WO2017076911A1  Key sequence generation for cryptographic operations  Google Patents
Key sequence generation for cryptographic operations Download PDFInfo
 Publication number
 WO2017076911A1 WO2017076911A1 PCT/EP2016/076436 EP2016076436W WO2017076911A1 WO 2017076911 A1 WO2017076911 A1 WO 2017076911A1 EP 2016076436 W EP2016076436 W EP 2016076436W WO 2017076911 A1 WO2017076911 A1 WO 2017076911A1
 Authority
 WO
 WIPO (PCT)
 Prior art keywords
 sub
 sequence
 function
 functions
 keys
 Prior art date
Links
Classifications

 H—ELECTRICITY
 H04—ELECTRIC COMMUNICATION TECHNIQUE
 H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
 H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
 H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for blockwise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
 H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation

 H—ELECTRICITY
 H04—ELECTRIC COMMUNICATION TECHNIQUE
 H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
 H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
 H04L2209/24—Key scheduling, i.e. generating round keys or subkeys for block encryption
Definitions
 the present disclosure relates to the generation from a main key of a sequence of sub keys for cryptographic operations. More specifically, although not exclusively, the present disclosure relates to a block cipher having a key schedule in accordance with the sequence and use of the block cipher for encryption and decryption of a message.
 BACKGROUND Cryptographic block ciphers such as DES or AES, whether implemented in hardware or in software, can be the target of physical attacks. In such attacks, an attacker gathers information of various types during the operation of the block cipher. Types of information used in such attacks include:
 This information can be used by the attacker to uncover the secret key used during the execution of the block cipher.
 Block ciphers operate on round keys, which are subkeys that are derived from the secret or main key according to a key schedule, by an algorithm typically referred to as the key schedule.
 round keys which are subkeys that are derived from the secret or main key according to a key schedule, by an algorithm typically referred to as the key schedule.
 sidechannel or fault attacks lead to the recovery of a round key.
 An attacker can target the execution of the key schedule (in which case the attack is likely to be a template attack that models the signal obtained from the sidechannel and its noise), the application of the block cipher in encryption or decryption, or both the key schedule and block cipher execution.
 the main key can be recovered from either operation using a single side channel attack or other attacks on a single subkey. Examples of possible attacks include side channel analysis (CPA  Correlation Power Analysis, DPA Differential Power Analysis), or DFA  Differential Fault Analysis of the encryption/decryption operation.
 a template sidechannel attack is an example of a feasible attack. In one approach proposed in the literature (P. Junod and S.
 a sequence of subkeys for cryptographic operations is generated from a main key, with each subkey being defined by respective bit values.
 the main key is operated on only once to generate the subkeys of the sequence, with a transformation, for example a sequence of operations comprising one or more oneway functions.
 the respective bit values of the subkeys of the sequence are set using respective bit values of the one or more oneway functions. For example, in some embodiments, each bit of the output of the one or more oneway functions is used only once to set a corresponding bit value of all the bit values of the subkeys. There is thus a one to one relationship between a bit value of the output of the one or more oneway functions and its corresponding bit value of the subkeys.
 deriving subkey bits from respective output bits of one or more oneway functions removes or at least reduces correlations between the main key and the sub keys, as well as between subkeys, making it harder or even impossible to recover the main key or other subkeys from a single subkey, for example as found using a side channel attack.
 the main key only once (rather than using the main key each time a subkey is generated)
 the vulnerability of the main key to a side channel attack is reduced, because the opportunities for recovering physical information that could lead to the discovery of the main key are reduced.
 a oneway function will be understood to be a function that is easy to compute to generate an output from an input (for example in the sense that the computational complexity is polynomial in time and space, or more practically, within a certain number of machine operations or time units seconds or milliseconds) and which is practically noninvertible meaning that is not realistic to find or reconstruct the input from the output (in the sense that the computational complexity might involve super polynomial effort, exceeding accessible resources).
 This is often referred to as preimage resistance.
 the output bits of a oneway function will be independent of each other in the sense that there is no information in the state of one bit regarding the state of other bits of the output.
 a oneway function in this context also has the properties of second preimage resistance and collision resistance.
 oneway functions (combinations of oneway functions) may be used in accordance with various embodiments. This includes, but is not limited to:
 Cryptographic hashes such as SHA1 , SHA256, RIPEMD160, SHA3, etc.
 the respective oneway functions used may be the same, or may be different from each other.
 the respective bit values of at least two of the subkeys are set in accordance with respective bit values of one oneway function, according to a predefined relationship. In this way, two or more subkeys can be generated by computation of a single oneway function.
 the respective bit values of all the sub keys of the sequence are set in accordance with respective bit values of one oneway function.
 all subkeys are generated by a single oneway function, requiring only a single use of the main key and ensuring that the main key is protected by the one way characteristics of the oneway function and that subkey bits and hence subkeys are independent of each other due to the independence of the output bits of the oneway function.
 operating on the main key generates a plurality of intermediate outputs using respective subfunctions.
 a oneway function applied to each intermediate output then generates a respective oneway output and one or more of the subkeys are generated from each oneway output.
 the intermediate outputs are generated by first applying a first sub function to the main key to generate a first intermediate output followed by repeatedly applying a next subfunction to the previous intermediate output to generate a next intermediate output.
 Respective oneway functions are applied to each intermediate output to generate corresponding one or more of the subkeys of the sequence.
 the processing from subfunction to the corresponding one or more subkeys may be done synchronously (computing a sub function and the corresponding subkey(s), then computing the next subfunction and corresponding subkey(s), and so on).
 all subfunctions may first be processed, storing the outputs (of the subfunction and/or the oneway function), and the subkeys may subsequently be generated from the stored values.
