WO2001017152A1 - A method for the hardware implementation of the idea cryptographic algorithm - hipcrypto - Google Patents

A method for the hardware implementation of the idea cryptographic algorithm - hipcrypto Download PDF

Info

Publication number
WO2001017152A1
WO2001017152A1 PCT/BR1999/000076 BR9900076W WO0117152A1 WO 2001017152 A1 WO2001017152 A1 WO 2001017152A1 BR 9900076 W BR9900076 W BR 9900076W WO 0117152 A1 WO0117152 A1 WO 0117152A1
Authority
WO
WIPO (PCT)
Prior art keywords
stage
bits
sub
pipeline
cryptographic algorithm
Prior art date
Application number
PCT/BR1999/000076
Other languages
French (fr)
Inventor
Sérgio Luiz CARDOSO SALOMÃO
Vladimir Castro Alves
Filho Eliseu Monteiro Chaves
Original Assignee
Coppe/Ufrj - Coordenacão Dos Programas De Pós Graduacão De Engenharia Da Universidade Federal Do Rio De Janeiro
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Coppe/Ufrj - Coordenacão Dos Programas De Pós Graduacão De Engenharia Da Universidade Federal Do Rio De Janeiro filed Critical Coppe/Ufrj - Coordenacão Dos Programas De Pós Graduacão De Engenharia Da Universidade Federal Do Rio De Janeiro
Priority to AU60725/99A priority Critical patent/AU6072599A/en
Publication of WO2001017152A1 publication Critical patent/WO2001017152A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/125Parallelization or pipelining, e.g. for accelerating processing of cryptographic operations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/24Key scheduling, i.e. generating round keys or sub-keys for block encryption

