Arithmetic Method And Apparatus For Supporting Aes And Aria Encryption/decryption Functions

Abstract

Provided are an arithmetic method and apparatus for supporting Advanced Encryption Standard (AES) and Academy, Research Institute and Agency (ARIA) encryption/decryption functions. The apparatus includes: a key scheduler for generating a round key using an input key; and a round function calculator for generating encrypted/decrypted data using input data and the round key. Here, the round function calculator includes an integrated substitution layer and an integrated diffusion layer capable of performing both AES and ARIA algorithms.

Description

CROSS-REFERENCE TO RELATED APPLICATION

[0001] This application claims priority to and the benefit of Korean Patent Application Nos. 2006-111856, filed Nov. 13, 2006, and 2007-46526, filed May 14, 2007, the disclosures of which are incorporated herein by reference in their entirety.

BACKGROUND

[0002] 1. Field of the Invention

[0003] The present invention relates to an arithmetic method and apparatus for supporting Advanced Encryption Standard (AES) and Academy, Research Institute and Agency (ARIA) encryption/decryption functions.

[0004] 2. Discussion of Related Art

[0005] An AES block encryption algorithm was selected as an American standard by the National Institute of Standards and Technology (NIST) of the United States in 2001. In addition, an ARIA block encryption algorithm was selected as a Korean Industrial Standard. The two domestic and foreign standard block encryption algorithms, i.e., the AES and ARIA algorithms, are widely used in various encryption fields, such as smart cards, electronic passports, server-level encryption equipment, and so on.

[0006] Most encryption operations take a long time to complete and thus are implemented in hardware. In the early stages of AES or ARIA hardware implementation, research comparing and analyzing performance of the hardware according to high-performance implementation techniques or methods was generally conducted. However, with the gradual development of wireless technology, such as cellular phones and Radio Frequency Identification (RFID), research on miniaturization and implementation of low power consumption has been conducted recently.

[0007] Research on an encryption operation apparatus having integrated hardware supporting at least 2 encryption algorithms is less active than research on an arithmetic apparatus for a single encryption algorithm. This is because, when compared to software implementation, hardware implementation generally requires twice as many resources to implement 2 algorithms. However, as illustrated in FIGS. 1 and 2, the AES and ARIA algorithms use round functions having the similar Substitution Permutation Network (SPN) structure, thus having many common features. First, in an S-box operation, which is a basic operation of a substitution layer, the 2 algorithms use the same finite field GF(2.sup.8). In addition, from a scalar multiplication matrix operation used in a diffusion layer, it is possible to extract terms used in common by the two algorithms.

SUMMARY OF THE INVENTION

[0008] The present invention is directed to an arithmetic method and apparatus of integrated hardware supporting both Advanced Encryption Standard (AES) and Academy, Research Institute and Agency (ARIA) functions using a hardware resource sharing method for common factors between AES and ARIA algorithms.

[0009] One aspect of the present invention provides an arithmetic method of supporting AES and ARIA encryption/decryption functions, the method comprising the steps of: receiving input data and a round key; performing an S-box operation used in common in AES and ARIA algorithms using the input data and the round key; and extracting common terms used in a diffusion function of the AES and ARIA algorithms using the data on which the S-box operation is performed, and performing a diffusion operation.

[0010] Another aspect of the present invention provides an integrated arithmetic apparatus for supporting AES and ARIA encryption/decryption functions, the apparatus comprising: a key scheduler for generating a round key using an input key; and a round function calculator for generating encrypted/decrypted data using input data and the round key. Here, the round function calculator includes an integrated substitution layer and an integrated diffusion layer capable of performing both AES and ARIA algorithms.

