Secure, swift cryptographic key exchange
First Claim
1. In a protocol for cryptographic communication via a communication channel "I" in which a transmitting cryptographic unit "T" broadcasts onto the communication channel I an encrypted cyphertext message "M" obtained by supplying both a plaintext message "P" and a cryptographic key "K" to a first cryptographic device, and in which a receiving cryptographic unit "R" receives the broadcast cyphertext message M and by supplying the cyphertext message M together with the key K to a second cryptographic device decrypts the plaintext message P therefrom, a method by which the units T and R mutually establish a cryptographic key K by first exchanging messages before the unit T broadcasts the cyphertext message M comprising the steps of:
- a. at a first of the units T or R;
i. selecting a first quantity "A" and a second quantity "B;
"ii. using a first mathematical function "Φ
1 " and the quantities A and B, computing a third quantity "C"=Φ
1 (A, B), the quantities A and B and the function Φ
1 being such that knowing one or the other of the selected quantities A or B, the computed quantity C, and the function Φ
1, there does not exist an inverse function Φ
1 that may be used for directly computing the unknown quantity A or B;
iii. transmitting the selected quantity A together with the quantity C from the first unit T or R to a second unit R or T; and
iv. retaining at the first unit T or R the selected quantity B;
b. at the second unit R or T;
i. receiving the quantities A and C transmitted by the first unit T or R;
ii. selecting a fourth quantity "D;
"iii. using a second mathematical function "Φ
2 " and the received quantity A together with the selected quantity D, computing a fifth quantity "E"=Φ
2 (A, D), the quantities A and D and the function Φ
2 being such that knowing one or the other of the selected quantities A or D, the computed quantity E, and the function Φ
2, there does not exist an inverse function Φ
2 that may be used for directly computing the unknown quantity A or D;
iv. transmitting the computed quantity E from the second unit R or T to the first unit T or R;
v. retaining at the second unit R or T the selected quantity D; and
vi. using a third mathematical function "Ψ
2 " and the retained quantity D together with the received quantity C, computing the key K=Ψ
2 (D, C)=Ψ
2 (D, Φ
1 {A, B}); and
c. at the first unit T or R;
i. receiving the quantity E transmitted by the unit R or T; and
ii. using a fourth mathematical function "Ψ
1 " and the retained quantity B together with the received quantity E, computing the key K=Ψ
1 (B, E)=Ψ
1 (B, Φ
2 {A, D})=Ψ
2 (D, Φ
1 {A, B}).
1 Assignment
0 Petitions
Accused Products
Abstract
Using the present cryptographic key exchange protocol, a first of two cryptographic units selects quantities "A" and "B." That same unit then applies a mathematical function "Φ1 " to A and B to compute a third quantity "C.". A and B and the function Φ1 posses the property that knowing A or B, and C, and the function Φ1, it is mathematically impossible to compute the unknown quantity B or A. The first unit then transmits A together C to the second unit while retaining B. The second unit selects a fourth quantity "D" and then applies a second mathematical function Φ2 to A and D to compute a quantity "E" which the second unit transmits to the first unit while retaining D. The quantities A and D and the function Φ2 must posses the property that knowing D and E, and the function Φ2, it is mathematically impossible to compute the unknown quantity D. Then the second unit applies a third mathematical function "Ψ2 " to D and C to compute the key "K." The first unit upon receiving the quantity E then applies a fourth mathematical function Ψ1 to B and E to also compute the key K.
