EP1676394A1 - Procede et dispositif de chiffrement/dechiffrement - Google Patents

Procede et dispositif de chiffrement/dechiffrement

Info

Publication number
EP1676394A1
EP1676394A1 EP04763626A EP04763626A EP1676394A1 EP 1676394 A1 EP1676394 A1 EP 1676394A1 EP 04763626 A EP04763626 A EP 04763626A EP 04763626 A EP04763626 A EP 04763626A EP 1676394 A1 EP1676394 A1 EP 1676394A1
Authority
EP
European Patent Office
Prior art keywords
encryption
decryption
data block
bit
input
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP04763626A
Other languages
German (de)
English (en)
Inventor
Gerd Dirscherl
Berndt Gammel
Rainer GÖTTFERT
Steffen Sonnekalb
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Infineon Technologies AG
Original Assignee
Infineon Technologies AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Infineon Technologies AG filed Critical Infineon Technologies AG
Publication of EP1676394A1 publication Critical patent/EP1676394A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/125Parallelization or pipelining, e.g. for accelerating processing of cryptographic operations

Definitions

  • the present invention relates generally to
  • Encryption / decryption scheme as can be used, for example, to protect memory contents against unauthorized reading.
  • the data to be stored is not in plain text, i.e. unencrypted, but saved in encrypted form, as a so-called ciphertext or so-called ciphertext. If the data is to be read at a later point in time, it naturally has to be decrypted again before it can be processed further. Examples of applications in which this effort for storage is worthwhile are diverse and include, for example, chip cards, smart cards or magnetic cards, on which information to be protected, such as monetary amounts, keys, account numbers, etc., is to be protected from unauthorized access.
  • a cipher domain Deliver to attackers, stored in encrypted form, referred to in Fig. 5 as a cipher domain.
  • the data to be protected is in plain text, referred to as plain text domain in FIG. 5.
  • the border between plain text and cipher domain is shown in FIG. 5 with a semicolon.
  • An interface between the plain text and cipher domain is formed by an encryption / decryption device 900.
  • the encryption / decryption device 900 is used to encrypt unencrypted data to be stored from the plain text domain and to use it in encrypted form
  • the encryption / decryption device 900 therefore consists of two parts which are approximately the same size or have the same complexity in their implementation, namely an encryption unit or an encryption part 902 and a decryption unit or a decryption part 904.
  • the encryption unit 902 simulates data at an encryption input thereof a specific encryption algorithm in blocks on encrypted data and outputs it to an encryption output of the same.
  • the encryption unit 902 is provided in the device 900 in such a way that it stores data blocks Bj . , ..., B N , with N e IN, which are in plain text, receives at its encryption input, so that the encryption unit 902 outputs encrypted data blocks Ci, ..., C N at the encryption output, the so-called cipher.
  • the decryption unit 904 is responsible for the reverse direction, namely not for storing data but for reading data from the memory in the cipher domain into the plain text domain.
  • the decryption unit 904 is designed to map data at its decryption input to decrypted data according to a decryption algorithm which is inverse to the encryption algorithm of the encryption unit 902, and outputs this decrypted data at a decryption output thereof.
  • the decryption unit 904 is provided in such a way that it receives data blocks Ci,..., C N stored in encrypted form at the data input, decrypts this cipher Ci,..., C N in blocks and the data blocks Bi at the decryption output , ..., B N in plain text to the plain text domain.
  • the object of the present invention is to provide an encryption / decryption scheme that is more effective.
  • the encryption unit and decryption unit present in an encryption / decryption device can both be used for both encryption and decryption, without their effects canceling each other out, if between the decryption input of the decryption device and the encryption output the encryption device is provided with an encryption link device which maps the encryption result data block at the encryption output to a depicted encryption result data block in accordance with an encryption link mapping and is used in, for example, encryption, and a further decryption link device which converts the encryption result data block at the encryption output to an inverse-depicted encryption result data block depicts encryption link mapping that is inverse to the encryption link mapping and is used, for example, in decryption.
  • the complexity of the structure does not increase enormously, since the actual encryption or decryption is carried out by the two devices, namely the encryption and decryption device, with a correspondingly high non-linearity of the underlying images.
  • the encryption link and decryption link mapping are only there to ensure that the effects of the encryption mapping and the decryption mapping as implemented by the encryption and decryption device do not cancel each other out.
  • Encryption can now be effected in that a data block to be encrypted runs through at least once the sequence of encryption device, encryption link device and decryption device or is processed serially by these devices.
  • the decryption can then be carried out based on the same encryption and decryption device in that a data block to be decrypted runs through at least a sequence of encryption device, decryption link device and decryption device.
  • Decryption used both devices, encryption and decryption device, whereas in the past one of the two devices was only responsible for encryption and the other was exclusively responsible for decryption. In addition, two different encryption or decryption processes are effectively carried out in series, which conventionally had to be achieved by two rounds through the encryption or decryption device.
  • a special form of encryption or decryption link mapping is, for example, an implementation
  • This mapping in the form of suitably routed conductor tracks, such that they perform a permutation of the bits of the encryption result data block from the encryption output to the decryption input or a reverse or inverse permutation.
  • Such an implementation hardly costs any chip area.
  • FIG. 1 is a block diagram of an encryption / decryption device according to a general embodiment of the present invention
  • FIG. 2 shows a schematic illustration of an encryption process and a decryption process, as is possible with the device from FIG. 1 according to a further exemplary embodiment of the present invention
  • FIG. 3a shows a schematic illustration of an encryption process according to a further exemplary embodiment of the present invention.
  • FIG. 3b shows a schematic illustration of a decryption process for decrypting a ciphertext encrypted after the encryption of FIG. 3a according to an embodiment of the present invention
  • FIG. 4 shows a block diagram of an encryption / decryption device which implements the encryption according to FIG. 3a and decryption according to FIG. 3b, according to an embodiment of the present invention
  • 5 shows a block diagram of an encryption / decryption device with an encryption unit for encryption and a decryption unit for decryption.
  • the encryption / decryption device 10 is able to encrypt incoming data blocks which are to be encrypted into encrypted data blocks and to decrypt data blocks to be decrypted into decrypted data blocks.
  • the encryption / decryption device 10 has an encryption device 12, a decryption device 14, a permutation device 16, an inverse permutation device 18 and a control device 20. Furthermore, the encryption / decryption device comprises a data input 22 for those to be encrypted Data blocks, a data input 24 for the data blocks to be decrypted, a data output 26 for the encrypted data blocks and a data output 28 for the decrypted data blocks.
  • solid arrows indicate the path that a data block to be encrypted takes in device 10, ie which sequence of devices it goes through.
  • the dashed arrows indicate the sequence of data blocks to be decrypted by devices of the device 10. This is controlled by the control device 20, which for this purpose has, for example, switches, multiplexers or the like, as is illustrated in more detail by way of example with reference to the exemplary embodiment of FIG. 4.
  • the encryption device 12 is designed to map data blocks at its encryption input block-wise according to an encryption mapping to encryption result data blocks and to output the latter at its encryption output.
  • the encryption map is preferably a non-linear map that maps n-bit data blocks to m-bit data blocks, where n and m are integers, i.e. m, n IN.
  • n m, although m> n could also apply if special further conditions are placed on the plain text blocks and the mapping E.
  • the encryption mapping can be implemented, for example, using one or more S-boxes.
  • E E for encryption
  • the decryption device 14 is designed to map data blocks at its decryption input in accordance with a decryption map to decryption result data blocks and to output the latter at its decryption output, the decryption map being inverse to the encryption map.
  • the decryption device 14 can be implemented by one or more S-boxes, namely by. S-boxes that are inverse to those that form the encryption device 12.
  • the permutation device 16 comprises an n-bit permutation input and an n-bit permutation output.
  • the permutation device 16 is provided in order to permute the bits of an n-bit data block at the permutation input, ie to rearrange them, and to permute the permuted n-bit data block at the permutation input. output output.
  • the n-bit data block at the permutation input consists of a sequence of n bits, the sequence of which is changed by the permutation by the permutation device 16.
  • the permutation device 18 also has a permutation input and a permutation output.
  • Both permutation device 16 and inverse permutation device 18 can be implemented as conductor tracks which connect the individual n bit inputs at the permutation input to different ones of the n bit outputs at the permutation output.
  • the control device 20 is now able to encrypt data blocks at the input 22 and to decrypt them
  • the control device 20 ensures that a data block to be encrypted at the data input 22 runs through the sequence of encryption device 12, permutation device 16 and decryption device 14.
  • the data block 22 to be encrypted is processed in succession by the encryption device 12, the permutation device 16 and the decryption device 14.
  • B - arrives at the encryption input of the encryption device 12.
  • An order is of course defined via the n bits of the n-bit encryption result data block C.
  • the encryption result data block C is applied to the permutation device 16.
  • the permutation is referred to in the following P.
  • the control device 20 ensures that data blocks to be decrypted at the input 24 run through a different sequence of devices, namely the sequence of encryption device 12, inverse permutation device 18 and decryption device 14. It is assumed, for example, that the data block to be decrypted is the encrypted data block just received C e esult is. This data block
  • C result i s is carried out by the input 24 to the encryption input of the encryption device 12.
  • the encryption device 12 thus makes the mapping exactly the decryption mapping that was carried out at the end of the encryption.
  • the result encryption data block C at the output of the encryption device 12 is now fed to the permutation input of the inverse permutation device 18.
