This present invention relates generally to the field of cryptography and more specifically to a method of and system for producing a fast, secure stream or block cipher.
Current uses of cryptography for securing computer files, network communications, E-mail, electronic commerce and voice communications impose certain difficulties that the current art does not adequately address. Electronic media requires the standardization of the encryption methods used and also requires broad dissemination of these methods. Therefore, basing security on the secrecy of the method used is ineffective.
In the current art, the security of the encrypted message lies solely in the obscurity of the keys chosen, and is relatively unaffected by a potential adversaries knowledge of the method used. This obscurity is a difficult thing to do since the coded message or ciphertext as it is known in the art is a function, albeit complex, of the key. EK(M)=C, where E is the Encryption method, K is the key, M is the clear message and C is the ciphertext.
It is implicit in this that K, the key, can be solved for if E, M and C are known. This is bad since it should always be assumed that a message, M, can be compromised for any given C by means, other than mathematical, such as fraud, carelessness or espionage. Thus, it must be assumed that a potential intruder will have E, C and at least one M. If the Key can be solved for, all other messages encrypted with that key are compromised.
The current art addresses this problem by making the solution for K hard. In the best current methods, the solution for K is as difficult as the "Brute Force" approach discussed below. This is cold comfort since this hardness is based upon current knowledge of mathematical processes. Improvements in these processes have made ciphers, that were thought of as strong 10 years ago, suspect now in light of the new methods that have been developed. This suspicion is based upon known improvements, ones that have been published and shared. To postulate that these are the only new improvements is to say that no person or organization would keep such improvements, which they have developed, secret. This would be an optimistic view, if not down right naive.
Any cipher can be solved for by a brute force approach. This is where breaking the encryption method is ignored and every possible key is examined until one is found that solves for the plaintext. As long as the group of possible keys is large and no keys are significantly worse than others, a brute force approach is no real threat to a good key. This is because the group of possible keys can easily be large enough that computers many billions of times faster than today's machines would take more time than the life span of the universe to try a significant portion of the possible keys.
Key management is as important to security as the underlying cipher. The resistance of a cipher to a brute force attack is dependent on the size of the key space. This key space is the volume of possible keys and is a function of the key length. It is important that the secret keys selected be distributed evenly throughout this key space so that an attacker does not have a higher probability area of the key space to focus an attack on with a correspondingly higher probability of success.
Some keys are generated from pass phrases. These easily remembered groups of words and symbols are a mnemonic for the actual key used which can be quite long and garbled. Transforming these pass phrases into good keys is difficult to do well. Common phrases use only a small portion of the available characters and repeat an even smaller subset of those characters in predictable ways. A direct translation of phrase characters to key characters would produce weak keys.