WO1993016538A1 - Devices for implementing public key cryptography and digital signatures - Google Patents
Devices for implementing public key cryptography and digital signatures Download PDFInfo
- Publication number
- WO1993016538A1 WO1993016538A1 PCT/GB1993/000313 GB9300313W WO9316538A1 WO 1993016538 A1 WO1993016538 A1 WO 1993016538A1 GB 9300313 W GB9300313 W GB 9300313W WO 9316538 A1 WO9316538 A1 WO 9316538A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- component
- ciphertext
- key
- block
- plaintext
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/30—Compression, e.g. Merkle-Damgard construction
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a public key cryptosystem which comprises an encryption device, said device having means for encrypting information including a feed-back loop which evaluates a one-way or a one-way trap door function incorporating modular exponentiation with a small positive exponent and thereby processes successively the blocks into which the information has been divided, to encrypt the information; and a compatible decryption device. The encryption and decryption devices of the present invention provide an outstandingly high rate of encryption and decryption without impairing the level of security associated with public key cryptosystems.
Description
DESCRIPTION
Technical Field
Devices for Implementing Public Key Cryptography and Digital Signatures
The present invention relates to cryptographic devices and particularly to such devices applied to public key cryptography.
Background Art
The more intensive use of electronic methods for the transmission and storage of confidential information, as exemplified by the employment of electronic systems for financial transactions, has increased a need for effective cryptographic systems to protect this information from theft and exploitation by unauthorized persons.
Amongst well known cryptographic systems used to protect information are the Data Encryption Standard (DES) which is a conventional symmetrical cryptosystem and systems of an entirely different character known as Public Key Systems of which the Rivest, Shamir and Adleman (RSA) system is the most prominent.
See references: (1), (2) and (3)
A feature of a Public Key System of cryptography is that the Key required for the process of encryption is different from that required for decryption. Moreover (if desired), it is possible to publish the Encryption Key (usually known as the Public Key) without prejudice to the security of the system. But, the Decryption Key (usually known as the Private Key) must be known only to persons authorized to receive the information.
The characteristics of Public Key Cryptography derive from the incorporation of a one-way or a one-way trap-door mathematical function whereby the necessary calculations can be made readily in the desired direction but only with extreme difficulty in an inverse sense. The Digital Signature feature provides proof of the authenticity of the information and proof of its origin from the sole person having knowledge of the Private Key utilised.
The RSA version of a Public Key Cryptosystem employs modular exponentiation of a particular form as a trap-door function. It is widely acclaimed for its ability to resist efforts to "crack" its code. However, the computational effort necessary for encryption and decryption requires time which limits its application for many practical purposes.
The Devices which are the subject of this invention enable Public Key Cryptogra¬ phy i - i?e accomplished with reduced computational effort and consequently in less overall time. They are suitable for the rapid encryption and decryption of all types of information (commonly called data) and/or the provision of a digital signature and particularly have advantages for speech, television, facsimile and other forms of information which are generated at very rapid rates.
Words and Symbols which appear in the Glossary (see below) have the meaning defined therein.
Disclosure of the Invention
According to a first aspect of the present invention there is provided a component of a public key cryptosystem, which component comprises an encryption device, said device having means for encrypting information including a feed-back loop which evaluates a one-way or a one-way trap-door function incorporating modular exponentiation with a small positive exponent and thereby processes successively the blocks into which the information has been divided, to encrypt the information.
According to a second aspect of the present invention there is provided a component of a public key cryptosystem, which component comprises a decryption device having means for decrypting information encrypted by the encryption device of the first aspect of the present invention, the said decryption device including a feedback loop which evaluates a second one-way or a one-way trap-door function identical with the first such function and thereby processes successively the blocks into which the encrypted information was divided, to decrypt the encrypted information.
According to a third aspect of the present invention there is provided a public key cryptographic communication system which comprises an encryption device according to the first aspect of the present invention and a transmitter operatively connected to the said encryption device to transmit the encrypted information via a telephone line or other suitable communication medium to a compatible receiver. Also provided is the receiver which is operatively linked to a decryption device according to the second aspect of the present invention to decrypt the received information. The transmitter according to this aspect of the present invention may be chosen to suit the nature of the available transmission medium which may, for example, comprise lines or radio or optical media. Suitably, adaptor means may be provided for compressing the bandwidth or otherwise adapting the information to be encrypted to make it possible to transmit that information via the available medium. A corresponding provision is suitably made at the receiver.
Preferably, there is provided means for remembering the electrical condition of the feedback loop of the device transmitting information at the conclusion of eommuni- cation with a particular second device of the same character to which the first device has been connected via a telephone line or other suitable medium and also a second means
for remembering the electrical condition of the feedback loop of the second device so that it is optionally unnecessary to initialize the cryptosystem on resumption of communication between the devices.
