SE444494B - An encrypting system for a digital information transfer system between two subscribers - Google Patents

Abstract

The invention seeks to facilitate the encryption of data information in a two-way point to point connection between two subscribers.Via the exploitation of purely random digital sequences of an unknown length, the encryption is practically impregnable. The main principle behind the invention is that the receiving subscriber's random sequence (B1, B2) is used for the communication (D1, D2) directed to this, and the random sequence count is transferred between the subscribers in a particular loop (b, c) where they encrypt each other. A form of key distribution is not needed.<IMAGE>

Description

8404190-4 encryption replaces symbols - bits or blocks of bits with other symbols - controlled by the crypto code.

The crypto code can have different structures. The key consists of a completely randomly generated sequence of symbols that is used only once and the crypto becomes unforceable. This is called a one-time key, random key, form crypto or OTT (one time tape).

The disadvantage of disposable keys is that they are consumed in as large a volume as the scope of the text to be protected. It is therefore common to use a pseudorandom key, which is apparently random. It is generated in the cryptographic equipment on the transmitter-resp. the recipient side based on a relatively small amount of basic information. Only this basic information needs to be kept secret from everyone except the sender and receiver. The pseudorandom codes can generate very long crypto sequences but all have a finite length. Pseudorandom cryptocurrencies are thus forced if sufficient time, mass of text and large computer resources are available. This means that the basic information that generates the encryption signal must be exchanged at certain intervals. The basic information is sometimes called an internal key. Even if the internal key is very resistant to forcing, relatively frequent intervals for key change may be needed if the keys physically fall into the hands of an unauthorized person, e.g. in military contexts or through theft and information leakage. Distribution of new keys in a secure way within large communication and distribution networks is a cumbersome and expensive administrative process. Construction of keys with high resistance to forcing requires considerable mathematical processing, which nevertheless involves uncertainty about the forcing possibilities, since the opponent's resources are not known for sure.

Another form of encryption can be done with the so-called The "public key" systems, which have been developed over the last decade, here each subscriber receives a completely open key which is given the character telephone number and which is published without secrecy. The "public 8404190-4 key" keys can be designed as white-collar functions. , ie they are composed of functions where the composition is easy to perform, but where the reverse process is difficult for everyone except for the recipient.Example is the product of two large prime numbers.The product is easily calculated, but the resolution of the two prime key difficult and time consuming. "Public key" does not require distribution of keys. Security against forcing is not yet clear. The mathematical processes required for encryption and decryption mean that the transfer speed is limited. Brief Description of the Invention The object of the present invention is to avoid the problems caused by today's cryptosystems and as described above, i.e. the risk of forcing even powerful code keys or the theft of these and the consequent need for regular renewal of these keys. As stated at the outset, the invention means that forcing can practically not take place and that no special distribution of keys is required.

The main principles of the invention are partly that a completely random digital signal with the same speed as the information data's data rate is used for encryption, and partly that transmitted data is not encrypted with the transmitter's random sequence but with the mctabon-W nentens. keys as is the case in the conventional systems described above. The random sequences have an infinite length without any limitation and can thus not be consumed. The sequences are generated by the subscribers completely independently of all other components included in the system. By using purely random sequences for encryption of 8404190-4 Brief Description of the Drawing Figures A preferred embodiment of the invention will be described in detail below with reference to the accompanying drawing, in which: 4 In Fig. 1, the preferred embodiment of the drawing figures is shown. the invention: Fig. 2 shows the principle of a digital noise generator: Fig. 3 shows an embodiment of a digital noise generator; Fig. 4 shows the principle of a digital delay line; Fig. 5 shows a block diagram of an embodiment of a so-called synthesis generator for generating clock pulses for the delay line: Fig. 6 shows an addition table for a module-two adder; and Fig. 7 shows the principle of a modulo-two adder.

Description of the Preferred Embodiment The principle of the invention will be described with the aid of Fig. 1. This figure contains a number of system components or functional blocks used to realize the invention.

These components are conventional building blocks in electronic systems and are thus not the subject of the invention. The invention instead relates to a special utilization of these components. However, it may be appropriate to describe to some extent the functions of the components in order to more easily understand the basic idea of the invention. The system components referred to are the following: digital noise generators B1 and B2 which independently generate completely random sequences of digital symbols. i.e. ones and zeros: digital delay lines 2T and T2 which give the delays 2T resp. T2 seconds; and moaulo-x-.vå-aaaerare Kl, Kz, 1.1, 1.2. M1, M2 and m, m2. First, the operation of and the principle of a noise generator are described with reference to Figs. 2 and 3.

The desired function is to generate a sequence of digital symbols, ie. ones and zeros, where the appearance of the next symbol can never be predicted. This can be said to be the same as generating a random sequence of infinite length. To realize such a generator, one can e.g. based on an analog random number generator, ie. a generator that generates Gaussian distributed noise.

The noise consists of an irregular alternating voltage whose zero passages, ie. The transition from one polarity to another, on average, is close in relation to the digital output signal sought. Like the amplitude, the zero crossings of a noise signal are randomly distributed and one can never predict whether one or more zero crossings have been passed from one occasion to another, provided that the observation occasions are not too close. The observations must not be made with a higher frequency than a fraction of the highest frequency component of the noise. The analog noise signal can e.g. generated by a noisy amplifier with open input, see Fig. 3.

Next, the function of and the principle of a digital is described! delay line with reference to Figs. 4 and 5. 8404190-4 The desired function is to be able to delay digital signals with a time period which will depend on e.g. on the propagation time on the lines. This propagation time is not certainly equal to the time for a whole number of serial data bits, which means that some of the delay lines T2 in Fig. 1 must be able to be set with steps corresponding to a fraction of the time Tb for a data bit. This can be done with the aid of a shift register, see Fig. 4, where the clock pulse rate p can be varied in small steps.

Data at speed c b / s is entered at the register input. For each clock pulse at the rate p per second, the input signal is fed one step further to the right in the register. After N clock pulses, the input signal has reached the output of the register. N clock pulses take the time N / pa? which is thus equal to the delay in the register By varying p, the delay T is thus varied. This can be done in arbitrarily small steps, ie. parts of the bite time T.

Suppose e.g. that one wishes to have a delay T which is T = Tb (n + 1 / m) where n and m are integers. But T is also as above T = N / p (register length by pulse rate) Tß (n + 1 / m) Z \ 'U ll why 8 D' 'U then ll p / c = N / (n + 1 / m) (block rate through data rate).

N = 50, n = 20, m = 3 gives for example: p / c = so / (20 + 1/3) = 2.46 ie. a clock pulse rate that is 2.46 times the data rate would give the desired delay of 20 1/3 data bits. 8404190-4 The clock pulses are generated by a so-called synthesis generator whose principle is shown in Fig. 5. The frequency of the signal from a voltage-controlled oscillator 1 is divided by an adjustable integer M in the frequency divider 2. The frequency thus divided is compared in a phase detector 3 with the frequency from a reference oscillator 4.

The output signal from the phase detector is a control signal that controls the voltage-controlled oscillator so that it oscillates at the intended frequency, ie. M times the reference frequency. In the pulse shaper 5, the signal is cut and derived so that short pulses are generated at each zero pass of the signal. The function of and the principle of a modulo-two adder are now described below with reference to Figs. 6 and 7.

The desired function of a modulo-two-adder is demonstrated by the addition table in Fig. 6 for two binary numbers which can each assume the values 1 or 0. The modulo-two addition has the property that if a number B is included in a mod-two sum is added one more time, the first addition is canceled and number A is reset. It is this property that is important in the cryptosystem of the present invention.

A modulo-two adder can in principle be illustrated by the circuit arrangement in Fig. 7 which shows a relay connection where it is clear that A and B must be different in order for an output signal A + B = 1 to be obtained. In practice, mode-two addition is performed with semiconductor circuits, preferably transistors.

Fig. 1 illustrates data communication between two subscribers and the functions of the invention by means of certain terms describing logical operations, namely modulo-two addition and delay of the signals generated by noise and data sources B1, B2, D1, D2.

As an example of how to denote a function, B1 (T2) + B2 (T + T2) is selected. This means that the signal from the noise generator B1 is delayed in a digital delay line by the time T2, after which B1 (T2) is added modulo-two with the signal from the noise generator B2 which has been delayed by the time T + T2. In the same way, all signals that exist on four connection lines between two subscribers in a data transmission system are processed.

The signals have been marked at both ends of the connection, ie. at both subscribers. since a certain delay T1 occurs when the signals cross the lines.

The connection between subscribers 1 and 2 consists of four channels a-d, two in each direction. A channel can be a telephony channel in a wire or link network, or a channel stored in a telephone channel. Each channel is provided with a modem of the subscribers 1 and 2. However, for the sake of clarity, modems in Fig. 1 are omitted. For the sake of clarity, synchronizing circuits of conventional design are also omitted.

The cryptographic equipment of each subscriber is as follows: a digital noise generator B1 resp. B2; a delay circuit with the delay 2 T; four modulo-two adders: and two delay circuits with the delay T2. ' The propagation time of the connection is Tl.

The noise from the generators B1 and B2 is observed and recorded - sampled - during short pulses with a time interval between the observation times that corresponds to the data rate. For each sampling, the noise is either negative or positive.

The sign determines whether a zero or a one is generated. Completely random consequences of ones and zeros are generated. The sequences will be different from Bl resp. B2. The delay circuits ~ 2T and T2 should allow a variable delay which is set during the synchronization with steps which are a small fraction of the time of a data bit, e.g. one percent down to one per mille. 8404190-4 T2 shall be adjusted so that T1 + T2 corresponds to the time for a whole number of serial data bits. The delay circuits 2T provide twice as long a delay as T1 + T2 and then also comprise a whole number of serial data bits.

The following terms are used: D1 data flow from subscriber 1: D2 data flow from subscriber 2: B1 digital noise from subscriber 1: _ - B2 digital noise from subscriber 2: (T) delay T of digital signal, e.g. D1 (T1) = data from subscriber 1 delayed time T1: K1, L1, M1, N1, K2, L2, M2, N2 modulo-two-adder: _ DQB modulo-two-addition of D and B, e.g. D1 @ B2 (T) = data from subscriber 1 added modulo-two to noise from subscriber 2 delayed by time T; and a-d designation of the channels between the subscribers.

By giving the extra delay T2 a total delay T which is an integer number of bits, all modulo-two additions take place with synchronous zero passes of the signals being added.

On an internal loop b ~ c, noise B1 and B2 are transmitted between the subscribers so that B1 and B2 protect each other by mode-two addition.

In L1, noise B1 mod-two is added with fuel B2 (T) from subscriber 2 and is transmitted as B1 (T2) @ B2 (T + T2) over channel c to subscriber 2 which receives the signal B1 (T) C) B2 (2T) .

In L 2, mod-tvâ adds this signal with B2 delayed by 2T, ÖVS-B2 (2T). whereby just B2 (2T) in the received signal disappears, so that the output signal from L2 becomes B1 (T). This signal BUT) was used for two purposes: partly for encrypting data D2 from subscriber 2 by mod-two addition in X2, so that the transmitted signal over d becomes D2 QDBHT), partly for encrypting the noise B2 by mode-two-addition in M2, so that the noise signal transmitted to subscriber 1 becomes B1 (T + T2) @ B2 (T2). Subscriber l then receives on the line d the signal D2 (T1) (f) sin * + n), which in: <1 becomes B1 (2T) @ D2 (T). In M1, the line B2 (T) @Bl (2T) is mutated on line b. By delay 2T and mod-two addition in 'M1, the output signal B2 (T) is obtained, which is used partly for encryption of D1 by mod-two addition in N1, so that D1 @ B2 (T) is transmitted over a, partly for encryption of the noise B1 by mode-two-addition in L1, so that B1 (T2) ®B2 (T + T2) is transmitted over c. In K1, the received signal D2 ('I') @ B1 (2'1 ') is decrypted by mode-two-addition of the own noise signal B1 (2T), so that D2 (T) is obtained. In the same way, the signal received D1 (T) @ B2 (2T) is decrypted in NZ by mode-two addition of its own noise B2 (2T), so that D1 (T) is obtained.

Claims (3)

8404190-4 ll PATENT REQUIREMENTS 1. l. Crypto-system for a digital information transmission system between two subscribers, characterized in that each subscriber has its own, independent of the other subscriber independent of digital noise (B1, B2) and modulo-two-adder (Kl , L1, M1, N1; K2, L2, M2, N2), so that outputs from one subscriber's data source (D1, D2) added mod-two to the digital noise from the other subscriber's noise generator (B1, B2) is transmitted to the other subscriber, where the noise from it is once again added mode-two to the received signal, whereby the originally transmitted signal is restored. System according to claim 1, characterized in that two information transmission channels (a, d) are used for transmitting data from one subscriber added mod-two to noise from the other subscriber, and that two additional information transmission channels (b c) used to transmit noise from one subscriber added mod-two to noise from the other subscriber. 3. A system according to claim 2, characterized by delay elements (2T, T2) which delay the transmitted signals in such a way that the time-delayed noise added in mode to the transmitted signal at one subscriber is in phase with the noise which on reception mod-two is added to this signal.