Data encryption and authentication using a mixing function in a communication system
First Claim
Patent Images
1. A system for encrypting data in a communication system, the system comprising one or more application-specific integrated circuits, each comprising at least one logic gate and configured to:
- utilize a plurality of mix parameters for a key rolling operation as logic gate inputs, the plurality of mix parameters including an initial key that is shared between a sender and a recipient of the data, a nonce, a sequence number of the key rolling operation, and a previous rolled key of the key rolling operation at a previous one of the sequence number of the key rolling operation;
apply a bit-mix function utilizing a first selection of the plurality of mix parameters, including the initial key and a first one of the nonce, to generate a first one of a subsequent rolled key of the key rolling operation in at most two clock cycles of the one or more application-specific integrated circuits;
encrypt at least one block of the data using the first one of the subsequent rolled key;
reapply the bit-mix function utilizing a second selection of the plurality of mix parameters, including at least two of the initial key, a second one of the nonce, the sequence number of the key rolling operation, and the first one of the subsequent rolled key as the previous rolled key, to generate a second one of the subsequent rolled key of the key rolling operation, which is not correlated to the first one of the subsequent rolled key, in at most two clock cycles of the one or more application-specific integrated circuits; and
encrypt at least one other block of the data using the second one of the subsequent rolled key,wherein the one or more application-specific integrated circuits is configured to reapply the bit-mix function to generate the subsequent rolled key after a predetermined number of blocks of the data have been encrypted.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of encrypting and authenticating messages in a communication system includes generating new keys by receiving a plurality of parameters including at least one of an initial key, a nonce, a sequence number, and a previous key. The method may include applying a mix function to generate a subsequent key based on the plurality of parameters for key rolling. The method may include encrypting and authenticating data using different subsequent keys.
16 Citations
20 Claims
-
1. A system for encrypting data in a communication system, the system comprising one or more application-specific integrated circuits, each comprising at least one logic gate and configured to:
-
utilize a plurality of mix parameters for a key rolling operation as logic gate inputs, the plurality of mix parameters including an initial key that is shared between a sender and a recipient of the data, a nonce, a sequence number of the key rolling operation, and a previous rolled key of the key rolling operation at a previous one of the sequence number of the key rolling operation; apply a bit-mix function utilizing a first selection of the plurality of mix parameters, including the initial key and a first one of the nonce, to generate a first one of a subsequent rolled key of the key rolling operation in at most two clock cycles of the one or more application-specific integrated circuits; encrypt at least one block of the data using the first one of the subsequent rolled key; reapply the bit-mix function utilizing a second selection of the plurality of mix parameters, including at least two of the initial key, a second one of the nonce, the sequence number of the key rolling operation, and the first one of the subsequent rolled key as the previous rolled key, to generate a second one of the subsequent rolled key of the key rolling operation, which is not correlated to the first one of the subsequent rolled key, in at most two clock cycles of the one or more application-specific integrated circuits; and encrypt at least one other block of the data using the second one of the subsequent rolled key, wherein the one or more application-specific integrated circuits is configured to reapply the bit-mix function to generate the subsequent rolled key after a predetermined number of blocks of the data have been encrypted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for encrypting data in a communication system implemented by one or more application-specific integrated circuits, the method comprising:
-
utilizing a plurality of mix parameters for a key rolling operation, the plurality of mix parameters including an initial key shared between a sender and a recipient of data, a nonce, a sequence number of the key rolling operation, and a previous rolled key of the key rolling operation at a previous one of the sequence number of the key rolling operation; applying a bit-mix function utilizing a first selection of the plurality of mix parameters, including the initial key and a first one of the nonce, to generate a first one of a subsequent rolled key of the key rolling operation in at most two clock cycles of the one or more application-specific integrated circuits; encrypting at least one block of the data using the first one of the subsequent rolled key; reapplying the bit-mix function utilizing a second selection of the plurality of mix parameters, including at least two of the initial key, a second one of the nonce, the sequence number of the key rolling operation, and the first one of the subsequent rolled key as the previous rolled key, to generate a second one of the subsequent rolled key of the key rolling operation, which is not correlated to the first one of the subsequent rolled key, in at most two clock cycles of the one or more application-specific integrated circuits; and encrypting at least one other block of the data using the second one of the subsequent rolled key, wherein the bit-mix function is reapplied to generate the subsequent rolled key after a predetermined number of blocks of the data have been encrypted. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A method for providing security in a communication system implemented by one or more application-specific integrated circuits, the method comprising:
-
utilizing a plurality of mix parameters for a key rolling operation, the plurality of mix parameters including an initial key shared between a sender and a recipient of data, a nonce, a sequence number of the key rolling operation, and a previous rolled key of the key rolling operation at a previous one of the sequence number of the key rolling operation; applying a bit-mix function utilizing a first selection of the plurality of mix parameters, including the initial key and a first one of the nonce, to generate a first one of a subsequent rolled key of the key rolling operation in at most two clock cycles of the one or more application-specific integrated circuits; encrypting at least one block of the data using the first one of the subsequent rolled key; reapplying the bit-mix function utilizing a second selection of the plurality of mix parameters, including at least two of the initial key, a second one of the nonce, the sequence number of the key rolling operation, and the first one of the subsequent rolled key as the previous rolled key, to generate a second one of the subsequent rolled key of the key rolling operation, which is not correlated to the first one of the subsequent rolled key, in at most two clock cycles of the one or more application-specific integrated circuits; and encrypting at least one other block of the data using the second one of the subsequent rolled key, wherein at least one of an XOR logic tree, a substitution-permutation network (SPN), and a double-mix Feistel network is included in the bit-mix function, and wherein the bit-mix function is reapplied to generate the subsequent rolled key after a predetermined number of blocks of the data have been encrypted. - View Dependent Claims (17, 18, 19, 20)
-
Specification