GB2463031A - Encrypting data or providing an encryption key - Google Patents

Encrypting data or providing an encryption key Download PDF

Info

Publication number
GB2463031A
GB2463031A GB0815648A GB0815648A GB2463031A GB 2463031 A GB2463031 A GB 2463031A GB 0815648 A GB0815648 A GB 0815648A GB 0815648 A GB0815648 A GB 0815648A GB 2463031 A GB2463031 A GB 2463031A
Authority
GB
United Kingdom
Prior art keywords
byte
data block
output
pair
input data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0815648A
Other versions
GB2463031B (en
GB0815648D0 (en
Inventor
Leslie Arthur Durn
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Samsung Electronics Co Ltd
Original Assignee
Samsung Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Samsung Electronics Co Ltd filed Critical Samsung Electronics Co Ltd
Priority to GB0815648A priority Critical patent/GB2463031B/en
Publication of GB0815648D0 publication Critical patent/GB0815648D0/en
Publication of GB2463031A publication Critical patent/GB2463031A/en
Application granted granted Critical
Publication of GB2463031B publication Critical patent/GB2463031B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L29/06666
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • H04L9/0675
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise

Abstract

There is provided a method and apparatus for encrypting an input data block comprising XORing the input data block with a predetermined key to form a intermediate data block, providing cryptographic confusion by performing a first transformation function on the intermediate data block, said transformation function operable upon consecutive byte pairs of the intermediate data block and comprising, using an odd numbered byte of the byte pair as a location reference into a look up table, XORing an even numbered byte of the byte pair with a value obtained from the referenced location of the look up table to produce a transformed byte, and storing the odd numbered byte of the byte pair as the even numbered byte in an output byte pair, and storing the transformed byte as the odd numbered byte in the output byte pair, the method further comprising concatenating the output byte pairs together to form a second intermediate data block, dividing the second intermediate data block into consecutive byte pairs, diffusing the second intermediate data block by inputting consecutive byte pairs into first and second reversible functions and concatenating resultant byte pairs to form a diffused data block, exchanging bytes of the diffused data block by rearranging the byte order to form a permutated data block. There is also provided a method and apparatus for decrypting digital data and a method for a producing a cipher key. The method may further comprise performing multiple rounds of the above method on the input data block.

