Block cipher system for data security
First Claim
1. A device for ciphering a message block of data bits under control of a set of cipher key bits by a predetermined number of iteration operations, said cipher device comprising:
- first store means storing a first half of said message block of data bits,second store means storing a second half of said message block of data bits,control means including third store means storing said set of cipher key bits, andfirst linear transformation means connected to said third store means producing a permuted set of cipher key bits from said set of cipher key bits,expansion means connected to said first store means duplicating predetermined ones of the data bits of the first half of said message block to produce an expanded first half of said message block containing data bits equal in number to the number of cipher key bits in said permuted set of cipher key bits,means connected to said expansion means and said control means carrying out a substitution transformation function in accordance with the data bits of said expanded first half of said message block and the cipher key bits of said permuted set of cipher key bits to produce a substitution set of bits equal in number to the number of bits in the first half of said message block,second linear transformation means connected to said substitution transformation means producing a permuted substitution set of bits,the combined transformation performed by said substitution transformation means and said second linear transformation means resulting in a product block cipher of the first half of said message block,means connected to said second store means and said second linear transformation means modifying the data bits of the second half of said message block in accordance with the product block cipher of the first half of said message block to produce a set of bits representing a modified second half of said message block,means connected between said modifying means and said first store means to load said modified second half of said message block from said modifying means into said first store means, andmeans connected between said first store means and said second store means to load the first half of said message block from said first store means into said second store means concurrently with said modified second half of said message block being loaded into said first store means to complete a first iteration operation of said cipher device.
0 Assignments
0 Petitions
Accused Products
Abstract
A device for ciphering message blocks of data bits under control of a cipher key. The cipher device performs an enciphering process for each message block of data by carrying out a predetermined number of iteration operations in the first of which a first half of the message block of data bits is first expanded by duplicating predetermined ones of the data bits. The data bits of the expanded message block are combined by modulo-2 addition with an equal number of cipher key bits, selected in accordance with an arbitrary but fixed permutation, to produce a plurality of multi-bit segments forming the arguments for a plurality of different nonlinear substitution function boxes. The substitution boxes perform a plurality of nonlinear transformation functions to produce a substitution set of bits which are equal in number to the number of data bits in the first half of the message block. The substitution set of bits is then subjected to a linear transformation in accordance with an arbitrary but fixed permutation. The combined nonlinear transformation and linear transformation results in a product block cipher of the first half of the message block. The second half of the message block is then modified by modulo-2 addition with the product block cipher of the first half of the message block to produce a modified second half of the message. The modified second half of the message block then replaces the first half of the message block which at the same time replaces the second half of the message block in preparation for the next iteration operation. During the next iteration operation, the cipher key bits are shifted according to a predetermined shift schedule to provide a new set of permuted cipher key bits. The modified second half of the message block is then used with the new set of permuted cipher ket bits in a similar product block cipher operation, the result of which is used to modify the first half of the message block. The modified first half of the message block then replaces the modified second half of the message block which at the same time replaces the first half of the message block in preparation for the next iteration operation. During each of the remaining iteration operations of the enciphering process except the last, the cipher key bits are shifted according to the predetermined shift schedule, a modified half of the message block is remodified according to a product block cipher of the previously modified half of the message block and the resulting remodified half of a message block is effectively transposed with the previously modified half of the message block. During the last iteration operation, the cipher key bits are shifted a last time according to the shift schedule and a last remodification of a modified half of the message block is performed according to a product block cipher of the previously modified half of the message block but the resulting remodified half of the message block and the previously modified half of the message block are not transposed and now constitute the enciphered version of the original message block. Deciphering an enciphered message block is carried out by the same series of iteration operations under control of the same cipher key shifted during the iteration operations according to a predetermined shift schedule in a direction opposite to that in the enciphering process to reverse the enciphering process and undo every iteration that was carried out in the enciphering process to produce a resulting message block identical with the original message block.
