WO1999012309A1 - System for generating sub-keys - Google Patents
System for generating sub-keys Download PDFInfo
- Publication number
- WO1999012309A1 WO1999012309A1 PCT/GB1998/002129 GB9802129W WO9912309A1 WO 1999012309 A1 WO1999012309 A1 WO 1999012309A1 GB 9802129 W GB9802129 W GB 9802129W WO 9912309 A1 WO9912309 A1 WO 9912309A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- sub
- keys
- key
- facility
- series
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/24—Key scheduling, i.e. generating round keys or sub-keys for block encryption
Definitions
- This invention is concerned with data security, and in particular to the security of data transferred in the course of commercial activities such as banking.
- a cryptographic cipher system is used. If data is to be sent between a sender and a recipient along a channel which is of questionable security, then it is encrypted using a cipher implemented by the system.
- master key is used by the cipher to generate a plurality of sub-keys which are used by internal functions of the cipher in the encryption process.
- sub-keys have been derived either by re-ordering selected bits of the key data or by using a simple mathematical function such as arithmetic progression.
- the type of system described above is lacking in versatility, in that it expects a master key of a predetermined length, and cannot accommodate master keys of different lengths. It cannot deal with the generation of a variable number of sub-keys, which would improve security.
- a facility for enhancing data security comprising a plurality of encryption modules each being responsive to a sub-key for encrypting data, an interface for receiving a master key, and a data processing machine operative to create a series of sub-keys for use with the encryption modules, the machine being operative to create each of the sub-keys by means of a hash function of the master key.
- the hash function operates on a concatenation of the master key with at least one other piece of data. Therefore, the complexity of the result of the hash function is substantially increased which makes it more difficult for a pattern between the sub-keys and master key to be established.
- the other data may comprise at least one of a constant, the position of the sub-key in the series, a function of the position of the sub-key in the series, preceding sub-keys in the series, and a function of preceding sub-keys in the series.
- the concatenation comprises a first string of other data preceding the master key and a second string of other data following the master key, at least one of the first and second strings varies with the position in the series of the sub-key being calculated. In that way, the security of the cipher defined by the series of sub-keys is enhanced.
- the hash function is preferably a one way hash function.
- the hash function is collision free.
- the data processing machine derives the sub-keys of the series and then stores the series for later use by the encryption modules.
- the sub-keys are derived as they are required by the encryption modules.
- the sub-keys are derived in the order in which they are to be used.
- the hash function produces results the same length as the desired length of hash key.
- a sub-key can be constructed from a concatenation of hash function results.
- more than one sub-key could be derived from a hash function result.
- a cryptographic system comprises n sections, each acting on target data in response to a sub- key supplied to that section.
- the system as a whole is operated by a key schedule comprising a set of n sub-keys ⁇ K b K 2 , KJ.
- the figure illustrates a sub-key data processing machine 10 having a series of interconnected modules.
- a counter 12 generates a counter signal having value between 1 and n, where n is the number of sections of the system and thus the number of sub-keys to be generated.
- a prefix generator 14 and a suffix generator 16 are provided, the generators 14, 16 being operative to generate values S, and T t respectively.
- a key schedule is derived from the master key K, by means of a hash function embodied in the hash function module 20 as follows:
- H() is a hash function
- symbol represents concatenation of data
- S, and T are generated in the prefix and suffix generators 14, 16 as indicated above.
- S, and T t may be constructed from some or any of:
- the sub-keys are used in order, so that the first use of K, is after the first use of each of
- Kj, K,. This is an optional arrangement which allows sequential production of sub-keys, such as in the case where a sub-key is a function of preceding sub-keys.
- the result output by the hash function module 20 is fed back to the prefix and suffix generators 14, 16 so that they can utilise the result in later iterations.
- the machine can thus derive each sub-key as it is needed. However, it may be more useful for the machine to derive all of the sub-keys at an initial stage and store them in turn for later use.
- the length of the sub-keys required for the sections of the system is less than the length of the output of the hash function. In that case, the result of each hash operation can be used to make more than one sub-key. If the length of the sub-key required is greater than the length of the output of the hash function, the outputs of several hash operations can be concatenated to construct the sub-key. In order to ensure that the key schedule is "strong", i.e. that it is not susceptible to deciphering, at least one of S, and T t varies with the value of /.
- the hash function H() should be chosen to be one way and collision free.
- the system described above is useful in that it is capable of defining a master key of arbitrary length. Moreover, a variable number of sub-keys of variable length can be generated from each master key.
- the system avoids "weak" keys from which a pattern can be derived easily, and is generally more robust against cryptanalysis than previous encryption systems, since there is no simple relationship between sub-keys generated from master keys which have a simple relationship.
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU84501/98A AU8450198A (en) | 1997-08-29 | 1998-07-17 | System for generating sub-keys |
EP98935142A EP1008251A1 (en) | 1997-08-29 | 1998-07-17 | System for generating sub-keys |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB9718200A GB2329096A (en) | 1997-08-29 | 1997-08-29 | Creating sub-keys from hashed cryptographic master key |
GB9718200.0 | 1997-08-29 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO1999012309A1 true WO1999012309A1 (en) | 1999-03-11 |
Family
ID=10818133
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/GB1998/002129 WO1999012309A1 (en) | 1997-08-29 | 1998-07-17 | System for generating sub-keys |
Country Status (5)
Country | Link |
---|---|
EP (1) | EP1008251A1 (en) |
AU (1) | AU8450198A (en) |
GB (1) | GB2329096A (en) |
WO (1) | WO1999012309A1 (en) |
ZA (1) | ZA986026B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
AU6816101A (en) | 2000-06-05 | 2001-12-17 | Phoenix Tech Ltd | Systems, methods and software for remote password authentication using multiple servers |
EP1418701A1 (en) * | 2002-11-11 | 2004-05-12 | STMicroelectronics Limited | Transmission and storage of encryption keys |
CN105610848B (en) * | 2016-01-08 | 2018-05-25 | 北京工业大学 | Possess the centralized data security method and system of source data Security Assurance Mechanism |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5172414A (en) * | 1991-09-13 | 1992-12-15 | At&T Bell Laboratories | Speech and control message encrypton in cellular radio |
US5483598A (en) * | 1993-07-01 | 1996-01-09 | Digital Equipment Corp., Patent Law Group | Message encryption using a hash function |
EP0768774A2 (en) * | 1995-10-16 | 1997-04-16 | Sony Corporation | Method and apparatus for data encryption using a key generation hierarchy |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA2158290A1 (en) * | 1994-09-29 | 1996-03-30 | Leon A. Pintsov | Postage evidencing system with secure summary reports |
US5608801A (en) * | 1995-11-16 | 1997-03-04 | Bell Communications Research, Inc. | Efficient cryptographic hash functions and methods for amplifying the security of hash functions and pseudo-random functions |
GB2308282B (en) * | 1995-12-15 | 2000-04-12 | Lotus Dev Corp | Differential work factor cryptography method and system |
US5754659A (en) * | 1995-12-22 | 1998-05-19 | General Instrument Corporation Of Delaware | Generation of cryptographic signatures using hash keys |
-
1997
- 1997-08-29 GB GB9718200A patent/GB2329096A/en not_active Withdrawn
-
1998
- 1998-07-08 ZA ZA986026A patent/ZA986026B/en unknown
- 1998-07-17 AU AU84501/98A patent/AU8450198A/en not_active Abandoned
- 1998-07-17 EP EP98935142A patent/EP1008251A1/en not_active Withdrawn
- 1998-07-17 WO PCT/GB1998/002129 patent/WO1999012309A1/en not_active Application Discontinuation
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5172414A (en) * | 1991-09-13 | 1992-12-15 | At&T Bell Laboratories | Speech and control message encrypton in cellular radio |
US5483598A (en) * | 1993-07-01 | 1996-01-09 | Digital Equipment Corp., Patent Law Group | Message encryption using a hash function |
EP0768774A2 (en) * | 1995-10-16 | 1997-04-16 | Sony Corporation | Method and apparatus for data encryption using a key generation hierarchy |
Also Published As
Publication number | Publication date |
---|---|
EP1008251A1 (en) | 2000-06-14 |
ZA986026B (en) | 1999-01-28 |
GB9718200D0 (en) | 1997-11-05 |
AU8450198A (en) | 1999-03-22 |
GB2329096A (en) | 1999-03-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2218148C (en) | Generating unique and unpredictable values | |
US7860241B2 (en) | Simple universal hash for plaintext aware encryption | |
US8712036B2 (en) | System for encrypting and decrypting a plaintext message with authentication | |
US5703952A (en) | Method and apparatus for generating a cipher stream | |
US5222139A (en) | Cryptographic method and apparatus | |
US11546135B2 (en) | Key sequence generation for cryptographic operations | |
US7715553B2 (en) | Encrypting a plaintext message with authentication | |
US8509427B2 (en) | Hybrid mode cryptographic method and system with message authentication | |
US20080080709A1 (en) | Method for encrypting information and device for realization of the method | |
WO2008115476A1 (en) | A simple and efficient one-pass authenticated encryyption scheme | |
Mahendran et al. | Generation of key matrix for hill cipher encryption using classical cipher | |
Lamba | Design and analysis of stream cipher for network security | |
US6463150B1 (en) | Encryption device for information in binary code | |
Alabdulrazzaq et al. | Performance evaluation of cryptographic algorithms: DES, 3DES, blowfish, twofish, and threefish | |
Suresh et al. | ETSET: Enhanced Tiny Symmetric Encryption Techniques to Secure Data Transmission among IoT Devices | |
WO1994021066A1 (en) | A method and apparatus for generating a digital message authentication code | |
EP1008251A1 (en) | System for generating sub-keys | |
JP2001177518A (en) | Enciphering method, and decoding method and device | |
WO2022096141A1 (en) | Method for processing encrypted data | |
Landge et al. | VHDL based Blowfish implementation for secured embedded system design | |
JP2000047580A (en) | Encipher converting device, decipher converting device, cryptographic communication equipment and automatic toll collecting device | |
KR20070109154A (en) | Keystream generation method in cryptosystem by using a clock-controlled function | |
Narayanaswamy et al. | HIDE: Hybrid symmetric key algorithm for integrity check, dynamic key generation and encryption | |
El-Semary et al. | SPCBC: A secure parallel cipher block chaining mode of operation based on logistic chaotic map | |
Opoku | A Robust Cryptographic System using Neighborhood-Generated Keys |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH GM HR HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
NENP | Non-entry into the national phase |
Ref country code: KR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1998935142 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 09486756 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 1998935142 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
NENP | Non-entry into the national phase |
Ref country code: CA |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 1998935142 Country of ref document: EP |