DE19807020A1 - Method of secure encoding of data for secure data communications - Google Patents

Abstract

The method involves using an individual key dependent on a password of variable length and block number to encode an information flow divided into blocks of variable length. The variable length blocks are divided into two equal parts in a first step. The bytes or bits of the first part are combined with those of a sub-key (Ln) and those of the second part with the secure text of the first part. The second part of the secure text is formed from the second part of the data block. Both parts are finally interchanged. In a second step the previously arising data block is divided into four parts dependent on the key. In a third step the individual bytes or bits are recombined into another sequence depending on the key. In a fourth step the resulting data block is combined with a sub-key (Sn) byte for byte or bit for bit.

Description

The invention relates to a device according to the preamble of claim 1 to 9.

In order to ensure the safest possible data transmission, the information to be backed up encoded with the help of pseudo one-time pads, which are used for transpositions, among other things.

It is known to keep secret information using special methods, e.g. B. Transpositions too encrypt. Data, which is usually in the form of bit sequences, is stored in all possible forms Variations transposed, substituted or concealed. Such methods are described in the patents DE 39 05 667 C2, WO 95/25392 or US 4275265.

The disadvantage of the methods mentioned is that they sometimes have fixed block lengths and thus cannot react very flexibly to changed circumstances. In addition, the ones to be used Keys are also fixed to a fixed length and can therefore, like the complexity of the procedures itself, not to be adapted to the increasing computing power.

The object of the invention is to use an arbitrarily long password and any Allow block length. It is also an object of the invention to address the complexity of the encryption system to adapt the computing power to the respective time, so that none of the unrequested decipherers Possibility to analyze and analyze multiple secret texts with ultra-modern IT systems possibly to decipher. Furthermore, it is an object of the invention, the present To mix and substitute information stream in such a way that an efficient unauthorized decipherment not possible. It is the primary object of the invention to secure any type of computerized data to encrypt.

This object is achieved by a device with the features of claims 1 to 9.

You are not restricted to certain data types or areas of application, but can do ENIGMA Apply 2000 in all possible forms. This means that it can be installed in existing programs nothing in the way. The ENIGMA 2000 was developed for data that is available locally or via Data lines to be transported must be reliably protected against unauthorized access. As examples May be mentioned: home banking, email traffic and the storage of sensitive data, such as B. with lawyers, doctors or authorities. When choosing the password, the user is not on limited part of the character set, but it can consist of all characters of the ASCII code put together. The length of the password is also not subject to any restrictions. You are not forced to use an abbreviated password that may be difficult to remember or even have to write it down. Especially when used as a backup system for databases ENIGMA 2000 is particularly suitable because it has a variable block length, i.e. with different lengths Can handle database fields. It is a non-redundant storage as well as transmission and therefore saving of storage space and transmission time possible. Furthermore, at ENIGMA In 2000, fine encryption of encryption security was possible, in order to meet the requirements of the respective Meet users. The enormous flexibility achieved thereby enables a universal and future-proof use of the ENIGMA 2000 encryption system.  

The Enigma 2000 I. Structure of the Enigma 2000

The Enigma 2000 consists of a variable number N (N <2) of TpaC (transposition polyalphabetic coding block) coding blocks, each of which is initiated by a τ function. As input, the TpaCs need an input text (T ₀ ) of variable length (λ) and a key (S _n ) of the same length. The original information flow is cut into appropriately long blocks according to the situation and these are given a consecutive number (ω). It starts with number one. The required partial keys (B _n and L _n ) are formed from S _n . The TpaCs provide the intermediate secret text (T _{n + 1} ) as output, which is passed as input to the TpaC _{n + 1} until n has reached the value N. T _N is the final ciphertext.

A TpaC ( Fig. 1) essentially consists of four parts: First, the τ function ( Fig. 2), which, by encrypting the text with itself, makes the encryption dependent on the plain text, secondly the splitter ( Fig. 3), of the Einganstext decomposed as a function of frequency, in the key B _n occurring bit transitions, in four parts, thirdly the Rekonjugator (Fig. 3), in turn a function of the key B _n each other adds and fourthly the polyalphabetic enciphering PS _n, these four sections that links the resulting intermediate text byte or bit by bit with the key S _n .