  • This operation changes the order of the n bits of the n-bit encryption result data block in a manner exactly the opposite of that used to obtain the intermediate encryption result C during encryption.
  • the device 10 of FIG. 1 is able both to encrypt data blocks in plain text in cipher data blocks and to decrypt cipher data blocks back into data blocks in plain text, encryption device 12 and decryption device 14 both for encryption and for decryption are involved in the processing of the data blocks to be decrypted or encrypted.
  • n m.
  • the control device 20 it is possible for the data blocks to be encrypted run through the sequence of encryption device 12, permutation device 16 and decryption device 14 more than once, and accordingly the data blocks to be decrypted also repeat the sequence of encryption steps. direction 12, inverse permutation device 18 and decryption device 14.
  • the security of the encrypted, stored data can be increased by going through it several times.
  • the upper line of FIG. 2 represents the encryption process as it is effected by the control device 20.
  • a data block to be encrypted (far left) is successively subjected to the same serial processing 30 times in iterative or repeated fashion.
  • Each round 30 comprises a sequence of an encryption map E, a permutation P, a decryption D and one
  • Permutation P the control device 20 repeatedly passed data blocks to be encrypted through the encryption device 12, the permutation device 16, the decryption device 14 and the permutation device 16, sequentially in this order. At the end (on the far right in FIG. 2), the encrypted data block would result at the output 26.
  • the decryption is shown in Fig. 2 in the lower line.
  • a data block to be decrypted is subjected to a sequence of images which results when the top line is read upside down, ie from the right, ie the processing sequence is reversed, and each image is inverted, ie P _1 reads instead of P, E reads instead of D. and D reads instead of E, which means that each device is exchanged for its inverse device.
  • Data blocks to be decrypted consequently also processed in rounds 32, each round 32 having a sequence of maps P "1 , E, P -1 and D. At the end (far right in FIG. 2) there is a decrypted data block.
  • the rounds 30 and 32 actually represent double rounds in which encryption E and decryption or decryption mapping D 'is carried out. 2, the encryption device and the decryption device or the underlying hardware are therefore used with a time offset, both in the case of encryption and decryption. Encryption according to the upper line in FIG. 2 can of course be carried out in the device of FIG. 1 at the same time as decryption according to the lower line in FIG. 2 if the two processes are carried out in a pipelined manner, so that the encryption device E is straight is used for encryption while the decryption device is currently working for decryption.
  • FIG. 2 can of course be varied as desired. It is not imperative that only the permutation P is used for the encryption, while only the inverse permutation P _1 is used for the decryption.
  • an encryption round 30 could also be E, P, D, P _1 , while the corresponding decryption round 32 was P, E, P _1 , D.
  • FIGS. 3a, 3b and 4 in which the encryption mapping and the decryption mapping are implemented by 4x4-S boxes which each map four different bits of the data block at the encryption input to four different bits of the data block at the encryption output.
  • S-Box such as a 32-bit S-Box
  • S-Boxes such as eight 4x4-S-Boxes.
  • 3a shows an encryption according to an exemplary embodiment of the present invention.
  • a plurality of devices are available for encryption, with a further device being available for each device that carries out a specific mapping, which carries out the inverse mapping for this.
  • 4x4-S-boxes Si-SQ serve as encryption device 12 '
  • eight S-boxes S ⁇ 1 -S g 1, which are inverse thereto, serve as decryption device 14'.
  • two identical mapping devices 40 and 42 are available which output a 32-bit data block at their 32-bit data input in accordance with a self-inverting linear mapping or linear transformation to a 32-bit data block at their data output.
  • two rotation devices 44 and 46 are provided, which rotate a 32-bit data block at their rotation input according to a bit rotation R by a predetermined number of bits in a predetermined direction and output the result of the rotation at their rotation output.
  • two 32-bit XOR logic devices are provided, each consisting of 32 XOR gates, which bit by bit the 32 bits of a 32-bit data block with the bits of a 32-bit
  • a plaintext data block B only goes through a double round 52, i. H . a Processing sequence which has an encryption 12 'once or in one partial round and a decryption 14' the other time or in the other partial round.
  • the double round 52 is thus divided into two partial rounds, namely 52a and 52b, which are carried out sequentially.
  • the first sub-round 52a, which the plaintext data block B passes through consists of the sequence of XOR link 48 with the round key Ki, encryption mapping by the S-boxes Si-S 8 , linear transformation 40 and subsequent rotation 44.
  • sub-round 52b After passing through the sub-round 52a, processing is carried out by the sub-round 52b, which includes a sequence of the XOR combination with the round key K 2 , a decryption mapping by the inverse S-boxes ST / 1 -S "1 , linear transformation 42 and
  • Rotation 46 has. After sub-round 52b, cipher C or cipher block C results.
  • a data block B to be encrypted passes through the XOR logic device 48.
  • the result at the output of the XOR logic device 48 is a data block, the bits of which at the points where the round key K x a has logic one, is inverted to the corresponding bits of data block B, while the remaining bits are identical to the corresponding bits of data block B.
  • the S-Boxes Si - Sg map the 4-bit words present at their S-Box inputs to 4-bit words shown in accordance with a mapping rule assigned to them, which is preferably non-linear and different for all S-Boxes.
