A method is provided for processing a digital information set having a plurality of information bytes. The method comprises receiving the information set, determining a set of initialization parameters, initializing a set of state variables using the set of initialization parameters, and generating a plurality of cryptors, each cryptor being a virtual dynamic array containing a monoalphabetic cipher. The method further comprises modifying the state variables and one or more of the cryptors, setting the index value for each cryptor in the plurality of cryptors; and selecting an ordered cryptor subset to be applied to an information byte. The information byte is processed using the ordered cryptor subset to produce a processed information byte. If the information byte is a plaintext byte, the processed byte is an encrypted byte, and vice versa. The actions of modifying, setting, selecting, and processing are then repeated for each remaining information byte.
|
1. A computer-implemented method performed by one or more data processors, for processing a digital information set having a plurality of digital information bytes, the computer-implemented method comprising:
initializing a set of state variables and storing the set of state variables in a non-transitory storage medium;
generating, using the one or more data processors, a set of cryptors comprising a plurality of cryptors and storing the plurality of cryptors in the non-transitory storage medium, each cryptor being a virtual dynamic array containing a monoalphabetic cipher and having an associated index value representing a rotational position of the cryptor;
pseudo-randomly modifying, using the one or more data processors, one or more values included within one or more of the set consisting of:
the state variables, and
the plurality of cryptors;
pseudo-randomly selecting, based on the state variables and using the one or more data processors, an ordered cryptor subset of the plurality of cryptors to be sequentially applied to a digital information byte;
pseudo-randomly setting the index value for each cryptor in the ordered cryptor subset;
processing, using the one or more data processors, a selected one of the plurality of digital information bytes using the ordered cryptor subset to produce a processed digital information byte, wherein the action of processing a selected one of the plurality of digital information bytes includes:
sequentially applying each cryptor in the ordered cryptor subset to an input byte, the input byte for a first cryptor application being the selected one of the plurality of information bytes and for each subsequent cryptor application, the input byte being a resultant output byte from the preceding cryptor application, the processed information byte being the output byte from a final cryptor application;
repeating the actions of pseudo-randomly modifying, pseudo-randomly selecting, pseudo-randomly setting, and processing for each remaining digital information byte of the digital information set, each performance cycle of the actions of pseudo-randomly modifying, pseudo-randomly selecting, pseudo-randomly setting, and processing constituting a process iteration; and
assembling the processed digital information bytes from all process iterations to form an output digital information set,
wherein the action of pseudo-randomly modifying the plurality of cryptors includes modifying at least one cryptor of the plurality of cryptors independently of each other cryptor of the plurality of cryptors.
17. An automated system for processing a digital information set having a plurality of digital information bytes, the system comprising:
a non-transitory data storage medium;
at least one data processor in communication with the non-transitory data storage medium; and
a hardware interface configured to establish selective communication between the at least one data processor and at least one of the set consisting of a user for direct information input therefrom, external data processors, one or more local or wide area networks, and a telecommunications network,
wherein the non-transitory storage medium has stored therein instructions to cause the at least one data processor to carry out the actions of:
receiving the information set via the hardware interface,
initializing a set of state variables and storing the set of state variables in the non-transitory storage medium,
generating, using the set of state variables, a set of cryptors comprising a plurality of cryptors, and storing the set of cryptors in the non-transitory storage medium, each of the plurality of cryptors being a virtual dynamic array containing a monoalphabetic cipher and having an associated index value representing a rotational position of the cryptor,
pseudo-randomly modifying one or more values included within one or more of the set consisting of: the set of state variables and the plurality of cryptors,
pseudo-randomly selecting, based on the set of state variables, an ordered cryptor subset of the plurality of cryptors to be sequentially applied to a digital information byte of the digital information set,
pseudo-randomly setting the index value for each cryptor in the ordered cryptor subset;
processing a selected one of the plurality of digital information bytes using the ordered cryptor subset to produce a processed digital information byte, wherein the action of processing the selected one of the plurality of digital information bytes includes:
sequentially applying each cryptor in the ordered cryptor subset to an input byte, the input byte for a first cryptor application being the selected one of the plurality of information bytes and for each subsequent cryptor application, the input byte being a resultant output byte from the preceding cryptor application, the processed information byte being the output byte from a final cryptor application, and
repeating the actions of pseudo-randomly modifying, pseudo-randomly selecting, pseudo-randomly setting, and processing for each remaining digital information byte of the digital information set, each performance cycle of the actions of pseudo-randomly modifying, pseudo-randomly selecting, pseudo-randomly setting, and processing constituting a process iteration; and
assembling the processed digital information bytes from all process iterations to form a processed digital information set,
wherein the action of pseudo-randomly modifying the plurality of cryptors includes modifying at least one cryptor of the plurality of cryptors independently of each other cryptor of the plurality of cryptors.
2. A method according to
wherein the information bytes are plaintext bytes or ciphertext bytes produced from plaintext bytes, and
wherein if the information bytes are plaintext bytes, then each processed information byte is a ciphertext byte and if the information bytes are ciphertext bytes, then each processed information byte is a plaintext byte.
3. A method according to
combining the input byte with the index value associated with the cryptor being applied to create an intermediate output byte, and
using the intermediate output byte as an index into the cryptor virtual array to obtain the output byte for the cryptor application.
4. A method according to
adding the input byte and the index value,
applying a Boolean exclusive-or operator to the input byte and the index value, and
subtracting the index value from the input byte.
5. A method according to
using the input byte as an index into the cryptor virtual array to obtain an intermediate output byte, and
combining the intermediate output byte with the index value associated with the cryptor being applied to produce the output byte for the cryptor application.
6. A method according to
generating a plurality of inverse cryptors equal in number to the plurality of cryptors, each inverse cryptor containing a unique monoalphabetic cipher that reverses an encryption effect of a corresponding one of the plurality of cryptors and having the same associated index value as the corresponding one of the plurality of cryptors.
7. A method according to
sequentially applying, in reverse order, the inverse cryptor corresponding with each cryptor in the ordered cryptor subset to an input byte, the input byte for a first inverse cryptor application being the selected one of the plurality of information bytes and for each subsequent inverse cryptor application, the input byte being a resultant output byte from the preceding inverse cryptor application, the processed information byte being the output byte from a final inverse cryptor application.
8. A method according to
using the input byte as an index into the inverse cryptor virtual array to obtain an intermediate output byte, and
combining the intermediate output byte with the index value associated with the inverse cryptor being applied to produce the output byte for the inverse cryptor application.
9. A method according to
adding the index value to the intermediate output byte,
using a Boolean exclusive-or operator to apply the index value to the intermediate output byte, and
subtracting the index value from the intermediate output byte.
10. A method according to
determining a pseudo-random target information byte;
sequentially applying each rotationally positioned cryptor in the ordered cryptor subset to the target information byte to produce a processed target byte; and
combining the processed target byte with the selected one of the plurality of information bytes to produce the processed information byte.
11. A method according to
adding the processed target byte and the selected one of the plurality of information bytes,
applying a Boolean exclusive-or operator to apply the processed target byte to the selected one of the plurality of information bytes, and
subtracting the selected one of the plurality of information bytes from the processed target byte.
12. A method according to
constructing the set of state variables using values derived from a public information string and one or more private information strings.
13. A method according to
changing the number of cryptors in the ordered cryptor subset during one or more of the process iterations.
14. A method according to
rearranging the monoalphabetic contents of one or more of the plurality of cryptors,
replacing one or more of the plurality of cryptors, and
swapping locations of one or more pairs of values within cryptors of the plurality of cryptors.
15. A method according to
pseudo-randomly selecting the cryptors of the ordered cryptor subset from the plurality of cryptors based on one or more of the state variables.
16. A method according to
pseudo-randomly generating a target byte,
sequentially applying each cryptor in the ordered cryptor subset to an input byte, the input byte for a first cryptor application being the target byte and for each subsequent cryptor application, the input byte being a resultant output byte from the preceding cryptor application, the output byte from a final cryptor application being the processed information byte.
18. An automated system according to
generating a plurality of inverse cryptors equal in number to the plurality of cryptors, each inverse cryptor containing a unique monoalphabetic cipher that reverses an encryption effect of a corresponding one of the plurality of cryptors and having the same index value as the corresponding one of the plurality of cryptors.
19. An automated system according to
sequentially applying, in reverse order, the inverse cryptor corresponding with each cryptor in the ordered cryptor subset to an input byte, the input byte for a first inverse cryptor application being the selected one of the plurality of information bytes and for each subsequent inverse cryptor application, the input byte being a resultant output byte from the preceding inverse cryptor application, the processed information byte being the output byte from a final inverse cryptor application.
20. An automated system according to
21. An automated system according to
|
This application is a continuation of U.S. application Ser. No. 13/189,936, filed Jul. 25, 2011 (now U.S. Pat. No. 8,488,779) the complete disclosure of which is incorporated herein by reference in its entirety.
The field of the present invention relates generally to the science of cryptography, and more particularly to symmetric stream cipher systems and methods for encrypting and decrypting digital data. The present invention may generally be used to encrypt and decrypt information to protect data transmitted through communication systems or stored on a device such as a computer disk drive.
Several classes of cryptography algorithms are currently used to encrypt and decrypt data. Two classes of algorithms generally include symmetric key and asymmetric key (public key) algorithms. In asymmetric, or public key, cryptography, the key used to encrypt a message is not the same as the key used to decrypt it. The encryption key is public and widely distributed, and the decryption key is private and known only to the authorized recipient of the message. Public key algorithms, however, are very computationally intensive and the encryption and decryption operations are slow even on small amounts of data. Symmetric key algorithms, on the other hand, can be executed much faster while providing commensurate and even stronger levels of cryptographic security.
There are currently three prevailing published symmetric key algorithms: the Data Encryption Standard (DES), triple DES, and the Advanced Encryption Standard (AES). Each of these symmetric key algorithms divides plaintext and ciphertext into blocks of a specified size for encryption and decryption. This is known as a block cipher and generally involves operations on blocks of digits with a fixed, unvarying transformation. These algorithms are related in that each utilizes the same type of sub-operations to encrypt a block of plaintext into a block of ciphertext, and the same type of inverse sub-operations to decrypt a block of ciphertext into a block of plaintext. Block cipher algorithms have inherent limitations, however, which include slower execution speeds than stream ciphers (discussed below) and require more hardware complexity. Further, messages that do not match the block size (e.g. 128 bits) require the generation of padding text to complete the block. Additionally, block cipher algorithms encrypt identical blocks of plaintext into identical blocks of ciphertext using the same key.
Stream ciphers, on the other hand, encrypt the bits or bytes of a message one at a time, rather than in blocks as in block ciphers, and ideally do not encrypt identical plaintext into identical ciphertext. Further, stream ciphers typically execute at a higher speed than block ciphers and require lower hardware complexity, and can therefore be used in smaller applications, such as on mobile phones.
Certain aspects of the present invention relate to the stream cipher concepts designed and developed for use in rotor machines, electro-mechanical polyalphabetic devices that produced periodic sequences of monoalphabetic ciphers, each of which were used to encrypt a character of plaintext. Rotor machines were the standard cryptographic instruments adopted for military use by the Allied and German forces in the years before and during World War II. However, history records that most adversaries were generally successful at breaking enemy ciphers generated by such machines, mainly due to the methods adopted for regular stepping of one or more codewheels to new rotational positions before each character was encrypted, as well as flaws in the procedures for field operation and operator errors.
Rotor machines of this type were originally invented and patented by Edward H. Hebern. Improved versions were subsequently patented and made famous by Arthur Scherbius (e.g., ENIGMA) and later by Boris C. W. Hagelin (e.g., the eM209 and M211 machines), William Frederick Friedman (e.g., the Converter M-134-C, M-228, and M-325 machines), Laurence Safford and Seiler (the ECM Mark 11 machine, a.k.a. SIGBA) and others, including the TSEC/KL-7 (code named ADONIS) used by the National Security Agency into the 1970s.
The fundamental principle supporting each of these rotor machines is the serial application of a set of rotatable codewheels, each encrypting an input character via a monoalphabetic cipher to an output character that is then used as an input to the next codewheel in the sequence. Each intermediate encryption result in the sequence is affected by the rotational position of the corresponding codewheel. The initial input value is the plaintext byte and the final output value is the ciphertext byte. The state of the machine is then modified by the automatic rotation of one or more of the codewheels to a new position and the next character is then encrypted. Some rotor machines had additional features, such as a plugboard that supported a number of cables with jacks that switched pairs of various input plaintext values in an effort to thwart cryptanalysis attacks.
A codewheel was typically a circular wheel made of bakelite or ceramic material with wiring that mapped each input contact to a different output contact, establishing a single monoalphabetic cipher. Each code wheel could be rotated in these machines to as many positions as there were members in the plaintext alphabet, each different position producing a different ciphertext output character for the same plaintext input character. Consequently, for an alphabet size of 26 (α=26), each codewheel logically represented 26 different monoalphabetic ciphers as determined by its position. Even assuming an alphabet size of only 26, rotor machines supporting four codewheels (φ=4) generated approximately 450,000 (i.e., 264) different monoalphabetic ciphers before repeating an encryption with the same position of all codewheels. Later rotor machines, supporting six such codewheels (φ=6), had a cycle of approximately 309,000,000 (i.e., 266) monoalphabetic ciphers. Increasing either the size of the alphabet (α) or the number of codewheels (φ) expands the periodic cycle dramatically. For instance, the Soviet Union used a rotor machine with 10 codewheels each having a monoalphabetic cipher of 30 Cyrillic characters (α=30; φ=10), yielding approximately 590 trillion different monoalphabetic ciphers (i.e., 3010).
Regardless of the number of codewheels employed, conventional rotor machines were still subject to cryptanalysis attack. Successful cryptanalysis methods and strategies involved deriving statistical information about the structure and content of individual codewheels employed during the encryption sessions as well as the stepping algorithm that systematically drove the rotor machine to the next state. Since multiple codewheels were supplied which could be mounted in various combinations, order, and positions, the cryptanalysis efforts required to break the ciphertext produced by such machines was immense, particularly before the advent of modern computing and networked supercomputers. Even today, many historical messages enciphered by such rotor machines have yet to be deciphered simply because the available message traffic for particular sets of codewheels is too small for cryptanalysis to yield meaningful results.
In general, such prior art rotor machines were constructed with a “reflector” rotor that guided electronic impulses back through the set of rotors such that the ciphertext generated by each character of the alphabet was pair-wise symmetric. That is, in any given state, if encryption of the letter B produced the ciphertext letter X, then encryption of the letter X produced the ciphertext letter B. Thus, a rotor machine initialized in the same state could be used for either encryption of plaintext or decryption of ciphertext. While this strategy greatly simplifies operations by eliminating additional equipment and procedures, it introduces significant cryptanalysis vulnerabilities.
