Field of the Invention
The instant invention relates to the field of cryptography and in particular to the encryption and decryption of plaintext. The instant invention in particular relates to encryption by using base system and use of one to one mapping, many to one mapping and many to many mapping. Here, data can be of any type for e.g. text, sound etc.
Background of the Invention
In this connected world, cryptography plays a major role, which is a field of science and art for keeping data secured. Today's connected society requires secure data encryption devices to preserve data privacy and authentication of critical applications. Encryption can have many applications including authenticating data in any form such as in the form of sound, text etc. It can also be used for sending secured messages across various types of networks for e.g. Virtual Private Networks, Wide Area Networks, Internet and so on.
Encryption is also used in biometric methods of confirming identity of person by measuring unique human characteristics, for example, finger or iris scanning or dynamic signature verification. The most important application of encryption is in transfer of data related to economic transactions in which security is a crucial issue to enhance performance and security in communication applications.
There are several conventional ways of classifying encryption techniques. They can be categorized based on the number of keys that are employed for encryption and decryption, and further defined by their application and use. The three types of techniques classified on the basis of keys are:
a.) Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption
b.) Public Key Cryptography (PKC): Uses one key for encryption and another for decryption
c.) Hash Functions: Uses a mathematical transformation to irreversibly encrypt information
Secret Key Cryptography
In secret key cryptography, a single key is used for both encryption and decryption. The sender uses the key (or some set of rules) to encrypt the plaintext and sends the ciphertext to the receiver. The receiver applies the same key (or rule set) to decrypt the message and recover the plaintext. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption. With this form of cryptography, both the sender and the receiver must know the key, which is a secret.
There are several widely used secret key cryptography schemes and they are generally categorized as being either stream ciphers or block ciphers. Stream ciphers operate on a single bit, byte, or (computer) word at a time, and implement some form of feedback mechanism so that the key is constantly changing. A block cipher is so-called because the scheme encrypts one block of data at a time using the same key on each block. In general, the same plaintext block will always encrypt to the same ciphertext when using the same key in a block cipher whereas the same plaintext will always encrypt to different ciphertext in a stream cipher.
Stream ciphers come in several flavors but two are worth mentioning here. Self-synchronizing stream ciphers calculate each bit in the key stream as a function of the previous n bits in the key stream. It is termed "self-synchronizing" because the decryption process can stay synchronized with the encryption process merely by knowing how far into the n-bit key stream it is. Synchronous stream ciphers generate the key stream in a fashion independent of the message stream but by using the same key stream generation function at sender and receiver. While stream ciphers do not propagate transmission errors, they are, by their nature, periodic so that the key stream will eventually repeat.
The most common secret-key cryptography scheme used today is the Data Encryption Standard (DES). DES is a block-cipher employing a 56-bit key that operates on 64-bit blocks. DES has a complex set of rules and transformations that were designed specifically to yield fast hardware implementations. Several variants of DES are currently in use, including Triple-DES and DESX.
Although DES is reasonably secure, but it would not be secure if a particular change were made (e.g., if fewer "rounds" were used). Modifications of this sort are not in accordance with the standard and, therefore, may provide significantly less security. As, DES is only a 64-bit (eight characters) block cipher, an exhaustive search of 255 steps on average, can retrieve the key used in the encryption. For this reason, it is a common practice to protect critical data using something more powerful than DES.
There are various disclosures, which reveal encryption or application of encryption.
U.S. Pat. No. 4,446,519 describes a method and apparatus for providing security for computer software. A software purchaser is provided with an electronic security device, which is a circuit element, plugged into a computer executing the software. The software and electronic security device exchange codes, which must be properly recognized before the computer will execute the software. Thus its application is limited in authentication of software.
U.S. Pat. No. 4,262,329 discloses a security system for data processing. Encrypted information is communicated between two computers. Encryption and decryption are performed by a computer within a hard-node, which is maintained under a high degree of security. All confidential data base information is stored within the hard-node.
U.S. Pat. No. 4,218,738 discloses a method for authenticating the identity of a potential computer user based on a comparison of information submitted by the potential user with information stored in the computer system. The potential use will enter an identification number and password at a terminal. The terminal then generates an authentication
pattern, which is a function of these two pieces of information. The authentication pattern is communicated to the main computer to verify the user identification.
U.S. Pat. No. 6,816,968, has a read function to test data from the trusted chip, including a random number and its signature, encrypted using a first key, by comparing the decrypted signature with a signature calculated from the decrypted random number. This apparatus doesn't check for the strength of the key.
U.S. Pat. No. 5,113,444 and U.S. Pat. No. 5,307,412 teaches the use of a thesaurus and synonyms together with arithmetic/logic operations to combine data and masks to accomplish encoding/decoding. These patents thus are limited by the use of the thesaurus and synonyms.
