Patent Grant
11146397
Data may be encrypted for many different reasons, such as, for example, for purposes of securing communications, protecting sensitive data (data representing social security numbers, salaries, account information, and so forth), and so forth. One way to encrypt and decrypt data is through public key cryptography, which uses a pair of keys: a public key, which, as the name implies, is widely disseminated; and a private keys, which is known to the owner(s) of the data. One type of public key cryptography system is Elliptic Curve Cryptography (ECC), which is based on the algebraic structure of elliptic curves over finite fields.
Elliptic curve cryptography is based on the algebraic structure of elliptic curves over finite fields. In general, an elliptic curve is a plane curve, which consists of the points that satisfy the following equation:
y2+xy=x3+ax2+b, Eq. 1
excluding cusps and self-intersections. In Eq. 1, the Cartesian coordinates (x,y) represent a point of the elliptic curve; and “a” and “b” are coefficients. The elliptic curve has a point at infinity. In this manner, the point at infinity acts like the value zero when performing calculations on the elliptic curve, so that if “O” represents the point at infinity, then P+O=P for all points on the elliptic curve, similar to the relationship of x+0=x for real numbers.
Elliptic curve calculations may involve modular inversions, which may be relatively expensive (from the standpoint of computing resources). For purposes of incorporating the point at infinity O and avoiding such expensive modular inversions, the points on an elliptic curve may alternatively be represented by projective coordinates. In this representation, instead of representing a point on the elliptic curve as a pair of Cartesian coordinates (x,y), three projective coordinates are instead used, such as, for example, coordinates (X,Y,Z). In this representation, the non-projective coordinates (x,y) coordinates are related to the projective coordinates (X,Y,Z) as follows:
It is noted that the relationship between the non-projective and projective points of the elliptic curve may be represented in other manners. For example, the relationship may be a nonlinear relationship (x=X/Z3 and y=Y/Z3, for example).
Using the projective coordinate representation of the points of the elliptic curve, the point at infinity O may be represented as Z=0, with the division by zero in x=X/Z or y=Y/Z indicating the point at infinity.
Thus, with elliptic curve cryptography (ECC), ciphertext may be represented as projective coordinates of an elliptic curve. It is noted that the elliptic curve cryptography is one example of abelian variety-based cryptography, or cryptography that is based on the algebraic structure of an abelian variety curve. As another example, abelian variety-based cryptography may be based on the algebraic structure of a hyperelliptic curve.
In accordance with example implementations that are described herein, metadata may be encoded into projective coordinates that represent abelian variety-based ciphertext. In this context, “abelian variety-based ciphertext” refers to data that has been encrypted based on the algebraic structure of an abelian variety curve. Moreover, “metadata” refers to data that represents information about other data (here, the ciphtertext). In this manner, a set of projective coordinates may represent ciphertext, and the ciphertext may be encoded with metadata, which represents an attribute (key version used to encrypt or decrypt the ciphertext, for example) of the ciphertext.
In accordance with example implementations, the metadata encoding takes advantage of the non-uniqueness of the projective coordinate representation. In this manner, the representation of given point of an abelian variety curve by the projective coordinates (X,Y,Z) coordinates is not unique, as the point of infinity coordinate, Z, may have an arbitrary value. For example, Z may be equal to “1” and using the relationships that are set forth above in Eqs. 1 and 2, the Cartesian coordinates of (1,2) may be represented as (1,2,1). However, other values of Z may be used to represent the coordinates of (1,2). In this manner, based on the relationships of Eqs. 1 and 2, values of Z=2 and Z=3 may be selected to alternatively represent the coordinates of (1,2) as (2,4,2) and (3,6,3). In accordance with example implementations, by varying the value of Z, metadata may be embedded into the projective coordinates.
For example, a key version of “3” may be encoded into the ciphertext. In this manner, for ciphertext represented by the coordinates (1,2), Z may be set equal to “3,” and the transformations that are described above in Eqs. 1 and 2 may be applied to generate the metadata-encoded ciphertext of (3,6,3).