Preferably there is further provided storage means for storing the encrypted information in a suitable storage medium until required for examination at a later time in a decrypted form. Suitable storage media may include, for example, magnetic or optical discs or tape or printing on paper.
According to a fourth aspect of the present invention there is provided a public key cryptosystem which comprises an encryption device according to the first aspect of the present invention, a decryption device according to the second aspect of the present invention and storage means operatively linked therebetween.
The encryption device is preferably further characterized by being adapted to use as the the input to the one-way or one-way trap-door function within the encryption device, a combination of the previously encrypted block with a pre-determined or a pre-calculated number, which is known as the "Instantial Key", and preferably employing an Exclusive-OR function for the combination. The previously encrypted block is obtained from a register in which it has been stored.
Suitably, therefore, the encryption device may further comprise a register for storing the previously encrypted block and combining means for combining the previously encrypted block with a pre-determined or pre-calculated number, namely the Instantial Key. Preferably the combining means incorporates an Exclusive-OR function for the purpose.
The encryption device is preferably also characterized by provision of combining means to combine the output of the one-way or one-way trap-door function within the encryption device with the information to be encrypted to obtain the encrypted information employing for that purpose an Exclusive-OR function.
Correspondingly, the decryption device is preferably further characterized by being adapted to use as the input to the one-way or one-way trap-door function within the decryption device the previous ciphertext block in combination with the Instantial Key and preferably to use an Exclusive-OR function for the combination. The previously decrypted block is obtained from a register in which it has been stored.
The decryption device suitably further comprises a register for storing the previous encrypted block , and combining means for combining the previous encrypted block with a pre-determined or pre-calculated number, namely the Instantial Key. Preferably, the combining means incorporates an Exclusive-OR function for the purpose.
The decryption device is preferably further characterized by provision of combining means to combine the output of the one-way or one-way trap-door function in the decryption device with encrypted information obtained from a said encryption device to obtain the decrypted information in its original state before it was encrypted, employing an Exclusive-OR function for the combination.
The exponent of the one-way or one-way trap-door function suitably is a small positive number such as three, five or seventeen.
Preferably there is provided digital signature means to encrypt the Instantial Key as the first block of encrypted information and to create a digital signature by encrypting, for example, the contents of the PEB register at the conclusion of the encryption of the information.
The encryption and decryption devices according to the present invention provide an outstandingly high rate of encryption and decryption respectively without impairing the level of security associated with Public Key Cryptosystems. In mathematical terms, the improvement may be expressed as the contrast between O(nΛ2*L) time for encryption or decryption where n is the length of the modulus in bits and L is the length of the information in bits) which is characteristic of existing Public Key Cryptosystems and O(n*L) + O(nΛ3) time for encryption or decryption which is characteristic of a Cryptosystem according to the present invention.
Brief Description of the Drawings:
A preferred embodiment of the present invention will now be more particularly described by way of example and with reference to the accompanying drawings.
Figure 1 is a schematic diagram of a public key cryptographic communication system embodying the third aspect of the present invention.
Figure 1 A is a schematic diagram of a public key cryptographic system embodying the fourth aspect of the present invention.
Figure 2 is a schematic diagram of the operational features of the encryption device embodying the first aspect of the present invention and which is also incorporated in Figure 1 schematic and in Figure 1 A schematic.
Figure 3 is a schematic diagram of the operational features of the decryption device embodying the second aspect of the present invention and which is also incorporated in the Figure 1 schematic and in Figure 1 A schematic.
Modes for carrying out the Invention
The term plaintext is in common use to describe the text of a message in its original and intelligible form and the term ciphertext is in common use to describe text which has been transformed by encryption into a form which is unintelligible.
These terms will be retained in the following description so that plaintext may denote the original state of information of any character (including, for example, information derived from speech or from graphical drawings) and ciphertext may denote the unintelligible form of information of any character after it has been encrypted. (See also the Glossary).
The devices of the present invention operate with information in a digital form.
Means are therefore provided to convert information into a digital form whenever necessary and also to compress it or otherwise to manipulate it into a convenient form for subsequent encryption. Corresponding arrangements are made to re-convert information after decryption into the form desired for its purpose.
Referring to Figure 1, the public key cryptographic system comprises an encryption device (1) which encrypts information which is in a digital form.
If this information is speech, television, facsimile or other information not already in a digital form an appropriate analogue to digital converter (2) is included.
In addition, the plaintext may be compressed or otherwise manipulated before encryption by a compressor (3) to reduce its length.
The compressor (3) may, for example, employ baseband code-excited linear predictive coding (See Reference 4).
A function of the encryption device (1) is to divide the information into individual Blocks of a size convenient for the encryption process.
The Transmitter (7) is operable to transmit encrypted information via a telephone line or other suitable communication medium to a Receiver (8) which receives the encrypted information.
