This invention relates to cryptography, that is, the use of secret codes to maintain privacy of communications in the presence of an intruder. More particularly, it relates to the management and distribution of the keys to cryptographic codes.
Not very long ago, the use of cryptography was mostly limited to military and diplomatic communications. The privacy of the mails was sufficient for most business purposes. Today, however, most business communication is carried on almost instantaneously by electric means. The mails are considered too slow. Furthermore, with the explosion of computer technology, computers, customers and data bases often located in different parts of the country must interact on a routine basis. As a result, very large amounts of very sensitive data are transmitted back and forth. Since the transmission facilities may be terrestrial microwave radio, satellite or long wires, the opportunities for interception by an interested intruder are great. In addition, the sensitivity of many types of communications to interception by an intruder, or to the introduction of false information, or the erasing of information from a data bank, is often critical. In the instance of electronic funds transfer, for example, such interference by an intruder could be very rewarding for the intruder and disastrous to the system.
In the terminology commonly used in cryptography, encypherment or encryption is a transformation process by which the original text, called plain text or clear text, is replaced by cypher text. The reverse process is known as decryption or decypherment. A cryptographic system usually includes a whole family of transformations, each member of the family being uniquely identified by a particular parameter called a key. Changing the key, therefore, changes the transformation algorithm without changing the system. Thus, in order to decrypt the cypher text and recover the plain text, the recipient must know not only the system but the particular key as well. An intruder is said to have broken the cryptographic code when he has discovered the system and key. Since systems usually involve hardware and are in place over a period of time, they are subject to discovery. The security of the code, therefore, and all the data protected by it, lies in the security of the key.
The advances in digital computing and communications technology which have given rise to the need to protect so much business data, have also spawned many cryptographic systems which rely on intricate algorithms implemented by computer. Recognizing the extent of the need and the cost and availability advantages of standardization, the National Bureau of Standards has adopted a data encryption standard, as described in the Federal Information Processing Standards Publication No. 46, dated Jan. 15, 1977. The Data Encryption Standard (DES) specifies a general algorithm to be implemented in electronic hardware devices and used for cryptographic protection of computer data. Blocks of input data of 64 bits each are transformed under a 56-bit key using 16 rounds of permutations and substitutions to generate 64-bit cypher blocks.
Unfortunately, however, high speed computing technology is also available to sophisticated intruders who have a substantial interest in breaking a cryptographic code. It makes possible, for example, the trial of many different algorithms in a very short time. As a consequence, given knowledge of a system and access to clear text and associated cypher text, a well equipped intruder can, in time, derive the key used. Even with the large family of transformations implemented by the DES, security against sophisticated intruders therefore suggests frequent changing of the key.
The problem that this presents, however, in a communications system where the encrypter and decrypter are not colocated is obvious. All legitimate users must change to the same new key at the same time. Since it may well be desirable to change key at least every day, physical delivery of each new key is far too cumbersome. It is therefore necessary that the material for many keys be available at each location.
In one possible arrangement, many whole keys may be stored in one physical medium, such as a read-only memory. To keep all stations synchronized, the keys are used in the order in which they are stored, and all stations change key upon the same criteria. For example, all might change at 12:01 A.M., each day, or perhaps after each communication session. Such a system would obviously provide a very high degree of security, so long as each key is used only once. With an electronic system, however, an interruption in power, even of momentary duration, can cause the key selection apparatus to lose its place. Any resulting repeated use of a key reduces security, but if the system must return to the first key in order to synchronize all stations, the security is obviously drastically reduced. Such systems, therefore, in general, require back-up power to avoid interruption, an expensive necessity.
In an alternative arrangement, specific key material may be selected at each location from a bank or library of key material in accordance with an electronic signal. This signal, which may be called a key index signal, may specify the key directly or may provide the initial starting point of a predetermined process for choosing the key. The key index signal may even be chosen totally at random, but it must unambiguously define the key. In order to provide all communicating stations with the same key, however, it must be transmitted and therefore is as subject to interception as the encrypted message itself.
The text "Cryptography", A. G. Konheim, John Wiley & Sons, Inc., 1981, in Section 7.4 describes a system for end-to-end encryption using the DES algorithm. Operational keys which perform the message encypherment are encrypted by system keys, so that the key index signal sent to the receiver is an encrypted operational key. With high powered computing capability, a sophisticated intruder that could derive operational key could derive the key for decrypting the key index signal as well, gaining access to future operational keys.
An object of this invention is a more secure transmission system which has no need for backup power.
A second object is a more secure transmission system in which access to both key index and encrypted message does not enable access to future operational keys.
A third object of this invention is a more secure transmission system using the DES algorithm.
Still a fourth object is a more secure transmission system using the DES algorithm in which the key can be continually changed to provide running key.