Stream ciphering is used in data transmissions to randomize the data spectrum by adding a pseudorandom key sequence to the plaintext sequence transmitted by the protocol layers. System Packet Interface Level 5 (SPI-5) is one type of interface for packet and cell transfers between a physical layer device (PHY) and a link layer device.
The stream cipher architecture 30 also includes a descrambler 38 of the receive interface 26 to extract the pseudorandom key sequence from the ciphertext in order to recover the plaintext data stream. It should be noted that the depicted descrambler 38 represents a descrambler on a separate chip interface. In this way, the scrambler 32 generates ciphertext at a first chip interface and sends the ciphertext to the descrambler 38 at a distinct chip interface to recover the plaintext data stream from the ciphertext. The depicted descrambler 38 includes lock acquisition logic 40, a LFSR 42, and a subtractor 44 or other type of separator. Thus, a plaintext data stream may be scrambled, for example, by modulo 2 addition of a pseudorandom sequence with the plaintext data stream at the scrambler 32 and then recovered, for example, by modulo 2 subtraction of the identical pseudorandom sequence from the ciphertext at the descrambler 38.
Although conventional designs use single-bit scramble and descramble logic, these single-bit implementations do not operate well in high frequency (e.g., 2.488-3.125 GHz) environments. For example, some implementations use complex logic located at a corresponding current mode logic (CML) pad area to decode the encoded signal. Additionally, in an application specific integrated circuit (ASIC) implementation, the logic design can be very challenging. In field programmable gate array (FPGA) applications, SPI-5 standards are not implemented in the high speed pad area (SERDES).
Embodiments of a system are described. In one embodiment, the system is an integrated circuit (IC) device interface. An embodiment of the system includes a scrambler. The scrambler combines a plurality of plaintext data streams and a pseudorandom key sequence. The scrambler includes a pseudorandom number (PRN) source and a combiner coupled to the PRN source. The PRN source provides a pseudorandom number. The pseudorandom key sequence is based on the pseudorandom number. The combiner receives the plurality of plaintext data streams in parallel and outputs a corresponding plurality of ciphertext data streams in parallel.
Another embodiment of the system includes a descrambler. The descrambler separates a pseudorandom key sequence out of a plurality of parallel ciphertext data streams. The descrambler includes a PRN source and key stream logic coupled to the PRN source. The PRN source provides a pseudorandom number. The pseudorandom key sequence is based on the pseudorandom number. The key stream logic receives the plurality of parallel ciphertext data streams and generates a corresponding plurality of parallel plaintext data streams. Other embodiments of the system include both the scrambler and the descrambler. Other embodiments of the system are also described.
Embodiments of a method are also described. In one embodiment, the method is a method for implementing a transmit interface for an integrated circuit (IC) device. An embodiment of the method includes receiving a plurality of plaintext data streams in parallel at a first data transmission rate, obtaining a pseudorandom key sequence, combining the plurality of plaintext data streams with at least a portion of the pseudorandom key sequence to generate a corresponding plurality of ciphertext data streams in parallel, and outputting the plurality of ciphertext data streams in parallel at the first data transmission rate.
In another embodiment, the method is a method for implementing a receive interface for an integrated circuit (IC) device. An embodiment of the method includes receiving a plurality of ciphertext data streams in parallel at a first data transmission rate, obtaining a pseudorandom key sequence, extracting the pseudorandom key sequence from each of the plurality of parallel ciphertext data streams to generate a corresponding plurality of plaintext data streams in parallel, and outputting the plurality of plaintext data streams in parallel at the first data rate. Other embodiments of the method are also described.
Other aspects and advantages of embodiments of the present invention will become apparent from the following detailed description, taken in conjunction with the accompanying drawings, illustrated by way of example of the principles of the invention.
Throughout the description, similar reference numbers may be used to identify similar elements.
The illustrated IC device 100 includes the I/O interface 102 and internal chip logic. In general, the I/O interface 102 receives data from and transmits data to other IC devices. The I/O interface 102 also interfaces with the internal chip logic 104, which processes data to perform one or more functions. As an example, the internal chip logic 104 may implement a network traffic manager or another type of network processing functions.