Thus in one or other way the conventional techniques do not fully suffice the requirement of security or are limited to a particular application. The conventional methods are not effective in strong shielding of the data either due to limited length of key or due to inefficient method of encryption. The conventional methods use shorter length key and that too with weak technique of encrypting. It thus helps the unauthenticated users to access the secret documents or messages, which can be important for a firm, company, and organization or for defense purposes.
Typically while implementing the secret key, conventional methods do not put emphasis on generation of a strong key, which thus results in poor shielding effect against the non-authorized external attacks. Most of the methods also do not consider the effect of autocorrelation between the elements of key.
There are some methods, which provide one to one mapping between each element of data with that of key. It means if one element of key is guessed successfully, the corresponding element of the data can be found. Thus it is not proper intermingling of the elements of whole data and key.
Summary and Objects of the invention
To obviate the aforesaid drawbacks, the object of the instant invention is to provide an efficient technique to encrypt the data with a strongly generated key.
Another object of the instant invention is to provide increasing, qualitative levels of security and covers module design and documentation, interfaces, authorized roles and services, physical security, software security, operating system security, key management, and other issues.
Still another object of the instant invention is encryption of data in any form like sound, message, picture etc.
Yet, another object of the instant invention is to generate a strong key, the elements of which do not provide one to one mapping between the elements of the data and key.
Last object of the instant invention is to provide the capability of storing secret message with encrypted data.
The instant invention provides a method for secret key encryption. The strength of randomly generated key is checked using chi-square test. Intermediate cipher data is generated using one to one mapping between data and key using base system. This is followed by converting the whole intermediate data on the base of maximum value key element which finally undergoes XOR operation between the maximum intermediate cipher data and key. Here representation of data on new base system confirms that data on the new base system cannot be recovered even if all the bytes of input data are same because each byte of data is going to be represented on various bases. Further, this invention takes XOR of odd bytes with reverse key and even bytes with original sequence, which makes it stronger. The inclusion of secret message, profile, and digital sign is carried out after the first step. Thus even digital sign cannot be recovered with wild guess.
An encryption system comprising first generating means for producing a key having no autocorrelation between the elements of said key; one to one mapping means for representing a byte of sub block of data in a base system, having a base value equal to corresponding byte of said key resulting in an intermediate ciphered data; second generating means receiving said key and outputting a maximum value key; many to one mapping means for representing each sub block of said intermediate ciphered data in a base system, with the base value of said base system being equal to the maximum value key resulting in maximum intermediate ciphered data; a first logic function performing means for executing a logic function on odd bytes of said maximum intermediate ciphered data; and a second logic function performing means for executing a logic function on even bytes of said maximum intermediate ciphered data; thereby resulting in encrypted data at the output.
Brief Description of Accompanying Drawings
FIG.l illustrates the method for encrypting the data.
FIG.2 is a flow chart illustrating the generation of the strong key.
FIG.3 is a flow chart illustrating the one to one mapping between data block and key.
FIG.4 is a flow chart illustrating the many to one mapping i.e., representing the intermediate ciphered text on the maximum key.
FIG. 5 is a flow chart showing the many to many mapping i.e., reversing the key and then XORing with the intermediate ciphered text to get the final ciphered text.
FIG 6 represents the application of the instant invention on virtual private networks.
Detailed Description of the Drawings
Fig. 1 comprises of subsystem 1 which generates strong key of 64 bytes, which is then sent to subsystem 2. A key of length 64 bytes is chosen, which strengthens it against
brute force attack. Subsystem 2 gets the key from subsystem 1 and the data from some other device such as memory, input device etc. Thus, using received key and data, subsystem 2 encrypts the data, resulting in intermediate cipher data. The intermediate ciphered data is then outputted to subsystem 3, which is than further encrypted by using maximum key. Here, maximum key is generated from the key generated by subsystem 1. Thus, the encryption of intermediate ciphered data by subsystem 3, results in maximum intermediate ciphered data, which is than outputted to subsystem 4. Subsystem 4 performs XOR operation on the maximum intermediate ciphered data, key and reversed key, thereby resulting in final encrypted data. Here, reverse key is generated from the key, which was generated by subsystem 1.
Fig. 2 illustrates the generation of strong key by subsystem 1. Random number generator generates random numbers in stepl. When a key of length 64 bytes is created it is forwarded for chi square test else, again a random number is generated and thereafter the length of key is again checked. Here numbers from 16 to 255 are selected for key numbers, so that each byte can attain 240 different values. Thus it is quite impossible to guess the key correctly as the key attains the value from a very large set and requires 240A64 number of brute force attempts to break it. Using chi-square test, the efficiency of key is checked and on successful validation of the key, it is accepted. In case the key does not qualify chi-square test, random key generator again generates the key. Thus chi-square test ensures 90% purity, such that there is no autocorrelation between the elements of the key.