Definitions

  • ISDN Integrated Service Data Network
  • Direct hardware implementation of cryptographic algorithms can ensure high processing speeds required by current and future applications in data transmission and eliminate a potential bottleneck in data communication networks that require high security levels.
  • DES Data Encryption Standard
  • Table 1 shows the performance obtained for some software implementations in different platforms.
  • Table 2 shows the performance obtained for some dedicated hardware implementations. From table 2 one can see that the 6868 integrated circuit from VLSI Technology reaches up to 512Mbit/s, which is not sufficient to support some high end ATM applications. Futhermore, it cryptanalysis on DES proved that it is weaker than some recent private key cryptographic algorithms like IDEA. Few hardware implementations of IDEA or its predecessors were reported in the litterature. For example, an ASIC that implements the PES algorithm, which originated IDEA, has reached up to 55 Mbits/s at 25 MHz. DETAILED DESCRIPTION IDEA cryptographic algorithm
  • IPES Improved Proposed Standard Encryption
  • IPES International Data Encryption Algorithm
  • IDEA is a symmetric, block-oriented cryptographic algorithm, which uses 128-bit keys (thus making it practically immune to brute-force attacks) and 64-bit plaintext blocks.
  • IDEA is build upon a basic function, which is iterated multiple times. As shown in Figure 1 the basic function is iterated eight times. The first iteration operates on the input 64-bit plaintext block and the successive iterations operate on the 64-bit block obtained from the previous iteration. After the last iteration, a final transformation step produces the 64-bit ciphertext block.
  • Figure 1 shows the structure of the basic function. It involves three simple operations: bitwise exclusive-or, addition modulo 2 16 (addition, ignoring the " overflow ") and multiplication modulo 2 16 + 1 (multiplication, ignoring the " overflow " ) .
  • bitwise exclusive-or For each iteration, the 64-bit input block is divided into four 16- bitsub-blocks.
  • XI, X2, X3 and X4 denote the four 16-bit input sub-blocks used by the each iteration.
  • the 64-bit block produced by each iteration is also constituted by four 16-bit sub-blocks.
  • Yl(i), Y2 (i) , Y3(i) and Y4(i) denote the four sub-blocks resulting from the each iteration.
  • the 128-bit key is divided into 52 16-bit sub-keys (sub-key generation is discussed ahead) .
  • Six sub-keys are used in each iteration and four sub-keys are used in the final transformation.
  • Zl(i), Z2(i), Z3(i), Z4(i), Z5(i) and Z6(i) denote the six sub- keys used in each iteration.
  • the operations performed in the each iteration are: 1. Multiply sub-block XI (i) by sub-key Zl(i)
  • the outputs of the iteration are the four sub-blocks produced by steps (11) to (14) .
  • the two inner sub-blocks from steps (12) and (13), Y2(i) to Y3(i), are swapped, except for the last iteration.
  • Figure 1 shows the structure of the final transformation.
  • Zl(9)to Z4(9) denote the four 16-bit sub-keys
  • Yl to Y4 denote the four 16-bit sub-blocks of the 64-bit ciphertext block.
  • the operations performed in the final transformation are: 15. Multiply sub-block XI by sub-key Zl(9) to obtain Yl
  • the encryption and decryption sub-keys are generated from the single 128-bit key. Encryption sub-keys are generated as follows. Initially, the 128-bit key is divided into eight 16-bit sub-keys. Six of these sub-keys, Zl(l) to Z6(l), are used in the first iteration. The two remaining sub-keys, Zl(2) and Z2(2), are for the second iteration. The original 128-bit key is then rotated left by 25 bits and the resulting key is again divided into eight 16-bit sub-keys. Four sub-keys, Z3(2) to Z6(2), are grouped with Zl(2) and Z2(2) and destined to the second iteration.
  • the other four sub-keys, Zl (3) to Z4(3), are to be used in the third iteration.
  • the key is again rotated left by 25 bits, divided into eight 16-bit sub-keys and these sub- keys are grouped properly. This process is repeated each of the sub-keys for the eight iterations and for the final transformation have been generated.
  • Decryption sub-keys are calculated as either the additive or the multiplicative inverses of the encryption keys.
  • HiPCrypto the main goal in designing HiPCrypto is to obtain a device which would meet the performance requirements of applications in current and future high-speed data networks. This was achieved by including parallel execution techniques into the design of HiPCrypto 's architecture. There are two opportunities for exploiting parallelism in the IDEA algorithm: in the execution of its basic function and in the iterations of this function. Examining the data flow shown in Figure 1, one can identify groups of operations that are data independent. In each group, one operation does not use the results produced by other operations in the group. The sets of independent operations are: the multiply and add operations in steps (1) to (4); the exclusive-or operations in steps (5) and (6); and the exclusive-or operations in steps (11) to (14) .