Furthermore, conventional rotor machines had major operational drawbacks in that they required costly and complex procedural efforts to provide operational support. Multiple sets of identical codewheels had to be constructed in secret and protectively distributed to authorized parties, and their introduction into operation had to be carefully coordinated. Many such sets were used for months, even years, due to the effort required to initiate new sets. Detailed operational instructions were necessary, directing painstakingly meticulous steps to ensure that the exact setup and initialization process for each base session was absolutely correct since any deviation resulted in unintelligible ciphertext even to authorized recipients. Usually these setup instructions changed daily, thus adding to the complexity. A typical operational procedure required the following steps to produce each daily base session:
Another significant issue was the manpower required for communications security. Thoroughly trained operators were absolutely essential for successful, secure communications using conventional rotor machines, and military forces had special attachments dedicated to such efforts. Multiple operators were assigned to oversee each session initiation and operation in an effort to avoid incorrect setups. Still, history reveals that during extended periods of operations, errors were unavoidable, many of them contributing to successful cryptanalysis efforts by adversaries. For example, some messages were transmitted that had been accidentally encrypted with the wrong settings, and then immediately retransmitted after being correctly encrypted using slightly different settings—a serious cryptographic mistake. Also, some procedures actually required duplicating portions of encrypted message headers, creating another serious vulnerability.
Early rotor machines utilized a regular odometer-like stepping algorithm for repositioning codewheels, which is a critical design flaw due to the fact that if each letter of the alphabet is processed while a number of codewheels are held fixed in their respective positions, the cryptographic effect produced by the fixed set is identical to that produced by a single monoalphabetic cipher. Thus, sequentially advancing the first codewheel until a full revolution occurs, then stepping the second codewheel, and resuming stepping of the first, is actually equivalent to having only two codewheels in use for a period determined by the size of the alphabet.
Later rotor machines addressed this vulnerability by introducing more complex and irregular stepping methods that made cryptanalysis much more difficult. One such example is the aforementioned TSEC/KL-7 that introduced two additional banks of secondary codewheels whose sole purpose was to produce a variable stepping sequence for the primary codewheels of the rotor machine. The TSEC/KL-7, however, was still subject to the other disadvantages of conventional, physical rotor machines, such as the complex procedures and operational support that were required for such devices. Even with the TSEC/KL-7, the cryptographic protection produced by such conventional rotor machines was basically generated by varying the initial installation, ordering, and positioning of a group of fixed codewheels selected from a relatively small, distributed set, and devising irregular methods of rotating the codewheels as encryption proceeded.
Many of these prior art rotor machines have now been implemented as software computer applications that exactly mimic their performance. However, such applications are merely simulations of prior art rotor machines. No instance of an improved virtual rotor machine has been publicly disclosed.
An aspect of the present invention provides a method for processing a digital information set having a plurality of information bytes. The method comprises receiving the information set, determining a set of initialization parameters, initializing a set of state variables using the set of initialization parameters, and generating a plurality of cryptors, each cryptor being a virtual dynamic array containing a monoalphabetic cipher and having an associated index value representing a rotational position of the cryptor. The method further comprises modifying the state variables and one or more of the plurality of cryptors, setting the index value for each cryptor in the plurality of cryptors; and selecting an ordered cryptor subset to be applied to an information byte. The selected one of the plurality of information bytes is processed using the ordered cryptor subset to produce a processed information byte. The actions of modifying, setting, selecting, and processing are repeated for each remaining information byte of the information set, each performance cycle of the actions of modifying, setting, selecting, and processing constituting a process iteration. The method also comprises assembling the processed information bytes from all process iterations to form an output information set.
Other aspects and advantages of the invention will become apparent from the following descriptions which, taken in conjunction with the accompanying drawings, illustrate the principles of the invention by way of example.
The present invention introduces innovative strategies and concepts that revolutionize encryption technology based on the concepts of traditional rotor machines. Such machines, and their computer-simulated counterparts, use various stepping algorithms to rotationally reposition a small set of static codewheels mounted in a fixed relative order to produce periodic sequences of monoalphabetic ciphers used to encrypt plaintext bytes. In stark contrast, the stream cipher of the present invention effectively constitutes a virtual polymorphic chamber that pseudo-randomly generates essentially aperiodic sequences of virtual dynamic rotor machines, each used to encrypt only a single plaintext byte. This polymorphic chamber is comprised of a large plurality of dynamic codewheels (referred to herein as “cryptors”) whose monoalphabetic cipher contents are constantly subject to unpredictable alterations prior to each process iteration. Then, for each process iteration, a subset of the current large plurality of cryptors is pseudo-randomly selected, ordered, and rotationally positioned within a virtual “cryptor machine” to encrypt the next plaintext byte. The once-used cryptor machine is then logically discarded before the next process iteration. Using such polymorphic cryptors instead of fixed configuration codewheels, the stream cipher of the present invention eliminates all static aspects of conventional rotor machines, constituting a major sea-change to this technology.
It will be understood that the embodiments of the invention are described using various terms (e.g., rotor or codewheel) relating to cryptographic rotor machines. As used herein, such terms may refer not only to the components of mechanical rotor machines but also to analogous components of virtual rotor machines operating on or through the use of a computer or other data processor. In that regard, embodiments of the stream cipher methods disclosed herein may be executed on a machine which may be a programmable or pre-programmed digital computer or an application-specific dedicated device.
Operating, for example, on a computing device or implemented within one or more dedicated processors, the methods disclosed herein are extremely efficient and are capable of providing data encryption at speeds sufficient to support the demands of modern network communications. The process is also scalable, allowing multiple independent instances of the invention, driven by separate processors, to be created and coordinated, linearly increasing throughput with each additional instance. Such an approach further increases the overwhelming cryptanalysis challenge presented by only a single instance of the invention.
The exemplary methods of the invention illustrated herein repeatedly generate virtual cryptor machine instances, each assembled using a subset of different cryptors selected from a large plurality of cryptors. The varying configurations of these virtual cryptor machine instances are determined by the exemplary methods using a set of variables that are referred to herein as the machine's internal state variables and are referenced throughout the illustrative functions that specify the initialization, encryption, and decryption processes.
Aspects of the present invention pseudo-randomly allow for, inter alia, the simulated intermittent rotation (i.e. changing of an associated index or offset value) of all cryptors, continual variation of the selected subset of different cryptors as well as the order in which they are applied, and the progressive, pseudo-random modification and regeneration of the monoalphabetic content of all cryptors. Furthermore, as part of the initialization of every encryption session, the large plurality of initially installed cryptors are pseudo-randomly generated rather than merely pseudo-randomly selected and ordered from a pre-existing distributed set. Every installed cryptor may be generated using one or more shared-secret parameters to correctly interpret extremely detailed instructions contained within a string of byte values, referred to herein as a “sessionstring.” Such sessionstrings may be publicly exchanged by cooperating parties prior to the initialization of each encryption session. The exemplary embodiment of the invention illustrates methods that ensure that even a single bit variation in such a sessionstring, or anywhere within the set of shared-secret parameters, results in wholesale changes to each and every cryptor generated during initialization.
The present invention is extremely efficient and allows for high-speed encryption of digital data sufficient to support modern networks. During such high-speed encryption sessions, the monoalphabetic cipher within each cryptor may have a life expectancy of only a few milliseconds. In an illustrative embodiment of the invention, every cryptor is wholly and unpredictably altered within every full cycle of 65,536 encryption iterations by pseudo-random pair-wise exchanges that alter the location of every value in the monoalphabetic cipher. Further, after 65,536 cycles, every cryptor has been completely replaced with the factored product of two pseudo-randomly selected cryptors.
As noted above, the stream cipher of the present invention generates essentially aperiodic sequence of virtual cryptor machines, each such machine being used to encrypt only a single plaintext byte. Each generated virtual cryptor machine is pseudo-randomly constructed by selecting, ordering, and rotationally positioning each member of a relatively small subset chosen from a larger set of dynamic, polymorphic codewheels (“cryptors”). Unlike the prior-art codewheels that contained fixed monoalphabetic ciphers, the polymorphic cryptors of the disclosed invention are totally dynamic. Every cryptor of the stream cipher of the invention may be unpredictably and repeatedly subjected to wholesale modifications (“morphings”) that alter the location of values within its monoalphabetic cipher. Each such morphing dramatically alters not only the individual cryptor, but also directly impacts the set of potential virtual cryptor machines that may subsequently be constructed to encrypt plaintext bytes, as well as significantly altering the effects produced by subsequent morphings.
The invention also allows expansion of the plaintext alphabet to include, for example, all 256 values {0 . . . 255} that may be represented in a digital data byte having eight binary bits. As will become evident, the entropy introduced by expanding the alphabet to include values not used by most plaintext introduces no significant cryptanalysis vulnerabilities. An enlarged alphabet not only allows for encryption of all digital data, it also produces a non-linear increase in the total number of unique monoalphabetic ciphers (256 factorial for a 256 value alphabet), any of which may be contained within a cryptor. Further, an enlarged alphabet exponentially increases the number of alternative rotational positions of the subset of cryptors selected for each virtual cryptor machine instance.
Another significant innovation of the invention is that each cryptor may be pseudo-randomly regenerated and/or unpredictably altered by one or more pair-wise exchanges of the monoalphabetic cipher contents of the cryptor. This innovation is referred to herein as cryptor morphing. The new cryptor produced by each such morphing can be used to significantly alter the set of possible results of all subsequent morphings. While morphing can be accomplished by any of a wide variety of techniques, two particularly effective strategies are described below.
Another innovation of the invention is the introduction of a variable stepping process that exploits the dynamic nature of the large set of cryptors, using their combined, continually changing monoalphabetic cipher contents as a source for unpredictable sequences of values. These sequences are produced by stepping index values through different periodic cycles, each referencing every byte value within the large plurality of continually changing cryptors. The invention uses the pseudo-random values produced by these cycles of sequences to direct various tasks performed for each encryption iteration.
Yet another noteworthy innovation of the present invention is the introduction in some embodiments of a separate decryption process that perfectly reverses the effects of the encryption process using a set of inverse cryptors, entirely eliminating the use of a “reflector” and the associated vulnerabilities. The fact that the stream cipher of the invention might encrypt the plaintext letter B into the ciphertext letter X imposes absolutely no requirement that the ciphertext letter B be produced by encrypting the plaintext letter X in the same state. The invention constantly maintains a unique set of inverse cryptors that exactly correspond to the current set of cryptors, each inverse cryptor containing the unique monoalphabetic cipher that exactly reverses the effects of encryption by the corresponding cryptor for each character of the plaintext alphabet.
In an alternative embodiment, the method of the invention may be configured so that a separate decryption process is not required. In this embodiment, a target byte is pseudo-randomly selected and encrypted using the selected subset of cryptors. The encrypted target byte is then applied to a plaintext byte of the message to be encrypted using a Boolean exclusive-or operator (or other appropriate mathematical operation) to produce a ciphertext byte. A new target byte is then pseudo-randomly selected, encrypted and applied to the next message byte, until the entire message has been encrypted. A message encrypted using this approach may be decrypted by passing the encrypted message through the same encryption process using the same initialization parameters. The only difference is that this time, the input message is a ciphertext message, which when processed according to the same method as the original plaintext message will result in the exact reproduction of the plaintext message.
Aspects of the present invention will now be discussed in more detail.
An illustrative aspect of the stream cipher of the disclosed invention provides a computer-implemented method for encrypting and decrypting plaintext information sets having a plurality of information bytes. The encryption method of the invention is carried out by first initializing the internal state variables of the encryption device. This may be done, for example, using a public information string and a private information string, as is discussed in more detail below. The encryption method then pseudo-randomly performs the tasks of modifying the set of internal state variables and, based on the new set of state variables, selecting an ordered subset of, for example, 5 different cryptors from a large plurality of cryptors, assigning each selected cryptor in the subset a rotational position, and then constructing a virtual cryptor machine by installing the selected cryptors in the order of selection and adjusting each cryptor in the rotor machine to its assigned rotational position. The encryption method further comprises sequentially applying each of the cryptors in the virtual rotor machine in order, using their pre-adjusted positions to encrypt the plaintext information byte. The processed result from the application of each cryptor is used as the input byte for the next cryptor in the sequence. The processed result from application of the final cryptor is the final encrypted information byte. Each complete performance of the pseudo-random tasks of modifying, selecting, assigning, constructing, installing adjusting, and sequentially applying, constitutes an encryption iteration, which is performed for each plaintext information byte of the information set. The encryption method further comprises assembling the encrypted information bytes from all encryption iterations to form the ciphertext output information set.
In some embodiments, a decryption method of the invention may be carried out by initializing the internal state variables of the invention using the same public information string and private information string that was used to initialize the corresponding encryption session, generating an additional large plurality of inverse cryptors, each of which contains the unique inverse monoalphabetic cipher of the corresponding cryptor in the large plurality of cryptors. The decryption method then pseudo-randomly performs the tasks of modifying the set of internal state variables and, based on the new set of state variables, selecting the subset of 5 inverse cryptors from the large plurality of inverse cryptors that correspond with the subset of cryptors selected from the large plurality of cryptors during the encryption process, assigning each inverse cryptor in the subset the same rotational position used to pre-adjust each cryptor during encryption, and constructing a virtual inverse cryptor machine by installing each of the selected inverse cryptors in the reverse order of selection with no rotational adjustment. The decryption method further comprises the tasks of sequentially applying each inverse cryptor in the virtual inverse cryptor machine, post-adjusting the intermediate result from each inverse cryptor with its assigned rotational position, the resulting value being used as the input byte to the next inverse cryptor in the sequence, the post adjusted results of the final inverse cryptor yielding the unencrypted plaintext information byte. Each complete performance of the tasks of pseudo-randomly modifying, selecting, assigning, constructing, installing, sequentially applying a post-adjusting, constitutes a decryption iteration, which is performed for each ciphertext information byte of the information set. The decryption method further comprises assembling the decrypted information bytes from all decryption iterations to form the plaintext output information set.
In the exemplary embodiment, the polymorphic chamber of the stream cipher of the invention contains a transitory set of 256 cryptors from which a subset of 5 different cryptors are pseudo-randomly selected, ordered, and rotationally positioned to construct a virtual cryptor machine instance for each encryption iteration. Thus, each virtual cryptor machine instance may contain any one of the possible 1,057,145,886,720 (the product: 256×255×254×253×252) unique, ordered subsets of 5 different cryptors. Further, a different rotational position may be independently assigned to each of the 5 cryptors in the virtual cryptor machine, allowing exactly 1,057,145,886,720 different positional possibilities for every virtual cryptor machine instance so constructed, each different set of positions producing a different monoalphabetic cipher with which to encrypt the single plaintext byte. These two values are therefore multiplicative, resulting in the exemplary embodiment of the invention choosing from among more than 1024 different possible monoalphabetic ciphers to encrypt each plaintext character. Further, this huge set of possible alternatives is wholly transitory across process iterations since the polymorphic chamber is in a constant state of flux.
If desired, it is a simple exercise to anyone skilled in the art to increase the size of the subset selected to build such virtual cryptor machines. For example, selecting a subset of six cryptors increases the 1024 number of possible alternative monoalphabetic ciphers by a multiplicative factor of 63,001 (251×251) with only a small percentage increase in processing costs. Similarly, an increase to eight cryptors in each virtual cryptor machine instance would result in exponentially increasing the number of possible monoalphabetic ciphers to considerably more than 1038 alternatives, with only a corresponding linear percentage increase in processing costs.
