DE10158003A1 - Generating keys for data encoding and decoding involves using results of coupled recursion formulas for fixed instance value and across range of parameter values to generate key - Google Patents

Abstract

The method involves generating number sequences for use as data encoding and decoding keys using a number of coupled recursion formulas with different parameters and/or initial values. The results of the recursion formulas for a fixed instance value and across the range of parameter values are used to generate the key.

Description

The invention relates to a method for generating sequences of numbers Use as a key in data encryption and Data decryption according to the preamble of claim 1 and the Use the key for data encryption and Data decryption.

These keys are usually Generated random number generator so that they are as secure as possible against cryptanalysis. The quality of a random sequence generator is based on the Equal distribution, the lack of correlations and the non-periodicity of the generated sequences of numbers determined.

An encryption system is known from EP 994 598, in which Data to be encrypted or decrypted using dynamic generated key are both encrypted and decrypted.

The invention has for its object, both a aforementioned Method for generating keys as well as a method for To create data encryption in which the keys are as good as possible Properties regarding equal distribution, non-periodicity and absence of correlations of the sequences of numbers. Furthermore, that should Data encryption procedures as secure as possible Be cryptanalysis.

This object is achieved by the features of claims 1 and 10. Advantageous and preferred configurations of the invention are Subject of the subclaims and are explained in more detail below. The content of the claims becomes by express reference Content of the description made.

In the method according to the invention, a parameter a and an initial number y _{0 are applied} iteratively to a recursion formula. This is the logistic equation transformed according to y _i = ax _i

y _{i + 1} = y _i (a - y _i ) with i = 0, 1, 2.. ,

The sequence of the y _i shows chaotic behavior for 3.7 <a <4. On the other hand, it quickly goes against -∞ for a> 4. While a key constructed from the y _i can be of any length, a code defining the sizes a and y is ₀ constant and of short length. In order to improve the statistical properties of the keys generated in this way without significantly reducing the speed of the method, a number m of recursion formulas of the type mentioned above, but with different sizes a and y ₀ , are coupled.

The set of equations that arise can be described as follows:

Y _{i + 1, j} = y _{i, j} (a _j - y _{i, j} ), with i = 0, 1, 2,. , . j = 0, 1, 2,. , ., m - 1

The set of y _{i, j} for a fixed value of i can be understood as components of a vector of dimension m, this vector being the starting point for the calculation of a key S _i .

For coupling, the values y _{i, j of} the different components of the same iteration level i are preferably added. This sum or a fraction K thereof is added for each component to the respective value y _{i, j} on the right side of the recursion formula.

Since for the new values y ' _{i, j} thus obtained in the case of y' _{i, j} > a _j, the iterations would quickly go against -∞, capping by using the modulo operation is preferred

y " _{i, j} = y ' _{i, j} mod a _j

carried out. The modulo operation can be implemented either by using the "fmod" function for real numbers, which is standard in C or C ++, or, if y ' _{i, j is} not much larger than a _j , saving computing time by repeatedly subtracting a _j . This results in an excellent distribution of the values without periodicity or gaps in the distribution. This also allows the advantageous use of parameters a _j > 4.

The values y " _{i, j obtained in this way} are used instead of the values y _{i, j} for a next iteration step i + 1.

Several, in particular eight, recursion formulas are particularly preferably coupled. Each component y _{i, j} is a variable of the "double" type (in C programs) consisting of 8 bytes when the method is carried out with a 32-bit microprocessor. Of these, however, only the 4 least significant bytes of the mantissa are used to construct the key S _i . For each iteration, this results in an extension of the key S _i by 32 bytes for such a group of 8 coupled logistic equations. Several such groups of 8 can advantageously be used. When using processors with a larger register width, e.g. B. 64-bit microprocessors, corresponding higher accuracies can be used for floating point numbers, and thus more than 4 bytes of the mantissa can be used

The encryption or decryption itself can be done using several different basic methods. On the one hand, the XOR addition method is advantageously used. XOR is the exclusive OR, synonymous with bit-wise addition without carry, which can be carried out simultaneously on all 32 bits in one step in 32-bit computers. The same applies to z. B. for 64-bit computers. This method is a symmetrical "stream" method in which encryption and decryption are carried out with the same operator A, that is to say the encryption of the plain text k using the key S _i to the encryption text c in accordance with

c = A k = S _i XOR k

and decoding according to

k = A ^-1 c = S _i XOR c.

