EP4097912A1 - Method and device for encrypting data - Google Patents

Method and device for encrypting data

Info

Publication number
EP4097912A1
EP4097912A1 EP21706636.4A EP21706636A EP4097912A1 EP 4097912 A1 EP4097912 A1 EP 4097912A1 EP 21706636 A EP21706636 A EP 21706636A EP 4097912 A1 EP4097912 A1 EP 4097912A1
Authority
EP
European Patent Office
Prior art keywords
encryption
bit
bit set
arrays
array
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP21706636.4A
Other languages
German (de)
French (fr)
Inventor
Sam WIDLUND
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of EP4097912A1 publication Critical patent/EP4097912A1/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • H04L9/0668Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator producing a non-linear pseudorandom sequence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption

Definitions

  • the invention relates to a method and device which is used to encrypt data with apparatus and/or a software included in a device in order to, for example, send and/or store it securely.
  • Encryption does not prevent the messages from being intercepted, only from being read.
  • the encryption system converts the plaintext of a message or data into ciphertext using an encryption algorithm. After this, the message or data can only be read if the encryption of the ciphertext is decrypt. In principle, it is possible to decrypt the encryption without a key, but this would require significant amounts of computing power if the encryption system was executed well. An authorized recipient can easily decrypt a message with a key provided to them by the sender of the encrypted message.
  • symmetric encryption both the sender and recipient have the same information pertaining to a secret key.
  • the sender and recipient may use the secret key in different forms, but both parties can, if they so wish, derive the key used by the other party from their own key with an effectively computable algorithm.
  • the one-time pad mechanism has been shown to be a theoretically unbreakable encryption method.
  • the one-time pad encryption mechanism has so many issues in terms of practical use that it is rarely used.
  • the problem with other known technical encryption algorithms is that their reliability against cracking attempts cannot be proven mathematically, and the amount of work required to decipher them is unknown.
  • the intention is to produce a novel method and device for the organization of the encryption of data, using apparatus and/or software executed on a device for the storage of data or transmitting via a data link, for example.
  • This embodiment may utilize a mathematical model (system of equations) which has a known solution equation, and the amount of work required for the solution is known.
  • An encryption method is characterized by what is specified in the characterizing section of claim 1.
  • other embodiments are mentioned under claims 2-18.
  • a device according to one aspect is characterized by what is specified in the characterizing section of claim 19.
  • information or data is encrypted with apparatus using a software-based solution, a hardware-based solution, or a combination of the two.
  • the encrypted information is produced from the plaintext content to be encrypted one block of data with a predetermined length at a time using an encryption bit or bit set, such as an encryption byte, produced in a bit or bit set specific manner, for example byte specifically.
  • the block of data processed at a time in the embodiment (such as a plaintext byte, encryption byte, and encrypted byte) may consist of a certain number of bits or bytes.
  • randomly generated data bits or bit sets are included in encryption arrays, and the algorithm proceed systematically in such a manner that a sufficiently long sequence during which the encryption does not repeat itself is produced.
  • the one-time encryption bit or bit set Y n used in the encryption algorithm is produced by calculating random numbers from the set such that the same sequence is repeated so infrequently that the length of the message to be encrypted is shorter than the sequence generated by the algorithm.
  • the bit or bit set Y n that is used to encrypt the plaintext bit or bit set D n is produced using an encryption key, which comprises at least two encryption arrays that include differing numbers of elements such that the highest common factor of the number of elements in any two encryption arrays is 1, and the elements in which include randomly generated data, for example.
  • an encryption key which comprises at least two encryption arrays that include differing numbers of elements such that the highest common factor of the number of elements in any two encryption arrays is 1, and the elements in which include randomly generated data, for example.
  • One of the arrays can however be any length whatsoever.
  • the elements in an encryption array are equal in length with each other, for example one byte in length.
  • the encryption bit or bit set Y n is produced in the solution according to the invention by selecting one predetermined element from each encryption array and by performing an XOR operation between all the selected elements.
  • the encrypted bit or bit set CB n such as a byte, is produced by performing an XOR operation between a bit or bit set to be encrypted D n and the produced encryption bit or bit set Y n , for example between a byte to be encrypted and a produced encryption byte.
  • the next bit or bit set can be encrypted by selecting the next plaintext bit or bit set and producing an encryption bit or bit set based on the next elements in the encryption arrays.
  • the lengths of the encryption arrays are prime numbers that are different from each other.
  • the algorithm does not consist of known equations that could be easily solved and thus make the encryption easy to decipher.
  • the contents and/or sizes and quantity of the key arrays can also be modified during the encryption process. These changes can also be made on the basis of the current values of the key arrays at the time. The changes can be made in any way whatsoever as long as the sender and recipient make identical changes.
  • the element in the encryption array of the encryption key consists of one or more randomly selected bits or one or more randomly selected bytes, where the lengths of the encryption bit or bit set, plaintext bit or bit set, and/or the encrypted bit or bit set are equal to the length of the element in the encryption array.
  • the embodiments can be utilized in digital data transmission networks to organize data encryption where the data transmission network includes at least two devices, the first of which is at least the sender and the second at least a recipient.
  • the sent data is encrypted with an encryption key and the encrypted data is sent to the other device.
  • the encrypted data received by the other device is decrypted using the same encryption key that was used to encrypt the data.
  • An advantage of the embodiment is that it allows for the efficient and secure implementation of encryption, where a solution compliant with the invention enables the secure storage of data or the secure transfer of data and messages through a nontrusted communication channel.
  • One embodiment can also be used to adjust the number and length of the encryption key arrays used as the encryption key for the algorithm as required, in which case the effective execution of the encryption can be adjusted against the computing power required to decipher the encryption.
  • Figure 1 demonstrates the solution according to one embodiment as a functional diagram
  • Figure 2 demonstrates the use of the solution according to one embodiment for the encryption of data during data transfer
  • Figure 3 presents an example of an encryption key according to one embodiment
  • Figure 4 presents an example of an encryption key according to another embodiment
  • Figure 5 presents an example of an encryption key according to one embodiment and of the determination of the encryption elements based on the contents of the encryption arrays;
  • Figure 6 presents an example of changing the values of the encryption key elements during the encryption process according to one embodiment
  • Figures 7A and 7B present the values of simulated encrypted data for a solution according to one embodiment . Detailed description
  • the idea of the method used in one embodiment is that it uses an encryption key that consists of several encryption arrays whose elements contain randomly generated data.
  • the number of encryption arrays is at least 2, in some embodiments at least 3 or 4, for example.
  • the number of encryption arrays can also be at least 5.
  • the sender and recipient have access to the same encryption keys, i.e. the same encryption arrays.
  • Encryption algorithms compliant with the embodiment utilize the features of encryption keys described above.
  • the embodiment allows for efficient and secure implementation of encryption. This makes it possible to store information securely or transmit information and messages securely through a nontrusted communication channel.
  • Figure 1 demonstrates the operation of one embodiment pertaining to the encryption of data as a diagram.
  • Information or data is encrypted with apparatus using a software-based solution, a hardware-based solution, or a combination of the two.
  • the encrypted information is produced one bit or other block of data with a predetermined length at a time from the plaintext content to be encrypted using the encryption bit Y n produced in a byte-specific or bit- or bit- set-specific manner.
  • a byte is used as an example of the length of a predetermined block of data processed at a time, but the length of the data processed in the below embodiments could instead be a certain number of bits or certain number of bytes, for example.
  • the plaintext bit or bit set, encryption bit or bit set, encrypted bit or bit set, and the elements of the encryption arrays are equal in length to each other, i.e. their length is a certain number of bits or bytes.
  • the byte Y n used to encrypt the plaintext byte D n is produced using an encryption key, which comprises at least two encryption arrays that include differing numbers of elements such that the highest common factor of the number of elements in any two arrays is 1 (however, one array may include an arbitrary number of elements), and the elements in which include randomly generated data, for example.
  • the encryption byte Y n is produced by selecting one predetermined element from each encryption array and by performing an XOR operation between all the selected elements.
