Parallel block encryption method and modes for data confidentiality and integrity protection
First Claim
1. A parallel encryption method for providing both data confidentiality and integrity for a message, comprising the steps of:
- receiving an input plaintext string comprising a message;
generating a plurality of equal-sized blocks of λ
bits in length from the input plaintext string;
creating an MDC block of λ
bits in length that includes the result of applying a non-cryptographic Manipulation Detection Code (MDC) function to the plurality of said equal-size blocks;
presenting the equal-size blocks and the MDC block to a selected parallel encryption mode that makes one and only one processing pass with a single cryptographic primitive over each of the said equal-size blocks and said MDC block to create a plurality of hidden ciphertext blocks each of λ
bits in length; and
performing a hidden ciphertext randomization function over said plurality of hidden ciphertext blocks to create a plurality of output ciphertext blocks each of λ
bits in length.
1 Assignment
0 Petitions
Accused Products
Abstract
A parallel block encryption method and modes (modes or operation) that provide both data confidentiality and integrity with a single cryptographic primitive and a single processing pass over the input plaintext string by using a non-cryptographic Manipulation Detection Code function for secure data communication over insecure channels and for secure data storage in insecure media. The block encryption method and modes of this invention allow, in yet a further aspect, parallel or pipelined operation of the block enciphering and deciphering functions in and architecture-independent manner. The present invention allows, in a further aspect, error recovery. In a yet further aspect, the present invention allows software and hardware implementations, and use in high-performance and low-power applications, and low-power, low-cost hardware devices. In a yet further aspect, the block encryption method and modes of this invention are suitable for real-time applications.
120 Citations
117 Claims
-
1. A parallel encryption method for providing both data confidentiality and integrity for a message, comprising the steps of:
-
receiving an input plaintext string comprising a message;
generating a plurality of equal-sized blocks of λ
bits in length from the input plaintext string;
creating an MDC block of λ
bits in length that includes the result of applying a non-cryptographic Manipulation Detection Code (MDC) function to the plurality of said equal-size blocks;
presenting the equal-size blocks and the MDC block to a selected parallel encryption mode that makes one and only one processing pass with a single cryptographic primitive over each of the said equal-size blocks and said MDC block to create a plurality of hidden ciphertext blocks each of λ
bits in length; and
performing a hidden ciphertext randomization function over said plurality of hidden ciphertext blocks to create a plurality of output ciphertext blocks each of λ
bits in length. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61)
-
-
48. A parallel decryption method that is the inverse of the parallel encryption method which provides both data confidentiality and integrity, comprising the steps of:
-
presenting a string including ciphertext string for decryption;
partitioning said ciphertext string into a plurality of ciphertext blocks comprising λ
bits each;
selecting n+1 ciphertext blocks from said plurality of ciphertext blocks representing n data blocks and one MDC block and performing a reverse hidden ciphertext randomization function on each of the selected n+1 ciphertext blocks to obtain a plurality of hidden ciphertext blocks each of λ
bits in length;
presenting the hidden ciphertext blocks to a selected parallel decryption mode that makes one and only one processing pass with a single cryptographic primitive that is the inverse of an encryption single cryptographic primitive over the plurality of hidden ciphertext blocks to obtain a plurality of plaintext blocks and one decrypted MDC block each of λ
bits in length;
verifying integrity of the plaintext blocks using a non-cryptographic Manipulation Detection Function (MDC) function;
outputting the plurality of plaintext blocks as an accurate plaintext string if the integrity verification passes; and
outputting a failure indicator if the integrity verification fails.