The term "text" stands for any data in this context binary form.

Here operator A = (S _i XOR) and its inverse A ^{-1 are} identical.

In a particularly fast minimal version of the invention only used this XOR addition. In another embodiment of the Invention, a substitution is additionally applied to the plain text, in which each value of the plain text that can be represented by a byte after a given table is assigned to another byte. About that In addition, this substitution can also be advantageous from the The position of the sign can be made dependent. That way avoided the known relative frequency of certain Letters can be used for cryptanalysis of the key.

Furthermore, it is additionally or alternatively possible that the Plain text a transposition is applied. The transposition is in a block of e.g. B. 256 bytes after the position of the individual bytes swapped a particular table. So in this variant there is one triple encryption instead, the order of XOR Addition on the one hand and position-dependent substitution + transposition on the other hand, can be swapped with another Result. When deciphering, the reverse order of the Methods how to proceed with the encryption. The mentioned Tables are also described using the Random number generator generated.

In contrast to XOR addition, substitution and transposition are asymmetrical processes in which operator A and its inverse A ^{-1 are} not identical.

A separate code is used to determine the initial values y _{0, j} and the parameters a _{j of} the logistic equations used to generate the tables mentioned above.

While the keys S _i for encryption are generated anew with each iteration step _i using the XOR addition, a key S _s for generating the substitution table and a key S _t for generating the transposition table become by inserting the associated initial values y _{0, j} and the parameter a _{j is} generated in the logistic equations.

In the method according to the invention for generating sequences of numbers for use as a key in data encryption and data decryption and the use according to the invention of a key for data encryption and data decryption, the keys are generated on the basis of the initial values y _{0, j} and the parameters a _{j of} the logistic equations.

The codes determining the initial values come from one in the Encryption and decryption device identical deposited code database, in which different data records are deposited. For example, there are a thousand data records of 256 bytes each. On A record in the code database is made using a pointer directed. The pointer is sent from the encryption device to the Decryption device indirectly, by specifying the position of the Pointer in a pointer list, transmitted. This pointer list is in the Encryption and the decryption device also deposited identically. The code database and pointer list are separate generated with the described or other random number generators, There are various ways to initialize them. This will further attack the encryption system difficult.

Such pointers are known as so-called transaction numbers TAN. Such a TAN can preferably be a six-digit decimal number, whose two three-digit parts each have a data record of 256 Show byte.

With the help of the parameters and initial values thus obtained, the Decryption station advantageously sent to the encrypted Decrypt data.

The code determining all initial values is in that Embodiment 512 bytes = 4096 bits long, which is a 1233-digit Decimal number of different possibilities corresponds to each other. He is therefore not easy to guess by systematic trial and error.

The 512 bytes of the code are distributed as follows between the basic methods used: Each logistic equation contains a parameter a _j and an initial value y _{0, j} , which are real numbers of the "double" type with a representation of 8 bytes. The constant rough setting specified in the program is fine-tuned by 6 bytes from the code, resulting in 12 bytes per logistic equation or 96 bytes per group of 8. 4 different groups of 8 are now used alternately for XOR encryption, which results in 384 bytes. So that every single bit of the entire code actually affects all encrypted bytes and not just a quarter, these variables are mixed by linear combination before the parameters and initial values are calculated. Since for the calculation of the mentioned tables for the position-dependent substitution and the transposition own random number generators from a coupled logistic equation are required, which would use 2 further groups of 8, i.e. 192 bytes, according to the same scheme, but the total number should result in 512 and not 576 , only 4 instead of 6 bytes per "double" size are used for this. This complicated process is completely invisible to the user.

In addition, a personal identification number PIN can be used Identification of users authorized for the procedure be, the PIN in the encryption and Decryption device is stored identically. This PIN is a password.

In addition, a method using the key is advantageous created, which is constructed as a so-called master-slave system. Encryption methods are advantageously used for this which the operator for encryption and his inverse for Decryption are no longer identical, as is the case with positional Substitution and transposition and thus also with the XOR Method composite overall transformation is the case. This means that a master is superior to several slaves and with each of these slaves can communicate bidirectionally. The slaves in turn cannot communicate with each other. On in this way security can be increased.

