Method and System for High Throughput Blockwise Independent Encryption/Decryption
First Claim
1. A method of encrypting a plurality of data blocks, each data block comprising a plurality of data bits, the method comprising;
- combining each data block with a corresponding bit vector using a reversible combinatorial operation to thereby create a plurality of data block-bit vector combinations; and
encrypting each data block-bit vector combination using a key encryption operation; and
wherein each bit vector has a value that is independent of all key encryption operations that were previously performed on the data block-bit vector combinations created from the other data blocks of the plurality of data blocks.
4 Assignments
0 Petitions
Accused Products
Abstract
An encryption technique is disclosed for encrypting a data segment comprising a plurality of data blocks, wherein the security and throughput of the encryption is enhanced by using blockwise independent bit vectors for reversible combination with the data blocks prior to key encryption. Preferably, the blockwise independent bit vectors are derived from a data tag associated with the data segment. Several embodiments are disclosed for generating these blockwise independent bit vectors. In a preferred embodiment, the data tag comprises a logical block address (LBA) for the data segment. Also disclosed herein is a corresponding decryption technique as well as a corresponding symmetrical encryption/decryption technique.
-
Citations
113 Claims
-
1. A method of encrypting a plurality of data blocks, each data block comprising a plurality of data bits, the method comprising;
-
combining each data block with a corresponding bit vector using a reversible combinatorial operation to thereby create a plurality of data block-bit vector combinations; and
encrypting each data block-bit vector combination using a key encryption operation; and
wherein each bit vector has a value that is independent of all key encryption operations that were previously performed on the data block-bit vector combinations created from the other data blocks of the plurality of data blocks. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A system for encrypting a plurality of data blocks, each data block comprising a plurality of data bits, the system comprising:
-
a bit vector generation stage configured to generate a plurality of blockwise independent bit vectors;
a reversible combinatorial operation stage configured to reversibly combine each data block with a corresponding one of the generated bit vectors to in turn generate a plurality of data block-bit vector combinations; and
an encryption stage configured to perform an encryption operation on the data block-bit vector combinations. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58)
-
-
59. A system for encrypting a stream of data blocks, each data block comprising a plurality of data bits, the system comprising:
-
a randomizer circuit for randomizing a plurality of the data blocks prior to encryption independently of the other data blocks; and
an encryptor circuit for encrypting each of the randomized data blocks. - View Dependent Claims (60, 61, 62, 63, 64, 65, 66, 67, 68, 69)
-
-
70. A method of decrypting a plurality of encrypted data block-bit vector combinations of a data segment, the data segment comprising a plurality of encrypted data block-bit vector combinations, each encrypted data block-bit vector combination comprising a plurality of data bits, the method comprising:
-
decrypting a plurality of the encrypted data block-bit vector combinations using a decryption operation to thereby generate a plurality of decrypted data block-bit vector combinations; and
combining each decrypted data block-bit vector combination with a corresponding bit vector using a reversible combinatorial operation to thereby create a plurality of decrypted data blocks; and
wherein each bit vector has a value that is independent of all decryption operations that were previously performed on the encrypted data block-bit vector combinations for the data segment, and wherein each corresponding bit vector is the same bit vector that was reversibly combined with the data block from which the encrypted data block-bit vector combination was derived during encryption thereof. - View Dependent Claims (71, 72, 73, 74, 75, 76, 77, 78, 79, 80)
-
-
81. A system for decrypting a plurality of encrypted data block-bit vector combinations of a data segment, the data segment comprising a plurality of encrypted data block-bit vector combinations, each encrypted data block-bit vector combination comprising a plurality of data bits, the system comprising:
-
a bit vector generation stage configured to generate a plurality of blockwise independent bit vectors;
a decryption stage configured to perform a decryption operation on a plurality of the encrypted data block-bit vector combinations to thereby generate a plurality of decrypted data block-bit vector combinations; and
a reversible combinatorial operation stage configured to reversibly combine each decrypted data block-bit vector combination with a corresponding one of the bit vectors to generate a plurality of decrypted data blocks; and
wherein each corresponding bit vector is the same bit vector that was reversibly combined with the data block from which the encrypted data block-bit vector combination was derived during encryption thereof. - View Dependent Claims (82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95)
