Encryption is widely used in storage in order to limit the access to confidential information. The common methods of encryption include encrypting the confidential data and storing the encrypted data on the physical medium. This physical medium may include Flash memory devices. It is common that the actual storage method of the physical medium does not depend on whether the data is encrypted or not. Thus, anyone capable of accessing the physical medium will have access to a perfect copy of the encrypted data. However, as this data is encrypted, the attacker will still need to break the code in order to obtain the original data.
FIG. 1 shows a common implementation of a prior art encryption system 100. A key stream generator may apply an encryption algorithm 102, e.g., Advanced Encryption Standard (AES), based on a key 104, e.g., a 128-bit key, which remains constant through the entire transaction or a certain period of time, and which may be set by the user, and based on counter 106, whose value may change based on a clock signal. Counter 106 may be initialized to a different value for every message, for example, depending on an auxiliary key (not shown) which may be available to all sides (including a potential attacker). The output of key stream generator 102 may be pseudo-random key stream (ki) 108. Key stream 108 (ki) may be then XORed with original data 112 (an exclusive OR operation is performed by element 110) to form cipher data (or encrypted data—ei) 114.
A good encryption may be one such that given an output stream and counter values, it would be difficult for a third party, e.g., an attacker, to obtain the key. Nevertheless, attacks may be possible with limited complexity if a long enough output stream is available to an attacker. However, in order to obtain the key from the cipher data, the attacker should have at hand a copy of some of the original data. This may allow the attacker to determine the rest of the original data, after breaking the code. Therefore, one weakness of the encryption scheme described above is that if the attacker knows a sufficient number of bits of the encrypted data, he may reproduce a copy of the original data.