WO2012140144A1 - Procédé et système pour améliorer la synchronisation de caractères chiffrés en flux - Google Patents
Procédé et système pour améliorer la synchronisation de caractères chiffrés en flux Download PDFInfo
- Publication number
- WO2012140144A1 WO2012140144A1 PCT/EP2012/056685 EP2012056685W WO2012140144A1 WO 2012140144 A1 WO2012140144 A1 WO 2012140144A1 EP 2012056685 W EP2012056685 W EP 2012056685W WO 2012140144 A1 WO2012140144 A1 WO 2012140144A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- digits
- cipher text
- digit
- key
- sequence
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
- H04L9/0656—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
Definitions
- the present invention relates generally to the encryption of data and more particularly to a method and system for improving the synchronization and, therefore, the behaviour of stream cipher encryption procedures.
- Encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.
- the result of the process is encrypted information (in cryptography, referred to as cipher text).
- cipher text In many contexts, the word encryption also implicitly refers to the reverse process, decryption, to make the encrypted information readable again (i.e. to make it unencrypted).
- Encryption is now commonly used in protecting information within many kinds of systems. Encryption can be used to protect data "at rest", such as files on computers and storage devices. In recent years there have been numerous reports of confidential data such as customers' personal records being exposed through loss or theft of laptops or backup drives. Encrypting such files at rest helps protect them should physical security measures fail. Digital rights management systems which prevent unauthorized use or reproduction of copyrighted material and protect software against reverse engineering are another somewhat different example of using encryption on data at rest. Encryption is also used to protect data in transit, for example data being transferred via networks (e.g. the Internet, e-commerce), mobile telephones, wireless microphones, wireless intercom systems, Bluetooth devices and bank automatic teller machines. There have been numerous reports of data in transit being intercepted in recent years. Encrypting data in transit also helps to secure it as it is often difficult to physically secure all access to networks.
- networks e.g. the Internet, e-commerce
- a stream cipher is a type of symmetric encryption algorithm.
- the encryption is accomplished by combining the plaintext (the message to be encrypted) with a key stream, usually with the exclusive or (XOR) operation but other operations are also possible.
- the combination is done digit by digit; usually the digits consist of one or several bits.
- the transformation of successive plaintext bits varies during the encryption, equal plaintext bits are encrypted into different cipher text bits depending of its position on the message.
- the key stream consists of a random sequence of bits, that can be generated in advance or in the moment of use. This sequence of bits can represent any data, whose confidentiality should be protected, both for its storing and transmission: text, images, programs, audio and video.
- the length of the key stream should be equal to the length of the plaintext, and each key stream should not be reused for more than one operation of encryption. Since the entire key stream is random, even an opponent with infinite computational resources can only guess the plaintext if he sees the cipher text. Such a cipher is said to offer perfect secrecy.
- the historic precedents of stream cipher are the Caesar Cipher, whose key stream had only one digit consisting of an alphabet character, and the Blaise de Vigenere Cipher, whose key had a limited number of digits and was replayed as many times as necessary to reach the length of the plaintext.
- the first modern stream cipher was the Vernam Cipher—also known as the one-time pad— which is the only mathematically demonstrable unbreakable cipher.
- the one-time pad was used during wartime over diplomatic channels requiring exceptionally high security.
- the fact that the secret key (which can be used only once) is as long as the message introduces severe key management problems. While perfectly secure, the one-time pad is in general impractical.
- AES Advanced Encryption System
- OFB open feedback
- CRT counter
- stream ciphers with a dedicated design are typically much faster.
- PRNGs or block ciphers must have a key K that may determine the next state function and the output function as well as the initial state.
- K The basic problem of key stream generator design in the context of finite state machines is to find next state functions and output functions which are guaranteed to produce a key stream that satisfies the basic requirements of large period, large linear complexity and uniform distribution properties.
- the determination of these basic performance criteria implies the analyzability of the key stream generator.
- the construction of secure running key generators necessarily implies the introduction of nonlinear transformations, which greatly complicates the indispensable analysis. There exist implicit and explicit methods for introducing nonlinear effects.
- the generation of the key stream can be independent of the plaintext and cipher text, yielding what is termed a synchronous stream cipher, or it can depend on the data and its encryption, in which case the stream cipher is said to be self- synchronizing.
- the Vernam Cipher was of the first type.
- a key stream generator can be described by a 6-tuple (S, R, f, g, K ⁇ , /), more precisely:
- the number of internal states S is much bigger than the output alphabet R; each state is a function f of the key K ⁇ and the previous state (the key K1 use to be a sequence of digits); the output in each moment is a function g of the key K ⁇ and the corresponding state; the initial state is determined by the constant / ' .
- Each time that the internal state changes a new output digit is generated, which is a function of the new state and the key K ⁇ the moment of the internal state changing is usually controlled by an internal clock or a synchronism mechanism between a transmitter and a receiver.
- a stream of pseudo-random digits is generated independently of the plaintext and cipher text messages, and then combined with the plaintext (to encrypt) or with the cipher text (to decrypt).
