Data encryption and authentication using a mixing function in a communication system

US 10,122,690 B2
Filed: 07/13/2015
Issued: 11/06/2018
Est. Priority Date: 07/13/2015
Status: Active Grant

First Claim

Patent Images

1. A system for encrypting data in a communication system, the system comprising one or more application-specific integrated circuits, each comprising at least one logic gate and configured to:

utilize a plurality of mix parameters for a key rolling operation as logic gate inputs, the plurality of mix parameters including an initial key that is shared between a sender and a recipient of the data, a nonce, a sequence number of the key rolling operation, and a previous rolled key of the key rolling operation at a previous one of the sequence number of the key rolling operation;

apply a bit-mix function utilizing a first selection of the plurality of mix parameters, including the initial key and a first one of the nonce, to generate a first one of a subsequent rolled key of the key rolling operation in at most two clock cycles of the one or more application-specific integrated circuits;

encrypt at least one block of the data using the first one of the subsequent rolled key;

reapply the bit-mix function utilizing a second selection of the plurality of mix parameters, including at least two of the initial key, a second one of the nonce, the sequence number of the key rolling operation, and the first one of the subsequent rolled key as the previous rolled key, to generate a second one of the subsequent rolled key of the key rolling operation, which is not correlated to the first one of the subsequent rolled key, in at most two clock cycles of the one or more application-specific integrated circuits; and

encrypt at least one other block of the data using the second one of the subsequent rolled key,wherein the one or more application-specific integrated circuits is configured to reapply the bit-mix function to generate the subsequent rolled key after a predetermined number of blocks of the data have been encrypted.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of encrypting and authenticating messages in a communication system includes generating new keys by receiving a plurality of parameters including at least one of an initial key, a nonce, a sequence number, and a previous key. The method may include applying a mix function to generate a subsequent key based on the plurality of parameters for key rolling. The method may include encrypting and authenticating data using different subsequent keys.

16 Citations

20 Claims

1. A system for encrypting data in a communication system, the system comprising one or more application-specific integrated circuits, each comprising at least one logic gate and configured to:
- utilize a plurality of mix parameters for a key rolling operation as logic gate inputs, the plurality of mix parameters including an initial key that is shared between a sender and a recipient of the data, a nonce, a sequence number of the key rolling operation, and a previous rolled key of the key rolling operation at a previous one of the sequence number of the key rolling operation;
  
  apply a bit-mix function utilizing a first selection of the plurality of mix parameters, including the initial key and a first one of the nonce, to generate a first one of a subsequent rolled key of the key rolling operation in at most two clock cycles of the one or more application-specific integrated circuits;
  
  encrypt at least one block of the data using the first one of the subsequent rolled key;
  
  reapply the bit-mix function utilizing a second selection of the plurality of mix parameters, including at least two of the initial key, a second one of the nonce, the sequence number of the key rolling operation, and the first one of the subsequent rolled key as the previous rolled key, to generate a second one of the subsequent rolled key of the key rolling operation, which is not correlated to the first one of the subsequent rolled key, in at most two clock cycles of the one or more application-specific integrated circuits; and
  
  encrypt at least one other block of the data using the second one of the subsequent rolled key,wherein the one or more application-specific integrated circuits is configured to reapply the bit-mix function to generate the subsequent rolled key after a predetermined number of blocks of the data have been encrypted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1 wherein the one or more application-specific integrated circuits being configured to generate the subsequent rolled key using the bit-mix function in one clock cycle of the one or more application-specific integrated circuits.
  - 3. The system of claim 1 wherein the bit-mix function includes at least one of an XOR logic tree, a substitution-permutation network (SPN), and a double-mix Feistel network (DMFN).
  - 4. The system of claim 1 wherein the one or more application-specific integrated circuits being configured to reapply the bit-mix function to generate key K[i] as another one of the subsequent rolled key, which is not correlated to any other one of the subsequent rolled key, in at most two clock cycles of the one or more application-specific integrated circuits, wherein the bit-mix function is used in an equation of at least one of:
    - K[i]=MIX(K[i−
      
      1]),
      K[i]=MIX(K[i−
      
      1],i),
      K[i]=MIX(K[0],nonce), or
      K[i]=MIX(K[i−
      
      1],nonce),where i is the sequence number, K[0] is the initial key, MIX is the bit-mix function, and K[i−
      
      1] is the previous rolled key.
  - 5. The system of claim 1 wherein the one or more application-specific integrated circuits being configured to encrypt another predetermined number of blocks of the data using the subsequent rolled key for encrypting.
  - 6. The system of claim 1 wherein the one or more application-specific integrated circuits being configured to authenticate a message using the subsequent rolled key.
  - 7. The system of claim 1 wherein the one or more application-specific integrated circuits being configured to perform at least one of:
    - applying the bit-mix function according to an amount of secret random key material generated from one of a single key, a random number generator, and a combination of the single key and the random number generator; and
      
      using one or more of an identification (ID) of a sender, an ID of a recipient, a current date, and a time stamp in the bit-mix function to generate the subsequent rolled key based on the plurality of mix parameters.
  - 8. The system of claim 1 wherein the bit-mix function is both an invertible function and a non-linear function.
  - 9. The system of claim 1 wherein the one or more application-specific integrated circuits being configured to perform at least one of:
    - applying the bit-mix function according to an amount of secret random key material generated from one single key, a random number generator, or a combination of the single key and the random number generator, wherein the bit-mix function is an invertible function, and a non-linear function; and
      
      using at least one of an identification (ID) of a sender, an ID of a recipient, a current date, and a time stamp in the bit-mix function to generate the subsequent rolled key based on the plurality of mix parameters.

10. A method for encrypting data in a communication system implemented by one or more application-specific integrated circuits, the method comprising:
- utilizing a plurality of mix parameters for a key rolling operation, the plurality of mix parameters including an initial key shared between a sender and a recipient of data, a nonce, a sequence number of the key rolling operation, and a previous rolled key of the key rolling operation at a previous one of the sequence number of the key rolling operation;
  
  applying a bit-mix function utilizing a first selection of the plurality of mix parameters, including the initial key and a first one of the nonce, to generate a first one of a subsequent rolled key of the key rolling operation in at most two clock cycles of the one or more application-specific integrated circuits;
  
  encrypting at least one block of the data using the first one of the subsequent rolled key;
  
  reapplying the bit-mix function utilizing a second selection of the plurality of mix parameters, including at least two of the initial key, a second one of the nonce, the sequence number of the key rolling operation, and the first one of the subsequent rolled key as the previous rolled key, to generate a second one of the subsequent rolled key of the key rolling operation, which is not correlated to the first one of the subsequent rolled key, in at most two clock cycles of the one or more application-specific integrated circuits; and
  
  encrypting at least one other block of the data using the second one of the subsequent rolled key,wherein the bit-mix function is reapplied to generate the subsequent rolled key after a predetermined number of blocks of the data have been encrypted.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10 further comprising generating the subsequent rolled key using the bit-mix function in one clock cycle of the one or more application-specific integrated circuits.
  - 12. The method of claim 10 further comprising using at least one of an XOR logic tree, a substitution-permutation network (SPN), and a double-mix Feistel network in the bit-mix function.
  - 13. The method of claim 12 further comprising reapplying the bit-mix function to generate key K[i] as another one of the subsequent rolled key, which is not correlated to the any other one of the subsequent rolled key, in at most two clock cycles of the one or more application-specific integrated circuits, wherein the bit-mix function is used in at least one of the following equations:
    - K[i]=MIX(K[i−
      
      1]),
      K[i]=MIX(K[i−
      
      1],i),
      K[i]=MIX(K[0],nonce), or
      K[i]=MIX(K[i−
      
      1],nonce),where i is the sequence number, K[0] is the initial key, MIX is the bit-mix function, and K[i−
      
      1] is the previous rolled key.
  - 14. The method of claim 10 further comprising encrypting a another predetermined number of blocks of the data using the subsequent rolled key for encrypting.
  - 15. The method of claim 10 further comprising authenticating a message using the subsequent rolled key.

16. A method for providing security in a communication system implemented by one or more application-specific integrated circuits, the method comprising:
- utilizing a plurality of mix parameters for a key rolling operation, the plurality of mix parameters including an initial key shared between a sender and a recipient of data, a nonce, a sequence number of the key rolling operation, and a previous rolled key of the key rolling operation at a previous one of the sequence number of the key rolling operation;
  
  applying a bit-mix function utilizing a first selection of the plurality of mix parameters, including the initial key and a first one of the nonce, to generate a first one of a subsequent rolled key of the key rolling operation in at most two clock cycles of the one or more application-specific integrated circuits;
  
  encrypting at least one block of the data using the first one of the subsequent rolled key;
  
  reapplying the bit-mix function utilizing a second selection of the plurality of mix parameters, including at least two of the initial key, a second one of the nonce, the sequence number of the key rolling operation, and the first one of the subsequent rolled key as the previous rolled key, to generate a second one of the subsequent rolled key of the key rolling operation, which is not correlated to the first one of the subsequent rolled key, in at most two clock cycles of the one or more application-specific integrated circuits; and
  
  encrypting at least one other block of the data using the second one of the subsequent rolled key,wherein at least one of an XOR logic tree, a substitution-permutation network (SPN), and a double-mix Feistel network is included in the bit-mix function, andwherein the bit-mix function is reapplied to generate the subsequent rolled key after a predetermined number of blocks of the data have been encrypted.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16 further comprising reapplying the bit-mix function to generate key K[i] as another one of the subsequent rolled key, which is not correlated to any other one of the subsequent rolled key, in at most two clock cycles of the one or more application-specific integrated circuits, wherein the bit-mix function is used in at least one of the following equations:
    - K[i]=MIX(K[i−
      
      1]),
      K[i]=MIX(K[i−
      
      1],i),
      K[i]=MIX(K[0],nonce), or
      K[i]=MIX(K[i−
      
      1],nonce),where i is the sequence number, K[0] is the initial key, MIX is the bit-mix function, and K[i−
      
      1] is the previous rolled key.
  - 18. The method of claim 16 further comprising performing at least one of:
    - encrypting the predetermined number of blocks of the data using the first one of the subsequent rolled key for encrypting;
      
      reapplying the bit-mix function to generate the second one of the subsequent rolled key after the predetermined number of predetermined sized blocks of the data have been encrypted;
      
      anddecrypting the data using a third one of the subsequent rolled key generated by the bit-mix function.
  - 19. The method of claim 16 further comprising generating the subsequent rolled key using the bit-mix function in one clock cycle of the one or more application-specific integrated circuits.
  - 20. The method of claim 16 further comprising authenticating a message using one of the first one of the subsequent rolled key or the second one of the subsequent rolled key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Hars, Laszlo
Primary Examiner(s)
Tolentino, Roderick

Application Number

US14/797,813
Publication Number

US 20170019376A1
Time in Patent Office

1,212 Days
Field of Search

713170-175
US Class Current
CPC Class Codes

H04L 63/0428 wherein the data content is...

H04L 63/068 using time-dependent keys, ...

Data encryption and authentication using a mixing function in a communication system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data encryption and authentication using a mixing function in a communication system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links