TWI272815B - Apparatus and method for performing transparent output feedback mode cryptographic functions - Google Patents

Abstract

The present invention provides an apparatus and method for performing cryptographic operations on a plurality of input data blocks within a processor. In one embodiment, an apparatus for performing cryptographic operations is provided. The apparatus includes a cryptographic instruction, OFB mode logic, and execution logic. The cryptographic instruction is received by a computing device as part of an instruction flow executing on the computing device. The cryptographic instruction prescribes one of the cryptographic operations. The one of the cryptographic operations includes a plurality of OFB block cryptographic operations performed on a corresponding plurality of input text blocks. The OFB mode logic is operatively coupled to the cryptographic instruction. The OFB mode logic directs the computing device to update pointer registers and an initialization vector location for each of the plurality of CFB block cryptographic operations. The execution logic is operatively coupled to the OFB mode logic. The execution logic executes the one of the cryptographic operations.

Description

1272815 IX. Invention Description: [Related Reference Patent] The priority of this case is from US Patent Application No. 1 0/826 745, and the filing date is April 16, 2004, entitled "APPARATUS AND METHOD FOR PERFORMING TRANSPARENT OUTPUT" FEEDBACK MODE CRYPTOGRAPIC FUNCTIONS j〇 [Technical field of the invention] Other ===== domain, especially "devices and methods for cryptographic operations in microprocessor or achievable output feedback mode. [Prior] Early The computer system is based on 妓β, so it is executed on the 'early computer system' that is required to separate the application program from the other electric system, or it is resident in the computer system by the 3-round data system during operation. The program generated after the execution is provided by the programmer. The application is in the form of a building = data - generally printed on the paper as part of the system = tape ▲, magnetic disk, or other measures can be used as Then store it in (4). In this way, the input file of the output program or the application running on a computer system can be moved or outputable before the data is output. The file is stored differently but compatible: on the storage device, it can be used by the application on this early & nasal system. Development and utilization to protect: to::min programming system 1272815 : These weights program will store the encryption and decryption of the output data of a large number of storage devices, 1 ^ ^ ^ W % ^ ^ %, to provide the information of the deposit = already drought. Jointly, network structure, operating system And the greed-transfer agreement, the same ability to access the shared data, not only support, but even play a prominent role ^ For example, today: a computer workstation users, can take a different% File of workstation or network file server, use network = get news and other information, pass between hundreds of computers; ίΓί! sub-message (ie email), link to supplier, first, provide Credit card or bank function information for trading between 盥仏 商商, or at restaurants, airports: using wireless networks for the above activities, are fairly flat;; sensitive data that need to be unauthorised to be disclosed and transmitted Between: ΐ 、, ί ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ These premeditated cyber terrorism on public issues such as road fraud and credit card fraud, = means that the new law corresponding to the definition of personal privacy, the implementation of the new law, the related machinery has already played a role in the trend; dt; Brain message compromise processing system, military and spy heart = love, Jin Hao electricity = take email or perform live; account ^ 1272815 In the field of information security, some technologies and devices have been developed to allow messages to be specified only The understanding of the image is received, the so-called cryptography. When applied specifically to protect information, it is used to store sensitive messages (such as "clear text," "cleartext" or "plaintext" to a form that cannot be understood (for example, when stored or transmitted between computers). Such as "ciphertext" (ciphertext). The transfer process of plaintext to ciphertext & encryption, encryption, enciphering, or ciphering, and ciphertext conversion The transmission process to plaintext is called "decryption", "deciphering", or inverse ciphering. In the password category, several steps and rules are established to allow the user to not need height. Knowledge or effort to perform cryptographic operations and enable these users to transmit or otherwise provide their messages to other users. In the case of encrypted messages, the sender generally mentions that the recipient cannot unblock the recipient. The encrypted password ', so the recipient can't remove or access the other party/top plus the original suffocation. A technique will take these steps Or the rules are password protected, mathematical operations and special design & library applications to encrypt or decrypt high-sensitivity messages. " Some > different categories are used to encrypt or decrypt data. Here, θ, the first Class-like transport categories (such as public key cryptographic operations: , calculations) use two types of encrypted ciphers (a public key (pubUc jy and private key) to refer to the data: some public key operations A public key is used to encrypt the data of the recipient. In the user's public and 1272815 private key has a mathematical calculus relationship, the recipient must use his t-key to decrypt the transmitted data to recover the data. Classes are widely used today, but encryption and decryption operations are still slow and slow, even if only a small amount of data is encrypted and decrypted. The second type of operation, such as symmetric key algorithms, provides information. Security is fairly and faster. These operations are called symmetric key operations because they use encrypted f keys to encrypt and decrypt messages. There are three common conventions for adding Key operation: data encryption standard (DES), triple data encryption standard rule (THple DES) and advanced encryption = = idard (AES). Because these calculus strengths protect high sensitivity Shell material, which is now used by the US government and its agencies, but can = expect that at least one of these technologies will become a commercial or private delivery standard in the future. According to these symmetric key operations, the plaintext and the text: she is separated by a special size to encrypt or resolve the second $, in the 1 28-bit size interval of the advanced encryption standard = integer encryption operation, and Use 128, 192 & 256 bits = f to key. Other symmetric key operations allow for 192 and 256-bit advanced encryption standards. Referring to the packet cipher operation, the 兀 plaintext message is encrypted as eight i 28 octets. The symmetric key operation of the ^ part uses the same form of secondary operation, block encryption. And mentioning the symmetry gold that is commonly used more often, the initial encryption key expands a variety of money (such as - kinds of directories), and each one is completed in accordance with the sub-operation plus "round" field: in the monthly block. For example, the first key of the key directory is used to complete the first encryption back of the plaintext block 1272815, where the second round uses the second key of the key directory to generate the second result. A specific number of sub-unit rounds is completed to produce a final result of a ciphertext. Advanced Encryption Standard Rules There are sub-bits (or S-box), ShiftRows, MixColum, and AddRoundKey for each operation in each round of the operation. During each round, the decryption of an essay block is completed. In addition to completing the ciphertext input conversion password and conversion sub-operations (such as mixing and shifting), the final result of each round is a plaintext block. The Data Encryption Standard Rule and the Triple Data Encryption Standard Rule operate with different characteristics, but the secondary operation is the same as these advanced encryption standard rules because it uses a similar method to convert a plaintext block into a ciphertext block. " Completion of cryptographic operations on multiple continuous test groups, all symmetrical to the same mode of recording. These modes include electronic codeb〇〇k (ECB) mode, cipher block chaining (CBC) mode, cipher feedback (CFB) mode, and output feedback (output feedback, 〇FB). )mode. In the second operation completion period, some modes utilize an additional initialization vector and some use the ciphertext input completed in the first plaintext block to encrypt the first location, such as an additional input to the encrypted second location completed in the second plaintext block. . For more technical details, see Federal

Information Processing Standards Publicatin (FIPS^3) ^1 999 ^ Na Baba encryption standard rules, triple data encryption, and see side-mdooun month 26, its = step 1272815 = quasi detailed explanation. The aforementioned standard rules are promulgated and claimed by the national standard (Natl〇nal Insti^ute of Standards::ΓNIST). In addition, the individual 曰7 skin 曰, kit tools and countermeasures can refer to the Computer Security Response Center (CSRc) of the National Institute of Technology, http://csrc.nis1:.g〇v/. It is perceptible to those skilled in the art that most applications can be executed on a computer to perform encryption operations (such as encryption and decryption). In fact, some operating systems (such as Micr〇s〇ft' wi_wsXp', η in the original encryption form, encrypted application interface and similar τ, directly provide encryption / decryption services. In any case, today's brain encryption technology still exists some Missing. Please refer directly to Figure 丨, ride to highlight and discuss these missing below. Figure 1 is an architecture of today's computer encryption application Figure 1, f fn1 a first computer workstation brain workstation connected to the domain network 105 102, a network file storage 2 22: brother a router m, or other interface with the WAN = Internet, and a wireless network router 108 准 802.li also with the regional network 1〇 5: - A laptop 104 uses wireless network 1〇9 to connect to...line router 1 〇8. WAN 丨丨〇 another focus two second router ηι provides a third computer workstation '〇3 interface. 0^如„^和,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, In a few works, the parent needs a cryptographic operation. The workstation 101 uses the 1272815 encryption/decryption application 112 (such as a part of the operating system, or is driven by the operating system) to transmit the if file in the network file storage device. While the file is being stored, 'user 1 finds the fee increase message to the second located at the second computer workstation 102, the user's also needs to perform the encryption/decryption operation 112. The public: ^ can be instant (such as a Immediate message) or non-immediate (eg, 15 pieces). In addition, the user may also access or provide his/her final financial transfer, etc. or other forms of sensitivity from the third computer workstation WAN 110; = Use rr,,108,—:: Remote computer 1〇3:f table home computer or a mother's individual action requires an example that meets the Boss dense operation 112. In addition, the wireless network 109 eighty malignant offer In coffee shop, airport, school, and its A /, place, therefore pen " ^ ^ ^ Η ^, 〇 〇 I electric fine 1 U4 user an encrypted solution d: / her message transmission / receiving other users immediately , "work wireless network 1 〇 9 to wireless network routing 1 billion out of six secret or decrypt all messages. j峪 is added by 108. In the above solution, each of the above activities requires an immediate ^ ^ to do the rush, and accordingly there is a need to execute the computer 10 Bu 1 04 into a ^ 2 main 2". Therefore, do it. ^ Completing hundreds of encryption operations at the same time No matter what, save as -, » ^ ^ At least one marriage to the disc. Some of the encryption/decryption options on the computer system 101-104? The limitation of the encryption operation method. Take 丫m and Yuancheng J as an example. After completing a 1272815 via a software program, one of the aforementioned functions is relatively slower than the hardware. Each encryption/decryption operation u 5 function is executed and is being executed on the computer 101-1 〇4 for a period of time, and the execution must be suspended within the time, and (4); ^= the previous 杈, key, etc.) parameters must be Through three essays, operation 112, perform encryption and fall-off; ^ stay system to encrypt/decrypt with special group (four) return "operation must be executed to execute including multiple computer extension instructions two": stay on:. 12) The speed is unfavorable. Such as "Wangkou Ρ system operation

