Encryption systems for constrained environments

JP2026520475APending Publication Date: 2026-06-23NORTHROP GRUMMAN SYSTEMS CORP

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Applications
Current Assignee / Owner
NORTHROP GRUMMAN SYSTEMS CORP
Filing Date
2023-12-22
Publication Date
2026-06-23

Smart Images

  • Figure 2026520475000001_ABST
    Figure 2026520475000001_ABST
Patent Text Reader

Abstract

One example includes a security device system. The system includes a housing for a constrained environment and operating components configured to implement security functions. The system further includes an integrated circuit (IC) configured to implement a 256-bit advanced encryption standard (AES-256) encryption algorithm, the IC having a gate size of less than 5,000 and operating at a power of less than 1.5 microwatts so as to be housed in the housing for the constrained environment.
Need to check novelty before this filing date? Find Prior Art

Claims

1. A security device system, Housing in a constrained environment, Operating components configured to perform security functions, A security device system comprising: an integrated circuit (hereinafter referred to as IC) configured to implement a 256-bit advanced encryption standard (AES-256) encryption algorithm, wherein the IC has a gate size of less than 5,000 and operates at a power of less than 1.5 microwatts so as to be housed within the constraint environment housing.

2. The aforementioned IC is A State module configured to store the encryption state, A RoundKey module configured to store the original encryption key, A KeyExpansion module configured to perform an iterative key expansion process in which the original encryption key is expanded in each of multiple iterations to generate an encryption subkey for the key schedule, The security device system according to claim 1, comprising: an AddRoundKey module configured to change the encryption state in each of the multiple iterations by combining an encryption round key corresponding to the original encryption key and one of the encryption subkeys of one of the multiple iterations with the encryption state.

3. The security device system according to claim 2, wherein the RoundKey module comprises a key register, and the RoundKey module is configured to store the encryption subkey in the key schedule in the key register in each of the multiple iterations, and to overwrite the encryption subkey stored in the key register in the preceding iteration of the multiple iterations.

4. The security device system according to claim 3, wherein the KeyExpansion module is configured to read the last encryption subkey of the key schedule as the initial decryption key into the key register during the decryption procedure, the KeyExpansion module is further configured to perform a reverse iteration key expansion process, including the reverse key expansion of the initial decryption key, in each of the multiple decryption iterations during the decryption procedure to generate a decryption subkey in the reverse key schedule, and the RoundKey module is configured to store the decryption subkey in the reverse key schedule in the key register in each of the multiple decryption iterations, and to overwrite the decryption subkey stored in the key register in one of the preceding multiple decryption iterations.

5. The security device system according to claim 4, wherein the reverse key extension is terminated after the last of several iterations using the original encryption key.

6. The security device system according to claim 2, wherein the original encryption key comprises a first portion having a defined bit length and a second portion having the defined bit length, and the KeyExpansion module is configured to generate a first encryption subkey based on the first portion of the original encryption key in a first iteration, generate a second encryption subkey based on the second portion of the original encryption key in a second iteration, and generate each other encryption subkey based on the encryption subkeys from previous iterations, and each of the encryption subkeys in the multiple iterations has the defined bit length.

7. The security device system according to claim 6, wherein the AddRoundKey is configured to combine the first portion of the original encryption key with the encryption state to generate a first modified encryption state, combine the second portion of the original encryption key with the first modified encryption state to generate a second modified encryption state, and combine each encryption subkey of the key schedule with a subsequent modified encryption state in each of the 13 iterations.

8. The security device system according to claim 2, wherein the IC comprises a SubRows module, the SubRows module comprises a first S-box configured to perform SubRows processing, the first S-box comprises a forward arithmetic circuit for encryption and a reverse arithmetic circuit for decryption, and the KeyExpansion module comprises a second S-box configured to perform the iterative key expansion processing in each of a plurality of iterations, the second S-box comprises only a forward arithmetic circuit.

9. The aforementioned IC is A State module configured to store the encryption state, A security device system according to claim 1, comprising a MixColumn module having a MixColumn arithmetic circuit configured to perform the MixColumn arithmetic of the encrypted state in both an encryption procedure and a decryption procedure, the MixColumn module further comprising a reverse enable circuit configured to switch the MixColumn arithmetic circuit between the encryption procedure and the decryption procedure.

10. The security device system according to claim 1, wherein the security device system is configured as a radio frequency identification (RFID) tag.

11. A non-temporary computer-readable medium containing machine-readable instructions, wherein the machine-readable instructions are To generate a State module configured to store the encryption state using hardware description language (hereinafter referred to as HDL) code, The HDL code generates a RoundKey module configured to store the original encryption key for a 256-bit advanced encryption standard (hereinafter referred to as AES-256) encryption algorithm. The HDL code generates a KeyExpansion module configured to perform an iterative key expansion process in which the original encryption key is expanded in each of a number of iterations defined by the AES-256 encryption algorithm to generate an encryption subkey for the key schedule. The HDL code generates an AddRoundKey module configured to change the encryption state in each of the multiple iterations by combining the original encryption key and an encryption round key corresponding to one of the encryption subkeys in one of the multiple iterations with the encryption state. Synthesizing the aforementioned HDL code to generate an integrated circuit (hereinafter referred to as IC) design based on the aforementioned HDL code, A non-temporary computer-readable medium that is executed to manufacture an IC that implements the AES-256 encryption algorithm based on the aforementioned IC design.

12. The non-temporary computer-readable medium according to claim 11, wherein the machine-readable instruction is further executed to generate a key register for the RoundKey module in the HDL code, and the RoundKey module is configured to store the encryption subkey in the key schedule in the key register in each of the multiple iterations, and to overwrite the encryption subkey stored in the key register in a preceding iteration of the multiple iterations.

13. The non-temporary computer-readable medium according to claim 11, wherein the machine-readable instruction is further executed to generate a SubRows module in the HDL code, the SubRows module comprises a first S-box configured to perform SubRows processing, the first S-box comprising a forward arithmetic circuit for encryption and a reverse arithmetic circuit for decryption, and the KeyExpansion module comprises a second S-box configured to perform the iterative key expansion processing in each of a plurality of iterations, the second S-box comprising only a forward arithmetic circuit.

14. The non-temporary computer-readable medium according to claim 11, wherein the machine-readable instruction is further executed to generate a MixColumn module in the HDL code, the MixColumn module comprises a MixColumn arithmetic circuit configured to perform the MixColumn arithmetic of the encrypted state in both the encryption procedure and the decryption procedure, and the MixColumn module further comprises a reverse enable circuit configured to switch the MixColumn arithmetic circuit between the encryption procedure and the decryption procedure.

15. The non-transient computer-readable medium according to claim 11, wherein the IC is configured as one of an application-specific integrated circuit (hereinafter referred to as ASIC) or a field-programmable gate array (hereinafter referred to as FPGA), and the ASIC or FPGA has a gate size of less than 5,000 so as to be accommodated in a constrained environment and operates at a power of less than 1.5 microwatts.

16. A radio frequency identification (RFID) tag system, A transponder configured to communicate wirelessly via an RFID reader and radio signals, Memory configured to store confidential data, An RFID tag system comprising: an integrated circuit (hereinafter referred to as IC) configured to implement a 256-bit advanced encryption standard (AES-256) encryption algorithm configured to encrypt the aforementioned confidential data.

17. The aforementioned IC is A State module configured to store the encryption state, The RFID tag system according to claim 16, comprising: a MixColumn module having a MixColumn arithmetic circuit configured to perform the MixColumn arithmetic of the encrypted state in both the encryption procedure and the decryption procedure, the MixColumn module further comprising a reverse enable circuit configured to switch the MixColumn arithmetic circuit between the encryption procedure and the decryption procedure.

18. The aforementioned IC is A State module configured to store the encryption state, A RoundKey module configured to store the original encryption key, A KeyExpansion module configured to perform an iterative key expansion process in which the original encryption key is expanded in each of multiple iterations to generate an encryption subkey for the key schedule, The RFID tag system according to claim 16, comprising: an AddRoundKey module configured to change the encryption state in each of the multiple iterations by combining an encryption round key corresponding to the original encryption key and one of the multiple encryption subkeys of the multiple iterations with the encryption state.

19. The RFID tag system according to claim 18, wherein the RoundKey module comprises a key register, and the RoundKey module is configured to store the encryption subkey in the key schedule in the key register in each of the multiple iterations, and to overwrite the encryption subkey stored in the key register in the preceding iteration of the multiple iterations.

20. The RFID tag system according to claim 18, wherein the IC comprises a SubRows module, the SubRows module comprises a first S-box configured to perform SubRows processing, the first S-box comprises a forward arithmetic circuit for encryption and a reverse arithmetic circuit for decryption, and the KeyExpansion module comprises a second S-box configured to perform the iterative key expansion processing in each of a plurality of iterations, the second S-box comprises only a forward arithmetic circuit.