Block cipher method
DCFirst Claim
1. A method of encrypting an n-bit block of data, comprising:
- representing an n-bit block of data having at least 128 bits to first and second round segments of data; and
encrypting the n-bit block of data using a secret key and a block cipher comprising;
performing a plurality of encrypting rounds on said first and second round segments of data, at least five of said encrypting rounds comprising, modifying said first round segment of data with values from the first linear combining of first, second, and third variable segments, said first variable segment of at least 64 bits comprising at least 50 variable bits derived solely from said first round segment of data, said second variable segment of at least 64 bits comprising at least 50 variable bits from a first derivation from said second round segment of data, and said third variable segment comprising a value from a second derivation from at least 50 bits selected from a lookup table in response to at least a portion of the n-bit block of data, where said first linear combining is selected from a group consisting of either direct linear combination, indirect linear combination, and first bit-moving variable bits of a round segment of data derived from one of said first and second round segments of data by predetermined numbers of bits where most of the resulting bits affect the n-bit block of data, and where first bit-moving is an operation selected from a group consisting of circular bit-rotation by non-zero numbers of bits, logical bit-shift by non-zero numbers of bits, non-identity bit-permutation.
0 Assignments
Litigations
0 Petitions
Reexamination
Accused Products
Abstract
A data encryption system for encrypting an n-bit block of input in a plurality of rounds is presented, where n is preferably 128 bits or more. The data encryption system includes a computing unit for the execution of each round; memory for storing and loading segments; a bit-moving function capable of rotating, shifting, or bit-permute round segments by predetermined numbers of bits preferably to achieve active and effective fixed rotation; a linear combination function which provides new one-to-one round segments using a round operator generally from one algebraic group to combine two different one-to-one round segments taken from one one-to-one round segment set; and a nonlinear function which affects a one-to-one round segment from a particular one-to-one round segment set based on a value which depends on a preselected number of bits in a preselected location from a different one-to-one round segment from the same one-to-one round segment set. The nonlinear function is a variable rotation function or an s-box. A subkey combining function is generally employed in each round to provide new round segments by combining a round segment typically linearly with a subkey segment.
170 Citations
40 Claims
-
1. A method of encrypting an n-bit block of data, comprising:
-
representing an n-bit block of data having at least 128 bits to first and second round segments of data; and
encrypting the n-bit block of data using a secret key and a block cipher comprising;
performing a plurality of encrypting rounds on said first and second round segments of data, at least five of said encrypting rounds comprising, modifying said first round segment of data with values from the first linear combining of first, second, and third variable segments, said first variable segment of at least 64 bits comprising at least 50 variable bits derived solely from said first round segment of data, said second variable segment of at least 64 bits comprising at least 50 variable bits from a first derivation from said second round segment of data, and said third variable segment comprising a value from a second derivation from at least 50 bits selected from a lookup table in response to at least a portion of the n-bit block of data, where said first linear combining is selected from a group consisting of either direct linear combination, indirect linear combination, and first bit-moving variable bits of a round segment of data derived from one of said first and second round segments of data by predetermined numbers of bits where most of the resulting bits affect the n-bit block of data, and where first bit-moving is an operation selected from a group consisting of circular bit-rotation by non-zero numbers of bits, logical bit-shift by non-zero numbers of bits, non-identity bit-permutation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
modifying said second round segment of data with values from the second linear combining of fourth, fifth, and sixth variable segments, said fourth variable segment of at least 64 bits comprising at least 50 variable bits derived solely from said second round segment of data, said fifth variable segment of at least 64 bits comprising at least 50 variable bits from a third derivation from said first round segment of data, and said sixth variable segment comprising a value from a fourth derivation from at least 64 bits selected from a lookup table in response to at least a portion of the n-bit block of data, and where said second linear combining is selected from a group consisting of direct linear combination, indirect linear combination, and second bit-moving variable bits of a round segment of data derived from one of said first and second round segments of data by predetermined numbers of bits where most of the resulting bits affect the n-bit block of data, and where second bit-moving is an operation selected from a group consisting of circular bit-rotation by non-zero numbers of bits, logical bit-shift by non-zero numbers of bits, non-identity bit-permutation.
-
-
3. The method of encrypting of claim 2 wherein the third variable segment is selected from said lookup table in response to a portion of the second round segment of data, and the sixth variable segment is selected from said lookup table in response to a portion of said first round segment of data, and said first and second round segments of data contain in total at least (n−
- 20) bits of data, and the first derivation, second derivation, third derivation, and fourth derivation are each derivations solely from their input round segments.
-
4. The method of encrypting of claim 1 wherein said first linear combining comprises:
-
linearly combining said first variable segment and said second variable segment using a first linear operator; and
linearly combining said first variable segment and said third variable segment using a second linear operator, wherein the first linear operator and second linear operator are non-commutative with each other.
-
-
5. The method of encrypting of claim 1 wherein the sbox is optimized so that consecutive sections of 20 bits or fewer are guaranteed to have at least a 1 bit output difference for each input bit difference.
-
6. The method of encrypting of claim 1 wherein the sbox is optimized so that it has a guaranteed minimum number of bits of output difference given any input difference, where that number is greater than what would be expected by chance.
-
7. The method of encrypting of claim 3 wherein the first bit-moving and second bit-moving are selected from a group consisting of logical shifts by predetermined numbers of bits, circular bit-rotation by predetermined numbers of bits.
