WO2006102003A2 - Systemes et procedes d'execution d'un double chiffrement pour contrer des attaques ciblees au centre - Google Patents

Systemes et procedes d'execution d'un double chiffrement pour contrer des attaques ciblees au centre Download PDF

Info

Publication number
WO2006102003A2
WO2006102003A2 PCT/US2006/009567 US2006009567W WO2006102003A2 WO 2006102003 A2 WO2006102003 A2 WO 2006102003A2 US 2006009567 W US2006009567 W US 2006009567W WO 2006102003 A2 WO2006102003 A2 WO 2006102003A2
Authority
WO
WIPO (PCT)
Prior art keywords
key
encryption
whitening
ciphertext
produce
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2006/009567
Other languages
English (en)
Other versions
WO2006102003A3 (fr
Inventor
Debra L. Cook
Marcel Mordechay Yung
Angelos D. Keromytis
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Columbia University in the City of New York
Original Assignee
Columbia University in the City of New York
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Columbia University in the City of New York filed Critical Columbia University in the City of New York
Publication of WO2006102003A2 publication Critical patent/WO2006102003A2/fr
Publication of WO2006102003A3 publication Critical patent/WO2006102003A3/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Definitions

  • the present invention relates to the field of encryption. More particularly, this invention relates to increasing the security of encryption while reducing the time required to obtain that security.
  • Ciphertext 210 is decrypted with a cipher 220 using a key 230 to produce plaintext 240.
  • ⁇ D k denotes decryption using key k
  • ⁇ P and Pi denote plaintext, where i is an integer
  • Ci denotes ciphertext, where i is an integer; ⁇ H(x) denotes a hash of x;
  • ⁇ whitening is the process of adding some confusion to data
  • ⁇ whitening may be performed, for example, by exclusive-oring the data with a string of bits generated by a pseudo-random function or a hash function;
  • ⁇ W k consists of whitening key bits dependent on key k
  • ⁇ n denotes the length of a key
  • DES Data Encryption Standard
  • DEA Data Encryption Algorithm
  • Double encryption refers to using two independent keys to encrypt P twice.
  • 3DES Triple DES is encryption that may be represented by
  • Methods and systems are provided for the encryption of data.
  • methods and systems are provided for encrypting plaintext wherein the plaintext is encrypted with a first key, encrypted with a second key, and then exclusive-ored with a whitening of a third key to produce ciphertext.
  • methods and systems for decrypting ciphertext wherein the ciphertext is exclusive-ored with a whitening of a third key, decrypted with a second key, and then decrypted with a first key to produce plaintext.
  • methods and systems are provided for encrypting plaintext wherein the plaintext is exclusive-ored with a whitening of a third key, encrypted with a first key, and then encrypted with a second key to produce ciphertext.
  • methods and systems for decrypting ciphertext wherein the ciphertext is decrypted with a second key, decrypted with a first key, and then exclusive-ored with a whitening of a third key to produce plaintext.
  • FIG. 1 is a simplified illustration of data being encrypted
  • FIG. 2 is a simplified illustration of data being decrypted
  • FIG. 3 is a simplified illustration of a method for encrypting data in accordance with certain embodiments of the present invention.
  • FIG. 4 is a simplified illustration of a system that may be used in accordance with certain embodiments of the present invention.
  • FIG. 5 is a simplified illustration of a method for decrypting ciphertext in accordance with certain embodiments of the present invention.
  • Methods and systems are provided for the encryption of data, hi some embodiments, methods and systems are provided for performing double encryption along with whitening. This is provided in a way that requires less work than triple encryption and avoids a meet-in-the-middle attack to which double encryption alone would be subject.
  • Embodiments of this invention apply not only to, for example, DES and AES, but apply equally well to any encryption cipher.
  • methods and systems are provided for encrypting plaintext wherein the plaintext is encrypted with a first key, encrypted with a second key, and then exclusive-ored with a whitening of a third key to produce ciphertext.
  • methods and systems for decrypting ciphertext are provided wherein the ciphertext is exclusive-ored with a whitening of a third key, decrypted with a second key, and then decrypted with a first key to produce plaintext.
  • methods and systems are provided for encrypting plaintext wherein the plaintext is exclusive-ored with a whitening of a third key, encrypted with a first key, and then encrypted with a second key to produce ciphertext.
