CA1121480A - Cryptographic apparatus and method - Google Patents
Cryptographic apparatus and methodInfo
- Publication number
- CA1121480A CA1121480A CA000314862A CA314862A CA1121480A CA 1121480 A CA1121480 A CA 1121480A CA 000314862 A CA000314862 A CA 000314862A CA 314862 A CA314862 A CA 314862A CA 1121480 A CA1121480 A CA 1121480A
- Authority
- CA
- Canada
- Prior art keywords
- signal
- transformed
- infeasible
- secure
- generate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired
Links
Abstract
CRYPTOGRAPHIC APPARATUS AND METHOD
Abstract of the Disclosure A cryptographic system transmits a computationally secure cryptogram over an insecure communication channel without prearrangement of a cipher key. A secure cipher key is generated by the conversers from transformations of exchanged transformed signals. The conversers each possess a secret signal and exchange an initial transformation of the secret signal with the other converser. The received transformation of the other converser's secret signal is again transformed with the receiving converser's secret signal to generate a secure cipher key. The transformations use non-secret operations that are easily performed but extremely difficult to invert. It is infeasible for an eavesdropper to invert the initial transformation to obtain either con-versers' secret signal, or duplicate the latter transforma-tion to obtain the secure cipher key.
Abstract of the Disclosure A cryptographic system transmits a computationally secure cryptogram over an insecure communication channel without prearrangement of a cipher key. A secure cipher key is generated by the conversers from transformations of exchanged transformed signals. The conversers each possess a secret signal and exchange an initial transformation of the secret signal with the other converser. The received transformation of the other converser's secret signal is again transformed with the receiving converser's secret signal to generate a secure cipher key. The transformations use non-secret operations that are easily performed but extremely difficult to invert. It is infeasible for an eavesdropper to invert the initial transformation to obtain either con-versers' secret signal, or duplicate the latter transforma-tion to obtain the secure cipher key.
Description
Background ot the Invention Field of Invention The invention relates to cryptographic systems.
_ scription of Prior Art . Cryptographic systems are widely used to ensure the privacy and authenticity of messages communicated over inse-cure channels. A privacy system prevents the extraction of information by unauthorized parties from messages transmitted over an insecure channel, thus assuring the sender of a message that it is being read only by the intended receiver.
An authentication system prevents the unauthorized injection of messages into an insecure channel, assuring the receiver of the message of the legitimacy of its sender.
.
_ F
.
.. - _ -. .
..
. ' ' .
One of the principal difficulties with existing cryptographic systems is the need for the sender and re-ceiver to exchange a cipher key over a secure channel to which the unauthorized party does not have access. The exchange of a cipher key frequently is done by sending the key in advance over a secure channel such as private courier or registered mail; such secure channels are usually slow and expensive.
~ Diffie, et al, ïn "Multiuser Cryptographic Techniques,"
AFIPS - Conference Proceedings, Vol. 45, pp. 109-112, June 8, 1976, propose the concep~ of a public key cryptosystem that would eliminate the need for a secure channel by making the sender's keying information public. It is also proposed how such a public key cryptosystem could allow an authentication system which generates an unforgeable message dependent digital signature. Diffie presents the idea of using a pair of keys E and D, for enciphering and deciphering a message, such that E is public in~ormation while D is kept secret by the intended receiver. Further, although D is determined by E, it is in-feasible to compute D from E. Diffie suggests the plausibility of designing such a public key cryptosystem that would allow a user to encipher a message and send it to the intended re~
ceiver, but only the intended receiver couid decipher it.
While suggesting the plausibility of designing such systems, Diffie presents neither proof that public key cryptosystems exist, nor a demonstration system.
Diffie suggests three plausibility arguments for the - existence of a public key cryptosystem: a matrix approach, a machine language apDroach and a logic mapping approach.
While the matrix approach can be designed with matrices that require a demonstrably infeasible cryptanalytic time (i.e., computing D f~om E) using known methods, the matrix approach exhibits a lack t -2-~:~.2~
of practical utility because of the enormous dimensions of the required matrices. The machine language approach and logic mapping approach are also suggested, but there is no way shown to design them in such a manner that they would require demonstrably infeasible cryptanalytlc time.
Diffie also introduces a procedure using the proposed public key cryptosystems, that could allow the receiver to easily verify the authenticity of a message, but which prevents him from generating apparent-ly authenticated messages. Diffie describes a protocol to be followed to obtain authentication with the proposed public key cryptosystem. How-ever, the authentication procedure relies on the existence of a public key cryptosystem which Diffie did not provide.
Summary and Objects of the Invention Accordingly, it is an object of this invention to allow author-ized parties to a conversation (conversers) to converse privately even though an unauthorized party (eavesdropper) intercepts all of their commu-nications.
Another object of this invention is to allow conversers on an insecure channel to authenticate each other's identity.
According to one broad aspect of the invention there is provided a secure key generator comprising: a first input connected to receive an applied first signal; a first output; a second output; and means for generating at the first output a third signal~ that is a transformation of said first signal and which transformation is infeasible to invert, and for generating at the second output a fourth signal, that is a transfor-mation of said second signal with said first signal, which represents a secure key and is infeasible to generate solely with said second signal and said third signal.
According to another broad aspect of the invention there is provided a method of generating a sec~re cipher key between a transmitter and receiver comprising the steps of: generating and transforming in a manner infeasible to invert, a first signal at the transmitter to generate :~ ' .,,, :
a transformed Eirst signal; generating and transforming, ln a manner in-feasible to invert, a second signal at the receiver to generate a trans-Eormed second signal; transmitting said transformed first slgnal Erom the transmitter to the receiver; transmitting said transformed second signal from the receiver to the transmitter; transEorming said transformed second signal with said first signal at the transmitter to generate a third signal, representing a secure cipher key, that is infeasible to generate solely with said transformed first signal and said transformed second signal; and transforming said transformed first signal with said second signal at the receiver to generate a fourth signal that is identical to the third signal and represents said secure cipher key.
According to another broad aspect of the invention there is provided a method of generating a secure cipher key between a transmitter and receiver comprising the steps of: transforming, in a manner infeasible to invert, a first signal at the transmitter to generate a transformed first signal wherein transforming said first signal is performed by rais-ing a first number to a power represented by said first signal, modulo a second number; transforming in a manner infeasible to invert, a second signal at the receiver to generate a transformed second signal, wherein transforming said second signal is performed by raising the first number to a power represented by said second signal, modulo the second nu~nber;
transmitting said transformed first signal from the transmitter to the receiver; transmitting said transformed second signal from the receiver to the transmitter; transforming said transformed second signal with said first signal at the transmitter to generate a third signal, representing a secure cipher key, that is infeasible to generate solely with said transformed first signal and said transformed second signal, wherein transforming said transformed second signal with said first signal is performed by raising a number represented by said transformed second signal to a power represented by said first signal, modulo the second number; and transforming said transformed first signal with said second -3a--signal at the receiver to generate a fourth signal, representing said secure cipher key, that is infeasible to generate solely with said trans-formed first signal and said transformed second signal, wherein transform-ing said transformed first signal with said second signal is performed by raising a number represented by said transformed first signal to a power represented by said second signal, modulo the second number.
An illustrated embodiment of the present invention describes a method for communicating securely over an insecure channel without prearrangement of a cipher key. A secure cipher key is generated from transformations of exchanged transformed signals, which exchanged trans-formed signals are easy to effect but difficult to invert. The generated secure cipher key is used to encipher and decipher messages transmitted over the insecure communication channel.
This illustrated embodiment of the present invention describes a method and apparatus for generating a secure cipher key for use with conventional cryptographic communication between conversers over an insecure channel. The illustrated -3~-~; :
~2~
embodiment differs from a public key cryptosystem in that it provides a secure cipher key that is used with a conven-tional crypt~graphic system; a publlc key cryptosystem does not require a conventional cryptographic system. Further, the illustrated embodiment provides a means of transforming a signal that is practical to implement and is demonstrably infeasible to invert using known methods.