I.1. The τ function ( Fig. 2)

It requires the key L _n as input and the output (T _n-1 ) of the TpaC _n-1 or, if n = 1, the actual plain text T ₀ and provides an λ byte long secret text Zgt (τ) _n as its output Xth character is referred to below as Zgt (τ) _n∼x .

The process: The input string T _n-1 is cut into two strings K ₁ and K _{2 of} equal length, the latter (K ₂ ) forming the first part of the ciphertext:

For x ε {1; µ}: Zgt (τ) _n∼x = K _2∼x where µ = λ / 2

The second part of the ciphertext is formed in the following way:

For x ε {µ + 1; λ}: Zgt (τ) _n∼x = (Zgt (τ) _{n∼ (x-1)} + K _{∼ (λ + 1) -x} + L _n∼x ) mod 256

As you can see from the feedback formula, changing a character from K ₁ affects all subsequent characters. The string K ₁ , caused by the index (λ + 1) -x, is read from behind. This means that the next time the τ function is executed, all characters that were before the changed position are affected by the change.

The resulting ciphertext is again λ bytes long and can be transferred to the TpaC _{n + 1} . The τ function offers enormous protection, since the actual encryption depends not only on the password, but also on the text to be encrypted. However, information has now been encrypted and the key supplied. It is therefore necessary to ensure that the characters of Zgt (τ) _{n are} shifted depending on the key and that their positions are no longer traceable for the uninitiated decipherer.

This task is performed by the following two modules - the splitter and the Reconjugator - solved.

I.2.1 The Splitter ( Fig. 3)

The splitter first analyzes the subkey B _n by counting how many bit transitions ([00], [01], [10], [11]) are present. A bit can only be an element of a transition, and of course its bits must be adjacent. Example: (010) is not [01] and [10] but only [01] (processing of links).

If the frequencies (| [00] | = a; | [01] | = b; | [10] | = c; | [11] | = d) are now known, the input text is divided into four groups M ₁ to M ₄ cut up and handed over to the reconjugator. The cuts are made according to the positions a, a + b and a + b + c.

I.2.2 The Reconjugator ( Fig. 3)

After the plaintext is available in the four groups M ₁ , M ₂ , M ₃ and M ₄ , the work of the reconjugator begins. To do this, he analyzes the bit transitions of B _n and performs the following mapping on Zgt (R) _n . The nth bit transition of B _{n is} referred to as B _n∼x . The current bit transition is now considered, and the current character of M ₁ , M ₂ , M ₃ or M _{4 is} accordingly written to the current position of Zgt (R) _n . The bit transitions are assigned as follows:

[00] → M ₁ [01] → M ₂ [10] → M ₃ [11] → M ₄

Is z. B. B _n∼745 = [10] and 126 [10] transitions have already preceded, the reconjugator takes the (c-127) most character from M ₃ and places it at the 745th position in Zgt (R) _n .

To turn the ends of the block "inside", you start reading the strings from M ₁ to M ₃ from the back, but from M ₄ from the front (hence the c-127). To illustrate the whole thing a little more, the following example: We have 100 ice cream cones, four ice cream cones, an ice cream seller, a list with 100 characters of the set {1; 4} and a queue of 100 children. Before the work begins, the ice cream seller fills the ice cream cones (M ₁ to M ₄ ) with a certain amount of waffles (a, b, c, d) and then serves the first child. If there is now a "2" on his list as the first character, he takes the required waffle from the second ice cream cone tube and gives it to the child. Depending on which character is next on his list, the second child receives a waffle from tube 1 , 2 , 3 or 4 . Since the ice cream seller already knew how many characters of each type are on his list (B _n ) (a, b, c, d), it cannot happen that e.g. B. the third tube is empty, although there is still a "3" on the list. Nor can it happen that a waffle remains after the hundredth child. This action has now reorganized the order of the waffles as supplied by the manufacturer. The new sequence is now available in the form of the children's series.

In order to create a reference to reality, the following assignments should now be observed: The ice cream cones are the information units (bytes, bits), the four ice cream cones are M ₁ to M ₄ , the ice cream seller is first a splitter, then a reconjugator, the list is B _n and the children's series (with waffles) is Zgt (R) _n .