Any or all of the internal state variables of the exemplary embodiment of the stream cipher of the invention may be modified prior to the encryption of each byte of plaintext. Ultimately, the entire set of values within the polymorphic chamber of the stream cipher is modified for every full cycle of 65,536 encryption iterations.
The state modifications performed prior to the encryption of each plaintext byte dramatically alter the monoalphabetic cipher of a different cryptor using the first of two exemplary innovative morphing strategies once every 256 iterations. After every full cycle of 65,536 iterations, all cryptors have been similarly modified ensuring that the location of every value in every cryptor has been changed. Additionally, after every 65,536 iterations, two cryptors may be pseudo-randomly regenerated by the second exemplary innovative morphing strategy, ultimately regenerating all cryptors within every 8,388,608 iterations. These changes dramatically affect the sequences of pseudo-random values that direct the processes of the invention, the rotational positions of the cryptors used to encrypt each plaintext byte, and the more than one trillion alternative cryptor machines that are candidates for construction during subsequent encryption iterations.
The stream cipher system of the present invention greatly enhances security over that of typical block cipher systems which always encrypt identical plaintext blocks into identical ciphertext blocks using the same key, creating cryptographic vulnerabilities. Additionally, the stream cipher system of the present invention is computationally fast relative to systems based on public key algorithms. Finally, in the exemplary embodiment, the inverse decryption logic uses a step-by-step process that mirrors the encryption process using a set of inverse cryptors to reverse the effects of encryption. The decryption process involves the initial generation of the set of inverse cryptors and reconstruction of the corresponding inverse cryptor whenever a cryptor is modified or replace.
For purposes of illustration,
In general, symmetric stream cipher systems may use one or more shared-secret keys in combination with an additional, generated initial value to establish protected communication sessions using a relatively simple strategy or protocol. For example, a shared-secret key, known only by the communicating entities, is used by each entity only to create encryption sessions to protect communications with the other. The communicating entities typically recognize each other using previously agreed upon unique identities. Either entity wishing to establish protected communications with another entity first pseudo-randomly generates an initial value. This first entity then inputs the initial value and the shared-secret key into a stream cipher initialization function to create an initial machine state that will be used by the first entity to encrypt plaintext to produce ciphertext. The first entity then transmits his unique identifier and the initial value, unencrypted, over a communication channel to the second entity.
Upon receipt of this communication, the second entity, recognizing the identifier, inputs the shared-secret key associated with the first entity and the received initial value into the initialization function of the same stream cipher initialization function to create an identical initial machine state, allowing the second entity to decrypt ciphertext subsequently received from the first entity into plaintext. The second entity then repeats the process by pseudo-randomly generating a separate initial value used with the shared-secret key to create a different stream cipher session that will subsequently be used to encrypt messages sent to the first entity. The second entity then transmits the unencrypted initial value to the first entity, which is then able to create the exact same session for decrypting ciphertext subsequently received from the second entity. Once the two separate sessions have been successfully created by both entities, protected communications may be used to exchange encrypted challenges and responses that assure each entity that the other has successfully established the correct decryption session, a secure dual-authentication protocol.
More sophisticated strategies would use such initial stream cipher sessions only to protect the exchange of additionally generated temporary information values that are then used to create two secondary sessions using entirely different input parameters to the stream cipher initialization function. The initial sessions are then closed and the secondary sessions are used to protect all subsequent communications. The purpose of such strategies is to ensure that any session created using a shared-secret key with a publicly exchanged initial value is never used to encrypt plaintext whose content is subject to frequency analysis.
The number of cryptors, M, is essentially unrestricted. In an illustrative configuration that will be used in the examples presented herein, M=256, meaning the system uses a set of 256 cryptors. For computation purposes, the cryptors may be contained in a cryptor table having M members. At S130, the machine state may be selectively modified, potentially changing the rotational positions of some or all of the M cryptors and/or the monoalphabetic cipher contents of one or more of the M cryptors. As used herein, the term “rotational position” is used to refer to the computational analog (such as an associated index or offset value) of the rotational orientation of a mechanical codewheel, which determines the output character produced for any given input character. At S140 a subset of cryptors having N members is selected from the overall set of M cryptors to build an instance of a virtual cryptor machine. As will be discussed, virtually any methodology may be used to select the members of this cryptor subset, as would be understood by one of ordinary skill in the art.
At S150 the N cryptors are installed in the virtual cryptor machine in the order selected and each is set to its assigned rotational position. The assigned rotational position may be the rotational position previously assigned to the cryptor or a newly determined position. At S160, all N cryptors in the virtual cryptor machine are sequentially applied in the order installed to encrypt the plaintext byte. At S170, the encrypted data byte is stored as the next ciphertext byte. At S180, a determination is made as to whether all of the message bytes have been processed. If additional message bytes remain to be processed, the method returns to S130, a new machine state is established and actions S140-S180 are repeated. If, at S180, it is determined that all plaintext bytes of the received message have been encrypted, the ciphertext message is output at S190 and the method ends at S199.
The number of cryptors selected, N, may vary in different embodiments. In the examples used herein, N=5, meaning that 5 cryptors are sequentially applied to encrypt the data byte by each virtual cryptor machine instance. The manner in which cryptors are selected may also vary. A particular pseudo-random method used in certain embodiments of the invention is discussed in more detail below.
Specific aspects of exemplary methods of the invention will now be discussed in more detail. To aid those of ordinary skill in the art to understand the present disclosure and the exemplary embodiments, the details of the methods will be described in the context of software implemented functions. The functions illustrated within the figures herein have been designed with a fundamental concern for simplicity and clarity. The actual design of an apparatus incorporating the stream cipher methods should employ extremely efficient implementation strategies, including such measures as conditional jump tables, inline-coding versus inefficient function calls, and machine level logic that exploits the use of 8-bit registers and shift-registers that automatically produce results in the range {0 . . . 255}, among many others.
Terminology used in the descriptions follows the conventions used in the PASCAL programming language. It should be noted that neither the illustrated functions nor any particular values used in the illustrations are to be interpreted as constraints upon the disclosed methods or devices for carrying out the purposes of the present invention.
To eliminate ambiguity, certain terms used herein are explicitly defined as follows:
For simplicity and consistency, basic constructs of the programming language PASCAL are used to illustrate embodiments of the invention disclosed herein. However, other programming languages and techniques may be used to produce exactly the same functionality, producing the same encryption or decryption results with similar efficiency. The following six symbols are used within these illustrations:
The PASCAL statements and operators discussed above are used within function definitions, each of which describes whether or not the function is provided to EXTERNAL processes as well as providing the function name, any parameter(s) and parameter type(s), an optional L
As an example,
Calculate(N,80,10,50)
This particular instance of the function call would result in the value of the variable N being set to 40. Note that constants used as parameters in function calls are passed as values (call by value), while variables are passed as address references, allowing functions to modify the variables (call by name).
EXTERNAL functions are available to EXTERNAL user processes as well as the INTERNAL processes. The function descriptions do not contain parameter checks that should be implemented to ensure that only well constructed parameters are submitted to the EXTERNAL functions, and that the stream cipher has been properly initialized before requests are accepted to encrypt or decrypt data. All INTERNAL functions defined herein assume that all parameters fall within expected limits and may be either constants (byte or integer) or variables of the expected type.
Internal State Variables
The methods of the invention involve the construction of a virtual stream cipher machine consisting of a set of variables that are referred to herein as the machine's internal state variables and are referenced throughout the illustrative functions that specify the initialization, encryption, and decryption processes. The internal state variables are italicized when referenced herein.
CryptorTable
Array of 256 cryptors
InverseTable
Array of 256 cryptors
Inc
Byte
IndexLo
Byte
IndexHi
Byte
X
Byte
Y
Byte
Z
Byte
During repeated sequences of encryption/decryption iterations, an exemplary embodiment of the stream cipher of the invention continually and unpredictably modifies the monoalphabetic cipher contents of all cryptors selectively using either of two innovative morphing strategies. The dynamic qualities of the cryptors within the CryptorTable therefore provide ideal sources of constantly varying sequences of values that may be produced by sequentially stepping index values through different cycles, each cycle producing index references to each of the 65,536 bytes contained within all 256 cryptors in the CryptorTable. This illustrates only one of many alternative concepts developed and tested to exploit such sequences. The exemplary embodiment of the invention introduces two internal state byte variables, IndexLo and IndexHi, which are variably stepped and used in combination to reference each unique index location within the CryptorTable for each full cycle of 65,536 iterations. These stepping sequences are driven by the variable, Inc, which is stepped through all odd values [1, 3 . . . , 253, 255]. This strategy generates 128 different cycles, each full cycle producing a different sequence of the possible 65,536 unique index references. Every value in the CryptorTable changes location during each cycle, dramatically impacting the resulting sequences of values that would be produced if the cycle were repeated, which only occurs after a total of 8,388,608 steppings.
For each encryption iteration, IndexLo is variably stepped by adding Inc, assuring that each value {0 . . . 255} occurs in IndexLo exactly once for every 256 steppings. After each full cycle of IndexLo, IndexHi is stepped by subtracting Inc, assuring that each value {0 . . . 255} also occurs in IndexHi exactly once for every 256 steppings. After each full cycle of IndexHi, the value of Inc is stepped by two until reaching the value 255, whereupon Inc is reset to 1.
Process Description
The detailed technical description of the exemplary embodiment of the stream cipher of the invention is presented in four separate sections:
The four exemplary INTERNAL functions, illustrated in
The present disclosure introduces only two of many alternative morphing strategies that have been designed, implemented and evaluated by the inventor, some of which progressively but unpredictably swap only single pairs of bytes within selected cryptors, and others that use a variable number of selected cryptors to entirely regenerate the monoalphabetic cipher contents of new cryptors. Obviously, replacing even a single cryptor in the CryptorTable using either of these methods considerably alters the potential results of all subsequent encrypting and morphing processes.
The first exemplary morphing strategy, illustrated by the SwapAll function (
Similarly, a second exemplary morphing strategy, illustrated by the BuildCryptor function (
The exemplary BuildInverse function (
The exemplary ShiftStates function (
The actions of the ShiftStates function may also pseudo-randomly affect the rotational position of all cryptors, logically assigning a new position to each cryptor in the CryptorTable (and its corresponding inverse cryptor) for each process iteration.
For simplicity, the exemplary ShiftStates function performs the same tasks for sessions created for both encryption and decryption, although the inverse cryptors do not affect encryption results. Therefore, it is possible to construct a separate, more efficient ShiftStates function for encryption-only sessions since the inverse cryptors need not be maintained.
Encryption Process
The Encryption Process performs the task of generating ciphertext byte(s) by encrypting plaintext byte(s) submitted by a calling process to the Encrypt function (
The exemplary logic ensures that whenever a cryptor is used as the Guide, exactly once for each stepping of IndexHi, the set of 5 initial candidate cryptors will be different from any set produced during the previous 255 occasions that the same cryptor was used as the Guide. Further, every cryptor is completely changed at least once for each full cycle of IndexHi. After 256 occasions in which a cryptor has been used as the Guide, that cryptor will have been utterly modified by at least one of the two exemplary morphing strategies. The pseudorandomly selected Mask cryptor further affects the selection of the 5 different cryptors actually used within each virtual cryptor machine instance.
Decryption Process
The Decryption Process performs the task of generating plaintext byte(s) by decrypting ciphertext byte(s) using a Decrypt function (
Initialization Process
Initialization Parameters
The Initialization Process creates a session for encrypting plaintext into ciphertext or decrypting ciphertext into plaintext. Decryption may be successfully performed by recreating the same session previously used to call upon the Encrypt function to encrypt the plaintext, and then calling upon the Decrypt function that reverses the encryption process using inverse cryptors to decrypt the ciphertext and exactly reproduce the plaintext. The Initialization Process is comprised of two phases which use a set of user-supplied parameters to generate an unpredictable set of cryptors in the CryptorTable.
Initialization parameters may be used by the invention to pseudo-randomly generate the initial values of all internal state variables, including an unpredictable initial set of cryptors. The following values for the initialization parameters are exemplary only, and may be larger or smaller than the values indicated below. The initialization parameters are italicized when referenced herein.
The internal state variables are initialized using a publicly exchanged SessionString in combination with one or more shared-secret parameters, such as PrivateKey and BaseKeys. The initialization parameter SessionString is logically a string of ciphertext bytes comprising detailed initialization instructions that must be properly decrypted using the shared-secret parameters to correctly interpret the directions to modify the internal state variables. The strategy presented by the initialization function, ApplySessionString (
The size of SessionString within this exemplary embodiment is set to be 64 byte to illustrate the concept of concatenating document specific parameters, such as current date/time values, bank routing and account numbers, unique document numbers such as check numbers and amounts, a set of pseudo-randomly generated bytes, and possibly hash values generated by various message authentication strategies. This approach allows the creator of any encryption session to generate a unique SessionString that would generate an entirely different session created for similar or even identical documents—an important consideration that avoids introducing cryptanalysis vulnerabilities. Alternative SessionString sizes are practicable, but a minimum of 32 bytes is recommended.
Other initialization parameters may be used that allow a group of people to exchange information securely. For example, GroupKey, a shared-secret CipherKey256, may be used in an alternative embodiment of the invention. GroupKey may be known only by a subset of the group of entities sharing BaseKeys and used to logically reorder the entries within BaseKeys.
Exemplary Initialization
The internal state variables may be initialized using a publicly exchanged SessionString of 64 bytes in combination with a PrivateKey, known only by the sender and receiver, having the minimum recommended size of 32 bytes (64, 128, or 256, are feasible alternatives). The BaseKeys parameter may be a set of 256 monoalphabetic ciphers for the alphabet of 256 unique byte values {0 . . . 255}, and may be made public, or optionally treated as a second shared-secret known to only a group of entities. Other sizes and combinations of SessionString, PrivateKey, and sets of BaseKeys have been implemented and tested by the inventor, so the present invention is not limited to the exemplary parameter sizes.
An exemplary embodiment of the invention generates an initial set of 256 polymorphic cryptors whose continually varying values are repeatedly used to construct transitory instances of virtual cryptor machines employing five different cryptors, each virtual cryptor machine being used to encrypt only a single byte of plaintext, as explained below.
Initialization Process Functions
The tasks performed during the initialization process are directed by the NewSession function (
The NewSession function then calls upon the ModifySession function (
Exemplary Initialization Protocols
In an exemplary communication protocol using the stream cipher methods of the present invention, a message sender initializes a stream cipher session using a specific set of the initialization parameters, constructing a virtual stream cipher machine that may be used to encrypt practicably unlimited amounts of digital data that may be sent as a series of ciphertext messages to a distant receiver. The authorized receiver of the ciphertext messages, privy to all parameters used to initialize the sender's session, is able to initialize the same stream cipher session which may be used to decrypt the received ciphertext messages into plaintext.
More advanced protocols may adopt the practice of creating two separate stream cipher sessions to support communications. A primary session is created by each party as described above using a shared-secret PrivateKey and a publicly exchanged SessionString. A secondary encryption session is then also created by each party using pseudo-randomly generated PrivateKey and SessionString parameters. These parameters, encrypted using the primary session, may be securely exchanged by two cooperating parties over any public communications network, allowing both parties to create two identical secondary sessions. Each party uses their own secondary session to encrypt plaintext data into ciphertext before transmitting it to the second party. This approach ensures that no stream cipher session created using the shared-secret PrivateKey in combination with a publicly exchanged SessionString is ever used to encrypt any plaintext data subject to frequency analysis based cryptanalysis attacks. The pseudo-randomly generated parameters used to create the secondary sessions are totally transitory, never to be used again.
Similarly, such secondary stream cipher sessions could be used by anyone with a PrivateKey to encrypt and decrypt data written to disk. Each encrypted file could contain a header record that provides the encrypted PrivateKey and SessionString used to create the secondary session, as well as the unencrypted SessionString used with the PrivateKey to initialize the primary session that was used to encrypt the secondary PrivateKey and SessionString.
Processing System Description
The encryption/decryption processes of the invention allow one or more parties to communicate securely through various communication and transmission systems, or for any single party to protect data within a file storage system. The methods of the invention may be implemented on any digital data processor. Embodiments of the invention may be programmed or otherwise embodied in software configured for execution on a data processor. Such software may be stored in the data processor and/or any suitable non-transitory storage medium. Embodiments of the stream cipher of the invention may also be implemented as a hardware device, an application specific integrated circuit, or chip, which may reside on a hand-held communications device such as a cell phone or wireless network card.
An exemplary encryption system according to an embodiment of the invention may incorporate an encryption processor 100 as shown in
The processor 100 further comprises a parameters selection portion 120 configured to generate or receive a set of initialization parameters for use in establishing an encryption session. The parameters selection portion 120 may be configured to generate the initialization parameters based on a sessionstring and/or secret-key information provided by a session initiator or from other information accompanying the message to be encrypted and/or previous key information stored in a database or separately provided by a user. The parameters selection portion 120 passes the initialization parameters to an initialization portion 125 configured to initialize the state variables for an encryption instance. The initialization portion 125 may be configured to carry out any initialization process, including the methodology described above.
The processor 100 also comprises a cryptor set configuration portion 130 adapted to construct a set of M cryptors based on the state variables of the system. The cryptor set configuration portion 130 may also be configured to modify the cryptor set during the encryption of a message according to the methods described herein. The functions of the initialization portion 125 and cryptor set configuration portion 130 may be carried out by a single initialization and cryptor set configuration portion (not shown). The encryption portion 140 of the processor 100 is adapted to select a subset of the cryptor set constructed by the cryptor set configuration portion 130 and sequentially apply them to encrypt a single plaintext message byte. The basis for selection of this subset may be varied according to the methods described herein.
The cryptor set configuration portion 130 may also be configured to construct a set of M inverse cryptors, each of the inverse cryptors being the inverse of a corresponding one of the set of M cryptors. Further, the encryption portion 140 may be configured to apply the inverse cryptors to process previously encrypted message bytes as discussed above.
The encrypted message assembly and transmission portion 150 may be adapted to assemble the ciphertext message and transmit or otherwise output the message. The encrypted message assembly and transmission portion 150 may include an interface to any of the input-output sources described above in conjunction with the message receiving portion 110.
It will be understood that the message receiving portion 110, parameters selection portion 120, initialization portion 125, cryptor set configuration portion 130, encryption portion 140 and encrypted message assembly and transmission portion 150 may be distributed among one or more data processors or data processing systems. All of these elements may for example be provided on a single user data processor. Alternatively, the various components of the encryption processor 100 may be distributed among a plurality of data processors in selective communication via a network.
It will also be understood that the actions of any of the methods described herein may be embodied in instructions stored on a computer-readable storage medium for use in conjunction with a programmable data processor.
The number of possible alternative strategies, and combinations of strategies, which may be used to generate the initial internal states of the stream cipher of the present invention is practically unlimited. Many alternative embodiments using a multitude of different strategies and combinations of strategies have been developed and successfully tested. The exemplary Initialization Process illustrates methods that may be used in combination to generate the monoalphabetic contents of the large plurality of cryptors in a manner which ensures that even minor changes anywhere within the suite of input parameters unpredictably impact every cryptor. In particular, as illustrated in the exemplary embodiment, the reapplication of the methods during the second phase magnifies the impact of a single bit variation in any parameter such that wholesale changes are produced in all cryptors. It should be noted that the exemplary embodiment illustrates methods which ensure that all such changes within the Initialization Process impact only the initial internal state variables of the stream cipher of the invention, and are transparent to methods subsequently employed during encryption and decryption processes.
As previously discussed, additional initialization parameters, or different sized initialization parameters, may be introduced in alternative embodiments. Other alternative embodiments increase or decrease the number of cryptors initially supplied to perform initialization, and others vary the size of the shared-secret private keys.
Another embodiment accepts an additional initialization input parameter, a shared-secret cryptor whose values may be used to reorder the large plurality of cryptors before, during, and/or after other methods are used to scramble their monoalphabetic contents. The impact of this parameter is magnified by the fact that the initialization methods used during the Initialization Process are not associative. Even minor changes in the order of the large plurality of cryptors before initialization, such as swapping the locations of two cryptors, cause wholesale changes to the monoalphabetic contents subsequently produced by the methods. The introduction of this parameter allows the creation of stream cipher sessions using a publicly exchanged private key, permitting groups whose members all know the shared-secret “group key” to communicate securely. As described elsewhere, a protocol should be employed that ensures that such sessions are used only to protect the exchange of pseudo-random values required to create secondary sessions.
Varying the Methods Used by the State Modification Process
The number of possible alternative strategies and combinations of strategies, which may be used to selectively modify the internal states of the stream cipher of the present invention is also practically unlimited. Dozens of methods have been developed and tested within alternative embodiments which use such strategies to pseudo-randomly modify the contents of the polymorphic chamber containing the large plurality of cryptors, using the resulting values to generate sequences of unpredictable values to direct subsequent modifications. The methods employed within such embodiments include the use of progressive and/or pseudo-random processes which selectively call upon one or more such methods prior to each process iteration. A progressive process may be controlled by values produced using separate index variables to gradually step through sequences to modify the entire contents of every cryptor. A pseudo-random process may be controlled by using residue values from the previous process iteration, or sequences of values produced by irregularly stepping additional index variables, or a combination of both, to selectively exchange pairs of values within a cryptor.
Examples of these methods, any of which may be unpredictably structured and/or applied, include:
The logical application of a virtual cryptor in a given rotational position to encrypt an input byte may be varied by using any one of dozens of different strategies, each strategy producing different encryption results when applied to the entire plaintext alphabet. In the exemplary embodiment, the byte value logically specifying the rotational position of a cryptor is combined with the value of the input byte to be encrypted using addition, modulo 256. The resultant value is used as an index into the virtual cryptor array to obtain a value within the current monoalphabetic cipher to replace the input byte. This strategy simulates application of each rotor as applied within the prior-art electro-mechanical rotor machines. However, in a virtual machine, dozens of different strategies might be employed that variably combine the rotational position and input byte values either before or after (perhaps, even without) using the cryptor.
Strategies have been developed and successfully tested in alternative embodiments that use varying operators to combine the data value and rotational cryptor position prior to indexing into each cryptor, other strategies first index into a cryptor with one of the two values and then variably use different operators (e.g. subtraction, addition, Boolean exclusive-or) to combine the resultant value with the other of the two values. Still other embodiments might variably use pseudo-random internal state variables such as X, Y, or Z, either as a substitute for the cryptor position or to alter its position, or even on occasion to operate directly upon the data value (perhaps in combination with the cryptor position value) using a Boolean exclusive-or without actually using the cryptor itself.
Many other embodiments of the stream cipher of the invention have also been developed and successfully tested that employ one or more additional values which may be used to vary the number of cryptors applied by different virtual cryptor machine instances. Each of these strategies dramatically increases the number of different possible monoalphabetic ciphers that may be produced to encrypt each input data byte. Such values may be pseudo-randomly generated within each process iteration by variably combining residual values retained from the previous process iteration in the internal state variables X, Y, and Z. For example, the number of cryptors actually applied by each virtual cryptor machine instance may be varied, within a limited range of values. Thus, rather than each cryptor machine instance applying a fixed number of cryptors as illustrated in the exemplary embodiments above, pseudo-randomly varying the number of cryptors within the range {3 . . . 7}, would result in an average of approximately 5 cryptors being applied for a large number of process iterations. This innovation alone, appearing simple in concept, introduces additional significant challenges to any cryptanalysis strategies.
Another embodiment may pseudo-randomly specify one or more individual cryptors within the large plurality (or one or more positions within each virtual cryptor machine) that logically would be skipped during the sequential application of cryptors within a process iteration. This strategy further unpredictably varies the number of cryptors actually applied to encrypt each plaintext byte. Similarly, another embodiment strategy is to pseudo-randomly specify one or more individual cryptors within the large plurality (or one or more positions within each virtual cryptor machine) which, if applied within the cryptor machine instance, would be immediately applied again to re-encrypt the previous result. Further, such a second application of a cryptor could optionally be performed with, or without, using the rotational position of the cryptor to influence results. Another approach may be to use the result of the second application not simply to produce the new encrypted value as usual, but to use the results to modify the previous results by addition, subtraction, or the Boolean exclusive-or operation.
Similarly, another exemplary embodiment may use a pseudo-randomly generated value to specify an additional cryptor (or inverse cryptor) within the large plurality that may be applied before and/or after each cryptor machine instance completes its tasks. Another approach may be to use such a value to directly modify the input value (addition, subtraction, or Boolean exclusive-or) before and/or after each cryptor machine instance completes its tasks.
Many such strategies, and combinations of strategies, have been developed and tested but are not illustrated in the exemplary embodiment which is presented herein to illustrate the power and efficacy of the four major revolutionary concepts: the dynamic cryptor; the corresponding dynamic inverse cryptor; the polymorphic chamber of a large plurality of cryptors used to generate sequences of virtual cryptor machines; and the use of the swirling miasma of values created by the dynamic contents of the polymorphic chamber as a source of unpredictable sequences of pseudo-random values that may be used to drive associated methods and functions.
Varying the Encryption Method
In an alternate embodiment, the stream cipher methods of the invention may be configured as a “random number generator” that requires no digital information stream to encrypt and no separate decryption process. This embodiment of the stream cipher, using the same initialization methods, performs exactly as within the exemplary embodiment except that a “target” byte is pseudo-randomly selected and then encrypted by a virtual cryptor machine instance rather than the input data byte of the exemplary embodiment. Called repeatedly, or using parameters that indicate the length and an address to store a sequence, a stream of encrypted target bytes is pseudo-randomly generated that may be used by other processes. For example, such a stream of values may be combined with a corresponding stream of plaintext message bytes using the Boolean exclusive-or operator, producing a stream of ciphertext bytes. A message encrypted using this approach may be decrypted simply by using the same initialization parameters to generate the identical sequences of encrypted target bytes, and using the Boolean exclusive-or operator to combine each byte of the encrypted ciphertext message with the corresponding byte of stream of encrypted target bytes, exactly reproducing the plaintext message.
A major advantage of such a random number generator based upon the stream cipher methods of the present invention is that the set of initialization parameters used to generate the initial internal machine states for any session may be entirely generated from a previous session. Such a “feedback” approach would be extremely effective as a method to generate unpredictable sequences of values for purposes other than encryption that do not require that the sequences be reproduced.
To those skilled in the art of cryptography, it is understood that methods using a random number generator with such a “combining strategy” is subject to “known plaintext” attacks which allow an unauthorized recipient to intercept and strip away the known plaintext of a message, thereby obtaining the stream of generated values. The attacker is then able to effectively “forge” a message using a substitute plaintext message of the same length, appropriately combining it with the revealed stream of generated values such that any authorized recipient who decrypts the changed ciphertext will obtain the plaintext of the forged message, and would be unaware of the substitution. Substitution stream ciphers are not subject to such known plaintext attacks correctly modifying intercepted ciphertext. However, such attacks have proved effective in generating valuable cryptanalysis statistics whenever stream ciphers have been used to encrypt multiple messages of known plaintext using the same (or even similar) internal states. However, with proper initialization protocols, the internal states of the stream cipher of the present invention will always vary so dramatically from session to session that it is extremely unlikely that the set cryptors of two different sessions will ever contain even one identical monoalphabetic cipher after initialization.
It will be readily understood by those persons skilled in the art that the present invention is susceptible to broad utility and application. Many embodiments and adaptations of the present invention other than those herein described, as well as many variations, modifications and equivalent arrangements, will be apparent from or reasonably suggested by the present invention and foregoing description thereof, without departing from the substance or scope of the invention.
While the foregoing illustrates and describes exemplary embodiments of this invention, it is to be understood that the invention is not limited to the construction disclosed herein. The invention can be embodied in other specific forms without departing from the spirit or essential attributes.
Patent | Priority | Assignee | Title |
Patent | Priority | Assignee | Title |
1510441, | |||
1533252, | |||
1540107, | |||
1556964, | |||
1643546, | |||
1657411, | |||
1683072, | |||
1861857, | |||
2028772, | |||
2116733, | |||
2373890, | |||
2402182, | |||
2518458, | |||
2802047, | |||
2877565, | |||
2884712, | |||
2917679, | |||
2984700, | |||
4156314, | Feb 21 1944 | Rotors for a ciphering machine | |
6097812, | Jul 25 1933 | The United States of America as represented by the National Security | Cryptographic system |
6130946, | Oct 23 1936 | The United States of America as represented by the National Security | Cryptographs |
7236592, | Feb 01 2002 | GOOGLE LLC | Efficient stream cipher system and method |
20040250091, |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
Jul 22 2011 | PARRISH, DAVID L | Grey Heron Technologies, LLC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 030798 | /0080 | |
Jul 15 2013 | Grey Heron Technologies, LLC | (assignment on the face of the patent) | / |
Date | Maintenance Fee Events |
Feb 26 2019 | M2551: Payment of Maintenance Fee, 4th Yr, Small Entity. |
Mar 12 2023 | M2552: Payment of Maintenance Fee, 8th Yr, Small Entity. |
Date | Maintenance Schedule |
Feb 23 2019 | 4 years fee payment window open |
Aug 23 2019 | 6 months grace period start (w surcharge) |
Feb 23 2020 | patent expiry (for year 4) |
Feb 23 2022 | 2 years to revive unintentionally abandoned end. (for year 4) |
Feb 23 2023 | 8 years fee payment window open |
Aug 23 2023 | 6 months grace period start (w surcharge) |
Feb 23 2024 | patent expiry (for year 8) |
Feb 23 2026 | 2 years to revive unintentionally abandoned end. (for year 8) |
Feb 23 2027 | 12 years fee payment window open |
Aug 23 2027 | 6 months grace period start (w surcharge) |
Feb 23 2028 | patent expiry (for year 12) |
Feb 23 2030 | 2 years to revive unintentionally abandoned end. (for year 12) |