Scalable key agile cryptography
First Claim
Patent Images
1. A method of encrypting a plurality M of plain text blocks, the method comprising the steps of:
- providing a plurality N of memory locations, where M>
N and N>
1;
storing precomputed pseudorandom vectors in each of the plurality of memory locations; and
encrypting the ith plain text block, wherein M>
i>
N and wherein the step of encrypting the ith plain text block comprises the steps;
a) performing a first function CT(i)=f(PT(i),PV(i-N)), where CT(i) is the ith cipher text block, PT(i) is the plain text block for iteration i, PV(i-N) is the pseudorandom vector calculated during iteration i-N and the first function, f( ), is a first encryption algorithm;
b) calculating a new pseudorandom vector, wherein the step of calculating a new pseudorandom vector comprises the step of performing a second function PV(i)=g(PV(i-N))!g( ) on PV(i-N) to calculate PV(i), where PV(i) is the pseudorandom vector calculated during iteration i, PV(i-N) is the pseudorandom vector calculated during iteration i-N and the second function, g( ), is a second encryption algorithm; and
c) storing the new pseudorandom vector in one of the N memory locations.
7 Assignments
0 Petitions
Accused Products
Abstract
A system and method for encrypting blocks of plain text. Output FIFO memories are provided for decoupling pseudorandom vector generation from plain text encryption. The output FIFOs produce the effect of multiplexing several cryptographic devices together and can be combined with feedback FIFO memories in order to provide key agility and parallel secret key encryption. Throughput is also enhanced by constructing wide codebooks so that a block of data can be enciphered as a whole.
-
Citations
46 Claims
-
1. A method of encrypting a plurality M of plain text blocks, the method comprising the steps of:
-
providing a plurality N of memory locations, where M>
N and N>
1;storing precomputed pseudorandom vectors in each of the plurality of memory locations; and encrypting the ith plain text block, wherein M>
i>
N and wherein the step of encrypting the ith plain text block comprises the steps;a) performing a first function CT(i)=f(PT(i),PV(i-N)), where CT(i) is the ith cipher text block, PT(i) is the plain text block for iteration i, PV(i-N) is the pseudorandom vector calculated during iteration i-N and the first function, f( ), is a first encryption algorithm; b) calculating a new pseudorandom vector, wherein the step of calculating a new pseudorandom vector comprises the step of performing a second function PV(i)=g(PV(i-N))!g( ) on PV(i-N) to calculate PV(i), where PV(i) is the pseudorandom vector calculated during iteration i, PV(i-N) is the pseudorandom vector calculated during iteration i-N and the second function, g( ), is a second encryption algorithm; and c) storing the new pseudorandom vector in one of the N memory locations. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of encrypting a plain text block to form a cipher text block, the method comprising the steps of:
-
providing an encryption circuit having an output FIFO of depth N, where N>
1;storing N precomputed pseudorandom vectors in the output FIFO; performing a function CT=f(PT,PV), where CT is the cipher text block, PT is the plain text block encrypted, PV is the pseudorandom vector which was least recently stored in the output FIFO and f( ) is the encryption function; computing a new pseudorandom vector, wherein the step of computing a new pseudorandom vector comprises the step of performing a function g( ) on PV; and storing the new pseudorandom vector in the output FIFO. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
13. An encryption device, comprising:
-
a codebook module having an input, wherein the codebook module applies a secret key algorithm to data received at the input in order to produce pseudorandom vectors; an output FIFO module connected to the codebook module, wherein the output FIFO module comprises a first output FIFO memory having a depth N, where N>
1, wherein the first output FIFO memory stores pseudorandom vectors received from the codebook module and transmits the pseudorandom vectors received on a first in, first out basis; andan encryption module connected to the output FIFO module, wherein the encryption module includes encryption means for encrypting plain text as a function of the pseudorandom vectors stored in the output FIFO module in order to form cipher text, wherein the encryption module further includes transmission means for transmitting data to the codebook module to be used in generating pseudorandom vectors. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. An encryption device, comprising:
-
