1. Field of the Invention
This invention relates generally to a system, device and method of securely encrypting plaintext (a readable message) information, and more particularly, to a system, device and method of encrypting information to prevent unauthorized access to the encrypted information using an internal synchronous mechanism.
2. Description of the Related Art
A process to transform a readable information (plaintext P) to an un-readable format using a password (or key K) is regarded as encryption, and decryption is the reverse process of the encryption. The entire process of encryption and decryption or system is often regarded as “cipher.” When a single key is used for both encryption and decryption, the cipher is called a symmetric-key cipher (or scheme) as illustrated in FIG. 1, numeral 100. Symmetric-key ciphers are generally categorized as being either block ciphers or stream ciphers.
As illustrated in FIG. 2, numeral 200, a general block cipher operates on one block of plaintext characters at a time using a same key on each block. Most of the encryption methods in use today are block ciphers, e.g., Data Encryption Standard (DES), Triple Data Encryption Standard (Tri-DES), CAST, International Data Encryption Algorithm (IDEA), Blowfish/TwoFish, and Advanced Encryption Standard (AES). Symmetric-key ciphers (block or stream) may be classified by block and key lengths. For example, Tri-DES cipher is a 64-Bit block cipher with 168-Bit key-length and may be written as Tri-DES(64:168). Similarly, other ciphers may be expressed as: CAST-128(64:128), RC4(1:var), Blowfish(64:var) and AES(var:var). When a same key is used on each plaintext block Pi, a so-called “Block Effect” occurs, i.e., a same plaintext block will always generate the same ciphertext block Ci. In order to eliminate or reduce the block effect, a number of feedback mechanisms called “Operation Modes” may be used.
For example: the Electronic Code Book (ECB) Mode is illustrated in FIG. 3, numeral 300, wherein each plaintext block P1 302, P2 304, and P3 306 is encrypted to form a ciphertext block C1, C2 and C3, respectively. The Cipher Block Chaining (CBC) Mode is illustrated in FIG. 4, numeral 400, wherein plaintext block P1 402 and ciphertext block C0 408, and similarly, a combination of plaintext block P2 404 and ciphertext block C1 412 and separately a combination of plaintext block P3 406 and ciphertext block C2 414, are operated on by an exclusive disjunction operator XOR 418, undergo encryption in block E 410 and generate ciphertext blocks C1 414, C2 414 and C3 416, respectively.
The Cipher Feedback (CFB) Mode is illustrated in FIG. 5, numeral 500, wherein a ciphertext block C0 512 undergoes encryption in block E 508, is operated on, together with a plaintext block P1 502, by an exclusive disjunction operator XOR 510 to generate a ciphertext block C1 514. Similarly, ciphertext block C1 514 undergoes encryption in block E 508, is operated on, together with a plaintext block P2 504, by an exclusive disjunction operator XOR 510 to generate a ciphertext block C2 516, and ciphertext block C2 516 undergoes encryption in block E 508, is operated on, together with a plaintext block P3 506, by an exclusive disjunction operator XOR 510 to generate a ciphertext block C3 518.
The Output Feedback (OFB) Mode is illustrated in FIG. 6, numeral 600, wherein a ciphertext block C0 612 undergoes encryption in block E 610, an output of same is: (1) operated on, together with a plaintext block P1 602, by an exclusive disjunction operator XOR 608 to generate a ciphertext block C1 614 and (2) input to a next encryption block 610, undergoes encryption in the next block E 610, and an output of same is: (3) operated on, together with a plaintext block P2 604, by a next exclusive disjunction operator XOR 608 to generate a ciphertext block C2 616 and (4) input to a next encryption block 610, undergoes encryption in the next block E 610, and an output of same is: (5) operated on, together with a plaintext block P3 606, by a next exclusive disjunction operator XOR 608 to generate a ciphertext block C3 618, and continues in the same fashion.
In general, when the block-length of a block cipher is reduced to one, the cipher is similar to encrypting a stream of individual characters, and therefore is also classified as a stream cipher. Given a plaintext stream, a typical encryption process for a stream cipher is to generate an arbitrary long string from the key K called “key-stream”. The key-stream is then used to perform a bitwise XOR operation with the plaintext character-by-character producing the ciphertext.
