographic command to indicate the calculation Before the device stores the text block, instructing to calculate the execution of the input block into the text block to perform a cryptographic operation period is stored. The device includes a sequence microinstruction logic circuit. The microinstruction instruction. The first microinstruction refers to the word block and executes a cryptographic operation. The microinstruction refers to not storing the _text block according to the executed password. The above translation logic circuit issues the microinstruction. The method of cryptographic operation, this side

Page 17

V. The invention (π) method includes translating a password in which the first micro-finger sub-block of the password instruction is executed and executing a micro-instruction, an output text block text block; and after the unit, issuing the password The operation can be stored for this block. : The instruction is a first micro instruction and a second micro instruction, = prescribes - the execution of a cryptographic operation. Directing the device to load a second input text, the cryptographic operation is performed on the second input text block, wherein the device is configured to store a first round of text block, and the cryptographic operation according to the execution corresponds to a first input issues the first micro-instruction to a second micro-instruction of the password to the crypto unit; thereby outputting the text field during execution of the input text sub-block [embodiment] Some embodiments of the invention are described in detail below. Bran, = description, the invention can also be widely implemented in other embodiments, ^ this hair? The scope is not limited, # is subject to the scope of the patents that follow. Moreover, in order to provide a clearer description and a better understanding of the present invention, the various parts of the drawings are not drawn according to their relative dimensions, and the ratio of certain dimensions to other related dimensions has been exaggerated; the irrelevant details are not fully drawn. Out, in order to find the simplicity of the map. In view of the cryptographic operations discussed above and related techniques used to encrypt/decrypt data in today's computer systems, these techniques and their associated limitations will continue to be discussed in the second figure, and the present invention will also be based on the third to tenth The six figures are discussed. The present invention provides an apparatus and method for performing cryptographic operations in today's computer systems, which exhibit excellent performance characteristics through a primary mechanism and

11353268 : Form feed

• and more meet the above mentioned objectives, compatibility with legacy architecture, efficient multi-material block pipeline operability, and more. Such as limiting the intervention of operating systems, the scriptability of algorithms and patterns, 'preventing hacking and testing.' Please refer to the second diagram. Figure 2 depicts the technology for performing weights in today's computer systems. Figure 2 〇〇 contains a microprocessor 2 〇j, which captures instructions and accesses application-related data from a system memory system called application memory 2〇3, while program control and application memory Access to data in volume 2〇3 is typically managed by operating system software 202 that is within the scope of system memory protection. As described above, when an execution application (for example, an email program or a file storage program) requires a cryptographic operation, the execution application must be executed by directing the microprocessor 2 (Π executing a considerable number of instructions). Cryptographic operations. These instructions may be subroutines that execute the application itself, or may be plug-in applications that connect to the executing application, or services provided by operating system 2 。 2. Regardless of their relevance, familiarity The skilled artisan will be aware that these instructions will reside in certain specified or dispatched memory ranges. For discussion purposes, these memory ranges are displayed in the application memory 2 〇 3 and contain a cryptographic key to generate the application private (key generation Application 204, wherein the password key generating application 204 generates or receives a cryptographic key and expands the key into a key schedule for use in the password rounding operation. In terms of multi-block cryptographic operations, Block encryption application (encryption applicati〇n) 2〇6 is invoked (invoke). Encryption application Formula 206 performs access the plaintext (plaintext) block 21〇, the key scheduling

Page 19, V. Invention (13) 2 0 5 and the password parameter 2 0 9 command, wherein the password parameter 2 〇 9 further indicates an explicit cryptographic operation, such as mode, key scheduling position, etc., and requires a specific mode. The encryption application 206 can also access the initialization vector 208. Encryption application 206 executes the instructions therein to generate a corresponding ciphertext block 211. Similarly, a decryption application 281 is motivated to perform a block decryption operation. The decryption application 207 executes instructions for accessing the ciphertext block 2 11, the key schedule 2 0 5, and the password parameter 2 0 9 , wherein the password number 2 0 9 further indicates an explicit cryptographic operation, and when a specific mode is required The initial vector 208 can also be accessed. The decryption application 207 executes its internal revision instructions to generate a corresponding plaintext block 2 1 0. Eight It is worth noting that a significant number of instructions must be executed to generate a cryptographic key and to encrypt or decrypt the text block. The FIPS specification referred to above contains many examples of virtual code enabling a significant number of instructions, and thus those skilled in the art will appreciate that a simple cryptographic operation will require hundreds of instructions and each instruction must be via a microprocessor. 2 0 1 Execution to complete the required cryptographic operations. Moreover, the execution of the instruction to complete the cryptographic operation is generally superfluous for the main purpose of the executing application (for example, file management, instant messaging, email, remote file access, credit card transaction), and the result is wrong for the user. It is not efficient for the currently executing application. As for the independent _ or plug-in encryption and decryption applications 2 06 and 207, the priming and management of these application interpretations must also be subject to other requests from the operating system 2 ' 'such as support interrupts, exceptions (excepti〇n) and worsening problems Similar events. And the computer system requires each simultaneous cryptographic operation, password key generation

Page 20 :: Calling 5. Inventions (14)

Jj^ CD example must be 2 Ο 4, 岔 application 2 Ο 7 and initial vector 2 Ο 8 individual reality ^ must be configured in the application memory 20 3, and is expected to be required by the microprocessor The number of cryptographic operations at the same time as execution will also increase over time. The inventors have noted the problems and limitations of current computer system cryptography, and have confirmed the need to provide means and methods for performing cryptographic operations in microprocessors. Accordingly, the present invention provides a microprocessor and associated method for performing a cryptographic operation through a cryptographic unit of $, which performs a cryptographic operation by a program of a single cipher command. The invention will now be discussed with reference to the third through eleventh figures. Please refer to the third figure, which is a block diagram 300 of a microprocessor for performing cryptographic operations in accordance with the present invention. Block diagram 300 depicts a microprocessor 301 coupled to system memory 32 1 via a memory bus 319 and microprocessor 301 includes a translation logic Mc that receives instructions from the instruction register. Translation logic 303 includes logic, devices or microcode (e.g., microinstructions or native instructions), or a combination of logic, devices, or microcode, or equivalent elements used to translate the instructions into sequences of instructions. These elements that perform translations in translation logic 303 may be shared with circuitry, microcode that performs other functions in microprocessor 3.1, and microcode is a term that refers to one or more microinstructions, depending on the scope of the application. . A microinstruction (also referred to as a native instruction) is an instruction executed at a unit level. For example, the microinstruction is directly executed by a reduced instruction set computer (RISC) microprocessor. As for complex instruction set computer (CISC) microprocessors, such as x86 compatible

Page 21 w ^r\ \ i :i i J = 士理|§ 'The x86 instructions are translated into associated microinstructions and executed directly by the units in the multiplexed processor. The translation logic circuit is thirsty, the queue 304, and the micro-instruction array 304 has a plurality of;; ^30; ^ ^ ?, J304 ^ ^ ^ ^ slave plus red / self #又逻辑軏 circuit, and this temporary The memory bank 307 contains a complex password. The temporary memory 308-313 refers to the corresponding location 323-327 of the system memory 321 _ defense 4 仃彳 仃彳 疋 gun code operation data. The temporary storage port is loaded into the logic circuit 3 1 4, and the loading logic circuit 3 1 4 is used to retrieve the data cache for performing the address exhaustion operation. The data is taken over by the data bus 319. The system remembers this::: The operation specified by the order. Execution logic 328 includes ;;: way, device or microcode (eg, microinstruction or native instruction), or logic stem: I set or! A combination of codes, or used to execute the operations specified by the instruction. Some of the elements that perform operations in the execution logic circuit 328: may be: a circuit that performs other functions in the microprocessor 301, the microcode hilly logic circuit includes a cryptographic unit 316, which is connected to the second, the logic circuit 3" It is required to execute the specified password to receive the password unit 316 to perform the specified password operation on the plurality of inputs Ϊ a ^ / 2 6 to correspond to a plurality of output text blocks 3 2 7. The password 'TM: ^ contains logic circuits, devices or Microcode (for example: microinstruction or machine: equivalent of arithmetic. These are in the exhaustive unit (four) ===

