DE102022004784A1 - Method for encrypting and decrypting a data stream with a random block size in a communication system - Google Patents

Abstract

The invention relates to a method for encrypting and decrypting a data stream with a random block size in a communication system. Such methods for encrypting and decrypting a data stream with a fixed block size are known, e.g. Advanced Encryption Standard (AES), Salsa20 and the closely related ChaCha (e.g.: https:/Ien.wikipedia.org/wiki/Salsa20). The aim of the invention is to provide a method that uses two different entropy sources, namely the uniform distribution of the cryptographic hash function used and a cryptographically secured pseudo-random number generator, in order to achieve probabilistic encryption and bring it as close to noise as possible. For this purpose, the invention proposes a method for encrypting and decrypting a data stream with a random block size in a communication system, which comprises the method steps of claims 1 and 2.

Description

The invention relates to a method for encrypting and decrypting a data stream with a random block size in a communication system.

Such methods for encrypting and decrypting a data stream with a fixed block size are well known, e.g. B. Advanced Encryption Standard (AES), Salsa20 and the closely related ChaCha (e.g.: https://en.wikipedia.org/wiki/Salsa20).

The aim of the invention is to provide a method that uses two different entropy sources, namely the uniform distribution of the cryptographic hash function used and a cryptographically secured pseudo-random number generator, in order to achieve probabilistic encryption and to make it as close as possible to exclusive noise.

For this purpose, the invention proposes a method for encrypting and decrypting a data stream with a random block size in a communication system, which comprises the method steps of claims 1 and / or 2.

Assuming that the hash function used is an expandable output cryptographic hash function (XOF) and/or a key deviation function (KDF), e.g. B. BLAKE3 or Keccak, since it meets these conditions, is given a cryptographically secured pseudo-random number generator and a plaintext M, which is represented as a data stream of bytes.

{w ₀ , ..., w _i ) are defined to decompose the plaintext M into i + 1 words, where the length of each word is randomly selected from (0, m) and m is the smaller value from the maximum length of a block and the remaining length of M is. The length of the data is stored in several single-byte words, which are encrypted separately and appear before the data word. This allows the use of variable length encoding. For example, the method according to the invention may use a base 128 little endian encoding with 16383 as the maximum block size.

wobei r ein zufälliger Anfangsschlüssel ist und XOF_li einen Hash der Länge l_i erstellt. Jedes verschlüsselte Wort c_i wird zum Klartext-Wort w_i entschlüsselt mit: $$w_i=c_i\oplus XO{F}_{l_i}\left(KDF\left(r\right),w_0,c_0,\dots ,w_{i-1},c_{i-1}\right)$$

Each word w _i is encrypted into a cipher word c _i of length l _i as: $$c_i=w_i\oplus XO{F}_{l_i}\left(KDF\left(r\right),w_0,c_0,\dots ,w_{i-1},c_{i-1}\right)$$

where r is a random initial key and XOF _{is l i} creates a hash of length l _i . Each encrypted word c _i is decrypted to the plaintext word w _i with: $$w_i=c_i\oplus XO{F}_{l_i}\left(KDF\left(r\right),w_0,c_0,\dots ,w_{i-1},c_{i-1}\right)$$

This allows the conversion of a byte stream into an encrypted data stream with the key r, where the position and length of each block are unknown. The even distribution of hash values within the resulting data stream thwarts any possible attack.

• 1: schematische Darstellung der Verschlüsselung einer erfindungsgemäßen Stromchiffre;
• 2: schematische Darstellung der Entschlüsselung einer erfindungsgemäßen Stromchiffre.

The method according to the invention is explained in more detail with reference to the figures. They show:

• 1 : schematic representation of the encryption of a stream cipher according to the invention;
• 2 : Schematic representation of the decryption of a stream cipher according to the invention.

In 1 the encryptor encrypts a data stream. To do this, the encryptor selects a random key r and sends it to the decryptor over a secure channel, or the encryptor and the decryptor use a key exchange algorithm to obtain this key r. The key r is used as the initial vector IV of a hash function or via a key derivative function (KDF).

The encryptor chooses a random block length I. A random number between 0 and the size of the available data or the block size limit is chosen. The random block length I is converted into a series of bytes w1 through any encoding method, including variable length or fixed encoding. The encryptor creates a hash value h1 with a length of 1 byte. Then each byte w ₁ [i] of the array of bytes w ₁ to c ₁ [i] is encrypted with c ₁ [i] = w ₁ [i] ⊕ h ₁ and the hash function is used with two single-byte values w ₁ [i] and c ₁ [i] updated. This is repeated successively until all bytes of array w ₁ are encrypted. The encryptor then sends c ₁ to the decryptor.

Then an array w ₂ of length l containing l bytes of user data is read and a hash value h ₂ is generated to represent the user data c ₂ with c ₂ [i] = w ₂ [i] ⊕ h ₂ [i] for to encrypt all i E [0, 1). The hash function is updated with two l-byte values w ₂ and c ₂ . Finally, the encryptor sends c ₂ to the decryptor.

The ones in the loop box in 1 The steps shown are repeated until all data is encrypted.

2 shows how the decryptor decrypts a data stream. The decryptor receives the large random key r, which is obtained from the encryption ler was sent over the secure channel. Then the decryptor initializes a hash function with the large random key r. After that, the decryptor receives c ₁ from the encryptor.

The i-th byte c ₁ [i] is read, a hash value h ₁ with a length of 1 byte is generated, the read byte w ₁ [i] is decrypted with w ₁ [i] = c ₁ [i] ⊕ h ₁ and the hash function is updated with two single-byte values w ₁ [i] and c ₁ [i]. Then w ₁ is converted into the length l.

After that, the decryptor obtains c2 of length l from the encryptor and creates a hash value h2 of length l around the user data w ₂ with w ₂ [i] = c ₁ [i] ⊕ h ₂ [i] for all i E (0, l ) to decipher. The hash function is updated with two l-byte values w ₂ and c ₂ .

The ones in the loop box from 2 The steps shown are repeated until all data is decrypted.

The encryptor sends both c ₁ and c ₂ as a data stream to the decryptor, and it is impossible to separate them without decrypting them.

In terms of speed, the method according to the invention for encrypting and decrypting a stream cipher is close to AES or ChaCha20 ciphers, with the speed depending on the hash function used.

The main advantage of this stream cipher is that it uses two different sources of entropy: the uniform distribution of the cryptographic hash function used and a cryptographically secured pseudo-random number generator to bring the entropy as close to noise as possible.

The advantage is that you get random noise. However, if the correct output vector is known, it is possible to decode it into the correct byte stream.

To prove this, the statistical tests defined in NIST SP 800-22 (“Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications” Spaecial Publication 800-22, Technology Administration U.S. Department of Commerce) were used.

Every data stream that was generated with this stream cipher according to the invention has passed all tests of NIST SP 800-22.

• > ent 1 mb.zeros.bin.kcrt
• Entropy = 7.999825 bits per byte.
• Optimum compression would reduce the size of this 1049135 byte file by 0 percent.
• Chi square distribution for 1049135 samples is 254.44, and randomly would exceed this value 49.81 percent of the times.
• Arithmetic mean value of data bytes is 127.5804 (127.5 = random).
• Monte Carlo value for Pi is 3.136816219 (error 0. 15 percent).
• Serial correlation coefficient is -0.001527 (totally uncorrelated = 0.0).
• > ent 1 mb. zeros. bin. 2. kcrt
• Entropy = 7.999823 bits per byte.
• Optimum compression would reduce the size of this 1049281 byte file by 0 percent.
• Chi square distribution for 1049281 samples is 257.96, and randomly would exceed this value 43.64 percent of the times.
• Arithmetic mean value of data bytes is 127.4936 (127.5 = random).
• Monte Carlo value for Pi is 3.139318390 (error 0.07 percent).
• Serial correlation coefficient is -0.000392 (totally uncorrelated = 0.0).
• > ent 1gb.bin.kcrt
• Entropy = 8.000000 bits per byte.
• Optimum compression would reduce the size of this 1074047712 byte file by 0 percent.
• Chi square distribution for 1074047566 samples is 220.91, and randomly would exceed this value 93.98 percent of the times.
• Arithmetic mean value of data bytes is 127.4975 (127.5 = random).
• Monte Carlo value for Pi is 3.141752890 (error 0.01 percent).
• Serial correlation coefficient is -0.000005 (totally uncorrelated = 0.0).
• >

Also, an example of measuring the quality of entropy is shown below, "ent" is a special utility for measuring the quality of entropy in a file, developed by John Walker (e.g.: http://www. fourmilab.ch/random/):

• > ent 1 mb.zeros.bin.kcrt
• Entropy = 7.999825 bits per byte.
• Optimum compression would reduce the size of this 1049135 byte file by 0 percent.
• Chi square distribution for 1049135 samples is 254.44, and randomly would exceed this value 49.81 percent of the times.
• Arithmetic mean value of data bytes is 127.5804 (127.5 = random).
• Monte Carlo value for Pi is 3.136816219 (error 0. 15 percent).
• Serial correlation coefficient is -0.001527 (totally uncorrelated = 0.0).
• > ent 1 mb. zeros. am. 2. kcrt
• Entropy = 7.999823 bits per byte.
• Optimum compression would reduce the size of this 1049281 byte file by 0 percent.
• Chi square distribution for 1049281 samples is 257.96, and randomly would exceed this value 43.64 percent of the times.
• Arithmetic mean value of data bytes is 127.4936 (127.5 = random).
• Monte Carlo value for Pi is 3.139318390 (error 0.07 percent).
• Serial correlation coefficient is -0.000392 (totally uncorrelated = 0.0).
• > ent 1gb.bin.kcrt
• Entropy = 8,000,000 bits per byte.
• Optimum compression would reduce the size of this 1074047712 byte file by 0 percent.
• Chi square distribution for 1074047566 samples is 220.91, and randomly would exceed this value 93.98 percent of the times.
• Arithmetic mean value of data bytes is 127.4975 (127.5 = random).
• Monte Carlo value for Pi is 3.141752890 (error 0.01 percent).
• Serial correlation coefficient is -0.000005 (totally uncorrelated = 0.0).
• >

In this example, two files are encrypted using a stream cipher according to the invention: one contains 1 megabyte of zeros and the second contains 1 megabyte of random bytes. A megabyte with zeros will be encrypted twice. All encryptions were performed with the same initial vector. As you can see, it is almost entirely noise and all resulting files are distinguishable when using the same input with the same initial vector, making this encryption probabilistic.

Claims (2)

A method of encrypting a data stream with a random block size in a communication system, comprising the following steps: (a) A random key r is selected by a user, which is used as the initial vector IV of a hash function and/or via a key derivation function. (b) To determine the size of the block l, a random number between 0 and the size of the available data or the block size limit l is chosen. (c) The size of the block l is converted into an array of bytes w ₁ by any encoding method, including variable length or fixed encoding. (d) For the ite byte wl[i], a hash value h ₁ of length 1 byte is generated, the byte w ₁ [i] becomes c ₁ [i] with c ₁ (i) = w ₁ [i] ⊕ h ₁ is encrypted, and the hash function is updated with two single-byte values w ₁ [i] and c ₁ [i]. (e) Step (d) is repeated for all bytes in . (f) An array w ₂ of length l containing l bytes of user data to be encrypted is created. (g) A hash value h ₂ of length l is created to encrypt the user data c ₂ with c ₂ [i] = w ₂ [i] ⊕ h ₂ [i] for all i ∈ [0, 1) too encrypt, and the hash function is updated with two l-byte values w ₂ and c ₂ . (h) c ₁ and c ₂ are stored or sent over a network. (i) If the input contains more data, the steps from step (b) are repeated. Method for decrypting a with a method according to Claim 1 encrypted data stream with random block size in a communication system comprising the following steps: (a) The random key r is obtained from the user and used as the initial vector IV of a hash function and / or via a key derivation function. (b) The ite byte c ₁ [i] of the input is read, a hash value h ₁ with a length of 1 byte is generated, the read byte w ₁ [i] with w ₁ [i] = c ₁ [i] ⊕ h ₁ is decrypted and the hash function is updated with two single-byte values w ₁ [i] and c ₁ [i]. (c) Step (b) is repeated until the entire block l has been decrypted from the input as w ₁ , the number of attempts depending on the encryption method used, which may be variable length or fixed encoding. (d) An array c ₂ of length l is created to receive the next l bytes of the input to be decrypted. (e) A hash value h ₂ of length l is created to decrypt the user data to w ₂ with w ₂ [i] = c ₂ [i] ⊕ h ₂ [i] for all i ∈ [0, l). , and the hash function is updated with two l-byte values w ₂ and c ₂ . (f) w ₂ contains the decrypted block and is stored or sent over a network. (g) If the input contains more encrypted data, the steps from step (b) are repeated.

Images