1. Field of the Invention
The present invention relates to the protection of memory contents by encryption in general and particularly to the generation of unit-individual keys for accessing the address by units of a memory.
2. Description of the Related Art
For a protection against unauthorized spying out of stored information, the memory contents of the memory are encrypted in different applications. In the field of cashless payments, for example, amounts of money stored on chip cards are stored in an encrypted way to protect them from unauthorized spying out, or from manipulations, such as unauthorized alterations of the amount.
An unauthorized person obtains the encrypted information stored in the memory, i.e. the plain text, for example, by statistical analysis of the cipher text stored on the memory. This statistical analysis comprises, for example, an analysis of the occurrence probability of certain cipher text data blocks or the same. In order to impede these statistical analyses, it is desirable that equal plain texts, which are in encrypted form at different memory positions of the memory, do not exist there in the form of identical cipher texts.
One possibility to ensure the encryption of plain texts at different memory positions in the different cipher texts, is to use the so-called cipher block chaining method for encryption, i.e. operating a block cipher in the CBC mode, as it is, for example, described in the handbook of Applied Cryptography , CRC Press, NY, 1997, p. 230. In the CBC mode, for encrypting a plain text data block, always the cipher text of the previous plain text data block is used, such as of the plain text data block with an address lower by 1 or higher by 1 in the memory. The CBC mode has the disadvantage that an individual isolated datum in the memory can only be encrypted when the whole chain of sequential data is decrypted. Thus, no direct access to data is possible within the CBC chain. Going through the cipher chain takes up valuable computing time and consumes an unnecessary amount of current, which is particularly a disadvantage in smartcards used in battery-operated devices, such as mobile phones, or in chip cards, where the customers of the chip card providers require transaction times at the terminals, which are as short as possible.
A further possibility to ensure that equal plain texts, which are at different memory positions, are encrypted into different cipher texts, is to generate address-dependent keys for encrypting the plain text. The usage of address-dependent keys uses the fact that a fixed memory space and thus a dedicated address is associated to a datum to be stored and to be encrypted, and that the encrypted stored datum is stored at exactly this dedicated address, and remains there, until it is readout again on the basis of this address. An individual key can be generated from an existing secret master key and the address information for a memory position or an individually addressable unit, respectively, with which then the respective datum can be encrypted in a write and decrypted in a read. The address-dependent generation has the disadvantage that the effort for the key generation is about as high as the effort for the encryption or decryption, respectively, itself, since a key generation has to be performed for every addressable memory space or every addressable memory word, respectively, which ensures that the mapping of the address to associated address-dependent keys is as obscure as possible for an unauthorized person. Thus, key generation on memory word granularity causes a high degree of performance reduction, which can for example, reduce the customer convenience with chip cards.
One possibility to compensate for the lack of security by omitting the address dependency during encryption of stored memory contents would be to increase the block sizes during encryption, since this increases the number of possible plain texts for a cipher text. However, this involves an increased effort on the part of the encryption and decryption hardware, which makes this option unbearable for a mass commodity like chip cards.