V. INSTRUCTIONS (16) • May be shared with circuits and microcode that perform other functions in the microprocessor 310. In one embodiment, cryptographic units 316 operate in parallel with other execution units (not depicted) within execution logic 326, such as integer units, floating point units, and the like. In the context of this application, the implementation of a "unit" includes logic, devices or microcode (eg, microinstructions or native instructions), or a combination of logic, events, or microcode, or to perform a specified function or Equivalent elements that specify operations. These elements that perform specified functions or specified operations in a particular unit may be shared with circuitry, microcode that performs other functions in microprocessor 301. For example, in one embodiment, an integer unit contains logic a circuit, device or microcode (eg microinstruction or native instruction), or a combination of logic circuitry, device/microcode, or an equivalent component for performing integer instructions; a floating point 兀 containing logic circuitry, means or Microcode (eg, microinstruction or native instruction), or a combination of logic circuits, devices, or microcodes, or equivalent components used to execute floating-point instructions; then components that perform integer instructions in integer units can float Other circuits, microcodes, etc. that perform floating point instructions in the dot unit are shared. In an embodiment compatible with the x86 architecture, the cryptographic unit 316 盥 integer unit, Χ 86 floating point unit, Χ86 Mathematical Array Processing Instructions” (Mathematic Matrix Extension; ΜΜχ) unit, χ86 Single tributary process extension (Streaming SIMD Extensi〇n 7 parallel operation: according to the scope of application, when an embodiment can be correct two: Count to X 8 6 Most of the microprocessor's execution is compatible with the x86 architecture. When using the ^: 転 type on the shore, this embodiment is implemented correctly with the & and the expected result. The modern X 8 Μ Μ The embodiment expects that the secret $ i ' Ά iAvSR ^ top J is also coded earlier than the sub-set of the x86 squatting earlier. The 宓 (7) 代山马 early 7G 3 1 6 coupled to the storage logic f. Factory-.'一·Π532你五, invention description (17), road 31 7 and provides a corresponding plurality of output text blocks 327, and this storage logic circuit 3 17 is also coupled to the specified output text data 3 2 7 The data cache stored in the system memory 3 2 1 is cached 3 1 5. This data cache 3 1 5 is coupled to the write back logic 318 ' and when the specified cryptographic operation is completed, the write back logic 318 is updated in the scratchpad group. The scratchpad 3 0 8 - 3 1 3 in 3 0 7. In one embodiment, the microinstruction and the clock Signal circuits (not shown) are synchronized through each of the aforementioned logic circuit stages 302, 303, 304, 307, 314, 316-318 to enable the operations to be performed simultaneously and similar to performing the operations online. In an example, an application requiring a cryptographic operation can directly instruct the microprocessor 301 to perform the operation via a single cipher command 322 (refer to the XCRYPT instruction 322 for explanation). In a CISC embodiment, the 'XCRYPT instruction 3 2 2 includes A microinstruction that specifies a cryptographic operation. In one embodiment, the XCRYPT instruction 322 utilizes a free or unused instruction opcode in an existing instruction set architecture. In an x86 architecture-compatible embodiment, the 'XCRYPT instruction 322 is a 4-bit instruction that contains an X86 pre-REP (such as 0xF3), and the two-tuple does not use the χ86 opcode (such as 〇x〇FA7). A tuple has a specific block cipher mode for applying a specified cryptographic operation. In one embodiment, the XCRYPT instruction 322 in accordance with the present invention can be executed at the level of the system authority supply application, and thus can be programmed into the program stream to be provided to the microprocessor 3〇1 either by the application directly 0 or Under the control of the operating system 320. Since only one XCRYpT instruction 322 indicates that the microprocessor 310 performs the specified cryptographic operations, the completion of the operation system 320 should be apparent. μ In operation, the operating system 3 2 0 illuminates an application to execute on the micro

Ig53268 | | ____________ A W-you V. Invention Description (18), Processor 3 0 1. An XCRYPT instruction 322 is provided from system memory 321 to the capture logic circuit '302 as part of the instruction flow during execution of the application. However, prior to execution of the XCRYPT instruction 322, the instructions in the program stream instruct the microprocessor 301 to initialize the contents of the registers 308 - 321 to cause them to point to the location in the memory 3 2 1 3 2 3 - 3 2 7 It includes a password control block 323, an initial gift code record 324 or a spoon schedule 324, an initial vector 325 (if needed), input text 326 for calculation, and output text 327. The registers 308-312 must be initialized prior to executing the XCRYPT instruction 322 because the XCRYPT instruction 322 and a register 313 containing the block count attached to the registers 308-312, where the block count is in the input text 326 Block Encrypts or decrypts the number of data blocks. The translation logic circuit 303 therefore retrieves the XCRYPT instruction from the capture logic circuit 3〇2 and translates it into a sequence = corresponding microinstruction to instruct the microprocessor 3〇1 to perform the specified password operation. A first plurality of microinstructions 305-306 in the corresponding microinstruction sequence 'instructs the cryptographic unit 316 to load data from the load logic circuit 314, and begins executing a specified number of cryptographic turns to generate output data for the corresponding block. The output file 327 stored in the system memory 3 2 1 by the data cache 3 is supplied to the storage logic circuit 317. a second plurality of microinstructions (not drawn in the corresponding microinstruction sequence, indicating that other cells in the microprocessor 3 〇1 (not shown) perform other operations required to perform the specified cryptographic operation ^ 'For example: Manage non-architected scratchpads containing temporary results and counts (not, and output), update output and input text indicator register 311-312, enter text, ^ lose two & ghost 326 encryption / The decryption is initially directed to the 1 indicator register 31 (if any), the unprocessed interrupt is processed, etc. In one embodiment, the register limm 5, the invention description (19) -3 Ο 8 - 3 1 3 4糸The temporary storage of the child; ^ as ait I ± & ^ ^ the supervisor. The architectural register 308-3 1 3 is a temporary storage defined by the specific micro-computer In the example of ^4/ν, the escape code unit 3 16 is divided into a plurality of stages, thus allowing the pipeline processing of block 326. The opposite embodiment II: two-element 3, a third embodiment Focus on the two-stage twisting two early, and the official line processing two successive input text blocks 326. K: "! f example, crypto unit The 316 system performs the specified secret by buffering the microinstruction and: 妗屮::2 f6 ' and storing the corresponding pre-input text block 3 2 6 output text sub-block 327. To maximize the text through the cryptographic unit Zone: 3==:,=Command 3〇".6 is used to indicate that the input character block 327° stored in the subsequent input block is stored, and the output text area of the input text block 326 is stored, and executed. The specified cryptographic operations. Such sequential test text blocks 326-327 are efficient pipeline processing, and are also discussed in more detail later. The block diagram 300 of the third diagram teaches the components required by the present invention. Nowadays, the logic in the microprocessor 3()1 is shown in the figure, and the artist can know the micro-location of the specific implementation today; 糸 contains many stages and logics, here is the simplicity of the illustration For example, the manned logic circuit 314 is in the - address generation phase of the edge interface phase of the cache line pair. However, it is important and should be considered, in the plurality of input text blocks 326 + to: operate, according to The present invention is easy to perform by a single instruction 322 operation J = ... See, and the single-execution 322 is executed on page 26) 1^53263⁄4

V. DESCRIPTION OF THE INVENTION (20) This is accomplished by a pebbly horse unit 316 that operates and coordinates in parallel with other execution units in the microprocessor 310. An alternative embodiment of the cryptographic unit 316 of the present invention in an implementation configuration is similar to the hardware of a floating point unit in a microprocessor in previous years. The operation of cryptographic unit 316 and associated XCRPYT instructions 322 are fully compatible with previous operations and programs, and will be discussed in more detail later. ^ Please refer to the fourth figure, which is a block diagram of an embodiment of the at least mic password command of the present invention. The password command 4 〇〇 contains an option opt (optional) pre-block 4 〇 1, a repeat pre-block 4 〇 2, an opcode field 403, a block cipher mode (bl 〇ck cipher m〇de) Field 404. In one embodiment, the content of the block 4 (Π4〇4 is commensurate with the χ86 instruction set architecture, and alternative embodiments thereof may be considered compatible with other instruction set architectures. In practice, the option pre-block 40i In many instruction set architectures, it is used to enable or disable some of the main microprocessors: !ί, 'like to indicate 16-bit or 32-bit operations, to indicate processing or to store memory. Sections, etc. The repeating pre-column 4〇2 is used to indicate that the cryptographic operations specified by the desired code and 々400 are completed in a plurality of input data blocks, Λ明Λ or 密甘文. Repeating the front shelf 402 also implicitly indicates the contents of the two-phase micro-architecture register as an indicator to the location of the parameter required to specify the cryptographic operation. In the case of the -x86 phase, the previous 0^3 = and according to the χ86 architecture agreement, the secret (10) order is very similar in form to the =, eg, .MOV. For example, when the recurrence is executed by the -x86 phase valley microprocessor embodiment, the repeat pre-column weights are