 all intermediate outputs are passed through a single oneway function (or even a single instance of the same oneway function), that is the first and the next oneway functions are the same function.
 the subfunctions may be mutually different or may all be the same, for example a bit operator such as a shift or rotation operator. Since each application of the subfunctions is cumulative in the sequence, the inputs to the oneway function(s) will vary with the sequence of repeated applications of the same function and hence produce a sequence of varying subkeys.
 the intermediate outputs are passed through a oneway function to generate the subkeys of the sequence, even for simple and possibly even repeating operations to generate the intermediate outputs, it will be at least as difficult to infer the main key or other subkeys from one recovered subkey as it is difficult to invert the oneway function(s).
 the main key since the main key is only used once to generate the first intermediate output, it is less prone to be discovered in a sidechannel attack or other physical attack.
 the main key can further be dissociated from the generated sub keys by passing it through a oneway function and passing the result to the first sub function, thereby increasing the difficulty of recovering the main key from a cryptanalysis starting from a subkey uncovered using sidechannel information.
 the reverse sequence may be used as a decryption sequence of subkeys that is the reverse of an encryption sequence of subkeys, to decrypt a message encrypted with a block cipher having a key schedule generating the encryption sequence of subkeys.
 an unencrypted message string is referred to here as a plaintext or plaintext message without any implication as to the content of the message being text but "text" rather referring to any string of symbols, alphanumeric or otherwise.
 the term ciphertext or ciphertext message is to be understood accordingly as an encrypted version of the message.
 a reverse sequence of a sequence of subkeys generated using a sequence of subfunctions that are invertible and have a composite function providing as an output the last intermediate output in the generation of the forward sequence of subfunctions the same process as above is followed with the first subfunction being the composite function and the next subfunctions being the respective inverse functions of the next subfunctions of the forward sequence, in reverse order. While the forward sequence has been described above as an encryption sequence and the reverse sequence as a decryption sequence, it will be appreciated that the roles can be swapped and that the efficient generation of corresponding forward and reverse sequences of subkeys may find wider application.
 subfunctions used in the generation of subkeys are not executed in a chained sequence as described above, each subsequent subfunction taking the output of the previous subfunction as an input, but rather the subfunctions are executed independently, for example asynchronously or in parallel. This means that each sub function needs to be supplied with its input independently.
 the main key is passed once through a further oneway function, for example a oneway function as discussed above, and the result is then supplied to each of the subfunctions, thus avoiding multiple reads of the main key.
 the subkeys are then generated from the output of the subfunctions via respective oneway functions or a shared oneway function, as described above.
 the subfunctions may comprise one or more of the above classes of functions.
 the subfunctions may comprise functions of the same one of the above classes or the same function varying in its parameters.
 the sub functions may be the identical and/or a single subfunction used repeatedly, in some embodiments. Any one of the above subfunctions may be combined with any one of the above oneway functions in accordance with various embodiments. In some
 the subfunction(s) are invertible tablelookup functions and the oneway function(s) are DavisMeyer constructions based on a lightweight permutation. While it is desirable for the subfunctions to be invertible to enable certain of the above embodiments that require the subfunctions to be inverted, this is not necessary in all embodiments.
 the oneway functions may be the same or some or all of the oneway functions may be mutually different. The same oneway function may be
 oneway function in the plural includes the singular in that all oneway functions may be the same single oneway function and may be implemented as a single logical or physical instance of that single oneway function.
 aspects of the disclosure include a block cipher with a key schedule defined by a sequence of subkeys (a sequence of generating subkeys) as described above, and the use of such a block cipher for encryption and decryption of messages.
 aspects of the disclosure include systems having means for implementing processing steps to generate sequences of subkeys and/or process (encrypt/decrypt) messages as described above; computer program products and signals encoding in physical form coded instructions that, when executed on a processor, implement processing steps as described above; and one or more tangible recordable media or memory devices, for example optical or magnetic discs or solid state devices, storing coded instructions that, when executed on a processor implement processing steps as described above.
 these aspects extend to the combination of such computer program products and signals, tangible recordable media and memory devices in combination with a processor for executing the instructions, for example in a general purpose computer.
 a device comprising a memory for storing the main key and at least one subkey; and a processor configured to implement processing steps as described above to generate sequences of subkeys and/or process
 Figures 1 to 4 illustrate different modes of a block cipher with a round key generator
 Figure 5 illustrates an implementation of a round key generator enabling parallel execution of subfunctions to generate round keys
 Figure 6 illustrates a recursive version of the implementation of Figure 5;
 Figure 7 illustrates an implementation of a round key generator with sequential execution of subfunctions
 Figure 8 illustrates an implementation of a round key generator with sequential execution of subfunctions to generate a reverse sequence of round keys
 Figure 9 illustrates a recursive version of the implementations of Figures 7 and 8.
 Figure 10 illustrates an implementation of a round key generator generating a sequence of round keys using a single oneway function.
 a block cipher 10 comprises a round key generator 200 taking as input a main key K stored in a register 100.
 the round key generator 200 generates a sequence 120 of round keys K 0 , K 2 ,..., K N1 .
 An encryption module 300 takes as input the sequence of round keys 120 and a plaintext from a register 400.
 the encryption module 300 encrypt the plaintext 400 with the first key in the sequence, then encrypts the result with the second key in the sequence, and so on for all keys in the sequence, and outputs a cipher text to a register 500 as a result.
 the encryption module 300 is replaced with a decryption module 302 taking as an input a cipher text from the register 500 and a decryption sequence 142 that is the reverse of the encryption sequence 140 of round keys 142.
 the decryption module 302 decrypts the cipher text 500 by applying the first key of the sequence 140 (the last key of the sequence 120) to the cipher text 500, then the second key 142 in the sequence 140 to the result of that operation, and so forth, until the last key in the sequence 140 is used to produce the plaintext 400.
