WO2001024438A1 - Output cipher feedback type pseudo noise-sequence generation - Google Patents

Output cipher feedback type pseudo noise-sequence generation Download PDF

Info

Publication number
WO2001024438A1
WO2001024438A1 PCT/EP2000/009226 EP0009226W WO0124438A1 WO 2001024438 A1 WO2001024438 A1 WO 2001024438A1 EP 0009226 W EP0009226 W EP 0009226W WO 0124438 A1 WO0124438 A1 WO 0124438A1
Authority
WO
WIPO (PCT)
Prior art keywords
section
block cipher
input
data
output
Prior art date
Application number
PCT/EP2000/009226
Other languages
French (fr)
Inventor
Ben Smeets
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Priority to AU79054/00A priority Critical patent/AU7905400A/en
Publication of WO2001024438A1 publication Critical patent/WO2001024438A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0637Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/24Key scheduling, i.e. generating round keys or sub-keys for block encryption

Definitions

  • the present invention relates to an improved method and apparatus for generating a pseudo noise sequence (PN sequence). More particularly, the present invention pertains to the generation of a keyed cryptographically strong PN sequence from a block cipher in the output cipher feedback (OFB) mode.
  • PN sequence pseudo noise sequence
  • communication systems for example, it is desirable to provide a secure communications link for the transmission of conversations, messages or other information between users.
  • Typical communications systems that require data security include wireless communication systems such as cellular telephony, paging systems and satellite transmission, as well as wireline communication systems such as cable television, optical cable communications, landline telephone, or other private or public data networks.
  • data storage or data manipulation applications in which there is a need for security, typical examples of such applications include data storage systems (e.g., computer disks, storage drives or data buffers) and data processing programs (e.g. , computer programs, logic circuits and the like).
  • Typical cryptographic applications include methods of confidentially encoding information through the use of stream ciphers.
  • PN sequences may be used in communication or cryptographic applications to construct messages that appear to be a sequence of seemingly random symbols. Since the PN sequence is not actually random, but only appears to be random, a cryptographically protected communication signal may be decoded at the receiving end through the use of a secret key to perform the inverse encryption operation and thereby separate the PN sequence from the underlying information signal.
  • PN sequences may be used in spread-spectrum communication systems to ensure security. For instance, PN sequences are often used as spreading sequences in spread-spectrum communication systems to determine the hop sequence and/or the direct spreading sequence. In this way the information communicated via a spread-spectrum communication system is kept secure since the secret key is shared only among the communicating parties.
  • FIG. 1 is a conventional block cipher system 100 configured in the output cipher feedback (OFB) mode.
  • OFB output cipher feedback
  • an OFB type block cipher system 100 as shown in FIG. 1 derives a PN sequence by providing a feedback loop of the PN data supplied at the output of the block cipher back to the input of the block cipher.
  • An input register 110 of the OFB type block cipher system 100 receives data, and, in turn provides the data to the block cipher section 120.
  • FIG. 1 depicts the block cipher section 120 as having a width W, equal to the width of the input register 110.
  • the block cipher section 120 also receives a secret key from the key section 112. Data is processed within the block cipher section 120 using the secret key to produce PN data consisting of symbols, or data bits, that appear to be randomly distributed. The PN data is then provided from the block cipher section 120 to the output register 130.
  • FIG. 1 depicts a number r of new symbols output as part of the PN sequence from the output register 130, where r is less than the width W of the block cipher section 120.
  • Another important feature of the OFB type block cipher system 100 is that part of the ciphered PN data output from output register 130 is fed back to be used as an input to the input register 110. That is, the symbols from among the PN data generated in the block cipher section 120 are directed back to the input register 110.
  • FIG. 1 depicts a number W - r of symbols being provided via a feedback loop from the output register 130 back to the input register 110.
  • the extent to which the output symbols are used in the next PN sequence results in a tradeoff between security and efficiency. From a security point of view, it is advantageous to use fewer than all of the output symbols in creating the next PN sequence, since such information can possibly be used to recover the secret key. Hence, a smaller value of r relative to W tends to produce a more secure PN sequence. However, the use of fewer output symbols (i.e., smaller r value) results in less efficiency in creating the next PN sequence.
  • FIG. 2 is a conventional block cipher system 200 that has a round structure.
  • An iteration of the block cipher shown in FIG. 2 is often referred to as a "round;" thus, the function in each iteration is called a round function.
  • the conventional block cipher system 200 is typically constructed using round functions 224, each of which performs a partial encryption.
  • the block cipher system 200 having a round function configuration does a partial encryption using a sub-key derived in sub-key generator 214 from a key input 212.
  • the block cipher system 200 has an input register 210 that receives data to be encrypted.
  • the data may be processed through an input transformation section 222, and fed into a first one of the round functions 224.
  • the input transformation section 222 may be configured to perform data conversion to put the input data in a proper format for further processing within the block cipher system 200. Such processing may include, for instance, reordering of the data to further enhance the security of the PN sequence output or to increase the efficiency of the block cipher system 200.
  • the input transformation section 222 provides the processed data to a first one of the round functions 224.
  • the data becomes encrypted by iterating the round functions 224 a sufficient number of times, each time using a different sub-key to partially encrypt the data.
  • the block cipher system 200 of FIG. 2 depicts the round function 224 being iterated 2K times.
  • the encrypted data may be processed through an output transformation section 226.
  • the output transformation section 226 may perform a conversion of the PN data in a manner similar to, or complimentary to, the input transformation section 222 and output from the output section 230. That is, the output transformation section 226 may reorder the PN data to cancel the reordering of the input transformation section 222, or may otherwise process the PN data for security or processing efficiency purposes.
  • the output transformation section 226 then provides the PN data to an output register 230, where it is finally supplied at an output from the output register 230.
