When a signal containing valuable signal content, particularly a digital signal with video content, is transmitted from an information source through a channel to a receiver, it is frequently necessary to encrypt the signal to prevent unwanted reception by an unintended receiver. To reliably prevent unwanted reception, the plaintext digits of the input signal are frequently encrypted one digit at a time using a key that differently encodes the successive digits before transmission through the channel. A process that uses different encoding for successive digits is called a “stream cipher,” which can be very secure against an undesired receiver. When decryption is performed using the same key, the process is further described as being “symmetric.” Stream ciphers are a frequently preferred encryption process because the amount of digital computation is substantially reduced compared to alternative encryption processes that encode large blocks of input data. Symmetric encryption processes are also preferred due to the resulting simplicity for a user to manage keys.
Encoding with a key invariably results in an encoding period over which the encryption process repeats. However, for a substantially complex keystream generator, such as a 128-bit AES (Advanced Encryption Standard, also called “Rijndael,” a widely used block cipher created by Joan Daemen and Vincent Rijmen) core, the length of encoding period repetition is sufficiently long to render the encryption substantially unbreakable. For even higher levels of security, the key can be changed before the encoding period repeats.
Synchronous stream cipher encryption refers to a process operating on a stream of input words wherein word-by-word encryption is performed independently of the input data stream. A commercial application frequently relying on synchronous stream cipher encryption is projection of digital video images in movie theaters. A typical digital cinema projection system includes a playback server that produces a digital video signal for a coaxial link to a digital video projector, such as a DLP® projector. Strong signal encryption is necessary for the coaxial link, because the video data produced by the server generally contains substantially higher video resolution than commonly available DVD video discs, which produces high value in alternative markets. Video data contained in server memory is already strongly encrypted to prevent reproduction. Unencrypted video data openly transmitted over a coaxial link can easily be diverted to an unintended receiver for easy unencrypted capture.
FIG. 1 illustrates a digital channel typically used in cinemas to couple a video source (not shown) to a projector (not shown). Input video signals 105 and 106 containing luminance and chrominance video data, respectively, usually with 10-bit precision, are encrypted in blocks 108 and 109. The digital encrypted signals from these blocks are multiplexed by multiplexer 110 over coaxial link 112 that transmits binary data to demultiplexer 114. After decryption of the demultiplexed signals in blocks 115 and 116, plaintext luminance and chrominance signals are reproduced on output leads 117 and 118.
A typical coaxial link between a server and a projector used in commercial cinemas is a 1.45 Gb/s HD-SDI (high definition, serial digital interface) link. An HD-SDI link is a 10-bit link with 1024 possible data codes. For 10-bit words representing a video signal, eight codes are restricted by commonly used video specification SMPTE-292 so that synchronization and other control functions can be provided for the video equipment. The eight restricted codes in the SMPTE-292 specification are the first four and last four 10-bit binary codes of the 1024 possible codes in a 10-bit signal, i.e., the codes are 0000, . . . , 0003 and 1020, . . . , 1023 (represented here using decimal notation). For a functional channel, these eight restricted codes cannot be encrypted without disabling operation of the projector. Thus, a modulator/demodulator pair in such systems is not permitted to generate or operate on these restricted codes.
FIG. 2 shows a digital signal encryption process of the prior art often used for video signals. Encryption is accomplished by modulating the plaintext input with a pseudorandom keystream in the server, and decryption is accomplished by demodulating the resulting ciphertext with the same pseudorandom keystream in the projector. Using lookup tables (“LUTs”) and an AES core running in counter mode as the keystream generator, strong, efficient encryption and decryption engines can be realized. Encryption/decryption arrangements that use substantially identical processes for encryption and decryption are called “complementary.”
In FIG. 2, a plaintext data stream, typically comprising 10-bit video words, is supplied as signal 202 from a video source to encryption block 205. Using a key 213 inputted to encryption block 205, keystream generator 210 produces a stream of pseudorandom, 10-bit words on lead 231. Encoding is performed using lookup table 216 that contains possible combinations of 10-bit input words and 10-bit pseudorandom words from the keystream generator 210. The resulting 10-bit ciphertext data stream produced by the lookup table and transmitted on lead 208 is inputted to decryption block 206. In decryption block 206, keystream generator 211, using key 214, produces a stream of pseudorandom 10-bit words on lead 232. Decoding is performed using lookup table 217 that again contains possible combinations of 10-bit input words and 10-bit words from the key-stream generator 211. Plaintext output data is provided on lead 203. This encryption/decryption arrangement can be constructed to be symmetric and complementary.
The arrangement illustrated in FIG. 2 can be used to produce ciphertext excluding the eight restricted words, and is operable with a wide range of encoding maps. It can implement nearly any other coding scheme by appropriately defining the lookup table mapping data. However, a significant disadvantage of this scheme is the large amount of memory that is required for the lookup table, which renders it impractical to implement using, for example, presently produced FPGAs (field-programmable gate arrays). For a 10-bit data input/10-bit encryption system commonly used in cinema applications, a lookup table with roughly a million entries is required.
A second modulator/demodulator arrangement of the prior art that can be used to produce ciphertext excluding the eight restricted words is illustrated in FIG. 3. In FIG. 3, a plaintext 10-bit data stream 302 is inputted to encryption block 305. Encryption is performed by inputting a key 313 to keystream generator 310, which produces a pseudorandom stream of 10-bit words on lead 331. The plaintext input 302 is coupled to adder 321, which subtracts the number 4 from the input data. The output from adder 321 and the output of keystream generator 310 are coupled to adder 322, producing an 11-bit summed output, supplied to block 316. Block 316 performs a modulo-1016 operation on its input, and its output is coupled to adder 323, which adds the number 4 to the input data to produce the 10-bit ciphertext output on lead 308, which is transmitted over a communication channel such as coaxial line. In a modulo operation such as encountered with a summing operation, a summed result that exceeds the modulo index is altered by subtracting the modulo index from the summed result, eliminating thereby the possible need for an additional bit to represent the summed result.
Upon reception at the remote end of the communication channel, the decryption process performed in block 306 uses key 314 supplied to keystream generator 311, which produces a pseudorandom stream of 10-bit words represented by 332. Three adders, 324, 325, and 326, are also used in the decryption process, subtracting and then adding the number 4 to the data stream to produce 10-bit plaintext output 303. Block 317 performs a further modulo-1016 operation.
The process illustrated in FIG. 3 is used in movie theaters to provide video data protection for projection arrangements requiring exclusion of the eight restricted binary codes. This scheme requires no memory for lookup tables, but requires six to eight 10-bit adders (possibly including two for the two modulo functions). This scheme is the most restrictive in terms of selecting an encryption mapping, and is inefficient in terms of the amount of digital processing that must be performed for each input data word, requiring six to eight independent addition operations. The substantial number of arithmetic operations required to support a high-definition video signal, such as 1.45 Gb/s, results in a need for high-performance digital circuit elements, which add die area and expense to an integrated circuit.
The use of modulator/demodulator pairs, particularly pairs based on addition or modulo addition for synchronous stream cipher encryption, with and without restricted words, is well-known in the art. However, limitations of prior art processes in arrangements that exclude encoding of restricted words from the data stream and maintaining a high level of data security are a need for large lookup tables or extensive digital computation for encryption/decryption for each input word. Prior art schemes are also hampered by inflexibility in selection of data mappings. A need thus exists for an apparatus and method to perform highly secure encryption and decryption that is not encumbered by these limitations, particularly for systems communicating high data rate signals.