256 Citations
16 Claims
-
1. A device for ciphering a message block of data bits under control of a set of cipher key bits by a predetermined number of iteration operations, said cipher device comprising:
-
first store means storing a first half of said message block of data bits, second store means storing a second half of said message block of data bits, control means including third store means storing said set of cipher key bits, and first linear transformation means connected to said third store means producing a permuted set of cipher key bits from said set of cipher key bits, expansion means connected to said first store means duplicating predetermined ones of the data bits of the first half of said message block to produce an expanded first half of said message block containing data bits equal in number to the number of cipher key bits in said permuted set of cipher key bits, means connected to said expansion means and said control means carrying out a substitution transformation function in accordance with the data bits of said expanded first half of said message block and the cipher key bits of said permuted set of cipher key bits to produce a substitution set of bits equal in number to the number of bits in the first half of said message block, second linear transformation means connected to said substitution transformation means producing a permuted substitution set of bits, the combined transformation performed by said substitution transformation means and said second linear transformation means resulting in a product block cipher of the first half of said message block, means connected to said second store means and said second linear transformation means modifying the data bits of the second half of said message block in accordance with the product block cipher of the first half of said message block to produce a set of bits representing a modified second half of said message block, means connected between said modifying means and said first store means to load said modified second half of said message block from said modifying means into said first store means, and means connected between said first store means and said second store means to load the first half of said message block from said first store means into said second store means concurrently with said modified second half of said message block being loaded into said first store means to complete a first iteration operation of said cipher device. - View Dependent Claims (2, 3)
-
-
4. A device for enciphering message blocks of data bits under control of a set of cipher key bits by a predetermined number of iteration operations, said cipher device comprising:
-
first store means storing a first half of message block of data bits, second store means storing a second half of a message block of data bits, control means including third store means storing said set of cipher key bits, and first linear transformation means connected to said third store means producing a permuted set of cipher key bits from said set of cipher key bits, means shifting said set of cipher key bits in said control means in a predetermined direction according to a predetermined shift schedule to produce a preshifted permuted set of cipher key bits, expansion means connected to said first store means duplicating predetermined ones of the data bits of the first half of said message block to produce an expanded first half of said message block containing data bits equal in number to the number of cipher key bits in said preshifted permuted set of cipher key bits, means connected to said expansion means and said control means carrying out a substitution transformation function in accordance with the data bits of said expanded first half of said message block and the cipher ket bits of said preshifted permuted set of cipher key bits to produce a substitution set of bits equal in number to the number of bits in the first half of said message block, l second linear transformation means connected to said substitution transformation means producing a permuted substitution set of bits, means connected to said second store means and said second linear transformation means modifying the data bits of the second half of said message block in accordance with said permuted substitution set of bits to produce a set of data bits representing a modified second half of said message block, means connected between said modifying means and said first store means to load said modified second half of said message block of data from said modifying means into said first store means, and means connected between said first store means and said second store means to load the first half of said message block of data from said first store means into said second store means concurrently with said modified second half of said message block of data being loaded into said first store means to complete a first iteration operation of said encipher device, whereby said encipher device is effective during a second iteration operation to shift the set of cipher key bits in said control means in said predetermined direction according to said predetermined shift schedule to produce a new permuted set of cipher key bits, modify the first half of said message block of data stored in said second store means in accordance with the modified second half of said message block of data stored in said first store means and said new permuted set of cipher key bits to produce a modified first half of said message block of data and concurrently load the modified first half of said message block of data from said modifying means into said first store means and the modified second half of said message block of data from said first store means into said second store means. - View Dependent Claims (5)
-
-
6. A device for enciphering 64-bit message blocks of data under control of a set of cipher key bits by a predetermined number of iteration operations, said encipher device comprising:
-