The I/O interface 102 includes a serializer/deserializer (SERDES) 106. The I/O interface 102 also includes receive interface 108 (designated by the top dashed box) and a transmit interface 110 (designated by the bottom dashed box). Although the receive and transmit interfaces 108 and 110 are described as functional units, the receive and transmit interfaces 108 and 110 may be implemented using disparate components. For example, the transmit interface 110 may include a scrambler 116 and a separate serializer 118 from the SERDES 106. Similarly, the receive interface 108 may include a deserializer 120 from the SERDES 106 and a separate descrambler 122. Examples of the descrambler 122 and scrambler 116 are shown in
In one embodiment, the receive interface 108 receives an SPI-5 signal. The incoming SPI-5 signal is a serial ciphertext data stream that is a combination of plaintext encoded with a pseudorandom key sequence. The receive interface 108 may receive the incoming SPI-5 serial ciphertext using a known standard (e.g., 40 G or 4×10 G). In general, the receive interface 108 extracts the pseudorandom key sequence from the incoming ciphertext data stream and passes plaintext data streams to the internal chip logic 104 in parallel.
It should be noted that the figures described herein designate parallel communication channels (e.g., multi-bit busses) with a hash mark across the line indicated as the communication channel. For example, the communication channels between the deserializer 120 and the descrambler 122, between the descrambler 122 and the internal chip logic 104, between the internal chip logic 104 and the scrambler 116, and between the scrambler 116 and the serializer 118 are each indicated as parallel communication channels. Alternatively, a parallel communication channel may be designated by the number of bits indicated for a particular communication channel. Exemplary bit widths for the parallel communication channels are 16 bits and 32 bits. However, some embodiments of the parallel communication channels may transmit a different number of bits in parallel. In contrast, the communication channel into the deserializer 120 and the communication line out of the serializer 118 are not parallel communication channels. Rather these lines are serial channels which send data in series one bit at a time.
After processing, the internal chip logic 104 passes plaintext data streams in parallel to the transmit interface 110. The transmit interface 110 then scrambles the plaintext data streams to generate one or more ciphertext data streams and sends the ciphertext data stream to another I/O interface of another IC device. More specifically, the transmit interface 110 scrambles the plaintext data streams with a pseudorandom key sequence. Exemplary embodiments of the transmit interface 110 and the receive interface 108 are shown in
In one embodiment, the PRN logic 128 implements a common X´11+X´9+1 LFSR stream cipher to scramble multiple, parallel plaintext data streams. The X´11+X´9+1 LFSR equation generates 2047 (i.e., 0 through 2046) pseudorandom numbers. In some embodiments, these 2047 numbers are used repeatedly. Based on this characteristic, the fixed 2047-bit pseudorandom key sequence can be pre-calculated and stored in a read-only-memory (ROM) device or implemented by hard-wire logic (e.g., an ASIC). Additionally, the chip implements a 16-bit width input to the XOR logic block 126, and each cycle uses 16 of the 2047 bits to perform an XOR function with the 16-bit data word or control word. In some embodiments, all transmit data (i.e., TDAT[15:0]) and transmit control (i.e., TCTL[3:0]) bits can share one set of 16-bits of a pseudo-random number (refer to
The plaintext data streams are individually scrambled in parallel by the scrambler 116 at a relatively low frequency. In this way, the scrambler 116 can accommodate a relatively high transmission frequency without implementing complex high frequency domain logic on the chip. For example, the scrambler 116 can operate the 16-bit parallel bus at a frequency speed between 155.5 MHz to 195.3125 MHz, while the IC device 100 continues to support an SPI-5 bit rate of between 2.488 GHz to 3.125 GHz. Other embodiments may operate at other high and low operating frequencies.
Also, scrambling plaintext data streams in parallel using a relatively low frequency allows the scrambler 116 to send data to the current mode logic (CML) pad (SERDES) of the chip. For example, a conventional CML pad (SERDES) design with a 16-bit input parallel bus (or an 8-bit input parallel bus) from the internal logic provides a 16-bit parallel bus at one sixteenth ( 1/16) of the typical operating frequency. Similarly, a CML input pad (SERDES RX side) with a 16-bit output parallel bus (or an 8-bit input parallel bus) to the internal logic provides a 16-bit parallel bus at one sixteenth of the typical operating frequency.