- binary digits bits
- the key stream is combined with the plaintext using the exclusive or (XOR) (other logic functions can be used as well). This is termed a binary additive stream cipher.
- the sender and receiver In a synchronous stream cipher, the sender and receiver must be exactly in step for decryption to be successful. If digits are added or removed from the message during transmission, synchronization is lost. To restore synchronization, various offsets can be tried systematically to obtain the correct decryption. Another approach is to tag the cipher text with markers at regular points in the output. If, however, a bit is corrupted in transmission, rather than added or lost, only a single bit in the plaintext is affected and the error does not propagate to other parts of the message. This property is useful when the transmission error rate is high; however, it makes less likely the error would be detected without further mechanisms.
- the next state depends only on the previous state and not on the input so that the succession of states is independent of the sequence of characters received. Consequently, the enciphering transformation is memoryless, though time-varying. But the device itself is not memoryless, it needs the internal memory to generate the necessary state sequence. It is natural therefore, in a synchronous stream cipher, to separate the enciphering transformation from the generation process of the time-varying parameter that controls the enciphering transformation.
- Figure 1 illustrates the complete block diagram of a synchronous stream cipher and decipher system.
- the plaintext (3) is encrypted into the cipher text (5), by the modulo-2 addition (XOR) (4) of the plaintext bits with the key stream bits generated by the PRNG (2); this PRNG generates a key stream which is a complicated function of the Key, which is stored in the register (1 ). If both the plaintext and the key stream are composed of independent bits, the XOR operation is accomplished bit by bit; but if both the plaintext and the key stream are composed of digits formed by blocks of several bits, the XOR operation is made bitwise, that is bit a bit.
- XOR modulo-2 addition
- the cipher text is transmitted to the receiving end, where it is decrypted into the retrieved plaintext (10), by the modulo-2 subtraction (9) of the key stream bits, generated by the PRNG (7), from cipher text bits (8)— the modulo-2 addition and subtraction operations are identical, hence, both are implemented by a unique mechanism: the XOR combination of bits— ; the PRNG (7) generates a key stream which is identical to the generated by the PRNG (2), as a function of the Key (6), whose exact replica is stored in the register (1 ).
- the key stream is not independent of the plaintext and cipher text messages because the previous N cipher text digits to compute the key stream.
- the idea of self-synchronization is known since in 1946, and has the advantage that the receiver will automatically synchronize with the key stream generator after receiving N cipher text digits, making it easier to recover the plaintext, if digits are dropped or added to the message stream. Single-digit errors are limited in their effect, affecting only up to N plaintext digits.
- Self-synchronizing stream ciphers have the facility to resume correct decryption if the key stream generated by the decrypting unit falls out of synchronization with the encrypting key stream.
- the encryption of a bit depends on k previous cipher text bits. The system demonstrates limited error propagation; if one bit is received incorrectly then decryption of the following k bits may be incorrect.
- the system is able to resynchronize itself and produce a correct decryption after k bits have been received correctly.
- the deciphering transformation has finite memory with respect to the influence of past characters so that an erroneous or lost cipher text character causes only a fixed number of errors in the deciphered plaintext, after which again correct plaintext is produced.
- the function that defines the next state of the cryptosystem takes as input some of the previously digits of the generated cipher text. The most common example of this is provided by some block cipher in what is termed cipher-feedback (CFB) mode.
- CFB cipher-feedback
- Figure 2 illustrates the complete block diagram of a self-synchronizing stream cipher and decipher system.
- the plaintext (3) is encrypted into the cipher text (5), by the XOR (4) of the plaintext bits with the key stream bits generated by the PRNG (2); this PRNG generates a key stream which is a complicated function of the Key (1 ) and of the last N digits of the cipher text, stored in the register (1 1 ). If both the plaintext and the key stream are composed of independent bits, the XOR operation is accomplished bit by bit; but if both the plaintext and the key stream are composed of digits formed by blocks of several bits, the XOR operation is made bitwise.
- the cipher text is transmitted to the receiving end, where it is decrypted into the retrieved plaintext (10), by the modulo-2 subtraction (9) of the key stream bits, generated by the PRNG (7), from cipher text bits (8); the PRNG (7) generates a key stream which is identical to the generated by the PRNG (2), as a function of the Key (6) and of the last N digits of the received cipher text, stored in the register (12).
- Synchronous stream ciphers require, perfect synchronism between the encrypting and the decrypting device. When some bits are lost or intentionally added during transmission, then the key stream produced at the receiving site will be combined with some lag or advance to the cipher text, causing a new effective encryption of the cipher text a second time.
- To re-establish synchronism at the receiver usually involves searching over all possible offsets that the key stream could have experienced, or notifying the sender that the cryptosystem should be reinitialized. In both cases, large portions of the transmitted data may be lost. This difficulty of setting up again the synchronism is considered to be the major disadvantage of synchronous stream ciphers.
