CA2754370A1 - Method and device for data encryption and decryption - Google Patents
Method and device for data encryption and decryption Download PDFInfo
- Publication number
- CA2754370A1 CA2754370A1 CA 2754370 CA2754370A CA2754370A1 CA 2754370 A1 CA2754370 A1 CA 2754370A1 CA 2754370 CA2754370 CA 2754370 CA 2754370 A CA2754370 A CA 2754370A CA 2754370 A1 CA2754370 A1 CA 2754370A1
- Authority
- CA
- Canada
- Prior art keywords
- data
- bit
- processor
- message
- generating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/04—Masking or blinding
- H04L2209/046—Masking or blinding of operations, operands or results of the operations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/08—Randomization, e.g. dummy operations or using noise
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
Landscapes
- Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Various embodiments are described herein for a device and associated method for performing lightweight public key encryption and optionally corresponding decryption. In at least some embodiments, the lightweight public key encryption uses a CRT randomized-square operation rather than expensive big integer arithmetic. Furthermore, in at least some embodiments the payload data is included in the random masking variable r thereby allowing more data to be encrypted in less time.
Description
TITLE: METHOD AND DEVICE FOR DATA ENCRYPTION AND
DECRYPTION
FIELD
[0001] The various embodiments described herein generally relate to a method and apparatus for data encryption and decryption.
BACKGROUND
DECRYPTION
FIELD
[0001] The various embodiments described herein generally relate to a method and apparatus for data encryption and decryption.
BACKGROUND
[0002] It is often viewed that public key encryption cannot be implemented on extremely low-resource devices such as sensor network nodes and RFID
tags due to the computational complexity of currently known techniques.
However, public key cryptography offers clear security advantages since fixed secret keys do not have to be shared between the two communicating parties.
tags due to the computational complexity of currently known techniques.
However, public key cryptography offers clear security advantages since fixed secret keys do not have to be shared between the two communicating parties.
[0003] For example, in a military application, a large number of sensors may be dispersed in a network covering an area of operations. The sensors then lay passively dormant until a particular combination of events triggers their activation. In such a scenario, key management with symmetric-only encryption may become exceedingly difficult since all shared keys stored on a sensor unit may be obtained if that sensor unit was captured and then reverse-engineered. If this happened, it would possibly compromise the entire sensor network. However, use of public-key cryptography simplifies key management and also reduces the need to protect keying information contained in a sensor node of a network. With public key cryptography, each sensor node only needs to store its unique identifier and the public key of a secure receiving base station. In this case an adversary can only impersonate a single physically captured sensor unit and cannot compromise the entire network.
[0004] Furthermore, in this example application, the sensor units are controlled by a secure base station that stores the private identifiers of the sensor units. Therefore, the sensor units only need to be able to perform the public key operation in certain cases, such as broadcasting messages to the base station, for example. Furthermore, a sensor unit can securely authenticate another network node (i.e. sensor unit) with the aid of the secure receiving base station.
SUMMARY OF VARIOUS EMBODIMENTS
SUMMARY OF VARIOUS EMBODIMENTS
[0005] In one aspect, in at least one embodiment described herein, there is provided a device for performing cryptography on message data. The device comprises a processor configured to control the operation of the device; a memory module coupled to the processor, the memory module being configured to store data; and a communication interface coupled to the processor, the communication interface being configured for data communication. The processor is configured to obtain parameters including a public modulus for encrypting the message data, partition the message data and some of the parameters into first and second portions of data, generate bit squared data from the first portion of data, generate a randomization mask from the second portion of data and generate final encrypted data based on the bit squared data and the randomization mask, wherein the processor generates the final encrypted data utilizing Chinese Remainder Theorem (CRT) with arithmetic modulo a set of coprime numbers.
[0006] In at least some cases, the processor is configured to perform encryption on data using one of 8 bit, 16 bit, 32 bit and 64 bit architectures.
[0007] In at least some cases, the processor is further configured to generate a portion of the bit squared data, to generate a portion of the randomization mask, to generate a portion of the final encrypted data and to transmit the portion of the final encrypted data.
[0008] In at least some cases the first portion of data comprises several data blocks of the message data.
[0009] In at least some cases, the first portion of data further comprises a symmetric key and the data blocks of the message data are encrypted using the symmetric key.
[0010] In at least some cases, the second portion of data comprises remaining data blocks of the message data and an authenticator.
[0011] In at least some cases, the second portion of data comprises remaining data blocks of the message data and an authenticator, wherein the remaining data blocks of the message data are encrypted using the symmetric key.
[0012] In at least some cases, the randomization mask (r=n) is generated using CRT with arithmetic modulo a set of coprime numbers where r comprises a portion of the message data and an authenticator and n comprises the public modulus.
[0013] In at least some cases, the device is one of a sensor, an RFID tag, an embedded system, a cell phone, a smart phone and a smart card.
[0014] In at least some cases, the processor is further configured to perform decryption corresponding to the encryption performed by the processor, wherein the decryption comprises computing de-CRT coefficients.
[0015] The decryption can further comprise converting the final encrypted data to conventional two's complement binary, performing private factorization pq of the public modulus to obtain a correct root of the bit squared data, determining a random masking variable based on the bit squared data and the public modulus, and determining the message data by concatenating the correct root of the bit squared data and the random masking variable.
[0016] The second portion of data has a size that is larger than the first portion of data and the size of the second portion of data is large enough that breaking the encrypted data would require factoring the public modulus.
[0017] In another aspect, in at least one embodiment described herein, there is provided a device for performing cryptography on message data. The device comprises a processor configured to control the operation of the device; a memory module coupled to the processor, the memory module being configured to store data; and a communication interface coupled to the processor, the communication interface being configured for data communication. The processor is configured to obtain parameters including a public modulus for encrypting the message data, partition the message data and some of the parameters into first and second portions of data, generate bit squared data from the first portion of data, generate a randomization mask (r=n) from the second portion of data and generate final encrypted data based on the bit squared data and the randomization mask, wherein r comprises a portion of the message data and an authenticator and n comprises the public modulus.
[0018] In at least some cases, the processor generates the final encrypted data utilizing Chinese Remainder Theorem (CRT) with arithmetic modulo a set of coprime numbers.
[0019] In another aspect, in at least one embodiment described herein, there is provided a method for performing cryptography on message data on a device. The method comprises obtaining parameters including a public modulus for encrypting the message data; partitioning the message data and some of the parameters into first and second portions of data; generating bit squared data from the first portion of data; generating a randomization mask from the second portion of data; and generating final encrypted data based on the bit squared data and the randomization mask. The partitioning and generating steps are performed by a processor of the device and generation of the final encrypted data comprises utilizing Chinese Remainder Theorem (CRT) with arithmetic modulo a set of coprime numbers.
[0020] In another aspect, in at least one embodiment described herein, there is provided a method for performing cryptography on message data on a device. The method comprises obtaining parameters including a public modulus for encrypting the message data; partitioning the message data and some of the parameters into first and second portions of data; generating bit squared data from the first portion of data; generating a randomization mask (r=n) from the second portion of data; and generating final encrypted data based on the bit squared data and the randomization mask. The partitioning and generating steps are performed by a processor of the device, r comprises a portion of the message data and an authenticator, and n comprises the public modulus.
[0021] In another aspect, in at least one embodiment described herein, there is provided a computer readable medium comprising a plurality of instructions executable on a processor of an electronic device for adapting the electronic device to implement a method of cryptography on message data.
The method comprises obtaining parameters including a public modulus for encrypting the message data; partitioning the message data and some of the parameters into first and second portions of data; generating bit squared data from the first portion of data; generating a randomization mask from the second portion of data; and generating final encrypted data based on the bit squared data and the randomization mask. The partitioning and generating steps are performed by the processor and the generation steps comprise utilizing Chinese Remainder Theorem (CRT) with arithmetic modulo a set of coprime numbers.