BRIEF DESCRIPTION OF THE DRAWINGS

[0011] The above and other objects, features and advantages of the present invention will become more apparent to those of ordinary skill in the art by describing in detail exemplary embodiments thereof with reference to the attached drawings, in which:

[0012] FIG. 1 illustrates an encryption process of an Advanced Encryption Standard (AES) algorithm;

[0013] FIG. 2 illustrates an encryption process of an Academy, Research Institute and Agency (ARIA) algorithm;

[0014] FIG. 3 is a block diagram of an arithmetic apparatus having AES and ARIA-integrated hardware according to an exemplary embodiment of the present invention;

[0015] FIG. 4 is a block diagram of an integrated substitution layer according to an exemplary embodiment of the present invention;

[0016] FIG. 5 illustrates operation of an S.sub.A S-box block according to an exemplary embodiment of the present invention;

[0017] FIG. 6 illustrates operation of an S.sub.U S-box block according to an exemplary embodiment of the present invention; and

[0018] FIG. 7 is a block diagram of an integrated diffusion layer according to an exemplary embodiment of the present invention.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS

[0019] In this specification, currently used general terminology is mostly employed, but other terminology that has been selected for the present invention by the applicant himself/herself is also employed. In this case, the meaning of the terminology selected by the applicant is mentioned in the corresponding detailed description, and thus the present invention should be understood using the meanings provided in the detailed description, as opposed to their general meaning.

[0020] Hereinafter, exemplary embodiments of the present invention will be described in detail. However, the present invention is not limited to the embodiments disclosed below, but can be implemented in various forms. The following embodiments are described in order to enable those of ordinary skill in the art to embody and practice the present invention.

[0021] FIG. 3 is a block diagram of an apparatus having Advanced Encryption Standard (AES) and Academy, Research Institute and Agency (ARIA)-integrated hardware according to an exemplary embodiment of the present invention. The apparatus having AES and ARIA-integrated hardware comprises a round function calculator 310 and a key scheduler 350. The round function calculator 310 performs one round operation, and includes: an integrated substitution layer 320 for performing an S-box operation used in common for AES and ARIA algorithms using input data and a round key input from the key scheduler 350; an integrated diffusion layer 330 for performing a diffusion operation used in a diffusion function of the AES and ARIA algorithms using the operation result of the integrated substitution layer 320; a register 340 for storing 128-bit data; and a multiplexer (MUX) for selecting a data path.

[0022] The key scheduler 350 includes an AES key scheduler block 360 and an ARIA key scheduler block 370, and can calculate a round key required for each round by an on-the-fly method. Here, to economize hardware resources, a 128-bit register W.sub.0 380, which is one of round key storages in the ARIA key scheduler block 370, may be also used as a register for storing an AES round key.

[0023] FIG. 4 is a block diagram of the integrated substitution layer 320. Referring to FIG. 4, the integrated substitution layer 320 comprises an S.sub.A (AES S-Box) 410 and an S.sub.U (Unified S-Box) 420. First, the S.sub.A 410, which is an S-box used in common for AES and ARIA algorithms, selectively performs S.sup.1 and S.sup.-1 functions as shown in Formula 1 below.

[0024] FIG. 5 illustrates operation of the S.sub.A. Here, .delta..sub.A is an isomorphism function that maps an 8-bit input in a finite field GF(2.sup.8) onto an element in a GF(((2.sup.2).sup.2).sup.2), and Aff.sub.S1 is an affine transformation function shown in Formula 1 below. In addition, Aff.sub.S1.sup.-1*.delta..sub.A and .delta..sub.A.sup.-1*Aff.sub.S1 are combined functions of .delta..sub.A and the affine transformation function. Such an S.sub.A performs the same function as an S-box used in the AES algorithm, and thus a detailed description thereof will be omitted.

S 1 ( x ) = A x - 1 .sym. b = ( 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 0 1 1 1 1 1 0 0 0 0 1 1 1 1 1 0 0 0 0 1 1 1 1 1 ) x - 1 .sym. ( 1 1 0 0 0 1 1 0 ) S 1 - 1 ( x ) = ( A - 1 ( x .sym. b ) ) - 1 = ( A - 1 x .sym. A - 1 b ) - 1 = [ ( 0 0 1 0 0 1 0 1 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 1 0 1 0 0 1 0 0 0 1 0 1 0 0 1 0 0 0 1 0 1 0 0 1 1 0 0 0 0 1 0 0 0 1 0 1 1 0 1 0 ) x .sym. ( 1 0 1 0 0 0 0 0 ) ] - 1 [ Formula 1 ] ##EQU00001##

