CN1592189A - Microprocessor and method with optimized block cipher function - Google Patents

Abstract

The present invention provides a device and method for performing cryptographic operations on a plurality of input data blocks in a processor. In one embodiment, a device for performing cryptographic operations is provided, and the device includes a cryptographic instruction and a translation logic. The above-mentioned cryptographic instruction is received by a computing device and used as part of an instruction stream, and the cryptographic instruction specifies a cryptographic operation. The above-mentioned translation logic translates the above-mentioned cryptographic instruction into a microinstruction, and the microinstruction is used to instruct the computing device to load a second input text block and perform a cryptographic operation on the second input text block before instructing the computing device to store an output text block corresponding to the first input text block. Therefore, during the execution of the cryptographic operation on the second input text block, the above-mentioned output text block can be stored.

Description

Microprocessor and method with optimized block cipher function

technical field

The present invention relates to the field of microelectronics, and more particularly to a device and method for performing cryptographic operations in a computing device with an optimized sequence of microinstructions, so as to increase the throughput of the computing device.

Background technique

Early computer systems operated independently of other computer systems, whereby the input data required for the application programs running on the computer system were either stored in the computer system or provided by the application programmer at the time of execution; The output data generated by the execution result of the application program is generally in the form of printed paper, or a file written into tape, disk or other types of storage devices of the computer system. The output file may be an input file for an application program subsequently executed on the same computer system, or, when the output data was previously stored as a file on a removable or transportable storage device, it may be provided to a different but compatible computer used by system applications. In these early systems, the need to protect classified information was recognized, and among other information security measures, cryptographic applications were developed and applied to prevent unauthorized disclosure of classified information. These cryptographic programs generally scramble and unscramble output data stored as files in a storage device.

In the next few years, users began to discover the benefits of sharing and accessing information provided by connecting computers through the network. Therefore, network architecture, operating systems, and data transmission protocols were developed to not only support the ability to access shared data, but also is its salient feature. For example: a user's computer workstation can access files on different workstations or network file servers, or use the Internet to obtain news and other information, or send and receive electronic messages (such as emails) to hundreds of other computers, or communicate with The dealer's computer system connects and provides credit card or bank information to purchase the product, or use the wireless network in a restaurant, airport, or other public location for any of the above activities. As a result, the need to protect confidential data and transmissions from unauthorized disclosure has grown dramatically, and under certain circumstances, users are compelled to protect their confidential data. Current news headlines usually focus on computer information security issues, such as spam (spam), hacking, identity theft, reverse engineering, hoaxes, and credit card fraud are the top few of the public's attention. And when the motives for these intrusions into the private sphere range from unintentional mistakes to premeditated cyber-attacks, responsible enforcement agencies respond with new laws, tough enforcement, and public education programs. However, these responses have not been effective in stemming the tide of compromised computer information. What was once the preoccupational concern of governments, financial institutions, and the military is now an important issue for ordinary people; spies reading their emails or accessing transactions from their home computers to check their accounts. Before commercialization, those who are familiar with this technology can perceive that small to large corporate legal persons are currently using an outstanding part of their resources to protect property information.

The field of information security provides us with techniques and devices to encode data so that it can only be decoded by designated individuals, known as cryptography. When applied specifically to protecting information stored or transmitted between computers, ciphers are most commonly used to convert confidential data (called "plaintext"; plaintext or cleartext) into an incomprehensible form (called "ciphertext"; ciphertext ). The conversion process of converting plaintext into ciphertext is called encryption (enciphering; ciphering), and the reverse conversion process of converting ciphertext back to plaintext is called decryption (decryption; deciphering; inverse ciphering).

In the field of cryptography, several programs and protocols have been developed to allow users to perform cryptographic operations without much knowledge and effort, and for these users to transmit or provide information products in their encoded form to different users. Along with the encoded message, the sender typically provides the recipient with a "cryptographic key" that enables the recipient to decode the encoded message, thus enabling the recipient to recover or gain access to the unencoded original message. Those who are familiar with this technology can perceive that these programs and protocols are generally implemented in the form of password protection, mathematical algorithms, and application programs specially designed to encrypt and decrypt confidential information.

Several types of algorithms are currently used to encrypt and decrypt data. The algorithm uses two cryptographic keys, a public key and a private key, to encrypt or decrypt data according to one of the above-mentioned types (for example, an RSA algorithm, public key cryptographic algorithm). According to some public key algorithms, the receiver's public key is used by the transmitter to encrypt the data transmitted to the receiver, because there is a mathematical relationship between the user's public key and the private key, so the receiver must use its private key Decrypt this transmission to recover this data. Although this type of cryptographic algorithm is widely used today, its encryption and decryption operations are extremely slow even for a small amount of data. A second type of algorithm, known as the symmetric key algorithm, provides the same level of data security and can execute faster. These algorithms are called symmetric key algorithms because they use a single cryptographic key for encrypting and decrypting messages. In the public sector, there are currently three popular single-key encryption algorithms: Data Encryption Standard (DES), Triple DES, and Advanced Encryption Standard (AES). Because of the strength with which these algorithms protect classified information, U.S. government agencies are currently using these algorithms, but those familiar with the art expect that one or more of these algorithms will become the standard for commercial and unofficial transactions in the near future. According to all these symmetric key algorithms, plaintext and ciphertext are divided into blocks of specified size for encryption and decryption. For example: AES performs cryptographic operations on 128-bit block sizes and uses 128-bit, 192-bit, and 256-bit cryptographic key lengths. Other symmetric key algorithms, such as Rijndael Cipher also allow 192-bit and 256-bit data blocks. Accordingly, in terms of a block encryption operation, a 1024-bit plaintext message is encrypted as eight 128-bit blocks.

All symmetric key algorithms utilize the same form of operations to encrypt a block of plaintext, and according to many of the more commonly used symmetric key algorithms, an initial cryptographic key is expanded into a plurality of keys (e.g. a "key schedule") , each key is used as a corresponding cryptographic "round" of an operation and is performed on a plaintext block. For example: the first key of the key schedule is used to perform the first cryptographic round of the operation on the plaintext block, and the result of the first round is used as the input of the second round, wherein the second round uses the first round of the key schedule Two keys are used to produce a second result, and a specified number of subsequent round executions produce a final round result, the ciphertext itself. According to the AES algorithm, the operations in each round refer to SubBytes (or S-box), ShiftRows, MixColums and AddRoundKey in the literature. The decryption of a block of ciphertext is a similar process and accompanied by the execution of exceptions in each round, and the final result of the round is the plaintext of a block. The above exception refers to the anti-encryption of the ciphertext input and the execution of the reverse operation (for example : InverseMixColumns, Inverse ShiftRows).

DES and Triple DES utilize different specific operations, but these operations are similar to AES operations in that they convert a block of plaintext into a block of ciphertext in a similar manner.

Perform cryptographic operations on multiple consecutive blocks of text. All symmetric key algorithms utilize the same class of modes. These modes include electronic codebook (ECB) mode, cipher block chaining (CBC) mode, cipher feedback mode (cipher feedback; CFB) and output feedback mode (output feedback; OFB). Some of these modes utilize an additional initialization vector during the execution of the second operation, and some use the ciphertext output of the first set of cipher rounds executed on the plaintext of the first block as additional input to the plaintext of the second block Episode 2 Password Round. In addition, this application area provides an in-depth discussion of each cryptographic calculation and sub-operation used in today's symmetric-key cryptographic algorithms. As far as specific implementation standards are concerned, readers can obtain a detailed discussion of DES and triple DES from the Federal Information Processing Standards Publication 46-3 (Federal Information Processing Standards Publication; FIPS-46-3), published on October 25, 1999; And the United States Federal Information Processing Standard Notice 197 (FIPS-197), published on November 26, 2001, has been discussed in detail by AES. The two standards mentioned above are issued and advocated by the National Institute of Standards and Technology (NIST), and are hereby incorporated by reference for all intents and purposes of the present invention. In addition to the standards mentioned above, tutorials, white papers, toolkits, and resource articles are available on the Internet at http://csrc.nist.gov/ at NIST's Computer Security Resource Center; CSRC) obtained.

Those skilled in the art will recognize that there are many applications that can be executed on computer systems that can perform cryptographic operations (eg, encryption and decryption). In fact, some operating systems (eg: Microsoft Window XP, Linux) provide direct encryption/decryption services in the form of cryptographic primitives, cryptographic APIs, and the like. However, the present inventors have observed certain deficiencies in current computer cryptography techniques, and thus highlight and discuss these deficiencies by referring to FIG. 1 .

FIG. 1 is a block diagram 100 illustrating today's computer cryptographic applications. Block diagram 100 depicts first computer workstation 101 connected to local area network 105, and local area network 105 also connects second computer workstation 102, network file storage device 106, first router 107 or other interface form to wide area network 110 (for example: Internet) and Like a wireless network router 108 conforming to IEEE 802.11, the notebook computer 104 is interfaced with the wireless router 108 through the wireless network 109 . In terms of the wide area network 110 , a second router 111 provides an interface to the third computer workstation 103 .

As outlined above, today's users face computer information security issues many times during their work. For example: under the control of the current multi-tasking operating system, the user workstation 101 can execute multiple tasks simultaneously and each task requires a cryptographic operation. The user workstation 101 requests to execute the encryption/decryption application 112 (whether part of the operating system or invoked by the operating system) to store local files on the network file storage device 106. While the files are being stored, the user can Send an encrypted message to a second user at workstation 102, where workstation 102 also requires execution of an instance of encryption/decryption application 112, and the encrypted message may be real-time (e.g., real-time message) or non-real-time (e.g., e-mail ). In addition, users can access or provide their financial data (such as credit card numbers, financial transactions, etc.) or other forms of confidential data from the workstation 103 through the wide area network 110 . Workstation 103 may also represent a home office or other remote computer 103 that allows the user of workstation 101 to access any shared resources 101 , 102 , 106 , 107 , 108 , and 109 of local area network 105 while away from the office. Each of the above-mentioned activities requires a relative instance of the encryption/decryption application 112, and the wireless network 109 is now commonly provided in coffee shops, airports, schools, and other public places, thereby enabling the user's notebook computer 104 to not only Messages sent/received by other users are encrypted/decrypted, and all communications through the wireless network 109 to the wireless router 108 are also encrypted and decrypted.

Those skilled in the art can therefore perceive that in workstations 101-104, along with each activity requiring cryptographic operations, there must be a relative requirement to invoke (invoke) the example of encryption/decryption application 112, so computers 101-104 are in the nearest In the future it will be possible to perform hundreds of cryptographic operations simultaneously.

The inventors have noted limitations in the manner in which computer systems 101 - 104 described above perform cryptographic operations by invoking one or more instances of encryption/decryption application 112 . For example, software programmed to perform a given function is slower than performing the same function through hardware. And every time the encryption/decryption application program 112 is executed, the tasks being executed by the computers 101-104 must be suspended, and the parameters of the cryptographic operations (for example: plaintext, ciphertext, mode and key, etc.) must be transmitted to the computer through the operating system. Encryption/decryption application 112 is an example invoked to perform cryptographic operations. And because the cryptographic calculation involves many rounds of operations on a given data block, the execution of the encryption/decryption application 112 involves the execution of many computer instructions which adversely affects the processing speed of the overall system. Those familiar with the technology know that sending a small amount of encrypted e-mail messages in Microsoft Outlook can take five times as long as sending only unencrypted e-mail messages.

Additionally, current techniques are limited by the latency of operating system intervention. Most applications do not provide complete key generation or encryption/decryption components; they use operating system components or plug-in applications to complete the above tasks, and the operating system transfers its implement.

Also, the inventors noticed that the cryptographic operations in the current computer systems 101-104 are similar to the floating point mathematical operations in the days when microprocessors did not have floating point units. Early floating-point unit operations were performed by software, so the execution was very slow; similar to floating-point operations, cryptographic operations performed by software were also extremely slow. When the floating-point technology is further developed, the floating-point auxiliary processor provides floating-point instructions for execution. These floating-point auxiliary processors perform floating-point operations much faster than software execution, but increase the cost of the system. Similarly, cryptographic auxiliary processors currently exist in the form of additional circuit boards or external devices that interface with the main processor through parallel ports or other interface buses (such as: USB). These auxiliary processors enable the completion of cryptographic operations. Much faster than performed by pure software. But the cryptographic auxiliary processor increases the cost of system configuration, requires additional power supply and reduces the overall reliability of the system. The implementation of a cryptographic secondary processor has its vulnerability to deliberate snooping because the data channels are not on the same die as the main microprocessor.

The inventors thus identified the need to add cryptographic hardware to today's microprocessors, whereby applications requiring cryptographic operations can instruct the microprocessor to perform cryptographic operations by a single, atomic cryptographic instruction. The inventor also confirms that the requirements for operating system intervention and management should be limited by this function, and it is expected that the cryptographic instructions can be used at the privilege level of the application program and the cryptographic hardware can be comported with the general requirements of today's microprocessors. architecture, and cryptographic hardware and associated cryptographic instructions may support compatibility with previous operating systems and applications. It is further desirable to provide devices and methods for performing cryptographic operations that prevent unauthorized monitoring; that can support and program related multiple cryptographic algorithms; that can support verification and testing of entity-specific cryptographic algorithms; that allow users to The key can also be generated by itself; it supports multiple data block sizes and key lengths (key size); it provides efficient multi-data block pipeline processing; and it provides programmable block encryption/decryption modes such as ECB, CBC, CFB, and OFB.

Contents of the invention

The purpose of the present invention is to solve the above-mentioned problems and shortcomings of the prior art. The present invention provides a better technique for performing cryptographic operations in a microprocessor. In one embodiment, a device for performing cryptographic operations is provided, and the device includes cryptographic instructions and translation logic. The aforementioned cryptographic command is received by a computing device as part of a stream of instructions executed on the computing device, and the cryptographic command specifies a cryptographic operation. The translation logic described above is operatively coupled to the cryptographic instructions and translates the cryptographic instructions into microinstructions for instructing the computing device to load an output text block corresponding to the first input text block before instructing the computing device to store A second input text block and performing cryptographic operations on the second input text block. Therefore, during the cryptographic operation performed on the second input text block, the above-mentioned output text block can be stored.

The present invention provides an apparatus for performing cryptographic operations, the apparatus including translation logic configured to translate a cryptographic instruction into a sequence of microinstructions. The sequence of microinstructions includes a first microinstruction and a second microinstruction. The above-mentioned first microinstruction directs to load a second input text block and execute a cryptographic operation on the second input text block. The above-mentioned second microinstruction instructs to store a first output text block, and the first output text block corresponds to a first input text block according to the executed cryptographic operation. The above translation logic issues the second microinstruction after issuing the first microinstruction.

The present invention provides a method for performing a cryptographic operation on a device. The method includes translating a cryptographic instruction into a first microinstruction and a second microinstruction, wherein the cryptographic instruction prescribes the execution of a cryptographic operation. The above-mentioned first microinstruction directs the device to load a second input text block and executes the cryptographic operation on the second input text block, and the above-mentioned second microinstruction instructs the device to store a first output text block block, this first output text block corresponds to a first input text block according to the cryptographic operation performed; The cryptographic unit by which the output text block can be stored during the execution of the cryptographic operation on the second input text block.

Description of drawings

Figure 1 is a block diagram of today's cryptographic applications;

Figure 2 is a block diagram of the technique for performing cryptographic operations;

Fig. 3 is the block diagram of the microprocessor device that the present invention carries out cryptographic operation;

Fig. 4 is the block diagram of primitive (atomic) password instruction embodiment of the present invention;

FIG. 5 is a table of examples of field values of the block encryption mode of the primitive cipher instruction block in FIG. 4;

Fig. 6 is the block diagram of the cryptographic unit of the present invention in X86 compatible microprocessor;

7 is a block diagram of an example microinstruction field indicating cryptographic operations in the microprocessor of FIG. 6;

Fig. 8 is the form of the XLOAD microinstruction temporary storage field value format of Fig. 7;

Fig. 9 is the form of the XSTOR microinstruction temporary storage field value format of Fig. 7;

Fig. 10 is a block diagram of an example of the format of a control block specifying cryptographic operation parameters in the present invention;

Fig. 11 is a block diagram of a preferred implementation cryptographic unit of the present invention;

FIG. 12 is a block diagram of a block encryption logic embodiment of the present invention that performs cryptographic operations related to the Advanced Encryption Standard (AES) algorithm;

Fig. 13 is the form of an embodiment of the microinstruction stream of the present invention to the single-stage embodiment of the cryptographic unit;

Fig. 14 is another embodiment of the microinstruction flow of the present invention to the single stage of the cryptographic unit

Examples of tables;

Fig. 15 is the form of an embodiment of microinstruction flow of the present invention to the two-stage embodiment of cryptographic unit; And

Fig. 16 is another embodiment of the microinstruction flow of the present invention to the two stages of the cryptographic unit

Table of Examples.

Detailed ways

Some embodiments of the present invention are described in detail as follows. However, the present invention can be widely implemented in other embodiments other than those described in detail, and the scope of the present invention is not limited, which is subject to the scope of the following patents. Moreover, in order to provide a clearer description and an easier understanding of the present invention, the various parts in the illustrations have not been drawn according to their relative sizes, and the ratios of certain dimensions to other relevant dimensions have been exaggerated; irrelevant details have not been fully drawn out, in order to simplify the diagram.

In view of the above discussion of cryptographic operations and related techniques used by today's computer systems to encrypt/decrypt data, these techniques and their associated limitations will be continued in Figure 2, and the present invention will then be discussed in light of Figures 3 through 16 . The present invention provides an apparatus and method for performing cryptographic operations in today's computer systems, which exhibits excellent performance characteristics through the main mechanism and moreover satisfies the above-mentioned goals, such as limiting the intervention of the operating system, legacy Compatibility of architecture, programmability of algorithms and patterns, high-efficiency multi-data block pipeline operation, prevention of hacking and testability, etc.

Referring to FIG. 2, a block diagram 200 depicts techniques for performing cryptographic operations in today's computer systems. Block diagram 200 includes a microprocessor 201 that fetches instructions and accesses application-related data from a system memory called application memory 203, which is typically accessed by the The system memory protection scope is managed by the operating system software 202 . As mentioned above, when an execution application program (for example: e-mail program or file storage program) requires to perform a cryptographic operation, the execution application program must execute a considerable number of instructions by directing the microprocessor 201 to complete the cryptographic operation . These instructions may be subroutines of the executing application itself, or plug-in applications linked to the executing application, or services provided by the operating system 202 . Regardless of their associativity, those skilled in the art will recognize that these instructions will reside in certain designated or allocated memory ranges. For discussion purposes, these memory ranges are shown in application memory 203 and include a cryptographic key generation application 204 that generates or receives a cryptographic key and expands the key into a key schedule for use in cryptographic round operations. For multi-block encryption operations, the block encryption application 206 is invoked. The block encryption application 206 executes instructions for accessing plaintext blocks 210, key schedules 205, and password parameters 209, wherein the password parameters 209 further indicate specific cryptographic operations, such as mode, key schedule location, etc., and in The encryption application 206 may also access the initialization vector 208 when a particular mode is required. The encryption application 206 executes the instructions therein to generate a corresponding ciphertext block 211 . Similarly, the block decryption application 207 is activated to perform block decryption operations. The block decryption application 207 executes instructions to access the ciphertext block 211, the key schedule 205, and the cryptographic parameters 209, wherein the cryptographic parameters 209 further indicate explicit cryptographic operations, and can also access the initial vector when a specific mode is required 208. The decryption application 207 executes the instructions therein to generate the corresponding plaintext block 210 .

It is worth noting that a considerable number of commands must be executed to generate cryptographic keys and encrypt or decrypt blocks of text. The above-mentioned FIPS specification contains many examples of pseudocode enabling a considerable number of instructions, so those skilled in the art will recognize that a simple encryption operation will require hundreds of instructions, and each instruction must pass through the microprocessor. 201 is executed to complete the required cryptographic operations. Moreover, the execution of the instruction to complete the cryptographic calculation is generally redundant to the main purpose of the application being executed (for example: file management, real-time messaging, email, remote file access, credit card transactions), and as a result, the user is mistaken for The currently executing application is not performing well. As for the independent or plug-in encryption and decryption applications 206 and 207, the initiation and management of these applications 206 and 207 must also obey other requirements of the operating system 202, such as supporting interrupts, exceptions, and similar events that worsen the problem. And for each simultaneous cryptographic operation required by the computer system, individual instances of the application programs 204, 207, and 208 must be configured in memory 203, and it is expected that the number of simultaneous cryptographic operations required to be performed by the microprocessor 201 will also vary over time. Increase.

The inventors are aware of the problems and limitations of current computer system cryptography and recognize the need to provide means and methods for performing cryptographic operations in microprocessors. In this regard, the present invention provides a microprocessor and related methods for performing cryptographic operations through a cryptographic unit therein, the cryptographic unit performing cryptographic operations through a program of single cryptographic instructions. The present invention will now be discussed with reference to FIGS. 3 to 12 .

Please refer to FIG. 3 , which is a block diagram 300 of a microprocessor for performing cryptographic operations according to the present invention. Block diagram 300 depicts a microprocessor 301 coupled to system memory 321 via memory bus 319, and processor 301 includes a translation logic 303 that receives instructions from an instruction register. The translation logic 303 includes logic, circuit, device or microcode (eg, microinstruction or native instruction), or a combination of logic, circuit, device or microcode, or equivalent components for translating instructions into instruction-related sequences. These components that perform translation in the translation logic 303 may be shared with circuits that perform other functions in the microprocessor 301 , microcode, and according to the scope of this application, microcode is a term that refers to one or more microinstructions. A microinstruction (also referred to as a native instruction) is an instruction executed at a unit level, for example, a microinstruction is directly executed by a reduced instruction set computer (RISC) microprocessor. As for a complex instruction set computer (CISC) microprocessor, such as an x86-compatible microprocessor, its x86 instructions are translated into associated microinstructions and directly executed by units in the complex instruction set computer microprocessor. The translation logic 303 is coupled to the microinstruction queue 304 , and the microinstruction queue 304 has a plurality of lanes 305 , 306 . The microinstructions are provided by the microinstruction queue 304 to the temporary storage stage logic including a temporary file 307, and this temporary file 307 includes a plurality of temporary storages 308-313 (registers), whose contents have been established before performing a specified cryptographic operation . Temporary storage 308-313 refers to corresponding locations 323-327 in memory 321 containing data for performing specified cryptographic operations. The scratch stage is coupled to load logic 314 which interfaces with a data cache 315 which is coupled to memory 321 by a data bus 319 for retrieving data to perform address-specific cryptographic operations. Execution logic 328 is coupled to load logic 314 and performs operations specified by microinstructions passed from previous stages. Execution logic 328 includes logic, circuits, devices, or microcode (eg, microinstructions or native instructions), or a combination of logic, circuits, devices, or microcode, or equivalent components for performing operations specified by instructions. These components that perform operations in the execution logic 328 may be shared with circuits and microcodes that perform other functions in the microprocessor 301 . Execution logic includes a cryptographic unit 316 that receives data from load logic 314 that is required to perform specified cryptographic operations. The microinstruction instructs the cryptographic unit 316 to perform a specified cryptographic operation on the plurality of input text blocks 326 to generate a corresponding plurality of output text blocks 327 . The cryptographic unit 316 includes logic, circuits, devices or microcodes (eg, microinstructions or native instructions), or a combination of logics, circuits, devices or microcodes, or equivalent components for performing cryptographic operations. These components that perform operations in the cryptographic unit 316 may be shared with circuits and microcodes that perform other functions in the microprocessor 301 . In one embodiment, the cryptographic unit 316 operates in parallel with other execution units (not shown) within the execution logic 328 , such as integer units, floating point units, and the like. The implementation of a "unit" in the scope of this application includes logic, circuit, device or microcode (for example: microinstruction or native instruction), or a combination of logic, circuit, device or microcode, or is used to perform a specified function or Specifies the equivalent component of the operation. These components that perform specified functions or specified operations in specific units may be shared with circuits and microcodes that perform other functions in the microprocessor 301 . For example: in one embodiment, an integer unit includes logic, circuit, device or microcode (for example: microinstruction or native instruction), or a combination of logic, circuit, device or microcode, or for executing integer instructions, etc. effective components; a floating-point unit comprising logic, circuits, devices, or microcode (eg, microinstructions or native instructions), or a combination of logic, circuits, devices, or microcodes, or equivalent components for executing floating-point instructions ; then the components that execute integer instructions in the integer unit may be shared with other circuits, microcode, etc. that execute floating-point instructions in the floating-point unit. In an embodiment compatible with the x86 architecture, the cryptographic unit 316 operates in parallel with the x86 integer unit, x86 floating point unit, x86 Mathematic Matrix Extension (MMX) unit, x86 Streaming SIMD Extensions; SSE) unit. According to this scope of application, when an embodiment can correctly execute most of the application programs designed for x86 microprocessor execution, this embodiment is compatible with the x86 architecture, and an application program can be executed correctly to obtain its expected results. Alternative x86 compatible embodiments contemplate that the cryptographic units operate in parallel with a subset of the previously mentioned x86 execution units. The cryptographic unit 316 is coupled to the storage logic 317 and provides a corresponding plurality of output text blocks 327 , and the storage logic 317 is also coupled to the data cache 315 that assigns the output text data 327 to the system memory 321 for storage. This data cache 315 is coupled to writeback logic 318 which updates scratchpads 308-313 in temporary file 307 when the specified cryptographic operations complete. In one embodiment, microinstructions are synchronized with a clock signal (not shown) through each of the aforementioned logic stages 302, 303, 304, 307, 314, 316-318 so that operations can be performed simultaneously similar to Perform calculations online.

In the system memory 321, an application program requiring a specific cryptographic operation can directly instruct the microprocessor 301 to perform the operation through a single cryptographic instruction 322 (see XCRYPT instruction 322 for illustration). In a CISC embodiment, the XCRYPT instruction 322 includes a microinstruction specifying a cryptographic operation. In one embodiment, the XCRYPT instruction 322 utilizes a spare or unused instruction opcode present in the ISA. In an x86-architecture-compatible embodiment, the XCRYPT instruction 322 is a 4-byte instruction comprising an x86 prefixed REP (eg, 0xF3), two bytes of unused x86 opcode (eg, 0x0FA7), and one byte for a specified The block cipher mode is applied to perform a specified cipher operation. In one embodiment, the XCRYPT instruction 322 according to the present invention can be executed at the level of the application program provided by the system authority, so it can be programmed in the program flow of the instruction to provide to the microprocessor 301 whether it is directly by the application program or in the operating system. 320 under control. Since there is only one instruction 322 instructing the microprocessor 301 to perform the specified cryptographic operation, the completion of the operation should be obvious to the operating system 320 .

In operation, the operating system 320 launches an application program to execute on the microprocessor 301 . An XCRYPT instruction 322 is provided from memory 321 to fetch logic 302 as part of the instruction flow during execution of the application. However, before the XCRYPT instruction 322 is executed, the instructions in the program flow instruct the microprocessor 301 to initialize the contents of the scratchpad 308-312 so that they point to locations 323-327 in the memory 321, which include a cryptographic control word 323, An initialization cryptographic key 324 or a key schedule 324 , an initialization vector 325 (if necessary), input text 326 for operation, and output text 327 . The temporary storage 308-312 must be initialized before executing the XCRYPT command 322, because the XCRYPT command 322 and an additional temporary storage 313 containing the block count refer to the temporary storage 308-312, wherein the block count is encrypted in the input text range 326 or The number of decrypted data blocks. Therefore, the translation logic 303 retrieves the XCRYPT instruction from the fetch logic 302 and translates it into a sequence of corresponding microinstructions to instruct the microprocessor 301 to perform the specified cryptographic operations. A first plurality of microinstructions 305-306 in the corresponding microinstruction sequence, instructs the cryptographic unit 316 to load data from the loading logic 314, and begins to perform a specified number of cryptographic rounds to generate the output data of the corresponding block to provide to the storage logic 317 through output text range 327 stored in memory 321 by data cache 315 . A second plurality of microinstructions (not shown) in the corresponding microinstruction sequence instructs other execution units (not shown) in the microprocessor 301 to perform other operations required for completing specified cryptographic operations, such as: management Non-architectural scratchpad (not shown) including interim results and counts, update output and input pointer registers 311-312, update encryption/decryption initial pointer register 310 for input text block 326 (if needed), process unprocessed interruption etc. In one embodiment, registers 308-313 are architectural registers. Architectural registers 308-313 are registers defined in the instruction set architecture for implementing a particular microprocessor.

In one embodiment, the cryptographic unit 316 is divided into stages thus allowing pipelined processing of successive input text blocks 326 . The opposite embodiment is the single-stage cryptographic unit 316 . A third embodiment focuses on a two-stage cryptographic unit 316 that pipelines two successive input text blocks 326 . According to all embodiments, the cryptographic unit 316 is a device for buffering microinstructions and input literal blocks 326, and while storing output literal blocks 327 corresponding to previous input literal blocks 326, performing specified cryptographic operations on subsequent input text block 326 . In order to maximize the throughput of text blocks 326-327 through the cryptographic unit, microinstructions 305-306 are thus used to instruct to load subsequent input text blocks and output text blocks 327 corresponding to previous input text blocks 326 Before being stored, perform the specified cryptographic operations. Such an order allows for efficient pipeline processing of text blocks 326-327, and will be discussed in more detail later.

The block diagram 300 of FIG. 3 teaches the components required by the present invention, thus omitting much of the logic found in today's microprocessors 301 for simplicity of illustration. However, those skilled in the art will appreciate that particular implementations of microprocessor 301 today comprise many stages and logic, some of which are consolidated here for simplicity of illustration. For example, load logic 314 may embed an address generation phase following a cache interface phase after a cache thread alignment phase. It is important to note, however, that a complete cryptographic operation on the plurality of input text blocks 326 is made apparent to the operating system 320 by the operation of a single instruction 322 according to the present invention, and the execution of the single instruction 322 is This is accomplished by the cryptographic unit 316 operating in parallel and coordinating with other execution units in the microprocessor 301 . An alternative embodiment of the cryptographic unit 316 of the present invention in an implementation configuration is hardware similar to floating point units in microprocessors of previous years. The operation of the cryptographic unit 316 and the associated XCRPYT instruction 322 is fully compatible with previous operating systems and programs operating concurrently, and will also be discussed in more detail below.

Please refer to FIG. 4 , which is a block diagram of an embodiment of an atomic cryptographic instruction 400 of the present invention. The password command 400 includes an optional prefix field 401 , a repetition prefix field 402 , an operation code field 403 , and a block cipher mode field 404 . In one embodiment, the contents of the fields 401-404 correspond to the x86 instruction set architecture, and alternative embodiments may be considered to be compatible with other instruction set architectures.

Operationally, the front end 401 is used in many instruction set architectures to enable (enable) or disable (disable) some of the processing features of the main microprocessor, such as indicating 16-bit or 32-bit operations, indicating processing or accessing Specific memory segments, etc. The repetition prefix 402 is used to indicate that the cryptographic operation specified by the cryptographic instruction 400 is performed on a plurality of input data blocks (such as plaintext or ciphertext). Repeating the prefix 402 also implies that a corresponding microprocessor uses the contents of a plurality of architectural registers within it as pointers to locations in system memory containing parameters required to perform specified cryptographic operations. As mentioned above, in an x86 compatible embodiment, the value of the repeat prefix 402 is 0xF3, and according to the x86 architecture protocol, the password instruction is very similar in form to the x86 repeat string instruction, such as REP.MOV. For example: when the present invention is implemented by an x86-compatible microprocessor embodiment, the repeat prefix refers to a block count variable stored in architectural register ECX, a source address pointer stored in register ESI (pointing to input data for cryptographic operations) and a destination address pointer (pointing to output data in memory) stored in register EDI. In an embodiment compatible with x86, the present invention further expands the concept of the traditional repeating character string instruction to be able to refer to a control word group pointer stored in the register EDX, a password key pointer stored in the register EBX and a pointer to an initialization vector stored in register EAX (if required by the specified cipher mode).

The operation code field 403 designates the microprocessor to perform a cryptographic operation implicitly referred to by the control word pointer and referenced to a control word stored in memory. The present invention recognizes that the preferred choice of opcode values is to have a spare or unused opcode value in the ISA, by which compatibility with previous operating systems and application software is preserved in a compatible microprocessor. For example, as described above, the operation code field 403 of an x86-compatible embodiment uses 0x0FA7 to indicate that the specified cryptographic operation is performed. The block cipher mode field 404 indicates the particular block cipher mode to use for a particular cryptographic operation and will be discussed with reference to FIG. 5 .

FIG. 5 is a table 500 of example values of the block cipher mode field of the primitive cipher operation instruction in FIG. 4 . The value 0xC8 indicates that the cryptographic operation is completed using the electronic codebook (ECB) method; the value 0xD0 indicates that the cryptographic operation is completed using the cryptographic block chaining (CBC) method; the value 0xE0 indicates that the cryptographic operation is completed using the cryptographic feedback method (CFB); The output feedback mode (OFB) completes the cryptographic operation. All other values of the block cipher mode field 404 are reserved, and these modes are described in the aforementioned FIPS document.

Please refer to FIG. 6 , which is a block diagram of an embodiment of a more detailed encryption unit 617 in an X86 compatible microprocessor 600 of the present invention. The microprocessor 600 includes fetch logic 601 for fetching instructions from memory (not shown) for execution. The fetch logic 601 is coupled to the translation logic 602, and the translation logic 602 includes logic, circuits, devices or microcode (eg, microinstructions or native instructions), or a combination of logic, circuits, devices or microcodes, or for Translated instructions become equivalent components of the associated sequence of microinstructions. These components that perform translation in translation logic 602 may be shared with circuits, microcode, that perform other functions in microprocessor 600 . The translation logic 602 includes a translator 603 coupled to a microcode ROM 604 . Interrupt logic 626 is coupled to translation logic 602 by bus 628 . A plurality of software and hardware interrupt signals 627 are handled by interrupt logic 626 which indicates unhandled interrupts to translation logic 628 . The translation logic 628 is coupled to the microprocessor 600 and the successive stages include a register stage 605 , address stage 606 , load stage 607 , execute stage 608 , store stage 618 , and writeback stage 619 . Each successive stage contains logic to perform specific functions performed by associated instructions provided by fetch logic 601, as previously discussed in the microprocessor of FIG. 3 with reference to similarly named components. The x86 compatible embodiment 600 depicted in FIG. 6 is characterized by execution logic 632 in execution stage 608 , which includes parallel execution units 610 , 612 , 614 , 616 , 617 . An integer unit 610 receives and executes integer microinstructions from the microinstruction queue 609; a floating-point unit 612 receives and executes floating-point number microinstructions from the microinstruction queue 611; an MMX unit 614 receives and executes MMX microinstructions from the microinstruction queue 613; an SSE unit 616 receives and executes SSE microinstructions from the microinstruction queue 615 . In the x86 embodiment shown, a cryptographic unit 617 is coupled to the SSE unit 616 , a stall signal 621 , and a store bus 622 via a load bus 620 . The cryptographic unit 617 shares the microinstruction queue 615 of the SSE unit. An alternative embodiment may operate cryptographic unit 617 independently in parallel like units 610 , 612 and 614 . The integer unit 610 is coupled to an x86 EFLAGS register 624 which includes an X bit 625 whose state is configured to indicate whether a cryptographic operation is in progress. In one embodiment, the X bit 625 is bit 30 of an x86 ELFAGS register 624. In addition, the integer unit 610 accesses a machine specific register to evaluate the state of an E bit 629 indicating whether the cryptographic unit 617 is located in the microprocessor 600 . The integer unit 610 also accesses a D bit 631 in a feature control register 630 to enable or disable the cryptographic unit 617 . Microprocessor embodiment 301 of FIG. 3 , microprocessor 600 of FIG. 6 features the necessary components to teach an x86 compatible embodiment of the invention, and other components of the microprocessor are incorporated or omitted for simplicity of illustration. . Those skilled in the art will recognize that other components for a complete interface, such as data caches, bus interface units, clock generation and distribution logic, etc., are not shown.

In operation, instructions are fetched from memory (not shown) by the fetch logic 601 and provided to the translation logic 602 in synchronization with a clock signal (not shown). The translation logic 602 translates each instruction into a corresponding sequence of microinstructions, which are continuously provided to subsequent stages 605-608, 618, 619 of the microprocessor 600 synchronously with the clock signal. Each microinstruction in a sequence of microinstructions indicates the execution of a secondary operation, and the secondary operation is required to complete an overall operation specified by a relative instruction, for example, the address stage 606 generates an address, the temporary storage stage 605 from the specified cache The two operands recovered by the register (not shown) are added in the integer unit, and the result generated by one of the execution units 610, 612, 614, 616, 617 is stored by the storage logic 618 in memory, etc. According to the instruction in translation, the translation logic 602 utilizes the translator 603 to directly generate a sequence of microinstructions, or retrieves this sequence from the microcode ROM 604, or utilizes the translator 603 to directly generate a part of this sequence and extracts it from the microcode ROM 604 retrieves the rest of the sequence. Microinstructions are continuously executed synchronously with the clock through successive stages 605 - 608 , 618 , 619 of the microprocessor 600 . When the microinstruction reaches the execute stage 608, the execute logic 632 along with its operands (retrieved from the buffer in the scratch stage 605, or generated by logic in the address stage 606, or retrieved from the data cache by the load logic 608) , by placing the microinstructions in a corresponding microinstruction queue 609 , 611 , 613 , 615 and sending them to a specified execution unit 610 , 612 , 614 , 616 , 617 according to a specified route. Execution units 610 , 612 , 614 , 616 , 617 execute microinstructions and provide results to storage stage 618 . In one embodiment, the microinstruction contains a field indicating whether it can be performed in parallel with other operations.

In response to fetching an XCRYPT instruction as previously described, translation logic 602 generates associated microinstructions that instruct logic in subsequent stages 605-608, 618, 619 of microprocessor 600 to perform specified cryptographic operations. Accordingly, a first plurality of related microinstructions are directly routed to the cryptographic unit 617 and instruct the unit 617 to load data from the load bus 620, or load a block of input data and start to execute a specified number of cryptographic rounds to generate a The output data of the block, or the block output data generated by the storage logic 618 through the storage bus 620 is stored in the memory. As previously described with reference to FIG. 3 , the first plurality of related microinstructions is used to increase the advantageous characteristics of the cryptographic unit 617 to achieve efficient pipeline operation of multiple data blocks. More precisely, the first plurality of associated microinstructions are used to determine that a successive input text block has been loaded before storing an output text block corresponding to a previous input text block. This enables a specific cryptographic operation to be performed on a subsequent block of input text while the block of output text is being stored.

A second plurality of relevant micro-instructions are transmitted to other execution units 610, 612, 614, 616 according to their paths to perform other operations, which are necessary for completing specified cryptographic operations, such as the test of the E bit 629, enabling D bit 631, X bit 625 set to indicate cryptographic operation in progress, temporary storage (e.g., counter register, input literal pointer register, output literal pointer register) updated during temporary storage phase 605, indicated by interrupt logic 626 The processing of interrupt 627 and so on. The associated microinstructions are used to provide optimal execution of specified cryptographic operations on multi-block input data by interfacing with integer unit microinstructions in the cryptographic unit microinstruction sequence, so integer operations can be performed in parallel with cryptographic unit operations. The uop is included in the associated uop to enable or resume from pending interrupt 627 . Since all pointers and data to cryptographic parameters are provided in x86 architecture registers, their state is saved when the interrupt executes, and these states are restored when returning from the interrupt. Upon return from the interrupt, the microinstruction tests the state of the X bit 625 to determine if a cryptographic operation is in progress. If so, the operation is repeated for the particular input data block being processed when an interrupt occurs. Related microinstructions are used to allow updating pointer registers and intermediate results of a sequence of cryptographic operations on a sequence of input text blocks before processing interrupt 627 .

Please refer to FIG. 7 , which is a block diagram of fields of an example microinstruction 700 indicating cryptographic operations in the microprocessor of FIG. 6 . The microinstruction 700 includes a micro-opcode field 701 , a data register field 702 , and a register field 703 . The micro-opcode field 701 specifies the execution of a particular operation and specifies one or more stages of logic within the microprocessor 600 to perform the operation. The specified value of the micro-opcode field 701 designates a cryptographic unit according to the present invention to execute the indicated micro-instruction. In one embodiment, there are two specified values. A first value (XLOAD) specifies that data is to be retrieved from a memory location specified by the contents of an architectural register referred to by the contents of the data register field 702 . This data is loaded into a buffer within the cryptographic unit specified by the contents of the buffer field 703 . The recovered data (for example: cryptographic key data, control word, input text data, initialization vector) is provided to the cryptographic unit. The second value (XSTOR) of the micro-op field 701 indicates that the data generated by the cryptographic unit is stored at a memory location whose address is specified by the contents of an architectural register referred to by the contents of the data register field 702 . In a multi-stage embodiment of the cryptographic unit, the content of the register field 703 indicates that one of the plurality of output data blocks is stored in memory. The output data block is provided by the cryptographic unit in the data field 704 for storage logic access. More specific details of the XLOAD and XSTOR microinstructions executed by the cryptographic unit according to the present invention will be discussed with reference to FIG. 8 and FIG. 9 .

Please refer to FIG. 8 , which is a table of the values of the register field 703 of the XLOAD microinstruction format 700 of FIG. 7 . As previously mentioned, a sequence of microinstructions is generated in response to translations of an XCRPYT instruction. This sequence of microinstructions includes a first plurality of microinstructions, which are instructed to be executed by the cryptographic unit; and a second plurality of microinstructions, which are executed by one or more parallel functional units other than the cryptographic unit in the microprocessor . The second plurality of microinstructions instructs operations such as updating counters, temporary storage, architectural temporary storage, testing and setting state in machine-specific registers, and the like. The first plurality of microinstructions provides key data, cryptographic parameters, and input data to the cryptographic unit and instructs the cryptographic unit to generate a key schedule (or load a key schedule recovered from memory) to load and encrypt (or decrypt) the input text data, and Store output text data. An XLOAD microinstruction is provided to the cryptographic unit to load control block data, load a cryptographic key or key schedule, load initial vector data, load input text data and load input text data and instruct the cryptographic unit to start a specified cryptographic operation. An XLOAD microinstruction with a value of 0b010 in the register field 703 instructs the cryptographic unit to load a control word into its internal control word register. When the microinstruction is pipelined, an architectural control word pointer register access in the scratch stage obtains the address in memory where the control word is stored. The address logic translates this address into a physical address for memory access. The load logic retrieves the control word from the cache and passes it to the cryptographic unit. Likewise, the register field value 0b010 instructs the cryptographic unit to load the input literal data provided by the data field bit 704, and to start the specified cryptographic operation after loading. Like the control word, the input data is accessed by a register stored in the architectural register. A value of 0b010 indicates to load the input data provided by the data field bits 704 into the internal buffer IN-1. The data loaded into the IN-1 register is either input literal data (when pipelined) or an initialization vector. Values 0b110 and 0b111 instruct the cryptographic unit to load the lower and upper bits of a key in a cryptographic key or user generated key schedule, respectively. According to this application, a user is defined as performing a specific function or a specific operation, and the user can be embodied as an application program, an operating system, a machine or a person.

In one embodiment, the register field values 0b100 and 0b101 consider that a cryptographic unit has two stages, through which successive input text block data can be pipelined. Therefore, for pipeline processing of successive blocks of input data, a first XLOAD microinstruction is executed to provide a first block of input text data to IN-1, and then a first XLOAD microinstruction is executed to provide a second block of input Text data is given to IN-0, and instructs the cryptographic unit to start executing the specified cryptographic operation.

When a key schedule generated by a user is used to perform cryptographic operations, the XLOAD microinstruction corresponding to the number of keys in the key schedule generated by the user is sent to the cryptographic unit according to the set path, and the cryptographic unit instructs to load the key schedule Keys for each turn in the process.

All other values of register field 703 are reserved in XLOAD microinstructions.

Please refer to FIG. 9 , which is a table of the values of the register field 703 of the XSTOR microinstruction format 700 of FIG. 7 . An XSTOR microinstruction is issued to the cryptographic unit instructing it to provide the generated output text block to storage logic to store in memory at the address provided by address field 702 . Accordingly, the translation logic of the present invention issues an XSTOR microinstruction for a specific output text block after issuing an XSTOR microinstruction for a corresponding input text block. The value 0b100 of the register field 703 indicates that the cryptographic unit provides its associated internal OUT-0 register for storage logic storage. The content of OUT-0 is associated with the input text block provided to IN-0. Similarly, the internal output-1 register with the reference register field value 0b101 is associated with the input text data provided to IN-1. Accordingly, following the loading of the key and control word data, a plurality of input text blocks can be pipelined, and the password micro-instructions XLOAD.IN-1, XLOAD.IN-0 (XLOAD.IN-0 (XLOAD. IN-0 also instructs the cryptographic unit to start a cryptographic operation), XSTOR.OUT-1, XSTOR.OUT-0, XLOAD.IN-1, XLOAD.IN-0 (to start the next two input text block operations) and so on.

Please refer to FIG. 10 , which is a block diagram illustrating the format of an example control word 1000 for specifying cryptographic operation parameters in the present invention. The control word 1000 is programmed in memory by the user, and before performing cryptographic operations, the pointer to the control word 1000 is provided to an architectural register in a corresponding microprocessor. Accordingly, when a partial sequence of microinstructions corresponds to an XCRYPT instruction, an XLOAD microinstruction is issued to instruct the microprocessor to read architectural registers containing pointers, restore control word 1000 from memory (cache), and load Control block 1000 to the internal control block register of the cryptographic unit. The control block 1000 includes a reserved RSVD field 1001, a key size KSIZE field 1002, an encryption/decryption E/D field 1003, an intermediate result IRSLT field 1004, a key generation KGEN field 1005, a calculation ALG field 1006 and a round calculation RCNT field 1007.

All values in the reserved field 1001 are reserved. The content of the KSIZE field 1002 indicates the size of a cryptographic key used to perform encryption or decryption. In one embodiment, the KSIZE field 1002 either indicates a 128-bit key, a 192-bit key, or a 256-bit key. The E/D field 1003 indicates that the cryptographic operation is an encryption operation or indicates that the cryptographic operation is a decryption operation. The KGEN field 1005 indicates that it is a key schedule generated by the user in memory or a single cryptographic key in memory; The specified cryptographic calculation with the extended key becomes a key schedule. In one embodiment, the particular value of the ALG field 1006 specifically indicates a DES algorithm, a triple DES algorithm, or an AES algorithm as previously discussed. Alternative embodiments may consider other cryptographic algorithms such as Rijndael Cipher, Twofish Cipher, etc. The content of the RCNT field 1007 indicates a number of cryptographic rounds to complete for each block of input text according to the specified algorithm. Although the above-mentioned standard indicates a fixed number of cryptographic rounds preceding each input text block, the RCNT field 1007 allows a programmer to modify the number of rounds from the standard indication. In one embodiment, the programmer can specify each block from 0-15 rounds. Finally, the IRSLT field 1004 indicates whether encryption/decryption of an input text block is performed according to the cryptographic algorithm specified by ALG 1006 with the number of rounds specified by RCNT 1007, or whether encryption/decryption is performed according to the cryptographic algorithm specified by ALG 1006 with RCNT 1007 The specified number of rounds is executed, and the execution of the final round represents an intermediate result rather than a final result. Those skilled in the art will recognize that many cryptographic algorithms perform the same operations in each round except for the operations in the final round. The programming IRSLT field 1004 therefore provides intermediate results rather than final results, by which the programmer is allowed to check intermediate steps of the algorithm implementation. For example: to obtain an increased median value to check that the algorithm performs, say, one round of encryption on a block of text, then two rounds on the same block of text, then three rounds, etc. The ability to provide programmable round and intermediate results allows users to check cryptographic execution, debug, and achieve changes in key structures and round counts.

Please refer to FIG. 11 , which is a block diagram of a preferred embodiment of a cryptographic unit 1100 of the present invention. The cryptographic unit 1100 includes a micro-op code register 1103 , and the micro-op code register 1103 receives cryptographic micro-commands (such as XLOAD and XSTOR micro-commands) through a micro-command bus 1114 . The encryption unit 1100 also includes a control block register 1104 , an input-0 register 1105 and an input-1 register 1106 , a key-0 register 1107 and a key-1 register 1108 . Data is provided to registers 1104-1108 via a load bus 1111 as specified by the content of an XLOAD microinstruction in register 1103. The input-0 and input-1 registers 1105-1106 are configured to enable the buffering of subsequent input text blocks during the cryptographic operation of the current input text block. The cryptographic unit 1100 also includes block cryptographic logic 1101 coupled to all registers 1103 - 1108 and also to cryptographic key random access memory 1102 . Block code logic 1101 provides a pause signal 1113 and also provides block results to an output-0 register 1109 and an output-1 register 1110 . Output registers 1109-1110 route their contents through a memory bus 1212 to successive stages in a corresponding microprocessor. The cryptographic unit 1100 is configured to store data from the output registers 1109-1110 while the cryptographic operation is performed on subsequent blocks of input text. In one embodiment, microinstruction register 1103 is 32-bit in size, and each of the remaining registers 1104-1110 is a 128-bit register.

In operation, cryptographic microinstructions are sequentially provided to microinstruction register 1103 along with data, where data is assigned to control word register 1104, or one of input registers 1105-1106, or one of key registers 1107-1108. . In the embodiment discussed with reference to FIGS. 8 and 9, the control word is loaded into the control word register 1104 by an XLOAD microinstruction. Thus the cryptographic key or key schedule is loaded via successive XLOAD microinstructions. When a 128-bit cryptographic key is loaded, an XLOAD microinstruction is therefore provided to the designated KEY-0 register 1107 and, together with an XLOAD microinstruction, provided to the designated KEY-1 register 1108 . When a user-generated key is scheduled to be loaded, successive XLOAD microcommands are provided to the designated KEY-0 register 1107 . Each key in the key schedule is loaded and sequentially placed in the key random access memory 1102 for use by its corresponding cryptographic round. Following this, the input text data (if an initial vector is not required) is loaded into the IN-1 register 1106, and if an initial vector is required, it is loaded into the IN-1 register 1106 via an XLOAD microinstruction. An XLOAD microinstruction to the IN-0 register 1105 instructs the crypto unit to load the input text data into the IN-0 register 1105, and initiates the execution of the crypto round on the input text data in the IN-0 register 1105, which is based on the control word The content of group buffer 1104 provides parameters using initial vectors in IN-1 or in both input buffers 1105-1106 (when input data is pipelined). Upon receiving the XLOAD microinstruction specifying IN-0, the block cipher logic 1101 starts to execute the cipher operation specified by the content of the control word. When a single cryptographic key is required to be extended, the block cryptographic logic 1101 generates each key in the key schedule and stores it in the key random access memory 1102 . Regardless of whether a key schedule is generated by the block cipher logic 1101 or loaded from memory, the keys for the first round are cached in the block cipher logic 1101 so that the first block cipher round can be used without Access the key RAM1102 for processing. Once initialized, block cipher logic 1101 continues to perform specified cryptographic operations on one or more blocks of input text until the operation is complete; it continues to retrieve round keys from key RAM 1102 as required by the applied cryptographic algorithm. The cryptographic unit 1100 executes a specified block cryptographic operation on a specified input text block, and successive input text blocks are encrypted/decrypted by sequentially corresponding XLOAD and XSTOR microinstructions. When an XSTOR microinstruction is executed, if the specified output data (eg, OUT-0 or OUT-1) has not been fully generated, the block cipher logic 1101 asserts the suspend signal 1113 . Once the output data has been generated and placed in the corresponding output buffers 1109-1110, the contents of the registers 1109-1110 are then transferred to the storage bus 1112. Although the pause signal 1113 is displayed when the specified output data has not yet been fully generated, efficient data block pipeline processing through the cryptographic unit 1100 is achieved by the sequential Load and store microinstructions such that subsequent cryptographic operations on input literal blocks are always performed when required to store data in output registers 1109-1110.

Please refer to FIG. 12 , which is a block diagram of an embodiment of a block of cryptographic logic 1200 for performing cryptographic operations related to the Advanced Encryption Standard (AES) algorithm of the present invention. Block cipher logic 1200 includes a round engine 1220 coupled to round engine controller 1210 via buses 1211-1214 and buses 1216-1218. The round engine controller 1210 includes storage logic 1230 and accesses a uop register 1201, control word register 1202, KEY-0 register 1203, and KEY-1 register 1204 to access key data, uops, and all Indicates the parameters of the cryptographic operation. The contents of the input buffers 1205-1206 are provided to the round engine 1220 and the round engine 1220 provides the corresponding output text to the output buffers 1207-1208. Output registers 1207-1208 are also coupled to round engine controller 1210 via buses 1216-1217 to enable the round engine controller to access the results of each successive cryptographic round, which results are provided to round engine 1220 via NEXTIN bus 1218 next password round. The cryptographic keys in the key RAM (not shown) are accessed through the bus 1215 . ENC/DEC signal 1211 instructs the turn engine to perform either encryption (eg S-Box) or decryption (eg Reverse S-Box) with the secondary operation. The content of the RNDCON bus 1212 instructs the round engine 1220 to perform either a first AES round, an intermediate AES round or a final AES round. The key bus 1213 is used to provide each round key to the round engine 1220 when executing the corresponding round.

Round engine 1220 includes first key XOR logic 1221, this first key XOR logic 1221 is coupled to a first register REG-0 1222, this first register 1222 is coupled to S-Box logic 1223, this S-Box logic 1223 Coupled to ShiftRow logic 1224, the Shift Row logic 1224 is coupled to a second register REG-1 1225, the second register 1225 is coupled to Mix Colum logic 1226, and the Mix Colum logic 1226 is coupled to a third register REG-1 1225 2 1227. First Key Logic 1221 , S-Box Logic 1223 , Shift Row Logic 1224 , and Mix Column Logic 1226 are configured to perform operations on input text data, as specified in the previously discussed AES FIPS standard. Mix Colum Logic 1226 is additionally configured to perform an AES XOR function on incoming data during intermediate rounds when required using the round key provided via key bus 1213. First Key Logic 1221, S-Box Logic 1223, Shift Row Logic 1224, and Mix Column Logic 1226 are also configured to perform their relative reverse AES operations during decryption when indicated by the status of ENC/DEC 1211. Those skilled in the art can appreciate that the intermediate round data is fed back to the round engine 1220 according to the specific block encryption mode specified by the content of the control block register 1202 . The initialization vector data (if required) is provided to the round engine 1220 via the NEXTIN bus 1218 .

In the embodiment shown in Figure 12, the turn engine is divided into two phases: a first phase between REG-0 1222 and REG-1 1225 and a second phase between REG-1 1225 and REG-2 1227. The intermediate round data is synchronized with a clock signal (not shown) in the inter-stage pipeline for processing. When the input data of a block completes the cryptographic operation, its associated output data is placed in the corresponding output registers 1207-1208. In response to an XSTOR microinstruction, the store logic 1230 asserts the STORE signal 1214 to inform the round engine 1220 that the contents of the specified output registers 1207-1208 are being provided to the store bus (not shown). Output registers 1207-1208 may perform storage when subsequent input text blocks have been buffered in input registers 1205-1206 and while the next input text block is being processed by round engine 1220. How to load and store microinstructions according to the streamlined multiple data block pipeline processing of the present invention will be discussed in more detail with reference to FIGS. 13 to 16 .

Please refer to FIG. 13 , which is a table 1300 of an embodiment of the microinstruction stream of the present invention for a single-level embodiment of the cryptographic unit. As mentioned above, a single-level cryptographic unit can process one input text block at a time. However, this single-stage embodiment is configured in the same way as the multi-stage embodiment (a two-stage embodiment is shown and discussed in detail with reference to FIG. 12 ), that is, when the round engine performs a specified cryptographic operation on the current input The registers allow buffering of subsequent input block data, and when the subsequent input data block performs specified cryptographic operations, the output register and storage logic enables storage of the output block corresponding to the current input data block. The microinstruction flow in table 1300 does not take advantage of the previously mentioned properties that favor single-stage cryptographic units.

For the purposes of the teachings of the present invention, the execution of a load microinstruction LD.IN-0 requires two pipeline clock cycles. Once the input data is loaded into input register 0, the round engine starts automatically. For comparison purposes, the round engine takes 20 clock cycles to generate a corresponding output block, during which time a store instruction ST.OUT-0 is stalled. Similar to the load instruction LD.IN-0, the storage instruction ST.OUT-0 specifies that the execution of the storage operation requires two clock cycles. Accordingly, when a first load instruction LD.IN-0 is provided to the cryptographic unit at cycle 0, then after two cycles, the input data is loaded and the round engine starts executing, thus generating a corresponding output data field at cycle 22 piece. The corresponding store instruction ST.OUT-0 is stalled until the corresponding output data block is ready, so the store is completed in cycle 24 . A subsequent load instruction LD.IN-0 is suspended after the previous store instruction ST.OUT-0 until the store is complete, so the subsequent input text block is not loaded before cycle 26 .

As mentioned above, this sequence of load-store-load-store microinstructions does not contribute to the previously mentioned properties of the cryptographic unit. As a result, each block requires 24 cycles for performing cryptographic operations on multiple data blocks.

Please refer to FIG. 14 , which is a table 1400 of another embodiment of the microinstruction stream of the present invention for a single-level embodiment of a cryptographic unit. In contrast to the microinstruction flow discussed with reference to FIG. 13, this alternative microinstruction flow embodiment takes advantage of the advantageous properties of single-level cryptographic units. For comparison purposes, the number of clock cycles for the load instruction LD.IN-0, store instruction ST.OUT-0, and cryptographic operations to be executed by the round engine is the same as the embodiment discussed with reference to FIG. 13 .

According to this alternate microinstruction flow embodiment, when a first load instruction LD.IN-0 is provided to the cryptographic unit at cycle 0, then two cycles later, the input data is loaded and the round engine starts executing, thus generating at cycle 22 A corresponding output data block. However, since the input data can be buffered, the translation logic finishes issuing a second load instruction LD.IN0 in cycle 4 to load a subsequent input text block. Cryptographic operations performed on subsequent input text blocks are suspended until an output text block corresponding to the first input text block is generated (cycle 22), but subsequent input text blocks have been buffered in cycle 4, so their cryptographic operations Can start in cycle 23 and finish in cycle 42. The store instruction ST.OUT-0 corresponding to the output text of the first input block is provided by the translation logic after the subsequent block load instruction LD.IN-0. The store instruction ST.OUT-0 is suspended until the corresponding output data block is ready in cycle 22, but the store is completed in cycle 24. A subsequent load instruction LD.IN-0 is suspended after the previous store instruction ST.OUT-0 until the store is complete, so the subsequent input text block is not loaded before cycle 26 . By transferring two cycles to the processing of subsequent input text blocks by the turn engine. This microinstruction sequence can benefit from the previously mentioned properties of the cryptographic unit by initially performing two loads, thus increasing the throughput of multiple blocks to 20 cycles per block. The two clock cycles required to store an output block are effectively combined in the execution of a subsequent input word block cryptographic operation. In addition, the two cycles required to load subsequent input text blocks are incorporated into the execution of cryptographic operations on the current input text block.

Please refer to FIG. 15 , which is a table 1500 of an embodiment of the microinstruction stream of the present invention and a two-stage embodiment of the cryptographic unit. The two-stage embodiment is discussed in detail with reference to FIG. 12 , and it can process two consecutive input data blocks in a cycle of the round engine. Like the single-stage embodiment stream of Table 1300, the stream of Table 1500 does not benefit from its features to incorporate clock cycles in the cryptographic unit. For comparison purposes, the number of clock cycles for executing the load instruction LD.IN-0, the store instruction ST.OUT-0, and the cryptographic operation through the round engine is the same as the embodiments discussed with reference to FIGS. 13 and 14 . As mentioned above, register 1 executes the load instruction LD.IN-1 to only load input data to input register 1; a register LD.IN-0 executes to load input text data to input register 0, and through the round engine Initially process input data in input buffers 0 and 1. Since the round engine is staged, only 20 clock cycles are required to complete the encryption/decryption of the input data in the two input registers.

Therefore, the translation logic issues an LD.IN-1 microinstruction followed by an LD.IN-0 instruction. LD.IN-1 completes in cycle 2 and LD.IN-0 completes in cycle 4, and the round engine starts processing two input text blocks in cycle 5 and completes in cycle 24. The two subsequent store instructions ST.OUT-1 and ST.OUT-0 are paused until cycle 24 to wait for their corresponding input data word blocks to be processed, and the pause is lifted in cycle 24, which allows the store to be completed in cycle 28. Since no other input data is buffered, the two subsequent load instructions LD.IN-0, LD.IN-1 are suspended until the store is completed. Thus subsequent loading of chunks of input text occurs between cycles 29-32, and the chunks are processed by the turn engine between cycles 33-52.

Similar to the load-store-load-store sequence of microinstructions discussed with reference to the single-level cryptographic unit of Figure 13, the load-load-store-store-load-load-store-store sequence of Table 15 does not support efficient data benefit from the properties of the cryptographic unit of block processing. As a result, performing cryptographic operations on multiple data blocks in the two-level cipher unit requires 28 cycles for every two blocks.

Please refer to FIG. 16 , which is a table 1600 of another embodiment of the microinstruction flow of the present invention for the two-stage embodiment of the cryptographic unit. In contrast to the microinstruction flow discussed with reference to FIG. 15, this alternate microinstruction flow embodiment of table 1600 takes advantage of the advantageous properties of the two-stage cipher unit. For comparison purposes, the number of clock cycles for the load instruction LD.IN-0, store instruction ST.OUT-0, and cryptographic operations to be executed by the round engine is the same as the embodiment discussed with reference to FIG. 15 .

According to this alternate microinstruction flow embodiment, when a first load instruction LD.IN-1 is provided to the cryptographic unit at cycle 0 followed by a second load instruction LD.IN0, then after 4 cycles, the input data is loaded and The round engine starts to execute, so at cycle 24 a corresponding output data block is generated. However, because the input data can be buffered, the translation logic issues a second set of load instructions LD.IN-1, LD.IN-0 allowing two input literal blocks and completes the load in cycle 8. The cryptographic operation performed on subsequent input text blocks is suspended until two output text blocks respectively corresponding to the two first input text blocks are generated (cycle 24), but the subsequent two input text blocks have been buffered in cycle 8, Thus other cryptographic operations can be started at cycle 25 and completed at cycle 44 . The storage instructions ST.OUT-1, ST.OUT-0 corresponding to the two output texts of the two first input text blocks are provided by the translation logic after the subsequent block load instructions LD.IN-1, LD.IN-0 . The store commands ST.OUT-1, ST.OUT-0 are suspended until the corresponding output data blocks are ready in cycle 24, but are stored in cycle 28. 4 cycles have been diverted by the turn engine into the processing of subsequent input text blocks. This microinstruction sequence can benefit from the previously mentioned properties of the cryptographic unit by initially performing four loads, thus increasing the throughput of multiple blocks to 20 cycles per block. The four clock cycles required to store the output block are effectively combined in the execution of two subsequent input word block cryptographic operations. In addition, the four cycles required to load the next two input text blocks are incorporated into the execution period of the cryptographic operation for the current input two input text blocks.

Although the present invention and its objects, features and advantages have been described in detail, other embodiments should also be included in the present invention. For example: the present invention has discussed lengths in terms of x86-architecture-compatible embodiments, however these discussions have provided such means because the x86 architecture is easy to understand and provides sufficient means to teach the present invention. However, the present invention includes embodiments corresponding to other instruction set architectures, such as PowerPC, MIPS, and the like, as well as entirely new instruction set architectures.

The present invention also includes the execution of cryptographic operations by components other than the microprocessor in the computer system. For example, the cryptographic instructions according to the present invention can be easily applied to an embodiment of a cryptographic unit that is not part of a microprocessor. The same integrated circuit that performs as part of a computer system. Such embodiments of the present invention are intended for incorporation into chipsets (e.g., Northbridge, Southbridge) surrounding a microprocessor, or when a processor is used to perform cryptographic operations, its cryptographic instructions are offloaded from the main microprocessor ( hand off) to this processor. The present invention is applicable to embedded controllers, industrial controllers, signal processors, array processors, and any similar devices that process data. The invention also includes an embodiment that contains only the components necessary to perform cryptographic operations. Such embedded devices not only perform cryptographic operations, but also provide low-cost, low-power supplies, such as encryption/decryption processors in communication systems. For simplicity, this disclosure refers to these alternative processing components as the processors described above.

Furthermore, although the present invention refers to 128-bit blocks, many different block sizes can be used by varying the size of the registers that pass input data, output data, keys, and control words.

Also, while this application notably features DES, Triple DES, and AES, the present invention also includes lesser-known block cipher algorithms such as: MARS cipher, Rijndael cipher, Twofish cipher, Blowfish cipher, Serpent cipher, and RC6 cipher . It should be understood that the present invention provides means and supported algorithms for block ciphers in microprocessors, the primitive block cipher operations of which can be initiated by the execution of a single instruction.

Moreover, although the present invention is characterized by the block cipher algorithm and its related technologies to perform the block cipher function, other forms of cipher besides the block cipher are also included in the scope of application of the present invention. It is sufficient to observe that a single instruction is provided by which the user instructs a suitable microprocessor to perform a cryptographic operation, such as encryption or decryption, wherein the microprocessor contains a cryptographic unit which performs as directed The cryptographic function specified by the directive.

Also, the round engine discussed here provides a two-stage device that pipelines two blocks of input data, but other embodiments contemplate more than two stages. The allocation of stages will evolve to match the allocation of other stages in the microprocessor to pipeline processing that supports more blocks of input data.

Finally, while the present invention specifically discusses a single cryptographic unit supporting a plurality of algorithms, the present invention also provides insight into multiple cryptographic units operationally coupled in parallel with other execution units in a commensurate microprocessor, where each multiple cryptographic unit is configured It is used to perform a specified cryptographic calculation, for example: a first unit is configured to perform AES, a second unit is configured to perform DES, and so on.

The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the patent scope of the present invention; all other equivalent changes or modifications completed under the spirit disclosed by the present invention shall be included in the following scope of the patent application.

Claims (29)

1. a device of carrying out crypto-operation is characterized in that, the device of described this execution crypto-operation comprises:

One cipher instruction is that wherein this cipher instruction is specified a crypto-operation by calculation element reception and with its part as an instruction stream that is executed in this calculation element;

Translation logic, operational coupled becomes microcommand in this cipher instruction and configuration in order to translate this cipher instruction, wherein this microcommand is in order to storing at this calculation element of indication before the output character block corresponding to one first input characters block, indicates this calculation element to load one second input characters block and to this this crypto-operation of second input characters onblock executing;

During this crypto-operation was to this second input characters onblock executing, this output character block can be stored by this.

2. the device of execution crypto-operation as claimed in claim 1 is characterized in that, described this crypto-operation comprises:

One cryptographic calculation, this cryptographic calculation comprise the encryption of a plurality of plaintext blocks to produce a plurality of relatively ciphertext blocks;

Wherein these a plurality of plaintext blocks comprise:

This first and second input characters block; And

Wherein these a plurality of relatively ciphertext blocks comprise:

This output character block.

3. the device of execution crypto-operation as claimed in claim 1 is characterized in that, described this crypto-operation comprises:

One decrypt operation, this decrypt operation comprise the deciphering of a plurality of ciphertext blocks to produce a plurality of relatively plaintext blocks;

Wherein these a plurality of ciphertext blocks comprise:

This first and second input characters block; And

Wherein these a plurality of relatively plaintext blocks comprise:

This output character block.

4. the device of execution crypto-operation as claimed in claim 1 is characterized in that, more comprises:

Actuating logic, operational coupled is to receive this microcommand and to dispose in order to store this output character block when this crypto-operation is executed in this second input characters block.

5. the device of execution crypto-operation as claimed in claim 4 is characterized in that, described this actuating logic comprises a password unit.

6. the device of execution crypto-operation as claimed in claim 5 is characterized in that, described this password unit is that configuration is in order to carry out this crypto-operation according to advancing the rank encryption standard.

7. the device of execution crypto-operation as claimed in claim 5 is characterized in that, described this password unit comprises:

One or two rank bout engine, configuration is carried out this first and second input characters block in order to pipeline.

8. the device of execution crypto-operation as claimed in claim 1 is characterized in that, described this microcommand comprises:

One loads microcommand, and configuration is in order to indicate this calculation element to load this second input characters block and to carry out this crypto-operation in this second input characters block; And

One stores microcommand, and configuration is in order to indicate this calculation element to store this output character block.

9. the device of execution crypto-operation as claimed in claim 1 is characterized in that, described this cipher instruction is specified according to x86 command format.

10. the device of execution crypto-operation as claimed in claim 1 is characterized in that, described this cipher instruction is implicit with reference to a plurality of buffers in this calculation element.

11. the device of execution crypto-operation as claimed in claim 10 is characterized in that, described these a plurality of buffers comprise:

One first buffer, wherein the content of this first buffer comprises one first pointer to one first memory address, this first memory address is according to a primary importance is with a plurality of input characters blocks of access in this crypto-operation specified memory of finishing, and wherein these a plurality of input characters blocks comprise this first and second input characters block.

12. the device of execution crypto-operation as claimed in claim 10 is characterized in that, described these a plurality of buffers comprise:

One second buffer, wherein the content of this second buffer comprises one second pointer to one second memory address, a second place is to store a plurality of relatively output character blocks in this second memory address specified memory, these a plurality of relatively output character blocks are the results according to a plurality of input characters these crypto-operations that block is finished, and wherein these a plurality of output character blocks comprise this output character block.

13. the device of execution crypto-operation as claimed in claim 10 is characterized in that, described these a plurality of buffers comprise:

One the 3rd buffer, wherein the content of the 3rd buffer is indicated the literal block of a quantity in a plurality of input characters blocks.

14. the device of execution crypto-operation as claimed in claim 10 is characterized in that, described in these a plurality of buffers comprise:

One the 4th buffer, wherein the content of the 4th buffer comprises one the 3rd pointer to one the 3rd memory address, in the 3rd memory address specified memory one the 3rd position with the key data that accesses to your password to be used to finish this crypto-operation.

15. the device of execution crypto-operation as claimed in claim 10 is characterized in that, described these a plurality of buffers comprise:

One the 5th buffer, wherein the content of the 5th buffer comprises one the 4th pointer to one the 4th memory address, one the 4th position in the 4th memory address specified memory, the 4th position comprises an initial vector position, and the content of this initial vector position comprises an initial vector or initial vector equivalent to be used to finish this crypto-operation.

16. the device of execution crypto-operation as claimed in claim 10 is characterized in that, described these a plurality of buffers comprise:

One the 6th buffer, wherein the content of the 6th buffer comprises the five fingers at one the 5th memory address, to be used to finish this crypto-operation, wherein this control word group designated pin parameter is given this crypto-operation to interior one the 5th position of the 5th memory address specified memory with access one control word group.

17. a device of carrying out crypto-operation is characterized in that, the device of described this execution crypto-operation comprises:

Translation logic, configuration becomes the microcommand of a sequence in order to translate a cipher instruction, and the microcommand of this sequence comprises:

One first microcommand, indication loads one second input characters block and carries out a crypto-operation in this second input characters block; And

One second microcommand, indication stores one first output character block, this first output character block according to this crypto-operation of carrying out corresponding to one first input characters block;

Wherein this translation logic was issued this first microcommand before this second microcommand of issue;

During this crypto-operation was to this second input characters onblock executing, this output character block can be stored by this.

18. the device of execution crypto-operation as claimed in claim 17 is characterized in that, described this crypto-operation comprises:

One cryptographic calculation, this cryptographic calculation comprise the encryption of a plurality of plaintext blocks to produce a plurality of relatively ciphertext blocks;

Wherein these a plurality of plaintext blocks comprise:

This first and second input characters block; And

Wherein these a plurality of relatively ciphertext blocks comprise:

This output character block.

19. the device of execution crypto-operation as claimed in claim 17 is characterized in that, described this crypto-operation comprises:

One decrypt operation, this decrypt operation comprise the deciphering of a plurality of ciphertext blocks to produce a plurality of relatively plaintext blocks;

Wherein these a plurality of ciphertext blocks comprise:

This first and second input characters block; And

Wherein these a plurality of relatively plaintext blocks comprise:

This output character block.

20. the device of execution crypto-operation as claimed in claim 17 is characterized in that, more comprises:

One password unit, operational coupled is to receive this microcommand and to dispose in order to store this output character block when this crypto-operation is executed in this second input characters block.

21. the device of execution crypto-operation as claimed in claim 20 is characterized in that, described this password unit is that configuration is in order to carry out this crypto-operation according to advancing the rank encryption standard.

22. the device of execution crypto-operation as claimed in claim 20 is characterized in that, described this password unit comprises:

One or two rank bout engine, configuration is carried out this first and second input characters block in order to pipeline.

23. the device of execution crypto-operation as claimed in claim 17 is characterized in that, described this cipher instruction is specified according to x86 command format.

24. the method at a device execution crypto-operation is characterized in that, described should comprising in the method for a device execution crypto-operation:

Translate a cipher instruction and become one first microcommand and one second microcommand, this cipher instruction is specified a crypto-operation, this first microcommand is indicated this device to load one second input characters block and is carried out this crypto-operation in this second input characters block, this second microcommand indicates this device to store one first output character block, this first output character block according to this crypto-operation of carrying out corresponding to one first input characters block; And

Issue and issue this second microcommand to this password unit after this first microcommand is given a password unit;

During this crypto-operation was to this second input characters onblock executing, this output character block can be stored by this.

25. the method at a device execution crypto-operation as claimed in claim 24, wherein this is translated and comprises:

By specify by this first microcommand carry out a cryptographic calculation in this second literal block to produce relative second a ciphertext block.

26. the method at a device execution crypto-operation as claimed in claim 24 is characterized in that described this translated and comprised:

By specify by this first microcommand carry out a decrypt operation in this second literal block to produce a relative second plaintext block.

27. the method at a device execution crypto-operation as claimed in claim 24 is characterized in that, more comprises:

Carry out this first and second microcommand in a password unit, wherein this execution comprises:

When carrying out this crypto-operation, store this output character block in this second input characters block.

28. the method at a device execution crypto-operation as claimed in claim 24 is characterized in that, described this cipher instruction is specified this crypto-operation of execution according to advancing the rank encryption standard.

29. the method at a device execution crypto-operation as claimed in claim 24 is characterized in that, more comprises:

Carry out this first and second microcommand in a password unit, wherein this execution comprises through one or two this first and second input characters block of rank bout engine pipeline.

Images