Page 27

-Zhao's area stored in the architecture register Ecx. The source address indicator in the register ESI (free. Tens of ^, - stored in the calculation) and a destination stored in the register EDI for The output data in the password transport). The x86-compatible:;= 曰 mark (refers to the concept of the instruction to the memory repeat traditional repeat string becomes; the month = the EDX command control word indicator, one more stored in the temporary key indicator and - stored in Temporary grain temporary lion X in the password key to specify the password mode requirements) in the pair - initial vector indicators (such as

The opcode block 403 specifies that the microprocessor completes a cryptographic operation. The operation: the operation is implicitly referenced by the control block indicator to the ^ control block stored in the memory. The present invention contemplates that the preferred choice of opcode values is in the instruction set architecture - idle or unused opcode values, which are compatible with previous operating systems and application software in the commensurate microprocessor. For example, as described above, an opcode block 4〇3 of an x86 compatible embodiment uses 〇χ〇ρΑ7 to indicate that the specified cryptographic operation is performed. The block cipher mode field 4〇4 indicates a specific block cipher mode for use with a particular cryptographic operation and will be discussed with reference to FIG.

The fifth picture is the block 5 of the block code mode field of the fourth picture of the elementary cryptographic operation instruction. A value of 0 XC 8 indicates that the cryptographic operation is performed using an electronic code book (ECB); a value of OxDO indicates that the cryptographic calculation is performed using a cipher block chaining (CBC) method; and a value ΟχΕΟ indicates that the cryptographic feedback method is used ( Cipher feedback, CFB) completes the cryptographic operation; and the value 0χΕ8 indicates that the output feedback (0FB) is used to complete the password operation.

Page 28: 125 fiber — ' - _ V. Invention description (22), count. The block cipher mode field 4 〇 4 all other values are reserved, and these modes are described in the FIPS file mentioned above.

Referring to the sixth figure, which is a block diagram of an embodiment of a more detailed cryptographic unit 617 in a 86 compatible microprocessor 6A. The microprocessor 60 includes a capture logic circuit 6 〇 1 for fetching instructions from memory (not shown) for execution. The capture logic circuit 601 is coupled to the translation logic circuit, and the translation logic circuit 602 includes logic circuits, devices or microcode (eg, microinstructions or native instructions) or a combination of logic circuits, devices, or microcodes, or The translation instruction becomes the equivalent component of the relevant sequence microinstruction. These elements that perform translations in translation logic circuit 602 may be shared with circuitry, microcode that performs other functions in microprocessor 6. The translation logic circuit 6〇2 includes a turnaround device 6 0 3, and the translator 6 〇 3 is coupled to a microcode read only memory (microcode ROM) 6 04. Interrupt logic circuit 626 is coupled to translation logic circuit 602 by bus 628. A plurality of software and hardware interrupt signal circuits 627 are processed by interrupt logic circuit 626 that directs unprocessed interrupts to translation logic 628. The successive stages of translation logic 628 coupled to microprocessor 600 include a temporary stage 605, an address stage 6〇6, a load stage 607,

The execution phase 6 0 8 , the storage phase 6 1 8 , and the write back phase 6 1 9 . Each successive stage contains logic circuitry to perform the particular functions performed by the associated instructions provided by the capture logic circuit 6, such as those previously discussed in the microprocessor of the third figure. Illustrated in the sixth diagram, the 相容86 compatible embodiment 060 is characterized by an execution logic circuit 632 in execution stage 608, which includes parallel execution units 610, 612, 614, 616, 617. An integer unit 6 1 0 receives an integer micro instruction from the microinstruction queue 6 0 9 ; a floating point list

Page 29

V. INSTRUCTION DESCRIPTION (23) - 兀 6 1 2 receives an execution floating-point microinstruction from the microinstruction queue 6丨}; an .X unit 61j receives an execution microinstruction from the microinstruction queue 613; an SSE unit 616 The execution of the SSE microinstruction is received from the microinstruction queue 615. In the implementation of the display, the code unit 617 is coupled to the ME unit 6 6 stalling (staU) signal circuit 621 and a storage bus bar code unit 617 to share the SSE unit by a loading bus 62 . The command queue 615. An alternative conjugate yoke can operate cryptographic units 617 independently in parallel as units 610, 612, and 614. The integer unit 61 is coupled to a 86 efugs temporary cry 624, = 匕 temporary "contains an x-bit 625...x-bit 62" state system X-bit ^t 曰 no-bit operation is processing. In one embodiment, the integer ELFAGS register 624 is the 30th bit. In addition, the slave specifies the register to evaluate the μ of the -E bit 629, and the state of the E bit 70629 indicates the cryptographic unit 617 ί or the disable crypto unit 617. The microprocessor of the micro-processing diagram of the third figure _ is characterized by the necessary components: the content of j, and other components for the sake of simplicity of the illustrations, such as data cache, bus interface interface Pulse generation and distribution logic are not shown. In operation, the instruction is fetched from the memory circuit 6〇1 and is associated with a clock signal (not shown), and is not: 电路 circuit 602. The translation logic circuit 602 translates the micro-instructions of each logical array into a logical sequence, and the same as the clock signal, the serial processor is continuously supplied to the microprocessor.

丨123⁄4 Mirror 8 V. Inventive Note (24), the subsequent phase of 605 0 0 5 - 6 0 8 , 6 1 8 , 6 1 9 . Each microinstruction in a sequence of microinstructions indicates the execution of a sub-operation, and the sub-operation is required to complete an overall operation specified by a relative instruction, such as address phase 6〇6 to generate an address, a temporary phase 6〇5 The two operands recovered from the specified register (not shown) are added in integer units, and the result of storing one of the execution units 610, 612, 614, 616, 617 by the storage logic circuit 618 In the soil recall body 4. According to the instruction in the translation, the translation logic circuit 6 利用2 directly generates a sequence of micro-instructions by using the translator 603, or extracts the sequence from the microcode r〇m 6 04, or directly generates the result by using the translator 6 〇3. The portion of the sequence and the remaining portion of the sequence is retrieved from the microcode ROM 604. The microinstructions are continuously synchronized with the clock through the successive stages 6 〇 5 - 6 0 8 , 6 1 8 , 6 1 9 of the microprocessor 600. When the microinstruction reaches the execution phase 6 0 8, the execution logic circuit 632 along with its operand (recovered from the scratchpad in the scratch phase 6〇5, or generated by the logic circuit in the address phase 606, or by loading The logic circuit 6 (recovered from the data cache) transfers the microinstruction to a designated execution unit 610, 612, 614 by a specified route by placing the microinstruction in a corresponding microinstruction queue 609, 611, 613, 615. 616, 617. Execution units 61, 612, 614, 616, 617 execute the microinstructions and provide the results to storage stage 618. In one embodiment, the microinstructions include an intercept indicating whether they can be executed side by side with other operations. The XCRYPT instruction is fetched, and the translation logic 6〇2 generates a related microinstruction indicating that the logic circuit in the subsequent stage 6〇5-6〇8, 618, 619 of the microprocessor 6 performs the specified cryptographic operation. According to this, a first plurality of related micro-instructions are directly transmitted to the cryptographic unit according to the path Η 7

