Hardware Context Switch-based Cryptographic Accelerator for Handling Multiple Streams

Abstract

The confidentiality and integrity of a stream has become one of the biggest issues in telecommunication. The best available algorithm handling the confidentiality of a data stream is the symmetric key block cipher combined with a chaining mode of operation such as cipher block chaining (CBC) or counter mode (CTR). This scheme is difficult to accelerate using hardware when multiple streams coexist. This is caused by the computation time requirement and mainly by management of the streams. In most accelerators, computation is treated at the block-level rather than as a stream, making the management of multiple streams complex. This article presents a solution combining CBC and CTR modes of operation with a hardware context switching. The hardware context switching allows the accelerator to treat the data as a stream. Each stream can have different parameters: key, initialization value, state of counter. Stream switching was managed by the hardware context switching mechanism. A high-level synthesis tool was used to generate the context switching circuit. The scheme was tested on three cryptographic algorithms: AES, DES, and BC3. The hardware context switching allowed the software to manage multiple streams easily, efficiently, and rapidly. The software was freed of the task of managing the stream state. Compared to the original algorithm, about 18%–38% additional logic elements were required to implement the CBC or CTR mode and the additional circuits to support context switching. Using this method, the performance overhead when treating multiple streams was low, and the performance was comparable to that of existing hardware accelerators not supporting multiple streams.