-
Citations
47 Claims
-
1. In a protocol for cryptographic communication via a communication channel "I" in which a transmitting cryptographic unit "T" broadcasts onto the communication channel I an encrypted cyphertext message "M" obtained by supplying both a plaintext message "P" and a cryptographic key "K" to a first cryptographic device, and in which a receiving cryptographic unit "R" receives the broadcast cyphertext message M and by supplying the cyphertext message M together with the key K to a second cryptographic device decrypts the plaintext message P therefrom, a method by which the units T and R mutually establish a cryptographic key K by first exchanging messages before the unit T broadcasts the cyphertext message M comprising the steps of:
-
a. at a first of the units T or R; i. selecting a first quantity "A" and a second quantity "B;
"ii. using a first mathematical function "Φ
1 " and the quantities A and B, computing a third quantity "C"=Φ
1 (A, B), the quantities A and B and the function Φ
1 being such that knowing one or the other of the selected quantities A or B, the computed quantity C, and the function Φ
1, there does not exist an inverse function Φ
1 that may be used for directly computing the unknown quantity A or B;iii. transmitting the selected quantity A together with the quantity C from the first unit T or R to a second unit R or T; and iv. retaining at the first unit T or R the selected quantity B; b. at the second unit R or T; i. receiving the quantities A and C transmitted by the first unit T or R; ii. selecting a fourth quantity "D;
"iii. using a second mathematical function "Φ
2 " and the received quantity A together with the selected quantity D, computing a fifth quantity "E"=Φ
2 (A, D), the quantities A and D and the function Φ
2 being such that knowing one or the other of the selected quantities A or D, the computed quantity E, and the function Φ
2, there does not exist an inverse function Φ
2 that may be used for directly computing the unknown quantity A or D;iv. transmitting the computed quantity E from the second unit R or T to the first unit T or R; v. retaining at the second unit R or T the selected quantity D; and vi. using a third mathematical function "Ψ
2 " and the retained quantity D together with the received quantity C, computing the key K=Ψ
2 (D, C)=Ψ
2 (D, Φ
1 {A, B}); andc. at the first unit T or R; i. receiving the quantity E transmitted by the unit R or T; and ii. using a fourth mathematical function "Ψ
1 " and the retained quantity B together with the received quantity E, computing the key K=Ψ
1 (B, E)=Ψ
1 (B, Φ
2 {A, D})=Ψ
2 (D, Φ
1 {A, B}). - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A cryptographic system adapted for cryptographic communication comprising:
-
a. a communication channel "I" adapted for transmission of an encrypted cyphertext message "M;
"b. a pair of transceivers that are coupled to said communication channel I, and that are adapted for communicating the cyphertext message M from one transceiver to another transceiver via said communication channel I; and c. a pair of cryptographic units, each cryptographic unit including; i. a quantity source for selecting one or more quantities to be used in establishing a cryptographic key "K" prior to communicating the cyphertext message M, and for transmitting such selected quantities from a quantity output port of the quantity source; ii. a key generator having a quantity input port for accepting one or more quantities selected by the quantity source, the key generator employing such quantities in establishing the key K which the key generator transmits from a key output port; and iii. a cryptographic device having; (1) a key input port for receiving the key K from the key generator; (2) a plaintext port adapted either for accepting a plaintext message "P" for encryption into the cyphertext message M and transmission from the cryptographic device, or for delivering a plaintext message P obtained by decryption of the cyphertext message M received by the cryptographic device; and (3) a cyphertext port adapted either for transmitting the cyphertext message M to one of said transceivers, or for receiving the cyphertext message M from such transceiver, the key generators of said cryptographic units collaboratively establishing the key K by; a. the key generator of a first of the cryptographic units; i. using a first mathematical function "Φ
1 " together with a first quantity "A" and a second quantity "B," that are selected by the quantity source of the first cryptographic unit, to compute a third quantity "C"=Φ
1 (A, B), the quantities A and B and the function Φ
1 being such that knowing one or the other of the selected quantities A or B, the quantity C, and the function Φ
1, there does not exist an inverse function Φ