 encryption and decryption modules of the block cipher 10 are implemented in the same device or circuit (in some embodiments sharing computational modules) or in different devices and circuits.
 the round keys are generated independently, that is each round key is stored separately to store the entire sequence 120, 140 of round keys, enabling the round keys of the sequence to be generated in any order or in parallel (and the decryption sequence to be generated by reading the encryption sequence in reverse order without further computation).
 the round keys are generated in sequence one at a time. While this is advantageous in requiring less memory to store the round keys and exposing only one round key at a time, it requires that the reverse sequence of round keys is computed again, while in embodiments as depicted in Figures 1 and 2, the stored round keys can simply be traversed in the reverse order.
 the main key K is passed through a oneway function 220, also referred to as x, and the result is then passed through a set 240 of subfunctions 242, also referred to as Fo , Fi , F 2 ,..., F N1 .
 the result of each subfunction 242 is then passed through a sub function 262, also referred to as H.
 each subfunction 242 may be fed to a common oneway function 262 common to all subfunctions, or each subfunction 242 may have a corresponding oneway function 262 to form a set of instances of oneway functions 260, which may all implement the same oneway function H, or different oneway functions, for example a different oneway function 262 for each subfunction 242.
 These operations result in a set of round keys 122 as the output of the one or more one way functions 262, in a sequence 120 of subkeys 122, also referred to as K 0 , K 1 : K 2 , .. . ,
 the decryption sequence can be obtained simply by reading the sequence 120 in reverse order in embodiments where the round keys 122 are all stored. In other embodiments, the decryption sequence can be obtained by generating the reverse sequence of round keys by running the subfunctions 242 in reverse order to the sequence 240, for example where only one round key is stored and generated on the fly. In some embodiments, irrespective of whether the round keys 122 are computed in one go or on the fly, the following functions are used for x, F and H, where p, q, p * , q * , pi and qi are large prime numbers:
 ) is at least 2048 bits.
 the others primes pi and qi are chosen similarly, for example such that log 2 (
 a random multiple of N * can be added to K on read out, or K can be stored with such a constant added, as, in embodiments using a mod N* operation as a first stage, this will not affect the output of x.
 a register 100 holding a value for the main key K is read by a module 220 implementing x.
 the module 220 calculates x(K) and stores it in internal register.
 a sub function module 610 configured to compute a subfunction F, for each iteration of key generation communicates with a register 620 holding a sequence of parameters, each defining a specific instance of F, for each iteration: F 0, Fi , ... F N2, F N1 .
 the subfunction module 610 passes its output to a oneway module 630 implementing the oneway function H to generate an output K, and store it in a register 640.
 the subfunction module 610 is configured such that it sends a trigger on a trigger connection 652 to module 220 to receive the value of x(K) again (alternatively this value may be stored in a register in sub function module 610 or elsewhere).
 the next parameter to define F i+1 is read from the register 620 and a value for K i+1 is calculated via oneway module 630.
 Embodiments described so far protect the main key by passing it through a first oneway function x and calculate the round keys 122 from this value as independent inputs to respective subfunctions 242.
 Alternative embodiments are now described with reference to Figures 7 to 9, in which a first subfunction 242 of the sequence of subfunctions 240 takes the main key K as an input and subsequent subfunctions F 2 , ... , F N1 244 to 248 (F r F 2 ,... , F N1 ) each take the output of the previous subfunction as an input, for example the subfunction 244 takes as input the output of the subfunction 242, and the sub function 246 takes as input the output of the subfunction 244, and so on.
 each subfunction 242 to 248 in the sequence 240 is again passed through a oneway function 262, as discussed above with reference to Figure 5 to produce in turn as an output a sequence 120 of round keys 122 to 128, again as described above with reference to Figure 5.
 F is chosen from the classes of functions described above specifically in some embodiments F,: is a table look up function
 the oneway function H(y) is chosen from the classes of functions described above, specifically in some embodiments, H (y) is a DavisMeyer construction based on a lightweight permutation.
 a first oneway function x as described above, may be interposed between K and the first subfunction 242 (F 0 ) of the sequence 240.
 the decryption sequence can be derived simply by reading the sequence 120 in reverse, in embodiments in which the individual round keys 122 to 128 remain stored. Where the round keys 122 to 128 are not available, they can of course be computed by the sequence of subfunctions 240, as described above, with results read in reverse order once computed. However, it may be desirable to begin the computation of the decryption sequence with the first round key of the decryption sequence, which is the last round key of the encryption sequence. This means that the first key to be used is available first, and enables embodiments in which round keys are computed on the fly and not stored.
 a first subfunction 252 of the reverse sequence 250 computes the composite function F ⁇ 0 ⁇ N i ⁇ of the subfunctions of the forward sequence 240 and the output is passed through a oneway function 262 to generate a first round key 128 in the reverse round key sequence 130, corresponding to the last round key 128 of the forward sequence 120, that is K N1 .
 the output of the subfunction 252 is also passed to the next subfunction 254 of the reverse sequence 250, which corresponds to the inverse function of the last function 248 of the forward sequence 240, F N1 "1 .
 the output of the subfunction 254 is again passed through a oneway function 262 to generate the next round key in the reverse sequence 130, K N2 , the penultimate round key in the forward sequence 120.
 the next subfunction 256 in the reverse sequence 250 corresponds to the inverse of the penultimate subfunction in the forward sequence 240, F N2 "1 , and is used to generate the next round key in the inverse sequence 130, and so forth, until the last subfunction in the reverse sequence 250 which corresponds to the inverse of the second subfunction in the forward sequence 240 is used to generate the last round key 122 in the reverse sequence 130, which is the first round key in the forward sequence 120.
 the subfunctions are required to be invertible and composable into a composite function.
 the sub functions are invertible table lookup functions or shift or rotation bit operators.
 the subfunctions of the sequence 240 may be all the same, single subfunction, used repeatedly, or may each be different, or a combination of the two.
 a register 100 holding a value for the main key K is read by a subfunction module 610.