V. INSTRUCTION OF THE INVENTION (25) The compact drink unit 617 is loaded into the bus bar 62. • Raw and ^ perform a specified number of secret y ghosts out of the Bayco, or by storing. In order to produce a cryptographic unit ^ advantageous t special "to increase by; before: input = word block, save time, a specified password operation, 222 field output text block is being stored - the second plurality of related micro The instruction depends on its path == (two) two 兀 610, 612, 614, 616 to perform other secondary operations, and only needs to complete the specified cryptographic operation as early as possible ^ eight equal-order operation system - B3 ^ ^ X ^ 625V; ^ stage 605 Update temporary storage (example *, 曰丁二马 (4) into the 、, in the temporary register, output text indicators temporary cry, / /, input text indicator temporary interrupt signal circuit 627 of the second), ft broken The optimal execution of the cryptographic operations indicated by the logical coffee coffee is used to provide the integers in the sequence of specified meta-instructions by means of a single order with the secret order to allow or to The micro-instruction is included in the relevant micro-finger-to-key parameter recovery. Because all lines are interrupted, their status is 疒', $, and the 86 architecture register is restored when the slave is interrupted. And ^ returns the 'these states' micro-instruction from the interrupt to test the state of the X bit 625 to determine the 32nd page) ------ 丨 12 sharp 68 one - Ύ "- five, invention description (26), whether a cryptographic operation is in progress. If yes, when the interrupt occurs, this π calculation is repeated in the special input data block in the process. The relevant micro-instruction is allowed with 0 Before processing the interrupt signal circuit 627, updating the index register of one of the serial cipher operations on a sequence of input 区 blocks and the result σ in the middle, refer to the seventh figure, which is indicated in the microprocessor of the sixth figure. The block diagram of the example microinstruction 700 of the codebook operation. The microinstruction 7〇〇 includes a silencing code field 701, a data register block 7〇2, and a register base bit 7 0 3 . The micro-code field 7 0 1 specifies that a particular order operation is performed and the fingerprint logic circuit performs one or more stages in the microprocessor 600 to perform the second operation. The specified value of the joy code block 70 1 is specified in accordance with the present invention. A cryptographic unit executes the indicated microinstruction. In one embodiment, there are two specified values. A /value (XLOAD) specifies that the data is recovered from a memory location, and its address is blocked by the semaphore register. Bit 7 0 2 Content refers to the contents of one of the architecture registers斤 定定二 This data is loaded into a temporary register in the specified weight list 70 by the contents of the register 7〇3. This recovered data (for example: secret _ key data, control word, address , input text caution *, two "θ in the code key ^ « M _, Bu and sub-beca, initial vector) is provided to the secret two ==. The second value of the micro-runner code field 7〇1 (the data generated by xst〇 is stored in the -memory position, and one of the contents of the address register block 702 is referred to by Bessie in the time of 宓- The content of the .μ朱构存存器 is specified. 备徊2 : f Ρ白段实施例 “The contents of the temporary register block 703, one of the multiple output poor blocks”, the door is not blocked by the data block A succinct single in bit 704; § 仏 仏. The output data block is provided in accordance with the present invention for storage logical access. The '4=;.:=;=TM micro-instructions are more discussed by Zhao _ and the younger nine. 1253268 DESCRIPTION OF THE INVENTION (27) Illustrated - Temporary 芎 2: 2 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 #前前, is generated in response to an XCRPYT instruction. Λ The sequence is executed by the cryptographic unit; and a second plurality of severance orders are one of the cryptographic units in the microprocessor. Or more than one. The second plurality of microinstructions indicate sub-operations, such as house, test, and setting port and input data to the crypto unit and instructing the crypto unit to encrypt (or decrypt) the input Λ / Λ Λ 匙 排 以 以 以 以 LOAD Provided to the secret, 'and store the output text. - A password key or key schedule is used to load two (four) word data, load ^ ^ ^ ^ to load the initial vector data, load the input text, then the person shoots the second = f to start a specified password operation. An XLOAD micro & I two / bit 7 〇 3 value 0b 〇 1. Indicates that the password unit is loaded with a control ΐ =:::= ': temporary storage; When the microinstruction stores the address of the control block in the pipeline: the scratchpad accesses the memory block and then passes it to: the load logic circuit from the cache fetch control indicates that the cipher unit contains: by: two. Similarly, the scratchpad block value 0b〇l〇 祖和m is the input text group provided by the lean field 704: enter the specified cryptographic operation. Similar to the control word. The value GbOlO refers to the storage/storage temporary storage 11 + stored - the temporary storage s /, loading the input data provided by the data block 7 〇 4

Page 34

[K53268 V. INSTRUCTIONS (28) Internal register IN-1. The data loaded into the in-1 register is not an input text (when processed by the pipeline) is an initial north vector. The values 0bl 1 〇 and 〇 bl i i respectively indicate that the cryptographic unit loads a cryptographic key or the user generates a lower and upper bit of a key in the key schedule. According to the application, the user is defined to perform a particular function or specific operation, and the user can be embodied as an application, an operating system, a machine, or a person. In one embodiment, the register field values 〇bl 〇〇 and 〇 bl 〇 1 have two stages in which a weight unit is considered, whereby successive input text block data can be processed in a pipeline. Therefore, for the pipeline to process successive input data blocks, a ~XL0AD microinstruction execution provides a first block of input text data to IN~1, and then executes a second XL0AD microinstruction to provide a second block. Enter the text data to ΙΝ-0 and instruct the crypto unit to begin performing the specified singular operation. When a user-generated key schedule is used to perform a cryptographic operation, the xL0AD micro-instruction corresponding to the number of keys in the key schedule generated by the user is transmitted to the cryptographic unit according to the singular path, and the cryptographic unit indicates that the key is loaded. Start each turn key in the schedule. In the XL0AD microinstruction, the register field 7 03 all other values are reserved. Please refer to the ninth figure, which is a table of the values of the XST0R microinstruction format 700 register block 703 of the seventh figure. An XST0R microinstruction is issued (issue), ,,. The weight unit stores the generated output text block for the storage logic to store the address provided by the address field 702 in the memory. Accordingly, the translation logic of the present invention is one of the specific output text blocks issued.

Page 35

li5l26S

The -XSTOR microinstruction is followed by an XST0R microinstruction issued for its corresponding input text block. The value of the register field 7〇3〇bi〇〇 means that the wheat code unit provides its internal OUT-〇 register to the storage logic, and the contents of OUT-0 and the input text block are provided to ^ _ 相关 is associated. The same > register block value 〇 b 1 0 1 internal 0 u t p u t - 1 register is associated with the input text data provided to U-丨. According to this, after the key and control block data is loaded, a plurality of input text blocks can be transmitted by the pipeline. The password micro-instruction xl〇ad.in i, XL0AD.IN 0 (XL0AD) is sequentially issued through the password unit. .IN-0 also instructs the crypto unit to start the cryptographic operation) ^XST0R.0UT-1 >XSTOR.OUT>〇^XLOAD.IN-1 ^XLOAD.IN-O (starts the next two input text block operations), etc. . Please refer to the tenth figure, which is a block diagram of an example control block 1 000 format for specifying a cryptographic operation parameter of the present invention. The control block 1000 is designed by the user to be in memory, and the indicator of the control block 1 0 0 0 is provided to an architectural register in the symmetric microprocessor before the cryptographic operation is performed. Accordingly, when a partial sequence of microinstructions corresponds to an XCRYPT instruction, an xl〇ad microinstruction is issued to instruct the microprocessor to read the architectural register containing the indicator, and recover the control word from the memory (cache). Group 1 〇0 0 and load control block 1 00 0 to the internal control block register of the crypto unit. Control block 1 000 contains a reserved (RSVD) field 1001, a key size (KSIZE) block 1 0 02, an encryption/decryption (E/D) block 1 0 03, an intermediate result (IRSLT) block 1 004, a key generation (KGEN) field 1 00 5, an calculus (ALG) block 1 00 6 and a round calculation (RCNT) field 1 0 07. All values of reserved field 1001 are reserved. The size of the key size field 1 〇〇 2 indicates that one is used to complete

