GB2379843A - Stream cipher encryption system in which a keystream can be extended by concatenating with another keystream to allow encryption of variable length bursts - Google Patents

Stream cipher encryption system in which a keystream can be extended by concatenating with another keystream to allow encryption of variable length bursts Download PDF

Info

Publication number
GB2379843A
GB2379843A GB0215026A GB0215026A GB2379843A GB 2379843 A GB2379843 A GB 2379843A GB 0215026 A GB0215026 A GB 0215026A GB 0215026 A GB0215026 A GB 0215026A GB 2379843 A GB2379843 A GB 2379843A
Authority
GB
United Kingdom
Prior art keywords
key
key stream
encryption
stream
generating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0215026A
Other versions
GB0215026D0 (en
Inventor
Mark Wentworth Rayne
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sepura Ltd
Original Assignee
Sepura Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sepura Ltd filed Critical Sepura Ltd
Publication of GB0215026D0 publication Critical patent/GB0215026D0/en
Publication of GB2379843A publication Critical patent/GB2379843A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Abstract

Encryption is carried out by combining a block of plain text 6 with a key stream segment 9b generated by key stream segment generator 2 in a bit-wise exclusive-or operation 3. The key stream generating algorithm 2 generates the key stream segment for combining with the plain text 6 using an input initialisation vector 5 and an input encryption key 9a. The encryption key 9a used as input by the key stream generator 2 is itself generated by an encryption key generating algorithm A1, in an encryption key generator 1. A further additional parameter input 9 to the encryption key generating algorithm A1 in the form of a two-bit key segment number KSN, allows additional encryption keys to be produced from the same cipher key input 4. These are then used in key stream segment generator 2 to generate additional key stream segments KSSa, KSSb and KSSc which are appended to the basic key stream segment KSS to encipher or decipher longer (in terms of number of bits) transmission bursts.

