Verifiable, Leak-Resistant Encryption and Decryption
First Claim
1. A method for encrypting plaintext data by a device with an internal secret state, while limiting the re-use of cryptographic keys, comprising:
- (a) deriving a message key from said internal secret state and a message to identifier by computing a plurality of successive intermediate keys, starting with at least a portion of said internal secret state and leading to said message key, where each successive key is derived based on at least a portion of said message identifier and a prior key;
(b) using said one or more cryptographic keys based on at least said message key to encrypt one or more segments of said plaintext data to produce one or more encrypted data segments;
(c) computing a cryptographic hash from at least one said encrypted data segment;
(d) deriving a validator from at least a secret value and said cryptographic hash, where said deriving includes computing a plurality of successive intermediate values, starting with said secret value, where each successive value is at least based on a prior one of said values and a portion of said cryptographic hash;
(e) outputting said one or more encrypted data segments and said validator.
1 Assignment
0 Petitions
Accused Products
Abstract
This patent describes techniques usable by devices to encrypt and decrypt sensitive data to in a manner that provides security from external monitoring attacks. The encrypting device has access to a base secret cryptographic value (key) that is also known to the decrypting device. The sensitive data are decomposed into segments, and each segment is encrypted with a separate encryption key derived from the base key and a message identifier to create a set of encrypted segments. The encrypting device uses the base secret cryptographic value to create validators that prove that the encrypted segments for this message identifier were created by a device with access to the base key. The decrypting device, upon receiving an encrypted segments and validator(s), uses the validator to verify the message identifier and that the encrypted segment are unmodified, then uses a cryptographic key derived from the base key and message identifier to decrypt the segments. Derived keys and validators are produced using methods designed to preserve security even if cipher and hashing operations leak information. Embodiments for systems including SoCs, firmware loading, FPGAs and network communications are described.
230 Citations
68 Claims
-
1. A method for encrypting plaintext data by a device with an internal secret state, while limiting the re-use of cryptographic keys, comprising:
-
(a) deriving a message key from said internal secret state and a message to identifier by computing a plurality of successive intermediate keys, starting with at least a portion of said internal secret state and leading to said message key, where each successive key is derived based on at least a portion of said message identifier and a prior key; (b) using said one or more cryptographic keys based on at least said message key to encrypt one or more segments of said plaintext data to produce one or more encrypted data segments; (c) computing a cryptographic hash from at least one said encrypted data segment; (d) deriving a validator from at least a secret value and said cryptographic hash, where said deriving includes computing a plurality of successive intermediate values, starting with said secret value, where each successive value is at least based on a prior one of said values and a portion of said cryptographic hash; (e) outputting said one or more encrypted data segments and said validator. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for encrypting plaintext data by a device with an internal secret state, while limiting the re-use of cryptographic keys, comprising:
-
(a) deriving a message key from said internal secret state and a message identifier by computing a plurality of successive intermediate keys, starting with at least a portion of said internal secret state and leading to said message key, where each successive key is derived based on at least a portion of said message identifier and a prior key; (b) using said one or more cryptographic keys based on at least said message key to encrypt one or more segments of said plaintext data to produce one or more encrypted data segments; (c) using a secret key to compute a cryptographic verification value at least based on, and usable to verify, one or more of said encrypted data segments; and (d) outputting said one or more encrypted data segments and said cryptographic verification value. - View Dependent Claims (22)
-
-
23. A method for decrypting data by a device with an internal secret state, while limiting the re-use of cryptographic keys, comprising:
-
(a) receiving one or more encrypted data segments and a cryptographic verification value, and obtaining a message identifier corresponding thereto; (b) verifying said cryptographic verification value to determine whether said message identifier or at least one of said encrypted data segments have been modified, including; (i) computing a cryptographic hash from at least one said encrypted data segment; (ii) deriving an expected validator from at least a secret value and said cryptographic hash, where said deriving includes computing a plurality of successive intermediate values, starting with said secret value, where each successive value is at least based on a prior one of said values and a portion of said cryptographic hash; and (iii) comparing said derived expected candidate validator with said received cryptographic verification value. (c) deriving a message key from said internal secret state and said message identifier by computing a plurality of successive intermediate keys, starting with at least a portion of said internal secret state and leading to said message key, where each successive key is derived based on at least a portion of said message identifier and a prior key; and (d) using said one or more cryptographic keys based on at least said message key to decrypt one or more verified segments of said encrypted data to produce one or more plaintext data segments. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
-
-
46. A method for decrypting data by a device with an internal secret state, while limiting the re-use of cryptographic keys, comprising:
-
(a) receiving one or more encrypted data segments and a cryptographic verification value, and obtaining a message identifier corresponding thereto; (b) verifying said cryptographic verification value to determine whether said message identifier or at least one of said encrypted data segments have been modified; (c) deriving a message key from said internal secret state and said message identifier by computing a plurality of successive intermediate keys, starting with at least a portion of said internal secret state and leading to said message key, where each successive key is derived based on at least a portion of said message identifier and a prior key; and (d) using said one or more cryptographic keys based on at least said message key to decrypt one or more verified segments of said encrypted data to produce one or more plaintext data segments. - View Dependent Claims (47, 49, 50, 51, 52, 53)
-
-
48. A device for encrypting plaintext data while limiting the re-use of cryptographic keys, said device being configured to:
-
(a) derive a message key from an internal secret state and a message identifier by computing a plurality of successive intermediate keys, starting with at least a portion of said internal secret state and leading to said message key, each successive key to be derived based on at least a portion of said message identifier and a prior key; (b) use said one or more cryptographic keys based on at least said message key to encrypt one or more segments of said plaintext data to produce one or more encrypted data segments; (c) compute a cryptographic hash from at least one said encrypted data segment; (d) derive a validator from at least a secret value and said cryptographic hash, where said deriving includes computing a plurality of successive intermediate values, starting with said secret value, each successive value to be at least based on a prior one of said values and a portion of said cryptographic hash; and (e) output said one or more encrypted data segments and said validator.
-
-
54. A device for encrypting plaintext data while limiting the re-use of cryptographic keys, said device being configured to:
-
(a) derive a message key from said internal secret state and a message identifier by computing a plurality of successive intermediate keys, starting with at least a portion of said internal secret state and leading to said message key, each successive key to be derived based on at least a portion of said message identifier and a prior key; (b) use said one or more cryptographic keys based on at least said message key to encrypt one or more segments of said plaintext data to produce one or more encrypted data segments; (c) use a secret key to compute a cryptographic verification value at least based on, and usable to verify, one or more of said encrypted data segments; and (d) output said one or more encrypted data segments and said cryptographic verification value. - View Dependent Claims (55)
-
-
56. A device for decrypting data, while limiting the re-use of cryptographic keys, said device being configured to:
-
(a) receive one or more encrypted data segments and a cryptographic verification value, and obtaining a message identifier corresponding thereto; (b) verify said cryptographic verification value to determine whether said message identifier or at least one of said encrypted data segments have been modified, including; (i) computing a cryptographic hash from at least one said encrypted data segment; (ii) deriving an expected validator from at least a secret value and said cryptographic hash, where said derivation includes computing a plurality of successive intermediate values, starting with said secret value, where each successive value is at least based on a prior one of said values and a portion of said cryptographic hash; and (iii) comparing said derived expected candidate validator with said received cryptographic verification value; (c) derive a message key from said internal secret state and said message identifier by computing a plurality of successive intermediate keys, starting with at least a portion of said internal secret state and leading to said message key, where each successive key is derived based on at least a portion of said message identifier and a prior key; and (d) use said one or more cryptographic keys based on at least said message key to decrypt one or more verified segments of said encrypted data to produce one or more plaintext data segments. - View Dependent Claims (57, 58, 59, 60, 61, 62, 63, 64, 65, 66)
-
-
67. A device for encrypting plaintext data while limiting the re-use of cryptographic keys, said device being configured to:
-
(a) derive a message key from said internal secret state and a message identifier by computing a plurality of successive intermediate keys, starting with at least a portion of said internal secret state and leading to said message key, each successive key to be derived based on at least a portion of said message identifier and a prior key; (b) use said one or more cryptographic keys based on at least said message key to encrypt one or more segments of said plaintext data to produce one or more encrypted data segments; (c) use a secret key to compute a cryptographic verification value at least based on, and usable to verify, one or more of said encrypted data segments; and (d) output said one or more encrypted data segments and said cryptographic verification value. - View Dependent Claims (68)
-
Specification