1 that may be used for directly computing the unknown quantity A or B;ii. transmitting the selected quantity A together with the quantity C from the key generator of said first cryptographic unit to the key generator of a second cryptographic unit; and iii. retaining at the first cryptographic unit the quantity B; b. the key generator of said second cryptographic unit; i. using a second mathematical function "Φ
2 " together with the selected quantity A received from the first cryptographic unit and a fourth quantity "D," that is selected by the quantity source of said second cryptographic unit, to compute a fifth quantity "E"=Φ
2 (A, D), the quantities A and D and the function Φ
2 being such that knowing one or the other of the selected quantities A or D, the computed quantity E, and the function Φ
2, there does not exist an inverse function Φ
2 that may be used for directly computing the unknown quantity A or D;ii. transmitting the computed quantity E from the key generator of said second cryptographic unit to the key generator of said first cryptographic unit; iii. retaining at the second cryptographic unit the selected quantity D; and iv. using a third mathematical function "Ψ
2 " and the retained quantity D together with the received quantity C to compute the key K=Ψ
2 (D, C)=Ψ
2 (D, Φ
1 {A, B}); andc. the key generator of said first cryptographic unit; i. using a fourth mathematical function "Ψ
1 " and the retained quantity B together with the received quantity E to compute the key K=Ψ
1 (B, E)=Ψ
1 (B, Φ
2 {A, D})=Ψ
2 (D, Φ
1 {A, B}). - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A cryptographic unit adapted for inclusion into a cryptographic system that performs cryptographic communication, the cryptographic system including:
-
a. a communication channel "I" adapted for transmission of an encrypted cyphertext message "M;
" andb. a pair of transceivers that are coupled to said communication channel I, and that are adapted for communicating the cyphertext message M from one transceiver to another transceiver via said communication channel I, said cryptographic unit comprising; a. a quantity source for selecting one or more quantities to be used in establishing a cryptographic key "K" prior to communicating the cyphertext message M, and for transmitting such selected quantities from a quantity output port of the quantity source; b. a key generator having a quantity input port for accepting one or more quantities selected by the quantity source, the key generator employing such quantities in establishing the key K which the key generator transmits from a key output port; and c. a cryptographic device having; i. a key input port for receiving the key K from the key generator; ii. a plaintext port adapted either for accepting a plaintext message "P" for encryption into the cyphertext message M and transmission from the cryptographic device, or for delivering a plaintext message P obtained by decryption of the cyphertext message M received by the cryptographic device; and iii. a cyphertext port adapted either for transmitting the cyphertext message M to one of the transceivers, or for receiving the cyphertext message M from such transceiver, the key generator of said cryptographic unit being adapted for establishing the key K collaboratively by communicating with a second cryptographic unit included in the cryptographic system by; a. using a first mathematical function "Φ
1 " together with a first quantity "A" and a second quantity "B," that are selected by the quantity source of said cryptographic unit, in computing a third quantity "C"=Φ
1 (A, B), the quantities A and B and the function Φ
1 being such that knowing one or the other of the selected quantities A or B, the quantity C, and the function Φ
1, there does not exist an inverse function Φ
1 that may be used for directly computing the unknown quantity A or B;b. transmitting the quantity A together with the quantity C from the key generator of said cryptographic unit to the second cryptographic unit; and c. retaining at the first cryptographic unit the quantity B; d. receiving from the second cryptographic unit a fourth quantity "E" that has been obtained by computationally evaluating a second mathematical function "Φ
2," the function Φ
2 being such that knowing the quantity E, the function Φ
2, and all but one of the variables used in evaluating the function Φ
2, there does not exist an inverse function Φ
2 that may be used for directly computing the unknown variable; ande. using a third mathematical function "Ψ
1 " and the retained quantity B together with the received quantity E to compute the key K=Ψ
1 (B, E). - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A cryptographic unit adapted for inclusion into a cryptographic system that performs cryptographic communication, the cryptographic system including:
-
a. a communication channel "I" adapted for transmission of an encrypted cyphertext message "M;
" andb. a pair of transceivers that are coupled to the communication channel I, and that are adapted for communicating the cyphertext message M from one transceiver to another transceiver via the communication channel I, said cryptographic unit comprising; a. a quantity source for selecting one or more quantities to be used in establishing a cryptographic key "K" prior to communicating the cyphertext message M, and for transmitting such selected quantities from a quantity output port of the quantity source; b. a key generator having a quantity input port for accepting one or more quantities selected by the quantity source, the key generator employing such quantities in establishing the key K which the key generator transmits from a key output port; and c. a cryptographic device having; i. a key input port for receiving the key K from the key generator; ii. a plaintext port adapted either for accepting a plaintext message "P" for encryption into the cyphertext message M and transmission from the cryptographic device, or for delivering a plaintext message P obtained by decryption of the cyphertext message M received by the cryptographic device; and iii. a cyphertext port adapted either for transmitting the cyphertext message M to one of the transceivers, or for receiving the cyphertext message M from such transceiver, the key generator of said cryptographic unit being adapted for establishing the key K collaboratively by communicating with a second cryptographic unit included in the cryptographic system by; a. receiving from the second cryptographic unit a first quantity "C" that has been obtained by computationally evaluating a first mathematical function "Φ
1," the function Φ
1 being such that knowing the quantity C, the function Φ
1, and all but one of the variables used in evaluating the function Φ
1, there does not exist an inverse function Φ
1 that may be used for directly computing the unknown variable; andb. using a second mathematical function "Ψ
2 " together with the quantity C, that said key generator receives from the second cryptographic unit, and a second quantity "D," that is selected by the quantity source included in the second cryptographic unit, the key generator computes the key K=Ψ
2 (D, C). - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
-
28. A key generator adapted for inclusion into a cryptographic unit that is adapted for inclusion into a cryptographic system that performs cryptographic communication, the cryptographic system including:
-
a. a communication channel "I" adapted for transmission of an encrypted cyphertext message "M;
" andb. a pair of transceivers that are coupled to the communication channel I, and that are adapted for communicating the cyphertext message M from one transceiver to another transceiver via the communication channel I, and c. a pair of cryptographic units, each cryptographic unit including a cryptographic device having; i. a key input port for receiving a cryptographic key "K" prior to communicating the cyphertext message M; ii. a plaintext port adapted either for accepting a plaintext message "P" for encryption into the cyphertext message M and transmission from the cryptographic device, or for delivering a plaintext message P obtained by decryption of the cyphertext message M received by the cryptographic device; and iii. a cyphertext port adapted either for transmitting the cyphertext message M to one of the transceivers, or for receiving the cyphertext message M from such transceiver, the key generator adapted for inclusion into at least one of the cryptographic units comprising; a. a quantity input port for accepting one or more quantities to be used by the key generator in establishing the key K; b. a key output port from which the key generator transmits the key K to the key input port of the cryptographic device included in the cryptographic unit that includes the key generator; the key generator of the cryptographic unit being adapted for establishing the key K collaboratively by communicating with a second cryptographic unit included in the cryptographic system by; a. receiving from the second cryptographic unit a first quantity "C" that has been obtained by computationally evaluating a first mathematical function "Φ
1," the function Φ
1 being such that knowing the quantity C, the function Φ
1, and all but one of the variables used in evaluating the function Φ
1, there does not exist an inverse function Φ
1 that may be used for directly computing the unknown variable; andb. using a second mathematical function "Ψ
2 " together with the quantity C, that the key generator receives from the second cryptographic unit, and a second quantity "D," that is supplied to the quantity input port of the key generator, the key generator computes the key K=Ψ
2 (D, C). - View Dependent Claims (29, 30, 31, 32, 33, 34, 35)
-
-
36. In a protocol for cryptographic communication via a communication channel "I" in which a transmitting cryptographic unit "T" broadcasts onto the communication channel I an encrypted cyphertext message "M" obtained by supplying both a plaintext message "P" and a cryptographic key "K" to a first cryptographic device, and in which a receiving cryptographic unit "R" receives the broadcast cyphertext message M and by supplying the cyphertext message M together with the key K to a second cryptographic device decrypts the plaintext message P therefrom, a method by which the units T and R mutually establish a cryptographic key K by first exchanging messages before the unit T broadcasts the cyphertext message M comprising the steps of:
-
a. at a first of the units T or R; i. selecting a first quantity "B;
"ii. using a first mathematical function "Φ
" together with the selected quantity B, computing a second quantity "C"=Φ
(B), the function Φ
being such that knowing the quantity C and the function Φ
, there does not exist an inverse function of function Φ
that may be used for directly computing quantity B;iii. transmitting the quantity C from the first unit T or R to a second unit R or T; and iv. retaining at the first unit T or R the quantity B; b. at the second unit R or T; i. selecting a third quantity "D;
"ii. using the first mathematical function Φ
together with the selected quantity D, computing a fourth quantity "E"=Φ
(D), the function Φ
being such that knowing the quantity E and the function Φ
, there does not exist an inverse function of function Φ
that may be used for directly computing quantity D;iii. transmitting the computed quantity E from the second unit R or T to the first unit T or R; iv. retaining at the first unit R or T the quantity D; V. receiving the quantity C transmitted by the first unit T or R; and vi. using a second mathematical function "Ψ
" together with the quantity D and the received quantity C, computing the key K=Ψ
(D, C); andc. at the first unit T or R; i. receiving the quantity E transmitted by the unit R or T; and ii. using the second mathematical function Ψ and
the retained quantity B together with the received quantity E, computing the key K=Ψ
(B, E)=Ψ
(D, C). - View Dependent Claims (37, 38, 39, 40, 41, 42)
-
-
43. In a protocol for cryptographic communication via a communication channel "I" in which a transmitting cryptographic unit "T" broadcasts onto the communication channel I an encrypted cyphertext message "M" obtained by supplying both a plaintext message "P" and a cryptographic key "K" to a first cryptographic device, and in which a receiving cryptographic unit "R" receives the broadcast cyphertext message M and by supplying the cyphertext message M together with the key K to a second cryptographic device decrypts the plaintext message P therefrom, a method by which the units T and R mutually establish a cryptographic key K by first exchanging messages before the unit T broadcasts the cyphertext message M comprising the steps of:
-
a. at a first of the units T or R; i. selecting a first quantity "A" and a second quantity "B;
"ii. using a first mathematical function "Φ
1 " together with the selected quantities A and B, computing a second quantity "C"=Φ
1 (A, B), the function Φ
being such that knowing the quantity C and the function Φ
1, there does not exist an inverse function of Φ
1 that may be used for directly computing the quantities A or B;iii. transmitting the quantity C from the first unit T or R to a second unit R or T; and iv. retaining at the first unit T or R the quantities A and B; b. at the second unit R or T; i. selecting a third quantity "D;
"ii. using a second mathematical function "Φ
2 " together with the selected quantity D, computing a fourth quantity "E"=Φ
2 (D), the function Φ
2 being such that knowing the quantity E and the function Φ
2, there does not exist an inverse function of Φ
2 that may be used for directly computing quantity D;iii. transmitting the computed quantity E from the second unit R or T to the first unit T or R; iv. retaining at the first unit R or T the quantity D; v. receiving the quantity C transmitted by the first unit T or R; and vi. using a third mathematical function "Ψ
2 " and the retained quantity D together with the received quantity C, computing the key K=Ψ
2 (D, C)=Ψ
2 (D, Φ
1 {A, B}); andc. at the first unit T or R; i. receiving the quantity E transmitted by the unit R or T; and ii. using a fourth mathematical function "Ψ
1 " and the retained quantities A and B together with the received quantity E, computing the key K=Ψ
(A, B, E)=Ψ
(D, C). - View Dependent Claims (44, 45, 46, 47)
-
Specification