 the subfunction module 610 also reads one or more parameters to define the function F, for the relevant iteration and evaluates Fi, supplying the result as an output to a oneway module 630 which calculates a oneway function of its input and stores the result as the round key K, in register 640.
 the module 610 also supplies its own output again to its input over a line 660 trigger the calculation of the next subfunction F i+1 and hence K i+1 via the oneway function module 630.
 the number of bits in the output of the oneway function(s) H must be equal to or greater than the number of bits of the round K,. It will, of course, be understood that in some embodiments the output of the oneway functions may have less bits than required for the subkeys. In such embodiments, for example where the number of output bits of the oneway function is 1 ⁇ 2 the number of bits required, or 1/m more generally, the processes above can be run twice or m times to generate the required bits.
 the output of two (m) oneway functions run one after the other can be combined to generate the sub keys in sequence, in effect grouping adjacent round keys (as illustrated in the figures) together to form a round key of sufficient bits.
 the number of bits in the output of H is at least mfold that of a single round key K, and m round keys are generated from the output of the oneway function H applied to a corresponding subfunction F,.
 the output bits of H are mapped to the bits of the K, by a predetermined relationship. For example, if the number of bits of K, is n, the first n bits of the output of H are used to set the bits of K 0 , the next n bits of the output of H are used to set the bits of Ki , and so forth. Other relationships are of course equally possible, for example using the first m bits of the output of H to set the first bits of all K,, using the second m bits of the output of H to set the second bits of K,, and so forth, or any other predetermined mapping.
 a single oneway function 280 produces an output with a sufficient number of bits to generate the required number of round keys K, in the sequence 120, that is there are m round keys in the sequence in terms of the above discussion. Since all round keys are generated from the output of a single oneway function, no subfunctions F, are required or, alternatively, the oneway function 280 can be seen as the combination of a single subfunction F, and a oneway function H. As illustrated in Figure 10 and described above, in some
 bits of contiguous blocks of the output of the oneway function 280 are used to define corresponding K, round keys, although other schemes of assigning oneway function output bits to round key bits are equally possible, as described above.
 a device for generating from a main key a sequence of subkeys for cryptographic operations, wherein each subkey is defined by respective bit values comprising a memory for storing the main and at least one subkey and a processor configured to:
 setting the respective bit values comprises setting the respective bit values of at least two of the subkeys in accordance with respective bit values of one of the one or more oneway functions according to a predefined relationship.
 setting the respective bit values comprises setting the respective bit values of all the subkeys of the sequence in accordance with respective bit values of the one of the one or more oneway function according to a predefined relationship.
 operating on the main key comprises generating a plurality of intermediate outputs and applying a oneway function to each intermediate output to generate a respective oneway output, and wherein the processor is configured to generate one or more of the subkeys from each oneway output.
 a device according to item 1 , 2 or 4, wherein the processor is configured to
 a device according to item 1 , 2 or 4, wherein the processor is configured to:
 a device configured to implement a block cipher with a key schedule defined by the sequence and to use the subkeys of the sequence as round keys in the block cipher.
 a device for generating from a main key related forward and reverse sequences of subkeys for use in cryptographic operations comprising a memory for storing the main key and at least one subkey and a processor configured according to item 5 to generate subkeys of the forward sequence,
 next subfunctions are applied in a forward next subfunction sequence
 processor is configured according to item 5 to generate from the main key a reverse sequence of subkeys
 the first subfunction is the composite function of the subfunctions of the forward subfunction sequence
 next subfunctions are applied in a reverse next subfunction sequence and the subfunctions of the reverse next subfunction sequence correspond to the respective inverse functions of the subfunctions of the forward next subfunctions sequence in reverse order.
 the block cipher having a key schedule comprising round keys applied in an encryption sequence, the encryption sequence of round keys being obtainable from a main key by a processor configured in accordance with item 5, wherein the next subfunctions are applied in an encryption next subfunction sequence and the first subfunction followed by the sub functions of the encryption next subfunction sequence define an encryption subfunction sequence
 the device comprising a memory for storing a main key and at least one sub key and a processor configured in accordance with item 5 to generate from the main key a decryption sequence of subkeys,
 the first subfunction is the composite function of the subfunctions of the encryption subfunction sequence
 next subfunctions are applied in a decryption next sub function sequence and the subfunctions of the decryption next subfunction sequence correspond to the respective inverse functions of the subfunctions of the encryption next subfunctions sequence in reverse order;
 a device for processing a message with a block cipher having a key schedule comprising a memory for storing a main key and at least one subkey and a processor configured to:
 the processor is configured in accordance with item 5 to generate round keys of the key schedule in an encryption sequence from a main key, wherein the next sub functions are applied in an encryption next subfunction sequence and the first sub function followed by the subfunctions of the encryption next subfunction sequence define an encryption subfunction sequence and wherein the processor is configured to
 the processor is further configured to
 the processor is configured in accordance with item 5 to generate from the main key a decryption sequence of subkeys, wherein the first subfunction is the composite function of the sub functions of the encryption subfunction sequence, and wherein the next subfunctions are applied in a decryption next subfunction sequence and the subfunctions of the decryption next subfunction sequence correspond to the respective inverse functions of the subfunctions of the encryption next subfunctions sequence in reverse order; and wherein the processor is configured to
 subkey generators encompasses other uses of subkey sequences generated from a main key in accordance with the disclosed embodiments of round key generators which can thus more generally be described as subkey generators.
Landscapes
 Engineering & Computer Science (AREA)
 Computer Security & Cryptography (AREA)
 Computer Networks & Wireless Communication (AREA)
 Signal Processing (AREA)
 Storage Device Security (AREA)
Abstract
Description
Claims
Priority Applications (9)
Application Number  Priority Date  Filing Date  Title 

