WO2015031949A1 - Data encryption process - Google Patents
Data encryption process Download PDFInfo
- Publication number
- WO2015031949A1 WO2015031949A1 PCT/AU2014/000884 AU2014000884W WO2015031949A1 WO 2015031949 A1 WO2015031949 A1 WO 2015031949A1 AU 2014000884 W AU2014000884 W AU 2014000884W WO 2015031949 A1 WO2015031949 A1 WO 2015031949A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- encryption
- encryption key
- data
- data package
- key
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 86
- 230000008569 process Effects 0.000 title claims abstract description 72
- 230000000295 complement effect Effects 0.000 claims abstract description 69
- 238000012545 processing Methods 0.000 claims description 48
- 230000000873 masking effect Effects 0.000 claims description 32
- 239000000203 mixture Substances 0.000 claims description 29
- 230000003068 static effect Effects 0.000 claims description 14
- 238000010348 incorporation Methods 0.000 claims description 2
- 238000004590 computer program Methods 0.000 claims 3
- 230000001105 regulatory effect Effects 0.000 abstract description 24
- 238000004458 analytical method Methods 0.000 abstract description 11
- 230000007704 transition Effects 0.000 abstract description 11
- 230000000875 corresponding effect Effects 0.000 description 47
- 238000006243 chemical reaction Methods 0.000 description 37
- 239000011159 matrix material Substances 0.000 description 19
- 238000006467 substitution reaction Methods 0.000 description 12
- 238000000354 decomposition reaction Methods 0.000 description 5
- 239000002243 precursor Substances 0.000 description 5
- 230000009466 transformation Effects 0.000 description 4
- 230000002596 correlated effect Effects 0.000 description 3
- 230000001360 synchronised effect Effects 0.000 description 3
- 241001441724 Tetraodontidae Species 0.000 description 2
- 230000004075 alteration Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 2
- 125000004122 cyclic group Chemical group 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 238000005457 optimization Methods 0.000 description 2
- 230000003362 replicative effect Effects 0.000 description 2
- 241000270295 Serpentes Species 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000013479 data entry Methods 0.000 description 1
- 230000008030 elimination Effects 0.000 description 1
- 238000003379 elimination reaction Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000008570 general process Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
- 230000008685 targeting Effects 0.000 description 1
- 238000000844 transformation Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/005—Countermeasures against attacks on cryptographic mechanisms for timing attacks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
- G09C1/00—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/04—Masking or blinding
- H04L2209/046—Masking or blinding of operations, operands or results of the operations
Abstract
An encryption system and process are disclosed in this specification. The disclosed process reduces the feasibility of power analysis attacks by regulating the power consumed by an encryption system during an encoding process. The system synchronously encrypts complementary data using reciprocal encryption keys to balance bit transitions and decorrelate power characteristics from the data being processed (the encryption key and data package). A specific application using the AES cipher is presented.
Description
DATA ENCRYPTION PROCESS
Field of the Invention
The present invention relates to a data encryption process and system.
Background
Cryptographic algorithms transform data (often referred to as plaintext') into xciphertext' . The object of these algorithms (commonly referred to as xciphers' ) is to prevent extraction of the plain text from the cipher text without an independent encryption key. The encryption key is a unique string that is used by the cipher during the encryption process to transform the plain text to the cipher text. The same encryption key may be used to decrypt the ciphertext (symmetric key encryption) , or a separate decryption key
(mathematically linked to the encryption key) may be required (public key encryption) .
The cryptographic strength of a cipher is typically evaluated from the theoretical effort required to extract the plain text from the cipher text without the encryption key. This evaluation is usually limited to cryptanalysis
(theoretical assessment of the cryptographic algorithm) .
Common cryptanalysis procedures include related key attacks, differential cryptanalysis and linear cryptanalysis. A cipher is considered cryptographically broken if there is a cryptographic attack that is computationally faster than a brute-force attack. Cryptographically broken ciphers may still provide adequate security if the computational effort involved in extracting the plain text makes the theoretical attack infeasible. The Advanced Encryption Standard (AES) is an example of a cryptographically broken cipher that is widely adopted for secure data encryption.
The security of ciphertext may also be compromised by side-channel attacks that target the implementation of a cryptographic system. Side-channel attacks extract and analyse data inadvertently leaked from the physical system
implementing a cipher. Common side channel attacks include
cache-timing attacks (analysing the memory usage of the encryption system) or power analysis attacks. These attacks generally require physical access to the system implementing the cipher (such as a smart card) .
Summary of the Invention
In a first aspect, the invention provides an encryption process comprising:
receiving a data package for encryption and a
corresponding encryption key,
deriving complements of the received data package and the encryption key using bitwise operations,
establishing four unique encoding pairs from the received data package, the encryption key and the respective
complements, each encoding pair having a data component and an encryption key component, and
simultaneously encrypting the data component of each encoding pair within a single encryption system using the corresponding encryption key component.
In an embodiment, defined registers within the encryption system are cleared before writing intermediate outputs to the defined registers during encryption of the respective data components .
In an embodiment, the respective data components of each encoding pair are encrypted using identical encryption
algorithms that are independently executed by a single
processing unit within the encryption system.
In an embodiment, the execution of each encryption algorithm is synchronized to a single system clock.
In an embodiment, replacement look up tables are
generated from a standardized look up table defined for the encryption algorithms, the replacement lookup table for the individual encryption algorithms reflecting the composition of the corresponding encoding pairs.
In an embodiment, a masking algorithm is executed within the single encryption system concurrently with encryption of the respective data components.
In an embodiment, an unbalanced masking cipher that uses an independent masking key to encrypt data is executed within the single encryption system concurrently with encryption of the respective data components, and the composition of the masking key is dynamically altered.
In a second aspect, the invention provides an encryption system comprising:
a parsing engine that is configured to generate four unique encoding pairs from an individual data package and corresponding encryption key, each of the unique encoding pairs comprising a data component and an encryption key component selected from:
i. the data package,
ii. the encryption key for the data package,
iii. a bitwise complement of the data package, and
iv. a bitwise complement of the encryption key, and
a processing unit that is configured to simultaneously encrypt the data component of each encoding pair using a corresponding encryption key component.
In an embodiment, the system comprises an inversion engine that is configured to generate complements of received data packages and corresponding encryption keys for
incorporation in the encoding pairs generated by the parsing engine .
In an embodiment, the inversion engine is configured to generate complementary look up tables for each encryption algorithm that reflect the composition of the corresponding encoding pairs.
In an embodiment, the system comprises a memory
management module that is configured to clear defined
registers within the processing unit before writing
intermediate outputs to the registers during encryption of the respective data components.
In an embodiment, the system comprises a system clock that is used by the processing unit to synchronize execution of each encryption algorithm within the processing unit.