The encryption process operates in a feedback loop, the operational features of which are illustrated schematically in Figure 2. -
The feedback loop comprises a first Exclusive OR (EOR) logic gate (9) operating bitwise on successive whole blocks of plaintext, a Previous Encrypted Block (PEB) register (10) which registers the previous block to have been encrypted, a second Exclusive OR (EOR) logic gate (11) and a one-way or one-way trap-door function embodied in apparatus (12) which performs a modular exponentiation on the output of the second logic gate (11) and may perform other processing.
The first EOR logic gate (9) has inputs which are (a) a block of plaintext and (b) the output of the one-way or one-way trap-door function in apparatus (12). The output of this logic gate is a block of ciphertext.
The second EOR logic gate (11) has inputs which are (a) an Instantial Key (13) (see herebelow) and (b) the contents of the PEB register (10). The output of this logic gate is the input for apparatus (12).
The apparatus (12) by which the one-way or one-way trap-door function may be evaluated and apparatus by which other modular exponentiation and other calculations may be performed may comprise dedicated circuitry (For Example: See Reference 5) or a microprocessor within the encryption device which is programmed for that purpose.
The apparatus (12) provides modular exponentiation with a small exponent J and modulus M. The exponent J is selected as a small positive number and may, for example, be five or seventeen. The modulus M is suitably a product of two large prime numbers which are different from each other : To maintain the security of the information involved, the values of these two large prime numbers should be known only to the person who will decrypt the information.
Preferably, the modulus used in the one-way or one-way trap-door functions of the encryption device and the decryption device (to be described herebelow) is a product of two large prime numbers p and q such that p-1 and q-1 each have a large prime factor s and t respectively such that s-1 and t-1 also each have a large prime factor.
The Public Key of any person is a number B chosen by that person which is co- prime to (p-l)*(q-l) where p*q=M and where M is the modulus of the person as described above. The Private Key is another number V calculated from p, q and B by the Euclidean Algorithm such that (B*V) MOD ((p-l)*(q-l)) = 1. Alternatively, V may be chosen first and B calculated by the same method.
In practice, M must be at least 512 binary bits in length adequately to withstand attack on the security of the system by factorization of M. A value of M which is larger than 512 bits is preferred as providing better security.
To initiate the operation of the feed-back loop, a zero value held in the PEB register (10) is combined with a pre-calculated number which will hereinafter be called the Instantial Key (IK). The Instantial Key is calculated by dividing a random number Q with the same number of bits as the modulus M by the modulus M, leaving a remainder which is the Instantial Key (13).
As a preliminary to the encryption of information, the Instantial Key (IK) is encrypted to form the first block of the ciphertext — thus:
First ciphertext block = ( IK Λ B ) MOD M where B is the Public Key and M is the Modulus of the person who will decrypt the information and where IK is the Instantial Key. (See also the Glossary).
Each block of the plaintext is then processed through the feedback loop. In explanation, the method used may be represented by a computer sub-routine, as follows:
PEB = 0
WHILE NOT end of file INPUT NEXT plaintextblock ciphertextblock = plaintextblock EOR ((( IK EOR PEB ) Λ J ) MOD M ) PEB = ciphertextblock
OUTPUT NEXT ciphertextblock ENDWHILE where the exponent J is a small positive number and may, for example, be five or seventeen.
To establish authentication of the information, a digital signature may be encrypted in the final ciphertextblock.
The digital signature may be calculated as :
Final ciphertextblock =
((((( IK EOR PEB ) Λ J ) MOD M ) MOD M ' ) Λ V ' ) MOD M '
where V ' is the Private Key and M ' the Modulus of the person originating and signing the information and also where IK is the Instantial Key, PEB is the Previous Encrypted Block and J is the Exponent. (For definitions see the Glossary).
The output of the encryption device may then be stored by any of the means commonly employed for the storage of computer data and the data may be decrypted at any later time.
Or, the data may be transported to any destination desired by methods commonly available such as the mailing of computer discs or it may be reproduced on paper and transmitted as a document.
Or, the output of the encryption device may be transmitted electronically to any destination for which it is intended using any of the conventional methods such as telephone or other communication circuits or by radio transmission.
Referring to Figure 1, the public key cryptographic system also includes a decryption device (4) which decrypts the ciphertext received from another encryption device via a telephone line or other suitable communication medium and the Receiver (8).
If required, an appropriate digi._ , to analog converter (5) and a decompressor (6) are included.
The decryption process operates in a feedback loop the operational features of which are shown schematically in Figure 3.
The feedback loop comprises a first Exclusive OR (EOR) logic gate (14) which operates bitwise on successive whole blocks of ciphertext, a Previous Encrypted Block (PEB) register (17) which registers the previous block of ciphertext, a second Exclusive OR (EOR) logic gate (16) and a one-way or one-way trap-door function embodied in
apparatus (15) which performs a modular exponentiation on the output of the second logic gate (16) and may perform other processing.