first store means storing a 32-bit first half of a message block of data, second store means storing a 32-bit second half of a message block of data, control means including third store means storing said set of cipher key bits, and first linear transformation means connected to said third store means producing a 48-bit permuted set of cipher key bits from said set of cipher key bits, means shifting said set of cipher key bits in said control means in a predetermined direction according to a predetermined shift schedule to produce a preshifted 48-bit permuted set of cipher key bits, expansion means connected to said first store means duplicating 16 predetermined ones of the data bits of the 32-bit first half of said message block to produce an expanded 48-bit first half of said message block, means connected to said expansion means and said control means carrying out a substitution transformation function in accordance with the 48 data bits of said expanded first half of said message block and the 48 cipher key bits of said preshifted permuted set of cipher key bits to produce a substitution set of 32 bits, second linear transformation means connected to said substitution transformation means producing a permuted substitution set of 32 bits, means connected to said second store means and said second linear transformation means modifying the data bits of the 32-bit second half of said message block in accordance with said permuted substitution set of 32 bits to produce a set of 32 data bits representing a modified second half of said message block, means connected between said modifying means and said first store means to load said modified 32-bit second half of said message block of data from said modifying means into said first store means, and means connected between said first store means and said second store means to load the 32-bit first half of said message block of data from said first store means into said second store means concurrently with said modified 32-bit second half of said message block of data being loaded into said first store means to complete a first iteration operation of said encipher device, whereby said encipher device is effective during a second iteration operation to shift the set of cipher key bits in said control means in said predetermined direction according to said predetermined shift schedule to produce a new 48-bit permuted set of cipher key bits, modify the 32-bit first half of said message block of data stored in said second store means in accordance with the modified 32-bit second half of said message block of data stored in said first store means and said new 48-bit permuted set of cipher key bits to produce a modified 32-bit first half of said message block of data and concurrently load the modified 32-bit first half of said message block of data from said modifying means into said first store means and the modified 32-bit second half of said message block of data from said first store means into said second store means. - View Dependent Claims (7)
-
-
8. A device for deciphering enciphered message blocks of data bits under control of a set of cipher key bits by a predetermined number of iteration operations, said deciper device comprising:
-
first store means storing a first half of an enciphered message block of data bits, second store means storing a second half of an enciphered message block of data bits, control means including third store means storing said set of cipher key bits, and first linear transformation means connected to said third store means producing a permuted set of cipher key bits from said set of cipher key bits, expansion means connected to said first store means duplicating predetermined ones of the data bits of the first half of said enciphered message block to produce an expanded first half of said enciphered message block containing data bits equal in number to the number of cipher key bits in said permuted set of cipher key bits, means connected to said expansion means and said control means carrying out a substitution transformation function in accordance with the data bits of said expanded first half of said enciphered message block and the cipher key bits of said permuted set of cipher key bits to produce a substitution set of bits equal in number to the number of bits in the first half of said enciphered message block, second linear transformation means connected to said substitition transformation means producing a permuted substitution set of bits, means connected to said second store means and said second linear transformation means modifying the data bits of the second half of said enciphered message block in accordance with said permuted substitution set of bits to produce a set of data bits representing a modified second half of said enciphered message block, means connected between said modifying means and said first store means to load said modified second half of said enciphered message block of data from said modifying means into said first store means, means connected between said first store means and said second store means to load the first half of said enciphered message block of data from said first store means into said second store means concurrently with said modified second half of said enciphered message block of data being loaded into said first store means to complete a first iteration operation of said decipher device, and means effective during a second iteration operation to shift said set of cipher key bits in said control means in a predetermined direction according to a predetermined shift schedule to produce a new permuted set of cipher key bits, whereby said decipher device is further effective during said second iteration operation to modify the first half of said enciphered message block of data stored in said second store means in accordance with the modified second half of said enciphered message block of data stored in said first store means and said new permuted set of cipher key bits to produce a modified first half of said enciphered message block of data and concurrently load the modified first half of said enciphered message block of data from said modifying means into said first store means and the modified second half of said enciphered message block of data from said first store means into said second store means to complete said second iteration operation of said decipher device. - View Dependent Claims (9)
-
-
