GB2387088A - Data influenced encryption keys - Google Patents
Data influenced encryption keys Download PDFInfo
- Publication number
- GB2387088A GB2387088A GB0207035A GB0207035A GB2387088A GB 2387088 A GB2387088 A GB 2387088A GB 0207035 A GB0207035 A GB 0207035A GB 0207035 A GB0207035 A GB 0207035A GB 2387088 A GB2387088 A GB 2387088A
- Authority
- GB
- United Kingdom
- Prior art keywords
- encryption
- decryption
- key
- data
- cipher
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/08—Randomization, e.g. dummy operations or using noise
Abstract
An apparatus for the encryption/decryption of data with built in features enabling the dynamic modification of the encryption key and optionally the encryption algorithm. On the encryption side, either a data feed captured during encryption or a cipher-gram feedback captured after encryption is used to modify the encryption key prior to encryption of the next data portion. An additional feature allows the insertion and execution of randomly embedded encryption algorithm modification instructions. These instructions are applied and then encrypted within the output cipher-gram. On the decryption side, either a cipher-gram feedback captured during decryption or a data-stream feed captured after decryption is used to modify the encryption key prior to decryption of the next cipher-gram portion. An additional feature allows for the execution and removal of randomly embedded decryption algorithm modification instructions. These instructions are applied after their decryption and are then removed from the output data-stream.
Description
a 2387088 Method and Apparatus for Data Encryption/Decryption This
invention is in the field of cryptology and introduces a method and apparatus for data
encryption/decryption. Data encryption consists of using an algorithm to apply an encryption key to information (data) to make that information unintelligible: thereby restricting the intelligent use of the information to those who know/have the correct decryption key. Encryption/decryption keys may be asymmetric - a pair of complementary keys used to encrypt and decrypt the data, respectively; or symmetric -
same key used for both actions. Transposition, substitution, and/or product algorithms that apply the key to the data are often very complex and are usually classified as block or stream ciphers. In all cases, however, the key remains stable, unless either or any of the participants invokes a key exchange. Key exchange requests are made to reduce the risk of cryptanalysts discovering the keys deployed.
Keys often remain stable until one of the participants detects an unusual event (e.g. Iogin, login failures or frequent transmission failures). Thus, so long as the keys remain unchanged, every time the same data is encrypted the same ciphertext is produced - a feature that often helps cryptanalysts decrypt the ciphertext.
This invention involves a completely new approach to data encryption whereby; the application of the algorithm constantly modifies the encryption key during the encryption process itself. In fact, it can almost be regarded as the algorithm encrypting the key with the data as well as the data with the key. This invention works best with streamed data but also works well with blocked data.
The invention is not restricted to a particular encryption algorithm or encryption hardware engine nor does it prohibit key exchanges, what matters is the inclusion of ciphertext feedback and/or a data feed into an encryption key modification process. Whatever method is used to apply the feedback and/or data feed it must be compatible with the reverse operation performed when decrypting the ciphertext. Thus, when this criterion is met, not only is each data encryption using a different key almost every fragment of the ciphertext is produced using a different key. Hence the only time the same data encrypted twice will predictably produce the same ciphertext is when a re- i encryption takes place for reasons such as error recovery. Under these circumstances the key is restored to a saved former value prior to re-encryption.
An optional data feed into the algorithm also enables algorithm commands (instructions) to be inserted into the data prior to encryption. These commands are detected and acted upon during the encryption process and are themselves encrypted. Subsequently, at the destination, the embedded encrypted commands are again acted upon immediately after their decryption whilst being removed from the data.
A major feature of this invention is that in order to decrypt data encrypted under algorithms using ciphertext feedback and/or a data feed an eavesdropper must know (or have known) the original key and have processed all previous ciphertext produced by that dynamically modified key. In addition, if all participants use the same initial key for all encryptions, then it is also necessary to know what data encryptions have previously been made by all participants and in what order they were made.
