Fast encryption and authentication for data processing systems
First Claim
1. A method for encrypting and authenticating data as a single entity, comprising:
- arranging data into a plurality of plaintext blocks, determining a plurality of noise blocks using a nonce value and a first key;
determining a plurality of ciphertext blocks by combining each of the plurality of plaintext blocks with a corresponding noise block to form an intermediate plaintext block, encrypting the intermediate plaintext block to form an intermediate ciphertext block, and combining the intermediate ciphertext block with the corresponding noise block to form a plurality of ciphertext blocks;
computing an input checksum value by combining the plurality of plaintext blocks that are not specified by at least one cleartext position and a noise block;
computing an output checksum value by combining the plurality of ciphertext blocks that are specified by the at least one cleartext position and another noise block;
computing an authentication tag by encrypting the input checksum value and combining the encrypted input checksum value with the output checksum value;
replacing each of the plurality of ciphertext blocks that is specified by the at least one cleartext position with a corresponding plaintext block; and
appending the authentication tag.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus are presented for secure, authenticated communication and data storage. The methods can be based on other methods such as IAPM, in which the encryption and authentication keys are of the same strength. In the HR-IAPM mode, a sender encrypts the data as in the IAPM mode using two encryption keys K0 and K1. The sender then XORs the plaintexts with corresponding ciphertexts, and combines the results to form a checksum This checksum is encrypted under the authentication key K2, this value is appended to the encrypted message as a message authentication code (MAC). The receiver decrypts as with IAPM, XORs the plaintexts with the corresponding ciphertexts and combines these values to form a checksum. The receiver then encrypts the checksum under the authentication key K2 and verifies that the resulting value agrees with the MAC. The HR mode allows blocks to be sent un-encrypted if desired.
74 Citations
18 Claims
-
1. A method for encrypting and authenticating data as a single entity, comprising:
-
arranging data into a plurality of plaintext blocks, determining a plurality of noise blocks using a nonce value and a first key;
determining a plurality of ciphertext blocks by combining each of the plurality of plaintext blocks with a corresponding noise block to form an intermediate plaintext block, encrypting the intermediate plaintext block to form an intermediate ciphertext block, and combining the intermediate ciphertext block with the corresponding noise block to form a plurality of ciphertext blocks;
computing an input checksum value by combining the plurality of plaintext blocks that are not specified by at least one cleartext position and a noise block;
computing an output checksum value by combining the plurality of ciphertext blocks that are specified by the at least one cleartext position and another noise block;
computing an authentication tag by encrypting the input checksum value and combining the encrypted input checksum value with the output checksum value;
replacing each of the plurality of ciphertext blocks that is specified by the at least one cleartext position with a corresponding plaintext block; and
appending the authentication tag. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for decrypting and verifying a plurality of received transmission blocks accompanied by an authentication tag, comprising:
-
determining a plurality of noise blocks using a nonce value;
for each of the plurality of received transmission blocks not specified by a cleartext position, determining a first plurality of plaintext blocks using a decryption mode;
for each of the plurality of received transmission blocks specified by a cleartext position, determining a plurality of secondary ciphertext blocks using an encryption mode;
determining a second plurality of plaintext blocks by setting each of the second plurality of plaintext blocks equal to a corresponding one of the plurality of received transmission blocks specified by a cleartext position;
computing an input checksum value based on the first plurality of plaintext blocks and the last noise block;
computing an output checksum value based on the plurality of second ciphertext blocks and the first noise block; and
verifying the authentication tag using the input checksum value and the output checksum value. - View Dependent Claims (10, 11, 12)
-
-
13. Apparatus for encrypting and authenticating data as a single entity, comprising:
-
at least one memory element; and
at least one processing element configured to execute a set of instructions stored on the at least one memory element, the set of instructions for;
determining a plurality of noise blocks using a nonce value and a first key;
determining a plurality of ciphertext blocks by combining each of the plurality of plaintext blocks with a corresponding noise block to form an intermediate plaintext block, encrypting the intermediate plaintext block to form an intermediate ciphertext block, and combining the intermediate ciphertext block with the corresponding noise block to form a plurality of ciphertext blocks;
computing an input checksum value by combining the plurality of plaintext blocks that are not specified by at least one cleartext position and a noise block;
computing an output checksum value by combining the plurality of ciphertext blocks that are specified by the at least one cleartext position and another noise block;
computing an authentication tag by encrypting the input checksum value and combining the encrypted input checksum value with the output checksum value;
replacing each of the plurality of ciphertext blocks that is specified by the at least one cleartext position with a corresponding plaintext block; and
appending the authentication tag.
-
-
14. Apparatus for decrypting and verifying a plurality of received transmission blocks accompanied by an authentication tag, comprising:
-
at least one memory element; and
at least one processing element, the at least one processing element configured to execute a set of instructions store on the at least one memory element, the set of instructions for;
determining a plurality of noise blocks using a nonce value;
for each of the plurality of received transmission blocks not specified by a cleartext position, determining a first plurality of plaintext blocks using a decryption mode;
for each of the plurality of received transmission blocks specified by a cleartext position, determining a plurality of secondary ciphertext blocks using an encryption mode;
determining a second plurality of plaintext blocks by setting each of the second plurality of plaintext blocks equal to a corresponding one of the plurality of received transmission blocks specified by a cleartext position;
computing an input checksum value based on the first plurality of plaintext blocks and a noise block;
computing an output checksum value based on the plurality of second ciphertext blocks and another noise block; and
verifying the authentication tag using the input checksum value and the output checksum value.
-
-
15. Apparatus for encrypting and authenticating data as a single entity, comprising:
-
means for determining a plurality of noise blocks using a nonce value and a first key;
means for determining a plurality of ciphertext blocks by combining each of the plurality of plaintext blocks with a corresponding noise block to form an intermediate plaintext block, encrypting the intermediate plaintext block to form an intermediate ciphertext block, and combining the intermediate ciphertext block with the corresponding noise block to form a plurality of ciphertext blocks;
means for computing an input checksum value by combining the plurality of plaintext blocks that are not specified by at least one cleartext position and a noise block;
means for computing an output checksum value by combining the plurality of ciphertext blocks that are specified by the at least one cleartext position and another noise block;
means for computing an authentication tag by encrypting the input checksum value and combining the encrypted input checksum value with the output checksum value;
means for replacing each of the plurality of ciphertext blocks that is specified by the at least one cleartext position with a corresponding plaintext block; and
means for appending the authentication tag.
-
-
16. Apparatus for decrypting and verifying a plurality of received transmission blocks accompanied by an authentication tag, comprising:
-
means for determining a plurality of noise blocks using a nonce value;
means for for each of the plurality of received transmission blocks not specified by a cleartext position, determining a first plurality of plaintext blocks using a decryption mode;
means for for each of the plurality of received transmission blocks specified by a cleartext position, determining a plurality of secondary ciphertext blocks using an encryption mode;
means for determining a second plurality of plaintext blocks by setting each of the second plurality of plaintext blocks equal to a corresponding one of the plurality of received transmission blocks specified by a cleartext position;
means for computing an input checksum value based on the first plurality of plaintext blocks and a noise block;
means for computing an output checksum value based on the plurality of second ciphertext blocks and another noise block; and
means for verifying the authentication tag using the input checksum value and the output checksum value.
-
-
17. A method for secure data transmissions, wherein a first portion of the data transmission is sent as plaintext, a second portion of the data transmission is sent as ciphertext, and all of the data transmission is authenticated, the method comprising:
-
encrypting the first portion of the data transmission a first ciphertext portion and the second portion of the data transmission into a second ciphertext portion, wherein the first portion of the data transmission is specified by a set of cleartext positions and the second portion of the data transmission is not associated with any one of the set of cleartext positions;
generating an input checksum value using the second portion of the data transmission and a noise block;
generating an output checksum value using the second ciphertext portion and another noise block;
forming an authentication tag from the input checksum value and the output checksum value; and
transmitting the first portion of the data transmission, the second ciphertext portion, and the authentication tag.
-
-
18. Apparatus for secure data transmissions, wherein a first portion of the data transmission is sent as plaintext, a second portion of the data transmission is sent as ciphertext, and all of the data transmission is authenticated, the apparatus comprising:
-
means for encrypting the first portion of the data transmission a first ciphertext portion and the second portion of the data transmission into a second ciphertext portion, wherein the first portion of the data transmission is specified by a set of cleartext positions and the second portion of the data transmission is not associated with any one of the set of cleartext positions;
means for generating an input checksum value using the second portion of the data transmission and a noise block;
means for generating an output checksum value using the second ciphertext portion and another noise block;
means for forming an authentication tag from the input checksum value and the output checksum value; and
means for selecting the first portion of the data transmission, the second ciphertext portion, and authentication tag for transmission.
-
Specification