  • the encrypted byte CB n is produced by performing an XOR operation between the plaintext byte D n to be encrypted and the produced encryption byte Y n .
  • the contents and/or sizes and quantity of the key arrays can also be modified during the encryption process. These changes can also be made on the basis of the current values of the key arrays at the time.
  • next byte can be encrypted by selecting the next plaintext byte producing the next encryption byte based on the encryption array elements determined next.
  • the encryption byte Y n can be produced as follows, for example:
  • ] is the element intended for the byte of the first encryption array in the order of m
  • B[m modIBI] is the element intended for the byte of the second encryption array in the order of m
  • N[m modIN I] is the element intended for the byte of the Nth encryption array in the order of m.
  • m is zero.
  • the value of m is increased by one, and the xor result for arrays A-N is calculated using the new index m, similarly to Y n above.
  • the value of m is increased with the result plus one, and this value is used to calculate the final value of Y n .
  • the value of index m can be different in one or more encryption arrays at the beginning.
  • the index of encryption array A can be m a , the index of encryption array B m b , the index of encryption array C m c , and the index of encryption array N m n .
  • Indices m A, m B, m c and/or m N can also be specified to be equals.
  • the index of each array may increase equally in accordance with the contents of the arrays and/or according to a specific rule.
  • the lengths of the encryption arrays can be prime numbers that are different from each other.
  • the element in the encryption array of the encryption key consists of one or more randomly selected bits or one or more randomly selected bytes, where the lengths of the encryption byte, plaintext byte, and/or the encrypted byte are equal to the length of the element in the encryption array.
  • the method determines an initial point, i.e. an individual initial element for each encryption array, from which the encryption process starts.
  • the initial point can be standard, for example index 0 in each encryption array.
  • the initial point may also be key-specific, for example each encryption array may have a its own randomly selected point that is known to both the sender and the recipient.
  • some other operation that combines two bytes such that the order of the bytes is irrelevant and the result of the operation between two random bytes is also random, for example 'not XOR', can also be used instead of an XOR operation.
  • encrypted information is sent from a transmitting device through a data network or data link to a receiving device.
  • the receiving device will decipher the decryption of the received encrypted information one byte at a time using an encryption key.
  • the receiving device can decipher the received information one byte at a time as follows, for example:
  • - Y n is a byte generated from the encryption key of the algorithm whose order is n
  • the encrypted information is stored onto a data storage medium of a device, such as a mass-memory unit.
  • the encryption of the information can be deciphered in the manner described above.
  • One aspect of the invention also pertains to a device used for encrypting information.
  • the device is arranged for the storage and management of an encryption key, the execution of data encryption, and the deciphering of the encryption using an encryption key.
  • the device is adapted to produce encrypted information one byte at a time from plaintext data to be encrypted using a byte-specifically produced encryption byte Y n , where the byte consists of a certain number of bits or bytes.
  • the arrangement is adapted to produce the byte Y n that is used to encrypt the plaintext byte D n is using an encryption key, which comprises at least two encryption arrays that include differing numbers of elements such that the highest common factor of the number of elements in any two arrays is 1, and the elements in which include randomly generated data, for example.
  • the length of a single encryption array can however be chosen arbitrarily.
  • the length of a single encryption array can be specified to be such that the highest common factor of the number of elements in the encryption array in question and in any other encryption array is higher than 1.
  • the device is adapted to produce the encryption byte Y n by selecting one predetermined element from each encryption array based on the sequence number of the byte to be encrypted n and by performing an XOR operation between all the selected elements.
  • the arrangement is adapted to produce the encrypted byte CB n by performing XOR operations between the plaintext byte D n to be encrypted and the produced encryption byte Y n .
  • the encryption method can be used for the encryption of data communications or the storage of information.
  • Such arrangement could, for example, comprise devices that transfer information to each other, such as devices and/or a server that communicate with each other in a data transmission network.
  • Figure 2 presents an example of one embodiment of the apparatus as a diagram.
  • a device and method in accordance with the invention can be used to arrange data encryption for a digital data transmission network in accordance with a symmetric encryption model.
  • the data transmission network can be a wired or wireless network, such as an IP network, Internet, Intranet, LAN, WLAN, CDMA, TDMA, FDMA, or Bluetooth.
  • the data transmission network includes at least two devices that communicate with each other 201, 202, one of which at least functions as the sender and the other at least as the recipient. Communication between the devices is carried out in the form of data, such as the transmission of messages, files, and/or emails, or, for example, video and/or audio files and/or video and/or audio streams.
  • devices 201, 202 are equipped for the storage and management of the encryption key 203, 204, the execution of the data encryption and/or the deciphering of the encryption with the chosen algorithm and encryption key.
  • the devices can be equipped for the tasks specified above with, for example, software or a similar set of commands executed within the processor environment, that is used to manage encryption keys, distribute encryption keys, and/or the encryption and/or decryption of data.
  • the device can also be equipped for reading, storing, receiving, and/or sending information.
  • the device can consist of any device that stores and/or sends and receives information, such as a computer, smart phone, portable device, server, or a similar device that is equipped with the resources for managing and distributing encryption keys and/or the encryption and/or decryption of data using a solution in accordance with the invention.
  • a database can, for example, be arranged for the encryption keys in the memory of the device with commands executed in the processor environment of the device.
  • the device contains, for example, information intended to be stored and/or sent, which may consist of a message, file, video and/or audio file, and/or video and/or audio stream.
  • information intended to be stored and/or sent which may consist of a message, file, video and/or audio file, and/or video and/or audio stream.
  • the device selects a predetermined initial point in the encryption key stored in its memory and begins to encrypt the message using the encryption key according to a method in accordance with the invention. If the encryption key is stored on the device in an encrypted format, its encryption is deciphered.
  • the encryption of information to be sent can be performed with an encryption algorithm in accordance with the solution of the invention that is executed by the processor equipment of the device. After the encryption, the encrypted information may be stored and/or sent to a recipient through a data network.
  • the recipient device receives the message and selects the predetermined initial point in the encryption key stored in its memory and begins to decipher the information of the encrypted message using an encryption key.
  • each encryption key is only used once, which means that if the device that received the information in the above example wishes to respond to the device that sent the encrypted message, both devices will use a new encryption key when the recipient of the first message sends information to the sender of the first message.
  • Figure 3 presents an example of the encryption key 300, which was produced using three encryption arrays.
  • the arrays differ from each other in length and here the length of each table is a prime number, such as 7, 5, and 3 as used in the example in figure 3.
  • the encryption key 300 used in the example in figure 3 comprises encryption arrays A, B, and C.
  • Encryption array A contains seven elements al...a7
  • encryption array B contains five elements bl...b5
  • encryption array C contains three elements cl...c3.
  • the encryption key is stored onto the device that is used to encrypt information and/or decipher the encryption of information.
  • Each element in the array contains a randomly generated byte. In one embodiment, each element may also contain a predetermined number of randomly generated bits or bytes.
  • Figure 4 presents another example of encryption key 400, which is comprised of a single array where the location of each encryption array A, B, and C in the array is known. This embodiment otherwise corresponds to the example in figure 3, but it may be more efficient in terms of implementation on some devices, because it only requires a single array. In the arrangement, the range of elements in the array where certain encryption arrays (i.e. certain elements in the encryption arrays) are located is predetermined. In the example in figure 4, the elements for encryption array A are located in elements 1-7 of the encryption key array, elements for encryption array B are located in elements 8-12 of the encryption key array, and elements for encryption array C are located in elements 13-15 of the encryption key array.
  • FIG. 5 presents an example of the operation of encryption key 500.
  • the encryption key is comprised from three encryption arrays A, B, and C, which are different in length.
  • the lengths of the arrays are prime numbers, and in this example the lengths are 7, 5, and 11.
  • the number and lengths of the arrays are just examples, and they can be larger or smaller than presented in the example. It has been possible to specify a dedicated initial point for each encryption array A, B, and C, which in this example is an encryption-array-specific index ((m Ai , m Bi , m Ci) where the encryption process is started.