Thus making the cryptanalysts job that much harder, if not impossible. Another feature of the invention is that because the key is constantly being modified, it allows less complicated encryption algorithms to be used.
c An example of an electronic apparatus that incorporates this invention is depicted in figure 1. Here, an apparatus set in encrypt mode, is presented with a key at register A, which consists of memory banks 1 through 4. Data for encryption is then presented at input B. An electronic adder/subtractor E adds the contents of reg ster A memory bank 4 to an equal length of data shifted in from B and ] AA_. To LEA DATA AREA an IL Or-i MA AA^rOt1A Squat
- - - Figure 2 is an example of the same apparatus with the optional encryption command processing feature included. Here, before data is presented at input B for encryption it passes through a command inserter X that uses bit-stuffing techniques to randomly embed random algorithm commands into the data. Commands are encrypted; but immediately after encryption the commands themselves are carried out. Commands alter the algorithm in-flight, for example, they can selectively switch on/off ciphertext feedback or cause inverse operations to be applied (e.g. subtract in place of add when modifying register A bank 3).
Decryption takes place in figure 2 in the same way as the apparatus of figure 1. Data after ciphertext decryption, however, now passes through a command remover Y. which detects commands and removes them and any bits stuffed at the time of encryption. Immediately after detection, commands are applied to the decryption algorithm, such that the key modifications remain synchronised with those of the encrypting apparatus.
This concludes the description of two of many possible apparatus that may implement the
encryption/decryption ciphertext feedback and data feed techniques described earlier. In fact it is entirely possible to simulate either apparatus described in a computer program and implement it in and around any existing encryption engine, dramatically increasing the degree of security provided.
Claims (14)
1. An apparatus for data encryption/decryption that uses data-stream and/or cipher-gram feeds and/or feedback to modify the encryption key and that optionally supports the random modification of the encryption algorithm, such that at the end of the encryption process either or both features make available an unpredictable encryption key for use with the next data-stream.
2. An apparatus as claimed in Claim 1 where a feed from the data-stream at the time it is
encrypted is used to dynamically modify the encryption key during the encryption process thus providing an ever-changing key for subsequent portions of the current data stream and a new key for the next datastream.
3. An apparatus as claimed in Claim 1 where feedback taken from the encrypted data (cipher-gram) is used to dynamically modify the encryption key during the encryption process thus providing an ever-changing key for subsequent portions of the current data stream and a new key for the next data-stream.
4. An apparatus as claimed in Claim 1 where feedback taken from the datastream after decryption is used to dynamically modify the decryption key during the decryption process thus providing an ever-changing key for subsequent portions of the current cipher-gram and a new key for the next cipher-gram, such that synchronization is maintained with the key of the encryption apparatus claimed in Claim 2.
5. An apparatus as claimed in Claim 1 where a feed from the encrypted data (cipher-gram) is used to dynamically modify the decryption key during the decryption process thus providing an ever-changing key for subsequent portions of the current cipher-gram and a new key for the next cipher-gram, such that synchronization is maintained with the key of the encryption apparatus claimed in Claim 3.
6. An apparatus as claimed in Claim 1 that executes encryption algorithm modification instructions randomly embedded in the data-stream immediately after encrypting the instruction itself.
7. An apparatus as claimed in Claim 1 that executes decryption algorithm modification instructions randomly embedded in the cipher-gram immediately after decrypting the instruction itself 8. An apparatus as claimed in all previous claims that facilitates the recovery of previous apparatus states by allowing encryption and decryption keys to be loaded and captured to and from an external component.
9. An apparatus as claimed in all previous claims that facilitates state changes from encryption mode to decryption mode and vice-a-versa by allowing status to be set by an external component.
10. An apparatus as claimed in all previous claims that dynamically or otherwise, facilitates the changing of its operational parameters at manufacture, implementation and configuration.
1. A digital encryption and/or decryption apparatus that continuously modifies the key itself in order to provide a new dynamic key for each next data-stream and/or cipher-gram segment and subsequently for each next data-stream and/or cipher-gram with provision to support recovery to prior key and/or mode states and that optionally supports modifying the encryption/decryption algorithm(s) based on randomly inserting embedded encrypted commands into the cipher-grams.
2 A digital data encryption and/or decryption apparatus as claimed in Claim 1 whereby a feed taken from the data-stream is used to continuously modify the encryption key itself in order to provide a new dynamic encryption key for each next data-stream segment and subsequently to provide a new data influenced encryption or decryption key for each next data-stream or cipher-gram.
3. A digital data encryption and/or decryption apparatus as claimed in Claim 1 whereby a feed taken from the data-stream is used to continuously modify the encryption key itself in order to provide a new data influenced encryption or decryption key for each next data-stream or cipher-gram.
4. A digital data encryption and/or decryption apparatus as claimed in Claim 1 whereby feedback taken from the encrypted data (cipher-gram) is used to continuously modify the encryption key itself in order to provide a new dynamic encryption key for each next data-stream segment and subsequently to provide a new data influenced encryption or decryption key for each next data-stream or cipher-gram.
5. A digital data encryption and/or decryption apparatus as claimed in Claim 1 whereby feedback taken from the encrypted data (cipher-gram) is used to continuously modify the encryption key itself in order to provide a new data influenced encryption or decryption key for each next datastream or cipher-gram 6 A digital data encryption and/or decryption apparatus as claimed in Claim 1 whereby feedback taken from the ciphergram after decryption is used to continuously modify the decryption key itself in order to provide a new dynamic decryption key for each next cipher-gram segment and subsequently to provide a new data influenced decryption or encryption key for each next cipher-gram or data-stream, such that key synchronization is maintained with that of the apparatus claimed in Claims 2 and 3.
7. A digital data encryption and/or decryption apparatus as claimed in Claim 1 whereby feedback taken from the cipher-gram after decryption is used to continuously modify the decryption key itself in order to provide a new data influenced decryption or encryption key for each next ciphergram or data-stream, such that key synchronization is maintained with that of the apparatus claimed in Claims 2 and 3.
8. A digital data encryption and/or decryption apparatus as claimed in Claim 1 whereby a feed from the encrypted data (cipher-gram) is used to continuously modify the decryption key itself in order to provide a new dynamic decryption key for each next cipher-gram segment and subsequently to provide a new data influenced decryption or encryption key for each next cipher-gram or data-stream, such that key synchronization is maintained with that of the apparatus claimed in Claims 4 and 5.
9. A digital data encryption and/or decryption apparatus as claimed in Claim 1 whereby a feed from the encrypted data (cipher-gram) is used to continuously modify the decryption key itself in order to provide a new data influenced decryption or encryption key for each next cipher-gram or data-stream, such that key synchronization is maintained with that of the apparatus claimed in Claims 4 and 5.
10. A digital data encryption andlor decryption apparatus as claimed in any of Claims 1 through 5 that optionally embeds encryption/decryption algorithm modification commands randomly into the data-stream and immediately after encrypting the commands applies the specified modification to its own algorithm(s).
11. A digital data encryption and/or decryption apparatus as claimed in any of Claim 1 and Claims 6 through 9 that optionally removes from the cipher-gram encryption/decryption algorithm modification commands immediately after their decryption and then applies the specified modification its own algorithm(s).
12. A digital data encryption and/or decryption apparatus as claimed in all previous claims that facilitates encryption/decryption key recovery to previous apparatus states by allowing encryption/decyption keys to be captured and loaded; thereby supporting key synchronization after transmission failures and enabling prior communicants to begin new sessions with encryption/decryption keys captured at the end of a prior session.
13. A digital data encryption and/or decryption apparatus as claimed in all previous claims that facilitates state changes from encryption mode to decryption mode and vice-a-versa by allowing status to be changed internally and/or externally.
