[go: up one dir, main page]

WO2000076119A1 - Cryptographic processing system - Google Patents

Cryptographic processing system Download PDF

Info

Publication number
WO2000076119A1
WO2000076119A1 PCT/US2000/015872 US0015872W WO0076119A1 WO 2000076119 A1 WO2000076119 A1 WO 2000076119A1 US 0015872 W US0015872 W US 0015872W WO 0076119 A1 WO0076119 A1 WO 0076119A1
Authority
WO
WIPO (PCT)
Prior art keywords
cryptographic
commands
set forth
executing
processing system
Prior art date
Application number
PCT/US2000/015872
Other languages
French (fr)
Inventor
Daniel Z. Simon
Original Assignee
General Instrument Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by General Instrument Corporation filed Critical General Instrument Corporation
Priority to AU57302/00A priority Critical patent/AU5730200A/en
Publication of WO2000076119A1 publication Critical patent/WO2000076119A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/38Concurrent instruction execution, e.g. pipeline or look ahead
    • G06F9/3877Concurrent instruction execution, e.g. pipeline or look ahead using a slave processor, e.g. coprocessor
    • G06F9/3879Concurrent instruction execution, e.g. pipeline or look ahead using a slave processor, e.g. coprocessor for non-native instruction execution, e.g. executing a command; for Java instruction set
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/72Indexing scheme relating to groups G06F7/72 - G06F7/729
    • G06F2207/7219Countermeasures against side channel or fault attacks

Definitions

  • This invention related in general to cryptographic processing systems and more specifically to apparatuses and methods for allowing execution of a number encryption functions by a specialized encryption processor.
  • Cryptographic processing systems are used to provide security to data transmissions.
  • Implementation of the cryptographic algorithms can introduce latencies which are undesirable in data transmission. Accordingly, there is a general need to improve the data transmission speed through cryptographic systems.
  • Some conventional systems use general purpose processors and software to perform cryptographic processing.
  • the algorithms reside in firmware and are executed like any other software.
  • the firmware implements the algorithms with the instruction set of the general purpose processor. If the algorithms change, these systems can be reprogrammed with new firmware to implement the new algorithms.
  • the general purpose processors perform the cryptographic computations slowly because the instruction set is not specialized to include cryptographic instructions. For example, a general purpose processor may only have multiply instruction where some cryptographic algorithms routinely use Montgomery multiplications. Accordingly, performing a
  • Montgomery multiplication would require execution of a series of processor instructions on a general purpose processor. For this reason, general purpose processors execute cryptographic algorithms slowly which increases data transmission latency.
  • general purpose processors have functionality not required in cryptographic processors.
  • some general purpose processors include branch prediction, integrated interfaces and interrupt support. These processors have evolved to provide a moderate level of support to many different functions.
  • the specialized needs of cryptography are not well served because of the overhead needed to support other functions. For example, servicing an interrupt while calculating a Montgomery multiply will slow down the execution of that algorithm which may increase latency. Accordingly, general purpose processors are slowed down by the overhead required to process different types of tasks.
  • Conventional systems have attempted to solve these problems by relying upon specialized cryptographic processors. For example, specialized circuits which implement DES algorithms are well known. These systems have specialized hardware which quickly implements a desired cryptographic algorithm such as encrypt or decrypt. These specialized circuits are typically very large in order to quickly implement the desired function. In contrast to the hardware in the general purpose processor, little of the circuitry is reused is a conventional cryptographic processor.
  • the specialized cryptographic processors cannot be reprogrammed. Once the hardware for the algorithms is produced, it cannot be changed. Accordingly, changing the algorithm would require redesigning the circuit and replacing all integrated circuits incorporating the algorithm. The ability to change the algorithm is desirable because it produces a moving target for hackers or pirates which may attempt to circumvent the cryptographic process.
  • the implementation should be flexible to allow for changes in the algorithm and should require less circuitry to implement than specialized hardware cryptographic processors.
  • apparatuses and methods allow for execution of a number encryption functions by a specialized encryption processor.
  • a method for executing a plurality of commands in a cryptographic processing system is disclosed. A first set of commands are received and executed, whereafter a flag is set. A second set of commands are also received and executed.
  • a cryptographic processing system includes a cryptographic processor, a general purpose processor and a bus. The cryptographic processor executes a function which is sent by the general purpose processor. For this purpose, the bus couples the cryptographic processor to the general purpose processor.
  • Another embodiment describes a cryptographic processor which includes a bus interface, a sequencer, operand memory, and a math unit. The sequencer stores a function received from the bus interface.
  • the math unit is coupled to the bus interface, operand memory and sequencer.
  • a method for processing cryptographic functions is disclosed.
  • a function is received which is comprised of a number of commands.
  • the commands include at least a loop or branch. At least one of the commands is converted to a number of subcommands. After conversion, the number of subcommands are executed.
  • FIG. 1 is a block diagram depicting one embodiment of the cryptographic processing system
  • Fig. 2 is a block diagram which illustrates an embodiment of a cryptographic engine
  • Fig. 3 is a flow diagram which shows a process for performing a single datapath operation under the control of a central processing unit
  • Fig. 4 is a flow diagram which shows a process for performing a cryptographic function comprised of a number of datapath operations under the control of a sequencer.
  • FIG. 1 A block diagram of one embodiment of the cryptographic processing system 100 is illustrated in Fig. 1.
  • the system 100 includes a central processing unit (CPU) 104, a crypto engine 108, one or more peripherals 112, memory 116, and firmware storage memory 120 which are all interconnected by a system bus 124.
  • the CPU 104 is inefficient at performing cryptographic computations, they are passed over the system bus 124 to the crypto engine 108 for execution. Either a single datapath operation or a complete function containing multiple datapath operations may be passed to the crypto engine 108 for execution.
  • the CPU 104 generally controls operation of the cryptographic processing system 100.
  • the CPU 104 is a general purpose processor which performs a variety of tasks. To support this variety, general purpose processors 104 typically have many more instructions than, for example, the cryptographic engine 108. When cryptographic processing is required, the CPU 104 has the cryptographic engine perform the processing. In the mean time, the CPU 104 can process other tasks needed to control the processing system 100.
  • the CPU 104 is a MIPS ® embedded core, however, any number of processing cores could be used.
  • the CPU 104 uses software code or firmware to control operation of the cryptographic processing system 100.
  • the code is stored in firmware storage memory 120 which is a nonvolatile memory such as battery backed random access memory (RAM).
  • firmware storage memory 120 is a nonvolatile memory such as battery backed random access memory (RAM).
  • the CPU 104 uses additional memory 116 to assist execution of the code within the CPU 104.
  • This memory 116 is volatile and rewritable memory which does not retain its value if power is removed. However, other embodiments could use nonvolatile and rewritable form of memory. Variables and data needed during program execution are stored in this memory 116.
  • a number of peripherals 112 are used by the CPU 104 to perform specialized tasks. For example, in the context of a television set-top box, these peripherals 112 could be dedicated to such tasks as modem data transmission to a telephone network.
  • the information sent to and received from the telephone network would be converted by the peripheral 1 12 into a format used by the CPU 104 such that the CPU 104 could interface with the telephone network using the peripheral 112.
  • the crypto engine 108 which performs any cryptographic algorithms.
  • the crypto engine 108 has limited functionality specialized for efficient cryptography. In contrast, the CPU 104 has greater functionality but cannot perform cryptographic functions efficiently.
  • the crypto engine 108 performs computations required for the Rivest, Shamir and Adleman (RSA) cryptographic algorithm.
  • interrupts are used as flags to indicate to the CPU 104 when processing by the crypto engine 108 is complete.
  • polled interrupts or any other technique for setting a flag.
  • the system bus 124 allows communication between all circuits attached to the bus.
  • the system bus 124 allows sending information between the CPU 104 and any other circuit attached to the system bus 124. Additionally, a block of information can be exchanged between the memory 116 and the crypto engine 108 using a direct memory access (DMA) circuit.
  • DMA direct memory access
  • the CPU 104 places a number of data words in the system memory and tells a DMA circuit the output for the data.
  • the DMA transfer directly transfers the data from memory to the crypto engine 108 over the system bus 124.
  • DMA circuits can considerably improve the bandwidth of data transfer because the latencies of the CPU 104 shepherding the transfer of each word of data are avoided.
  • the crypto engine 108 includes a sequencer 200, a math unit 204, configuration registers 208, a bus interface 212, and operand memory 216.
  • This embodiment can accept from the CPU 104 either a single datapath operation or a function including a number of datapath operations.
  • the transfer of data associated with executing a function or datapath operations uses DMA transfers.
  • the bus interface 212 attaches to the system bus 124 and allows data exchange with the crypto engine 108.
  • the bus interface 212 contains control logic which grafts handshaking and data transfer needs of the crypto engine 108 into the memory space of the CPU 104. From the viewpoint of the system bus 124, all the interaction with the crypto engine 108 is memory mapped into the address space of the CPU 104. Some of the circuitry required to enable DMA transfers is also located in the bus interface 212, but most of the DMA circuitry is located elsewhere in the cryptographic processing system 100.
  • the bus interface 212 passes information between the CPU 104 and the configuration registers 208, sequencer 200 and math unit 204.
  • the configuration registers 208 contain parameters associated with execution of a datapath operation such as operand length, datapath operation desired, start address of operand, etc.
  • the math unit 204 uses the information in the configuration registers written by the CPU 104 or sequencer 200.
  • the math unit 204 performs datapath operations upon the operands in the operand memory. Which operation to perform and which operands to perform the datapath operation upon are designated in the configuration. registers 208. Once the information required to execute an datapath operation is written into the configuration registers 208, the math unit 208 waits for the writing into the configuration registers 208 of a,flag which indicates processing should commence. Next, the math unit 208 reads the input operands and configuration information and executes the datapath operation. After execution, a resulting output operand is written into the operand memory 216.
  • the math unit 204 includes a number of submodules such as a math operator 232, an address generator 240 and a math datapath 236.
  • the math operator 232 retrieves the datapath operation from the configuration registers 208 and manages execution of that datapath operation.
  • a state machine within the math operator 232 determines the operation desired, controls the math datapath 236 to perform the arithmetic and controls the address generator 240 to load and store operands from the operand memory 216.
  • the math datapath 236 performs multiplies, squares, additions, subtractions, shifts, Montgomery multiplies, and various other operations on words of data.
  • the operands are comprised of a number of words which are subdivided down to single words during execution by the math operator 232 prior to processing by the math datapath 236.
  • the input operands are 1024 bits, but the word size processed by the math datapath 236 is thirty-two bits.
  • the math operator 232 iteratively has the math datapath perform thirty-two bit word operations to achieve a desired 1024 bit datapath operation.
  • the math datapath 236 Since the math datapath 236 only performs thirty-two bit word operations, the complexity and size of that circuit is greatly reduced. As can be appreciated, a 1024 bit multiply is an extremely large circuit if the multiply is not subdivided into word operations. Accordingly, the present invention reduces circuit size and complexity without resorting to the use of software algorithms performed on a general purpose processor.
  • the address generator 240 and math datapath 236 work under the control of the math operator 232 to perform the word operations.
  • the state machine in the math operator 232 causes the address generator 240 to activate the proper connection between the math datapath 236 and operand memory 216 when reading and writing operands. Additionally, the state machine connects the input operand word and output operand word to the correct word operation in the math datapath 236. For example, in the case of an addition word operation, the state machine connects the appropriate words of the input operands from the operand memory 216 by manipulating the address generator 240 to the input of the addition operation. The output word from the addition is written to the output operand word addressed by the address generator 240.
  • the operand memory 216 stores the input written by the CPU 104 and output operands written by the math datapath 236. Additionally, intermediate results from executing the datapath operation may also be stored in the operand memory 216. In this embodiment, the operand memory 216 is organized in eight blocks, where each block is 2048 bits long. Each operand can span up to two blocks and have a size of up to 4096 bits. Each block is subdivided into sixty- four words which are each thirty-two bits wide.
  • the configuration registers 208 are also written with the length of the each input operand, the block(s) which contain each operand and the start address of the operand within those block(s). In this way, an operand may be written into any location of the operand memory and need not be aligned with any block boundary. In a similar way, the location of the output operand is designated in the configuration registers 208.
  • the operand memory 216 is designed for efficiently writing and reading operands.
  • dual port memory is used as the operand memory 216.
  • the three read busses share one port on each memory cell while the write bus has its own port on each memory cell.
  • only one bus is able to read or write to a given block at a time so the datapath algorithms are designed such that they do not attempt to simultaneously access the two ports of the memory cell at the same time. Since there are three read buses and one write bus, there can be three input operands and one output operand for a given word operation.
  • Addressing of the operand memory 216 includes a select bus which chooses the proper block and a word address bus which selects the proper word within that block. There are additional enable lines and bus gating lines to enable the above described functionality.
  • the CPU 104 can either pass a single datapath operation to the crypto engine 108 for execution or can send a function which contains a number of datapath operations for execution. An example of a function would be some type of RSA task such as key generation.
  • the sequencer 200 is employed to execute the function.
  • the sequencer 200 includes sequencer registers 220, an operation store 224 and a sequence controller 228.
  • a function contains both datapath operations and sequencer operations. Sequencer operations are executed in the sequence controller 228 and include simple operations such as increments, decrements and conditionals. As described above, the datapath operations are executed by the math unit 204.
  • the CPU 104 writes the datapath and sequencer operations to the operation store 224 by way of the sequencer registers 220.
  • the sequencer registers 200 contain other configuration information to assist handshaking between the sequencer 200 and CPU 104. Similar to the configuration registers 208, the sequencer registers 220 appear in the memory map of the CPU 104 and are addressable from the system bus 124 like any other part of the memory map.
  • the operation store 224 holds the datapath and sequence operations which comprise the function.
  • a memory block within the operation store 224 is used to hold these operations.
  • Decode logic within the operation store 224 assists in reading and writing the memory block.
  • the memory block is sixty-four words long where each word is thirty-two bits wide.
  • a program counter in the sequence controller 228 is used to sequence through the operations in the operation store.
  • the sequence controller 228 uses the operations in the operation store 224 along with any information in the sequencer registers to execute the function. Included in the sequence controller 228 are a program counter, operand registers, an arithmetic logic unit (ALU), and a stack. As mentioned above, the program counter addresses the operations in the operand store 224. The stack allows saving the program counter values and any operand registers in order to execute sub-functions which may be part of a function. Increment, decrement and conditional sequencer operations are executed in the ALU so that looping and branching is possible.
  • ALU arithmetic logic unit
  • sequencer 200 When the sequencer 200 encounters a datapath operation, it is sent to the math unit 204 for execution.
  • the sequence controller 228 writes the configuration registers 208 with the necessary information so that the math operator 232 can properly address the operands. Additionally, the datapath operation is written to the configuration registers 208 so that the math operator 232 can formulate the proper word operations necessary to implement the datapath operation.
  • the sequencer 200 sends them to the math unit 204 for execution. In contrast, when the sequencer operations are encountered they are executed locally by the sequencer 200. In this way, a function which contains many datapath and sequencer operations can be executed without intervention by the CPU 104 which allows the CPU 104 to attend to other tasks while the crypto engine 108 executes the function. Additionally, system bus 124 bandwidth is preserved because communication from the CPU 104 is not needed while the crypto engine 108 is executing the function. Upon completion of the function, a flag is set for the CPU 104 so that it knows when to retrieve the output operand from the operand memory 216.
  • a flow diagram depicts the process for executing a single datapath operation sent from the CPU 104.
  • the crypto engine 108 can execute single datapath operations or functions which may contain many datapath operations as well as sequencer operations.
  • the CPU 104 can query the configuration registers 208 to determine if the crypto engine 108 is available for processing the datapath operation. If available, the CPU writes the input operand(s) into operand memory 216 in step 300. As mentioned above, there can be one to three input operands for the various datapath operations.
  • the access to the operand memory 216 is through the math datapath 236 for writing data and through the address generator 240 for addressing data.
  • step 304 information is written to the configuration registers 208 by the CPU 104.
  • This information includes operand location, operand size and datapath operation desired.
  • the operation start flag is activated in step 308.
  • the operation start flag corresponds to a bit in a configuration register which is written by the CPU.
  • any method for setting a flag could be used to begin execution of the operation.
  • step 312 the datapath operation is executed. As discussed above, this involves a state machine in the math operator 232 which issues a series of word operations.
  • the CPU 104 is notified when the execution has completed by setting an execution complete flag in step 316.
  • the complete flag is a bit in the configuration registers 208.
  • other embodiments could use a discrete signal, such as an interrupt, instead of a status bit.
  • the output operand is read from the operand memory 216 by the CPU 104 to complete the process of executing a datapath operation. Referring next to Fig.
  • step 400 the CPU 104 writes the function into the operation store 224 within the sequencer 200.
  • the operations which comprise the function are formulated by the firmware running on the CPU 104. Examples of functions which might be sent the crypto engine 108 include RSA key generation, data encryption or data decryption.
  • the input operands are written into operand memory in step 404. During execution the various datapath operations which comprise the function, these input operands will take many intermediate forms before resulting in an output operand.
  • step 408 a sequencer start flag is activated to signal the crypto engine 108 to begin processing of the input operands according to the function.
  • the first operation in the operation store 224 is fetched in step 410, whereafter the program counter is incremented to point to the next operation in the store 224.
  • step 412 a determination is made whether the operation is a datapath operation for execution by the math unit 204 or a sequencer operation for execution by the sequencer 200.
  • step 416 the sequencer 200 reads information from the program store 224 and writes the appropriate information into the configuration registers 208.
  • step 412 If it is determined in step 412 that the operation is a sequencer operation, processing proceeds to step 424.
  • Execution of the sequencer operation involves performing the operation with the ALU and operand registers within the sequence controller 228. As described above, the sequencer operations are used to branch and loop with ⁇ the function. After either executing a datapath or sequencer operation, a determination is made in step 428 whether execution of the function has completed. If there are more operations to perform, processing loops back to step 410 where the next operation is fetched. If execution of the function has completed, the sequencer sets the execution complete flag in the configuration registers 208 in step 430. The execution complete flag signals the CPU 104 that the output operand is read for retrieval. In step 432, the output operand is retrieved by the CPU 104. In this way, a large function with many operations is executed without intervention by the CPU 104.
  • the crypto engine is faster than software implementations run on general purpose processors. Additionally, the functions are not hard coded into the crypto engine which allows for subsequent changes in the algorithm. Further, the crypto engine requires less circuitry than specialized hardware cryptographic processors because the math operator reuses word size operators in the math datapath. A number of variations and modifications of the invention can also be used.
  • the crypto engine has the ability to execute single datapath operations. In some embodiments, this capability could be removed so that only functions could be executed by the sequencer. However, the functions could only contain one datapath operation. Additionally, some embodiments could use the crypto engine for any variety of cryptographic processing or hash operations using any number of different algorithms. Further, the present invention is not limited to executing a single function at a time. Other embodiments could pass a number of functions to the crypto engine for execution before the CPU retrieves the result.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Computer Security & Cryptography (AREA)
  • Advance Control (AREA)

Abstract

Methods and apparatuses which allow for execution of a number encryption functions by a specialized encryption processor (108, 200, 204, 208, 212, 216) are disclosed. In one embodiment, a method processes cryptographic functions. A function is received which is comprised of a number of commands. The commands include at least a loop or branch. At least one of the commands is converted to a number of subcommands. After conversion, the number of subcommands are executed.

Description

CRYPTOGRAPHIC PROCESSING SYSTEM
This invention related in general to cryptographic processing systems and more specifically to apparatuses and methods for allowing execution of a number encryption functions by a specialized encryption processor.
BACKGROUND OF THE INVENTION Cryptographic processing systems are used to provide security to data transmissions. Implementation of the cryptographic algorithms can introduce latencies which are undesirable in data transmission. Accordingly, there is a general need to improve the data transmission speed through cryptographic systems.
Some conventional systems use general purpose processors and software to perform cryptographic processing. The algorithms reside in firmware and are executed like any other software. The firmware implements the algorithms with the instruction set of the general purpose processor. If the algorithms change, these systems can be reprogrammed with new firmware to implement the new algorithms. The general purpose processors perform the cryptographic computations slowly because the instruction set is not specialized to include cryptographic instructions. For example, a general purpose processor may only have multiply instruction where some cryptographic algorithms routinely use Montgomery multiplications. Accordingly, performing a
Montgomery multiplication would require execution of a series of processor instructions on a general purpose processor. For this reason, general purpose processors execute cryptographic algorithms slowly which increases data transmission latency.
Additionally, general purpose processors have functionality not required in cryptographic processors. For example, some general purpose processors include branch prediction, integrated interfaces and interrupt support. These processors have evolved to provide a moderate level of support to many different functions. As a result, the specialized needs of cryptography are not well served because of the overhead needed to support other functions. For example, servicing an interrupt while calculating a Montgomery multiply will slow down the execution of that algorithm which may increase latency. Accordingly, general purpose processors are slowed down by the overhead required to process different types of tasks. Conventional systems have attempted to solve these problems by relying upon specialized cryptographic processors. For example, specialized circuits which implement DES algorithms are well known. These systems have specialized hardware which quickly implements a desired cryptographic algorithm such as encrypt or decrypt. These specialized circuits are typically very large in order to quickly implement the desired function. In contrast to the hardware in the general purpose processor, little of the circuitry is reused is a conventional cryptographic processor.
Unlike the software implementations, the specialized cryptographic processors cannot be reprogrammed. Once the hardware for the algorithms is produced, it cannot be changed. Accordingly, changing the algorithm would require redesigning the circuit and replacing all integrated circuits incorporating the algorithm. The ability to change the algorithm is desirable because it produces a moving target for hackers or pirates which may attempt to circumvent the cryptographic process.
In summary, it appears desirable to develop a cryptographic processor which is faster than software implementations run on general purpose processors.
Further, the implementation should be flexible to allow for changes in the algorithm and should require less circuitry to implement than specialized hardware cryptographic processors.
SUMMARY OF THE INVENTION
According to the invention, apparatuses and methods allow for execution of a number encryption functions by a specialized encryption processor. In a first embodiment, a method for executing a plurality of commands in a cryptographic processing system is disclosed. A first set of commands are received and executed, whereafter a flag is set. A second set of commands are also received and executed. In another embodiment, a cryptographic processing system includes a cryptographic processor, a general purpose processor and a bus. The cryptographic processor executes a function which is sent by the general purpose processor. For this purpose, the bus couples the cryptographic processor to the general purpose processor. Another embodiment describes a cryptographic processor which includes a bus interface, a sequencer, operand memory, and a math unit. The sequencer stores a function received from the bus interface. The math unit is coupled to the bus interface, operand memory and sequencer. In yet another embodiment, a method for processing cryptographic functions is disclosed. A function is received which is comprised of a number of commands. The commands include at least a loop or branch. At least one of the commands is converted to a number of subcommands. After conversion, the number of subcommands are executed.
BRIEF DESCRIPTION OF THE DRAWINGS Fig. 1 is a block diagram depicting one embodiment of the cryptographic processing system; Fig. 2 is a block diagram which illustrates an embodiment of a cryptographic engine;
Fig. 3 is a flow diagram which shows a process for performing a single datapath operation under the control of a central processing unit; and
Fig. 4 is a flow diagram which shows a process for performing a cryptographic function comprised of a number of datapath operations under the control of a sequencer.
DESCRIPTION OF THE SPECIFIC EMBODIMENTS While this invention is susceptible of embodiments in many different forms, there is shown in the drawings and will herein be described in detail, a number of embodiments of the invention with the understanding that the present disclosure is to be considered as an exemplification of the principles of the invention and is not intended to limit the broad aspects of the invention to the embodiment illustrated. In the Figures, similar components and/or features may have the same reference label. A block diagram of one embodiment of the cryptographic processing system 100 is illustrated in Fig. 1. The system 100 includes a central processing unit (CPU) 104, a crypto engine 108, one or more peripherals 112, memory 116, and firmware storage memory 120 which are all interconnected by a system bus 124. Because the CPU 104 is inefficient at performing cryptographic computations, they are passed over the system bus 124 to the crypto engine 108 for execution. Either a single datapath operation or a complete function containing multiple datapath operations may be passed to the crypto engine 108 for execution.
The CPU 104 generally controls operation of the cryptographic processing system 100. The CPU 104 is a general purpose processor which performs a variety of tasks. To support this variety, general purpose processors 104 typically have many more instructions than, for example, the cryptographic engine 108. When cryptographic processing is required, the CPU 104 has the cryptographic engine perform the processing. In the mean time, the CPU 104 can process other tasks needed to control the processing system 100. Preferably, the CPU 104 is a MIPS® embedded core, however, any number of processing cores could be used.
The CPU 104 uses software code or firmware to control operation of the cryptographic processing system 100. In this embodiment, the code is stored in firmware storage memory 120 which is a nonvolatile memory such as battery backed random access memory (RAM).
The CPU 104 uses additional memory 116 to assist execution of the code within the CPU 104. This memory 116 is volatile and rewritable memory which does not retain its value if power is removed. However, other embodiments could use nonvolatile and rewritable form of memory. Variables and data needed during program execution are stored in this memory 116.
A number of peripherals 112 are used by the CPU 104 to perform specialized tasks. For example, in the context of a television set-top box, these peripherals 112 could be dedicated to such tasks as modem data transmission to a telephone network. The information sent to and received from the telephone network would be converted by the peripheral 1 12 into a format used by the CPU 104 such that the CPU 104 could interface with the telephone network using the peripheral 112. Also attached to the system bus 124 is the crypto engine 108 which performs any cryptographic algorithms. The crypto engine 108 has limited functionality specialized for efficient cryptography. In contrast, the CPU 104 has greater functionality but cannot perform cryptographic functions efficiently. Preferably, the crypto engine 108 performs computations required for the Rivest, Shamir and Adleman (RSA) cryptographic algorithm. However, other embodiments could perform computations associated with any symmetric or asymmetric cryptographic algorithm. Although not shown, interrupts are used as flags to indicate to the CPU 104 when processing by the crypto engine 108 is complete. However, other embodiments could use polled interrupts or any other technique for setting a flag.
The system bus 124 allows communication between all circuits attached to the bus. The system bus 124 allows sending information between the CPU 104 and any other circuit attached to the system bus 124. Additionally, a block of information can be exchanged between the memory 116 and the crypto engine 108 using a direct memory access (DMA) circuit. To perform a DMA transfer, the CPU 104 places a number of data words in the system memory and tells a DMA circuit the output for the data. The DMA transfer directly transfers the data from memory to the crypto engine 108 over the system bus 124. As can be appreciated, DMA circuits can considerably improve the bandwidth of data transfer because the latencies of the CPU 104 shepherding the transfer of each word of data are avoided.
Referring next to Fig. 2, an embodiment of the crypto engine 108 is shown in block diagram form. The crypto engine 108 includes a sequencer 200, a math unit 204, configuration registers 208, a bus interface 212, and operand memory 216. This embodiment can accept from the CPU 104 either a single datapath operation or a function including a number of datapath operations. Preferably, the transfer of data associated with executing a function or datapath operations uses DMA transfers.
The bus interface 212 attaches to the system bus 124 and allows data exchange with the crypto engine 108. The bus interface 212 contains control logic which grafts handshaking and data transfer needs of the crypto engine 108 into the memory space of the CPU 104. From the viewpoint of the system bus 124, all the interaction with the crypto engine 108 is memory mapped into the address space of the CPU 104. Some of the circuitry required to enable DMA transfers is also located in the bus interface 212, but most of the DMA circuitry is located elsewhere in the cryptographic processing system 100.
The bus interface 212 passes information between the CPU 104 and the configuration registers 208, sequencer 200 and math unit 204. The configuration registers 208 contain parameters associated with execution of a datapath operation such as operand length, datapath operation desired, start address of operand, etc. To perform a datapath operation, the math unit 204 uses the information in the configuration registers written by the CPU 104 or sequencer 200.
The math unit 204 performs datapath operations upon the operands in the operand memory. Which operation to perform and which operands to perform the datapath operation upon are designated in the configuration. registers 208. Once the information required to execute an datapath operation is written into the configuration registers 208, the math unit 208 waits for the writing into the configuration registers 208 of a,flag which indicates processing should commence. Next, the math unit 208 reads the input operands and configuration information and executes the datapath operation. After execution, a resulting output operand is written into the operand memory 216.
The math unit 204 includes a number of submodules such as a math operator 232, an address generator 240 and a math datapath 236. The math operator 232 retrieves the datapath operation from the configuration registers 208 and manages execution of that datapath operation. A state machine within the math operator 232 determines the operation desired, controls the math datapath 236 to perform the arithmetic and controls the address generator 240 to load and store operands from the operand memory 216. The math datapath 236 performs multiplies, squares, additions, subtractions, shifts, Montgomery multiplies, and various other operations on words of data. The operands are comprised of a number of words which are subdivided down to single words during execution by the math operator 232 prior to processing by the math datapath 236. For example, the input operands are 1024 bits, but the word size processed by the math datapath 236 is thirty-two bits. The math operator 232 iteratively has the math datapath perform thirty-two bit word operations to achieve a desired 1024 bit datapath operation.
There are standard algorithms which allow performing arithmetic on large operands by using smaller arithmetic functions. However, these standard algorithms rely upon software which executes much slower than hardware, unlike the math operator 232 which controls the process with hardware state machines. For example, a 1024 bit addition can be achieved by sequentially adding corresponding words of both input operands and including the carry from any previous word addition. To add two 1024 bit numbers, thirty-two consecutive additions with carry of thirty-two bit words are required. Known algorithms similarly exist for subtractions, multiplies, squares, bit shifts, and other arithmetic functions.
Since the math datapath 236 only performs thirty-two bit word operations, the complexity and size of that circuit is greatly reduced. As can be appreciated, a 1024 bit multiply is an extremely large circuit if the multiply is not subdivided into word operations. Accordingly, the present invention reduces circuit size and complexity without resorting to the use of software algorithms performed on a general purpose processor.
The address generator 240 and math datapath 236 work under the control of the math operator 232 to perform the word operations. The state machine in the math operator 232 causes the address generator 240 to activate the proper connection between the math datapath 236 and operand memory 216 when reading and writing operands. Additionally, the state machine connects the input operand word and output operand word to the correct word operation in the math datapath 236. For example, in the case of an addition word operation, the state machine connects the appropriate words of the input operands from the operand memory 216 by manipulating the address generator 240 to the input of the addition operation. The output word from the addition is written to the output operand word addressed by the address generator 240. Any carry out from the addition is retained by the math datapath 236 as the carry in for the next word addition. The operand memory 216 stores the input written by the CPU 104 and output operands written by the math datapath 236. Additionally, intermediate results from executing the datapath operation may also be stored in the operand memory 216. In this embodiment, the operand memory 216 is organized in eight blocks, where each block is 2048 bits long. Each operand can span up to two blocks and have a size of up to 4096 bits. Each block is subdivided into sixty- four words which are each thirty-two bits wide. When the CPU writes the input operands, the configuration registers 208 are also written with the length of the each input operand, the block(s) which contain each operand and the start address of the operand within those block(s). In this way, an operand may be written into any location of the operand memory and need not be aligned with any block boundary. In a similar way, the location of the output operand is designated in the configuration registers 208.
The operand memory 216 is designed for efficiently writing and reading operands. Preferably, dual port memory is used as the operand memory 216. There are three are read buses and one is a write bus data attached to the operand memory 216. The three read busses share one port on each memory cell while the write bus has its own port on each memory cell. However, only one bus is able to read or write to a given block at a time so the datapath algorithms are designed such that they do not attempt to simultaneously access the two ports of the memory cell at the same time. Since there are three read buses and one write bus, there can be three input operands and one output operand for a given word operation. Addressing of the operand memory 216 includes a select bus which chooses the proper block and a word address bus which selects the proper word within that block. There are additional enable lines and bus gating lines to enable the above described functionality. The CPU 104 can either pass a single datapath operation to the crypto engine 108 for execution or can send a function which contains a number of datapath operations for execution. An example of a function would be some type of RSA task such as key generation. In the case where a function is sent for execution, the sequencer 200 is employed to execute the function. The sequencer 200 includes sequencer registers 220, an operation store 224 and a sequence controller 228.
A function contains both datapath operations and sequencer operations. Sequencer operations are executed in the sequence controller 228 and include simple operations such as increments, decrements and conditionals. As described above, the datapath operations are executed by the math unit 204.
In order to execute a function, the CPU 104 writes the datapath and sequencer operations to the operation store 224 by way of the sequencer registers 220. The sequencer registers 200 contain other configuration information to assist handshaking between the sequencer 200 and CPU 104. Similar to the configuration registers 208, the sequencer registers 220 appear in the memory map of the CPU 104 and are addressable from the system bus 124 like any other part of the memory map.
The operation store 224 holds the datapath and sequence operations which comprise the function. A memory block within the operation store 224 is used to hold these operations. Decode logic within the operation store 224 assists in reading and writing the memory block. In this embodiment, the memory block is sixty-four words long where each word is thirty-two bits wide. A program counter in the sequence controller 228 is used to sequence through the operations in the operation store.
The sequence controller 228 uses the operations in the operation store 224 along with any information in the sequencer registers to execute the function. Included in the sequence controller 228 are a program counter, operand registers, an arithmetic logic unit (ALU), and a stack. As mentioned above, the program counter addresses the operations in the operand store 224. The stack allows saving the program counter values and any operand registers in order to execute sub-functions which may be part of a function. Increment, decrement and conditional sequencer operations are executed in the ALU so that looping and branching is possible.
When the sequencer 200 encounters a datapath operation, it is sent to the math unit 204 for execution. The sequence controller 228 writes the configuration registers 208 with the necessary information so that the math operator 232 can properly address the operands. Additionally, the datapath operation is written to the configuration registers 208 so that the math operator 232 can formulate the proper word operations necessary to implement the datapath operation.
As the datapath operations are encountered, the sequencer 200 sends them to the math unit 204 for execution. In contrast, when the sequencer operations are encountered they are executed locally by the sequencer 200. In this way, a function which contains many datapath and sequencer operations can be executed without intervention by the CPU 104 which allows the CPU 104 to attend to other tasks while the crypto engine 108 executes the function. Additionally, system bus 124 bandwidth is preserved because communication from the CPU 104 is not needed while the crypto engine 108 is executing the function. Upon completion of the function, a flag is set for the CPU 104 so that it knows when to retrieve the output operand from the operand memory 216.
With reference to Fig. 3, a flow diagram depicts the process for executing a single datapath operation sent from the CPU 104. As mentioned above, the crypto engine 108 can execute single datapath operations or functions which may contain many datapath operations as well as sequencer operations. Before beginning execution of any datapath operation, the CPU 104 can query the configuration registers 208 to determine if the crypto engine 108 is available for processing the datapath operation. If available, the CPU writes the input operand(s) into operand memory 216 in step 300. As mentioned above, there can be one to three input operands for the various datapath operations. The access to the operand memory 216 is through the math datapath 236 for writing data and through the address generator 240 for addressing data.
In step 304, information is written to the configuration registers 208 by the CPU 104. This information includes operand location, operand size and datapath operation desired. After the configuration information is written, the operation start flag is activated in step 308. In this embodiment, the operation start flag corresponds to a bit in a configuration register which is written by the CPU. However, any method for setting a flag could be used to begin execution of the operation.
At this point in the process, execution within the crypto engine 108 begins. To indicate to the CPU 104 that execution has begun, a busy flag in the configuration registers 208 is set. In step 312, the datapath operation is executed. As discussed above, this involves a state machine in the math operator 232 which issues a series of word operations. The CPU 104 is notified when the execution has completed by setting an execution complete flag in step 316. The complete flag is a bit in the configuration registers 208. However, other embodiments could use a discrete signal, such as an interrupt, instead of a status bit. In step 320, the output operand is read from the operand memory 216 by the CPU 104 to complete the process of executing a datapath operation. Referring next to Fig. 4, a process for executing a function is illustrated in block diagram form. In step 400, the CPU 104 writes the function into the operation store 224 within the sequencer 200. The operations which comprise the function are formulated by the firmware running on the CPU 104. Examples of functions which might be sent the crypto engine 108 include RSA key generation, data encryption or data decryption. After the function is stored in the crypto engine 108, the input operands are written into operand memory in step 404. During execution the various datapath operations which comprise the function, these input operands will take many intermediate forms before resulting in an output operand.
Once all the input information is written by the CPU 104, the processing of the function begins. At this point, the CPU 104 is free to execute other unrelated tasks until the crypto engine 108 completes execution. In step 408, a sequencer start flag is activated to signal the crypto engine 108 to begin processing of the input operands according to the function. The first operation in the operation store 224 is fetched in step 410, whereafter the program counter is incremented to point to the next operation in the store 224. In step 412, a determination is made whether the operation is a datapath operation for execution by the math unit 204 or a sequencer operation for execution by the sequencer 200.
If a datapath operation, processing continues to steps 416 and 420. In step 416, the sequencer 200 reads information from the program store 224 and writes the appropriate information into the configuration registers 208. Execution, based upon the information in the configuration registers 208, is performed in step 420. As discussed above, execution involves a state machine within the math operator 232 which manipulates the address generator 240 and math datapath 236 to perform the datapath operation on the input operands in the operand memory 216.
If it is determined in step 412 that the operation is a sequencer operation, processing proceeds to step 424. Execution of the sequencer operation involves performing the operation with the ALU and operand registers within the sequence controller 228. As described above, the sequencer operations are used to branch and loop withμ the function. After either executing a datapath or sequencer operation, a determination is made in step 428 whether execution of the function has completed. If there are more operations to perform, processing loops back to step 410 where the next operation is fetched. If execution of the function has completed, the sequencer sets the execution complete flag in the configuration registers 208 in step 430. The execution complete flag signals the CPU 104 that the output operand is read for retrieval. In step 432, the output operand is retrieved by the CPU 104. In this way, a large function with many operations is executed without intervention by the CPU 104.
In light of the above description, a number of advantages of the present invention are readily apparent. The above described crypto engine is faster than software implementations run on general purpose processors. Additionally, the functions are not hard coded into the crypto engine which allows for subsequent changes in the algorithm. Further, the crypto engine requires less circuitry than specialized hardware cryptographic processors because the math operator reuses word size operators in the math datapath. A number of variations and modifications of the invention can also be used. For example, the crypto engine has the ability to execute single datapath operations. In some embodiments, this capability could be removed so that only functions could be executed by the sequencer. However, the functions could only contain one datapath operation. Additionally, some embodiments could use the crypto engine for any variety of cryptographic processing or hash operations using any number of different algorithms. Further, the present invention is not limited to executing a single function at a time. Other embodiments could pass a number of functions to the crypto engine for execution before the CPU retrieves the result.
The forgoing description of the invention has been presented for the purposes of illustration and description and is not intended to limit the invention.
Variations and modifications commensurate with the above description, together with the skill or knowledge of the relevant art, are within the scope of the present invention. The embodiments described herein are further intended to explain the best mode known for practicing the invention and to enable those skilled in the art to utilize the invention in such best mode or other embodiments, with the various modifications that may be required by the particular application or use of the invention. It is intended that the appended claims be construed to include alternative embodiments to the extent permitted by the prior art.

Claims

WHAT IS CLAIMED IS: 1. A method for executing a plurality of commands in a cryptographic processing system, the method comprising steps of: receiving a first plurality of commands; executing the first plurality of commands; setting a flag to indicate completion of the step of executing the first plurality of commands; receiving a second plurality of commands; and executing the second plurality of commands.
2. The method for executing a plurality of commands in a cryptographic processing system as set forth in claim 1, further comprising a step of setting the flag to indicate completion of the step of executing the second plurality of commands.
3. The method for executing a plurality of commands in a cryptographic processing system as set forth in claim 1, further comprising a step of storing the first plurality of commands.
4. The method for executing a plurality of commands in a cryptographic processing system as set forth in claim 1, wherein the step of executing the first plurality of commands further comprises a step of converting one command into a p lurality o f subcommands .
5. The method for executing a plurality of commands in a cryptographic processing system as set forth in claim 1, wherein the step of setting a flag comprises activating an interrupt.
6. The method for executing a plurality of commands in a cryptographic processing system as set forth in claim 1, wherein the step of receiving a first plurality of commands comprises receving a first function.
7. The method for executing a plurality of commands in a cryptographic processing system as set forth in claim 1, wherein the step of executing a first plurality of commands comprise at least one of branching and looping within the first p lurali ty o f commands .
8. A cryptographic processing system, comprising: a cryptographic processor which executes a function; a general purpose processor which sends the function to the cryptographic processor; and a bus coupling the general purpose processor to the cryptographic processor.
9. The cryptographic processing system as set forth in claim 8, wherein the cryptographic processor comprises a sequencer which stores the function and executes a subset of the commands within the function.
10. The cryptographic processing system as set forth in claim 9, wherein the sequencer stores a plurality of functions.
11. The cryptographic processing system as set forth in claim 8, further comprising a memory which stores input and output operands for a command.
12. The cryptographic processing system as set forth in claim 8, further comprising an interrupt signal which indicates completion of execution by the cryptographic processor.
13. The cryptographic processing system as set forth in claim 8, wherein the function comprises a plurality of commands.
14. The cryptographic processing system as set forth in claim 8, wherein the cryptographic processor includes a math unit which converts a command into a plurality of subcommands.
15. The cryptographic processing system as set forth in claim 8, wherein the cryptographic processor performs loops and branches within the function independently from the general purpose processor.
16. A cryptographic processor, comprising: a bus interface; a sequencer which stores a function received from the bus interface; operand memory; and a math unit coupled to the bus interface, operand memory and sequencer.
17. The cryptographic processor as set forth in claim 16, wherein the operand memory comprises: a input operand; and a output operand.
18. The cryptographic processor as set forth in claim 16, wherein the math unit comprises: a math datapath which executes math operations; an address generator; and a math operator which is coupled to the math datapath and address generator.
19. The cryptographic processor as set forth in claim 16, wherein the sequencer executes a subset of the commands within the function.
20. The cryptographic processor as set forth in claim 16, wherein the sequencer stores a plurality of functions at one time.
21. The cryptographic processor as set forth in claim 16, further comprising a flag which indicates completion of execution by the cryptographic processor.
22. The cryptographic processor as set forth in claim 16, wherein the function comprises a plurality of commands.
23. The cryptographic processor as set forth in claim 16, wherein the math unit converts a command into a plurality of subcommands.
24. The cryptographic processor as set forth in claim 16, wherein the cryptographic processor performs loops and branches within the function independently from a general purpose processor.
25. A method for processing cryptographic functions, the method comprising: receiving a function comprised of a plurality of commands which include at least one of a loop and a branch; converting at least one of the plurality of commands to a plurality of subcommands; and executing the plurality of subcommands.
26. The method for processing cryptographic functions as set forth in claim 25, further comprising a step of activating a flag in response to the executing step.
27. The method for processing cryptographic functions as set forth in claim 25, further comprising a step of storing the first plurality of commands.
28. The method for processing cryptographic functions as set forth in claim 25, wherein the converting and executing steps are performed independently of a general purpose processor.
29. The method for processing cryptographic functions as set forth in claim 25, further including a step of dividing the plurality of commands between two different processing blocks.
PCT/US2000/015872 1999-06-08 2000-06-08 Cryptographic processing system WO2000076119A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU57302/00A AU5730200A (en) 1999-06-08 2000-06-08 Cryptographic processing system

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US13814799P 1999-06-08 1999-06-08
US60/138,147 1999-06-08
US39314799A 1999-09-10 1999-09-10
US09/393,147 1999-09-10

Publications (1)

Publication Number Publication Date
WO2000076119A1 true WO2000076119A1 (en) 2000-12-14

Family

ID=26835912

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/015872 WO2000076119A1 (en) 1999-06-08 2000-06-08 Cryptographic processing system

Country Status (2)

Country Link
AU (1) AU5730200A (en)
WO (1) WO2000076119A1 (en)

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2834154A1 (en) * 2001-12-21 2003-06-27 Oberthur Card Syst Sa Electronic unit in a smart card including high-speed cryptographic algorithm, uses direct bidirectional link via shared memory between input-output and cryptographic processor
EP1324175A1 (en) * 2001-12-28 2003-07-02 Bull S.A. Module for securing data by encryption/decryption and/or signature/verification of signature
WO2005031575A3 (en) * 2003-09-26 2005-05-19 Ati Technologies Inc Method and apparatus for monitoring and resetting a co-processor
WO2004099971A3 (en) * 2003-05-05 2006-01-19 Sun Microsystems Inc Methods and systems for efficiently integrating a cryptographic co-processor
EP1496421A3 (en) * 2003-04-18 2006-04-05 IP-First LLC Apparatus and method for performing transparent block cipher cryptographic functions
EP1469371A3 (en) * 2003-04-18 2006-06-07 IP-First LLC Microprocessor apparatus and method for performing block cipher cryptographic functions
US7376967B1 (en) * 2002-01-14 2008-05-20 F5 Networks, Inc. Method and system for performing asynchronous cryptographic operations
CN100391145C (en) * 2003-12-04 2008-05-28 智慧第一公司 Method and device for recombining transparent block code compilation
US7392400B2 (en) 2003-04-18 2008-06-24 Via Technologies, Inc. Microprocessor apparatus and method for optimizing block cipher cryptographic functions
CN100463392C (en) * 2003-09-29 2009-02-18 威盛电子股份有限公司 Microprocessor apparatus and method for performing configuration block cipher cryptographic algorithm
US7502943B2 (en) 2003-04-18 2009-03-10 Via Technologies, Inc. Microprocessor apparatus and method for providing configurable cryptographic block cipher round results
US7519833B2 (en) 2003-04-18 2009-04-14 Via Technologies, Inc. Microprocessor apparatus and method for enabling configurable data block size in a cryptographic engine
US7529367B2 (en) 2003-04-18 2009-05-05 Via Technologies, Inc. Apparatus and method for performing transparent cipher feedback mode cryptographic functions
US7529368B2 (en) 2003-04-18 2009-05-05 Via Technologies, Inc. Apparatus and method for performing transparent output feedback mode cryptographic functions
US7536560B2 (en) 2003-04-18 2009-05-19 Via Technologies, Inc. Microprocessor apparatus and method for providing configurable cryptographic key size
US7539876B2 (en) 2003-04-18 2009-05-26 Via Technologies, Inc. Apparatus and method for generating a cryptographic key schedule in a microprocessor
US7542566B2 (en) 2003-04-18 2009-06-02 Ip-First, Llc Apparatus and method for performing transparent cipher block chaining mode cryptographic functions
CN100527664C (en) * 2003-09-29 2009-08-12 威盛电子股份有限公司 Microprocessor and method with optimized block cipher function
US7702955B2 (en) 2005-12-28 2010-04-20 De Almeida Adrian S Method and apparatus for detecting a fault condition and restoration thereafter using user context information
US7844053B2 (en) 2003-04-18 2010-11-30 Ip-First, Llc Microprocessor apparatus and method for performing block cipher cryptographic functions
US7900055B2 (en) 2003-04-18 2011-03-01 Via Technologies, Inc. Microprocessor apparatus and method for employing configurable block cipher cryptographic algorithms
US7925891B2 (en) 2003-04-18 2011-04-12 Via Technologies, Inc. Apparatus and method for employing cryptographic functions to generate a message digest
US8060755B2 (en) 2003-04-18 2011-11-15 Via Technologies, Inc Apparatus and method for providing user-generated key schedule in a microprocessor cryptographic engine
US8321687B2 (en) 2003-11-28 2012-11-27 Bull S.A.S. High speed cryptographic system with modular architecture
EP2158718A4 (en) * 2007-05-18 2014-09-24 Verimatrix Inc SYSTEM AND METHOD FOR DEFINING PROGRAMMABLE PROCESSING STEPS APPLIED DURING DATA PROTECTION

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5111504A (en) * 1990-08-17 1992-05-05 General Instrument Corporation Information processing apparatus with replaceable security element
US5844986A (en) * 1996-09-30 1998-12-01 Intel Corporation Secure BIOS
US6026490A (en) * 1997-08-01 2000-02-15 Motorola, Inc. Configurable cryptographic processing engine and method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5111504A (en) * 1990-08-17 1992-05-05 General Instrument Corporation Information processing apparatus with replaceable security element
US5844986A (en) * 1996-09-30 1998-12-01 Intel Corporation Secure BIOS
US6026490A (en) * 1997-08-01 2000-02-15 Motorola, Inc. Configurable cryptographic processing engine and method

Cited By (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003054670A1 (en) * 2001-12-21 2003-07-03 Oberthur Card Systems Sa Electronic unit provided in a microcircuit card and including cryptographic means for high-speed data processing
US8412956B2 (en) 2001-12-21 2013-04-02 Oberthur Technologies Electronic unit provided in a microcircuit card and including cryptographic means for high-speed data processing
FR2834154A1 (en) * 2001-12-21 2003-06-27 Oberthur Card Syst Sa Electronic unit in a smart card including high-speed cryptographic algorithm, uses direct bidirectional link via shared memory between input-output and cryptographic processor
EP1324175A1 (en) * 2001-12-28 2003-07-02 Bull S.A. Module for securing data by encryption/decryption and/or signature/verification of signature
FR2834361A1 (en) * 2001-12-28 2003-07-04 Bull Sa DATA SECURITY MODULE BY ENCRYPTION / DECRYPTION AND / OR SIGNATURE / VERIFICATION OF SIGNATURE
US7437569B2 (en) 2001-12-28 2008-10-14 Bull, S.A. Module for secure management of digital date by encryption/decryption and/or signature/verification of signature which can be used for dedicated servers
US7376967B1 (en) * 2002-01-14 2008-05-20 F5 Networks, Inc. Method and system for performing asynchronous cryptographic operations
US8429738B1 (en) 2002-01-14 2013-04-23 F5 Networks, Inc. Method and system for performing asynchronous cryptographic operations
US8091125B1 (en) * 2002-01-14 2012-01-03 Fs Networks, Inc. Method and system for performing asynchronous cryptographic operations
US7529367B2 (en) 2003-04-18 2009-05-05 Via Technologies, Inc. Apparatus and method for performing transparent cipher feedback mode cryptographic functions
US7539876B2 (en) 2003-04-18 2009-05-26 Via Technologies, Inc. Apparatus and method for generating a cryptographic key schedule in a microprocessor
EP1496421A3 (en) * 2003-04-18 2006-04-05 IP-First LLC Apparatus and method for performing transparent block cipher cryptographic functions
US7392400B2 (en) 2003-04-18 2008-06-24 Via Technologies, Inc. Microprocessor apparatus and method for optimizing block cipher cryptographic functions
US8060755B2 (en) 2003-04-18 2011-11-15 Via Technologies, Inc Apparatus and method for providing user-generated key schedule in a microprocessor cryptographic engine
US7925891B2 (en) 2003-04-18 2011-04-12 Via Technologies, Inc. Apparatus and method for employing cryptographic functions to generate a message digest
US7900055B2 (en) 2003-04-18 2011-03-01 Via Technologies, Inc. Microprocessor apparatus and method for employing configurable block cipher cryptographic algorithms
US7502943B2 (en) 2003-04-18 2009-03-10 Via Technologies, Inc. Microprocessor apparatus and method for providing configurable cryptographic block cipher round results
US7519833B2 (en) 2003-04-18 2009-04-14 Via Technologies, Inc. Microprocessor apparatus and method for enabling configurable data block size in a cryptographic engine
EP1469371A3 (en) * 2003-04-18 2006-06-07 IP-First LLC Microprocessor apparatus and method for performing block cipher cryptographic functions
US7529368B2 (en) 2003-04-18 2009-05-05 Via Technologies, Inc. Apparatus and method for performing transparent output feedback mode cryptographic functions
US7532722B2 (en) 2003-04-18 2009-05-12 Ip-First, Llc Apparatus and method for performing transparent block cipher cryptographic functions
US7536560B2 (en) 2003-04-18 2009-05-19 Via Technologies, Inc. Microprocessor apparatus and method for providing configurable cryptographic key size
US7321910B2 (en) 2003-04-18 2008-01-22 Ip-First, Llc Microprocessor apparatus and method for performing block cipher cryptographic functions
US7542566B2 (en) 2003-04-18 2009-06-02 Ip-First, Llc Apparatus and method for performing transparent cipher block chaining mode cryptographic functions
US7844053B2 (en) 2003-04-18 2010-11-30 Ip-First, Llc Microprocessor apparatus and method for performing block cipher cryptographic functions
GB2416224B (en) * 2003-05-05 2007-02-14 Sun Microsystems Inc Methods and systems for efficiently integrating a cryptographic co-processor
US7392399B2 (en) 2003-05-05 2008-06-24 Sun Microsystems, Inc. Methods and systems for efficiently integrating a cryptographic co-processor
WO2004099971A3 (en) * 2003-05-05 2006-01-19 Sun Microsystems Inc Methods and systems for efficiently integrating a cryptographic co-processor
US8250412B2 (en) 2003-09-26 2012-08-21 Ati Technologies Ulc Method and apparatus for monitoring and resetting a co-processor
WO2005031575A3 (en) * 2003-09-26 2005-05-19 Ati Technologies Inc Method and apparatus for monitoring and resetting a co-processor
CN100527664C (en) * 2003-09-29 2009-08-12 威盛电子股份有限公司 Microprocessor and method with optimized block cipher function
CN100463392C (en) * 2003-09-29 2009-02-18 威盛电子股份有限公司 Microprocessor apparatus and method for performing configuration block cipher cryptographic algorithm
US8321687B2 (en) 2003-11-28 2012-11-27 Bull S.A.S. High speed cryptographic system with modular architecture
CN100391145C (en) * 2003-12-04 2008-05-28 智慧第一公司 Method and device for recombining transparent block code compilation
US7702955B2 (en) 2005-12-28 2010-04-20 De Almeida Adrian S Method and apparatus for detecting a fault condition and restoration thereafter using user context information
EP2158718A4 (en) * 2007-05-18 2014-09-24 Verimatrix Inc SYSTEM AND METHOD FOR DEFINING PROGRAMMABLE PROCESSING STEPS APPLIED DURING DATA PROTECTION
US9268949B2 (en) 2007-05-18 2016-02-23 Verimatrix, Inc. System and method for defining programmable processing steps applied when protecting the data

Also Published As

Publication number Publication date
AU5730200A (en) 2000-12-28

Similar Documents

Publication Publication Date Title
WO2000076119A1 (en) Cryptographic processing system
US6061779A (en) Digital signal processor having data alignment buffer for performing unaligned data accesses
CN101201811B (en) Encryption-decryption coprocessor for SOC
JP4657455B2 (en) Data processor
CN108009126B (en) Calculation method and related product
CN107957975B (en) Calculation method and related product
CN101952801A (en) Co-processor for stream data processing
US5163154A (en) Microcontroller for the rapid execution of a large number of operations which can be broken down into sequences of operations of the same kind
US20200334042A1 (en) Method and device (universal multifunction accelerator) for accelerating computations by parallel computations of middle stratum operations
CN1666174B (en) A processor for processing signal
CN102521535A (en) Information safety coprocessor for performing relevant operation by using specific instruction set
CN110704109B (en) An Elliptic Curve Cryptographic Coprocessor
CN114154640A (en) A processor for implementing the Saber algorithm for post-quantum cryptography
CN107957977A (en) A kind of computational methods and Related product
EP0952528A2 (en) Information processing apparatus and storage medium
US20220197655A1 (en) Broadcast synchronization for dynamically adaptable arrays
US4967339A (en) Operation control apparatus for a processor having a plurality of arithmetic devices
JPH0581119A (en) General-purpose memory-access system using register indirect mode
JPH0916398A (en) Information processing device
US6055620A (en) Apparatus and method for system control using a self-timed asynchronous control structure
KR20010110202A (en) Two cycle fft
CN115248701B (en) Zero-copy data transmission device and method between processor register files
US6584514B1 (en) Apparatus and method for address modification in a direct memory access controller
JP3332606B2 (en) Microprocessor
CN119536808B (en) A processing system based on a single-precision configurable matrix operation unit with RISC-V instruction extension

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP