Field
The present invention relates to a method and apparatus to encrypt plaintext data and decrypt the corresponding ciphertext data.
Relevant Background
The use of memory analyzers represents a large threat to the integrity and confidentiality of distributing content. Even if great care is devoted to protect data contained in code, the contents of memory may be captured by bus sniffing. For example, this can be used to leak raw content, even if it is distributed in an encrypted form, after it has been decrypted in a secure environment for rendering. This may be accomplished by “reading” the electric signals corresponding to the writes to the memory. Other more sophisticated attacks may even replay these signals to trick the processor into reading and processing data chosen by an attacker.
Content providers often have particular requirements for the handling of raw content. At a bare minimum, the content can never be stored in memory in the clear. In most cases, there is at least a requirement that some form of memory scrambling or encryption be applied to all memory recording to prevent physical attacks. As an example, the data written to a specific address is usually a function of the clear data, the address, and a master key. This guarantees that the same data, when written to different addresses, has a different encoding. The use of nonces to randomize the encryption of the plaintext data, when these nonces are stored and retrieved in a secure way, can be used to prevent replay attacks.
Moreover, throughput requirements for secure communication are putting current stream and block ciphers to test, and novel constructions to increase throughput while at the same time controlling power and area requirements are desirable.
Unfortunately, the current techniques are often inefficient, and a stronger level of protection, a higher throughput at the same security level and without significant increases in power and, in the case of hardware implementations, area requirements, may be desired.