- self-synchronizing stream ciphers protect against cipher text searching, but because of their self-synchronizing property they do not (or only slightly) protect against injections, deletions and replay of cipher text.
- self synchronizing stream ciphers offer a lower level of security since arguments and function values of the key stream generating process are known to the cryptanalyst.
- the real disadvantage of self-synchronizing stream ciphers is their limited analyzability because of the dependence of the key stream on the message stream.
- Self-synchronizing stream ciphers have some limited error propagation which may or may not be viewed as an advantage. Certainly any changes made by an attacker to the cipher text will have additional consequences on other parts of the decrypted plaintext.
- Self-synchronizing stream ciphers are also vulnerable to a playback attack. First the attacker records some cipher text bits. Then, at a later time, he substitutes this recording into current traffic. After some initial garbage while the receiving end resync ronizes, the old cipher text will decrypt as normal. The receiving end has no way of knowing that this is not current data, but old data being replayed. Unless timestamps are used, the attacker can convince a bank to credit his account again and again, by replaying the same message (assuming the key hasn't been changed, of course). Other weaknesses in this type of scheme could be exploited in the cases of very frequent resynchronization. 2) An opponent willing to intercept and decrypt an enciphered message may find easier to guess the next state of the PRNG since its input is taken partially from the ciphertext.
- this prevents active eavesdroppers from selective changes of single plaintext digits via the cipher text and thus provides a basic level of message authenticity; because any change of a ciphertext digit will not only induce the change of the corresponding retrieved plaintext digit (after legitimate decoding), but will cause an error burst of the succeeding digits, revealing to the legitimate receiver that the decoded message is not faithful because an opponent or just a fortuitous transmission error has corrupted it.
- the present invention uses a new method and system that will reduce or eliminate the deficiencies of current tools.
- the object of the present invention is to propose a new type of synchronism of stream ciphers.
- the synchronization action is produced at random intervals, in an unpredictable time schedule; being impossible to detect by any unauthorized observer not possessing the key.
- the invention advantageously, provides a manner to maintain the sender and receiver, of an encrypted transmission, exactly in step, avoiding the lost of information when a disruption of the stream of information between them is produced, either by noise or by intentional perturbation of an opponent.
- the occurrence of the synchronism action is induced by the spontaneous occurrence of a succession of several predetermined digits in the cipher text sequence; when this succession of digits is observed the synchronization is performed, by changing the state of the PRNG that generated the key stream, being the new state a non linear function of a set of previously transmitted digits.
- the scheme may increase the security of the encrypted transmission by increasing the size of the system key.
- a method for improving stream cipher encryption of data where the data to be encrypted, called plaintext, is combined with a random sequence of digits, called key stream, to obtain the encrypted plain text called cipher text, being the key stream generated by a pseudo random number generator, PRNG as a function of a certain key sequence and the current state of the generator, the digits being blocks of s bits, being s a design parameter, the method comprising the following steps: a) Determining the initial state of the pseudo random number generator and, resetting to the zero state the contents of a first and a second delay line (13a, 14a) of the cipher text of a first and a second register
- step j If both sequences do not match, generating the next state of the PRNG as a function of the first key and the previous state and going to step j) g) If both sequences match, delaying in the second delay line the cipher text j digits and storing in the second register the last m digits of the delayed cipher text, being j and m design parameters, being j ⁇ 0
- the obtained cipher text sequence will be the current cipher text sequence
- a system for improving stream cipher encryption and decryption of data comprising a ciphering device and a deciphering device, where in the ciphering device the data to be encrypted, called plaintext, is received and combined with a random sequence of digits, called key stream, to obtain the encrypted plain text called cipher text, and in the deciphering device the text to be decrypted, cipher text, is received and combined with the key stream to obtain the decrypted text, plaintext, the digits being blocks of s bits;
- the ciphering device comprising: A pseudo random number generator, PRNG being the key stream generated by the PRNG as a function of a key K1 and the current state of the generator and being the next state of the generator determined by K1 and the previous state if there is not a forced value for the next state -
- a combiner which reads a digit of the plain text, reads a digit of the key stream, combines both digits and generates as a result one digit of the cipher text, the combination being a XOR operation of the plaintext digit and the key stream digit
- a second delay line which delays the cipher text sequence j digits, being j a design parameter, j ⁇ 0.
- a first memory register which stores the last I digits of the cipher text sequences delayed by the first delay line, being I a design parameter, the register being updated each time a new digit of cipher text is generated
- a second memory register which stores the last m digits of the cipher text sequences delayed by the second delay line, being m a design parameter, the register being updated each time a new digit of cipher text is generated
- a transfer module which applies a transfer function to the sequence of m digits stored in the second memory register, generating a transformed sequence.
- a comparator which, after each new generated digit of the cipher text, compares the sequence of I digits stored in the first memory register with a second key K2 which is a sequence of I digits; and if both sequences match, generates a load order to the PRNG to change the state of the PRNG to a forced value given by the transformed sequence generated by the transfer module
- the deciphering device comprising:
- PRNG being the key stream generated by the PRNG as a function of the key K1 and the current state of the generator and being the next state of the generator determined by K1 and the previous state if there is not a forced value for the next state
- a combiner which reads a digit of the cipher text, reads a digit of the key stream, combines both digits and generates as a result one digit of the decrypted cipher text, that is the plaintext, the combination being a XOR operation of the cipher text digit and the key stream digit
- a first delay line which delays the cipher text sequence k digits.
- a second delay line which delays the cipher text sequence j digits
- a first memory register which stores the last I digits of the cipher text sequences delayed by the first delay line, the register being updated each time a new digit of cipher text is received
- a second memory register which stores the last m digits of the cipher text sequences delayed by the second delay line, being m a design parameter, the register being updated each time a new digit of cipher text is received
- a transfer module which applies a transfer function to the sequence of m digits stored in the second memory register, generating a transformed sequence.
- a comparator which, after each new received digit of the cipher text, compares the sequence of I digits stored in the first memory register with the second key K2; and if both sequences match, generates a load order to the PRNG to change the state of the PRNG to a forced value given by the transformed sequence generated by the transfer module
- Figure 1 represents a block diagram of a synchronous stream cipher and decipher system.
- Figure 2 represents a block diagram of a self-synchronizing stream cipher and decipher system.
- Figure 3 represents a block diagram of the cipher end of the mechanism of random- synchronism of stream ciphers.
- Figure 4 represents a block diagram of the decipher end of the mechanism of random-synchronism of stream ciphers.
- Figure 5 represents a flowchart of the mechanism of random-synchronism of stream ciphers.
- Figure 6 represents a block diagram of an embodiment of the invention using a Linear Feedback Shift Register as pseudorandom number generator.
- Figure 7 represents a block diagram of an embodiment of the invention using block cipher TDEA in Counter Mode as pseudorandom number generator.
- a new method and system for synchronizing stream ciphers is proposed, called random-synchronism of stream ciphers. Oppositely to the synchronous stream ciphers, which are synchronized only once at the beginning of the transmission and to the self-synchronizing stream ciphers, which are synchronized whenever a digit is encrypted; the new method perform a synchronization operation at random intervals, in an unpredictable time schedule.
- the decision to carry out the synchronization of ciphering and deciphering machines is taken upon occurrence of a predetermined string of cipher text digits.
- Such string of digits may be pre-selected at random, and will form part of the system key. But its length must be selected in function of the desired mean frequency of synchronization.
- the scheme may increase the security of the encrypted transmission by increasing the size of the system key.
- a necessary condition for the security of an encryption procedure is that the cipher text sequence is completely random. Hence, the occurrence of any predetermined string of bits in the cipher text sequence is entirely possible.
- the mean frequency of the occurrence of such string depends on its bit length, for statistical reasons, being its probability of occurrence inversely proportional to its length: strings of few bits will occur frequently and strings of many bits will occur rarely.
- a string of / bits of length happens every 2' bits, in average, in any random bit sequence; hence the mean probability of the spontaneous occurrence of any predetermined string of / bits of length, inside a random sequence of bits, is equal to:
- the probability of occurrences of strings with a separation k > 256 is: ⁇ P 8 , 256 ⁇ 0.0014.
- the synchronism is executed each time that the spontaneous occurrence of a string of a length of / predetermined digits is observed; when this succession of cipher text digits happens the synchronization is performed, by changing the state of the PRNG that generated the key stream, being the new state a non linear function of a set of previous transmitted digits.
- Figure 3 depicts the block diagram of the mechanism of random-synchronism of stream ciphers, at the sender location; i.e. the cipher end; new blocks specific of this invention, not used in synchronous stream ciphers nor in self-synchronizing stream ciphers, are distinguished with a discontinuous border.
- a plaintext (3a) that must be encrypted into the cipher text (5a), by the combination (4a) of the plaintext bits with the key stream bits generated by the PRNG (2a); this PRNG generates a key stream which is a complicated function of the system key 1 , stored in the register (1 a) and the sequence of ⁇ / digits stored in the register (1 1 a).
- the combination (4a) consists of an XOR, if both the plaintext and the key stream are composed of independent bits, the XOR operation is accomplished bit by bit; but if both the plaintext and the key stream are composed of digits formed by blocks of several bits, the XOR operation is made bitwise._The synchronization mechanism is achieved by the rest of elements of the Fig. 3, in the following way:
- the cipher text (5a) besides being sent to the receiver end, is also routed in parallel to the two delay lines (13a) and (14a), whose delay lengths k and j can be comprised between 0 and any value.
- the cipher text after passing through the delay lines (13a) and (14a), arrives at two memory registers (15a) and (16a), with a capacity of / digits and m digits, respectively.
- the delay length values k and j must be selected in such a way that the stored digits in the register (15a) and the register (16a) do not coincide.
- registers (15a) and (16a) are updated each time a new digit of cipher text is generated. This cipher text digits enters into the delay lines (13a) and (14a) substituting the previous entered digit. The last digit of each delay line (13a) and (14a) comes out and enters into the registers (15a) and (16a) respectively.
- Figure 4 depicts the block diagram of the mechanism of random-synchronism of stream ciphers, at the receiver location, i.e. the decipher end; new blocks specific of this invention, not used in synchronous stream ciphers nor in self-synchronizing stream ciphers, are distinguished with a non discontinuous border.
- the block diagram is similar to the diagram of the cipher end, but there are three differences.
- the block (3b) consists of the incoming cipher text.
- the block (5b) consists of the recovered plaintext, which is the result of the combination (4b) of the cipher text digits with the key stream digits generated by the PRNG (2b).
- the input connection of both delay lines (13b) and (14b) is made before the combination (4b), by means of a XOR, of the cipher text (3b) digits and the key stream bits generated by the PRNG (2b).
- the rest of the elements of block diagram are equal to the ones in the cipher end, i.e. delay lines 13b and 14b which delay the cipher text k and j digits respectively; registers 15b and 16b to store the delay signals; a comparator 18b which compares the first delay signal with K2 stored in register 17b and sends a load order of jumping to a new state to the PRNG if the two signals agree.
- Said new state is loaded from the output of the transfer function state 1 1 b and may be dependent of a third key K3 stored in a register (13b).
- FIG. 5 illustrates the flowchart of the mechanism of random-synchronism of stream ciphers; steps 20, 21 , 22, 23, 24, 25, 26, 27, 28 and 29, are the normal steps of any synchronous stream cipher. The rest are the new steps which are added to convert it in a stream cipher with random-synchronism.
- Step 20 consists of initializing the PRNG, determining an initial state with the seed / ' .
- Step 21 consists of reading from the store 22 the key K ⁇ .
- Step 23 consists of advancing undisturbed to the next state of the PRNG each time that key stream digit is going to be generated according to the state transition function f (K1 , S) which controls it.
- Step 24 consists of generating one output key stream digit applying the function g to the key K ⁇ and the state generated.
- Step 25 consists of reading one digit of plaintext from the store 26.
- Step 27 consists of combining by means of the XOR operation the plaintext digit read in step 25 with the key stream digit generated in the step 24.
- the cipher text is obtained and stored in the store 29. The steps pertaining to the mechanism of random-synchronism of stream ciphers are described next and are shown in figure 5 with a discontinuous border.
- the step 20 besides initializing the PRNG in an initial state with the seed / ' , it resets to the zero state the contents of the delay lines (13a and 14a) and correspondent registers (15a and 16a) of the cipher end as well as the delay lines (13b, 14b) and registers (15b and 16b) of the decipher.
- Step 30 consists of reading the key 2, of / digits of size, from the store 31 .
- Step 32 consists of reading from the store 29 a string of / digits of cipher text L, (after a delay of / digits).
- Step 33 consists of comparing the key 2 with the delayed cipher text L; here a decision is taken: if both quantities are different, the system continues to step 23 and following; but if both quantities do agree the system continues to step 34.
- Step 34 consists of reading a string of m digits of cipher text M, from the store 29, after a delay of / digits.
- Step 35 consists of transform the m digits of cipher text M to obtain the future next state q ⁇ M) of the PRNG.
- Step 36 consists of forcing the next state of the PRNG to adopt the value of the transformed function q(M). Then the system continues to step 24 and following.
- Fig. 6 The block diagram of the proposed embodiment is illustrated in Fig. 6, which is similar to the block diagram depicted in Fig. 3.
- the numbering of blocks is the same in both figures, but instead of the suffix "a” used in Fig. 3, in Fig. 6 the suffix "c" is used.
- the PRNG (2c) consists now of a Linear Feedback Shift Register (LFSR), with a length 127, and characteristic polynomial x 127 + x 63 +1 (the bigger exponent is called the degree of the polynomial).
- the key K ⁇ consists of the initial state value of the shift register.
- the value of the exponents of the characteristic polynomial can be interpreted as a structural key, which is not changed frequently; it should be selected as to guarantee the maximum allowable repetition period, what is obtained selecting a primitive irreducible polynomial..
- the selected polynomial is just a trinomial, precisely a primitive one whose degree p is a Mersenne-prime (all polynomials of Mersenne-prime degree are irreducible).
- the length of the register (16c) is 128 bits.
- the transfer function (1 1 c) consists of an AES block cipher— whose block length is 128 bits— , and its key 3, stored in the register (19c), is selected with a length of 256 bits.
- the output of the transfer function AES K 3( ) is loaded into the LFSR of the
- PRNG as a new state forced value, each time that the comparator (18c) generates a new state load order.
- the output of the AES is a block of 128 bits and the LFSR is 127 bits in length, the most significant bit of the output block of the AES is discarded, prior to loading it into the LFSR.
- a PRNG made with a LFSR has perfect randomness properties but unfortunately is not secure, as it should be.
- the form of breaking a stream cipher, which uses a LFSR as PRNG, consists of determining the value of the characteristic polynomial of the LFSR and its present state. To determine them, it suffices to know a fragment of the generated key stream, of length double than the length of the shift register. Such fragment of the key stream can be learned by an opponent by means of a "known plaintext attack". But, when adding the mechanism of random synchronism, object of this invention, this kind of attack is fruitless, because an opponent cannot have access to the undisturbed string of 254 bits, necessary to mount the attack.
- an opponent will have a very low chance of finding an undisturbed string of 254 bits, necessary to determine the characteristic polynomial and the state of the LFSR.
- she could succeed in finding the characteristic polynomial and the state LFSR, she cannot profit of it, because the state of the LFSR will change very soon to a new unexpected forced value.
- the LFSR would generate, if undisturbed, an ideal key stream of 2 127 -1 bits of length.
- the net effect of the invention is equivalent to extracting different segments, at random, of arbitrary length, from the aforesaid ideal key stream, to build another key stream, chaining them together arranged in a completely new random order.
- the proposed embodiment has a strength much higher than the original stream cipher without random synchronism, because besides knowing the initial state of the shift register and characteristic polynomial, the attacker should know the keys 2 and K3 to break it.
- Fig. 7 is similar to the block diagram depicted in Fig. 3.
- the numbering of blocks is the same in both figures, but instead of the suffix "a" used in Fig. 3, in Fig. 6 the suffix "d" is used.
- the PRNG (2d) consists now of a block cipher TDEA in Counter Mode, being its block length 64.
- the key (1 d) is composed by the Counter initial state / ' and by the K ⁇ of the TDEA block cipher.
- the Counter is a simple 64 bit binary counter.
- the comparator (18c) generates a new state load order for the Counter of the PRNG, which causes that the Counter changes its count, jumping to a new count of completely random value, higher or lower than the original one.
- the transfer function equivalent to (1 1 a) is just an identity, i.e. it does not exist.
- the content of the register (16d) is loaded into the counter of the PRNG, as a new state forced value, each time that the comparator (18c) generates a new state load order. As a consequence of no existence of the transfer function there is neither any K3 key.
- a PRNG made with a TDEA in Counter Mode generates a random permutation, quite different from a pseudorandom sequence, because pseudorandom sequences show a great deal of repeated numbers (collisions), while random permutations have no collisions, i.e. all the generated numbers are different.
- the length of the sequence generated should be limited to a size much smaller than the "birthday bound"— which in the case of a 64 bits block cipher is just 2 32 bits— .
- a PRNG made with a TDEA in Counter Mode do generate authentic pseudorandom sequences.
- the length of the usable pseudorandom sequence can be as large as desired, because there is no more birthday bound limit.
- the length of the generated sequence can be even larger than the period of repetition of the undisturbed counter, i. e. in the present embodiment can be larger than 2 64 bits.
- the proposed embodiment has strength much higher than the original stream cipher without random synchronism, because besides knowing the initial state / of the Counter and the key K ⁇ , the attacker should know the key 2 to break it.
- the mechanism of random-synchronism of stream ciphers allows the synchronism of a stream cipher to take place at random points of time, hence an opponent cannot deduce the moment when the synchronism takes place, enhancing the system security.
- the transfer function q(M) may incorporate a third key K3 in its design, allowing a supplementary increase of security, because of the increase in difficulty of a brute force attack. In such a case, an opponent will need to try 2 (/+m) times more key values than were necessary without the random-synchronism mechanism.
- the transfer function q(M) may convert an insecure stream cipher, which makes use of a predictable PRNG (as a Feedback Linear Shift Register), in a secure stream cipher because the resulting key stream is no longer predictable due to the random forced jumps of the generator.
- PRNG feedback Linear Shift Register
- the PRNGs of some stream ciphers do not generate an authentic pseudorandom key stream, but simply a key-depending permutation of all the possible states of the generator. This is the case of a block cipher working in the Counter Mode or a Linear Congruential Generator. It is possible to recover the key stream of such stream ciphers by means of a known plaintext attack, and then to mount a distinction attack against the PRNG, observing that the generated key stream sequence shows no collisions (repetition of values), as a true pseudorandom sequence must show. The combination of these two attacks may allow an opponent to guess, with some probability of success, future values of the key stream.
- Playback attacks are noticeable and easily detected.
- the random-synchronism mechanism when an opponent records some cipher text bits and, at a later time, he substitutes this recording into current traffic, he induces much longer noticeable garbage in the recovered plaintext (while the receiving end resynchronizes) than in the case of using a self-synchronizing stream cipher, allowing the detection of the attack. This is because the random-synchronism does not take place every cipher text digits (as in a self-synchronizing system) but each 2' cipher text digits.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Synchronisation In Digital Transmission Systems (AREA)
Abstract
L'invention concerne un procédé et un système pour améliorer le cryptage de caractères chiffrés en flux de données, les données à crypter, appelées texte en clair, étant combinées avec une séquence aléatoire de caractères numériques, appelés flux de clé, pour obtenir le texte en clair crypté appelé texte chiffré. L'invention propose un nouveau type de synchronisme de caractères chiffrés en flux, l'action de synchronisation étant produite à des intervalles aléatoires selon un planning imprévisible.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
ES201130574A ES2409458B1 (es) | 2011-04-12 | 2011-04-12 | Método y sistema para mejorar la sincronización de cifrados de flujo |
ESP201130574 | 2011-04-12 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2012140144A1 true WO2012140144A1 (fr) | 2012-10-18 |
Family
ID=45976926
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2012/056685 WO2012140144A1 (fr) | 2011-04-12 | 2012-04-12 | Procédé et système pour améliorer la synchronisation de caractères chiffrés en flux |
Country Status (3)
Country | Link |
---|---|
AR (1) | AR086079A1 (fr) |
ES (1) | ES2409458B1 (fr) |
WO (1) | WO2012140144A1 (fr) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105141413A (zh) * | 2015-08-06 | 2015-12-09 | 吉林大学 | 基于流密码的循环链表异或加密方法及解密方法 |
CN105959118A (zh) * | 2016-04-28 | 2016-09-21 | 吉林大学 | 基于流密码的双位单向循环链表加密解密方法 |
WO2018121834A1 (fr) * | 2016-12-27 | 2018-07-05 | Figueira Helder Silvestre Paiva | Système de confidentialité dynamique d'augmentation d'équivoque |
US10154016B1 (en) | 2017-06-12 | 2018-12-11 | Ironclad Encryption Corporation | Devices for transmitting and communicating randomized data utilizing sub-channels |
WO2018231760A1 (fr) * | 2017-06-12 | 2018-12-20 | Daniel Maurice Lerner | Dispositifs de transmission et de communication de données aléatoires à l'aide de sous-canaux |
CN113824807A (zh) * | 2021-03-09 | 2021-12-21 | 北京沃东天骏信息技术有限公司 | 一种邀请码生成方法、装置、电子设备及存储介质 |
CN114844728A (zh) * | 2022-07-04 | 2022-08-02 | 道格特半导体科技(江苏)有限公司 | 序列化数据安全通信方法及大数据平台 |
EP4075718A1 (fr) * | 2021-04-13 | 2022-10-19 | Harris Global Communications, Inc. | Mode de fonctionnement par auto-synchronisation d'un algorithme de cryptage/décryptage |
CN117014208A (zh) * | 2023-08-09 | 2023-11-07 | 海光信息技术股份有限公司 | 数据加密方法、装置、系统、电子设备及存储介质 |
CN118013595A (zh) * | 2024-02-01 | 2024-05-10 | 广东全芯半导体有限公司 | 一种主控芯片随机缓存保密方法及系统 |
-
2011
- 2011-04-12 ES ES201130574A patent/ES2409458B1/es not_active Withdrawn - After Issue
-
2012
- 2012-04-12 AR ARP120101265 patent/AR086079A1/es not_active Application Discontinuation
- 2012-04-12 WO PCT/EP2012/056685 patent/WO2012140144A1/fr active Application Filing
Non-Patent Citations (4)
Title |
---|
"Fast Software Encryption", vol. 2355, 1 January 2002, SPRINGER BERLIN HEIDELBERG, Berlin, Heidelberg, ISBN: 978-3-54-043869-4, article AMMAR ALKASSAR ET AL: "Optimized Self-Synchronizing Mode of Operation", pages: 78 - 91, XP055038265 * |
HEYS H M: "Analysis of the statistical cipher feedback mode of block ciphers", IEEE TRANSACTIONS ON COMPUTERS, IEEE SERVICE CENTER, LOS ALAMITOS, CA, US, vol. 52, no. 1, 1 January 2003 (2003-01-01), pages 77 - 92, XP011095420, ISSN: 0018-9340, DOI: 10.1109/TC.2003.1159755 * |
STIG F MJÃ LSNES ED - JEAN-JACQUES QUISQUATER ET AL: "A Simple Technique for Diffusing Cryptoperiods", 10 April 1989, ADVANCES IN CRYPTOLOGY - EUROCRYPT '89 : WORKSHOP ON THE THEORY AND APPLICATION OF CRYPTOGRAPHIC TECHNIQUES, HOUTHALEN, BELGIUM, APRIL 10 - 13, 1989; [LECTURE NOTES IN COMPUTER SCIENCE], BERLIN [U.A.] : SPRINGER, DE, PAGE(S) 110 - 120, ISBN: 978-3-540-53433-4, XP019194424 * |
UELI M MAURER ED - DONALD W DAVIES: "New Approaches to the Design of Self-Synchronizing Stream Ciphers", 8 April 1991, ADVANCES IN CRYPTOLOGY EUROCRYPT 91, SPRINGER BERLIN HEIDELBERG, BERLIN, HEIDELBERG, PAGE(S) 458 - 471, ISBN: 978-3-540-54620-7, XP019194235 * |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105141413A (zh) * | 2015-08-06 | 2015-12-09 | 吉林大学 | 基于流密码的循环链表异或加密方法及解密方法 |
CN105141413B (zh) * | 2015-08-06 | 2018-05-15 | 吉林大学 | 基于流密码的循环链表异或加密方法及解密方法 |
CN105959118A (zh) * | 2016-04-28 | 2016-09-21 | 吉林大学 | 基于流密码的双位单向循环链表加密解密方法 |
WO2018121834A1 (fr) * | 2016-12-27 | 2018-07-05 | Figueira Helder Silvestre Paiva | Système de confidentialité dynamique d'augmentation d'équivoque |
US11233628B2 (en) | 2016-12-27 | 2022-01-25 | Helder Silvestre Paiva Figueira | Equivocation augmentation dynamic secrecy system |
US10673830B2 (en) | 2017-06-12 | 2020-06-02 | Daniel Maurice Lerner | Devices for transmitting and communicating randomized data utilizing sub-channels |
WO2018231760A1 (fr) * | 2017-06-12 | 2018-12-20 | Daniel Maurice Lerner | Dispositifs de transmission et de communication de données aléatoires à l'aide de sous-canaux |
US10154016B1 (en) | 2017-06-12 | 2018-12-11 | Ironclad Encryption Corporation | Devices for transmitting and communicating randomized data utilizing sub-channels |
CN113824807A (zh) * | 2021-03-09 | 2021-12-21 | 北京沃东天骏信息技术有限公司 | 一种邀请码生成方法、装置、电子设备及存储介质 |
EP4075718A1 (fr) * | 2021-04-13 | 2022-10-19 | Harris Global Communications, Inc. | Mode de fonctionnement par auto-synchronisation d'un algorithme de cryptage/décryptage |
US11870884B2 (en) | 2021-04-13 | 2024-01-09 | Harris Global Communications, Inc. | Self-synchronizing mode of operation for an encryption/decryption algorithm |
CN114844728A (zh) * | 2022-07-04 | 2022-08-02 | 道格特半导体科技(江苏)有限公司 | 序列化数据安全通信方法及大数据平台 |
CN117014208A (zh) * | 2023-08-09 | 2023-11-07 | 海光信息技术股份有限公司 | 数据加密方法、装置、系统、电子设备及存储介质 |
CN117014208B (zh) * | 2023-08-09 | 2024-04-09 | 海光信息技术股份有限公司 | 数据加密方法、装置、系统、电子设备及存储介质 |
CN118013595A (zh) * | 2024-02-01 | 2024-05-10 | 广东全芯半导体有限公司 | 一种主控芯片随机缓存保密方法及系统 |
Also Published As
Publication number | Publication date |
---|---|
ES2409458B1 (es) | 2014-06-24 |
AR086079A1 (es) | 2013-11-20 |
ES2409458R1 (es) | 2013-08-26 |
ES2409458A2 (es) | 2013-06-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2012140144A1 (fr) | Procédé et système pour améliorer la synchronisation de caractères chiffrés en flux | |
US20060265595A1 (en) | Cascading key encryption | |
US7900047B2 (en) | Method and apparatus for encrypting data transmitted over a serial link | |
US8687800B2 (en) | Encryption method for message authentication | |
US8259934B2 (en) | Methods and devices for a chained encryption mode | |
US20030123667A1 (en) | Method for encryption key generation | |
US8744078B2 (en) | System and method for securing multiple data segments having different lengths using pattern keys having multiple different strengths | |
US7464171B2 (en) | Effective protection of computer data traffic in constrained resource scenarios | |
US20110107086A1 (en) | Secure authentication and privacy of data communication links via dynamic key synchronization | |
WO1996002992A1 (fr) | Procede d'emission de signaux et systeme de communication | |
WO2007044042A2 (fr) | Procédés et appareil de codage | |
US7376232B2 (en) | Computer system security via dynamic encryption | |
CN103117850A (zh) | 一种基于随机序列数据库的密码系统 | |
Shaker et al. | Digital Signature Based on Hash Functions | |
Hudde | Building stream ciphers from block ciphers and their security | |
US11909893B2 (en) | Composite encryption across cryptographic algorithms | |
Mishra et al. | Comparative Study Of Efficient Data Hiding Techniques | |
Eskeland | Stream ciphers-Cryptography | |
Toliupa et al. | RF Signals Encryption with AES in WDID. | |
CN114143022A (zh) | 数据加密方法、数据传输方法和数据解密方法及相关装置 | |
CN118740825A (zh) | 车辆的配置文件的传输方法、装置、存储介质和车辆 | |
AU2011101338A4 (en) | Method for Encryption and Decryption without conventional keys | |
Barlow | Symmetric encryption with multiple keys: techniques and applications | |
Devi et al. | A Research: Image Encryption Using Chaotic and Logistic Map and Pixel Hobbling | |
PIPER et al. | Some mathematical aspects of security in the automated business environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 12715364 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 12715364 Country of ref document: EP Kind code of ref document: A1 |