  • An encryption byte is produced by selecting one element from each encryption array according to a predetermined index, and by performing an XOR operation between all the selected elements.
  • the predetermined index can be the initial point (encryption array A index/element 1, encryption array B index/element 2, encryption array C index/element 7), in which case the XOR operation in the example according to figure 5 is A[al] ® B[b2] ® C[c7].
  • the production of the encryption byte can be initiated with a certain rule, for example by selecting elements from points (initial point + 1). As the next encryption byte is produced, we proceed in each encryption array on the basis of the contents of the encryption array according to the new index.
  • new index is determined by increasing the index of previously selected elements (al, b2, cl) based on the number determined using the contents of the previous encryption array elements (al, b2, cl).
  • the result of the XOR operation presented above could be 3, for example, in which case the current index of each encryption array would be increased by 3.
  • mi is the current index of the encryption array
  • m 2 is the new index, which is used as the basis for producing the next encryption byte.
  • the equal advance in each encryption array based on the contents of the elements is presented using highlighted elements and arrows in figure 5.
  • Figure 6 represents encryption key 500 in accordance with figure 5, where the values of encryption array A, B, and C have been changed on the basis of the contents of the encryption arrays.
  • the process has reached location a4, b5, and clO in the elements/indices in accordance with the example presented in figure 5.
  • the value of K could be 1, in which case the value of element a7 in encryption array A would be changed to a7®L based on the contents of the encryption arrays, the value of element b3 in encryption array B to b3®L, and the value of element c2 in encryption array C to c2®L.
  • the encryption process can proceed to the determination of the next encryption byte.
  • the next encryption byte has been determined, we can once again change the values of the elements on the basis of the contents of the encryption array in the manner described above, for example.
  • the values of the elements can also be changed using another method ahead of the encryption, for example according to the contents of the encryption arrays and a specific rule.
  • a predetermined or random number can be added to or subtracted from the index.
  • another operation that combines two bytes such that the order of the bytes is irrelevant and the result of the operation between two random bytes is also random for example 'not XOR', can also be used instead of an XOR operation.
  • the number and/or length of the encryption arrays can also be changed.
  • Figures 7A and 7B present the values of simulated encrypted data for a solution according to one embodiment.
  • the encrypted data only contains zeroes.
  • 10 mb of data has been encrypted, and the figure presents the values of the encrypted data.
  • Figure 5B shows 10 mb of data encrypted again using a partially different key, and the second encryption cycle is compared in figure 7B with previously encrypted data (which is also presented in figure 7A).
  • the simulations allow us to see that the data encrypted using a solution in accordance with the invention is different after each cycle and the encrypted data shows no visually apparent correlation between the different encryption cycles.
  • the encryption key comprises six encryption arrays (A, B, C, D, E, and F).
  • the lengths of the encryption arrays are arranged to be of different sizes such that the highest common factor of the lengths of any two tables is 1. This can, for example, be realized by ensuring that the length of each encryption array is a different prime number.
  • the lengths of the encryption arrays can range from a few hundred bytes up to kilobytes, for example.
  • the encryption method includes a predetermined initial point, which means that each encryption array of the encryption key has a dedicated index where the encryption process begins.
  • the initial point can be standard, for example index 0 in each encryption array, or it can be key-specific, for example a randomly selected point for each encryption array that is known to both the sender and the recipient.
  • the initial point (for example, encryption array A, index/element 1, B index/element 22, C index/element 213, etc.) is used to calculate the value of a single byte in a predetermined manner, which is dependent on each element value according to the indices of the initial points of encryption arrays A-F.
  • an XOR operation is performed between the elements of selected encryption arrays, for example A[al] ® B[bl] ® C[cl] ® D[dl] ® E[el] ® F[f1], where al, bl, cl, dl, el, and fl are the values of the initial points of the encryption arrays in question.
  • a predetermined operation is performed between the result of the XOR operation performed between the specified encryption array elements and the encrypted data byte.
  • the determined result is an encrypted byte that can be sent through a nontrusted communication channel or stored in an encrypted form.
  • the index of each encryption array can be increased by 1, for example, and if the index exceeds the upper bound of the encryption array, we can continue from the beginning of said encryption array.
  • the index can also be increased on the basis of the contents of the encryption arrays. Because the encryption arrays are different in length and the length have no common factors, we can thus move forward by a number equal to the product of the lengths of the encryption arrays during the encryption of the next byte without using the same combination of indices in the arrays of the encryption arrays.
  • the method describe above produces a sequence whose length is the product of the lengths of the arrays.
  • the length of the sequence is at least the product of the lengths of the arrays divided by 256.
  • a new encryption byte can be used to encrypt each byte to be encrypted.
  • the algorithm in accordance with the invention can be used to encrypt a message whose maximum length is the length of the sequence.
  • CB encrypted byte
  • Y is a byte generated by the algorithm
  • D is a plaintext data byte that is to be encrypted.
  • the examples use an XOR operation (bitwise exclusive or), but it is also possible to use a similar integration instead of XOR, which can be used to decipher the encryption in reverse order, and which will retain the even distribution of random numbers.
  • the algorithm works by encrypting data one byte or predetermined byte set at a time.
  • the encrypted byte whose order is n can thus be produced as follows:
  • Y n is a one-time random key
  • the encryption is a one-time pad mechanism, which has been proven to be impossible to crack.
  • Y n is produced by calculating random numbers from the set such that the same sequence is repeated so infrequently that the length of the message to be encrypted is shorter than the sequence generated by the algorithm.
  • the decryption of an encrypted message can, for example, be performed as follows when the encryption byte Y n is generated using an encryption key in the same manner as at the sending/encrypting end:
  • the algorithm for Y can be produced in the following manner, where
  • refers to the length of array x and the values in the encryption array element consist of random bytes, such as values 0-255 or signed numbers -127...128, and where index n refers to the number of the byte being encrypted: Y n fy(n, A, B, C, D, E, F)
  • function fy is dependent on the number n and all encryption arrays.
  • the value of the function must use different combinations of the values in the arrays such that a large number of independent results are produced.
  • the function can take the following form, for example:
  • Y n fy(m, A, B, C, D, E, F)
  • the order of the XOR operations is not significant.
  • the mod operation used in the above examples is the remainder, and the indices of the encryption arrays start from zero.
  • the next key to be used can be agreed upon at the start of the session. In one embodiment, it can also be agreed that only a part of the key is changed each time.
  • the sequence of the algorithm i.e. the length after which it produces repeating values for the encryption byte Y n is dependent on the number of the used arrays and their lengths, as well as the manner with which the m index is increased. If someone wishes to crack the algorithm by trying different options as the array values, the required number of tries depends on the total length of the encryption arrays (how many randomly generated numbers the encryption key contains).
  • the encryption method can also be used with quite limited arrays, in which case it is already hard to crack by trying different values, but the sequence is short. A longer sequence can be arranged in other ways, for example by performing an XOR operation between an encryption byte generated using an algorithm in accordance with the invention and a byte produced by a pseudo random number generator (that produces a long sequence).
  • One embodiment can also be used with public-key cryptosystems, which are based on two parties agreeing upon a secret key in advance using a public-key method, with the agreed upon secret key then being used to encrypt the actual traffic. If a solution in accordance with the invention is to be used in a public-key cryptosystem, an algorithm in accordance with the invention can be used to encrypt the actual traffic. A public-key method is used to agree upon the encryption keys to be used in accordance with the solution of the invention. The actual traffic will then be surely encrypted. Both the agreeing upon a key and the encryption of the actual traffic are weaknesses of current systems, and the solution of the invention allows for one of these weaknesses to be remedied.
  • a symmetric encryption method can freely be used in intranet- type situations without a public key, provided that all users are known in advance and use devices that are under the operator's control, such as in VPN networks. It is clear to a professional that the different embodiments of the invention are also not limited exclusively to the examples presented above and can thus vary within the framework of the claims presented below. Characteristic features possibly presented with other characteristic features in the description can also be used as separate from each other where necessary.