a codebook module, wherein the codebook module comprises a codebook input and a first codebook, the first codebook comprising; a plurality of encryption algorithm devices, wherein each encryption algorithm device applies a secret key cryptographic algorithm; a codebook input module connected to the codebook input and to the plurality of encryption algorithm devices, wherein the codebook input module distributes data received at the codebook input to the plurality of encryption algorithm devices according to a dispersion algorithm; a combiner module connected to the plurality of encryption algorithm devices, wherein the output combiner combines data received from the plurality of encryption algorithm devices to form pseudorandom vectors, wherein the combiner module includes means for forming at least one bit of the keystream as a function of data received from two or more of the plurality of encryption algorithm devices; an output memory module connected to the codebook module, wherein the output memory module comprises a first output FIFO memory of depth N, where N is an integer number greater than one, wherein the first output FIFO memory stores pseudorandom vectors received from the codebook module and transmits the pseudorandom vectors received on a first in, first out basis; and encryption means, connected to the output memory module, for combining the pseudorandom vectors stored in the output FIFO module with plain text to form cipher text, wherein the encryption means includes transmission means for generating data to be fed back into the codebook module. - View Dependent Claims (21, 22, 23, 24, 25, 26)
-
-
27. A method of encrypting a packet having a header and an M byte payload, the method comprising the steps of:
-
providing an encryption circuit including a memory connected to a codebook module, wherein the codebook module includes a plurality of encryption algorithm devices; storing a first M byte pseudorandom vector in the memory; encrypting the M byte payload with the first M byte wide pseudorandom vector read from the memory; generating an M byte keystream; and generating a second M byte wide pseudorandom vector, wherein the step of generating the second M byte wide pseudorandom vector comprises the steps of; a) distributing the M byte keystream across the plurality of encryption algorithm devices according to a dispersion algorithm; b) encrypting the distributed keystream with a secret key encryption algorithm; c) recombining the encrypted distributed keystream as a function of the dispersion algorithm to form the second M byte wide pseudorandom vector, wherein the step of recombining includes the step of forming at least one bit of the keystream as a function of data received from two or more of the plurality of encryption algorithm devices; and d) storing the second M byte wide pseudorandom vector in the memory. - View Dependent Claims (28)
-
-
29. A method of encrypting a plurality of packets, including a first and a second packet, wherein each of the plurality of packets include a header and an M byte payload, the method comprising the steps of:
-
providing an encryption circuit including a memory connected to a codebook module, wherein the codebook module includes a plurality of encryption algorithm devices; providing a plurality of M byte pseudorandom vectors, including a first and a second M byte pseudorandom vector; storing the plurality of M byte pseudorandom vectors in the memory; retrieving in successive order the plurality of M byte pseudorandom vectors; encrypting in the same successive order the M byte payloads of the plurality of packets; generating a plurality of M byte keystream; and generating a plurality of new M byte wide pseudorandom vectors, wherein the step of generating the plurality of new M byte wide pseudorandom vector comprises the steps of; a) distributing the plurality of M byte keystream across the plurality of encryption algorithm devices according to a dispersion algorithm; b) encrypting the distributed M byte keystream with a secret key encryption algorithm; c) recombining the encrypted distributed M byte keystream as a function of the dispersion algorithm to form the plurality of new M byte wide pseudorandom vectors, wherein the step of recombining includes the step of forming at least one bit of the pseudorandom vectors as a function of data received from two or more of the plurality of encryption algorithm devices; and d) storing the new M byte wide pseudorandom vectors in the memory. - View Dependent Claims (30)
-
-
31. An encryption device, comprising:
-
a ciphertext memory module for storing ciphertext; a codebook module, connected to the ciphertext memory module, wherein the codebook module comprises a first codebook, the first codebook comprising; a plurality of encryption algorithm devices; an input module connected to the ciphertext memory module and to the plurality of encryption algorithm devices, wherein the input module distributes the ciphertext received from the ciphertext memory module according to a dispersion algorithm; output means, connected to the plurality of encryption algorithm devices, for forming keystream by combining data received from the plurality of encryption algorithm devices according to the dispersion algorithm, wherein the output means includes means for forming at least one bit of the keystream as a function of data received from two or more of the plurality of encryption algorithm devices; a keystream memory module, connected to the output means, for storing keystream generated from the ciphertext; and encryption means, connected to the keystream memory module, for combining the keystream with plaintext to form ciphertext and for feeding the ciphertext back into the ciphertext memory module. - View Dependent Claims (32, 33, 34, 35)
-
-
36. A method of encrypting packets having a header and an N byte payload, the method comprising the steps of:
-
providing a ciphertext memory module for storing ciphertext; providing a codebook module, connected to the ciphertext memory module, wherein the codebook module comprises a first codebook, the first codebook comprising; a plurality of encryption algorithm devices; an input module connected to the ciphertext memory module and to the plurality of encryption algorithm devices, wherein the input module distributes the ciphertext received from the ciphertext memory module according to a dispersion algorithm; output means, connected to the plurality of encryption algorithm devices, for forming keystream by combining data received from the plurality of encryption algorithm devices according to the dispersion algorithm, wherein the output means includes means for forming at least one bit of the keystream as a function of data received from two or more of the plurality of encryption algorithm devices; providing a keystream memory module, connected to the output means, for storing keystream generated from the ciphertext; generating a first N byte wide keystream word; encrypting the N byte payload with the first N byte wide keystream word; storing the encrypted N byte payload in the ciphertext memory module; and generating a second N byte wide keystream word, wherein the step of generating the second N byte wide keystream word comprises the steps of; distributing the encrypted N byte payload across the plurality of encryption algorithm devices according to a dispersion algorithm; generating keystream data in the plurality of encryption algorithm devices as a function of the distributed payload; and recombining the keystream data as a function of the dispersion algorithm to form the second N byte wide keystream; and storing the second N byte wide keystream in the keystream memory module. - View Dependent Claims (37, 38, 39, 40)
-
-
41. A method of encrypting a plurality of packets, wherein each packet includes a header and an N byte payload, the method comprising the steps of:
-
a) providing a keystream memory; b) providing a plurality of encryption algorithm devices; c) providing a first keystream, wherein the first keystream includes a plurality of N byte keystream words, including a first and a second N byte keystream word; d) storing the plurality of N byte keystream words in the keystream memory; e) encrypting the payload of one of the plurality of packets with the first N byte keystream word; f) generating an N byte keystream word from the encrypted payload, wherein the step of generating comprises the steps of; distributing the encrypted payload across the plurality of encryption algorithm devices according to a dispersion algorithm; generating keystream data in the plurality of encryption algorithm devices as a function of the distributed encrypted payload; and recombining the keystream data as a function of the dispersion algorithm to form the N byte wide keystream word, wherein the step of recombining includes the step of forming at least one bit of the N byte wide keystream word as a function of data received from two or more of the plurality of encryption algorithm devices; g) storing the recombined N byte keystream word into the keystream memory; and h) repeating steps e-g for each packet of the plurality of packets. - View Dependent Claims (42, 43)
-
-
44. An encryption system, comprising:
-
a ciphertext memory module for storing a plurality of ciphertext, wherein the ciphertext memory module comprises a first ciphertext FIFO memory used to store first ciphertext from the plurality of ciphertext, wherein the first ciphertext FIFO memory has a depth sufficient to store at least two words of first ciphertext; an encryption algorithm device, connected to the ciphertext memory module, wherein the encryption algorithm device includes a keystream generator for generating first keystream from the first ciphertext; a keystream memory module, wherein the keystream memory module comprises a first keystream FIFO memory connected to the encryption algorithm device for storing the first keystream, wherein the first keystream FIFO memory has a depth sufficient to store at least two words of first keystream; and encryption means, connected to the keystream memory module, for combining the keystream with plaintext to form ciphertext and for feeding the ciphertext back into the ciphertext memory module. - View Dependent Claims (45, 46)
-
Specification