In the present invention a first converser transforms, in a manner infeasible to invert, a first signal while a second converser transforms, also in a manner infeasible to invert, a second signal. The first converser transmits the transformed first signal to the second converser, keeping the first signal secret, and the second converser transmits the transformed second signal to the first converser, keeping the second signal secret. The first converser then transforms the first signal with the transformed second signal to generate a third signal, representing a secure cipher ke~, that is in-feasible to generate solely by transforming the transformed first signal and the transformed second signal. And, the second converser transforms the second signal with the transformed first signal to generate a fourth signal, also representing - the secure cipher key, that is infeasible to generate solely by transforming the transformed first signal and the transformed second signal.
Another illustrated embodiment of the present invention describes a method for allowing a converser to authenticate another converser's identity. A first converser transforms, in a manner infeasible to invert, a first signal while a second converser transforms, also in a manner infeasible to invert, a second signal. The second converser places the transformed second signal in a public directory as the second _ _ _ _ .. _ _ . . .. . .. . .. .. . . .
converser's means of identification, keeping the second signal secret. The first converser transmits the transformed first signal to the second converser, with whom thè first converser desires to communicate, keeping the first signal secret. The first converser then transforms the first signal with the second converser's transformed second signal, obtained from ~he public directory, to generate a third signal. The third signal represents a secure ciphler key to be used for conventional cryptographic communication with the second converser, that is - infeasible to generate solely by transforming the transformed first signal and the transformed second signal. The second converser transforms the second signal with the transformed first signal to generate a fourth signal, also representing the secure cipher key, that is infeasible to generate solely 1~ by transforming the transformed first signal and the trans-formed second signal. The secona converser's identity is authenticated by the first converser by the second converser's ability to generate the fourth signal, representing the secure cipher key, and to use the secure cipher key in communicating over a conventional cryptographic system.
Additional objects and features of the present invention - will appear from the description that follows wherein the pre-ferred embodiments have been set forth in detail in conjunction with the accompanying drawings.
Brief Description of the Drawings Figure l is a block diagram of a cryptographic system that transmits a computationally secure cryptogram over an insecure communication channel.
Figure 2 is a block diagram of a secure key generator for raising various numbers to various powers in modulo arith-metic.
_5_ Figure 3 is a block diagram.of a multiplier for performing multiplications in the secure key generator of Figure 2.
Figure 4 is a detailed schematic diagram of an adder for performing additions in the multiplier of Figure 3.
Figure 5 is a detailed schematic diagr~m ~f a com-parator for performing magnitude comparisons in the multi-plier of Figure 3.
Figure 6 is a detailed schematic diagram of a sub-tractor for performing subtractions in the multiplier of Figure 3.
Description of the Preferred Embodiment Referring to Figure 1, a cryptographic system is shown in which all communications take place over an insecure communication channel 19, for example a telephone line. Two-way communication is exchanged on the insecure channel 19 be-tween converser 11 and:converser 12 using transmitter/receivers 31 and 32, for example modems such as Bell 201 modems. Con-verser 11 possesses an unenciphered or plaintext message P to be communicated to converser 12. Converser 11 and converser 12 include cryptographic devices 15 and 16 respectively, for enciphering and deciphering information under the action of a cipher key K on line K. For example, the cryptographic devices 15 and 16 may include the recently adopted National Data En-cryption Standard. The cryptographic devices 15 and 16 imple-ment transformations SK and SK 1 (the transformation which is the inverse of SK) when loaded with key K. For example, key K may be a sequence of random letters or digits. The crypto-graphic device 15 enciphers the plaintext message P into an enciphered message or ciphertext C on line C that is transmitted by converser 11 through the insecure channel 19; the ciphertext C is received by converser 12 and deciphered by cryptographic device 16 to obtain the plaintext message P~ An unauthorized party or eavesdropper 13 is assumed to have a cryptographic device 17 and to have access to the insecure channel 19, so if he ~new the key K he could decipher the ciphertext C to obtain the plaintext message P.
Converser 11 and converser 12 include independent key sources 25 and 26 respectively, which generate numbers or signals that represent numbers. For example, the key sources 10 ~ may be random number generators that are implemented from noisy amplifiers (e.g., Fairchild ~ 709 operational amplifiers) with a polarity detector. Key source 25 generates three signals, q, a, and Xl, and key source 26 generates X2; a, Xl and X2 may be signals that represent independent random numbers chosen uniformly from the set of integers (1, 2, -- q-l). Signals q and a are transmitted to the secure key generator 21 and are transmitted through the insecure channel 19 to secure key generator 22. Signals Xl and X2 are kept secret by converser 11 and converser 12 respectively, aré given to the secure -- key generators 21 and 22 respectively, but are not transmitted - through the insecure channel 19.
Converser 11 and converser 12 also include secure key generators 21 and 22 respectively, which accept the signals generated by the respective key sources 25 and 26.
Secure key generator 22 also receives the signals q and a which are transmitted through the insecure c~annel 19.
The secure key generators 21 and 22 generate signals Yl and Y2 respectively by transforming Xl and X2 respectively with signals q and a in a manner that is easily performed but extremely difficult or infeasible to invert. A task is .
_ 7 _ considered infeasible i its cost as measured by eith~r the amount of memory used or the computing time is finite but impossibly large, for example, on the order of approximately 103 operations with existing computational methods and equip-ment.
Signal Yl may be generated to represent the number obtained by raising the number represented by signal a to the power represented by signal Xl, modulo the number re-presented by signal q; this transformation may be represented symbolically as Yl = aXl mod q. Signal Y2 may be generated to represent the number obtained by raising the number re-presented by signal a to the power represented by signal X2, modulo the number represented by signal q; this transformation may be represented symbolically as Y2 = aX2 mod q.
Signals Yl and Y2 are exchanged by transmitting Yl and Y2 through the insecure channel 19 to secure key generators 22 and 21 respectively. Secure key generator 21 then generates a secure key K by transforming signal Y2 with signals q, a and Xl, and secure key generator ~2 generates the same secure key K by transforming Yl with signals q, a and X2.
Secure key generator 21 may generate a secure key K
represented by the number obtained by raising the number re-presented by signal Y2 to the power represented by signal Xl, modulo the number represented by signal q; this transformation may be represented symbolically as Xl X2 Xl xlx2 K = Y2 mod q = (a ) mod q = a mod q.
Secure key generator 2? may also generate the same secure key K represented by the number obtained by raising the number represented by signal Yl to the power represented by signal X2, modulo the number represented by signal q; this tran/sformation may be represented symbolically as K = y~ 2 mod q = ~axl) 2 mod q = aXlX2 Conversers 11 and 12 then have the same secure key K which may be used with cryptographic devices 15 and 16.
The eavesdropper 13 is assumed to have a secure key generator 23 and to have access to all signals transmitted through the insecure channel 19, including signa1s q, a, Yl, and Y2. The difficulty of inverting the transformations which generated signals Yl and Y2 make it infeasible for the eaves-dropper 13 to generate signals Xl or X2. Further, the secure key K is infeasible to generate solely with signals q, a, Y
and Y2.
The eavesdropper 13 is unable to compute the secure key K by multiplication or exponentiation; multiplication yields YlY2 = aXl X2 mod q ~ K
and exponentiation yields either Y _ (Xl ) ~ K
Yl ;2 - a aXl or : y2Yl = a 2 The eavesdropper in theory could obtain Xl or X2 from q, a and Yl and Y2 by raising a to the first, second, third, etc., powers until Yl or Y2-was obtained. This is prevented by choosing q to be a large number; if q is a 200 bit quantity, the average number of trials before success is on the order of 2193 = 4 x 1059 and is physically infeasible. Improved algorithms for computing logarithms modulo q (i~ y = aX mod q, X is the logarithm o~ Y to the base a modulo q) are ~nown but, if q = 2r ~ 1 with q and r being prime, then the most efficient known algorithm requires approximately q~ operations.
ki 22 about 21 = 103 operations are re-quired, still physically infeasible. An example of such a paid is r = (2l2l 52 . 72 . 112 . 13 . 17 .