Abstract

Method and device for the encryption of data using apparatus, where encrypted information is produced from the plaintext content to be encrypted one block of data with a predetermined length at a time using an encryption bit or bit set (Yn) produced in a bit- or bit-set-specific manner. The bit or bit set (Yn) used to encrypt the plaintext bit or bit set (Dn) is produced using an encryption key (203, 204, 300, 400) that comprises at least two encryption arrays (A, B, C), each containing a different number of elements (a1...a7, b1...b5, c1...c3), which include randomly generated data. The plaintext bit or bit set (Dn), the encryption bit or bit set (Yn), and the elements of the encryption array (a1...a7, b1...b5, c1...c3) are equal in length with each other, for example one byte in length. The encryption bit or bit set (Yn) is produced by selecting one predetermined element from each encryption array (A, B, C) and by performing an XOR operation between all the selected elements. In the method an encrypted bit or bit set (CBn) is produced by performing XOR operations between the bit or bit set to be encrypted (Dn) and the produced encryption bit or bit set (Yn). The process proceeds through the encryption arrays on the basis of the contents of the encryption arrays.

Description

METHOD AND DEVICE FOR ENCRYPTING DATA
Field of invention
The invention relates to a method and device which is used to encrypt data with apparatus and/or a software included in a device in order to, for example, send and/or store it securely.
Background
Various encryption systems are known that are used to encode messages or data such that only authorized parties can read them. Encryption does not prevent the messages from being intercepted, only from being read. The encryption system converts the plaintext of a message or data into ciphertext using an encryption algorithm. After this, the message or data can only be read if the encryption of the ciphertext is decrypt. In principle, it is possible to decrypt the encryption without a key, but this would require significant amounts of computing power if the encryption system was executed well. An authorized recipient can easily decrypt a message with a key provided to them by the sender of the encrypted message.
One example of known technical encryption solutions is the symmetric encryption method. In symmetric encryption, both the sender and recipient have the same information pertaining to a secret key. The sender and recipient may use the secret key in different forms, but both parties can, if they so wish, derive the key used by the other party from their own key with an effectively computable algorithm.
The encryption methods used widely today are based on the fact that deciphering them through other than brute force methods would require solving a specific mathematical problem. Thus, the trust in encryption with current methods is based on the belief that no one has discovered how to solve the mathematical problem require to decipher the encryption algorithm in a sensible and efficient manner, i.e. such that it can be solved sufficiently quickly in practice.
Of the known technical encryption solutions, the one-time pad mechanism has been shown to be a theoretically unbreakable encryption method. However, the one-time pad encryption mechanism has so many issues in terms of practical use that it is rarely used. The problem with other known technical encryption algorithms is that their reliability against cracking attempts cannot be proven mathematically, and the amount of work required to decipher them is unknown.
Publications WO 2018100256 Al, EP 1566009 Al, and WO 2019040909 raise solutions in line with the level of technology, which assist in understanding the background.
Summary of the invention
The intention is to produce a novel method and device for the organization of the encryption of data, using apparatus and/or software executed on a device for the storage of data or transmitting via a data link, for example. This embodiment may utilize a mathematical model (system of equations) which has a known solution equation, and the amount of work required for the solution is known.
An encryption method according to one aspect is characterized by what is specified in the characterizing section of claim 1. In addition, other embodiments are mentioned under claims 2-18. A device according to one aspect is characterized by what is specified in the characterizing section of claim 19.
In one embodiment, information or data is encrypted with apparatus using a software-based solution, a hardware-based solution, or a combination of the two. In the embodiment, the encrypted information is produced from the plaintext content to be encrypted one block of data with a predetermined length at a time using an encryption bit or bit set, such as an encryption byte, produced in a bit or bit set specific manner, for example byte specifically. The block of data processed at a time in the embodiment (such as a plaintext byte, encryption byte, and encrypted byte) may consist of a certain number of bits or bytes.
In one embodiment, randomly generated data bits or bit sets are included in encryption arrays, and the algorithm proceed systematically in such a manner that a sufficiently long sequence during which the encryption does not repeat itself is produced. In one embodiment, the one-time encryption bit or bit set Yn used in the encryption algorithm is produced by calculating random numbers from the set such that the same sequence is repeated so infrequently that the length of the message to be encrypted is shorter than the sequence generated by the algorithm.
In one embodiment, the bit or bit set Yn that is used to encrypt the plaintext bit or bit set Dn is produced using an encryption key, which comprises at least two encryption arrays that include differing numbers of elements such that the highest common factor of the number of elements in any two encryption arrays is 1, and the elements in which include randomly generated data, for example. One of the arrays can however be any length whatsoever. The elements in an encryption array are equal in length with each other, for example one byte in length.
The encryption bit or bit set Yn is produced in the solution according to the invention by selecting one predetermined element from each encryption array and by performing an XOR operation between all the selected elements. In the method, the encrypted bit or bit set CBn, such as a byte, is produced by performing an XOR operation between a bit or bit set to be encrypted Dn and the produced encryption bit or bit set Yn, for example between a byte to be encrypted and a produced encryption byte.
In one embodiment, after one bit or bit set, such as a byte, has been encrypted, the next bit or bit set can be encrypted by selecting the next plaintext bit or bit set and producing an encryption bit or bit set based on the next elements in the encryption arrays. In one embodiment, the lengths of the encryption arrays are prime numbers that are different from each other.
Because the encryption elements are not selected from the encryption arrays in such a manner that would allow their indices to be easily derived based on, for example, the encryption sequence number n, the algorithm does not consist of known equations that could be easily solved and thus make the encryption easy to decipher. In one embodiment, we proceed such that the next encryption elements are selected on the basis of the values contained by the actual encryption arrays. In this case, we do not know which elements are used and the equation groups cannot be solved.
In one embodiment, the contents and/or sizes and quantity of the key arrays can also be modified during the encryption process. These changes can also be made on the basis of the current values of the key arrays at the time. The changes can be made in any way whatsoever as long as the sender and recipient make identical changes.
In one embodiment, the element in the encryption array of the encryption key consists of one or more randomly selected bits or one or more randomly selected bytes, where the lengths of the encryption bit or bit set, plaintext bit or bit set, and/or the encrypted bit or bit set are equal to the length of the element in the encryption array. The embodiments can be utilized in digital data transmission networks to organize data encryption where the data transmission network includes at least two devices, the first of which is at least the sender and the second at least a recipient. The sent data is encrypted with an encryption key and the encrypted data is sent to the other device. Correspondingly, the encrypted data received by the other device is decrypted using the same encryption key that was used to encrypt the data.
Other applications for the embodiment in addition to communications include mass storage where large amounts of sensitive data are processed. In this case, the information intended for storage is encrypted with an encryption key before the information is stored on a mass-memory unit, for example .
An advantage of the embodiment is that it allows for the efficient and secure implementation of encryption, where a solution compliant with the invention enables the secure storage of data or the secure transfer of data and messages through a nontrusted communication channel. One embodiment can also be used to adjust the number and length of the encryption key arrays used as the encryption key for the algorithm as required, in which case the effective execution of the encryption can be adjusted against the computing power required to decipher the encryption. Brief description of drawings
Below, the invention is described in more detail using examples that refer to figures 1-5, where: Figure 1 demonstrates the solution according to one embodiment as a functional diagram; Figure 2 demonstrates the use of the solution according to one embodiment for the encryption of data during data transfer;