The peculiarity of the reconjugator lies in the fact that no fixed displacement is specified for the transposition, but rather this is done by a pseudo-one-time pad (B _n ) that is generated by the SEM. So far, one-time pads (one-off, random sequence of characters) have only been used in stream encryption systems. Messages can be encrypted with absolute security using randomly generated one-time pads. The security of the encryption also lies in the quality of the SEM and the pseudo one-time pads (B _n ) it generates.

I.3. The final polyalphabetic cipher PS _n

After the reconjugator has done his work, he transfers the intermediate secret text Zgt (R) _n to the module PS _n . It receives the λ byte long text Zgt (R) _n and the key S _n as input. As output, it delivers a λ byte long string, which is passed as input to TpaC _{n + 1} , as long as n ≠ N. The actual polyalphabetic encryption is relatively simple mathematically. The decimal values of Zgt (R) _n∼x and S _n∼x modulo 256 are added. The decimal result is then converted back into an ASCII character. You have a different key for each intermediate text block, which is as long as the text itself. The linkage at the bit level can be carried out just as well.

The keys S _n form a "pseudo one-time pad" which is added to the ciphertext. The length of this "pseudo one-time pad" corresponds to that of the ciphertext. If this is to be deciphered without being called, all possibilities must be tried if the password is not known. This means that each character has to be shifted by all possible values (256 pieces) to get the correct result. With a block length of λ bytes, the number of possible individual keys is 256 ^λ . The undeclared deciphering is impossible without some help, because you can generate any possible plain text from a secret text and any individual key. Decoding by means of an analysis of character frequencies or the analysis of periodic occurrence of character pairs is therefore ineffective. Even in the case of a partial compromise of plain text / cipher text, this does not immediately lead to the disclosure of the entire plain text. Encrypting with individual keys makes it extremely difficult, if not impossible, to decipher unrequested.

II. The key generation module Sem II.1 Demands on the semester

In the following paragraph I would like to go into the formation of the individual sub-keys S _n , B _n and L _n . Three keys of different lengths are required: the λ byte key S _n , the λ / 2 byte key L _n and the λ / 4 byte key B _n . B _n and L _n are each generated from S _n by key _selection methods.

All keys should be generated by a function that enables the keys easily from the password, but not from them. In addition, the function produce a key that creates a sufficiently random sequence of numbers, but which is in depends heavily on the password.

II.2. The structure of the sem

As an input, the sem requires a password in the form of an arbitrarily long character string Pw. As an output, it delivers the keys S _n , B _n and L _n in the form of character strings. The reversibility of the function is not desired, but it must be ensured that the decoder called (with knowledge of the password) can understand the formation of each sub-key. It follows that the formation of the keys for the encryption and for the decryption must be identical.

Since the user of the Enigma 2000 has the option of using an arbitrarily long password, Pw must be brought into a suitable form at the beginning. For practical reasons, however, it is advisable to adjust the length of the password to the occasion. If the password is η characters long, the number of possible passwords is equal to the following sum:

| Pw | = 256 ^η

However, since we need fixed-length strings as output, we have to try to change Pw so that it delivers fixed-length results without losing information. This is possible if you break down the password and pass the fragments as parameters to a function that can handle a variable number of parameters. The password is broken down as follows: First, the length η of Pw is recorded. Then the decimal value of each character is divided by 255, as δ ₁ , δ ₂ ,. . ., δ _η stored and passed to the function ψ (δ ₁ , δ ₂ , _... , δ _η )

With:

This function can be continued in itself and can therefore take any number of parameters. δ ₁ , δ ₂ ,. . ., δ _η are previously multiplied by π and viewed as radians. As a result, the function always returns a value between 0 and 1. The function value ψ (ω, δ ₁ , δ ₂ , _... , Δ _η ) is calculated to 9 decimal places and the result is converted as shown in the following sketch:

S, A and M are now increased by 768 and used in the following nonlinear functions:

Before the fields are processed further, they form the module with respect to 65537 (= 2 ¹⁶ +1). Each field contains 2 bytes, which are now read out line by line.