Page 36 Brain 8 V. Invention Description (30) The size of the password key for the secret or decryption. In one embodiment, the key size field 1 0 0 2 does not indicate a 1 2 8 bit key, a 1 9 2 bit key, or a 2 5 6 bit key. Encryption/Decryption Field 丨〇 指出 3 indicates that the cryptographic operation is an encryption operation or indicates that the cryptographic operation is a decryption operation. The key generation field 丨〇〇5 indicates that the user generates a key schedule in the memory or a single cipher key in the memory; if it is single/push, the micro-command is issued to the crypto unit and the hunting key. The instruction unit calculates the key according to the contents of the calculation field 1 〇〇 6 to expand the key into a key schedule. In one embodiment, the particular value of the calculus field 1 006 specifically indicates the DES algorithm, the triple DES cold truth method, or the AES algorithm as discussed previously. Alternative cryptographic algorithms may be considered, such as Rijn (jael Cipher, Twofish Cipher, etc. The content of the round calculation block 1 指示 7 indicates a number of cryptographic rounds] which is completed according to a specific indication of the algorithm for each input text. Block. Although the above mentioned standard indicates that each input text block has a fixed number of pre-coded rounds, the round calculation field 1 007 allows a programmer to follow the mark, without modifying the number of rounds. In an embodiment, the programmer can specify 2 blocks from 0-15. Finally, the intermediate result field 1〇〇4 indicates =1, and the encryption/decryption of the text block is specified according to the calculation 1 006. The secret, sub-differential method is executed in rounds to calculate the number of rounds specified in the round, or ΐιΚ decryption is performed according to the number of rounds specified by the cryptographic algorithm specified in calculus 1 006, and the final round is Executive Representative: Mi Mi: Not a final result. _ The artist can see that the calculation is performed in the same way that the second round of the final round is removed. If bit 1 billion square bar 4 provided in

Page 37 ^5323⁄4 ^5323⁄4 V. Invention Description (31), the result, not the final result, thereby allowing the programmer to check the steps in the middle of the implementation. For example, an increased intermediate value is obtained to check the algorithm implementation, assuming that one round of encryption is performed in one text block, then two rounds are performed on the same text block, then three rounds, and so on. The ability to provide programmable rounds and intermediate value results allows the user to check password execution, debug, and change key structure and round counts. Please refer to the eleventh embodiment for a preferred embodiment of a cryptographic unit 1 1 0 0 of the present invention. The preemption unit 1 1 0 0 includes a micro operation code register 丨丨0 3, and the micro operation code register 1 1 0 3 receives a cryptographic micro instruction through a micro instruction bus line 111 4 (for example, XLOAD and XSTOR micro instructions) ). The cryptographic unit 1100 also includes a control block register 1104, an input-0 register 11〇5, and an input-1 register 1106, a key-Ο register 1107, and an fceyq register 11〇8. . The data is supplied to the scratchpad 丨1〇4 —丨1〇8 through a load bus 1 11 1 , as specified by the contents of an XLOAD microinstruction in the micro-instruction temporary storage 1103. The inpu 曰〇 and input-Ι registers 1105-1106 are configured to enable subsequent buffering of the text block during the current cryptographic operation of the input text block. The cipher unit 11 00 also includes a block cipher logic circuit 1101 that is coupled to all of the registers U 〇 3 - 11 〇 8 and also to the cipher key random access memory 11 〇 2 . The block code logic circuit 丨1〇1 provides a pause signal circuit 111 3 and also provides block results to a 〇putput buffer 1109 and an out put-1 register m〇. The output registers 1109-1110 pass the contents to a successive stage in a phased microprocessor via a storage bus 1212. The cryptographic unit 以 以 is so that when the cryptographic operation is performed on the following input text block, the storage is from

Page 38

MU 1253268 V. Description of the invention (32) • Information on the register 11 0 9 -111 0. In one embodiment, the microinstruction register .1103 is 32 bits in size and the remaining registers iiiQ are all 128 bit registers. In operation, the 'password microinstruction is continuously supplied to the microinstruction register 11 0 3 ' together with the data, wherein the data is assigned to the control block register 11 〇 4, or one of the input registers 1105-1106, or a key. One of the scratchpads. In the embodiment discussed with reference to the eighth and ninth figures, the control block is loaded into the control block register 11 〇4 by an XLOAD microinstruction. Therefore the password key or key schedule is loaded via the continuous XL 0AD microinstruction. When a 128-bit cipher key is loaded, an XL0AD microinstruction is thus provided to the designated ΚΕγ 〇 register 1107, and the same XL0AD microinstruction is provided to the designated register 1108. The continuous X-L0AD microinstruction is provided to the designated KEY-〇 register 1107 when a user-generated key schedule is loaded. Each key in the key schedule is loaded and sequentially placed in the key random access memory n〇2 for its corresponding password round. Accordingly, the input text data (if an initial vector is not required) is loaded into the IN-丨 register 11〇6, and if an initial vector is required, it is loaded into the in-1 register 1106 via an XL0AD microinstruction. An XL〇AD microinstruction to the ΙΝ-0 register 1105 indicates the password list ^ to load the input text data to the IN-〇 register 11〇5, and starts the input in the IN_〇=the memory 117 The text data performs a password round, which is used according to the parameters provided by the contents of the control block register 1104 in j^ — 丨 or in the two-transfer register 1 1 05-1 1 06 (when the input data system is processed) The initial vector in . Based on the XL0AD microinstruction that received the specified IN-〇, the block cipher logic circuit 11 0 1 begins the cryptographic operation specified by the control block contents. When

12532^8 V. Invention Description (33) A cipher key is required to be expanded, and the block cipher logic circuit 1 1 产生 1 generates a key platoon. Each key in the process will be stored in the key random access memory 1102. Regardless of whether a key schedule is generated by the block cipher logic circuit 1101 or a key schedule is loaded from the memory, the key of the first round is cached and stored in the block cipher logic circuit 11 01 to make the first area The block mega-round can be processed without accessing the key RAM 1102. Once initialized, block cipher logic 1 101 continues to perform the specified cryptographic operations on one or more input text blocks until the operation is complete; it continuously retrieves the round key from key RAM 1102 as required by the applied cryptographic algorithm. The cryptographic unit 1 1 〇 〇 performs a specified block cryptographic operation on the specified input text block, and successive input text blocks are encrypted/decrypted by successive corresponding XLOAD and XSTOR microinstructions. When an XSTOR microinstruction is executed, if the specified output data (e.g., out 1) has not been fully generated, the block cipher logic circuit 丨丨 displays a pause ΐϊ: path 1113. Once the output data has been generated and placed in the corresponding output register 1109-1110, the contents of the register 11〇9_111〇 are then transferred to the memory bank 1U2. Although, when the specified output data has not been fully produced === circuit 1113, but because the input register is allowed to input the buffer of the text block, the data block pipeline processing is processed by the order: early 11 00 The efficiency is then entered in the text area "==== order, so that it is expected to output the register i 109 a Ji 10. In the case of not storing the poor May, refer to the twelfth figure, which is the AES algorithm. Cryptographic operation, _,, 'month block diagram of advanced encryption standards. Block cipher logic logic circuit (10) embodiment circuit 1 200 contains - round engine 1 220 '

I face

1253268

V. INSTRUCTIONS (34) This round engine 1 2 2 0 is merged into a round engine controller 121 through the busbars 1 2 1 1 - 1 2 1 4 and the busbars 1 2 1 6 - 1 2 1 8 . The round engine controller 121 includes storage logic 1230 and accesses a microinstruction register 12〇1, a control block register 1 202, a KEY-〇 register 12〇3, and a KEY-1 register 12 〇4 to access key data, micro-instructions, and parameters of the indicated cryptographic operations. The contents of the input registers 1205-1206 are provided to the round engine 122, and the round engine 1220 provides corresponding output characters to the output registers 12〇7-12〇8. The output register 1 207-1 208 is also coupled to the round engine controller 1 2 1 0 through the bus bars 12 16-1217 to enable the round engine controller to access the result of each successive password round' and the result is transmitted through NEX TI The N bus 1 2 1 8 is provided to the round engine 1 220 for the next password round. The cryptographic key in the key rAM (not shown) is accessed via the busbar 1 2 1 5 . The ENC/DEC signal 1 2 11 indicates that the round engine uses a secondary operation to perform either encryption (eg, S-Box) or decryption (eg, reverse S-Box). The content of the RNDC0N bus 1212 indicates that the round engine 122 is not performing a first AES round, an intermediate AES round is a final AES round. The recording bus 1213 is used to provide each round of the key to the round engine 1 2 2 0 at the time of its corresponding round execution. The round engine 1 220 includes a first key x〇R logic circuit 1221. The first key XOR logic circuit 1221 is coupled to a first register reg - 〇 1222. The first register 1222 is coupled to the S-Box. Logic circuit; [223, the S-Box logic circuit 1 223 is coupled to the Shift Row logic circuit 1 224, and the Shift Row logic circuit 1224 is coupled to a second register reg 1 1225 'the second register 1225 side Coupled to the Mix Colum logic circuit 1 226, the Mix Col um logic circuit 1 226 is coupled to a third register