Figure 3 presents an example of an encryption key according to one embodiment;
Figure 4 presents an example of an encryption key according to another embodiment;
Figure 5 presents an example of an encryption key according to one embodiment and of the determination of the encryption elements based on the contents of the encryption arrays;
Figure 6 presents an example of changing the values of the encryption key elements during the encryption process according to one embodiment;
Figures 7A and 7B present the values of simulated encrypted data for a solution according to one embodiment . Detailed description
The idea of the method used in one embodiment is that it uses an encryption key that consists of several encryption arrays whose elements contain randomly generated data. The number of encryption arrays is at least 2, in some embodiments at least 3 or 4, for example. The number of encryption arrays can also be at least 5. The sender and recipient have access to the same encryption keys, i.e. the same encryption arrays. Encryption algorithms compliant with the embodiment utilize the features of encryption keys described above. The embodiment allows for efficient and secure implementation of encryption. This makes it possible to store information securely or transmit information and messages securely through a nontrusted communication channel.
Figure 1 demonstrates the operation of one embodiment pertaining to the encryption of data as a diagram. Information or data is encrypted with apparatus using a software-based solution, a hardware-based solution, or a combination of the two. The encrypted information is produced one bit or other block of data with a predetermined length at a time from the plaintext content to be encrypted using the encryption bit Yn produced in a byte-specific or bit- or bit- set-specific manner. In the embodiments described below, a byte is used as an example of the length of a predetermined block of data processed at a time, but the length of the data processed in the below embodiments could instead be a certain number of bits or certain number of bytes, for example. The plaintext bit or bit set, encryption bit or bit set, encrypted bit or bit set, and the elements of the encryption arrays are equal in length to each other, i.e. their length is a certain number of bits or bytes.
The byte Yn used to encrypt the plaintext byte Dn is produced using an encryption key, which comprises at least two encryption arrays that include differing numbers of elements such that the highest common factor of the number of elements in any two arrays is 1 (however, one array may include an arbitrary number of elements), and the elements in which include randomly generated data, for example. The encryption byte Yn is produced by selecting one predetermined element from each encryption array and by performing an XOR operation between all the selected elements. In the method, the encrypted byte CBn is produced by performing an XOR operation between the plaintext byte Dn to be encrypted and the produced encryption byte Yn.
In the embodiment, the contents and/or sizes and quantity of the key arrays can also be modified during the encryption process. These changes can also be made on the basis of the current values of the key arrays at the time.
After one byte has been encrypted, the next byte can be encrypted by selecting the next plaintext byte producing the next encryption byte based on the encryption array elements determined next.
The encryption byte Yn can be produced as follows, for example:
Yn= A[m mod|A|] ® B[m mod|B |] ® ... ® N[m mod|N |]], where
A[m mod|A|] is the element intended for the byte of the first encryption array in the order of m,
B[m modIBI] is the element intended for the byte of the second encryption array in the order of m, and
N[m modIN I] is the element intended for the byte of the Nth encryption array in the order of m.
Where m is established as follows:
At the beginning of the encryption process m is zero. As the encryption byte is being produced, the value of m is increased by one, and the xor result for arrays A-N is calculated using the new index m, similarly to Yn above. The value of m is increased with the result plus one, and this value is used to calculate the final value of Yn. In one embodiment, the value of index m can be different in one or more encryption arrays at the beginning. When the encryption byte is being produced, the index of encryption array A can be ma, the index of encryption array B mb, the index of encryption array C mc, and the index of encryption array N mn. Indices mA, mB, mc and/or mN can also be specified to be equals. When the encryption byte is produced, the index of each array may increase equally in accordance with the contents of the arrays and/or according to a specific rule. To improve the encryption, we can also change the values in the encryption arrays. The values can be changed as follows, for example: When the value of m has been increased and the final value of Yn has been calculated using the new value of m, we once again increase the value of m by one. The XOR result of the elements is calculated using the value m and the result is indicated by the symbol K. Once again, the value of m is increased by one. We calculate the xor result using the value m and indicate the result with the symbol L. Next, we select from each array A-N the elements whose index is (current m plus K calculated above) the length of the mod array and update the value of these elements to their current value at the time XOR L calculated above.
In the algorithm we can either increase the value of m based on the contents of the encryption arrays, or change the values in the encryption arrays, or both.
The order of the XOR operations is not significant. The mod operation used in the above example is remainder.
The lengths of the encryption arrays can be prime numbers that are different from each other.
In one embodiment, the element in the encryption array of the encryption key consists of one or more randomly selected bits or one or more randomly selected bytes, where the lengths of the encryption byte, plaintext byte, and/or the encrypted byte are equal to the length of the element in the encryption array.
In one embodiment, the method determines an initial point, i.e. an individual initial element for each encryption array, from which the encryption process starts. The initial point can be standard, for example index 0 in each encryption array. The initial point may also be key-specific, for example each encryption array may have a its own randomly selected point that is known to both the sender and the recipient.
In one embodiment, some other operation that combines two bytes such that the order of the bytes is irrelevant and the result of the operation between two random bytes is also random, for example 'not XOR', can also be used instead of an XOR operation.
In one embodiment, encrypted information is sent from a transmitting device through a data network or data link to a receiving device. The receiving device will decipher the decryption of the received encrypted information one byte at a time using an encryption key. The receiving device can decipher the received information one byte at a time as follows, for example:
Dn = Yn Q CBn, where
- CB (crypted byte) is an encrypted byte whose order is n,
- Yn is a byte generated from the encryption key of the algorithm whose order is n,
- Dn is the received plaintext byte whose order is n.
In one embodiment, the encrypted information is stored onto a data storage medium of a device, such as a mass-memory unit. In this embodiment, the encryption of the information can be deciphered in the manner described above.
One aspect of the invention also pertains to a device used for encrypting information. The device is arranged for the storage and management of an encryption key, the execution of data encryption, and the deciphering of the encryption using an encryption key. The device is adapted to produce encrypted information one byte at a time from plaintext data to be encrypted using a byte-specifically produced encryption byte Yn, where the byte consists of a certain number of bits or bytes. The arrangement is adapted to produce the byte Yn that is used to encrypt the plaintext byte Dn is using an encryption key, which comprises at least two encryption arrays that include differing numbers of elements such that the highest common factor of the number of elements in any two arrays is 1, and the elements in which include randomly generated data, for example. In one embodiment, the length of a single encryption array can however be chosen arbitrarily. For example, the length of a single encryption array can be specified to be such that the highest common factor of the number of elements in the encryption array in question and in any other encryption array is higher than 1. The device is adapted to produce the encryption byte Yn by selecting one predetermined element from each encryption array based on the sequence number of the byte to be encrypted n and by performing an XOR operation between all the selected elements. The arrangement is adapted to produce the encrypted byte CBn by performing XOR operations between the plaintext byte Dn to be encrypted and the produced encryption byte Yn.
In one embodiment, the encryption method can be used for the encryption of data communications or the storage of information. Such arrangement could, for example, comprise devices that transfer information to each other, such as devices and/or a server that communicate with each other in a data transmission network.
Figure 2 presents an example of one embodiment of the apparatus as a diagram. A device and method in accordance with the invention can be used to arrange data encryption for a digital data transmission network in accordance with a symmetric encryption model. The data transmission network can be a wired or wireless network, such as an IP network, Internet, Intranet, LAN, WLAN, CDMA, TDMA, FDMA, or Bluetooth.
The data transmission network includes at least two devices that communicate with each other 201, 202, one of which at least functions as the sender and the other at least as the recipient. Communication between the devices is carried out in the form of data, such as the transmission of messages, files, and/or emails, or, for example, video and/or audio files and/or video and/or audio streams.
In one embodiment, devices 201, 202 are equipped for the storage and management of the encryption key 203, 204, the execution of the data encryption and/or the deciphering of the encryption with the chosen algorithm and encryption key. The devices can be equipped for the tasks specified above with, for example, software or a similar set of commands executed within the processor environment, that is used to manage encryption keys, distribute encryption keys, and/or the encryption and/or decryption of data. The device can also be equipped for reading, storing, receiving, and/or sending information.
The device can consist of any device that stores and/or sends and receives information, such as a computer, smart phone, portable device, server, or a similar device that is equipped with the resources for managing and distributing encryption keys and/or the encryption and/or decryption of data using a solution in accordance with the invention. A database can, for example, be arranged for the encryption keys in the memory of the device with commands executed in the processor environment of the device.
The device contains, for example, information intended to be stored and/or sent, which may consist of a message, file, video and/or audio file, and/or video and/or audio stream. When the information has been produced and/or it is to be encrypted, the device selects a predetermined initial point in the encryption key stored in its memory and begins to encrypt the message using the encryption key according to a method in accordance with the invention. If the encryption key is stored on the device in an encrypted format, its encryption is deciphered. The encryption of information to be sent can be performed with an encryption algorithm in accordance with the solution of the invention that is executed by the processor equipment of the device. After the encryption, the encrypted information may be stored and/or sent to a recipient through a data network.
If encrypted information is sent through a data network, the recipient device receives the message and selects the predetermined initial point in the encryption key stored in its memory and begins to decipher the information of the encrypted message using an encryption key.
In one embodiment, each encryption key is only used once, which means that if the device that received the information in the above example wishes to respond to the device that sent the encrypted message, both devices will use a new encryption key when the recipient of the first message sends information to the sender of the first message.
Figure 3 presents an example of the encryption key 300, which was produced using three encryption arrays. According to one embodiment, the arrays differ from each other in length and here the length of each table is a prime number, such as 7, 5, and 3 as used in the example in figure 3. In order to allow for reliable encryption, it would be advantageous if the lengths and/or number of the arrays was higher, but the example in figure 3 demonstrates the basic idea of the structure of the encryption key and its encryption array. Therefore, the encryption key 300 used in the example in figure 3 comprises encryption arrays A, B, and C. Encryption array A contains seven elements al...a7, encryption array B contains five elements bl...b5, and encryption array C contains three elements cl...c3. The encryption key is stored onto the device that is used to encrypt information and/or decipher the encryption of information. Each element in the array contains a randomly generated byte. In one embodiment, each element may also contain a predetermined number of randomly generated bits or bytes. Figure 4 presents another example of encryption key 400, which is comprised of a single array where the location of each encryption array A, B, and C in the array is known. This embodiment otherwise corresponds to the example in figure 3, but it may be more efficient in terms of implementation on some devices, because it only requires a single array. In the arrangement, the range of elements in the array where certain encryption arrays (i.e. certain elements in the encryption arrays) are located is predetermined. In the example in figure 4, the elements for encryption array A are located in elements 1-7 of the encryption key array, elements for encryption array B are located in elements 8-12 of the encryption key array, and elements for encryption array C are located in elements 13-15 of the encryption key array.
Instead of encrypting a single byte, we can therefore also encrypt a specific number of bits or bytes, for example four bytes at a time. In this case the values of the encryption array elements must be equivalent in length, i.e. four bytes each in the above example.
Figure 5 presents an example of the operation of encryption key 500. The encryption key is comprised from three encryption arrays A, B, and C, which are different in length. In figure 5, the lengths of the arrays are prime numbers, and in this example the lengths are 7, 5, and 11. The number and lengths of the arrays are just examples, and they can be larger or smaller than presented in the example. It has been possible to specify a dedicated initial point for each encryption array A, B, and C, which in this example is an encryption-array-specific index ((mAi, mBi, mCi) where the encryption process is started. An encryption byte is produced by selecting one element from each encryption array according to a predetermined index, and by performing an XOR operation between all the selected elements. The predetermined index can be the initial point (encryption array A index/element 1, encryption array B index/element 2, encryption array C index/element 7), in which case the XOR operation in the example according to figure 5 is A[al] ® B[b2] ® C[c7]. In one embodiment, the production of the encryption byte can be initiated with a certain rule, for example by selecting elements from points (initial point + 1). As the next encryption byte is produced, we proceed in each encryption array on the basis of the contents of the encryption array according to the new index. In one embodiment, new index is determined by increasing the index of previously selected elements (al, b2, cl) based on the number determined using the contents of the previous encryption array elements (al, b2, cl). The result of the XOR operation presented above could be 3, for example, in which case the current index of each encryption array would be increased by 3. This produces new indices for encryption array A, index/element 4, for encryption array B, index/element 5, and for encryption array C, index/element 10. The new index can be determined by calculating mi+[A[al] © B[b2] © C[c7]]=m , where mi is the current index of the encryption array and m2 is the new index, which is used as the basis for producing the next encryption byte. We can proceed correspondingly through the encryption arrays when producing the next encryption bytes, which means that the indices of the elements in each encryption array are increased by an equal number during each cycle. The equal advance in each encryption array based on the contents of the elements is presented using highlighted elements and arrows in figure 5.
Figure 6 represents encryption key 500 in accordance with figure 5, where the values of encryption array A, B, and C have been changed on the basis of the contents of the encryption arrays. In the encryption arrays, the process has reached location a4, b5, and clO in the elements/indices in accordance with the example presented in figure 5. Calculate the XOR result for the currently selected elements (A[a4] ©
B[b5] © C[cl0]) and indicate the result with the symbol K.
Increase the index of each encryption array by 2, for example, (m2+2), and calculate the XOR result using the value of m, in which case XOR may be A[a6] © B[b2] © C[cl]. After the final element of the encryption arrays, calculation can continue from the first element of the encryption array. Indicate the produced XOR result with the symbol L. Next, we can select the elements whose index is (ni2+2+K) and update the value of those elements to be their current value XOR L. For example, the value of K could be 1, in which case the value of element a7 in encryption array A would be changed to a7®L based on the contents of the encryption arrays, the value of element b3 in encryption array B to b3®L, and the value of element c2 in encryption array C to c2®L. After the values of elements a7, b5, and clO have been changed, the encryption process can proceed to the determination of the next encryption byte. After the next encryption byte has been determined, we can once again change the values of the elements on the basis of the contents of the encryption array in the manner described above, for example. The values of the elements can also be changed using another method ahead of the encryption, for example according to the contents of the encryption arrays and a specific rule. When selecting the elements, a predetermined or random number can be added to or subtracted from the index. Additionally, another operation that combines two bytes such that the order of the bytes is irrelevant and the result of the operation between two random bytes is also random, for example 'not XOR', can also be used instead of an XOR operation. In addition to changing the values of the elements, the number and/or length of the encryption arrays can also be changed.
Figures 7A and 7B present the values of simulated encrypted data for a solution according to one embodiment. In this example, the encrypted data only contains zeroes. In the example in figure 7A, 10 mb of data has been encrypted, and the figure presents the values of the encrypted data. Figure 5B shows 10 mb of data encrypted again using a partially different key, and the second encryption cycle is compared in figure 7B with previously encrypted data (which is also presented in figure 7A). The simulations allow us to see that the data encrypted using a solution in accordance with the invention is different after each cycle and the encrypted data shows no visually apparent correlation between the different encryption cycles.
Included below is an example of one embodiment, where the encryption key comprises six encryption arrays (A, B, C, D, E, and F). In the invention's solution, the lengths of the encryption arrays are arranged to be of different sizes such that the highest common factor of the lengths of any two tables is 1. This can, for example, be realized by ensuring that the length of each encryption array is a different prime number. The lengths of the encryption arrays can range from a few hundred bytes up to kilobytes, for example.
The encryption method includes a predetermined initial point, which means that each encryption array of the encryption key has a dedicated index where the encryption process begins. The initial point can be standard, for example index 0 in each encryption array, or it can be key-specific, for example a randomly selected point for each encryption array that is known to both the sender and the recipient.
The initial point (for example, encryption array A, index/element 1, B index/element 22, C index/element 213, etc.) is used to calculate the value of a single byte in a predetermined manner, which is dependent on each element value according to the indices of the initial points of encryption arrays A-F. In one embodiment of the invention, an XOR operation is performed between the elements of selected encryption arrays, for example A[al] ® B[bl] ® C[cl] ® D[dl] ® E[el] ® F[f1], where al, bl, cl, dl, el, and fl are the values of the initial points of the encryption arrays in question.
Next, a predetermined operation is performed between the result of the XOR operation performed between the specified encryption array elements and the encrypted data byte. This could, for example, take the form of an XOR operation, and thus an XOR operation can be performed between, for example, the result of the XOR operation performed between the elements of the encryption arrays and the data byte to be encrypted. This can be executed as follows, for example: 'result of the XOR operation performed between encryption array elements' ® 'data byte to be encrypted'. The determined result is an encrypted byte that can be sent through a nontrusted communication channel or stored in an encrypted form.
When encrypting the next byte of the data to be encrypted, we proceed from the initial point to the next point. The index of each encryption array can be increased by 1, for example, and if the index exceeds the upper bound of the encryption array, we can continue from the beginning of said encryption array. The index can also be increased on the basis of the contents of the encryption arrays. Because the encryption arrays are different in length and the length have no common factors, we can thus move forward by a number equal to the product of the lengths of the encryption arrays during the encryption of the next byte without using the same combination of indices in the arrays of the encryption arrays. The method describe above produces a sequence whose length is the product of the lengths of the arrays. If, during the production of each encryption byte, the value of m is increased by a maximum of 256, the length of the sequence is at least the product of the lengths of the arrays divided by 256. During the sequence, a new encryption byte can be used to encrypt each byte to be encrypted. Thus, the algorithm in accordance with the invention can be used to encrypt a message whose maximum length is the length of the sequence.
One example is illustrated below using non-exhaus tive formulas, where CB (crypted byte) is an encrypted byte, Y is a byte generated by the algorithm, and D is a plaintext data byte that is to be encrypted. The examples use an XOR operation (bitwise exclusive or), but it is also possible to use a similar integration instead of XOR, which can be used to decipher the encryption in reverse order, and which will retain the even distribution of random numbers. The algorithm works by encrypting data one byte or predetermined byte set at a time.
The encrypted byte whose order is n can thus be produced as follows:
CBn = Yn 0 Dn
If Yn is a one-time random key, the encryption is a one-time pad mechanism, which has been proven to be impossible to crack. In this encryption algorithm, Yn is produced by calculating random numbers from the set such that the same sequence is repeated so infrequently that the length of the message to be encrypted is shorter than the sequence generated by the algorithm.
The decryption of an encrypted message can, for example, be performed as follows when the encryption byte Yn is generated using an encryption key in the same manner as at the sending/encrypting end:
Dn = Yn 0 CBn
The algorithm for Y can be produced in the following manner, where |x| refers to the length of array x and the values in the encryption array element consist of random bytes, such as values 0-255 or signed numbers -127...128, and where index n refers to the number of the byte being encrypted: Yn= fy(n, A, B, C, D, E, F)
The value of function fy is dependent on the number n and all encryption arrays. The value of the function must use different combinations of the values in the arrays such that a large number of independent results are produced. The function can take the following form, for example:
Yn = fy(m, A, B, C, D, E, F)
= A[m mod|A|] 0 B[m mod|B|] 0 C[m mod|C|] 0
D[m modIDI] 0 E[m mod|E|] 0 F[m mod|F|]
Where the number m is increased after the process begins each time based on the contents of the encryption arrays.
The order of the XOR operations is not significant. The mod operation used in the above examples is the remainder, and the indices of the encryption arrays start from zero.
Instead of a mod operation, we can also, for example, use the indices of the encryption arrays, which are increased, or pointers that are increased in a predetermined manner.
If the intention is to use to encryption method for several communication transactions that may take place at the same time (such as several sockets), the next key to be used can be agreed upon at the start of the session. In one embodiment, it can also be agreed that only a part of the key is changed each time.
The sequence of the algorithm, i.e. the length after which it produces repeating values for the encryption byte Yn is dependent on the number of the used arrays and their lengths, as well as the manner with which the m index is increased. If someone wishes to crack the algorithm by trying different options as the array values, the required number of tries depends on the total length of the encryption arrays (how many randomly generated numbers the encryption key contains). The encryption method can also be used with quite limited arrays, in which case it is already hard to crack by trying different values, but the sequence is short. A longer sequence can be arranged in other ways, for example by performing an XOR operation between an encryption byte generated using an algorithm in accordance with the invention and a byte produced by a pseudo random number generator (that produces a long sequence).
By changing the number of arrays used and their lengths we can thus freely increase or decrease both the number of combinations required for cracking and the length of the sequence. The more arrays are used, the slower the run-time performance, the longer the arrays, the more memory is required.
Instead of encrypting a single byte, we can also encrypt a specific number of bytes, for example four bytes at a time. In this case the values of the encryption array elements must be equivalent in length, i.e. four bytes each in the above example .
One embodiment can also be used with public-key cryptosystems, which are based on two parties agreeing upon a secret key in advance using a public-key method, with the agreed upon secret key then being used to encrypt the actual traffic. If a solution in accordance with the invention is to be used in a public-key cryptosystem, an algorithm in accordance with the invention can be used to encrypt the actual traffic. A public-key method is used to agree upon the encryption keys to be used in accordance with the solution of the invention. The actual traffic will then be surely encrypted. Both the agreeing upon a key and the encryption of the actual traffic are weaknesses of current systems, and the solution of the invention allows for one of these weaknesses to be remedied.
A symmetric encryption method can freely be used in intranet- type situations without a public key, provided that all users are known in advance and use devices that are under the operator's control, such as in VPN networks. It is clear to a professional that the different embodiments of the invention are also not limited exclusively to the examples presented above and can thus vary within the framework of the claims presented below. Characteristic features possibly presented with other characteristic features in the description can also be used as separate from each other where necessary.

Claims

1. Method for the encryption of data using a device or apparatus, where the encrypted information is produced from the plaintext content to be encrypted one block of data with a predetermined length at a time using an encryption bit or bit set (Yn),
Where the bit or bit set (Yn) used to encrypt the plaintext bit or bit set (Dn) is produced using an encryption key (203, 204, 300, 400) that comprises at least two encryption arrays (A, B, C), each of which includes a different number of elements (al...a7, bl...b5, cl...c3), which include a randomly generated bit or bit set,
Where the plaintext bit or bit set (Dn), the encryption bit or bit set (Yn), and the elements of the encryption array (al...a7, bl...b5, cl...c3) are equal in length with each other, for example one byte in length,
The encryption bit or bit set (Yn) is produced:
By selecting one element from each encryption array (A, B, C) according to a predetermined index and by performing an XOR operation between all the selected elements, where the bit or bit set (CBn) encrypted in the method is produced by performing XOR operations between the plaintext encrypted bit or bit set (Dn) and the produced encryption bit or bit set (Yn), and when producing the next encryption bit or bit set (Yn) the process proceeds in each encryption array according to the new index determined on the basis of the contents of the encryption arrays, characterized in that after the encryption of one bit or bit set, the next bit or bit set is encrypted by selecting the next plaintext bit or bit set (Dn+i) and producing the encryption bit or bit set (Yn+i) on the basis of the next elements in the encryption arrays, the elements having been selected in accordance with the new index, which was determined by increasing the index of the previously selected elements on the basis of a number determined using contents of the previous elements of the encryption arrays, and by performing XOR operations between the plaintext bit or bit set (Dn+i) and the produced encryption bit or bit set (Yn+l).
2. The method in accordance with claim 1, characterized in that as the index exceeds the upper bound of the encryption array, the calculation of the index in continued from the beginning of the encryption array in question.
3. A method in accordance with any preceding claim, characterized in that the next element is an encryption array element determined according to a specific rule and the encryption arrays and/or other content.
4. A method in accordance with any preceding claim, characterized in that the encryption bit or bit set (Yn) is produced as follows:
Yn= A [mA mod |A |] © B [mB mod |B |] © ... © N [mN mod |N |]], where:
A[mA mod|A|] is the element intended for the bit or bit set (m) of the first encryption array,
B [mB mod IB I] is the element intended for the bit or bit set (m) of the second encryption array, and N[i% mod IN I] is the element intended for the bit or bit set (m) of the N:th encryption array.
5. A method in accordance with any preceding claim characterized in that the encryption arrays (A, B, C) are different in length such that the highest common factor of the number of elements in any two encryption arrays is 1.
6. A method in accordance with claim 5 characterized in that the length of one encryption array (A, B, C) can be such that the highest common factor of the number of elements in the encryption array in question and in at least one other encryption array is 1.
7. A method in accordance with any preceding claim characterized in that the lengths of all encryption arrays (A, B, C) prime number that are different from each other.
8. A method in accordance with any preceding claim characterized in that the encryption array element (al...a7, bl...b5, cl...c3) of an encryption key consists of one or more randomly selected bits or bit sets or one or more randomly selected byte, where the lengths of the encryption bit or bit set (Yn), the plaintext bit or bit set (Dn), and/or the encrypted bit or bit set (CBn) correspond to the length of the encryption array element (al...a7, bl...b5, cl...c3).
9. A method in accordance with any preceding claim characterized in that an initial point, i.e. a dedicated starting element from where the encryption process begins is specified for each encryption array in the method.
10. A method in accordance with claim 9 characterized in that the initial point is standard, for example index 0 in each encryption array.
11. A method in accordance with claim 9 characterized in that the initial point is key-specific, for example a dedicated, randomly selected point for each encryption array which is known to the sender and the recipient.
12. A method in accordance with any preceding claim characterized in that during the production of the next encryption bit or bit set (Yn), the contents, lengths, and/or number of encryption arrays are changed simultaneously, either during the production of each encryption bit or bit set or less frequently, in which case the modification of the encryption arrays is controlled using either the contents of the encryption arrays or with a separate system that controls the modification of the encryption arrays.
13. A method in accordance with any preceding claim characterized in that instead of an XOR operation, some other operations that combines two bits or bit sets in such a way that the order of the bits or bit sets is irrelevant and that the result of the operation between two random bits or bit sets is also random.
14. A method in accordance with any preceding claim characterized in that that encrypted information is sent from a sending device (201, 202) through a data network or data link to a receiving device (201, 202).
15. A method in accordance with claim 14 characterized in that the receiving device (201, 202) deciphers the encryption of the received encrypted information one block of data with a predetermined length at a time using an encryption key.
16. A method in accordance with claims 14 and 15 characterized in that the receiving device (201, 202) decrypts the received information one block of data with a predetermined length at a time as follows:
Dn = Yn Q CBn, where
- CB (crypted byte) is an encrypted bit or bit set whose order is n,
- Yn is a bit or bit set generated from the encryption key of the algorithm,
- Dn is the received plaintext bit or bit set whose order is n.
17. A method in accordance with any preceding claim characterized in that encrypted information is stored onto a data storage medium of a device (201, 202), such as a mass- memory unit.
18. A device or apparatus for the encryption of information, where the device (201, 202) is equipped for the storage and management of an encryption key (203, 204, 300, 400), the execution of data encryption, and the deciphering of the encryption with an encryption key, and where the device is adapted to produce the encrypted information from the plaintext content to be encrypted one block of data with a predetermined length at a time using an encryption bit or bit set (Yn), where the device is adapted to produce the bit or bit set (Yn) used to encrypt the plaintext bit or bit set (Dn) is produced using an encryption key (203, 204, 300, 400) that comprises at least two encryption arrays (A, B, C), each containing a different number of elements (al...a7, bl...b5, cl...c3), which include a randomly generated bit or bit set,
Where the plaintext bit or bit set (Dn), the encryption bit or bit set (Yn), and the elements of the encryption array (al...a7, bl...b5, cl...c3) are equal in length with each other, for example one byte in length,
The device is adapted to produce an encryption bit or bit set (Yn) by selecting one element from each encryption array (A, B, C) on the basis of a predetermined index and by performing an XOR operation between all the selected elements,
Where the device is adapted to produce an encrypted bit or bit set (CBn) by performing XOR operations between the bit or bit set to be encrypted (Dn) and the produced encryption bit or bit set (Yn), and when producing the next encryption bit or bit set (Yn) the process proceeds in the encryption arrays according to the index determined on the basis of the contents of the encryption arrays, characterized in that after the encryption of one bit or bit set, the next bit or bit set is encrypted by selecting the next plaintext bit or bit set (Dn+i) and producing the encryption bit or bit set (Yn+i) on the basis of the next elements in the encryption arrays, the elements having been selected in accordance with the new index, which was determined by increasing the index of the previously selected elements on the basis of a number determined using contents of the previous elements of the encryption arrays, and by performing XOR operations between the plaintext bit or bit set (Dn+i) and the produced encryption bit or bit set (Yn+l).
19. A device in accordance with claim 18, characterized in that the device is adapted to execute a method in accordance with any claim 2-18.
EP21706636.4A 2020-01-31 2021-01-27 Method and device for encrypting data Pending EP4097912A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI20205097A FI128939B (en) 2020-01-31 2020-01-31 Method and device for the encryption of data
PCT/FI2021/050052 WO2021152212A1 (en) 2020-01-31 2021-01-27 Method and device for encrypting data

Publications (1)

Publication Number Publication Date
EP4097912A1 true EP4097912A1 (en) 2022-12-07

Family

ID=74668880

Family Applications (1)

Application Number Title Priority Date Filing Date
EP21706636.4A Pending EP4097912A1 (en) 2020-01-31 2021-01-27 Method and device for encrypting data

Country Status (3)

Country Link
EP (1) EP4097912A1 (en)
FI (1) FI128939B (en)
WO (1) WO2021152212A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113810471A (en) * 2021-08-18 2021-12-17 深圳市元征科技股份有限公司 Data transmission method, sending equipment and receiving equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10348704B2 (en) * 2015-07-30 2019-07-09 Helder Silvestre Paiva Figueira Method for a dynamic perpetual encryption cryptosystem

Also Published As

Publication number Publication date
WO2021152212A1 (en) 2021-08-05
FI128939B (en) 2021-03-31
FI20205097A1 (en) 2021-03-31

Similar Documents

Publication Publication Date Title
CN111541677B (en) Safe hybrid encryption method based on narrowband Internet of things
CN1157021C (en) Multi-node encryption and key delivery
Almaiah et al. A new hybrid text encryption approach over mobile ad hoc network
CN111865584B (en) Data crushing safe transmission method and device based on pseudo-random number
CN104488218A (en) Shared secret key generation device, encryption device, decryption device, shared secret key generation method, encryption method, decryption method, and program
US10412063B1 (en) End-to-end double-ratchet encryption with epoch key exchange
CN112580072B (en) Data set intersection method and device
JP2007538454A (en) Multicast key issuance scheme for large and medium scenarios and low user side requirements
Koko et al. Comparison of Various Encryption Algorithms and Techniques for improving secured data Communication
CN107147626B (en) Encrypted file transmission method combining AES algorithm and ElGamal algorithm
EP4097912A1 (en) Method and device for encrypting data
CN116248359A (en) Data transmission system, method and device based on careless transmission protocol
CN112822016B (en) Method for data authorization on block chain and block chain network
EP1456997B1 (en) System and method for symmetrical cryptography
US7155610B2 (en) Cryptocommunication system, transmission apparatus, and reception apparatus
CN114499857A (en) Method for realizing data correctness and consistency in big data quantum encryption and decryption
CN111488618B (en) Block chain-based one-time pad encryption method, device and storage medium
US7231048B2 (en) Key sharing system, public key cryptosystem, signature system, key sharing apparatus, encryption apparatus, decryption apparatus, signature apparatus, authentication apparatus, key sharing method, encryption method, decryption method, signature method, authentication method, and programs
CN114257402A (en) Encryption algorithm determination method and device, computer equipment and storage medium
WO2018100246A1 (en) Method and arrangement for encrypting data
US20200169541A1 (en) Systems and methods for encryption
Hegde et al. A Comparative study on state of art Cryptographic key distribution with quantum networks
CN113923029B (en) Internet of things information encryption method based on ECC (error correction code) hybrid algorithm
CN109194676B (en) Data stream encryption method and data stream decryption method
Leighton et al. Secret Key Agreement without Public-Key Cryptography

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20220826

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)