31 37 41 D 43 47 53 59) + 1 and q = 2r ~ 1. Other restrictions on q, a, Xl and X2 may also be imposed.
The secure key generators 21 and 22, for raising various numbers to various powers modulo q, can be implemented in electronic circuitry as shown in Figure 2. For ease of illustration, Figure 2 depicts raising a to the X power modulo q; raising Y to the X power modulo q is obtained by initially loading Y, instead of a, into the A register 43.
Figure 2 shows the initial contents of three registers 41, 42 and 43. The ~inary representation of X (xk_l xk 2 xlxO~ is loaded into the X register 41; 1 is loaded into the R register 42; and, the binary representation of a is loaded ~lZ~ fiB~
into the A register 43, corresponding to i=0. The number of bits k in each register is the least integer such that 2k ~ q.
If k = 200, then all three registers can be obtained from a single 1024 bit random access memory (RAM) such as the Intel 2102. The implementation of multiplier 44, for multiplying two numbers modulo q, will be described in more detail later.
Referring to Figure 2, if the low order bit, containing xO, of the X register 41 equals :I then the R register 42 and the A register 43 contents are multiplied modulo q and their pro-duct, also a k bit quantity, replaces the contents of the R
register 42. If xO - O, the R register 42 contents are left unchanged. In either case, the A register 43 is then loaded twice into the multiplier 44 so that the square, modulo q, of the A register 43 contents is computed. This value, a~2 3, replaces the contents of the A register 43. The X register 41 - contents are shifted one bit to the right and a O is shifted in at the left so its contents are now Ox~ 1xk_2...x2xl.
The low order bit, containing-xl, of the X register 41 is examined. If it equals 1 then, as before, the R register 42 and A register 43 contents are multiplied modulo q and their product replaces the contents of the R register 42. If the low order bit equals O then the R register 42 contents are left un-changed. In either case, the contents of the A register 43 are replaced by the square, modulo q, of the previous contents.
The X register 41 contents are shifted one bit to the right and a O is shifted in at the left so its contents are now xk 1 Xk_2- X3X2-This process continues until the X register 41 contains all O's, at which point the value of aX modulo q is stored in the R register 42.
An example ~s helpful in following this process.
Taking q = 23, we find k=S from 2k 2 q. If a = 7 and X = 18 then aX = 718 = 1628413597910449 = 23(70800591213497) + 18 50 a modulo q equals 18. This straightforward but laborious method of co~puting a modulo q is used as a check to show that the method of figure 2j shown below, yields the correct result. The R register 42 and A register 43 contents are shown in decimal form to facilitate understanding.
i X (in binary) R A
10` 0 10010 1 7
_ scription of Prior Art . Cryptographic systems are widely used to ensure the privacy and authenticity of messages communicated over inse-cure channels. A privacy system prevents the extraction of information by unauthorized parties from messages transmitted over an insecure channel, thus assuring the sender of a message that it is being read only by the intended receiver.
An authentication system prevents the unauthorized injection of messages into an insecure channel, assuring the receiver of the message of the legitimacy of its sender.
.
_ F
.
.. - _ -. .
..
. ' ' .
One of the principal difficulties with existing cryptographic systems is the need for the sender and re-ceiver to exchange a cipher key over a secure channel to which the unauthorized party does not have access. The exchange of a cipher key frequently is done by sending the key in advance over a secure channel such as private courier or registered mail; such secure channels are usually slow and expensive.
~ Diffie, et al, ïn "Multiuser Cryptographic Techniques,"
AFIPS - Conference Proceedings, Vol. 45, pp. 109-112, June 8, 1976, propose the concep~ of a public key cryptosystem that would eliminate the need for a secure channel by making the sender's keying information public. It is also proposed how such a public key cryptosystem could allow an authentication system which generates an unforgeable message dependent digital signature. Diffie presents the idea of using a pair of keys E and D, for enciphering and deciphering a message, such that E is public in~ormation while D is kept secret by the intended receiver. Further, although D is determined by E, it is in-feasible to compute D from E. Diffie suggests the plausibility of designing such a public key cryptosystem that would allow a user to encipher a message and send it to the intended re~
ceiver, but only the intended receiver couid decipher it.
While suggesting the plausibility of designing such systems, Diffie presents neither proof that public key cryptosystems exist, nor a demonstration system.
Diffie suggests three plausibility arguments for the - existence of a public key cryptosystem: a matrix approach, a machine language apDroach and a logic mapping approach.
While the matrix approach can be designed with matrices that require a demonstrably infeasible cryptanalytic time (i.e., computing D f~om E) using known methods, the matrix approach exhibits a lack t -2-~:~.2~
of practical utility because of the enormous dimensions of the required matrices. The machine language approach and logic mapping approach are also suggested, but there is no way shown to design them in such a manner that they would require demonstrably infeasible cryptanalytlc time.
Diffie also introduces a procedure using the proposed public key cryptosystems, that could allow the receiver to easily verify the authenticity of a message, but which prevents him from generating apparent-ly authenticated messages. Diffie describes a protocol to be followed to obtain authentication with the proposed public key cryptosystem. How-ever, the authentication procedure relies on the existence of a public key cryptosystem which Diffie did not provide.
Summary and Objects of the Invention Accordingly, it is an object of this invention to allow author-ized parties to a conversation (conversers) to converse privately even though an unauthorized party (eavesdropper) intercepts all of their commu-nications.
Another object of this invention is to allow conversers on an insecure channel to authenticate each other's identity.
According to one broad aspect of the invention there is provided a secure key generator comprising: a first input connected to receive an applied first signal; a first output; a second output; and means for generating at the first output a third signal~ that is a transformation of said first signal and which transformation is infeasible to invert, and for generating at the second output a fourth signal, that is a transfor-mation of said second signal with said first signal, which represents a secure key and is infeasible to generate solely with said second signal and said third signal.
According to another broad aspect of the invention there is provided a method of generating a sec~re cipher key between a transmitter and receiver comprising the steps of: generating and transforming in a manner infeasible to invert, a first signal at the transmitter to generate :~ ' .,,, :
a transformed Eirst signal; generating and transforming, ln a manner in-feasible to invert, a second signal at the receiver to generate a trans-Eormed second signal; transmitting said transformed first slgnal Erom the transmitter to the receiver; transmitting said transformed second signal from the receiver to the transmitter; transEorming said transformed second signal with said first signal at the transmitter to generate a third signal, representing a secure cipher key, that is infeasible to generate solely with said transformed first signal and said transformed second signal; and transforming said transformed first signal with said second signal at the receiver to generate a fourth signal that is identical to the third signal and represents said secure cipher key.
According to another broad aspect of the invention there is provided a method of generating a secure cipher key between a transmitter and receiver comprising the steps of: transforming, in a manner infeasible to invert, a first signal at the transmitter to generate a transformed first signal wherein transforming said first signal is performed by rais-ing a first number to a power represented by said first signal, modulo a second number; transforming in a manner infeasible to invert, a second signal at the receiver to generate a transformed second signal, wherein transforming said second signal is performed by raising the first number to a power represented by said second signal, modulo the second nu~nber;
transmitting said transformed first signal from the transmitter to the receiver; transmitting said transformed second signal from the receiver to the transmitter; transforming said transformed second signal with said first signal at the transmitter to generate a third signal, representing a secure cipher key, that is infeasible to generate solely with said transformed first signal and said transformed second signal, wherein transforming said transformed second signal with said first signal is performed by raising a number represented by said transformed second signal to a power represented by said first signal, modulo the second number; and transforming said transformed first signal with said second -3a--signal at the receiver to generate a fourth signal, representing said secure cipher key, that is infeasible to generate solely with said trans-formed first signal and said transformed second signal, wherein transform-ing said transformed first signal with said second signal is performed by raising a number represented by said transformed first signal to a power represented by said second signal, modulo the second number.
An illustrated embodiment of the present invention describes a method for communicating securely over an insecure channel without prearrangement of a cipher key. A secure cipher key is generated from transformations of exchanged transformed signals, which exchanged trans-formed signals are easy to effect but difficult to invert. The generated secure cipher key is used to encipher and decipher messages transmitted over the insecure communication channel.
This illustrated embodiment of the present invention describes a method and apparatus for generating a secure cipher key for use with conventional cryptographic communication between conversers over an insecure channel. The illustrated -3~-~; :
~2~
embodiment differs from a public key cryptosystem in that it provides a secure cipher key that is used with a conven-tional crypt~graphic system; a publlc key cryptosystem does not require a conventional cryptographic system. Further, the illustrated embodiment provides a means of transforming a signal that is practical to implement and is demonstrably infeasible to invert using known methods.
In the present invention a first converser transforms, in a manner infeasible to invert, a first signal while a second converser transforms, also in a manner infeasible to invert, a second signal. The first converser transmits the transformed first signal to the second converser, keeping the first signal secret, and the second converser transmits the transformed second signal to the first converser, keeping the second signal secret. The first converser then transforms the first signal with the transformed second signal to generate a third signal, representing a secure cipher ke~, that is in-feasible to generate solely by transforming the transformed first signal and the transformed second signal. And, the second converser transforms the second signal with the transformed first signal to generate a fourth signal, also representing - the secure cipher key, that is infeasible to generate solely by transforming the transformed first signal and the transformed second signal.
Another illustrated embodiment of the present invention describes a method for allowing a converser to authenticate another converser's identity. A first converser transforms, in a manner infeasible to invert, a first signal while a second converser transforms, also in a manner infeasible to invert, a second signal. The second converser places the transformed second signal in a public directory as the second _ _ _ _ .. _ _ . . .. . .. . .. .. . . .
converser's means of identification, keeping the second signal secret. The first converser transmits the transformed first signal to the second converser, with whom thè first converser desires to communicate, keeping the first signal secret. The first converser then transforms the first signal with the second converser's transformed second signal, obtained from ~he public directory, to generate a third signal. The third signal represents a secure ciphler key to be used for conventional cryptographic communication with the second converser, that is - infeasible to generate solely by transforming the transformed first signal and the transformed second signal. The second converser transforms the second signal with the transformed first signal to generate a fourth signal, also representing the secure cipher key, that is infeasible to generate solely 1~ by transforming the transformed first signal and the trans-formed second signal. The secona converser's identity is authenticated by the first converser by the second converser's ability to generate the fourth signal, representing the secure cipher key, and to use the secure cipher key in communicating over a conventional cryptographic system.
Additional objects and features of the present invention - will appear from the description that follows wherein the pre-ferred embodiments have been set forth in detail in conjunction with the accompanying drawings.
Brief Description of the Drawings Figure l is a block diagram of a cryptographic system that transmits a computationally secure cryptogram over an insecure communication channel.
Figure 2 is a block diagram of a secure key generator for raising various numbers to various powers in modulo arith-metic.
_5_ Figure 3 is a block diagram.of a multiplier for performing multiplications in the secure key generator of Figure 2.
Figure 4 is a detailed schematic diagram of an adder for performing additions in the multiplier of Figure 3.
Figure 5 is a detailed schematic diagr~m ~f a com-parator for performing magnitude comparisons in the multi-plier of Figure 3.
Figure 6 is a detailed schematic diagram of a sub-tractor for performing subtractions in the multiplier of Figure 3.
Description of the Preferred Embodiment Referring to Figure 1, a cryptographic system is shown in which all communications take place over an insecure communication channel 19, for example a telephone line. Two-way communication is exchanged on the insecure channel 19 be-tween converser 11 and:converser 12 using transmitter/receivers 31 and 32, for example modems such as Bell 201 modems. Con-verser 11 possesses an unenciphered or plaintext message P to be communicated to converser 12. Converser 11 and converser 12 include cryptographic devices 15 and 16 respectively, for enciphering and deciphering information under the action of a cipher key K on line K. For example, the cryptographic devices 15 and 16 may include the recently adopted National Data En-cryption Standard. The cryptographic devices 15 and 16 imple-ment transformations SK and SK 1 (the transformation which is the inverse of SK) when loaded with key K. For example, key K may be a sequence of random letters or digits. The crypto-graphic device 15 enciphers the plaintext message P into an enciphered message or ciphertext C on line C that is transmitted by converser 11 through the insecure channel 19; the ciphertext C is received by converser 12 and deciphered by cryptographic device 16 to obtain the plaintext message P~ An unauthorized party or eavesdropper 13 is assumed to have a cryptographic device 17 and to have access to the insecure channel 19, so if he ~new the key K he could decipher the ciphertext C to obtain the plaintext message P.
Converser 11 and converser 12 include independent key sources 25 and 26 respectively, which generate numbers or signals that represent numbers. For example, the key sources 10 ~ may be random number generators that are implemented from noisy amplifiers (e.g., Fairchild ~ 709 operational amplifiers) with a polarity detector. Key source 25 generates three signals, q, a, and Xl, and key source 26 generates X2; a, Xl and X2 may be signals that represent independent random numbers chosen uniformly from the set of integers (1, 2, -- q-l). Signals q and a are transmitted to the secure key generator 21 and are transmitted through the insecure channel 19 to secure key generator 22. Signals Xl and X2 are kept secret by converser 11 and converser 12 respectively, aré given to the secure -- key generators 21 and 22 respectively, but are not transmitted - through the insecure channel 19.
Converser 11 and converser 12 also include secure key generators 21 and 22 respectively, which accept the signals generated by the respective key sources 25 and 26.
Secure key generator 22 also receives the signals q and a which are transmitted through the insecure c~annel 19.
The secure key generators 21 and 22 generate signals Yl and Y2 respectively by transforming Xl and X2 respectively with signals q and a in a manner that is easily performed but extremely difficult or infeasible to invert. A task is .
_ 7 _ considered infeasible i its cost as measured by eith~r the amount of memory used or the computing time is finite but impossibly large, for example, on the order of approximately 103 operations with existing computational methods and equip-ment.
Signal Yl may be generated to represent the number obtained by raising the number represented by signal a to the power represented by signal Xl, modulo the number re-presented by signal q; this transformation may be represented symbolically as Yl = aXl mod q. Signal Y2 may be generated to represent the number obtained by raising the number re-presented by signal a to the power represented by signal X2, modulo the number represented by signal q; this transformation may be represented symbolically as Y2 = aX2 mod q.
Signals Yl and Y2 are exchanged by transmitting Yl and Y2 through the insecure channel 19 to secure key generators 22 and 21 respectively. Secure key generator 21 then generates a secure key K by transforming signal Y2 with signals q, a and Xl, and secure key generator ~2 generates the same secure key K by transforming Yl with signals q, a and X2.
Secure key generator 21 may generate a secure key K
represented by the number obtained by raising the number re-presented by signal Y2 to the power represented by signal Xl, modulo the number represented by signal q; this transformation may be represented symbolically as Xl X2 Xl xlx2 K = Y2 mod q = (a ) mod q = a mod q.
Secure key generator 2? may also generate the same secure key K represented by the number obtained by raising the number represented by signal Yl to the power represented by signal X2, modulo the number represented by signal q; this tran/sformation may be represented symbolically as K = y~ 2 mod q = ~axl) 2 mod q = aXlX2 Conversers 11 and 12 then have the same secure key K which may be used with cryptographic devices 15 and 16.