Page 41 ^'1.12. 23⁄4 1253268 V. INSTRUCTIONS (35) • REG-2 1 227. The first key logic 1221, the s-β〇χ logic circuit 1 223, the Shift Row logic circuit 1 224, and the Mix (the listening logic circuit 1 226 are configured to perform sub-operations on the input text data, as specified in the previous The AES FIPS standard is discussed. The Mix Colum logic circuit 1226 is configured to perform the rAES X0R function on the input data during the intermediate round when the round key provided by the key bus 1213 is required to be used. The first key logic 1221. S~Box Logic 1 223 'Shift Row Logic 1 224 and

The Mix Colum Logic 1 22 6 is also configured to perform its relative reverse AES operations during the decryption period as indicated by the state of the ENC/DEC 1211. It will be appreciated by those skilled in the art that the intermediate round data is fed back to the round engine 1 220 based on the particular block encryption mode specified by the contents of the control block register 1 202. The initial vector data (if required) is supplied to the round engine 1220 via the ΝΕχτΐΝ bus i2i8. In the embodiment shown in the twelfth embodiment, the round engine is divided into two phases: a first phase between the first register REG_〇1 222 and the second register REG-1 1 225 and a second The phase is between the second register REG and the second register REG-2 1 227. The intermediate round data synchronization clock signal (not shown) is processed during the interstage pipeline. When a block of input data + code operation, its associated output data is placed in the corresponding output register μ 1 20 7- 1 208. In response to an XST0R microinstruction, the storage logic circuit / STORE signal circuit 1214 is instructed to inform the round engine 122 that the contents of the scratchpad 1207-1208 are being provided to the storage bus (not drawn ^. § k The input text block is buffered in the input register and when the round engine 1220 is processing the subsequent input text block 匕w 'output

[Scratch 2g8 ‘ V. Invention Description (36) :=Device 1』0 7 1 2 0 8 The storage can be performed. In accordance with the present invention, more efficient, how to load and store microinstructions will be discussed more specifically with reference to Figures 12 through 16. One example of a cryptographic microinstruction stream for a code unit - owe: ϊ two Table 1 3 00. As described above, the single-order letter has been processed to process an input text block. However, this single-stage implementation of the second figure is configured in the same method, that is, when the round qing engine; ten data execution of the specified password management, the engine inputs the input block data to the directory, and the heart is two: the register allows When buffering the subsequent code operation, the disk is temporarily stored; the disk storage block executes the output block of the specified dense data block: save "ί: the circuit enables the current input, and requires two tubes = memory 0, The round engine starts automatically. It is better than Bebe; ΊLoading into the input requires 20 clock cycles to generate - 乂, the 'round engine storage instruction ST.OUT-0 is paused. Two like two =,,, here During the period, an instruction ST.OUT-0 specifies the execution of the storage operation, storing this, when a first load instruction LD. IN_〇 adjusts ^ = clock cycle. According to the line 'thus, at cycle 22, two: round The engine starts to execute = the storage instruction ST.0UT-G is paused until the phase block. Corresponding text, so the storage is completed in cycle 24. _ & w round-out data block preparation - 栽 after the planting instruction LD.IN -0 43^ ' ------ rmn.1253268

V. INSTRUCTIONS (37) 'The system is paused in the previous. This is the execution of the password for the first block of the cipher unit as described above in the cycle 26. Please refer to the example to perform the loading of the micro-order crypto unit engine discussed in the crypto unit diagram. The clock cycle of the calculation is the same. Before the storage instruction ST is loaded, 'the operation mentioned before the loading, the fourteenth figure, the single-stage implementation of the process, the advantageous characteristics of the number of LD·ΙΝ-0, and the parameters After OUT-0, until the storage is complete, because of the subsequent input text block. - Store-load-store the order of the micro-instructions. Features are not helpful. As a result, more data is required for each block for 24 cycles. Table 1 400 of another embodiment of the microinstruction flow of the present invention. The reference is made to the thirteenth alternative microinstruction process embodiment. For comparison purposes, the embodiment of the embodiment LT) τ 根 根 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存A load instruction is provided to the crypto unit in cycle 0, then after two cycles, a buck is loaded and the round engine begins execution, thus generating a 1 output data block at cycle 22. However, because the input data can be buffered, the switch logic circuit releases a second load instruction D.IN0 in cycle 4 to load a subsequent input text block. The cryptographic operation performed in the subsequent input text area 2 is suspended until a rain-out text block corresponding to the first input text block is generated (period 22), but the subsequent input text block is buffer-stored in cycle 4, so The cryptographic operation can begin at cycle 23 and complete at cycle 42. The storage instruction st· ουτ-〇 corresponding to the output text of the first input block is provided by the translation logic after the subsequent block load instruction LD. ΙΝ-〇. This storage instruction ST·OUT-0 is suspended until the corresponding output is

Uf532 secrets 5. Invention description (38) • The material block is ready in cycle 22, but in cycle 24 * 士 纱 六, the input command LD· IN-0 is suspended in the previous health indicator ^ST 〇 ^ τ. A subsequent load is completed, so there is no #陴~ until the block before cycle 26. The two cycles are transferred to the subsequent transfer by the turn engine. By initially performing two loads, the sub-block's cryptographic unit has previously mentioned the characteristics, thus increasing the two-area', yielding a yield of 20 cycles. Store one round of exit area ^:, mother block, validly merged into a subsequent input text block; ^ Enter the execution period of the text block cipher operation. 』 系 并 并 并 并 并 J J J J J J J J J J J J J J J J J J J J J J J J J J J J J J J J J J J J J J J J J J J J To process two passes in the cycle of the round engine, Table 1^00=, block three, the single-order embodiment of Table 1 300, and the clock cycle 7' does not benefit from its features in the crypto unit. ; $LD, following the six ratios, for the purpose of the purpose, through the round engine to execute the manned period two Θ H, the deposit refers to the number of the STST 〇 UT — 〇 and the number of clock cycles of the cryptographic operation and the reference + Take back, ~ with. As mentioned above: the implementation of the twenty-fourth discussion of the phase input data to the input temporary two = two instructions (four) -1 only load the text data for the input Ι a 0 register to perform the load input The input buffer 〇, and through the round engine initial 妒 / / input buffer 0 and 1 钤Α 粗 擎 擎 擎 擎 擎 擎 初始 初始 初始 初始 初始 初始 初始 初始 初始 初始 初始 初始 初始 初始 初始 初始 初始 rs rs rs rs rs rs rs rs rs Because the start of the round engine g), it is only necessary to complete the 20-clock cycle in the two-input temporary storage 5| Enter the bellow's crown in $1 / page 45 幽4:

V. INSTRUCTIONS (39) Directive. IN to 1 Logic releases an LD. The IN_1 microinstruction follows an LD.IN-0 round, and the sequel is completed in cycle 2 and LD.lN-〇 is completed in cycle 4'. Two with the German ^ ^ 5 began to process two input text block and in the end of the cycle 24 ^ ^ ^ ^ finger cap. Attached], ST. Xie paused until the week to lift, and two into the poor text block processing Completed, in the cycle 24, the buffer is stored in the cycle f = the storage is completed in cycle 28. Because there is no other input to stop until the second; ^ these two subsequent load instructions LD. IN-0, LD. IN_i is the temporary 29-32. Therefore, the loading of the input text block subsequently occurs in the block. And the round engine processes these entries between periods 33-52, and refers to the loading order of the microinstructions discussed in the single-level cryptographic unit of the thirteenth figure, and the loading-loading-storing of the table 15 The storage block handles the secret $Ί storage order, and does not benefit from the support of the efficient data area, the feature of =ti. As a result, in the second-order password period.仃岔4,, operation in multiple data blocks, each of the two blocks requires 28 weeks to gossip and twenty-two, and the figure is the second order of the pre-emptive code of another embodiment of the microinstruction stream of the present invention. Table 16 of the examples. = ί stream, this table replaces the micro-instruction with 16°° for example: white ί [favorable characteristics of early yuan. For the purpose of comparison, the number of clock cycles of the LD. IN-Q, the storage command ST. GUT-G, and the secret nose is returned by the return of % ^ Ϊ ^, and the embodiment of the clock discussed with reference to the fifteenth figure. ,the same. According to this alternative microinstruction stream embodiment, when a first load instruction

