EP1984813A2 - Dispositif et procede de cryptographie pour generer des nombres pseudo-aleatoires - Google Patents
Dispositif et procede de cryptographie pour generer des nombres pseudo-aleatoiresInfo
- Publication number
- EP1984813A2 EP1984813A2 EP07731553A EP07731553A EP1984813A2 EP 1984813 A2 EP1984813 A2 EP 1984813A2 EP 07731553 A EP07731553 A EP 07731553A EP 07731553 A EP07731553 A EP 07731553A EP 1984813 A2 EP1984813 A2 EP 1984813A2
- Authority
- EP
- European Patent Office
- Prior art keywords
- words
- state
- state block
- cells
- block
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
- G06F7/582—Pseudo-random number generators
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
- H04L9/0656—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
- H04L9/0662—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/122—Hardware reduction or efficient architectures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
Definitions
- the invention relates to the field of cryptography. More specifically, the invention relates to the use of a pseudo-random number generation scheme that can be implemented in devices having a low computing power.
- the technique according to the invention can be applied to the implementation of a pseudo-random number generator (in English "pseudo-random number generato /" or PRNG) of low cost.
- the first approach is to provide "proof of security” based on the relationship between a method to "break” a code and the ability to solve what is commonly considered a difficult problem.
- the second most common approach depends on careful engineering of an electronic circuit comprising several logic gate components to achieve encryption according to the desired level of security.
- the efficiency can be quantified by the speed of calculation or the number of logic gates necessary to produce the electronic circuit.
- AES is notable for its close observation of Shannon's known principles and two important concepts for the implementation of cryptographic algorithms, namely "confusion” and “diffusion".
- confusion corresponds to the idea of "doing difficult operations”
- diiffusion corresponds to the idea of "propagating change or transformation” during a cryptographic calculation.
- the AES algorithm takes as input a block of 16 bytes. Each byte is replaced by another byte according to a substitution box (S-box) from 8-bit to 8-bit. These bytes are then placed in a matrix where each element of the matrix is shifted cyclically to the left of a certain number of columns. Then, a matrix product is performed before adding each byte with a corresponding byte of an iteration key (round ke / in English) obtained by diversification of an encryption key.
- S-box substitution box
- the security of an AES type algorithm depends on an interaction between the S-box and a mixing (or broadcasting) operation of permuting bytes and structurally combining them.
- the interaction between these bytes is implemented accurately to ensure and provide good resistance against differential cryptanalysis or linear cryptanalysis attacks.
- we try to introduce cryptographic features in very limited computing environments such as for example in RFID chips.
- the present invention relates to a cryptographic method for generating pseudo-random numbers comprising the following steps:
- an AES-type algorithm uses an S-box having elements of the same size as the words of an internal state block matching a b-bit input word to another output word of b-bits, and the words are used one by one.
- the replacement of words by substitution according to the box-S made by this kind of algorithm generates a confusion effect but no diffusion effect.
- the substitution operation according to the reference table of the invention does not use the words one by one, but by grouping. Moreover, it will be noted that the use of a reference table or S-box having elements larger than the words of the internal state is completely contrary to the habits of the person skilled in the art.
- the configuration according to the invention ensures both diffusion and confusion while saving computing time for the same level of security. This makes it possible to improve the level of security while reducing the number of logic gates ("equivalent gates" or GE in English) in the production of an electronic circuit implementing this encryption method.
- the technique according to the invention can be easily applied for the implementation of a pseudo-random number generator of low cost and in a very restricted environment such as a cell or RFID chip.
- this technique can be applied to a variety of cryptographic algorithms such as block-based, stream-based, hash, or message authentication codes.
- the iterative generation of said succession of state blocks further comprises a step for mixing the words of said current state block according to a predetermined mixing transformation.
- This mix transformation guarantees a better diffusion or propagation of the bits of a state block thus improving the security of the encryption and the quality of the pseudorandom numbers generated without making the calculation steps too heavy.
- This predetermined mixture transformation may comprise a multiplication in the finite field GF (2 fc ) of a column of said current state block by a predefined matrix in said finite field.
- This matrix multiplication is a linear transformation that is fairly simple to implement.
- the iterative generation of said succession of state blocks further comprises a permutation between words on at least a part of said current state block.
- the iterative generation of said succession of state blocks further comprises a modification of at least a part of a word located in a predetermined cell of the state table.
- the method comprises a combination by adding in the finished body of each word of said initial state block with a corresponding word in an encryption key thus improving the security level.
- a security similar to that of an AES type algorithm can be guaranteed with an optimal number of calculations.
- said initial data are generated by a counter.
- a counter e.g., one can easily generate pseudo-random numbers with a minimal number of operations.
