The invention relates to a method for performing symmetric stream encryption of data using a keystream and for transmitting the encrypted data, wherein the keystream is generated using at least one feedback shift register, which is filled with a defined bit sequence to initialize it.
The invention further relates to a corresponding method for decrypting data that has been encrypted using symmetric stream encryption.
The invention further relates to a device for encrypting data by symmetric stream encryption using a keystream, wherein at least one feedback shift register that is initialized each time by filling with a defined bit sequence is provided to generate the keystream. The invention further relates to a device for decrypting data that has been encrypted using symmetric stream encryption.
Stream encryption is the term used for a cryptographic algorithm in which plain text characters are combined individually with the characters of a keystream. In the case of stream encryption of digital data—when only the symbols 0 and 1 are used—the plain text stream is combined with the keystream using the XOR function. The keystream is a pseudo-random character string. Most stream ciphers use a symmetric key. The key determines the initial state of the system.
As a rule, at least one feedback shift register is used to generate the keystream. Linear feedback shift registers can be implemented efficiently either directly in hardware such as FPGAs, or in software. Feedback shift registers are fast and produce pseudo-random sequences with good statistical properties. A feedback shift register in digital equipment has the form of a shift register with n storage elements. The individual storage elements are typically D flip-flops, which can each store one bit. Unlike a conventional shift register, there are branches between certain D flip-flops, which represent the back coupling. Usually, one XOR function is used for each back coupling. However, an XNOR operation can also be used instead of the XOR operation.
To initialize, the shift register may be filled with XOR back coupling having any values, which determine the keystream generated subsequently by the shift register. Like any other shift register, the feedback shift register also has a clock input: A change is made to the next state at each clock pulse, that is to say when a bit is to be output all the bits in the shift register are shifted by one storage location; the new bit at the end of the shift register is calculated on the basis of the other bits. This process counts like a clock. 2n-1 clock pulses are necessary to make a complete cycle through all combinations. Such a code sequence thus has a length of 2n-1 bits (n=number of code generating, serially connected storage elements in the shift register). The keystream generator is usually formed by a number of linear feedback shift registers, which are usually of different lengths and have different feedback polynomials. In this way, linear feedback shift registers can be combined to create nonlinear generators.
The greater the length of the code sequence for the keystream or the code, the more difficult it is to decrypt. For example, an infinite code would not even need to be encrypted, as it is never fully known. Functionally, any code that does no repeat before the end of the information to be encrypted may be considered infinite. A functionally infinite code has the disadvantage that it cannot be transmitted; it must be generated.
One disadvantage of code generators in the form of conventional feedback shift registers is the fact that the structure of the generator can easily be deduced from the code sequence, so that it can be regenerated with a similarly constructed generator. A significant improvement in this respect is achieved with the code generator known from WO 03/075507 A1.
Another drawback of conventional data stream encryption is the fact that it can only be used in packet-switched data transmission (for example on the Internet via the IP protocol) if the encryption security level is reduced. In packet-switched data transmission, each data packet must be encrypted separately and the key used for the encryption of each data packet must be known at the receiving end for decryption, so that decryption still remains possible even if individual data packets are lost, arrive at the receiver twice or take different paths or packets are fragmented upon arrival at the receiver. The simplest way to ensure that data is assigned unambiguously to the key or keystream even given the malfunctions described above is to use the same key-stream for each data packet. However, this also makes it easier to break the encryption.
The present invention therefore aims to provide a method and device for encrypting and/or decrypting data using stream encryption or decryption, wherein the encrypted data must be present in packets of any desired size, so that it is suitable for simultaneous transmission of high frequency binary data streams for long periods of time in packet data networks. The encryption must be as secure as possible, and the encryption should be rendered all but impossible to break.
To solve this task, according to a first aspect of the invention the encryption method of the type described at the outset is advanced in such manner that the data to be encrypted is divided into data packets, that each data packet is encrypted separately, wherein the one or more feedback shift register(s) is/are re-initialized for the encryption of each data packet, wherein at least one first bit sequence and a second bit sequence is used to initialize each of the one or more feedback shift register(s), wherein the first bit sequence is added to the respectively encrypted data packet in clear text or in coded form and the second bit sequence represents a secret key that is not added to the encrypted data packets, and that the encrypted data packets are transmitted in packet-switched mode together with the respective added bit sequence and header data as necessary.