In a third aspect, the invention provides an encryption process comprising:
receiving a data package for encryption and a
corresponding encryption key for use encoding the data package,
generating four unique encoding pairs each having a data component and an encryption key component derived from the received data package and encryption key, and
simultaneously encrypting the respective data components of each encoding pair using the corresponding encryption key component within a single encryption system.
In an embodiment, complements of the received data package and the encryption key are derived using bitwise operations, and
the four unique encoding pairs are established from the received data package, the encryption key and the respective complements.
In an embodiment, defined registers within the encryption system are cleared before writing intermediate outputs to the defined registers during encryption of the respective data components .
In an embodiment, the respective data components of each encoding pair is encrypted using identical encryption
algorithms that are independently implemented by a single processing unit within the encryption system.
In an embodiment, the execution of each encryption algorithm is synchronized to a single system clock.
In an embodiment, complementary look up tables are generated for each encryption algorithm that reflect the composition of the corresponding encoding pairs.
In a fourth aspect, the invention provides an encryption process comprising synchronously executing a plurality of identical encryption algorithms within a single encryption system to decorrelate the power consumption of the encryption system from a primary encryption process encoding a received data package and corresponding encryption key.
In an embodiment, four independent encryption algorithms are simultaneously executed within the encryption system to regulate static and dynamic power consumption of the
encryption system.
In an embodiment, four unique encoding pairs are generated from a received data package and a corresponding encryption key, each encoding pair comprising a data component and an encryption key component.
In an embodiment, complements of the received data package and encryption key are derived using bitwise
operations, and
the four unique encoding pairs are established from the received data package, the encryption key and the respective complements.
In an embodiment, defined registers within the encryption system are cleared before writing intermediate outputs to the defined registers during encryption of the respective data components.
In an embodiment, each encryption algorithm is executed synchronously using a single system clock.
Brief description of the drawings
Embodiments of the invention will now be described, by way of example only, with reference to the accompanying figures, in which:
Figure 1 is a block representation of the Advanced
Encryption Standard (AES) cipher illustrating the logical relationship between the encryption key and plaintext.
Figure 2 is a schematic representation of an encryption system that regulates power consumption during an encryption process by executing a plurality of individual ciphers with bitwise balanced inputs.
Figure 3 is a block representation of an encryption algorithm involving the synchronous execution of multiple block ciphers.
Detailed Description
An embodiment of an encryption process and system which reduces the scope for power analysis attacks is described in this specification. A particular implementation of power regulating algorithm 50 in accordance with an embodiment of the present invention is depicted in Figure 3. The illustrated
algorithm 50 uses the Advance Encryption Standard (AES) .
However, the invention is equally applicable to other ciphers (such as the triple DES, Serpent, Twofish, RC6 and MARS algorithms) .
The algorithm depicted of Figure 3 comprises a plurality of identical encryption ciphers that are independently
executed using a single encryption system. The same
methodology can be applied to regulate power consumption with a single cipher (described later in this specification) . Both single and multiple cipher embodiments regulate the power consumed by the encryption system during the encoding process. The encoding processes disclosed in this specification are typically executed within an encryption system using a single source of power. This reduces the feasibility of power
analysis attacks targeting individual components within the encryption system. A single encryption system may comprise multiple processing units that share a common power supply and are not readily isolated for independent power analysis (such as enclosed systems with tamper resistance and/or a tamper shutdown mechanism) .
The ciphers illustrated in Figure 3 are ideally
implemented by a single processing unit (such as an ASIC, FPGA, multicore processor or software within a single
processing core) within the encryption system. The encryption system executes the respective encryption ciphers
simultaneously to regulate the static and dynamic power consumption of the processing unit.
The inputs to the encryption system are typically limited to the data package being encrypted (often referred to as the plaintext' ) and a corresponding encryption key. The
encryption system generates four unique encoding pairs from the inputs, using bitwise complements of the data package and the encryption key to supplement the original inputs.
Each encoding pair comprises a data component (either the received data package or the complement of the data package) and an encryption key component (either the encryption key or the complement of the encryption key) . The four ciphers depicted in Figure 3 each receive a unique encoding pair. The
encoding pairs for each cipher (as depicted from left to right) are:
1. data/key,
2. data/complement ( key) ,
3. complement (data) /key,
4. complement (data) /complement (key)
The encryption system regulates the dynamic and static power consumption of the processing unit by synchronously encoding the plaintext component of each encoding pair. This decorrelates the power consumption of the processing unit from the encryption system inputs (the encryption key and the plaintext) , making conventional side-channel power consumption attacks infeasible.
The encryption system duplicates the logic operations of the fundamental cipher at each clock cycle (using the
algorithm depicted in Figure 3) to synchronously produce complementary bit patterns in the registers of the processing unit. Balancing the bit patterns produced by the cipher removes underlying correlations between the register states and the processing unit power consumption.
The power consumption attributable to memory in typical processing units is correlated to the state of the processing unit registers and transitions between different register states (static and dynamic power consumption respectively) . Conventional power analysis attacks use this correlation to calculate the register values produced by a cipher and derive a corresponding encryption key.
Static power consumption is the power used to maintain the state (bit pattern) of a register. The power consumed maintaining a zero register (a register comprising no non-zero bits) is different to the power required to maintain a
register with non-zero bits.
Dynamic power consumption is the power used to transition between different memory states (bit patterns) . The power consumed transitioning from zero to non-zero bit values is different than the power consumption of non-zero bit values
transitioning to zero bit value.
The encryption system is capable of regulating both static and dynamic power consumption within the processing unit by synchronously executing four identical ciphers. The composition of the encoding pairs depicted in Figure 3 offset bit transitions within the processing unit by balancing bit transitions in complementary registers. Each zero to non-zero bit transition is offset by a non-zero to zero bit transition at a corresponding bit position in a complementary register. This regulates the dynamic power consumption of the processing unit. The encryption system regulates the static power
consumption of the processing unit by simultaneously balancing maintained bit states within the registers. Each zero bit state that is maintained during a clock cycle is offset by the maintenance of a non-zero bit state at a corresponding bit position in a complementary register.
This ensures that the power consumption for the entire encryption system (the four block ciphers) remains
substantially constant for each clock cycle, effectively decoupling the system' s power consumption from the plaintext and the encryption key. The encryption system may also
generate complementary look up tables for ciphers with byte substitutions (described later in relation to the AES cipher) .
A block representation of an Advanced Encryption Standard (AES) implementation is depicted in Figure 1. The Advanced Encryption Standard is a widely adopted specification for encryption of electronic data. It is based on the Rijndael block cipher.
The Advanced Encryption Standard (AES) algorithm uses a secret key and fixed lookup table to encrypt input data packages (the plaintext' ) . The data package being encrypted is decomposed into 4x4 byte matrices (termed the xstate' ) . The individual state matrices generated for a data package are encoded in 10, 12 or 14 rounds (depending on the length of the encryption key) . Each round can be decomposed in several sub- procedures. The sub-procedures for a 128 bit encryption key include :
1. Application of an 'exclusive or' (XOR) operation 27 using the state matrix (128 bits of the data package) and the 128 encryption bit key.