[0025] Meanwhile, the S.sub.U selectively performs 4 functions of S.sub.1, S.sub.1.sup.-1, S.sub.2 and S.sub.2.sup.-1. Here, S.sub.2 uses x.sup.247 instead of x.sup.-1. With respect to an element x in a GF(2.sup.8), x.sup.21 ("i" is an integer) may be calculated to be M.sub.i*x using an appropriate 8.times.8 binary non-singular matrix M.sub.i. Therefore, the functions S.sub.2 and S.sub.2.sup.-1 can be arranged as shown in Formula 2 below. FIG. 6 illustrates operation of the S.sub.U. Here, .delta..sub.U is an isomorphism function, and Aff.sub.S2 is an affine transformation function shown in Formula 2 below. Here, in order to optimize hardware area, all available isomorphism functions .delta..sub.U are examined, thereby determining the isomorphism function .delta..sub.U having the smallest number of "1" in an 8.times.8 binary matrix used in each of 6 functions of .delta..sub.U, .delta..sub.U.sup.-1, Aff.sub.S1.sup.-1*.delta..sub.U, .delta..sub.U.sup.-1*Aff.sub.1, Aff.sub.S2.sup.-1*.delta..sub.U and .delta..sub.U.sup.-1*Aff.sub.S2, and calculating other functions using the determined isomorphism function .delta..sub.U.

S 2 ( x ) = C x 247 .sym. d = C x - 8 .sym. d = C ( x - 1 ) - 8 .sym. d = C M 3 ( x - 1 ) .sym. d = ( 0 1 0 1 0 1 1 1 0 0 1 1 1 1 1 1 1 1 1 0 1 1 0 1 1 1 0 0 0 0 1 1 0 1 0 0 0 0 1 1 1 1 0 0 1 1 1 0 0 1 1 0 0 0 1 1 1 1 1 1 0 1 1 0 ) x - 1 .sym. ( 0 1 0 0 0 1 1 1 ) ( S 2 - 1 ( x ) ) - 8 = C - 1 ( x .sym. d ) .thrfore. S 2 - 1 ( x ) = ( C - 1 ( x .sym. d ) ) - 32 = ( ( C - 1 ( x .sym. d ) 32 ) - 1 = ( M 5 C - 1 ( x .sym. d ) ) - 1 = ( M 5 C - 1 x .sym. M 5 C - 1 d ) ) - 1 = ( F x .sym. F d ) - 1 = [ ( 0 0 0 1 1 0 0 0 0 0 1 0 0 1 1 0 0 0 0 0 1 0 1 0 1 1 1 0 0 0 1 1 1 1 1 0 1 1 0 0 0 1 1 0 1 0 1 1 1 0 1 1 1 1 0 1 1 0 0 1 0 0 1 1 ) x .sym. ( 0 0 1 1 0 1 0 0 ) ] - 1 [ Formula 2 ] ##EQU00002##

[0026] An AES diffusion layer performs a MixColumns operation and an InvMixColumns operation upon encryption and decryption, respectively. Such an AES diffusion layer performs matrix multiplication in units of 32-bit data. On the other hand, an ARIA diffusion layer performs 16.times.16 binary matrix multiplication on the entire 128-bit data in units of 1 byte. The arithmetic method and apparatus according to an exemplary embodiment of the present invention have an AES and ARIA-integrated diffusion layer that extracts the common terms used in the AES and ARIA diffusion layers and operates in units of 128 bits.

[0027] First, in the AES algorithm, 128-bit values [Y.sub.0, Y.sub.1, Y.sub.2, Y.sub.3] resulting from the MixColumns operation on 128-bit input [X.sub.0, X.sub.1, X.sub.2, X.sub.3] may be calculated as shown in Formula 3 below. Here, X.sub.i and Y.sub.i denote 32-bit unit data.

( Y 0 Y 1 Y 2 Y 3 ) = ( M 0 0 0 0 0 M 0 0 0 0 0 M 0 0 0 0 0 M 0 ) ( X 0 X 1 X 2 X 3 ) = ( M 0 ' 0 0 0 0 M 0 ' 0 0 0 0 M 0 ' 0 0 0 0 M 0 ' ) ( X 0 X 1 X 2 X 3 ) + ( M 0 '' 0 0 0 0 M 0 '' 0 0 0 0 M 0 '' 0 0 0 0 M 0 '' ) ( X 0 X 1 X 2 X 3 ) [ Formula 3 ] ##EQU00003##

[0028] Here, 4.times.4 matrices M.sub.0, M.sub.0' and M.sub.0'' are as shown below.

