Block cipher method
DCFirst Claim
1. A method of enciphering plaintext in a block cipher, said enciphering using a secret key, said method comprising:
- processing round segments in a plurality of rounds of said block cipher, said plurality of rounds including a plurality of bit-moving rounds, each of said bit-moving rounds transforming input primary segments having a total of n bits of data into out-put primary segments having a total of n bits of data, each of said input primary segments originating directly or indirectly from said plaintext, each of said round segments of each said bit-moving round comprising a segment which originates from at least one of said input primary segments of said bit-moving round, each output primary segment of each said bit-moving round being equal to one of said round segments of said bit-moving round, said processing round segments in each of said bit-moving rounds comprising, predetermined bit-moving at least one present bit-value in a present bit-position of one of said round segments of said bit-moving round to determine a bit-value in an other bit-position of one of said round segments of said bit-moving round, said present bit-position being different than said other bit-position, variable bit-moving bits of one of said round segments of said bit-moving round by a number of bits dependent on a value from data of one of said round segments of said bit-moving round, and wherein each of said segments is an ordered set of bits.
0 Assignments
Litigations
0 Petitions
Reexamination
Accused Products
Abstract
A data encryption system for encrypting an n-bit block of input in a plurality of rounds is presented, where n is preferably 128 bits or more. The data encryption system includes a computing unit for the execution of each round; memory for storing and loading segments; a bit-moving function capable of rotating, shifting, or bit-permute round segments by predetermined numbers of bits preferably to achieve active and effective fixed rotation; a linear combination function which provides new one-to-one round segments using a round operator generally from one algebraic group to combine two different one-to-one round segments taken from one one-to-one round segment set; and a nonlinear function which affects a one-to-one round segment from a particular one-to-one round segment set based on a value which depends on a preselected number of bits in a preselected location from a different one-to-one round segment from the same one-to-one round segment set. The nonlinear function is a variable rotation function or an s-box. A subkey combining function is generally employed in each round to provide new round segments by combining a round segment typically linearly with a subkey segment.
-
Citations
248 Claims
-
1. A method of enciphering plaintext in a block cipher, said enciphering using a secret key, said method comprising:
-
processing round segments in a plurality of rounds of said block cipher, said plurality of rounds including a plurality of bit-moving rounds, each of said bit-moving rounds transforming input primary segments having a total of n bits of data into out-put primary segments having a total of n bits of data, each of said input primary segments originating directly or indirectly from said plaintext, each of said round segments of each said bit-moving round comprising a segment which originates from at least one of said input primary segments of said bit-moving round, each output primary segment of each said bit-moving round being equal to one of said round segments of said bit-moving round, said processing round segments in each of said bit-moving rounds comprising, predetermined bit-moving at least one present bit-value in a present bit-position of one of said round segments of said bit-moving round to determine a bit-value in an other bit-position of one of said round segments of said bit-moving round, said present bit-position being different than said other bit-position, variable bit-moving bits of one of said round segments of said bit-moving round by a number of bits dependent on a value from data of one of said round segments of said bit-moving round, and wherein each of said segments is an ordered set of bits. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61)
combining two of said round segments in said bit-moving round using a linear mathematical operator.
-
-
39. The method of claim 38 wherein said bit -moving round includes one of said primary segments having a value which is a one-to-one function of a prior value of said one of said primary segments.
-
40. The method of claim 38 wherein said predetermined bit-moving comprises moving said at least one present bit-value in said present bin-position of said one of said round segments to determine said bit-value in a same said round segment.
-
41. The method of claim 38 wherein said input primary segments of one of said bit-moving rounds is said output primary segments of a previous one of said bit-moving rounds.
-
42. The method of claim 38 wherein said linear operator comprises addition, subtraction, exclusive-OR, SIMD addition, or SIMD subtraction.
-
43. The method of claim 38 wherein said variable bit-moving comprises variable bit-shifting said bits of one of said round segments of said bit-moving round by a number of bits dependent on said value from a selected number of bits of data in selected locations of one of said round segments in said bit-moving round.
-
44. The method of claim 43 wherein said linear operator comprises addition, subtraction, exclusive-OR, SIMD addition, or SIMD subtraction.
-
45. The method of claim 38 wherein said variable bit-moving comprises variable circular bit- rotating said bits of one of said round segments of said bit moving round by a number of bits dependent on said value from a selected number of bits of data in selected locations of one of said round segments of said bit-moving round.
-
46. The method of claim 45 wherein said variable circular bit-rotating said bits of one of said round segments comprises variably circular bit-rotating said bits of one of said round segments having a bit-size where a log base 2 of said bit-size equals said selected number of bits of data.
-
47. The method of claim 45 wherein said output primary segments have a bit-size of 32 bits or 64 bits.
-
48. The method of claim 45 wherein at least one of said output primary segments of each said bit-moving round is affected directly or indirectly by each of ad predetermined bit-moving of said bit-moving round, said variable circular bit-rotating of said bit-moving round, and said combining of said bit-moving round.
-
49. The method of claim 48 wherein said linear operator comprises addition, subtraction, exclusive-OR, SIMD addition, or SIMD subtraction.
-
50. The method of claim 49 wherein said predetermined bit-moving comprises predetermined bit-rotating.
-
51. The method of claim 45 wherein said processing round segments in each of said bit-moving rounds further comprises a plurality of said predetermined bit-moving steps, a plurality of said variable circular bit-moving steps, and a plurality of said combining steps, each of said output primary segments of each said bit-moving round is affected directly or indirectly by each of at least one of said predetermined bit-moving steps of said bit-moving round, at least one of said variable circular bit-rotating steps of said bit-moving round, and at least one of said combining steps of said bit-moving, round.
-
52. The method of claim 51 wherein said linear operator comprises addition, subtraction, exclusive-OR, SIMD addition, or SIMD subtraction.
-
53. The method of claim 52 wherein said predetermined bit-moving comprises predetermined bit-rotating.
-
54. The method of claim 45 wherein said predetermined bit-moving comprises predetermined bit-rotating.
-
55. The method of claim 45 wherein said one present bit-value in said present bit-position solely determines said bit-value in said other bit-position.
-
56. The method of claim 45 wherein said predetermined bit-moving comprises predetermined circular bit-rotating, predetermined bit-shifting or predetermined bit-permuting.
-
57. The method of claim 45 wherein said variable circular bit-rotating includes said predetermined bit-moving.
-
58. The method of claim 45 wherein said value of said variable circular bit-rotating is from said selected locations which are preselected least significant bits of said bits of data of one of said round segments of said bit-moving round.
-
59. The method of claim 45 wherein said linear operator comprises addition, subtraction, exclusive-OR, SIMD addition, or SIMD subtraction.
-
60. The method of claim 45 wherein said output primary segments of one of said rounds result directly or indirectly in ciphertext, such that said plaintext can be decrypted from said ciphertext.
-
61. The method of any of claims 38 to 40 wherein said plurality of bit-moving rounds comprises at least five said bit-moving rounds.
-
62. A method of enciphering plaintext inputted to a block cipher, said plaintext having n bits of data, said enciphering using a secret key, said method comprising:
-
processing round segments in a plurality of rounds of said block cipher, said plurality of rounds including a plurality of bit-moving rounds, each of said round segments in said bit-moving rounds comprising a segment in said bit-moving rounds which originates from said plaintext directly or through a present or previous one of said rounds, said processing round segments in each of said bit-moving rounds comprising, predetermined bit-moving at least one present bit-value in a present bit-position of one of said round segments of said bit-moving round to determine a bit-value in an other bit-position of one of said round segments of said bit-moving round, said present bit-position being different than said other bit-position, variable bit-moving bits of one of said round segments of said bit-moving round by a number of bits dependent on a value from data of one of said round segments of said bit-moving round, and wherein each of said segments comprises an ordered set of bits. - View Dependent Claims (63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94)
combining two of said round segments in said bit-moving round using a linear mathematical operator.
-
-
79. The method of claim 78 wherein said predetermined bit-moving comprises moving said at least one present bit-value in said present bit-position of said one of said round segments to determine said bit-value in a same said round segment.
-
80. The method of claim 78 wherein said variable bit-moving comprises variable circular bit-rotating said bits of one of said round segments of said bit moving round by a number of bits dependent on said value from a selected number of bits of data in selected locations of one of said round segments of said bit-moving round.
-
81. The method of claim 80 wherein said predetermined bit-moving comprises predetermined bit-rotating.
-
82. The method of claim 80 wherein said one present bit-value in said present bit-position solely determines said bit-value in said other bit-position.
-
83. The method of claim 80 wherein said variable circular bit-rotating includes said predetermined bit-moving.
-
84. The method of claim 80 wherein said value of said variable circular bit-rotating is from said selected locations which are preselected least significant bits of said bits of data of one of said round segments of said bit-moving round.
-
85. The method of claim 80 wherein said predetermined bit-moving affects which bits affect said value of said variable circular bit-rotating.
-
86. The method of claim 80 wherein said linear operator comprises addition, subtraction, exclusive-OR, SIMD addition, or SIMD subtraction.
-
87. The method of claim 78 wherein said variable bit-moving comprises variable bit-shifting said bits of one of said round segments of said bit-moving round by a number of bits dependent on said value from a selected number of bits of data in selected locations of one of said round segments of said bit-moving round.
-
88. The method of claim 87 wherein said predetermined bit-moving comprises predetermined bit-rotating.
-
89. The method of claim 87 wherein said one present bit-value in said present bit-position solely determines said bit-value in said other bit-position.
-
90. The method of claim 87 wherein said variable bit-shifting includes said predetermined bit-moving.
-
91. The method of claim 87 wherein said value of said variable bit-shifting is from said selected locations which are preselected least significant bits of said bits of data of one of said round segments of said bit-moving round.
-
92. The method of claim 87 wherein said predetermined bit-moving affects which bits affect said value which determines said number of bits of said variable bit-shifting.
-
93. The method of claim 87 wherein said linear operator comprises addition, subtraction, exclusive-OR, SIMD addition, or SIMD subtraction.
-
94. The method of any of claims 78 to 93 wherein said plurality of bit-moving rounds comprises at least five of said bit-moving rounds.