As illustrated in FIG. 7, numeral 700, encryption 702 using stream ciphers operates 710 on a single character of the plaintext 708 at a time using a stream of encryption characters called “Key-Stream” 706 to form ciphertext 712, which, when received, undergoes a decryption process 704 in which the keystream 714 is applied to a reverse encryption process 716 to provide the plaintext 718. In order to create a key-stream, a feedback mechanism is employed so that the key is constantly changing. Some of the stream ciphers presently in use are: RC4 (a stream cipher designed by Rivest for RSA Data Security (now RSA Security), which is a variable key-size stream cipher with byte-oriented operations based on the use of a random permutation); ISAAC (Internet Security, Applications, Authentication and Cryptography), which is useful as a stream cipher, for simulations, and as a general purpose pseudorandom number generator); and SEAL (Software-optimized Encryption Algorithm), which is a fast stream cipher for 32-bit machines designed by Rogaway and Coppersmith.
Stream ciphers are usually divided into two categories designated “Synchronizing” and “Self-Synchronizing.” When the generated key-stream of a stream cipher is independent of the plaintext and ciphertext, it is called a “Synchronizing” stream cipher. The key-stream of a synchronized stream cipher generally depends on the key only. One characteristic of these ciphers is that both the sending and receiving ends must be synchronized. In other words, as long as the same key and the same position of the key-stream are used, the decryption is well-defined and proceeds accordingly. In particular, when the key-stream and the plaintext are XORed in binary level (or bits) to produce the binary ciphertext, the synchronized stream cipher is called a binary additive stream cipher. Binary additive stream ciphers are popular in industry. The structure of the cipher is non-complex. For example, any suitable pseudo-random number generator may be used with an input key to generate a sequence of random bits. Most of the practical and commercial stream ciphers are binary additive stream ciphers.
When the generated key-stream is a function of the key and some parts of previous ciphertext, the stream cipher is called “Self-Synchronizing.” Using part of the ciphertext data for encryption is used to eliminate block effects for a block cipher. For this reason, the Cipher Feedback Mode (CFB) may be modified easily to operate as a stream cipher by employing encryption only in the cipher to produce the same key-stream. The modifications of the Cipher Feedback Mode (CFB) to perform encryption and decryption as a stream cipher are illustrated in FIGS. 8 and 9.
The block cipher is used to generate a same key-stream. For encryption in the CFB mode, as illustrated in FIG. 8, numeral 800, a block bi 806 is sent to the block cipher E 802 to generated a cipher block ei 804. The ei 804 is then split represented as a keystream {ko, . . . , kn} 808. Together with a section of plaintext stream {po, . . . , pn} 810, the XOR operation 812 is carried out and generates a section of the ciphertext stream {co, . . . , cn} 804. This section 814 is grouped into a block and is fed back to the block cipher bi 806 for a next encryption implementation.
For decryption in the CFB mode, as illustrated in FIG. 9, numeral 900, a section of the ciphertext stream 912 is converted into a block for the block cipher encryption. Since the same block 906 is input to the block cipher E 902, the same output ei 904 is obtained. The ei 904 is then represented as a section of the key-stream {ko, . . . , kn} 908. This key-stream 908 is XORed with the ciphertext stream {co, . . . , cn} 912 to produce the plaintext block 910. Again, the same plaintext section {po, . . . , pn} 910 is obtained because the same key-stream is used.
The “Output Feedback Mode (OFB)” of a block cipher is independent of the ciphertext or plaintext and may be used to implement a synchronous stream cipher. As illustrated in FIG. 10, numeral 1000, in OFB mode encryption, a user key may be considered as a block bi 1008 and may be input to the block cipher E 1006. The result is a block ei 1012. Block ei 1012 is converted into a key-stream {ko, . . . , kn} 1002, and the key-stream {ko, . . . , kn} 1002 is XORed 1014 with the plaintext stream {po, . . . , pn} 1004 to produce the ciphertext stream {co, . . . , cn} 1010. To obtain a next section of the key-stream, the block ei 1012 is fed back into the block cipher E 1006 again.
As illustrated in FIG. 11, numeral 1100, for the decryption process, a same block bi 1108 (e.g., the user key) is input to the block cipher E 1106 to produce e1 1104. The same key-stream {ko, . . . , kn} 1102 is generated. An XOR operation 1112 is performed on key-stream {ko, . . . , kn} 1102 and ciphertext stream {co, . . . , cn}, and a same plaintext stream {po, . . . , pn} 1110 is obtained.
However, none of the conventional block and stream ciphers provide a secure encryption scheme.