GB2387088A - Data influenced encryption keys - Google Patents

Data influenced encryption keys Download PDF

Info

Publication number
GB2387088A
GB2387088A GB0207035A GB0207035A GB2387088A GB 2387088 A GB2387088 A GB 2387088A GB 0207035 A GB0207035 A GB 0207035A GB 0207035 A GB0207035 A GB 0207035A GB 2387088 A GB2387088 A GB 2387088A
Authority
GB
United Kingdom
Prior art keywords
encryption
decryption
key
data
cipher
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0207035A
Other versions
GB2387088B (en
GB0207035D0 (en
Inventor
Gordon Geoffrey Hodson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to GB0207035A priority Critical patent/GB2387088B/en
Publication of GB0207035D0 publication Critical patent/GB0207035D0/en
Publication of GB2387088A publication Critical patent/GB2387088A/en
Application granted granted Critical
Publication of GB2387088B publication Critical patent/GB2387088B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise

Abstract

An apparatus for the encryption/decryption of data with built in features enabling the dynamic modification of the encryption key and optionally the encryption algorithm. On the encryption side, either a data feed captured during encryption or a cipher-gram feedback captured after encryption is used to modify the encryption key prior to encryption of the next data portion. An additional feature allows the insertion and execution of randomly embedded encryption algorithm modification instructions. These instructions are applied and then encrypted within the output cipher-gram. On the decryption side, either a cipher-gram feedback captured during decryption or a data-stream feed captured after decryption is used to modify the encryption key prior to decryption of the next cipher-gram portion. An additional feature allows for the execution and removal of randomly embedded decryption algorithm modification instructions. These instructions are applied after their decryption and are then removed from the output data-stream.

Description

a 2387088 Method and Apparatus for Data Encryption/Decryption This
invention is in the field of cryptology and introduces a method and apparatus for data
encryption/decryption. Data encryption consists of using an algorithm to apply an encryption key to information (data) to make that information unintelligible: thereby restricting the intelligent use of the information to those who know/have the correct decryption key. Encryption/decryption keys may be asymmetric - a pair of complementary keys used to encrypt and decrypt the data, respectively; or symmetric -
same key used for both actions. Transposition, substitution, and/or product algorithms that apply the key to the data are often very complex and are usually classified as block or stream ciphers. In all cases, however, the key remains stable, unless either or any of the participants invokes a key exchange. Key exchange requests are made to reduce the risk of cryptanalysts discovering the keys deployed.
Keys often remain stable until one of the participants detects an unusual event (e.g. Iogin, login failures or frequent transmission failures). Thus, so long as the keys remain unchanged, every time the same data is encrypted the same ciphertext is produced - a feature that often helps cryptanalysts decrypt the ciphertext.
This invention involves a completely new approach to data encryption whereby; the application of the algorithm constantly modifies the encryption key during the encryption process itself. In fact, it can almost be regarded as the algorithm encrypting the key with the data as well as the data with the key. This invention works best with streamed data but also works well with blocked data.
The invention is not restricted to a particular encryption algorithm or encryption hardware engine nor does it prohibit key exchanges, what matters is the inclusion of ciphertext feedback and/or a data feed into an encryption key modification process. Whatever method is used to apply the feedback and/or data feed it must be compatible with the reverse operation performed when decrypting the ciphertext. Thus, when this criterion is met, not only is each data encryption using a different key almost every fragment of the ciphertext is produced using a different key. Hence the only time the same data encrypted twice will predictably produce the same ciphertext is when a re- i encryption takes place for reasons such as error recovery. Under these circumstances the key is restored to a saved former value prior to re-encryption.
An optional data feed into the algorithm also enables algorithm commands (instructions) to be inserted into the data prior to encryption. These commands are detected and acted upon during the encryption process and are themselves encrypted. Subsequently, at the destination, the embedded encrypted commands are again acted upon immediately after their decryption whilst being removed from the data.
A major feature of this invention is that in order to decrypt data encrypted under algorithms using ciphertext feedback and/or a data feed an eavesdropper must know (or have known) the original key and have processed all previous ciphertext produced by that dynamically modified key. In addition, if all participants use the same initial key for all encryptions, then it is also necessary to know what data encryptions have previously been made by all participants and in what order they were made.
Thus making the cryptanalysts job that much harder, if not impossible. Another feature of the invention is that because the key is constantly being modified, it allows less complicated encryption algorithms to be used.
c An example of an electronic apparatus that incorporates this invention is depicted in figure 1. Here, an apparatus set in encrypt mode, is presented with a key at register A, which consists of memory banks 1 through 4. Data for encryption is then presented at input B. An electronic adder/subtractor E adds the contents of reg ster A memory bank 4 to an equal length of data shifted in from B and ] AA_. To LEA DATA AREA an IL Or-i MA AA^rOt1A Squat
- - - Figure 2 is an example of the same apparatus with the optional encryption command processing feature included. Here, before data is presented at input B for encryption it passes through a command inserter X that uses bit-stuffing techniques to randomly embed random algorithm commands into the data. Commands are encrypted; but immediately after encryption the commands themselves are carried out. Commands alter the algorithm in-flight, for example, they can selectively switch on/off ciphertext feedback or cause inverse operations to be applied (e.g. subtract in place of add when modifying register A bank 3).
Decryption takes place in figure 2 in the same way as the apparatus of figure 1. Data after ciphertext decryption, however, now passes through a command remover Y. which detects commands and removes them and any bits stuffed at the time of encryption. Immediately after detection, commands are applied to the decryption algorithm, such that the key modifications remain synchronised with those of the encrypting apparatus.
This concludes the description of two of many possible apparatus that may implement the
encryption/decryption ciphertext feedback and data feed techniques described earlier. In fact it is entirely possible to simulate either apparatus described in a computer program and implement it in and around any existing encryption engine, dramatically increasing the degree of security provided.

Claims (14)

1. An apparatus for data encryption/decryption that uses data-stream and/or cipher-gram feeds and/or feedback to modify the encryption key and that optionally supports the random modification of the encryption algorithm, such that at the end of the encryption process either or both features make available an unpredictable encryption key for use with the next data-stream.
2. An apparatus as claimed in Claim 1 where a feed from the data-stream at the time it is
encrypted is used to dynamically modify the encryption key during the encryption process thus providing an ever-changing key for subsequent portions of the current data stream and a new key for the next datastream.
3. An apparatus as claimed in Claim 1 where feedback taken from the encrypted data (cipher-gram) is used to dynamically modify the encryption key during the encryption process thus providing an ever-changing key for subsequent portions of the current data stream and a new key for the next data-stream.
4. An apparatus as claimed in Claim 1 where feedback taken from the datastream after decryption is used to dynamically modify the decryption key during the decryption process thus providing an ever-changing key for subsequent portions of the current cipher-gram and a new key for the next cipher-gram, such that synchronization is maintained with the key of the encryption apparatus claimed in Claim 2.
5. An apparatus as claimed in Claim 1 where a feed from the encrypted data (cipher-gram) is used to dynamically modify the decryption key during the decryption process thus providing an ever-changing key for subsequent portions of the current cipher-gram and a new key for the next cipher-gram, such that synchronization is maintained with the key of the encryption apparatus claimed in Claim 3.
6. An apparatus as claimed in Claim 1 that executes encryption algorithm modification instructions randomly embedded in the data-stream immediately after encrypting the instruction itself.
7. An apparatus as claimed in Claim 1 that executes decryption algorithm modification instructions randomly embedded in the cipher-gram immediately after decrypting the instruction itself 8. An apparatus as claimed in all previous claims that facilitates the recovery of previous apparatus states by allowing encryption and decryption keys to be loaded and captured to and from an external component.
9. An apparatus as claimed in all previous claims that facilitates state changes from encryption mode to decryption mode and vice-a-versa by allowing status to be set by an external component.
10. An apparatus as claimed in all previous claims that dynamically or otherwise, facilitates the changing of its operational parameters at manufacture, implementation and configuration.
1. A digital encryption and/or decryption apparatus that continuously modifies the key itself in order to provide a new dynamic key for each next data-stream and/or cipher-gram segment and subsequently for each next data-stream and/or cipher-gram with provision to support recovery to prior key and/or mode states and that optionally supports modifying the encryption/decryption algorithm(s) based on randomly inserting embedded encrypted commands into the cipher-grams.
2 A digital data encryption and/or decryption apparatus as claimed in Claim 1 whereby a feed taken from the data-stream is used to continuously modify the encryption key itself in order to provide a new dynamic encryption key for each next data-stream segment and subsequently to provide a new data influenced encryption or decryption key for each next data-stream or cipher-gram.
3. A digital data encryption and/or decryption apparatus as claimed in Claim 1 whereby a feed taken from the data-stream is used to continuously modify the encryption key itself in order to provide a new data influenced encryption or decryption key for each next data-stream or cipher-gram.
4. A digital data encryption and/or decryption apparatus as claimed in Claim 1 whereby feedback taken from the encrypted data (cipher-gram) is used to continuously modify the encryption key itself in order to provide a new dynamic encryption key for each next data-stream segment and subsequently to provide a new data influenced encryption or decryption key for each next data-stream or cipher-gram.