The required key S _{n can be} obtained by calculating λ / 8 lines. The byte pairs joined together now form the λ byte key S _n . B _n and L _n can be obtained by dividing S _n into groups of 4 and 2, respectively, and adding their signs modulo 256. This gives B _n λ / 4 and L _n λ / 2 characters, which are now available for encryption. With each additional block, S _n , B _n and L _{n are} recalculated.

III. The decoding

The decoding is basically the same as the encryption, only the other way round. Since the images made are all reversible, you only have to make sure that the decoder uses the correct password in order to get the right keys. If an unscrambled decipherer tries to reverse the encryption without knowing the password, he is faced with the problem that with N = 2 and λ = 100 there are already 256 ²⁰⁰ (approx. 10 ⁴⁸² ) possible keys. This number could be narrowed down by eliminating those that do not result from a potential password. However, this is not possible because the function ψ (n, s, δ ₁ , δ ₂ , _... , Δ _η ) is constructed in such a way that the explicit representation of δ ₁ , δ ₂ ,. . ., δ _{η is} not possible. This means that the uninitiated decipherer only has the option (no other options for uninvited deciphering of the Enigma 2000 are currently known) to test all passwords.

V. Final remark

The Enigma 2000 was created to facilitate the exchange of information between two Encrypt communication partners to a high degree secure against eavesdropping. It wasn't designed to communicate spontaneously between two parties that have never existed before have met to secure. The basic idea of the system requires new passwords secured routes, ideally at a personal meeting agreed, exchanged using a public key procedure or even in every message to be built in. As mentioned at the beginning, one must assume that the system callers and sufficient ciphertext material are available stands. The only condition that, like other encryption systems, is always met must be the confidentiality of the password.

I would also like to note that with a password length of more than λ characters, the Password is distributed over several ciphertext blocks. This will make the effect of individual key increased even more and decoding through successive Exhaustion made even more inefficient.

Claims (9)

1. A method for coding a, divided into blocks of variable length information stream with the help of a previously generated, depending on the password of variable length and block number dependent key, characterized in that the data block of variable length is broken down into two equal parts in the first step, of which the bytes or bits of the first section are linked to the bytes or bits of the subkey L _n and the bytes or bits of the second section to form the first section of the ciphertext, so that the second part of the ciphertext is formed by the second part of the data block, that both parts then exchanged that in the second step the data block previously created is split into four parts dependent on the key B _n and in the subsequent third step the individual bytes or bits are reassembled in a different order depending on the key B _n , that in the fourth step the resulting data block m it is linked to the subkey S _n byte by byte or bit by bit. 2. The method according to claim 1, characterized in that the required keys are created using mathematical functions that the explicit representation of the parameters (password bytes, block numbers,...) Is not possible (at least one transcendent equations) that the equations are the same There are elements that each use a letter of the password as a parameter, that the equations per password letter are expanded by one element, that the values of the equations are between 0 and 1 and according to the scheme recorded on page 5 above into the required parameters for the Table calculation are converted, that the block number is included in the calculation, that the key S _{n is obtained} from the fields of the table shown on page 5, that the sub-keys L _n and B _{n are formed} from the key S _n by linking its bytes that the keys provided by the equations are sufficient nd are random sequence of bytes. 3. The method according to claim 1 and 2, characterized in that the reading of the bits of the first section K _{1 is} carried out from behind, that the length of the four block sections depends on the bit transitions in B _n that the permutation of the data block depending on Bit transitions occurring in the key B _n occur. 4. The method according to claims 1 to 3, characterized in that to increase the Cryptosecurity the procedure can be used several times for each additional one Pass new keys can be made. 5. A method for decoding a method as shown in claims 1 to 4, characterized in that the modules of the ciphering agent are reversed and the inverse keys S _{n '} , B _n' and L _{n '} and the inverse of K ₂ are used . 6. The method according to claims 1 to 5, characterized in that the implementation can be done in both hardware and software and processing both can be carried out at the byte and bit level. 7. The method according to claims 1 to 6, characterized in that the key by a other method can be generated that has the same or similar properties. 8. The method according to claims 1 to 7, characterized in that the method on locally available data can be applied. 9. The method according to claims 1 to 8, characterized in that the method on Data blocks that are intended for transmission are used.