As a more specific example,
In general, hosts 150 may communicate read and write requests to the secure data storage system 110, which cause initiator nodes 134 of the secure data storage system 110 to read and write data to and from the database 121. In this manner, the initiator node 134 is a processing node, which may handle the processing of a request (a read or write request, for example) from a given host 150, identify the target node or nodes 120 associated with the request, and perform the corresponding read and/or writes to the target node(s) 120.
In accordance with example implementations, the hosts 150 communicate with the secure data storage system 110 via network fabric 140. The network fabric 140 may include any type any type of wired or wireless communication network, including cellular networks (e.g., Global System for Mobile Communications (GSM), 3G, Long Term Evolution (LTE), Worldwide Interoperability for Microwave Access (WiMAX), etc.), digital subscriber line (DSL) networks, cable networks (e.g., coaxial networks, fiber networks, etc.), telephony networks, local area networks (LANs) or wide area networks (WANs), global networks (e.g., the Internet), or any combination thereof. Moreover, in accordance with example implementations, the network fabric 140 may include any number of network devices for purposes of facilitating communications between the hosts 150 and the secure data storage system 110. Moreover, a given host 150 may be any electronic device that may interact with the secure data storage system 110, such as, as examples, a desktop computer, a laptop computer, a smartphone, a wearable device (a watch, for example), a client, a server, a thin client, a tablet computer, and so forth.
In accordance with example implementations, the hosts 150 may communicate unencrypted data (called “plaintext data” herein) with the secure data storage system 110. For example, a host 150 may communicate a write request to the secure data system 110, the write request may include plaintext data, and the secure data storage system 110 may encrypt the plaintext data to form ciphertext data that is stored in the storage database 121. As another example, a host 150 may communicate a read request to the secure data system 110, and the secure data storage system 110 may retrieve ciphertext data from the secure data storage system 110 corresponding to the read request. The secure data storage system 110 may then decrypt the ciphertext to form plaintext data, which the secure data storage system 110 communicates to the host 110.
Although example implementations are described herein in which cryptographic operations are performed in the secure data storage system 110, in accordance with further example implementations, the hosts 150 may communicate ciphertext data with the secure data storage system 110; and the hosts 150 may perform cryptographic operations that are similar to the operations that are described below as being performed by the secure data storage system 110. Moreover, in accordance with further example implementations, the hosts 150 and the secure data storage system 110 may both perform cryptographic operations as described herein.
In accordance with example implementations, one or multiple initiator nodes 134 include an elliptic curve-based cryptography engine 152. In general, the cryptography engine 152 encrypts plaintext data (to generate ciphertext data) and decrypts ciphertext data (to generate plaintext data) based on the algebraic structure of elliptic curves over finite fields. In this manner, the elliptic curve-based cryptography engine 152 may encrypt plaintext data that is communicated from the hosts 150 for purposes of providing ciphertext data that is stored in the storage database 121; and the elliptic curve-based cryptography engine 152 may decrypt ciphertext data that is read from the storage database 121 to provide corresponding plaintext data that is communicated to the hosts 150.
In accordance with example implementations, the ciphertext data represents ciphertext and metadata, i.e., the ciphertext data is encoded with the metadata. Moreover, in accordance with example implementations, the ciphertext is the format of projective coordinates (X,Y,Z), which correspond to points of an elliptic curve; and the metadata represents one or multiple attributes that are associated with the ciphertext.
As depicted in
As a more specific example, in accordance with some implementations, the metadata may represent a version of a key that is used to encrypt the plaintext data and/or decrypt the ciphertext data. In this manner, the elliptic function-based cryptography engine 152 may encrypt the plaintext data using a key that is provided by a secure key manager 160 of the secure database storage system 110. Moreover, when decrypting data read from the storage database 121, the elliptic function-based cryptography engine 152 may retrieve the appropriate key from the key manager 160 for purposes of decrypting the ciphertext data to produce corresponding plaintext that is provided to the requesting host 150. In accordance with example implementations, the ciphertext data that is read from the database 121 may be associated with a particular version of a key. In other words, although the elliptic function-based cryptography engine 152 may be aware of a particular key to be used to decrypt the ciphertext data read from the database 121, the particular version of the key may vary.