5. A digital data encryption and/or decryption apparatus as claimed in Claim 1 whereby feedback taken from the encrypted data (cipher-gram) is used to continuously modify the encryption key itself in order to provide a new data influenced encryption or decryption key for each next datastream or cipher-gram 6 A digital data encryption and/or decryption apparatus as claimed in Claim 1 whereby feedback taken from the ciphergram after decryption is used to continuously modify the decryption key itself in order to provide a new dynamic decryption key for each next cipher-gram segment and subsequently to provide a new data influenced decryption or encryption key for each next cipher-gram or data-stream, such that key synchronization is maintained with that of the apparatus claimed in Claims 2 and 3.
7. A digital data encryption and/or decryption apparatus as claimed in Claim 1 whereby feedback taken from the cipher-gram after decryption is used to continuously modify the decryption key itself in order to provide a new data influenced decryption or encryption key for each next ciphergram or data-stream, such that key synchronization is maintained with that of the apparatus claimed in Claims 2 and 3.
8. A digital data encryption and/or decryption apparatus as claimed in Claim 1 whereby a feed from the encrypted data (cipher-gram) is used to continuously modify the decryption key itself in order to provide a new dynamic decryption key for each next cipher-gram segment and subsequently to provide a new data influenced decryption or encryption key for each next cipher-gram or data-stream, such that key synchronization is maintained with that of the apparatus claimed in Claims 4 and 5.
9. A digital data encryption and/or decryption apparatus as claimed in Claim 1 whereby a feed from the encrypted data (cipher-gram) is used to continuously modify the decryption key itself in order to provide a new data influenced decryption or encryption key for each next cipher-gram or data-stream, such that key synchronization is maintained with that of the apparatus claimed in Claims 4 and 5.
10. A digital data encryption andlor decryption apparatus as claimed in any of Claims 1 through 5 that optionally embeds encryption/decryption algorithm modification commands randomly into the data-stream and immediately after encrypting the commands applies the specified modification to its own algorithm(s).
11. A digital data encryption and/or decryption apparatus as claimed in any of Claim 1 and Claims 6 through 9 that optionally removes from the cipher-gram encryption/decryption algorithm modification commands immediately after their decryption and then applies the specified modification its own algorithm(s).
12. A digital data encryption and/or decryption apparatus as claimed in all previous claims that facilitates encryption/decryption key recovery to previous apparatus states by allowing encryption/decyption keys to be captured and loaded; thereby supporting key synchronization after transmission failures and enabling prior communicants to begin new sessions with encryption/decryption keys captured at the end of a prior session.
13. A digital data encryption and/or decryption apparatus as claimed in all previous claims that facilitates state changes from encryption mode to decryption mode and vice-a-versa by allowing status to be changed internally and/or externally.
14. A digital data encryption and/or decryption apparatus as claimed in all previous claims that facilitates the assignment of operational configuration parameters at time of implementation.
GB0207035A 2002-03-26 2002-03-26 Method and apparatus for data encryption/decryption Expired - Fee Related GB2387088B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0207035A GB2387088B (en) 2002-03-26 2002-03-26 Method and apparatus for data encryption/decryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0207035A GB2387088B (en) 2002-03-26 2002-03-26 Method and apparatus for data encryption/decryption

Publications (3)

Publication Number Publication Date
GB0207035D0 GB0207035D0 (en) 2002-05-08
GB2387088A true GB2387088A (en) 2003-10-01
GB2387088B GB2387088B (en) 2005-06-01

Family

ID=9933680

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0207035A Expired - Fee Related GB2387088B (en) 2002-03-26 2002-03-26 Method and apparatus for data encryption/decryption

Country Status (1)

Country Link
GB (1) GB2387088B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4172213A (en) * 1977-11-17 1979-10-23 Burroughs Corporation Byte stream selective encryption/decryption device
WO1991018460A1 (en) * 1990-05-19 1991-11-28 Rolf Trautner Process for the blockwise coding of digital data
US5086468A (en) * 1989-07-07 1992-02-04 Motorola, Inc. Text modifier
EP0518315A2 (en) * 1991-06-13 1992-12-16 Mitsubishi Denki Kabushiki Kaisha System and method for blockwise encryption of data
EP0752770A2 (en) * 1995-07-03 1997-01-08 General Instrument Corporation Of Delaware Cryptographic apparatus with double feedforward hash function
US5724428A (en) * 1995-11-01 1998-03-03 Rsa Data Security, Inc. Block encryption algorithm with data-dependent rotations

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4172213A (en) * 1977-11-17 1979-10-23 Burroughs Corporation Byte stream selective encryption/decryption device
US5086468A (en) * 1989-07-07 1992-02-04 Motorola, Inc. Text modifier
WO1991018460A1 (en) * 1990-05-19 1991-11-28 Rolf Trautner Process for the blockwise coding of digital data
EP0518315A2 (en) * 1991-06-13 1992-12-16 Mitsubishi Denki Kabushiki Kaisha System and method for blockwise encryption of data
EP0752770A2 (en) * 1995-07-03 1997-01-08 General Instrument Corporation Of Delaware Cryptographic apparatus with double feedforward hash function
US5724428A (en) * 1995-11-01 1998-03-03 Rsa Data Security, Inc. Block encryption algorithm with data-dependent rotations

Also Published As

Publication number Publication date
GB2387088B (en) 2005-06-01
GB0207035D0 (en) 2002-05-08

Similar Documents

Publication Publication Date Title
JP7007384B2 (en) Increased ambiguity
US8259934B2 (en) Methods and devices for a chained encryption mode
EP1005191B1 (en) Encryption/decryption unit and storage medium
US20020120838A1 (en) Data encryption using stateless confusion generators
WO2008049046A2 (en) Method for securely extending key stream to encrypt high-entropy data
WO2003021849A2 (en) A non-algebraic cryptographic architecture
WO2005084160A3 (en) An apparatus and method for an iterative cryptographic block
JP2016523391A (en) Method and apparatus for encrypting plaintext data
CN107438065B (en) Data encryption device and method, data decryption device and method
JP2007043353A (en) Transmission and reception system and method, transmission device and method, reception device and method, and program
EP1410545A1 (en) Method and apparatus for data encryption
US7039192B1 (en) Methods for data encryption using multiple layer steganography
KR20070052233A (en) Confidential information processing method, confidential information processing device, and content data reproducing device
JPH0728407A (en) Ciphering preprocessor and deciphering postprocessor by cipher
CN101355421B (en) Method for adapting ciphering/deciphering data length of packet
US20050244000A1 (en) Fast-key generator for encryption, authentication or security
JPH1152849A (en) Ciphering device and recording medium on which program is recorded to realize device readable with computer
JP3769804B2 (en) Decoding method and electronic device
JP3627623B2 (en) Cryptographic communication system and mobile communication system
KR20150064042A (en) Method and device for digital data blocks encryption and decryption
JP2008035305A (en) Encryption method and data concealing method
WO2015166701A1 (en) Encryption method, program, and system
GB2387088A (en) Data influenced encryption keys
EP3996321A1 (en) Method for processing encrypted data
JP2002108205A (en) Block ciphering method and decoding method

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20090326