The first EOR logic gate (14) has inputs which are (a) a block of ciphertext and (b) the output of the one-way or one-way trap-door function in apparatus (15). The output of this logic gate is a block of plaintext.
The second EOR logic gate (16) has inputs which are (a) the Instantial Key (18) and (b) the contents of the PEB register (17) which comprise the previous block of ciphertext. The output of this logic gate is the input for apparatus (15).
The one-way or one-way trap-door function may be evaluated and other modular exponentiation calculations may be performed by dedicated circuitry or by means of a microprocessor within the encryption device which is programmed for that purpose.
The apparatus (15) provides modular exponentiation with a small exponent J and modulus M. The exponent J is selected as a small positive number and may, for example, be five or seventeen. The modulus M is suitably a product of two large prime numbers which are different from each other : To maintain the security of the information involved, the values of these two large prime numbers should be known only to the person who will decrypt the information. For successful decryption, the values of J and M must be the same as the corresponding values used in encrypting the information.
In practice, M must be at least 512 binary bits in length adequately to withstand attack on the security of the system by factorization of M. A value of M which is larger than 512 bits is preferred as providing better security.
Encrypted information received from another encryption device passes to the decryption device. The first ciphertext block to be decrypted provides the Instantial Key (18) — thus:
IK = ( first ciphertext block Λ V ) MOD M
where V is the Private Key and M is the Modulus of the person who will decrypt the information and IK is the Instantial Key (See also the Glossary).
The PEB register is initialized to zero and each of the following blocks of the ciphertext are then processed by the feedback loop in turn except for the final block.
In explanation, the process of decryption may be represented by a computer sub¬ routine:
WHILE NOT got to final block
INPUT NEXT ciphertextblock plaintext block = ciphertext block EOR ((( IK EOR PEB ) Λ J ) MOD M )
PEB = ciphertextblock
OUTPUT NEXT plaintextblock END WHILE
where PEB is the previous ciphertext block which is stored in the register. (For definitions see the Glossary).
The digital signature which is encrypted in the final block of the ciphertext is then processed:
"signature obtained" = ( final ciphertext block Λ B ' ) MOD M '
"signature expected" = ((( PEB EOR IK ) Λ J ) MOD M ) MOD M '
where the exponent B ' and the Modulus M ' comprise the Public Key of the originator of the information: See the Glossary for definitions.
The signature and the information is considered authenticated if the "signature expected" = "signature obtained" and the plaintext obtained after decryption is intelligible and meaningful and not nonsense.
Referring to Fig. 1A, the numbers (1) to (6) have the same significance as the numbers in Fig.l. However, a storage facility for the ciphertext is shown at (19) and may be of any character in which digital information may be stored. This storage facility enables information to be stored in an encrypted form until it is desired to decrypt that information.
In the first of a number of variations described below of the encryption and decryption procedures described above, the information to be encrypted may be padded at its conclusion with valid plaintext using wording which does not require authenti- cation (for example, phrases such as "Yours sincerely"). Having divided the information into blocks the Instantial Key is encrypted as in the process already described above using the Public Key (B) and the Modulus (M) of the person who will decrypt the information to generate the first ciphertext block.
A second ciphertext block is then generated from the Instantial Key using both the Public Key ( B ) and the modulus ( M ) of the person who will decrypt the information and the Private Key ( V ' ) and Modulus ( M ' ) of the person who is originating and authorising the information, as follows:
first ciphertext block = ( IK Λ B ) MOD M
second ciphertext block = (((( IK Λ B ) MOD M ) MOD M ' ) A V ' ) MOD M '
The remaining plaintext blocks are then encrypted as in the method described above.
The decryption device then calculates:
"signature obtained" = (( second ciphertext block ) Λ B ' ) MOD M '
"signature expected" = (( IK Λ B ) MOD M ) MOD M '
The signature is considered to be authenticated if "signature obtained" = "signature expected" and the information is considered to be authenticated if following the information that requires authentication there is sufficient additional information that does not require authentication to fill at least one whole ciphertext block and that is likewise intelligible, meaningful and not nonsense. For authentication to be valid it is necessary that intelligible and meaningful plaintext information can be distinguished by the person decrypting the information from plaintext information which is nonsense.