-
-
62. A method for segmented encryption processing of a message comprising the steps of:
-
partitioning said input plaintext string into a plurality of input plaintext segments;
concurrently presenting each different one of said plurality of input plaintext segments to a different one of a plurality of parallel encryption methods, each of said different methods using a different λ
-bit secret random number per segment to obtain a ciphertext segment, wherein each encryption method provides both data confidentiality and integrity with a single processing pass over the input plaintext segment and a single cryptographic primitive, and uses a non-cryptographic Manipulation Detection Code function, wherein said single cryptographic primitive is an λ
-bit block cipher using a secret key;
assembling the plurality of ciphertext segments into a ciphertext string; and
outputting the ciphertext string. - View Dependent Claims (63, 64, 65, 66, 67, 68, 69)
-
-
70. A method for segmented decryption processing of a message comprising the steps of:
-
presenting a string including the ciphertext string of a message for decryption;
partitioning said ciphertext string into a plurality of ciphertext segments;
concurrently presenting said plurality of ciphertext segments to a plurality of decryption modes;
obtaining a different secret random number per ciphertext segment in the same manner as at the segmented encryption method;
decrypting each ciphertext segment using said different secret random number per ciphertext segment to obtain a plaintext segment, using a parallel decryption method that is the inverse of the parallel encryption method that provides both data confidentiality and integrity with a single processing pass over the input plaintext segment and a single cryptographic primitive, wherein said single cryptographic primitive is an λ
-bit block cipher using a secret key, and using a non-cryptographic Manipulation Detection Code function for verifying integrity of the plaintext blocks of each plaintext segment; and
verifying the integrity of each plaintext segment and for each plaintext segment, outputting either the plaintext segment if the integrity verification passes, or an error indicator. - View Dependent Claims (71, 72, 73, 74, 75, 76)
-
-
77. A parallel encryption method for providing both data confidentiality and integrity for a message, that updates a ciphertext string incrementally, comprising the steps of:
-
receiving an input plaintext string comprising a message;
generating a plurality of equal-sized blocks of λ
bits in length from the input plaintext string;
creating an MDC block of λ
bits in length that includes the result of applying a non-cryptographic Manipulation Detection Code (MDC) function to the plurality of said equal-size blocks;
performing a plaintext randomization function over said plurality of equal-sized blocks of the plaintext and the MDC block to create a plurality of hidden plaintext blocks each of λ
bits in length;
processing each of said hidden plaintext blocks by a block cipher using a secret key (K) to obtain a plurality of hidden ciphertext blocks;
performing a hidden ciphertext randomization function over said plurality of hidden ciphertext blocks to create a plurality of output ciphertext blocks each of λ
bits in length; and
further comprising the steps of;
receiving an input plaintext string;
generating a plurality of equal-sized blocks of λ
bits in length from the input plaintext string;
receiving an input ciphertext string including a plurality of n+1 equal-size blocks of the ciphertext of λ
bits in length, wherein the n+1 block of the ciphertext corresponds to an MDC block for said plaintext string;
receiving a new λ
-bit plaintext block to replace an λ
-bit plaintext block at index i;
creating a new MDC block of λ
bits in length that includes the result of applying a non-cryptographic Manipulation Detection Code (MDC) function to the plurality of said equal-size blocks and the new λ
-bit plaintext block;
performing the same plaintext randomization function as that used at a parallel encryption method over said new λ
-bit plaintext block and the new MDC block to create two new hidden plaintext blocks each of λ
bits in length using index i for the new λ
-bit plaintext block and index n+1 for the new MDC block;
processing each of said two new hidden plaintext blocks by a block cipher using said secret key (K) to obtain two new hidden ciphertext blocks;
performing the same hidden ciphertext randomization function as that used at a parallel encryption method over said two new hidden ciphertext blocks to create two new output ciphertext blocks each of λ
bits in length using index i for the new λ
-bit plaintext block and index n+1 for the new MDC block;
replacing in the input ciphertext string, the input ciphertext block at index i with the output ciphertext block for the new λ
-bit plaintext block and replace the input ciphertext block at index n+1 with the output ciphertext block for the new MDC block, to create a new ciphertext string; and