» 5 ^ Microsoft® 〇utl〇〇k4V-^tir^ Sub-mail::Compare!;: An unencrypted e-mail is delayed. Most of the prolonged or encrypted/decrypted components, he = arbitrarily (or positive key embedding application to complete this is also a spear; for components or other applications that are executing the application: and two

The password on the 101-104 was shipped to the computer system before the floating point unit appeared ‘: number; device: dedicated slow. Just like floating point arithmetic; , = so the execution speed is quite slow. With floating-point technology;; 3 body execution cryptographic operations are performed on a floating-point coprocessor, floating point mention? The point operation is much faster than the implementation of the software: each: it: the cost of 3γτ. Similarly, eight Α "田..., 匕 also expanded through parallel 埠 or 1 it week, #7 code stains to expand the board or \ exist. These floating points of course make 13 1272815 Mishi Ma Yun Zeng i _ with the processing 辂 / line is faster than the implementation of the general software. But the password is a total of W,,, ° system configuration increases the cost, he needs additional power main micro processing ί:: the reliability of the system. Since the data path is not on the same module as the crying of the crying, the password is shared and the execution is more easily eavesdropped. The inventor of the micro-location ί case understands that people need to calculate the CJ password hardware in the future, so that the password command can be used in the r= formula to directly connect via a single, micro-password. The cryptographic operation is performed, and the password command circuit has a password command. The inventor of the case also provides 3 = two functions to reduce the interference to the operating system and to make the best and can be used in the application. The privilege level is ☆ two! The password hardware can be ★ the current popular micro-processing 4 ί: the same as the % password hardware and related password instructions to provide the intersection with the first month J operating system and program ^ 1 to perform the password operation = Stealing? 'And can support a variety of cryptographic algorithms, support the target's special cryptographic algorithm for verification and testing, allowing the transfer and self-generated gold, support multi-electronic codebook, MU block, password = output, Mode, etc., and can use a large number of ciphertext cipher functions when using the above-mentioned programmable area j plus/unblocking mode. [before], the present invention is based on - Micro The device provides a device for calculating the cryptographic code with 1272815. The device includes a password referring to the second round of the feedback mode logic circuit and the execution logic 2 = electricity / a password command, which is calculated by the receiving - sub- As a part of the instruction stream executed on the computing device, the weight instruction specifies a cryptographic operation. This closed number of outputs is fed back to the block cryptographic operation, and the output is returned to the code: the code is executed in phase. Corresponding multiple input text g block grounding ^:f 2杈ϊ Ϊ! The road and password command circuit is closely 3: ί and each of these rounds of the feedback block password operation spoon initialization vector position. The logic "," mode logic circuit is closely combined, and the logic logic 2 = feedback password command is executed. Kedian will be able to play one, and another embodiment of Ming is an implementation of 宓 々 II. The device includes a coded, m-type logic circuit embedded in a device. The cryptographic unit is executed; the secret is: °°: since; ΐ?:, received - the command is operated to include several ciphers to return the block MM; the 被 = cipher block cipher operation is performed on the corresponding sound Several;: code feedback = medium. Turn out the feedback mode logic to drive the corpse words u together. Output feedback ^ early ^ up, cut the new indicator register content; prepare more cryptographic operations - initialization vector position 个 number of output feedback block operation = it is: kind of - device execution password ^ one of , in which the Mishi horse command system refers to the cryptographic operation of 1272815. And this number of shovel shovel in the Suibao F4 consists of several rounds of feedback teaching in the corresponding input and block. The method further includes: via the under-stealing, ▲-out-output feedback mode block operation: the vector on the in:: block is written to an initialization vector:: set:: equivalent initialization [embodiment] Manufactured for applying conventional techniques

= Examples of the invention as claimed by ί. However, the actual modification is used to highlight the differences from the prior art. This general principle can be applied to other embodiments. Therefore, the present invention is not limited to the specific embodiments. Li Zhuanqi ΐ narrate the technical background of the cryptographic program and the current computer = jin = will be secret and decryption related technology, we will 2 to find these technologies and their limitations. Next, the present invention will be discussed in terms of =2, back to 3-14. The invention provides a