In accordance with example implementations, when the elliptic curve-based cryptography engine 152 encrypts plaintext data to generate corresponding ciphertext data, the metadata encoder 156 encodes the ciphertext data with metadata that represents the version of the key, which is used in the encryption. More specifically, in accordance with some implementations, the infinity point Z may represent a particular key version.
For example, in accordance with some implementations, the elliptic curve-based cryptography engine 152 may first generate ciphertext, i.e., generate projective coordinates, based on Z being “1.” The metadata encoder 156, in turn, may transform these projective coordinates by changing Z to represent the key version and changing X and Y based on the new value for “Z.” As a more specific example, for a key version “3” and the transformations that are defined by Eqs. 1 and 2, the metadata encoder 156 may convert the ciphertext projective coordinates of (2,1,1) into metadata encoded ciphertext projective coordinates of (6,3,3). It is noted that is also equivalent to the elliptic curve point of (2,1).
The metadata decoder 154, in accordance with example implementations, applies the inverse operation. For the example that is set forth above, the metadata decoder 154 may decode the projective coordinate of (6,3,3) to coordinates that are based on Z being equal to “1.” By doing so, the metadata decoder 154 may extract the key version of “3.”
In accordance with example implementations, the initiator node 134 is an actual physical machine that is made up of actual hardware and machine executable instructions (or “software”). In general, the initiator node 134 may include, for example, one or multiple processors 135 (one or multiple central processing units (CPUs), one or multiple CPU processing cores, and so forth) and a memory 137. In general, the memory 137 may store data 139 pertaining to preliminary, intermediate, or final results associated with perations of the elliptic function-based cryptography engine 152, as described herein.
The memory 137 may store machine executable instructions 141 (or “software”). In this manner, one or multiple processor(s) 135 may execute the machine executable instructions 141 for purposes of forming one or multiple software components of the initiator node 134, such as, for example, the elliptic function-based cryptography engine 152, the metadata encoder 156, the metadata decoder 154, and so forth.
In accordance with example implementations, the memory 137 is a non-transitory storage medium and may be formed from, as examples, semiconductor storage devices, phase change memory devices, memristors, volatile memory devices, non-volatile memory devices, storage devices associated with other storage technologies, a combination of storage devices selected from one or more of the foregoing storage technologies, and so forth.
Thus, the initiator node 134, in accordance with example implementations, may be software-based, in that one or multiple hardware processors of the node 134 may execute machine executable instructions that are stored in a non-transitory storage medium for purposes of performing the encryption, decryption, metadata encoding and metadata decoding, as described herein. In accordance with further example implementations, one or multiple functions of the initiator node 134 may be formed from a hardware circuit that does not execute machine executable instructions, such as a field programmable gate array (FPGA), an application specific integrated circuit (ASIC), and so forth. For example, in accordance with some implementations, the elliptic function-based cryptography engine 152 may be formed from such a hardware circuit. As other examples, the metadata encoder 156 and/or the metadata decoder 154 may be such hardware circuits.
Although the initiator node 134 is depicted in
Referring to
Referring to
Although specific examples have been set forth herein describing the metadata representing the version of a key, the metadata may represent one or multiple other attributes associated with the ciphertext, in accordance with further example implementations. For example, in accordance with further example implementations, the metadata may represent an address associated with the key, i.e., may represent a location of the key. More specifically, in accordance with some implementations, the metadata may represent a Uniform Resource Locator (URL) address for retrieving the key. In accordance with further example implementations, the metadata may represent attributes not associated with a particular key. For example, in accordance with some implementations, the metadata may represent a particular policy associated with the encryption or, as another example, a particular policy or version associated with a digital signature.
In accordance with further example implementations, the cryptography may be based on the algebraic structure of an abelian variety curve other than an elliptic curve. For example, in accordance with further implementations, the cryptography may be based on the algebraic structure of a hyperelliptic curve.
Among the advantages of the techniques and systems that are described herein, the metadata decoding/encoding is a format preserving encryption (FPE) that preserves the format of the plaintext data in the ciphertext data. In this manner, FPE refers to a type of encryption in which the format of the plaintext data is the same as the format of the encrypted data. For example, a 16 digit credit card number may be encrypted pursuant to FPE so that the corresponding ciphertext data also has a 16 digit value. The metadata encoding described herein may be performed without consuming any additional storage, as the metadata-encoded ciphertext may have the same data structure and size as ciphertext data that has not be encoded with the metadata. Other and different advantages may be possible using the techniques and systems that are described herein, in accordance with further implementations.
