[go: up one dir, main page]

CN100448193C - Multi-module encryption method - Google Patents

Multi-module encryption method Download PDF

Info

Publication number
CN100448193C
CN100448193C CNB008122938A CN00812293A CN100448193C CN 100448193 C CN100448193 C CN 100448193C CN B008122938 A CNB008122938 A CN B008122938A CN 00812293 A CN00812293 A CN 00812293A CN 100448193 C CN100448193 C CN 100448193C
Authority
CN
China
Prior art keywords
module
encryption
key
decryption
encrypting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB008122938A
Other languages
Chinese (zh)
Other versions
CN1371563A (en
Inventor
马尔科·萨塞利
克里斯托弗·尼科拉斯
迈克尔·约汉·西尔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nagravision SARL
Original Assignee
Nagrakad S A
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nagrakad S A filed Critical Nagrakad S A
Publication of CN1371563A publication Critical patent/CN1371563A/en
Application granted granted Critical
Publication of CN100448193C publication Critical patent/CN100448193C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Compression, Expansion, Code Conversion, And Decoders (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Slot Machines And Peripheral Devices (AREA)
  • Coupling Device And Connection With Printed Circuit (AREA)

Abstract

当用一个加密/解密模块时,存在着许多通过分析进入或离开模块的数据确定模块所用的一个密钥或多个密钥的方法。为了解除这些方法的缺点,提出的多模块方法在于一旦上游的加密/解密模块已发出了其部分计算结果时,下游加密/解密模块就开始其加密/解密运算。

When using an encryption/decryption module, there are many ways to determine the key or keys used by the module by analyzing the data entering or leaving the module. In order to alleviate the disadvantages of these methods, a multi-module approach is proposed in that the downstream encryption/decryption module starts its encryption/decryption operation once the upstream encryption/decryption module has sent its partial calculation results.

Description

多模块加密方法 Multi-module encryption method

本发明涉及数据的加密或解密领域,特别是涉及在付费观看电视系统的框架内对未授权的人或设备保持不可访问的数据的加密或解密。在这种系统中,在保密环境中对数据进行加密,该环境提供相当大的计算能力并称为编码子系统。然后用已知的方法将数据发送给至少一个分散子系统,在该分散子系统中一般用IRD(Integrated Receiver Decoder,综合接收机解码器)并在一张芯片卡的帮助下对数据进行解密。一个可能的非授权者能够不受限制地访问这个芯片卡和与芯片卡合作的分散子系统。The present invention relates to the field of encryption or decryption of data, in particular data kept inaccessible to unauthorized persons or devices within the framework of pay-per-view television systems. In such systems, data is encrypted in a secure environment that provides considerable computing power and is called an encoding subsystem. The data are then sent by known methods to at least one decentralized subsystem, in which the data are generally decrypted with the help of an IRD (Integrated Receiver Decoder) and with the aid of a chip card. A potential unauthorized person can have unrestricted access to the chip card and the decentralized subsystems cooperating with the chip card.

在一个加密/解密系统中将许多不同的加密/解密方法链接起来是已知的做法。在以下的述说中,用术语加密/解密表示用于一个较大的加密/解密系统中的一个特定的加密方法。It is known practice to chain many different encryption/decryption methods in one encryption/decryption system. In the following description, the term encryption/decryption is used to denote a specific encryption method used in a larger encryption/decryption system.

长时期来一直在设法从速度,占据的存储空间和保密性这样三个观点使这些系统的工作最佳化。这里将速度理解为意指对接收的数据进行解密所需的时间。Attempts have long been made to optimize the operation of these systems from the standpoint of speed, storage space occupied and security. Speed is understood here to mean the time required to decrypt received data.

具有对称密钥的加密/解密系统是已知的。能够作为若干判据的函数对它们的固有的保密性进行估计。Encryption/decryption systems with symmetric keys are known. Their inherent secrecy can be estimated as a function of several criteria.

第1个判据是物理保密性的判据,与通过析取某些成分,接着可以用其它成分替换它们的调查方法的难易有关。这些打算向非授权者通报加密/解密系统的工作性质和方式的替换成分被他/她以这样一种不能由系统其它部分探测的或尽可能不能探测的方式进行选择。The first criterion, that of physical secrecy, has to do with the ease of investigation by extracting certain components, which can then be replaced by others. These replacement elements intended to inform an unauthorized person of the nature and manner of operation of the encryption/decryption system are chosen by him/her in such a way that it cannot be detected, or as far as possible, by other parts of the system.