= The device and method of the password program in the contemporary computer system, the current mainstream machine's device and method show better control, thus satisfying the intervention of the operating system, electronic, =, computer structure The above objectives of capacity, algorithm and mode of programability, page anti-hacker intrusion, and testability. Let φ now look at item 2, which shows the technique for performing cryptographic operations on the computer system described above. Figure 2 shows a microprocessor (micr〇pr〇cess〇r) 2〇1, which is part of the system memory corresponding to a::轾, which is called eight: 203 performs a fingerprinting circuit and accesses data. The instruction circuit provides at least one instruction, 16 1272815 for indicating a cryptographic operation, and the instruction circuit includes logic, device or microcode (ie, microinstruction or native instruction), or a logic circuit, device or The combination 'because the instruction circuit is not the focus of the invention m will be described in detail. Program control and slave memory 2 03, the accessed data is controlled by the operating system 2〇2 in the protected, domain of the system memory. As discussed above, if an executing application (for example, an email (emai丨) program or a file storage program) needs to perform a weight operation, the executing application must refer to the I microprocessor 201 executing a specific operation. The instructions can be used to complete the password. These instructions may be a subroutine that is executing the application part. They may also be linked to the embedded program that is executing the application, or it may be the service provided by the operating system 2〇2. Regardless of how they are combined, a person familiar with the art will understand that these instructions will reside in some specified or allocated memory regions. For storage purposes, these storage areas will be revealed in the application memory 203 and include a cryptographic key generation application 204, which typically generates or receives a key and expands the record into A key directory (key sche(juie) 2 0 5 ' is used for the password round operation. For multi-block encryption operations, a block encryption program (encrypti〇n applicati〇n) 206 will be motivated. Encryption program 206 Execution instructions access plaintext block 210, gold record directory 205, cryptographic parameters such as mode: gold record directory location, etc. More detailed encryption operations cryptographic parameters 209. If the specified modulo 1272815 is required, two initializations The vector (initaIizati〇nvect〇r) is also accessed by the encryption program 206. The encryption program 2〇6 executes each instruction to generate a relative ciphertext block () 2U. Similarly, a block decryption program (decryption appl1Cat1〇n) 207 is motivated to perform a block decryption operation. The decryption program 207 executes a number of instructions that access the ciphertext 21 The key directory 205, the cryptographic parameter of the more detailed decryption operation = 9, an initialization vector 2 〇 8 (will also be stored if the mode is required). The decryption program 207 executes these instructions to generate the corresponding plaintext block 21 0. The specific instruction must be executed to generate a key to add or decrypt the text block. The above F丨 specification contains many virtual code examples, so that the number of instructions that need to be determined can be estimated, so familiar with the The technician will know that hundreds of instructions are needed to complete a simple block cipher operation. Each of these commands is executed by the microprocessor 2〇1 to complete the required password ΪΆ 'execute these instructions to Completion - a password operation ^, for the main purpose of the currently executing application (such as file 'immediate message' email, remote (four) access, letter card parent easy), is an extra operation. Therefore, before Positively, the user who executes the application feels that the currently executed 2 is not efficient. In the case of the creased or guilty encryption and solution application 206, 207, the startup and management These equations 20^6, 207 are also subject to other requirements of the operating system 2〇2, such as events that support interruptions, anomalies, and deterioration problems, etc. Further two-step/on-the-requirements on the computing system- And the weight of the weight difference, an example of the program 204, 20 6, 207 is ^72815 items are separately configured in the memory, the requirements are as described above, can be expected to be added in parallel with time The cryptographic operand is confidential: the cryptographic unit that performs the cryptographic operation and the cryptographic unit that performs the cryptographic operation, and the cryptographic operation and the method of::. When the cryptographic unit is activated, the cryptographic operation is performed by stylization via a single command. The present invention will now be discussed in Japanese Patent Application No. 3 to FIG. ", Figure 3 shows a block diagram 300 depicting a microprocessor device based on this month's execution of the code. Figure 3〇〇 depicts two microprocessors (micropr〇cess〇 r) 3〇1, which is connected to a system memory 321 via a 3 memory bus 319. The microprocessor 3〇1 includes a translation logic 303 from one The instruction is temporarily received as an instruction register 302. The instruction circuit provides at least one instruction for indicating a cryptographic operation, and the instruction circuit includes a logic circuit, a device or a microcode (ie, a micro instruction or a native instruction). )), or a combination of logic circuits, devices or microcodes, since the instruction circuit is not the focus of the present invention, it will not be described in detail herein. The translation logic circuit 303 contains logic circuits, devices or microcode (ie A microinstruction or native instruction, or a combination of logic, device, or microcode, or an equivalent unit capable of translating instructions to a sequence of related microinstructions. The unit that is translated in 19 1272815, j〇3 may be shared by other circuits, micro, etc., that is, in the microprocessor 3〇1, other two can be executed according to the purpose of the present invention, the microcode is A term that refers to a large number of 彳f instructions. A microinstruction (or native instruction) is an instruction that executes an I unit level. For example, a micro instruction is a reduced instruction set computer (RISC). The microprocessor executes directly. For a complex instruction set computer (CISC) microprocessor, such as an x86 compatible microprocessor, the χ86 instructions are translated into related microinstructions, which can be complex The instruction set computer microprocessor is directly executed by at least one unit. The translation logic circuit 303 is connected to a micr〇instruction queue 304, and the microinstruction array 3〇4 has several microinstruction entries (micro Instructi〇n entries) 3〇5, 306. The microinstruction is provided by the microinstruction queue 3〇4 to the scratchpad stage logic circuit including a register group 307. The scratchpad group Regist 2 file) The 307 system has a plurality of registers 308-31 3, and the contents of these registers are created before a specified cryptographic operation is performed. The register 3〇8-312 points to the memory. The corresponding position in the memory 321 (c〇rresp〇nd; ng l^cation^) 323-327, which stores the data needed to perform the specified password. The scratchpad phase is coupled to load logic 314, which is coupled to a data cache 31 5 ' to recover data for performing the specified cryptographic operations. The data cache 315 is connected to the memory 321 via the memory bus 319. The execution logic circuit (execUfi〇n i〇gic) 328 is coupled to the load logic 314 and passes through the operation of the previous 20 1272815 circuit! Execution logic or this: U contains logic circuits, devices or microcode (ie microinstructions 1 曰々), or a group of logic circuits, devices or microcodes that can perform specified operations through the microinstructions provided to it. =j early. In the execution logic circuit 328, other circuits, microcodes, and the like are shared, that is, in the micro] = one poor code 1 into other functions. The execution logic circuit 328 includes a cryptography unit 3: a "two" input logic circuit 314 receives for execution;:: a different amount of data. The microinstruction drives the secret binary block 326 Execute the specified ;::: in: 327 (〇u^t text) micro-instruction or native instruction), or one: series two = (that is, the combination of codes, or the equivalent of a cryptographic operation: J The cryptographic operation is performed in the microcode unit 316 at the same time, that is, at the micro-portion. In one embodiment, the other execution units of the circuit 328 ('not 70*') are executed. The logic is executed in a wide range. In the second instance, the consistent application of the number 70 70 includes the logic clock Φ (five) τ early micro-instruction or native instruction), or a combination of ^ or micro-code (ie, a combination of codes, or Capable of executing a circuit, device or micro-unit. These are equivalent in a special ~ stay or each function, the "power" component may be: its operation: 定: :: for execution, that is, in micro processing In the embodiment 3, the code is the same as, in one embodiment, -敕I, his function or operation. Contains logic, 1272815, set or microcode (ie microinstruction or local finger, circuit, device or microcode, combination, b', or a logical equivalent unit. A floating point unit contains: Luo: ^ Execution An integer instruction (ie, a microinstruction or a native instruction), a circuit, a device, or a combination of microcode or microcode, or an equivalent unit capable of executing a logic circuit, the device performing an integer guard in an integer unit. Road, microcode, etc., that is, floating point day /, 70 pieces can share the capacitance x86 system - in the embodiment, dense, floating point instructions. In the integer unit of the phase, a floating point of 86 ^ 二 兀 316 and - x86 extended set unit and a x86 &#: early 7 °, - χ 86 multimedia according to the present invention, a phase extension unit is executed in parallel. The embodiment can correctly perform most of the implementation of the = two fingers on the real processor The application of the application results in the implementation of the 6 micro-J wire type is also correct: The embodiment expects a subset of the X 8 6 phase of the cryptographic unit 盥j ^ k to be executed in parallel with the X86 implementation. Unit logic circuit 卩+ 么 码 早 316 is connected to the storage Round out 5 3rgic) 317 and provide the corresponding complex number to 327 1 The storage logic circuit 317 is also connected but the second, 5 'the system sends the output text data 327 to the system 2. The brain is located at 321 for storage. The storage logic circuit 3 j The 7 series is written back to the write back logic 318. The cryptographic operation is completed, and the write back logic 318 will update the temporary store, the register 308-31 in the group 307. In one embodiment The f' microinstruction is synchronized with a clock signal (not shown) through the parent logic stages 302, 3ί) 3' 3() 4 > 3〇7, 314, 316-318, In this way, these operations can be performed in parallel, just like an assembly line. 22 1272815 In the system memory 321, a need to specify a password operation allows the application to directly drive the micro-command ^ 亥 5 hai operation through a separate cipher command 1 咐 ruction) 322. Here is a password (XCRYPT). In a complex instruction set computer implementation. " ^ contains a pointer to a cryptographic operation 1 2, in the # computer embodiment, the cryptographic instruction 322 package two micro-instructions that specify a cryptographic operation. In an embodiment, the existing instruction set architecture is redundant or not Use a complex preposition (that is, followed by 2; ^,, flat code (such as 〇x〇FA7), plus } bit 袓b 2 a specified password used in the operation of the password = Into the program instruction stream ^3. 1. Since the execution of the specified password operation system (only, :=, device 322 drives the microprocessor 30), then, the second code in the operating system 320 Said to be completely transparent: the completion of the total eight, t stub, in the execution of the application period you & ΐ: part of Ϊ, - password refers to ♦ 322 is by 2 = 322, :: take J3: 302 However, the execution of the password command causes the initialization temporary memory to cry 3fls ςΐ 9 = 7 to drive the microprocessor 301 to store the contents of 308-31 2 so that it points to the position in the 23 1272815 e-fe body 3 21 2 2 3 - 3 2 7, these locations contain a cryptographic control word 323, an initial gold record (initial Cryptographic key) 324 or key schedule 324, an initialization vector 325 (if needed), input text 326 and output text 327 for operation. It is necessary to initialize the temporary storage to 3 0 8 - 31 2 before the instruction 322, because the password instruction 3 2 2 directly uses the temporary registers 3〇8-312 and the additional temporary storage of a block number without checking. 31 3, the number of blocks refers to the number of data blocks that need to be encrypted or decrypted in the input φ text area 326. Thus, the translation logic circuit 303 retrieves the weight from the capture logic circuit 3〇2 and will It is converted into a series of corresponding micro-instructions that drive the microprocessor 3 〇 1 to perform a specified cryptographic operation. In the corresponding system, a first set of micro-instructions in the micro-instruction 3 〇 5-3 〇 6 is a driving code Unit 31 6 causes the download from the data provided by the logic circuit 3丨4 and begins to execute a certain number of password rounds to generate a corresponding output data block and provides the corresponding output data block to the storage logic through the data cache 315. Electricity 317 is stored in the output text area 327 of the memory 321 . The other group of micro-instructions (not shown) of the corresponding series of micro-instructions drives the other execution units of the microprocessor 3〇1 (not shown). Perform other necessary operations to complete the specified cryptographic operations, such as after encrypting/decrypting a set of input texts 326, controlling the intermediate results and counting the unstructured registers (not shown), updating the inputs and outputs. P〇interregisters 311 - 312, update initialization vector pointer register 310 24 1272815 (if needed) and handle current interrupts, etc. In one embodiment, the scratchpad 308_313 is a structure register, and the structure register 308-31 3 is defined by executing a special microprocessor in an instruction set architecture (instructi〇n ^Ch 1 tecture, 1SA). The scratchpad. In the embodiment, the cryptographic unit 316 is divided into a plurality of & slaves, which allows pipelined continuous input of the text block 326. Figure 3 is a block diagram of the basic group of the present invention for the sake of clarity. In today's microprocessor 301: = The path is ignored by block diagram 〇0. However, the -1 ί technician will understand that depending on the particular implementation today, there are many stages and logic circuits involved, but the logic circuit 314 is loaded! It: set together. For example, 'after' is the cache interface level: staged', but it is worth noting that in the complex::::, line alignment phase. 3 2 2 households = ^ According to the present invention, by means of the individual password command perspective, it is considered to be through the dedicated cryptographic unit 3166 of the operating system 320, and the 'execution is executed through a processor in the processor 3〇1. ^ Yuan 316 series and micro-human attempts to structure the structure = Ding. The embodiment of the invention 316 of the present invention, i ridge (a reconfigurable cryptographic unit dedicated floating point unit hard two core ^ previous microprocessor provided by the operation of 322 and the previous 316 and related cryptographic instructions are fully compatible # :, /,,, first 320 and the application and now please refer to the description below. /, the director provides a schematic diagram showing 25 1272815

According to the invention, a micro-capital i A 400 comprises an embodiment of a = tt 400. Password command neld) 401, narrow post block (〇Ptl〇nal Prefix

Fie 1 d ) 4 0 2, with the front of the 疋Γ 疋Γ ( (rePea 1 ΡΓ e f soil X 4 〇 3, the last is a district = two transport t code block (〇 PC 〇 defield) n Long Li, Code pattern shelf (b 1 〇 ckcipher hex 1 Γ 1 ά) 4 〇 4, in one embodiment, the block 401 - 404 Bean: the instruction set architecture on page 8 is consistent. The reconfigurable embodiment conforms to other instruction set architectures .

5 3 :: 'The optional pre-block 40 1 is executed in some way so that the main microprocessor can be enabled or not, such as 16-bit or 32-bit operations, 2 Ming 1 son to special memory segments and so on. Repeating the pre-field 402 2, ίϊίΤ 400 specifies the cryptographic operation that will be completed in a plurality of transpositions 402 7 # it ie plaintext or ciphertext. Repeat the pre-blocking Ι ΐ ΐ 一 适合 适合 适合 适合 适合 适合 适合 适合 适合 适合 适合 适合 适合 适合 适合 适合 适合 适合 适合 适合 适合 适合 适合 适合 适合 适合 适合 适合 适合 适合 适合

: indicates that the system memory contains information and 彔 for specific cryptographic operations. As described above, in an x86 compatible embodiment, the value before the repetition is 0XF3. Moreover, according to the x86 code command, it is repeated with x86 such as REP.M0VS. For example, when performing the present invention with the _ phase; , : ίίϊ斋5 example, repeating the pre-blocking instruction to store the block calculation variables in the π,,, °冓 register ECX, stored in the temporary - The source address indicator in ESI (indicating the inferior material used for cryptographic operations) and the destination address stored in the register EDI (where the output data area is indicated in h).纟χ86 compatible = In the example, the present invention makes the conventional repetitive sequence instruction content, and further refers to the control character indicator in the register edx, the cryptographic key indicator in the storage BX, and the storage in the case of 26 1272815 The scratchpad ^ ; words). in? The 2-code field 403 required by the chip mode of the right-hand 1 button specifies that the microprocessor performs the cryptographic operation, and the ς 7 is tied to the control character stored in the memory, which is indicated by the control character index* . The present invention calculates a preferred selection value of Yun Zengshi: 0 = 3 as an existing instruction set architecture:

One of the calculation codes to preserve the consistency of the old operating system and the microprocessor that is used for software. For example, as described in =, the transport code block 4〇3 performs the value 〇x〇Fa7 to illustrate the cryptographic operation. Block cipher mode block 曰 404 2 = special block cipher mode to perform in the specific description of the secret, as shown in Figure 5. The mine will show a table 5〇〇, which shows the value of the exemplary block cipher mode block according to Fig. 4 . Number "OxC8 曰疋 cryptographic operations can be obtained by using electronic code

ί Ϊ Ϊ 。. The value 0xD0 specifies that the cryptographic operation can be done using the password i ^ column fork. The value ΟχΕΟ specified cryptographic operation can be done using the 'horse feedback mode'. The value 0xE8 specifies that the cryptographic operation can be completed by the output feedback (0FB) mode. All other values of block cipher mode block 404 will be called. These modes are described in the aforementioned FIPS text. See Figure 6' for a detailed description of the schematic diagram in accordance with the present invention in a χ86 compatible microprocessor (mi 〇 processor) 〇〇 cryptography uni t 61 7 . Microprocessor 600 includes a logic circuit (ft. etch iogic) 601 that is retrieved from an execution memory (not shown). The capture logic circuit 601 'connects 2 to a translation logic circuit 6 〇 2 circuit 602 contains logic circuits, devices or microcode # % I 曰々 or native instructions), or a logic circuit, device 2 Ϊ合' is able to translate instructions into micro-instructions, and bills. The translation is performed in the translation logic circuit 602::: "Other circuits, microcodes, etc. are shared, and other functions are performed within the heart processing 600. The translation logic circuit 6, 02 includes a connection. To microcode read-only memory (translator 603 on microcode 604 and output feedback mode logic 640, which is connected to both translator 6〇3 and microcode read-only memory) At 604, an interrupt logic 62 6 is coupled to the translation logic circuit 6〇2 via a bus 628. A number of software and hardware interrupt signals Unterrupt signals 627 will be processed by the interrupt logic circuit 626, which will The interrupt is being processed by the translation logic circuit 602. The successive stages of the translation logic circuit 〇2 connected to the microprocessor 600 include a register stage 605, an address stage 606, and a load stage (i〇ad) Stage)6〇7, execute stage 608, store stage 618 and write back wr i te back stage 61 9. Each successive stage includes Yuan Cheng #日Functional logic, these specific functions are related to instructions provided by the logic circuit 601, and these structures are described by similar names in the microprocessor of Figure 3. The x86 compatible embodiment 600 depicted in Figure 6 Execution logic 632 in execution stage 6-8 is shown, which includes execution units 610, 612, 614, 616, 61 of parallel 28 1272815. Integer unit 610 is arranged from the microinstruction ( Micro instruction queue) 609 receives an integer microinstruction for execution of a 'float point uni t' 61 2 receives a floating point microinstruction from the microinstruction queue 611 for execution, a multimedia extension set unit (Multi-media Extensions) , MMX) 614 receives the multimedia extended set microinstructions from the microinstruction queue 61 3 for execution, and the Streaming SIMD Extensions (SSE) 616 receives the streaming extension set microinstructions from the microinstruction queue 615 for execution. In a typical x86 embodiment, a cryptography unit 617 is loaded through a load bus 620, a stall signal 621, and a store. A store bus 622 is coupled to the stream extension unit 616. The cryptographic unit 617 shares the microinstruction queue 61 5 of the stream extension set unit. The reconfigurable embodiment attempts to isolate the parallel operations of cryptographic unit 617 as elements 610, 612, and 614. An integer unit (integer uni t) 610 is coupled to an EF LAGS register 624. The flag is stored as including an X bit 6 2 5, and the status of the X bit indicates whether the password operation is in progress. . In one embodiment, the X bit 625 is the 30th bit of an x86 flag register 624. In addition, integer unit 610 accesses a machine specif & register 628 to calculate the state of an E bit 629. The status of the e bit 629 indicates whether or not the cryptographic unit 61 7 is present in the microprocessor 6. The integer unit 6 1 存取 also accesses the D bit 63 in the feature control spoofing 630 to turn the crypto unit 617 on or off. Like the microprocessor of FIG. 3, 29 1272815, the example 301, the microprocessor 6 of FIG. 6 describes the necessary components of the i:8 compatible embodiment of the present invention, and clearly sets or some of the 2 element. A person familiar with the technology will have t". The components must also be used to complete the interface (such as data, not shown), bus interface units (not shown), clock generation and frequency division logic (not shown), and the like. Pity-tn by the logic circuit 6〇1, from the memory (not: ξ8 & buckle circuit and synchronized with the clock signal (not shown) to learn logic 602. The command circuit provides at least one

/dream w refers to r-cryptographic operation' and the instruction circuit contains logic, wave or microcode (ie micro-instruction or native instruction (native ==i, or a logic circuit, skirt or (4), the circuit is not The focus of the present invention will not be described here. The translation logic circuit 6〇2 switch circuit to the micro finger ♦ circuit corresponding =: step - clock signal, continuously provided to micro r, 618 and 619 Micro-instruction order.= Micro-Button 7 circuit deduction operation, this

Facet operation, and this comprehensive operation can be as follows by the corresponding instruction commander: 606 address generation; whole; = hunting by address phase code, 敫铋 敫铋 〇 兀 兀 兀 兀 61 0 The two addition operations in the temporary storage ΪΓΛΤ:! From the register stage _ in the index; the result of the corpse Y house, this proud left

Stage 618 is performed. According to the transferred G circuit 602, the translator 6〇3 will be directly produced, or the sequence obtained from the microcode read only ^7, only. The sequence of the body 604, or 30 1272815 rpm, the 603 directly produces a portion of the sequence and obtains the existing sequence portion from the microcode read-only memory 604. The microinstruction is synchronized with the clock signal through successive stages 605-608, 618 and 619. When the microinstructions arrive at the execution stage 6〇8, they are fetched from the scratchpad with their opcodes and the specified execution units 610, 612, 614, 616, 6^7 in the scratchpad stage 605, or are addressed to the stage ^ The logic circuit in 0 6 is generated, or is obtained by the loading logic 6 632 by loading phase 6 〇 7 from the data cache ‘ by the corresponding microinstruction sequence 6 〇 9, 61 work,

613, 615 is replaced by a microinstruction. Execution units 61, η, 614 61 6 , 61 7 execute microinstructions and provide results to the storage phase. In one embodiment, the microinstructions contain intercepts indicating whether they are executed in parallel with other transports. In response to the above description, in response to obtaining a cryptographic command, the translation logic θ 6 〇 2 generates associated microinstructions that drive successive stages 6〇5_608, 618, 619 in the microprocessor 600 to perform execution designation.

"The code is different. - The first group of related micro-instructions sends the password list to Π, 1 drives the cryptographic unit 617 to read the data on the η' or downloads - enters the data block and starts = 仃ΐΐ two number of password rounds An output data area-output data block is generated to the storage bus 622 for storage in the memory by the storage logic circuit 618. A related micro-instruction is sent to the other execution units 61〇, 61-2, :=4, 616 Having the execution complete the specified cryptographic operation, such as test Ε bit 629, initiating D bit 631, ^ 2 625 to indicate that the current cryptographic operation is temporarily storing n of the temporary phase 605 (eg, counting a number of registers, 31 1272815 Input text indicator register, input: off logic circuit m processing interrupt supply is provided as multiple inputs:; 匕1 on:, instruction count execution, L7 you age, betty 卞匕 上 疋 疋 疋 运 运^ Shi Yu number operation and password unit selection f interrupt call from interrupt 627 4 return == the standard is stored in the structure temporarily code!! Interrupt: back:: shape: will be saved and the status: from the system will Jump to the corresponding 4 service:: off η: The program control and control will be cleared to indicate that the gold record control system is transferred back to the password: ;::::: When returning, the 'special micro-instruction; test; effect, the program will be right The age of the prince is not valid in the tenth. If there is a block to continue processing, the specific input data area and control word before $: the status of 2 yuan 625 indicates the key (when the read interrupt occurs, the U is new Memory and control characters. Halogen, 疋 input key to the poor block ί always contains the heart two: two" early yuan 617 in the gold 铨杳 43 ^ J start test 以 to determine the password = key data and The validity of the control word. If the key data and the batch _ ΐ ΐ ΐ , , , ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ ΐ Load t:k and specify the password to be transferred. In addition, input the data block 32 1272815 to load and specify the data and control character data of the cryptographic operation. D, 'do not need to load the key line new two =; and control Character, then in the same key data and control word: Zi 2 = Er Li Yuan 625. After this erotic command can also control the character data to be input, clear the : position: ° 匕 'the poor material and improve the memory bus hurdle 5. For example, the encryption / solution for the input data block The poor eight can be used to make 5 instructions. The solution is to use the password feedback mode, the output 640 will complete the cryptographic operation (4) t-type logic circuit, the second is normal and the pointer sub-area is allowed. The intermediate surname of the block cipher operation sequence on the block, :: is enough to be updated. Output feedback; type logic 64 64 64 64 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入 插入When the password is calculated, in the case of 2 people, the output data block indicator is changed to point to the next two data blocks. In addition, the output feedback mode ^ two micro-instructions are inserted into the corresponding micro-instruction stream, so that the calculator can indicate that the cryptographic operation on the current input data block has been reduced. A person familiar with the art would like to use an initialization vector for the cryptographic operation output back to the second mode, which is used by a second block to generate a first ciphertext block. The previous text is used to initialize the vector to generate a first ciphertext output block 2, followed by mutual exclusion of the first ciphertext output block and the first plaintext block to generate a first ciphertext area. Piece. The first ciphertext output block 33 1272815 will be fed back as the encrypted second plaintext area. By analogy, an output is returned, etc.; the initialization-to-output feedback encryption operator's pole 'phase:: the elementary system is the mutually exclusive ciphertext area (4) = the clear text block ciphertext operation is applied to the initialization In the example, the output feedback mode logic circuit 640 recognizes a buckle output feedback mode encryption or decryption operation, in which the ciphertext is converted to the equivalent of the post-production.