outputting the new ciphertext string. - View Dependent Claims (78, 79)
-
-
80. A parallel encryption method for providing both data confidentiality and integrity for a message, comprising the steps of:
-
receiving an input plaintext string comprising a message;
generating a plurality of equal-sized blocks of λ
bits in length from the input plaintext string;
partitioning the padded input plaintext string into a plurality of equal-size blocks of λ
bits in length;
creating an MDC block of λ
bits in length that includes the result of applying a non-cryptographic Manipulation Detection Code (MDC) function to the plurality of said equal-size blocks;
performing a plaintext randomization function over said plurality of equal-sized blocks of the plaintext and the MDC block using a different plaintext index for each equal-sized block and the MDC block to create a plurality of hidden plaintext blocks each of λ
bits in length;
processing each of said hidden plaintext blocks by a block cipher using a secret key (K) to obtain a plurality of hidden ciphertext blocks;
performing a hidden ciphertext randomization function over said plurality of hidden ciphertext blocks using a different ciphertext index for each hidden ciphertext block to create a plurality of output ciphertext blocks each of λ
bits in length; and
further providing an out-of-order decryption method for the parallel encryption method, which provides both data confidentiality and integrity, comprising the steps of;
receiving a string including a plurality of n+1 λ
-bit ciphertext blocks for decryption;
selecting n+1 ciphertext blocks from said plurality of ciphertext blocks representing n data blocks and one MDC block and performing a reverse hidden ciphertext randomization function on each of the selected n+1 ciphertext blocks using said ciphertext index to obtain a plurality of hidden ciphertext blocks each of λ
bits in length;
processing each of said hidden ciphertext blocks with the inverse of the block cipher used at an encryption method using said secret key (K) to obtain a plurality of hidden plaintext blocks; and
performing an inverse plaintext randomization function over said plurality of hidden plaintext blocks using said plaintext index to create a plurality of n decrypted plaintext data blocks and one decrypted MDC block each of λ
-bit length;
creating an MDC decryption block by applying the non-cryptographic Manipulation Detection Code function to the n decrypted plaintext data blocks in the same manner as at a parallel encryption method;
verifying integrity of the plaintext blocks by comparing said created MDC decryption block with the decrypted MDC block;
outputting the plurality of plaintext blocks as an accurate plaintext string if the integrity verification passes; and
outputting a failure indicator if the integrity verification fails. - View Dependent Claims (81)
-
-
82. A program product for parallel encryption for providing both data confidentiality and integrity for a message, including machine-readable program code for causing a machine to perform the following method steps:
-
receiving an input plaintext string comprising a message;
generating a plurality of equal-sized blocks of λ
bits in length from the input plaintext string;
creating an MDC block of λ
bits in length that includes the result of applying a non-cryptographic Manipulation Detection Code (MDC) function to the plurality of said equal-size blocks;
presenting the equal-size blocks and the MDC block to a selected parallel encryption mode that makes one and only one processing pass with a single cryptographic primitive over each of the said equal-size blocks and said MDC block to create a plurality of hidden ciphertext blocks each of λ
bits in length; and
performing a hidden ciphertext randomization function over said plurality of hidden ciphertext blocks to create a plurality of output ciphertext blocks each of λ
bits in length. - View Dependent Claims (83, 84, 85, 86, 87)
-
-
88. A program product for parallel decryption that is the inverse of a program product for parallel encryption which provides both data confidentiality and integrity, comprising machine-readable program code for causing a machine to perform the following method steps:
-
presenting a string including ciphertext string for decryption;
partitioning said ciphertext string into a plurality of ciphertext blocks comprising λ
bits each;
selecting n+1 ciphertext blocks from said plurality of ciphertext blocks representing n data blocks and one MDC block and performing a reverse hidden ciphertext randomization function on each of the selected n+1 ciphertext blocks to obtain a plurality of hidden ciphertext blocks each of λ
bits in length;
presenting the hidden ciphertext blocks to a selected parallel decryption mode that makes one and only one processing pass with a single cryptographic primitive that is the inverse of an encryption single cryptographic primitive over the plurality of hidden ciphertext blocks to obtain a plurality of plaintext blocks and one decrypted MDC block each of λ