  • a conventional block cipher may be made more secure by reducing the information given away about the input/output pairs of the block cipher, but such measures tend to reduce the rate at which the OFB construction produces random symbols.
  • a trade-off exists in a block cipher using a round function between security and efficiency considerations.
  • the present invention is directed to a method and apparatus for the generation of a keyed cryptographically strong PN sequence from a block cipher operating in the output cipher feedback (OFB) mode.
  • OFB output cipher feedback
  • the present invention has a practical application in the technological arts of encoding, enciphering or encrypting information.
  • an apparatus or method according to the present invention generates a sequence of pseudo-random bits for encoding, enciphering or encrypting information such as human speech, written text, audio or video signals.
  • a feedback loop is provided from an intermediate part of a block cipher back to the input. This allows symbols of partially encrypted data to be directed back to the input section for use as input values.
  • the present invention does not contain any input/output pair information in the outputted PN sequence. Because input/output pairs are not in the outputted PN sequence, the full width of data from within the block cipher can be utilized for the feedback loop without compromising the security of the system. Such full use of data for feedback increases the processing efficiency of the system.
  • exemplary embodiments of the present invention are directed to a round function output feedback-type (OFB-type) block cipher apparatus for generating sequence of pseudo-random bits.
  • the OFB-type block cipher apparatus has an input section, a block cipher section, a key data source, an output section, and a feedback loop from an intermediate part of said block cipher to the input section. Data received at the input section is passed to or shifted into the block cipher section.
  • the block cipher section has number of round functions and is connected to a key data source which itself has a number of subkey data sources. Each of the round functions of the block cipher section partially encrypts data using a subkey from one of the subkey data sources.
  • the block cipher section is also connected to an output section.
  • a feedback loop connects an intermediate part of the block cipher to the input section.
  • the feedback loop provides partially encrypted data from within the block cipher back to the input section.
  • Other exemplary embodiments of the present invention are directed to methods of performing round function OFB block cipher processing to generate a sequence of pseudo-random bits.
  • received data is provided to a block cipher section which has a number of round functions, each round function being in communication with a sub-key for encrypting the data in the block cipher section.
  • Data is partially encrypted in each of the round functions of said block cipher section using the sub-keys.
  • Partially encrypted data is sent via a feedback loop from an intermediate part of the block cipher back to the input section.
  • Encrypted data is provided to an output section in communication with the block cipher, thus, generating a sequence of pseudo- random bits of encrypted data.
  • FIG. 1 is a conventional OFB type block cipher for generating a keyed PN sequence
  • FIG. 2 is a conventional block cipher with a round structure for generating a keyed PN sequence
  • FIG. 3 is an OFB-type block cipher for generating a keyed PN sequence according to the present invention
  • FIG. 4 is a round function OFB-type block cipher using an intermediate round for the feedback loop according to another exemplary embodiment of the present invention.
  • FIG. 5 is an OFB-type block cipher system in accordance with an alternative embodiment of the present invention configured with a feedback loop path section which switches the feedback amongst the round functions.
  • FIG. 3 is an OFB-type block cipher system 300 according to an exemplary embodiment of the present invention for generating a keyed PN sequence.
  • the block ciphers according to the present invention maintain both a high degree of security and a relatively fast transmission rate.
  • the OFB-type block cipher system 300 generates a sequence of pseudo-random bits which may be used, for example, in the encoding of information.
  • Input section 310 of the OFB-type block cipher system 300 may comprise one or more input registers, buffers, data latches, feedthrough paths, or like circuitry for receiving data.
  • the data input section 310 is depicted in FIG. 3 as a register having a width equal to a number W of bits. As such, the data input section 310 can be loaded with a number W of bits that may be provided to the next section of the OFB-type block cipher system 300.
  • the data input section 310 being a register
  • data is typically loaded by shifting bits of the data a number of places into the data input section 310.
  • the data input section 310 having been loaded with data, provides data to a block cipher section 320.
  • bits used herein refers to digital ones and zeros, symbols, characters, portions of data or other instances of information.
  • the block cipher section 320 is depicted in FIG. 3 as having a width W, corresponding to the width W of the data input section 310.
  • the block cipher section 320 also receives a key as an input from the key section 312 which serves as a key data source.
  • the key may be a secret key, an algorithm or relationship, or other information for encoding data.
  • Data received from the data input section 310 is processed within the block cipher section 320 using the key to produce PN data in the form of data bits, sometimes called symbols, that appear to be randomly distributed.
  • the PN data is then supplied to the output section 330 from the block cipher section 320.
  • a feedback loop is provided from within the block cipher section 320.
  • This allows symbols of partially encrypted data from within the block cipher section 320 to be directed back to the data input section 310.
  • FIG. 3 depicts a number W of symbols being provided via a feedback loop from the block cipher section 320 back to the data input section 310.
  • the feedback loop may be provided from an intermediate point which may be any point within the block cipher section 320 other than the final output of the block cipher section 320 which is supplied to the output section 330. Providing the feedback from an intermediate point of the block cipher section 320 enhances the greatest degree of security.
  • the intermediate point from which the feedback loop is derived is defined as not being at the input of the block cipher section 320 or the final output of the block cipher section 320. However, the intermediate point need not be the very centermost point of the block cipher section 320. Alternatively, the point from which the feedback loop is derived may be configured towards the middle of the block cipher section 320, that is, closer to the centermost point than to the input of the block cipher section 320 or the output of the block cipher section 320.
