DE2252670C3 - Method and arrangement for encrypting and decrypting data blocks - Google Patents

Description

a) for each shift register of the first and the second group the output of the last Stage to connect to the input of the first stage (15, 25, 35, 45, 90, 91, 92, 93);

b) around each shift register of the first group, each with an assigned shift register connecting the second group in series (80, 81, 82, 83);

c) to the output of the last stage of each shift register of the second group with the Input of the first stage each to an assigned shift register of the first group connect (84, 85, 86, 87).

7. Arrangement according to claim 3, characterized in that the modifying device (50, 52) contains a modulo-2 "adder whose η input pairs with the η output stages of the shift registers of the first group (10, 20, 30, 4P) and with are connected to an n-bit output register of the key block memory (16).

8. The arrangement according to claim 7, characterized in that the modifying device (50, 52) contains a substitution unit (52) with η inputs, η outputs and a control input, the η inputs of which are connected to the η outputs of the modulo-2 "adder , and which outputs one of two permanently assigned output bit combinations for each input bit combination, depending on which binary value is fed to the control input as a control signal.

9. Arrangement according to claim 8, characterized in that a «-stage control register (TSR) is provided. which is connected to the η outputs of the key block memory (16), and which is connected to the control input of the substitution unit via a control line (KS).

With interconnected networks of data processing systems today has an ever increasing number of users the possibility of remote access to extensive databases. This also increases the need to keep data confidential.

Various data security measures are already common within data centers, so z. B. Restriction of access to a certain group of people, locking of devices by mechanical locking devices, etc. These measures are not, however, for systems with remote access suitable.

One technique known as "memory area protection" is to protect different areas of the Memory associated with keywords. The user programs are also based on their authorization Keywords are assigned and authorization checked by comparing the keywords, e.g. B. by special circuits. This method but does not protect against unauthorized access

by persons who know how the system works. 1 shown arrangement for locking

_n au know and by certain manipulations seiung and decryption, hereinafter encryption

can bypass this space protection. Called key arrangement, processed in each case

In the field of messaging, a message has become 32 bits. Encryption and Entdje Encryption, as a means of encryption, has long been used according to the same scheme.

secrecy and backup of messages recognized taken. Under control of a 64 bit large

and applied. So z. B. the individual key, which is divided into 16 segments, which

Characters (letters, numbers, etc.) by others "
Replaced characters, the assignment being a key

, g

hereinafter referred to as "minibytes", all messages repeatedly pass through three different ones

All messages are repeated three times

be resp. code corresponds to the non-linear transformations for the reverse transformation. A key access bearer, d. H. applies to decryption. Examples of the plan shown in FIG. 2 shows the selection and USAPt 29 64 856 keep the minibytes forwarded during execution.

The following applies to central units and data stations

same key access plan, with reference to

USA patents 29 64 856 and 29 84 700.

Another procedure is a continuous

The following sequence of key characters is exactly the opposite of this plan for the data station other characters of the plain text combined, as for the central unit As in FIG. 2 is shown e.g. by non-equivalence link. The encrypted message is then only recognizable if you

se,

knows how the sequence of key characters generates the figure adds Shlülih

encryption and decryption are carried out at the data station by reading the plan from left to right right and from top to bottom, while on the

will. Examples of generators from key characters- 20 central processing unit reading from left to right and Follows are in U.S. Patents 32 50 855 and bottom-up. The plans for data-33 64 308 included. The station and central unit can of course be

Furthermore, devices have become known to be exchanged without the process thereby operating messages to be transmitted are systematically reversed, and a sender and receiver are ordered (interchanging parts of the following pair with mutually reversed direct) in order to achieve secrecy. Plans work.

From the IBM Technical Disclosure Bulletin, The 16 minibytes of the key are identified

VoI. 14, No. 3, August 1971, pp. 1004 to 1008, is a characterized by the mini byte addresses 0 to 15; The encryption system for encryption and decryption are available in the memory 16. The memory of data blocks of predetermined length is known, at 30 16 is a data memory with random access, e.g. B. one that uses encryption from core memory or solid state memory. It must be made up of π bits of keywords ". The system contains two groups of η each parallel
Shift registers for receiving a data block to be encrypted. The contents of the shift registers 35
is cyclically shifted step by step, and the encryption is carried out with the content swapped
associated pairs of shift registers.

With most of the known encryption systems it is still possible to recognize the encryption scheme within the encryption arrangement if one has the opportunity to move one bit position to the right according to the messages specially compiled for this purpose.
e.g. sequences of zeros with a single one in
specific position - through the establishment too
and then to analyze the output result
sate.

The object of the invention is to create an improvement here so that it is practically impossible to convert the encrypted data blocks into the
Encryption scheme or the key for recognition (convolution) of the results of these transns and thus the actual unencrypted formations with the other half of the block; to recover data.

The stated object is achieved by the invention defined in claim 1. Beneficial Further developments or refinements of the invention 55 are described in the subclaims.

An embodiment of the invention is shown in the drawings and will be described in more detail below described. It shows

1 shows a block diagram of an inventive 60
appropriate arrangement for the encryption and decryption of data blocks. D; e execution of an encryption cycle unc

2 shows a key access plan for the Ln: a subsequent exchange cycle.
would take / i-bit words from the key block- The working of the encryption arrangement

Memory during an encryption or escape is shown in FIGS. 1 and 2. The closures Coding operation, management arrangement does not distinguish between the

3 shows in a block diagram the substitution, encryption and decryption operations! unit of Fig. 1 and can be within a data processing unit

quick access to each segment consisting of 4 bits (minibyte) due to a 4-bit long segment Allow Z address.

The following are definitions of some of the terms used in the description.

Sliding operation
The movement of binary information in the sliding

the respective circulation paths that are defined under the various output and input lines of these registers can be.

Encryption cycle

Performing a triple transform on each of the four-bit minibytes in one half of the message block and the mini

sequentially executing this process, four shift operations are performed.

Exchange cycle

The execution of four shift operations, with the orbits between the registers se

are specified that the two halves of a block; swap places.

round

network either in a transmission or in a Receiving station.

One application of such an encryption arrangement is e.g. B. described in the patent application P 22 31 894.6. In order to simplify the description of the present arrangement, only the Encryption described; however, the description applies equally well to the decryption, since the Arrangement, as I said, does not differ between the two operating modes.

To begin encryption, the 32-bit message is entered via the parallel input lines 2, 4, 6 and 8 in groups of 4 bits each. Since the arrangement works with blocks of 32 bits each, 8 minibytes are entered sequentially - but the 4 bits of each minibyte in parallel - through input lines 2, 4, 6 and 8. While successive minibytes are being loaded, the bits in the input registers and the mixing registers are shifted one bit to the right. After 8 consecutive minibytes have been inserted into the register, all positions of the input register and the mixed register contain the binary information that forms a message block. During the load operation, lines 80, 81, 82 and 83 connect between input and merge registers. At the same time, the register feedback lines 15, 25, 35, 45 and 36 to 39 of the input registers and the mixed registers are disconnected. Thus, no information can flow via lines 15, 25, 35, 45 and 36 to 39. Effectively, each pair consisting of input and mixing registers appears as an eight-bit long shift register during the loading process.

After the message has been completely entered into the registers, the encryption process can begin. First the cycle control counter (ZZ) 9 is set to 0. The cycle control counter 9 is a 7-bit binary counter, the content of which is increased by the value 1 for each shift operation in progress until the value 128 in the counter is sensed by a device (not shown) and the encryption or decryption is thus ended . At the end, the 32-bit message text in the register sets is ready for processing or transmission. The cycle control counter 9 recognizes each individual shift operation by the shift operation signal 3.

As has already been said, the entire encryption system works under the control of a 16 minibyte key. The 64-bit block of binary characters which represents a unique user key is stored in a memory 16, from which the minibytes are then taken according to the Z addresses corresponding to the key access plan (FIG. 2). If z. B. the minibyte at address 15 (addresses are indicated by the numbers 0 to 15 at the top of memory 16 ) and is to be output via the lines KA, KB, KC and KD , there is the input Zl, Z2, Z3, Z4 to the memory 16 of four one-bits on the Z address lines. Lines Z1 to Z4 represent the decimal values 1, 2, 4 and 8. In a similar manner, any other of the 15 minibytes can be selected by a Z address and presented via lines KA , KB, KC and KD .

Once entered, the encryption cycle loop lines 15, 25, 35, 45, 90, 91, 92 and 93 energized and lines 80 to 83 switched off, so that the input registers and the mixing registers become circulating registers, i. H. in every sliding

5 operation becomes the far right bit of each Register via the encryption cycle lines to the leftmost memory position of the same register sent back.

From Fig. 2 it can be seen that in the first round

ίο the first selected Z address is »0«. The Minibyte0 is thus presented over the lines KA, KB, KC and KD . This minibyte 0 is loaded into the transformation control register TSR. The TSR is loaded with a new minibyte at the beginning of each encryption cycle. After the minibyte is loaded, the TSE shift register contains four control bits which are then presented sequentially (one bit at a time) during each shift operation within the encryption cycle.

On the line labeled KS , the rightmost bit of the TSR is input to the substitution unit 52, which carries out a non-linear transformation with the output signals of the binary adder 50, so that the substitution signals Γ0, Tl, Tl and Γ3 are generated. After loading the TSR , the Z address selects minibyte 1, which is loaded into the addend register, which in turn forms an input to the binary adder 50. This adder 50 carries out a modulo-16 addition with the content of the addend register (AO, Al, Al and A 3) and the output bits of the input register (MO, Ml, Ml and M 3) and supplies sum output signals 2Ί, Σΐ, Σ 3 and Σ4. This addition step represents a non-linear transformation for every 4 bits of the message to be encrypted.

The substitution output signals T are a function of the selected minibytes of the key and the message bits MO, Ml, M 2 and M 3. The selected minibytes of the key are identified by the key access plan of FIG. 2 and are used to generate the function T = T (K, M) by the adder 50 and the substitution unit 52. After the control bit group T has been obtained,

the binary signals T 0, Tl, Tl and T3 are used to modify and transform the other half of the message block, which is in the mixing registers. The transformation takes place as a ModuIo-2 operation (non-equivalence operation), the

is carried out by the antivalence elements 60 to 67. The antivalence elements 60 to 67 are arranged between two memory cells of the mixed register, each such register having a pair of antivalence elements (60-61, 62-63, 64-65, 66-67),

only one of the two non-equivalence elements of each pair is operated during a shift operation. The arrangement of the non-equivalence elements 60 to 67 within the mixing register is a matter of the respective construction.

The key access plan in FIG. 2 shows that the next Z address to be selected is "2", which is used for permutation control. The Minibyte2 is put on the lines KA, KB, KC and KD . The signals KA to

KD (control bit group K) are combined with the signals TO to T3 (control bit group T) and with a further control signal B in 'logic elements (not shown in detail) as in the

Lines 100 to 107 are specified by Boolean expressions. The combination signals corresponding to these Boolean expressions are sent via the lines 100 to 107 to one input of the antivalence elements 60 to 67 each. The encryption cycle control signal B always has a binary value "1" during the encryption cycles and is set to "0" during all other times. When the control signal B = 0, the ORs (modulo-2 adders) 60 to 67 are effectively taken out of operation in the convolution registers.

When the TSR and the addend register are loaded with minibytes 0 and 1 and the Z address now selects minibyte 2 for permutation control in order to effect the corresponding permutation of the mixed register, the encryption arrangement is ready for the first shift. At this point in time the binary adder 50 and the substitution unit 52 have worked in sequence to carry out two consecutive non-linear transformations with four message bits (MO to M 3) which are in the rightmost bit positions of the four input registers 10, 20, 30 and 40 . A transformed minibyte T consisting of four parallel bits appears at the outputs of the substitution unit 52, which, as indicated above, is modified by the K and B signals and then presented to the antivalence elements 60 to 67. In the event of a shift, only one antivalence element from each pair is in operation. This is achieved through the use of the real and the complementary permutation control signals K.

After the T bits have been generated, the contents of the input register, the mixed register and the transformation control register TSR are now caused to be shifted to the right by one bit position under the control of the shift signal 3. Since the encryption cycle control signal B is binary 1 at this time, the encryption cycle recirculation lines 15, 25, 35, 45, 90, 91, 92 and 93 are turned on and lines 80 to 83 are turned off so that the rightmost bit in each Mixing and input registers are circulated back to the leftmost memory position of the same register. During the shift, the line for the shift signal 3 gives an input pulse to the cycle control counter 9, which keeps track of the number of common shifts carried out during the rounds. The cycle control counter 9 consists of a 7-bit binary counter that counts up to 128.

The first quarter of the lap 1 shift cycle is now complete and the cycle control counter 9 is checked to see if four shifts have taken place. Since the answer at this point in time is negative (the test of the ZZ for 0 modulo 4 has a negative result), the next key minibytes for the addend register and the permutation control are selected with the next Z addresses. In this case, minibytes 3 and 4 are selected according to the key access plan shown in FIG. Since the content of the transformation control register has been shifted one position to the right, a new KS control signal bit is now passed to the substitution unit 52. Then a second shift operation is carried out and the number in the cycle control counter 9 is increased again accordingly.

Similar to the first two shifts, there will be a total of four shifts during the Round 1 is performed and then the encryption cycle is completed. When the tax meter 9 is checked for 0 modulo 4 the fourth time, the answer is "yes"; thereupon an exchange cycle is started executed.

The exchange cycle of the round consists of the transfer of information between the merge and input registers. This exchange takes place on the basis of a 0 signal on the encryption cycle control line B. As a result, the encryption cycle circulation lines 15, 25, 35, 45, 90, 91, 92, 93 are switched off and the lines 80 ¹ to 83 are switched on. The antivalence elements 60 to 67 are also effectively removed from the mixing registers by the zero signal appearing on lines 100 to 107. When signal B is equal to zero, the input registers and the merge registers appear together as a group of four 8-bit circular shift registers. With four shift operations, the information in the input registers can be exchanged for the information in the mixing registers, namely via the circulation paths 80 to 87.During the exchange cycle, each shift carried out increases the number of the cycle control counter 9 by 1. The ZZ is continuously to 0 Modulo 4 tested; If the answer is positive (exchange cycle ended), the ZZ must be checked for 128 again. At the end of the first round, however, the content of the ZZ is different from 128 and therefore the process continues by starting the second round.

Similarly, every 16 rounds are done. After the last exchange has taken place at the end of the 16th round, the ZZ's test for 128 gives a positive answer, and thus the encryption operation is ended. At this point the complete encrypted message appears in the storage locations of the input registers and the mixing registers and is then output from the mixing registers in groups of four parallel bits each. Again, the encryption cycle control signal B is set to 0 so that input and mixing register pairs are connected to one another and form four 8-bit shift registers. The output control HC causes the sequential delivery of eight 4-bit groups so that a 32-bit data block appears as output, which represents the encrypted text to be transmitted (or, in the case of decryption, the plain text to be processed). In order to keep the processing time as short as possible, a new message can be loaded into the encryption arrangement by multiple entries in the input register at the same time as the output of data under the control of the output controller HO. At the end of eight shifts, the encryption arrangement is ready for encryption (or decryption) of the next message block. The cycle control counter 9 is not in operation during the egg / issue phase.

F i g. 3 shows details of the substitution unit 52. It carries out a non-linear transformation m of the 4-bit output { 1 to 1 8) of the binary adder SO and delivers the four bits labeled Ti, T2 and T3 as a result. SUI siitutionseinheit 52 consists of four blocks 200 b

203, each of which generates one of the bits TO to Γ3 from the hexadecimal number output by the adder SO. Each of the four blocks has 16 control inputs to which either the transformation control signal KS, its complement KS or fixed binary values 0 or 1 are applied. The blocks 200 to 203 are connected in such a way that one of the 16 control signals is switched through to the output (for example TO) of the relevant block by the respective bit pattern which appears on the four input lines from the adder 52. If z. B. There is a one bit on all input lines, then

10

each of the blocks 200 to 203 binds the 15th input line with its output (lines Γ 0 etc.). The substitution unit is a code converter that converts each 4-bit word appearing at the input into one of two possible assigned 4-bit words at the output, the selection between the two output codes being made by the binary value djs control bits KS present in each case. There are various possibilities for realizing the substitution unit. Such a possibility shows z. B. the patent application P 22 31849.6.

For this purpose 3 sheets of drawings

Claims (6)

Patent claims: 1. A method for encrypting and decrypting data blocks of a given length using / i-bit words of a key block, in which the entire data block is loaded into a first and second group of shift registers each η parallel and their content is shifted cyclically step by step marked that a) for each step an n-bit combination from the first group of shift registers and an n-bit word from a key block memory is fed to a modifying device, and the η output bits of the modifying device each with η data bits in the shift registers of the linked to the second group, b) after carrying out the step-by-step shifts »o exercise of the register contents and step a) the contents of mutually assigned pairs of Shift registers of the first and the second group with one another in a manner known per se be swapped and then »5 c) again the gradual shifts of the register contents and steps a) and b) are executed. 2. The method according to claim 1, characterized in that the sequence of operations b) to c) is repeated several times, and that then the contents of the two groups of shift registers as encrypted or decrypted data block is output. 3. Arrangement for performing the method according to claims 1 and 2, characterized by a first group (10, 20, 30, 40) and a second group (S3, 71; 54, 72; 55, 73; 56, 74) of each η parallel shift registers, through a memory (16) for the key block, from which the M-bit words can be taken one after the other in a predetermined order, through a modifying device (50, 52) which is associated with the first group of parallel shift registers and the key block Memory is connected and each combined an n-bit word from the key block memory and from the shift registers and emits an n-bit control word (T) at their outputs as well as through logic elements (60 ... 67) between the storage stages of the are arranged in a second group of shift registers and are controlled by one bit each of the n-bit control word (T) which the modifying device outputs. 4. Arrangement according to claim 3, characterized in that the storage capacity of the two Groups of parallel shift registers of the number of bit positions to be encrypted or corresponds to data blocks to be decrypted, with half on the first group and half on the the second group of shift registers is omitted. 5. Arrangement according to claim 3, characterized in that the logic elements (60, 61, 62, 63, 64, 65, 66, 67), which are arranged between the storage stages of the second group of shift registers, are exclusive-order elements, each of which has an input is connected to one output each of the modifying device (50, 52) via a gate circuit to which at least one control signal (KA, KB, KC, KD ) is fed from the key block memory (16). 6. Arrangement according to claim 3, characterized in that connecting lines are provided are