Description

Device and Method for Encrypting Data or Providing an Encryption Key
Technical Field
The invention is related to data encryption/decryption and key generation block ciphers in general, and in particular to lightweight implementations of data encryption/decryption and key generation block ciphers.
Background
The present invention refers to an apparatus and a method for symmetrical encrypting and decrypting of a data block, known as a block cipher, where the size of the input data block and output data block is the same. The encryption/decryption operation is controlled using a key which is the same size as the input data block, and where the same key is used for both processes. Such encryption processes are termed symmetrical. This is in contrast to an asymmetrical encryption/decryption method where the decryption key is different to the encryption key. Well known examples of symmetrical block ciphers are DES, CAST, Blowfish, Twofish and AES. All block ciphers have advantages and disadvantages.
The two major requirements for an encryption method is its robustness against any form of cryptanalysis, i.e. its security, and its computational speed.
One key factor determining the security of a block cipher is diffusion. Diffusion is the characteristic that for a single bit change in the input data block of a block cipher it influences many more bits of the output data block in an unpredictable way (i.e. the cryptographic avalanche effect) The computational speed of the process is mainly determined by the type of mathematical and logical operations performed during operation, such as: multiplication, division and other more complex functions. Generally, the more complex the functions used in the block cipher, the lower the computational speed of the block cipher.
The purpose of this invention is to propose a new encryption method which offers a high level of security combined with a high execution speed.
Sum mary In a first aspect of the present invention, there is provided a method of encrypting an input data block comprising: a. XORing the input data block with a predetermined key to form a intermediate data block; b. providing cryptographic confusion by performing a first transformation function on the intermediate data block, said transformation function operable upon consecutive byte pairs of the intermediate data block and comprising: i. using an odd numbered byte of the byte pair as a location reference into a look up table; ii. XORing an even numbered byte of the byte pair with a value obtained from the referenced location of the look up table to produce a transformed byte; and iii. storing the odd numbered byte of the byte pair as the even numbered byte in an output byte pair, and storing the transformed byte as the odd numbered byte in the output byte pair; iv. concatenating the output byte pairs together to form a second intermediate data block; c. dividing the second intermediate data block into consecutive byte pairs; d. diffusing the second intermediate data block by inputting consecutive byte pairs into first and second reversible functions and concatenating resultant byte pairs to form a diffused data block; e. exchanging bytes of the diffused data block by rearranging the byte order to form a permutated data block.
Optionally, the method further comprises carrying out steps c to e on the input data block, prior to the first XORing step.
Optionally, a Round comprises a single one of each of the steps a to e, and the method further comprises carrying out multiple Rounds on the input data block.
Optionally, the first reversible function is: jj b =b+b1mod2m; and the second reversible function is: b = b + 2b1 mod2m; where m = 8, wherein the result of the first reversible function forms an odd numbered byte of an output byte pair, and the result of the second reversible function forms an even numbered byte of an output byte pair.
Optionally, the exchanging step comprises adjacently combining the odd numbered bytes of an input data block to form a first half of an output data block, and adjacently combining the even numbered bytes of an input data block to form a second half of an output data block.
Optionally, the method is used to generate a key for use in subsequent encryption steps.
According to a second aspect of the present invention, there is provided a method of decrypting an input data block previously encrypted according to the first aspect method comprising: f. exchanging bytes of the input data block by rearranging the byte order to form a de-permutated data block; g. dividing the de-permutated data block into consecutive byte pairs; h. undiffusing the de-permutated data block by inputting consecutive byte pairs into third and fourth reversible functions and concatenating resultant byte pairs to form a undiffused data block; providing cryptographic de-confusion by performing a second transformation function on the undiffused data block, said second transformation function being the inverse of the first transformation function, and operable upon consecutive byte pairs of the undiffused data block, and comprising: i. using an even numbered byte of the byte pair as a location reference into a look up table; ii. XORing an odd numbered byte of the byte pair with a value obtained from the referenced location of the look up table to produce a second transformed byte; and iii. storing the even numbered byte of the byte pair as the odd numbered byte in an output byte pair, and storing the second transformed byte as the even numbered byte in the output byte pair; iv. concatenating the output byte pairs together to form a transformed data block; j. XORing the transformed data block with a predetermined key to form a decrypted output data block.
Optionally, a Round comprises a single one of each of the steps a to e, and the method further comprises carrying out multiple Rounds on the input data block.
Optionally, the method further comprises carrying out steps a to c before producing a final decrypted output data block.