bits in length;
verifying integrity of the plaintext blocks using a non-cryptographic Manipulation Detection Function (MDC) function;
outputting the plurality of plaintext blocks as an accurate plaintext string if the integrity verification passes; and
outputting a failure indicator if the integrity verification fails. - View Dependent Claims (89, 90, 91)
-
-
92. A program product for segmented encryption processing of a message comprising machine-readable program code for causing the performance of the following method steps:
-
partitioning said input plaintext string into a plurality of input plaintext segments;
concurrently presenting each different one of said plurality of input plaintext segments to a different one of a plurality of program products for parallel encryption, each of said different program products using a different λ
-bit secret random number per segment to obtain a ciphertext segment, wherein each encryption program product provides both data confidentiality and integrity with a single processing pass over the input plaintext segment and a single cryptographic primitive, and uses a non-cryptographic Manipulation Detection Code function, wherein said single cryptographic primitive is an λ
-bit block cipher using a secret key;
assembling the plurality of ciphertext segments into a ciphertext string; and
outputting the ciphertext string. - View Dependent Claims (93)
-
-
94. A program product for segmented decryption processing of a message comprising machine-readable program code for causing a machine to perform the following method steps:
-
presenting a string including the ciphertext string of a message for decryption;
partitioning said ciphertext string into a plurality of ciphertext segments;
concurrently presenting said plurality of ciphertext segments to a plurality of decryption modes;
obtaining a different secret random number per ciphertext segment in the same manner as at the program product for segmented encryption;
for decrypting each ciphertext segment using said different secret random number per ciphertext segment to obtain a plaintext segment, using a program product for parallel decryption that is the inverse of a program product for parallel encryption that provides both data confidentiality and integrity with a single processing pass over the input plaintext segment and a single cryptographic primitive, wherein said single cryptographic primitive is an λ
-bit block cipher using a secret key, and using a non-cryptographic Manipulation Detection Code function for verifying integrity of the plaintext blocks of each plaintext segment; and
verifying the integrity of each plaintext segment and for each plaintext segment, outputting either the plaintext segment if the integrity verification passes, or an error indicator.
-
-
95. A system for parallel encryption for providing both data confidentiality and integrity for a message, comprising:
-
a first component for receiving an input plaintext string comprising a message;
a second component for generating a plurality of equal-sized blocks of λ
bits in length from the input plaintext string;
a third component for creating an MDC block of λ
bits in length that includes the result of applying a non-cryptographic Manipulation Detection Code (MDC) function to the plurality of said equal-size blocks;
a fourth component for presenting the equal-size blocks and the MDC block to a selected parallel encryption mode that makes one and only one processing pass with a single cryptographic primitive over each of the said equal-size blocks and said MDC block to create a plurality of hidden ciphertext blocks each of λ
bits in length; and
a fifth component for performing a hidden ciphertext randomization function over said plurality of hidden ciphertext blocks to create a plurality of output ciphertext blocks each of λ
bits in length. - View Dependent Claims (96, 97, 98, 99, 100)
-
-
101. A system for parallel decryption that is the inverse of a system for parallel encryption which provides both data confidentiality and integrity, comprising:
-
a first component for presenting a string including ciphertext string for decryption;
a second component for partitioning said ciphertext string into a plurality of ciphertext blocks comprising λ
bits each;
a third component for selecting n+1 ciphertext blocks from said plurality of ciphertext blocks representing n data blocks and one MDC block and performing a reverse hidden ciphertext randomization function on each of the selected n+1 ciphertext blocks to obtain a plurality of hidden ciphertext blocks each of λ
bits in length;
a fourth component for presenting the hidden ciphertext blocks to a selected parallel decryption mode that makes one and only one processing pass with a single cryptographic primitive that is the inverse of an encryption single cryptographic primitive over the plurality of hidden ciphertext blocks to obtain a plurality of plaintext blocks and one decrypted MDC block each of λ