10. A device for deciphering 64-bit enciphered message blocks of data under control of a set of cipher key bits by a predetermined number of iteration operations, said decipher device comprising:
-
first store means storing a 32-bit first half of an enciphered message block of data, second store means storing a 32-bit second half of a message block of data, control means including third store means storing said set of cipher key bits, and first linear transformation means connected to said third store means producing a 48-bit permuted set of cipher key bits from said set of cipher key bits, expansion means connected to said first store means duplicating 16 predetermined ones of the data bits of the 32-bit first half of said enciphered message block to produce an expanded 48-bit first half of said enciphered message block, means connected to said expansion means and said control means carrying out a substitution transformation function in accordance with the 48 data bits of said expanded first half of said enciphered message block and the 48 cipher key bits of said permuted set of cipher key bits to produce a substitution set of 32 bits, second linear transformation means connected to said substitution transformation means producing a permuted substitution set of 32 bits, means connected to said second store means and said second linear transformation means modifying the data bits of the 32-bit second half of said enciphered message block in accordance with said permuted substitution set of 32 bits to produce a set of 32 data bits representing a modified second half of said enciphered message block, means connected between said modifying means and said first store means to load said modified 32-bit second half of said enciphered message block of data from said modifying means into said first store means, means connected between said first store means and said second store means to load the 32-bit first half of said enciphered message block of data from said first store means into said second store means concurrently with said modified 32-bit second half of said enciphered message block of data being loaded into said first store means to complete a first iteration operation of said decipher device, and means effective during a second iteration operation to shift said set of cipher key bits in said control means in a predetermined direction according to a predetermined shift schedule to produce a new 48-bit permuted set of cipher key bits, whereby said decipher device is effective during said second iteration operation to modify the 32-bit first half of said enciphered message block of data stored in said second store means in accordance with the modified 32-bit second half of said enciphered message block of data stored in said first store means and said new 48-bit permuted set of cipher key bits to produce a modified 32-bit first half of said enciphered message block of data and concurrently load the modified 32-bit first half of said enciphered message block of data from said modifying means into said first store means and the modified 32-bit half of said enciphered message block of data from said first store means into said second store means to complete said second iteration operation of said decipher device. - View Dependent Claims (11)
-
-
12. In a data processing network having a sending station including an encipher device to encipher a message block of data bits under control of a first set of cipher key bits by a predetermined number of iteration operations for transmission to a receiving station including a decipher device to decipher said enciphered message block of data bits under control of a second set of cipher key bits by an equal predetermined number of iteration operations, said encipher device of said sending station comprising:
-
first store means storing a first half of said message block of data bits, second store means storing a second half of said message block of data bits, first control means including third store means storing said first set of cipher key bits, and first linear transformation means connected to said third store means producing a permuted set of cipher key bits from said first set of cipher key bits, first expansion means connected to said first store means duplicating predetermined ones of the data bits of the first half of said message block to produce an expanded first half of said message block containing data bits equal in number to the number of cipher key bits in said permuted set of cipher key bits, first substitution transformation means connected to said first expansion means and said first control means carrying out a substitution transformation function in accordance with the data bits of said expanded first half of said message block and the cipher key bits of said permuted set of cipher key bits to produce a first substitution set of bits equal in number to the number of bits in the first half of said message block, second linear transformation means connected to said first substitution transformation means producing a permuted first substitution set of bits, first modifying means connected to said second store means and said second linear transformation means modifying the data bits of the second half of said message block in accordance with said permuted first substitution set of bits to produce a set of bits representing a modified second half of said message block, means connected between said first modifying means and said first store means to load said modified second half of said message block from said first modifying means into said first store means, means connected between said first store means and said second store means to load the first half of said message block from said first store means into said second store means concurrently with said modified second half of said message block being loaded into said first store means to complete a first iteration operation of said encipher device, means effective during a second iteration operation to shift said first set of cipher key bits in said first control means in a first direction according to a first predetermined shift schedule to produce a new permuted set of cipher key bits, said encipher device being further effective during said second