  • methods and systems for decrypting ciphertext wherein the ciphertext is decrypted with a second key, decrypted with a first key, and then exclusive-ored with a whitening of a third key to produce plaintext.
  • the third key in this description is used in the whitening while the first and second key are used for both encryption and decryption.
  • embodiments of the systems and methods of this invention can be practiced with any numbering scheme for the keys.
  • the present invention adds a hash of key material to double encryption:
  • Equation II A simple illustration of equation II can be seen in FIG. 3.
  • the first step is to encrypt the data with kl at step 320.
  • the result of that first encryption is then encrypted with k2 at step 330.
  • the final step 340 is to XOR the whitening based on k3 with the result of the second encryption to produce the ciphertext 350.
  • Some embodiments of the present invention may be used to send data over a network as demonstrated in FIG. 4.
  • plaintext 430 residing on a system 400 comprising a processor may be encrypted 420 using one embodiment of the present invention.
  • the created ciphertext 480 may then be sent over a network 440 to another system 450.
  • That system may then decrypt 460 the ciphertext using an embodiment of the present invention to produce the plaintext 470, which is the same as the plaintext 430 that was originally encrypted.
  • Other embodiments may encrypt data to be stored on media, memory, or any other suitable storage or transfer mechanism.
  • the systems referenced by 400 and 450 may be, for example, laptop computers, mobile phones, personal digital assistants, or any type of device capable of using the underlying cipher for encryption or decryption. Furthermore, they do not have to be the same type of system. Also, the systems may share the first key, second key, and third key using methods known in the art.
  • the whitening is the output of a hash function or some other function, it is preferably computed once during the key expansion and not per plaintext, i.e., the same whitening is preferably used for each plaintext throughout the encryption.
  • the whitening of k3 may be performed either before or after performing the double encryption.
  • the key, k3, can either be a combination of kl and k2, or a third key of length > n.
  • a block length, b, greater than or equal to n is assumed (b ⁇ n). Both options result in the attacker having to try 2 2n key combinations instead of only 2 n combinations.
  • the generic construction is analyzed below and one possible hash for whitening is suggested. [0029] The following assumptions are made in this discussion:
  • Wk 3 is the output of a pseudo-random function (PRF) acting on input k3 ;
  • PRF pseudo-random function
  • a meet-in-the-middle attack also requires finding 2n key bits.
  • k3 is independent of kl and k2 then, since both b and ]k3
  • the whitening is independent of the cipher's key schedule so an attacker cannot try all possible kl or k2 values and have the whitening included in the expanded key bits.
  • ciphertext can be decrypted. This can be seen by manipulating encryption equations I and II: C ⁇ H(kl
  • decryption may be performed by first doubly decrypting the ciphertext with a second and first key and then XORing the result with the whitening of a third key.
  • This invention improves a double encryption's resistance to attacks. It relies on the used block cipher having a sufficient level of resistance to attacks aside from an exhaustive key search.
  • This invention provides a way that a double application of DES with a final whitening can be used to achieve the same purpose of 3DES while requiring fewer computations than 3DES.
  • the initial and final permutations are not required between each pair of applications because sequential applications of DES result in pairs of the permutations that merely undo each other.
  • the final permutation of the first encryption and the initial permutation of the second encryption are omitted. Therefore, 2DES with a final whitening step offers a savings over 3DES by eliminating one application of DES minus the initial permutation while adding only the cost of the XOR required for the whitening.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne des procédés et des systèmes de chiffrement de données. Dans un mode de réalisation, l'invention concerne un procédé d'exécution d'un double chiffrement et d'application d'une décoloration tout en prévoyant une longueur de clé d'au moins 2n, la clé du chiffre d'origine étant de n bits. Ceci est prévu d'une manière nécessitant moins de travail que dans trois applications du chiffre et permet d'éviter une attaque convergeant au centre à laquelle le double chiffrement en lui-même peut être sujet.
PCT/US2006/009567 2005-03-16 2006-03-16 Systemes et procedes d'execution d'un double chiffrement pour contrer des attaques ciblees au centre Ceased WO2006102003A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US66226905P 2005-03-16 2005-03-16
US60/662,269 2005-03-16

Publications (2)

Publication Number Publication Date
WO2006102003A2 true WO2006102003A2 (fr) 2006-09-28
WO2006102003A3 WO2006102003A3 (fr) 2007-05-10

Family

ID=37024395

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/009567 Ceased WO2006102003A2 (fr) 2005-03-16 2006-03-16 Systemes et procedes d'execution d'un double chiffrement pour contrer des attaques ciblees au centre

Country Status (1)

Country Link
WO (1) WO2006102003A2 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114826558A (zh) * 2022-04-06 2022-07-29 郑州朗灵电子科技有限公司 一种海量数据快速加密方法及系统

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SCHNEIDER B.: 'Applied Cryptography', vol. 2 ED., 1996 pages 357 - 368, XP002244523 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114826558A (zh) * 2022-04-06 2022-07-29 郑州朗灵电子科技有限公司 一种海量数据快速加密方法及系统

Also Published As

Publication number Publication date
WO2006102003A3 (fr) 2007-05-10

Similar Documents

Publication Publication Date Title
Karri et al. Parity-based concurrent error detection of substitution-permutation network block ciphers
EP2290872B1 (fr) Dispositif de génération de code d'authentification de message pour authentifier un message
US8300828B2 (en) System and method for a derivation function for key per page
US7319751B2 (en) Data encryption
Li et al. Differential fault analysis on the ARIA algorithm
US8971526B2 (en) Method of counter-measuring against side-channel attacks
KR101091246B1 (ko) 간단하고 효율적인 원패스 인증 암호화 방법
US20120170739A1 (en) Method of diversification of a round function of an encryption algorithm
WO2018104412A1 (fr) Procédé de signature ou de déchiffrement rsa protégé à l'aide d'un chiffrement homomorphique
Alenezi et al. On the performance of AES algorithm variants
Koko et al. Comparison of Various Encryption Algorithms and Techniques for improving secured data Communication
Wu The misuse of RC4 in Microsoft Word and Excel
Saha et al. White-box cryptography based data encryption-decryption scheme for iot environment
US7773753B2 (en) Efficient remotely-keyed symmetric cryptography for digital rights management
US20060153372A1 (en) Smart card and method protecting secret key
CN107766725B (zh) 抗模板攻击的数据传输方法及系统
Arya et al. Effective AES Implementation
KR20030027459A (ko) 무선랜에서 송수신되는 패킷의 암호화 및 복호화 방법
WO2006102003A2 (fr) Systemes et procedes d'execution d'un double chiffrement pour contrer des attaques ciblees au centre
Liu et al. Improving tag generation for memory data authentication in embedded processor systems
Qahur Al Mahri et al. Fault analysis of AEZ
Muthavhine et al. Reconstruction of des in order to reduce memory constraints found on iot devices
Liu et al. iCETD: An improved tag generation design for memory data authentication in embedded processor systems
CA2453081A1 (fr) Methode et appareil de protection des systemes ntru contre les attaques temporelles
Kenekayoro Patrick The data encryption standard thirty four years later: An overview

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase in:

Ref country code: DE

NENP Non-entry into the national phase in:

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 06738605

Country of ref document: EP

Kind code of ref document: A2