The eavesdropper 13 is assumed to have a secure key generator 23 and to have access to all signals transmitted through the insecure channel 19, including signa1s q, a, Yl, and Y2. The difficulty of inverting the transformations which generated signals Yl and Y2 make it infeasible for the eaves-dropper 13 to generate signals Xl or X2. Further, the secure key K is infeasible to generate solely with signals q, a, Y
and Y2.
The eavesdropper 13 is unable to compute the secure key K by multiplication or exponentiation; multiplication yields YlY2 = aXl X2 mod q ~ K
and exponentiation yields either Y _ (Xl ) ~ K
Yl ;2 - a aXl or : y2Yl = a 2 The eavesdropper in theory could obtain Xl or X2 from q, a and Yl and Y2 by raising a to the first, second, third, etc., powers until Yl or Y2-was obtained. This is prevented by choosing q to be a large number; if q is a 200 bit quantity, the average number of trials before success is on the order of 2193 = 4 x 1059 and is physically infeasible. Improved algorithms for computing logarithms modulo q (i~ y = aX mod q, X is the logarithm o~ Y to the base a modulo q) are ~nown but, if q = 2r ~ 1 with q and r being prime, then the most efficient known algorithm requires approximately q~ operations.
ki 22 about 21 = 103 operations are re-quired, still physically infeasible. An example of such a paid is r = (2l2l 52 . 72 . 112 . 13 . 17 .
31 37 41 D 43 47 53 59) + 1 and q = 2r ~ 1. Other restrictions on q, a, Xl and X2 may also be imposed.
The secure key generators 21 and 22, for raising various numbers to various powers modulo q, can be implemented in electronic circuitry as shown in Figure 2. For ease of illustration, Figure 2 depicts raising a to the X power modulo q; raising Y to the X power modulo q is obtained by initially loading Y, instead of a, into the A register 43.
Figure 2 shows the initial contents of three registers 41, 42 and 43. The ~inary representation of X (xk_l xk 2 xlxO~ is loaded into the X register 41; 1 is loaded into the R register 42; and, the binary representation of a is loaded ~lZ~ fiB~
into the A register 43, corresponding to i=0. The number of bits k in each register is the least integer such that 2k ~ q.
If k = 200, then all three registers can be obtained from a single 1024 bit random access memory (RAM) such as the Intel 2102. The implementation of multiplier 44, for multiplying two numbers modulo q, will be described in more detail later.
Referring to Figure 2, if the low order bit, containing xO, of the X register 41 equals :I then the R register 42 and the A register 43 contents are multiplied modulo q and their pro-duct, also a k bit quantity, replaces the contents of the R
register 42. If xO - O, the R register 42 contents are left unchanged. In either case, the A register 43 is then loaded twice into the multiplier 44 so that the square, modulo q, of the A register 43 contents is computed. This value, a~2 3, replaces the contents of the A register 43. The X register 41 - contents are shifted one bit to the right and a O is shifted in at the left so its contents are now Ox~ 1xk_2...x2xl.
The low order bit, containing-xl, of the X register 41 is examined. If it equals 1 then, as before, the R register 42 and A register 43 contents are multiplied modulo q and their product replaces the contents of the R register 42. If the low order bit equals O then the R register 42 contents are left un-changed. In either case, the contents of the A register 43 are replaced by the square, modulo q, of the previous contents.
The X register 41 contents are shifted one bit to the right and a O is shifted in at the left so its contents are now xk 1 Xk_2- X3X2-This process continues until the X register 41 contains all O's, at which point the value of aX modulo q is stored in the R register 42.
An example ~s helpful in following this process.
Taking q = 23, we find k=S from 2k 2 q. If a = 7 and X = 18 then aX = 718 = 1628413597910449 = 23(70800591213497) + 18 50 a modulo q equals 18. This straightforward but laborious method of co~puting a modulo q is used as a check to show that the method of figure 2j shown below, yields the correct result. The R register 42 and A register 43 contents are shown in decimal form to facilitate understanding.
i X (in binary) R A
10` 0 10010 1 7
2 00100 3 9
3 00010 3 12
4 00001 3 6 oo000 18 13 The row marked i=0 corresponds to the initial contents of each register, X = 18, R = 1 ~nd A = a = 7. Then, as described above, because the right most bit of X register 41 is O, the R register 42 contents are l~ft unchanged, the contents of the A register 43 are replaced by the square, modulo 23, of its previous contents ~72 = 49 = 2 x 23 + 3 = 3 modulo 23), the contents of the X register 41 are shifted one bit to the right, and the process continues. Only when i = 1 and 4 do the right-most bit of the X register 41 contents equal 1, so only going from i = 1 to 2 and from i = 4 to 5 is the R register 42 replaced by RA modulo q. When i = 5, X = O so the process is complete and the result, 18, is in the R register 42.
Note that the same result, 18, is obtained here as in the straightforward calculation of 718 modulo 23, but that here large nu~ers never resulted.
~2~
Another way to understand the process is to note that the A register contains a, a2, a4, a8 and al6 when i = 0, 1, 2, 3 and 4 respectively, and that al8 = al6 a2, so only these two values need to be multiplied.
Note that the same result, 18, is obtained here as in the straightforward calculation of 718 modulo 23, but that here large nu~ers never resulted.
~2~
Another way to understand the process is to note that the A register contains a, a2, a4, a8 and al6 when i = 0, 1, 2, 3 and 4 respectively, and that al8 = al6 a2, so only these two values need to be multiplied.
5 . Figure 3 continues the description of this illustrative implementation by depicting an implementation of the modulo q multiplier 44 in Figure ~. The two numbers, y and z, to be multiplied are loaded into the Y and Z registers 51 and 52 respectively, and q is loaded in the Q register 53. The pro-duct yz modulo q will be produced in the P register 54 which is initially set to O. If k = 200, then all four registers can be obtained from a single 1024 bit RAM such as the Intel 2102. The implementation of Figure 3 is based on the fact that y z mod q = yOz mod q +2ylz mod q + 4Y2Z mod q + ... + 2k 1yk lZ
mod q, where Yk-lYk-2 YlYo is the binary representation of Y.
To multiply y times z, if the rightmost bit, containing -yO, of the Y register 51 is 1 then the contents of the Z register 53 are added to the P register 54 by adder 55. If yO= 0, then the P register 54 is unchanged. Then the Q and P register con-tents are compared by comparator 56 to determine if the contents of the P register 54 are greater than or equal to q, the contents of.the Q register 53. If the contents of the P register 54 are greater than or equal to q then subtractor 57 subtracts q from the contents of the P register 54 and places the difference in the P register 54, if less than q the P register 54 is unchanged.
Next, the contents of Y register 51 are shifted one bit to the right and a O is shifted in at the left so its contents Yk_l Yk_2...Y~yl, so that Yl is ready for computing 2ylz mod q. The quantity 2z mod q is computed for this purpose by using adder 55 to add z to itself, using comparator 56 to 8~1 determine if the result, 2z, is less than q, and using sub-tractor 57 for subtracting q from 2z if the result is not less than q. The result, 2z mod q ic; then stored in the Z register 52. The rightmost bit, containing Yl, of the Y register 51 is then examined, as before, and the process repeats.
This process is repeated a maximum of k times or until the Y reqister 51 contains all O's, at which point xy modulo q is stored in the P register 54.
