WO2015047487A1 - Method and apparatus to encrypt plaintext data - Google Patents

Method and apparatus to encrypt plaintext data Download PDF

Info

Publication number
WO2015047487A1
WO2015047487A1 PCT/US2014/043169 US2014043169W WO2015047487A1 WO 2015047487 A1 WO2015047487 A1 WO 2015047487A1 US 2014043169 W US2014043169 W US 2014043169W WO 2015047487 A1 WO2015047487 A1 WO 2015047487A1
Authority
WO
WIPO (PCT)
Prior art keywords
function
nonce
nonced
data
plaintext data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2014/043169
Other languages
English (en)
French (fr)
Inventor
Roberto Avanzi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qualcomm Inc
Original Assignee
Qualcomm Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qualcomm Inc filed Critical Qualcomm Inc
Priority to KR1020167002026A priority Critical patent/KR20160024965A/ko
Priority to JP2016523807A priority patent/JP6345237B2/ja
Priority to CN201480034284.4A priority patent/CN105324956B/zh
Priority to EP14828376.5A priority patent/EP3014800B1/en
Publication of WO2015047487A1 publication Critical patent/WO2015047487A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/34Encoding or coding, e.g. Huffman coding or error correction

Definitions

  • the present invention relates to a method and apparatus to encrypt plaintext data and decrypt the corresponding ciphertext data.
  • memory analyzers represents a large threat to the integrity and confidentiality of distributing content. Even if great care is devoted to protect data contained in code, the contents of memory may be captured by bus sniffing. For example, this can be used to leak raw content, even if it is distributed in an encrypted form, after it has been decrypted in a secure environment for rendering. This may be accomplished by "reading" the electric signals corresponding to the writes to the memory. Other more sophisticated attacks may even replay these signals to trick the processor into reading and processing data chosen by an attacker.
  • aspects of the invention may relate to an apparatus and method for encrypting plaintext data.
  • the method includes: receiving at least one plaintext data input; applying a Nonce through a function to the at least one plaintext data input to create plaintext data outputs and/or to intermediate values of a portion of an encryption function applied to the at least one plaintext data input to create intermediate Nonced data outputs; and applying the encryption function to at least one of the Nonced plaintext data outputs and/or the intermediate Nonced data outputs to create encrypted output data.
  • the encrypted output data is then transmitted to memory.
  • FIG. 1A is a flow diagram illustrating a process in which a series of blocks of plaintext data inputs are encrypted using an encryption function and a Nonce.
  • FIG. IB is a flow diagram illustrating the reverse decryption process of FIG. 1 A.
  • FIG. 2 is a flow diagram illustrating a common structure of a block cipher based on the iterations of similar computational blocks referred to as rounds.
  • FIG. 3 is a flow diagram illustrating a process to encrypt a data input in expanded form using a first and second set of round functions and augmenting an intermediate step of the encryption process with a Nonce.
  • FIG. 4A is a flow diagram illustrating a process to encrypt a series of blocks of plaintext data inputs using the same key and a Nonce or values derived from a Nonce to modify in different ways the encryption processes of the individual blocks.
  • FIG. 4B is a flow diagram illustrating the reverse decryption process of FIG. 4A.
  • FIG. 5 is a flow diagram illustrating a process to encrypt a data input obtaining several different outputs by applying different values derived from a common Nonce to an intermediate step of the encryption process.
  • FIG. 6 is a diagram of an example computer hardware system to implement the data encryption techniques for the purpose of enabling the saving and restoring of encrypted memory to mass storage without having to decrypt and re-encrypt it.
  • Embodiments of the invention relate to techniques to provide an enhanced mechanism for the protection of data stored in memory.
  • methods and processes are described that extend the functionality of block ciphers in order to enhance memory encryption. Additionally, these techniques may also improve performance, throughput, and power consumption, as will be hereinafter described. These techniques may also be used to improve performance, throughput, and power consumption for the purpose of secure data storage of transmission over (wired or wireless) networks.
  • an encryption scheme is utilized in which a series of L blocks of plaintext data inputs are encrypted using an encryption function (e.g., a block cipher). Prior to encryption with the block cipher, a Nonce is applied through a function to the plaintext data inputs.
  • a method or process to encrypt plaintext data includes: receiving a plurality of plaintext data inputs; applying a Nonce through a function to the plurality of plaintext data inputs to create Nonced plaintext data outputs; applying an encryption function such as a block cipher to the Nonced plaintext data outputs to create encrypted output data; and transmitting the encrypted output data to memory.
  • the method may include: receiving a plurality of plaintext data inputs; applying a Nonce through a function to the plurality of plaintext data inputs to create plaintext data outputs and/or to intermediate values of a portion of an encryption function applied to the plurality of plaintext data inputs to create intermediate Nonced data outputs; and applying the encryption function to at least one of the Nonced plaintext data outputs and/or the intermediate Nonced data outputs to create encrypted output data.
  • the encrypted output data is then transmitted to memory.
  • a method or process 100 is performed in which a plurality of plaintext data inputs (Inputl-InputL) 110 are received.
  • a Nonce 120 is applied through a function 122 to the plaintext data inputs (Inputl-InputL) 110.
  • the Nonce 120 may be used to randomize the encryption of the L blocks of plaintext data (Inputl-InputL) 110.
  • L blocks of plaintext data (Inputl-InputL) 110 are received and a Nonce 120 may be applied by functions (fl, f2,. . . , fL) 122 to create Nonced plaintext data outputs.
  • the function to apply the Nonce 120 may include an XOR function.
  • a modular addition function may be used.
  • An encryption function 130 e.g., a block cipher
  • the Nonce 120 may be subject to some transformations in order to avoid that equal blocks of plaintext (among the L blocks 110 processed at the same time) have the same encryption. Also, because the cryptographic key used in the encryption function 130 used in the L parallel encryptions may be the same, the key schedule does not need to be redone L times
  • Nonce 120 may either be stored in a smaller, internal, protected area of memory, or stored in the main memory, either in a clear or encrypted manner, depending on use cases, as will be described in more detail hereinafter.
  • the functions (fl, f2,. . . , fL) 122 may be mathematical functions that derive values from the Nonce 120 in order to perturbate the computation of the Nonced plaintext data outputs in a manner unpredictable for an attacker. These can be maskings with constants, different circular rotations, or other functions that may be related to the chosen encryption function 130. If the Nonce 120 has larger size than the cipher block length, then the functions may just be extractions of segments of the Nonce.
  • methodology 100 may be parallelizable, utilizing L or L+1 implementations of the same encryption function 130 (or a different encryption function may be utilized).
  • L or L+1 implementations of the same encryption function 130 or a different encryption function may be utilized.
  • dashed lines 150 an expansion of the ciphertext is shown as an L+l-th implementation, which outputs one additional block.
  • sub-key derivation needs to be performed only once, thus saving hardware resources.
  • sufficient security may be provided by storing the Nonce 120 in the clear in an accessible memory area, as it plays a role similar to that of an initialization vector.
  • a benefit of this approach is that the Nonce 120 can be shorter than the block size, and therefore it may be applied in the function operations 122 only to selected bit fields of the input blocks 110.
  • process 100 extends the functionality of block ciphers in order to enhance memory encryption.
  • encryption scheme 100 utilizes a series of L blocks of plaintext data inputs (Input 1-InputL) 110 that are each encrypted using encryption function 130, in which prior to encryption with encryption function 130, a Nonce 120 is applied through a function 122 to the plaintext data inputs 100.
  • the encryption function 130 may be applied to the Nonced plaintext data outputs such that encrypted output data (Outputl-OutputL) 140 is outputted to memory.
  • the plaintext data inputs 110 may first be encrypted by a first sequence of round functions that constitute the block cipher (which is the chosen encryption function), before the Nonce 120 is applied, and thereafter, the Nonce is applied, to create Nonced data outputs.
  • the Nonced data outputs may then be encrypted by a second sequence of round functions modeling the block cipher (which is the chosen encryption function) to create the encrypted output data that is outputted to memory.
  • the encryption function 130 e.g., block cipher
  • various constructions may be used.
  • constructions such as Luby-Rackoff constructions may be used, e.g., Feistel networks (such as Data Encryption Standard (DES)), and Substitution- Permutation (SP) networks (such as Advanced Encryption Standard (AES)).
  • DES Data Encryption Standard
  • SP Substitution- Permutation
  • AES Advanced Encryption Standard
  • one parameterized non-linear function is repeatedly applied to the input.
  • Each application of this function may be referred to as a "round" or "round function”.
  • the output of a round is the input of the next round.
  • the plaintext is the input to the first round, and the ciphertext is the output of the last round.
  • the round function takes a further parameter called the round key and the round keys are derived from the encryption/decryption key (e.g., the cipher key).
  • FIG. 2 an example of a process 200 to generate a block cipher based upon round functions is illustrated.
  • a plaintext data input 202 is inputted to a plurality of N rounds 204 of the round function, modeling the block cipher. Therefore, the block cipher is modeled by the plurality of N rounds 204 of round functions, where kl, k2, . . . kN are the round keys for Rounds 1, 2, . . . , N respectively.
  • Output 206 is the encrypted plaintext data input 202 encrypted by the round function (modeling the block cipher) applied to the plaintext data input 202. It should be appreciated that decryption would be the exact same process in reverse.
  • a performance efficient implementation of this scheme may require two parallel implementations of the same block cipher, possibly sharing the round keys.
  • the Nonce may be applied in the middle of the cipher. By means of this, the part of the cipher before the application of the Nonce must be implemented only once, and the part of the cipher following the application of the Nonce is implemented twice.
  • the plaintext data input 302 may be encrypted through M of the N rounds (1 ⁇ M ⁇ N), e.g., M rounds 304 parametrised using M round keys (kl, k2, ... kM).