In one embodiment, the logic blocks of the descrambler 122 are used to implement four states, as shown in
The pre-search state 152 is the initial stage after device power up or after reset. After power up or reset, the descrambler 122 starts to search the incoming data stream for the SPI-5 training sequence. The scrambled training sequence provides a special pattern 142 (e.g., {{16'hffff, 16'h0000}´{9´h0, 2'b11, 14'b0, 2'b11, 5'b0}}), and the descrambler 122 uses this special pattern 142 to recognize the receipt of the training pattern. In the pre-search state 152, the location of the pseudorandom key sequence (i.e., key_stream) is detected and locked. In one embodiment, the locked key_stream is any 32-consistent-bit sequence of the 2047-bit pseudorandom key sequence.
After the descrambler 122 detects the special pattern 142, the descrambler 122 enters the post-search state 154. The post-search state 154 is implemented to check if the locked key_stream generates a correct plaintext data stream. After the post-search state 154 is confirmed, the plaintext output logic 140 generates the correct descrambled data, or plaintext data stream, and the key_stream is locked at the second stage, as depicted by the load-locked state 156. The “locktime” timeout counter starts to increase at one fourth of the RDCLK frequency.
In one embodiment, the PRN logic 138 of the descrambler 122 is synchronized with the PRN logic 128 of the scrambler 116. In this way, the pseudorandom key sequence applied by descrambler 122 to decode the incoming ciphertext is the same as the pseudorandom key sequence applied by the scrambler 116 of the transmit interface 110 of the transmitting I/O interface 100 (from another network chip).
Synchronization of the descrambler 122 can be achieved by using the SPI-5 training pattern. Scrambling the training pattern produces patterns in the ciphertext which the descrambler uses to recognize the receipt of the training pattern. The descrambler 122 uses this information to hypothesize a seed value for the LFSR 138, and to check the resulting plaintext output to determine if synchronization of the transmitting and receiving LFSRs 128 and 138 has been achieved. If the LODS condition is initiated because of an error in receiving data at the descrambler 122, then a training pattern from the other chip's transmitter may be sent again so that the descrambler 122 may reset/reboot and resynchronize with the transmitting scrambler 116.
In one embodiment, each descrambler cell 172 and 174 can decode 16-bits of data per cycle. Additionally, the standard descrambler cells 172 and 174 can be used to support both the SPI-5 normal or narrow mode based on register setting. The descrambler cells [3], [7], [11], [12], [13], [14], and [15] can serve different purposes depending on normal or narrow mode. As used herein, the normal mode is differentiated from a narrow bus interface mode. In the normal mode, the spi5_desc_inv[19:0] register is set to 20'b0000—1111—0000—0000—0000. In the narrow mode, the spi5_desc_inv[19:0] register is set to 20'b0000—1000—1000—1000—1000.
Each descrambler cell 172 and 174 may have its own set coefficient table which is based on the X´11+X´9+1 LFSR stream cipher. As explained above, the descrambler cells 172 and 174 use the input data pattern and the coefficient table content to determine where the training sequence is and where to perform the “lock” function. Once the “lock” state is set, the output data of the descrambler 122 is generated and 16-bits of data are output per cycle. In the initial stages, the source device keeps sending the training sequence until the receive device sends back “STARVING” on the status line (i.e., RSTAT). In one embodiment, the output of the descrambler cells 172 and 174 for seventeen lanes (e.g., RDAT[15:0] and RCTL) are used to perform one or more deskew function.
Each scrambler cell 176 performs the scrambler functions on the RSTAT bit. In the illustrated embodiment, there are four scrambler cells 176, RSTAT[3:0]. The scrambler cells 176 generate 16-bits of scrambled data per cycle. Each scrambler cell 176 has a coefficient table which is based on the X´11+X´9+1 LFSR stream cipher. The original status data is combined, for example, using an XOR function with the stream cipher coefficient to generate the scrambled RSTAT.
The MUX 130 may continue to select subsequent sets of bits for each scramble operation until the last set with only fifteen bits is reached. Instead of skipping the last set of bits with only fifteen bits, the ASIC is configured to combine the last fifteen bits (i.e., bits 2032 through 2046) of the pseudorandom key sequence with one bit from the first bit sequence (e.g., bit 0) to output a 16-bit portion of the pseudorandom key sequence. In this way, the bit sets may be formed by wrapping, or combining, one or more bits from the end and one or more bits from the beginning of the pseudorandom key sequence. Using similar wrapping techniques in a repetitive manner, a single pseudorandom key sequence can be used to provide a wide variety of bit sets for scrambling incoming plaintext data streams.