^ series to update the indicators in the structure register, to ensure that the subsequent blocks of the second or the male block are properly equivalent. In an alternative embodiment, the output feedback mode logic circuit 40 identifies a specified output. Feedback mode encryption or decryption operation, and =2, the instruction system performs a mutual exclusion operation in the current plaintext block and its corresponding W-Xiong and Wen block to generate a second, use, etc. Effect initialization vector; 2) store the equivalent initialization inward to the index indicated by the initialization vector indicator register

, 3) Update the indicator in the structure register to ensure that the subsequent block of the plaintext or ciphertext block is returned to the appropriate equivalent initialization vector. Referring now to Figure 7, the diagram illustrates a typical microinstruction 7 of a microinstruction performing a codon operation in the microprocessor of Fig. 6. The microinstruction (micro instructi) 7 includes a microcoded code block. A micro opcode field 701, a data temporary field, a data register field 702, and a register field 7〇3. Micro-coded block 70 1 indicates a particular sub-operation to be performed, and indicates that at least one stage of the sub-operation of 34 1272815 is logically = crypto unit in accordance with the present invention: the path is for at least one instruction, The instruction circuit contains logic electricity: Ma Yunkai, and (nat.ve .nstru^o,;;%' ! ^ circuit, device or microcode combination, due to the above) or the focus of a logical invention, This is no longer the case: the heart: The circuit is not in this example, there are two special values. A H field ^ month 4 is a real indication that the value to be retrieved from the memory location ^ XL (AD 」 AD) The buffer address 702 represents the mf address is 2. The data will be loaded into the password list 2: η 糸 by the scratchpad block 703: chemistry vector) is two up, rounded text data, initial - second value "storage 7 X mountain STn two 疋. Micro The data generated by the operation code block 701 will be stored to 丨)"" indicates that the data produced by the cryptographic unit is temporarily stored in the second =; 'its address is * 7 〇 3 indicates the array output / the example 'in the temporary register The block ^ 〇 ^ t , , , ff field ) 704 ^ , Ping 兀 in the Bellow block (data clear, about the password iri logic circuit access. According to the present description ' will be discussed in Figure 8 and Figure 9. More seven, Tian look at Figure 8, Table 8 〇〇>, +, γ ^ - bar loaded into the micro-instruction circuit; % block 7 grid:, so that the circuit provides at least - instruction, shipped r 35 1272815 and The instruction circuit includes logic circuits, devices, or micro^^^(nat.ve i ns t.uc t, on )) ^ ^ ^ Combination of circuit placement or microcode, because the instruction circuit is not heavy: This is described in detail. As stated in the previous section. The microinstruction sequence consists of a cryptographic unit: ^ two sets of second set of microinstructions, the second set of microinstructions are executed by other parallel functional units other than the crypto unit in the U; ♦Complete such as update counter, temporary temporary storage: shape:: Ϊ Ϊ, test and set on the machine special register ^ 几 几 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 The driver password unit enables the generation of the gold balance directory (or the artist Ρ々布立I to load and add, (or decrypt) input text data, and store it in the character data, the street code unit provides the load control data, #入ϊ ί key or key directory, loading the initialization vector to drive the crypto unit — M + t to enter the text and poor stuff and eight — 仃 曰疋 曰疋 曰疋 。 。 。 。 。 在一 在一 在一 在一 在一 在一 在一 在一 在一 在一 在一 在一 在一 在一 在一 在一 在一The value in 703 〇b〇A =, recognizes a batch of null-z, Τ旳 value UbOlO specifies the crypto unit to load the second το to his internal control character bar instruction is in the performance μ — - AA ^^ A is due to the opening of the line, the structure control of the register stage: 兀The standard register is accessed to obtain the = physical address 'two = series; the way the address is translated into the control word - the loader logic circuit is called from the cache, and will control 704, at this time, the control character has been released / 1 枓 枓 , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , The data block 704β k loads and executes the input text data of the hit, and then the data and the code operation. Like the control character, input

Obiof, the indicator stored in the structure register is accessed. The value is internal to the temporary; the data is widened into the '4', and the input data will be loaded. 曰:疋 Enter the text data (when pipelined), or you can use: Values 0bll〇 and Obllll indicate that the password is entered into a key or generated by the user. You can use an application and an operating system.

: 2 ^ low bit and high bit. According to the person: a specified function or an object specified to operate, use the person m丨, • “not small, one machine, or – brazed out. In one embodiment, after the user generates gold, ϊΐΐί:: Established. In an alternative embodiment, the keyed directory is created by a person.

In the embodiment, the value of the temporary storage of 11 items _〇 and 〇 O O O O 元 分为 分为 ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ So, * made two up

The block performs pipeline operation, - the first-loading micro-finger i two::: provides a first input text data area ghost & after the binding one brother two load micro-instruction to input _ 〇 provide a word data block ' At the same time, the cryptographic unit is driven to start the cryptographic operation. v Once, I 彳吏 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成 生成Take ^ into each of the alloys in the Jin Yu directory. All other values of the scratchpad block 703 loaded into the microinstruction are 37 1272815 μ retention. An eclipse, according to Figure 9 'Table 9 展示 shows according to Figure 7: the micro-instruction register stall 7 700 A less one instruction, which is used to indicate the - password operation command (native.. clothing or The extreme code (that is, the micro-instruction or the native friendly instruction^^ -ρ ^ + ^ device 戋矜 step on the person) or a combination of a logic circuit, ι4 U code, because of the focus of the %, this is not a ,, from It is not a description of the cryptographic unit of the present invention. The storage microinstruction driver is provided to the storage logic circuit to store the memory address specified by the text file 702. Therefore, the temporary block logic circuit is in the relevant input block: the transaction, after the translation, for the specific output text into the micro-servo block 7 〇 3 value 0 bl heart == stored = its internal output - The 0 output - 〇 register will be stored in the storage logic circuit as early as π. The output of the second sub-block provides - the enclosing round text /it 〇 - the content of the 和 is associated with the input of the crying & sub s block. At the same time, the Japanese knives tear the female state value OblOi, Nei Qiu Yu ψ 1 士 僳芩 J 僳芩 暂 暂 暂 -1 于 于 于 于 于 于 于 于 于 于 于 于 于 于 于 于 于 于 于 于 于 于 于 于 于 于 于 于The information is also relevant. Therefore, the Meng wheel and the control word can be used to load u. After 51, the plural input text area #銶 is passed to load. Input _丨, load wheel and sub-e block~〇 Can be brewed - ~ 〇 (loading · input ~ 1, storage · output - 〇, loading in 彳 ^ *) storage · output such as 斟 nrV 戟 八 · John into -1, loading round - nf pq The transmission of the order of the following two input characters. The intrusion 0 (opening micro-instruction, #, s, A h 匚 ghost cylinder) is transmitted through the crypto unit pipeline. Mountain Looking at Figure 1 〇, in accordance with the present invention, a typical control charter re-described. (contr〇l word format) 38 1272815 1 000, the control character specifies the 密码 character 1 000 is the password parameter of the user's total 马 ☆. Before the control of the cryptographic operation, its indicator is written by the _ to the memory, and is provided by the execution register. Therefore, a rabbit: a part of a microinstruction sequence suitable for the structure of the microprocessor, and a password instruction related-cryptographic instruction provided by the second two, which is used to indicate that the "second" port circuit provides at least a logic circuit, the device t η π *; The horse is different, and the command circuit (nat.ve.nstruct^ or microcode combination, because of the finger =; two circuits, the pin point, no longer detailed here) „the invention of the heavy microprocessor read contains The surname of the indicator, the instruction to the micro-instruction is changed to - the physical address 'from: the indicator to the element _ and the control character 2 to; take; the word (talk D) block 10 (η,: 4 sub-in 70 1 000 includes a reserved 1〇〇2, an encryption/decryption key size (KSIZE) to block the fruit (IRSi Mountain (E/D) block 1 003, an intermediate, and (IRSLT) block 1 〇〇4,2] Intercept 1 005, a deductive r Λτρλ key generation (KGEN) combined counts two feet «^〇"〇Γ ^ # ^ ^ ^ ^ key size. In-one complete encryption or The decrypted gold 128-bit key, or the key size field is either - 256 ^ 0 ; σ^ /V^ Γ /im ^ ί ^ " is the encryption operation or _ two ^ i003 1曰The m/f// shed 1 〇〇 5 indicates the key of the 石 石 运算 运算 运算 运算 表明 表明 表明 表明 表明 表明 表明 表明 表明 表明 表明 表明 表明 表明 表明 表明 表明 表明 表明 表明 表明 表明 表明 表明 表明 39 39 39 39 39 39 39 39 39 39 39 39 39 The 1272815 key is sent together to the crypto unit so that the driver unit expands the key into the key directory according to the cryptographic algorithm specified by algorithm field 1 006. In one embodiment, the algorithm specified by algorithm block 1 006 is Data Encryption Standard (DES) algorithm, Triple-data Encryption Standard (Tri-DES) > Beyond Method or Advanced Encryption Standard (AES) calculus discussed so far The alternative embodiment attempts to include other algorithms, such as r丨jndae 1 ciphertext, ^wo^i^sh ciphertext, etc. The content of the round count field i〇〇7 is based on the implementation of the different method. Enter the password round given by the text block. Although the above cryptographic algorithm standard specifies the number of fixed passwords for each input to the block, providing the round count to the 〆0J allows the programmer to change the standard. Place The number of rounds. In one application, /, the programmer can assign each block to I 15 I 2... After taking the intermediate result, the content of the block 1 004 specifies a loss t = = whether the decryption is blocked according to the algorithm 1006 fixed 2 "11 ί ί method standard, in the round count block 1 007 refers to the item lmV -, the latter, or whether the encryption / decryption according to ALG ▲ Bay 1 ϋ ϋ 6 specified Jie Zeng, the number of return - > /, open, the number of mouths specified by the round count block 1007, and the last one value instead of the final result. In each round of the first and second rounds, those who are familiar with the technology will hope to be doing 'except the last two eves and calculus: all perform the same sub-operation results. Blocks 10. 4 = outside. Therefore, the 'intermediate fruit' allows the programmer to provide more, and the result, rather than the final result, can be passed in the middle step of a different method. For example, a round of encryption is performed on the block, and after 1272815$, two rounds are performed on the same text block, and then three rounds are obtained to obtain the accumulated intermediate result to verify the performance of the algorithm. 2. The user of the function for programmable rounds and intermediate results can verify password coding performance, detect failures, and explore the utility of different key structures and rounds. Referring to A?, Figure 11, the block diagram details the cryptography unit 1100 in accordance with the present invention. The cryptographic unit i 1 包括 includes a micro-opcode register U 0 3 that receives the cryptographic microinstruction circuitry (i.e., loads and stores microinstructions) through the microinstruction bus 1114. The cryptographic microinstruction circuit provides at least one cryptographic command, which uses _ to refer to a cryptographic operation, and the instruction circuit includes a logic circuit, a device or a microcode (ie, a microinstruction or a native instruction), or a logic circuit. Combination of device or microcode 'Because the instruction circuit is not the focus of the present invention, it will not be described in detail herein. The cryptographic unit 1100 also has a control word register 11 〇 4, an input 〇 register 1105, and an input 1-3 register 11 〇 6 , a key 〇 register 1107, a key -1 register 11 〇 8. The data is supplied to the scratchpad _ 1 1 04-1 1 08 via a load bus 1111 as if the microinstruction register is specified in the microinstruction register 1103. The cryptographic unit 11 〇〇 also includes a block logic circuit (bl〇ck cipher logic) connected to all the registers 1 1 03-1 1 08 and the key random access memory (keyRAM) 11〇2. 11〇1. The block cipher logic circuit provides a delay signal (stai ^ signal) 1113 and provides the block result to an output - 〇 register 1109 and an output a register 111 〇. The output devices, 41 1272815 110 9-1110, send their valleys through a storage bus (11) to a successive stage suitable for the microprocessor. In one embodiment, the microinstruction register 11〇3 is 32-bit, while the other registers 1104-mo are all 128-bit. In operation, the cryptographic microinstruction is sequentially transferred to the microinstruction new device 1103, while controlling the character temporary register 11 〇 4 or the input of a = ι! «10 Γ η ° 6, a ' or such a key temporarily A specified material in the memory 1 1 07-1 1 08 is also transmitted. In the embodiment discussed with reference to Figures 8 and 9, a control character is first passed