第2个判据是系统保密性的判据,在它的框架内攻击从物理观点来看不是直观的但是要求分析数学类型。典型地,这些攻击将由企图破译算法和加密码的具有高计算能力的计算机进行。The second criterion is that of system security, within the framework of which the attack is not intuitive from a physical point of view but requires analysis of a mathematical type. Typically, these attacks will be carried out by computers with high computing power attempting to decipher algorithms and encryption codes.

具有对称密钥的加密/解密的方法例如是称为DES(Data EncryptionStandard,数据加密标准)的系统。这些相对古老的方法现在只提供完全相对的系统保密性和物理保密性。特别是因为这个原因,DES,它的密钥长度太短不能满足系统保密性的条件,正在越来越多地被新的加密/解密方法所替换或用较长的密钥。一般,这些具有对称密钥的方法要求包含加密圈的算法。An encryption/decryption method with a symmetric key is, for example, a system called DES (Data Encryption Standard, Data Encryption Standard). These relatively ancient methods now only provide complete relative system and physical secrecy. For this reason in particular, DES, whose key length is too short to satisfy the conditions of system secrecy, is increasingly being replaced by new encryption/decryption methods or with longer keys. Typically, these methods with symmetric keys require algorithms that include cryptospheres.

其它的攻击战略称为单功率分析和定时分析。在单功率分析中,我们利用一台用于对数据进行加密或解密的微处理机与一个电压源(一般为5伏)连接这样一个事实。当它空载时,有大小为i的固定的电流流过它。当它在工作时,瞬时值i不仅与输入数据而且与加密算法有关。单功率分析在于测量电流i作为时间的函数。可以从它推导出微处理机实施的算法类型。Other attack strategies are called single power analysis and timing analysis. In single power analysis we take advantage of the fact that a microprocessor used to encrypt or decrypt data is connected to a voltage source (typically 5 volts). When it is unloaded, a fixed current of size i flows through it. When it is working, the instantaneous value i is not only related to the input data but also to the encryption algorithm. Single power analysis consists in measuring the current i as a function of time. The type of algorithm implemented by the microprocessor can be deduced from it.

以同样的方式,定时分析方法在于测量计算的持续时间作为提供给解密模块的样本的函数。这样,在提供的样本和用于计算结果的时间之间的关系使恢复解密模块秘密参数如密钥成为可能。例如在由PaulKocher,Cryptography Research,870 Market St,Suite 1088,SanFrancisco,Ca-USA公布的文件“Timing Attacks on Implememtations ofDiffie-Hellman,RSA,DSS,and Other Systems”中描述了这样一种系统。In the same way, the timing analysis method consists in measuring the duration of the computation as a function of the samples supplied to the decryption module. In this way, the relationship between the samples provided and the time used to compute the result makes it possible to recover secret parameters of the decryption module such as keys. Such a system is described, for example, in the document "Timing Attacks on Implememtations of Diffie-Hellman, RSA, DSS, and Other Systems" published by Paul Kocher, Cryptography Research, 870 Market St, Suite 1088, San Francisco, Ca-USA.

为了改善加密系统的保密性,已经提出了具有非对称密钥的算法,如所谓的RAS(Rivest,Shamir and Adleman)系统。这些系统包含产生一对匹配密钥,其中一个是所谓的用于加密的公开密钥,而另一个是所谓的用于解密的专用密钥。这些算法显示出保密性,系统和物理保密性两者的高水平。另一方面,它们比传统的系统,特别是在加密阶段慢。To improve the secrecy of encryption systems, algorithms with asymmetric keys have been proposed, such as the so-called RAS (Rivest, Shamir and Adleman) system. These systems involve generating a pair of matching keys, one of which is a so-called public key for encryption and the other a so-called private key for decryption. These algorithms show a high level of security, both systematic and physical. On the other hand, they are slower than traditional systems, especially at the encryption stage.