  • the four bits at the S-box outputs of the S-boxes Si-S 8 are then supplied as a 32-bit data block to a 32-bit data input of the linear transformation device 40, namely the four bits of the S-Box Si as the most significant four bits 31-28, the four output bits of the S-box S 2 as the next least significant bits 27 - 24 ... and the bits of the S-Box S 8 as bits 3 - 0.
  • the linear transformation device 40 maps the data block at its data input by linear mapping to another 32-bit data block.
  • the resulting data block at the data output of the linear transformation device 40 is forwarded to the rotation device 44, which shifts the bits of the data block applied to its data input to the right or left by a number of bits depending on the rotation R, and appends the bits pushed out again to the bit positions that become free.
  • the data block at the output of the rotating device 44 thus represents the result of the first partial round 52a.
  • This 32-bit data block is then again an XOR
  • Linkage 50 is now subjected to a round key K, in turn inverting the bit positions at which the round key K 2 has a logical one. In each case four successive bits of the resulting data block are then transferred to the inverse S-boxes S "1 - S " 1 on their S-box
  • Linear transformation device 42 is applied, which carries out the same linear transformation as the linear transformation device 40.
  • the result of the linear mapping is a 32-bit data block which is fed to the input of the rotation device 46 and which rotates this data block in the same direction by the same number of bits as the Rotation device 44.
  • the resulting 32-bit data block is the ciphertext C or the ciphertext data block C.
  • the passage of a plurality of double rounds 52 could also be provided in order to perform encryption, as is also provided for the implementation of the encryption according to FIG. 3a according to the embodiment of FIG. 4.
  • a mapping is carried out between each encryption or decryption map 12 'or 14', which can be referred to as an encryption link map. While this link encryption mapping was, for example, the permutation P in the exemplary embodiment of FIG. 1, this is the case in the exemplary embodiment of FIG.
  • mapping L through multiple XOR operations of the bits in the individual data blocks to ensure that small changes in the plaintext data block have a major impact on the ciphertext data block.
  • the linear transformations L ensure that the bits that are output by the S-boxes Si-S ⁇ are effectively mixed with other bits of other bit positions and shifted to other bit positions, so that they are not simply rotated get to predetermined subsequent inverse S-boxes.
  • FIG. 4 still to be discussed relates to an implementation example for the encryption process of FIG. 3a using two devices in each case, as has been illustrated in FIG. 3a.
  • FIG. 3b shows a decryption round for decrypting a cipher data block C, as is obtained by an encryption round 52 from FIG. 3a.
  • the round of decryption is generally indicated at 60. It in turn consists of two sub-rounds 62 and 64.
  • a cipher data block C runs in a decryption round the same S-boxes Si - S 8 or S ⁇ 1 - S g 1 as in the encryption round of
  • Fig. 3a or the same encryption and decryption device 12 'and 14'.
  • the other devices can be chosen to be identical to the devices in the encryption, or they can be provided specifically for the decryption.
  • FIG. 3b the remaining devices are provided with their own reference numerals, as if they were different from those of FIG. 3a, the exemplary embodiment representing an opposite implementation option with respect to the linear imaging devices.
  • a cipher block C goes through two inverse rotators 66, 68, two linear transformers 70 and 72 and two XOR links 74 and 76 during a decryption round 60.
  • the images are carried out on the cipher data block, as are also carried out on the plain text data block in the case of encryption, but in reverse order and inverted. That is, in accordance with the rotation 46 of FIG. 3a, an inverse rotation is first carried out by the rotation device 66 on the cipher data block C, i.e. a shift of the bits of the cipher frame C by a number of bits identical to that of the rotation R but in the opposite direction.
  • Data block is passed on to the linear transformation device 70.
  • the passage of the S -1 boxes of Figure 3a corresponding to the at the output of the linear transformation means 70 resulting 32-bit data block in units of 4-bit words of the S-boxes Si -. S 8 as the encryption device 12 'fed.
  • the resulting 32 bits are XOR-linked with the round key K 2 . This link corresponds to link 50 of FIG. 3a.
  • the XOR link 50 is also a self-inverting mapping, since the repeated inversion of the bits at the bit positions at which the 2-bit round key K 2 has a one again supplies the original data block.
  • the result of the XOR link 74 is the result of the sub-round 62.
  • the sub-round 64 which follows the sub-round 62, then corresponds to a reversal of the sub-round 52a of the encryption round 52 from FIG. 3a.
  • the data block is then sequentially fed to the inverse rotation device 68, the linear transformation device 72, the inverse S-boxes 14 'and the XOR linkage with the round key Ki, whereupon the plain text data block M is obtained, as shown in FIG. 3a the ciphertext C has been encrypted.
  • the encryption / decryption device of FIG. 4 comprises the devices of FIG. 3a and additionally some devices of FIG. 3b.
  • the linear transformation devices from FIG. 3a are used together, so that in FIG. 4 they only have the reference numerals from FIG. 3a, i.e. 40 and 42, and the linear transformers 70 and 72 have been implemented by the same actual devices.
  • the encryption / decryption device of FIG. 4 is indicated generally at 100.
