ENCRYPTION APPARATUS APPLYING KASUMI ENCRYPTION
ALGORITHM
Technical Field The present invention relates generally to an encryption apparatus, and more particularly to an encryption apparatus applying a KASUMI encryption algorithm.
Background Art Recently, with the development of the wired and radio communication techniques, the protection of information on networks becomes a matter of increasing concern. Especially, in developing the 3rd generation partnership project (3 GPP) system that is the 3 rd generation radio communication system, the diverse security characteristics that can protect the information, development of encryption algorithms for authenticating the stability and reliability of the system, and worldwide applicable standardization of techniques are now required.
Accordingly, TSG-SA that is the technical group of the 3GPP system and organized around the standard technique development organizations including European Telecommunications Standards Institute (ETSI) requested SAGE that is the encryption algorithm experts group of ETSI to develop 11 security-related algorithms called fO-f O. The 11 security-related algorithms have been defined in the TS33.102v3.7.0 standard documents.
In the standard documents defining the 11 security-related algorithms developed by SAGE of ETSI as described above, the authentication part defines fl that is an algorithm for random number generation, an fl algorithm for subscriber's network authentication, fl * algorithm for resynchronized message authentication, f2 algorithm for subscriber authentication, £3 algorithm for radio-area encryption key generation, f4 algorithm for radio-area integrity key generation, f5 algorithm for subscriber anonymity key generation, and f5* algorithm for resynchronized anonymity key generation. The authentication part also defines an f8 algorithm for radio-area user data encryption required in a terminal and a radio network controller, and that is a radio-area user traffic integrity authentication algorithm.
Especially, after the standardization of the f8 encryption algorithm and the f9 integrity algorithm, a KASUMI encryption algorithm has been newly developed
based on the MISTY that is a secret key encryption algorithm developed and made public by Mtsubishi Corporation in Japan.
However, since the conventional implementation technique applying the KASUMI algorithm in the 3GPP system mostly processes the traffic by software, its 5 throughput is lowered, and a large amount of traffic causes the system to have a large amount of load. For example, the RNC switch equipment of the 3GPP system performs the KASUMI encryption algorithm using a power PC processor, and this causes the system to bear a large amount of load, resulting in that the power PC processor should be additionally used to cause a heavy manufacturing cost and
10 inefficiency.
In the 3 GPP system, there are not so many conventional hardwired techniques using the KASUMI encryption algorithm, and thus encryption apparatuses that apply the conventional MISTY encryption algorithm or a data encryption standard (DES) encryption algorithm have been developed.
15 Especially, Japanese Patent Laid-open Nos. Pyung 09-0269727 "Encryption method and apparatus", Pyung 09-0251267 "Encryption method and apparatus", etc., have been disclosed as the conventional encryption apparatuses applying the DES encryption algorithm. However, since they construct a round circuit in a manner that the round circuit is pipelined through insertion of a register between
20 rounds, the power consumption is severe, and the area required for the apparatus becomes large. This causes the diverse encryption techniques not to be applied to portable terminals or high-performance servers that require the low power consumption and the small installation area.
25 Disclosure of the Invention
Therefore, an object of the present invention is to solve the problems involved in the prior art and to provide an encryption apparatus applying a KASUMI encryption algorithm wherein a round circuit is constructed through combination of an FL block with an FO block which separate a secret key defined in the KASUMI
30 encryption algorithm and provided from a secret key scheduler and 64-bit text data into 32-bit data, respectively, and perform a specified encryption operation function, and the FO block is constructed through a multistage pipeline using a plurality of pipeline registers.
In order to accomplish the above-mentioned object, the present invention 35 provides an encryption apparatus applying a KASUMI encryption algorithm
_i'#©
comprising a register section for selecting and storing either of text data and input data obtained after performing a round operation, a secret key scheduler for generating secret keys for encrypting the text data, an FL block for operating output data of the register section and the secret key with an FL function defined in the KASUMI encryption algorithm, an FO block for operating the output data of the register section and the secret key with an FI function defined in the KASUMI encryption algorithm and an exclusive-OR function, an adder section for exclusive- OR-gating output data of the FL block and the FO block and the output data of the register section and applying exclusive-OR-gated data to the register section, and an input/output control section for selecting the input data of the FL block and the FO block and selecting paths of the output data of the FL block and the FO block.
In another aspect of the present invention, there is provided an encryption apparatus applying a KASUMI encryption algorithm comprising a pipeline register section for selecting and storing either of text data and input data obtained after performing a round operation, a secret key scheduler for generating secret keys for encrypting the text data, an FL1 block for operating output data of the pipeline register section and the secret key with an FL function defined in the KASUMI encryption algorithm, an FO block having a three-stage pipeline structure and operating output data of the FL1 block and the pipeline register section and the secret key with an FI function defined in the KASUMI encryption algorithm and an exclusive-OR function, FL2 block for operating output data of the FO block and the secret key with the FL function defined in the KASUMI encryption algorithm, an adder section for exclusive-OR-gating output data of the FO block and the FL2 block and the output data of the pipeline register section so that the output data of the FO block and the FL2 block are synchronized with the output data of the pipeline register section and applying exclusive-OR-gated data to the pipeline register section, and an input/output control section for selecting the input data of the FO block and selecting a path of the output data of the FO block.
Brief Description of the Drawings
The above object, other features and advantages of the present invention will become more apparent by describing the preferred embodiments thereof with reference to the accompanying drawings, in which:
FIG. 1 is a view illustrating the construction of an encryption apparatus according to a first embodiment of the present invention.
FIG. 2 is a view illustrating the construction of a secret key scheduler of FIG. 1.
FIG. 3 is a view illustrating the construction of an encryption apparatus according to a second embodiment of the present invention. FIG. 4 is a view illustrating the construction of an FO block of FIG. 3.
FIG. 5 is a view illustrating the construction of an FI sub-block illustrated in FIG. 4.
FIG. 6 is a view illustrating the construction of another FO block of FIG. 3.
FIG. 7 is a view illustrating the construction of a secret key scheduler of FIG. 3.
FIG. 8 is a view illustrating the construction of another secret key scheduler of FIG. 3.
FIG. 9 is a view illustrating the construction of a two-round circuit implementing the encryption apparatus according to the first embodiment of the present invention.
FIG. 10 is a view illustrating the construction of a two-round circuit for applying a two-stage pipeline which implements the encryption apparatus according to the first embodiment of the present invention.
FIG. 11 is a view illustrating the construction of a two-round circuit for applying a four-stage pipeline that combines the encryption apparatuses according to the first and second embodiments of the present invention.
FIG. 12 is a view illustrating the construction of a two-round circuit for applying an eight-stage pipeline that combines the encryption apparatuses according to the first and second embodiments of the present invention.
Best Mode for Carrying Out the Invention
Now, the encryption apparatus applying a KASUMI encryption algorithm according to preferred embodiments of the present invention will be described in detail with reference to the annexed drawings. FIG. 1 is a view illustrating the construction of an encryption apparatus according to a first embodiment of the present invention.
Referring to FIG. 1, a first multiplexer 110 of a register section 100 selects and outputs either of upper 32-bit input data of 64-bit text data and 32-bit input data obtained after performing an even round operation.
A first register 120 temporarily stores output data of the first multiplexer 110.
A second multiplexer 130 selects and outputs either of lower 32-bit input data of the 64-bit text data and 32-bit input data obtained after performing an odd round operation.
A second register 140 temporarily stores output data of the second multiplexer 130.
A secret key scheduler 150 generates secret keys for encrypting the 64-bit text data. An FL block 160 operates output data of the first register 120 and the second register 140 and the secret key Ki from the secret key scheduler 150 with an FL function defined in the KASUMI encryption algorithm, and outputs 32-bit resultant data.
An FO block 170 operates the output data of the first register 120 and the second register 140 and the secret key Ki from the secret key scheduler 150 with an
FI function defined in the KASUMI encryption algorithm and an exclusive-OR function, and outputs 32-bit resultant data.
A first adder 180 of an adder section 180A exclusive-OR-gates the even- round 32-bit output data of the FL block 160 and the output data of the first register 120, and outputs the even-round 32-bit data to the first multiplexer 110.
A second adder 190 exclusive-OR-gates the odd-round 32-bit output data of the FO block 170 and the output data of the second register 140, and outputs the odd-round 32-bit data to the second multiplexer 130.
A third multiplexer 200 of an input/output control section 200A applies the output data of the first register 120 to the FL block 160 in the odd round, and applies the output data of the FO block 170 to the FL block 160 in the even round.
A fourth multiplexer 210 applies the output data of the FL block 160 to the FO block 170 in the odd round, and applies the output data of the second register 140 to the FO block 170 in the even round. A fifth multiplexer 220 applies the output data of the FL block 160 to the fourth multiplexer 210 in the odd round, and applies the output data of the FL block 160 to the first adder 180 in the even round.
A sixth multiplexer 230 applies the output data of the FO block 170 to a second adder 190 in the odd round, and applies the output data of the FO block 170 to the third multiplexer 200 in the even round.
Referring to FIG. 2, a C-constant register 151 of the secret key scheduler 150 stores 8 C-constant values of 16 bits CI, C2, C3, C4, C5, C6, C7, and C8 defined for key scheduling in the KASUMI encryption algorithm, and whenever one clock is generated, one C-constant value rotates to the left side. A secret key register 152 of the secret key scheduler 150 stores 8 secret key values of 16 bits Kl, K2, K3, K4, K5, K6, K7, and K8 defined by a user, and whenever one clock is generated, one secret key value rotates.
The time for the rotation of one secret key value is synchronized with the time for the rotation of one C-constant value to the left side. A plurality of rotators 153, 153a, 153b, and 153c of the secret key scheduler 150 generate specified secret keys by rotating the specified secret key values of the secret key register 152 to the left side as many as the determined number of bits, respectively.
At an initial state, the four rotators 153, 153a, 153b, and 153c as shown in FIG. 2 generate the secret keys KLl, KOI, KO2, and KO3 by rotating the initial secret key values Kl, K2, K6, and K7 stored in the secret key register 152 to the left side by 1 bit, 5 bits, 8 bits, and 13 bits, respectively. Thereafter, they depend on the operation principle of the secret key register 152.
A plurality of adders 154, 154a, 154b, and 154c of the secret key scheduler 150 generate the secret keys by exclusive-OR-gating the specified secret key values of the secret key register 152 and the corresponding C-constant values, respectively.
At an initial state, the four adders 154, 154a, 154b, and 154c as shown in FIG. 2 generate the secret keys KL2, KI2, KIl, and KB by exclusive-OR-gating the initial secret key values K3, K4, K5, and K8 stored in the secret key register 152 and the corresponding C-constant values C3, C4, C5, and C8, respectively. Thereafter, the operation of the moving key values and constant values is performed according to the operation of the secret key register 152 and the C-constant register 151.
The encryption apparatus applying the KASUMI encryption algorithm as constructed above according to the present invention operates as follows. The encryption apparatus illustrated in FIG. 1 includes a low power consumption type round circuit that does not apply the pipeline, and the secret key scheduler 150. A one-round operation is performed for one clock cycle, and the encryption apparatus encrypts the 64-bit text input data by repeatedly performing the round operation eight times in all.
--,_,__,„
PCT/KR02/00695
7
Initially, the upper 32-bit data of the 64-bit text input data is inputted to the first multiplexer 110 through an initial input port 111, and simultaneously the lower 32-bit data of the 64-bit text input data is inputted to the second multiplexer 130 through an initial input port 131. At this time, the upper 32-bit data inputted to the first multiplexer 110 is stored in the first register via the first multiplexer 110 as indicated as a solid line in FIG. 1. Also, the upper 32-bit data sequentially passes through the third multiplexer 200, FL block 160, fifth demultiplexer 220, fourth multiplexer 210, FO block 170, and sixth demultiplexer 230, and then exclusive-OR-gated with the lower 32-bit data stored in the second register 140 by the second adder 190. The exclusive-OR-gated data is then inputted to an odd-round performing result data input port 132 of the second multiplexer 130.
The 32-bit data exclusive-OR-gated by the second adder 190 and inputted to the second multiplexer 130 is newly stored in the second register 140 via the second multiplexer 130.
The upper 32-bit data newly stored in the second register 140, as shown as a dotted line in FIG. 1, sequentially passes through the fourth multiplexer 210, FO block 170, sixth demultiplexer 230, third multiplexer 200, FL block 160, and fifth demultiplexer 220, and then exclusive-OR-gated with the upper 32-bit data stored in the first register 120 by the first adder 180. The exclusive-OR-gated data is then inputted to an even-round performing result data input port 112 of the first multiplexer 110.
The 32-bit data exclusive-OR-gated by the first adder 180 and inputted to the first multiplexer 110 is newly stored in the first register 120 via the first multiplexer 120.
FIG. 3 is a view illustrating the construction of an encryption apparatus according to a second embodiment of the present invention.
Referring to FIG. 3, a first multiplexer 110a of a pipeline register section 100 A selects and outputs either of upper 32-bit input data of 64-bit text data and 32- bit input data obtained after performing an even round operation.
A first pipeline register 120a temporarily stores output data of the first multiplexer 110a.
A second multiplexer 130a selects and outputs either of lower 32-bit input data of the 64-bit text data and 32-bit input data obtained after performing an odd round operation.
__,__,__,,
PCT/KR02/00695
8
A second pipeline register 140a temporarily stores output data of the second multiplexer 130a.
A secret key scheduler 150a generates secret keys for encrypting the 64-bit text data. An FL1 block 160a operates output data of the first pipeline register 120a and the second pipeline register 140a and the secret key Ki from the secret key scheduler 150a with an FL function defined in the KASUMI encryption algorithm, and outputs 32-bit resultant data.
An FO block 170a has a three-stage pipeline structure including three pipeline registers 305, 305a, and 305b. The FO block 170a operates the output data of the FL1 block 160a and the second pipeline register 140a and the secret key Ki from the secret key scheduler 150a with an FI function defined in the KASUMI encryption algorithm and an exclusive-OR function, and outputs 32-bit resultant data. An FL2 block 190a operates the even-round 32-bit output data of the FO block 170a and the secret key from the secret key scheduler 150a with the FL function defined in the KASUMI encryption algorithm, and outputs 32-bit data.
A first adder 180a of an adder section 180B exclusive-OR-gates the odd- rounded 32-bit output data of the FO block 170a and the output data of the second pipeline register 140a, and outputs the odd-rounded 32-bit data to the second multiplexer 130a.
A second adder 200a exclusive-OR-gates the output data of the FL2 block 190a and the output data of the first pipeline register 120a, and outputs the even- round 32-bit data to the first multiplexer 110a. A third multiplexer 210a of an input/output control section 200B applies the output data of the FL1 block 160a to the FO block 170a in the odd round, and applies the output data of the second pipeline register 140a to the FO block 170a in the even round.
A fourth demultiplexer 220a applies the output data of the FO block 170a to the first adder 180a in the odd round, and applies the output data of the FO block
170a to the FL block 190a in the even round.
A first sync register 230a synchronizes an input time of the output data of the second pipeline register 140a inputted to the first adder 180a with an input time of the output data of the FO block 170a inputted to the first adder 180a via the fourth demultiplexer 220a.
A second sync register 240 synchronizes an input time of the output data of the FL2 block 190a inputted to the second adder 200a with an input time of the output data of the first pipeline register 120a.
Referring to FIG. 4, the FO block 170a has the three-stage pipeline structure composed of a fist pipeline section 310, a second pipeline section 320, and a third pipeline section 330, and thus a four-stage pipeline is constructed along with the first and second pipeline registers 120a and 140a.
The first pipeline section 310 stores upper 16-bit data of the 32-bit input data as upper 16-bit data of the first pipeline register by separating the upper 16-bit data into upper 9-bit data and lower 7-bit data and operating the 9-bit data and the 7- bit data with the FI function defined in the KASUMI encryption algorithm and the exclusive-OR function, and simultaneously stores the lower 16 bit data of the 32-bit input data as lower 16-bit data of the first pipeline register. Then, the first pipeline section 310 outputs 16-bit data by separating the upper 16-bit output data of the first pipeline register into upper 9-bit data and lower 7-bit data and operating the 9-bit data and the 7-bit data with the FI function defined in the KASUMI encryption algorithm, and then outputs the upper 16-bit data by exclusive-OR-gating the 16-bit output data and the lower 16-bit output data of the first pipeline register.
The second pipeline section 320 stores the upper 16-bit output data of the first pipeline register as upper 16-bit data of the second pipeline register, and simultaneously stores the lower 16-bit output data of the first pipeline register as lower 16-bit data of the second pipeline register by separating the lower 16-bit output data of the first pipeline register into upper 9-bit data and lower 7-bit data and operating the 9-bit data and the 7-bit data with the FI function defined in the KASUMI encryption algorithm and the exclusive-OR function. Then, the second pipeline section 320 outputs 16-bit data by separating the lower 16-bit output data of the second pipeline register into upper 9-bit data and lower 7-bit data and operating the 9-bit data and the 7-bit data with the FI function defined in the KASUMI encryption algorithm, and then outputs the lower 16-bit data by exclusive-OR-gating the 16-bit output data and the upper 16-bit output data of the second pipeline register.
The third pipeline section 330 stores the upper 16-bit data of the second pipeline register as upper 16-bit data of the third pipeline register by separating the upper 16-bit data of the second pipeline register into upper 9-bit data and lower 7-bit data and operating the 9-bit data and the 7-bit data with the FI function defined in
the KASUMI encryption algorithm and the exclusive-OR function, and simultaneously stores the lower 16 bit data of the second pipeline register as lower 16-bit data of the third pipeline register. Then, the third pipeline section 330 outputs 16-bit data by separating the upper 16-bit output data of the third pipeline register into upper 9-bit data and lower 7-bit data and operating the 9-bit data and the 7-bit data with the FI function defined in the KASUMI encryption algorithm, and then outputs the upper 16-bit data by exclusive-OR-gating the 16-bit output data and the lower 16-bit output data of the third pipeline register.
A first adder 301 of each pipeline section 310, 320, or 330 exclusive-OR- gates the upper or lower 16-bit data of the 32-bit input data and the secret key from the secret key scheduler 150a.
A first FI sub-block 302 of each pipeline section 310, 320, or 330 operates 16-bit output data of the first adder 301 with the FI function defined in the KASUMI encryption algorithm, and separates the 16-bit data into upper 9-bit data and lower 7- bit data.
A second adder 303 of each pipeline section 310, 320, or 330 exclusive- OR-gates the 9-bit data from the first FI sub-block 302 and the secret key from the secret key scheduler 105a.
A third adder 304 of each pipeline section 310, 320, or 330 exclusive-OR- gates the 7-bit data from the first FI sub-block 302 and the secret key from the secret key scheduler 105a.
Pipeline registers 305, 305a, and 305b of the pipeline sections 310, 320, and 330 store the 9-bit output data of the second adder 303 and the 7-bit output data of the third adder 304 as their upper 16-bit data, and temporarily store the lower or upper 16-bit data of the 32-bit input data.
A second FI sub-block 306 of each pipeline section 310, 320, or 330 operates the 9-bit data and the 7-bit data exclusive-OR-gated by the second adder 303 and the third adder 304 and then stored in the pipeline registers 305, 305a, and 305b with the FI function defined in the KASUMI encryption algorithm, and outputs 16-bit data.
A fourth adder 307 of each pipeline section 310, 320, or 330 exclusive-OR- gates the output data of the second FI sub-block 306 and the lower or upper 16-bit output data of the pipeline registers 305, 305a, and 305b, and outputs 16-bit data.
Referring to FIG. 5, an S9 box 410 of each FI sub-block 304 or 306 operates the upper 9-bit data of the 16-bit input data with a specified Boolean logical function in the KASUMI encryption algorithm.
A first adder 420 of each FI sub-block 304 or 306 exclusive-OR-gates the 9-bit output data of the S9 box 410 and 9-bit data obtained by performing an upper zero-bit extension function with respect to the lower 7 bits of the 16-bit input data, and outputs 9-bit data.
An S7 box 430 of the FI sub-block 304 or 306 operates the lower 7-bit data of the 16-bit input data with a specified Boolean logical function in the KASUMI encryption algorithm.
A second adder 440 of the FI sub-block 304 or 306 exclusive-OR-gates the 7-bit output data of the S7 box 430 and 7-bit data obtained by performing an upper bit truncation function with respect to the 9-bit output data of the first adder 420.
Referring to FIG. 6, the FO block 170a can be replaced by a one-stage pipeline structure having one pipeline section 540.
A first adder 510 of the FO block 170a OR-gates the upper 16-bit data of the 32-bit input data and the secret key from the secret key scheduler 150a.
A first FI block 520 of the FO block 170a operates 16-bit output data of the first adder 510 with the FI function defined in the KASUMI encryption algorithm. A second adder 530 of the FO block 170a OR-gates 16-bit output data of the first FL block 520 and the lower 16-bit data of the 32-bit input data.
A pipeline section 540 of the FO block 170a is constructed in the same manner as the second pipeline section 320 illustrated in FIG. 5.
The pipeline section 540 stores the upper 16-bit output data of the second adder 530 as upper 16-bit data of the pipeline register 305a, and simultaneously stores the lower 16-bit data of the 32-bit input data as lower 16-bit data of the pipeline register 305 by separating the lower 16-bit data of the 32-bit input data into upper 9-bit data and lower 7-bit data and operating the 9-bit data and the 7-bit data with the FI function defined in the KASUMI encryption algorithm and the exclusive-OR function. Then, the pipeline section 540 outputs 16-bit data by separating the lower 16-bit output data of the pipeline register 305 a into upper 9-bit data and lower 7-bit data and operating the 9-bit data and the 7-bit data with the FI function defined in the KASUMI encryption algorithm, and then outputs the 16-bit output data as the lower 16-bit data by exclusive-OR-gating the 16-bit output data and the upper 16-bit output data of the pipeline register 305a.
A third adder 550 of the FO block 170a OR-gates the upper 16-bit output data of the pipeline register 305a and the secret key from the secret key scheduler 150a.
A second FI block 560 of the FO block 170a operates 16-bit output data of the third adder 550 with the FI function defined in the KASUMI encryption algorithm.
A fourth adder 570 of the FO block 170a OR-gates 16-bit output data of the second FL block 560 and the lower 16-bit output data of the pipeline section 540.
Referring to FIG. 7, a C-constant register 155 of the secret key scheduler 150a stores 8 C-constant values of 16 bits defined for key scheduling in the
KASUMI encryption algorithm, and whenever four clocks are generated, one C- constant value rotates to the left side.
A secret key register 156 of the secret key scheduler 150a stores 32 (=4x8) secret key values of 16 bits KA1-KD8 defined by the user, and whenever one clock is generated, one secret key value rotates.
The time for the rotation of four secret key values is synchronized with the time for the rotation of one C-constant value to the left side.
A plurality of rotators 157, 157a, 157b, 157c, and 157d of the secret key scheduler 150a generate specified secret keys by rotating the specified secret key values of the secret key register 152a to the left side as many as the determined number of bits, respectively.
The five rotators 157, 157a, 157b, 157c, and 157d as shown in FIG. 7 generate the secret keys KLil, KOil, KOi2, KOi3, and KLl_even by rotating the initial secret key values KAl, KA2, KD5, KC6, and KC8 stored in the secret key register 156 to the left side by 1 bit, 5 bits, 8 bits, 13 bits, and 1 bit, respectively.
A plurality of adders 158, 158a, 158b, 158c, and 158d of the secret key scheduler 150s generate the secret keys by exclusive-OR-gating the specified secret key values of the secret key register 156 and the corresponding C-constant values, respectively. The five adders 158, 158a, 158b, 158c, and 158d as shown in FIG. 7 generate the secret keys KL2_even, KLi2, Klil, Kiil, and KIi3 by exclusive-OR- gating the initial secret key values KB2, KA3, KD3, KA5, and KC7 stored in the secret key register 156 and the corresponding C-constant values C3, C3, C4, C5, and C8, respectively.
A plurality of sync registers 159, 159a, and 159b of the secret key scheduler 150a synchronize the input time of the C-constant values inputted to the adders 158, 158a, 158b, 158c, and 158d with the input time of the secret key values.
The three sync registers 159, 159a, and 159b illustrated in FIG. 7 synchronize the input time of the C-constant values C3, C4, and C8 respectively inputted to the first adder 158, the second adder 158b, and the fifth adder 158d with the input time of the secret key values KB2, KD3, and KC7 corresponding to the C- constant values C3, C4, and C8.
Referring to FIG. 8, the secret key scheduler 150a can be replaced by a secret key scheduler composed of four secret key schedulers 150 illustrated in FIG.
2 and five multiplexers 150al, 150a2, 150a3, 150a4, and 150a5.
32 secret key values BLl-0~KI3-3 outputted from the four secret key schedulers 150 are applied to the five multiplexers 150al, 150a2, 150a3, 150a4, and
150a5 the outputs of which are controlled by a 2-bit select signal Key_sel, and then the secret key values required for the encryption apparatus illustrated in FIG. 3 are finally generated.
The encryption apparatus applying the KASUMI encryption algorithm as constructed above according to another embodiment of the present invention operates as follows. In order to heighten the data throughput, the encryption apparatus illustrated in FIG. 3 comprises a round circuit that applies a four-stage pipeline structure using the first or second pipeline register 110a or 130a and the FO block 170a having the three-stage pipeline structure as shown in FIGs. 3, 4, and 5, and the secret key scheduler 150a. A four-round operation is performed for one clock cycle, and the encryption apparatus encrypts four 64-bit text input data by repeatedly performing the round operation eight times in all.
Initially, the upper 32-bit data of the 64-bit text input data is inputted to the first multiplexer 110a through an initial input port I l ia, and simultaneously the lower 32-bit data of the 64-bit text input data is inputted to the second multiplexer 130a through an initial input port 131 a.
At this time, the upper 32-bit data inputted to the first multiplexer 110a is stored in the first pipeline register 120a via the first multiplexer 110a as indicated as a solid line in FIG. 3. Also, the upper 32-bit data sequentially passes through the
FLl block 160a, third multiplexer 210a, F0 block 170a, and fourth demultiplexer 220a, and then exclusive-OR-gated with the lower 32-bit data stored in the second
pipeline register 140a by the first adder 180a and synchronized with the input time by the first sync register 230a. The exclusive-OR-gated data is then inputted to an odd-round performing result data input port 132a of the second multiplexer 130a.
The 32-bit data exclusive-OR-gated by the first adder 180a and inputted to the second multiplexer 130a is newly stored in the second pipeline register 140a via the second multiplexer 130a.
The upper 32-bit data newly stored in the second pipeline register 140a, as shown as a dotted line in FIG. 3, sequentially passes through the third multiplexer 210a, FO block 170a, fourth demultiplexer 220a, and FL2 block 190a, and then exclusive-OR-gated with the upper 32-bit data stored in the first pipeline register
120a by the second adder 200a and synchronized with the input time by the second sync register 240. The exclusive-OR-gated data is then inputted to an even-rounding resultant data input port 112a of the first multiplexer 110a.
The 32-bit data exclusive-OR-gated by the second adder 200a and inputted to the first multiplexer 110a is newly stored in the first pipeline register 120a via the first multiplexer 110a.
The operating procedure until the 32-bit data is newly stored in the first pipeline register 120a as described above is the one-round operation procedure that is performed for one clock cycle with respect to one 64-bit text data. By performing the round operation eight times with respect to four 64-bit text data, four 64-bit text input data can be encrypted.
If the FO block 170a in the encryption apparatus illustrated in FIG. 3 is replaced by the FO block having the one-stage pipeline structure illustrated in FIG. 6, the encryption apparatus is composed of the round circuit applying the two-stage pipeline and the secret key scheduler 150a. This encryption apparatus perform the two-round operation for one clock cycle, and encrypts two 64-bit text data by repeatedly performing the round operation eight times in all.
Meanwhile, by combining the encryption apparatus having the round circuit composed of the FL block and the FO block as shown in FIG. 1 (i.e., the first embodiment) with the encryption apparatus having the round circuit composed of the FL block and the FO block of the three-stage or one-stage pipeline structure as shown in FIG. 3 (i.e., the second embodiment), diverse encryption apparatuses that apply the KASUMI encryption algorithm can be newly implemented.
An encryption apparatus illustrated in FIG. 9 has a two-round circuit composed of FL blocks 610 and 650 and FO blocks 620 and 640, and encrypts 64- bit text input data by performing a two-round operation for one clock cycle.
The encryption apparatus comprises registers 600 and 670 for storing the 64-bit data, an FLl block 610 for performing an odd round, an FO1 block 620 for
• performing an odd round, an FO2 block 640 for performing an even round, an FL2 block 650 for performing an even round, and adders 630 and 660 for performing an exclusive-OR function.
By adding a round circuit composed of an FL block and an FO block to the two-round circuit, an encryption apparatus that performs a three to eight round operation for one clock cycle can be implemented.
An encryption apparatus illustrated in FIG. 10 includes a two-round circuit having a two-stage pipeline structure by adding pipeline registers 631 and 661 to the encryption apparatus of FIG. 9 in order to heighten the data throughput. This encryption apparatus encrypts two different 64-bit text data by performing the two- round operation for one clock cycle.
By extending the two-round circuit having the two-stage pipeline structure to the 8-round circuit having the 8-stage pipeline structure, an encryption apparatus that performs 8 different 64-bit text input data in parallel can be implemented. An encryption apparatus illustrated in FIG. 11 has a two-round circuit having a four-stage pipeline structure by replacing the FO block of the encryption apparatus illustrated in FIG. 10 by the FO block having the one-stage pipeline structure illustrated in FIG. 6. The hardwired structure of this encryption apparatus is somewhat complicated, but the operational clock frequency and the data throughput are heightened.
This encryption apparatus comprises registers 600a and 670a for storing the 64-bit data and acting as pipeline registers, an odd-round FLl block 610a, an odd- round FO1 block 620a including the pipeline register 305a, an even-round L2 block 650a, an even-round FO2 block 640a including the pipeline register 305a, adders 630a and 660a for performing an exclusive-OR function, sync registers 631a, 631c, and 661a for synchronizing the input time of data to the adders 630a and 660a, and a pipeline register 63 lb.
An encryption apparatus illustrated in FIG. 12 has a two-round circuit having an eight-stage pipeline structure by replacing the FO block having the one- stage pipeline structure illustrated in FIG. 11 by the FO block having the three-stage
pipeline structure illustrated in FIGs. 3 to 5. This encryption apparatus has the operational clock frequency and the data throughput higher than those of the encryption apparatus illustrated in FIG. 11.
The whole construction of this encryption apparatus is equal to that of the encryption apparatus illustrated in FIG. 11, and only FO1 block 620b, FO2 block
640b, and sync registers 63 Id, 63 le, and 661f have different constructions from those of the encryption apparatus of FIG. 11.
Also, by combining in parallel two or more encryption apparatuses diversely implemented as described above according to the present invention, a multiple encryption apparatus that can encrypt different text data can be implemented.
Industrial Applicability
As apparent from the above description, according to the encryption apparatus applying a KASUMI encryption algorithm according to the present invention, a round circuit is constructed through combination of an FL block with an FO block which separate a secret key defined in the KASUMI encryption algorithm and provided from a secret key scheduler and 64-bit text data into 32-bit data and perform a specified encryption operation function, and the FO block is constructed by a multistage pipeline using a plurality of pipeline registers. Thus, the encryption apparatus has a low power consumption, and is small-sized in comparison to the conventional encryption apparatus using the MISTY encryption algorithm or the DES encryption algorithm. Also, the encryption apparatus according to the present invention can be applied to portable terminals or high-performance servers that require the low power consumption and the small size.
The forgoing embodiments are merely exemplary and are not to be construed as limiting the present invention. The present teachings can be readily applied to other types of apparatuses. The description of the present invention is intended to be illustrative, and not to limit the scope of the claims. Many alternatives, modifications, and variations will be apparent to those skilled in the art.