A symmetric key stream processor 60 that encrypts and decrypts text in accordance with the RC4 algorithm has a main processing block 62 and a host interface 64. The main processing block 62 includes an Sbox memory 78 implemented with a synchronous dual-port RAM and an encryption logic block 80 with a finite state machine. The dual port memory architecture is used for efficiency during permutation and message processing.

An apparatus for encryption and decryption, capable of use in encryption and decryption of advanced encryption standard. Byte substitution operation and inverse byte substitution operation are to be combined. Byte substitution operation can be expressed as y=M*multiplicative_inverse(x)+c while inverse byte substitution operation can be expressed as x=multiplicative_inverse(M.sup.-1*(y+c)), wherein M and M.sup.-1 are inverse matrix of each other and c is a constant matrix. Since the two equations employ a look-up table, that is, multiplicative_inverse(x), the lookup tables for use in byte substitution and inverse byte substitution operations are to be combined according to the invention so as to lower hardware complexity of the implementation. In addition, main operations of column mixing operation and inverse column mixing operation are to be rearranged to combine the two operations in part, resulting in simplified hardware implementation.

Methods and apparatus are provided for improving ARC4 processing in a cryptography engine. A multiple ported memory can be used to allow pipelined read and write access to values in memory. Coherency checking can be applied to provide that read-after-write and write-after-write consistency is maintained. Initialization of the memory can be improved with a reset feature occurring in a single cycle. Key shuffle and key stream generation can also be performed using a single core.

In one embodiment, a computer-implemented method comprises receiving a data cipher operation. The method also comprises processing the data cipher operation. The processing of the operation includes generating a number of portions of ciphertext from plaintext, wherein a load operation associated with the generating of at least one portion of the ciphertext executes prior to a store operation associated with the generating of a prior portion of the ciphertext.

A system for transmitting encrypted data. A plurality of nested communication links are communicably connected to a network. Each communication link includes an originating node and a terminating node which are adapted to route a transmission therebetween. Transmissions between the originating node and the corresponding terminating node of the outermost communication link is routed through at least one inner communication link. The originating node of the outermost communication link generates a transmission having a data part and a first header part, both in an encrypted format, and routes the transmission to the corresponding terminating node. The originating node of an inner communication link modifies the transmission by removing unencrypted references to other communication links; adding a second header part in an encrypted format, and routing the transmission to the corresponding terminating node, where the second header part is decrypted and the transmission is rerouted to an outer communication link.