1. Field of the Invention
The present invention relates to a system for enciphering and deciphering a digital signal conveying n-bit words N.sub.i, wherein i denotes the rank of the word N.sub.i in the signal, into a digital enciphered signal having n-bit words R.sub.i, said system comprising, in an enciphering unit at the transmitting end, logic means for performing a logic function g applied to each word N.sub.i and to a predetermined n-bit word P.sub.i-1 to produce the corresponding enciphered word R.sub.i =g(N.sub.i, P.sub.i-1) and means further comprising a register receiving the enciphered word R.sub.i to produce the words P.sub.i-1 according to a predetermined algorithm based on the enciphered words R.sub.i, and, in a deciphering unit at the receiving end, logic means for performing a logic function h, called contrary to or the complement of the g operation, applied to each enciphered word R.sub.i and to the predetermined word P.sub.i-1 to produce the corresponding deciphered word N.sub.i =h(R.sub.i, P.sub.i-1) and means analogous to these of the enciphering unit for producing words P.sub.i-1.
2. Description of the Prior Art
The enciphering and deciphering terms are used in the present specification for the particular application to a signal conveying alphanumeric signals; however the invention is, generally speaking, related to any encrypting and decrypting, encoding and decoding or scrambling and unscrambling of a digital signal. Reference is made, hereinafter, as an examplary application, to the digital signal which is emitted from a teletext system and conveys, via a broadcasting network transmission medium, such as televized pictures network, pages of writing that will be visualized by conventional television receivers.
In a teletext system, the written pages are made up of alphanumeric characters which carry the information and characters required for the syntax and are generally transmitted in the form of 8-bit bytes. At the transmitting end, the digital signal conveying the characters is applied to multiplexing means which suitably insert it into the conventional video signal, for example into the frame synchronizing and blanking signals. After having been carried via the television link, the composition signal is received in the user's terminal and is demultiplexed to separate the digital signal from the video signal. By using a syntactical monitor, the written pages conveyed by the digital signal are reproduced for visualization by the television set.
The access controlling device embodied in a teletext system is of a conventional nature. The calling subscriber has an access means consisting of a data medium in which all the data characterizing the user and his accessible area are stored. The controlling device acquires this data and compares it, on the one hand, with the identified data which may perhaps be inside the terminal and, on the other hand, with the data characterizing the user's call. If the comparison is positive, the system "gives access" to the information.
In a broadcast teletext system, the information is received virtually everywhere and is thus accessible via straightforward technological means available to the general public. Transmission at frequencies specifically earmarked for this use would only constitute an illusory protection. The same goes for any device which would keep the information in a directly usable form. Moreover, the advent and the fast-growing spread of "house-hold or personal" computer set-ups is placing considerable computation powers at the hands of an increasing number of people. In view of all this, it would seem essential to encipher not only the teletext system order codes, but the whole data message. This solves, incidentally, the problem of the secrecy which may well be necessary for certain institutional uses of the teletext services. Generally speaking, in an enciphered transmission system, we find:
a source of N messages belonging to the overall range of possible messages;
an enciphering unit performing a function f which, for a given message N, generates a corresponding cryptogram (resulting enciphered message) R belonging to the overall range of possible cryptograms, in accordance with the relationship: EQU R=f(N,C)=f.sub.C (N)
where C is a code word known as a used enciphering key;
the transmission medium via which the enciphered messages R pass;
a deciphering unit performing the inverse function f.sub.C.sup.-1 of the function f.sub.C which gives rise to the initial message N, corresponding to the cryptogram R, obtained through the key C as per the relationship: EQU N=f.sub.C.sup.-1 (R); and
"safe" means for distributing the key C.
By looking at this organization, we can see that two fundamental problems have to be solved, namely the choice of a function f and the choice of key C together with its distribution. The present invention deals only with solving the first of these problems.
In the most frequently used enciphering and deciphering systems, the enciphering unit comprises a logic unit having two input buses. One of the input buses receives the n-bit N.sub.i words of the digital signal to be enciphered and the other input bus receives n-bit P.sub.i predetermined words. The logic operation carried out by the logic unit is usually a Modulo-2 addition; in other words, this unit contains a set of parallel exclusive OR gates, each receiving a pair of like-rank bits of two associated words N.sub.i and P.sub.i. The advantages of applying this exclusive OR logic operation lies in the fact that it can be employed in the enciphering unit by applying the corresponding enciphered word R.sub.i and the predetermined word P.sub.i to the inputs of a logic unit contained in the deciphering unit which is analogous to one of the enciphering unit in order to restore the deciphering word N.sub.i.