In a second variation of the encryption and decryption procedures outlined above, the digital signature may be provided by adding a zero block of plaintext to the end of the plaintext which is to be signed prior to encryption, ncrypting as above with the exception of the digital signature, calculating the Exclusive OR of all the ciphertext blocks and all the plaintext blocks yielding a value X, and then replacing the ciphertext block resulting from encrypting the zero block by a final ciphertext block defined by:
Final ciphertextblock = (( X MOD M')ΛV)MOD M"
On decryption the signature obtained is defined by:
signature obtained = ((final ciphertext block)ΛB')MOD M'
while the signature expected is defined by:
signature expected = Y MOD M'
where Y is the Exclusive OR of Z and all the plaintext blocks and all the ciphertext blocks except the final ciphertext block, where Z is given by:
Z = (((penultimate ciphertext block) EOR IK) ΛJ )MOD M and the signature is considered valid if "signature obtained" is equal to "signature expected".
In a third variation of the encryption and decryption procedures defined above both the digital signature defined in the first variation and that defined in the originally described embodiment above may be sent, to be considered valid by the decrypting device if both are valid according to their respective specifications.
In a fourth variation of the encryption and decryption procedures defined above the modulus M used to encrypt all but the first ciphertext block may be different from the modulus (also referred to above as M) used to encrypt the first ciphertext block, provided that the prime factors of both moduli are unknown to all persons not authorised to decrypt the message. Moreover the modulus used to encrypt all but the first ciphertext block may be equal to the modulus of the signer, M', provided that the
prime factors of M' are not known to persons not authorised to decrypt the message. The moduli used in decryption are in either circumstance altered correspondingly for the first, or for all but the first, ciphertext blocks.
In a fifth variation of the encryption and decryption procedures defined above the instantial key may be modified after encryption of each block and also modified in exactly the same manner in the decryption process. For example after encryption of each block the instantial key may be increased by one, squared, cubed, or have its bits permuted; or some more complicated method may be used to define the value of the instantial key for the next block of encryption, so long as the same method is used to alter the instantial key in the decryption device after decryption of each block.
In a sixth variation of the encryption and decryption procedures defined above the instantial key may be replaced by a new instantial key part way through encrypting or decrypting; the new instantial key may be either encrypted and decrypted in the same manner as the first block of ciphertext or it may be contained in the plaintext of the preceding block or blocks with appropriate means of identifying it as a new instantial key.
For example the plaintext may contain the sentence "At the beginning of the next new block after the next full stop change the instantial key to XXXXX" where XXXXX represents the new value of the instantial key. For another example it may be agreed by the communicating parties beforehand that the 100th, 200th, 300th, etc block of plaintext will contain the value of the instantial key to be used from then on.
Although the present invention has been described above with respect to seven preferred embodiments, a number of other embodiments are conceivable: Such alternative embodiments are intended to be equally within the scope of the present invention.
GLOSSARY OF TERMS AND SYMBOLS USED HEREIN ABOVE :
CRYPTOSYSTEM: A method and associated hardware for converting plaintext to ciphertext so that the plaintext is no longer intelligible and for reconverting ciphertext into intelligible plaintext for the purpose of preventing knowledge of the plaintext by unauthorized persons. See also KEY.
CONVENTIONAL CRYPTOSYSTEM: A Cryptosystem which requires that the Key employed to convert plaintext to ciphertext and the Key employed to convert ciphertext to plaintext must be known only to the persons operating the cryptosystem if the security of the cryptosystem and the privacy of the plaintext is to be preserved.
PUBLIC KEY CRYPTOSYSTEM: A Cryptosystem in which a complete knowledge of the method of operation of the encryption device and of the Key employed for encryption is insufficient to enable the plaintext to be recovered from the ciphertext in a feasible time.
KEY: A number (or information in other forms) required for the transformation of plaintext to ciphertext in a cryptosystem or a number (or information in other forms) required for the transformation of ciphertext to plaintext .
PUBLIC KEY: A Key which is known to its owner and, optionally, to any number of other persons.
PRIVATE KEY: A Key which is known only to its owner.
ENCRYPTION KEY: The Key employed to encrypt plaintext in a Cryptosystem. This Key may not be the same as the Decryption Key for the same cryptosystem.
DECRYPTION KEY: The Key employed to decrypt ciphertext in a Crypto- system. This Key may not be the same as the Encryption Key for the same cryptosystem.
PLAINTEXT AND CIPHERTEXT. The term plaintext is in common use to describe the text of a message in its original and intelligible form and the term ciphertext is in common use to describe text which has been transformed by encryption into a form which is unintelligible. These terms are retained in the description of the present invention so that plaintext denotes the original state of information of any character (including, for example, information derived from speech and from graphical information) and ciphertext may denote the unintelligible form of information of any character after it has been encrypted.
BLOCKS: The plaintext information is divided into portions named Blocks which are processed individually and successively until the whole of the information is encrypted. The same process occurs in decryption and the individual decrypted Blocks are united to form the complete decrypted text.
DIGITAL SIGNATURE: Digital information (often a number) the possession of which indicates that associated plaintext and the ciphertext originated with a person having knowledge of a unique Private Key: This indication is provided by the Digital Signature having a relationship with the corresponding Public Key and the plaintext and ciphertext itself which it would be infeasible to arrange without knowledge of the Private Key.