-
-
96. A method for symmetrically encrypting/decrypting a plurality of data blocks of a data segment, each data block comprising a plurality of data bits, the method comprising:
-
receiving a plurality of the data blocks of the data segment;
reversibly combining each of the received data blocks with a corresponding bit vector to thereby generate a plurality of data block-bit vector combinations;
performing a block cipher operation on each of the data block-bit vector combinations to thereby generate a plurality of block ciphered data block-bit vector combinations; and
reversibly combining each of the block ciphered data block-bit vector combinations with a corresponding bit vector to thereby generate a plurality of encrypted/decrypted data blocks; and
wherein the bit vectors possess values that are independent of the block cipher operations performed on the different data block-bit vector combinations. - View Dependent Claims (97, 98, 99, 100)
-
-
101. A system for symmetrically encrypting/decrypting a plurality of data blocks of a data segment, each data block comprising a plurality of data bits, the system comprising:
-
a first reversible combinatorial operation circuit that is configured to receive a plurality of the data blocks of the data segment and reversibly combine each of the received data blocks with a corresponding bit vector to thereby generate a plurality of data block-bit vector combinations;
a block cipher operation circuit in communication with the first reversible combination operation circuit, wherein the block cipher operation circuit is configured to perform a block cipher operation on each of the data block-bit vector combinations to thereby generate a plurality of block ciphered data block-bit vector combinations; and
a second reversible combinatorial operation circuit in communication with the block cipher operation circuit, wherein the second reversible combinatorial operation circuit is configured to reversibly combine each of the block ciphered data block-bit vector combinations with a corresponding bit vector to thereby generate a plurality of encrypted/decrypted data blocks; and
wherein the bit vectors possess values that are independent of the block cipher operations performed on the different data block-bit vector combinations. - View Dependent Claims (102, 103, 104, 105, 106)
-
-
107. A method of encrypting a data segment, the data segment comprising a plurality of data blocks, each data block comprising a plurality of data bits, the method comprising:
-
encrypting a first plurality of data blocks of the data segment by (1) generating a first plurality of bit vectors, (2) reversibly combining each of the first plurality of data blocks with a corresponding one of the first plurality of bit vectors to thereby generate a first plurality of data block-bit vector combinations, and (3) performing an encryption operation on the first plurality of data block-bit vector combinations, wherein the first plurality of bit vectors have values that are independent of the encryption operations performed on the first plurality of data blocks; and
encrypting a second plurality of data blocks of the data segment by (1) generating a second plurality of bit vectors based at least in part upon a value of one of the first plurality of encrypted data block-bit vector combinations, (2) reversibly combining each of the second plurality of data blocks with a corresponding one of the second plurality of bit vectors to thereby generate a second plurality of data block-bit vector combinations, and (3) performing an encryption operation on the second plurality of data block-bit vector combinations. - View Dependent Claims (108, 109, 110)
-
-
111. A method of encrypting a data segment, said data segment comprising a plurality of data block groups, each of said data block groups comprising a plurality of data blocks, the method comprising:
-
encrypting the data blocks of a first data block group based at least in part upon a first plurality of bit vectors that are combined with the data blocks of the first data block group, wherein the bit vectors of the first plurality of bit vectors comprise blockwise independent bit vectors;
creating a second plurality of bit vectors based at least at part on one of the previously encrypted data blocks; and
encrypting the data blocks of a data block group after the first data block group based at least in part upon the second plurality of bit vectors that are combined with the data blocks of the data block group after the first data block group.
-
-
112. A system for encrypting a plurality of data block groups, at least some of said data block groups comprising a plurality of data blocks, said system comprising:
-
an encryptor circuit; and
a sequence generator circuit configured to generate at least two types of bit vectors for use by the encryptor circuit, a first type of bit vector being blockwise independent and a second type of bit vector being dependent on at least one encrypted data block of a prior data block group;
wherein the encryptor circuit is configured to (1) reversibly combine the data blocks of at least one of the data groups comprising a plurality of data blocks with a plurality of bit vectors of the first type to thereby generate a first plurality of data block-bit vector combinations, and (2) encrypt the first plurality of data block-bit vector combinations. - View Dependent Claims (113)
-
Specification