As an example of these operations, consider the problem of computing 7 x 7 modulo 23 needed to produce the second state of the A register when 718 mod 23 was computed. The following steps show the successive contents of the Y, Z and P registers which result in the answer 7 x 7 = 3 modulo 23.
i Y (in binary) Z P
0 00111 7 o 1 00011 14 0 ~ 7 = 7 2 00001 5 7 + 14 = 21 3 00000 10 21 + 5 = 3 mod 23 Figure 4 depicts an implementation of an adder 55 for adding two k bit numbers p and z. The numbers are presented one bit at a time to the device, low order bit first, and the delay element is initially set to O. (The delay represents the binary carry bit.) The AND gate 61 determines if the carry bit should be a one based on Pi and Zi both being 1 and the AND
gate 62 determines if the carry should be a 1 based on the pre-vious carry being a 1 and one Of Pi or Zi being 1. If either of these two c~nditions is met, the OR gate 63 has an output of 1 indicating a carry to the next stage. The two exclusive-or (XOR) gates 64 and 65 determine the 1th bit of the sum, si, as the modulo-2 sum of Pit ~i and the carry bit from the previous stage. The delay 66 stores the previous carry bit. Typical parts for implementing these gates and the delay are SN7400, SN7404, and SN7474.
Figure 5 depicts an implementation of a comparator 56 for comparing two numbers p and q. The two numbers are presen-ted one bit at a time, high order bit first. If neither the p <q nor the p~ q outputs have been triggered after the last bits pO and q~ have been presented, then p = q. The first triggering of either the p< q or the p > q output causes the comparison operation to cease. The two AND gates 71 and 72 each have one input inverted (denoted by a circle at the input).
An SN7400 and SN7404 provide all of the needed logic circuits.
Figure 6 depicts an implementation of a subtractor 57 for subtracting two numbers. Because the numbers subtracted in Figure 3 always produce a non-negative difference, there is no need to worry about negative differences The larger number, the minuend,is labelled p and the smaller number, the subtra-hend, is labelled q. Both p and q are presented serially to the subtractor 57, low order bit first. AND gates 81 and 83, OR gate 84 and XOR gate 82 determine if borrowing (negative carrying) is in effect. A borrow occurs if either Pi = and qi = l, or Pi = qi and borrowing occurred in the previous stage.
The delay 85 stores the previous borrow state. The ith bit of the difference, di, is computed as the XOR, or modulo-2 differ-ence, f Pi~ qi and the borrow bit. The output of XOR gate 82 gives the modulo-2 difference between Pi and qi, and XOR gate 86 takes the modulo-2 difference of this with the previous borrow bit. Typical parts for implementing these gates and the delay are SN7400, SN7404 and SN7474.
`t 3 d~80 There ~re many methods for implementing this form of the invention. ~he signals q and a may be public know-ledge rather than generated by the key sourcè 25. Further, it should be appreciated that the present invention has the capability of being modified by the use of additional trans-formations or exchanges of signals.
In some applications, it will prove valuable to have the ith converser on the system generate Yi as above and place it in a public file or directory rather than trans-mitting it to another converser with whom he wishes to com-municate. Then two conversers i and j who wish to establish a secure channel will use Kij = Yi i mod q = Yj mod q as their key. The advantage is that converser i, having once proved his identity to the system through the use of his lS driver's license, fingerprint, etc., can prove his identity to converser j by his abillty to compute Kij and encrypt data with it.
Variations on the above described embodiment are possible. For example, in the above method based on logarithms 2~ modulo q, m-dimensional vectors, each of whose components are between O and q-l could also be used. Then all operations are performed in the finite field with qm elements, which operations are well described in the literature. Thus, al-though the best mode contemplated for carrying out the present invention has been herein shown and described, it will be apparent that modification and variation may be made without departing from what is regarded to be the subject matter of this invention.
mod q, where Yk-lYk-2 YlYo is the binary representation of Y.
To multiply y times z, if the rightmost bit, containing -yO, of the Y register 51 is 1 then the contents of the Z register 53 are added to the P register 54 by adder 55. If yO= 0, then the P register 54 is unchanged. Then the Q and P register con-tents are compared by comparator 56 to determine if the contents of the P register 54 are greater than or equal to q, the contents of.the Q register 53. If the contents of the P register 54 are greater than or equal to q then subtractor 57 subtracts q from the contents of the P register 54 and places the difference in the P register 54, if less than q the P register 54 is unchanged.
Next, the contents of Y register 51 are shifted one bit to the right and a O is shifted in at the left so its contents Yk_l Yk_2...Y~yl, so that Yl is ready for computing 2ylz mod q. The quantity 2z mod q is computed for this purpose by using adder 55 to add z to itself, using comparator 56 to 8~1 determine if the result, 2z, is less than q, and using sub-tractor 57 for subtracting q from 2z if the result is not less than q. The result, 2z mod q ic; then stored in the Z register 52. The rightmost bit, containing Yl, of the Y register 51 is then examined, as before, and the process repeats.
This process is repeated a maximum of k times or until the Y reqister 51 contains all O's, at which point xy modulo q is stored in the P register 54.
As an example of these operations, consider the problem of computing 7 x 7 modulo 23 needed to produce the second state of the A register when 718 mod 23 was computed. The following steps show the successive contents of the Y, Z and P registers which result in the answer 7 x 7 = 3 modulo 23.
i Y (in binary) Z P
0 00111 7 o 1 00011 14 0 ~ 7 = 7 2 00001 5 7 + 14 = 21 3 00000 10 21 + 5 = 3 mod 23 Figure 4 depicts an implementation of an adder 55 for adding two k bit numbers p and z. The numbers are presented one bit at a time to the device, low order bit first, and the delay element is initially set to O. (The delay represents the binary carry bit.) The AND gate 61 determines if the carry bit should be a one based on Pi and Zi both being 1 and the AND
gate 62 determines if the carry should be a 1 based on the pre-vious carry being a 1 and one Of Pi or Zi being 1. If either of these two c~nditions is met, the OR gate 63 has an output of 1 indicating a carry to the next stage. The two exclusive-or (XOR) gates 64 and 65 determine the 1th bit of the sum, si, as the modulo-2 sum of Pit ~i and the carry bit from the previous stage. The delay 66 stores the previous carry bit. Typical parts for implementing these gates and the delay are SN7400, SN7404, and SN7474.
Figure 5 depicts an implementation of a comparator 56 for comparing two numbers p and q. The two numbers are presen-ted one bit at a time, high order bit first. If neither the p <q nor the p~ q outputs have been triggered after the last bits pO and q~ have been presented, then p = q. The first triggering of either the p< q or the p > q output causes the comparison operation to cease. The two AND gates 71 and 72 each have one input inverted (denoted by a circle at the input).
An SN7400 and SN7404 provide all of the needed logic circuits.
Figure 6 depicts an implementation of a subtractor 57 for subtracting two numbers. Because the numbers subtracted in Figure 3 always produce a non-negative difference, there is no need to worry about negative differences The larger number, the minuend,is labelled p and the smaller number, the subtra-hend, is labelled q. Both p and q are presented serially to the subtractor 57, low order bit first. AND gates 81 and 83, OR gate 84 and XOR gate 82 determine if borrowing (negative carrying) is in effect. A borrow occurs if either Pi = and qi = l, or Pi = qi and borrowing occurred in the previous stage.
The delay 85 stores the previous borrow state. The ith bit of the difference, di, is computed as the XOR, or modulo-2 differ-ence, f Pi~ qi and the borrow bit. The output of XOR gate 82 gives the modulo-2 difference between Pi and qi, and XOR gate 86 takes the modulo-2 difference of this with the previous borrow bit. Typical parts for implementing these gates and the delay are SN7400, SN7404 and SN7474.
`t 3 d~80 There ~re many methods for implementing this form of the invention. ~he signals q and a may be public know-ledge rather than generated by the key sourcè 25. Further, it should be appreciated that the present invention has the capability of being modified by the use of additional trans-formations or exchanges of signals.