MX2018005700A MX2018005700A (en)  20151106  20161102  Key sequence generation for cryptographic operations. 
US15/772,933 US10742394B2 (en)  20151106  20161102  Key sequence generation for cryptographic operations 
SG11201803741PA SG11201803741PA (en)  20151106  20161102  Key sequence generation for cryptographic operations 
KR1020187016055A KR102620649B1 (en)  20151106  20161102  Generating key sequences for cryptographic operations 
BR1120180091375A BR112018009137B1 (en)  20151106  20161102  METHOD FOR GENERATING A MAIN KEY FROM SUBKEYS FROM A SEQUENCE OF SUBKEYS FOR CRYPTOGRAPHIC OPERATIONS, DEVICE FOR GENERATING A MAIN KEY FROM SUBKEYS FROM A SEQUENCE OF SUBKEYS FOR CRYPTOGRAPHIC OPERATIONS, AND STORAGE MEDIUM READABLE BY COMPUTER NON TRANSIENT 
ES16788725T ES2911889T3 (en)  20151106  20161102  Generation of key sequences for cryptographic operations 
EP16788725.6A EP3371928B8 (en)  20151106  20161102  Key sequence generation for cryptographic operations 
CN201680077921.5A CN108476132B (en)  20151106  20161102  Method, apparatus and computer readable medium for key sequence generation for cryptographic operations 
US16/918,426 US11546135B2 (en)  20151106  20200701  Key sequence generation for cryptographic operations 
Applications Claiming Priority (2)
Application Number  Priority Date  Filing Date  Title 