Page 46 V. INSTRUCTIONS (40) LD. IN-1 is supplied to the crypto unit in cycle 以及 and is followed by one and then after 4 cycles, the input data is loaded and one round is entered; this produces a correspondence at cycle 24 Output data area

Road smoke and poor materials can be buffered and stored, so the translation logic of the two input text blocks of the load command recognizes (4), :DU, the two output text blocks: raw (':; two-to-two-word area block in the cycle 8 buffered storage, after the two input period of Tian Ganzi slave 2 5 and in the cycle 4 4 / m code operation can be stored in the weekly round of the instruction ST ουτ - should be two;; input text block The two-way load instruction LD IN-1 STD〇Τ-0 is provided by the translation logic storage instruction ST.OUT-1, ST ππτ n/LD.IN-〇. This data block is in the cycle. 24 is ready, but in H stop ^ to the corresponding output $ has transferred 4 cycles to the subsequent transfer / = into storage. By the round 仞 perform four loads, this: the processing of the text & block. With the characteristics mentioned at the beginning, therefore, the force 3 $ order can benefit from the first cycle of the cryptographic unit. The storage round out block: ^, the output of each block of the second block is 20 and then the input text area The block two-four clock cycle is effectively combined with the four executions required to enter the text block. In addition, the subsequent two-text block is loaded. The execution period/code of the code operation is merged into the current input two inputs. Although the present invention and its objects and embodiments are also included in the present invention, the features and advantages have been described in detail, but the embodiment of the x86 architecture discusses the length, for example: The present invention has been provided in accordance with the compatibility of ^ & %

^2p|68 V. Invented the ϋ γ method, because the χ86 architecture is easy to understand and what? & invention. However, the present invention provides a solution to the architecture of the other instruction set architectures, such as 彳〇werPC and MIPS3. s and the like, in addition to the new means that the invention is more inclusive of the execution of the I 4 wi calculation, the example *, I;!;: the same integrated circuit of the other components outside the microprocessor, :: Ancient: The embodiment is not passed as such an embodiment of the microprocessor unit; <仃: a formula such as a part of a computer system. The invention of the North Bridge, the South China, Λ Λ 围绕 围绕 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器 微处理器Hand off to this processor. This column processing; and 4 f controller, I industry controller, signal processor, array: processor and any similar processing resources not only execute the password; r 2;:;: The internal processing of these alternative processing elements is referred to as the above-mentioned processor. The present invention refers to the block ί] ί :, the present invention refers to the 128-bit block, but many different = ghost taxi Small can be applied by changing the size of the scratchpad. Its memory is used to transfer input data, output data, keys and controls. The word group? Special and i wood:: This application is marked by des, triple des and aes ; ί code: β. Also contains less well-known block cipher algorithms, such as •, “,,, Rl jndael cipher, Two fish cipher, Blowfish semaphore SerPent in code, and RC6 cipher. It is sufficient to understand that the present invention BW68 V. Invention description (42) for use in the microprocessor The password 奘 丄 丄 丄 区 区 区 区 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄 丄Other code functions other than the code: : According to the "tightness specified by the completion of the instruction and the input of the two blocks in the round of the discussion here, the two-stage device can be pipelined π, Li Ren other Embodiments may also consider more than two orders. The allocation of stages to the pipeline that supports more input data blocks will develop and coordinate the allocation of other phases in the microprocessor. Supporting one of a number of algorithms: ΐ::2 But the invention also provides an understanding in a commensurate microprocessor::: He is obsessed with the multi-cryptographic unit coupled to the parallel operation, and each whistle: The system is configured to perform a specific specified cryptographic calculation, for example, a line of DES is configured to perform AES, and a second unit is configured to perform - too = the above is only a preferred implementation of the present invention. For example, it is not intended to limit Patent range; all other departing from the present invention as disclosed by the completion of the ^ ^ Ϊ modifications may, should be included in the scope of the following patent applications of β IV, Ϊ253268.

f - ® is a block diagram of the current cryptographic application; the second diagram is a block diagram of the cryptographic operation technique; ^ is a block diagram of a microprocessor device for performing cryptographic operations of the present invention; and the fourth diagram is a primitive of the present invention The fifth block of the embodiment of the cryptographic instruction embodiment is a table of examples of the cryptographic instruction block cipher mode field value of the fourth figure; 'the sixth figure is the cipher of the present invention in the X86 compatible microprocessor. The seventh block of the unit is a block diagram of the example micro-instruction field indicating the password sub-operation in the microprocessor of the sixth figure; the eighth picture is a table of the XLOAD micro-instruction temporary storage block value format of the seventh figure; The nineth figure is the seventh table of the XSTOR micro-instruction temporary storage block value 袼 form | The tenth figure is the eleventh figure of the control word group format of the specified cryptographic operation parameter of the present invention is a preferred implementation password of the present invention Block diagram of a unit. The twelfth figure is a block diagram of an embodiment of a block cipher logic circuit for performing advanced cryptographic standard (Agg) deduction and de-cipher operations; One embodiment of a microinstruction stream Exhaustion list _ b Form of the embodiment ·, ', 凡早早白白一 embodiment singular unit of cryptographic unit two-step fourteenth cryptographic unit is another embodiment of the microinstruction stream of the present invention a fifteenth diagram is a table of one embodiment of the microinstruction stream of the present invention;

Page 50 1253268 BRIEF DESCRIPTION OF THE DRAWINGS - Figure 16 is a table of a two-stage embodiment of a cryptographic unit of another embodiment of the microinstruction stream of the present invention. Representative symbols for the main part: 112 Encryption/decryption application 110 Wide area network 201 Microprocessor 202 Operating system 203 Application memory 204 Password key generation application 205 Key scheduling 206 Encryption application 207 Decryption application 208 Initial vector 209 Cryptographic parameter 210 plain text 211 ciphertext 301 microprocessor 302 capture logic circuit 303 translation logic circuit 308 control block indicator 309 record index 310 initial vector indicator 311 m into text indicator

Page 51

1253268 Schematic description • 312 Output text indicator 314 Load logic 315 Data cache 316 Password unit 317 Storage logic 318 Write back logic 319 Memory bus 320 Operating system 321 System memory 322 XCRYPT instruction 323 Password control block 324 Initial Password key or key schedule 325 Initial vector 326 Input text 327 Output text 401 Option front 402 Repeat front 403 Opcode 404 Block cipher mode 601 Capture logic 602 Translation logic 603 Translator 604 Microcode ROM 605 Save

Page 52

1253268 Schematic description of the diagram • 6 0 6 Addressing 607 Loading 6 0 8 Execution 6 0 9 , 6 11 , 6 1 3 , 6 1 5 Micro 伫歹丨 J 610 Integer unit 612 Floating point unit 614 MMX unit 616 SSE unit 617 Cryptographic unit 618 store 619 write back 620 load 621 pause 6 2 2 store 623 execution logic circuit 626 interrupt logic circuit 701 micro-code 702 data register 703 register 1101 block cipher logic circuit 1102 key RAM 1103 micro-instruction 110 4 control block

Page 53 曰〃月曰〃 ' .1253268 Schematic Brief Description 4111 Loading Bus 1112 Storage Bus 1113 Pause 1114 Micro Command Bus 1210 Round Engine Controller 1213 Key 1214 Storage 1215 to Key RAM 1 220 Round Engine 1221 First Key XOR logic circuit 1 223 S-BOX logic circuit

Page 54

Claims (1)