  • M rounds 304 parametrised using M round keys (kl, k2, ... kM).
  • the Nonce (v) 306 is applied - for instance XORing it to the output X of the M-th round - and the XORed output and the Nonce are encrypted further, independently (separate block 308) - and resuming the process with the (M + l)-th round.
  • the Nonce (v) 306 is applied - for instance XORing it to the output X of the M-th round - and the XORed output and the Nonce are encrypted further, independently (separate block 308) - and resuming the process with the (M + l)-th round.
  • next round of round keys k' and k" for N-M rounds 310 may be the same set of round keys or may be slight variants of each other, such as different rotations or masked with different secret constants. Additionally, the outputs may be concatenated (block 314) resulting in Output 316.
  • Xi 0 (decomposition as concatenation of two bit strings of equal length) and v (Nonce) was set to v V
  • VI 0 then A would be A XM
  • vlo and B would be B Xi 0 1
  • the process is beneficial in that hardware implementations of the first M rounds do not have to be duplicated - but only for the last N-M rounds. Decryption works also in this case backwards.
  • the two "sides" C and D of Output are decrypted in parallel for the last N - M rounds, until Nonce v is recovered, the separate operation is reversed, and then the decryption of the Input is completed in M rounds.
  • FIG. 4A an example of a process 400 is illustrated, generalizing the previous techniques, to simultaneously encrypt L blocks of plaintext data inputs (Input 1-InputL) 410, in which a Nonce 420 is added to each block, after being suitably transformed, along with the use of various rounds.
  • the process 400 of FIG. 4A illustrates that the plaintext data inputs 410 may be encrypted by a first sequence of round functions (M rounds 404) before the Nonce 120 is applied, and thereafter, the Nonce 420 is applied, to create Nonced data outputs.
  • M rounds 404 first sequence of round functions
  • the L blocks of plaintext data (Inputl-InputL) 410 are received and functions (fl, f2,. . .
  • the function to apply the Nonce 420 may include a XOR function.
  • other easily invertible functions such as modular additions or subtractions may be used to apply the (values derived from the) Nonce.
  • the Nonced data outputs may then be encrypted by a second sequence (N-M rounds 406) of round functions to create the encrypted output data 440 that is outputted to memory.
  • N-M rounds 406 the full encryption function is thereby modeled and applied.
  • methodology 400 may be parallelizable, utilizing L (in the case the nonce is not encrypted) or L+l (in the case the nonce is encrypted) implementations of the round functions 404 and 406 to create the encrypted output data that is outputted to memory.
  • function (fl, f2, . . . , fL) 422 perform substantially the same roles as described with reference to FIG. 1A.
  • the fact that the functions are not implemented until the (M + l)-th round 406 of the underlying block cipher allows a more complex derivation from the Nonce.
  • some alteration of the AES key scheduling procedure could be adopted to generate the functions.
  • the functions could be computed in parallel with the first M rounds 404 of the block cipher. It may be beneficial to not feed all the same round keys to the various rounds, but to also apply some fixed permutations and/or maskings to them, which are unique for each vertical pipeline. Also, it may be beneficial, depending on use case requirements, to just store the Nonce 420 in the clear in an accessible or in a protected memory area, as it may play a role similar to that of an initialization vector, and may still be secure enough.
  • inputs 440 are the outputs of the encryption of FIG. 4A and the outputs 410 should correspond to the original inputs (i.e., the original plaintext inputs).
  • FIG. 5 An example of this is displayed with reference to FIG. 5.
  • the Input 502 and the Nonce (v) 520 are values used to generate L key stream blocks.
  • the Input 502 is not the plaintext.
  • Outputl, Output2, ... OutputL 540 are not the ciphertext, but L blocks of the ciphertext are XORed to these values as in the CTR mode of operation (or are used in a more complex way in some variants of other modes of encryption which only use the encryption primitive of the block cipher).
  • FIG. 5 is similar to FIG.
  • Nonce 520 may be applied by functions (fl, f2,. . . , fL) 522 to create Nonced outputs.
  • the function to apply the Nonce 520 may include an XOR function.
  • the Nonced outputs may then be encrypted by a second round (N-M rounds 506) of round keys to create encrypted output 540.
  • AES e.g., AES-128
  • M 3 or 4 in view of current cryptanalytic results may be used.
  • AES-128 reduced to 6 or 7 rounds is still considerably difficult to attack and then only if the attacker can control the input - which is not possible in this situation.
  • L 8 blocks
  • the savings may be a bit larger if the key schedule for the last N - M rounds is common to all the pipelines - perhaps with just some fixed bit permutations of the round keys in the parallel pipelines, but probably not more than that - as this should be more than offset by the logic for deriving from the nonce different values to be XORed to the inputs to the (M + l)-th round.
  • the Nonce may be refreshed. If the block cipher has sufficient diffusion (or it has sufficient diffusion in the last N - M rounds), then it may be sufficient to just shift the Nonce by, for example, s bits, and then append s new fresh random bits to the Nonce. For example, this may be computed for Nonce (v) as v— (v«s) ⁇ r, where r is a string of s bits. Further, the fresh bits can be shifted in from the most significant position, or v can be partitioned in various sub- registers that are independently shifted and refreshed.
  • the Nonce can either: (a) be a value independent of the physical memory address where the data will be stored; or (b) be dependent from that address. For the latter case, it could be the concatenation of: (i) the physical memory address and (ii) of a random value, a (encrypted) counter, or a value computed by the methods described above or a by a different method.
  • Example computer hardware 600 that may implement the previously described methods and processes is illustrated in FIG. 6.
  • the computer system 600 is shown comprising hardware elements that can be electrically coupled via busses (or may otherwise be in communication, as appropriate).
  • the hardware elements may include at least one main processor 602 (e.g., central processing unit (CPU)) as well as other processors 604. It should be appreciated that these processors may be general-purpose processors and/or one or more special-purpose processors (such as digital signal processing chips, graphics acceleration processors, and/or the like).
  • the processors may be coupled to respective memory management units (MMUs) 610, which may in turn be coupled through caches 612 (e.g., caches may or may not be present and/or may be separate or incorporated into other elements) (surrounded by dashed lines), to an encryptor processing unit 620 and/or to memory 630 and/or storage devices 640.
  • MMUs memory management units
  • encryptor 620 may utilize the previously described methods and processes to extend the functionality of cipher blocks in order to enhance memory encryption for data to be stored in memory.
  • computer 600 may include other devices (not shown), such as: input devices (e.g., keyboard, mouse, keypad, microphone, camera, etc.); and output devices (e.g., display device, monitor, speaker, printer, etc.).
  • Computer 600 may further include (an/or be in communication with) one or more memory elements, storage devices 630,640, which may comprise local and/or network accessible storage, and/or can include, without limitation, a disk drive, a drive array, an optical storage device, solid-state storage device such as a random access memory (“RAM”) and/or a read-only memory (“ROM”), which can be programmable, flash- updateable, and/or the like.
  • RAM random access memory
  • ROM read-only memory
  • Computer 600 may also include a communication subsystem, which may include a modem, a network card (wireless or wired), an infrared communication device, a wireless communication device and/or chipset (such as a Bluetooth device, an 802.11 device, a Wi-Fi device, a WiMax device, cellular communication device, etc.), and/or the like.
  • the communications subsystem may permit data to be exchanged with a network, other computer systems, and/or any other devices described herein.
  • computer 600 may be a mobile device, non- mobile device, wireless device, wired device, etc., and may have wireless and/or wired connections, and may be any type of electronic or computing device.
  • encryptor 620 may implement the previously described process (with additional reference to FIG. 1A) including: receiving a plurality of plaintext data inputs (Input 1-InputL) 110; applying a Nonce 122 through functions (fl, f2,. . . , fL) 122 to create Nonced plaintext data outputs that are randomized; and applying an encryption function 130 to the Nonced plaintext data outputs such that encrypted output data (Outputl-OutputL) 140 is outputted to memory 630.
  • This data may further be stored in storage 640.
  • encryptor 620 may encrypt the plaintext data inputs utilizing a first sequence of round functions modeling the encryption function before the Nonce is applied. After, this the Nonce is applied, to create the Nonced data outputs. The Nonced data outputs may then be encrypted by a second sequence of round functions modeling the encryption function to create the encrypted output data that is outputted to memory 630. Examples of these implementations are illustrated in FIGs. 2-5, as previously described in detail.
  • the data may be normally stored to memory 630 and/or normal memory mapping input/outs and control 655 may utilized to implement direct memory access (DMA) control to storage 640.
  • DMA direct memory access
  • a DMA data transfer channel may be used to read the actual, encrypted contents of the memory 630 (e.g., RAM, DDR RAM, etc.) and can be used to write them to a sector of the storage device 640 (e.g., a hard drive or a flash memory), as well as, to read from a sector and place the contents directly into memory 630.
  • the memory encryption methods may be independent of the physical addresses and pages can be swapped out and back in without additional encryption/decryption overhead.
  • a benefit of the previously described system is that memory contents do not need to be decrypted and re-encrypted each time they are moved to the swap file and back to memory, which results in significant power savings and in time savings.
  • the techniques described herein not only offer good direct protection against physical or electrical memory attacks - i.e. against direct reading of the memory - but also offer resistance against attacks that use the bus traffic as a side channel, as repeated writes of the same or correlated data to the same location are effectively randomized.
  • the techniques described herein require a relatively small additional hardware implementation.
  • the techniques described herein are generic enough such that they can be applied to essentially any commonly-used block cipher. Additionally, the input and output sizes of each round do not all have to be equal and masking operations have to be adapted only minimally in these cases.