M 0 = ( 2 3 1 1 1 2 3 1 1 1 2 3 3 1 1 2 ) , M 0 ' = ( 2 2 0 0 0 2 2 0 0 0 2 2 2 0 0 2 ) , M 0 '' = ( 0 1 1 1 1 0 1 1 1 1 0 1 1 1 1 0 ) ##EQU00004##

[0029] In the same way, 128-bit values [Z.sub.0, Z.sub.1, Z.sub.2, Z.sub.3] resulting from the InvMixColumns operation are calculated as shown in Formula 4 below. Here, Z.sub.i denotes 32-bit unit data.

( Z 0 Z 1 Z 2 Z 3 ) = ( M 1 0 0 0 0 M 1 0 0 0 0 M 1 0 0 0 0 M 1 ) ( X 0 X 1 X 2 X 3 ) = ( M 1 ' 0 0 0 0 M 1 ' 0 0 0 0 M 1 ' 0 0 0 0 M 1 ' ) ( X 0 X 1 X 2 X 3 ) + ( M 1 '' 0 0 0 0 M 1 '' 0 0 0 0 M 1 '' 0 0 0 0 M 1 '' ) ( X 0 X 1 X 2 X 3 ) + ( M 0 0 0 0 0 M 0 0 0 0 0 M 0 0 0 0 0 M 0 ) ( X 0 X 1 X 2 X 3 ) [ Formual 4 ] ##EQU00005##

[0030] Here, 4.times.4 matrices M.sub.1, M.sub.1' and M.sub.1'' are as shown below.

M 1 = ( E B D 9 9 E B D D 9 E B B D 9 E ) , M 1 ' = ( 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 ) , M 1 '' = ( 4 0 4 0 0 4 0 4 4 0 4 0 0 4 0 4 ) ##EQU00006##

[0031] Meanwhile, in the ARIA algorithm, 128-bit values [w.sub.0, w.sub.1, w.sub.2, w.sub.3, w.sub.4, w.sub.5, w.sub.6, w.sub.7, w.sub.8, w.sub.9, w.sub.10, w.sub.11, w.sub.12, w.sub.13, w.sub.14, W.sub.15] resulting from a diffusion operation on 128-bit input [x.sub.0, x.sub.1, x.sub.2, x.sub.3, x.sub.4, x.sub.5, x.sub.6, x.sub.7, x.sub.8, x.sub.9, x.sub.10, x.sub.11, x.sub.12, x.sub.13, x.sub.14, x.sub.15] may be calculated as shown in Formula 5 below. In Formula 5, w.sub.i and x.sub.i denote 8-bit unit data. Formula 5 can be arranged as shown in Formula 6 below by a 32-bitwise operation. In Formula 6, W.sub.i and X.sub.i denote 32-bit unit data.

( w 0 w 1 w 2 w 3 w 4 w 5 w 6 w 7 w 8 w 9 w 10 w 11 w 12 w 13 w 14 w 15 ) = ( 0 0 0 1 1 0 1 0 1 1 0 0 0 1 1 0 0 0 1 0 0 1 0 1 1 1 0 0 1 0 0 1 0 1 0 0 1 0 1 0 0 0 1 1 1 0 0 1 1 0 0 0 0 1 0 1 0 0 1 1 0 1 1 0 1 0 1 0 0 1 0 0 1 0 0 1 0 0 1 1 0 1 0 1 1 0 0 0 0 1 1 0 0 0 1 1 1 0 1 0 0 0 0 1 0 1 1 0 1 1 0 0 0 1 0 1 0 0 1 0 1 0 0 1 1 1 0 0 1 1 0 0 1 0 0 1 0 0 1 0 0 1 0 1 1 1 0 0 0 1 1 0 0 0 0 1 1 0 1 0 0 0 1 1 0 1 1 0 1 0 0 0 0 1 0 1 0 0 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 0 0 1 1 0 1 0 1 1 0 0 0 1 0 0 1 0 0 1 1 1 0 1 0 0 1 0 0 1 0 0 1 1 1 0 0 0 1 0 1 0 0 1 0 0 1 1 0 1 1 0 0 1 0 1 0 0 0 0 1 ) ( x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 x 8 x 9 x 10 x 11 x 12 x 13 x 14 x 15 ) [ Formula 5 ] ( W 0 W 1 W 2 W 3 ) = ( M 2 M 3 M 4 M 5 M 3 M 6 M 5 _ M 4 _ M 4 M 5 _ M 7 M 3 _ M 5 M 4 _ M 3 _ M 8 ) ( X 0 X 1 X 2 X 3 ) [ Formula 6 ] ##EQU00007##