MODULUS: (See Modular Exponentiation).
MOD: The operation of Division discarding the Quotient and retaining the Remainder, e.g. 376 MOD 52 = 12
EXPONENTIATION: Of two numbers A and B. the result of multiplying A by itself B times. The symbol Λ is used to denote exponentiation.
MODULAR EXPONENTIATION: A calculation of the form ( A Λ B ) MOD C where the number A is the Base, the number B is the Exponent and the number C is the Modulus.
ONE-WAY FUNCTION: A mathematical function which can be evaluated in feasible time but for which there does not exist an inverse function that can be evaluated in feasible time.
ONE-WAY TRAP-DOOR FUNCTION: A mathematical function which can be evaluated in feasible time with the possibility of computing its inverse function also in feasible time if further information required for this purpose is known but for which the inverse function is impossible to compute in feasible time without this further information.
BINARY NUMBERS: Numbers expressed to the base 2 and represented by two digits, for example 0 and 1.
EOR LOGIC GATE: An electronic circuit with two inputs and one output with the property that that if the input voltages both represent the same binary digit, the output is a voltage used to represent 0 but otherwise the output is a voltage used to represent 1.
EOR BITWISE OPERATION: An EOR logic gate or a collection of such gates is said to operate bitwise on two blocks of data with the same number of bits each represented as a number of voltages each representing 0 or 1, if the output is a block of data of the same size such that the first bit of the output block is the output of an EOR logic gate whose two inputs are the first bit of the first block and the first bit of the second block and the second bit of the output block is the output of an EOR logic gate whose two inputs are the second bit of the first block and the second bit of the second block and the Nth bit of the output block is the output of an EOR logic gate whose inputs are the Nth bit of the first block and the Nth bit of the second block.
Notwithstanding the above description the same effect could be obtained by using a microprocessor to calculate the value of the output block rather than by using dedicated logic gates and this is also to be considered within the scope of the present invention.
The symbols employed have the following meanings:
* Multiplication / Division
Λ Exponentiation + Addition
Subtraction
= Equals IK Instantial Key B Public Key V Private Key J Exponent
REFERENCES:
(1) Hoornaert F., Goubert J. and Desmedt Y (1985) "Efficient hardware implementation of the DES."
(2) Advances in Cryptology: Proceedings of Crypto84. Ed. Blakiey G.R. and Chaum D. pp. 147-173 Springer Verlag, Heidelberg.
(3) RSA: US Patent 4405829
(4) Kondoz A.M. and Evans G.B. "CELP baseband coder for high-quality speech coding at 9.6 to 2.4 kilobits per second" published in The Proceedings of the International Conference on Acoustics, Speech and Signal Processing 1988 New York Volume 1, pp 159-162
(5) Thorn-Emi European Patent Application No EP 0 353 041 A2
Industrial Applicability
The more intensive use of electronic methods for the transmission and storage of confidential information, as exemplified by the employment of electronic systems for financial transactions, has increased a need for effective cryptographic systems to protect this information from theft and exploitation by unauthorized persons.
This Invention provides for improvements in existing methods of cryptography and is applicable in all situations in which it is required to ensure the privacy, security and authenticity of information of any character.
Claims
1. A public key cryptosystem which comprises an encryption device, said device having means for encrypting plaintext including a feed-back loop which evaluates a one-way or a one-way trap-door function incorporating modular exponentiation with a small positive exponent and thereby processes successively the blocks into which the plaintext has been divided, to encrypt the plaintext blocks into ciphertext blocks; and a compatible decryption device.
2. A component of the public key cryptosystem of Claim 1, which component comprises a said encryption device.
3. A component of the public key cryptosystem of Claim 1, which component comprises a said decryption device having means for decrypting ciphertext blocks encrypted by a said encryption device, the decrypting device including a feed-back loop which evaluates a second one-way or one-way trap-door function identical with the one way or one-way trap-door function of the encryption device and thereby processes successively the ciphertext blocks, to decrypt them.
4. A component as claimed in Claim 2, wherein the component further comprises a register for storing the previously encrypted block, i.e. the most recently encrypted ciphertext block.
5. A component as claimed in Claim 3 wherein the decryption device further comprises a register for storing the previously decrypted block, i.e. the most recently decrypted ciphertext block.
6. A component as claimed in Claim 4 or Claim 5, wherein the device further comprises combining means for combining the previously encrypted or decrypted block in the respective register with an Instantial Key.