The method comprises obtaining parameters including a public modulus for encrypting the message data; partitioning the message data and some of the parameters into first and second portions of data; generating bit squared data from the first portion of data; generating a randomization mask from the second portion of data; and generating final encrypted data based on the bit squared data and the randomization mask. The partitioning and generating steps are performed by the processor and the generation steps comprise utilizing Chinese Remainder Theorem (CRT) with arithmetic modulo a set of coprime numbers.
[0022] In another aspect, in at least one embodiment described herein, there is provided a computer readable medium comprising a plurality of instructions executable on a processor of an electronic device for adapting the electronic device to implement a method of performing cryptography on message data. The method comprises obtaining parameters including a public modulus for encrypting the message data; partitioning the message data and some of the parameters into first and second portions of data;
generating bit squared data from the first portion of data; generating a randomization mask (r=n) from the second portion of data; and generating final encrypted data based on the bit squared data and the randomization mask.
The partitioning and generating steps are performed by the processor of the device, r comprises a portion of the message data and an authenticator and n comprises the public modulus.
BRIEF DESCRIPTION OF THE DRAWINGS
generating bit squared data from the first portion of data; generating a randomization mask (r=n) from the second portion of data; and generating final encrypted data based on the bit squared data and the randomization mask.
The partitioning and generating steps are performed by the processor of the device, r comprises a portion of the message data and an authenticator and n comprises the public modulus.
BRIEF DESCRIPTION OF THE DRAWINGS
[0023] For a better understanding of the various embodiments described herein, and to show more clearly how these various embodiments may be carried into effect, reference will be made, by way of example, to the accompanying drawings which show at least one example embodiment, and in which:
FIG. 1 is a block diagram of an example embodiment of a device that can perform data encryption and optionally the corresponding data decryption;
FIG. 2 is a flowchart of an example embodiment of a data encryption method;
FIG. 3 is an illustration of an example implementation of the data encryption method of FIG. 2; and FIG. 4 is a flowchart of an example embodiment of a data decryption method.
DETAILED DESCRIPTION OF THE EMBODIMENTS
FIG. 1 is a block diagram of an example embodiment of a device that can perform data encryption and optionally the corresponding data decryption;
FIG. 2 is a flowchart of an example embodiment of a data encryption method;
FIG. 3 is an illustration of an example implementation of the data encryption method of FIG. 2; and FIG. 4 is a flowchart of an example embodiment of a data decryption method.
DETAILED DESCRIPTION OF THE EMBODIMENTS
[0024] Various devices or methods will be described herein to provide an example of at least one embodiment of each claimed invention. No embodiment described herein limits any claimed invention and any claimed invention may cover methods or devices that differ from those described herein. The claimed inventions are not limited to devices or methods having all of the features of any one device or method described herein or to features common to multiple or all of the devices or methods described herein. It is possible that a device or method described herein is not an embodiment of any claimed invention. Any invention disclosed in a device or method described herein that is not claimed in this document may be the subject matter of another protective instrument, for example, a continuing patent application, and the applicants, inventors or owners do not intend to abandon, disclaim or dedicate to the public any such invention by its disclosure herein.
[0025] Furthermore, it will be appreciated that for simplicity and clarity of illustration, where considered appropriate, reference numerals may be repeated among the figures to indicate corresponding or analogous elements.
In addition, numerous specific details are set forth in order to provide a thorough understanding of the embodiments described herein. However, it will be understood by those of ordinary skill in the art that the embodiments described herein may be practiced without these specific details. In other instances, well-known methods, procedures and components have not been described in detail so as not to obscure the embodiments described herein.
Also, the description is not to be considered as limiting the scope of the embodiments described herein.
In addition, numerous specific details are set forth in order to provide a thorough understanding of the embodiments described herein. However, it will be understood by those of ordinary skill in the art that the embodiments described herein may be practiced without these specific details. In other instances, well-known methods, procedures and components have not been described in detail so as not to obscure the embodiments described herein.
Also, the description is not to be considered as limiting the scope of the embodiments described herein.
[0026] It should be noted that the term "coupled" used herein indicates that two elements can be directly coupled to one another or coupled to one another through one or more intermediate elements. Furthermore, the term communication interface is meant to cover at least one of a communications module, a network interface and a data port.
[0027] The various embodiments described herein generally relate to a lightweight public key encryption technique and a corresponding private key decryption technique which are based on a hybrid, randomized variant of the Rabin public key encryption scheme. The lightweight public key encryption technique is designed to be implementable in extremely low-resource hardware applications such as, but not limited to, wireless sensor networks, RFID tags, embedded systems, and smart cards, for example. It should be understood that an embedded system is a device or processor that performs a specific task as opposed to a general purpose device such as a desktop computer. Examples of embedded systems include cell phones, smart phones and the like. As is the case with the Rabin scheme, the security of the lightweight public key encryption techniques described herein can be shown to be equivalent to factoring the public modulus. On at least some low-resource implementation platforms, the lightweight public key encryption techniques described herein can result in smaller transmission latency, smaller hardware and software footprint and better encryption speed when compared to other encryption techniques such as the RSA or Elliptic Curve Cryptography (ECC) encryption techniques. The improved performance of the lightweight public key encryption techniques described herein is at least partly due to the fact that in at least some embodiments a fully parallelizable Chinese Remainder Theorem (CRT) randomized-square operation is used rather than expensive big integer arithmetic. Furthermore, in at least some embodiments of the lightweight public key techniques described herein, Naccache-Shamir randomized multiplication can be used which helps to reduce latency and memory requirements. For example, the Naccache-Shamir randomized multiplication can be implemented with a system of simultaneous congruences modulo small coprime numbers.
[0028] The lightweight public key encryption techniques described herein can also be implemented with a private key in which case computational complexity is comparable to the RSA private key operation. Accordingly, the private key version of the lightweight public key encryption techniques described herein can be used with more computationally powerful devices such as a base station, for example.
[0029] Referring now to FIG. 1, shown therein is a block diagram of an example embodiment of a device 100 that can perform data encryption according to at least one of the lightweight public key encryption techniques described herein. In some cases, the device 100 may also be able to perform private key decryption that corresponds to the lightweight public key encryption techniques described herein. The device 100 comprises a processor 102, a memory module 104, a communications module 106, a network interface 108, a data port 110, and a power module 112. These elements can be coupled to one another using data lines, communication or data buses or power rails as the case may be. In other embodiments, the device 100 may contain at least one of the communications module 106, the network interface 108 and the data port 110. Therefore, two of the elements 106, 108 and 110 are optional as long as the other of these elements is present in the device 100, which depends on the implementation/application of the device 100. For example, if the device 100 is a smart card, then the data port 110 would be used which would be in the form of data contacts or pads on the smart card. In other embodiments, the device 100 may also include at least one input/output device such as, but not limited to, at least one of a display, flashing LEDs or lights and a keyboard or some other input mechanism such as one of push or toggle buttons, a slide switch, a toggle switch, a thumbwheel and a touch sensitive element. Depending on the particular application, the device 100 can be a sensor, an RFID tag, an embedded system and a smart card.
[0030] The processor 102 controls the operation of the device 100.
Accordingly, the processor 102 is coupled with the memory module 104 to store and retrieve information as well as to execute the operating system 114 and various programs 116 which enable the device 100 to provide various functions including at least one of the lightweight data encryption techniques as described herein and optionally data decryption techniques. The processor 102 is coupled to the communications module 106, the network interface 108 and the data port 110 to instruct these devices to send and receive information as required such as data that has been encrypted by the device 100 or to receive data that requires encryption. The processor 102 can be any suitable processor such as a microprocessor and the like as is commonly known by those skilled in the art. The processor 102 can have low processing power and still be able to implement the lightweight data encryption techniques described herein.