bits in length;
a fifth component for verifying integrity of the plaintext blocks using a non-cryptographic Manipulation Detection Function (MDC) function;
a sixth component for outputting the plurality of plaintext blocks as an accurate plaintext string if the integrity verification passes; and
a seventh component for outputting a failure indicator if the integrity verification fails. - View Dependent Claims (102, 103, 104)
-
-
105. A system for segmented encryption processing of a message comprising:
-
a first component for partitioning said input plaintext string into a plurality of input plaintext segments;
a second component for concurrently presenting each different one of said plurality of input plaintext segments to a different one of a plurality of systems for parallel encryption, each of said different systems using a different λ
-bit secret random number per segment to obtain a ciphertext segment, wherein each encryption system provides both data confidentiality and integrity with a single processing pass over the input plaintext segment and a single cryptographic primitive, and uses a non-cryptographic Manipulation Detection Code function, wherein said single cryptographic primitive is an λ
-bit block cipher using a secret key;
a third component for assembling the plurality of ciphertext segments into a ciphertext string; and
a fourth component outputting the ciphertext string. - View Dependent Claims (106)
-
-
107. A system for segmented decryption processing of a message comprising:
-
a first component for presenting a string including the ciphertext string of a message for decryption;
a second component for partitioning said ciphertext string into a plurality of ciphertext segments;
a third component for concurrently presenting said plurality of ciphertext segments to a plurality of decryption modes;
a fourth component for obtaining a different secret random number per ciphertext segment in the same mariner as at the system for segmented encryption;
a fifth component for decrypting each ciphertext segment using said different secret random number per ciphertext segment to obtain a plaintext segment, using a system for parallel decryption that is the inverse of a system for parallel encryption that provides both data confidentiality and integrity with a single processing pass over the input plaintext segment and a single cryptographic primitive, wherein said single cryptographic primitive is an λ
-bit block cipher using a secret key, and using a non-cryptographic Manipulation Detection Code function for verifying integrity of the plaintext blocks of each plaintext segment; and
a sixth component for verifying the integrity of each plaintext segment and for each plaintext segment, outputting either the plaintext segment if the integrity verification passes, or an error indicator.
-
-
108. A program product for a parallel encryption for providing both data confidentiality and integrity for a message, that updates a ciphertext string incrementally, including machine-readable code for performing the following method steps:
-
receiving an input plaintext string comprising a message;
generating a plurality of equal-sized blocks of λ
bits in length from the input plaintext string;
creating an MDC block of λ
bits in length that includes the result of applying a non-cryptographic Manipulation Detection Code (MDC) function to the plurality of said equal-size blocks;
performing a plaintext randomization function over said plurality of equal-sized blocks of the plaintext and the MDC block to create a plurality of hidden plaintext blocks each of λ
bits in length;
processing each of said hidden plaintext blocks by a block cipher using a secret key (K) to obtain a plurality of hidden ciphertext blocks;
performing a hidden ciphertext randomization function over said plurality of hidden ciphertext blocks to create a plurality of output ciphertext blocks each of λ
bits in length; and
further including machine-readable code for performing the following method steps;
receiving an input plaintext string;
generating a plurality of equal-sized blocks of λ
bits in length from the input plaintext string;
receiving an input ciphertext string including a plurality of n+1 equal-size blocks of the ciphertext of λ
bits in length, wherein the n+1 block of the ciphertext corresponds to an MDC block for said plaintext string;
receiving a new λ
-bit plaintext block to replace an λ
-bit plaintext block at index i;
creating a new MDC block of λ
bits in length that includes the result of applying a non-cryptographic Manipulation Detection Code (MDC) function to the plurality of said equal-size blocks and the new λ
-bit plaintext block;
performing the same plaintext randomization function as that used at a parallel encryption method over said new λ
-bit plaintext block and the new MDC block to create two new hidden plaintext blocks each of λ
bits in length using index i for the new λ
-bit plaintext block and index n+1 for the new MDC block;