  • Stage 1 contains two add and two multiply units that perform in parallel the independent operations in steps (1) to (4) of the algorithm.
  • Stage 2 contains two exclusive-or units to execute the operations in steps (5) and (6) in parallel.
  • Stages 3, 4, 5 and 6 contain a single add or multiply unit and they execute, respectively, the operations in steps (7), (8), (9) and (10) of the algorithm.
  • Stage 7 has four exclusive-or units to execute steps (11) to (14) in parallel.
  • the last stage has two add units and two multiply units and performs the algorithm's final transformation (see Figure 2) .
  • This stage will be referred to as the output stage.
  • stage 7 operates on sub-blocks from stages 1 and 5 (see Figure 1) .
  • a sub-block from stage 1 arrives five cycles before the corresponding sub-block from stage 5, and during this time interval it remains in one of the queues connecting stages 1 and 7.
  • the sub-block in the front of the queue is dequeued and paired with the sub-block from stage 5.
  • a queue is needed along the shortest path (in number of stages) between two non-neighbor stages. The size of each queue is indicated in figure 2.
  • HiPCrypto The final aspect in HiPCrypto 's architecture concerns the generation and storage of the sub-keys. To generate the encryption sub-keys, it would be necessary a circuitry for the rotation and sub-division of the 128-key. Moreover, the generation of the decryption sub-keys would require an arithmetic unit for the calculation of additive and multiplicative inverses. The inclusion of this additional hardware would only be reasonable if the key changes very frequently, say, every few blocks. But that is not the common case in a private-key cryptosystem: typically, the key shared by a group of partners is changed in a long term basis (days or weeks, for example) . For this reason, only sub-key storage is provided. Sub-keys are generated externally by the host system, and then downloaded into the chip. Architecture of HiPCrypto
  • the HiPCrypto architecture executes a complete iteration of the algorithm.
  • This architecture is composed of six 16-bit multipliers, six 16-bit adders and six 16-bit exclusive-or, memories for sub-key storage, buffers, tri-states and a control unit.
  • each stage of the pipeline will be executed in an only machine cycle and since there are 7 pipeline stages, it will cipher (resp. decipher) 7 64 bits blocks for each execution of the algorithm.
  • the HiPCrypto was designed to offer four kinds of configurations, ie, 1, 2, 4 or 8 integrates in series (table 3) .
  • Each pipeline segment is executed in one clock cycle.
  • seven 64 bits blocks are processed each 56 (7 x 8) machine cycles.
  • For 2 chips seven 64 bits blocks are processed each 28 (7 x 4) machine.
  • For 4 chips configuration seven 64 bits blocks are processed each 14 (7 x 2) machine cycles.
  • For 8 chips configuration seven 64 bits blocks are processed each 7 (7 x 1) machine cycles, that is to say, one 64 bits block for each machine cycle.
  • the proposed HiPCrypto' s structure can be adapted to different uses. The adequate compromise between throughput and cost can be obtained by selecting the number of chips operating in series.
  • the signals used for selecting the chip configurations were divided in two groups: three signals that will define the configuration cch ⁇ 2:0> and three signals that will define the position of the chip into the chain pos ⁇ 2:0>.
  • Tables 4 and 5 show respectively the configurations and the possible positions.
  • the sub-keys are stored in 4 RAMs according to Figures 3 and4.
  • the selection to execute the algorithm in cipher or decipher mode is made through the bus selection (see Figures 3 and 4) .
  • sub-keys Z5(i) and Z6(i) two 32 bits x 8 RAMs are used, where the 16 least significant bits (0 to 15), store the cipher sub-keys Z5(i) and Z6(i), and the 16 bits most significant store the decipher sub-keys.
  • Control Unit For the sub-keys Zl(9), Z2(9), Z3(9) and Z4(9), a 64 bits x 2 memory is used.
  • the control unit (see Figure 3) is the operational block that controls the operation of the architecture. This unit together with some extra circuits is responsible for the generation of the control signals. The main functions of this unit are described in the following.
  • the control unit selects ciphering and deciphering modes, i.e. sleceting the cipher and decipher sub-keys respectively in each embedded memory.
  • the control unit also allows the correct initialization, feeding and synchronization of the pipeline stages by generating all enables and reset signals for each internal block.
  • the output stage will only be used by the last chip in each configuration. This selection is also performed by the control unit through the selected configuration for each chip. HiPCrypto performance
  • Table 7 shows some examples of the performance of HiPCrypto implemented in a two metal layer 0,7 micron CMOS technology.

Abstract

HiPCrypto is the hardware implementation of the most secure private key cryptographic algorithm: IDEA (International Data Encryption Algorithm), through the exploitation of spatial and temporal parallelism techniques in order to achieve the processing speed required by ATM and Gigabit networks.

Description

Description of the Invention "A METHOD FOR THE HARDWARE IMPLEMENTATION OF THE IDEA CRYPTOGRAPHIC ALGORITHM - HiPCrypto" TECHNICAL FIELD HiPCrypto is a hardware architecture proposal for the IDEA cryptographic algorithm, in which were used techniques for the exploitation of spatial and temporal parallelism, in order to reach the processing speeds required by real time applications and high speed data communication networks such as ATM.
Nowadays, a world tendency exists for the use of networks that provide different types of Telecommunication services such as the Integrated Service Data Network (ISDN) . These types of networks should provide a wide range of services from telephone and cable TV to video conference.
The technological progress of transmission data networks pushed the development of cryptographic algorithm that became progressively more complex and robust. They are widely used by private and governmental organizations as well as individuals that need to ensure secrecy in data communication.
The increasing complexity of recent cryptographic algorithms require high processing capabilities due to the large number of arithmetic and logic operations that have to be executed, in some cases for real time applications like in video confereces. PREVIOUS TECHNIQUES
Direct hardware implementation of cryptographic algorithms can ensure high processing speeds required by current and future applications in data transmission and eliminate a potential bottleneck in data communication networks that require high security levels.
Consequently, several cryptographic algorithms were totally or partially implemented as Application Specific Integrated Circuits.
Several hardware and software implementations have been developed in the past decade for the Data Encryption Standard (DES) , the most popular private key cryptographic algorithm. Table 1 shows the performance obtained for some software implementations in different platforms. Table 2 shows the performance obtained for some dedicated hardware implementations. From table 2 one can see that the 6868 integrated circuit from VLSI Technology reaches up to 512Mbit/s, which is not sufficient to support some high end ATM applications. Futhermore, it cryptanalysis on DES proved that it is weaker than some recent private key cryptographic algorithms like IDEA. Few hardware implementations of IDEA or its predecessors were reported in the litterature. For example, an ASIC that implements the PES algorithm, which originated IDEA, has reached up to 55 Mbits/s at 25 MHz. DETAILED DESCRIPTION IDEA cryptographic algorithm
The first form of the IDEA algorithm, was created by " Xuejia Lai and James Massey " in 1990
(US05214703 patent) and was called PES (Proposed Encryption
Standard) . In 1991, the algorithm was strengthened and was called IPES (Improved Proposed Standard Encryption) . In
1992 IPES was called IDEA (International Data Encryption Algorithm) , and is actually considered by many specialists in the field of cryptography as the strongest existing symmetrical algorithm.
IDEA is a symmetric, block-oriented cryptographic algorithm, which uses 128-bit keys (thus making it practically immune to brute-force attacks) and 64-bit plaintext blocks. IDEA is build upon a basic function, which is iterated multiple times. As shown in Figure 1 the basic function is iterated eight times. The first iteration operates on the input 64-bit plaintext block and the successive iterations operate on the 64-bit block obtained from the previous iteration. After the last iteration, a final transformation step produces the 64-bit ciphertext block.
Figure 1 shows the structure of the basic function. It involves three simple operations: bitwise exclusive-or, addition modulo 216 (addition, ignoring the " overflow ") and multiplication modulo 216 + 1 (multiplication, ignoring the " overflow " ) . For each iteration, the 64-bit input block is divided into four 16- bitsub-blocks. In Figure 1, XI, X2, X3 and X4 denote the four 16-bit input sub-blocks used by the each iteration. The 64-bit block produced by each iteration is also constituted by four 16-bit sub-blocks. In Figure 1, Yl(i), Y2 (i) , Y3(i) and Y4(i) denote the four sub-blocks resulting from the each iteration. The 128-bit key is divided into 52 16-bit sub-keys (sub-key generation is discussed ahead) . Six sub-keys are used in each iteration and four sub-keys are used in the final transformation. In Figure 1, Zl(i), Z2(i), Z3(i), Z4(i), Z5(i) and Z6(i) denote the six sub- keys used in each iteration. The operations performed in the each iteration are: 1. Multiply sub-block XI (i) by sub-key Zl(i)
2. Add sub-block X2(i) and sub-key Z2(i)
3. Add sub-block X3(i) and sub-key Z3(i) 4. Multiply sub-block X4(i) by sub-key Z4(i)
5. XOR the results of (1) and (3)
6. XOR the results of (2) and (4)
7. Multiply the result of (5) by sub-key Z5(i)
8. Add the results of (6) and (7) 9. Multiply the result of (8) by sub-key Z6(i)
10. Add the results of (7) and (9)
11. XOR the results of (1) and (9)
12. XOR the results of (3) and (9)
13. XOR the results of (2) and (10) 14. XOR the results of (4) and (10)
The outputs of the iteration are the four sub-blocks produced by steps (11) to (14) . The two inner sub-blocks from steps (12) and (13), Y2(i) to Y3(i), are swapped, except for the last iteration. Figure 1 shows the structure of the final transformation. In this figure, Zl(9)to Z4(9) denote the four 16-bit sub-keys and Yl to Y4 denote the four 16-bit sub-blocks of the 64-bit ciphertext block. The operations performed in the final transformation are: 15. Multiply sub-block XI by sub-key Zl(9) to obtain Yl
16. Add sub-block X2 and sub-key Z2(9) to obtain Y2
17. Add sub-block X3 and sub-key Z3(9) to obtain Y3
18. Multiply sub-block X4 by sub-key Z4(9) to obtain Y4
The encryption and decryption sub-keys are generated from the single 128-bit key. Encryption sub-keys are generated as follows. Initially, the 128-bit key is divided into eight 16-bit sub-keys. Six of these sub-keys, Zl(l) to Z6(l), are used in the first iteration. The two remaining sub-keys, Zl(2) and Z2(2), are for the second iteration. The original 128-bit key is then rotated left by 25 bits and the resulting key is again divided into eight 16-bit sub-keys. Four sub-keys, Z3(2) to Z6(2), are grouped with Zl(2) and Z2(2) and destined to the second iteration. The other four sub-keys, Zl (3) to Z4(3), are to be used in the third iteration. Next, the key is again rotated left by 25 bits, divided into eight 16-bit sub-keys and these sub- keys are grouped properly. This process is repeated each of the sub-keys for the eight iterations and for the final transformation have been generated. Decryption sub-keys are calculated as either the additive or the multiplicative inverses of the encryption keys.
