Cryptographic system with masking

US 5,768,390 A
Filed: 07/17/1997
Issued: 06/16/1998
Est. Priority Date: 10/25/1995
Status: Expired due to Term

First Claim

Patent Images

1. A computer-implemented method of cryptographically transforming a sequence of input blocks of data into a corresponding sequence of output blocks of data, said sequence of input blocks comprising a first input block and one or more subsequent input blocks, each of said one or more subsequent input blocks having a previous input block, said method comprising the steps of:

enciphering each input block using a first key to generate a first encryption product;

combining each first encryption product by modular addition with a first secret masking value to generate a masked first encryption product, said first secret masking value being generated independently of said input blocks and being different for each subsequent input block;

enciphering each masked first encryption product using a second key to generate a second encryption product;

combining each second encryption product by modular addition with a second secret masking value to generate a masked second encryption product, said second secret masking value being generated independently of said input blocks and being different for each subsequent input block; and

enciphering each masked second encryption product using a third key to generate an output block corresponding to said input block.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for cryptographically transforming a sequence of input blocks of plaintext or ciphertext data into corresponding sequence of output blocks of data while providing enhanced protection against cryptographic attacks. Each input block is enciphered using a first key to generate a first encryption product, which is combined with a first secret masking value generated independently of the input blocks to generate a masked first encryption product. Each masked first encryption product is then enciphered using a second key to generate a second encryption product, which is combined with a second secret masking value generated independently of the input blocks to generate a masked second encryption product. Finally, each masked second encryption result is enciphered using a third key to generate an output block corresponding to the input block.

Citations

25 Claims

1. A computer-implemented method of cryptographically transforming a sequence of input blocks of data into a corresponding sequence of output blocks of data, said sequence of input blocks comprising a first input block and one or more subsequent input blocks, each of said one or more subsequent input blocks having a previous input block, said method comprising the steps of:
- enciphering each input block using a first key to generate a first encryption product;
  
  combining each first encryption product by modular addition with a first secret masking value to generate a masked first encryption product, said first secret masking value being generated independently of said input blocks and being different for each subsequent input block;
  
  enciphering each masked first encryption product using a second key to generate a second encryption product;
  
  combining each second encryption product by modular addition with a second secret masking value to generate a masked second encryption product, said second secret masking value being generated independently of said input blocks and being different for each subsequent input block; and
  
  enciphering each masked second encryption product using a third key to generate an output block corresponding to said input block.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1 wherein said one or more input blocks are plaintext blocks and said one or more output blocks are ciphertext blocks.
  - 3. The method of claim 2, comprising the further step of:
    - transforming said ciphertext blocks back into said plaintext blocks.
  - 4. The method of claim 2 wherein said ciphertext blocks are transmitted over a communications channel.
  - 5. The method of claim 1 wherein said one or more input blocks are ciphertext blocks and said one or more output blocks are plaintext blocks.
  - 6. The method of claim 5, comprising the initial step of:
    - generating said ciphertext blocks from said plaintext blocks.
  - 7. The method of claim 5 wherein said ciphertext blocks are transmitted over a communications channel.
  - 8. The method of claim 1 wherein said first key and said third key are the same.
  - 9. The method of claim 1 wherein said first key and said third key are different.
  - 10. The method of claim 1 wherein said first masking value and said second masking value are the same.
  - 11. The method of claim 1 wherein said first masking value and said second masking value are different.
  - 12. The method of claim 1, comprising the further step of:
    - combining each subsequent input block by modular addition with the output block generated for the previous input block before the subsequent input block is enciphered with said first key.
  - 13. The method of claim 12 wherein said first input block is combined with an initial chaining value before the subsequent input block enciphered with said first key.
  - 14. The method of claim 1 wherein the first and second masking values used for each subsequent input block are generated from the first and second masking values used for the previous input block.
  - 15. The method of claim 1 wherein the first and second masking values used for each subsequent input block are generated by enciphering the first and second masking values used for the previous input block.

16. Apparatus for cryptographically transforming a sequence of input blocks of data into a corresponding sequence of output blocks of data, said sequence of input blocks comprising a first input block and one or more subsequent input blocks, each of said one or more subsequent input blocks having a previous input block, said apparatus comprising:
- first enciphering means for enciphering each input block using a first key to generate a first encryption product;
  
  first masking means for combining each first encryption product by modular addition with a first secret masking value to generate a masked first encryption product, said first secret masking value being generated independently of said input blocks and being different for each subsequent input block;
  
  second enciphering means for enciphering each masked first encryption product using a second key to generate a second encryption product;
  
  second masking means for combining each second encryption product by modular addition with a second secret masking value to generate a masked second encryption product, said second secret masking value being generated independently of said input blocks and being different for each subsequent input block; and
  
  third enciphering means for enciphering each masked second encryption product using a third key to generate an output block corresponding to said input block.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The apparatus of claim 16, further comprising:
    - means for combining each subsequent input block by modular addition with the output block generated for the previous input block before the subsequent input block is enciphered with said first key.
  - 18. The apparatus of claim 16 wherein said one or more input blocks are plaintext blocks and said one or more output blocks are ciphertext blocks, said apparatus further comprising:
    - means for transforming said ciphertext blocks back into said plaintext blocks.
  - 19. The apparatus of claim 18 wherein said ciphertext blocks are transmitted over a communications channel.
  - 20. The apparatus of claim 16 wherein said one or input blocks are ciphertext blocks and said one or more output blocks are plaintext blocks, said apparatus further comprising:
    - means for initially generating said ciphertext blocks from said plaintext blocks.
  - 21. The apparatus of claim 20 wherein said ciphertext blocks are transmitted over a communications channel.
  - 22. The apparatus of claim 16 wherein the first and second masking values used for each subsequent input block are generated from the first and second masking values used for the previous input block.

23. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for cryptographically transforming a sequence of input blocks of data into a corresponding sequence of output blocks of data, said sequence of input blocks comprising a first input block and one or more subsequent input blocks, each of said one or more subsequent input blocks having a previous input block, said method steps comprising:
- enciphering each input block using a first key to generate a first encryption product;
  
  combining by modular addition each first encryption product with a first secret masking value to generate a masked first encryption product, said first secret masking value being generated independently of said input blocks and being different for each subsequent input block;
  
  enciphering each masked first encryption product using a second key to generate a second encryption product;
  
  combining by modular addition each second encryption product with a second secret masking value to generate a masked second encryption product, said second secret masking value being generated independently of said input blocks and being different for each subsequent input block; and
  
  enciphering each masked second encryption product using a third key to generate an output block corresponding to said input block.
- View Dependent Claims (24, 25)
- - 24. The program storage device of claim 23 wherein said method steps further comprise:
    - combining each subsequent input block by modular addition with the output block generated for the previous input block before the subsequent input block is enciphered with said first key.
  - 25. The program storage device of claim 23 wherein the first and second masking values used for each subsequent input block are generated from the first and second masking values used for the previous input block.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Matyas, Stephen Michael Jr., Coppersmith, Don, Johnson, Donald Byron
Primary Examiner(s)
Tarcza, Thomas H.
Assistant Examiner(s)
SAYADIAN, HRAYR

Application Number

US08/895,713
Time in Patent Office

334 Days
Field of Search

380/6, 380/37, 380/29, 380/42, 380/43, 380/44, 380/45
US Class Current

380/42
CPC Class Codes

H04L 2209/046   of operations, operands or ...

H04L 2209/125   Parallelization or pipelini...

H04L 9/0637   Modes of operation, e.g. ci...

Cryptographic system with masking

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic system with masking

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links