  • the encryption / decryption device 100 comprises, in addition to the inverse rotation devices 66, 68, the linear transformation devices 42, 40, the rotation devices 46, 44, the XOR combination devices 48, 50,
  • S g 1 switches 102, 104, 106, 108, 110 and 112 and a control unit 114.
  • a data input 116 is provided for the reception of the data blocks to be encrypted, a data input 118 for the reception of the data blocks to be decrypted, an output 120 for the output of the encrypted data blocks and an output 122 for the output of the decrypted data blocks.
  • the lines connecting the device are each 32-bit lines and either represented by a broken line or by a solid line, wherein dashed lines indicate the data path that is relevant for decryption, while the solid lines are used for encryption.
  • Data inputs from devices and data lines, which are used together for decryption and encryption, are shown by dashed and solid lines running in parallel. The arrows are intended to make it easier to read the encryption / decryption device.
  • Linking device 48 with its output connected to the input of the S-boxes Si - S 8 .
  • the output of the S-boxes S x - S 8 is connected to a 32-bit input of the 32-bit switch 106.
  • the switch has two 32-bit outputs and is provided in order to connect the switch input to either one switch output or the other switch output in accordance with a control signal c 0 which it receives at a control input from the control unit 114.
  • a first of the switch outputs is assigned to encryption rounds, while the other switch output is permanently assigned to decryption rounds.
  • the encryption switch output is connected to an input of the linear transformation device 40.
  • the output of the linear transformation device 40 is connected to a 32-bit switch input of the switch 108.
  • the switch 108 also receives the signal c 0 from the control unit 114 at a control input thereof and accordingly connects the switch input to either a 32-bit encryption switch output or a 32-bit decryption switch output.
  • the encryption switch output of the switch 108 is connected to an input of the rotation device 44.
  • An output of the rotation device 44 is connected to a data input of the encryption device 50, which contains the round key K 2 at its 32-bit key input, while at the key input of the key device 48 the round key Ki is applied.
  • the output of the XOR logic device 50 is connected to an input of the ST / 1 -S "1.
  • the outputs of the latter are connected to a 32-bit switch input of the switch 110 which, like the switches 106 and 108, has the control signal at a control input thereof receives c 0 from the control device 114 and, depending on it, connects the 32-bit control input to either a 32-bit encryption switch output or a 32-bit decryption switch output
  • the encryption switch output of the switch 110 is connected to an input of the linear transformation device 42, whose output is in turn connected to a 32-bit switch input of the switch 102.
  • This switch 102 also receives the control signal Crj from the control unit 114 at a control input thereof and accordingly switches the switch input to either a 32-bit encryption control output or a 32-bit decryption switch output
  • the 32-bit Ve The key switch output of the switch 102 is connected to an input of the rotation device 46, the output of which is in turn connected to a 32-bit switch input of the switch 104.
  • This switch 104 receives a control signal b o from the control unit 114 at a control input thereof and has a 32-bit round termination switch output and a 32-bit round continuation switch output. Depending on the signal b 0 , the switch 104 connects the switch input either to the round termination switch output or to the round continuation switch output.
  • the lap continuation switch output is connected to the input of the XOR logic device 48, while the lap termination switch output is connected to the output 120 of the device 100.
  • the input 118 is connected to an input of the inverse rotation device 66. Its output is in turn connected to the input of the linear transformation device 42.
  • the decryption switch ter output of the switch 102 is connected to the input of the S-boxes Si - S 8 .
  • the decryption switch output of the switch 106 is connected to a data input of the XOR logic device 74, which receives the round key K 2 at its key input and which is connected to an input of the inverse rotation device 68 with its data output.
  • the output of the inverse rotation device 68 is connected to the input of the linear transformation device 40.
  • the decryption switch output of the switch 108 is connected to the input of the inverse S-boxes S "1 - S g 1.
  • the decryption key output of the switch 110 is connected to the data input of the XOR logic device 76, which receives the round key Ki at its key input, and that is connected with its data output to a switch input of the switch 112.
  • the switch 112 receives the control signal bo from the control unit 114 at a control input thereof and accordingly connects the switch input either to a decryption round termination switch output or to a decryption round continuation switch output.
  • Continuation switch output of switch 112 is connected to the input of inverse rotator 66, while the decryption turn termination switch output is connected to output 122 of device 100.
  • encryption is considered.
  • a data block to be encrypted is present at data input 116.
  • the control unit 114 uses the signal c 0 to control all the switches 102, 106, 108 and 110 in such a way that they connect their respective control input to the encryption control output.
  • the control unit 114 need not change the signal c 0 while the data block is going through this sequence. In general, the control unit 114 does not change the signal c 0 for the entire encryption process, ie also for the subsequent rounds. The control signal c 0 remains the same for the entire encryption process, so that there is only a small amount of control for the control unit 114. With the control signal bo, the control unit 114 ensures that the switch 104 after the first round pass, ie after the