2. Decomposition of the state (following the XOR
operation 27) into 16 individual bytes and substitution 25 of isolated bytes for values from a lookup table 20.
3. Cyclic permutation of each row from the state 26 and subsequent permutation of the columns within the state 28.
4. Decomposition of the encryption key into bytes and substitution 25 of 4 bytes from the encryption key with values from the lookup table 20.
5. Application of an 'exclusive or' (XOR) operation 27 using the state and one byte from the modified key (the selected byte depending on the round of encryption) .
The power used by a processor implementing the Advanced Encryption Standard (AES) can be divided into static and dynamic consumption. Static power consumption is the power drawn by the circuit maintaining an existing state between two consecutive clock pulses. Dynamic power consumption is the power drawn by the circuit changing state.
Every gate of the circuit draws power for each clock cycle. The amount of power drawn by a gate depends on the operation of the gate. The power regulating algorithm
disclosed in this specification decorrelates the power
consumption of the encryption circuit from the primary
encryption process using the received data package and
corresponding encryption key.
A schematic representation of an encryption system 114 is depicted in Figure 2. The system 114 comprises a single processing unit 102 that simultaneously executes four
identical ciphers. The illustrated encryption system 114 comprises a generic computing system with dedicated modules
that execute the power regulating algorithm. The encryption algorithm may also be implemented in an Application Specific Integrated Circuitry (ASIC) , Programmable Gate Arrays (such as an FPGA) or another compatible processor.
The illustrated encryption system 114 receives data for encryption (data packages) and corresponding encryption keys from a single data source 120 (although the data package and encryption keys may originate from different sources in practice) . The data source 120 in Figure 2 is depicted
external to the encryption system 114. Typical external data sources include remote computing systems that are connected to the encryption system by a data network (such as the Internet) and portable memory device (such as USB drives) . Data and/or encryption keys may also be received from applications running on the host computing system (i.e. the computing system implementing the encryption algorithm) . For example, the host computing system may implement an application that facilitates reception of plaintext data packages directly from a user (through keyboard 100 and user interface 112) .
The encryption system 114 incorporates a parsing engine
110 that processes received data packages and encryption keys prior to encoding. The parsing engine 110 generates four unique encoding pairs from the received inputs. Each encoding pair comprises a data component and an encryption key
component .
The components of each encoding pair are derived from the inputs that the encryption system receives. The encryption system 114 includes an inversion engine 104 that generates the individual components of the encoding pairs. The inversion engine 104 generates bitwise complements of the data packages and encryption keys received by the encryption system 114. The complements are transmitted to the parsing engine 110 with the corresponding data package and encryption key.
The parsing engine 110 combines the data package,
encryption key and complements in four unique encoding pairs. Each encoding pair comprises a data component (either the received data package or the complement of the data package) and an encryption key component (either the encryption key or
the complement of the encryption key) . The composition of the four unique encoding pairs are presented in Table 1.
Table 1 : Composition of the four unique encoding pairs
Each encoding pair is transferred to the processing unit 102 and allocated to a corresponding cipher. The respective ciphers simultaneously encrypt the data component of each encoding pair using the corresponding encryption key
component .
The inversion engine 104 may also generate complementary look up tables that reflect the composition of the
corresponding encoding pairs. Complementary lookup tables are commonly used with block ciphers that utilize static lookup tables (such as the Rijndael cipher) .
The encryption system illustrated in Figure 2
incorporates a memory management module 108. The memory management module 108 'clears' defined registers within the processing unit 102 before the registers are used to store intermediate outputs during the encoding process (i.e. before the registers are written to by the processing unit 102) . The registers are uniformly xpre-charged' with either zero or non¬ zero bit values by the memory management 108 module to clear any residual differences that may be exploited. The memory management module 108 is typically integrated with the
processing unit 102 to facilitate this functionality.
The processing unit 102 synchronously executes the individual ciphers to ensure that the static and dynamic power consumption of the encryption system 114 is regulated. The illustrated encryption system incorporates a system clock 106 that cyclically generates a reference signal for the
processing unit 102. The processing unit 102 regulates
execution of the respective ciphers using the reference signal
from the system clock 106.
A block representation of an encryption algorithm that regulates static and dynamic power consumption is depicted in Figure 3. The illustrated algorithm 50 comprises four
independent ciphers 51, 52, 53, 54 that are executed by a single encryption system. The Rijndael cipher is depicted in Figure 3 (although the power regulating methodology is equally applicable to other encryption algorithms) .
The depicted algorithm 50 regulates the static and dynamic power consumed by the encryption system by offsetting logic gate operations within a corresponding processing unit. The operations performed by the encryption algorithm 50 for a 128 bit encryption key include:
1. decomposing an input data package received by the
encryption system into 128 bit data blocks,
2. replicating each data block to produce a corresponding duplicate data block,
3. generating complements of each data block and duplicate data block,
4. replicating the corresponding encryption key received by the encryption system to produce a duplicate encryption key,
5. generating complements of the encryption key and the duplicate encryption key,
6. establishing four unique encoding pairs from the data packages, encryption keys and respective complements,
7. generating complementary look up tables for each
encryption algorithm that reflect the composition of the corresponding encoding pairs, and
8. simultaneously encrypting the data component of each encoding pair within a single encryption system using the corresponding encryption key component.
The encoding pairs each comprise a data component 15 and an encryption key component 10. The respective components of an encoding pair are used as the inputs to one of the block ciphers executed by the processing unit.
The Advanced Encryption Standard defines the use of a lookup table (termed the xRijndael S-Box' ) for byte
substitutions 25 in each encryption round. The encryption algorithm 50 illustrated in Figure 3 generates four distinct lookup tables 20 that replace the standard xRijndael S-Box' in the depicted ciphers 51, 52, 53, 54. The replacement lookup tables 20 are derived from the xRijndael S-Box' and depend on the composition of the encoding pair input to the
corresponding cipher 51, 52, 53, 54. The illustrated lookup tables 20 are defined by the following relationships with the xRijndael S-Box' :
Table 1 Too(x) = T(x)
Table 2 oi (x) = complement (T (x) )
Table 3 io (complement (x) ) = T (x)
Table 4 Tii (complement (x) ) = complement (T (x)
Where :
x = an individual byte within a lookup table. ij (x) = the output from one of the lookup tables generated by the encryption algorithm 50 for the defined byte (x) .
T (x) = the output from xRijndael S-Box' for the defined byte (x) .
