This section is intended to introduce the reader to various aspects of art, which may be related to various aspects of the present invention that are described and/or claimed below. This discussion is believed to be helpful in providing the reader with background information to facilitate a better understanding of the various aspects of the present invention. Accordingly, it should be understood that these statements are to be read in this light, and not as admissions of prior art.
There are many conventional encryption modes for encrypting and protecting digital data such as text, audio, and video. Most of these modes divide the data to encrypt into blocks and include a chaining step. Examples of such modes are Cipher Block Chaining (CBC), Cipher FeedBack Mode (CFB), and Output FeedBack Mode (OFB). A common feature of these modes is that the chaining step is based on the previous encrypted data block. A description of these modes may for instance be found in “Applied Cryptography Second Edition”, by Bruce Schneier, 1996, John Wiley & Sons, Inc. USA
For example, CBC, is also described in WO 2007/118829 and illustrated in FIG. 1, uses the previous encrypted data block to encrypt the current data block. FIG. 1 shows how a first data block “Plaintext block 1” is XOR-ed with an initialization vector IV, and how the output is encrypted using the Advanced Encryption Standard (AES) algorithm and a key to produce a first encrypted data block “Cipherblock 1”. It is this first encrypted data block that is XOR-ed with the next data block “Plaintext block 2” during the encryption of this next data block. The process is repeated until the last data block has been encrypted. Decryption is performed the other way, i.e. the first encrypted data block is decrypted using AES and the key, and the output is XOR-ed with the IV to obtain the first data block.
WO 2007/118829 also describes Plaintext Block Chaining (PCB), in which the key used for encryption instead is generated from the previous plaintext block and an encryption key that is identical for all the whole encryption. This prior art document also describes alternating CBC and PCB for encryption of plaintext blocks.
While any change in the CBC plaintext propagates indefinitely, changes in the ciphertext do not. In order to overcome this drawback, the Propagating Cipher Block Chaining Mode (PCBC) was developed. PCBC is illustrated in FIG. 2.
PCBC may be said to be CBC where each plaintext block to be encrypted is first XOR-ed with the previous plaintext block. As can be seen, plaintext block 2 is first XOR-ed with plaintext block 1 and the output is then processed as in CBC, i.e. it is XOR-ed with the previous ciphertext block “ciphertext block 1”, which is encrypted to generate ciphertext block 2 that is used in an XOR operation for the next plaintext block. The first plaintext block is, in essence, XOR-ed with an empty block, as there is no previous plaintext block.
It has however been discovered that swapping blocks does not affect plaintext blocks beyond the swapped blocks, which means that the changes are not propagated infinitely.
To overcome this drawback, a mode called Modified PCBC (MPCBC) has been proposed. MPCBC is illustrated in FIG. 3. The mode modifies PCBC by changing the location of the XOR with the previous plaintext block from before the encryption to after the encryption. As can be seen, a plaintext block “Plaintext Block 2” is XOR-ed with the previous ciphertext block “Ciphertext Block 1” to provide input for the encryption, and the encrypted output is then XOR-ed with the previous plaintext block “Plaintext Block 1” so as to give the ciphertext “Ciphertext Block 2”.
While it would appear that MPCBC works well, the skilled person will appreciate that cryptographic protocols are sensitive, in the sense that a protocol that is believed to be safe may actually comprise an unexpected security breach.
It will therefore be appreciated that there is a need for an encryption mode that provides an alternative to the solutions of the drawbacks of the prior art. This invention provides such an alternative.