7. A component as claimed in Claim 6, wherein the combining means incorporates an Exclusive-OR function.
8. A component as claimed in Claim 5,6, or 7, which, for the encryption device of Claim 2, comprises an encryption combining means for combining the output of the one-way or one-way trap-door function within the encryption device with the plaintext blocks to obtain the ciphertext blocks employing for that purpose an Exclusive-OR function; or, for the decryption device of Claim 3, comprises a decryption combining means for combining the output of the one-way or one-way trap-door function in the decryption device with ciphertext blocks obtained from a said encryption device to obtain the plaintext in its original state before it was encrypted, employing an Exclusive-OR function for the combination.
9. A system or component as claimed in any preceding Claim, wherein said exponent of the one-way or one-way trap-door function is a small positive number.
10. A component as claimed in Claim 6, wherein the component further comprises digital signature means for encrypting the Instantial Key as the first ciphertext block of encrypted information and for creating a digital signature.
11. A system as claimed in Claim 1, wherein the system further comprises storage means operatively linked to the encryption device and/or the decryption device for storage and subsequent retrieval of the ciphertext blocks.
12. A public key cryptographic communication system which comprises the system of Claim 1 in combination with a transmitter operatively connected to the encryption device to transmit the ciphertext blocks via a suitable communication medium to a compatible receiver to which the decryption device is operatively linked.
13. A system as claimed in Claim 12, wherein there is further provided adaptor means for adapting information to be transmitted into plaintext blocks to enable transmission via the available communication medium.
14. A system as claimed in Claim 12 or 13, wherein there is further provided a first operational status register for registering the electrical condition of the feedback loop of the transmitter at the conclusion of communication with a second device, and a second operational status register for registering the electrical condition of the feedback loop of the second device.
15. A system or component as claimed in any preceding Claim wherein there is further provided means to alter the modulus of the modular exponentiation in a predetermined manner at any point or points of the process during operation of the process.
16. A system or component as claimed in any preceding Claim wherein the process involves an instantial key and there is further provided means to alter the instantial key in a predetermined manner at any point or points of the process during operation of the process.
17. A system or component as claimed in Claim 16, wherein the means to alter the instantial key alters the key in a manner dependent on the theretofore-encrypted or therefore-decrypted plaintext or ciphertext.
18. A system or component as claimed in any preceding Claim wherein there is further provided means to form a pre-signature as a combination of (a) at least one of the plaintext blocks and (b) at least one of the ciphertext blocks and optionally (c) a ciphertext block formed by encrypting an extra zero plaintext block following all the other plaintext blocks, and then to form a digital signature by modular exponentiation of said pre-signature.
19. A system or component as claimed in any preceding Claim, wherein, in use, the first ciphertext block contains the encrypted form of an instantial key and there is further provided means to form a sole or additional digital signature by effecting modular exponentiation of said first ciphertext block.
20. A system or component as claimed in Claim 10, 18 or 19 wherein there is further provided means to verify the validity of the digital signature.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB9203425A GB9203425D0 (en) | 1992-02-18 | 1992-02-18 | Devices for implementing public key cryptography and digital signatures |
| GB9203425.5 | 1992-02-18 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO1993016538A1 true WO1993016538A1 (en) | 1993-08-19 |
Family
ID=10710603
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/GB1993/000313 WO1993016538A1 (en) | 1992-02-18 | 1993-02-15 | Devices for implementing public key cryptography and digital signatures |
Country Status (3)
| Country | Link |
|---|---|
| AU (1) | AU3507393A (en) |
| GB (2) | GB9203425D0 (en) |
| WO (1) | WO1993016538A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0693836A1 (en) * | 1994-06-10 | 1996-01-24 | Sun Microsystems, Inc. | Method and apparatus for a key-management scheme for internet protocols. |
| US5588060A (en) * | 1994-06-10 | 1996-12-24 | Sun Microsystems, Inc. | Method and apparatus for a key-management scheme for internet protocols |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE19703929A1 (en) | 1997-02-04 | 1998-08-06 | Deutsche Telekom Ag | Method for generating a digital signature and method for checking the signature |
| JP3277139B2 (en) * | 1997-03-13 | 2002-04-22 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Input bit string encryption apparatus and method |
| KR101381551B1 (en) | 2006-05-05 | 2014-04-11 | 하이버 인크 | Group based complete and incremental computer file backup system, process and apparatus |