In order to decrypt the data packets, according to a second aspect of the invention it is provided that the data to be decrypted is received as data packets, that each received data packet is decrypted separately, wherein the one or more feedback shift register(s) is/are re-initialized for the decryption of each data packet, wherein at least one first bit sequence and a second bit sequence is used to initialize each of the one or more feedback shift register(s), wherein the first bit sequence is read out of the respective data packet to be decrypted in clear text or in coded form and the second bit sequence represents a secret key that cannot be read out from the data packets that are to be decrypted.
Thus, according to the invention all of the information necessary for decrypting each individual data packet except the secret key is incorporated in each packet, so that the communication partners only have to exchange the secret key or the information required to generate the secret key before the data is transmitted. Since according to the invention each data packet contains the first bit sequence that was used for encrypting the corresponding data packet in plain text or in coded form, this first bit sequence can be read out of the respective data packet by the receiver and used for the decryption. This makes it possible to encrypt each data packet with a different key, thereby making it more difficult to break the encryption. If, as is reflected in a preferred method, a unique bit sequence that is added in plain text or encoded form to the respective encrypted data packet as a packet identifier is selected as the first bit sequence, it is ensured that two data packets with the same plain text content are not also encrypted identically, that is to say the encrypted data packets differ from one another. This in turns makes it more difficult to obtain any reference points regarding the transmitted characters by carrying out a statistical analysis of the data packets.
The second bit sequence, that is to say the secret key, is preferably generated from a unique identifier of the transmitter and/or a unique identifier of the receiver. In this context, for example, a hardware identifier of the transmitter and a hardware identifier of the receiver, particularly a chip number or similar engraved by the manufacturer, may be used as the unique identifier. The second bit sequence is preferably generated by linking the unique identifier of the sender and the unique identifier of the receiver using an XOR function. This requires that the transmitters and receivers exchange their identifiers before the data is transmitted.
As was noted previously, the first and the second bit sequences are used in the encryption and decryption process to initialize the one or more feedback shift register(s). This is done particularly when only a single feedback shift register is used to generate the keystream, in such manner that the first and second bit sequences are linked via an XOR function and the bit sequence resulting from the operation is transferred to the feedback shift register to initialize it. Alternatively, and particularly when at least two interconnected feedback shift registers are used to generate the keystream, the procedure is such that at least a first feedback shift register is filled with the first bit sequence for initialization thereof and at least a second feedback shift register is filled with the second bit sequence for initialization thereof. This approach makes it more difficult to determine the structure of the keystream generator and/or the secret key on the basis of the first bit sequence, which is transmitted at the same time.
A higher degree of security is achieved if, as is reflected in a further preferred method, a third bit sequence is used to initialize the one or more feedback shift register(s). In this case, the third bit sequence is advantageously generated from a current date and/or time record. The third bit stream is preferably transferred to a third feedback shift register to initialize it.
Another advantage of the method according to the invention is that the generation of the keystream may begin as soon as at least one of the feedback shift registers is filled with the first bit from the respective bit sequence. In particular, the feedback shift registers are filled with the respective bit sequences simultaneously.
The structure of the keystream generator is such that, as is known per se, at least one XOR gate is used for back coupling the one or more shift register(s). As a consequence, this enables the complexity of the generator to be increased simply by connecting the back coupled feedback shift registers to one another in such manner that depending on the state of the one shift register the at least one XOR gate of the other shift register is switched on or off.
An especially preferred variant is enabled with the use of a code generator such as is described in WO 03/075507 A1, wherein explicit reference is made to claims 15, 16 and 31 to 36 of the present application. With an encryption code generator of such kind, the encryption cannot be broken even if both the structure of the code generator and the algorithm running in it are known. The generator is structured in such a way that it is able to generate so many different codes of such great length that the probability that the code currently being used as well as the location currently being produced in the code may be discovered is infinitesimally small. The code then cannot be regenerated if the generator is able to create so many different codes, that it is not possible to predict the continuation thereof from a portion of the single code.
According to a further aspect of the present invention, one encryption device and one decryption device are suggested.
The device according to the invention for encrypting data by symmetric stream encryption using a key stream, wherein at least one back feedback shift register that is initialized each time by filling with a defined bit sequence is provided to generate the keystream, is characterized in that the data present is distributed in data packets, that means are provided for generating and/or storing at least a first bit sequence and a second bit sequence and cooperate with the one or more shift register(s) in such a manner that at least the first bit sequence and the second bit sequence are used to initialize the one or more feedback shift register(s), the one or more or feedback shift register(s) is/are re-initialized for encrypting each data packet, that data packet processing means are provided with which the means for generating and storing said first and second bit sequences cooperate in such that the first bit sequence is added to the respective encrypted data packet in clear text or in coded form and the second bit sequence represents a secret key and is not added to the encrypted data packets, and that data transmission means are provided for packet-switched sending of the encrypted data packets together with the respective added bit sequence and optional header data.
The device according to the invention for decrypting data that has been encrypted by symmetric stream encryption using a keystream, wherein at least one feedback shift register that is initialized in each case by filling with a defined bit sequence is provided to generate the keystream, is characterized in that the encrypted data is present and distributed in data packets, that means for reading out a first bit sequence in plain text or in coded form from the data packets and means are provided for generating and/or storing at least a second bit sequence, which means cooperate with the one or more shift register(s) in such a manner that at least the first bit sequence and the second bit sequence are used to initialize the one or more feedback shift register(s), wherein the one or more feedback shift register(s) is/are re-initialized for the decryption of each data packet, wherein the second bit sequence is a secret key that cannot be read out from the encrypted data packets.
Preferred refinements are defined in the dependent claims.
In the following, the invention will be explained in greater detail with reference to the exemplary embodiments illustrated schematically in the drawing. In the drawing,
The encrypted data of the data packet is now forwarded to data packet processing means 15, with which memory 9 for first bit sequence 6 cooperated in such a manner that first bit sequence 6 is added to the encrypted data packet in clear text. On the other hand, second bit sequence 7 and third bit sequence 8, are not added to the encrypted data packet, but are known at the receiver in any case. Data packet processing means 15 further ensure that the encrypted data packet is provided with the usual header data that is needed for packet-switched transmission in a computer network. Accordingly, when ready for sending the data packet thus consists of header data 16, the first bit sequence as packet identifier 17 and encrypted payload 18. The packet-switched data transmission means for sending the data packet are designated by 19.
The device for decrypting the encrypted data packets shown in
Keystream 3 that is used to decrypt a specific packet of data must be the same as the keystream that was used to encrypt the same data packet. For this purpose, the same bit sequences 6, 7 and 8 are routed to generator 5 as the key and generator 5 that is used for decryption is of the same construction as the generator 5 used for the encryption. The memory for second bit sequence 7 is designated with 24. Linked transmitter and receiver identifiers 11 and 12 are routed to memory 24 via the XOR gate 25. Third bit sequence 8 is stored in memory 26 and/or is generated there.
In the modified embodiment according to
In this way, a code generator 5 with three levels is created, wherein the code generation is influenced at each level by initializing the respective shift register 30, 31 and 32 with bit sequences 6, 7 and 8. Initialization may preferably be effected in such manner that first bit sequence 6 is routed to shift register 30 of the first level, second bit sequence 7 is routed to shift register 31 of the second level, and third bit sequence 8 is routed to shift register 32 of the third level, wherein bit sequences 6, 7 and 8 are preferably defined as described in
In the embodiment according to
Lc=2n−1
If this unit is operated at a certain speed, the following applies for the duration of the code:
With fewer than 50 storage elements at a code generation clock speed of 384,000 bit/s, the code runs for longer than a year without the sequence being repeated, so that a signal to be encrypted can be sent in encrypted form over a dedicated line and decrypted simultaneously for an equally long period of time so that live transmissions are also possible for an equally long period of time.
Now if shift register 33 is long enough and XOR gates XORp1, p2, p3, p4 are inserted at multiple locations of said shift register 33 between one storage element FF1, 2, 3, 4 and the storage element FF2, 3, 4, 5 located next in the series, and this is then supplied with the signal from a third storage element FF8, 15, 20, 23, the code generated thereby can be modified in each case (
In the case of a plurality of code changing XOR gates XORp1, p2, p3, p4, see
If the output of an AND gate UNDp1 or UNDp1, p2, p3, p4, one input of which is attached to the output of storage element FF3 or FF8, 15, 20, 23, is connected to one of the two inputs of the respective XOR gate XORp1 or XORp1, p2, p3, p4, the code-changing effect of said XOR gate XORp1 or XORp1, p2, p3, p4 may be switched on or off via the second input of the AND gate UNDp1 or UNDp1, p2, p3, p4, and if a further storage element FFp1 or FFp1, p2, p3, p4 is connected to each, the switching on and off of the code-changing effect of XOR gate XORp1 or XORp1, 2, p3, p4 can be made programmable. The code-programming storage elements FFp1, p2, p3, p4 may be connected together to form a shift register 34. Subsequently, the code-programming storage elements FFp1, p2, p3, p4 of shift register 34 may themselves in turn be connected recursively using an XOR gate XORpp1.
The number of different programmable codes is calculated as follows:
Nc=2pn−1
Now if one is in possession of an identical code generator and wishes to predict the further code sequence on the basis of a certain number of bits, the probability of detecting the correct continuation of the code sequence is dependent not only on the number of storage elements FF1, 2, . . . n used in the code generation but also on the number of programmable, code-changing XOR gates XORp1, p2 . . . pn. It follows that the probability of discovering the programming on which the code is based and thus also being able to predict the subsequent code sequence is expressed with:
233 is the 52nd prime number. If 1 is not used and 233 expresses the total number of storage elements connected in series, there are 50 different storage elements on this segment, each of which is located at a distance from an output storage element that corresponds to a prime number (np=50). Since each recursive XOR gate 1-50 is connected in series between an adjacent storage element 1-50 starting with the first, the total length of the storage elements is increased to (n=233+50=283).
It follows that:
In other words, the code sequence must be observed for 1,7498005798*10100 clock steps before the probability of discovering a given sequence reaches 1. If the clock frequency is 384000 Hz, this translates to a required observation time of 1,4449430312*1087 years.
If the code-programming storage elements (FFp1, p2, p3, p4, p5, p6) of shift register 34 are interconnected recursively so that they cycle through all possible state combinations within the time interval
the programming is obtained from a given time interval in which the code-programming storage elements are supplied with a program clock time.
To guarantee that it is impossible to make even an approximate determination of the programming period, the programming may be carried out in two stages. For this purpose, an additional programming level can be added by connecting, and thus rendering programmable the code programming XOR gate XORpp1 itself, again interposing an AND gate UNDpp1 with a storage element series RRR, wherein again an XOR gate XORpppl is used for recursive connection of shift register 37 (
Assuming the calculation example outlined in the preceding, it is thus guaranteed that the (2283−1)*(250−1) different states are divided up into 250−1 different sections, one of which is selected in the first programming phase. This selection process is performed in a maximum of 2ppn−1 steps (ppn=number of prime numbers that are included in the number of primes used for programming (50) that is to say 16). This means that a maximum of 216 steps must be carried out before all sections have been visited. With a programming clock frequency of 1 MHz, this operation is completed in 0.065 seconds. A period that may easily be spanned in any programming operation, since it is shorter than human response time, thereby guaranteeing that no conclusions may be drawn regarding the programming of the keys on the basis of actually elapsed programming time.
Number | Date | Country | Kind |
---|---|---|---|
A 2007/2010 | Dec 2010 | AT | national |
Filing Document | Filing Date | Country | Kind | 371c Date |
---|---|---|---|---|
PCT/AT11/00483 | 12/1/2011 | WO | 00 | 8/20/2013 |