- the invention also relates to a cryptographic device for generating pseudo-random numbers, comprising:
- subdivision means for subdividing initial data into a plurality of b-bit words defined in a finite field GF (2 fc ),
- assignment means for assigning said words to cells of a state table to form an initial state block
- a definition means for defining and memorizing at least one reference table comprising substitution elements at d-bits, where d is a multiple of b strictly greater than b,
- grouping means for grouping the cells of said state table to assign a group of cells to each set of d / b words
- generation means for iteratively generating from said initial state block a succession of state blocks to form an end state block, so that at each iteration each set of d / b words a current state block is replaced by another set of d / b words according to said reference table to form a next state block.
- the invention also relates to a pseudo-random number generator comprising a counter and a plurality of logic gates for implementing the method described briefly above.
- the invention also relates to an RFID device comprising a generator as briefly described above.
- FIG. 1 is a flowchart illustrating the various steps of a cryptographic method according to the invention
- FIG. 2 is an example illustrating the action of a reference table according to the method of FIG. 1;
- FIG. 3 very schematically illustrates a device implementing the method of FIG. 1;
- FIG. 4 is a particular embodiment of the method of FIG. 1;
- FIG. 5 very schematically illustrates a pseudo-random number generator implementing the method of FIG. 4.
- FIG. 1 is a flowchart illustrating the various steps of a cryptographic method for generating pseudo-random numbers from initial data.
- Step E1 comprises the division or subdivision of the message or initial data 1 into a plurality of 3-b-bit words defined in a finite field GF (2 fc ), where b may for example be equal to 2, 4, 8, 16, 32, 64 or 128.
- step E2 these words 3 are assigned to cells 5 of a state table 7 to form an initial state block. It should be noted that only part of these words 3 can be placed in the state table 7.
- step E3 cells 5 from state table 7 are grouped so as to assign a group 11 of cells to each set of d 1 words, where d is a multiple of b, with d> b. Each set of words then corresponds to an element of d-bits.
- step E4 it is iteratively generated from the initial state block 13a, a succession of current state blocks 13b to form a last block or an end state block 13c. To do this, at least one predefined reference or substitution table 9 with substitution elements at d-bits is used. Thus, this reference table 9 makes it possible to replace a d-bit input element with a d-bit output element.
- each set of d / b words of a current state block 13b is replaced by another set of d / b words according to the reference table 9 to form a next state block.
- the last state block 13c represents the pseudo-random number generated.
- FIG. 2 is an example illustrating the action of a reference table 9 on a state table 7 comprising four columns and four lines (4x4).
- an S-box reference table of an AES algorithm can be used.
- the cells 5 of the state table 7 are grouped into groups of two cells.
- the cells 5 comprising the words A 00 and A 01 form a first group 11a
- those comprising the words A 02 and AQ 3 form a second group 11b
- those comprising the words A 11 and A 12 form a third group. lie, etc.
- the reference table 9 substitutes the words two by two.
- the words A 00 and A 01 are replaced by B 00 and B 01 and the words A02 and A03 are replaced by B 0 2 and B 03 .
- another state block 13b is formed comprising the words B 00 ,..., B 33 defined by a function "S" determined by the reference table 9 as follows:
- B 12 S [A 11 I
- B 10 S [A 13
- the words 3 of a current state block 13b can be mixed according to a predetermined mix "MIX" transformation.
- the substitution operation according to the reference table 9 can be followed by a mixture of b-bit words, using for example a technique similar to that used by the AES algorithm.
- this MIX mixture can be produced as follows:
- a simple incrementation counter or any other similar mechanism can be used to reduce any symmetry that can be installed. during successive iterations. For example, this may include a simple modification of at least a portion of a word located in a predetermined cell of the state array 7. For example, it is sufficient to complement a few bits located in a single cell 5 well determined and at a definite moment in the calculation.
- the method according to the invention may comprise an addition combination ("exclusive-or" operation) in the finite field of each word 3 of the initial state block 13a with a corresponding word of a predefined encryption key or with alternating sequences of secret words.
- FIG. 3 very schematically illustrates a device 21 implementing the method according to FIG. 1.
- This device 21 comprises a subdivision means 23, an assignment means 25, a definition means 27, a grouping means 29 and a means of generation 31.
- the subdivision means 23 is adapted to subdivide the initial message or data into a plurality of 3-to-bit words.
- the means of assignment 25 is intended to assign these words 3 to the cells 5 of the state table 7 to form the initial state block 13a.
- the definition means 27 is intended to define and store the reference or replacement table 9 having the substitution elements at ⁇ i -bits withd> b.
- the grouping means 29 is intended to group the cells of the state table to assign a group 11 of cells to each set of d lb words.
- the generation means 31 is intended to generate iteratively from the initial state block 13a, a succession of state blocks 13b to form a final state block 13c representative of a pseudo-random number.