-
95. A binary block cipher system for enciphering plaintext in a block cipher, said enciphering using a secret key, said system comprising:
-
memory registers for storing segments;
a computing unit for executing a plurality of rounds of said block cipher, said plurality of rounds including a plurality of bit-moving rounds, each of said bit-moving rounds transforming input primary segments having a total of n bits of data into output primary segments having a total of n bits of data, each of said input primary segments originating directly or indirectly from said plaintext, each of said bit-moving rounds including round segments each of which comprise a segment which originates from at least one of said input primary segments of said bit-moving round, each output primary segment of each said bit-moving round being equal to one of said round segments of said bit-moving round;
a variable bit-moving function executed on said computing unit in each of said bit-moving rounds, said variable bit-moving function moving bits of one of said memory registers having one of said round segments stored therein by a number of bits dependent on a value from data of one of said memory registers having one of said round segments stored therein;
a predetermined bit-moving function executed on said computing unit in each of said bit-moving rounds, said predetermined bit-moving function moving at least one present bit-value in a present bit-position of one of said round segments to determine a bit-value in an other bit-position of one of said round segments of said bit-moving round, said present bit-position being different than said other bit-position; and
wherein each of said segments is an ordered set of bits. - View Dependent Claims (96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112)
a combining function executed on said computing unit in each of said bit-moving rounds, said combining function combining two of said memory registers, each of said memory registers having one of said round segments stored therein, using a linear mathematical operator.
-
-
105. The binary block cipher system of claim 104 wherein one of said bit moving rounds includes one of said primary segments having a value that is a one-to-one function of a prior value of one of said primary segments.
-
106. The binary block cipher system of claim 104 wherein said predetermined bit-moving function moves said at least one present bit-value in said present bit-position of said one of said round segments to determine said bit-value in a same said round segment.
-
107. The binary block cipher system of claim 104 wherein said variable bit-moving function comprises a variable circular bit-rotating function moving bits of one of said memory registers having one of said round segments stored therein by a number of bits dependent on said value from a selected number of bits of data in selected locations of one of said memory registers having one of said round segments stored therein.
-
108. The binary block cipher system of claim 104 wherein said predetermined bit-moving function affects which bits affect said value of said variable circular bit-rotating function, and at least one of said output primary segments originating from said memory register having said round segment stored therein which has been rotated by said variable circular bit-rotating function.
-
109. The binary block cipher system of claim 108 wherein said predetermined bit-moving function comprises a predetermined bit-rotating function.
-
110. The binary block cipher system of claim 109 wherein substantially all of the bits executed on by said predetermined bit-rotating function affect said output primary segments of said bit-moving round.
-
111. The binary block cipher system of claim 108 wherein said one present bit-value in said present bit-position solely determines said bit-value in said other bit-position.
-
112. The binary block cipher system of any of claims 104 to 111 wherein said plurality of bit-moving rounds comprises at least five of said bit-moving rounds.
-
113. A method of key expansion to generate subkey values used in rounds of a block cipher, the block cipher using data-dependent rotation of round segments in at least three of the rounds, the data-dependent rotation having a variable number of bits of rotation which depend directly or indirectly on plaintext, the method of key-expansion including a plurality of expansion calculations on key-dependent segments to generate the subkey values, each of said expansion calculations comprising mathematically combining key-dependent segments with predetermined values to produce the subkey values, wherein the improvement comprises:
said key expansion using expansion calculations having a mathematical operator ratio less than 3.5 to 1, said operator ratio being a ratio of a total number of bits produced by all mathematical operators of said key expansion to a total number of all subkey bits produced. - View Dependent Claims (114, 115, 116, 117)
-
118. A method of enciphering plaintext in a block cipher, said enciphering using a secret key, said method comprising:
-
processing round segments in a plurality of rounds of said block cipher, certain of said rounds transforming input primary segments having a total of n bits of data into output primary segments having a total of n bits of data, each of said input primary segments originating directly or indirectly from said plaintext, each of said round segments of each of said rounds comprising a segment which originates from at least one of said input primary segments of said round, each output primary segment of each said round being equal to one of said round segments of said round, said processing round segments in at least one of said rounds comprising, linearly combining first, second, and third variable segments of data, said first variable segment of at least 64 bits includes at least 50 variable bits from one of said round segments of said round, said second variable segment of at least 64 bits includes at least 50 variable bits from one of said round segments of said round, and said third variable segment is derived from a value selected from a lookup table in response to one of said round segments of said round, and wherein each of said segments is an ordered set of bits. - View Dependent Claims (119, 120, 121, 122, 123)
-
-
124. A method of enciphering plaintext in a block cipher, said enciphering using a secret key, said method comprising:
-
processing round segments in a plurality of rounds of said block cipher, certain of said rounds transforming input primary segments having a total of n bits of data into output primary segments having a total of n bits of data, each of said input primary segments originating directly or indirectly from said plaintext, each of said round segments of said rounds comprising a segment which originates from at least one of said input primary segments of said rounds, each output primary segment of each said round being equal to one of said round segments of said round, said processing round segments in at least one of said rounds comprising, linearly combining first, second, and third variable segments of data, said first variable segment including at least 75 percent of variable bits of one of two said primary segments of said round, said second variable segment including at least 75 percent of variable bits of the other of said two of said primary segments of said round, and said third variable segment is derived from a value selected from a lookup table in response to one of said round segments of said round, and wherein each of said segments is an ordered set of bits. - View Dependent Claims (125, 126, 127)
-
-
128. A storage medium encoded with machine-readable program code for enciphering plaintext in a block cipher, said enciphering using a secret key, said program code including instructions for causing, a computer to implement a method comprising:
-
processing round segments in a plurality of rounds of said block cipher, said plurality of rounds including a plurality of bit-moving rounds, each of said bit-moving rounds transforming input primary segments having a total of n bits of data into output primary segments having a total of n bits of data, each of said input primary segments originating directly or indirectly from said plaintext, each of said round segments of each said bit-moving round comprising a segment which originates from at least one of said input primary segments of said bit-moving round, each output primary segment of each said bit-moving round being equal to one of said round segments of said bit-moving round, said processing round segments in each of said bit-moving rounds comprising, predetermined bit-moving at least one present bit-value in a present bit-position of one of said round segments of said bit-moving round to determine a bit-value in an other bit-position of one of said round segments of said bit-moving round, said present bit-position being different than said other bit-position, variable bit-moving bits of one of said round segments of said bit-moving round by a number of bits dependent on a value from data of one of said round segments of said bit-moving round, and wherein each of said segments is an ordered set of bits. - View Dependent Claims (129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143)
combining two of said round segments in said bit-moving round using a linear mathematical operator.
-
-
137. The storage medium of claim 136 wherein said method further comprises said variable bit-moving comprising variable circular bit-rotating said bits of one of said round segments of said bit-moving round by a number of bits dependent on said value from a selected number of bits of data in selected locations of one of said round segments of said bit-moving round.
-
138. The storage medium of claim 137 wherein said method further comprises said variable circular bit-rotating said bits of one of said round segments comprising variably circular bit-rotating said bits of one of said round segments having a bit-size where a log base 2 of said bit-size equals said selected number of bits of data.
-
139. The storage medium of claim 137 wherein said method further comprises said output primary segments having a bit-size of 32 bits or 64 bits.
-
140. The storage medium of claim 137 wherein said method further comprises said predetermined bit-moving affecting which bits affect said value of said variable circular bit-rotating, and at least one of said output primary segments originating from said round segment which has been rotated by said variable circular bit-rotating.
-
141. The storage medium of claim 137 wherein said method further comprises said predetermined bit-moving comprising predetermined bit-rotating.
-
142. The storage medium of claim 136 wherein said method further comprises said variable bit-moving comprising variable bit-shifting said bits of one of said round segments of said bit-moving round by a number of bits dependent on said value from a selected number of bits of data in selected locations of one of said round segments of said bit-moving round.
-
143. The storage medium of any of claims 136 to 142 wherein said method further comprises said plurality of bit-moving rounds comprising at least five said bit-moving rounds.
-
144. A storage medium encoded with machine-readable program code for enciphering plaintext inputted to a block cipher, said plaintext having n bits of data, said block cipher using a secret key, said program code including instructions for causing a computer to implement a method comprising:
-
processing round segments in a plurality of rounds of said block cipher, said plurality of rounds including a plurality of bit-moving rounds, each of said round segments in said bit-moving rounds comprising a segment in said bit-moving rounds which originates from said plaintext directly or through a present or previous one of said rounds, said processing round segments in each of said bit-moving rounds comprising, predetermined bit-moving at least one present bit-value in a present bit-position of one of said round segments of said bit-moving round to determine a bit-value in an other bit-position of one of said round segments of said bit-moving round, said present bit-position being different than said other bit-position, variable bit-moving bits of one of said round segments of said bit-moving round by a number of bits dependent on a value from data of one of said round segments of said bit-moving round, and wherein each of said segments comprises an ordered set of bits. - View Dependent Claims (145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157)
combining two of said round segments in said bit-moving round using a linear mathematical operator.
-
-
152. The storage medium of claim 151 wherein said method further comprises said variable bit-moving comprising variable circular bit-rotating said bits of one of said round segments of said bit-moving round by a number of bits dependent on said value from a selected number of bits of data in selected locations of one of said round segments of said bit-moving round.
-
153. The storage medium of claim 152 wherein said method further comprises said variable circular bit-rotating said bits of one of said round segments comprising variably circular bit-rotating said bits of one of said round segments having a bit-size where a log base 2 of said bit-size equals said selected number of bits of data.
-
154. The storage medium of claim 152 wherein said method further comprises said predetermined bit-moving affecting which bits affect said value of said variable circular bit-rotating, and at least one of said output primary segments originating from said round segment which has been rotated by said variable circular bit-rotating.
-
155. The storage medium of claim 152 wherein said method further comprises said predetermined bit-moving comprising predetermined bit-rotating.
-
156. The storage medium of claim 151 wherein said method further comprises said variable bit-moving comprising variable bit-shifting said bits of one of said round segments of said bit-moving round by a number of bits dependent on said value from a selected number of bits of data in selected locations of one of said round segments of said bit-moving round.
-
157. The storage medium of any of claims 151 to 156 wherein said method further comprises said plurality of bit-moving rounds comprising at least five said bit-moving rounds.
-
158. A storage medium encoded with machine-readable program code for key expansion, said program code including instructions for causing a computer to implement a method of said key expansion to generate subkey values used in rounds of a block cipher, the block cipher using data-dependent rotation of round segments in at least three of the rounds, the data-dependent rotation having a variable number of bits of rotation which depend directly or indirectly on plaintext, the method of key-expansion including a plurality of expansion calculations on key-dependent segments to generate the subkey values, each of said expansion calculations comprising mathematically combining key-dependent segments with predetermined values to produce the subkey values, wherein the improvement comprises said program code including instructions for causing said computer to implement said key expansion using expansion calculations having a mathematical operator ratio less than 3.5 to 1, said operator ratio is a ratio of a total number of bits produced by all mathematical operators of said key expansion to a total number of all subkey bits produced.
-
159. A storage medium encoded with machine-readable program code for enciphering plaintext in a block cipher, said enciphering using a secret key, said program code including instructions for causing a computer to implement a method comprising:
-
processing round segments in a plurality of rounds of said block cipher, certain of said rounds transforming input primary segments having a total of n bits of data into output primary segments having a total of n bits of data, each of said input primary segments originating directly or indirectly from said plaintext, each of said round segments of each of said rounds comprising a segment which originates from at least one of said input primary segments of said round, each output primary segment of each said round being equal to one of said round segments of said round, said processing round segments in at least one of said rounds comprising, linearly combining first, second, and third variable segments of data, said first variable segment of at least 64 bits includes at least 50 variable bits from one of said round segments of said round, said second variable segment of at least 64 bits includes at least 50 variable bits from one of said round segments of said round, and said third variable segment is derived from a value selected from a lookup table in response to one of said round segments of said round, and wherein each of said segments is an ordered set of bits.
-
-
160. A storage medium encoded with machine-readable program code for enciphering plaintext in a block cipher, said enciphering, using a secret key, said program code including instructions for causing a computer to implement a method comprising:
-
processing round segments in a plurality of rounds of said block cipher, certain of said rounds transforming input primary segments having a total of n bits of data into output primary segments having, a total of n bits of data, each of said input primary segments originating- directly or indirectly from said plaintext, each of said round segments of said rounds comprising a segment which originates from at least one of said input primary segments of said rounds, each output primary segment of each said round being equal to one of said round segments of said round, said processing round segments in at least one of said rounds comprising, linearly combining first, second, and third variable segments of data, said first variable segment including at least 75 percent of variable bits of one of two said primary segments of said round, said second variable segment including at least 75 percent of variable bits of the other of said two of said primary segments of said round, and said third variable segment is derived from a value selected from a lookup table in response to one of said round segments of said round, and wherein each of said segments is an ordered set of bits.
-
-
161. An apparatus for enciphering plaintext in a block cipher using a secret key, said block cipher including a plurality of rounds having round segments, said plurality of rounds including, a plurality of bit-moving rounds, each of said bit-moving, rounds for transforming input primary segments having a total of n bits of data into output primary segments having a total of n bits of data, each of said input primary segments originating directly or indirectly from said plaintext, each of said round segments of each said bit-moving round comprising a segment which originates from at least one of said input primary segments of said bit-moving round, each output primary segment of each said bit-moving round being equal to one of said round segments of said bit-moving round, said apparatus comprising:
-
means for predetermined bit-moving at least one present bit-value in a present bit-position of one of said round segments in each of said bit-moving rounds to determine a bit-value in an other bit-position of one of said round segments, said present bit-position being different than said other bit-position;
means for variable bit-moving bits of one of said round segments in each of said bit-moving rounds by a number of bits dependent on a value from data of one of said round segments of said bit-moving round; and
wherein each of said segments is an ordered set of bits. - View Dependent Claims (162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176)
means for combining two of said round segments in each of said bit-moving rounds using a linear mathematical operator.
-
-
170. The apparatus of claim 169 wherein said means for variable bit-moving comprises means for variable circular bit-rotating said bits of one of said round segments of said bit-moving round by a number of bits dependent on said value from a selected number of bits of data in selected locations of one of said round segments of said bit-moving round.
-
171. The apparatus of claim 170 wherein said means for variable circular bit-rotating said bits of one of said round segments comprises means for variably circular bit-rotating said bits of one of said round segments having a bit-size where a log base 2 of said bit-size equals said selected number of bits of data.
-
172. The apparatus of claim 170 wherein said output primary segments have a bit-size of 32 bits or 64 bits.
-
173. The apparatus of claim 170 wherein said means for predetermined bit-moving affects which bits affect said value of said means for variable circular bit-rotating, and at least one of said output primary segments originating from said round segment which has been rotated by said means for variable circular bit-rotating.
-
174. The apparatus of claim 170 wherein said means for predetermined bit-moving comprising means for predetermined bit-rotating said at least one present bit value.
-
175. The apparatus of claim 169 wherein said means for variable bit-moving comprises means for variable bit-shifting said bits of one of said round segments of said bit-moving round by a number of bits dependent on said value from a selected number of bits of data in selected locations of one of said round segments of said bit-moving round.
-
176. The apparatus of any of claims 169 to 175 wherein said plurality of bit-moving, rounds comprising at least five said bit-moving rounds.
-
177. An apparatus for enciphering plaintext inputted to a block cipher using a secret key, said block cipher including a plurality of rounds having round segments, said plurality of rounds including a plurality of bit-moving rounds, each of said round segments in said bit-moving rounds comprising a segment in said bit-moving rounds which originates from said plaintext directly or through a present or previous one of said rounds, said apparatus comprising:
-
means for predetermined bit-moving at least one present bit-value in a present bit-position of one of said round segments in each of said bit-moving rounds to determine a bit-value in an other bit-position of one of said round segments, said present bit-position being different than said other bit-position;
means for variable bit-moving bits of one of said round segments in each of said bit-moving rounds by a number of bits dependent on a value from data of one of said round segments of said bit-moving round; and
wherein each of said segments comprises an ordered set of bits. - View Dependent Claims (178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190)
means for combining two of said round segments in each of said bit-moving rounds using a linear mathematical operator.
-
-
185. The apparatus of claim 184 wherein said means for variable bit-moving comprises means for variable circular bit-rotating said bits of one of said round segments of said bit-moving round by a number of bits dependent on said value from a selected number of bits of data in selected locations of one of said round segments of said bit-moving round.
-
186. The apparatus of claim 185 wherein said means for variable circular bit-rotating said bits of one of said round segments comprises means for variably circular bit-rotating said bits of one of said round segments having a bit-size where a log base 2 of said bit-size equals said selected number of bits of data.
-
187. The apparatus of claim 185 wherein said means for predetermined bit-moving affects which bits affect said value of said means for variable circular bit-rotating, and at least one of said output primary segments originating from said round segment which has been rotated by said means for variable circular bit-rotating.
-
188. The apparatus of claim 185 wherein said means for predetermined bit-moving comprising means for predetermined bit-rotating said at least one present bit value.
-
189. The apparatus of claim 184 wherein said means for variable bit-moving comprises means for variable bit-shifting said bits of one of said round segments of said bit-moving round by a number of bits dependent on said value from a selected number of bits of data in selected locations of one of said round segments of said bit-moving round.
-
190. The apparatus of any of claims 184 to 189 wherein said plurality of bit-moving rounds comprising at least five said bit-moving rounds.
-
191. An apparatus including means for key expansion to generate subkey values used in rounds of a block cipher, the block cipher using data-dependent rotation of round segments in at least three of the rounds, the data-dependent rotation having a variable number of bits of rotation which depend directly or indirectly on plaintext, said means for key-expansion utilizing a plurality of expansion calculations on key-dependent segments to generate the subkey values, each of said expansion calculations comprising mathematically combining key-dependent segments with predetermined values to produce the subkey values, wherein the improvement comprises,
said means for key expansion using said expansion calculations having a mathematical operator ratio less than 3.5 to 1, said operator ratio being a ratio of a total number of bits produced by all mathematical operators of said key expansion to a total number of all subkey bits produced.
-
192. An apparatus for enciphering plaintext in a block cipher using a secret key, said block cipher including a plurality of rounds having round segments, certain of said rounds for transforming input primary segments having a total of n bits of data into output primary segments having a total of n bits of data, each of said input primary segments originating directly or indirectly from said plaintext, each of said round segments of each of said rounds comprising a segment which originates from at least one of said input primary segments of said round, each output primary segment of each said round being equal to one of said round segments of said round, wherein the improvement comprises:
-
means for linearly combining first, second, and third variable segments of data, said first variable segment of at least 64 bits includes at least 50 variable bits from one of said round segments, said second variable of at least 64 bits includes at least 50 variable bits from one of said round segments, and said third variable segment is derived from a value selected from a lookup table in response to one of said round segments; and
wherein each of said segments is an ordered set of bits.
-
-
193. An apparatus for enciphering plaintext in a block cipher using a secret key, said block cipher including a plurality of rounds having round segments, certain of said rounds for transforming input primary segments having a total of n bits of data into output primary segments having a total of n bits of data, each of said input primary segments originating directly or indirectly from said plaintext, each of said round segments of each of said rounds comprising a segment which originates from at least one of said input primary segments of said round, each output primary segment of each said round being equal to one of said round segments of said round, wherein the improvement comprises:
-
means for linearly combining first, second and third variable segments of data, said first variable segment including at least 75 percent of variable bits of one of two said primary segments, said second variable segment including at least 75 percent of the variable bits of the other of said two of said primary segments, and said third variable segment is derived from a value selected from a lookup table in response to one of said round segments; and
wherein each of said segments is an ordered set of bits.
-
-
194. A method of deciphering ciphertext inputted to a block cipher, said ciphertext having n bits of data, said deciphering using a secret key, said method comprising:
-
processing round segments in a plurality of rounds of said block cipher, said plurality of rounds including a plurality of bit-moving rounds, each of said round segments in said bit-moving rounds comprising a segment in said bit-moving rounds which originates from said ciphertext directly or through a present or previous one of said rounds, said processing round segments in each of said bit-moving rounds comprising, predetermined bit-moving at least one present bit-value in a present bit-position of one of said round segments of said bit-moving round to determine a bit-value in an other bit-position of one of said round segments of said bit-moving round, said present bit-position being different than said other bit-position, variable bit-moving bits of one of said round segments of said bit-moving round by a number of bit s dependent on a value from data of one of said round segments of said bit-moving round, and wherein each of said segments comprises an ordered set of bits. - View Dependent Claims (195, 196, 197, 198)
-
-
199. A storage medium encoded with machine-readable program code for deciphering ciphertext inputted to a block cipher, said ciphertext having n bits of data, said block cipher using a secret key, said program code including instructions for causing a computer to implement a method comprising:
-
processing round segments in a plurality of rounds of said block cipher, said plurality of rounds including a plurality of bit-moving rounds, each of said round segments in said bit-moving rounds comprising a segment in said bit-moving rounds which originates from said ciphertext directly or through a present or previous one of said rounds, said processing round segments in each of said bit-moving rounds comprising, predetermined bit-moving at least one present bit-value in a present bit-position of one of said round segments of said bit-moving round to determine a bit-value in an other bit-position of one of said round segments of said bit-moving round, said present bit-position being different than said other bit-position, variable bit-moving bits of one of said round segments of said bit-moving round by a number of bits dependent on a value from data of one of said round segments of said bit-moving round, and wherein each of said segments comprises an ordered set of bits. - View Dependent Claims (200, 201, 202, 203)
-
-
204. An apparatus for deciphering ciphertext inputted to a block cipher using a secret key, said block cipher including a plurality of rounds having round segments, said plurality of rounds including a plurality of bit-moving rounds, each of said round segments in said bit-moving rounds comprising a segment in said bit-moving rounds which originates from said ciphertext directly or through a present or previous one of said rounds, said apparatus comprising:
-
means for predetermined bit-moving at least one present bit-value in a present bit-position of one of said round segments in each of said bit-moving rounds to determine a bit-value in an other bit-position of one of said round segments, said present bit-position being different than said other bit-position;
means for variable bit-moving bits of one of said round segments in each of said bit-moving rounds by a n umber of bit s dependent on a value from data of one of said round segments of said bit-moving round; and
wherein each of said segments comprises an ordered set of bits. - View Dependent Claims (205, 206, 207, 208)
-
-
209. A method of encrypting a plaintext message, comprising:
-
(a) identifying the plaintext message, the plaintext message including a plurality of words;
(b) applying a mathematical function to at least one of the words;
(c) rotating a value which is based on the result of the applying step (b) by a first number of bits;
(d) rotating a value which is based on the result of the rotating step (c) by a second number of bits, wherein one of the first number of bits and the second number of bits is a predetermined number of bits and the other one of the first number of bits and the second number of bits is derived from one of the words;
(e) applying a secret key to a value originating from one of the words; and
(f) repeating steps (b), (c), (d), and (e) for a number of rounds. - View Dependent Claims (210, 211, 212, 213, 214)
(g) rotating a value which is based on the result of the rotating step (d) by a third number of bits, wherein the third number of bits is a predetermined number of bits different from the predetermined number of bits of step (d).
-
-
214. The method of claim 213 wherein the step (f) comprises repeating steps (b), (c), (d), (g), and (e) for the number of rounds.
-
215. A method of encrypting a plaintext message, comprising:
-
(a) identifying the plaintext message, the plaintext message including a plurality of words;
(b) applying a mathematical function to at least one of the words;
(c) rotating a value originating from one of the words which is based on the result of the applying step (b) by a first number of bits resulting in another value which affects another one of the words, with the one of the words being affected by the other value only indirectly through the other one of the words;
(d) rotating a value which is based on the result of the rotating step (c) by a second number of bits derived from one of the words;
(e) applying a secret key to a value originating from one of the words; and
(f) repeating steps (b), (c), (d), and (e) for a number of rounds. - View Dependent Claims (216, 217)
-
-
218. A system for encrypting a plaintext message, comprising:
-
memory registers for storing the plaintext message, the plaintext message including a plurality of words;
a computing unit for applying a mathematical function to at least one of the words;
a first rotating function executed on the computing unit for rotating a value which is based on the result of the applying the mathematical function by a first number of bits;
a second rotating function executed on the computing unit for rotating a value which is based on the result of the first rotating function by a second number of bits, wherein one of the first number of bits and the second number of bits is a predetermined number of bits and the other one of the first number of bits and the second number of bits is derived from one of the words; and
a function executed on the computing unit for applying a secret key to a value originating from one of the words. - View Dependent Claims (219, 220, 221, 222)
a third rotating function executed on the computing unit for rotating a value which is based on the result of the second rotating function by a third number of bits, wherein the third number of bits is a predetermined number of bits different from the predetermined number of bits of the second rotation function.
-
-
223. A system for encrypting a plaintext message, comprising:
-
memory registers for storing the plaintext message, the plaintext message including a plurality of words;
a computing unit for applying a mathematical function to at least one of the words;
a first rotating function executed on the computing unit for rotating a value originating from one of the words which is based on the result of the applying the mathematical function by a first number of bits resulting in another value which affects another one of the words, with the one of the words being affected by the other value only indirectly through the other one of the words;
a second rotating function executed on the computing unit for rotating a value which is based on the result of the first rotating function by a second number of bits derived from one of the words; and
a function executed on the computing unit for applying a secret key to a value originating from one of the words. - View Dependent Claims (224, 225)
-
-
226. A storage medium encoded with machine-readable program code for encrypting a plaintext message, the program code including instructions for causing a computer to implement a method comprising:
-
(a) identifying the plaintext message, the plaintext message including a plurality of words;
(b) applying a mathematical function to at least one of the words;
(c) rotating a value which is based on the result of the applying step (b) by a first number of bits;
(d) rotating a value which is based on the result of the rotating step (c) by a second number of bits, wherein one of the first number of bits and the second number of bits is a predetermined number of bits and the other one of the first number of bits and the second number of bits is derived from one of the words;
(e) applying a secret key to a value originating from one of the words; and
(f) repeating steps (b), (c), (d), and (e) for a number of rounds. - View Dependent Claims (227, 228, 229, 230, 231)
(g) rotating a value which is based on the result of the rotating step (d) by a third number of bits, wherein the third number of bits is a predetermined number of bits different from the predetermined number of bits of step (d).
-
-
231. The storage medium of claim 230 wherein the method further comprises the step (f) comprising repeating steps (b), (c), (d), (g), and (e) for the number of rounds.
-
232. A storage medium encoded with machine-readable program code for encrypting a plaintext message, the program code including instructions for causing a computer to implement a method comprising:
-
(a) identifying the plaintext message, the plaintext message including a plurality of words;
(b) applying a mathematical function to at least one of the words;
(c) rotating a value originating from one of the words which is based on the result of the applying step (b) by a first number of bits resulting in another value which affects another one of the words, with the one of the words being affected by the other value only indirectly through the other one of the words;
(d) rotating a value which is based on the result of the rotating step (c) by a second number of bits derived from one of the words;
(e) applying a secret key to a value originating from one of the words; and
(f) repeating steps (b), (c), (d), and (e) for a number of rounds. - View Dependent Claims (233, 234)
-
-
235. A method of encrypting a plurality of words, comprising:
-
(a) rotating a value which is based directly or indirectly on at least one of the words by a first number of bits;
(b) rotating a value which is based on the result of the rotating step (a) by a second number of bits, wherein one of the first number of bits and the second number of bits is a predetermined number of bits and the other one of the first number of bits and the second number of bits is derived from one of the words;
(c) rotating a value which is based on the result of the rotating step (b) by a third number of bits, wherein the third number of bits is a predetermined number of bits different from the predetermined number of bits of step (b);
(d) applying a secret key to a value originating from one of the words; and
(e) repeating steps (a), (b), (c) and (d) for a number of rounds. - View Dependent Claims (236, 237, 238)
(f) applying a mathematical function to a value originating from one of the words.
-
-
237. The method of claim 235 wherein the step (e) comprises repeating steps (a), (b), (c), (d), and (f) for the number of rounds.
-
238. The method of claim 236 wherein the applying the mathematical function comprises applying an operation on two unsigned integers of 32 bits or 64 bits.
-
239. A system for encrypting a plurality of words, comprising:
-
a computing unit for processing the plurality of words;
a first rotating function executed on the computing unit for rotating a value which is based on at least one of the words by a first number of bits;
a second rotating function executed on the computing unit for rotating a value which is based on the result of the first rotating function by a second number of bits, wherein one of the first number of bits and the second number of bits is a predetermined number of bits and the other one of the first number of bits and the second number of bits is derived from one of the words;
a third rotating function executed on the computing unit for rotating a value which is based on the result of the second rotating function by a third number of bits, wherein the third number of bits is a predetermined number of bits different from the predetermined number of bits of the second rotating function; and
a function executed on the computing unit for applying a secret key to a value originating from one of the words. - View Dependent Claims (240, 241)
mathematical function executed the computing unit for operating on a value originating from one of the words.
-
-
241. The system of claim 240 wherein the computing unit for applying the mathematical function includes applying an operation on two unsigned integers of 32 bits or 64 bits.
-
242. A storage medium encoded with machine-readable program code for encrypting a plurality of words, the program code including instructions for causing a computer to implement a method comprising:
-
(a) rotating a value which is based on at least one of the words by a first number of bits;
(b) rotating a value which is based on the result of the rotating step (a) by a second number of bits, wherein one of the first number of bits and the second number of bits is a predetermined number of bits and the other one of the first number of bits and the second number of bits is derived from one of the words;
(c) rotating a value which is based on the result of the rotating step (b) by a third number of bits, wherein the third number of bits is a predetermined number of bits different from the predetermined number of bits of step (b);
(d) applying a secret key to a value originating from one of the words; and
(e) repeating steps (a), (b), (c) and (d) for a number of rounds. - View Dependent Claims (243, 244, 245)
(f) applying a mathematical function to a value originating from one of the words.
-
-
244. The storage medium of claim 243 wherein the method further comprises the step (e) comprising repeating steps (a), (b), (c), (d), and (f) for the number of rounds.
-
245. The storage medium of claim 243 wherein the method further comprises the applying the mathematical function comprising applying an operation on two unsigned integers of 32 bits or 64 bits.
-
246. A method of decrypting a plaintext message, comprising:
-
(a) identifying the plaintext message, the plaintext message including a plurality of words;
(b) applying a mathematical function to at least one of the words;
(c) rotating a value which is based on the result of the applying step (b) by a first number of bits;
(d) rotating a value which is based on the result of the rotating step (c) by a second number of bits, wherein one of the first number of bits and the second number of bits is a predetermined number of bits and the other one of the first number of bits and the second number of bits is derived from one of the words;
(e) applying a secret key to a value originating from one of the words; and
(f) repeating steps (b), (c), (d), and (e) for a number of rounds.
-
-
247. A method of decrypting a plaintext message, comprising:
-
(a) identifying the plaintext message, the plaintext message including a plurality of words;
(b) applying a mathematical function to at least one of the words;
(c) rotating a value originating from one of the words which is based on the result of the applying step (b) by a first number of bits resulting in another value which affects another one of the words, with the one of the words being affected by the other value only indirectly through the other one of the words;
(d) rotating a value which is based on the result of the rotating step (c) by a second number of bits derived from one of the words;
(e) applying a secret key to a value originating from one of the words; and
(g) repeating steps (b), (c), (d), and (e) for a number of rounds.
-
-
248. A method of decrypting a plurality of words, comprising:
-
(a) rotating a value which is based on at least one of the words by a first number of bits;
(b) rotating a value which is based on the result of the rotating step (a) by a second number of bits, wherein one of the first number of bits and the second number of bits is a predetermined number of bits and the other one of the first number of bits and the second number of bits is derived from one of the words;
(c) rotating a value which is based on the result of the rotating step (b) by a third number of bits, wherein the third number of bits is a predetermined number of bits different from the predetermined number of bits of step (b);
(d) applying a secret key to a value originating from one of the words; and
(e) repeating steps (a), (b), (c) and (d) for a number of rounds.
-
Specification