iteration operation to modify the first half of said message block of data stored in said second store means in accordance with said modified second half of said message block of data stored in said first store means and said new permuted set of cipher key bits to produce a modified first half of said message block of data in a similar manner in which the second half of said message block was modified during said first iteration operation of said encipher device and concurrently load said modified first half of said message block from said first modifying means into said first store means and said modified second half of said message block from said first store means into said second store means to complete said second iteration operation of said encipher device, said encipher device being further effective during the remaining iteration operations of said predetermined number of iteration operations each of which is performed in a similar manner as is performed in said second iteration operation to repetitively shift each set of cipher key bits in said first control means in said first direction according to said first predetermined shift schedule to produce another new permuted set of cipher key bits in each remaining iteration operation, remodify each modified half of said message block of data stored in said second store means in accordance with each previously modified half of said message block of data stored in said first store means and each other new permuted set of cipher key bits to produce a remodified half of said message block of data stored in said second store means in each remaining iteration operation, and concurrently load each presently remodified half of said message block of data from said first modifying means into said first store means and each previously modified half of said message block of data from said first store means into said second store means in each remaining iteration operation except the last, first output means, second output means, means connected between said first store means and said first output means effective after the last iteration operation to transfer the previously modified half of said message block from said first store means to said first output means, means connected between said first modifying means and said second output means effective after the last iteration operation to transfer the presently remodified half of said message block from said first modifying means to said second output means, whereby said first and second output means contain an encipher of said message block of data, and means to control said first and second output means to transmit said enciphered message block of data bits from said output means to said receiving station. - View Dependent Claims (13)
-
-
14. A process for performing a cipher operation on a message block of data bits comprising the steps of:
-
a. storing a first half of said message block of data bits in a first store means, b. storing a second half of said message block of data bits in a second store means, c. storing a set of cipher key bits in a third store means, d. linearly transforming said set of cipher key bits stored in said third store means to produce a transformed set of cipher key bits, e. duplicating predetermined ones of the data bits stored in said first store means to produce an expanded set of data bits equal in number to the number of cipher key bits in said transformed set of cipher key bits, f. carrying out a substitution transformation function in accordance with the data bits of said expanded set of data bits and the cipher key bits of said transformed set of cipher key bits to produce a substitution set of bits equal in number to the number of bits stored in said first store means, g. linearly transforming said substitution set of bits to produce a transformed substitution set of bits, h. modifying the data bits stored in said second store means in accordance with said transformed substitution set of bits to produce a set of bits representing a modified half of said message block of data, i. concurrently transferring said modified half of said message block of data to said first store means and the half of said message block of data stored in said first store means to said second store means, j. shifting said set of cipher key bits in said third store means in a predetermined direction according to a predetermined shift schedule to produce a new set of cipher key bits, k. repeating steps d to i to modify the half of said message block of data stored in said second store means in accordance with the modified half of said message block of data stored in said first store means and said new set of cipher key bits stored in said third store means to produce a modified half of said message block of data and concurrently transfer the presently modified half of said message block of data to said first store means and said previously modified half of said message block of data from said first store means to said second store means, and l. repeating steps j and k for a predetermined number of iterations to repetitively shift each new set of cipher key bits in said third store means in said predetermined direction according to said predetermined shift schedule to produce another new set of cipher key bits in each iteration, remodify each modified half of said message block of data store in said second store means in accordance with each modified half of said message block of data stored in said first store means and each other new set of cipher key bits in each iteration to produce a remodified half of said message block of data, and concurrently transfer each presently remodified half of said message block of data to said first store means and each previously remodified half of said message block of data from said first store means to said second store means in each iteration except the last, whereby the combination of said previously remodified half of said message block of data produced during the next to the last iteration and stored in said first store means and the presently remodified half of said message block of data produced during the last iteration represent a cipher of said message block of data.
