1. Field of the Invention
The present invention relates to computer security and more specifically to data encryption and decryption.
2. Introduction
Cryptography is a method to protect digital content by systematically obscuring data so it appears unintelligible to an adversary. The objective of cryptography is to enable users to communicate securely in an insecure environment, while maintaining data integrity, privacy and user authentication. Over time, many cryptography systems have been developed, some requiring a great deal of resources to break. When an adversary recovers the secret key used to protect digital content, the system has been compromised and is no longer secure.
A cipher is an algorithm to perform encryption or decryption. There are various forms of ciphers, including block and stream ciphers. A block cipher encrypts data in blocks of a predetermined size, for instance 64-bits, 128-bits or 256-bits. A block cipher takes a plaintext block as input, operates on the block and outputs the encrypted block. Block ciphers often apply the same combination of techniques to data, referred to as rounds. For instance, a cipher applying the same combination of techniques to data 16 times operates using 16 rounds. A stream cipher typically encrypts plaintext one bit at a time. Encrypting 64-bits using a stream cipher that encrypts plaintext one bit at a time would require running the algorithm 64 times, as opposed to one iteration of a block-cipher that works on 64-bit blocks. Of course, the way a cipher operates depends on the specific application. Ciphers can be implemented in various ways, specifically white box, black box or side-channel resistant implementations.
White box cryptography is a cryptographic implementation designed to withstand a white box attack model. In the white box attack model, the adversary has access to the cryptographic software implementation and program execution. In the classical black box model, the attacker has access to only the input and output of the black box. The processes inside the black box are protected from the attacker and considered secure except using side-channel attacks requiring physical manipulation. White box solutions are typically slower and more cumbersome than black box solutions, due to their complexity. However, for some applications, the advantages of using white box solutions outweigh the disadvantages. Software-only white box solutions can be installed and updated remotely, whereas hardware black box solutions cannot without costly approaches. In the white box model, storing the private key in memory is insecure since the adversary has access to the entire system. One approach is to integrate the key into the encryption algorithm so that the key is never made explicit. This approach performs encryption in front of an attacker without ever revealing the secret key.
The well-known Data Encryption Standard (DES) is a block cipher used throughout the world for decades, later succeeded by the more secure Triple-DES. Triple-DES has been replaced in many applications by the widely studied and analyzed Advanced Encryption Standard (AES). AES is well suited for both software and hardware implementations, however for some light hardware implementations, the number of logic gates is too large. One such hardware implementation is Radio Frequency Identification (RFID). RFID is an automatic identification method that remotely retrieves data using a device referred to as an RFID tag or transponder. An example of an RFID tag is the device used for electronic toll collection.
Accordingly, what is needed in the art is an improved block or stream cipher implementation in the white box environment that is side-channel resistant for situations where classical cryptographic algorithms are not feasible.