[0032] Here, 4.times.4 matrices M.sub.2, M.sub.3, M.sub.4, M.sub.5, M.sub.6, M.sub.7 and M.sub.8 are as shown below. In Formula 6, M.sub.3, M.sub.4 and M.sub.5 are matrices consisting of bit-specific inverse elements of their original matrices.

M 2 = ( 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 ) , M 3 = ( 1 0 1 0 0 1 0 1 1 0 1 0 0 1 0 1 ) , M 4 = ( 1 1 0 0 1 1 0 0 0 0 1 1 0 0 1 1 ) , M 5 = ( 0 1 1 0 1 0 0 1 1 0 0 1 0 1 1 0 ) , M 6 = ( 0 1 0 0 1 0 0 0 0 0 0 1 0 0 1 0 ) , M 7 = ( 0 0 1 0 0 0 0 1 1 0 0 0 0 1 0 0 ) , M 8 = ( 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 ) ##EQU00008##

[0033] Therefore, 128-bit values [y.sub.0, y.sub.1, . . . , y.sub.15] resulting from the MixColumns operation and 128-bit values [z.sub.0, z.sub.1, . . . , z.sub.15] resulting from the InvMixColumns operation on the 128-bit input [x.sub.o, x.sub.1, . . . , x.sub.15] according to the AES algorithm and the values [w.sub.0, w.sub.1, . . . , w.sub.15] resulting from the diffusion operation according to the ARIA algorithm may be calculated as shown in Formula 7 below using the common terms.

{ y 0 = 2 A 0 + A 2 + x 1 , y 1 = 2 A 1 + A 3 + x 2 , y 2 = 2 A 2 + A 0 + x 3 , y 3 = 2 A 3 + A 1 + x 0 , y 4 = 2 A 4 + A 6 + x 5 , y 5 = 2 A 5 + A 7 + x 6 , y 6 = 2 A 6 + A 4 + x 7 , y 7 = 2 A 7 + A 5 + x 4 , y 8 = 2 A 8 + A 10 + x 9 , y 9 = 2 A 9 + A 11 + x 10 , y 10 = 2 A 10 + A 8 + x 11 , y 11 = 2 A 11 + A 9 + x 8 , y 12 = 2 A 12 + A 14 + x 13 , y 13 = 2 A 13 + A 15 + x 14 , y 14 = 2 A 14 + A 12 + x 15 , y 15 = 2 A 15 + A 13 + x 12 { z 0 = E 0 + y 0 , z 1 = E 1 + y 1 , z 2 = E 2 + y 2 , z 3 = E 3 + y 3 , z 4 = E 2 + y 4 , z 5 = E 3 + y 5 , z 6 = E 2 + y 6 , z 7 = E 3 + y 7 , z 8 = E 4 + y 8 , z 9 = E 5 + y 9 , z 10 = E 4 + y 10 , z 11 = E 5 + y 11 , z 12 = E 6 + y 12 , z 13 = E 7 + y 13 , z 14 = E 6 + y 14 , z 15 = E 7 + y 15 , { w 0 = x 3 + B 2 + A 8 + A 13 , w 1 = x 2 + B 3 + A 8 + A 15 , w 2 = x 1 + B 2 + A 10 + A 15 , w 3 = x 0 + B 3 + A 10 + A 13 , w 4 = B 0 + x 5 + A 11 + A 14 , w 5 = B 1 + x 4 + A 9 + A 14 , w 6 = B 0 + x 7 + A 9 + A 12 , w 7 = B 1 + x 6 + A 11 + A 12 , w 8 = A 0 + A 7 + x 10 + B 7 , w 9 = A 0 + A 5 + x 11 + B 6 , w 10 = A 2 + A 5 + x 8 + B 7 , w 11 = A 2 + A 7 + x 9 + B 6 , w 12 = A 1 + A 6 + B 5 + x 12 , w 13 = A 3 + A 6 + B 4 + x 13 , w 14 = A 3 + A 4 + B 5 + x 14 , w 15 = A 1 + A 4 + B 4 + x 15 [ Formula 7 ] ##EQU00009##

[0034] The above used middle terms A.sub.i, B.sub.i, C.sub.i, D.sub.i and E.sub.i are as shown below.