最近的攻击技术要求代表微分功率分析的所谓的DPA概念。这些方法的基础是在大量试验后可以证明的,关于在加密密钥的一个给定位置上存在一个0或一个1的推测。它们几乎是非破坏性的,这样使它们具有很大的不可探测性,并要求物理入侵成分和数学分析成分两者。它们的工作方式使我们想起探测油田的技术,在那里在地球表面上产生已知功率的爆炸,并在离开爆炸点的已知距离处放置耳机和探针,不需进行太多的挖掘,利用由该地表下面的沉积床的边界反射的冲击波,就能够关于地表下的地层学成分作出假设。在由IBM T.J.watson ResearchCenter,Yorktown Heights,NY的Suresh Chari,Charanjit Jutla,JosyulaR.Rao and Pankaj Rohatgi于1999年2月1日公布的文件“A CautionaryNote Regarding Evaluationl of AES Candidates on Smart-Cards”的第2.1节中特别描述了DPA攻击。Recent attack techniques call for the so-called DPA concept that stands for Differential Power Analysis. The basis of these methods is the conjecture, which can be proved after a large number of experiments, about the existence of a 0 or a 1 at a given position of the encryption key. They are nearly non-destructive, which makes them largely undetectable, and requires both a physical intrusion component and a mathematical analysis component. The way they work reminds us of the technology used to detect oil fields, where a blast of known power is created on the surface of the earth, and earphones and probes are placed at known distances from the blast, without much digging, using Shock waves reflected by the boundaries of the subsurface sedimentary bed enable assumptions to be made about the stratigraphic composition of the subsurface. In section 2.1 of the document "A Cautionary Note Regarding Evaluationl of AES Candidates on Smart-Cards" by Suresh Chari, Charanjit Jutla, Josyula R. Rao and Pankaj Rohatgi, IBM T.J. Watson Research Center, Yorktown Heights, NY, published February 1, 1999 DPA attacks are specifically described in Section .

必须阻止DPA攻击的要求迫使或者在输入信息中或者在加密/解密算法的输出上使用所谓的“白化”干扰系统。在上述的同一个文件的第3.5节中描述了白化技术。The requirement that DPA attacks must be prevented forces the use of so-called "whitening" jamming systems either in the input information or on the output of the encryption/decryption algorithm. Whitening techniques are described in Section 3.5 of the same document mentioned above.

然而,在付费观看的电视系统的分散子系统中计算能力受到限制的事实,对于上面描述的实施足够程度的链接,产生一个从来没有被令人满意地解决过的问题。However, the fact that computational power is limited in the decentralized subsystems of pay-per-view television systems, to implement a sufficient degree of linking as described above, creates a problem that has never been satisfactorily solved.

本发明的目的是使对抗如上面描述的现代调查方法的加密/解密方法变成可以利用的。The purpose of the present invention is to make available encryption/decryption methods against modern investigative methods as described above.

本发明的目的通过下述方法实现:利用至少三个串联的加密/解密模块的加密和解密方法,其特征在于中间和最后的加密/解密模块中的每一个模块在紧邻的前一个加密/解密模块结束加密/解密运算之前一旦部分信息已经可利用,就开始进行加密/解密运算。The object of the present invention is achieved by the method of encryption and decryption using at least three encryption/decryption modules connected in series, characterized in that each of the intermediate and last encryption/decryption modules Once part of the information is available before the module ends the encryption/decryption operation, the encryption/decryption operation starts.

本方法的特点在于这样一个事实,即中间模块不是当来自前面(或上游)模块的结果已经终止时开始工作,而是一旦已经可得到部分信息时就开始工作。所以,对于一位外部的观察者,对于这个模块不可能建立起输入或输出条件。The peculiarity of this method lies in the fact that intermediate modules do not start working when results from previous (or upstream) modules have terminated, but start working as soon as partial information is already available. Therefore, for an external observer, it is not possible to establish input or output conditions for this module.

因为在与芯片卡合作的分散子系统中,这个芯片卡提供与编码子系统比较只是相对地受到限制的计算能力,发生解密,所以例如用一个当解密的最后步骤中工作得相对快的公开的非对称密钥是有益的。这一方面使在脱离过程中保持系统的不受破坏性的特征,另一方面使在编码子系统中在专用密钥的帮助下集中基本上与加密有关的计算能力成为可能。Because in a decentralized subsystem cooperating with the chip card, which offers only relatively limited computing power compared with the encoding subsystem, the decryption takes place, for example with a public Asymmetric keys are beneficial. This makes it possible, on the one hand, to preserve the indestructible character of the system during the detachment process, and on the other hand to concentrate in the encoding subsystem, with the help of private keys, essentially encryption-related computing power.

我们已经发现由于链接或部分交错的两个相互时序地跟随的加密/解密方法的可能性提供额外的保密性。我们将链接或部分交错理解为意味着该过程在于当第1个加密/解密方法还没有结束它对数据的工作时,就开始第2个加密/解密方法对这些同样的数据的工作。这使得像它们是由于第1模块的工作引起那样地并在受到第2模块的作用前掩蔽数据成为可能。We have found that additional security is provided due to the possibility of two mutually chronologically following encryption/decryption methods being chained or partially interleaved. We understand chaining or partial interleaving to mean that the process consists in starting the work of the 2nd encryption/decryption method on these same data while the 1st encryption/decryption method has not finished its work on these same data. This makes it possible to mask the data as if they were due to the work of the 1st module and before being acted upon by the 2nd module.

一当在第1模块的输出端计算得到的数据部分可用于由第2模块进行的处理时链接就能够立即开始。The linking can start as soon as the calculated data portion at the output of the first module is available for processing by the second module.

本发明通过在一个加密/解密系统中将许多不同的加密/解密方法组合起来和可能通过将链接或部分交错与这些方法在其中相互跟随的序列结合起来,使保护不受上述攻击成为可能。The invention makes it possible to protect against the above-mentioned attacks by combining many different encryption/decryption methods in one encryption/decryption system and possibly by combining chaining or partial interleaving with sequences in which these methods follow each other.

在本发明的一个特定的实施例中,加密/解密系统包含一个时序地使用三个算法的编码子系统:In a specific embodiment of the invention, the encryption/decryption system includes an encoding subsystem that sequentially uses three algorithms:

a)一个具有专用密钥d1的非对称算法A1。这个算法A1在由消息m表示的明文数据上加上签字,这个操作通过在专业上一般由下列公式表示的数学操作传递第1个密报c1∶c1=m指数d1,模n1。在这个公式中,n1形成非对称算法A1的公开密钥的一部分,模代表在该组相关整数内众所周知的数学的同余算子,d1是算法A1的专用密钥。a) An asymmetric algorithm A1 with a private key d1. This algorithm A1 adds a signature to the plaintext data represented by the message m, this operation conveys the first secret message c1 through a mathematical operation generally expressed by the following formula: c1=m exponent d1, modulo n1. In this formula, n1 forms part of the public key of the asymmetric algorithm A1, the modulus represents a well-known mathematical congruence operator within the set of related integers, and d1 is the private key of the algorithm A1.

b)一个用秘密密钥K的对称算法S。这个算法将密报c1变换成密报c2。b) A symmetric algorithm S using a secret key K. This algorithm transforms the secret message c1 into the secret message c2.

c)一个具有专用密钥d2的非对称算法A2。这个算法A2用如上所述的下列公式表示的数学操作将密报c2变换成密报c3∶c3=c2指数d2,模n2,在这个公式中,n2形成非对称算法A2的公开密钥的一部分,d2是算法A2的专用密钥。c) An asymmetric algorithm A2 with a private key d2. This algorithm A2 transforms the secret message c2 into a secret message c3 using the mathematical operation described above by the following formula: c3 = c2 exponent d2, modulo n2, where n2 forms part of the public key of the asymmetric algorithm A2, d2 is the private key for Algorithm A2.

用本身已知的方法,密报c3离开编码子系统并到达分散子系统。在付费观看的电视系统的情形中,这可能同等地涉及视频数据或消息。In a method known per se, the tip c3 leaves the encoding subsystem and reaches the decentralizing subsystem. In the case of pay-per-view television systems, this may equally involve video data or messages.

分散子系统以与上述相反的次序使用3个算法A1′,S′和A2′。这3个算法形成分布在编码子系统和分散子系统之间的3个加密/解密方法A1-A1′,S-S′和A2-A2′的一部分,并代表加密/解密系统。The decentralized subsystem uses the three algorithms A1', S' and A2' in the reverse order of the above. These 3 algorithms form part of 3 encryption/decryption methods A1-A1', S-S' and A2-A2' distributed between the encoding subsystem and the decentralized subsystem and represent the encryption/decryption system.

d)算法A2′对c3实施恢复到c2数学操作,并表示为:c2=c3指数e2模n2。在这个公式中,由e2和n2构成的组是非对称算法A2-A2′的公开密钥。d) Algorithm A2' implements a mathematical operation on c3 to restore to c2, and is expressed as: c2=c3 exponent e2 modulo n2. In this formula, the group consisting of e2 and n2 is the public key of the asymmetric algorithm A2-A2'.

e)对称算法S′用秘密密钥K恢复密报c1。e) The symmetric algorithm S' uses the secret key K to recover the secret message c1.

f)具有公开密钥e1,n1的非对称算法A1′通过实施下面表示的数学操作恢复m∶m=c1指数e1模n1。f) The asymmetric algorithm A1' with the public keys e1, n1 recovers m by implementing the mathematical operation shown below: m=c1 exponent e1 modulo n1.