Figure 3 illustrates the functionality of subsystem 2. Here each byte of 64 bytes sub block of data is represented using corresponding byte of key assuming the corresponding key element as a new base value to obtain an intermediate cipher data of 128 bytes. It is one to one mapping between the data and the key element, such that the corresponding data element is represented on the base, as is the corresponding key element. Thus here intermediate cipher data of 128 bytes is obtained.
Figure 4 represents the flow chart illustrating many to one mapping done by subsystem 3. It represents the intermediate ciphered data on the base of maximum value key. In order to obtain maximum value key, the key is broken in to 8 sub blocks of 8 byte each and the maximum byte value from each sub block is taken at the same position, as was the position of the block. Thus a maximum value key of 8 bytes is obtained. The 128 byte intermediate cipher data obtained in figure 3 is then broken in to 8 sub blocks of 16 bytes each. Thus each sub block of intermediate cipher data obtained in figure 3 is represented on the base, as is the maximum value of key, resulting in maximum intermediate ciphered data.
Figure 5 shows many to many mapping between the maximum intermediate ciphered data and the key obtained in step 1. Here, the key is reversed such that il element of the key is treated as (64-i)1 element and thereafter the odd bytes of maximum intermediate ciphered data are XOR with the reversed key of 64 bytes and even bytes of maximum intermediate ciphered data is XOR6'1 with the key in original order. The element of odd block is operated under XOR operation with the corresponding element of key in reverse order and element of even block is operated under XOR operation with corresponding element of key in original order. Thus, at last encrypted data is obtained.
Fig. 6 shows application diagram of the instant invention. Here virtual private network is an application where encrypted messages or information can be sent in such a way that, an unauthenticated person cannot read it.
The instant invention is not only limited to text data but also capable of ciphering the non-alpha numeric characters and can even encrypt images and sound files. The picture or sound of user can be stored in computer with the user password and its identification like name, address etc. These sound and picture is not stored in computer directly but an encrypted sound or picture is stored which is encrypted using user password treating it as a key.
There are various applications of the instant invention. For e.g. it can be used in secure transmission of data. Here, the key is shared between the client and the server, and the data is transferred in ciphered form to avoid the unauthorized access of data. The ciphered data is again deciphered using the same secret key.
The instant invention can also be used in password recovery mechanism. The secret statement given by the user can be treated as the key. If user forgets the password and desires to regenerate the stored document/password, then he will be asked to type the statement, which is used to authenticate the user commonly known as 'secret statement', to get the secret document or password.
It can further be used to protect phone calls from eavesdropping using voice encryption.
It can help in identification and authentication, secret sharing, electronic commerce, certification, key recovery, remote access, e-purses etc.
The picture or sound of user can be stored in computer with the user password and its identification like name, address etc. These sound and picture is not stored in computer directly but an encrypted sound or picture is stored which is encrypted using user password treating it as a key.
The instant invention protects the data from various attacks:
Cipher text Only Attack: This is where an attacker has one or more encrypted messages; all encrypted messages using the same algorithm. The aim of the attacker is to obtain the plaintext messages from the encrypted messages. Ideally, the key can be recovered so that all messages in the future can also be recovered. In the proposed apparatus, if a person is having more than one encrypted messages then also the key can not be guessed because data is has not only mapped one to one with key but other operations are also there. The single value of cipher data does not depends upon only single key element.
Known Plaintext Attack: This is where an attacker has both the plaintext and the encrypted form of the plaintext. In the case of an authentication chip, a known-plaintext attack is one where the attacker can see the data flow between the system and the authentication chip. The inputs and outputs are observed (not chosen by the attacker), and can be analyzed for weaknesses (such as birthday attacks or by a search for differentially interesting input/output pairs). A known plaintext attack can be carried out by connecting a logic analyzer to the connection between the system and the authentication chip. Here in proposed apparatus, there is no linear mapping between plaintext data and cipher data. Without knowing the maximum key value and (n-i)th key value, the ith elements of key can not be recovered. Thus even for a single element of key, one should guess either all the elements of key correctly or even a single element of key cannot be guessed. But it is quite impossible to guess all the values of key correctly.
There are some systems, in which simply XOR is taken between key and data or data is stored on the basis of some key using only one to one base conversion. They are easier to break. If the number is given on base 10 and another base its base can be recovered. As discussed in invention, it cannot be recovered without completely knowing the key.
Guessing Attack: This type of attack is where an attacker attempts to simply "guess" the key. As an attack it is identical to the brute force attack where the odds of success depend on the length of the key. Here in the proposed apparatus, the key of length 64 bytes is being used and each value of key can be assigned as many values as between 16 to 255. Thus it is quite impossible to guess the key correctly while key may attain value from the very big set of having 240A64 different elements.
It is more difficult to break in comparison to system having key length 8 or 16 bytes. Here, 240 different characters are used for key. The key value is not restricted to only alpha-numeric characters only as in some inventions it has seen

We claim
1.) An encryption system comprising:
- first generating means for producing a key having multiple elements with no
autocorrelation between said elements;
first mapping means for representing a byte of sub block of data in a base system, having a base value equal to corresponding byte of said key resulting in an intermediate ciphered data;
- second generating means receiving said key and outputting a maximum value
key;
second mapping means for representing each sub block of said intermediate ciphered data in a base system, with the base value of said base system being equal to the maximum value key resulting in maximum intermediate ciphered data;
a first logic function performing means for executing a logic function on odd bytes of said maximum intermediate ciphered data; and a second logic function performing means for executing a logic function on even bytes of said maximum intermediate ciphered data; Thereby resulting in encrypted data at the output.
2.) An encryption system as claimed in claim 1 wherein first mapping means comprises of one to one mapping means.
3.) An encryption system as claimed in claim 1 wherein second mapping means comprises of many to one mapping means
4.) An encryption system as claimed in claim 1 wherein said first generating means comprises of random number generator which selects numbers from 16 to 255 for random key and outputs random key of 64 bytes.
5.) An encryption system as claimed in claim 1 wherein said first generating means comprises of chi-square system which receives said random key and tests and outputs said key of 64 bytes.
6.) An encryption system as claimed in claim 1 wherein the length of said subblock of data is equal to the length of said key.
7.) An encryption system as claimed in claim 1, wherein one to one mapping means represents each byte of subblock of data in a base system having a base value equal to the corresponding byte of said key resulting in 128 bytes of intermediate ciphered data.
8.) An encryption system as claimed in claim 1, wherein said second generation means divides said key in 8 subblocks of 16 bytes each and selects a maximum value from each said subblocks of said key thereby forming a corresponding byte of the eight byte maximum value key.
9.) An encryption system as claimed in claim 1, wherein many to one mapping means represents each sub block of said intermediate ciphered data in a base system with the base value of said base system equal to the maximum value key resulting in maximum intermediate ciphered data;
10.) An encryption system as claimed in claim 1, wherein each said subblock of intermediate ciphered data is of 16 bytes.
11.) An encryption system as claimed in claim 1, wherein reverse key generator receives said key thereafter replace ith element of said key by (64-i)th element of said key resulting in reversed key.
12.) An encryption system as claimed in claim 1, wherein each odd byte of said maximum intermediate data is XOR6*1 with corresponding byte of said reversed
key and each even byte of said maximum intermediate ciphered data is XOR with corresponding byte of said key resulting in encrypted data.
13.) An encryption method comprising the steps of:
generating a key having no autocorrelation between the elements of said key; representing each byte of sub block of data on a base system, said base system having a base value equal to corresponding byte of said key resulting in an intermediate ciphered data; generating a maximum value key from said key;
representing each sub block of said intermediate ciphered data in a base system with the base value equal to the maximum value key resulting in maximum intermediate ciphered data;
generating a reversed key by replacing the i element of said key by 64-i element of said key;
performing logic operation on odd bytes of said maximum intermediate ciphered data and said reversed key; - performing logic operation on even bytes of said maximum intermediate ciphered data and said key; thereby resulting in encrypted data.
14.) An encryption method as claimed in claim 11 wherein random key of 64 bytes is generated by random number selection from numbers 16 to 225.
15.) An encryption method as claimed in claim 11 wherein said random key is tested by chi-square test and is accepted on successful validation resulting in said key.
16.) An encryption method as claimed in claim 11 wherein said subblock of data is equal to the length of said key.
17.) An encryption method as claimed in claim 11, wherein said key is divided in 8 subblocks of 8 bytes each and selects a maximum value from each said subblocks
of said key thereby forming a corresponding byte of the eight byte maximum value key.
18.) An encryption method as claimed in claim 11, wherein each subblock of said intermediate ciphered data is represented in a base system with the base value of said base system equal to the maximum value key resulting in maximum intermediate ciphered data.
19.) An encryption method as claimed in claim 11, wherein reverse key generator receives said key thereafter replace ith element of said key by (64-i)111 element of said key resulting in reversed key.
20.) An encryption method as claimed in claim 11, wherein each odd byte of said maximum intermediate data is XORed with corresponding byte of said reversed key and each even byte of said maximum intermediate ciphered data is XOR with corresponding byte of said key, resulting in encrypted data.
21.) An encryption system substantially as herein described with reference to and as illustrated by the accompanying drawings.
22.) An encryption method substantially as herein described with reference to and as illustrated by the accompanying drawings.