Description

- 1 - 2379843
COMMUNICATIONS SYSTEMS
5 The present invention relates to communications systems and in particular to encrypted transmissions in communications systems.
Many communications systems, and in particular mobile 10 communications systems such as GSM (Global System for Mobile Communications) and TETRA (Terrestrial Trunked RAdio), send their transmissions (which may be of signalling, user information, eta) in fixed length (in terms of their time period) discrete segments or bursts.
15 In time division multiple access (TDMA) systems, such as GSM and TETRA, each transmission burst is typically the length of (or a fraction of the length of) a single timeslot. 20 In the GSM system, for example, a single timeslot lasts 0.577 ms and can (for normal GSM modulation) carry 114 information bits. The timeslots are arranged in repeating groups of eight timeslots, each group making up a "frame" of length 4.615 me. (See, for example, M. 25 Mouly and M. Pautet, "The GSM System For Mobile Communications", 1992, ISBN 2-9507190-0-7, Cell and Sys, 4 Rue Elisee Reclus, F-91120, PALAISEAU, FRANCE).
In TETRA, each timeslot lasts 14.167 ms and (for normal 30 TETRA modulation) can carry 432 information bits. There are 4 timeslots in a repeating frame of length 56.67 ms, with 18 frames constituting a multiframe, and 60 multi frames constituting a hyper-frame. A transmitting mobile station may transmit on one to four timeslots per 35 frame, and a base station usually transmits on all four timeslots per frame (to the same or differing mobile stations). (See for example, ''Terrestrial Trunked Radio
- 2 - (TETRA); Voice plus Data (V+D); Part 2: Air Interface (AI)", EN 300 392-2, available from ETSI, F06921 Sophia Antipolis CEDEX - FRANCE).
5 It is desired in many communications systems to be able to encrypt some or all transmissions. In mobile communications systems, such encryption is typically performed by means of a stream cipher as, unlike for a block cipher, material encrypted by a stream cipher is 10 no more vulnerable to fades and interference than unencrypted information. (Although the stream cipher may itself be derived from a block cipher operating in a feedback mode, as is known in the art (and as is the case, for example, for TETRA end-to-end encryption).) In a stream cipher, each plain-text (i.e. unencrypted) data bit is combined (using, for example, a bit-wise exclusive-or operation) with a bit from a pseudo random key stream to produce cipher (encrypted) text in the 20 form of a stream of pseudorandom encrypted information bits. The pseudo-random key stream used to encrypt the plain text is generated using a cryptographic algorithm that 25 produces an appropriate key stream. The key stream must be as long (in bits) as the block or portion of plain text that it is desired to encrypt, and thus where data transmission takes place in bursts of a known, fixed length, it is usual to arrange the encryption algorithm 30 to produce fixed, predetermined length key stream segments of a bit-length corresponding to the predetermined, fixed, transmission burst length (or at least the largest anticipated such burst length). In other words, the cryptographic algorithm is arranged to 35 generate a single key stream segment of the same fixed length for every and all transmission bursts, which key stream segment has sufficient (but no more) bits to
encrypt a full timeslot (burst) of information. In such an arrangement, where a burst which is shorter than the full key stream segment is to be encrypted, then a shorter part of the key stream segment is selected to be 5 used for the encryption, and the unused bits are discarded. Thus in the GSM System, for example, each key stream segment generated by the stream cipher encryption 10 algorithm is arranged to have a length of 114 bits, and in TETRA each generated key stream segment is arranged to have a length of 432 bits (being the maximum number of bits which can in the normal course be placed in a standard TETRA timeslot (burst)).
In such arrangements, the transmitter executes the key stream generating algorithm before each successive transmission burst to generate a new key stream segment for encrypting the transmission burst. The receiver 20 uses the same key stream segment generating algorithm to generate the key stream used by the transmitter for a given transmission burst, and uses it to decrypt the transmission burst.
25 The pseudo-random key stream segments used to encrypt the plain text are usually generated by the cryptographic key stream generating algorithm using certain inputs to this algorithm. These inputs are typically at least a secret encryption key (which is 30 usually provided by an operator of the communications system and is common to plural communication units of the system) and a so-called initialization vector (IV).
For any given combination of secret encryption key and 35 initialization vector, the same key stream segment is generated. However, it is desirable for each key stream segment to differ from previous key stream segments in
- 4 - an unpredictable way (as otherwise it may be possible to deduce the value of the key stream by comparing the cipher text transmitted in different bursts). This is usually achieved by altering the initialisation vector 5 in a predictable manner (i.e. such that both the sender and recipient knows which initialisation vector is currently being used) before generating each new key stream segment.
10 In this way, a recipient who knows the secret key and how the initialisation vector varies can reproduce each successive key stream segment, but an opponent who does not know the secret key cannot generate the key stream.
15 It is preferred to vary the initialisation vector to change each key stream segment, as that is less costly than using a new secret encryption key each time. A convenient and typically used way of obtaining a predictable but continually changing initialisation 20 vector is to use communications system parameters, such as the TDMA slot number, frame number, multi-frame number and/or hyper-frame number, to derive the initialisation vector. This information or at least part of it is and may be periodically broadcast by base 25 stations to allow mobile stations to predict the corresponding initialisation vector values.
Furthermore, although these system parameters values (and thus the initialisation vector) will ultimately repeat, for example, once the maximum value of the 30 hyper-frame, multi-frame and frame numbers have been reached, returned to zero and counted up to reach the same values again, that will typically take many days, by which time the secret encryption key can be changed.
Such methods are used in GSM (see, e.g. the book by 35 Mouly and Pautet discussed above), and TETRA (see, e.g., "Terrestrial Trunked Radio (TETRA) ; Voice plus Data (V+D); Part 7: Security", EN 300 392-7, available from
ETSI, F06g21 Sophia Antipolis CEDEX - France).
In a further refinement of such systems, as well as varying the initialization vector as discussed above, a 5 derived encryption cipher key for combining with the initialization vector in place of the original secret key is sometimes generated using the secret encryption key and other determinable system parameters that can be known to both the sender and recipient, such as the 10 communications channel number and mobile or base station location. In such an arrangement, the new derived encryption key would be unique to one location and channel number and generate a correspondingly unique key-stream segment. This can help to further enhance 15 security where, for example, the same initial secret encryption key is used by many different users and over a wide area (such that notwithstanding the variation of the initialization vector discussed above, there would be a greater chance for repetition of frame, multiframe 20 and hyper-frame, etc. numbers, and hence initialization vector (and hence key stream segment), by mobile stations or base stations in different parts of the system). TETRA supports this type of arrangement (see, e.g., EN 300 392-7).
In many communications systems, and in particular mobile communications systems, new developments in digital signal processing, transmitter and receiver design, etc. now make it possible to use much higher transmission bit 30 rates than previously envisaged for communications (e. g. by using different, higher bit rate modulation schemes).
Such higher bit rates may be desirable for, for example, data transmission. Because in such circumstances it will still be desirable to use the existing TDMA burst 35 and timeslot structures of the communications system to provide backwards compatibility with existing systems, the effect of using higher bit rate techniques will be
- 6 that an increased number of data bits are transmitted in each existing burst (e.g. timeslot). It may also be the case that it is desired to transmit at higher bit rates at some times but not at others (e.g. depending on 5 whether data or voice is being transmitted). This could mean that the number of information bits per burst will vary in use.
However, the Applicants have recognized that in such 10 arrangements where stream cipher key stream segments of a fixed length are generated for each transmission burst, then where higher bit rates and numbers of bits in each burst are to be transmitted, the key stream segments generated will not be long enough to encrypt 15 all the information bits to be transmitted in the burst.
According to a first aspect of the present invention, there is provided a method of operating a communications system in which transmission takes place in discrete 20 time period bursts and in which a stream cipher algorithm is used to generate a key stream portion for encrypting or decrypting information bits to be transmitted in a single transmission burst, the method comprising: 25 determining the number of information bits to be transmitted in the next transmission burst; and selecting the length of the key stream portion generated for encryption or decryption of the next transmission burst on the basis of the determined number 30 of information bits to be transmitted in the next transmission burst.
According to a second aspect of the present invention, there is provided a transmitter for a communications 35 system in which transmission takes place in discrete time period bursts and in which a stream cipher algorithm is used to generate a key stream portion for
encrypting information bits to be transmitted in a single transmission burst, the transmitter comprising: means for determining the number of information bits to be transmitted in the next transmission burst; 5 and means for selecting the length of the key stream portion generated for encryption of the next transmission burst on the basis of the determined number of information bits to be transmitted in the next 10 transmission burst.
According to a third aspect of the present invention, there is provided a receiver for a communications system in which transmission takes place in discrete time 15 period bursts and in which a stream cipher algorithm is used to generate a key stream portion for decrypting encrypted information bits transmitted in a single transmission burst, the receiver comprising: means for determining the number of encrypted 20 information bits in a received transmission burst; and means for selecting the length of the key stream portion generated for decrypting the received transmission burst on the basis of the determined number of encrypted information bits in the received 25 transmission burst.
In the present invention, the length of the key stream portion generated for encryption or decryption of a transmission burst is varied, depending on the number of 30 information bits in the transmission burst. Thus the present invention can allow longer or shorter key stream portions to be generated for a given transmission burst, as appropriate. The present invention can therefore, unlike prior systems in which fixed, same-length key 35 stream segments are generated for all transmission bursts, accommodate, inter alla, increases in the number of information bits to be transmitted in a transmission
- 8 burst. Thus, according to a fourth aspect of the present invention, there is provided a method of operating a 5 communications system in which transmission takes place in discrete time period bursts and in which a stream cipher algorithm is used to generate a key stream portion for encrypting or decrypting information bits to be transmitted in a single transmission burst, the 10 method comprising: generating different length key stream portions for encryption or decryption of different bit- length transmission bursts.
15 According to a fifth aspect of the present invention, there is provided a transmitter for a communications system in which transmission takes place in discrete time period bursts and in which a stream cipher algorithm is used to generate a key stream portion for 20 encrypting information bits to be transmitted in a single transmission burst, the transmitter comprising: means for generating different length key stream portions for encryption of different bit-length transmission bursts.
According to a sixth aspect of the present invention, there is provided a receiver for a communications system in which transmission takes place in discrete time period bursts and in which a stream cipher algorithm is 30 used to generate a key stream portion for decrypting information bits transmitted in a single transmission burst, the receiver comprising: means for generating different length key stream portions for decryption of different bit-length 35 transmission bursts.
- 9 - The selected length of the generated key stream portion should be such as to be able to encrypt or decrypt all the information bits in the transmission burst, i.e. the length should be selected to be greater than or equal to 5 the quantity of information to be encrypted and transmitted, or received and decrypted, in the transmission burst.
The number of information bits to be transmitted (or 10 received) in the next transmission burst can be determined as desired. That determination can also be carried out as often as desired, although it should be done whenever appropriate (e.g. a change in transmission burst bit-length is anticipated). Thus, the 15 determination could, for example, be carried out before each and every transmission burst. On the other hand, where, for example, it is known that plural transmission bursts will have the same bit-length (e.g. where a given single transmission will be allocated a fixed burst 20 length), it may not be necessary to determine the number of bits before every transmission burst, and may only be necessary to determine the number of bits in the (each) transmission burst at the start of the transmission, with that number then being reused for the (several) 25 subsequent bursts. In such a case, the length of the next transmission burst could, for example, only be determined when a new transmission (e.g. call) is to be started. 30 The way in which the length of the key stream portion is varied can be selected as desired. For example, the key stream portion generating algorithm could be varied to vary the length of the key stream portion.