1253268 VI. Patent Application Range I A device for performing a cryptographic operation, the device for performing a cryptographic operation comprising: a cryptographic command circuit for generating a cryptographic command received by a computing device and acting as being executed at the computing device a portion of an instruction stream, wherein the password instruction specifies a cryptographic operation; a translation logic circuit operatively coupled to the cryptographic instruction circuit and configured to translate the cryptographic instruction into a microinstruction, wherein the microinstruction is configured to instruct the computing device to store an output text corresponding to a first input text block Before the block, instructing the computing device to load a second input text block and perform the cryptographic operation on the second input text block; thereby outputting the second input text block during the cryptographic operation Text blocks can be stored. 2. The apparatus for performing cryptographic operations as recited in claim 1, wherein the cryptographic operation comprises: an encryption operation comprising encryption of a plurality of plaintext blocks to generate a plurality of ciphertext blocks; The plaintext blocks contain: The first and the second input text block; and wherein the opposite ciphertext blocks comprise: the output text block. 3. The apparatus for performing cryptographic operations as recited in claim 1, wherein the cryptographic operation comprises: Page 55, the patent application scope, a decryption operation, the decryption operation includes decryption of a plurality of ciphertext blocks to generate a plurality of relative plaintext blocks; wherein the ciphertext blocks include: the first and the second Entering a text block; and the relative plaintext blocks therein include: the output text block. 4. The apparatus for performing cryptographic operations as recited in claim 1, further comprising: an execution logic circuit operatively coupled to receive the microinstruction and configured for when the cryptographic operation is performed on the second input text block To store the output text block. 5. The apparatus for performing cryptographic operations as described in claim 4, wherein the execution logic circuit comprises a cryptographic unit. 6. The apparatus for performing cryptographic operations as recited in claim 5, wherein the cryptographic unit is configured to perform the cryptographic operation in accordance with an advanced cryptographic criterion. 7. The apparatus for performing a cryptographic operation as described in claim 5, wherein the cryptographic unit comprises: a two-stage round engine configured to pipeline the first and second input text blocks. Page 56 VI. Application for Patent Scope 8 • As stated in the scope of claim 1 of the patent application, the micro-instruction contains: m-fixed code-for-transport device, which is loaded into the micro-tool 7' g. Instructing the computing two-input text area to instruct the computing device to store the round-out input text block and performing the cryptographic operation on the first load of the block; and ~ storing the micro-instruction configured for the text block. 9. The apparatus for performing cryptographic operations as recited in claim 1, wherein the cryptographic instructions are specified in accordance with an x86 instruction format. An I 0 . The farmer performing cryptographic operations as described in claim 1 of the patent application, wherein the cryptographic command implicitly refers to a plurality of temporary storages in the computing device. ^ II. The device for performing a cryptographic operation as described in claim 1 , wherein the register includes: a first register, wherein the content of the first register includes a first indicator pair a first memory address, the first memory address specifies a first location in the memory according to the completed cryptographic operation to access a plurality of input text blocks, wherein the input text blocks include the first and the The second input text sub-block. 1 2 · The device for performing cryptographic operations as described in the first paragraph of the patent application, 1253268. The scope of the patent application, wherein the register includes: a second register, wherein the content of the second register comprises a second 4 indicator to a second memory address, the second memory location The address specifies a second location in the memory to store a plurality of output text blocks, and the output text blocks are compared to the result of the cryptographic operation according to the plurality of input text blocks, wherein the output text blocks comprise The output text block. The device for performing cryptographic operations as described in claim 10, wherein the register includes: a third register, wherein the third register indicates a plurality of input text blocks Multiple text blocks inside. The device for performing cryptographic operations as described in claim 10, wherein the register includes: a fourth register, wherein the content of the fourth register includes a third indicator pair A third memory address, the third memory address designating a third location in the memory to access the cryptographic key data for performing the cryptographic operation. The device for performing cryptographic operations as described in claim 10, wherein the register includes: a fifth register, wherein the content of the fifth register includes a fourth indicator pair a fourth memory address, the fourth memory address designating a fourth location in the memory, the fourth location including an initial vector location, the initial Page 58 Round-in-page Reading During the execution of the text block. VI. Patent Application The content of the volume position contains an initial vector or initial vector equivalent for • to complete the cryptographic operation. The apparatus for performing cryptographic operations as described in claim 1 , wherein the register includes a sixth register, wherein the content of the sixth register includes a fifth indicator For a fifth memory address, the fifth memory address specifies a fifth location in the memory to access a control block for completing the cryptographic operation, wherein the control block specifies a cryptographic parameter for the cryptographic operation. 17 - a device for performing a cryptographic operation, the device for performing a cryptographic operation - a translation logic circuit configured to translate a cryptographic instruction into a microinstruction, the microinstruction of the sequence comprising: j a first microinstruction, the indication Entering a second input text area, a cryptographic operation is performed on the second input text block; and a second micro instruction is executed to indicate storage - an output text block is output according to the executed Snapdragon one, a first text block; the code operation corresponds to a first block, wherein the translation logic circuit sends the table cryptographic operation to the first micro-instruction before the second micro-instruction The output text block can be saved. ~ Μ1, contending for i-profit range, 1 8 · As described in the patent application scope i 7 item, the cryptographic operation includes: an encryption operation, the encryption operation includes a plurality of plaintext blocks Encryption to generate a plurality of ciphertext blocks; wherein the plurality of plaintext blocks comprise: the first and the second input text block; and wherein the opposite ciphertext blocks comprise: the round text area Piece. A device for performing a cryptographic operation as described in claim 17 wherein the cryptographic operation comprises a decryption operation comprising decrypting a plurality of ciphertext blocks to generate a plurality of relative plaintext regions And the plurality of ciphertext blocks include: the first and the second input text block; and wherein the relative plaintext blocks comprise: the round text block. 2 0. The device for performing cryptographic operations as described in item 17 of the patent application scope further includes a unit, a fee code unit, and is executed in the second block. Code text K532 Age VI. Patent Application Range 2 1 · The device for performing cryptographic operations as described in item 20 of the patent application scope, wherein the cryptographic unit is configured to perform the 运算 operation according to the advanced encryption standard. Mountain 22. The execution password as described in claim 2, wherein the cryptographic unit comprises: a jewellery set, a two-stage round engine configured to execute the first input text block in a pipeline. 4: The dream of the password operation described in Item 17 of the patent scope, wherein the password command is specified according to the format of the χ86 command format. The method for performing a password operation on a device includes: The method of opening, the device performing a translation of a pebbly horse command into a first y ^ cryptographic command to specify a cryptographic operation, the := instruction and a second microinstruction, the person - the second input text block and indicating the device To load a text block, the second micro-instruction is different from the second-character block, the first round-out text area 2=set first-round text in a first input text block; The executed weight operation correspondingly issues the first micro-instruction to the crypto unit; the horse releases the second micro-instruction so that the cipher operation can store an input to the output text block. During the execution of the text block, Page 61, the patent application scope V $5. The method for performing a cryptographic operation on a device as described in claim 24, wherein the translation comprises: performing, by the first microinstruction, performing an encryption operation on the The second text block is to generate a relative second ciphertext block. 26. The method of performing a cryptographic operation on a device as recited in claim 24, wherein the translating comprises: performing, by the first microinstruction, performing a decryption operation on the second text block to generate a relative Second Mingwen block. 2. The method of performing a cryptographic operation on a device as described in claim 24, further comprising: executing the first and second directional micro-instructions in a cryptographic unit, comprising: when performing the cryptographic operation on the When the second input text block is input, the output text block is stored. 2. A method of performing a cryptographic operation on a device as recited in claim 24, wherein the cryptographic instruction specifies execution of the cryptographic operation in accordance with an advanced cryptographic criterion. 2 9. The method for performing a cryptographic operation on a device as described in claim 24 of the patent application, further comprising: Page 62 6. Applying for a patent scope. Execute the first and stem second micro-instructions in a cryptographic unit, wherein the executing comprises processing the first and second input text blocks through a two-stage round engine pipeline. 11^ Page 63 f— y4 ι厶I 1253268" i .—---two.—one TM^ _ 6. Designated representative figure )). The representative figure of this case is: the sixth picture (2), the representative figure of the case A brief description of the component symbols: 601 capture logic circuit 602 translation logic circuit 603 translator 604 microcode R 0 Μ 605 temporary storage 606 address 607 load 608 execution 609 micro-column 610 integer unit 611, 6 1 3, 6 1 5 Micro 612 floating point unit 614 ΜΜΧ unit 616 SSE unit 617 crypto unit 618 storage 619 write back 620 load 621 pause 622 save 626 interrupt logic circuit Page 5 Ϊ 253268 VI. Designated representative figure -6 32 Execution logic circuit