| EP2377267B1 (en) * | 2008-12-04 | 2018-06-06 | Saab AB | Key issuer, key carrier, access unit and methods performed in said units |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4405829A (en) * | 1977-12-14 | 1983-09-20 | Massachusetts Institute Of Technology | Cryptographic communications system and method |
| EP0353041A2 (en) * | 1988-07-26 | 1990-01-31 | THORN EMI plc | Signal processing apparatus and method using modified signed digit arithmetic |
| WO1990002456A1 (en) * | 1988-08-19 | 1990-03-08 | Ncr Corporation | Public key diversification method |
| US4908861A (en) * | 1987-08-28 | 1990-03-13 | International Business Machines Corporation | Data authentication using modification detection codes based on a public one way encryption function |
| US4956863A (en) * | 1989-04-17 | 1990-09-11 | Trw Inc. | Cryptographic method and apparatus for public key exchange with authentication |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4658094A (en) * | 1985-03-28 | 1987-04-14 | Itt Corporation | Encryption apparatus and methods for raising a large unsigned integer to a large unsigned integer power modulo a large unsigned integer |
| US4736423A (en) * | 1985-04-30 | 1988-04-05 | International Business Machines Corporation | Technique for reducing RSA Crypto variable storage |
-
1992
- 1992-02-18 GB GB9203425A patent/GB9203425D0/en active Pending
-
1993
- 1993-02-15 AU AU35073/93A patent/AU3507393A/en not_active Abandoned
- 1993-02-15 WO PCT/GB1993/000313 patent/WO1993016538A1/en active Application Filing
- 1993-02-18 GB GB9303246A patent/GB2264423B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4405829A (en) * | 1977-12-14 | 1983-09-20 | Massachusetts Institute Of Technology | Cryptographic communications system and method |
| US4908861A (en) * | 1987-08-28 | 1990-03-13 | International Business Machines Corporation | Data authentication using modification detection codes based on a public one way encryption function |
| EP0353041A2 (en) * | 1988-07-26 | 1990-01-31 | THORN EMI plc | Signal processing apparatus and method using modified signed digit arithmetic |
| WO1990002456A1 (en) * | 1988-08-19 | 1990-03-08 | Ncr Corporation | Public key diversification method |
| US4956863A (en) * | 1989-04-17 | 1990-09-11 | Trw Inc. | Cryptographic method and apparatus for public key exchange with authentication |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0693836A1 (en) * | 1994-06-10 | 1996-01-24 | Sun Microsystems, Inc. | Method and apparatus for a key-management scheme for internet protocols. |
| US5588060A (en) * | 1994-06-10 | 1996-12-24 | Sun Microsystems, Inc. | Method and apparatus for a key-management scheme for internet protocols |
Also Published As
| Publication number | Publication date |
|---|---|
| AU3507393A (en) | 1993-09-03 |
| GB2264423A (en) | 1993-08-25 |
| GB9303246D0 (en) | 1993-04-07 |
| GB2264423B (en) | 1995-04-26 |
| GB9203425D0 (en) | 1992-09-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6396926B1 (en) | Scheme for fast realization of encrytion, decryption and authentication | |
| Boneh | Twenty years of attacks on the RSA cryptosystem | |
| AU729638B2 (en) | A non-deterministic public key encryption system | |
| US4351982A (en) | RSA Public-key data encryption system having large random prime number generating microprocessor or the like | |
| US4736423A (en) | Technique for reducing RSA Crypto variable storage | |
| US6154541A (en) | Method and apparatus for a robust high-speed cryptosystem | |
| EP0656709B1 (en) | Encryption device and apparatus for encryption/decryption based on the Montgomery method using efficient modular multiplication | |
| US7236589B2 (en) | Device for point compression for Jacobians of hyperelliptic curves | |
| Etzel et al. | Square hash: Fast message authentication via optimized universal hash functions | |
| US4964164A (en) | RSA computation method for efficient batch processing | |
| GB2265285A (en) | Public key cryptographic method for communication and electronic signatures | |
| US7248700B2 (en) | Device and method for calculating a result of a modular exponentiation | |
| US6345098B1 (en) | Method, system and apparatus for improved reliability in generating secret cryptographic variables | |
| US5351298A (en) | Cryptographic communication method and apparatus | |
| US4969190A (en) | Encrypting system of data | |
| CN100353704C (en) | Asymmetrical cryptographic communication method and portable object therefor | |
| US7248692B2 (en) | Method of and apparatus for determining a key pair and for generating RSA keys | |
| US20020136400A1 (en) | R-conversion encryption method and system | |
| WO1993016538A1 (en) | Devices for implementing public key cryptography and digital signatures | |
| US6687728B2 (en) | Method and apparatus for arithmetic operation and recording medium of method of operation | |
| JP3396693B2 (en) | Encryption / decryption device and public key encryption system | |
| EP1148675A1 (en) | Public key cryptograph and key sharing method | |
| Kiefer | A weakness of the Menezes-Vanstone cryptosystem | |
| Schwenk | Cryptography: Confidentiality | |
| Chang et al. | A digital signature scheme based upon the theory of quadratic residues |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AK | Designated states |
Kind code of ref document: A1 Designated state(s): AT AU BB BG BR CA CH DE DK ES FI GB HU JP KP KR LK LU MG MN MW NL NO PL RO RU SD SE US |
|
| AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH DE DK ES FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR SN TD TG |
|
| REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
| 122 | Ep: pct application non-entry in european phase | ||
| NENP | Non-entry into the national phase |
Ref country code: CA |