In the illustrated embodiment, the ROM 192 stores sixteen copies of the pseudorandom key sequence, with each copy beginning at the bit position following the last bit (e.g., bit 2046) of the previous copy of the pseudorandom key sequence. For example, bit 0 of the second copy begins on line 127, in the last bit position of the line, right after bit 2046 of the first copy. Similarly, bit 0 of the third copy begins on line 255, in the second to last bit position of the line, right after bit 2046 of the second copy. Since bit 0 of the third copy occupies the second-to-last bit position of the line, bit 1 of the third copy occupies the last bit position of the same line. In this way, the indexed lines of the ROM 192 provide a variety of sets of bits, similar to wrapping the last bits of the pseudorandom key sequence shown in
Using the lines of bits stored in the ROM 192, the selection logic 194 can be invoked to index into the ROM 192 and obtain any of the 16-bit combinations. The selected portion of bits is then used to scramble one or more plaintext data streams, as described above. Alternatively, the selected portion of bits may be used to descramble one or more ciphertext data streams, as described above.
The other input of each of the XOR logic blocks 126 is coupled to a data channel. Although sixteen data channels (i.e., D[0] through D[15]) are shown, other embodiments may have fewer or more data channels and corresponding XOR logic blocks 126. Additionally, each data channel may have more or less than sixteen bits. Each of the XOR logic blocks 126 is connected to the SERDES 106, which outputs one or more ciphertext data streams on a corresponding number of lanes. In some embodiments, the SERDES 106 serializes the incoming parallel ciphertext data streams from the various XOR logic blocks 126 and outputs a single, serial ciphertext data stream.
In the illustrated transmit interface method 210, at block 212, the scrambler 116 receives a plurality of plaintext data streams in parallel. As explained above, the plurality of plaintext data streams may originate from the internal chip logic 104. At block 214, the scrambler 116 obtains a pseudorandom key sequence. At block 216, the scrambler 116 combines the plurality of plaintext data streams with the pseudorandom key sequence in parallel to generate the plurality of ciphertext data streams in parallel. After the parallel ciphertext data streams are generated, then at block 218 the scrambler 116 outputs the ciphertext data streams in parallel, for example, to the serializer 118, as described above. The depicted transmit interface method 210 then ends.
Other embodiments of the transmit interface method 210 may include additional operations. For example, in some embodiments of the transmit interface method 210, the serializer 118 serializes the plurality of parallel ciphertext data streams to generate a serial ciphertext data stream. Additionally, the serializer 118 may output the serial ciphertext data stream at a data transmission rate that is multiple times (e.g., 16 times) faster than the data transmission rate of the scrambler 116.
In the illustrated receive interface method 220, at block 222, the descrambler 122 receives a plurality of ciphertext data streams in parallel. In one embodiment, the descrambler 122 receives the plurality of ciphertext data streams from the deserializer 120. At block 224, the descrambler 122 obtains a pseudorandom key sequence. At block 226, the descrambler 118 extracts the pseudorandom key sequence from each of the plurality of parallel ciphertext data streams in parallel to generate the plurality of plaintext data streams in parallel. After the parallel plaintext data streams are generated, then at block 228 the descrambler 118 outputs the plurality of plaintext data streams in parallel, for example, to the internal chip logic 104.
Other embodiments of the receive interface method 220 may include additional operations. For example, in some embodiments of the receive interface method 220, the deserializer 120 deserializes a serial ciphertext data stream to generate a plurality of parallel ciphertext data streams. The deserializer 120 may receive the serial ciphertext data stream at a first data transmission rate that is substantially higher than a second data transmission rate of the parallel ciphertext data streams and the parallel plaintext data streams.
Although the operations of the method(s) herein are shown and described in a particular order, the order of the operations of each method may be altered so that certain operations may be performed in an inverse order or so that certain operations may be performed, at least in part, concurrently with other operations. In another embodiment, instructions or sub-operations of distinct operations may be implemented in an intermittent and/or alternating manner.
Although specific embodiments of the invention have been described and illustrated, the invention is not to be limited to the specific forms or arrangements of parts so described and illustrated. The scope of the invention is to be defined by the claims appended hereto and their equivalents.
This application is entitled to the benefit of provisional U.S. Patent Application Ser. No. 60/856,524, filed Nov. 3, 2006, the disclosure of which is incorporated by reference herein in its entirety.
Number | Date | Country | |
---|---|---|---|
60856524 | Nov 2006 | US |