The means for producing the predetermined words P.sub.i are identical in the enciphering and deciphering units. As a rule, they comprise a random or quasi-random binary generator which are directly representative of the predetermined words P.sub.i (U.S. Pat. No. 4,133,974) or in which the bits are selected and undergo logic operations, for example by means of addressing a random access memory or a read only memory, writing of which is controlled by certain bits of the random binary words (French Patent Application Nos. 2,210,307 and 2,265,221 respectively equivalent to United Kingdom Pat. No. 1,393,920 and U.S. Pat. No. 3,984,668).
The major drawback of an enciphering and deciphering system such as this is that the pseudo-random generators in the enciphering and deciphering units must be synchronized. Indeed, the same predetermined word P.sub.i must be applied in synchronism with the initial word N.sub.i to be enciphered and the corresponding enciphered word R.sub.i at the inputs of the enciphering and deciphering logic units. In other words, the enciphering operation must be started at the same time as the deciphering operation. In order to ensure that both pseudo-random generators begin operation at the same point in their operational cycle, it has heretofore been known to generate a sequence of digital bits known as "prime data". This prime data is utilized to control the starting point of operation of the pseudo-random generator at the enciphering unit. The prime data is then transmitted over the transmission medium to the deciphering unit whereupon detection, of it is utilized to control the starting point of the operation of the pseudo-random generator at the deciphering unit.
When the deciphering is linked to the message syntax, the prime data word can be inserted between the lines of the text message (French Patent Application No. 2,210,307). Should the encrypting not be linked to the message syntax, then the prime data word is transmitted first before the enciphered message. Whatever the case may be, the two pseudo-random generators are started at the same point of operation by prior identification of one and the same message key.
As a correlation to this synchronization drawback, the majority of enciphering units literally transmit this prime data word over the transmission medium, such that an unauthorized person would be able to detect the prime data by tapping into the transmission medium, inasmuch as the prime data is required to be transmitted over the transmission medium prior to the deciphering operation.
U.S. Pat. No. 4,133,974 provides a way of partly overcoming this drawback by enciphering the prime data word itself. According to this Patent, the first synchronization word called "prime data" is transmitted in full over the transmission medium, and the other synchronization words following behind are enciphered.
It will be noticed that other enciphering and deciphering systems based, not on a logic operation performed on the words to be enciphered and the pseudo-random words, but rather on a permutation and/or replacement of the enciphered words, also entail the transmission of a synchronization word from the enciphering unit to the deciphering unit. For instance, German Patent Application No. P 26 39 806.1-31, equivalent to United Kingdom Pat. No. 1,542,350 discloses that each word to be enciphered is first of all replaced by another word obtained by addressing in reading a memory which contains a predetermined table. The word read in this memory then undergoes a straightforward permutation. Consequently, the resulting enciphered word replaces the initial signal word. Once again, the encrypting and decrypting must be synchronized by a synchronization word transmitted before the enciphered message, so that the read addressing by each initial word matches the read addressing by the enciphered word corresponding to the initial word.
All the aforementioned enciphering and deciphering methods entail the transmission of a synchronization word, generally in constant periods depending on the message syntax. In other words, two identical initial messages correspond to one and the same enciphered message, thereby considerably limiting the safeguarding from any unauthorized deciphering of the enciphered message.
To take precautions agains all these drawbacks, the Article by S. JEFFERY and D. K. BRANDSTAD, entitled "Data Encryption" and published in Electro Conference Record, El Segundo, U.S.A., 1977, pages 30/4-1 to 30/6-6, discloses an enciphering and deciphering system similar to the type described in the beginning of the present specification. The means for producing the P.sub.i predetermined words are incorporated into a logic circuit loop between the output of the enciphering, respectively deciphering logic unit and an input into this logic unit. Under these conditions, the P.sub.i words are predetermined by the words to be enciphered, respectively enciphered words, themselves; put another way, this means that, at the start of the system operation, the P.sub.i word producing means synchronize themselves, with no need for transmitting a particular synchronization word. Furthermore, this self-synchronization enables two identical messages awaiting enciphering at different times to make two different enciphered messages correspond, due to the fact that the content of the P.sub.i word generating means register is, from what has gone before, different at these two times. It then follows that deciphering an enciphered message delivered by such a system is virtually impossible since the unauthorized person must know not only the different keys used together with the algorithm employed in the P.sub.i word producing means but also their initial register content.
In the aforementioned Article, the P.sub.i word generating means comprises, between an input register connected to the logic unit output and an output register connected to an input of the logic unit, a plurality of logic circuits which perform simple logic operations, such as permutations and Modulo-2 additions between bytes of the word stored in the input register and the selected key word. These logic operations are repeated a great many times by feedback into the logic circuits as a whole. It then becomes apparent that for a given incoming-message digital data rate, the word handling speed applied in these logic circuits must be high, thus contributing towards an overall system cost which is rather incompatible with the equipment available to the general public.