As stated, the main goal in designing HiPCrypto is to obtain a device which would meet the performance requirements of applications in current and future high-speed data networks. This was achieved by including parallel execution techniques into the design of HiPCrypto 's architecture. There are two opportunities for exploiting parallelism in the IDEA algorithm: in the execution of its basic function and in the iterations of this function. Examining the data flow shown in Figure 1, one can identify groups of operations that are data independent. In each group, one operation does not use the results produced by other operations in the group. The sets of independent operations are: the multiply and add operations in steps (1) to (4); the exclusive-or operations in steps (5) and (6); and the exclusive-or operations in steps (11) to (14) . These independent operations can be performed simultaneously, provided the architecture incorporates multiple functional units dedicated to the execution of each of them. By including multiple functional units in the architecture, we are making use of spatial parallelism. Temporal parallelism can also be employed in the execution of the basic function, by overlapping in time the operations upon distinct plaintext blocks. In this way, multiple blocks can be encrypted (or decrypted) simultaneously, instead of sequentially. This temporal parallelism was implemented with the pipeline shown in Figure 2.
Stage 1 contains two add and two multiply units that perform in parallel the independent operations in steps (1) to (4) of the algorithm.
Stage 2 contains two exclusive-or units to execute the operations in steps (5) and (6) in parallel.
Stages 3, 4, 5 and 6 contain a single add or multiply unit and they execute, respectively, the operations in steps (7), (8), (9) and (10) of the algorithm.
Stage 7 has four exclusive-or units to execute steps (11) to (14) in parallel. The last stage has two add units and two multiply units and performs the algorithm's final transformation (see Figure 2) . This stage will be referred to as the output stage.
In Figure 2, one can notice the inclusion of between stages of the pipeline. These queues temporarily hold data forwarded between non-adjacent stages. For instance, stage 7 operates on sub-blocks from stages 1 and 5 (see Figure 1) .
A sub-block from stage 1 arrives five cycles before the corresponding sub-block from stage 5, and during this time interval it remains in one of the queues connecting stages 1 and 7. When the sub-block from stage 5 is available, the sub-block in the front of the queue is dequeued and paired with the sub-block from stage 5. A queue is needed along the shortest path (in number of stages) between two non-neighbor stages. The size of each queue is indicated in figure 2.
The final aspect in HiPCrypto 's architecture concerns the generation and storage of the sub-keys. To generate the encryption sub-keys, it would be necessary a circuitry for the rotation and sub-division of the 128-key. Moreover, the generation of the decryption sub-keys would require an arithmetic unit for the calculation of additive and multiplicative inverses. The inclusion of this additional hardware would only be reasonable if the key changes very frequently, say, every few blocks. But that is not the common case in a private-key cryptosystem: typically, the key shared by a group of partners is changed in a long term basis (days or weeks, for example) . For this reason, only sub-key storage is provided. Sub-keys are generated externally by the host system, and then downloaded into the chip. Architecture of HiPCrypto
The HiPCrypto architecture, Figure 3, executes a complete iteration of the algorithm. This architecture is composed of six 16-bit multipliers, six 16-bit adders and six 16-bit exclusive-or, memories for sub-key storage, buffers, tri-states and a control unit.
The operations contained in each stage of the pipeline, will be executed in an only machine cycle and since there are 7 pipeline stages, it will cipher (resp. decipher) 7 64 bits blocks for each execution of the algorithm.
The HiPCrypto was designed to offer four kinds of configurations, ie, 1, 2, 4 or 8 integrates in series (table 3) .
Each pipeline segment is executed in one clock cycle. For one chip configuration, seven 64 bits blocks are processed each 56 (7 x 8) machine cycles. For 2 chips seven 64 bits blocks are processed each 28 (7 x 4) machine. For 4 chips configuration seven 64 bits blocks are processed each 14 (7 x 2) machine cycles. For 8 chips configuration seven 64 bits blocks are processed each 7 (7 x 1) machine cycles, that is to say, one 64 bits block for each machine cycle. The proposed HiPCrypto' s structure can be adapted to different uses. The adequate compromise between throughput and cost can be obtained by selecting the number of chips operating in series.
The signals used for selecting the chip configurations were divided in two groups: three signals that will define the configuration cch <2:0> and three signals that will define the position of the chip into the chain pos <2:0>. Tables 4 and 5 show respectively the configurations and the possible positions. The sub-keys are stored in 4 RAMs according to Figures 3 and4. For sub-keys Zl(i), Z2(i), Z3(i) and Z4(i), a 128 bits x 8 memory is used. The first 64 bits of each memory position, least significant bits, store the cipher sub-keys (positions 0 to 63) and the last 64 bits, most significant bits (positions 64 to 127) , store the decipher sub-keys. The selection to execute the algorithm in cipher or decipher mode is made through the bus selection (see Figures 3 and 4) .
For sub-keys Z5(i) and Z6(i), two 32 bits x 8 RAMs are used, where the 16 least significant bits (0 to 15), store the cipher sub-keys Z5(i) and Z6(i), and the 16 bits most significant store the decipher sub-keys.
For the sub-keys Zl(9), Z2(9), Z3(9) and Z4(9), a 64 bits x 2 memory is used. Control Unit
The control unit (see Figure 3) is the operational block that controls the operation of the architecture. This unit together with some extra circuits is responsible for the generation of the control signals. The main functions of this unit are described in the following.
The control unit selects ciphering and deciphering modes, i.e. sleceting the cipher and decipher sub-keys respectively in each embedded memory. The control unit also allows the correct initialization, feeding and synchronization of the pipeline stages by generating all enables and reset signals for each internal block.
The output stage will only be used by the last chip in each configuration. This selection is also performed by the control unit through the selected configuration for each chip. HiPCrypto performance
Table 7 shows some examples of the performance of HiPCrypto implemented in a two metal layer 0,7 micron CMOS technology.