在分散子系统中,链接在于当c2还没有被前面的步骤d)完全恢复时开始解码步骤e),并且当c1还没有被步骤e)完全恢复时开始解码步骤f)。优点是能够阻止对例如首先在步骤e)结束时在分散子系统内析取密报c1的攻击,以便将它与明文数据m比较,然后用c1和m攻击算法A1′,然后逐渐回塑到编码链接。In the decentralized subsystem, the chaining consists in starting the decoding step e) when c2 has not been fully recovered by the preceding step d), and starting the decoding step f) when c1 has not been fully recovered by step e). The advantage is that it is possible to prevent an attack on e.g. first extracting the secret message c1 in the decentralized subsystem at the end of step e) in order to compare it with the plaintext data m, and then attacking the algorithm A1' with c1 and m, and then gradually reshaping to the code Link.

在安装在保密物理环境中的编码子系统中不需要链接。另一方面它在分散子系统中是有用的。在付费观看的电视的情形中,事实上将IRD安装在用户住址上,并且可能是上面描述的那种类型的攻击的目标。最好使3个链接的解码算法A1′,S′和A2′的组合的攻击比如果密报c1和c2在每个步骤d),e)和f)之间完全被重建有小得多的成功机会。然而,使用具有公开密钥e1,n1和e2,n2的算法A1′和A2′这个事实意味着在分散子系统中需要的计算方法当与在编码子系统中的计算方法比较时减少了很多。Links are not required in coded subsystems installed in secure physical environments. On the other hand it is useful in decentralized subsystems. In the case of pay-per-view television, the IRD is in fact installed at the subscriber's premises and may be the target of an attack of the type described above. It is preferable to make the combined attack of the 3 chained decoding algorithms A1', S' and A2' have much less success than if the secret messages c1 and c2 were fully reconstructed between each step d), e) and f) Chance. However, the fact of using algorithms A1' and A2' with public keys e1, n1 and e2, n2 means that the calculations required in the decentralized subsystem are much reduced when compared to those in the encoding subsystem.

用例子和固定情况,步骤a)和c),也就是说,具有专用密钥的加密步骤比具有公开密钥的解密步骤d)和f)长20倍。Using the example and the fixed case, the steps a) and c), that is to say the encryption step with the private key are 20 times longer than the decryption steps d) and f) with the public key.

在本发明的一个从上面实施例导出的特定实施例中,算法A1和A2与它们的配对物A1′和A2′是相同的。In a particular embodiment of the invention derived from the above embodiment, algorithms A1 and A2 are identical to their counterparts A1' and A2'.

在本发明的一个也从上面实施例导出的特定实施例中,在步骤c)用非对称算法A2的公开密钥e2,n2,而在步骤d)用这个算法的专用密钥d2对密报c3进行解密。当依据计算能力远没有得到分散子系统的资源时这个实施例构成一个可能的变体。In a particular embodiment of the invention, also derived from the above embodiment, in step c) the public key e2, n2 of the asymmetric algorithm A2 is used, and in step d) the secret message c3 is paired with the private key d2 of this algorithm to decrypt. This embodiment constitutes a possible variant when the resources of decentralized subsystems are far from available in terms of computing power.

虽然芯片卡主要用于解密数据,但是也有一些芯片卡具有进行加密操作所需的能力。在这种情形中,上述的攻击也将与这些离开受到保护的位置如一个管理中心进行工作的加密卡有关。这就是为什么根据本发明的方法也可应用于连续的加密操作,即一当由上游模块传递的信息的一部分可以利用时,下游模块就开始它的加密工作。这个过程的优点是可以交错许多不同的加密模块,因此在给定时间来自上游模块的结果不是全部可以利用的。然而,下游模块不用完全的结果而是靠部分结果开始它的工作,从而使得对于一个已知的输入状态或输出状态说明一个模块的工作方式是不能实行的。Although chip cards are primarily used to decrypt data, there are also chip cards that have the capabilities required to perform cryptographic operations. In this case, the above-mentioned attack will also be related to these encrypted cards working away from a protected location, such as a management center. This is why the method according to the invention is also applicable to continuous encryption operations, ie the downstream module starts its encryption work as soon as a part of the information delivered by the upstream module is available. The advantage of this process is that many different encryption modules can be interleaved, so not all results from upstream modules are available at a given time. However, downstream modules do not start their work with complete but partial results, making it impractical to specify how a module works for a known input state or output state.

我们将用下面的通过不受限制的例子取得的附图较详细地了解本发明,其中:We will understand the invention in more detail with the following drawings, taken by way of non-limiting example, in which:

图1表示加密操作。Figure 1 shows the encryption operation.

图2表示解密操作。Figure 2 shows the decryption operation.

图3表示另一种可能的加密方法。Figure 3 shows another possible encryption method.

在图1中,将数据组m引入加密链。第1个元素A1用由指数d1和模n1组成的所谓的专用密钥实施加密操作。这个操作的结果由C1表示。根据本发明的工作模式,一当结果C1的一部分可以利用时,下一个模块就开始工作。这下一个模块S用一个秘密密钥实施它的加密操作。一当它部分可以利用时,将结果C2传输给模块A2以便用由指数d2和模n2组成的所谓的专用密钥实施第3个加密操作。这个最后的结果,这里称为C3,已准备好通过已知路径如无线电波或电缆被传输出去。In Fig. 1, the data set m is introduced into the encryption chain. The first element A1 is encrypted with a so-called private key consisting of exponent d1 and modulo n1. The result of this operation is denoted by C1. According to the working mode of the present invention, the next module starts working as soon as a part of the result C1 is available. This next module S performs its encryption operations with a secret key. As soon as it is partially available, the result C2 is transmitted to the module A2 in order to carry out a third encryption operation with a so-called private key consisting of exponent d2 and modulo n2. This final result, referred to here as C3, is ready to be transmitted via known paths such as radio waves or cables.

图2表示由3个解密模块A1′,S′,A2′组成的解密系统,这3个解密模块与用于加密的那些模块相似但是次序相反。这样,我们首先从模块A2′开始,模块A2′根据由指数d2和模n2组成的所谓的公开密钥实施它的解密操作。以对于加密的相同方式,一当来自模块A2′的结果C2的一部分可以利用时,就将它传输给模块S′以便进行第2个解密操作。为了结束解密,模块A1′根据由指数e1和模n1组成的所谓的公开密钥实施它的操作。Figure 2 shows a decryption system consisting of 3 decryption modules A1', S', A2' similar to those used for encryption but in reverse order. Thus, we start first with module A2', which performs its decryption operation on the basis of a so-called public key composed of exponent d2 and modulo n2. In the same way as for encryption, as soon as part of the result C2 from module A2' is available, it is transferred to module S' for the second decryption operation. To complete the decryption, the module A1' carries out its operations according to the so-called public key composed of the exponent e1 and the modulus n1.

在本发明的一个特定实施例中,两个模块A1和A2的密钥是相同的,也就是说在加密时,d1=d2和n1=n2。类似地,当解密时,e1=e2和n1=n2。在这种情形中,我们谈到专用密钥d,n和公开密钥e,n。In a particular embodiment of the invention, the keys of the two modules A1 and A2 are the same, that is to say d1=d2 and n1=n2 when encrypting. Similarly, when decrypting, e1=e2 and n1=n2. In this case we speak of a private key d,n and a public key e,n.

在本发明的另一个实施例中,如图3和4所示,模块A2用所谓的公开密钥而不用所谓的专用密钥。在加密时,模块A2用公开密钥e2,n2(请参见图3)进行操作,当解密时(请参见图4),模块A2′用专用密钥d2,n2进行操作。尽管这种配置显示了对于解密组的总的工作情况,但是使用专用密钥增强了由模块A2提供的保密性。In another embodiment of the invention, shown in FIGS. 3 and 4, the module A2 uses a so-called public key instead of a so-called private key. When encrypting, the module A2 operates with the public key e2, n2 (see Fig. 3) and when decrypting (see Fig. 4), the module A2' operates with the private key d2, n2. Although this configuration shows a general working for the decryption group, the use of a private key enhances the security provided by module A2.

图3和4所示的例子不对其它的组合产生限制。例如,可以如此配置模块A1,使它用公开密钥进行加密操作并用专用密钥进行解密操作。The examples shown in FIGS. 3 and 4 do not limit other combinations. For example, module A1 may be configured to use a public key for encryption operations and a private key for decryption operations.

也可以用具有与模块A1和A2相同的类型的非对称密钥那类模块代替具有秘密密钥S的加密/解密模块。It is also possible to replace the encryption/decryption module with the secret key S by a module of the type with an asymmetric key of the same type as the modules A1 and A2.

Claims (10)

1. utilize the encryption and decryption method of the encrypting-decrypting module of at least three series connection, it is characterized in that in a single day each module in the middle and last encrypting-decrypting module can obtain partial information before next-door neighbour's previous encrypting-decrypting module finishes the encrypt/decrypt computing, just begin to carry out the encrypt/decrypt computing.
2. according to the method for claim 1, it is characterized in that each module in the middle and last deciphering module, just begin to be decrypted computing in case can obtain partial information from next-door neighbour's previous deciphering module.
3. according to the method for claim 1, it is characterized in that each module in the middle and last encrypting module, just begin to carry out cryptographic calculation in case can obtain partial information from next-door neighbour's previous encrypting module.
4. according to the method for one of claim 1 to 3, (A2), central module (S) is for using the type of secret symmetric key (k) for A1, S with 3 modules to it is characterized in that it.
5. according to the method for claim 4, it is characterized in that, the 1st module (A1) for encryption and last module (A2), and the 1st module (A2) for deciphering and last module (A1) are the RSA type of a private key and a public-key cryptography for using unsymmetrical key.
6. according to the method for claim 5, (A1 is A2) for encrypting with so-called private key (d, n to it is characterized in that described two modules; D1, n1; D2, n2), for deciphering with so-called public-key cryptography (e, n; E1, n1; E2, n2).
7. according to the method for claim 6, it is characterized in that described two modules (A1, A2) with identical private key (d, n) and public-key cryptography (e, n) group.
8. according to the method for claim 6, (A1 is A2) with different private keys (d1, n1 to it is characterized in that described two modules; D2, n2) and public-key cryptography (e1, n1; E2, n2) group.
9. according to the method for claim 5, it is characterized in that when encrypting, last module (A2) with so-called public-key cryptography (e2, n2), when deciphering, the 1st module (A2) with so-called private key (d2, n2).
10. according to the method for one of claim 1 to 3, it is characterized in that it with 3 encrypting-decrypting modules that use unsymmetrical key (A1, A, A2).
CNB008122938A 1999-08-30 2000-08-24 Multi-module encryption method Expired - Fee Related CN100448193C (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CH1573/99 1999-08-30
CH157399 1999-08-30
US19417100P 2000-04-03 2000-04-03
US60/194,171 2000-04-03

Publications (2)

Publication Number Publication Date
CN1371563A CN1371563A (en) 2002-09-25
CN100448193C true CN100448193C (en) 2008-12-31

Family

ID=25688037

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB008122938A Expired - Fee Related CN100448193C (en) 1999-08-30 2000-08-24 Multi-module encryption method

Country Status (27)

Country Link
EP (1) EP1208666A1 (en)
JP (1) JP2003508965A (en)
KR (1) KR20020041807A (en)
CN (1) CN100448193C (en)
AP (1) AP2002002433A0 (en)
AU (1) AU769437B2 (en)
BG (1) BG64520B1 (en)
BR (1) BR0013712A (en)
CA (1) CA2383042A1 (en)
CU (1) CU22950A3 (en)
CZ (1) CZ2002582A3 (en)
DZ (1) DZ3193A1 (en)
EA (1) EA003745B1 (en)
EE (1) EE200200106A (en)
HK (1) HK1048407B (en)
HR (1) HRP20020179A2 (en)
HU (1) HU224846B1 (en)
IL (1) IL148285A0 (en)
MA (1) MA25431A1 (en)
MX (1) MXPA02001849A (en)
NO (1) NO20020951L (en)
NZ (1) NZ517438A (en)
OA (1) OA12153A (en)
PL (1) PL353795A1 (en)
SK (1) SK2892002A3 (en)
TR (1) TR200200525T2 (en)
WO (1) WO2001017159A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7409562B2 (en) 2001-09-21 2008-08-05 The Directv Group, Inc. Method and apparatus for encrypting media programs for later purchase and viewing
US8775319B2 (en) 2006-05-15 2014-07-08 The Directv Group, Inc. Secure content transfer systems and methods to operate the same
US10397258B2 (en) 2017-01-30 2019-08-27 Microsoft Technology Licensing, Llc Continuous learning for intrusion detection

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5594797A (en) * 1995-02-22 1997-01-14 Nokia Mobile Phones Variable security level encryption

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19539700C1 (en) * 1995-10-25 1996-11-28 Siemens Ag Security chip for data protection

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5594797A (en) * 1995-02-22 1997-01-14 Nokia Mobile Phones Variable security level encryption

Also Published As

Publication number Publication date
EE200200106A (en) 2003-04-15
BG64520B1 (en) 2005-05-31
EA200200184A1 (en) 2002-06-27
HU224846B1 (en) 2006-03-28
CA2383042A1 (en) 2001-03-08
CU22950A3 (en) 2004-04-13
NO20020951D0 (en) 2002-02-27
WO2001017159A1 (en) 2001-03-08
MA25431A1 (en) 2002-04-01
EA003745B1 (en) 2003-08-28
DZ3193A1 (en) 2001-03-08
MXPA02001849A (en) 2004-02-26
NO20020951L (en) 2002-04-23
AU769437B2 (en) 2004-01-29
HK1048407B (en) 2009-09-25
HRP20020179A2 (en) 2004-02-29
BG106436A (en) 2002-10-31
KR20020041807A (en) 2002-06-03
CN1371563A (en) 2002-09-25
HK1048407A1 (en) 2003-03-28
NZ517438A (en) 2003-09-26
SK2892002A3 (en) 2002-07-02
EP1208666A1 (en) 2002-05-29
CZ2002582A3 (en) 2002-07-17
BR0013712A (en) 2002-05-07
AP2002002433A0 (en) 2002-03-31
IL148285A0 (en) 2002-09-12
HUP0202691A2 (en) 2002-12-28
AU6311800A (en) 2001-03-26
OA12153A (en) 2006-05-08
TR200200525T2 (en) 2002-07-22
JP2003508965A (en) 2003-03-04
PL353795A1 (en) 2003-12-01

Similar Documents

Publication Publication Date Title
EP3676986B1 (en) Single node multi-party encryption
US9648026B2 (en) Cryptographic method for securely exchanging messages and device and system for implementing this method
RU2579990C2 (en) Protection from passive sniffing
US20060153372A1 (en) Smart card and method protecting secret key
KR100546375B1 (en) Hardware encryption device of interdependent parallel operation method with self error detection function and hardware encryption method
EP2602952A1 (en) Cryptographic method for protecting a key hardware register against fault attacks
US7190790B1 (en) Multiple module encryption method
EP3188000A1 (en) System and method for hiding a cryptographic secret using expansion
US7841014B2 (en) Confidential information processing method, confidential information processor, and content data playback system
EP1416664A2 (en) Data encryption method
CN100448193C (en) Multi-module encryption method
CN107766725B (en) Template attack resistant data transmission method and system
Breier et al. A survey of the state-of-the-art fault attacks
McEvoy et al. All-or-nothing transforms as a countermeasure to differential side-channel analysis
Mukhopadhyay et al. On the effectiveness of TMTO and exhaustive search attacks
Sisodia et al. A Survey on Network Security and Security Authentication using Biometrics
Chalurkar et al. Survey on modular attack on RSA algorithm
JP5556955B2 (en) Cryptographic processing apparatus, authentication method, and program
Shinde et al. Selectively Encrypted Pull-Up Based Watermarking of Biometric data
Mandal et al. Securing Message using Recursive Modulo-2 and Key Rotation Operation (RMRO)

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
REG Reference to a national code

Ref country code: HK

Ref legal event code: GR

Ref document number: 1048407

Country of ref document: HK

C56 Change in the name or address of the patentee

Owner name: NAGRA IMAGE CO., LTD.

Free format text: FORMER NAME: NAGELAKADE CO., LTD.

CP01 Change in the name or title of a patent holder

Address after: Swiss shesuo - Suhl - Lausanne

Patentee after: Nagravision SA

Address before: Swiss shesuo - Suhl - Lausanne

Patentee before: Nagrakad S. A.

CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20081231

Termination date: 20180824

CF01 Termination of patent right due to non-payment of annual fee