  • the direct DMA channel for saving encrypted memory can also bring significant savings in power consumption and time.
  • the Nonce may be stored in the main memory 630, either in a clear unencrypted manner or in an encrypted manner, depending on the implementation.
  • the Nonce may be stored in a small, protected area of a specialized memory.
  • the corresponding key schedule may be pre-computed at the time.
  • the Nonce could be: a fixed value (in which case all derived constants, such as: the outputs of functions (fl, f2,. . . ,fL) can be pre-computed), a per page value, or could be dependent on the physical memory address.
  • circuitry of the devices may operate under the control of a program, routine, or the execution of instructions to execute methods or processes in accordance with embodiments of the invention.
  • a program may be implemented in firmware or software (e.g. stored in memory and/or other locations) and may be implemented by processors and/or other circuitry of the devices.
  • processors microprocessor, circuitry, controller, etc.
  • processors refer to any type of logic or circuitry capable of executing logic, commands, instructions, software, firmware, functionality, etc
  • the devices are mobile or wireless devices that they may communicate via one or more wireless communication links through a wireless network that are based on or otherwise support any suitable wireless communication technology.
  • the wireless device and other devices may associate with a network including a wireless network.
  • the network may comprise a body area network or a personal area network (e.g., an ultra-wideband network).
  • the network may comprise a local area network or a wide area network.
  • a wireless device may support or otherwise use one or more of a variety of wireless communication technologies, protocols, or standards such as, for example, 3G, LTE, Advanced LTE, 4G, CDMA, TDMA, OFDM, OFDMA, WiMAX, and WiFi.
  • a wireless device may support or otherwise use one or more of a variety of corresponding modulation or multiplexing schemes.
  • a wireless device may thus include appropriate components (e.g., air interfaces) to establish and communicate via one or more wireless communication links using the above or other wireless communication technologies.
  • a device may comprise a wireless transceiver with associated transmitter and receiver components (e.g., a transmitter and a receiver) that may include various components (e.g., signal generators and signal processors) that facilitate communication over a wireless medium.
  • a mobile wireless device may therefore wirelessly communicate with other mobile devices, cell phones, other wired and wireless computers, Internet web-sites, etc.
  • teachings herein may be incorporated into (e.g., implemented within or performed by) a variety of apparatuses (e.g., devices).
  • a computer e.g., a wired computer, a wireless computer, a phone (e.g., a cellular phone), a personal data assistant ("PDA"), a tablet, a mobile computer, a mobile device, a non- mobile device, a wired device, a wireless device, a laptop computer, an entertainment device (e.g., a music or video device), a headset (e.g., headphones, an earpiece, etc.), a medical device (e.g., a biometric sensor, a heart rate monitor, a pedometer, an EKG device, etc.), a user I/O device, a fixed computer, a desktop computer, a server, a point-of-sale (POS) device, an entertainment device, a set-top box, an ATM, or
  • POS point-of-sale
  • a wireless device may comprise an access device (e.g., a Wi-Fi access point) for a communication system.
  • an access device may provide, for example, connectivity to another network (e.g., a wide area network such as the Internet or a cellular network) via a wired or wireless communication link.
  • the access device may enable another device (e.g., a WiFi station) to access the other network or some other functionality.
  • a WiFi station e.g., a WiFi station
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • a general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine.
  • a processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.
  • a software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
  • An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium.
  • the storage medium may be integral to the processor.
  • the processor and the storage medium may reside in an ASIC.
  • the ASIC may reside in a user terminal.
  • the processor and the storage medium may reside as discrete components in a user terminal.
  • the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software as a computer program product, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
  • Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another.
  • a storage media may be any available media that can be accessed by a computer.
  • such computer- readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
  • any connection is properly termed a computer-readable medium.
  • the software is transmitted from a web site, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave
  • the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium.
  • Disk and disc includes compact disc (CD), laser disc, optical disc, digital versatile disc (DVD), floppy disk and blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)
PCT/US2014/043169 2013-06-27 2014-06-19 Method and apparatus to encrypt plaintext data Ceased WO2015047487A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
KR1020167002026A KR20160024965A (ko) 2013-06-27 2014-06-19 평문 데이터를 암호화하기 위한 방법 및 장치
JP2016523807A JP6345237B2 (ja) 2013-06-27 2014-06-19 平文データを暗号化するための方法および装置
CN201480034284.4A CN105324956B (zh) 2013-06-27 2014-06-19 加密明文数据的方法及设备
EP14828376.5A EP3014800B1 (en) 2013-06-27 2014-06-19 Method and apparatus to encrypt plaintext data

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US13/929,589 2013-06-27
US13/929,589 US9294266B2 (en) 2013-06-27 2013-06-27 Method and apparatus to encrypt plaintext data

Publications (1)

Publication Number Publication Date
WO2015047487A1 true WO2015047487A1 (en) 2015-04-02

Family

ID=52116878

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2014/043169 Ceased WO2015047487A1 (en) 2013-06-27 2014-06-19 Method and apparatus to encrypt plaintext data

Country Status (6)

Country Link
US (2) US9294266B2 (enExample)
EP (1) EP3014800B1 (enExample)
JP (1) JP6345237B2 (enExample)
KR (1) KR20160024965A (enExample)
CN (1) CN105324956B (enExample)
WO (1) WO2015047487A1 (enExample)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9215075B1 (en) 2013-03-15 2015-12-15 Poltorak Technologies Llc System and method for secure relayed communications from an implantable medical device
US9294266B2 (en) 2013-06-27 2016-03-22 Qualcomm Incorporated Method and apparatus to encrypt plaintext data
JP6077405B2 (ja) * 2013-07-02 2017-02-08 Kddi株式会社 記憶装置
EP2978159A1 (en) * 2014-07-21 2016-01-27 Nxp B.V. Nonce generation for encryption and decryption
EP2996277B1 (en) * 2014-09-10 2018-11-14 Nxp B.V. Securing a crytographic device against implementation attacks
DE102015201430A1 (de) * 2015-01-28 2016-07-28 Ihp Gmbh - Innovations For High Performance Microelectronics / Leibniz-Institut Für Innovative Mikroelektronik Intrinsische Authentifizierung von Programcode
US9774443B2 (en) * 2015-03-04 2017-09-26 Apple Inc. Computing key-schedules of the AES for use in white boxes
US10027640B2 (en) * 2015-09-22 2018-07-17 Qualcomm Incorporated Secure data re-encryption
FR3058813A1 (fr) * 2016-11-16 2018-05-18 Stmicroelectronics (Rousset) Sas Stockage dans une memoire non volatile
JP6593554B2 (ja) * 2016-12-22 2019-10-23 株式会社村田製作所 弾性表面波共振子、弾性表面波フィルタおよびデュプレクサ
US10896267B2 (en) * 2017-01-31 2021-01-19 Hewlett Packard Enterprise Development Lp Input/output data encryption
WO2019031025A1 (ja) * 2017-08-10 2019-02-14 ソニー株式会社 暗号化装置、暗号化方法、復号化装置、及び復号化方法
CN107516053B (zh) * 2017-08-25 2020-05-15 四川巧夺天工信息安全智能设备有限公司 针对主控芯片ps2251的数据加密方法
KR102628010B1 (ko) 2018-10-05 2024-01-22 삼성전자주식회사 가상 암호화 연산을 수행하는 암호화 회로
CN109450617A (zh) * 2018-12-06 2019-03-08 成都卫士通信息产业股份有限公司 加解密方法及装置、电子设备、计算机可读存储介质
CN110176988B (zh) * 2019-04-25 2022-04-08 中国人民解放军战略支援部队信息工程大学 保证冗余执行体加密行为一致的装置及方法
CN111859436B (zh) * 2020-07-29 2023-10-17 贵州力创科技发展有限公司 一种车辆保险反欺诈平台的数据安全加密方法
IT202100016910A1 (it) * 2021-06-28 2022-12-28 St Microelectronics Srl Procedimento per eseguire operazioni di crittografia in un dispositivo di elaborazione, corrispondenti dispositivo di elaborazione e prodotto informatico
CN114462102B (zh) * 2022-02-07 2025-07-15 支付宝(杭州)信息技术有限公司 数据处理方法和设备

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100031057A1 (en) * 2008-02-01 2010-02-04 Seagate Technology Llc Traffic analysis resistant storage encryption using implicit and explicit data
US7797751B1 (en) * 2006-03-27 2010-09-14 Oracle America, Inc. Nonce structure for storage devices
US20110191588A1 (en) * 2001-07-30 2011-08-04 Mr. Phillip W. Rogaway Method and apparatus for facilitating efficient authenticated encryption

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5511123A (en) * 1994-08-04 1996-04-23 Northern Telecom Limited Symmetric cryptographic system for data encryption
US6769063B1 (en) * 1998-01-27 2004-07-27 Nippon Telegraph And Telephone Corporation Data converter and recording medium on which program for executing data conversion is recorded
US6920562B1 (en) * 1998-12-18 2005-07-19 Cisco Technology, Inc. Tightly coupled software protocol decode with hardware data encryption
EP1252738A2 (en) 2000-01-31 2002-10-30 VDG Inc. Block encryption method and schemes for data confidentiality and integrity protection
JP4181724B2 (ja) * 2000-03-03 2008-11-19 日本電気株式会社 証明付再暗号シャッフル方法と装置、再暗号シャッフル検証方法と装置、入力文列生成方法と装置及び記録媒体
US6941456B2 (en) * 2001-05-02 2005-09-06 Sun Microsystems, Inc. Method, system, and program for encrypting files in a computer system
JP2004325677A (ja) * 2003-04-23 2004-11-18 Sony Corp 暗号処理装置および暗号処理方法、並びにコンピュータ・プログラム
US7325115B2 (en) * 2003-11-25 2008-01-29 Microsoft Corporation Encryption of system paging file
JP3998640B2 (ja) 2004-01-16 2007-10-31 株式会社東芝 暗号化及び署名方法、装置及びプログラム
US7697681B2 (en) 2004-02-06 2010-04-13 Nortel Networks Limited Parallelizable integrity-aware encryption technique
IL187046A0 (en) * 2007-10-30 2008-02-09 Sandisk Il Ltd Memory randomization for protection against side channel attacks
US20110055585A1 (en) * 2008-07-25 2011-03-03 Kok-Wah Lee Methods and Systems to Create Big Memorizable Secrets and Their Applications in Information Engineering
US8767957B1 (en) * 2008-10-29 2014-07-01 Purdue Research Foundation Communication encryption method and device
US9336160B2 (en) * 2008-10-30 2016-05-10 Qualcomm Incorporated Low latency block cipher
US8327134B2 (en) 2009-02-12 2012-12-04 International Business Machines Corporation System, method and program product for checking revocation status of a biometric reference template
US8589700B2 (en) * 2009-03-04 2013-11-19 Apple Inc. Data whitening for writing and reading data to and from a non-volatile memory
KR101517312B1 (ko) * 2011-02-09 2015-05-04 후지쯔 가부시끼가이샤 내장 기기에서의 정보 처리 장치, 및 정보 처리 방법
CN103051442B (zh) * 2012-10-16 2015-06-10 中国科学院软件研究所 采用Feistel-PG结构的密码装置及加密方法
CN103166752B (zh) * 2013-01-25 2016-04-27 国家密码管理局商用密码检测中心 选择轮函数为攻击对象进行sm4密码算法侧信道能量分析的应用
US9294266B2 (en) 2013-06-27 2016-03-22 Qualcomm Incorporated Method and apparatus to encrypt plaintext data

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110191588A1 (en) * 2001-07-30 2011-08-04 Mr. Phillip W. Rogaway Method and apparatus for facilitating efficient authenticated encryption
US7797751B1 (en) * 2006-03-27 2010-09-14 Oracle America, Inc. Nonce structure for storage devices
US20100031057A1 (en) * 2008-02-01 2010-02-04 Seagate Technology Llc Traffic analysis resistant storage encryption using implicit and explicit data

Also Published As

Publication number Publication date
US9294266B2 (en) 2016-03-22
US9712319B2 (en) 2017-07-18
JP6345237B2 (ja) 2018-06-20
JP2016523391A (ja) 2016-08-08
KR20160024965A (ko) 2016-03-07
US20160156461A1 (en) 2016-06-02
EP3014800A1 (en) 2016-05-04
CN105324956B (zh) 2019-02-01
EP3014800B1 (en) 2017-07-19
US20150006905A1 (en) 2015-01-01
CN105324956A (zh) 2016-02-10

Similar Documents

Publication Publication Date Title
US9712319B2 (en) Method and apparatus to encrypt plaintext data
US9515818B2 (en) Multi-block cryptographic operation
US7336783B2 (en) Cryptographic systems and methods supporting multiple modes
US9143317B2 (en) Protecting against white box attacks using column rotation
US20150019878A1 (en) Apparatus and Method for Memory Address Encryption
US8675866B2 (en) Multiplicative splits to protect cipher keys
JP2017504838A (ja) 暗号アルゴリズムに対するサイドチャネル攻撃への対抗策
US10277391B2 (en) Encryption device, encryption method, decryption device, and decryption method
US9692592B2 (en) Using state reordering to protect against white box attacks
CN111199047B (zh) 数据加密方法、解密方法、装置、设备及存储介质
US9264222B2 (en) Precomputing internal AES states in counter mode to protect keys used in AES computations
US9565018B2 (en) Protecting cryptographic operations using conjugacy class functions
EP3667647B1 (en) Encryption device, encryption method, decryption device, and decryption method
KR20190010251A (ko) 클라우드 스토리지 전송단계에서의 보안성 강화를 위한 lpes 방법 및 장치
US10678709B2 (en) Apparatus and method for memory address encryption
KR20170097509A (ko) 화이트 박스 암호화 기반의 연산 방법 및 그 방법을 수행하는 보안 단말
CN107534558A (zh) 用于保护经由数据总线传输的数据的信息安全的方法以及数据总线系统
CN106612170A (zh) Drm服务提供装置及方法、内容再现装置及方法
US8774402B2 (en) Encryption/decryption apparatus and method using AES rijndael algorithm
JP6167721B2 (ja) 暗号化装置、復号装置、暗号化方法、復号方法及びプログラム
KR20170005850A (ko) 암호 장치, 기억 시스템, 복호 장치, 암호 방법, 복호 방법, 암호 프로그램을 기록한 컴퓨터 판독 가능한 기록 매체 및 복호 프로그램을 기록한 컴퓨터 판독 가능한 기록 매체
KR20190041900A (ko) 암호화 장치 및 복호화 장치, 이들의 동작방법
US10360820B2 (en) Instrumentation privacy apparatus and method

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201480034284.4

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14828376

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
REEP Request for entry into the european phase

Ref document number: 2014828376

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2014828376

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2016523807

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: IDP00201600363

Country of ref document: ID

ENP Entry into the national phase

Ref document number: 20167002026

Country of ref document: KR

Kind code of ref document: A