Claims

1. A METHOD FOR THE HARDWARE IMPLEMENTATION
OF THE IDEA CRYPTOGRAPHIC ALGORITHM - HiPCrypto, patented in the USA under the no. US05214703, that makes use of a seven stages pipeline to be implemented as a synchronous circuit, that will be referred as micro-pipeline, coupled to an output stage as described in figure 2; so that each stage of the pipeline supplies partial results for the following stage and receives partial results from the previous stage at each clock pulse of the synchronous circuit; ao that there exists a feedback from stage number
7 to stage number 1, controlled by the digital control unit so that, for each of 16 rounds for ciphering a 64 bits block, the first stage of the pipeline is fed with partial results from the output of the seventh pipeline stage and that the pipeline is fed with a new block when the ciphering process is completed; and the sub-keys used in the data ciphering and deciphering processes, in agreement with the definition of IDEA the algorithm, is stored in four dedicated memory units.
2. A METHOD FOR THE HARDWARE IMPLEMENTATION OF THE IDEA CRYPTOGRAPHIC ALGORITHM - HiPCrypto, in agreement with claim 1 in which the operations 1, 2, 3 and 4 of the description of the IDEA cryptographic algorithmis executed by two 16 bits multiplier units and two 16 bits adder units; and these units compose pipeline stage number as described in figure 2; so that this stage receives, either a new 64 bits block from data input or a partial result from the seventh stage and the ciphering or deciphering sub-keys corresponding to this stage as described in the figures 2 and 3; so that the inputs and outputs of this stage are connected to input and output registers respectively.
3. A METHOD FOR THE HARDWARE IMPLEMENTATION OF THE IDEA CRYPTOGRAPHIC ALGORITHM - HiPCrypto, in agreement with claim 1 in which the operations 5 and 6 of the description of the IDEA cryptographic algorithm are executed by two 16 bits exclusive-or units; and these units compose stage number two of the pipeline as described in the figure 2; so that this stage receives partial results from the first stage as described in the figures 2 and 3; so that the inputs and outputs of this stage are coneected to input and output registers respectively.
4. A METHOD FOR THE HARDWARE IMPLEMENTATION OF THE IDEA CRYPTOGRAPHIC ALGORITHM - HiPCrypto, in agreement with claiml in which the operation 7 of the description of the IDEA cryptographic algorithm is executed by a 16 bits multiplier unit; and this unit composes stage number three of the pipeline as described in the figure 2; so that this stage receives partial results from the previous stage and ciphering and deciphering sub-keys corresponding to this stage as described in figures 2 and 3; and that the inputs and outputs of this stage are connected to input and output registers respectively.
5. A METHOD FOR THE HARDWARE IMPLEMENTATION
OF THE IDEA CRYPTOGRAPHIC ALGORITHM - HiPCrypto, in agreement with claiml in which the operation 8 of the description of the IDEA cryptographic algorithm is executed by a 16 bits adder unit; and this unit composes stage number four of the pipeline as described in the figure 2; so that this stage receives partial results of the stages 2 and 3 as described in the figure 2; and that the inputs and outputs of this stage are connected to input and output registers respectively.
6. A METHOD FOR THE HARDWARE IMPLEMENTATION OF THE IDEA CRYPTOGRAPHIC ALGORITHM - HiPCrypto, in agreement with claiml in which the operation 9 of the description of the IDEA cryptographic algorithmis executed by a 16 bits multiplier unit; and this unit composes stage number five of the pipeline as described in figure 2; so that this stage receives partial results from the previous stage and ciphering and deciphering sub-keys corresponding to this stage as described in the figures 2 and 3; and that the inputs and outputs of this stage are connected to input and output registers respectively.
7. A METHOD FOR THE HARDWARE IMPLEMENTATION
OF THE IDEA CRYPTOGRAPHIC ALGORITHM - HiPCrypto, in agreement with claiml in which the operation 10 of the description of the IDEA cryptographic algorithm is executed by a 16 bits adder unit; and this unit composes stage number six of the pipeline as described in the figure 2; so that this stage receives partial results of stages 3 and 5 as described in figure 2; and that the inputs and outputs of this stage are connected to input and output registers respectively.
8. A METHOD FOR THE HARDWARE IMPLEMENTATION
OF THE IDEA CRYPTOGRAPHIC ALGORITHM - HiPCrypto, in agreement with claiml in which the operations 11, 12, 13 and 14 of the description of the IDEA cryptographic algorithm are executed by four 16 bits exclusive-or units; and these units compose stage number seven of the pipeline as described in figure 2; so that this stage receives partial results from stages 1, 5 and 6 as described in the figure 2; and that the inputs and outputs of this stage are connected to input and output registers respectively.
9. A METHOD FOR THE HARDWARE IMPLEMENTATION OF THE IDEA CRYPTOGRAPHIC ALGORITHM - HiPCrypto, in agreement with claiml in which the operations 15, 16, 17 and 18 of the description of the IDEA cryptographic algorithm are executed by two 16 bits multiplier units and for two 16 bits adder units; and these units compose the output stage of the pipeline as described in figure 2; so that this stage receives partial results from stage 7 of the pipeline and ciphering and deciphering sub-keys corresponding to the output stage as described in figures 2 and 3; and that the inputs and outputs of this stage are connected to input and output registers respectively.
10. A METHOD FOR THE HARDWARE IMPLEMENTATION OF THE IDEA CRYPTOGRAPHIC ALGORITHM - HiPCrypto, in agreement with claiml, in which the sub-keys used in ciphering and deciphering process are stored in four dedicated memories according to figure 4 as follows: ciphering sub-keys Zl(i), Z2(i), Z3(i) and Z4(i) (i from 1 to 8) and deciphering sub-keys Zl(i), Z2(i), Z3(i) and Z4(i) (i from 1 to 8) stored in a 128 bits x 8 memory; ciphering sub-keys Z5(i) (i from 1 to 8) and deciphering sub-keys Z5(i) (i from 1 to 8) stored in the first 32 bits x 8 memory; ciphering sub-keys Z6(i) (i from 1 to 8) and deciphering sub-keys Z6(i) (i from 1 to 8) stored in the second 32 bits x 8 memory; ciphering sub-keys Zl(9), Z2(9), Z3(9) and Z4(9) and deciphering sub-keys Zl(9), Z2(9), Z3(9) and Z4(9) stored in the 64 bits x 2 memory.
11. A METHOD FOR THE HARDWARE IMPLEMENTATION OF THE IDEA CRYPTOGRAPHIC ALGORITHM - HiPCrypto, in agreement with claims 1 and 2, in which a second pipeline level, denominated macro-pipeline, allows the concatenation of 2, 4 or 8 circuits operating with a micro-pipeline of seven stages as indicated in the table 3.
12. A METHOD FOR THE HARDWARE IMPLEMENTATION OF THE IDEA CRYPTOGRAPHIC ALGORITHM - HiPCrypto, in agreement with claims 1 and 2, in which " first-in first- out "(FIFO) memories are used in order to synchronize the data provenient from non adjacent stages in the following way: a 64 bits x 5 positions FIFO connecting stages 1 and 7, a 16 bits x 2 positions FIFO connecting stages 3 and 6, a 16 bits x 1 position FIFO connecting stages 2 and 4, a 16 bits x 1 position FIFO connecting stages 5 and 7, as described in the figure 3.
PCT/BR1999/000076 1999-08-27 1999-09-13 A method for the hardware implementation of the idea cryptographic algorithm - hipcrypto WO2001017152A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU60725/99A AU6072599A (en) 1999-08-27 1999-09-13 A method for the hardware implementation of the idea cryptographic algorithm - hipcrypto

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
BRPI9903609-6 1999-08-27
BR9903609A BR9903609A (en) 1999-08-27 1999-08-27 Hardware implementation process of the idea- hipcrypto cryptographic algorithm

Publications (1)

Publication Number Publication Date
WO2001017152A1 true WO2001017152A1 (en) 2001-03-08

Family

ID=4073205

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/BR1999/000076 WO2001017152A1 (en) 1999-08-27 1999-09-13 A method for the hardware implementation of the idea cryptographic algorithm - hipcrypto

Country Status (3)

Country Link
AU (1) AU6072599A (en)
BR (1) BR9903609A (en)
WO (1) WO2001017152A1 (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2367461A (en) * 2000-06-12 2002-04-03 Hynix Semiconductor Inc Encryption apparatus using Data Encryption Standard (DES)
EP1519509A2 (en) * 2003-09-29 2005-03-30 Via Technologies, Inc. Apparatus and method for providing user-generated key schedule in a microprocessor cryptographic engine
US7321910B2 (en) 2003-04-18 2008-01-22 Ip-First, Llc Microprocessor apparatus and method for performing block cipher cryptographic functions
US7392400B2 (en) 2003-04-18 2008-06-24 Via Technologies, Inc. Microprocessor apparatus and method for optimizing block cipher cryptographic functions
US7502943B2 (en) 2003-04-18 2009-03-10 Via Technologies, Inc. Microprocessor apparatus and method for providing configurable cryptographic block cipher round results
US7519833B2 (en) 2003-04-18 2009-04-14 Via Technologies, Inc. Microprocessor apparatus and method for enabling configurable data block size in a cryptographic engine
US7529368B2 (en) 2003-04-18 2009-05-05 Via Technologies, Inc. Apparatus and method for performing transparent output feedback mode cryptographic functions
US7529367B2 (en) 2003-04-18 2009-05-05 Via Technologies, Inc. Apparatus and method for performing transparent cipher feedback mode cryptographic functions
US7532722B2 (en) 2003-04-18 2009-05-12 Ip-First, Llc Apparatus and method for performing transparent block cipher cryptographic functions
US7536560B2 (en) 2003-04-18 2009-05-19 Via Technologies, Inc. Microprocessor apparatus and method for providing configurable cryptographic key size
US7539876B2 (en) 2003-04-18 2009-05-26 Via Technologies, Inc. Apparatus and method for generating a cryptographic key schedule in a microprocessor
US7542566B2 (en) 2003-04-18 2009-06-02 Ip-First, Llc Apparatus and method for performing transparent cipher block chaining mode cryptographic functions
US7844053B2 (en) 2003-04-18 2010-11-30 Ip-First, Llc Microprocessor apparatus and method for performing block cipher cryptographic functions
US7900055B2 (en) 2003-04-18 2011-03-01 Via Technologies, Inc. Microprocessor apparatus and method for employing configurable block cipher cryptographic algorithms
US7925891B2 (en) 2003-04-18 2011-04-12 Via Technologies, Inc. Apparatus and method for employing cryptographic functions to generate a message digest
CN102355349A (en) * 2011-06-28 2012-02-15 中国人民解放军国防科学技术大学 Fault-tolerant based IDEA (International Data Encryption Algorithm) full-flowing-water hardware encryption method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4275265A (en) * 1978-10-02 1981-06-23 Wisconsin Alumni Research Foundation Complete substitution permutation enciphering and deciphering circuit
US4668103A (en) * 1982-04-30 1987-05-26 Wilson William J Polygraphic encryption-decryption communications system
US4850019A (en) * 1985-11-08 1989-07-18 Nippon Telegraph And Telephone Corporation Data randomization equipment
US5020106A (en) * 1989-02-08 1991-05-28 Gretag Aktiengesellschaft Process for the cryptographic processing of data and cryptographic systems
US5161193A (en) * 1990-06-29 1992-11-03 Digital Equipment Corporation Pipelined cryptography processor and method for its use in communication networks
US5214703A (en) * 1990-05-18 1993-05-25 Ascom Tech Ag Device for the conversion of a digital block and use of same

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4275265A (en) * 1978-10-02 1981-06-23 Wisconsin Alumni Research Foundation Complete substitution permutation enciphering and deciphering circuit
US4668103A (en) * 1982-04-30 1987-05-26 Wilson William J Polygraphic encryption-decryption communications system
US4850019A (en) * 1985-11-08 1989-07-18 Nippon Telegraph And Telephone Corporation Data randomization equipment
US5020106A (en) * 1989-02-08 1991-05-28 Gretag Aktiengesellschaft Process for the cryptographic processing of data and cryptographic systems
US5214703A (en) * 1990-05-18 1993-05-25 Ascom Tech Ag Device for the conversion of a digital block and use of same
US5161193A (en) * 1990-06-29 1992-11-03 Digital Equipment Corporation Pipelined cryptography processor and method for its use in communication networks

