1. Field of Invention
The present invention relates to computer implemented data encryption system, and more particularly, to a high-speed configurable data encryption system that provides flexibility while maintaining high data security.
2. Background
Increasingly, more and more electronic data are exchanged over computer networks (for example, the Internet). There is a need to secure data (both financial and personal) exchanged via computer networks by individuals and institutions. Various encryption and decryption methods are used to secure data. Some of the widely used data encryption algorithms that are currently in use are the DES, Triple-DES and AES.
One of the first data encryption algorithms are based on the data encryption standard (DES) adopted by the National Bureau of Standards (NBS). The DES uses a 56-bit “cipher key” for carrying out block encryption. According to the DES, each block of plain text has a length of 64 bits; and its cipher text (encrypted text) block also has the same bit length.
DES employs a small number of bits in its cipher key to encrypt 64-bit data blocks. Hence, DES fails to provide an effective data encryption scheme with a high security. Further, the cipher key is not uniformly assigned to all of the 64-bit blocks, and hence, it is relatively easy to decrypt a cipher text block (that is encrypted by a cipher key).
To answer the shortcomings of the DES technology, Triple DES was employed. Triple DES is based on the DES algorithm but uses a longer cipher key and runs the encryption routine 3 times. Three keys are involved—K1, K2, K3, which maybe unique or each one is related to one another or both. The general steps involved in Triple DES are encryption round with K1, decryption round with K2 and encryption round with K3. However, with the advancement in technology Triple DES is becoming simple enough to decrypt without knowing its key and therefore obsolete.
The Advanced Encryption Standard (AES) (incorporated herein by reference in its entirety) published by the National Institute of Standards and Technology (NIST) is now becoming a popular encryption algorithm. More information on AES is available from the website at csrc.nist.gov/CryptoToolkit/aes/.
AES offers a larger key size, a 128-bit key (the default), a 192-bit key, or a 256-bit key. The number of rounds performed during the execution of the algorithm depends on the key size. For example, the number of rounds for 128 bit key is 10, for 192 bit key it is 12, for 256 bit key it is 14.
AES begins the encryption cycle by first converting the plain text or input data to be encrypted into a State array. An initial Round Key addition is performed on the State array. Then, a pre-set number of regular encryption rounds (depending on the key size) are performed on the State array. Finally, a short encryption round is performed on the State array resulting in the encrypted text. A regular round of encryption includes the steps of Byte Substitution, Shift Row, Mix Column and Add Round Key. A short encryption round includes the Byte Substitution step, Shift Row step and Add Round Key step.
Even though AES provides better security than DES and Triple DES, it still has limitations. For example, AES specifies and uses identical parameters for its various rounds of encryption. This may make it susceptible to compromise especially with the development of future technology.
Therefore, there is a need for a method and system for a more flexible and potentially stronger encryption technique than AES.