Accordingly, the processor 102 is coupled with the memory module 104 to store and retrieve information as well as to execute the operating system 114 and various programs 116 which enable the device 100 to provide various functions including at least one of the lightweight data encryption techniques as described herein and optionally data decryption techniques. The processor 102 is coupled to the communications module 106, the network interface 108 and the data port 110 to instruct these devices to send and receive information as required such as data that has been encrypted by the device 100 or to receive data that requires encryption. The processor 102 can be any suitable processor such as a microprocessor and the like as is commonly known by those skilled in the art. The processor 102 can have low processing power and still be able to implement the lightweight data encryption techniques described herein.
[0031] The memory module 104 includes temporary and permanent memory elements as is commonly known by those skilled in the art. For example, the memory module 104 can include at least one temporary storage element, such as Random Access Memory (RAM), and/or at least one permanent storage element such as Read Only Memory (ROM) and/or flash memory. The operating system 114 and the programs 116 are stored in a permanent storage element of the memory module 104 but these software applications as well as specific device drivers and the like can be loaded into the temporary elements of the memory module 104 during operation of the device 100. The permanent storage elements of the memory module 104 can be used to provide at least one data store 118.
[0032] The communications module 106 provides wireless communication with wireless devices using a communication protocol that corresponds to the usage of the device 100. For example, the communications module 106 can include a Wi-Fi radio so that the device 100 can wirelessly communicate with other devices, such as a base station. The Wi-Fi radio can be configured to communicate according to the Global System for Mobile Communication (GSM) or General Packet Radio Services (GPRS) standards using techniques known by those skilled in the art. However, it should be understood that the communications module 106 can be modified to use other radios and/or to transmit according to other wireless communication protocols such as 3G, 4G, LTE or other future communication protocols. The communications module 106 allows information to be transmitted and received by the device 100.
[0033] The network interface 108 can be a standard Ethernet connection such as, but not limited to, a Local Area Network (LAN), or an Internet connection, or a wireless modem connection. The network interface 108 allows information to be transmitted and received by the device 100.
[0034] The data port 110 can be any suitable port that enables data communication between the device 100 and another electronic device. The data port 110 can be a serial or a parallel port. In some instances, the data port 110 can be a USB port that includes data lines for data transfer. In some instances, the data port 110 can include more than one port such as at least two of various combinations of a serial port, a parallel port and a USB port.
In some instances, the data port 110 can be a set of contact pads such as in the case of smart cards. The data port 110 allows information to be transmitted and received by the device 100.
In some instances, the data port 110 can be a set of contact pads such as in the case of smart cards. The data port 110 allows information to be transmitted and received by the device 100.
[0035] The communications module 106, the network interface 108 and the data port 110 allow the device 100 to receive data that is to be encrypted.
The communications module 106, the network interface 108 and the data port 110 also allow the device 100 to transmit encrypted data which was encrypted by the device 100 using one of the lightweight encryption techniques described herein. In some embodiments, the communications module 106, the network interface 108 and the data port 110 allow the device 100 to transmit data that was decrypted by the device 100.
The communications module 106, the network interface 108 and the data port 110 also allow the device 100 to transmit encrypted data which was encrypted by the device 100 using one of the lightweight encryption techniques described herein. In some embodiments, the communications module 106, the network interface 108 and the data port 110 allow the device 100 to transmit data that was decrypted by the device 100.
[0036] The power module 112 provides power to the device 100 during operation. The implementation of the power module 112 depends on the implementation/application of the device 100. Furthermore, in some cases, the power module 112 is optional such as in the case of smart cards. In some cases, the power module 112 can be a standard power supply module to connect the device 100 to a power line. In alternative embodiments, the power module 112 can be a battery or a battery pack. The power module 112 also includes other components, such as a battery interface, a regulator, protection circuitry and possibly switching circuitry (all not shown), as is known to those skilled in the art, that allow the power module 112 to provide a stable source of power to the device 100 during operation.
[0037] The operating system 114 includes software, settings and data that manage hardware and software resources during operation of the device 100 as is commonly known by those skilled in the art. The operating system 114 also provides various services that allow the processor 102 to execute the various programs 116 that are stored in the memory module 104, which dictate the functionality of the device 100. In this regard, when the processor 102 is executing any of the programs 116, the processor 102 may be considered to be configured to execute various steps according to the methods specified in the programs 116. The programs 116 comprise a set of instructions or modules that implement various functions including a public lightweight encryption technique according to at least one of the embodiments described herein. In some embodiments, the programs 116 also comprise a set of instructions or modules that implement a corresponding private key decryption technique.
[0038] The data store 118 can be used to store various parameters and data elements to facilitate encryption or decryption according to one of the techniques described herein. For instance, the data store 118 can be used to store unencrypted data that is to be encrypted or to store recently encrypted data. The data store 118 can also store parameters that are used to perform encryption and optionally decryption, which are described in more detail with regards to FIGS. 2 to 4.
[0039] The device 100 can perform lightweight asymmetric cryptographic techniques in which the encryption is a public operation and the decryption is a private operation. In at least some cases, the device 100 uses a symmetric key in the payload of the public key operation. Once the device 100 exchanges the symmetric key with another device, subsequent communications between the two devices can be secured (i.e. via encryption and decryption operations) with the exchanged key. Symmetric encryption techniques such as, but not limited to, AES for example, is many orders of magnitude less computationally expensive than related asymmetric cryptographic techniques which makes the symmetric encryption techniques more suitable for devices with lower processing power.
[0040] Previous encryption techniques that use Rabin encryption (which is an asymmetric cryptographic technique) in low-resource platforms differ significantly from the lightweight encryption techniques described herein as these previous approaches do not consider utilizing CRT arithmetic nor payload encoding into a randomization mask. Accordingly, some of these previous approaches require substantial amounts of real randomness, which may be difficult to generate in a resource-constrained device. In contrast, the lightweight encryption techniques described herein require only a single pseudo-random key for encrypting each message, such as, but not limited to a 128-bit symmetric key, for example.
[0041] The Rabin public key cryptosystem is in many ways similar to the RSA cryptosystem. Let n be a product of two large primes p and q. In order to facilitate implementation, these primes are often chosen so that p E
q 3 (mod 4). To encrypt a message x, one simply squares the message x modulo the public modulus n (i.e. a public key) as shown in equation 1.
z=xz+(mod n) (1) [0042] The Rabin private key operation requires computation of modular square roots and is of comparable complexity to the RSA private key algorithm. Since there are a total of four possible square roots ('[z_ _ x -mod p and Va =_ x = mod q), a special mechanism can be used in order to mark and find the correct square root. Implementation options for the Rabin private key operation can be obtained from standard cryptography textbooks such as the Handbook of Applied Cryptography (A. Menezes, P. Van Oorschot, and S. Vanstone, CRC Press, 1996).
q 3 (mod 4). To encrypt a message x, one simply squares the message x modulo the public modulus n (i.e. a public key) as shown in equation 1.
z=xz+(mod n) (1) [0042] The Rabin private key operation requires computation of modular square roots and is of comparable complexity to the RSA private key algorithm. Since there are a total of four possible square roots ('[z_ _ x -mod p and Va =_ x = mod q), a special mechanism can be used in order to mark and find the correct square root. Implementation options for the Rabin private key operation can be obtained from standard cryptography textbooks such as the Handbook of Applied Cryptography (A. Menezes, P. Van Oorschot, and S. Vanstone, CRC Press, 1996).
[0043] The main distinguishing factor for the public operation of the Rabin cryptosystem, in addition to being faster than RSA in encryption, is that it is provably as secure as factoring, which may or may not hold for RSA.