Optionally, the third reversible function is the inverse of the first reversible function and consists of: jj' b =b1 _bmod2m; and the fourth reversible function is the inverse of the second reversible function and consists of: f2' b=2b_b+1fflOd2m where m = 8, wherein the result of the third reversible function forms an odd numbered byte of an output byte pair, and the result of the fourth reversible function forms an even numbered byte of an output byte pair.
Optionally, the exchanging step comprises moving adjacent bytes of a first half of an input data block to become the odd numbered bytes of a resultant output data block, and moving adjacent bytes of a second half of an input data block to become the even numbered bytes of a resultant output data block.
Optionally, the method comprises five Rounds and/or the data block sizes are 256 bits and/or the key is 256 bits in size.
Optionally, the look up table used in either of the first or second transformation function is as shown in Fig. 5.
According to a third aspect of the present invention, there is provided apparatus to encrypt an input data block comprising circuitry adapted to carry out any of the above described encryption and/or decryption methods.
According to a fourth aspect of the present invention, there is provided a method of encrypting digital data sent between a digital television receiver and a Conditional Access Module, comprising generating a cipher key using the encryption method according to any of the above encryption method on a b predetermined key initialisation vector and initial key material, and encrypting the digital data using the key together with any encryption method.
According to a fifth aspect of the present invention, there is provided a computer readable medium containing instructions, which, when executed by a processor, causes the processor to carry out any of above described methods.
Alternative embodiments provide a method of encrypting an input data block comprising: dividing the input data block into consecutive byte pairs, diffusing the input data block by inputting consecutive byte pairs into first and second reversible functions and concatenating resultant byte pairs to form a diffused data block, exchanging bytes of the diffused data block by rearranging the byte order to form a permutated data block, XORing the permutated data block with a predetermined key to form an intermediate data block, providing cryptographic confusion by performing a transformation function on the intermediate data block, said transformation function operable upon consecutive byte pairs of the intermediate data block and comprising: using an odd numbered byte of the byte pair as a location reference into a look up table, XORing an even numbered byte of the byte pair with a value obtained from the referenced location of the look up table to produce a transformed byte, and storing the odd numbered byte of the intermediate data block as the even numbered byte in an output byte pair, and storing the transformed byte as the odd numbered byte in the output byte pair, performing another diffusing step and exchanging step, and outputting a final output data block.
Brief description of the drawings
A method of and apparatus for encrypting/decrypting data or providing an encryption key will now be described, by way of example only, and with reference to the accompanying drawings, in which: Fig. 1 shows a high level block diagram of how a symmetrical encryption block cipher operates; Fig. 2 shows an overview of the block cipher encryption method according to a preferred embodiment of the present invention; Fig. 3 shows the diffusion process of Fig. 2 according to a preferred embodiment of the invention; Fig. 4 shows the permutation process of Fig. 2 according to a preferred embodiment of the invention; Fig. 5 shows how the key is XORed with the current round block data according to a preferred embodiment of the invention; Fig. 6 shows the confusion process of Fig. 2 according to a preferred embodiment of the invention; Fig. 7 shows a single round of the encryption process of Fig. 2 according to a preferred embodiment of the invention; Fig. 8 shows an overview of the block cipher decryption method according to a preferred embodiment of the present invention; Fig. 9 shows the inverse permutation process of Fig. 8 according to a preferred embodiment of the invention; Fig. 10 shows the inverse diffusion process of Fig. 8 according to a preferred embodiment of the invention; Fig. 11 shows the inverse confusion process of Fig. 8 according to a preferred embodiment of the invention; Fig. 12 shows a single round of the decryption process of Fig. 8 according to a preferred embodiment of the invention; Fig. 13 shows an exemplary table used in the confusion processes of a preferred embodiment of the invention.
Detailed Description
The present invention may be broken down into an encryption or key generation method and apparatus, and a decryption method and apparatus.
Therefore, the following description will be broken down into these respective portions.
Encryption/Key Generation Fig. 1 shows a high level block diagram of how a block encryption cipher 100 works. Key generation is a particular form of the encryption method, where primarily the randomness of the output data block (i.e. ciphertext) is important, not the security of the original plain text.
In Fig. 1, input data block 110 is inputted into the block cipher 120 according to the present invention over a bus, for example a 256bit (i.e. 32 bytes) wide bus 115. However, the input bus 115 may be in the form of either a parallel or serial data bus, depending on implementation requirements.
Meanwhile, a 256 bit symmetric encryption key 130 is also inputted over a 256 bit bus 135. The key may be any size, but is most preferably the same size as the data block to be encrypted. The block cipher operates as described in more detail below, producing the encrypted output data block 140 out of an output bus, e.g. 256 bit wide bus 125. Since the operation is symmetric, an inverse (decryption) process can be used with the same key to decrypt the data.
Fig. 2 shows an overview of the method carried out by block cipher 120 according to a preferred embodiment of the present invention. The input data block 210, and all subsequent data blocks are 256 bits, i.e. 32 bytes, wide.
In brief overview, the aim of the present invention is achieved by a method and apparatus that takes an input block of data 210, X1, in the form of an even number of bytes, b1, b2, b3, b4 b..1, b, with each adjacent pair of bytes within X1 (e.g. b1 and b2orb3 and b4) being used as separate inputs into two functions, f1 and f2. The two functions combine to form a reversible transformation that provides cryptographic diffusion, D. This is represented in Fig. 2 as the D Block, 220. The outputs of the functions f1 and f2are also byte values, which are combined with the outputs of the same functions operating on all the other pairs of bytes in the input data block to produce an intermediary output data block 225, i.e. the outputs of all the functions form a new data block, X2 225, which is the same size as the original data block, X1 210.
This new intermediary data block, X2 225, is then applied to a permutation process block, P, represented in Fig. 2 as P Block 230, which transforms the positions of the bytes within block X2 into a new block X3 235.
The data block X3 235 is then exclusive OR'd (XOR) with the key, K1130, which is the same size as the data block X3 235 to form X4.
Each pair of bytes (e.g. b1 and b2,orb3 and b4ofX4 is then applied to a transformation process, f3, that uses one of the pair of bytes as an index into a table, TI, of predetermined pseudo-random values and then XOR5 the value obtained from the table at the relevant index point with the adjacent input byte. This process provides cryptographic confusion. The result and the adjacent byte are then swapped. Both these processes are represented in Fig. 2 as F Block 250. This produces a new data block X5. An example of a suitable look-up table is shown in Fig. 13, and is described in more detail below.
Each adjacent pair of bytes of X5 is used as separate inputs to the same form of diffusion block, D Block 220, using the same two functions used previously, i.e. f1 and f2.This provides further cryptographic diffusion and the output data block, X6, is applied to another permutation process block P Block 230 which transforms the positions of the bytes in the block into a new block X7 275.
The processes that transform data block X3 into data block X7, are also called a round, R1. The round is then repeated four more times, R2 to R5, with the resultant output data block of each round R2 being X. Some embodiments use different keys for each round to provide more security. However, in the implementation of the present invention used to generate keys for use in further cryptographic processes, the key is kept the same for speedy execution. The final output data block, X24, is the output of the block cipher as a whole, and can be used as the key in further cryptographic processes.
Each round therefore consists of both diffusion and confusion. Repeated use of this round provides good randomisation and a cryptographic avalanche effect.
The process is de-cryptable, when the key, K1, is known to the decrypting side, because the functions f1, f2 and f3are all reversible functions.
When the present invention is used as a method and apparatus for providing a key for use in further encryption steps, then the decryption side is not used.
In all cases, the method and apparatus operates on a plaintext input data block, and converts this in to a ciphertext output block during the course of the overall block cipher process. The ciphertext output may be used as a random ised secret key in other cryptographic processes.
The method and apparatus for both encrypting and decrypting will now be described in more detail.
The diffusion block, D 220, of Fig.2 is shown in more detail in Fig. 3.
The input data block, X1, is grouped into an even number of 8 bit bytes, b1 to 2. Each adjacent pair of bytes, consisting of an odd numbered byte 310 and an even numbered byte 320 (e.g. b3andb4), are used as separate inputs to two functions, f1330 and f2 340.
The two functions jj 330 and f2 340 combine to form a reversible transformation that provides cryptographic diffusion. The two functions are defined in equations Eq.1 and Eq.2: Jj b=b+b1mod2m Eq.1 Eq.2 Where m = 8, i.e. the process is carried out in byte sized portions and the outputs of the functions jj and f2 are byte values.
In particular, function jj 330 takes the odd numbered byte b1 as input 31 5a and the even numbered byteb2as input 316b, then combines them according to equation j 330, to produce output byte value b'1 350. Meanwhile, function f2340 takes the odd numbered byte b1 as input 31 5b and the even numbered byteb2as input 316a, then combines them according to equation f2 340, to produce output byte value b'2 350.
The outputs of all the functions, b1' to b2, are combined by concatenating (adjacent combination) them together to form a new data block X2 225 which is the same size as the original data block X1. The new data block, X2 225 is then applied to a permutation process P block 230 which transforms the positions of the bytes in block X2 225 into a new block X3 235.
The permutation process P block 230 is shown in Fig. 4, and comprises combining the odd numbered bytes of the input data block 410 together in series, to form the first half of the new data block X3 420 and combining the even numbered bytes of the input data block 410 together in series, to form the second half of the new data block X3 420.
The data block X3 is then XORed with the key, K1 130, which is the same size as the data block, to form X4. The process of XORing the key, K1 130, with X3 is shown in Fig. 5, where the process is generalised since it is applied per round. In particular, each numbered byte of the input data block 510 is XORed 520 to the correspondingly numbered byte in the key 130 to produce the output data block 530. The characteristics of the XOR operation are such that the same process works for both the encryption and decryption directions (i.e. XORing the original data with the key produces the transformed data, and XORing the transformed data with the key produces the original data).
Each adjacent pair of bytes of X4 are then applied to a transformation process,f3, which is encapsulated within the F Block 250. This portion of the process is shown in more detail in Fig. 6.
The function f3 is a form of Feistel Network operating across two bytes, using one of the bytes as an input to a substitution function f 630 to obtain a mathematically unrelated value using a look up table (e.g. Read Only Memory -ROM) containing a predetermined set of values. Which particular byte (odd or even) is used as the index reference and XOR input byte is arbitrary, but the embodiment shown in Fig. 6 uses the odd numbered byte as the index reference, and the even numbered byte as the XOR input byte.
Specifically, the process 250 takes the odd numbered byte b 610 and uses it as an index b 61 5a into function f 630, to produce a vector, VI, of pseudo-random byte values (So -S255). The particular referenced byte value obtained, b' 635, is then XORed 640 with the adjacent input byte b+1, i.e. the even numbered byte 620, to produce output value 645. This process provides cryptographic confusion. The result 645 and the original odd byte value 615b are then swapped around to produce the new output byte pair, 650 and 660.
This produces a new data block X5.
The D Block 220 and P Block 230 are then reapplied in the same way as described above, providing further cryptographic diffusion and confusion. The processes that transform data block X3 into data block X7 (i.e. the combination of the X Block 240, F Block, D Block 230 and P Block 230) is called a Round R1 280. The Round is then repeated four more times, R2 to R5. The resulting data block X24 is the output of the block cipher as a whole. A single Round is shown in Fig. 7.
The Round consists of both diffusion and confusion. Repeated use of this Round provides good random isation and a cryptographic avalanche effect. A preferred embodiment of the present invention uses five Rounds, as further Rounds do not provide substantial further randomisation, diffusion or confusion, compared to the extra processing resources/time spent carrying out the further Rounds. Furthermore, in the context of generating a key (cipher key) for use in further encryption processes, a "lightweight" i.e. quick to calculate method and apparatus is preferable.
Decryption For the decryption process, the majority of the functions and processes have to be inverted. However, some processes are specifically chosen for their ability to provide inverting functionality purely through applying the same process to the original output, i.e. they are reversible functions. Also, the XORing of the data block with the key Ki does not need inverting, due to the nature of the XOR function.
Fig. 8 shows an overview of the decryption method according to a preferred embodiment of the invention. In the following text, the input data block 810 is what was previously referred to as the output data block 290.
In brief summary, the decryption method comprises providing the input data block 810 as the input to an inverted P Block, P' Block 820, which provides an input into an inverted D Block, D' Block 830, which in turn provides an input into an inverted F Block, F' Block 840. The output of the F' Block 840 is then XORed with the Key 130 in the same way as was carried out in the encryption process, and which is described in more detail above, with reference to Fig. 5.
The above processes that transform data block X23 into data block Xi9 (i.e. the combination of the P' Block 820, D' Block 830, F' Block 840 and X Block 240) is what is called the Round in the decryption process. This Round is repeated as many times as it was carried out in the encryption process, which in the particular example given, is five times. The output of the Rounds is X3, which is put through a final P' Block 820 and D' Block 830 to arrive at the unencrypted original data block 890.
In more detail, the inverted blocks are composed as follows.
The inverse permutation function P' Block 820 is simply the inverse of the encryption function P Block 230 and is shown in Fig. 9. In particular, it can be seen that P' Block 820 operates by moving every incremental byte in the first half of the input data block 910 to become every other odd numbered byte in the output data block 920, and conversely, every incremental byte in the second half of the input data block 910 to become every other even numbered byte in the output data block 920.
Fig. 10 shows the inverted F' Block function 830 in more detail. It can be seen that this F' Block comprises the same form of inputs into and outputs from the functions, however the functions themselves have been inverted.
In particular, the functions jj and f2 need to be inverted to become jj' andf, and are shown below, as equations 3 and 4: Jj' b1 =b1 _bmod2m Eq.3 b=2b_b+1mod2m Eq.4 Where, again m = 8, due to the byte sized operation.
In Fig. 10, function f 1030 takes the odd numbered byte b1 as input 101 5a and the even numbered byteb2as input 1016b, then combines them according to equation f 1030, to produce output byte value b1 1050. Meanwhile, function if2 1040 takes the odd numbered byte b1 as input 101 5b and the even numbered byteb2as input 1016a, then combines them according to equation if2 1040,toproduceoutputbytevalueb2 1050.
The outputs of all the functions, b1 to b32, are combined by concatenating (adjacent combination) them together to form a new data block X21 which is the same size as the original data block X22. The new data block, X2i is then applied to the F' Block 840 which uses the same look up table to reinstate the original values (for that round).
Fig. ii shows the F' Block 840 in more detail. The transform function f3 becomes f' and is shown below. Note f, remains the same look up table function as operated by the encryption process. This is because the function f, and corresponding table are designed to be reversible in this way.
The F' Block 840 process again takes adjacent byte pairs of the respective input data block as inputs. This time, the byte swap occurs before the function f is applied. Therefore, the even numbered byte 1120 is passed through to become the odd numbered output byte 1150, whilst also being passed on as the input to the functionf 1130, which uses the even numbered byte 1120 as an index into the look-up table, Ti. The value found at the respective entry in the look up table (b's 1135) is then XORed 1140 with the original odd numbered byte 1110 to regain the previous Round's original value, which is stored as the even numbered output byte 1160.
One Round of the decryption process is shown in outline in Figure 12.
A particular example of the data used in the substitution process f described above with reference to Figures 6 and Ii is shown in Fig. 13. It is to be noted that the particular way in which the look up table is arranged and accessed is dependent on the chosen implementation. In the example given in Fig 13, the look up table is arranged for visual convenience as a matrix of 16 columns and 16 rows where, during the lookup process, the lower nibble (4 bits) of the index byte would select the column and the upper nibble would select the row.
However, in a typical electronic implementation, the byte as a whole simply references a memory location storing the relevant data.
A particularly useful implementation of an embodiment of the present invention is to provide random, secure keys for use in the same or other block ciphers. For example, in use within a digital media system to re-encrypt previously decrypted digital media, in order to prevent unauthorized persons accessing the unencrypted (i.e. "in the clear") version of the digital media, such that they are prevented from making copies of the digital media for illegal distribution.
This is a growing problem, as "hackers" are finding increasingly sophisticated ways to get hold of the desired digital media content, by, for example, physically probing the output of the decryption module in a digital TV where the DTV signal has been decrypted.
Hence, in the paid-for subscription digital TV market, there has been a move towards using internal encryption techniques between a Conditional Access Module (CAM) which carries out the decryption of the digital media proper, and the Digital Television set which must display the content. The digital media is re-encrypted using a different scheme to the original encryption, because TVs must be generic (for use in most/all parts of the world), whereas the CAM module will be region/country specific (and contain a particular service provider's decryption information).
In such a case, the present invention may be particular useful in generating a key for use in a standard encryption technique in operation between the CAM and the TV, such as the AES standard.
In embodiments used to generate keys, a random key will be generated by providing an Initialization Vector (IV) as the input data block, and an initial key material as the key, K1, to the hereinbefore described block cipher, which provides another randomized and secure (i.e. unknown) key with which to encrypt further data using the same or another block cipher. Preferably, the IV and initial key are provided via a trusted authority using a Diffie-Heliman key exchange type method, which provides secure sharing of a secret key between two unknown parties.
A particular example is to use the lightweight block cipher of the present invention to provide a 256bit key for use in the block cipher used to encrypt the data carried between a CAM and a digital TV according to the Cli-Specification (Content Security Extensions to the Common Interface).
Examples of encryption standards used in the 01+ specification include Advanced Encryption Standard (AES), Data Encryption Standard (DES).
The apparatus to carry out the above described encryption! decryption / key generation methods may take the form of a general purpose processor carrying out specific computer instructions which cause the processor to encrypt!decrypt data according to the above-described methods.
The apparatus may also be embodied as an Application Specific Integrated Circuit (ASIC), which is designed in hardware (i.e. transistor layout and its interconnect) to carry out the above described methods.
Preferably, the apparatus is formed as part of integrated circuit carrying out other data processing functions in a digital media device, such as a digital TV, and it is used to maintain the security and integrity of copyrighted digital media in its transit through the digital media device.
Preferably, the apparatus is used as a secure key generator, for providing a secure key to use in a further encryption device or method using the same or similar encryption techniques, according to a know standard in use in digital media protection schemes (Digital Rights Management).
Preferably, the method and apparatus is used in combination with a secure initial session key provision service, such as Kerberus and the like.
The above provides a lightweight encryption block cipher to encrypt/decrypt data or to generate unique keys for use in further ciphers given calculated key material.
It will be appreciated that each portion of the above described methods, and each method itself, has an input data block and an output data block, as referenced from the particular portion/method itself. Hence the term input data block an output data block may be used for any of the respective portions, or as the terms for the each of the processes as a whole. For example, in a typical implementation, the output data block of the encryption method will become the input data block of the decryption method. The context of each instance of these phrases will make the respective meaning apparent.
It will be apparent to the skilled person that the exact order and content of the steps carried out in the method described herein may be altered according to the requirements of a particular set of execution parameters, such as speed or security level of encryption, and the like. Accordingly, the claim numbering is not to be construed as a strict limitation on the ability to move steps between claims, and as such portions of dependent claims maybe utilised freely.

Claims (20)

  1. CLAIMS: 1. A method of encrypting an input data block comprising: a. XORing the input data block with a predetermined key to form a intermediate data block; b. providing cryptographic confusion by performing a first transformation function on the intermediate data block, said transformation function operable upon consecutive byte pairs of the intermediate data block and comprising: i. using an odd numbered byte of the byte pair as a location reference into a look up table; ii. XORing an even numbered byte of the byte pair with a value obtained from the referenced location of the look up table to produce a transformed byte; and iii. storing the odd numbered byte of the byte pair as the even numbered byte in an output byte pair, and storing the transformed byte as the odd numbered byte in the output byte pair; iv. concatenating the output byte pairs together to form a second intermediate data block; c. dividing the second intermediate data block into consecutive byte pairs; d. diffusing the second intermediate data block by inputting consecutive byte pairs into first and second reversible functions and concatenating resultant byte pairs to form a diffused data block; e. exchanging bytes of the diffused data block by rearranging the byte order to form a permutated data block.
  2. 2. The method of claim 1, further comprising carrying out steps c to e on the input data block, prior to the first XORing step.
  3. 3. The method of claim 1 or 2, wherein a Round comprises a single one of each of the steps a to e, and the method further comprises carrying out multiple Rounds on the input data block.
  4. 4. The method of any preceding claim, wherein the first reversible function is: jj b =b+b1mod2m; and the second reversible function is: b = b + 2b1 mod2m; where m = 8, wherein the result of the first reversible function forms an odd numbered byte of an output byte pair, and the result of the second reversible function forms an even numbered byte of an output byte pair.
  5. 5. The method of any preceding claim, wherein the exchanging step comprises: a. adjacently combining the odd numbered bytes of an input data block to form a first half of an output data block; and b. adjacently combining the even numbered bytes of an input data block to form a second half of an output data block.
  6. 6. The method of any preceding claim, wherein the method is used to generate a key for use in subsequent encryption steps.
  7. 7. A method of decrypting an input data block previously encrypted according to the method of any of claims 1 to 6, comprising: a. exchanging bytes of the input data block by rearranging the byte order to form a de-permutated data block; b. dividing the de-permutated data block into consecutive byte pairs; c. undiffusing the de-permutated data block by inputting consecutive byte pairs into third and fourth reversible functions and concatenating resultant byte pairs to form a undiffused data block; d. providing cryptographic de-confusion by performing a second transformation function on the undiffused data block, said second transformation function being the inverse of the first transformation function, and operable upon consecutive byte pairs of the undiffused data block, and comprising: i. using an even numbered byte of the byte pair as a location reference into a look up table; ii. XORing an odd numbered byte of the byte pair with a value obtained from the referenced location of the look up table to produce a second transformed byte; and iii. storing the even numbered byte of the byte pair as the odd numbered byte in an output byte pair, and storing the second transformed byte as the even numbered byte in the output byte pair; iv. concatenating the output byte pairs together to form a transformed data block; e. XORing the transformed data block with a predetermined key to form a decrypted output data block.
  8. 8. The method of claim 8, wherein a Round comprises a single one of each of the steps a to e, and the method further comprises carrying out multiple Rounds on the input data block.
  9. 9. The method of claim 7 or 8, further comprising carrying out steps a to c before producing a final decrypted output data block.
  10. 10. The method of any of claims 7 to 9, wherein the third reversible function is the inverse of the first reversible function and consists of: f b =b1 _bmod2m; and the fourth reversible function is the inverse of the second reversible function and consists of: f2' b=2b_b+1mod2m; where m = 8, wherein the result of the third reversible function forms an odd numbered byte of an output byte pair, and the result of the fourth reversible function forms an even numbered byte of an output byte pair.
  11. 11.The method of any of claims 7 to 10, wherein the exchanging step comprises: a. moving adjacent bytes of a first half of an input data block to become the odd numbered bytes of a resultant output data block; and b. moving adjacent bytes of a second half of an input data block to become the even numbered bytes of a resultant output data block.
  12. 12.The method of any preceding claim, wherein the method comprises five Rounds and/or the data block sizes are 256 bits and/or the key is 256 bits in size.
  13. 13.The method of any preceding claim, wherein the look up table used in either of the first or second transformation function is as shown in Fig. 5.
  14. 14.Apparatus to encrypt an input data block comprising circuitry adapted to carry out any of method claims 1 to 6, 12 or 13.
  15. 15.Apparatus to decrypt an input data block comprising circuitry adapted to carry out any of method claims 7 to 13.
  16. 16.A method of encrypting digital data sent between a digital television receiver and a Conditional Access Module, comprising: generating a key using the encryption method according to any of method claims 1 to 6, 12 or 13 on a predetermined key initialisation vector and initial key material; and encrypting the digital data using the key together with any encryption method.
  17. 17.A computer readable medium containing instructions, which, when executed by a processor, causes the processor to carry out any of method claims ito 16.
  18. 18.A method of encryption substantially as described herein with reference tofiguresi to 13.
  19. 19.A method of decryption substantially as described herein with reference tofiguresi to 13.
  20. 20.A method of producing a key as substantially as described herein with reference to figures ito 13.
GB0815648A 2008-08-28 2008-08-28 Device and method for encrypting data or providing an encryption key Expired - Fee Related GB2463031B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0815648A GB2463031B (en) 2008-08-28 2008-08-28 Device and method for encrypting data or providing an encryption key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0815648A GB2463031B (en) 2008-08-28 2008-08-28 Device and method for encrypting data or providing an encryption key

Publications (3)

Publication Number Publication Date
GB0815648D0 GB0815648D0 (en) 2008-10-08
GB2463031A true GB2463031A (en) 2010-03-03
GB2463031B GB2463031B (en) 2010-12-15

Family

ID=39865859

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0815648A Expired - Fee Related GB2463031B (en) 2008-08-28 2008-08-28 Device and method for encrypting data or providing an encryption key

Country Status (1)

Country Link
GB (1) GB2463031B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110958255A (en) * 2019-12-06 2020-04-03 杭州安恒信息技术股份有限公司 Data transmission method and device, electronic equipment and storage medium

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115333868B (en) * 2022-10-14 2022-12-23 安徽华云安科技有限公司 Symmetric encryption method, symmetric decryption method, symmetric encryption device, symmetric decryption device and symmetric encryption device based on odd-even round robin

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2350218A (en) * 1998-02-27 2000-11-22 Mosaid Technologies Inc Encryption processor with shared memory interconnect
US6243470B1 (en) * 1998-02-04 2001-06-05 International Business Machines Corporation Method and apparatus for advanced symmetric key block cipher with variable length key and block
WO2008121614A1 (en) * 2007-03-28 2008-10-09 Intel Corporation Flexible architecture and instruction for advanced encryption standard (aes)

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6243470B1 (en) * 1998-02-04 2001-06-05 International Business Machines Corporation Method and apparatus for advanced symmetric key block cipher with variable length key and block
GB2350218A (en) * 1998-02-27 2000-11-22 Mosaid Technologies Inc Encryption processor with shared memory interconnect
WO2008121614A1 (en) * 2007-03-28 2008-10-09 Intel Corporation Flexible architecture and instruction for advanced encryption standard (aes)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110958255A (en) * 2019-12-06 2020-04-03 杭州安恒信息技术股份有限公司 Data transmission method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
GB2463031B (en) 2010-12-15
GB0815648D0 (en) 2008-10-08

Similar Documents

Publication Publication Date Title
Zhang et al. A plaintext-related image encryption algorithm based on chaos
CN106888080B (en) Protecting white-box feistel network implementations from false attacks
Schaad et al. Advanced Encryption Standard (AES) key wrap algorithm
US10320554B1 (en) Differential power analysis resistant encryption and decryption functions
Alabaichi et al. Enhance security of advance encryption standard algorithm based on key-dependent S-box
US9515818B2 (en) Multi-block cryptographic operation
US20060023875A1 (en) Enhanced stream cipher combining function
KR20100069610A (en) Methods and devices for a chained encryption mode
CN108123794A (en) The generation method and encryption method of whitepack key, apparatus and system
CN107273724B (en) Watermarking input and output of white-box implementations
Gunjal et al. Image steganography using discrete cosine transform (DCT) and blowfish algorithm
EP2904731B1 (en) Method and device for digital data blocks encryption and decryption
CN105281893B (en) For introducing white box realization to the method for the dependence of set of strings
JP3769804B2 (en) Decoding method and electronic device
US8130949B2 (en) Partially reversible key obfuscation
GB2463031A (en) Encrypting data or providing an encryption key
Anupriya et al. Encryption using XOR based extended key for information security–a novel approach
CN113541942B (en) Digital content encryption and decryption method based on ARX white-box block cipher
Parihar et al. Blowfish algorithm: a detailed study
Venkatesha et al. AES based algorithm for image encryption and decryption
Xian et al. Image encryption algorithm based on chaos and S-boxes scrambling
KR101566416B1 (en) Method and device of data encription with increased security
Ahuja et al. Dual layer secured password manager using Blowfish and LSB
Cook et al. Elastic block ciphers: the basic design
Anand et al. Enhanced AES algorithm using 512 bit key implementation

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20180828