In some applications, it will prove valuable to have the ith converser on the system generate Yi as above and place it in a public file or directory rather than trans-mitting it to another converser with whom he wishes to com-municate. Then two conversers i and j who wish to establish a secure channel will use Kij = Yi i mod q = Yj mod q as their key. The advantage is that converser i, having once proved his identity to the system through the use of his lS driver's license, fingerprint, etc., can prove his identity to converser j by his abillty to compute Kij and encrypt data with it.
Variations on the above described embodiment are possible. For example, in the above method based on logarithms 2~ modulo q, m-dimensional vectors, each of whose components are between O and q-l could also be used. Then all operations are performed in the finite field with qm elements, which operations are well described in the literature. Thus, al-though the best mode contemplated for carrying out the present invention has been herein shown and described, it will be apparent that modification and variation may be made without departing from what is regarded to be the subject matter of this invention.
Claims (8)
1. A secure key generator comprising:
a first input connected to receive an applied first signal;
a first output:
a second output; and means for generating at the first output a third signal, that is a transformation of said first signal and which trans-formation is infeasible to invert and for generating at the second output a fourth signal, that is a transformation of said second signal with said first signal, which represents a secure key and is infeasible to generate solely with said second signal and said third signal.
a first input connected to receive an applied first signal;
a first output:
a second output; and means for generating at the first output a third signal, that is a transformation of said first signal and which trans-formation is infeasible to invert and for generating at the second output a fourth signal, that is a transformation of said second signal with said first signal, which represents a secure key and is infeasible to generate solely with said second signal and said third signal.
2. In a method of communicating securely over an insecure communication channel of the type which communicates a message from a transmitter to a receiver, the improvement charac-terized by:
generating and transforming, in a manner infeasible to invert, a first signal at the transmitter to generate a transformed first signal;
generating and transforming, in a manner infeasible to invert, a second signal at the receiver to generate a trans-formed second signal;
transmitting said transformed first signal from the transmitter to the receiver;
transmitting said transformed second signal from the receiver to the transmitter;
transforming said transformed second signal with said first signal at the transmitter to generate a third signal, representing a secure cipher key, that is infeasible to generate solely with said transformed first signal and said transformed second signal;
transforming said transformed first signal with said second signal at the receiver to generate a fourth signal that is identical to the third signal and represents said secure cipher key;
enciphering the message with said secure cipher key at the transmitter;
transmitting the enciphered message from the trans-mitter to the receiver; and deciphering the enciphered message with said secure cipher key at the receiver.
generating and transforming, in a manner infeasible to invert, a first signal at the transmitter to generate a transformed first signal;
generating and transforming, in a manner infeasible to invert, a second signal at the receiver to generate a trans-formed second signal;
transmitting said transformed first signal from the transmitter to the receiver;
transmitting said transformed second signal from the receiver to the transmitter;
transforming said transformed second signal with said first signal at the transmitter to generate a third signal, representing a secure cipher key, that is infeasible to generate solely with said transformed first signal and said transformed second signal;
transforming said transformed first signal with said second signal at the receiver to generate a fourth signal that is identical to the third signal and represents said secure cipher key;
enciphering the message with said secure cipher key at the transmitter;
transmitting the enciphered message from the trans-mitter to the receiver; and deciphering the enciphered message with said secure cipher key at the receiver.
3. In a method of communicating securely over an insecure communication channel as in Claim 2, further comprising:
authenticating the receiver's identity at the transmit-ter from the receiver's ability to generate the fourth signal, representing the secure cipher key.
authenticating the receiver's identity at the transmit-ter from the receiver's ability to generate the fourth signal, representing the secure cipher key.
4. A method of generating a secure cipher key between a transmitter and receiver comprising the steps of:
generating and transforming in a manner infeasible to invert, a first signal at the transmitter to generate a trans-formed first signal;
generating and transforming, in a manner infeasible to invert, a second signal at the receiver to generate a trans-formed second signal, transmitting said transformed first signal from the transmitter to the receiver;
transmitting said transformed second signal from the receiver to the transmitter;
transforming said transformed second signal with said first signal at the transmitter to generate a third signal, representing a secure cipher key, that is infeasible to generate solely with said transformed first signal and said transformed second signal; and transforming said transformed first signal with said second signal at the receiver to generate a fourth signal that is identical to the third signal and represents said secure cipher key.
generating and transforming in a manner infeasible to invert, a first signal at the transmitter to generate a trans-formed first signal;
generating and transforming, in a manner infeasible to invert, a second signal at the receiver to generate a trans-formed second signal, transmitting said transformed first signal from the transmitter to the receiver;
transmitting said transformed second signal from the receiver to the transmitter;
transforming said transformed second signal with said first signal at the transmitter to generate a third signal, representing a secure cipher key, that is infeasible to generate solely with said transformed first signal and said transformed second signal; and transforming said transformed first signal with said second signal at the receiver to generate a fourth signal that is identical to the third signal and represents said secure cipher key.
5. An apparatus for generating a secure cipher key comprising:
a first secure key generator having a first input con-nected to receive an applied firs-t signal, having a second input connected to receive a second signal, having a first and second output, and having a means for generating at the first output a third signal, that is a transformation of said first signal and which transformation is infeasible to invert, and for; generating at the second output a fourth signal, that is a transformation of said second signal with said first signal, which represents a secure key and is infeasible to generate solely with said second signal and said third signal; and a second secure key generator having a first input connected to receive an applied first signal, having a second input connected to receive said third signal, having a first and second outputs, and having a means for generating at the first output said second signal, that is a transformation of said first signal and which transformation is infeasible to invert, and for generating at the second output a sixth signal, that is a transformation of said third signal with said first signal, which represents the secure key and is infeasible to generate solely with said second signal and said third signal.
a first secure key generator having a first input con-nected to receive an applied firs-t signal, having a second input connected to receive a second signal, having a first and second output, and having a means for generating at the first output a third signal, that is a transformation of said first signal and which transformation is infeasible to invert, and for; generating at the second output a fourth signal, that is a transformation of said second signal with said first signal, which represents a secure key and is infeasible to generate solely with said second signal and said third signal; and a second secure key generator having a first input connected to receive an applied first signal, having a second input connected to receive said third signal, having a first and second outputs, and having a means for generating at the first output said second signal, that is a transformation of said first signal and which transformation is infeasible to invert, and for generating at the second output a sixth signal, that is a transformation of said third signal with said first signal, which represents the secure key and is infeasible to generate solely with said second signal and said third signal.
6. A method of generating a secure cipher key between a transmitter and receiver comprising the steps of:
transforming, in a manner infeasible to invert, a first signal at the transmitter to generate a transformed first signal wherein transforming said first signal is performed by raising a first number to a power represented by said first signal, modulo a second number;
transforming in a manner infeasible to invert, a second signal at the receiver to generate a transformed second signal, wherein transforming said second signal is performed by raising the first number to a power represented by said second signal, modulo the second number;
transmitting said transformed first signal from the transmitter to the receiver;
transmitting said transformed second signal from the receiver to the transmitter;
transforming said transformed second signal with said first signal at the transmitter to generate a third signal, representing a secure cipher key, that is infeasible to gen-erate solely with said transformed first signal and said transformed second signal, wherein transforming said trans-formed second signal with said first signal is performed by raising a number represented by said transformed second signal to a power represented by said first signal, modulo the second number; and transforming said transformed first signal with said second signal at the receiver to generate a fourth signal, representing said secure cipher key, that is infeasible to generate solely with said transformed first signal and said transformed second signal, wherein transforming said trans-formed first signal with said second signal is performed by raising a number represented by said transformed first signal to a power represented by said second signal, modulo the second number.
transforming, in a manner infeasible to invert, a first signal at the transmitter to generate a transformed first signal wherein transforming said first signal is performed by raising a first number to a power represented by said first signal, modulo a second number;
transforming in a manner infeasible to invert, a second signal at the receiver to generate a transformed second signal, wherein transforming said second signal is performed by raising the first number to a power represented by said second signal, modulo the second number;
transmitting said transformed first signal from the transmitter to the receiver;
transmitting said transformed second signal from the receiver to the transmitter;
transforming said transformed second signal with said first signal at the transmitter to generate a third signal, representing a secure cipher key, that is infeasible to gen-erate solely with said transformed first signal and said transformed second signal, wherein transforming said trans-formed second signal with said first signal is performed by raising a number represented by said transformed second signal to a power represented by said first signal, modulo the second number; and transforming said transformed first signal with said second signal at the receiver to generate a fourth signal, representing said secure cipher key, that is infeasible to generate solely with said transformed first signal and said transformed second signal, wherein transforming said trans-formed first signal with said second signal is performed by raising a number represented by said transformed first signal to a power represented by said second signal, modulo the second number.