{ A 0 = x 0 + x 1 , A 1 = x 1 + x 2 , A 2 = x 2 + x 3 , A 3 = x 3 + x 0 , A 4 = x 4 + x 5 , A 5 = x 5 + x 6 , A 6 = x 6 + x 7 , A 7 = x 7 + x 4 , A 8 = x 8 + x 9 , A 9 = x 9 + x 10 , A 10 = x 10 + x 11 , A 11 = x 11 + x 8 , A 12 = x 12 + x 13 , A 13 = x 13 + x 14 , A 14 = x 14 + x 15 , A 15 = x 15 + x 12 { B 0 = x 0 + x 2 , B 1 = x 1 + x 3 , B 2 = x 4 + x 6 , B 3 = x 5 + x 7 , B 4 = x 8 + x 10 , B 5 = x 9 + x 11 , B 6 = x 12 + x 14 , B 7 = x 13 + x 15 , { C 0 = 4 B 0 , C 1 = 4 B 1 , C 2 = 4 B 2 , C 3 = 4 B 3 , C 4 = 4 B 4 , C 5 = 4 B 5 , C 6 = 4 B 6 , C 7 = 4 B 7 { D 0 = 2 ( C 0 + C 1 ) , D 1 = 2 ( C 2 + C 3 ) , D 2 = 2 ( C 4 + C 5 ) , D 3 = 2 ( C 6 + C 7 ) , { E 0 = D 0 + C 0 , E 1 = D 0 + C 1 , E 2 = D 1 + C 2 , E 3 = D 1 + C 3 , E 4 = D 2 + C 4 , E 5 = D 2 + C 5 , E 6 = D 3 + C 6 , E 7 = D 3 + C 7 ##EQU00010##

[0035] FIG. 7 is a block diagram of the integrated diffusion layer. Referring to FIG. 7, the integrated diffusion layer generates common terms A 710 and B 720 from a 128-bit input X, generates C 730, D 740 and E 750 from B 720, and generates a MixColumns result Y 760 and an InvMixColumns result Z 770 according to the AES algorithm and a diffusion result W 780 according to the ARIA algorithm from A 710, B 720 and E 750. Finally, a MUX 790 selectively selects a 128-bit result value U.

[0036] Thus far, the present invention has suggested an arithmetic method and apparatus for supporting efficient AES and ARIA encryption/decryption algorithms. The arithmetic method and apparatus minimize hardware area using an integrated substitution layer and an integrated diffusion layer while supporting both the AES and ARIA encryption/decryption functions. Therefore, the arithmetic method and apparatus can be efficiently used in smart cards, electronic passports, server-level encryption equipment, etc., requiring both the AES and ARIA encryption algorithms.

[0037] While the invention has been shown and described with reference to certain exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims

1. An arithmetic method of supporting Advanced Encryption Standard (AES) and Academy, Research Institute and Agency (ARIA) encryption/decryption functions, the method comprising the steps of: receiving input data and a round key; performing an S-box operation used in common in AES and ARIA algorithms using the input data and the round key; and extracting the common terms used in a diffusion function of the AES and ARIA algorithms using the data on which the S-box operation is performed, and performing a diffusion operation.

2. The arithmetic method of claim 1, further comprising the step of: performing key expansion using the input key and thereby generating the round key.

3. The arithmetic method of claim 1, wherein an AES and ARIA-integrated diffusion layer performs the diffusion operation selectively using one of an AES MixColumns function, an AES InvMixColumns function and an ARIA diffusion function.

4. The arithmetic method of claim 3, wherein the integrated diffusion layer shares the common terms of the AES MixColumns function, the AES InvMixColumns function and the ARIA diffusion function.