This invention relates to the secure storage of digital data in a memory and more particularly to a circuit and method for data base encryption and decryption using subkeys.
When data is stored in a memory where access exists by parties who do not have a justifiable need for the data, it is necessary to take some steps to insure the security of that information stored in the memory. In the past most data was stored in files, each file being owned by one single user who therefore took responsibility for restricting access to that file perhaps by such simple measures as taking a tape or disk pack with him physically after his job was run. Today there is much emphasis placed upon the data base concept whereby individual users' files are combined into one common data base in order to achieve certain efficiencies by reducing the amount of redundant information kept by different users. The data base concept, while offering certain efficiencies in terms of reduction of redundancy, has also raised a significant problem in terms of the security of various portions of the data base which are the sole property of one user but which are now more susceptible to being accessed by other users than they would have been in the days when each user had his own distinct file. These problems have given rise to an interest in data base encryption and decryption. Since there is a previously existing body of information about encryption and decryption of information which is passed over communication channels, it is natural to look at such techniques and investigate their application to the data base situation. There are basically two different kinds of encryption schemes used over a communication channel namely stream ciphers and block ciphers. Stream ciphers, as the term implies, are used for enciphering a serial bit by bit stream of data without particular concern for the length of that stream of data. Block ciphers on the other hand are used for encyphering data which comes in certain fixed word sizes where a word is a certain number of binary bits grouped together. Stream ciphers are not generally relevant to the data base encryption problem; however, block ciphers most certainly are.
Using a block cipher scheme the entire data record, or individual words or fields of that data record, may be encyphered by means of any of the existing block cipher schemes. Certain weaknesses appear however, especially in the case of a data base which is shared by multiple users. If a simple block cipher scheme is used, a number of cryptanalysis techniques are available which create troublesome problems for the user and opportunities for the unauthorized party who desires either access to the information or who wishes to tamper with the information so as to create difficult to diagnose problems. One cryptanalysis technique involves determining both the plaintext and encrypted version of one particular value of a given field which is encyphered using the block cipher scheme. There are a number of techniques which the cryptanalyst might use to obtain this kind of information and, once it is obtained, it becomes a very powerful tool in the development of solutions to the block cypher. Another weakness of the block cipher scheme is that each different plaintext value for a given field has one and only one encrypted value and therefore if one desires to alter the data base for some particular purpose, for example, to increase one's salary, it is only necessary to determine the encrypted value of the data field desired to be substituted and then perform the substitution. In this manner the database may be tampered with with very limited information about the block cipher scheme and without any detection of the tampering. Since in a block cipher scheme one plaintext value has one and only one encrypted value corresponding to it, it is possible, with certain limited statistical information about the plaintext values and encrypted values to do a statistical analysis of the data base and obtain certain valuable information thereby.
It is apparent then that it would be desirable to encrypt the entire record rather than the individual fields in order to prevent certain of the problems mentioned above, however, if one encrypts the entire record using one encryption scheme it appears then that each one of several users each having a need for only a limited subset of the record would need to have access to the entire decryption scheme in order to get access to his individual record.
It is an object of this invention to design a circuit and method for data base encryption and decryption with subkeys such that each user has an individual write key and an individual read key and the entire data base records are encrypted such that the encrypted record is a function of all fields of the record.
It is a further object of this invention to design a circuit and method for data base encryption and decryption with subkeys such that a random number is included with the plaintext data thereby yielding two different encrypted data records even if the same plaintext data is used for them.
It is a further object of this invention to design a data base encryption and decryption circuit and method with subkeys such that a signature may be included with each data base field thereby allowing the user to verify the fact that each encrypted data field was generated by him rather than being the result of tampering by an unauthorized user.