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7099470B2 (en) 2000-06-12 2006-08-29 Hynix Semiconductor Inc. Encryption apparatus using data encryption standard algorithm
GB2367461B (en) * 2000-06-12 2004-01-21 Hynix Semiconductor Inc Encryption apparatus using data encryption standard algorithm
GB2367461A (en) * 2000-06-12 2002-04-03 Hynix Semiconductor Inc Encryption apparatus using Data Encryption Standard (DES)
US7529367B2 (en) 2003-04-18 2009-05-05 Via Technologies, Inc. Apparatus and method for performing transparent cipher feedback mode cryptographic functions
US7536560B2 (en) 2003-04-18 2009-05-19 Via Technologies, Inc. Microprocessor apparatus and method for providing configurable cryptographic key size
US7321910B2 (en) 2003-04-18 2008-01-22 Ip-First, Llc Microprocessor apparatus and method for performing block cipher cryptographic functions
US7392400B2 (en) 2003-04-18 2008-06-24 Via Technologies, Inc. Microprocessor apparatus and method for optimizing block cipher cryptographic functions
US7502943B2 (en) 2003-04-18 2009-03-10 Via Technologies, Inc. Microprocessor apparatus and method for providing configurable cryptographic block cipher round results
US7519833B2 (en) 2003-04-18 2009-04-14 Via Technologies, Inc. Microprocessor apparatus and method for enabling configurable data block size in a cryptographic engine
US7529368B2 (en) 2003-04-18 2009-05-05 Via Technologies, Inc. Apparatus and method for performing transparent output feedback mode cryptographic functions
US8060755B2 (en) 2003-04-18 2011-11-15 Via Technologies, Inc Apparatus and method for providing user-generated key schedule in a microprocessor cryptographic engine
US7532722B2 (en) 2003-04-18 2009-05-12 Ip-First, Llc Apparatus and method for performing transparent block cipher cryptographic functions
US7925891B2 (en) 2003-04-18 2011-04-12 Via Technologies, Inc. Apparatus and method for employing cryptographic functions to generate a message digest
US7539876B2 (en) 2003-04-18 2009-05-26 Via Technologies, Inc. Apparatus and method for generating a cryptographic key schedule in a microprocessor
US7542566B2 (en) 2003-04-18 2009-06-02 Ip-First, Llc Apparatus and method for performing transparent cipher block chaining mode cryptographic functions
US7844053B2 (en) 2003-04-18 2010-11-30 Ip-First, Llc Microprocessor apparatus and method for performing block cipher cryptographic functions
US7900055B2 (en) 2003-04-18 2011-03-01 Via Technologies, Inc. Microprocessor apparatus and method for employing configurable block cipher cryptographic algorithms
EP1519509A3 (en) * 2003-09-29 2007-03-21 Via Technologies, Inc. Apparatus and method for providing user-generated key schedule in a microprocessor cryptographic engine
EP1519509A2 (en) * 2003-09-29 2005-03-30 Via Technologies, Inc. Apparatus and method for providing user-generated key schedule in a microprocessor cryptographic engine
CN102355349A (en) * 2011-06-28 2012-02-15 中国人民解放军国防科学技术大学 Fault-tolerant based IDEA (International Data Encryption Algorithm) full-flowing-water hardware encryption method

Also Published As

Publication number Publication date
AU6072599A (en) 2001-03-26
BR9903609A (en) 2001-04-24

Similar Documents

Publication Publication Date Title
USRE44697E1 (en) Encryption processor with shared memory interconnect
US9143325B2 (en) Masking with shared random bits
Rodriguez-Henriquez et al. 4.2 Gbits/sec Single-Chip FPGA Implementation of the AES Algorithm.
WO2001017152A1 (en) A method for the hardware implementation of the idea cryptographic algorithm - hipcrypto
KR100377176B1 (en) Encryption device using data encryption standard algorithm
KR100377172B1 (en) Key Scheduller of encryption device using data encryption standard algorithm
JP2003519960A (en) Cryptoisolator using multiplication
Rouvroy et al. Efficient uses of FPGAs for implementations of DES and its experimental linear cryptanalysis
CN109150495B (en) Round conversion multiplexing circuit and AES decryption circuit thereof
Miroshnik et al. Uses of programmable logic integrated circuits for implementations of data encryption standard and its experimental linear cryptanalysis
CN110995405B (en) Chaos-based initial vector generation algorithm and IP core thereof
Sever et al. A high speed ASIC implementation of the Rijndael algorithm
Sasongko et al. Architecture for the secret-key BC3 cryptography algorithm
Ranjan et al. VLSI implementation of IDEA encryption algorithm
Li et al. A new compact architecture for AES with optimized ShiftRows operation
Li et al. An efficient area-delay product design for mixcolumns/InvMixColumns in AES
Stefan Hardware framework for the rabbit stream cipher
Sivasankari et al. Effective and efficient optimization in RC4 stream
CA2617389C (en) Encryption processor with shared memory interconnect
KR100418575B1 (en) Apparatus for encryption of Data Encryption Standard of Cipher Block Chaining mode
Ali et al. Optimal datapath design for a cryptographic processor: the Blowfish algorithm
Jayashree et al. An efficient high throughput implementation of idea encryption algorithm using VLSI
Sathishkumar et al. A Novel VLSI Archiecture for an Integrated Crypto Processor
Chang et al. High-Throughput CBC Mode Crypto Circuit
Millan et al. A single-chip FPGA implementation of a self-synchronous cipher

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BA BB BG BY CA CH CN CU CZ DE DK EE ES FI GB GE GH GM HR HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase