Cryptography Reference
In-Depth Information
Fig. 5.4
Correctness check
using the involution property
f
outputreg.
output
input
check
ok
inputreg.
5.3.2 Involution Ciphers
For involution ciphers the substitution-permutation network consists of self-inverse
operations. Thus, encryption and decryption can be performed with almost the same
circuit. In fact, it is usually sufficient to extend the control logic, as for the operations
itself no inverses are needed. This property can be used for error detection as shown
by Joshi et al. [194]. The basic idea of their technique is depicted in Fig.
5.4
for one
such round operation. In the first clock cycle, the multiplexer forwards the input to
f
.
Thus, after the first cycle, the input register holds the input and the output register
holds the output of
f
. In the second clock cycle the multiplexer forwards the feedback
path. As
f
is an involution,
x
and the output of
f
is now the original
input again. The advantage is that it is always possible to pursue a time-redundant
detection strategy which detects permanent errors but does not require much addi-
tional hardware. The hardware overhead and the latency depend on the granularity
of the scheme. On the down side, the scheme comes with a throughput decrease of
50 %. In general, the throughput can only be improved by adding hardware.
=
f
(
f
(
x
))
5.3.3 Feedback Modes
Another peculiarity of block ciphers is the way they handle large amounts of data. As
the block length of the cipher is fixed, the data has to be split into several blocks.
A mode of operation defines how these blocks are handled. The simplest mode of
operation is the electronic code book (ECB) mode. In this mode, each data block is
encrypted independently. However, in order to achieve stronger dependency between
the blocks, often so-called feedback modes are used. For such modes, the output of
the last encryption is somehow incorporated into the next encryption. In the cipher
block chaining (CBC) mode, for instance, the first plaintext block is XORed with
an initialization vector and every consecutive plaintext block is XORed with the
previous ciphertext block before being encrypted. As a result one encryption has to
be finished before the next can start.
A common technique to increase the throughput of a circuit is pipelining. To
pipeline a design, the combinatorial circuit is split into
n
parts, and registers are
inserted between those parts. As a result, the circuit takes
n
1 clock cycles longer
to produce the result. On the other hand, as the combinatorial parts between the
−