  • Processing by the rotation device 46 connects its switch input to the encryption round continuation switch output, so that the intermediate result or the data block which the rotation device 46 outputs is again applied to the XOR logic device 48 which marks the start of the operation by the switches 106, 108 , 110 and 102 defined round of encryption forms.
  • control unit 114 ensures that the switch 104 now switches the switch output to the encryption round termination switch output has (dashed switch position), so that the cipher or the chiff-at data block is output at the data output 120, as it results after two round passes 52, as shown in Fig. 3a.
  • the control unit 114 uses the control signal c 0 to ensure that the switches 102, 106, 108 and 110 connect their control input to the decryption control output (the switch state (not shown in FIG. 4)).
  • a data block to be decrypted which is present at data output 118, is easily guided by a sequence of devices that corresponds to the sequence of FIG. 3b, namely by the sequence of inverse rotation device 66, linear transformation device 42, S boxes Si - S 8 , XOR logic device 74, inverse rotation device 68, linear transformation device 40, inverse S boxes 14 ', XOR logic device 76.
  • the control signal bo sets the control unit 114 in such a way that the switch 112 switches the data block, which is after the first Decoding round has returned to the
  • Input of the inverse rotation device 66 is applied, that is, such that the switch 112 connects its switch input with the decryption round continuation switch output.
  • the control unit 114 then ensures that after the second run through the
  • Decryption round the resulting data block is output as the decrypted data block at output 122, namely switch 112 switching its control input to the decryption round termination switch output (dashed switch position).
  • the preceding exemplary embodiments are suitable for use as encryption of memory contents as protection against unauthorized reading out of these memory contents.
  • the exemplary embodiments can also be used for online or bus encryption in other applications if, for example, the underlying encryption hardware is to be kept small.
  • FIGS. 3a to 4 relate to encryption / decryption by a cryptographically complete block cipher. It is not possible for an attacker to calculate back or infer the data in encrypted form to the plain text, or only with disproportionate effort. For example, in the embodiment of FIG. 4 or of FIG. 2, the hardware implementation does not take up a large area, since the block cipher is designed with a variable number of rounds. This means that the cryptographic strength of the encryption is scalable at the expense of performance or performance or speed, but not at
  • a rotation was used in the embodiments of FIGS. 3a-4. Of course, it would also be possible to generally replace the rotation with a permutation. In any case, permutation or rotation ensures that the effects of the S-boxes do not weaken each other.
  • the S-boxes of the exemplary embodiments 3a-4 caused confusion, the linear transformations for diffusion of the plain text bits.
  • one and the same module could then also perform the decryption by a control unit using these switches or multiplexers to ensure that the devices were appropriately connected to a corresponding sequence of devices.
  • the control can also take place dynamically during a double round, so that a device is run through twice during a double round.
  • the linear transformation devices 40, 42, the inverse rotation devices 66, 68 and the rotation devices 46 and 44 could each be replaced by one.
  • the disadvantage would be the increased control effort for the control unit 114, whereas the advantage would be the smaller chip area.
  • the exemplary embodiments of the present invention have the advantages that a high number of rounds is not required to achieve the same level of security, which in turn improves the performance or performance or effectiveness compared to these Feistel ciphers.
  • Cipher encryption / decryption devices increased.
  • the previous exemplary embodiments only required a minimum of elementary components, namely for example in the exemplary embodiments from FIGS. 3a-4 S-boxes and linear transformations.
  • the associated inverse elementary element is also built into the encryption / decryption device. This can then undo the operation of the elementary block, which is used for decryption. For encryption, care has been taken to ensure that the
  • the number of rounds ie the number of double rounds
  • the encryption rounds of FIGS. 3a and 3b can be run through as often as desired.
  • the cipher C then represents a 1, 2, ... N double-round encryption or a 2, 4, 6 ... 2N-round encryption, with N e IN.
  • the encryption device can also be viewed neutrally as a first imaging device with a first image and the decryption device as a second imaging device with an associated image that is inverse to the first.
  • the scheme for encryption / decryption according to the invention can also be implemented in software.
  • the implementation can take place on a digital storage medium, in particular a floppy disk or a CD with electronically readable control signals, which can interact with a programmable computer system in such a way that the corresponding method is carried out.
  • the invention thus also consists in a computer program product with program code stored on a machine-readable carrier for carrying out the method according to the invention when the computer program product runs on a computer.
  • the invention can thus be implemented as a computer program with a program code for carrying out the method if the computer program runs on a computer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Facsimile Transmission Control (AREA)