35 However, in a particularly preferred embodiment, the key stream portion used to encrypt or decrypt the transmission burst is derived from one or more shorter
- 10 key stream segments each of the same, predetermined, length. In this arrangement, where a longer key stream portion for a transmission burst (time period) is needed, two or more shorter, fixed length key stream 5 segments would be used to make up the desired longer key stream portion. This arrangement allows the same key stream segment generating algorithm to be used for any desired length of key stream portion, simply by repeating the algorithm to generate additional key 10 stream segments where a longer key stream portion is required. It also allows existing key stream segment generating algorithms to be used for the present invention (thereby ensuring compatibility with existing systems and the ability to retrospectively use the 15 present invention with existing systems), as longer key stream portions are provided by repeating the existing algorithm to generate additional key stream segments, rather than by changing the key stream generating algorithm itself. This allows an existing stream 20 cipher, cryptographic algorithm to be used with an increased data throughput (i.e. data content per transmission burst (e.g. timeslot)), and the rate of encryption and decryption to be varied (and in particular increased) without changing the basic stream 25 cipher key stream segment generating cryptographic algorithm. Thus, according to a seventh aspect of the present invention, there is provided a method of operating a 30 communications system in which transmission takes place in discrete time period bursts and in which a stream cipher algorithm is used to generate key stream segments of a predetermined length for encrypting or decrypting information bits to be transmitted, the method 35 comprising: determining the number of information bits to be transmitted in the next transmission burst; and
- 11 where it is determined that the number of information bits in the next transmission burst is greater than the predetermined length of a single key stream segment generated by the stream cipher algorithm, 5 generating additional such key stream segments to provide sufficient key stream segments to match or exceed the number of information bits to be transmitted in the next transmission burst.
10 According to an eighth aspect of the present invention, there is provided a transmitter for a communications system in which transmission takes place in discrete time period bursts and in which a stream cipher algorithm is used to generate key stream segments of a 15 predetermined length for encrypting information bits to be transmitted in a single transmission burst, the transmitter comprising: means for determining the number of information bits to be transmitted in the next transmission burst; 20 and means for, where it is determined that the number of information bits in the next transmission burst is greater than the predetermined length of a single key stream segment generated by the stream cipher algorithm, 25 generating additional such key stream segments to provide sufficient key stream segments to match or exceed the number of information bits to be transmitted in the next transmission burst.
30 According to a ninth aspect of the present invention, there is provided a receiver for a communications system in which transmission takes place in discrete time period bursts and in which a stream cipher algorithm is used to generate key stream segments of a predetermined 35 length for decrypting encrypted information bits transmitted in a single transmission burst, the receiver comprising:
- 12 means for determining the number of encrypted information bits in a received transmission burst; and means for, where it is determined that the number of information bits in the received transmission burst 5 is greater than the predetermined length of a single key stream segment generated by the stream cipher algorithm, generating additional such key stream segments to provide sufficient key stream segments to match or exceed the number of information bits to be transmitted 10 in the received transmission burst.
According to a tenth aspect of the present invention, there is provided a method of operating a communications system in which transmission takes place in discrete 15 time period bursts and in which a stream cipher algorithm is used to generate key stream segments of a predetermined length for encrypting or decrypting information bits to be transmitted, the method comprising: 20 using two or more of the predetermined length key stream segments to encrypt the information bits to be transmitted in a single transmission burst.
According to an eleventh aspect of the present 25 invention, there is provided a transmitter for a communications system in which transmission takes place in discrete time period bursts and in which a stream cipher algorithm is used to generate key stream segments of a predetermined length for encrypting information 30 bits to be transmitted in a single transmission burst, the transmitter comprising: means for using two or more of the predetermined length key stream segments to encrypt the information bits transmitted in a single transmission burst.
According to a twelfth aspect of the present invention, there is provided a receiver for a communications system
- 13 in which transmission takes place in discrete time period bursts and in which a stream cipher algorithm is used to generate key stream segments of a predetermined length for decrypting encrypted information bits 5 transmitted in a single transmission burst, the receiver . comprising: means for using two or more of the predetermined length key stream segments to decrypt the information bits transmitted in a single transmission burst.
In these arrangements, for longer transmission bursts, two or more separate key stream segments will be used to encrypt or decrypt the data transmitted or received in the single transmission burst, i.e. the overall key 15 stream portion used to encrypt or decrypt the data transmitted or received in the transmission burst will be made up of plural smaller (same length) key stream segments. The combined individual key stream segments should add up to a total length equal to or greater than 20 the number of bits to be encrypted (or decrypted) in the transmission burst.
The combined key stream segments (or as much of them as is required) should be used to encrypt (or decrypt) the 25 bits to be encrypted (or decrypted) in the transmission burst. Where the total length of the combined key stream segments is greater than required, the excess key stream bits can simply be discarded.
30 Where, as in these aspects and arrangements of the present invention, a greater length key stream portion is generated by combining plural smaller key stream segments, each key stream segment making up the longer key stream portion is preferably different. This is 35 because, as noted above, repetition of a key stream segment is undesirable. Most preferably the plural key stream segments used for a single transmission burst
- 14 differ from each other (and preferably from key stream segments used for other transmission bursts) in an unpredictable manner.
5 The key stream segment variation could be achieved by varying the initialisation vector used to generate each key stream segment in the usual manner for the encryption scheme in question. However, where, for example, the initialisation vector to be used depends on 10 the burst (timeslot, frame, eta) number, this would reduce the time between repeats of the initialisation vector, as would reserving the higher order bit or bits of the initialisation vectors for possible "multiple" key stream segment bursts (as that would also reduce the 15 number of different initialisation vectors available for different transmission bursts). Such reduction of the time between repeats of the initialisation vector is undesirable, as it reduces the time after which the secret key used in the key stream generating algorithm 20 must be replaced, which can be expensive and inconvenient. Thus in a particularly preferred embodiment where plural shorter individual key stream segments are used to make 25 up a longer key stream portion for encrypting or decrypting a single transmission burst, the individual key stream segments for the burst are made different from each other by altering the encryption key which is used with the initialisation vector in the key stream 30 segment generating algorithm. In this arrangement, for each transmission burst, the key stream segment generating algorithm will be executed with as many different generated encryption keys as are required to generate sufficient key stream segments to encrypt or 35 decrypt the burst.
- 15 Thus, according to a thirteenth aspect of the present invention, there is provided a method of operating a communications system in which data is transmitted in discrete time period bursts and in which a stream cipher 5 encryption algorithm is used to generate a key stream segment from an encryption key and an initialization vector for use to encrypt or decrypt data for transmission, the method comprising: generating and using plural key stream segments for 10 encrypting or decrypting a single transmission burst; wherein each key stream segment used for the transmission burst is generated using a different encryption key, whereby the key stream segments used for the transmission burst are all different.
According to a fourteenth aspect of the present invention, there is provided a transmitter for a communications system in which transmission takes place in discrete time period bursts and in which a stream 20 cipher algorithm is used to generate a key stream segment from an encryption key and an initialization vector for encrypting information bits to be transmitted in a single transmission burst, the transmitter comprising: 25 means for generating and using plural key stream segments for encrypting a single transmission burst; wherein each key stream segment used for the transmission burst is generated using a different encryption key, whereby the key stream segments used for 30 the transmission burst are all different.
According to a fifteenth aspect of the present invention, there is provided a receiver for a communications system in which transmission takes place 35 in discrete time period bursts and in which a stream cipher algorithm is used to generate a key stream segment from an encryption key and an initialization
- 16 vector for decrypting encrypted information bits transmitted in a single transmission burst, the receiver . comprlelug: means for generating and using plural key stream 5 segments for decrypting a single transmission burst; wherein each key stream segment used for the transmission burst is generated using a different encryption key, whereby the key stream segments used for the transmission burst are all different.
Using multiple encryption keys in the key stream generating algorithm to generate multiple key stream segments allows an increased number of key stream segments to be generated but without reducing standard 15 initialization vector life and the period between which new encryption keys must be provided to the communications units (stations) of the communications system. 20 Additional encryption keys for use in the key stream segment generating algorithm when additional key stream segments for a transmission burst are required could be provided to communications units by the communications system for storage and use as appropriate. However, 25 this may be undesirable as it can be expensive and inconvenient to manage and store such additional encryption keys.
In a particularly preferred embodiment of the present 30 invention therefore, the additional encryption keys for use in the key stream segment generating algorithm are generated in use from a single initial encryption key (which would be the secret key provided to the communications units for use at that time). This avoids 35 the need to provide and store permanently multiple such encryption keys in the communications units.
- 17 The way that the additional encryption keys are generated from the initial key can be selected as desired, but the generation process should be predictable or predetermined (so that both the sender 5 and recipient can generate the same encryption key).
In a preferred such embodiment each encryption key to be used in the key stream segment generating algorithm is generated from the initial encryption key using a 10 further, variable parameter. This additional parameter should be varied in a predetermined or predictable manner as successive encryption keys are generated and should also be such thatdifferent values of the additional parameter generate a different output, 15 encryption key. The additional parameter is preferably varied according to a (preferably predetermined) sequence which is known to both the transmitter and receiver. In a preferred such arrangement, the additional parameter is incremented or decremented (e.g. 20 by one or some other value) for each successive encryption key to be generated.
The additional parameter should be set to a value which can be deduced by the receiver at the start of each new 25 transmission burst (and then varied appropriately to generate additional encryption keys (and thus key stream segments)). Most preferably, the additional parameter is set to the same value at the start of each new transmission burst, and then varied from that value 30 (e.g. by incrementing or decrementing it) if additional key stream segments are required for the burst.
In a particularly preferred embodiment, the additional parameter is a key segment number, which, as discussed 35 above, is preferably set to the same value (e.g. zero) at the start of and for the first key stream segment of each burst, and then varied in a predictable manner,
- 18 preferably by incrementing or decrementing its value in a predetermined manner (e.g. by one), for each additional key stream segment (if any) required for the transmission burst.
The way that the additional parameter such as a key segment number is used to generate the encryption keys can be selected as desired. It could, for example, be combined with the initial key in some way, e.g. in an 10 exclusive-or operation. Alternatively or additionally it could be used to form or alter some other input value which is then combined with the initial input cryptographic key to generate the encryption keys to be used in the key stream segment generating algorithm. The 15 process is preferably such that the output encryption key is dependent on every bit of all inputs, and each output key is different.
In these embodiments, the encryption key generating 20 algorithm could, if desired, use other system parameters such as the channel number and communications unit's location, as discussed above, in addition to the initial encryption key and the additional parameter such as the key segment number, when generating the encryption 25 key(s) to be used in the key stream segment generating algorithm. In such an arrangement, these other system parameters could, for example, be used to form or alter some other 30 input value which is then combined with the initial input cryptographic key to generate the encryption keys to be used in the key stream segment generating algorithm (e.g. by repeating them in some order to form a suitable input number), and the additional, 35 key- varying parameter could be used to vary that input value, or one (or more than one) of the other system parameters that make it up (e.g. by combining the
- 19 additional parameter with the system parameter, such as the colour code, in an exclusive-or operation, the result of which is used in the input value to be combined with the initial encryption key - where this is 5 done, it is preferably done asymmetrically, i.e. such that where the system parameter is repeated, not all copies are altered by the additional parameter). The additional parameter could also or instead be used to alter the initial input cryptographic key.
It is believed that these techniques for generating additional encryption keys for use in a stream cipher algorithm are advantageous in their own right. Thus, according to a further aspect of the present invention, 15 there is provided a method of generating from a single input encryption key, two or more encryption keys for use in a stream cipher key stream segment generating algorithm, the method comprising: generating each of the two or more encryption keys 20 from the input key using an additional parameter, wherein the additional parameter is varied for each encryption key generated in such a way that generating an encryption key with each additional parameter value produces a different output encryption key.
According to a further aspect of the present invention, there is provided an apparatus for generating from a single input encryption key, two or more encryption keys for use in a stream cipher key stream segment generating 30 algorithm, the apparatus comprising: means for generating each of the two or more encryption keys from the input key using an additional parameter, wherein the additional parameter is varied for each encryption key generated in such a way that 35 generating an encryption key with each additional parameter value produces a different output encryption key.
- 20 These aspects of the present invention can include any or all of the preferred features discussed above. Thus, for example, the additional parameter preferably varies in a predictable manner, preferably by incrementing or 5 decrementing its value.
In a particularly preferred embodiment of the present invention, one value of the additional parameter (e.g. key segment number) is selected such that it will give 10 the same encryption key for use in the key stream segment generating algorithm as would be the case when no additional parameter is used in generating the encryption key (e.g. no additional parameter is combined with the common input key), i.e. the same output key is 15 produced as would be produced by equipment not using the additional parameter. This can allow backwards compatibility with existing equipment which does not generate additional encryption keys from the input key, as by setting the additional parameter to this 20 particular value, the encryption key generator will generate the same key as would be used by the existing equipment. The particular additional parameter value that does this can be selected as desired, but could, for example, conveniently be zero.
In a particularly preferred arrangement of this embodiment, the particular value of the additional parameter that gives the same key as would be the case if no additional parameter was used, is always used to 30 generate the encryption key for the first encryption key segment used for each burst. This means that the first (and for normal rate data, the only) key stream segment for each burst should always be compatible with existing equipment (which may only be able to generate and handle 35 bursts no longer than a single key stream segment in any event). If more key stream segments are required for a given burst, then additional encryption keys and key f
- 21 stream segments can be generated by changing the value of the additional parameter as discussed above.
In the above aspects and embodiments of the present 5 invention, it would be possible to vary only the encryption key used in the key stream segment generating algorithm to vary the key stream segments making up the key stream portion for a transmission burst (i.e. such that the initialisation vector is not altered for the 10 different key stream segments making up the key stream portions for the transmission burst and the same initialisation vector is used to generate each key stream segment for a given transmission burst).
15 However, such an arrangement would mean that the same initialisation vector is used for multiple successive key stream segments (i.e. the segments for a given transmission burst), which could provide a malicious attacker with multiple key stream segments against which 20 to test a trial, maliciously derived, cryptographic key more easily (since the initialisation vector is not varying for those key stream segments). Thus, preferably, the initialisation vector is also changed for each key stream segment for a transmission burst.
25 Changing the initialisation vector means that both the encryption key and the initialisation vector will change for each successive key stream segment produced and so it should be less easy for a malicious attacker to find suitable key stream segments against which to test a 30 trial key.
Thus in a particularly preferred embodiment where plural shorter individual key stream segments are used to make up a longer key stream portion for encrypting or 35 decrypting a single transmission burst, the individual key stream segments for the burst are generated using different initialisation vectorstin the key stream
- 22 segment generating algorithm. Preferably, each key stream segment for the burst is generated using an initialisation vector that differs from all the other initialisation vectors used for that burst. In this 5 arrangement, for each transmission burst, the key stream segment generating algorithm will be executed with as many different initialisation vectors as are required to generate sufficient key stream segments to encrypt or decrypt the burst.
Additional initialisation vectors for use in the key stream segment generating algorithm when additional key stream segments for a transmission burst are required could be provided to communications units by the 15 communications system for storage and use as appropriate. However, this may be undesirable as it can be expensive and inconvenient to manage and store such additional initialisation vectors.
20 In a particularly preferred embodiment of the present invention therefore, the additional initialisation vectors for use (with the additional encryption keys) in the key stream segment generating algorithm are generated in use from a single initial initialisation 25 vector (which would be the "standard" initialisation vector that would normally be used by the communications units at the time in question). This avoids, as for the multiple encryptions keys, the need to provide and store permanently multiple such initialisation vectors in the 30 communications units.
The way that the additional initialisation vectors are generated from the initial initialisation vectors can be selected as desired, but the generation process should 35 be predictable or predetermined (so that both the sender and recipient can generate the same initialisation vector) .
- 23 In a preferred such embodiment each initialization vector to be used in the key stream segment generating algorithm is generated from the initial initialization vector using a further, variable parameter. This 5 additional parameter should be varied in a predetermined or predictable manner as successive initialization vectors are generated and should also be such that different values of the additional parameter generate a different initialization vectors. The additional 10 parameter is preferably varied according to a (preferably predetermined) sequence which is known to both the transmitter and receiver. In a preferred such arrangement, the additional parameter is incremented or decremented (e.g. by one or some other value) for each 15 successive initialization vector to be generated.
The additional parameter should be set to a value which can be deduced by the receiver at the start of each new transmission burst (and then varied appropriately to 20 generate additional initialization vectors (and thus key stream segments)). Most preferably, the additional parameter is set to the same value at the start of each new transmission burst, and then varied from that value (e.g. by incrementing or decrementing it) if additional 25 key stream segments are required for the burst.
In a particularly preferred embodiment, the additional parameter is a key segment number, which, as discussed above, is preferably set to the same value (e.g. zero) 30 at the start of and for the first key stream segment of each burst, and then varied in a predictable manner, preferably by incrementing or decrementing its value in a predetermined manner (e.g. by one), for each additional key stream segment (if any) required for the 35 transmission burst.
In a particularly preferred embodiment the additional
- 24 parameter, e.g. key segment number, used to vary the initialisation vector is the same additional parameter, e.g. key segment number, as is used as discussed above to generate and vary the different encryption keys used 5 for each key stream segment. In such an arrangement the same additional parameter value will be used to generate an encryption key and initialisation vector for a given key stream segment of a transmission burst.
10 The way that the additional parameter such as a key segment number is used to generate the initialisation vectors can be selected as desired. It could, for example, be combined with the initialisation vector in some way, e.g. in an exclusive-or operation.
Alternatively or additionally, the additional parameter (e.g. key segment number) could be used to "step" the initialisation vector through its normal varying sequence to give different initialisation vectors for 20 each key stream segment for a given transmission burst.
In this arrangement the initialisation vector could simply change to the next value in the standard initialisation vector varying sequence for each new key stream segment for a transmission burst.
However, preferably the initialisation vector is changed to a value in the sequence that is spaced from its previous value, as that may make it more difficult for a malicious attacker to know the initialisation vector 30 changes and find key stream segments to test trial keys against. Preferably the step size is such as to allow the largest possible spacings in the sequence between successive initialisation vectors for a given transmission burst. Thus, for example, where up to n 35 key stream segments and hence initialisation vectors could be required for a single transmission burst, the step size is preferably Ninth of the total.
- 25 -
initialisation vector sequence (lifetime).
It should be noted that in these arrangements, the initialisation vector repeat period for a given initial 5 encryption key (i.e. the key supplied to the communication unit) is not altered (since although additional initialisation vector values are used for the additional key stream segment, that use is with different, derived encryption keys, not the initial 10 encryption key). Thus each initial encryption key and initialisation vector combination still only occur once during the original lifetime of an initialisation vector cycle (sequence). This means, for example, that the lifetime of the initial (master) encryption key from 15 which the encryption keys for creating the key stream segments are produced is unchanged from the lifetime in communication units which do not produce multiple key stream segment portions for a given transmission burst.
20 With these arrangements, there may be a repeat of an initialisation vector value used with one initial encryption key with a second initial encryption key (e.g. being used by a different communications unit) more quickly than might normally the case (since extra 25 values in the initialisation vector sequence are being used and more frequently). However, any such repetition should, particularly where the initialisation vector change 'step" size is longer (e.g. greater than one) be relatively widely spaced (e.g. over a few days), thereby 30 making any malicious attack more difficult.
The initialisation vector generation process preferably is such that each output initialisation vector is dependent on every bit of all inputs to that process and 35 each output initialisation vector is different.
It is believed that these techniques for generating
- 26 initialisation vectors for use in a stream cipher algorithm are advantageous in their own right. Thus, according to a further aspect of the present invention, there is provided a method of generating two or more 5 initialisation vectors for use in a stream cipher key stream segment generating algorithm, the method comprising: generating each of the two or more initialisation vectors from an input initialisation vector using an 10 additional parameter, wherein the additional parameter is varied for each initialisation vector generated in such a way that generating an initialisation vector with each additional parameter value produces a different output initialisation vector.
According to a further aspect of the present invention, there is provided an apparatus for generating two or more initialisation vectors for use in a stream cipher key stream segment generating algorithm, the apparatus 20 comprising: means for generating each of the two or more initialisation vectors from an input initialisation vector using an additional parameter, wherein the additional parameter is varied for each initialisation 25 vector generated in such a way that generating an initialisation vector with each additional parameter value produces a different output initialisation vector.
These aspects of the present invention can include any 30 or all of the preferred features discussed above. Thus, for example, the additional parameter preferably varies in a predictable manner, preferably by incrementing or decrementing its value.
35 In a particularly preferred embodiment of the present invention, as for the multiple encryption key generation process, the multiple initialisation vector generation
- 27 process is preferably such that one value of the additional parameter (e.g. key segment number) can be (and is) selected such that it will give the same initialisation vector for use in the key stream segment 5 generating algorithm as would be the case when no additional parameter is used in generating the initialisation vector (e.g. no additional parameter is combined with the initial initialisation vector).
10 Most preferably the same value of the additional parameter as gives an "unchanged" encryption key also gives an "unchanged" initialisation vector, as then in that case the same overall output key stream segment is produced as would be produced by equipment not using the 15 additional parameter. This can allow backwards compatibility with existing equipment which does not generate additional encryption keys and/or initialisation vectors from the input key and initialisation vector, as by setting the additional 20 parameter to this particular value, the encryption key stream generator will generate the same key stream segment as would be used by the existing equipment. The particular additional parameter value that does this can be selected as desired, but could, for example, 25 conveniently be zero.
In a particularly preferred arrangement of this embodiment, the particular value of the additional parameter that gives the same initialisation vector (and 30 preferably, encryption key) as would be the case if no additional parameter was used, is always used to generate the initialisation vector (and encryption key) for the first key stream segment used for each burst.
This means that the first (and for normal rate data, the 35 only) key stream segment for each burst should always be compatible with existing equipment (which may only be able to generate and handle bursts no longer than a
- 28 single key stream segment in any event). If more key stream segments are required for a given burst, then additional initialization vectors, and/or encryption keys, and key stream segments can be generated by 5 changing the value of the additional parameter as discussed above.
As discussed above, the present invention is particularly, although not exclusively, applicable to 10 mobile communications systems. Thus the present invention also extends to base stations and mobile stations of a mobile communications system incorporating or using any or all of the above aspects and preferred features of the present invention.
It will be further appreciated that aspects and embodiments of the present invention can be implemented in removal memory modules (such as SIMS, Subscriber Identity Modules) used in communications units such as 20 mobile stations. Thus the present invention also extends to a removable memory module for a communications unit of a communications system incorporating or using any or all of the above aspects and preferred features of the present invention. Such a 25 memory module could have, as will be appreciated by those skilled in the art, both a memory for storing data, and appropriate processing means for carrying out the steps of the present invention.
30 Furthermore, although the present invention has been described with reference to communications systems, as will be appreciated by those skilled in the art, it applies to stream cipher encryption systems generally, and thus the invention also extends to a stream-cipher 35 encryption system incorporating or using any or all of the above aspects and preferred features of the present invention.
- 29 The methods in accordance with the present invention may be implemented at least partially using software e.g. computer programs. It will thus be seen that when viewed from further aspects the present invention 5 provides computer software specifically adapted to carry out the methods hereinabove described when installed on data processing means, and a computer program element comprising computer software code portions for performing the methods hereinabove described when the 10 program element is run on data processing means. The invention also extends to a computer software carrier comprising such software which when used to operate a system comprising data processing means causes in conjunction with said data processing means said system 15 to carry out the steps of the method of the present invention. Such a computer software carrier could be a physical storage medium such as a ROM chip, CD ROM or disk, or could be a signal such as an electronic signal over wires, an optical signal or a radio signal such as 20 to a satellite or the like.
It will further be appreciated that not all steps of the method of the invention need be carried out by computer software and thus from a further broad aspect the 25 present invention provides computer software and such software installed on a computer software carrier for carrying out at least one of the steps of the methods set out hereinabove.
30 A number of preferred embodiments of the present invention will now be described by way of example only and with reference to the accompanying drawings in which: Figure 1 shows schematically a stream cipher 35 encryption mechanism in accordance with a first embodiment of the present invention; Figure 2 also shows schematically a stream cipher
- 30 encryption mechanism in accordance with the first embodiment of the present invention; Figure 3 shows schematically the generation of multiple encryption keys in accordance with an 5 embodiment of the present invention; Figure 4 shows schematically another preferred embodiment of the generation of multiple encryption keys in accordance with the present invention; and Figure 5 shows schematically a second embodiment of 10 a stream cipher encryption mechanism in accordance with the present invention.
The present invention will be described with particular reference to a TETRA mobile communications system.
15 However, as noted above, and as will be appreciated by those skilled in the art, the invention is applicable to communications systems generally.
Figure 1 shows schematically an example of a method of 20 creating multiple encryption keys and creating multiple stream cipher key stream segments in accordance with a first embodiment of the present invention. The basic encryption process (which is a standard stream cipher process) converts a block of plain text 6 into cipher 25 (encrypted) text 7 for transmission over the radio interface using a key stream cipher mechanism.
Encryption is carried out by combining the block of plain text 6 with a key stream segment 9b generated by key stream segment generator 2 in a bit-wise 30 exclusive-or operation 3.
(In the receiver, the reverse operation is carried out to convert the received cipher text to plain text, i.e. to decrypt the block of cipher text received.) The key stream generating algorithm 2 generates the key stream segment for combining with the plain text 6 using
- 31 an input initialization vector 5 and an input encryption key 9a.
The encryption key 9a used as input by the key stream 5 generator 2 is itself generated by an encryption key generating algorithm Al, in an encryption key generator.
The encryption key generator l uses a number of inputs to generate the encryption key 9a to be used in the key stream generator 2.
The inputs to the encryption key generator 1 include an initial encryption cipher key CK, 4. This is a common initial encryption key which is provided to users of the communications system by an operator of the 15 communication system, as is known in the art.
In addition to the cipher key CK, the encryption key generating algorithm Al also uses other inputs 8, including, for example, the particular location area of 20 the communications unit, LA, a scrambling "colour code" CC used to distinguish signalling from different radio base stations (to ensure that communications are only conducted with the correct base station), and the current channel number, CN. (These inputs are used, as 25 is known in the art, to make the output encryption cipher key 9a distinctive in different base stations, so as to try and avoid repetition of the generated key stream at different base stations).
30 As well as the various input listed above, other parameters which distinguish between base stations would suffice. As discussed above, in the normal operation of a key 35 stream cipher, the blocks of plain text to be encrypted will be set to a length equal to the type of transmission burst (e.g. timeslot) being used, and the
- 32 length of the key stream segment 9b generated by the key stream segment generator 2 will be set to correspond to the bit-length of the longest or a typical transmission burst. In the case of TETRA this is 432 bits.
However, as discussed above, the applicants have recognized that where higher rates or levels of modulation are used, a given transmission burst will contain more information bits that need to be encrypted.
10 The present invention facilitates stream cipher encryption of such longer transmission bursts, by allowing the generation, of additional key stream segments. These additional key stream segments can be appended to the basic key stream segment to encipher or 15 decipher a transmission burst in excess of the standard burst length (i.e. 432 bits in TETRA).
This is achieved in this embodiment by using, in addition to the cipher key CK input 4, and the 20 additional parameter inputs 8, a further additional parameter input 9 in the form of a two-bit key segment number KSN in the encryption key generating algorithm Al. This key segment number 9 is varied in a predictable manner to allow the encryption key 25 generating algorithm Al to generate additional encryption keys for use in the key segment generator 2 from the same cipher key input 4 and other inputs 8.
In this embodiment the key segment number input KSN 9 is 30 a two-bit number and is arranged such that inputting key segment number "OO2" results in an output encryption cipher key ECK which is the same as in existing TETRA arrangements, thus making this case compatible with existing TETRA products (i.e. backwards compatible).
35 However, inputting key segment number "012" results in the encryption key generating algorithm Al producing a different encryption cipher key ECKa, and further
- 33 incrementing the key segment number KSN produces further different encryption cipher keys, ECKb and ECKc. These additional encryption cipher keys can be used in key stream segment generator 2 to generate additional key 5 stream segments KSSa, KSSb and KSSc which can be appended to the basic key stream segment KSS to encipher or decipher longer (in terms of numbers of bits) transmission bursts.
10 This embodiment uses a two-bit key segment number, which allows up to a four-fold increase in transmission burst data content. However, the additional parameter or key segment number may be increased in size as much as desired to generate sufficient additional key stream 15 segmentsto accommodate much longer bursts.
Figure 2 shows schematically an example of how the multiple key-stream segments generated in the present embodiment may be used to encrypt longer data bursts.
20 In this example, the situation where the normal transmission burst length, and hence the standard key stream segment length, is 432 bits, but a plain text burst of length of 1080 bits is to be transmitted, will be considered.
As shown in figure 2, first of all the input cipher key CK is input to key generating algorithm Al together with key segment number KSN = 002 and other system parameters LA (location area) and CN (channel number) to create a 30 first encryption cipher key ECK (step 10). The encryption cipher key ECK and the initialization vector IV are then input into the key stream generator to generate a key stream segment KSS, 12 (step 11). The key stream segment KSS is then combined with an input 35 plain text block 13 in a blt-wise exclusive-or function (step 14) to generate a cipher text block 5 for transmission.
However, as discussed above, the key stream segment KSS is only 432 bits long, and so therefore is not long enough to encrypt the entire plain text burst (which has 5 a length of 1080 bits). It is therefore necessary to generate a further key stream segment for encrypting the next part of the plain-text burst to be transmitted.
This is done by incrementing the key segment number KSN 10 to 012 (step 16), and using that key segment number together with the cipher key CK and channel number CN and location LA in the encryption key generating algorithm Al to generate a further encryption cipher key ECKa (step 17). This further encryption cipher key ECKa 15 is then used with the initialization vector IV in a second execution of the key stream generator (step 18) to generate a further key stream segment KSSa 19. This second key stream segment KSSa is then exclusive-or'd (step 21) with the next part 20 of the plain-text burst 20 (comprising bits 432 to 861 of the plain-text burst).
This provides another segment of cipher text 22 for transmission in the burst.
As even following this additional key stream segment 25 encryption, there are still bits 862 to 1079 of the plain-text burst to be encrypted, the process is repeated again, incrementing the key segment number once more (step 23) to generate a third key stream segment KSSb 26 (using the encryption key generating algorithm 30 Al (step 24) and the key segment generator (step 25)).
The third key stream segment KSSb is then exclusive-or'd with the remaining part 29 (bits 862 to 1079) of the plain-text burst (step 28) to complete the encryption (or decryption) of the transmission burst and provide 35 the final part 30 of the cipher text for transmission.
As will be appreciated by those skilled in the art, it
- 35 is in fact only bits 0 to 217 of the third key stream segment KSSb that are exclusive-or'd with the remaining bits of the plain-text burst. The remaining part 27 (comprising the bits 218 - 431) of the third key stream 5 segment KSSb is not used and may therefore be discarded.
(As will be appreciated by those skilled in the art, these various operations may be carried out by hard-
wired logic, by one or more integrated circuits, by 10 steps of a computer program, or by a mixture of these things, etc.).
The above operations can be used as appropriate to generate sufficient key stream segments to encrypt 15 whatever size of plain-text burst is required. For example, where a single key stream segment is of sufficient length to encrypt the entire plain-text burst, then only a single key stream segment need be generated. On the other hand, for longer plaintext 20 bursts, one or more additional key stream segments can be generated as discussed above to provide in total sufficient key stream segments to encrypt the entire plain-text burst to be transmitted.
25 Table 1 below gives an example of this for a hypothetical TETRA radio system with extended data rate capabilities and shows how different bitlength bursts may use different numbers of key stream segments. Table 1 is a table of the various different logical channels 30 that the system might support and shows what key stream segments need to be generated and used to encrypt the various corresponding transmission bursts.
TABLE 1: Key Stream Segment (KSS) Allocation to Logical Channels Logical channel Bits in channel KSS assignment 5 TCH/2.4 144 KSS(124 267)
TCH/4.8 288 KSS(124 411)
TCH/7.2 (note 1) 432 KSS(0 431) STCH+TCH/2.4 124 + 144 KSS(0 123)+KSS(124 267)
STCH+TCH/4.8 124+288 KSS(0 123)+KSS(124 411)
10 STCH+TCH/.2 124+432 KSS(0 123)+KSS(0 431) (note 1) TCH/S (full) 274 KSS(0 273) STCH+TCH/S 124+137 KSS(0 123)+KSS(216 352)
SCH/F 268 KSS(0 267)
SCH/HU (note 2) 92 KSS(O 91) 15 SCH/HU+SCH/HU 92+92 KSS(O 91)+KSS(216 307)
SCH/HD+SCH/HD 124+124 KSS(O 123)+KSS(216 339)
STCH+STCH 124+124 KSS(0 123)+KSS(216.339)
SCHF-F 440 KSS(0 431)+KSSa(0 7)(note 3) TCHa/3.6 216 KSS(0 215) 20 TCHa/7. 2 432 KSS(0 431) TCHa/10.8 648 KSS(0 431)+KSSa(0 215) (note 3) TCHb/7.2 432 KSS(0 431) TCHb/9.6 576 KSS(0 431)+KSSa(0 143)(note 3) TCHb/14.4 864 KSS(0 431)+KSSa(0 431)(note 3) 25 TCHc/10.3 648 KSS(0 431)+KSSa(0 215) (note 3) TCHc/14.4 864 KSS(0 431)+KSSa(0 431)(note 3) TCHc/21.6 1296 KSS(0.431)+KSSa(0 431)+KSSb (0..431) (notes 3, 4) 30 Note 1: Where TCH/7. 2 is stolen the first 216 encrypted bits of TCH/7.2 are not transmitted.
Note 2: SCH/HU KSS allocation applies whether the first or second half slot is selected for transmission. 35 Note 3: KSS is generated by using KSN=002 in Algorithm Al and using the resulting ECK in KSG, KSSa is generated by using KSN=012 in Algorithm A1 and
- 37 using the resulting ECKa in KSG Note 4: KSSb is generated by using KSN=1O2 in Algorithm Al and the resulting ECKb in KSG.
5 As can be seen from Table 1, the transmission bursts for logical channels TCH/2.4 to STCH+STCH can all be encrypted with a single 432-bit key stream segment.
However, as shown in the key stream segment (KSS) assignment column, hypothetical logical channels SCHF-F 10 TCHa/10.8, TCHb/9.6, TCHc/10.8, TCHc/14.4, and TCHc/21.6 all carry more than 432 bits per transmission burst and therefore require the use of additional key stream segments KSSa (and KSSb where appropriate) in addition to the base key stream segment KSS.
Figure 3 shows schematically a preferred embodiment of a method for creating multiple encryption keys in accordance with the present invention.
20 In the process of Figure 3, the initial 80-bit input cipher key CK, 52 (which is the common key supplied to users of the system) is exclusivelyv' d (block 51) with another 80-bit input value 50 to provide the 80-bit encryption cipher key ECK 53 for use in the key stream 25 segment generating algorithm. This input value 50 which is exclusively-or'd with the initial cipher key CK is generated using the various input values as discussed above, such as the channel number ON, the location LA, the colour code CC, and the key segment number KSN.
In this embodiment the input value 50 is derived by repeating the location value LA, channel number ON, and the colour code value CC (but modified by the key segment number KSN, as discussed below) several times to 35 make up an 80-bit input block for matching to the 80-bit cipher key CK 52. The order of repeating of these values is arbitrary and any defined sequence and number
- 38 of repeats would suffice. It is also not essential to make up a length of 80 bits for the input block 50.
The key segment number KSN that allows different 5 encryption cipher keys to be produced from the same basic inputs is used in this embodiment to vary the input block 50 to achieve this. To do this, the key segment number KSN is first is doubled up to make a 4-
bit block 54, which block 54 is then exclusively-v 'd 10 with the colour code CC (step 55). The resulting modified colour code value is then used to form part of the input block 50 as discussed above. In this way, the key segment number KSN varies the colour code value CC used in the input block 50, and therefore varies that 15 block 50 depending on the key segment number KSN. As the modified colour code CC is repeated several times in the input block 50, the key segment number KSN affects several bits of the derived encryption key ECK 53.
20 It should further be noted that in this arrangement when the key segment number KSN is zero, the generated encryption key ECK 53 is not affected by the key segment number. This facilitates backwards compatibility with existing cryptographic equipment.
Thus in this embodiment of the invention, additional key stream segments are generated when necessary by combining the initial secret encryption key supplied to users of the communications system (and which will be 30 common to plural users of the system) with an additional parameter in the form of a key segment number in a key generating algorithm to provide encryption keys in addition to the initial encryption key for use in the key stream segment generating algorithm.
Figure 4 shows an alternative multiple encryption key generating method. The method is basically the same as
- 39 that shown in Figure 3, but the key segment number is only used to alter some but not all of the colour code CC values used to make the input number 50. Using the key segment number to alter the input value in an 5 asymmetric way like this (i.e. such that where an input value is repeated, not all copies are altered by the key segment number) may make a key stream segment repeat less likely. The key segment number could also or additionally be used to alter more than one input 10 parameter, and/or be used to modify the input cipher key CK. It will be appreciated by those skilled in the art that there are many other ways in which the encryption cipher 15 key ECK 53 can be generated and these are just two examples, which have the advantage that when the key segment number is zero, it has no effect on the output key and therefore facilitates backward compatibility.
Preferably any encryption cipher key generation process 20 used is such that each output key is dependent on every bit of all inputs to the process and each output key is different. In the above embodiments of the present invention, 25 although the encryption key used in the key stream segment generating algorithm is varied to vary the key stream segments for a given transmission burst, the same initialization vector is used to generate each key stream segment for a given transmission burst. However, 30 the Applicants have recognized that such an arrangement can be disadvantageous, as it may effectively reduce the size of the available ''keyspace".
Thus in another particularly preferred embodiment of the 35 present invention, as well as varying the encryption key used in the key stream segment generating algorithm, the initialization vector used for each individual key
- 40 stream segment for a transmission burst is also changed.
Figure 5 shows schematically an example of a method of creating multiple stream cipher key segments using 5 multiple encryption keys and multiple initialisation vectors in accordance with this embodiment of the present invention. The encryption process is basically the same as that illustrated in and discussed above with reference to Figures 1 and 2 (and like components are 10 shown with like reference numerals in Figure 5.
However, in this embodiment plural initialisation vectors 62 for use in the key stream segment generator 2 are generated from the initial initialisation vector 5 and the key segment number KS 9 using an initialisation 15 vector generator 60.
In this embodiment the encryption process is basically the same as described above for Figures 1 and 2. Thus the key stream generating algorithm 2 generates key 20 stream segments for combining with plain text 6 using the initialisation vector 62 generated by the initialisation vector generator 60 and an input encryption key 9a generated by the encryption key generating algorithm A1 (which uses, as discussed above, 25 a number of inputs, including the key segment number KSN 9, to generate encryption keys 9a for use in the key stream generator 2 from an initial encryption cipher key CK, 4).
30 In this embodiment, when additional key stream segments need to be generated, those key stream segments are generated using appropriate additional encryption keys 9a generated by the encryption key generating algorithm A1 and additional initialisation vectors 62 generated by 35 the initialisation vector generator 60. The additional encryption keys are generated in the encryption key generating algorithm A1 as discussed above.
- 41 The additional initialisation vectors are generated in the initialisation vector generator 60 using a suitable algorithm which takes as its input an initial initialisation vector 5 (which could be the "standard" 5 initialisation vector which would normally be used by the system for this transmission burst and the key segment number KSN 9). The initialisation vector generating algorithm 60 effectively "steps" the intialisation vector value along its sequence depending 10 on the key segment number KSN, to provide a different intialisation vector for each key stream segment for a given transmission burst.
The initialisation vector generating algorithm is 15 further arranged such that inputting key segment number "OO2" results in an output initialisation vector 62 which is the same as the initial initialisation vector 5 (i.e. the same as in existing TETRA arrangements), thus making this case compatible with existing TETRA products (i.e. 20 backwards compatible). However, inputting key segment number "012" results in the initialisation vector generating algorithm 60 producing a different initialisation vector IVa, and further incrementing the key segment number KSN produces further different 25 initialisation vectors, IVb and IVc. These additional initialisation vectors are used in key stream segment generator 2 together with their corresponding additional encryption cipher keys 9a (i.e. the encryption cipher key 9a generated using the same key segment number) to 30 generate additional key stream segments KSSa, KSSb and KSSc which can, as discussed above, be appended to the basic key stream segment KSS to encipher or decipher longer (in terms of numbers of bits) transmission - bursts.
Thus in this arrangement, for key stream number KSN "OO2", the key generating algorithm generates encryption
- 42 cipher key CK and the initialisation vector generating algorithm generates initialisation vector IV, which encryption cipher key and initialisation vector are then used by key stream generator 2 to generate key stream 5 segment KSS. If an additional key stream segment is required, then the key segment number KSN is incremented to "012'', and encryption cipher key generating algorithm A1 then generates encryption cipher key ECKa, and initialisation vector generating algorithm 60 generates 10 initialisation vector IVa, which are then used together by key stream segment generator 2 to generate an additional key stream segment KSSa. If further key stream material is required, the key stream segment number KSN is incremented again, such that encryption 15 cipher key ECKb and initialisation vector IVb are then created by the encryption cipher key generating algorithm and the initialisation vector generating algorithm, respectively. This further encryption cipher key, ECKb and initialisation vector IVb, are then 20 combined as before in key stream generator 2 to produce further key stream segment KSSb, and so on.
Thus, for example, in the application of this embodiment to the logical channels shown in Table 1, key stream 25 segment KSS will be generated by using key stream segment number KSN = 0O2 in algorithm A1 and the initialisation vector generating algorithm and using the resulting encryption cipher key ECK and initialisation vector IV in the key stream segment generator. Key 30 stream segment KSSa will be generated by using key stream segment number KSN = 012 in algorithm Al and the initialisation vector generating algorithm and using the resulting encryption cipher key ECKa and initialisation vector IVa in the key stream segment generator, and key 35 stream segment KSSb would be generated by using key stream segment number KSN = 102 in algorithm A1 and in the initialisation vector generating algorithm, and
- 43 using the resulting encryption cipher key ECKb and initialization vector IVb in the key stream generator 2.
As for the previous embodiments, although this 5 embodiment has been illustrated using a 2-bit key segment number, which allows up to a 4-fold increase in transmission burst data content, the additional parameter key segment number may be increased in size as much as desired to generate sufficient additional 10 initialization vectors, encryption cipher keys and hence key stream segments to accommodate much longer bursts.
It will be appreciated by those skilled in the art that the present invention can be applied to any 15 communications system which produces a stream cipher.
Thus it can, for example, be applied to GSM, TETRA, DECT, GPRS, EDGE, and UMTS.
It will be seen from the above, that the present 20 invention, in its preferred embodiments at least, provides a method of producing extra keystream material without altering the key stream generator, weakening the encryption process or reducing the life of secret keys.
For example, providing multiple encryption keys for each 25 transmission burst by incrementing or otherwise predictably altering an additional parameter such as a key segment number, and then using those keys to generate multiple key stream segments for a single transmission burst, makes it possible to encrypt on 30 arbitrarily large number of bits within a single transmission burst, without reducing the security level or the lifetime of the initial input secret key.
The present invention can also facilitate increasing the 35 rate of encryption or decryption for a stream cipher process without the need to change the basic stream cipher cryptographic algorithm, and can allow a
- 44 communication unit to encrypt and transmit (or receive and decrypt) at a higher data rate that would be possible if it were restricted to only encrypting and transmitting (or receiving and decrypting) as many bits 5 as contained in a single key stream segment in a single transmission burst.

Claims (66)

- 45 CLAIMS
1. A method of operating a communications system in which transmission takes place in discrete time period 5 bursts and in which a stream cipher algorithm is used to generate a key stream portion for encrypting or decrypting information bits to be transmitted in a single transmission burst, the method comprising: determining the number of information bits to be 10 transmitted in the next transmission burst; and selecting the length of the key stream portion generated for encryption or decryption of the next transmission burst on the basis of the determined number of information bits to be transmitted in the next 15 transmission burst.
2. A method of operating a communications system in which transmission takes place in discrete time period bursts and in which a stream cipher algorithm is used to 20 generate a key stream portion for encrypting or decrypting information bits to be transmitted in a single transmission burst, the method comprising: generating different length key stream portions for encryption or decryption of different bit-length 25 transmission bursts.
3. The method of claim 1 or 2, comprising generating the key stream portion used to encrypt or decrypt the transmission burst from one or more shorter key stream 30 segments each of the same, predetermined, length.
4. A method of operating a communications system in which transmission takes place in discrete time period bursts and in which a stream cipher algorithm is used to 35 generate key stream segments of a predetermined length for encrypting or decrypting information bits to be transmitted, the method comprising:
- 46 determining the number of information bits to be transmitted in the next transmission burst; and where it is determined that the number of information bits in the next transmission burst is 5 greater than the predetermined length of a single key stream segment generated by the stream cipher algorithm, generating additional such key stream segments to provide sufficient key stream segments to match or exceed the number of information bits to be transmitted 10 in the next transmission burst.
5. A method of operating a communications system in which transmission takes place in discrete time period bursts and in which a stream cipher algorithm is used to 15 generate key stream segments of a predetermined length for encrypting or decrypting information bits to be transmitted, the method comprising: using two or more of the predetermined length key stream segments to encrypt the information bits to be 20 transmitted in a single transmission burst.
6. The method of claim 3, 4, or 5, wherein each key stream segment making up the longer key stream portion is different.
7. The method of claim 3, 4, 5 or 6, wherein a stream cipher encryption algorithm is used to generate the key stream segments from an encryption key and an initialization vector, and the individual key stream 30 segments for the burst are made different from each other by altering the encryption key which is used with the initialization vector in the key stream segment generating algorithm.
35
8. A method of operating a communications system in which data is transmitted in discrete time period bursts and in which a stream cipher encryption algorithm is
- 47 used to generate a key stream segment from an encryption key and an initialization vector for use to encrypt or decrypt data for transmission, the method comprising: generating and using plural key stream-segments for 5 encrypting or decrypting a single transmission burst; wherein each key stream segment used for the transmission burst is generated using a different encryption key, whereby the key stream segments used for the transmission burst are all different.
9. The method of claim 8 or 9, comprising generating the additional encryption keys for use in the key stream segment generating algorithm from a single initial encryption key.
10. The method of claim 9, wherein each encryption key to be used in the key stream segment generating algorithm is generated from the initial encryption key using an additional, variable parameter.
11. The method of claim 10, wherein the additional parameter is varied according to a sequence which is known to both the transmitter and receiver.
25
12. The method of claim 10 or 11, comprising setting the additional parameter to the same value at the start of each new transmission burst.
13. The method of claim 10, 11, or 12, wherein the 30 additional parameter is a key segment number which is set to the same value at the start of and for the first key stream segment of each burst, and then varied by incrementing or decrementing its value in a predetermined manner for each additional key stream 35 segment required for the transmission burst.
14. The method of claim 10, 11, 12 or 13 wherein the
- 48 additional parameter is used to generate the encryption keys by combining it with the initial encryption key in some way and/or by using it to form or alter some other input value which is then combined with the initial 5 input cryptographic key.
15. A method of generating from a single input encryption key, two or more encryption keys for use in a stream cipher key stream segment generating algorithm, 10 the method comprising: generating each of the two or more encryption keys from the input key using an additional parameter, wherein the additional parameter is varied for each encryption key generated in such a way that generating 15 an encryption key with each additional parameter value produces a different output encryption key.
16. The method of any one of claims 10 to 15, wherein one value of the additional parameter gives the same 20 encryption key for use in the key stream segment generating algorithm as would be the case when no additional parameter is used in generating the encryption key.
25
17. The method of claim 16, comprising using the particular value of the additional parameter that gives the same key as would be the case if no additional parameter was used to generate the encryption key for the first encryption key segment used for each burst.
18. The method of any one of the preceding claims, wherein a stream cipher encryption algorithm is used to generate the key stream segments from an encryption key and an initialization vector, further comprising 35 changing the initialization vector used to generate each key stream segment for a transmission burst.
- 49
19. The method of claim 18, wherein each key stream segment for the burst is generated using an initialisation vector that differs from all the other initialisation vectors used for that burst.
20. The method of claim 18 or 19, comprising generating the additional initialisation vectors for use in the key stream segment generating algorithm from a single initial initialisation vector.
21. The method of claim 20, wherein each initialisation vector to be used in the key stream segment generating algorithm is generated from the initial initialisation vector using an addition, variable parameter.
22. The method of claim 21, wherein the additional parameter is varied according to a sequence which is known to both the transmitter and receiver.
20
23. The method of claim 21 or 22, comprising setting the additional parameter to the same value at the start of each new transmission burst.
24. The method of claim 21, 22, or 23, wherein the 25 additional parameter is a key segment number which is set to the same value at the start of and for the first key stream segment of each burst, and then varied by incrementing or decrementing its value in a predetermined manner for each additional key stream 30 segment required for the transmission burst.
25. The method of claim 21, 22, 23 or 24, wherein the additional parameter is used to step the initialisation vector through its normal varying sequence to give 35 different initialisation vectors for each key stream segment for a given transmission burst.
- 50
26. The method of claim 25, wherein at each step the initialisation vector is changed to a value in the sequence that is spaced from its previous value.
5
27. A method of generating two or more initialisation vectors for use in a stream cipher key stream segment generating algorithm, the method comprising: generating each of the two or more initialisation vectors from an input initialisation vector using an lo additional parameter, wherein the additional parameter is varied for each initialisation vector generated in such a way that generating an initialisation vector with each additional parameter value produces a different output initialisation vector.
28. The method of any one of claims 21 to 27, wherein one value of the additional parameter gives the same initialisation vector for use in the key stream segment generating algorithm as would be the case when no 20 additional parameter is used in generating the initialisation vector.
29. The method of claim 28, comprising using the particular value of the additional parameter that gives 25 the same initialisation vector as would be the case if no additional parameter was used to generate the initialisation vector for the first encryption key segment used for each burst.
30 30. The method of claims 10 and 21 and any one of the preceding claims, wherein the same additional parameter value is used to generate an encryption key and an initialisation vector for a given key stream segment of a transmission burst.
31. The method of claim 30, wherein one value of the additional parameter gives the same encryption key as
- 51 would be the case if no additional parameter was used to generate the encryption key and gives the same initialization vector as would be the case if no additional parameter was used to generate the 5 initialization vector.
32. A transmitter for a communications system in which transmission takes place in discrete time period bursts and in which a stream cipher algorithm is used to 10 generate a key stream portion for encrypting information bits to be transmitted in a single transmission burst, the transmitter comprising: means for determining the number of information bits to be transmitted in the next transmission burst; 15 and means for selecting the length of the key stream portion generated for encryption of the next transmission burst on the basis of the determined number of information bits to be transmitted in the next 20 transmission burst.
33. A receiver for a communications system in which transmission takes place in discrete time period bursts and in which a stream cipher algorithm is used to 25 generate a key stream portion for decrypting encrypted information bits transmitted in a single transmission burst, the receiver comprising: means for determining the number of encrypted information bits in a received transmission burst; and 30 means for selecting the length of the key stream portion generated for decrypting the received transmission burst on the basis of the determined number of encrypted information bits in the received transmission burst.
34. A transmitter for a communications system in which transmission takes place in discrete time period bursts
- 52 and in which a stream cipher algorithm is used to generate a key stream portion for encrypting information bits to be transmitted in a single transmission burst, the transmitter comprising: 5 means for generating different length key stream portions for encryption of different bit-length transmission bursts.
35. A receiver for a communications system in which 10 transmission takes place in discrete time period bursts and in which a stream cipher algorithm is used to generate a key stream portion for decrypting information bits transmitted in a single transmission burst, the receiver comprising: 15 means for generating different length key stream portions for decryption of different bit-length transmission bursts.
36. The transmitter or receiver of any one of claims 32 20 to 35, comprising means for generating the key stream portion used to encrypt or decrypt the transmission burst from one or more shorter key stream segments each of the same, predetermined, length.
25
37. A transmitter for a communications system in which transmission takes place in discrete time period bursts and in which a stream cipher algorithm is used to generate key stream segments of a predetermined length for encrypting information bits to be transmitted in a 30 single transmission burst, the transmitter comprising: means for determining the number of information bits to be transmitted in the next transmission burst; and means for, where it is determined that the number 35 of information bits in the next transmission burst is greater than the predetermined length of a single key stream segment generated by the stream cipher algorithm,
- 53 generating additional such key stream segments to provide sufficient key stream segments to match or exceed the number of information bits to be transmitted in the next transmission burst.
38. A receiver for a communications system in which transmission takes place in discrete time period bursts and in which a stream cipher algorithm is used to generate key stream segments of a predetermined length 10 for decrypting encrypted information bits transmitted in a single transmission burst, the receiver comprising: means for determining the number of encrypted information bits in a received transmission burst; and means for, where it is determined that the number 15 of information bits in the received transmission burst is greater than the predetermined length of a single key stream segment generated by the stream cipher algorithm, generating additional such key stream segments to provide sufficient key stream segments to match or 20 exceed the number of information bits to be transmitted in the received transmission burst.
39. A transmitter for a communications system in which transmission takes place in discrete time period bursts 25 and in which a stream cipher algorithm is used to generate key stream segments of a predetermined length for encrypting information bits to be transmitted in a single transmission burst, the transmitter comprising: means for using two or more of the predetermined 30 length key stream segments to encrypt the information bits transmitted in a single transmission burst.
40. A receiver for a communications system in which transmission takes place in discrete time period bursts 35 and in which a stream cipher algorithm is used to generate key stream segments of a predetermined length for decrypting encrypted information bits transmitted in
- 54 a single transmission burst, the receiver comprising: means for using two or more of the predetermined length key stream segments to decrypt the information bits transmitted in a single transmission burst.
41. The transmitter or receiver of any one of claims 32 to 40, comprising means for using a stream cipher encryption algorithm to generate the key stream segments from an encryption key and an initialization vector, and 10 means for making the individual key stream segments for the burst different from each other by altering the encryption key which is used with the initialization vector in the key stream segment generating algorithm.
15
42. A transmitter for a communications system in which transmission takes place in discrete time period bursts and in which a stream cipher algorithm is used to generate a key stream segment from an encryption key and an initialization vector for encrypting information bits 20 to be transmitted in a single transmission burst, the transmitter comprising: means for generating and using plural key stream segments for encrypting a single transmission burst; wherein each key stream segment used for the 25 transmission burst is generated using a different encryption key, whereby the key stream segments used for the transmission burst are all different.
43. A receiver for a communications system in which 30 transmission takes place in discrete time period bursts and in which a stream cipher algorithm is used to generate a key stream segment from an encryption key and an initialization vector for decrypting encrypted information bits transmitted in a single transmission 35 burst, the receiver comprising: means for generating and using plural key stream segments for decrypting a single transmission burst;
- 55 wherein each key stream segment used for the transmission burst is generated using a different encryption key, whereby the key stream segments used for the transmission burst are all different.
44. The transmitter or receiver of claim 41, 42 or 43, comprising means for generating the additional encryption keys for use in the key stream segment generating algorithm from a single initial encryption 10 key.
45. The transmitter or receiver of claim 44, comprising means for generating each encryption key to be used in the key stream segment generating algorithm from the 15 initial encryption key using an addition, variable parameter.
46. The transmitter or receiver of claim 45, comprising means for setting the additional parameter to the same 20 value at the start of each new transmission burst.
47. The transmitter or receiver of any one of claims 32 to 46, comprising means for using a stream cipher encryption algorithm to generate the key stream segments 25 from an encryption key and an initialization vector, and means for changing the initialization vector used to generate each key stream segment for a transmission burst.. 30
48. The transmitter or receiver of claim 47, comprising means for generating the additional initialization vectors for use in the key stream segment generating algorithm from a single initial initialization vector.
35
49. The transmitter or receiver of claim 48, comprising means for generating each initialization vector to be used in the key stream segment generating algorithm from
- 56 the initial initialization vector using an additional, variable parameter.
50. The transmitter or receiver of claim 49, comprising 5 means for setting the additional parameter to the same value at the start of each new transmission burst.
51. The transmitter or receiver of claim 49 or 50, comprising means for using the additional parameter to 10 step the initialization vector through its normal varying sequence to give different initialization vectors for each key stream segment for a given transmission burst.
15
52. The transmitter or receiver of claims 45 and 49 and any one of claims 32 to 51, wherein the same additional parameter value is used to generate an encryption key and initialization vector for a given key stream segment of a transmission burst.
53. An apparatus for generating from a single input encryption key, two or more encryption keys for use in a stream cipher key stream segment generating algorithm, the apparatus comprising: 25 means for generating each of the two or more encryption keys from the input key using an additional parameter, wherein the additional parameter is varied for each encryption key generated in such a way that generating an encryption key with each additional 30 parameter value produces a different output encryption key.
54. An apparatus for generating two or more initialization vectors for use in a stream cipher key 35 stream segment generating algorithm, the apparatus comprising: means for generating each of the two or more
- 57 initialisation vectors from an input initialization vector using an additional parameter, wherein the additional parameter is varied for each initialization vector generated in such a way that generating an 5 initialization vector with each additional parameter value produces a different output initialization vector.
55. A communications station of a mobile communications system comprising the features of any one of claims 32 10 to 54.
56. A removable memory module for a communications unit of a communications system comprising the features of any one of claims 32 to 54.
57. A computer program element comprising computer software code portions for performing the method of any one of claims 1 to 31 when the program element is run on data processing means.
58. A method of operating a communications system substantially as hereinbefore described with reference to any one of the accompanying drawings.
25
59. A method of generating an encryption key substantially as hereinbefore described with reference to any one of the accompanying drawings.
60. A method of generating an initialization vector 30 substantially as hereinbefore described with reference to any one of the accompanying drawings.
61. A transmitter for a communications system substantially as hereinbefore described with reference 35 to any one of the accompanying drawings.
62. A receiver for a communications system
- 58 substantially as hereinbefore described with reference to any one of the accompanying drawings.
63. An apparatus for generating an encryption key 5 substantially as hereinbefore described with reference to any one of the accompanying drawings.
64. An apparatus for generating an initialization vector substantially as hereinbefore described with 10 reference to any one of the accompanying drawings.
65. A communications station of a mobile communications system substantially as hereinbefore described with reference to any one of the accompanying drawings.
66. A removable memory module for a communications unit of a communications system substantially as hereinbefore described with reference to any one of the accompanying drawings.
GB0215026A 2001-06-29 2002-06-28 Stream cipher encryption system in which a keystream can be extended by concatenating with another keystream to allow encryption of variable length bursts Withdrawn GB2379843A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0116016A GB0116016D0 (en) 2001-06-29 2001-06-29 Communications systems

Publications (2)

Publication Number Publication Date
GB0215026D0 GB0215026D0 (en) 2002-08-07
GB2379843A true GB2379843A (en) 2003-03-19

Family

ID=9917676

Family Applications (2)

Application Number Title Priority Date Filing Date
GB0116016A Ceased GB0116016D0 (en) 2001-06-29 2001-06-29 Communications systems
GB0215026A Withdrawn GB2379843A (en) 2001-06-29 2002-06-28 Stream cipher encryption system in which a keystream can be extended by concatenating with another keystream to allow encryption of variable length bursts

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GB0116016A Ceased GB0116016D0 (en) 2001-06-29 2001-06-29 Communications systems

Country Status (2)

Country Link
GB (2) GB0116016D0 (en)
WO (1) WO2003003648A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004102872A1 (en) * 2003-05-19 2004-11-25 Motorola Inc Processor and method for end-to-end encryption synchronisation

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8213607B2 (en) * 2006-10-18 2012-07-03 Qualcomm Incorporated Method for securely extending key stream to encrypt high-entropy data
JP5273963B2 (en) * 2007-07-23 2013-08-28 修 亀田 Pseudorandom number generation method and apparatus, and encryption method and apparatus using pseudorandom number
CN115496626B (en) * 2022-10-24 2023-05-16 国网浙江省电力有限公司象山县供电公司 Identification processing method and identification processing system for distribution network pattern transaction

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5621799A (en) * 1993-10-19 1997-04-15 Matsushita Electric Industrial Co., Ltd. Scrambled transmission system
US5835597A (en) * 1993-12-06 1998-11-10 International Business Machines Corporation Software-efficient pseudorandom function and the use thereof for decryption
GB2330281A (en) * 1997-07-11 1999-04-14 Mitel Corp Confusion data generator
US6038321A (en) * 1996-08-08 2000-03-14 Laurel Intelligent Systems Co., Ltd. Data transfer method, communication system and storage medium
EP1063811A1 (en) * 1999-06-22 2000-12-27 Hitachi Europe Limited Cryptographic apparatus and method
WO2001030020A1 (en) * 1999-10-20 2001-04-26 Fujitsu Limited Variable length key encrypting system
WO2001048594A2 (en) * 1999-12-02 2001-07-05 Honeywell, Inc. Computer efficient linear feedback shift register

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FI107669B (en) * 1998-02-13 2001-09-14 Nokia Mobile Phones Ltd Method and arrangement for encrypting data transmission

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5621799A (en) * 1993-10-19 1997-04-15 Matsushita Electric Industrial Co., Ltd. Scrambled transmission system
US5835597A (en) * 1993-12-06 1998-11-10 International Business Machines Corporation Software-efficient pseudorandom function and the use thereof for decryption
US6038321A (en) * 1996-08-08 2000-03-14 Laurel Intelligent Systems Co., Ltd. Data transfer method, communication system and storage medium
GB2330281A (en) * 1997-07-11 1999-04-14 Mitel Corp Confusion data generator
EP1063811A1 (en) * 1999-06-22 2000-12-27 Hitachi Europe Limited Cryptographic apparatus and method
WO2001030020A1 (en) * 1999-10-20 2001-04-26 Fujitsu Limited Variable length key encrypting system
EP1223707A1 (en) * 1999-10-20 2002-07-17 Fujitsu Limited Variable length key encrypting system
WO2001048594A2 (en) * 1999-12-02 2001-07-05 Honeywell, Inc. Computer efficient linear feedback shift register

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Chi-Chun Lo and Yu-Jen Chen, `Stream ciphers for GSM networks', 2000 IEEE Conference on Communications, June 2000. *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004102872A1 (en) * 2003-05-19 2004-11-25 Motorola Inc Processor and method for end-to-end encryption synchronisation

Also Published As

Publication number Publication date
WO2003003648A1 (en) 2003-01-09
GB0215026D0 (en) 2002-08-07
GB0116016D0 (en) 2001-08-22

Similar Documents

Publication Publication Date Title
US8687810B2 (en) Chaotic cipher system and method for secure communication
US5438622A (en) Method and apparatus for improving the security of an electronic codebook encryption scheme utilizing an offset in the pseudorandom sequence
KR100754585B1 (en) Apparatus and method for ciphering/deciphering signal in a communication system
US5345508A (en) Method and apparatus for variable-overhead cached encryption
US5193115A (en) Pseudo-random choice cipher and method
US4791669A (en) Encryption/decryption system
US6782473B1 (en) Network encryption system
KR102609221B1 (en) Methods and systems for improved authenticated encryption in counter-based cryptographic systems
US20020076045A1 (en) Cryptographic key split combiner
JP2628660B2 (en) Encryption / decryption method and apparatus
CA2555793A1 (en) Method and apparatus for cryptographically processing data
RU2000122712A (en) METHOD FOR ENCRYPTION, DEVICE FOR ENCRYPTION, METHOD FOR DECryption, AND DEVICE FOR DECryption
US20060034453A1 (en) System and method for secure encryption
WO1995006373A1 (en) Method and apparatus for decryption using cache storage
PL174612B1 (en) Method of ensuring point-to-point communication in safe communication systems
KR20050017350A (en) Method for generating encryption key without an input device and apparatus therefor
US20060147041A1 (en) DES algorithm-based encryption method
CN107534558A (en) For the method and data highway system of the information security for protecting the data via data bus transmission
CA2596665A1 (en) System and method for three-phase data encryption
US6301361B1 (en) Encoding and decoding information using randomization with an alphabet of high dimensionality
GB2379843A (en) Stream cipher encryption system in which a keystream can be extended by concatenating with another keystream to allow encryption of variable length bursts
JPH1155241A (en) Communication equipment with enciphered key system
CN100459492C (en) An encryption method applicable to SDH
WO2003049363A1 (en) System and method for symmetrical cryptography
Pandey et al. Data security using various cryptography Techniques: A Recent Survey

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)