[0044] A randomized variation of the Rabin cryptosystem has been proposed by Shamir that avoids modular arithmetic (i.e. arithmetic mod n) by using a random masking variable r where r > n. The encryption operation is given by equation 2.
z=x2+r=n (2) It should be noted that the private key operation is essentially the same as with the standard Rabin scheme.
z=x2+r=n (2) It should be noted that the private key operation is essentially the same as with the standard Rabin scheme.
[0045] Randomized multiplication was originally considered by Naccache, albeit for a different application. Shamir proved that this randomized multiplication variant of Naccache has equivalent security properties to the standard version. However, the main drawback from avoiding modular arithmetic in the Naccache approach is that the ciphertext roughly doubles in size and that a large amount of high quality random bits must be generated for the random masking variable r. These problems are avoided in the lightweight encryption techniques described herein.
[0046] A large majority of the implementation footprint of traditional public key encryption schemes such as RSA or ECC tends to be consumed by implementing large finite field multiplication and exponentiation. This can be avoided by using arithmetic modulo a set of coprime numbers as is done with the lightweight encryption techniques described herein.
[0047] Let b1, b2, ..., bk denote a base, i.e. a set of k coprime numbers, and let B = rjk 1 bi be the product of the set of k coprime numbers. The Chinese Remainder Theorem (CRT) states that any number x, 0 s x < B can be uniquely expressed as a vector x; that represents a set of k congruences x;
= x mod b; where i = 1, 2, ..., k. Furthermore, ring arithmetic modulo B can be performed in this domain in which the sum, difference or product of two numbers mod B can be obtained by adding, subtracting or multiplying the individual vector components i, each mod b;. Therefore, multiplication modulo B has essentially linear complexity. The inventor has realized that when z < B
in equation 2, the entire public key computation can be performed in the CRT
domain. Accordingly, a CRT implementation is used for the lightweight encryption techniques described herein.
= x mod b; where i = 1, 2, ..., k. Furthermore, ring arithmetic modulo B can be performed in this domain in which the sum, difference or product of two numbers mod B can be obtained by adding, subtracting or multiplying the individual vector components i, each mod b;. Therefore, multiplication modulo B has essentially linear complexity. The inventor has realized that when z < B
in equation 2, the entire public key computation can be performed in the CRT
domain. Accordingly, a CRT implementation is used for the lightweight encryption techniques described herein.
[0048] An advantage of using a CRT implementation that is particular to the implementation of the lightweight encryption techniques described herein is that serial transmission of encrypted data may be started immediately after the first encrypted word of x2 + r = n has been computed.
This is not the case with RSA or in ECC cryptography. This property also helps to reduce the memory requirements for implementing the lightweight encryption techniques described herein.
This is not the case with RSA or in ECC cryptography. This property also helps to reduce the memory requirements for implementing the lightweight encryption techniques described herein.
[0049] Another advantage of the lightweight encryption techniques described herein is that the random masking variable r can also be used to carry payload data (i.e. message data) that has been encrypted using a random symmetric key, contained in x. This encoding property of the lightweight encryption techniques described herein allows the transmission bandwidth of a communication channel that transmits the encrypted data to be essentially doubled when compared to previous implementations of public-key encryption schemes (such as the Shamir technique mentioned earlier).
[0050] It should be noted that the encoding technique of encoding a portion of the message in the random masking variable can be used independently of using the CRT implementation with arithmetic modulo a set of coprime numbers. Accordingly, some embodiments of cryptographic techniques in accordance with the teachings described herein use the CRT
implementation with arithmetic modulo a set of coprime numbers, some embodiments of cryptographic techniques in accordance with the teachings described herein use the randomization mask r=n to carry payload data and some embodiments of cryptographic techniques in accordance with the teachings described herein can use both the CRT implementation with arithmetic modulo a set of coprime numbers and the randomization mask r-n to carry payload data.
implementation with arithmetic modulo a set of coprime numbers, some embodiments of cryptographic techniques in accordance with the teachings described herein use the randomization mask r=n to carry payload data and some embodiments of cryptographic techniques in accordance with the teachings described herein can use both the CRT implementation with arithmetic modulo a set of coprime numbers and the randomization mask r-n to carry payload data.
[0051] Referring now to FIG. 2, shown therein is a flowchart of an example embodiment of a lightweight public data encryption method 200 in accordance with the encryption techniques described herein. At step 202, the method 200 comprises obtaining parameters that are used to perform the public encryption. These parameters include the public modulus (n) (i.e.
public key) that is used to perform the encryption, the value for k which is the number of coprime numbers used in the base for the CRT, the number (m) of data blocks (i.e. do to dm) of the message that is to be encrypted, an authenticator and the CRT base. The parameters can also specify whether the data blocks are to be encrypted prior to performing the public encryption and if so what symmetric key is used. The parameters can also specify how the data blocks and some of the parameters are allocated to the variable x and the random masking variable r in step 204. In alternative embodiments, more sophisticated authentication techniques than the checksum can be used to check for the integrity of the encrypted message when it is transmitted between devices.
public key) that is used to perform the encryption, the value for k which is the number of coprime numbers used in the base for the CRT, the number (m) of data blocks (i.e. do to dm) of the message that is to be encrypted, an authenticator and the CRT base. The parameters can also specify whether the data blocks are to be encrypted prior to performing the public encryption and if so what symmetric key is used. The parameters can also specify how the data blocks and some of the parameters are allocated to the variable x and the random masking variable r in step 204. In alternative embodiments, more sophisticated authentication techniques than the checksum can be used to check for the integrity of the encrypted message when it is transmitted between devices.
[0052] At step 204, the message to be encrypted and some of the parameters are partitioned into first and second portions of data. This can include encrypting the data blocks (which is explained in more detail with respect to FIG. 3). The first portion of data is the variable x which contains the symmetric key, such as but not limited to an AES key, for example, if the data blocks are to be encrypted before applying the public encryption. The variable x also includes several data blocks do to d; of the message to be encrypted (as mentioned the data blocks may be encrypted in some cases).
The second portion of data is the random masking variable r which includes the remaining data blocks to be encrypted d;+1 to dm and the authenticator.
The sizes of the variable x and r is based on the size of the public modulus and the number of coprime values that is selected for the CRT encoding of the entire payload. The size of the variable r is larger than the size of the variable x (as explained in further detail with respect to FIG. 3).
The second portion of data is the random masking variable r which includes the remaining data blocks to be encrypted d;+1 to dm and the authenticator.
The sizes of the variable x and r is based on the size of the public modulus and the number of coprime values that is selected for the CRT encoding of the entire payload. The size of the variable r is larger than the size of the variable x (as explained in further detail with respect to FIG. 3).
[0053] At step 206, the method 200 generates a portion of the bit squared variable x2 from the first portion of data. At step 208, the method generates a portion of the randomization mask from the second portion of data (r) and the public key (n) by forming the product rrn. The steps 206 and 208 involve using arithmetic modulo a set of coprime numbers, as described earlier, to allow for implementation on processors with lower processing power as well as to increase the speed of the encryption method 200. This then allows the bit squared variable x2 and the randomization mask r=n to be formed a portion at a time in which the size of the portion can be a word (e.g.
four bytes of data in some cases). A word is meant to be a group of bits on which operations are performed. The word-size (i.e. number of bits) can change depending on the CRT coprime base and the processor 102 of the device 100. Typically a word size is used to describe the native data unit size of the processor 102. For instance, a 16-bit processor operates on 16-bit words. However there is some flexibility in defining word size. For example, a 16-bit processor can be used to perform 32-bit operations (i.e. so the word size can be 32 bits for a 16-bit processor). Also, step 208 involves using some of the data blocks of the message in the random masking variable r which increases the communication capacity of the encryption method 200.
four bytes of data in some cases). A word is meant to be a group of bits on which operations are performed. The word-size (i.e. number of bits) can change depending on the CRT coprime base and the processor 102 of the device 100. Typically a word size is used to describe the native data unit size of the processor 102. For instance, a 16-bit processor operates on 16-bit words. However there is some flexibility in defining word size. For example, a 16-bit processor can be used to perform 32-bit operations (i.e. so the word size can be 32 bits for a 16-bit processor). Also, step 208 involves using some of the data blocks of the message in the random masking variable r which increases the communication capacity of the encryption method 200.
[0054] At step 210, the method 200 generates a portion (i.e. word) of the encrypted data z (i.e. ciphertext) by adding portions (i.e. words) of the bit squared variable x2 and the randomization mask r=n rather than waiting until the entire computation required to form all of x2 and all of r=n is performed.
As explained earlier, this is possible due to the use of arithmetic modulo a set of coprime numbers to generate the bit squared variable x2 and the randomization mask r=n.
As explained earlier, this is possible due to the use of arithmetic modulo a set of coprime numbers to generate the bit squared variable x2 and the randomization mask r=n.
[0055] At step 212, the method 200 transmits the portion (i.e. word) of encrypted data generated in step 210. However, it should be noted that steps 212 and 214 are optional in other embodiments in which the entire message is first encrypted and the encrypted data is then stored before being transmitted.
[0056] At step 214, the method 200 determines whether there is more data to encrypt. If this decision is true, the method 200 returns to steps 206, 208 and 210 to form the next word of the bit squared variable x2, the next word of the randomization mask in and the next word of encrypted ciphertext z respectively. Alternatively, if the decision at step 214 is false, then the method 200 ends. It should be noted that the sizes of the portions generated in steps 206 to 210 are not the same size as the first and second portions of steps 204 and 206.
[0057] Referring now to FIG. 3, shown therein is an illustration of an example implementation of the data encryption method 200 of FIG. 2. This example implementation was designed for operation with low processing power 8-bit or 16-bit microprocessors and microcontrollers typically found in active RFID and wireless sensor network applications. However, it should be understood that the various lightweight encryption methods described herein can also be used with 32-bit and 64-bit processors. The use of 16-bit, 32-bit or 64-bit architectures allows the encryption techniques described herein to be very efficient. Furthermore, it should be understood that using 32-bit or 64-bit architectures should provide more security.
[0058] A 1025-bit public modulus was selected as the public key n, which offers a reasonable level of security. However, for implementations with highly sensitive data, a larger modulus should be used. Likewise, for implementations with less sensitive data, a smaller modulus can be used. For symmetric encryption, AES-128 in counter mode can be used to produce encrypted data blocks d; that are part of the payload that is then encrypted using the public encryption method described herein.
[0059] The variable m is the entire payload. In this example, the first 128-bits of m are the AES key (which can be thought of a session key but will be more generally referred to as a symmetric key). The next portion of the payload m comprises intermediate ciphertext data words (i.e. do to d14) encrypted with AES using the symmetric key that is included in the payload m.
In alternative embodiments, encryption does not have to be performed on the data words prior to forming the payload. However, there is a requirement for high quality random bits for the random masking variable which can be met if the data blocks included in the random masking variable r have been encrypted. Furthermore, it is advantageous to encrypt the data blocks to provide extra security as the data blocks can then be recovered by the recipient only if they have the symmetric key. The last portion of the payload m comprises an authenticator, which in this case is a checksum c. In this example, the data blocks do, d1,...,d14 are 128-bit data words. In alternative embodiments, another number of data blocks can be used. In fact, the entire message is divided into data blocks commiserate with the public modulus. In this public encryption method, the message length, or payload, is roughly double the public modulus since message data is also included in the random masking variable r whereas in the conventional Rabin implementation the message length is limited to the size of the public modulus.
In alternative embodiments, encryption does not have to be performed on the data words prior to forming the payload. However, there is a requirement for high quality random bits for the random masking variable which can be met if the data blocks included in the random masking variable r have been encrypted. Furthermore, it is advantageous to encrypt the data blocks to provide extra security as the data blocks can then be recovered by the recipient only if they have the symmetric key. The last portion of the payload m comprises an authenticator, which in this case is a checksum c. In this example, the data blocks do, d1,...,d14 are 128-bit data words. In alternative embodiments, another number of data blocks can be used. In fact, the entire message is divided into data blocks commiserate with the public modulus. In this public encryption method, the message length, or payload, is roughly double the public modulus since message data is also included in the random masking variable r whereas in the conventional Rabin implementation the message length is limited to the size of the public modulus.
[0060] The variable x is then defined as the first 1,024 bits of the payload m (i.e. (m[0...31])) and the random masking variable r is defined as the last 1,056 bits of the payload m (i.e. m[32...64]). The size of the variable x is determined by the size of the public modulus. The size of the random masking variable r must be larger than the variable x. The size of r can be made just large enough such that breaking the public encryption algorithm would require factoring the public modulus n (this size would be known to those skilled in the art). In an alternative embodiment, the payload m can be partitioned in accordance with the Hummingbird-2 encryption technique since it is lightweight and offers authenticated encryption. The public encryption operation is then performed to form the final ciphertext z according to z = x2 +
r-n using CRT to perform the entire operation without using big integer arithmetic. Accordingly, the original message (do to d14) can only be recovered by someone that knows p and q (which is the private key). In this case, the CRT base was chosen to consist of 64 primes 4294965793 ...
4294967291 and the word 232 (i.e. 32 bit word size). Accordingly, the encoding capacity is B = 11651 b; 22079.999982 which is very close to the maximum channel capacity of 2,080 bits. Furthermore, this implementation sacrifices some message integrity protection for simplicity since only a 31-bit checksum c is used. However, in alternative embodiments a larger checksum can be used or an alternative data integrity checking mechanism (as is known to those skilled in the art) can be used as is described in more detail below.
r-n using CRT to perform the entire operation without using big integer arithmetic. Accordingly, the original message (do to d14) can only be recovered by someone that knows p and q (which is the private key). In this case, the CRT base was chosen to consist of 64 primes 4294965793 ...
4294967291 and the word 232 (i.e. 32 bit word size). Accordingly, the encoding capacity is B = 11651 b; 22079.999982 which is very close to the maximum channel capacity of 2,080 bits. Furthermore, this implementation sacrifices some message integrity protection for simplicity since only a 31-bit checksum c is used. However, in alternative embodiments a larger checksum can be used or an alternative data integrity checking mechanism (as is known to those skilled in the art) can be used as is described in more detail below.
[0061] It can be seen that in this implementation, the generated final ciphertext z' is a series of 65 words that are each 32 bits in size. As described previously, the lightweight encryption method can be performed such that each word of the final ciphertext z is generated one at a time and the words can then be successively transmitted. The generation of the final ciphertext one word at a time is signified by the vertical lines in the data element z' shown in FIG. 3.
[0062] The total code size for the example encryption implementation is about 750 bytes when implemented on the ultra-low power MSP430 microcontroller architecture of the Texas Instruments CC430F6137. The TI
CC430F6137 also has a 32-bit hardware multiplier and an AES accelerator that are useful for the implementation of this application. The TI CC430F6137 also has an integrated sub-1-GHz wireless transceiver. For a 32-bit x86 platform, the implementation size was found to be 1136 bytes, including a tiny AES implementation. The implemented program does not call any external functions, was coded in C and compiled with GCC-MSP430 4.4.3 and GCC
4.4.3.
CC430F6137 also has a 32-bit hardware multiplier and an AES accelerator that are useful for the implementation of this application. The TI CC430F6137 also has an integrated sub-1-GHz wireless transceiver. For a 32-bit x86 platform, the implementation size was found to be 1136 bytes, including a tiny AES implementation. The implemented program does not call any external functions, was coded in C and compiled with GCC-MSP430 4.4.3 and GCC
4.4.3.
[0063] It should be noted that in alternative embodiments an authenticated encryption mode such as the EAX, CCM or GCM can be incorporated into the implementation. EAX, CCM and GCM are modes of operation that encrypt a message and also authenticate the message (i.e.
check the integrity of the message). Accordingly, these modes can be used in lieu of CRC. The hardware design for this example embodiment used GCM, which is also a part of the National Security Authority's (NSA's) "Suite B
cryptography" (http://www.nsa.gov/ia/programs/suiteb_cryptography/).
check the integrity of the message). Accordingly, these modes can be used in lieu of CRC. The hardware design for this example embodiment used GCM, which is also a part of the National Security Authority's (NSA's) "Suite B
cryptography" (http://www.nsa.gov/ia/programs/suiteb_cryptography/).
[0064] A private key version of the lightweight encryption method described herein was implemented in C using the OpenSSL library for both fast big number arithmetic and AES. The implementation required only about 230 code lines.
[0065] Referring now to FIG. 4, shown therein is a flowchart of an example embodiment of a data decryption method 300 that can be used in conjunction with the data encryption method 200 or the implementation shown in FIG. 3. The decryption method 300 is a private key operation. At step 302, the de-CRT coefficients d; are computed according to d; _ (B = (b- )b1. The d;
can be pre-computed.
can be pre-computed.
[0066] At step 304, the ciphertext z is converted to two's complement binary representation. One way to do this is given in equation 3. Here b; is the base with an appropriate number k of coprime numbers (in the example of FIG. 3, k = 65, rjk 1 bi and the CRT ciphertext vector z; satisfies 0 <_ z; <
b; for each i.
Z = (~k 1 ZL bi 1 b` B)-') mod B (3) [0067] At step 306, the private factorization pq of the modulus n is determined. Rabin decryption is significantly easier to implement when p = q 3 mod 4 and this is assumed to be the case. There are four square roots for every quadratic residue mod pq as shown in equations 4 and 5.
p+1 xp = (z 4 mod p) = q = qp 1 (4) a+1 xq = (z4 mod q) p pq 1 (5) The four square roots of z are given by x = (Xp + xq; Xp - Xq; -Xp + Xq;- Xp -Xq) (mod n). The correct root can be recognized by using the checksum c (which is also known as an authenticator). Since there are four possible square roots, there are four possible decryptions and the correct decryption is identified by running the authenticator over the four possibilities and selecting the one that matches the transmitted authenticator. In an alternative embodiment, another authenticator other than the checksum can be used (as long as the same authenticator is used when generating the payload m).
b; for each i.
Z = (~k 1 ZL bi 1 b` B)-') mod B (3) [0067] At step 306, the private factorization pq of the modulus n is determined. Rabin decryption is significantly easier to implement when p = q 3 mod 4 and this is assumed to be the case. There are four square roots for every quadratic residue mod pq as shown in equations 4 and 5.
p+1 xp = (z 4 mod p) = q = qp 1 (4) a+1 xq = (z4 mod q) p pq 1 (5) The four square roots of z are given by x = (Xp + xq; Xp - Xq; -Xp + Xq;- Xp -Xq) (mod n). The correct root can be recognized by using the checksum c (which is also known as an authenticator). Since there are four possible square roots, there are four possible decryptions and the correct decryption is identified by running the authenticator over the four possibilities and selecting the one that matches the transmitted authenticator. In an alternative embodiment, another authenticator other than the checksum can be used (as long as the same authenticator is used when generating the payload m).
[0068] Once the correct square root of the bit variable x is found, the random masking variable r is determined at step 308. This can be done using equation 6.
z-x2 (6) n [0069] At step 310, the bit variable x and the random masking variable r can then be concatenated to obtain the full message m = x 1jr, which contains the symmetric decryption key which can then be used to decrypt the entire data payload.
z-x2 (6) n [0069] At step 310, the bit variable x and the random masking variable r can then be concatenated to obtain the full message m = x 1jr, which contains the symmetric decryption key which can then be used to decrypt the entire data payload.
[0070] As mentioned, the lightweight public key encryption techniques described herein can be used with various low-resource applications. In the case of authentication of RFID tags, a protocol can be devised that requires the RFID tag to only perform public key encryption using the interrogator's public key.
[0071] At least some of the methods that are described herein that can be implemented via software may be written in a high-level procedural language such as C, C++ or any other suitable programming language and may comprise modules or classes, as is known to those skilled in the art.
Alternatively, at least some of the methods described herein can be implemented in assembly language, machine language or firmware as needed. In either case, the program code can be stored on a storage media or on a computer readable medium that is readable by a general or special purpose programmable computing device having a processor, an operating system and the associated hardware and software that is necessary to implement the functionality of at least one of the encryption methods described herein. The program code, when read by the computing device, configures the computing device to operate in a new, specific and predefined manner in order to perform at least one of the methods described herein.
Alternatively, at least some of the methods described herein can be implemented in assembly language, machine language or firmware as needed. In either case, the program code can be stored on a storage media or on a computer readable medium that is readable by a general or special purpose programmable computing device having a processor, an operating system and the associated hardware and software that is necessary to implement the functionality of at least one of the encryption methods described herein. The program code, when read by the computing device, configures the computing device to operate in a new, specific and predefined manner in order to perform at least one of the methods described herein.
[0072] Furthermore, at least some of the methods described herein are capable of being distributed in a computer program product comprising a computer readable medium that bears computer usable instructions for one or more processors. The medium may be provided in various forms such as, but not limited to, one or more diskettes, compact disks, tapes, chips, USB keys, external hard drives, wire-line transmissions, satellite transmissions, internet transmissions or downloads, magnetic and electronic storage media, digital and analog signals, and the like. The computer useable instructions may also be in various forms, including compiled and non-compiled code.
[0073] While the applicant's teachings described herein are in conjunction with various embodiments for illustrative purposes, it is not intended that the applicant's teachings be limited to such embodiments. On the contrary, the applicant's. teachings described and illustrated herein encompass various alternatives, modifications, and equivalents, without departing from the embodiments, the general scope of which is defined in the appended claims.
Claims (42)
1. A device for performing cryptography on message data, wherein the device comprises:
a processor configured to control the operation of the device;
a memory module coupled to the processor, the memory module being configured to store data; and a communication interface coupled to the processor, the communication interface being configured for data communication;
wherein, the processor is configured to obtain parameters including a public modulus for encrypting the message data, partition the message data and some of the parameters into first and second portions of data, generate bit squared data from the first portion of data, generate a randomization mask from the second portion of data and generate final encrypted data based on the bit squared data and the randomization mask, wherein the processor generates the final encrypted data utilizing Chinese Remainder Theorem (CRT) with arithmetic modulo a set of coprime numbers.
a processor configured to control the operation of the device;
a memory module coupled to the processor, the memory module being configured to store data; and a communication interface coupled to the processor, the communication interface being configured for data communication;
wherein, the processor is configured to obtain parameters including a public modulus for encrypting the message data, partition the message data and some of the parameters into first and second portions of data, generate bit squared data from the first portion of data, generate a randomization mask from the second portion of data and generate final encrypted data based on the bit squared data and the randomization mask, wherein the processor generates the final encrypted data utilizing Chinese Remainder Theorem (CRT) with arithmetic modulo a set of coprime numbers.
2. The device of claim 1, wherein the processor is configured to perform encryption on data using one of 8 bit, 16 bit, 32 bit and 64 bit architectures.
3. The device of claim 1, wherein the processor is further configured to generate a portion of the bit squared data, to generate a portion of the randomization mask, to generate a portion of the final encrypted data and to transmit the portion of the final encrypted data.
4. The device of claim 1, wherein the first portion of data comprises several data blocks of the message data.
5. The device of claim 4, wherein the first portion of data further comprises a symmetric key and the data blocks of the message data are encrypted using the symmetric key.
6. The device of claim 4, wherein the second portion of data comprises remaining data blocks of the message data and an authenticator.
7. The device of claim 1, wherein the randomization mask (r.cndot.n) is generated using CRT with arithmetic modulo a set of coprime numbers where r comprises a portion of the message data and an authenticator and n comprises the public modulus.
8. The device of claim 1, wherein the device is one of a sensor, an RFID
tag, an embedded system, a cell phone, a smart phone and a smart card.
tag, an embedded system, a cell phone, a smart phone and a smart card.
9. The device of claim 1, wherein the processor is further configured to perform decryption corresponding to the encryption performed by the processor, wherein the decryption comprises computing de-CRT coefficients.
10. The device of claim 9, wherein the decryption further comprises converting the final encrypted data to conventional two's complement binary, performing private factorization pq of the public modulus to obtain a correct root of the bit squared data, determining a random masking variable based on the bit squared data and the public modulus, and determining the message data by concatenating the correct root of the bit squared data and the random masking variable.
11. The device of claim 1, wherein the second portion of data has a size that is larger than the first portion of data and the size of the second portion of data is large enough that breaking the encrypted data would require factoring the public modulus.
12. A device for performing cryptography on message data, wherein the device comprises:
a processor configured to control the operation of the device;
a memory module coupled to the processor, the memory module being configured to store data; and a communication interface coupled to the processor, the communication interface being configured for data communication;
wherein, the processor is configured to obtain parameters including a public modulus for encrypting the message data, partition the message data and some of the parameters into first and second portions of data, generate bit squared data from the first portion of data, generate a randomization mask (r.cndot.n) from the second portion of data and generate final encrypted data based on the bit squared data and the randomization mask, wherein r comprises a portion of the message data and an authenticator and n comprises the public modulus.
a processor configured to control the operation of the device;
a memory module coupled to the processor, the memory module being configured to store data; and a communication interface coupled to the processor, the communication interface being configured for data communication;
wherein, the processor is configured to obtain parameters including a public modulus for encrypting the message data, partition the message data and some of the parameters into first and second portions of data, generate bit squared data from the first portion of data, generate a randomization mask (r.cndot.n) from the second portion of data and generate final encrypted data based on the bit squared data and the randomization mask, wherein r comprises a portion of the message data and an authenticator and n comprises the public modulus.
13. The device of claim 12, wherein the processor is configured to perform encryption on data using one of 8 bit, 16 bit, 32 bit and 64 bit architectures.
14. The device of claim 12, wherein the processor generates the final encrypted data utilizing Chinese Remainder Theorem (CRT) with arithmetic modulo a set of coprime numbers.
15. The device of claim 14, wherein the processor is further configured to generate a portion of the bit squared data, to generate a portion of the randomization mask, to generate a portion of the final encrypted data and to transmit the portion of final encrypted data.
16. The device of claim 12, wherein the first portion of data comprises several data blocks of the message data.
17. The device of claim 16, wherein the first portion of data further comprises a symmetric key and the data blocks of the message data are encrypted using the symmetric key.
18. The device of claim 17, wherein the second portion of data comprises remaining data blocks of the message data and the authenticator, the remaining data blocks being encrypted using the symmetric key.
19. The device of claim 12, wherein the device is one of a sensor, an RFID
tag, an embedded system, a cell phone, a smart phone and a smart card.
tag, an embedded system, a cell phone, a smart phone and a smart card.
20. The device of claim 14, wherein the processor is further configured to perform decryption corresponding to the encryption performed by the processor, wherein the decryption comprises computing de-CRT coefficients.
21. The device of claim 20, wherein the decryption further comprises converting the final encrypted data to conventional two's complement binary, performing private factorization pq of the public modulus to obtain a correct root of the bit squared data, determining a random masking variable based on the bit squared data and the public modulus, and determining the message data by concatenating the correct root of the bit squared data and the random masking variable.
22. The device of claim 12, wherein the second portion of data has a size that is larger than the first portion of data and the size of the second portion of data is large enough that breaking the encrypted data would require factoring the public modulus.
23. A method for performing cryptography on message data on a device, wherein the method comprises:
obtaining parameters including a public modulus for encrypting the message data;
partitioning the message data and some of the parameters into first and second portions of data;
generating bit squared data from the first portion of data;
generating a randomization mask from the second portion of data; and generating final encrypted data based on the bit squared data and the randomization mask, wherein the partitioning and generating steps are performed by a processor of the device and generation of the final encrypted data comprises utilizing Chinese Remainder Theorem (CRT) with arithmetic modulo a set of coprime numbers.
obtaining parameters including a public modulus for encrypting the message data;
partitioning the message data and some of the parameters into first and second portions of data;
generating bit squared data from the first portion of data;
generating a randomization mask from the second portion of data; and generating final encrypted data based on the bit squared data and the randomization mask, wherein the partitioning and generating steps are performed by a processor of the device and generation of the final encrypted data comprises utilizing Chinese Remainder Theorem (CRT) with arithmetic modulo a set of coprime numbers.
24. The method of claim 23, wherein the generating steps comprise generating a portion of the bit squared data, generating a portion of the randomization mask and generating a portion of the final encrypted data and the method further comprises transmitting the portion of the final encrypted data.
25. The method of claim 23, wherein the first portion of data several data blocks of the message data.
26. The method of claim 25, wherein the first portion of data further comprises a symmetric key and the data blocks of the message data are encrypted using the symmetric key.
27. The method of claim 25, wherein the second portion of data comprises remaining data blocks of the message data and an authenticator.
28. The method of claim 23, wherein the randomization mask (r.cndot.n) is generated using CRT with arithmetic modulo a set of coprime numbers where r comprises a portion of the message data and an authenticator and n comprises the public modulus.
29. The method of claim 23, wherein the method further comprises performing decryption corresponding to the encryption performed by the processor, wherein the decryption comprises computing de-CRT coefficients.
30. The method of claim 29, wherein the decryption further comprises converting the final encrypted data to conventional two's complement binary, performing private factorization pq of the public modulus to obtain a correct root of the bit squared data, determining a random masking variable based on the bit squared data and the public modulus, and determining the message data by concatenating the correct root of the bit squared data and the random masking variable.
31. The method of claim 23, wherein the method further comprises selecting a size for the second portion of data that is larger than the first portion of data and selecting the size of the second portion of data to be large enough that breaking the encrypted data would require factoring the public modulus.
32. A method for performing cryptography on message data on a device, wherein the method comprises:
obtaining parameters including a public modulus for encrypting the message data;
partitioning the message data and some of the parameters into first and second portions of data;
generating bit squared data from the first portion of data;
generating a randomization mask (r.cndot.n) from the second portion of data; and generating final encrypted data based on the bit squared data and the randomization mask, wherein the partitioning and generating steps are performed by a processor of the device, r comprises a portion of the message data and an authenticator, and n comprises the public modulus.
obtaining parameters including a public modulus for encrypting the message data;
partitioning the message data and some of the parameters into first and second portions of data;
generating bit squared data from the first portion of data;
generating a randomization mask (r.cndot.n) from the second portion of data; and generating final encrypted data based on the bit squared data and the randomization mask, wherein the partitioning and generating steps are performed by a processor of the device, r comprises a portion of the message data and an authenticator, and n comprises the public modulus.
33. The method of claim 32, wherein generating the final encrypted data comprises utilizing Chinese Remainder Theorem (CRT) with arithmetic modulo a set of coprime numbers.
34. The method of claim 32, wherein the generating steps comprise generating a portion of the bit squared data, generating a portion of the randomization mask and generating a portion of the final encrypted data and the method further comprises transmitting the portion of final encrypted data.
35. The method of claim 32, wherein the first portion of data comprises several data blocks of the message data.
36. The method of claim 35, wherein the first portion of data further comprises a symmetric key and the data blocks of the message data are encrypted using the symmetric key.
37. The method of claim 36, wherein the second portion of data comprises remaining data blocks of the message data and the authenticator, the remaining data blocks being encrypted using the symmetric key.
38. The method of claim 33, wherein the method further comprises performing decryption corresponding to the encryption performed by the processor, wherein the decryption comprises computing de-CRT coefficients.
39. The method of claim 38, wherein the decryption further comprises converting the final encrypted data to conventional two's complement binary, performing private factorization pq of the public modulus to obtain a correct root of the bit squared data, determining a random masking variable based on the bit squared data and the public modulus, and determining the message data by concatenating the correct root of the bit squared data and the random masking variable.
40. The method of claim 32, wherein the method further comprises selecting a size for the second portion of data that is larger than the first portion of data and selecting the size of the second portion of data to be large enough that breaking the encrypted data would require factoring the public modulus.
41. A computer readable medium comprising a plurality of instructions executable on a processor of an electronic device for adapting the electronic device to implement a method of cryptography on message data, wherein the method comprises:
obtaining parameters including a public modulus for encrypting the message data;
partitioning the message data and some of the parameters into first and second portions of data;
generating bit squared data from the first portion of data;
generating a randomization mask from the second portion of data; and generating final encrypted data based on the bit squared data and the randomization mask, wherein the partitioning and generating steps are performed by the processor and the generation steps comprise utilizing Chinese Remainder Theorem (CRT) with arithmetic modulo a set of coprime numbers.
obtaining parameters including a public modulus for encrypting the message data;
partitioning the message data and some of the parameters into first and second portions of data;
generating bit squared data from the first portion of data;
generating a randomization mask from the second portion of data; and generating final encrypted data based on the bit squared data and the randomization mask, wherein the partitioning and generating steps are performed by the processor and the generation steps comprise utilizing Chinese Remainder Theorem (CRT) with arithmetic modulo a set of coprime numbers.
42. A computer readable medium comprising a plurality of instructions executable on a processor of an electronic device for adapting the electronic device to implement a method of performing cryptography on message data, wherein the method comprises:
obtaining parameters including a public modulus for encrypting the message data;
partitioning the message data and some of the parameters into first and second portions of data;
generating bit squared data from the first portion of data;
generating a randomization mask (r.cndot.n) from the second portion of data; and generating final encrypted data based on the bit squared data and the randomization mask, wherein the partitioning and generating steps are performed by the processor of the device, r comprises a portion of the message data and an authenticator and n comprises the public modulus.
obtaining parameters including a public modulus for encrypting the message data;
partitioning the message data and some of the parameters into first and second portions of data;
generating bit squared data from the first portion of data;
generating a randomization mask (r.cndot.n) from the second portion of data; and generating final encrypted data based on the bit squared data and the randomization mask, wherein the partitioning and generating steps are performed by the processor of the device, r comprises a portion of the message data and an authenticator and n comprises the public modulus.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA 2754370 CA2754370A1 (en) | 2011-10-07 | 2011-10-07 | Method and device for data encryption and decryption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA 2754370 CA2754370A1 (en) | 2011-10-07 | 2011-10-07 | Method and device for data encryption and decryption |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2754370A1 true CA2754370A1 (en) | 2013-04-07 |
Family
ID=48052050
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA 2754370 Abandoned CA2754370A1 (en) | 2011-10-07 | 2011-10-07 | Method and device for data encryption and decryption |
Country Status (1)
| Country | Link |
|---|---|
| CA (1) | CA2754370A1 (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10778407B2 (en) | 2018-03-25 | 2020-09-15 | Nuvoton Technology Corporation | Multiplier protected against power analysis attacks |
| CN111985258A (en) * | 2019-05-23 | 2020-11-24 | 欧姆龙株式会社 | Communication device, communication system, RFID tag, and method for controlling communication device |
| CN112399027A (en) * | 2019-08-14 | 2021-02-23 | 北京京东振世信息技术有限公司 | Picture encryption and decryption method and device, storage medium and electronic equipment |
| CN112667994A (en) * | 2020-12-10 | 2021-04-16 | 山东大学 | Computer-oriented symmetric password formalized description method and system |
| CN112671789A (en) * | 2020-12-29 | 2021-04-16 | 杭州趣链科技有限公司 | Data transmission optimization method, device and system based on Chinese remainder theorem |
-
2011
- 2011-10-07 CA CA 2754370 patent/CA2754370A1/en not_active Abandoned
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10778407B2 (en) | 2018-03-25 | 2020-09-15 | Nuvoton Technology Corporation | Multiplier protected against power analysis attacks |
| CN111985258A (en) * | 2019-05-23 | 2020-11-24 | 欧姆龙株式会社 | Communication device, communication system, RFID tag, and method for controlling communication device |
| CN111985258B (en) * | 2019-05-23 | 2024-04-05 | 欧姆龙株式会社 | Communication device, communication system, RFID tag, and control method for communication device |
| CN112399027A (en) * | 2019-08-14 | 2021-02-23 | 北京京东振世信息技术有限公司 | Picture encryption and decryption method and device, storage medium and electronic equipment |
| CN112399027B (en) * | 2019-08-14 | 2023-12-05 | 北京京东振世信息技术有限公司 | Picture encryption and decryption method and device, storage medium and electronic equipment |
| CN112667994A (en) * | 2020-12-10 | 2021-04-16 | 山东大学 | Computer-oriented symmetric password formalized description method and system |
| CN112667994B (en) * | 2020-12-10 | 2023-01-20 | 山东大学 | Computer-oriented symmetric password formalized description method and system |
| CN112671789A (en) * | 2020-12-29 | 2021-04-16 | 杭州趣链科技有限公司 | Data transmission optimization method, device and system based on Chinese remainder theorem |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111740828B (en) | Key generation method, device and equipment and encryption and decryption method | |
| US9973334B2 (en) | Homomorphically-created symmetric key | |
| JP5544355B2 (en) | Method and system for verifying shared secrets | |
| EP3590242B1 (en) | Communication interface for a low power wide area network, wireless device and server using such communication interface | |
| WO2012053883A1 (en) | Switchable integrated quantum key distribution system | |
| US9762560B2 (en) | Method for generating cryptographic “one-time pads” and keys for secure network communications | |
| US10686587B2 (en) | Method for safeguarding the information security of data transmitted via a data bus and data bus system | |
| CN104202158A (en) | Symmetric and asymmetric hybrid data encryption/decryption method based on cloud computing | |
| Panda | Data security in wireless sensor networks via AES algorithm | |
| CA2754370A1 (en) | Method and device for data encryption and decryption | |
| CN102598575B (en) | Method and system for the accelerated decryption of cryptographically protected user data units | |
| WO2022067132A1 (en) | System and methods for secure communication using post-quantum cryptography | |
| US20190294417A1 (en) | Method and system for deriving deterministic prime number | |
| CN109923829B (en) | Agreement on secret values | |
| Zegers et al. | A lightweight encryption and secure protocol for smartphone cloud | |
| WO2018213875A1 (en) | Asymmetric cryptography and authentication | |
| CN112948867A (en) | Method and device for generating and decrypting encrypted message and electronic equipment | |
| Kofuji | Performance analysis of encryption algorithms on mobile devices | |
| CN102246456A (en) | System and method for countering side-channel attacks against encryption based on cyclic groups | |
| CN101882991B (en) | Communication data stream encryption method based on block cipher | |
| CN115883212A (en) | Information processing method, device, electronic equipment and storage medium | |
| US7415110B1 (en) | Method and apparatus for the generation of cryptographic keys | |
| AU2011232817A1 (en) | Method and device for data encryption and decryption | |
| EP2571192A1 (en) | Hybrid encryption schemes | |
| Saarinen | The PASSERINE public key encryption and authentication mechanism |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FZDE | Dead |
Effective date: 20171010 |