An additional increase in security can be achieved by that the encrypted data itself is hidden. This is possible through so-called steganography. You can do this at Transmission of the encrypted data hidden in other data be, preferably in data from graphics or sound. Here in the case of Pixel graphics or sound files a hidden transmission encrypted data. In the case of pixel graphics particularly preferably uses files in Targa format in which the red, Green and blue values (RGB) of each pixel, i.e. each pixel, with 256 levels of brightness in one byte of 8 bits each without data compression get saved. Although information is stored digitally, are often analog devices with a on the recording side Background noise in the game. The eye can, however, be pure even with one on one digital technology based application, such a fine gradation do not differentiate. This is at least the least significant bit of each byte is redundant and can be replaced by external information such as replacing a bit of a cryptographic file. The same applies to the least significant bit of each byte of a sound file in the Wave format, e.g. B. a phone call.

The method with a microprocessor or Computer performed.

Claims (15)

1.Procedure for generating sequences of numbers for use as a key in data encryption and decryption, in which recursion formulas of Art
y _{i + 1} = y _i (a - y _i ), with i = 0, 1, 2,. , ,
to be used,
characterized in that
a number m of such recursion formulas
y _{i + 1, j} = y _{i, j} (a _j - y _{i, j} ), with i = 0, 1, 2,. , . j = 0, 1, 2,. , ., m - 1
are coupled with different parameters a _j and / or initial values y _{0, j} and the values y _{i, j are used} for a fixed value of i and over all j to generate the key. 2. The method according to claim 1, further characterized in that the coupling of the recursion formulas by adding a fraction K of the sum of all values y _{i, j} for a fixed value of i to the respective values y _{i, j}


is carried out. 3. The method according to claim 2, further characterized in that on the values y ' _{i, j} for a fixed value of i the modulo operation
y " _{i, j} = y ' _{i, j} mod a _j
is applied and the values y " _{i, j are used} instead of the values y _{i, j} for a next iteration step i + 1. 4. The method according to any one of claims 1 to 3, further thereby characterized in that m = 8 recursion formulas are coupled. 5. The method according to any one of claims 1 to 4, further characterized in that a _j > 4 applies to all recursion formulas. 6. The method according to any one of claims 1 to 5, further characterized in that a key S _{i of} an iteration level i is formed by combining all the values y _{i, j} for a fixed value of i and for combining the y _{i, j} in a floating point representation only the mantissa or a low-order part of the mantissa of the values y _{i, j} is used. 7. The method according to any one of claims 1 to 6, further characterized in that
the initial values y _{0, j} and parameters a _{j are constructed} from a code database stored identically in the encryption and decryption device, different codes being stored therein,
reference is made to the initial values y _{0, j} and parameters a _j in a code database by means of a pointer,
the pointer to a specific code is transmitted indirectly by the encryption device to the decryption device by specifying the position of the pointer in a table. 8. The method according to claim 7, further characterized in that the pointer is a six-digit decimal number. 9. The method of claim 7 or 8, further thereby marked that in addition a password to identify for the Approved users are used, the password in the Encryption and decryption device identical is deposited. 10. Use of a key according to one of claims 1 to 9 for data encryption and data decryption. 11. Use according to claim 10, further characterized in that during encryption, a ciphertext c is generated by XOR-adding a plaintext k with the key S _i according to the following relationship:
c = S _i XOR k
and when decrypting, the plaintext k is generated by XOR-adding the ciphertext c with the key S _i according to the following relationship:
k = S _i XOR c. 12. Use according to claim 10 or 11, further characterized in that during the encryption and decryption, characters are exchanged for other characters depending on the position and a table used for the exchange is generated with the aid of a key S _s . 13. Use according to one of claims 10 to 12, further characterized in that during encryption and decryption, the position of a character is exchanged for the position of another character and a table used for the exchange is generated with the aid of a key S _t . 14. Use according to any one of claims 10 to 13, further thereby characterized that the data encrypted in this way in other data hidden, especially in data from graphics or sound. 15. Use according to any one of claims 10 to 14, further thereby characterized that the method for data encryption and Data decryption a higher-level system and one or more has subordinate systems, the use of asymmetric encryption methods only between the parent system and the child systems, but not can be communicated between the subordinate systems.