-
-
15. A process for enciphering message blocks of data bits comprising the steps of:
-
a. storing a first half of a message block of data bits in a first store means, b. storing a second half of a message block of data bits in a second store means, c. storing a set of cipher key bits in a third store means, d. preshifting said set of cipher key bits in said third store means in a predetermined direction according to a predetermined shift schedule to provide a shifted set of cipher key bits, e. linearly transforming said shifted set of cipher key bits stored in said third store means to produce a transformed set of cipher key bits, f. duplicating predetermined ones of the data bits stored in said first store means to produce an expanded set of data bits equal in number to the number of cipher key bits in said transformed set of cipher key bits, g. carrying out a substitution transformation function in accordance with the data bits of said expanded set of data bits and the cipher key bits of said transformed set of cipher key bits to produce a substitution set of bits equal in number to the number of bits stored in said first store means, h. linearly transforming said substitution set of bits to produce a transformed substitution set of bits, i. modifying the data bits stored in said second store means in accordance with said transformed substitution set of bits to produce a set of data bits representing a modified half of said message block of data, j. concurrently transferring said modified half of said message block of data to said first store means and the half of said message block of data stored in said first store means to said second store means, k. shifting said set of cipher key bits in said third store means in said predetermined direction according to said predetermined shift schedule to produce a new set of cipher key bits, l. repeating steps e to j to modify the half of said message block of data stored in said second store means in accordance with the modified half of said message block of data stored in said first store means and said new set of cipher key bits stored in said third store means to produce a modified half of said message block of data and concurrently transfer the presently modified half of said message block of data to said first store means and said previously modified half of said message block of data from said first store means to said second store means, m. repeating steps k and l for a predetermined number of iterations to repetitively shift each new set of cipher key bits in said third store means in said predetermined direction according to said predetermined shift schedule to produce another new set of cipher key bits in each iteration, remodify each modified half of said message block of data stored in said second store means in accordance with each modified half of said message block of data stored in said first store means and each other new set of cipher key bits to produce a remodified half of said message block of data in each iteration, and concurrently transfer each presently remodified half of said message block of data to said first store means and each previously remodified half of said message block of data from said first store means to said second store means in each iteration except the last, whereby the combination of said previously remodified half of said message block of data produced during the next to the last iteration and stored in said first store means and the presently remodified half of said message block of data produced during the last iteration represent an encipher of said message block of data, and n. repeating steps a to m repetitively to encipher succeeding message blocks of data.
-
-
16. A process for deciphering enciphered message blocks of data comprising the steps of:
-
a. storing a first half of an enciphered message block of data bits in a first store means, b. storing a second half of an enciphered message block of data bits in a second store means, c. storing a set of cipher key bits in a third store means, d. linearly transforming said set of cipher key bits stored in said third store means to produce a transformed set of cipher key bits, e. duplicating predetermined ones of the data bits stored in said first store means to produce an expanded set of data bits equal in number to the number of cipher key bits in said transformed set of cipher key bits, f. carrying out a substitution transformation function in accordance with the data bits of said expanded set of data bits and the cipher key bits of said transformed set of cipher key bits to produce a substitution set of bits equal in number to the number of bits stored in said first store means, g. linearly transforming said substitution set of bits to produce a transformed substitution set of bits, h. modifying the data bits stored in said second store means in accordance with said transformed substitution set of bits to produce a set of data bits representing a modified half of said enciphered message block of data, i. concurrently transferring said modified half of said enciphered message block of data to said first store means and the half of said enciphered message block of data stored in said first store means to said second store means, j. shifting said set of cipher key bits in said third store means in a predetermined direction according to a predetermined shift schedule to present a new set of cipher key bits, k. repeating steps d to i to modify the half of said enciphered message block of data stored in said second store means in accordance with the modified half of said enciphered message block of data stored in said first store means and said new set of cipher key bits stored in said third store means and concurrently transfer the presently modified half of said enciphered message block of data to said first store means and said previously modified half of said enciphered message block of data from said first store means to said second store means, l. repeating steps j and k for a predetermined number of iterations to repetitively shift each new set of cipher key bits in said third store means in said predetermined direction according to said predetermined shift schedule to provide another new set of cipher key bits in each iteration, remodify each modified half of said enciphered message block of data store in said second store means in accordance with each modified half of said enciphered message block of data stored in said first store means and each other new set of cipher key bits in each iteration, and concurrently transfer each presently remodified half of said enciphered message block of data to said first store means and each previously remodified half of said enciphered message block of data from said first store means to said second store means in each iteration except the last, whereby the combination of said previously remodified half of said enciphered message block of data produced during the next to the last iteration and stored in said first store means and the presently remodified half of said enciphered message block of data produced during the last iteration represent a decipher of said enciphered message block of data. m. post shifting the set of cipher key bits in said third store means in said predetermined direction according to said predetermined shift schedule after the last iteration to complete a revolution of said set of cipher key bits through said third store means, and n. repeating steps a to m repetitively to decipher succeeding enciphered message blocks of data.
-
Specification