7. An apparatus for generating a secure cipher key comprising:
a first secure key generator having a first input con-nected to receive an applied first signal, having a second input connected to receive a second signal, having first and second outputs, and having a means for generating at the first output a third signal, that is a transformation of said first signal in which said transformation includes raising a first number to a power represented by said first signal modulo or second number, and for generating at the second output a fourth signal, that is a transformation of said second signal with said first signal which transformation includes raising a number represented by said second signal to a power represented by said first signal, modulo the second number, which represents a secure key and is infeasible to generate solely with said second signal and said third signal; and a second secure key generator having a first input con-nected to receive an applied fifth signal, having a second input connected to receive said third signal, having a first and second outputs, and having a means for generating at the first output said second signal, that is a transformation of said fifth signal in which said transformation includes rais-ing a first number to a power represented by said fifth signal, modulo the second number, and for generating at the second output a sixth signal, that is a transformation of a said third signal with said fifth signal which transfor-mation includes raising a number represented by said third signal to a power represented by said fifth signal, modulo the second number, which represents the secure key and is infeasible to generate solely with said second signal and said third signal.
a first secure key generator having a first input con-nected to receive an applied first signal, having a second input connected to receive a second signal, having first and second outputs, and having a means for generating at the first output a third signal, that is a transformation of said first signal in which said transformation includes raising a first number to a power represented by said first signal modulo or second number, and for generating at the second output a fourth signal, that is a transformation of said second signal with said first signal which transformation includes raising a number represented by said second signal to a power represented by said first signal, modulo the second number, which represents a secure key and is infeasible to generate solely with said second signal and said third signal; and a second secure key generator having a first input con-nected to receive an applied fifth signal, having a second input connected to receive said third signal, having a first and second outputs, and having a means for generating at the first output said second signal, that is a transformation of said fifth signal in which said transformation includes rais-ing a first number to a power represented by said fifth signal, modulo the second number, and for generating at the second output a sixth signal, that is a transformation of a said third signal with said fifth signal which transfor-mation includes raising a number represented by said third signal to a power represented by said fifth signal, modulo the second number, which represents the secure key and is infeasible to generate solely with said second signal and said third signal.
8. An apparatus for generating a secure cipher key comprising:
a first secure key generator having a first input con-nected to receive an applied first signal, having a second input connected to receive a second signal, having a first and second outputs, and having a means for generating at the first output a third signal, said third signal Yi being described by Yi = aximod q where q = a large prime number a = a random number, such that l?a?q-l xi = the first signal which represents a random number, such that l? Xi? q-l a transformation of said first signal which is infeasible to invert, and for generating at the second output a fourth signal, said fourth signal Kij being described by Kij = YjXi mod q where Yj = the second signal a transformation of said second signal with said first signal, which represents said secure cipher key and is infeasible to generate solely with said second signal and said third signal; and a second secure key generator having a first input connected to receive an applied fifth signal, having a second input connected to receive said third signal, having a first and second output, and having a means for generating at the first output a second signal Yj being described by Yj = aXj mod q where Xj = the fifth signal which represents a random number, such that 1 ? Xj ? q - 1 a transformation of said fifth signal which is infeasible to invert, and for generating at the second output a sixth signal Kij being described by Kij= Yi Xj mod q a transformation of said third signal with said fifth signal, which represents the secure key and is infeasible to generate solely with said second signal and said third signal.
a first secure key generator having a first input con-nected to receive an applied first signal, having a second input connected to receive a second signal, having a first and second outputs, and having a means for generating at the first output a third signal, said third signal Yi being described by Yi = aximod q where q = a large prime number a = a random number, such that l?a?q-l xi = the first signal which represents a random number, such that l? Xi? q-l a transformation of said first signal which is infeasible to invert, and for generating at the second output a fourth signal, said fourth signal Kij being described by Kij = YjXi mod q where Yj = the second signal a transformation of said second signal with said first signal, which represents said secure cipher key and is infeasible to generate solely with said second signal and said third signal; and a second secure key generator having a first input connected to receive an applied fifth signal, having a second input connected to receive said third signal, having a first and second output, and having a means for generating at the first output a second signal Yj being described by Yj = aXj mod q where Xj = the fifth signal which represents a random number, such that 1 ? Xj ? q - 1 a transformation of said fifth signal which is infeasible to invert, and for generating at the second output a sixth signal Kij being described by Kij= Yi Xj mod q a transformation of said third signal with said fifth signal, which represents the secure key and is infeasible to generate solely with said second signal and said third signal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA000314862A CA1121480A (en) | 1978-10-30 | 1978-10-30 | Cryptographic apparatus and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA000314862A CA1121480A (en) | 1978-10-30 | 1978-10-30 | Cryptographic apparatus and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA1121480A true CA1121480A (en) | 1982-04-06 |
Family
ID=4112759
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA000314862A Expired CA1121480A (en) | 1978-10-30 | 1978-10-30 | Cryptographic apparatus and method |
Country Status (1)
| Country | Link |
|---|---|
| CA (1) | CA1121480A (en) |
-
1978
- 1978-10-30 CA CA000314862A patent/CA1121480A/en not_active Expired
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US4200770A (en) | Cryptographic apparatus and method | |
| US4424414A (en) | Exponentiation cryptographic apparatus and method | |
| US4218582A (en) | Public key cryptographic apparatus and method | |
| JP2606419B2 (en) | Cryptographic communication system and cryptographic communication method | |
| Rivest et al. | A method for obtaining digital signatures and public-key cryptosystems | |
| US5581616A (en) | Method and apparatus for digital signature authentication | |
| US4405829A (en) | Cryptographic communications system and method | |
| Diffie et al. | Multiuser cryptographic techniques | |
| EP0997016B1 (en) | Method and apparatus for fast elliptical encryption with direct embedding | |
| CN1326351C (en) | Cyclotomic polynomial construction of discrete logarithm cryptosystem over finite fields | |
| EP1467512A1 (en) | Encryption process employing chaotic maps and digital signature process | |
| US4306111A (en) | Simple and effective public-key cryptosystem | |
| GB2094113A (en) | Improvements in or relating to cryptography | |
| US20220038271A1 (en) | System and method for performing key operations during a multi-party computation process | |
| EP1330702B1 (en) | Method and system of using an insecure crypto-accelerator | |
| RU2459275C1 (en) | Method for unit coding of m message represented in binary form | |
| US5351298A (en) | Cryptographic communication method and apparatus | |
| Suguna et al. | A study on symmetric and asymmetric key encryption algorithms | |
| CN100388663C (en) | Method and device for detecting a key pair and for generating rsa keys | |
| Babenko et al. | Security analysis of homomorphic encryption scheme for cloud computing: Known-plaintext attack | |
| CA1121480A (en) | Cryptographic apparatus and method | |
| Rivest et al. | 9. A Method for Obtaining Digital Signatures and | |
| JP3694242B2 (en) | Signed cryptographic communication method and apparatus | |
| Darwish et al. | New hybrid cryptosystem for internet applications | |
| CA1152592A (en) | Exponentiation cryptographic apparatus and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MKEX | Expiry |