GB1519612.4  20151106  
GBGB1519612.4A GB201519612D0 (en)  20151106  20151106  Key sequence generation for cryptographic operations 
Related Child Applications (2)
Application Number  Title  Priority Date  Filing Date 

US15/772,933 A371OfInternational US10742394B2 (en)  20151106  20161102  Key sequence generation for cryptographic operations 
US16/918,426 Continuation US11546135B2 (en)  20151106  20200701  Key sequence generation for cryptographic operations 
Publications (1)
Publication Number  Publication Date 

WO2017076911A1 true WO2017076911A1 (en)  20170511 
Family
ID=55132394
Family Applications (1)
Application Number  Title  Priority Date  Filing Date 

PCT/EP2016/076436 WO2017076911A1 (en)  20151106  20161102  Key sequence generation for cryptographic operations 
Country Status (10)
Country  Link 

US (2)  US10742394B2 (en) 
EP (1)  EP3371928B8 (en) 
KR (1)  KR102620649B1 (en) 
CN (1)  CN108476132B (en) 
BR (1)  BR112018009137B1 (en) 
ES (1)  ES2911889T3 (en) 
GB (1)  GB201519612D0 (en) 
MX (1)  MX2018005700A (en) 
SG (1)  SG11201803741PA (en) 
WO (1)  WO2017076911A1 (en) 
Cited By (1)
Publication number  Priority date  Publication date  Assignee  Title 

CN109067528A (en) *  20180831  20181221  阿里巴巴集团控股有限公司  Cryptooperation, method, cryptographic service platform and the equipment for creating working key 
Families Citing this family (9)
Publication number  Priority date  Publication date  Assignee  Title 

CN109347625B (en) *  20180831  20200424  阿里巴巴集团控股有限公司  Password operation method, work key creation method, password service platform and equipment 
CN110572251B (en) *  20190813  20200922  武汉大学  Template attack method and device template attack resistance evaluation method 
CN110704856B (en) *  20191009  20210820  成都安恒信息技术有限公司  Secret sharing method based on operation and maintenance auditing system 
CN111162907B (en) *  20191228  20230523  飞天诚信科技股份有限公司  Generation method of negotiation key and smart card device 
CN111342951B (en) *  20200209  20230314  深圳大学  Method and device for generating stream cipher system and terminal equipment 
CN112311527A (en) *  20200917  20210202  裴文耀  Encryption method for converting master key into polynomial table lattice key lookup 
EP4117221A1 (en) *  20210709  20230111  STMicroelectronics S.r.l.  Method for performing cryptographic operations in a processing device, corresponding processing device and computer program product 
CN115022000B (en) *  20220527  20231201  北京交大微联科技有限公司  Communication method and device of railway signal system and electronic equipment 
CN115017530B (en) *  20220808  20221216  创云融达信息技术(天津)股份有限公司  Data security storage device and method 
Citations (5)
Publication number  Priority date  Publication date  Assignee  Title 

WO1998031122A1 (en) *  19970108  19980716  Bell Communications Research, Inc.  A method and apparatus for generating secure hash functions 
US6185679B1 (en) *  19980223  20010206  International Business Machines Corporation  Method and apparatus for a symmetric block cipher using multiple stages with type1 and type3 feistel networks 
US20080304664A1 (en) *  20070607  20081211  Shanmugathasan Suthaharan  System and a method for securing information 
US20090245510A1 (en) *  20080325  20091001  Mathieu Ciet  Block cipher with security intrinsic aspects 
EP2197144A1 (en) *  20081215  20100616  Thomson Licensing  Methods and devices for a chained encryption mode 
Family Cites Families (6)
Publication number  Priority date  Publication date  Assignee  Title 

US6185673B1 (en)  19980630  20010206  Sun Microsystems, Inc.  Apparatus and method for array bounds checking with a shadow register file 
EP1997265B1 (en) *  20060310  20200805  Irdeto B.V.  Integrity of a data processing system using whitebox for digital content protection 
CN1878059A (en) *  20060707  20061213  北京财富投资有限公司  Grouping encryption and decryption algorithm 
US8130946B2 (en) *  20070320  20120306  Michael De Mare  Iterative symmetric key ciphers with keyed Sboxes using modular exponentiation 
EP2507708B1 (en) *  20091204  20190327  Cryptography Research, Inc.  Verifiable, leakresistant encryption and decryption 
CN101895389B (en) *  20100716  20120606  黑龙江大学  Methods for encrypting and decrypting combined coding based file by adopting proportion calculation 

2015
 20151106 GB GBGB1519612.4A patent/GB201519612D0/en not_active Ceased

2016
 20161102 BR BR1120180091375A patent/BR112018009137B1/en active IP Right Grant
 20161102 CN CN201680077921.5A patent/CN108476132B/en active Active
 20161102 EP EP16788725.6A patent/EP3371928B8/en active Active
 20161102 KR KR1020187016055A patent/KR102620649B1/en active IP Right Grant
 20161102 WO PCT/EP2016/076436 patent/WO2017076911A1/en active Application Filing
 20161102 US US15/772,933 patent/US10742394B2/en active Active
 20161102 ES ES16788725T patent/ES2911889T3/en active Active
 20161102 SG SG11201803741PA patent/SG11201803741PA/en unknown
 20161102 MX MX2018005700A patent/MX2018005700A/en unknown

2020
 20200701 US US16/918,426 patent/US11546135B2/en active Active
Patent Citations (5)
Publication number  Priority date  Publication date  Assignee  Title 

WO1998031122A1 (en) *  19970108  19980716  Bell Communications Research, Inc.  A method and apparatus for generating secure hash functions 
US6185679B1 (en) *  19980223  20010206  International Business Machines Corporation  Method and apparatus for a symmetric block cipher using multiple stages with type1 and type3 feistel networks 
US20080304664A1 (en) *  20070607  20081211  Shanmugathasan Suthaharan  System and a method for securing information 
US20090245510A1 (en) *  20080325  20091001  Mathieu Ciet  Block cipher with security intrinsic aspects 
EP2197144A1 (en) *  20081215  20100616  Thomson Licensing  Methods and devices for a chained encryption mode 
NonPatent Citations (3)
Title 

JUNOD PASCAL ET AL: "FOX : A New Family of Block Ciphers", 9 August 2004, NETWORK AND PARALLEL COMPUTING; [LECTURE NOTES IN COMPUTER SCIENCE; LECT.NOTES COMPUTER], SPRINGER INTERNATIONAL PUBLISHING, CHAM, PAGE(S) 114  129, ISBN: 9783642279966, ISSN: 03029743, XP047373883 * 
P. JUNOD; S. VAUDENAY: "Selected Areas in Cryptography", 9 August 2004, SPRINGERVERLAG, article "FOX: a new family of block ciphers" 
RIJMEN VINCENT ET AL: "The cipher SHARK", 21 February 1996, NETWORK AND PARALLEL COMPUTING; [LECTURE NOTES IN COMPUTER SCIENCE; LECT.NOTES COMPUTER], SPRINGER INTERNATIONAL PUBLISHING, CHAM, PAGE(S) 99  111, ISBN: 9783642234460, ISSN: 03029743, XP047294329 * 
Cited By (3)
Publication number  Priority date  Publication date  Assignee  Title 