Abstract

L'invention se base sur le fait que l'unité de chiffrement (12) et l'unité de déchiffrement (14) présentes dans un dispositif de chiffrement/déchiffrement (10) peuvent être utilisées toutes les deux tant lors du chiffrement que du déchiffrement sans que leurs actions ne s'annulent lorsqu'un dispositif d'enchaînement de chiffrement (16) est implanté entre l'entrée de déchiffrement du dispositif de déchiffrement (12) et la sortie de chiffrement du dispositif de chiffrement (14). Le dispositif d'enchaînement de chiffrement représente le bloc de données résultat du chiffrement à la sortie de chiffrement sur un bloc de données résultat de chiffrement représenté selon une représentation d'enchaînement de chiffrement et est utilisé par exemple, lors du chiffrement. Un autre dispositif d'enchaînement de déchiffrement (18) représente le bloc de données résultat du chiffrement à la sortie de chiffrement sur un bloc de données résultat de chiffrement représenté inverse selon une représentation d'enchaînement de déchiffrement qui est inverse à la représentation d'enchaînement de chiffrement et est utilisé, par exemple, lors du déchiffrement.
EP04763626A 2003-09-30 2004-07-29 Procede et dispositif de chiffrement/dechiffrement Withdrawn EP1676394A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10345378A DE10345378B4 (de) 2003-09-30 2003-09-30 Verfahren und Vorrichtung zur Ver-/Entschlüsselung
PCT/EP2004/008534 WO2005043803A1 (fr) 2003-09-30 2004-07-29 Procede et dispositif de chiffrement/dechiffrement

Publications (1)

Publication Number Publication Date
EP1676394A1 true EP1676394A1 (fr) 2006-07-05

Family

ID=34428147

Family Applications (1)

Application Number Title Priority Date Filing Date
EP04763626A Withdrawn EP1676394A1 (fr) 2003-09-30 2004-07-29 Procede et dispositif de chiffrement/dechiffrement

Country Status (4)

Country Link
US (1) US20060265604A1 (fr)
EP (1) EP1676394A1 (fr)
DE (1) DE10345378B4 (fr)
WO (1) WO2005043803A1 (fr)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0211812D0 (en) * 2002-05-23 2002-07-03 Koninkl Philips Electronics Nv S-box encryption in block cipher implementations
DE102007026977B4 (de) * 2006-06-07 2012-03-08 Samsung Electronics Co., Ltd. Kryptographisches System und zugehöriges Betriebsverfahren und Computerprogrammprodukt
KR100837270B1 (ko) 2006-06-07 2008-06-11 삼성전자주식회사 스마트 카드 및 그것의 데이터 보안 방법
DE102008010787B4 (de) * 2008-02-22 2016-06-09 Fachhochschule Schmalkalden Verfahren zur Sicherung der Integrität von Daten
US20100329450A1 (en) * 2009-06-30 2010-12-30 Sun Microsystems, Inc. Instructions for performing data encryption standard (des) computations using general-purpose registers
US8467416B2 (en) * 2009-07-09 2013-06-18 Nec Laboratories America, Inc. Deterministic rotational coding
US8611540B2 (en) * 2010-06-23 2013-12-17 Damaka, Inc. System and method for secure messaging in a hybrid peer-to-peer network
EP3475825B1 (fr) * 2016-06-23 2023-01-25 Cryptography Research, Inc. Opérations cryptographiques utilisant un codage de partage non linéaire pour la protection contre les attaques de surveillance externe
JP7383985B2 (ja) * 2019-10-30 2023-11-21 富士電機株式会社 情報処理装置、情報処理方法及びプログラム
CN117527325B (zh) * 2023-10-31 2024-08-13 南京国电南自维美德自动化有限公司 一种新能源场站数据的加密与解密方法及系统

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
NL8203737A (nl) * 1982-09-27 1984-04-16 Nederlanden Staat Inrichting voor vercijfering van digitale signalen met een of meer des-schakelingen.
US5008935A (en) * 1989-06-30 1991-04-16 At&T Bell Laboratories Efficient method for encrypting superblocks of data
US5003596A (en) * 1989-08-17 1991-03-26 Cryptech, Inc. Method of cryptographically transforming electronic digital data from one form to another
US5381480A (en) * 1993-09-20 1995-01-10 International Business Machines Corporation System for translating encrypted data
CA2302784A1 (fr) * 1997-09-17 1999-03-25 Frank C. Luyster Procede de chiffrement bloc ameliore
GB9825644D0 (en) * 1998-11-23 1999-01-13 British Telecomm A cipher
TW556111B (en) * 1999-08-31 2003-10-01 Toshiba Corp Extended key generator, encryption/decryption unit, extended key generation method, and storage medium
GB0111521D0 (en) * 2001-05-11 2001-07-04 Amphion Semiconductor Ltd A component for generating data encryption/decryption apparatus
TW527783B (en) * 2001-10-04 2003-04-11 Ind Tech Res Inst Encryption/deciphering device capable of supporting advanced encryption standard
US20030198345A1 (en) * 2002-04-15 2003-10-23 Van Buer Darrel J. Method and apparatus for high speed implementation of data encryption and decryption utilizing, e.g. Rijndael or its subset AES, or other encryption/decryption algorithms having similar key expansion data flow

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2005043803A1 *

Also Published As

Publication number Publication date
WO2005043803A1 (fr) 2005-05-12
DE10345378A1 (de) 2005-05-12
US20060265604A1 (en) 2006-11-23
DE10345378B4 (de) 2010-08-12

Similar Documents

Publication Publication Date Title
DE69429126T2 (de) Hardware-Anordnung zur Verschlüsselung von Bitblocks mit Erneuerung des Schlüssels bei jeder Iteration
DE69728465T2 (de) Nichtparalleler Mehrzyklus-Verschlüsselungsapparat
DE602005002632T2 (de) Schlüsselmaskierung für kryptographische Prozesse mittels einer Kombination von Zufallsmaskenwerten
DE69416684T2 (de) System und anordnung zum blockweisen verschlüsseln/entschlüsseln von daten
DE3650365T2 (de) Einrichtung zur Datenverschleierung.
DE69031736T2 (de) Verschlüsselungsmethode
DE69721439T2 (de) Kryptographisches verfahren und einrichtung zum nichtlinearen zusammenfugen eines datenblocks und eines schlussels
DE19827904C2 (de) Blockchiffrier- oder -dechiffrierverfahren und Blockchiffrier- oder -dechiffriervorrichtung
DE60222052T2 (de) Verschlüsselung gesichert gegen Angriffe durch die Analyse der Leistungsaufnahme (DPA)
DE69931606T2 (de) Datenwandler und aufzeichnungsmedium zur aufnahme eines programms zur datenumwandlung
DE69916160T2 (de) Vorrichtung und Verfahren zur kryptographischen Verarbeitung sowie Aufzeichnungsmedium zum Aufzeichnen eines kryptographischen Verarbeitungsprogramms zur Ausführung einer schnellen kryptographischen Verarbeitung ohne Preisgabe der Sicherheit
EP1668515B8 (fr) Production d'une cle individuelle a chaque mot
DE69831982T2 (de) Kryptographisches vermittlungsverfahren und gerät
EP1298834B1 (fr) Procédé et dispositif de chiffrement et de déchiffrement des données
DE2658065A1 (de) Maschinelles chiffrieren und dechiffrieren
EP0012974B1 (fr) Procédé de chiffrage de blocs de données ayant une longueur prédéterminée
DE102008010789B4 (de) Verfahren zur zugriffs- und kommunikationsbezogenen Zufallsver- und Entschlüsselung von Daten
DE60221850T2 (de) Verfahren und vorrichtung zur datenverschlüsselung
DE102004042826B4 (de) Verfahren und Vorrichtung zur Datenverschlüsselung
DE69729297T2 (de) Verschlüsselungsvorrichtung für binärkodierte nachrichten
DE10345378B4 (de) Verfahren und Vorrichtung zur Ver-/Entschlüsselung
DE60301750T2 (de) Vorrichtung zur Erzeugung eines erweiterten Schlüssels, Verschlüsselungsvorrichtung und Verschlüsselungssystem
EP1668817B1 (fr) Procédé et dispositif de chiffrement et de déchiffrement
DE10324422B4 (de) Verfahren und Vorrichtung zur Abbildung eines abzubildenden Eingangswertes auf einen verschlüsselten abgebildeten Ausgangswert
DE102004018874B4 (de) Verfahren und Vorrichtung zum Bestimmen eines Ergebnisses

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20060320

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): DE FR

DAX Request for extension of the european patent (deleted)
RBV Designated contracting states (corrected)

Designated state(s): DE FR

RIN1 Information on inventor provided before grant (corrected)

Inventor name: GOETTFERT, RAINER

Inventor name: SONNEKALB, STEFFEN

Inventor name: GAMMEL, BERNDT

Inventor name: DIRSCHERL, GERD

RBV Designated contracting states (corrected)

Designated state(s): DE FR

17Q First examination report despatched

Effective date: 20100503

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: INFINEON TECHNOLOGIES AG

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20100914