- the initial data 1 used to form the initial state block 13a can be generated by a simple counter.
- FIG. 4 is a flowchart illustrating a particular embodiment of a 64-bit PRNG pseudorandom number generator with ten iterations.
- This generator can be used in an RFID chip with a 128-bit secret key.
- the secret key may for example be represented by a pair of data (So, S 1 ) where So and S 1 a both have a length of 64 bits.
- the 64-bits of the initial data 1 are stored in a state table 7 (4x4) comprising sixteen words Aoo,..., A33 with 4-bits as illustrated in the example of FIG. 2.
- step E13 three iterations of "mixtable” type operations are performed.
- Each “mixtable” iteration includes substitutions according to a function S determined by a reference table 9 carrying out 8-bit permutations (for example an AES-type box) and / or a "MIX" mixture inside. one or more columns, and / or "Exchange” permutations.
- the current state block 13b is then defined according to the reference table 9 as follows:
- Bool lBoi S [A 00 I IA 01 ], B 02
- B 03 S [A 02 I IA 03 ]
- B 12 S [A 11 I
- B 10 S [Ai 3 I
- B 21 S [A 20
- B 23 S [A 22
- B 31 NB 32 S [A 31
- B 33 I IB 30 S [A 33 MA 30 ]
- the value taken by r is added to a word (for example the word A 32 ) in order to reduce any symmetry effect that may occur between the iterations.
- the mixing operation MIX is a mixture within a column using a predetermined 4x4 matrix M in a finite field GF (2 4 ). This operation consists in multiplying each column of the state table (7) by this matrix M.
- the mixing operation MIX can be followed by a permutation of the words on the last two lines of the current state block 13b as follows:
- step E14 the 64-bits of the current state block 13b are combined by exclusive-or-addition with the sixteen (16-bit 4-bit) half-octets in S 1 of the secret key.
- step E15 four more iterations of "mixtable" type operations are performed.
- step E16 the 64-bits of the current state block 13b are combined by exclusive-or-addition with the sixteen (16-bit 4-bit) half-octets in S 0 of the secret key.
- step E17 three iterations of "mixtable" type operations are performed.
- step E18 the 64-bits of the current state block 13b with the sixteen half-octets (4-bits) in S 1 of the secret key are recombined by an exclusive-or-addition.
- the step E19 gives the output value v ⁇ to the i th sequence of iterations in the following way:
- Step E20 is a test to check whether the value q of the counter is equal to (2 16 -1). If so, the chip is destroyed in step E21, if not, q is incremented in step E22 before repeating the above steps.
- FIG. 5 very schematically illustrates a PRNG pseudo-random number generator 41 implementing the method according to FIG. 4.
- This generator 41 comprises a counter 43 and a plurality of logic gates 45.
- This PRNG generator can be easily used in a chip RFID.
- a PRNG 41 in comparison with the AES algorithm, divides the number of states by two and does not include iteration keys obtained by diversification. In addition, the mixing operations inside the columns require very few logic gates.
- an efficient PRNG generator 41 is obtained with a good level of security and a reduced number of doors (GE) compared to the AES algorithm.
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Computational Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Pure & Applied Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0650506A FR2897451A1 (fr) | 2006-02-13 | 2006-02-13 | Dispositif et procede de cryptographie pour generer des nombres pseudo-aletoires |
PCT/FR2007/050725 WO2007093723A2 (fr) | 2006-02-13 | 2007-02-01 | Dispositif et procede de cryptographie pour generer des nombres pseudo-aleatoires |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1984813A2 true EP1984813A2 (fr) | 2008-10-29 |
Family
ID=36997564
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP07731553A Withdrawn EP1984813A2 (fr) | 2006-02-13 | 2007-02-01 | Dispositif et procede de cryptographie pour generer des nombres pseudo-aleatoires |
Country Status (4)
Country | Link |
---|---|
US (1) | US20090022310A1 (fr) |
EP (1) | EP1984813A2 (fr) |
FR (1) | FR2897451A1 (fr) |
WO (1) | WO2007093723A2 (fr) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8607333B2 (en) * | 2008-07-21 | 2013-12-10 | Electronics And Telecommunications Research Institute | Radio frequency identification (RFID) security apparatus having security function and method thereof |
US8363828B2 (en) * | 2009-02-09 | 2013-01-29 | Intel Corporation | Diffusion and cryptographic-related operations |
SG194203A1 (en) * | 2011-05-10 | 2013-11-29 | Univ Nanyang Tech | Devices for computer-based generating of a mixing matrix for cryptographic processing of data, encrypting devices, methods for computer-based generating of a mixing matrix for cryptographic processing of data and encrypting methods |
CN107196760B (zh) * | 2017-04-17 | 2020-04-14 | 徐智能 | 具有可调整性的伴随式随机重构密钥的序列加密方法 |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003507761A (ja) * | 1999-08-18 | 2003-02-25 | シーメンス アクチエンゲゼルシヤフト | 擬似乱数の形成方法および電子署名方法 |
US7092525B2 (en) * | 2000-04-20 | 2006-08-15 | Matchett Noel D | Cryptographic system with enhanced encryption function and cipher key for data encryption standard |
US7421076B2 (en) * | 2003-09-17 | 2008-09-02 | Analog Devices, Inc. | Advanced encryption standard (AES) engine with real time S-box generation |
US7613295B2 (en) * | 2004-02-18 | 2009-11-03 | Harris Corporation | Cryptographic device and associated methods |
JP2006024140A (ja) * | 2004-07-09 | 2006-01-26 | Sony Corp | 乱数生成装置 |
WO2006033013A2 (fr) * | 2004-09-24 | 2006-03-30 | Synaptic Laboratories Limited | Boites de substitution |
-
2006
- 2006-02-13 FR FR0650506A patent/FR2897451A1/fr not_active Withdrawn
-
2007
- 2007-02-01 WO PCT/FR2007/050725 patent/WO2007093723A2/fr active Application Filing
- 2007-02-01 US US12/278,583 patent/US20090022310A1/en not_active Abandoned
- 2007-02-01 EP EP07731553A patent/EP1984813A2/fr not_active Withdrawn
Non-Patent Citations (1)
Title |
---|
K. FINKENZELLER: "RFID Handbook, Second Edition, pages 221-227, 278-284, 292-298", 2003, J. WILEY & SONS, Chichester, UK, ISBN: 978-0-470-84402-1, 348750 * |
Also Published As
Publication number | Publication date |
---|---|
WO2007093723A2 (fr) | 2007-08-23 |
WO2007093723B1 (fr) | 2007-12-21 |
WO2007093723A3 (fr) | 2007-10-25 |
FR2897451A1 (fr) | 2007-08-17 |
US20090022310A1 (en) | 2009-01-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Diab | An efficient chaotic image cryptosystem based on simultaneous permutation and diffusion operations | |
Wang et al. | A color image encryption with heterogeneous bit-permutation and correlated chaos | |
US4275265A (en) | Complete substitution permutation enciphering and deciphering circuit | |
Barakat et al. | Hardware stream cipher with controllable chaos generator for colour image encryption | |
EP3228043B1 (fr) | Méthode de chiffrement à couches de confusion et de diffusion dynamiques | |
Kumar et al. | Intertwining logistic map and Cellular Automata based color image encryption model | |
Hanif et al. | A novel and efficient multiple RGB images cipher based on chaotic system and circular shift operations | |
Yang et al. | Spectral analysis of ZUC-256 | |
WO2007093723A2 (fr) | Dispositif et procede de cryptographie pour generer des nombres pseudo-aleatoires | |
Shah et al. | A novel efficient image encryption algorithm based on affine transformation combine with linear fractional transformation | |
Naim et al. | New chaotic satellite image encryption by using some or all the rounds of the AES algorithm | |
Soleimany | Self‐similarity cryptanalysis of the block cipher ITUbee | |
Chauhan et al. | Enhancing security of aes using key dependent dynamic sbox | |
Lu | Cryptanalysis of block ciphers | |
Sam et al. | Chaos based image encryption scheme based on enhanced logistic map | |
EP0935858B1 (fr) | Procede de decorrelation de donnees | |
EP2936302B1 (fr) | Generateur de sequences chaotiques | |
US7929694B2 (en) | Variable length private key generator and method thereof | |
EP2530867B1 (fr) | Procédé de traitement cryptographique de données | |
Sharma et al. | Classical encryption techniques | |
Chuengsatiansup et al. | Row, Row, Row your boat: How to not find weak keys in pilsung | |
Qassir et al. | Modern and Lightweight Component-based Symmetric Cipher Algorithms | |
Nadjia et al. | Efficient implementation of AES S-box in LUT-6 FPGAs | |
Farajallah | PSEUDO RANDOM NUMBER GENERATOR BASED ON LOOK-UP TABLE AND CHAOTIC MAPS | |
Pandey et al. | An Improved AES Cryptosystem Based Genetic Method on S-Box, With, 256 Key Sizes and 14-Rounds |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20080711 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR |
|
17Q | First examination report despatched |
Effective date: 20090331 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: G06F 7/58 20060101AFI20120607BHEP Ipc: H04L 9/06 20060101ALI20120607BHEP Ipc: H04L 9/22 20060101ALI20120607BHEP |
|
DAX | Request for extension of the european patent (deleted) | ||
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20121220 |