CN109067528A (en) *  20180831  20181221  阿里巴巴集团控股有限公司  Cryptooperation, method, cryptographic service platform and the equipment for creating working key 
CN109067528B (en) *  20180831  20200512  阿里巴巴集团控股有限公司  Password operation method, work key creation method, password service platform and equipment 
US11128447B2 (en)  20180831  20210921  Advanced New Technologies Co., Ltd.  Cryptographic operation method, working key creation method, cryptographic service platform, and cryptographic service device 
Also Published As
Publication number  Publication date 

MX2018005700A (en)  20181211 
CN108476132B (en)  20211119 
GB201519612D0 (en)  20151223 
EP3371928B1 (en)  20220406 
US11546135B2 (en)  20230103 
CN108476132A (en)  20180831 
US20210021405A1 (en)  20210121 
BR112018009137B1 (en)  20231226 
EP3371928B8 (en)  20220518 
SG11201803741PA (en)  20180628 
KR20180081559A (en)  20180716 
BR112018009137A2 (en)  20181106 
ES2911889T3 (en)  20220523 
US20180316490A1 (en)  20181101 
EP3371928A1 (en)  20180912 
KR102620649B1 (en)  20240103 
US10742394B2 (en)  20200811 
BR112018009137A8 (en)  20190226 
Similar Documents
Publication  Publication Date  Title 

US11546135B2 (en)  Key sequence generation for cryptographic operations  
Gueron et al.  Fast garbling of circuits under standard assumptions  
US10320554B1 (en)  Differential power analysis resistant encryption and decryption functions  
Mathur et al.  AES based text encryption using 12 rounds with dynamic key selection  
US8942371B2 (en)  Method and system for a symmetric block cipher using a plurality of symmetric algorithms  
US8428251B2 (en)  System and method for stream/block cipher with internal random states  
JP7031580B2 (en)  Cryptographic device, encryption method, decryption device, and decryption method  
US9565018B2 (en)  Protecting cryptographic operations using conjugacy class functions  
Aldaya et al.  AES TBox tampering attack  
Huang et al.  A novel structure with dynamic operation mode for symmetrickey block ciphers  
Murtaza et al.  Fortification of aes with dynamic mixcolumn transformation  
Patel et al.  Hybrid security algorithms for data transmission using AESDES  
Singh et al.  Study & analysis of cryptography algorithms: RSA, AES, DES, TDES, blowfish  
WO2022096141A1 (en)  Method for processing encrypted data  
Landge et al.  VHDL based Blowfish implementation for secured embedded system design  
CN111740818A (en)  Data processing method, device, equipment and storage medium  
Putra et al.  Performance Analysis Of The Combination Of Advanced Encryption Standard Cryptography Algorithms With Luc For Text Security  
WO2017036251A1 (en)  Advanced encryption standard encryption and decryption method, device, and storage medium  
Khalil et al.  Modify PRESENT Algorithm by New technique and key Generator by External unit  
Latif et al.  Implementation of Hybrid Cryptosystem using AES256 and SHA2 256 by LabVIEW  
Adebayo  A Multilevel Data Encryption Standard Cryptosystem with Residue Number System  
Tanougast et al.  VLSI architecture and FPGA implementation of a hybrid messageembedded selfsynchronizing stream cipher  
JP5818768B2 (en)  Mask generation apparatus, information processing apparatus, method thereof, and program  
Liu et al.  Analysis of the Reconfiguration Feature of Cryptographic Algorithms  
CN117499010A (en)  Data processing method and device 
Legal Events
Date  Code  Title  Description 

121  Ep: the epo has been informed by wipo that ep was designated in this application 
Ref document number: 16788725 Country of ref document: EP Kind code of ref document: A1 

WWE  Wipo information: entry into national phase 
Ref document number: 15772933 Country of ref document: US 

WWE  Wipo information: entry into national phase 
Ref document number: 11201803741P Country of ref document: SG 

WWE  Wipo information: entry into national phase 
Ref document number: MX/A/2018/005700 Country of ref document: MX 

NENP  Nonentry into the national phase 
Ref country code: DE 

REG  Reference to national code 
Ref country code: BR Ref legal event code: B01A Ref document number: 112018009137 Country of ref document: BR 

ENP  Entry into the national phase 
Ref document number: 20187016055 Country of ref document: KR Kind code of ref document: A 

WWE  Wipo information: entry into national phase 
Ref document number: 1020187016055 Country of ref document: KR 

WWE  Wipo information: entry into national phase 
Ref document number: 2016788725 Country of ref document: EP 

ENP  Entry into the national phase 
Ref document number: 112018009137 Country of ref document: BR Kind code of ref document: A2 Effective date: 20180504 