14. A digital data encryption and/or decryption apparatus as claimed in all previous claims that facilitates the assignment of operational configuration parameters at time of implementation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0207035A GB2387088B (en) | 2002-03-26 | 2002-03-26 | Method and apparatus for data encryption/decryption |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0207035A GB2387088B (en) | 2002-03-26 | 2002-03-26 | Method and apparatus for data encryption/decryption |
Publications (3)
Publication Number | Publication Date |
---|---|
GB0207035D0 GB0207035D0 (en) | 2002-05-08 |
GB2387088A true GB2387088A (en) | 2003-10-01 |
GB2387088B GB2387088B (en) | 2005-06-01 |
Family
ID=9933680
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB0207035A Expired - Fee Related GB2387088B (en) | 2002-03-26 | 2002-03-26 | Method and apparatus for data encryption/decryption |
Country Status (1)
Country | Link |
---|---|
GB (1) | GB2387088B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4172213A (en) * | 1977-11-17 | 1979-10-23 | Burroughs Corporation | Byte stream selective encryption/decryption device |
WO1991018460A1 (en) * | 1990-05-19 | 1991-11-28 | Rolf Trautner | Process for the blockwise coding of digital data |
US5086468A (en) * | 1989-07-07 | 1992-02-04 | Motorola, Inc. | Text modifier |
EP0518315A2 (en) * | 1991-06-13 | 1992-12-16 | Mitsubishi Denki Kabushiki Kaisha | System and method for blockwise encryption of data |
EP0752770A2 (en) * | 1995-07-03 | 1997-01-08 | General Instrument Corporation Of Delaware | Cryptographic apparatus with double feedforward hash function |
US5724428A (en) * | 1995-11-01 | 1998-03-03 | Rsa Data Security, Inc. | Block encryption algorithm with data-dependent rotations |
-
2002
- 2002-03-26 GB GB0207035A patent/GB2387088B/en not_active Expired - Fee Related
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4172213A (en) * | 1977-11-17 | 1979-10-23 | Burroughs Corporation | Byte stream selective encryption/decryption device |
US5086468A (en) * | 1989-07-07 | 1992-02-04 | Motorola, Inc. | Text modifier |
WO1991018460A1 (en) * | 1990-05-19 | 1991-11-28 | Rolf Trautner | Process for the blockwise coding of digital data |
EP0518315A2 (en) * | 1991-06-13 | 1992-12-16 | Mitsubishi Denki Kabushiki Kaisha | System and method for blockwise encryption of data |
EP0752770A2 (en) * | 1995-07-03 | 1997-01-08 | General Instrument Corporation Of Delaware | Cryptographic apparatus with double feedforward hash function |
US5724428A (en) * | 1995-11-01 | 1998-03-03 | Rsa Data Security, Inc. | Block encryption algorithm with data-dependent rotations |
Also Published As
Publication number | Publication date |
---|---|
GB2387088B (en) | 2005-06-01 |
GB0207035D0 (en) | 2002-05-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP7007384B2 (en) | Increased ambiguity | |
US8259934B2 (en) | Methods and devices for a chained encryption mode | |
EP1005191B1 (en) | Encryption/decryption unit and storage medium | |
US20020120838A1 (en) | Data encryption using stateless confusion generators | |
WO2008049046A2 (en) | Method for securely extending key stream to encrypt high-entropy data | |
WO2003021849A2 (en) | A non-algebraic cryptographic architecture | |
WO2005084160A3 (en) | An apparatus and method for an iterative cryptographic block | |
JP2016523391A (en) | Method and apparatus for encrypting plaintext data | |
CN107438065B (en) | Data encryption device and method, data decryption device and method | |
JP2007043353A (en) | Transmission and reception system and method, transmission device and method, reception device and method, and program | |
EP1410545A1 (en) | Method and apparatus for data encryption | |
US7039192B1 (en) | Methods for data encryption using multiple layer steganography | |
KR20070052233A (en) | Confidential information processing method, confidential information processing device, and content data reproducing device | |
JPH0728407A (en) | Ciphering preprocessor and deciphering postprocessor by cipher | |
CN101355421B (en) | Method for adapting ciphering/deciphering data length of packet | |
US20050244000A1 (en) | Fast-key generator for encryption, authentication or security | |
JPH1152849A (en) | Ciphering device and recording medium on which program is recorded to realize device readable with computer | |
JP3769804B2 (en) | Decoding method and electronic device | |
JP3627623B2 (en) | Cryptographic communication system and mobile communication system | |
KR20150064042A (en) | Method and device for digital data blocks encryption and decryption | |
JP2008035305A (en) | Encryption method and data concealing method | |
WO2015166701A1 (en) | Encryption method, program, and system | |
GB2387088A (en) | Data influenced encryption keys | |
EP3996321A1 (en) | Method for processing encrypted data | |
JP2002108205A (en) | Block ciphering method and decoding method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PCNP | Patent ceased through non-payment of renewal fee |
Effective date: 20090326 |