-
8. The method of encrypting of claim 7 wherein the first linear combining comprises:
-
linearly combining said first variable segment and said second variable segment using a first linear operator; and
linearly combining said first variable segment and said third variable segment using a second linear operator, wherein the first and second linear operator are non-commutative with each other.
-
-
9. The method of encrypting of claim 8 wherein the second linear combining comprises:
-
linearly combining said fourth variable segment with said fifth variable segment using a first linear operator; and
linearly combining said fourth variable segment with said sixth variable segment using a second linear operator, wherein the first and second linear operator are non-commutative with each other.
-
-
10. The method of encrypting of claim 9 wherein the first linear operator is exclusive-OR and the second linear operator is from a group consisting of SIMD addition, SIMD subtraction.
-
11. A binary block cipher data transformation system for changing ordered n-bit cipher input into ordered n-bit cipher output using a secret key, wherein an n-bit block of data is represented by first and second round segments of data, each round segment having n/2 bits, wherein is at least 128 bits, and there are at least 5 rounds, each round comprising,
a) a computing unit for executing the operation of each particular round; -
b) memory for loading and storing round segments;
c) a bit-moving function, which is executed on the computing unit in each round where each time it is executed does a preselected operation on bits of a round segment from the group consisting of circular bit-rotation by non-zero numbers of bits, logical bit-shift by non-zero numbers of bits, non-identity bit-permutation, and has an input which is a variable segment and an output which is a variable round segment, and at least 75 percent of its output bits affect the n-bit round output;
d) an sbox function, which is executed on the computing unit in each round where each time it is executed uses an input of a number of variable bits dependent on at least a portion of the n-bit block of data to select an sbox output segment of at least 64 bits from a lookup table, and substantially all of the bits of the sbox output segment affect n-bit round output; and
e) a linear combination function, which is executed on the computing unit in each round where each time it is executed directly combines a first variable round segment with a second variable round segment, where at least 75 percent of the bits of said first variable round segment are variable bits, where at least 75 percent of the bits of said second variable round segment are variable bits, to produce an output which is a variable round segment where at least 75 percent of its output bits affect the n-bit round output, where the linear function is preselected from a group consisting of exclusive-OR, addition, subtraction, SIMD addition, SIMD subtraction, and where the sizes of the input and output segments of the linear combination function are at least 64 bits. - View Dependent Claims (12, 13, 14)
-
-
15. A method of key expansion for block ciphers, which use data dependent rotation of round segments in at least three rounds where in each said block cipher round the number of bits of variable rotation of one round segment depends on some portion of another different round segment, comprising:
-
performing a plurality of expansion rounds on key segments to generate subkeys, comprising linearly combining variable key-dependent segments with predetermined values to generate other segments, where said other segments are in a group of near-to-final results consisting of intermediate values used to generate subkey segments, final subkey segments, and where use of all mathematical operators used in the expansion rounds are minimized so that the operator ratio, which is the ratio of the total number of bits produced by said mathematical operators to the total number of subkey bits produced, is less than 3.5 to 1. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A binary block cipher data transformation system for changing ordered variable n-bit cipher input into ordered variable n-bit cipher output using a secret key, wherein an n-bit block of data is represented by x round segments of data, where x is between 2 and 8, and there are at least 5 rounds, each round comprising,
a) a computing unit for executing the operation of each particular round; -
b) memory for loading and storing round segments;
c) a bit-moving function, which is executed on the computing unit in each round where each time it is executed does a preselected operation on bits of a round segment from the group consisting of circular bit-rotation by non-zero numbers of bits, logical bit-shift by non-zero numbers of bits, non-identity bit-permutation, and has an input which is a variable round segment and an output which is a variable round segment where there are some bits of the output of the bit-moving function which can affect the n-bit round output;
d) a variable rotation function, which is executed on the computing unit in each said round where each time it is executed rotates the bits of a first round segment by a value dependent on a preselected number of bits in a preselected location of bits in a second round segment, and has an output which is a round segment and substantially all of the resulting bits affect the n-bit round output; and
e) a linear combination function, which is executed on the computing unit in each said round where each time it is executed combines one variable round segment with another variable round segment to produce a variable round segment where most of the resulting bits affect the n-bit round output, where one of the variable round segment inputs of the linear combination function is of substantially the same bit-size as the resulting output bits. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A method of encrypting an n-bit block of data, comprising:
-
representing an n-bit block of data by a number x of round segments between two and four, where the potential round segments are called a first round segment, second round segment, third round segment, and fourth round segment; and
encrypting using a secret key and block cipher, said block cipher comprising, performing a plurality of encrypting rounds on said first and second round segments of data, at least five of said encrypting rounds comprising, modifying said first round segment of data with output of a first linear combining of first and second variable segments, the first variable segment having a derivation solely from substantially all the variable bits of said first round segment of data, the second variable segment having a first derivation from a most of the bits of a first particular round segment of data, where said linear combining is selected from a group consisting of direct linear combination, indirect linear combination, variably rotating said first round segment of data by a number of variable bits dependent on at least a portion of the n-bit block of data, and bit-moving a second particular round segment of data having a second derivation from selected from one of the first, second, third, and fourth round segments of data by a predetermined bit-moving operation selected from the group consisting of circular bit-rotation by non-zero numbers of bits, logical bit-shifts by non-zero numbers of bits, nonidentity bit-permutation, where there are some output bits of the bit-moving operation which can affect the n-bit round output. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification