Browse Prior Art Database

Multiple-Entry Key Look-Aside Table for Bulk Cryptographic Functions

IP.com Disclosure Number: IPCOM000106525D
Original Publication Date: 1993-Nov-01
Included in the Prior Art Database: 2005-Mar-21
Document File: 6 page(s) / 206K

Publishing Venue

IBM

Related People

Butter, AS: AUTHOR [+4]

Abstract

Disclosed is the use of a key look-aside table to eliminate the overhead associated with cryptographic key triple decipherment operations. The method described will increase performance for cryptographic instructions which repeatedly use the same enciphered/clear key pairs. The general concept may be applied to any cryptographic system which uses secure keys to perform data encryption and decryption operations. The particular cryptographic instructions under consideration are the four secure data transformations defined in the Crypto Architecture [l].

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 32% of the total text.

Multiple-Entry Key Look-Aside Table for Bulk Cryptographic Functions

      Disclosed is the use of a key look-aside table to eliminate the
overhead associated with cryptographic key triple decipherment
operations.  The method described will increase performance for
cryptographic instructions which repeatedly use the same
enciphered/clear key pairs.  The general concept may be applied to
any cryptographic system which uses secure keys to perform data
encryption and decryption operations.  The particular cryptographic
instructions under consideration are the four secure data
transformations defined in the Crypto Architecture [l].

o   Cipher Multiple Data (CMD)

o   Perform Cryptographic MAC Function - Generate (PCMF-G)

o   Perform Cryptographic MAC Function (Verify PCMF-V)

o   Perform Cryptographic Translate Function (PCTF)

      Hardware implementation of the Data Encryption Algorithm/Data
Encryption Standard (DES) is currently used by many data processing
systems to provide security for sensitive information [2,3].  The
process of converting intelligible data (referred to as plaintext) to
unintelligible data (referred to as ciphertext) is called
encipherment or encryption.  The inverse process of converting
ciphertext to plaintext is called decipherment or decryption.  Both
processes rely on a cryptographic key in order to perform the desired
conversion.

      The secrecy provided by the Data Encryption Algorithm is
dependent on the secrecy of the cryptographic keys used to perform
data encryption and decryption.  For this reason, cryptographic keys
used to perform secure data encryption and decryption transformations
are themselves encrypted when stored away in unsecure environments
(i.e., processor main memory, DASD, etc.).  As defined by the Crypto
Architecture, the cryptographic keys used to perform secure data
encryption and decryption operations are stored away in a triple
enciphered form outside the secure cryptographic hardware boundary.
The triple encipherment process is defined by the following formula:

      KEY_3E = EK(L)(DK(R)(EK(L)KEY))

In this formula, KEY_3E is the eight byte cryptographic key in triple
enciphered form, KEY is the eight byte cryptographic key in its
unenciphered, or clear, form K(L) is the left-hand eight byte portion
of a particular secret Master Key, K(R) is the right-hand eight byte
portion of a particular secret Master Key, Ex(y) represents the eight
byte result of the encipher transformation applied to eight byte data
y using eight byte key x, and Dx(y) represents the eight byte result
of the decipher transformation applied to eight byte data y using
eight byte key x.  A graphical representation of this formula is
presented in Fig. 1.

      Whenever instructions defined by the Crypto Architecture are
executed which perform secure data encryption or decryption, the
cryptographic key pertaining to the instruction is passed down to the
secure hardware in thetriple enc...