processing each of said two new hidden plaintext blocks by a block cipher using said secret key (K) to obtain two new hidden ciphertext blocks;
performing the same hidden ciphertext randomization function as that used at a parallel encryption method over said two new hidden ciphertext blocks to create two new output ciphertext blocks each of λ
bits in length using index i for the new λ
-bit plaintext block and index n+1 for the new MDC block;
replacing in the input ciphertext string, the input ciphertext block at index i with the output ciphertext block for the new λ
-bit plaintext block and replace the input ciphertext block at index n+1 with the output ciphertext block for the new MDC block, to create a new ciphertext string; and
outputting the new ciphertext string. - View Dependent Claims (109, 110)
-
-
111. A program product for parallel encryption method for providing both data confidentiality and integrity for a message, including machine-readable program code for causing a machine to perform the method steps:
-
receiving an input plaintext string comprising a message;
generating a plurality of equal-sized blocks of λ
bits in length from the input plaintext string;
partitioning the padded input plaintext string into a plurality of equal-size blocks of λ
bits in length;
creating an MDC block of λ
bits in length that includes the result of applying a non-cryptographic Manipulation Detection Code (MDC) function to the plurality of said equal-size blocks;
performing a plaintext randomization function over said plurality of equal-sized blocks of the plaintext and the MDC block using a different plaintext index for each equal-sized block and the MDC block to create a plurality of hidden plaintext blocks each of λ
bits in length;
processing each of said hidden plaintext blocks by a block cipher using a secret key (K) to obtain a plurality of hidden ciphertext blocks;
performing a hidden ciphertext randomization function over said plurality of hidden ciphertext blocks using a different ciphertext index for each hidden ciphertext block to create a plurality of output ciphertext blocks each of λ
bits in length; and
further including machine-readable program code for performing an out-of-order decryption method for the parallel encryption method, which provides both data confidentiality and integrity, including code for;
receiving a string including a plurality of n+1 λ
-bit ciphertext blocks for decryption;
selecting n+1 ciphertext blocks from said plurality of ciphertext blocks representing n data blocks and one MDC block and performing a reverse hidden ciphertext randomization function on each of the selected n+1 ciphertext blocks using said ciphertext index to obtain a plurality of hidden ciphertext blocks each of λ
bits in length;
processing each of said hidden ciphertext blocks with the inverse of the block cipher used at an encryption method using said secret key (K) to obtain a plurality of hidden plaintext blocks; and
performing an inverse plaintext randomization function over said plurality of hidden plaintext blocks using said plaintext index to create a plurality of n decrypted plaintext data blocks and one decrypted MDC block each of λ
-bit length;
creating an MDC decryption block by applying the non-cryptographic Manipulation Detection Code function to the n decrypted plaintext data blocks in the same manner as at a parallel encryption method;
verifying integrity of the plaintext blocks by comparing said created MDC decryption block with the decrypted MDC block;
outputting the plurality of plaintext blocks as an accurate plaintext string if the integrity verification passes; and
outputting a failure indicator if the integrity verification fails. - View Dependent Claims (112, 114, 115, 117)
-
-
113. A system for a parallel encryption for providing both data confidentiality and integrity for a message, that updates a ciphertext string incrementally, comprising:
-
a first component for receiving an input plaintext string comprising a message;
a second component for generating a plurality of equal-sized blocks of λ
bits in length from the input plaintext string;
a third component for creating an MDC block of λ
bits in length that includes the result of applying a non-cryptographic Manipulation Detection Code (MDC) function to the plurality of said equal-size blocks;
a fourth component for performing a plaintext randomization function over said plurality of equal-sized blocks of the plaintext and the MDC block to create a plurality of hidden plaintext blocks each of λ
bits in length;
a fifth component for processing each of said hidden plaintext blocks by a block cipher using a secret key (K) to obtain a plurality of hidden ciphertext blocks;
a sixth component for performing a hidden ciphertext randomization function over said plurality of hidden ciphertext blocks to create a plurality of output ciphertext blocks each of λ
bits in length; and
further comprising;
a seventh component for receiving an input plaintext string;
an eight component for generating a plurality of equal-sized blocks of λ
bits in length from the input plaintext string;
a ninth component for receiving an input ciphertext string including a plurality of n+1 equal-size blocks of the ciphertext of λ
bits in length, wherein the n+1 block of the ciphertext corresponds to an MDC block for said plaintext string;
a tenth component for receiving a new λ
-bit plaintext block to replace an λ
-bit plaintext block at index i;
an eleventh component for creating a new MDC block of λ
bits in length that includes the result of applying a non-cryptographic Manipulation Detection Code (MDC) function to the plurality of said equal-size blocks and the new λ
-bit plaintext block;
a twelfth component for performing the same plaintext randomization function as that used at a parallel encryption method over said new λ
-bit plaintext block and the new MDC block to create two new hidden plaintext blocks each of λ
bits in length using index i for the new λ
-bit plaintext block and index n+1 for the new MDC block;
a thirteenth component for processing each of said two new hidden plaintext blocks by a block cipher using said secret key (K) to obtain two new hidden ciphertext blocks;
a fourteenth component for performing the same hidden ciphertext randomization function as that used at a parallel encryption method over said two new hidden ciphertext blocks to create two new output ciphertext blocks each of λ
bits in length using index i for the new λ
-bit plaintext block and index n+1 for the new MDC block;
a fifteenth component for replacing in the input ciphertext string, the input ciphertext block at index i with the output ciphertext block for the new λ
-bit plaintext block and replace the input ciphertext block at index n+1 with the output ciphertext block for the new MDC block, to create a new ciphertext string; and
a sixteenth component for outputting the new ciphertext string.
-
-
116. A system for parallel encryption method for providing both data confidentiality and integrity for a message, comprising:
-
a first component for receiving an input plaintext string comprising a message;
a second component for generating a plurality of equal-sized blocks of λ
bits in length from the input plaintext string;
a third component for partitioning the padded input plaintext string into a plurality of equal-size blocks of λ
bits in length;
a fourth component for creating an MDC block of λ
bits in length that includes the result of applying a non-cryptographic Manipulation Detection Code (MDC) function to the plurality of said equal-size blocks;
a fifth component for performing a plaintext randomization function over said plurality of equal-sized blocks of the plaintext and the MDC block using a different plaintext index for each equal-sized block and the MDC block to create a plurality of hidden plaintext blocks each of λ
bits in length;
a sixth component for processing each of said hidden plaintext blocks by a block cipher using a secret key (K) to obtain a plurality of hidden ciphertext blocks;
a seventh component for performing a hidden ciphertext randomization function over said plurality of hidden ciphertext blocks using a different ciphertext index for each hidden ciphertext block to create a plurality of output ciphertext blocks each of λ
bits in length; and
further comprising for performing an out-of-order decryption method for the parallel encryption method, which provides both data confidentiality and integrity;
an eighth component for receiving a string including a plurality of n+1 λ
-bit ciphertext blocks for decryption;
a ninth component for selecting n+1 ciphertext blocks from said plurality of ciphertext blocks representing n data blocks and one MDC block and performing a reverse hidden ciphertext randomization function on each of the selected n+1 ciphertext blocks using said ciphertext index to obtain a plurality of hidden ciphertext blocks each of λ
bits in length;
a tenth component for processing each of said hidden ciphertext blocks with the inverse of the block cipher used at an encryption method using said secret key (K) to obtain a plurality of hidden plaintext blocks; and
an eleventh component for performing an inverse plaintext randomization function over said plurality of hidden plaintext blocks using said plaintext index to create a plurality of n decrypted plaintext data blocks and one decrypted MDC block each of λ
-bit length;
a twelfth component for creating an MDC decryption block by applying the non-cryptographic Manipulation Detection Code function to the n decrypted plaintext data blocks in the same manner as at a parallel encryption method;
a thirteenth component for verifying integrity of the plaintext blocks by comparing said created MDC decryption block with the decrypted MDC block;
a fourteenth component for outputting the plurality of plaintext blocks as an accurate plaintext string if the integrity verification passes; and
a fifteenth component for outputting a failure indicator if the integrity verification fails.
-
Specification