  • the data that is output at output section 330 of the present invention does not contain input/output pair information. Since no input/ output pair information is contained in the PN data output of the output section 330, the full amount of data (i.e., width W) from within the block cipher section 320 can be utilized for the feedback loop to the data input section 310 without compromising the security of the system.
  • the feedback loop to the input section 310 may be configured to provided data from more than one point within the block cipher 320.
  • the feedback loop hops, " or is switched, from one point to another so as to provide data from different points within the block cipher 320 to the input section 310.
  • the feedback loop may be connected to various points within the block cipher 320 according to an algorithm or scheme which may be predetermined to further enhance the security of the block cipher system 300.
  • the algorithm or scheme may be such that the feedback loop is connected to only one point within the block cipher 320 at any one time.
  • the algorithm or scheme may be such that the feedback loop is connected more than one point within the block cipher 320 simultaneously.
  • the feedback loop hopping could be controlled by or depend on the sub-key wherein a control line is connected between the sub-key section 312 and a feedback loop path section.
  • FIG. 4 is an OFB-type block cipher system 400 configured with round functions and having a feedback loop from one of the rounds, according to an exemplary embodiment of the present invention.
  • the round function OFB-type block cipher system 400 is constructed using round functions 424 that each perform a partial encryption using a sub-key derived in sub-key generator 414 from a key input 412 which serves as a key data source.
  • the key may be a secret key, an algorithm or relationship, or other information for encoding data.
  • the OFB-type block cipher system 400 generates a sequence of pseudo-random bits which may be used, for example, in the encoding of information.
  • An iteration of the block cipher depicted in FIG. 4 may be referred to as a "round.
  • a round may be an algorithm, function, transform, or encoding scheme associated with the iterations of the block cipher system 400.
  • Input section 410 of the round function OFB-type block cipher system 400 may comprise of one or more input registers, buffers, data latches, feedthrough paths, or like circuitry for receiving data, as discussed above in regard to the previous embodiment.
  • the input section 410 is depicted as having a width W of bits.
  • the input transformation section 422 performs data conversion to put the input data in a proper format for further processing within the round function OFB-type block cipher system 400. Such processing may include, for instance, reordering of the data to further enhance the security of the PN sequence output or to increase the efficiency of the round function OFB-type block cipher system 400.
  • the input transformation section 422 provides the processed data to a first one of the round functions 424.
  • the data input section 410 may be configured to provide data directly to the round functions 424, without the input transformation section 422.
  • the round function OFB-type block cipher system 400 is configured to have a number of round functions 424, each of which performs a partial encryption of the data. Each of the round functions 424 may be designed to use a different sub-key to perform a partial encryption. By iterating inputted data through the round functions 424 a sufficient number of times, the data provided to data input section 410 is encrypted in such a way that cryptanalysis becomes infeasible with presently known methods and computational resources.
  • the round function OFB-type block cipher system 400 of FIG. 4 is depicted as having a number 2K of the round functions 424. Hence, the input data provided from the input transformation section 422 to the round functions 424 is iterated 2K times to produce PN data that has been fully encrypted to appear as a random string of data bits.
  • a feedback loop is provided after the Kth one of the round functions 424 of the round function OFB-type block cipher system 400.
  • all W of the bits of the partially encrypted data at round K are directed back to the data input section 410, as shown in FIG. 4.
  • a number less than W of the bits may be provided via a feedback loop from the Kth round back to the data input section 410.
  • the feedback loop may be provided from any round of the round functions 424, except the last round.
  • the feedback loop is provided from an iteration at or near the Kth round, in order to provide the greatest degree of security. That is, the feedback is preferably taken from about halfway through the full number of iterations back to the input.
  • the data that is output at output section 430 of the present invention contains no direct input/output pair information. Since no direct input/output pair information is contained in the PN data output from the output section 430, the full amount of data (i.e. , width W) from the Kth round can be utilized for the PN sequence without compromising the security of the system.
  • the last of the round functions 424 provides the PN data to an output transformation section 426.
  • the output transformation section 426 performs data processing. For instance, the output transformation section 426 may perform a conversion of the PN data in a manner similar to, or complimentary to, the input transformation section 422.
  • the output transformation section 426 may reorder the PN data to cancel the reordering of the input transformation section 422, or may otherwise process the PN data for security or processing efficiency purposes.
  • the output transformation section 426 then provides the PN data to an output section 430.
  • the output section 430 and the round functions 424 may be configured such that the round functions 424 provide data directly to the output section 430, without the output transformation section 426.
  • the PN data, having been loaded into the output section 430 is output as a PN sequence.
  • FIG. 5 is an OFB-type block cipher system 500 in accordance with an alternative embodiment of the present invention in which the feedback loop to the input section 410 is configured to provided data from more than one of the round functions 424.
  • the feedback loop "hops" or switches from one to another of the round functions 424 via a feedback loop path section 540, so as to provide data from different ones of the round functions 424 to the input section 410.
  • the feedback loop may be connected to various ones of the round functions 424 according to an algorithm or scheme which may be predetermined to further enhance the security of the block cipher system 400.
  • the algorithm or scheme may be such that the feedback loop is connected to only one of the round functions 424 at any one time.
  • the algorithm or scheme may be such that the feedback loop is connected more than one of the round functions 424 simultaneously.
  • the feedback loop hopping could be controlled by or depend on the sub-key as depicted in FIG. 5 wherein a control line is connected between the sub-key generator 414 and the feedback loop path section 540. Otherwise, the feedback loop hopping could be deterministically independent of the sub-key, in which case the sub-key generator 414 need not be directly connected to the feedback loop path section 540.

Abstract

An output feedback-type (OFB-type) block cipher system generates a cryptographically strong pseudo noise sequence (PN sequence) by providing a feedback loop from an intermediate part of the block cipher to the input section of the system. The feedback loop provides partially encrypted data from within the block cipher back to the input section. In the case of the block cipher system having a round structure with a number of round functions, the feedback loop is connected to a round at an intermediate point of the block cipher system.

Description

OUTPUT CIPHER FEEDBACK TYPE PSEUDO NOISE-SEQUENCE GENERATION
BACKGROUND
The present invention relates to an improved method and apparatus for generating a pseudo noise sequence (PN sequence). More particularly, the present invention pertains to the generation of a keyed cryptographically strong PN sequence from a block cipher in the output cipher feedback (OFB) mode.
A need exists for data security in systems that transmit, store or manipulate data. In communication systems, for example, it is desirable to provide a secure communications link for the transmission of conversations, messages or other information between users. Typical communications systems that require data security include wireless communication systems such as cellular telephony, paging systems and satellite transmission, as well as wireline communication systems such as cable television, optical cable communications, landline telephone, or other private or public data networks. In regard to data storage or data manipulation applications in which there is a need for security, typical examples of such applications include data storage systems (e.g., computer disks, storage drives or data buffers) and data processing programs (e.g. , computer programs, logic circuits and the like). Typical cryptographic applications include methods of confidentially encoding information through the use of stream ciphers. In short, a need exists in many different types of systems for data security measures that prevent unauthorized access to the protected information or data.
Data encryption using PN sequences can reduce the likelihood of unauthorized eavesdropping or spoofing, thus enhancing the security of data communications. Keyed PN sequences may be used in communication or cryptographic applications to construct messages that appear to be a sequence of seemingly random symbols. Since the PN sequence is not actually random, but only appears to be random, a cryptographically protected communication signal may be decoded at the receiving end through the use of a secret key to perform the inverse encryption operation and thereby separate the PN sequence from the underlying information signal.
In a communication system, since the communication link is subject to detection by others, it tends to be the portion of the system most vulnerable to eavesdropping or spoofing, that is, the unauthorized interception or introduction of information. PN sequences may be used in spread-spectrum communication systems to ensure security. For instance, PN sequences are often used as spreading sequences in spread-spectrum communication systems to determine the hop sequence and/or the direct spreading sequence. In this way the information communicated via a spread-spectrum communication system is kept secure since the secret key is shared only among the communicating parties.
FIG. 1 is a conventional block cipher system 100 configured in the output cipher feedback (OFB) mode. In general, an OFB type block cipher system 100 as shown in FIG. 1 derives a PN sequence by providing a feedback loop of the PN data supplied at the output of the block cipher back to the input of the block cipher.
An input register 110 of the OFB type block cipher system 100 receives data, and, in turn provides the data to the block cipher section 120. FIG. 1 depicts the block cipher section 120 as having a width W, equal to the width of the input register 110. The block cipher section 120 also receives a secret key from the key section 112. Data is processed within the block cipher section 120 using the secret key to produce PN data consisting of symbols, or data bits, that appear to be randomly distributed. The PN data is then provided from the block cipher section 120 to the output register 130. An important feature of the conventional OFB type block cipher system
100 is that only a portion of the PN data from the output register 130 is supplied as a PN sequence. For instance, FIG. 1 depicts a number r of new symbols output as part of the PN sequence from the output register 130, where r is less than the width W of the block cipher section 120. Another important feature of the OFB type block cipher system 100 is that part of the ciphered PN data output from output register 130 is fed back to be used as an input to the input register 110. That is, the symbols from among the PN data generated in the block cipher section 120 are directed back to the input register 110. For instance, FIG. 1 depicts a number W - r of symbols being provided via a feedback loop from the output register 130 back to the input register 110.
The extent to which the output symbols are used in the next PN sequence results in a tradeoff between security and efficiency. From a security point of view, it is advantageous to use fewer than all of the output symbols in creating the next PN sequence, since such information can possibly be used to recover the secret key. Hence, a smaller value of r relative to W tends to produce a more secure PN sequence. However, the use of fewer output symbols (i.e., smaller r value) results in less efficiency in creating the next PN sequence. For example, in the case where a block cipher is W bits wide and r= 1 meaning that only one bit of the output of the block cipher is used to give a new PN symbol, then the computational burden (i.e, number of uses or iterations) of the block cipher to produce a PN sequence of length N will be a factor W times larger than it would be when using the full output of W bits. This becomes disadvantageous when the block cipher is complex or in applications where power consumption is critical, such as in a battery driven device.
FIG. 2 is a conventional block cipher system 200 that has a round structure. An iteration of the block cipher shown in FIG. 2 is often referred to as a "round;" thus, the function in each iteration is called a round function. The conventional block cipher system 200 is typically constructed using round functions 224, each of which performs a partial encryption. In short, the block cipher system 200 having a round function configuration does a partial encryption using a sub-key derived in sub-key generator 214 from a key input 212.
In general, the block cipher system 200 has an input register 210 that receives data to be encrypted. The data may be processed through an input transformation section 222, and fed into a first one of the round functions 224. The input transformation section 222 may be configured to perform data conversion to put the input data in a proper format for further processing within the block cipher system 200. Such processing may include, for instance, reordering of the data to further enhance the security of the PN sequence output or to increase the efficiency of the block cipher system 200. The input transformation section 222 provides the processed data to a first one of the round functions 224.
The data becomes encrypted by iterating the round functions 224 a sufficient number of times, each time using a different sub-key to partially encrypt the data. For instance, the block cipher system 200 of FIG. 2 depicts the round function 224 being iterated 2K times. After being iterated in the round function 224, the encrypted data may be processed through an output transformation section 226. For instance, the output transformation section 226 may perform a conversion of the PN data in a manner similar to, or complimentary to, the input transformation section 222 and output from the output section 230. That is, the output transformation section 226 may reorder the PN data to cancel the reordering of the input transformation section 222, or may otherwise process the PN data for security or processing efficiency purposes. The output transformation section 226 then provides the PN data to an output register 230, where it is finally supplied at an output from the output register 230.
Conventional block ciphers such as the block cipher system 200 often have weaknesses that may not be discovered until after their conception. Given a sufficient number of input/output pairs, such weaknesses can be exploited to construct an attack that will recover the key. Because of this, it is desirable to enhance the security of the PN sequence generator by keeping the information given away about the input/output pairs of the block cipher to a minimum when producing a PN sequence. However, enhancing the security in such a manner tends to reduce the rate of PN sequence generation, where rate is defined as the number of binary PN symbols generated per usage of the block cipher. That is, a conventional block cipher may be made more secure by reducing the information given away about the input/output pairs of the block cipher, but such measures tend to reduce the rate at which the OFB construction produces random symbols. Thus, a trade-off exists in a block cipher using a round function between security and efficiency considerations.
It is therefore desired to provide improved methods and apparatuses for the generation of PN sequences.
SUMMARY OF THE INVENTION The present invention is directed to a method and apparatus for the generation of a keyed cryptographically strong PN sequence from a block cipher operating in the output cipher feedback (OFB) mode.
The present invention has a practical application in the technological arts of encoding, enciphering or encrypting information. For example, an apparatus or method according to the present invention generates a sequence of pseudo-random bits for encoding, enciphering or encrypting information such as human speech, written text, audio or video signals.
According to exemplary embodiments of the present invention, a feedback loop is provided from an intermediate part of a block cipher back to the input. This allows symbols of partially encrypted data to be directed back to the input section for use as input values. By taking input values via the feedback loop from the middle of the block cipher instead of from the PN sequence output data, the present invention does not contain any input/output pair information in the outputted PN sequence. Because input/output pairs are not in the outputted PN sequence, the full width of data from within the block cipher can be utilized for the feedback loop without compromising the security of the system. Such full use of data for feedback increases the processing efficiency of the system. Generally speaking, exemplary embodiments of the present invention are directed to a round function output feedback-type (OFB-type) block cipher apparatus for generating sequence of pseudo-random bits. The OFB-type block cipher apparatus has an input section, a block cipher section, a key data source, an output section, and a feedback loop from an intermediate part of said block cipher to the input section. Data received at the input section is passed to or shifted into the block cipher section. The block cipher section has number of round functions and is connected to a key data source which itself has a number of subkey data sources. Each of the round functions of the block cipher section partially encrypts data using a subkey from one of the subkey data sources. The block cipher section is also connected to an output section. In accordance with the present invention, a feedback loop connects an intermediate part of the block cipher to the input section. In this way, the feedback loop provides partially encrypted data from within the block cipher back to the input section. Other exemplary embodiments of the present invention are directed to methods of performing round function OFB block cipher processing to generate a sequence of pseudo-random bits. According to one exemplary method, received data is provided to a block cipher section which has a number of round functions, each round function being in communication with a sub-key for encrypting the data in the block cipher section. Data is partially encrypted in each of the round functions of said block cipher section using the sub-keys. Partially encrypted data is sent via a feedback loop from an intermediate part of the block cipher back to the input section. Encrypted data is provided to an output section in communication with the block cipher, thus, generating a sequence of pseudo- random bits of encrypted data.
BRIEF DESCRIPTION OF THE DRAWINGS
Other objects and advantages of the present invention will become apparent to those skilled in the art upon reading the following detailed description of preferred embodiments, in conjunction with the accompanying drawings, wherein like reference numerals have been used to designate like elements, and wherein:
FIG. 1 is a conventional OFB type block cipher for generating a keyed PN sequence; FIG. 2 is a conventional block cipher with a round structure for generating a keyed PN sequence;
FIG. 3 is an OFB-type block cipher for generating a keyed PN sequence according to the present invention;
FIG. 4 is a round function OFB-type block cipher using an intermediate round for the feedback loop according to another exemplary embodiment of the present invention; and
FIG. 5 is an OFB-type block cipher system in accordance with an alternative embodiment of the present invention configured with a feedback loop path section which switches the feedback amongst the round functions.
DETAILED DESCRIPTION
FIG. 3 is an OFB-type block cipher system 300 according to an exemplary embodiment of the present invention for generating a keyed PN sequence. In accordance with this and other embodiments of the present invention, the aforementioned tradeoff between security and efficiency considerations may be reduced. The block ciphers according to the present invention maintain both a high degree of security and a relatively fast transmission rate. The OFB-type block cipher system 300 generates a sequence of pseudo-random bits which may be used, for example, in the encoding of information.
Input section 310 of the OFB-type block cipher system 300 may comprise one or more input registers, buffers, data latches, feedthrough paths, or like circuitry for receiving data. The data input section 310 is depicted in FIG. 3 as a register having a width equal to a number W of bits. As such, the data input section 310 can be loaded with a number W of bits that may be provided to the next section of the OFB-type block cipher system 300. In the case of the data input section 310 being a register, data is typically loaded by shifting bits of the data a number of places into the data input section 310. The data input section 310, having been loaded with data, provides data to a block cipher section 320. For the purposes of describing the present invention, the term bits used herein refers to digital ones and zeros, symbols, characters, portions of data or other instances of information.
The block cipher section 320 is depicted in FIG. 3 as having a width W, corresponding to the width W of the data input section 310. In addition to receiving data from the data input section 310, the block cipher section 320 also receives a key as an input from the key section 312 which serves as a key data source. The key may be a secret key, an algorithm or relationship, or other information for encoding data. Data received from the data input section 310 is processed within the block cipher section 320 using the key to produce PN data in the form of data bits, sometimes called symbols, that appear to be randomly distributed. The PN data is then supplied to the output section 330 from the block cipher section 320.
According to the exemplary configuration of the present invention shown in FIG. 3, a feedback loop is provided from within the block cipher section 320. This allows symbols of partially encrypted data from within the block cipher section 320 to be directed back to the data input section 310. For instance, FIG. 3 depicts a number W of symbols being provided via a feedback loop from the block cipher section 320 back to the data input section 310. In accordance with the present invention, the feedback loop may be provided from an intermediate point which may be any point within the block cipher section 320 other than the final output of the block cipher section 320 which is supplied to the output section 330. Providing the feedback from an intermediate point of the block cipher section 320 enhances the greatest degree of security. The intermediate point from which the feedback loop is derived is defined as not being at the input of the block cipher section 320 or the final output of the block cipher section 320. However, the intermediate point need not be the very centermost point of the block cipher section 320. Alternatively, the point from which the feedback loop is derived may be configured towards the middle of the block cipher section 320, that is, closer to the centermost point than to the input of the block cipher section 320 or the output of the block cipher section 320.
By taking input values from an intermediate point of the block cipher section 320 via the feedback loop instead of from the PN sequence output data, the data that is output at output section 330 of the present invention does not contain input/output pair information. Since no input/ output pair information is contained in the PN data output of the output section 330, the full amount of data (i.e., width W) from within the block cipher section 320 can be utilized for the feedback loop to the data input section 310 without compromising the security of the system. In accordance with alternative embodiments of the present invention, the feedback loop to the input section 310 may be configured to provided data from more than one point within the block cipher 320. In one alternative embodiment, the feedback loop "hops, " or is switched, from one point to another so as to provide data from different points within the block cipher 320 to the input section 310. The feedback loop may be connected to various points within the block cipher 320 according to an algorithm or scheme which may be predetermined to further enhance the security of the block cipher system 300. Furthermore, the algorithm or scheme may be such that the feedback loop is connected to only one point within the block cipher 320 at any one time. Alternatively, the algorithm or scheme may be such that the feedback loop is connected more than one point within the block cipher 320 simultaneously. The feedback loop hopping could be controlled by or depend on the sub-key wherein a control line is connected between the sub-key section 312 and a feedback loop path section. Otherwise, the feedback loop hopping could be deterministically independent of the sub-key. FIG. 4 is an OFB-type block cipher system 400 configured with round functions and having a feedback loop from one of the rounds, according to an exemplary embodiment of the present invention. The round function OFB-type block cipher system 400 is constructed using round functions 424 that each perform a partial encryption using a sub-key derived in sub-key generator 414 from a key input 412 which serves as a key data source. The key may be a secret key, an algorithm or relationship, or other information for encoding data. The OFB-type block cipher system 400 generates a sequence of pseudo-random bits which may be used, for example, in the encoding of information. An iteration of the block cipher depicted in FIG. 4 may be referred to as a "round. " A round may be an algorithm, function, transform, or encoding scheme associated with the iterations of the block cipher system 400.
Input section 410 of the round function OFB-type block cipher system 400 may comprise of one or more input registers, buffers, data latches, feedthrough paths, or like circuitry for receiving data, as discussed above in regard to the previous embodiment. The input section 410 is depicted as having a width W of bits. Upon being loaded with data, the data input section 410 provides the data to an input transformation section 422 for processing. The input transformation section 422 performs data conversion to put the input data in a proper format for further processing within the round function OFB-type block cipher system 400. Such processing may include, for instance, reordering of the data to further enhance the security of the PN sequence output or to increase the efficiency of the round function OFB-type block cipher system 400. The input transformation section 422 provides the processed data to a first one of the round functions 424. Alternative to the embodiment depicted in FIG. 4, the data input section 410 may be configured to provide data directly to the round functions 424, without the input transformation section 422.
The round function OFB-type block cipher system 400 is configured to have a number of round functions 424, each of which performs a partial encryption of the data. Each of the round functions 424 may be designed to use a different sub-key to perform a partial encryption. By iterating inputted data through the round functions 424 a sufficient number of times, the data provided to data input section 410 is encrypted in such a way that cryptanalysis becomes infeasible with presently known methods and computational resources. The round function OFB-type block cipher system 400 of FIG. 4 is depicted as having a number 2K of the round functions 424. Hence, the input data provided from the input transformation section 422 to the round functions 424 is iterated 2K times to produce PN data that has been fully encrypted to appear as a random string of data bits.
According to the exemplary configuration of the present invention shown in FIG. 4, a feedback loop is provided after the Kth one of the round functions 424 of the round function OFB-type block cipher system 400. According to this preferred embodiment, all W of the bits of the partially encrypted data at round K are directed back to the data input section 410, as shown in FIG. 4. According to alternative embodiments, a number less than W of the bits may be provided via a feedback loop from the Kth round back to the data input section 410. In accordance with the present invention, the feedback loop may be provided from any round of the round functions 424, except the last round. According to a preferred embodiment, the feedback loop is provided from an iteration at or near the Kth round, in order to provide the greatest degree of security. That is, the feedback is preferably taken from about halfway through the full number of iterations back to the input.
By taking input values from the Kth round via the feedback loop instead of from the PN sequence output data, the data that is output at output section 430 of the present invention contains no direct input/output pair information. Since no direct input/output pair information is contained in the PN data output from the output section 430, the full amount of data (i.e. , width W) from the Kth round can be utilized for the PN sequence without compromising the security of the system. The last of the round functions 424 provides the PN data to an output transformation section 426. The output transformation section 426 performs data processing. For instance, the output transformation section 426 may perform a conversion of the PN data in a manner similar to, or complimentary to, the input transformation section 422. That is, the output transformation section 426 may reorder the PN data to cancel the reordering of the input transformation section 422, or may otherwise process the PN data for security or processing efficiency purposes. The output transformation section 426 then provides the PN data to an output section 430. Alternative to the embodiment depicted in FIG. 4, the output section 430 and the round functions 424 may be configured such that the round functions 424 provide data directly to the output section 430, without the output transformation section 426. Finally, the PN data, having been loaded into the output section 430, is output as a PN sequence.
FIG. 5 is an OFB-type block cipher system 500 in accordance with an alternative embodiment of the present invention in which the feedback loop to the input section 410 is configured to provided data from more than one of the round functions 424. In this alternative embodiment, the feedback loop "hops" or switches from one to another of the round functions 424 via a feedback loop path section 540, so as to provide data from different ones of the round functions 424 to the input section 410. The feedback loop may be connected to various ones of the round functions 424 according to an algorithm or scheme which may be predetermined to further enhance the security of the block cipher system 400. Furthermore, the algorithm or scheme may be such that the feedback loop is connected to only one of the round functions 424 at any one time. Alternatively, the algorithm or scheme may be such that the feedback loop is connected more than one of the round functions 424 simultaneously. The feedback loop hopping could be controlled by or depend on the sub-key as depicted in FIG. 5 wherein a control line is connected between the sub-key generator 414 and the feedback loop path section 540. Otherwise, the feedback loop hopping could be deterministically independent of the sub-key, in which case the sub-key generator 414 need not be directly connected to the feedback loop path section 540.
It will be appreciated by those skilled in the art that the present invention can be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The presently disclosed embodiments are therefore considered in all respects to be illustrative and not restrictive. The scope of the invention is indicated by the appended claims rather than the foregoing description and all changes that come within the meaning and range and equivalence thereof are intended to be embraced therein.

Claims

WHAT IS CLAIMED IS:
1. A round function output feedback-type (OFB-type) block cipher apparatus for generating sequence of pseudo-random bits, the apparatus comprising: an input section for receiving data; a block cipher section comprising a number of round functions, said block cipher section in communication with said input section; a key data source coupled to said block cipher, said key data source having a number of subkey data sources coupled to said round functions; an output section in communication with said block cipher; and a feedback loop from an intermediate part of said block cipher to said input section, wherein said feedback loop provides partially encrypted data from within said block cipher to said input section; wherein each of said round functions of said block cipher section partially encrypts data using a subkey from one of the subkey data sources.
2. The apparatus of claim 1, wherein said block cipher section has a width W and said feedback loop has a width W.
3. The apparatus of claim 1 , wherein said block cipher section comprises a number 2K of round functions, and said feedback loop is coupled to a Kth one of said 2K round functions.
4. The apparatus of claim 1 , further comprising: an input transformation means coupled to said input section and coupled to said block cipher section, said input transformation means performing input data processing.
5. The apparatus of claim 4, further comprising: an output transformation means coupled to said block cipher and coupled to said output section, said output transformation means performing output data processing.
6. The apparatus of claim 5, wherein the input data processing performed by the input transformation means reorders data from said input section; and wherein the output data processing performed by the output transformation means reorders data from said block cipher section, the reordering performed in said output transformation means being complementary to the reordering performed in said input transformation means.
7. The apparatus of claim 1, wherein said block cipher section comprises a number 2K of round functions, the apparatus further comprising: a feedback loop path section with one end coupled to said input section and with an other end selectively coupled to a one of said 2K round of functions.
8. The apparatus of claim 7, wherein the one of said 2K round of functions to which said other end of the feedback loop path section is coupled is determined in accordance with an output of said key data source.
9. An output feedback-type (OFB-type) block cipher apparatus for generating a sequence of pseudo-random bits, the apparatus comprising: an input section for receiving data; a block cipher section in communication with said input section, said block cipher also being coupled to a key data source; an output section in communication with said block cipher; and a feedback loop from an intermediate part of said block cipher to said input section; wherein said feedback loop provides partially encrypted data from within said block cipher to said input section.
10. The apparatus of claim 9, wherein said block cipher section has a width W and said feedback loop has a width W.
11. The apparatus of claim 9, wherein said feedback loop is coupled to a centermost portion of said block cipher section.
12. The apparatus of claim 10, further comprising: a feedback loop path section with one end coupled to said input section and with an other end selectively coupled to a point in said intermediate part of said block cipher.
13. The apparatus of claim 10, further comprising: an input transformation means coupled to said input section and coupled to said block cipher section, said input transformation means performing input data processing.
14. The apparatus of claim 13, further comprising: an output transformation means coupled to said block cipher and coupled to said output section, said output transformation means performing output data processing.
15. The apparatus of claim 14, wherein the input data processing performed by the input transformation means reorders data from said input section; and wherein the output data processing performed by the output transformation means reorders data from said block cipher section, the reordering performed in said output transformation means being complementary to the reordering performed in said input transformation means.
16. A method of performing round function output feedback (OFB) block cipher processing to generate a sequence of pseudo-random bits, the method comprising steps of: receiving data in an input section; providing said received data to a block cipher section comprising a number of round functions; communicating a sub-key to each one of said number of round functions of said block cipher section; encrypting said data in said block cipher section, the data being partially encrypted in each one of said number of round functions of said block cipher section using said sub-keys; providing said encrypted data from a last one of said round functions to an output section in communication with said block cipher; feeding back partially encrypted data via a feedback loop from an intermediate part of said block cipher to said input section; and generating the sequence of pseudo-random bits from said encrypted data.
17. The method of claim 16, wherein said block cipher section has a width W and said feedback loop has a width W.
18. The method of claim 16, wherein said block cipher section comprises a number 2K of round functions, and said feedback loop is coupled to a Kth one of said 2K round functions.
19. The method of claim 16, wherein said block cipher section comprises a number 2K of round functions, and said feedback loop is selectively coupled to one of said 2K round functions.
20. The method of claim 16, further comprising a step of: performing input data processing in an input transformation means coupled to said input section and coupled to said block cipher section.
21. The method of claim 18, further comprising a step of: performing output data processing in an output transformation means coupled to said block cipher and coupled to said output section.
22. The method of claim 20, wherein the step of input data processing performed by the input transformation means reorders data from said input section; and wherein the step of output data processing performed by the output transformation means reorders data from said block cipher section, the reordering performed in said step of output data processing being complementary to the reordering performed in said step of input data processing.
23. A method of performing output feedback (OFB) block cipher processing to generate a sequence of pseudo-random bits, the method comprising steps of: receiving data at an input section, wherein said data represents information; providing said received data to a block cipher section; communicating a key from a key data source to said block cipher section; encrypting said data in said block cipher section using said key; providing said encrypted data from said block cipher to an output section in communication with said block cipher; and feeding back partially encrypted data via a feedback loop from an intermediate part of said block cipher to said input section.
24. The method of claim 23, wherein said block cipher section has a width W and said feedback loop has a width W.
25. The method of claim 24, wherein said feedback loop is coupled to a centermost portion of said block cipher section.
26 The method of claim 24, wherein said feedback loop is selectively coupled to a portion of said block cipher section.
27. The method of claim 23, further comprising a step of: performing input data processing in an input transformation means coupled to said input section and coupled to said block cipher section.
28. The method of claim 27, further comprising a step of: performing output data processing in an output transformation means coupled to said block cipher and coupled to said output section.
29. The method of claim 28, wherein the step of input data processing performed by the input transformation means reorders data from said input section; and wherein the step of output data processing performed by the output transformation means reorders data from said block cipher section, the reordering performed in said step of output data processing being complementary to the reordering performed in said step of input data processing.
PCT/EP2000/009226 1999-09-27 2000-09-21 Output cipher feedback type pseudo noise-sequence generation WO2001024438A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU79054/00A AU7905400A (en) 1999-09-27 2000-09-21 Output cipher feedback type pseudo noise-sequence generation

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US15578299P 1999-09-27 1999-09-27
US60/155,782 1999-09-27
US56322500A 2000-05-02 2000-05-02
US09/563,225 2000-05-02

Publications (1)

Publication Number Publication Date
WO2001024438A1 true WO2001024438A1 (en) 2001-04-05

Family

ID=26852606

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2000/009226 WO2001024438A1 (en) 1999-09-27 2000-09-21 Output cipher feedback type pseudo noise-sequence generation

Country Status (2)

Country Link
AU (1) AU7905400A (en)
WO (1) WO2001024438A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1294124A2 (en) * 2001-09-17 2003-03-19 Alcatel Method for data stream encryption

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SCHNEIER ET AL: "Applied Cryptography, Second Edition", PROTOCOLS, ALGORITHMS, AND SOURCE CODE IN C,NEW YORK, NY: JOHN WILEY & SONS,US, 1996, XP002161321, ISBN: 0-471-11709-9 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1294124A2 (en) * 2001-09-17 2003-03-19 Alcatel Method for data stream encryption
EP1294124A3 (en) * 2001-09-17 2003-11-19 Alcatel Method for data stream encryption

Also Published As

Publication number Publication date
AU7905400A (en) 2001-04-30

Similar Documents

Publication Publication Date Title
US8259934B2 (en) Methods and devices for a chained encryption mode
US5365585A (en) Method and apparatus for encryption having a feedback register with selectable taps
US4471164A (en) Stream cipher operation using public key cryptosystem
EP0681768B1 (en) A method and apparatus for generating a cipher stream
KR100618373B1 (en) Method of and apparatus for encrypting signals for transmission
US5444781A (en) Method and apparatus for decryption using cache storage
US20070028088A1 (en) Polymorphic encryption method and system
EP1161811B1 (en) Method and apparatus for encrypting and decrypting data
US6249582B1 (en) Apparatus for and method of overhead reduction in a block cipher
JPH05500298A (en) encryption device
US7277543B1 (en) Cryptographic combiner using two sequential non-associative operations
US20060147041A1 (en) DES algorithm-based encryption method
EP3996321A1 (en) Method for processing encrypted data
JP3358954B2 (en) Pseudo-random bit string generator and cryptographic communication method using the same
Kadry et al. An improvement of RC4 cipher using vigenère cipher
JP3358953B2 (en) Pseudo-random bit string generator and cryptographic communication method using the same
Ahmad et al. Energy efficient sensor network security using Stream cipher mode of operation
Koo et al. Rotational-XOR rectangle cryptanalysis on round-reduced Simon
WO2001024438A1 (en) Output cipher feedback type pseudo noise-sequence generation
EP1629626A1 (en) Method and apparatus for a low memory hardware implementation of the key expansion function
CN111934864B (en) Secret communication method based on key fusion transformation
US20230299940A1 (en) Single stream one time pad with encryption with expanded entropy
Zibideh et al. Key-based coded permutation ciphers with improved error performance and security in wireless channels
Devi et al. A Research: Image Encryption Using Chaotic and Logistic Map and Pixel Hobbling
AU670355B2 (en) A method and apparatus for generating a cipher stream

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ CZ DE DE DK DK DM DZ EE EE ES FI FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP