System and method for deriving an appropriate initialization vector for secure communications
First Claim
1. A ciphertext information generating system for generating ciphertext from plaintext, said ciphertext information generating system comprising:
- A. an initialization vector generator configured to receive a selected input value and generate an initialization vector therefrom using a selected initialization vector generation methodology,(i) the selected input value being different for each plaintext and being associated with a selected characteristic of said plaintext,(ii) the selected initialization vector generation methodology being selected so that(a) a small change of the selected input value will result in a large change in the initialization vector; and
(b) for any two randomly-selected selected input values, it is unlikely that the corresponding initialization vectors will have the same value; and
B. an encryption module configured to generate the ciphertext from the plaintext and the initialization vector using a selected encryption methodology and encryption key.
2 Assignments
0 Petitions
Accused Products
Abstract
A secure communications arrangement is disclosed including a source device and a destination device interconnected by a network. The source device generates message packets for transfer to the destination device, each message packet including information in ciphertext form. The source device generates the ciphertext from plaintext in accordance with the cipher block chaining mode, using an initialization vector that is generated using a hash function selected so that small changes in an input result in large changes in the initialization vector. As a result values such as sequence numbers or time stamps can be used in generating the initialization vector, while still providing for cryptographic security for the ciphertext as against cryptanalytic attack. The destination device receives the message packet and decrypts the ciphertext to generate plaintext in accordance with the cipher block chaining mode, using an initialization vector that is generated using the corresponding hash function. Although the secure communications arrangement is described in connection with the cipher block chaining mode, other modes, such as the cipher-feedback mode, output-feedback mode and other encryption modes which make use of initialization vectors, could also be used.
113 Citations
87 Claims
-
1. A ciphertext information generating system for generating ciphertext from plaintext, said ciphertext information generating system comprising:
-
A. an initialization vector generator configured to receive a selected input value and generate an initialization vector therefrom using a selected initialization vector generation methodology, (i) the selected input value being different for each plaintext and being associated with a selected characteristic of said plaintext, (ii) the selected initialization vector generation methodology being selected so that (a) a small change of the selected input value will result in a large change in the initialization vector; and (b) for any two randomly-selected selected input values, it is unlikely that the corresponding initialization vectors will have the same value; and B. an encryption module configured to generate the ciphertext from the plaintext and the initialization vector using a selected encryption methodology and encryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A plaintext information generating system for generating plaintext from ciphertext, said plaintext information generating system comprising:
-
A. an initialization vector generator configured to receive a selected input value and generate an initialization vector therefrom using a selected initialization vector generation methodology, (i) the selected input value being different for each plaintext and being associated with a selected characteristic of said ciphertext, (ii) the selected initialization vector generation methodology being selected so that (a) a small change of the selected input value will result in a large change in the initialization vector; and (b) for any two randomly-selected selected input values, it is unlikely that the corresponding initialization vectors will have the same value; and B. a decryption module configured to generate the plaintext from the ciphertext and the initialization vector using a selected decryption methodology and decryption key. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A ciphertext information generating method for generating ciphertext from plaintext, said ciphertext information generating method comprising:
-
A. an initialization vector generating step in which an initialization vector is generated from a selected input value using a selected initialization vector generation methodology, (i) the selected input value being different for each plaintext and being associated with a selected characteristic of said plaintext, (ii) the selected initialization vector generation methodology being selected so that (a) a small change of the selected input value will result in a large change in the initialization vector; and (b) for any two randomly-selected selected input values, it is unlikely that the corresponding initialization vectors will have the same value; and B. an encryption step in which the ciphertext is generated from the plaintext and the initialization vector using a selected encryption methodology and encryption key. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. A plaintext information generating method for generating plaintext from ciphertext, said plaintext information generating method comprising:
-
A. an initialization vector generating step in which an initialization vector is generated from a selected input value using a selected initialization vector generation methodology, (i) the selected input value being different for each plaintext and being associated with a selected characteristic of said ciphertext, (ii) the selected initialization vector generation methodology being selected so that (a) a small change of the selected input value will result in a large change in the initialization vector; and (b) for any two randomly-selected selected input values, it is unlikely that the corresponding initialization vectors will have the same value; and B. a decryption step in which the plaintext is generated from the ciphertext and the initialization vector using a selected decryption methodology and decryption key. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58)
-
-
59. A ciphertext information generation computer program product configured to enable a computer to generate ciphertext from plaintext, said ciphertext information generation computer program product comprising a computer-readable medium having encoded thereon:
-
A. an initialization vector generator module configured to enable the computer to receive a selected input value and generate an initialization vector therefrom using a selected initialization vector generation methodology, (i) the selected input value being different for each plaintext and being associated with a selected characteristic of said plaintext, (ii) the selected initialization vector generation methodology being selected so that (a) a small change of the selected input value will result in a large change in the initialization vector; and (b) for any two randomly-selected selected input values, it is unlikely that the corresponding initialization vectors will have the same value; and B. an encryption module configured enable the computer to generate the ciphertext from the plaintext and the initialization vector using a selected encryption methodology and encryption key. - View Dependent Claims (60, 61, 62, 63, 64, 65, 66, 67, 68)
-
-
69. A plaintext information generation computer program product for generating plaintext from ciphertext, said plaintext information generation computer program product comprising:
-
A. an initialization vector generator module configured to enable the computer to receive a selected input value and generate an initialization vector therefrom using a selected initialization vector generation methodology, (i) the selected input value being different for each plaintext and being associated with a selected characteristic of said ciphertext, (ii) the selected initialization vector generation methodology being selected so that (a) a small change of the selected input value will result in a large change in the initialization vector; and (b) for any two randomly-selected selected input values, it is unlikely that the corresponding initialization vectors will have the same value; and B. a decryption module configured to enable the computer to generate the plaintext from the ciphertext and the initialization vector using a selected decryption methodology and decryption key. - View Dependent Claims (70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87)
-
Specification