Thus, referring to
Referring to
In accordance with example implementations, an apparatus 600 includes a processor 610 and a memory 620 to store instructions 624 that, when executed by the processor 610, cause the processor 610 to determine an elliptic curve point representing ciphertext; and encode metadata into coordinates representing the elliptic curve point to represent an attribute associated with the ciphertext.
While the present disclosure has been described with respect to a limited number of implementations, those skilled in the art, having the benefit of this disclosure, will appreciate numerous modifications and variations therefrom. It is intended that the appended claims cover all such modifications and variations
| Number | Name | Date | Kind |
|---|---|---|---|
| 5577124 | Anshel | Nov 1996 | A |
| 6141420 | Vanstone | Oct 2000 | A |
| 6243467 | Reiter | Jun 2001 | B1 |
| 6307935 | Crandall | Oct 2001 | B1 |
| 6480606 | Kurumatani | Nov 2002 | B1 |
| 6490352 | Schroeppel | Dec 2002 | B1 |
| 6876745 | Kurumatani | Apr 2005 | B1 |
| 6947557 | Megiddo | Sep 2005 | B1 |
| 6959382 | Kinnis | Oct 2005 | B1 |
| 7162033 | Coron | Jan 2007 | B1 |
| 7200225 | Schroeppel | Apr 2007 | B1 |
| 7499544 | Jao | Mar 2009 | B2 |
| 8078869 | Adams | Dec 2011 | B2 |
| 8358779 | Sun | Jan 2013 | B1 |
| 8369517 | Venelli | Feb 2013 | B2 |
| 8566247 | Nagel | Oct 2013 | B1 |
| 8619977 | Douguet | Dec 2013 | B2 |
| 8731187 | Lauter | May 2014 | B2 |
| 8855317 | Rong | Oct 2014 | B2 |
| 8862879 | Lerner | Oct 2014 | B2 |
| 9137025 | Lambert | Sep 2015 | B2 |
| 9596263 | Brooker et al. | Mar 2017 | B1 |
| 9660978 | Truskovsky | May 2017 | B1 |
| 10263997 | Roth | Apr 2019 | B2 |
| 10374809 | Dasarakothapalli | Aug 2019 | B1 |
| 20020051545 | Ogilvie | May 2002 | A1 |
| 20020099663 | Yoshino | Jul 2002 | A1 |
| 20020108041 | Watanabe | Aug 2002 | A1 |
| 20020129242 | Abbott | Sep 2002 | A1 |
| 20020178371 | Kaminaga | Nov 2002 | A1 |
| 20030081785 | Boneh | May 2003 | A1 |
| 20030084292 | Pierce | May 2003 | A1 |
| 20030179885 | Gentry | Sep 2003 | A1 |
| 20030189731 | Chang | Oct 2003 | A1 |
| 20040034771 | Edgett | Feb 2004 | A1 |
| 20040247114 | Joye | Dec 2004 | A1 |
| 20050094806 | Jao | May 2005 | A1 |
| 20050267926 | Al-Khoraidly | Dec 2005 | A1 |
| 20060015754 | Drehmel | Jan 2006 | A1 |
| 20060056619 | Billet | Mar 2006 | A1 |
| 20060093137 | Izu | May 2006 | A1 |
| 20060104447 | Lauter | May 2006 | A1 |
| 20060120528 | Weng | Jun 2006 | A1 |
| 20070121933 | Futa | May 2007 | A1 |
| 20070127721 | Atallah | Jun 2007 | A1 |
| 20070248224 | Buskey | Oct 2007 | A1 |
| 20080049937 | Pauker | Feb 2008 | A1 |
| 20080084997 | Lauter | Apr 2008 | A1 |
| 20080260143 | Ibrahim | Oct 2008 | A1 |
| 20080288788 | Krig | Nov 2008 | A1 |
| 20090034720 | Baek | Feb 2009 | A1 |
| 20090144557 | Sutton | Jun 2009 | A1 |
| 20090180611 | Douguet | Jul 2009 | A1 |
| 20090185677 | Bugbee | Jul 2009 | A1 |
| 20100040225 | Venelli | Feb 2010 | A1 |
| 20100195821 | Fischer | Aug 2010 | A1 |
| 20100215174 | Orlando | Aug 2010 | A1 |
| 20100223186 | Hogan | Sep 2010 | A1 |
| 20100310066 | Joye | Dec 2010 | A1 |
| 20100322422 | Al-Gahtani | Dec 2010 | A1 |
| 20110058675 | Brueck | Mar 2011 | A1 |
| 20110170684 | Lauter | Jul 2011 | A1 |
| 20120008780 | Al-Somani | Jan 2012 | A1 |
| 20120023329 | Yamamoto | Jan 2012 | A1 |
| 20120166807 | Shear | Jun 2012 | A1 |
| 20120213361 | Lim | Aug 2012 | A1 |
| 20120237030 | Ghouti | Sep 2012 | A1 |
| 20120254997 | Norrman | Oct 2012 | A1 |
| 20120297189 | Hayton | Nov 2012 | A1 |
| 20130081143 | Hayashi | Mar 2013 | A1 |
| 20130121487 | Lorberbaum | May 2013 | A1 |
| 20130202104 | Ghouti | Aug 2013 | A1 |
| 20130326602 | Chen | Dec 2013 | A1 |
| 20140064491 | Ghouti | Mar 2014 | A1 |
| 20140105381 | Al-Somani | Apr 2014 | A1 |
| 20140129824 | Paris | May 2014 | A1 |
| 20140380054 | Roth | Dec 2014 | A1 |
| 20150318865 | Rotge | Nov 2015 | A1 |
| 20150379286 | Nordback | Dec 2015 | A1 |
| 20160149703 | Al-Somani | May 2016 | A1 |
| 20160218860 | Murray | Jul 2016 | A1 |
| 20160241389 | Le Saint | Aug 2016 | A1 |
| 20160328543 | Hoogerbrugge | Nov 2016 | A1 |
| 20160352518 | Ford | Dec 2016 | A1 |
| 20170006392 | Pedersen | Jan 2017 | A1 |
| 20170063528 | Seo | Mar 2017 | A1 |
| 20170063853 | Lim | Mar 2017 | A1 |
| 20170083716 | Sun | Mar 2017 | A1 |
| 20170126642 | Basin et al. | May 2017 | A1 |
| 20170201384 | Ignatchenko | Jul 2017 | A1 |
| 20180034786 | Srinivasan | Feb 2018 | A1 |
| 20180063105 | Poon | Mar 2018 | A1 |
| 20180083933 | Mullen | Mar 2018 | A1 |
| 20180139041 | Choi | May 2018 | A1 |
| 20180176017 | Rodriguez | Jun 2018 | A1 |
| 20180254893 | Saxena | Sep 2018 | A1 |
| 20180302400 | Covdy | Oct 2018 | A1 |
| 20180330079 | Gray | Nov 2018 | A1 |
| 20180359227 | Trantham | Dec 2018 | A1 |
| 20180375663 | Le Saint | Dec 2018 | A1 |
| 20190005262 | Surla | Jan 2019 | A1 |
| 20190034643 | Kludy | Jan 2019 | A1 |
| 20190087587 | Li | Mar 2019 | A1 |
| 20190132129 | Martin | May 2019 | A1 |
| 20200259648 | Koziel | Aug 2020 | A1 |
| Number | Date | Country |
|---|---|---|
| 106936770 | Jul 2017 | CN |
| Entry |
|---|
| Mihir Bellare, Message-Recovery Attacks on Feistel-Based Format Preserving Encryption, CCS'16, Vienna, Austria, Oct. 24-28, 2016, 24 pages; http://dx.doi.org/10.1145/2976749.2978390. |
| Tragos,Elias; “Securing the Internet of Things—Security and Privacy in a Hyperconnected World”; ResearchGate, Bulding the Hyperconnected Society; published before Apr. 7, 2016, 32 pp. |
| Number | Date | Country | |
|---|---|---|---|
| 20190132129 A1 | May 2019 | US |