The parsing engine 110 matches the replacement lookup tables 51, 52, 53, 54 with reciprocal encoding pairs. The
encoding pairs and corresponding lookup tables are
synchronously processed by the ciphers 51, 52, 53, 54
illustrated in Figure 3. The data package, encryption key and lookup table combinations depicted in Figure 3 comprise:
Table 2: Replacement lookup table/encoding pair combinations
The encoding pairs and replacement lookup tables derived by the algorithm 50 balance the overall bit composition of the processing unit inputs (i.e. the total number of zero bit states and non-zero bit states are equal for both the data components and encryption key components) . This ensures that the 'exclusive or' (XOR) operations performed by the
respective ciphers produce equal quantities of each possible bit transformation within the processing unit. The bit transformation balance at each clock cycle is summarized in table 3.
Table 3: The ratio of bit transformations per clock cycle
The encryption algorithm 50 ideally clears the data registers 31 and key registers 30 used by the processing unit to store intermediate values prior to write operations. This ensures the substitution and permutation operations performed by the respective ciphers are balanced (as summarised in Table 3) .
The illustrated encryption algorithm 50 uniformly pre- charges the registers 30, 31 with zero or non-zero bit values
at initiation (typically during a xstart-up' routine) and before each write operation. For example, a permutation operation involves:
• copying a row/column from the xstate' matrix to a zeroed register,
• zeroing the original register that the row/column was
copied from, and
• copying back the shifted row/column.
A similar process is applicable for pre-charging
registers with non-zero bit values.
The operations executed by each cipher offset operations from another cipher within the processing unit. This
decorrelates the power profile for the processing unit (the power consumed during each clock cycle) from the primary encryption process (encoding the data package with the
corresponding encryption key) . The encryption algorithm 50 depicted in Figure 3 consumes approximately four times the power of an individual cipher to conceal correlations between the encryption key and the power characteristics of the system. This decorrelation makes side-channel power
consumption attacks on the overall processing unit infeasible.
Masking power consvimption profile of the processing unit
The power regulating algorithm disclosed in this
specification may be augmented with masking processes that actively disrupt power analysis attacks. Conventional masking implementations produce power consumption characteristics that are not correlated with the underlying ^secure' encryption algorithm. The extraneous xnoise' produced by masking
algorithms interferes with power consumption relationships used in power analysis attacks. The encryption algorithm 50 can be executed concurrently with a masking process to improve resistance to power analysis attacks. The masking process and encryption algorithm are typically executed within a single processing unit.
Compatible masking algorithms include pseudo-random power consumption processes and auxiliary Unbalanced' ciphers.
These masking techniques are typically executed synchronously
with the regulated encryption algorithm 50 depicted in Figure 3 to mislead power analytic correlations. For example, the encryption process depicted in Figure 3 may be executed simultaneously with an auxiliary Unbalanced' cipher that intentionally xleaks' a disruptive power trace (uncorrelated to the encryption key components 10) . The disruptive power trace is usually correlated to a slow changing xmasking' key (an independent encryption key used by the masking algorithm) that complicates power analysis attacks.
Masking keys are usually selected at random and may be dynamically altered during the encryption process to avoid isolation of the xleaked' power trace. This complicates elimination of the intentionally xleaked' power trace from the overall power consumption characteristics of the encryption system. For example, individual bits within the masking key may be slowly xflipped' (transitioned from zero-to-one or one- to-zero) while the encryption system is operating.
Ideally, a random or pseudo-random key alteration process is used to change the composition of the masking key during encryption. The xbit flipping' process can be randomized by allocating each bit a xflipping probability' that generally defines the xflipping' rate of the corresponding bit (and the alteration rate of the encryption key) . The state of each bit within the masking key is evaluated at distinct intervals during the encryption process using a random or pseudo-random probability function that is initiated with the xflipping probably' of the corresponding bit. The masking key is
typically evaluated using uniform xbit flipping probabilities' (of magnitude 0.001% for slow changing keys) during each round of encryption.
Exemplary power regulating software using the AES cipher
An exemplary power regulating encryption algorithm using the Advanced Encryption Standard (AES) is described in this section of the specification. The methodology can be applied to other block ciphers (such as DES, IDEA, RC5 and Blowfish) . The disclosed algorithm is implemented in software that is optimized for a single 32-bit processing unit (a processor
with 32-bit registers) . The methodology may also be extended to other software optimizations (including optimizations for multi-core processors and 64-bit processors) and dedicated hardware systems.
Conventional software implementations of the Advanced Encryption Standard (AES) algorithm encode data in discrete blocks. Each data block (termed the xstate' ) is compiled from 16 bytes of data extracted from a data package. The data blocks are allocated in a 4 byte by 4 byte matrix (the state matrix) and encrypted in independent cycles of the AES cipher.
Each cycle of the AES cipher encodes an individual state matrix. The encoded output is termed xciphertext' . Successive state matrices generated from a common data package are subjected to identical encryption rounds using a common encryption key. The output of each encryption cycle is
compiled in the xciphertext' (the encrypted output produced from a data package) .
The encryption cycles for the AES cipher comprise 10, 12 or 14 encoding rounds (depending on the length of the
encryption key) . Each round of an encoding cycle comprises several defined sub-procedures. The sub-procedures for a 128 bit encryption key include:
1. Application of an XOR operation 27 using the state matrix (128 bits of the data package) and the 128
encryption bit key.
2. Decomposition of the state (following the XOR
operation 27) into 16 individual bytes and substitution 25 of isolated bytes for values from a lookup table 20.
3. Cyclic permutation of each row from the state 26 and subsequent permutation of the columns within the state 28.
4. Decomposition of the encryption key into bytes and substitution 25 of 4 bytes from the encryption key with values from the lookup table 20.
5. Application of an XOR operation 27 using the state and one byte from the modified key (the selected byte
depending on the round of encryption) .
The power regulating cipher disclosed in this section of the specification uses expanded state, encryption key and reference (lookup table) matrices to balance bit transitions. The state matrix for each encoding cycle is compiled from successive entries within a corresponding data package.
Each iteration of the state matrix is passed to the AES cipher and encrypted in an independent encoding cycle. The same encryption key is used for each cycle. The parsing engine 110 and the inversion engine 104 compile input registers for the encoding cycles from the data package and corresponding encryption key. Each 32-bit input register is compiled from a single entry (comprising one byte of data) from one of the inputs to the encryption algorithm (either the data package or the encryption key) .
The parsing engine 110 uses data slots within the
respective registers to allocate input entries (generated from the data package and encryption key) . Each 32-bit input register has four data slots. The respective data slots each have capacity for one byte (8 bits) . The parsing engine 110 copies a single 8 bit entry from either the data package or encryption key (the source) to two data slots within a single input register (the destination) . Sequential copy operations are typically used to reproduce the source entry in both destination data slots. The remaining two data slots within the register are filled with bitwise complements of the copied entry (the same entry the parsing engine 110 copied from the data package or encryption key to the first two slots within the register) .
Each 32-bit input register contains two copies of an original input entry (one byte from either the data package or the encryption key) and two bitwise complements generated from the original input entry. The inversion engine 104 generates bitwise complements for each original entry copied to the
input registers by the parsing engine 110.
The parsing engine 110 and the inversion 104 compile reciprocal input registers for the state and encryption key. The reciprocal input registers pair input entries from the state matrix with corresponding entries from the encryption key. Each set of reciprocal input registers contains four unique encoding pairs. The encoding pairs are linked by relative position within the respective registers (using the data slots for alignment) . The parsing engine 110 and the inversion engine 104 use the data slots to align the xstate' and Encryption key' pairs compiled in reciprocal input registers .
The input pairs generated by the parsing engine 110 and the inversion engine 104 mirror the encoding pairs used by the power regulating algorithm to offset power correlations
(presented in Table 1) . A pair of reciprocal input registers is presented in Table 4.
Table 4 : Byte allocation within reciprocal input registers
The reciprocal input registers presented in Table 4 are compiled for a 32-bit processing unit. The composition of the registers facilitates power regulation with a single AES cipher. The AES cipher manipulates the state matrix and encryption key pairs contained within the input registers during the encryption cycle to produce four xciphertext' outputs .
The allocation of encoding pairs within reciprocal input registers balances bit transitions for XOR operations 27 between the respective state and encryption key entries. The processing unit performs the XOR operations 27 at register level. Each set of reciprocal input registers produces the bit transformation pattern presented in Table 3 when subjected to XOR operations 27.
A compatible set of lookup table registers can be used to
regulate the substitution operations 25 performed by the AES cipher. The parsing engine 110 and the inversion engine 104 produce compatible lookup table registers from the xRijndael S-Box' (the lookup table defined in the Advanced Encryption Standard) . An exemplary set of registers showing the relative composition of entries within compatible state, encryption key and lookup table registers is presented in Table 5.
Table 5: Replacement lookup table/encoding pair combinations
Where :
XOR (data (i, j ) , key (i, j ) )
XOR (data ( i , j ) , complement ( key ( i , j ) ) )
XOR (complement (data (i, j ) ) , key (i, j ) )
The composition of the lookup table registers facilitates register level substitutions. The power regulating cipher is capable of identification substitution registers with a single lookup operation and substituting the selected register for a corresponding register of the expanded state matrix. The parsing engine 110 and/or the inversion engine 104 align entries within the lookup table with corresponding entries in the state and encryption registers. The position of entries within the respective registers mirrors the composition used by the ciphers illustrated in Figure 3 (summarized in Table
2) .
The reciprocal composition of the input registers and lookup table registers facilitate register level
substitutions. For example, the state register presented in Table 5 may be replaced by a corresponding lookup table register (selected by the AES cipher) to complete a xstate' substitution operation 27.
The lookup table registers are compiled using the same
methodology that was used to produce the input registers. The parsing engine 110 copies one entry (comprising one byte of data) from the xRijndael S-Box' to two data slots within a single lookup table register. The remaining two data slots within the register are filled with bitwise complements of the copied entry (the same entry from xRijndael S-Box' ) .
Each 32-bit lookup table register contains two copies of an original entry from the xRijndael S-Box' and two bitwise complements generated from the original xS-Box' entry. The inversion engine 104 generates the bitwise complements. The parsing engine 110 and the inversion engine 104 use data slots within the respective registers to align the state, encryption key and lookup table entries.
The general process used to compile 32-bit registers for the AES cipher comprises:
• sequentially extracting entries from a single source (the data package, encryption key or xRijndael S-Box')
• duplicating each of the extracted entries,
• generating bitwise complements the duplicates, and
· allocating the duplicated entries and bitwise complements within a 32-bit register.
The parsing engine 110 and the inversion engine 104 produce four unique encoding pairs within each set of
reciprocal input registers. The encoding pairs are defined by position (mirrored data slots) within the respective
registers. For example, the data entry in slot 2 of the state register is paired with the key entry in slot 2 of the
encryption key register. S-Box entries are aligned with reciprocal entries in the xstate' register (as presented in Table 5) . The registers compiled for the encryption key may be reused in multiple encryption cycles as the key entries remain unchanged for each iteration of the state matrix.
The parsing engine 110 and the inversion engine 104 match each 8 bit entry from a data package with a corresponding 8 bit entry from the encryption key. The matched inputs (8 bits from the data package and 8 bits from the encryption key) are duplicated, complimented and compiled into reciprocal input registers. The parsing engine 110 passes successive entries
from the data package to the AES cipher in order. The order used by the parsing engine 110 defines the composition of the expanded state and encryption key registers used for the row and column permutations in each encoding cycle.
The expanded state matrix comprises 64 bytes of data compiled in a 4-by-16 structure. Each row of the expanded state matrix comprises entries from four successive input registers. The power regulating cipher substitutes the 32-bit input registers compiled by the parsing engine 110 and the inversion engine 104 for the individual entries (8 bits) defined in conventional 4-by-4 state matrices. The byte level composition of an exemplary expanded state matrix is presented in Table 6.
Table 6: Composition of an expanded state matrix
Where :
dOl, d02,...,die= 16 individual 8-bit entries from a data package. dOl, d02,...,die= bitwise complements of the 8-bit data package entries.
The power regulating cipher uses the expanded state matrix to balance bit transitions for row and column
permutations (shift row and mix columns operations) . These operations replicate the permutations executed by conventional AES ciphers. The composition of the exemplary state matrix (presented in Table 6) following a xshift rows' operation is presented in Table 7. dOl dOl dOl dOl d02 d02 d02 d02 d03 d03 d03 d03 d04 d04 d04 d04 doe doe doe deo d07 d07 d07 d07 d08 d08 d08 d08 d05 d05 d05 d05 dll dll dll dll d!2 d!2 d!2 d!2 d09 d09 d09 d09 dlO dlO dlO dlO
die die die die d!3 d!3 d!3 d!3 dl4 dl4 dl4 dl4 dl5 dl5 dl5 dl5
Table 7 : The expanded state matrix after row permutation
The regulating AES cipher balances bit transitions
(producing the ratio outlined in Table 3) at each clock cycle for row and column permutation operations. Some of the
operations may be combined and/or transformed into a sequence of lookup tables to improve execution speed and memory usage (similar to the use of T-tables with conventional AES
ciphers) . Other memory management techniques can be used to accommodate the expanded state, encryption key and lookup table matrices produced by the parsing engine 110 and the inversion engine 104. The output from each regulated
encoding cycle mirrors the composition of the reciprocal input registers and lookup table registers compiled by the parsing engine 110 and inversion engine 104. For example, the encoding output produced from the input and lookup table registers presented in Table 5 contains standardized Siphertext' in data slot 1 (ciphertext that is compatible with conventional implementations of the Advanced Encryption Cipher) .
The parsing engine 110 and the inversion engine 104 are capable of decomposing the output registers from each encoding cycle to compile standardized Siphertext' output for the power regulation algorithm. The decomposition process
generally involves:
· locating Standardized' output bytes within the output
registers produced during each encoding cycle,
• isolating the Standardized' output bytes contained in
successive registers, and
• sequentially appending the Standardized' output bytes to the ciphertext.
Generating reciprocal registers
An exemplary process for generating reciprocal registers is described in this section of the specification. The process is described using the Advanced Encryption Standard (AES) . The methodology can be applied to other block ciphers (such as DES, IDEA, RC5 and Blowfish) . The disclosed algorithm is
implemented in software that is optimized for a single 32-bit processing unit (a processor with 32-bit registers) . The methodology can be extended to other software optimizations (including optimizations for multi-core processors and 64-bit processors) .
The process is executed by the parsing engine 110 and the inversion engine 104. The parsing engine copies entries from a data package and corresponding encryption key to designated input registers. The inversion engine 104 generates bitwise complements of select entries within the respective registers to produce sets of reciprocal registers. The same process is used to generate lookup tables registers from the xRijndael S- Box' .
The parsing engine 110 generates precursor registers for the state, encryption key and lookup table from a single entry (8 bits) extracted from a corresponding source. The 32-bit precursor registers contain four copies of the extracted entry. The parsing engine copies the selected entry (8 bits from the corresponding source) to each slot within the
designated 32-bit register.
The inversion engine 104 generates bitwise complements of two entries within the precursor registers using a conversion register. Each conversion register contains two unique 8 bit entries: a zero entry (00000000) and a complement entry
(11111111) . The inversion engine 104 executes an XOR operation between the conversion register and a corresponding precursor register to produce a corresponding register (state,
encryption key or lookup table) for the AES cipher. The conversion process for a state register is presented in Table 8.
Table 8: Precursor and conversion registers for the ^tate'
A similar process is used to generate the reciprocal
encryption key and lookup table registers. The inversion engine 104 uses the same conversion register to produce reciprocal lookup table and state registers. A complementary conversion register is used to produce the encryption key register. The complementary conversion registers produce four unique encoding pairs within the reciprocal input registers. A complementary conversion register and reciprocal key register for the registers contained in Table 8 are presented in the Table 9.
Table 9: Complementary conversion register and reciprocal encryption key register
There are 24 unique input register combinations that produce encoding pairs compatible with the 32-bit power regulating cipher described in this section of the
specification. Each set of complementary conversion registers contains four matched entry (8 bit) combinations. The 24 unique conversion register combinations define different permutations (data slot positions) of these matched entry:
• zero entry I zero entry
• complement entry | complement entry
• zero entry I complement entry
• complement entry | zero entry
Each state/encryption key register combination produced from a set of complementary conversion registers defines four unique encoding pairs. The allocation of encoding pairs within the reciprocal input registers is defined by the corresponding conversion registers selected by the inversion engine 104.
The inversion engine 104 is capable of randomly
allocating entries within the respective input registers for successive encoding processes. This is facilitated by
randomizing the conversion register selection process. The inversion engine 104 uses a pseudo-random number generator to
randomize conversion register selection. Each set of complementary conversion registers selected by the inversion engine 104 is typically used for the entire encoding process for a corresponding data package.
The complementary conversion registers are stored in a conversion lookup table with a unique reference. Each row of the conversion lookup table comprises a pair of complementary registers and the corresponding unique reference. The
inversion engine 104 matches the pseudo-random number to the unique reference to select conversion registers for an
encoding process. A new pseudo-random number is typically used for each encoding process.
The conversion lookup table can have up to 24 unique complementary conversion register combinations. More
(including duplicate conversion register pairs) or less entries may be used in practice. Entries from an exemplary conversion lookup table are presented in Table 10 using hexadecimal representation for the conversion registers.
Table 10: Conversion register lookup table
The parsing engine 110 uses the conversion registers to isolate the encrypted data package (the xciphertext' ) at the conclusion of the encoding process. The conversion registers define the location of the standardised ciphertext within the output registers generated by the power regulating cipher. The standardised ciphertext is compatible with conventional AES ciphers .
The power regulating cipher produces four encoded
outputs. Each 32-bit output register contains one entry from each of the encoded outputs. The allocation of respective outputs within the output registers depends on the conversion
registers used to generate inputs for the encoding process. The relationship between state and encryption key registers presented in Tables 8 and 9 and the output produced by the power regulating cipher is presented in Table 11.
Table 11: Relationship between input and output registers
The parsing engine 110 generates an output conversion register by performing an XOR operation with the complementary conversion registers applied to the cipher inputs. The output register facilitates isolation of the standardised ciphertext (the output from the power regulating cipher that is
compatible with conventional AES ciphers) . An output
conversion register produced from the xstate' and xkey' conversion registers presented in Tables 8 and 9 is presented in Table 12.
Table 12: Generation of the output conversion register The parsing engine 110 executes an XOR operation between the output registers generated by the power regulating
algorithm and the output conversion register. This produces four copies of standardized ciphertext in each of the
converted output registers. The combination is presented in Table 13. slot 1 slot 2 slot 3 slot 4
out out complement (out) complement (out)
00000000 00000000 11111111 11111111
out out out out
Table 13: Combining output and output conversion register
The parsing engine 110 extracts converted output entries (8 bits) from successive output registers and compiles the extracted entries in standardised ciphertext registers. The standardised ciphertext registers are compatible with
conventional AES ciphers.
Embodiments of the present invention may be implemented using software (including firmware) and/or dedicated hardware (including integrated circuits and programmable logic
devices) . Software embodiments can be platform independent (leveraging a virtual machines to interface with underlying hardware) , compiled for execution by a target operating systems (such as Windows, OSX, Android, iOS) or developed for customised hardware platforms with defined instruction sets (such as xsystem on chip' hardware) . Hardware systems can incorporate dedicated circuitry (including Application specific integrated circuits' or ASIC) and/or programmable logic device (such as xfield programmable gate arrays' ) .
Software instructions for performing embodiments of the invention may be stored in a non-transitory computer readable medium (such as a magnetic hard drive or solid state drive) , data signals (typically transmitted via a communication network) or read only memory (such as PROM, EPROM and EEPROM) .
It will be understood to persons skilled in the art of the invention that many modifications may be made without departing from the spirit and scope of the invention.
It is to be understood that, if any prior art publication is referred to herein, such reference does not constitute an admission that the publication forms a part of the common general knowledge in the art, in Australia or any other country .
In the claims which follow and in the preceding
description of the invention, except where the context
requires otherwise due to express language or necessary implication, the word "comprise" or variations such as
"comprises" or "comprising" is used in an inclusive sense, i.e. to specify the presence of the stated features but not to
preclude the presence or addition of further features in various embodiments of the invention .
Claims
1. An encryption process comprising:
receiving a data package for encryption and a
corresponding encryption key for use encoding the data package,
deriving complements of the data package and the
encryption key using bitwise operations,
establishing four unique encoding pairs from the data package, the encryption key and the respective complements, each encoding pair having a data component and an encryption key component, and
simultaneously encrypting the data component of each encoding pair within a single encryption system using the corresponding encryption key component.
2. The process of claim 1 wherein the four unique encoding pairs comprise:
i. the data package and the encryption key,
ii. the data package and a bitwise complement of the encryption key,
iii. a bitwise complement of the data package and the encryption key, and
iv. a bitwise complement of the data package and a
bitwise complement of the encryption key
3. The process of claim 1 or claim 2 comprising clearing defined registers within the encryption system before writing intermediate outputs to the defined registers during
encryption of the respective data components.
4. The process of any one of claims 1 to 3 comprising
encrypting the respective data components of each encoding pair using identical encryption algorithms that are
independently executed by a single processing unit within the encryption system.
5. The process of claim 4 comprising synchronizing execution
of each encryption algorithm to a single system clock.
6. The process of claim 4 or claim 5 comprising generating replacement look up tables from a standardized look up table defined for the encryption algorithms, the replacement lookup table for the individual encryption algorithms reflecting the composition of the corresponding encoding pairs.
7. The process of any one of claims 1 to 6 comprising
executing a masking algorithm within the single encryption system concurrently with encryption of the respective data components .
8. The process of any one of claims 1 to 6 comprising
executing an unbalanced masking cipher that uses an
independent masking key to encrypt data within the single encryption system concurrently with encryption of the
respective data components, and dynamically altering the composition of the masking key.
9. An encryption system comprising:
a parsing engine that is configured to generate four unique encoding pairs from an individual data package and corresponding encryption key, each of the unique encoding pairs comprising a data component and an encryption key component selected from:
i. the data package,
ii. the encryption key for the data package,
iii. a bitwise complement of the data package, and iv. a bitwise complement of the encryption key, and a processing unit that is configured to simultaneously encrypt the data component of each encoding pair using a corresponding encryption key component.
10 The system of claim 9 wherein the four unique encoding pairs comprise:
i. the data package and the encryption key,
ii. the data package and a bitwise complement of the
encryption key,
iii. a bitwise complement of the data package and the
encryption key, and
iv. a bitwise complement of the data package and a
bitwise complement of the encryption key.
11. The system of claim 9 or claim 10 comprising an inversion engine that is configured to generate complements of received data packages and corresponding encryption keys for
incorporation in the encoding pairs generated by the parsing engine .
12. The system of claim 11 wherein the inversion engine is configured to generate complementary look up tables for each encryption algorithm that reflect the composition of the corresponding encoding pairs.
13. The system of any one of claims 9 to 12 comprising a memory management module that is configured to clear defined registers within the processing unit before writing
intermediate outputs to the registers during encryption of the respective data components.
14. The system of any one of claims 9 to 13 comprising a system clock that is used by the processing unit to
synchronize execution of each encryption algorithm within the processing unit.
15. The system of any one of claims 9 to 14 comprising a masking module that is configured to execute a masking
algorithm concurrently with the four identical encryption algorithms .
16. The system of any one of claims 9 to 14 comprising a masking module that is configured to execute an unbalanced masking cipher concurrently with the four identical encryption algorithms and dynamically alter the composition of an
independent masking key used by the masking module to encrypt
data
17. An encryption process comprising:
receiving a data package and a corresponding encryption key ,
generating four unique encoding pairs each having a data component and an encryption key component derived from the data package and encryption key, and
simultaneously encrypting the respective data components of each encoding pair using the corresponding encryption key component within a single encryption system.
18. The process of claim 17 comprising deriving bitwise complements of the received data package and the encryption key, and establishing the four unique encoding pairs from the data package, the encryption key and the respective
complements .
19. The process of claim 17 or claim 18 wherein the four unique encoding pairs comprise:
i. the data package and the encryption key,
ii. the data package and a bitwise complement of the
encryption key,
iii. a bitwise complement of the data package and the
encryption key, and
iv. a bitwise complement of the data package and a
bitwise complement of the encryption key.
20. The process of any one of claims 17 to 19 comprising clearing defined registers within the encryption system before writing intermediate outputs to the defined registers during encryption of the respective data components.
21. The process of any one of claims 17 to 20 comprising encrypting the respective data components of each encoding pair using identical encryption algorithms that are
independently implemented by a single processing unit within the encryption system.
22. The process of claim 21 comprising synchronizing execution of each encryption algorithm to a single system clock.
23. The process of claim 21 or claim 22 comprising generating complementary look up tables for each encryption algorithm that reflect the composition of the corresponding encoding pairs .
24. An encryption process comprising synchronously executing a plurality of identical encryption algorithms within a single encryption system to decorrelate power consumption from a primary encryption process encoding a received data package and corresponding encryption key.
25. The process of claim 24 comprising simultaneously
executing four independent encryption algorithms within the encryption system to regulate static and dynamic power
consumption of the encryption system.
26. The process of claim 24 or claim 25 comprising generating four unique encoding pairs from a data package and a
corresponding encryption key, each encoding pair comprising a data component and an encryption key component.
27. The process of claim 26 comprising deriving bitwise complements of the data package and the encryption key, and establishing the four unique encoding pairs from the data package, the encryption key and the respective complements.
28. The process of claim 26 or claim 27 wherein the four unique encoding pairs comprise:
i. the data package and the encryption key,
ii. the data package and a bitwise complement of the
encryption key,
iii. a bitwise complement of the data package and the
encryption key, and
iv. a bitwise complement of the data package and a
bitwise complement of the encryption key.
29. The process of any one of claims 24 to 28 comprising clearing defined registers within the encryption system before writing intermediate outputs to the defined registers during encryption of the respective data components.
30. The process of any one of claim 24 to 29 comprising synchronizing execution of each encryption algorithm to a single system clock.
31. The process of any one of claims 17 to 30 comprising executing a masking algorithm within the single encryption system concurrently with the encryption algorithm.
32. The process of any one of claims 17 to 31 comprising executing an unbalanced masking cipher that uses an
independent masking key to encrypt data within the single encryption system concurrently with the encryption algorithm, and dynamically altering the composition of the masking key.
33. An encryption process comprising synchronously encrypting complementary data using reciprocal encryption keys within a single encryption system to regulate the power consumed by the encryption system.
34. An encryption apparatus, comprising a computer programmed to implement an encryption process in accordance with any one of claims 1 to 8, 17 to 23, 31, 32, 24 to 30 or 33.
35. A computer program, comprising instructions for
controlling a computer to implement an encryption process in accordance with any one of claims 1 to 8, 17 to 23, 31, 32, 24 to 30 or 33.
36. A computer readable medium, providing a computer program in accordance with claim 35.
37. A data signal, comprising a computer program in
accordance with claim 35.
38. An encryption system comprising computing hardware that is configured to receive a data package and a corresponding encryption key, generate four unique encoding pairs each having a data component and an encryption key component derived from the data package and encryption key, and
simultaneously encrypt the respective data components of each encoding pair using the corresponding encryption key
component .
39. An encryption system comprising computing hardware that is configured to synchronously execute a plurality of identical encryption algorithms to decorrelate power consumption from a primary encryption process encoding a received data package and corresponding encryption key
40. An encryption system comprising computing hardware that is configured to synchronously encrypt complementary data using reciprocal encryption keys to regulate power consumption.
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2013903447A AU2013903447A0 (en) | 2013-09-09 | Data encryption process | |
| AU2013903447 | 2013-09-09 | ||
| AU2013904459 | 2013-11-19 | ||
| AU2013904459A AU2013904459A0 (en) | 2013-11-19 | Data encryption process |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2015031949A1 true WO2015031949A1 (en) | 2015-03-12 |
Family
ID=52627615
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/AU2014/000884 WO2015031949A1 (en) | 2013-09-09 | 2014-09-09 | Data encryption process |
Country Status (1)
| Country | Link |
|---|---|
| WO (1) | WO2015031949A1 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109784078A (en) * | 2019-01-21 | 2019-05-21 | 济南浪潮高新科技投资发展有限公司 | A kind of data ciphering method and system |
| CN110287708A (en) * | 2018-03-19 | 2019-09-27 | 扬智科技股份有限公司 | One Time Programmable encryption device and its encryption method |
| CN115801321A (en) * | 2022-10-20 | 2023-03-14 | 北京海泰方圆科技股份有限公司 | Data combination encryption method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2002041566A2 (en) * | 2000-11-14 | 2002-05-23 | Honeywell International Inc. | Cryptographic combiner using two sequential non-associative enciphering and deciphering operations |
| US20070064933A1 (en) * | 2005-07-28 | 2007-03-22 | Lucent Technologies Inc. | Method of symmetric key data encryption |
-
2014
- 2014-09-09 WO PCT/AU2014/000884 patent/WO2015031949A1/en active Application Filing
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2002041566A2 (en) * | 2000-11-14 | 2002-05-23 | Honeywell International Inc. | Cryptographic combiner using two sequential non-associative enciphering and deciphering operations |
| US20070064933A1 (en) * | 2005-07-28 | 2007-03-22 | Lucent Technologies Inc. | Method of symmetric key data encryption |
Non-Patent Citations (3)
| Title |
|---|
| CHENG, H. ET AL.: "PUFFIN: A Novel Compact Block Cipher Targeted to Embedded Digital Systems, 11th EUROMICRO CONFERENCE on DIGITAL SYSTEM DESIGN", ARCHITECTURES, METHODS AND TOOLS, DSD '08, 3 September 2008 (2008-09-03), pages 383 - 390 * |
| FISCHER, W. ET AL.: "Differential Power Analysis of Stream Ciphers, Topics in Cryptology - CT-RSA 2007", LECTURE NOTES IN COMPUTER SCIENCE, vol. 4377, 2006, pages 257 - 270 * |
| KOCHER, P. ET AL.: "Differential Power Analysis, Advances in Cryptology - CRYPTO' 99", LECTURE NOTES IN COMPUTER SCIENCE, vol. 1666, 1999, pages 388 - 397 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110287708A (en) * | 2018-03-19 | 2019-09-27 | 扬智科技股份有限公司 | One Time Programmable encryption device and its encryption method |
| CN110287708B (en) * | 2018-03-19 | 2023-07-04 | 扬智科技股份有限公司 | One-time programmable encryption device and encryption method thereof |
| CN109784078A (en) * | 2019-01-21 | 2019-05-21 | 济南浪潮高新科技投资发展有限公司 | A kind of data ciphering method and system |
| CN109784078B (en) * | 2019-01-21 | 2023-04-18 | 山东浪潮科学研究院有限公司 | Data encryption method and system |
| CN115801321A (en) * | 2022-10-20 | 2023-03-14 | 北京海泰方圆科技股份有限公司 | Data combination encryption method and device |
| CN115801321B (en) * | 2022-10-20 | 2023-11-14 | 北京海泰方圆科技股份有限公司 | Data combination encryption method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10951392B2 (en) | Fast format-preserving encryption for variable length data | |
| US8094816B2 (en) | System and method for stream/block cipher with internal random states | |
| EP1833190B1 (en) | Table splitting for cryptographic processes | |
| US9515818B2 (en) | Multi-block cryptographic operation | |
| US7720225B2 (en) | Table splitting for cryptographic processes | |
| US8966285B2 (en) | Securing implementation of a cryptographic process having fixed or dynamic keys | |
| JPH1075240A (en) | Method for protecting data transmission and device for ciphering or deciphering data | |
| US8619985B2 (en) | Table splitting for cryptographic processes | |
| AU2011292312A1 (en) | Apparatus and method for block cipher process for insecure environments | |
| EP3667647A1 (en) | Encryption device, encryption method, decryption device, and decryption method | |
| JP2011512562A (en) | Random encryption and decryption method for access and communication data | |
| KR100546375B1 (en) | Interdependent parallel processing hardware cryptographic engine providing for enhanced self fault-detecting and hardware encryption processing method thereof | |
| Teh et al. | A chaos-based authenticated cipher with associated data | |
| WO2015031949A1 (en) | Data encryption process | |
| WO2016132506A1 (en) | Pseudorandom number generation device and pseudorandom number generation program | |
| Anusha et al. | Analysis and comparison of symmetric key cryptographic algorithms on FPGA | |
| US20240097880A1 (en) | High-speed circuit combining aes and sm4 encryption and decryption | |
| Shahapure et al. | Variation and security enhancement of block ciphers by embedding | |
| CN101562521B (en) | Key updating method | |
| Bulygin et al. | Study of the invariant coset attack on printcipher: more weak keys with practical key recovery | |
| Pandey et al. | Data security using various cryptography Techniques: A Recent Survey | |
| Ren et al. | 3DES implementation based on FPGA | |
| EP1629626A1 (en) | Method and apparatus for a low memory hardware implementation of the key expansion function | |
| JP2015082077A (en) | Encryption device, control method, and program | |
| Daemen et al. | Chosen ciphertext attack on SSS |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14842977 Country of ref document: EP Kind code of ref document: A1 |
|
| NENP | Non-entry into the national phase |
Ref country code: DE |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 14842977 Country of ref document: EP Kind code of ref document: A1 |