Encrypted data is systematically exchanged at a high bit rate using symmetrical encryption algorithms.
The efficacy of a symmetrical encryption algorithm is evaluated on the basis of its resistance to cryptanalysis, which depends on the complexity of the processing applied to the information to be encrypted, the absence of weaknesses, and its resistance to a brute force attack, which depends on the size of the encryption key.
Moreover, the efficacy of symmetrical encryption also depends on its speed of execution. The bit rate at which the encryption algorithm operates must be higher than the maximum bit rate of the application concerned for information that is to be encrypted/decrypted.
Accordingly, for a high bit rate application, secure solution integrators are faced with a dilemma when choosing an encryption algorithm because, with increase in the bit rates of information to be processed and for constant calculation power, the time available for processing information decreases, leading to compromises in terms of cryptanalysis resistance.
Prior art stream encryption mechanisms that perform symmetrical encryption encrypt data continuously, in the course of successive iterations, and can be used advantageously when the data bit rates are high and/or when it is essential to encrypt/decrypt information in real time.
Referring to FIG. 15A, stream encryption mechanisms generally take the form of a pseudo-random bit generator G (based on shift registers, for example), with parameters set by a key K and an initialization vector, with which an exclusive-OR operation (written ⊕ and corresponding to binary addition modulo 2) is applied to an output bit ki of the generator and to a bit pi from the data to be encrypted, thus generally leading to the calculation of a single output bit ci on each iteration i.
These stream encryption methods, although extremely fast in a hardware implementation because of their simplicity and the small number of instruction sets used, have several severe limitations that are generally accepted because they are a direct corollary of the high bit rates specified.
Firstly, the pseudo-random generators used by these stream encryption methods are generally based on the use of linear or non-linear shift registers. Used as such, these shift registers have serious cryptographic shortcomings. To render the pseudo-random behavior of the generator cryptographically acceptable, it is known to combine the shift registers with one another using combination functions. The increase in the number of registers necessary to feed these combination functions and the complexity of the combination functions themselves significantly impact on the number of components required in a hardware implementation and limit the speeds of execution of the pseudo-random generation algorithm and the encryption method.
Moreover, these pseudo-random generators generate only a very limited number of output bits at a time (typically one bit, possibly 8 or 16 bits). Consequently, the number of bits encrypted on each iteration of the stream encryption method is also very limited and does not necessarily meet the real requirements of the applications having data protected by the method.
To alleviate these drawbacks, stream encryption mechanisms that use block encryption algorithms for the pseudo-random generation can be used. An example of a stream encryption mechanism using a block encryption algorithm in cipher feedback (CFB) mode is represented in FIG. 15B and described in the document by B. Scheier entitled “Applied Cryptography protocols, algorithms and source code in C”, Second edition, 1996. Using block encryption algorithms for pseudo-random generation in stream encryption methods has at least two major drawbacks, however: firstly, their high overall size in a hardware implementation; and secondly, their slow execution speed.
Furthermore, the design of the stream encryption mechanisms described above, based on applying an exclusive-OR operation to an output bit of the pseudo-random generator and to a bit of the message to be encrypted, renders the pseudo-random generator directly observable in the context of standard cryptanalysis and commandable in CFB mode as shown in FIG. 15B. In other words, the state of the outputs of the pseudo-random generator is directly accessible by combining the text in clear and the encrypted text using an exclusive-OR operation and provides continuously information that is directly usable for cryptanalysis of the algorithm. Accordingly, in the example of a stream encryption method represented in FIG. 15B, it is possible by observing the outputs and commanding the inputs of the encryption method to bring the shift register of the pseudo-random generator to a predefined state, which constitutes a major cryptographic weakness.
Consequently there exists a need for a solution for fast generation of cryptographically secure pseudo-random sequences of vectors of any predefined size, an encryption/decryption solution that is free of such drawbacks of observability and commandability of the pseudo-random generator, and a guaranteed high level of digital security, whilst ensuring simple and efficient implementation (notably in terms of execution speed) both in hardware and in software.