There exists a need to transfer data confidentially over an open channel or to store such data securely in an unsecure location. Whilst such transfer or storage may be achieved by physical means, it is more effective and/or flexible to use cryptographic means.
In the prior art, to send private communications between two parties, the parties need to share a cryptographic key and use a symmetric-key cipher to encrypt and decrypt data. Various ciphers including block ciphers and stream ciphers have been proposed in the past. A stream cipher handles messages of arbitrary size by ciphering individual elements, such as bits or bytes of data. This avoids the need to accumulate data into a block before ciphering as is necessary in a block cipher. A conventional block cipher requires an accumulation of a certain amount of data or multiple data elements for ciphering to complete. Examples of block ciphers include DES (see ANSI X3.92, “American National Standard for Data Encryption Algorithm (DEA),” American National Standards Institute, 1981), IDEA (see X. Lai, J. Massey, and S. Murphy, “Markov ciphers and differential cryptanalysis,” Advances in Cryptology—EUROCRYPT '91 Proceedings, Springer-Verlag, 1991, pp. 17–38), SAFER (see J. Massey. SAFER K-64: One year later. In B. Preneel, editor, Fast Software Encryption—Proceedings of Second International Workshop, LNCS 1008, pages 212–241, Springer Verlag, 1995), and RC5 (see R. Rivest, “The RC5 encryption algorithm,” Dr. Dobb's Journal, Vol. 20, No. 1, January 1995, pp. 146–148). A typical data encryption speed for these ciphers is several million bits per second (Mb/s) on a Pentium 266 MHz processor.
Due to the pervasiveness of high-speed networking and multimedia communications, the demand for high-speed ciphers is ever increasing. For example, data rates over Asynchronous Data Transfer networks range from several tens of Mb/s to 1 Gb/s. Software implementations of existing block ciphers cannot reach these kinds of data rates.
In general, stream ciphers are much faster than block ciphers. However, stream ciphers are usually not sufficiently analyzed and are perceived to be weaker in security than block ciphers. Many stream ciphers that we believed to be very secure were subsequently broken. The design of secure and efficient high-speed ciphers remains a highly challenging problem.
Many powerful cryptanalytical methods have been developed during the past decade or so. It may be observed that the success of many of these methods in attacking a cipher depends on the availability of a large quantity of ciphertexts/plaintenxts under a particular encryption key. Normally, the likelihood of successfully attacking a cipher, i.e., discovering the key, diminishes as the amount of available ciphertexts/plaintexts decreases. The present invention, is motivated by the above observation, and provides an improved method and apparatus for data encryption and decryption.