After a load microinstruction is loaded into the control character register 11〇4. The key or key directory is loaded by a subsequent load microinstruction. Such as; 2: 2! The gold record of the yuan is loaded, a micro-instruction can be added to the ^, seven private account register key - 〇 11〇7. If the second = greater than 128 bits is loaded, then a load micro-instruction is provided in addition to the specified key -0 11〇7, and also provides the scratchpad key 4 instruction. If the user generates a key, the second record is loaded, and the scratchpad key _〇 11〇7 is specified.

The J input microinstruction will be provided. Each key in the loaded key directory is stored in the key random access memory 丨1〇2 依次 in their corresponding password rounds. Following this, the text poor (if no initialization vector is needed) is loaded into the -1 scratchpad 1106. If the vector needs to be initialized, it will be loaded and the microinstruction will be loaded into the input "storage" i i 〇 6. Load the micro-instruction drive password unit into the public register 1105. Enter the text data into the input_〇 register u〇

= two = word / 4 memory 1104 provides parameters, using L 1 initialization to 1 or two wheeled into the register 1 1 05-1 1 06 (such as 42 I272815 11 nt ΐ lean system ί pipeline processing) Execute the scratchpad input ~o to enter the password round of the text data. After receiving the input-0 1105 pass and the 2 2 load microinstruction, the contents of the 'block cipher logic circuit' 〇1 = control f 开始 start executing the specified cryptographic operation. A separate key needs to be extended, block cipher logic] Generate each gun in the key directory and put him: ί in random access memory 1102. Regardless of whether the block memory is loaded, the first alloy gun is cached in the 3 circuit 1101, so that the first block password is returned to the second... and the key random access memory 1102 is accessed. Awkward. Once activated, the block cipher logic 1101 is contiguous in at least the === word ΪΪ: continuation of the specified cryptographic operations until the cryptographic algorithm of the operation 2, = five-key down access memory 1102 Intercepting the round ^^ secret-code unit 1100 performs two on the specified input text block

婉IΓ block (four) operation. Continuous input text blocks can be encrypted or solved by = should and continuously load and store micro-instructions; after the storage command is executed, if the specified output or output -1 is not fully generated, At this time, the block; code logic circuit 1101 generates a delay signal 1113. When the output material is generated and placed into a corresponding output register 11〇9_ιιι〇^ ϋ 1109-1110 #Content is transferred to the storage confluence, now looking at Figure 12, a block diagram illustrates the use according to the present invention An embodiment of a block cipher logic 1 200 that performs advanced cryptographic operations on cryptographic operations. Block dense 43 1272815 code logic circuit 1 2 ο 〇 includes a turn engine connected to a turn engine controller (r〇und engine controller) through bus bars 1 211 -1 21 4 and bus bars 1216-1218 (r〇 Und engine) 1 220. The round engine controller 121 accesses a micro instruction register 1201, a control word register 1 202, a gold record temporary state 1203', and a key-1 temporary storage. The device 1204 accesses the key data, microinstructions, parameters, and the like indicating the cryptographic operations. The contents of the input register 1 205-1 206 are supplied to the round engine 1 220 and the round engine 122, and the corresponding output text is supplied to the output registers 1 207 - 12 〇 8. The output registers 1207-1 208 are connected to the round engine controllers through the busbars 1216-1217 to ensure that the round engine controller can access the results of each successive weight round, which is through the busbars ΝΕχτ丨N丨2]8 is provided to the round engine 122 for the next password round. The key of the key random access memory (not shown) is accessed through the bus 1215. Encryption/decryption (ENC/DEC) signal 1211 drives the round engine to perform encryption (eg 8 - βοχ) or decryption (eg inverted S-Box) using sub-operations. The content of the round count (RNDC 〇 N) bus 1212 drives the round engine 122 to perform a first advanced encryption standard = combined, an intermediate advanced encryption standard round or a final advanced encryption standard round. A key generation (GENKEY) signal 1214 is used to direct the round engine 1 220 to generate a key directory based on the keys provided by the bus 1213. When its corresponding round is executed, the key bus 1213 is provided to the round engine 122 for each person's key. Round engine 1 220 includes a connection to a first scratchpad temporary storage 1272815 =. The first key xor logic circuit 1221 on 1 222. The first system is connected to the s_Bqx logic circuit 1 223, and the s logic circuit (4) is connected to the shift logic circuit (ShiftR〇w 〇^ic) 1224. The shift logic circuit 1 224 is connected to a :, , e, and stored at -1 1 225. The second register 1225 is connected to a logic circuit (Mlx c〇lumn 1〇gic) 122 circuit, • connected to a third register temporary storage 1227. The first-gold record logic circuit 1221, s_B〇x logic = in the advanced encryption target discussed above.

The shift circuit 1 224 and the hash logic circuit 1 226 perform the same operation of the sub-operation logic circuit 1226 with the same name as they need to pass the full key plus the external _ Λ々 on the poor material during the intermediate round Perform advanced 2 裇 soap X0R 迠. First key logic circuit 122i, s_b〇x

ί t ? 6 Π 3 two shift logic circuit 1 2 2 4, and the mixed logic power is also used to perform their corresponding inverse advanced encryption standard sub-operations by encrypting/decrypting the signal 1 during decryption. A person familiar with the technique wishes to provide the intermediate "122G° initialization vector data (eg 1 220) ^NEXTIN 1218 to the round engine according to the special block encryption mode subtracted from the contents of the control character in Figure 12. In the embodiment, the round engine; the order, the temporary storage side and the temporary storage finger 5; the second door and the storage _1 1 225 and the temporary storage - 2 1 227 are the second stage. ΠΓ / 氕: signal (not shown Synchronization between the phases, although the male code operation is completed on an input data block 45 1272815 2, the output data is stored in the corresponding round-out register, and the execution of the temporary storage η-micro-instruction "storage" is executed. Make a designated lose? The content of '12G8 is provided to - the storage bus is not in the bus. In the middle: FIG. 13, a flowchart depicts a method of protecting the state of a cryptographic parameter during the invention according to the present invention. According to the present and second: t processor execution instruction flow, the flow begins at block 1 3 0 2 ^. The instruction flow does not have to include a password command that is described. Subsequently, the process processing decision block, when determining block 1304, makes an assessment to determine that the ^::event (eg, 'maskable interrupt, unmaskable interrupt, $task switch, etc.) occurs when the current finger is changed. 々^ (interrupt handler ") to handle interrupt events. Such as Weep = Block 1 306. If it is not 'process in the judgment area: 〇 = loop, in this order will continue to execute until an interrupt event according to the present invention, at block 1 306, because the piece occurs, the program control is given to the corresponding interrupt processing cry Before, the interrupt logic circuit directs the clearing of the bit 兀 in the flag register. The X-bit clear guarantee guarantees that when a block cipher operation is performed from the interrupt handler, it will be indicated that at least one break event is occurring and is in the input data block pointed to by the input pointer register contents. The block cipher operation continues, and the block data and key data must be reprocessed by block 1 308. In block 1 308, in accordance with the present invention, all of the indicators and counts associated with the execution of the 46 1272815 block cryptographic operations are stored from the memory to the memory. 35 It is a typical behavior of the control computing device to complete the structure before the interrupt handler is placed before the interrupt handler. :疋, current data The purpose of the pre-data structure is to implement the entire interrupt event period::: When the scratchpad is saved g :耠I, transparent 1310. / Immediately Processed to Block At block 1310, the program stream is moved. ♦ The flow is then processed to block 13丨2. Broken processing state. The block 1 1 2 2 ' § Hai method is completed.孰 Looking at Figure 13 (10) from the interrupt handler, after: '1302. , w Jun again - people from the block less -: = Figure 1 will be in accordance with the invention on the block: = a number of input data area 4 ¢ ¢ 5 port fork weight calculation of the two =! block Starting from 1402, according to the present invention, the execution of the round-robin feedback mode using the round-robin feedback mode may be a first execution, or may be: the result of the interruption of the execution of the second wide interrupt event After the interrupt handler is executed, it is passed back to the password: 7 places. / / The current process is then processed to block i 404. ', into i匕ίϊϊ 1404, according to the present invention, the contents of the memory via the input deduction private register are pointed to - the data block is loaded from the body and starts a specified poor, 1 ' ° ' The second temporary storage is determined by a specific special cryptographic operation (for example, encryption and definite block cipher mode (for example, electronic codebook, Tema block, password feedback, or output feedback). 47 1272815 ί标 = = = ; grant mode, then input the capital η: the standard register is used to set the temporary storage ^ ^ output feedback mode encryption operation, input finger one button will be encrypted next Plaintext block. For the i output feedback mode decryption operation, the input indicator reduces the decrypted ciphertext block. For the output: two solutions, the initialization vector register points to the initialization vector position in the second. The content of the first...hexurization vector position is - initial: chemical vector: the content of the pre-initial vector position is related to the - equivalent initialization vector. If a solution;]::,: : Block, sub-codebook mode, then used to fix The register is a pointer to the memory 2; the second register: the process is subsequently processed to determine the block 140 and the second is in the decision block 1406, an evaluation is used to determine; the register is set in the register X bit. If 2 = is valid in the -= directory. If x;= control is loaded into the control unit of the crypto unit and all I, month: plug t as mentioned above, refer to Figure 13, LI: When the ί is sent, the Χ bit is cleared. In addition, as in the case of U, when it is necessary to load a new upload, all must be loaded, and the secret is sent; the directory or two bits. In the - flag of the w flag, the χ86 phase of the disaster, Jia Shiwen, η + 'Aberdeen's 30-bit POPFD instruction ^ chat' article followed by a ^ Zen X position 不过. But familiar with the 48 1272815 technology It will be appreciated that in other alternative embodiments, other instructions must be used to clear the X-bit. If the X-bit is set, the process will process block 1412. If the X-bit is cleared, the flow is processed. Block 1408. At block 1408, since a cleared X bit has indicated that an interrupt event has occurred, or a new control character and/or gold The lean material will be loaded, so a control character is loaded from the memory. In one embodiment, the load control character is blocked, and the unit performs the specified cryptographic operation as described in block 1404 above. In this exemplary embodiment, initiating a cryptographic operation in block 14〇4 allows optimization of the complex block cryptographic operations by assuming that the currently loaded control characters and key data are utilized. Thus, the current input data block It is loaded, and the cryptographic operation begins before checking the condition of the X bit in the second block 1 406. The flow then processes the block 1 41. In block 1410, the key data (ie, a gold) The key or a complete key directory is loaded from the memory. In addition, depending on the most recently loaded control word and key directory, the input block and initialization vector (or equivalent initialization vector) described in block 14〇4 are loaded again and the cryptographic operation is performed. The process then processes block 1412. The input lean block (current ciphertext block or current plaintext block) loaded into block 1404 or block 1410 at block 1412' is saved to an internal scratchpad TEMP. The process then processes block 1414. An output block corresponding to the input input area is generated at block 1414'. For output feedback encryption, the input block is a plaintext block and the popped block is a corresponding ciphertext area 49 Ϊ 272815 ghost. For output feedback decryption, the input block is a ciphertext block and the rounded block is a corresponding plaintext block. The process then processes block 1416. At block 1416, an equivalent initialization vector IVEQ is generated by the mutual exclusion of the output block from the TEMP content. The flow subsequent processing block 1418 recognizes the block 14丨8, and the equivalent initialization vector is written to the memory pointed to by the content of the initialization vector indicator register IVPTR, and the position 2 is therefore returned to the round specified by the subsequent input block. Modeling ^

The implementation of the weight transfer will use the appropriate equivalent initialization vector. The process then processes block 1420. ; , L, the steps $1 described in blocks 1412, 1414, 1416, and 1418 are required to be guaranteed to be in a state that allows the execution of a cryptographic instruction that uses the block cipher output feedback mode to be interrupted at any time. In one embodiment, a page fault can occur at any point during the line of a password command. Nine in block 丨420, the generated output block is stored in the print memory. The process then processes block 1422. °

~ At block I 422, the valleys of the input and output block indicator registers are modified to point to the next input and output data block. In addition, the contents of the block count register are modified to show the completion of the cryptographic operation on the current input data block. In again

In the embodiment discussed, the block counts a number of registers that are J's. However, those skilled in the art will hope that the operation and testing of the contents of the block count register can be implemented instead of the round-robin, pipelined execution of the block. The process then processes the second sentence 1424. J 疋 & block 50 1272815 An evaluation at decision block 1426' is used to determine if an input data block is to be executed. In the embodiment described herein, the block counter is used to determine if it is equal to zero for illustrative purposes. If no blocks are to be executed, the process processes block 1428. If a block is to be executed, the process begins processing the block. At block 1426, the lower-input data block and its equivalent initialization vector pointed to by the input pointer register contents and the initialization vector are loaded. The process then processes the block 丄 41 2 . At block 1428, the method is processed. Those familiar with the technology will hope that the steps discussed in blocks U16, h18, 1420, 1422, and 1424 can occur along their particular flow paths, in different orders, or they can occur in parallel, although the goal of J. The features, advantages and advantages have been described in detail, but other embodiments are also encompassed by the present invention. For example, the present invention has been discussed in detail for embodiments that are compatible with the X86 architecture. However, this way of discussion is because the χ86 community is widely understood, so providing a sufficient means to learn that the invention still includes other instruction set architectures such as powerpc:, mips, and the like, and others are completely A new embodiment of the architecture is adapted. The present invention also encompasses the execution of cryptographic operations in a computing system component rather than in the processor itself. For example, in accordance with the present invention, in a cryptographic unit embodiment, it is necessary to use it as a unified part of the computer, as is the case with integrated circuits within the genre. It is contemplated that embodiments of the present invention will be integrated around a 1272815 microprocessor as an execution password: =, and (eg, Northbridge, Southbridge) or from a primary microprocessor = a six-level f processor, In this password command is applied to the embedded control device, the processor. The present invention is expected to be an array processor and a processor, a signal processor, and an embodiment. The force side within the component group necessary for this weight operation is selected as the power in a communication system to perform a cryptographic operation. In addition, the selection processing component is described above. In addition, although the present invention 筏,, _ 述, but the two mouths change the bell, 128-bit block to draw the size of the character register can be two枓, key and control and, although the data force 1; see the Panyu block size. = Encryption standard has a significant description in the present invention, February Feng: = The invention also includes smaller well-known block ciphers, mars block cipher algorithm, Rijndaei block cipher

ΐ: 〇flSh block cipher algorithm, Blowfish block cipher J = different method, snake block cipher algorithm and RC6 block cipher calculus ' It is to be fully appreciated that the present invention provides a dedicated block cipher device, and in one The method of supporting a set of implementations within the microprocessor is widely used in that morning. The micro-block cryptographic operations can be motivated by a single line. In addition, although the present invention has been described in terms of block cipher algorithms and related techniques for performing block cipher functions, it should be noted that the present invention fully includes other forms of ciphers other than block ciphers 52 1272815. It should be followed by: providing a separate instruction by which a user can instruct a compatible microprocessor to perform a cryptographic operation such as add-to-dense or decryption, where the microprocessor includes a dedicated cryptographic unit, and the cryptographic unit passes The instruction completes the specified cryptogram 2 (and, here, the discussion of the round engine provides a 2nd-order, segmental device so that the two input data blocks can be executed in the pipeline. * The inventors point out that other embodiments may have more than two stages. It is expected that the phase division of the pipeline supporting more input data blocks is consistent with the other phases in the / commensurate microprocessor. ^ a kg Finally, although the invention has been discussed as a separate cryptographic unit supporting a number of block ciphers, the invention also includes providing other executions in a compatible microprocessor. A plurality of cryptographic units connected in parallel, wherein each of the cryptographic units is used to perform a particular block cipher algorithm. For example, 'a first unit is configured as an advanced encryption standard, and a second unit is configured as a data encryption standard or the like. Those skilled in the art should be able to use the disclosed concepts and embodiments as a basis for accomplishing the purpose of the invention, or to modify other structures, and the various changes, substitutions, and variations are The spirit and scope of the invention as defined by the appended claims. BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a schematic diagram showing the current password application. Figure 2 is a schematic diagram showing a schematic diagram of a technique for performing cryptographic operations. Figure 3 is a schematic diagram of a cryptographic processor device in accordance with the present invention. 53 !272815 Figure 4 is intended in accordance with the present invention. Month <Breakfast in the Code Command Embodiment FIG. 5 is a numerical table according to the micro gamma _ crypto mode of FIG. '铽山码▲令 illustrates the typical block diagram 6 is a detailed description of the block diagram according to the crypto unit in the processor: month in a χ86 compatible micrograph 7 is a typical micro-instruction in Figure 6 Schematic diagram. - Execute the coke operation inside. Figure 8 is a numerical table for describing a person A## by the format of Fig. 7. The warfare instruction temporary storage Fig. 9 is a numerical table for revealing an eclipse item according to the format of Fig. 7. It is a good example of the temporary control of the micro-instruction. Figure 11 is a block diagram showing a detailed description of a cryptographic unit in accordance with the present invention. Figure 12 is a block diagram showing an embodiment of a block circuit in accordance with the present invention, which is implemented in accordance with an advanced scalar and private power operation. Also known as a quasi-execution password. Figure 13 is a flow diagram showing a method of viewing a cryptographic parameter state in an interrupt event in accordance with the present invention. Figure 14 is a flow diagram depicting a method of performing a broken mode cryptographic operation in a plurality of input data blocks under one or event in accordance with the present invention.疋特疋轮出回回 [Main component symbol description 10 〇 block diagram 101 first computer workstation 54 second computer workstation 103 third computer workstation laptop 105 LAN road network broadcast storage device 107 first router wireless network router 109 wireless Network Wide Area Network 111 Second Router Encryption/Decryption Application Block Diagram 201 Microprocessor Operating System 203 Application Memory Password Key Generation Program 205 Gold Record Directory Block Encryption Program 207 Block Decryption Program Initialization Vector 209 Password Parameter Clear Text Area Block 211 ciphertext block block diagram 301 microprocessor instruction register 303 translation logic circuit micro-instruction queue 305, 306 micro-instruction entry register group 308-31 3 register load logic circuit 315 data cache password Unit 317 Storage Logic Write Back Logic 319 Memory Bus 321 Operating System Memory Password Command 323 Initial Control Character Initial Gold Record or Gold Record 325 Initialization Vector Input Text Block 327 Output Text Block Execution Logic Circuit 55 Micro, code command 401 Repeat Pre-Field 403 Block Password Mode Field 500 X 8 6 Compatible Microprocessor 601 Translation Logic Circuit 603 Microcode Read-Only Memory 605 Addressing Phase 607 Execution Phase 609 Integer Unit 611 Floating-Point Unit 613 Multimedia Extension Unit 615 Streaming extension unit 617 Storage stage 619 Loading bus 621 Storage bus 624 X bit 626 Software and hardware interrupt letter 628 E bit 630 D bit 632 Round-robin mode logic Selective pre-block Bit-transported code field table capture logic circuit translator register stage loading stage micro-instruction 列 列 微 micro-instruction 列 列 column micro-instruction 微 micro-instruction 列 列 crypto unit write back phase delay signal flag temporary storage Interrupt logic circuit machine specific register feature control register register execution logic circuit microinstruction data register register data interception table & word element 701 micro operation code block 703 register block 900 table 1001 reserved Field 56 1272815 Block Block Block Block Judgment Block 1 Ο Ο 2 Key Size Block 1 Ο Ο 4 Intermediate Result Block I 006 Algorithm Block II 0 0 Unit 11 0 2 gold random access, 丨 II 0 4 control character register 1106 input -1 register 1108 gold record -1 register 1110 output -1 register III 2 storage bus 1114 micro Instruction Bus 1 2 01 Micro Instruction Register 1203 Gold Record - 〇 Register 1205-1206 Input Temporary Cry 1210 Round Engine Control Cry mm Bus 1221 First Key XOR Logic Circuit 1223 S-Box Logic Thunder 1 225 second temporary storage temporary storage 1 227 third temporary storage temporary storage 2 1302 1306 1310 1402 1406 1 0 0 3 encryption / decryption interception 1 0 0 5 Jin Yu generated interception 1 0 0 7 total Number block 1101 & block cipher logic 1103 micro-code register 1105 input - 〇 temporary memory 1107 gold record one register 1109 output - 〇 temporary cry 1111 load bus 111 3 delay signal 1 200 Block cipher logic circuit 1 2 0 2 control character temporary storage crying 1204 Jin Yu-1 temporary storage crying 1 207-1 208 round out register 1 211 -1 214 bus 1 220 round engine 1222 first register Temporary storage ~ 〇 12 2 4 shifting logic circuit 1226 mixing logic circuit 1 3 0 4 determining block 1 308 block 1 31 2 block 1 4 0 4 block 1408 block

57 1272815 1 41 0 Block 1 41 4 Block 1 41 8 Block 1422 Block 1426 Block 141 2 Block 141 6 Block 1420 Block 1424 Judgment Block 1428 Block

58

Claims (1)

J272815 X. Patent application specification: 1. A device for performing cryptographic operations, comprising a two-code deduction circuit, which provides at least one cryptographic command, and the two-horse buckle 7 is received by a computing device. As part of the execution of a stream of instructions on the fff device, the commander specifies one of a plurality of cryptographic operations, and wherein the cryptographic operation specified includes: in a corresponding plurality of input text blocks Performing a plurality of outputs to return the block password operation; the feedback block mode logic circuit 'is connected to the sum and i! road' to drive the computing device to update the indicator register C output feedback area The block cryptographic operation - the initial location; and the logic circuit 'is connected to the output feedback block circuit to perform the specified cryptographic operation. I would like to ask for the shock described in item 1 of the patent scope. The calculation of the δ 狁 狁 进一步 进一步 进一步 进一步 进一步 进一步 进一步 进一步 进一步 进一步 $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ The method includes adding qa* mountains to a plurality of plaintext blocks to generate corresponding plurality of ciphertext blocks. The gamma operation described in item 1 of the patent scope further includes: wherein one of the specified output feedback block mode decryption operations includes a plurality of 2 output feedback areas in the block Decrypt 59 1272815 to generate a corresponding plurality of plaintext areas f as described in the first item of the patent scope. The cryptographic operation is based on the advanced encryption standard ^^^ which is specified in 5. The J is completed as described in item 1 of the patent application. The instruction specifies the execution of the specified password. The password is 6. The feedback mode is as described in item i of the patent application. A meta-store, connected to the execution logic, includes: to store a bit, which is used to indicate whether the code operation has been interrupted by the interrupt event. The device of the sixth aspect, wherein the storage device is a flag register. ^ The bit 8 is as described in the scope of the patent scope, the "including the transfer program control to a process interrupt:: interrupt process" and the execution of the code operation in the current input text m is interrupted. The secret of the ghost privately. 9. If the "type control" returns the password command as described in item 8 of the scope of the patent application, the designated 宓ς, = slave is executed in the current input text block. ~ Horse operation system in = · as claimed in the scope of patents! Each of the items described in the item should correspond to each parent on the input text block. The ί 3:: guides the computing device to modify the indicator temporary storage: , , ; 曰 down - input and output text blocks. As stated in the scope of the patent application, the circuit is directed to the front of the computing device; the memory location pointed to 'storage' is stored as 1272815. 12. The mode logic circuit of the patent application scope fn guides the device The message and the current round of texts are: 13. The special effect initialization vector of the patent scope 丨^. The event contains an interrupt, an exception, and a device in which the interrupt is switched. ...,, - page error, or a ^4 person as claimed in the scope of patent application 帛i, the order is based on the X86 command format, the code is placed in the code ^ eight as the scope of patent application! The item described in the item refers to the password set in the calculation, and the password is set to 16. For example, the patent scope ^ = several registers. The register includes: the device of the item, wherein the contents of the first register are specified in the memory; the cryptographic operation of the 亥: , enter the lean block. The Dictation is as described in claim 15 of the patent application scope: W-distributed, wherein the second temporary register, wherein the second temporary pointing-second memory address- :: Each contains two: one; the body address is specified in the memory. ;::: to save the corresponding multiple output text area set d input text block is in a plurality of Ci C: ghost π into the private cryptographic operation 8. As described in claim 15 The farmer has a 61!272815 register containing a second register, wherein the content of the third register indicates a plurality of text areas in a plurality of rounded text blocks. The device of claim 15, wherein the register comprises: a four-storage register, wherein the content of the fourth register includes a third indicator that points to a third memory address, First The second memory address specifies a third location in the memory for accessing the key data used to complete the specified cryptographic operation. ^20· If the patent application register includes: the device according to Item 15, wherein the fifth is temporarily stored as 'where the content of the fifth register includes a point to a fourth memory address a fourth indicator, the fourth memory address specifies a fourth location in the memory, the fourth location including the initialization vector location, The contents of the initialization vector position contain an initialization vector or equivalent initialization vector used when the specified = the cryptographic operation is completed. , 'These 21s · The installation register described in item 15 of the patent application scope includes: HN when the mouth Η 指向 points to a fifth indicator of a fifth memory address, five δ The physical address refers to the access of the fifth in memory to the control used to complete the specified cryptographic operation, wherein the control character is used to refer to the plurality of cryptographic parameters used by the 62 1272815 transport. . Logic, such as the device described in Item 1 of the special scope, the (four) line-::: unit, which is in each of the rounded text areas, a number of password rounds to generate the corresponding two texts A block, wherein the passwords are specified by the control character of the exhaust unit. • A device for performing weight calculations, including One:;:;2 clever; the code unit 'is used to execute some of the plural--the cryptographic operation, which also responds to the main j knowing that the cryptographic operation is one of the commands, i is in the middle of the flow The password operation means that the cryptographic operation system is: the plurality of output feedback mode area LI code units in a corresponding plurality of input text areas, to: connect to the secret content and each of the; The initial "block" of the round indicator register code operation 24. As required in the 23rd section of the patent application. The interrupt event can cause a program control to be set, wherein a program flow of the middle component, and wherein the cryptographic operation is interrupted at the current::-5.文 予 区 区 25 25 25 25 25 25 25 25 25 25 25 如 如 如 如 如 如 如 如 如 如 如 如 如 如 如 如 如 如 如 如 如 如 如 如 如 如 如 如 如 如 如 如 如 如 如If the corresponding number of input texts in the 23rd item of the patent application scope is set, 'there is a space in which each of the blocks on each block is converted to 63 1272815, and the input block code operation is completed. The system directs the computing device to modify the indicator temporary store to point to the next input and output text block. 27. The device of claim 23, wherein the device returns a feedback block mode logic circuit to direct the calculation ς = play equivalent initialization vector to the initialization vector position, and the medium =, initial vector position system Contains the location of the memory pointed to by an initialization to ^ =. f deposit 28. The device of claim 23, wherein the paint code command is based on the X 8 6 command format. 2 9. The device of claim 23, wherein the returning block mode logic directs the computing device to perform a mutual exclusion of the text block and the current output text block by the second: Generate an equivalent initialization vector. A method of performing a cryptographic operation in a device, the method comprising performing one of a cryptographic operation in response to receiving a cryptographic command, wherein the cryptographic command is in the The code operation specifies a certain cryptographic operation to be performed: the execution includes: performing a plurality of output feedback block mode block operations in a corresponding plurality of input text blocks; and writing an equivalent The initialization vector is located at an initialization vector location such that it is used via the next plurality of output feedback block mode block operations on the next of the input text blocks. 64 1272815 31. If the patent application step includes: the method described in the 30th item, it further controls the transfer program to ~+w^, and interrupts the program operation in the ^ event stream ^= m胄Μ 4 32 specified on the block. If the patent application scope is ^=. The step includes: the method described in Item 31, which is further improved. When the program control returns to the transfer Q, the current round-in text block, 隹, code command 33. Execution of the scope of the patent application. The inclusion includes: B&B's method 'which means that the person is specified according to the 指令86 command format: 4. As stated in the patent application scope 3. ": t contains: no one of which specifies an output feedback mode The cryptographic operation, the cryptographic operation. The error is as specified in the application of the patent scope of the third paragraph: ^ 定 - Output feedback block mode decryption operation, 密码 cryptographic operation. M. 36. As stated in the third paragraph of the patent application scope, the line contains: Times, which is based on the advanced encryption standard algorithm, and the # operation is completed. The secrets of the knowledge of the wind 37. As described in the third paragraph of the patent application, include: / Further increase the generation of the δHai effect initialization vector. The method of claim 37, wherein the generating system comprises: a mutually exclusive OR operation between a current input text block and a current output text block. 66