It is generally accepted that the one-time pad is the only completely secure cryptographic system. Its generation depends on the use of a truly random key which is at least as long as the plain text to be encrypted. The security comes from the fact that an encrypted text could have come from any equally lengthy plain text, encrypted with some unknown key. There is no way that redundancy within the plain text can be used to determine which possible decipherment of the text is correct, because all plain texts are equally possible.
The one-time pad requires a long sequence of random numbers and that sequence must be duplicated and distributed to each user. Random number functions in data processing systems have been used to generate pseudorandom sequences of numbers from an initial seed. While the sequences appear random, they are generated in a deterministic manner that repeats with a definite cycle length. It has been shown that ciphers constructed from these sequences are vulnerable to attack using a probable word method, i.e. see "Problems with Chaotic Cryptosystems", Wheeler, Cryptologia, Vol. XII, No. 3, (1989) pp. 243-250.
The test of a crytographically strong pseudorandom encryption system is to supply the full details of the encryption algorithm and a large sample of the pseudorandom output to an analyst. Without being told the secret key which controls the starting condition and the mixing, the analyst is asked to predict the next bits in the pseudorandom output beyond the end of the furnished sample. While it is impossible to prove that a pseudorandom generator is crytographically strong, the strength of the system can be rated by the number of analyst-years expended in unsuccessful attempts to find a de-encryption method more efficient than brute force substitution of probable keys.
The prior art has employed various shift register schemes in combination with key controlled variables, to produce pseudorandom encrypted outputs. Such ciphers are subject to attack through mathematical matrix inversion techniques. For instance, "Cryptanalysis of the Ciarcia Circuit Cellar Data Encryptor", Pearson, Cryptologia, Vol. 12, No. 1, pp. 1-10 (1988), describes an attack of the above-noted type. It describes a system which employs a 54 bit shift register that acts to combine a plain text bit stream with a stream of "key" bits using an exclusive-OR function. The key stream generator, described by Pearson, combines two linear feed-back shift registers which provide a total of 2.sup.54 possible internal states for the generator. While this generator has excellent pseudorandom properties, Pearson shows it to be readily amenable to a matrix inversion attack, using a 54.times.54 matrix. Such a matrix can be solved on a personal computer.
As matrices increase in size, the computation power required for solution increases as the cube of the matrix size. Thus, in order to defeat matrix-inversion techniques, it is desirable to make the potential matrix as large as possible. This is impractical with shift register chains such as are described by Pearson.
Many current personal computers are particularly adapted to manipulating large quantities of image data. Such computers include circuits which copy data in large blocks from one memory location to another and, in addition, perform logical operations on the data as it is being transferred. Certain of these circuits are referred to as "blitters" (for block image transferer). In systems which use blitters, images in memory are often stored in a linear fashion, with each word of data being located at an address that is one greater than the word on its left. A blitter can efficiently copy blocks of such data, combine it with data from a separate image source during a data move, and place the data in another memory. Considering that a display may contain a large number of pixels (e.g. a 512.times.640 display with a depth of 5 bits per pixel contains 1,683,400 bits), a PC having a graphics circuit such as a blitter is able to handle and process large numbers of graphics bits in an efficient and low cost basis. Such circuits are amenable to use with encryption systems.
Accordingly, it is an object of this invention to provide an improved pseudorandom encryption method and system.
It is another object of this invention to provide an improved pseudorandom encryption method which makes use of the capabilities of graphics data circuits in personal computer size data processing systems.