Method and system for encrypting/decrypting data with ultra-low latency for secure data storage and/or communication

Abstract

The system comprises a sending entity (100) and a receiving entity (200). The sending entity (100) is suitable for generating a random mask (MA) with m bits; applying an XOR operation between the raw data block to be encrypted (T) and the random mask (MA) thus generated to obtain a primary encrypted block (CPV) with m bits; and applying a permutation (PE) on the concatenation of the random mask (MA) and the primary encrypted block (CPV) to obtain a secondary encrypted block (CS). The receiving entity (200) is suitable for receiving the secondary encrypted block (CS) of 2*m bits; applying an inverse permutation (PI) on the secondary encrypted block thus received to obtain the de-concatenation of a random mask (MA) and a primary encrypted block (CPV) with m bits; and applying an XOR operation between the primary encrypted block (CPV) and the random mask (MA) thus de-concatenated to obtain a block in clear (T) with m bits. The permutation (PE) and its inverse permutation (PI) are secret and only shared and known by the communicating entities (100, 200).

Claims

1. A method for asynchronous symmetrical encryption of an initial message in clear (T) in N successive blocks of m bits each of raw data implemented between a sending entity (100) and a receiving entity (200), characterized in that, for each block (T) of m bits to be encrypted, the following steps are performed: generating a new disposable random mask (MA) of m bits for each block (T) of m bits to be encrypted; applying an exclusive OR (XOR) operation between the raw data block to be encrypted (T) and the random mask (MA) thus generated to obtain a primary encrypted block (CPV) of m bits; and applying a permutation of bits (PE) on the concatenation of the disposable random mask (MA) and the primary encrypted block (CPV) to obtain a secondary encrypted block (CS) of 2*m bits, the permutation (PE) being secret and only shared and known by the sending (100) and receiving (200) entities.

2. The method according to claim 1, characterized in that the size m of the blocks to be encrypted (T) is a multiple of 2.

3. The method according to claim 1, characterized in that the bit permutation (PE) substantially has no fixed point.

4. The method according to claim 1, characterized in that it further comprises a prior step for secret communication of the bit permutation (PE) intended for the receiving entity (100) and the sending entity (200).

5. A method for the asynchronous symmetrical decryption of a message encrypted according to the data encryption method implemented between a sending entity (100) and a receiving entity (200) according to claim 1, characterized in that it comprises the following steps: receiving a secondary block of 2*m bits encrypted according to claim 1, applying an inverse bit permutation (PI) on the secondary encrypted block thus received to obtain the de-concatenation of a random mask of m bits (MA) and a primary encrypted block (CPV) of m bits; applying an exclusive OR operation (XOR) between the primary encrypted block (CPV) and the random mask (MA) thus de-concatenated to obtain a block in clear (T) of m bits, the inverse permutation (PI) being secret and only shared and known by the sending (100) and receiving (200) entities.

6. A non-transitory computer-readable medium storing instructions for implementing, via a processor, the encryption method according to claim 1 when said instructions are executed by said processor.

7. A system for the asynchronous encryption/decryption of an initial message in clear (T) of N successive blocks of m bits each of raw data between a sending entity (100) and a receiving entity (200), characterized in that the sending entity (100) includes a hardware processor that is configured to perform steps of: generating a new random mask (MA) of m bits for each block (T) of m bits to be encrypted; applying an exclusive OR operation (XOR) between the raw data block to be encrypted (T) and the random mask (MA) thus generated to obtain a primary encrypted block (CPV) of m bits; applying a bit permutation (PE) on the concatenation of the random mask (MA) and the primary encrypted block (CPV) to obtain a secondary encrypted block of 2*m bits (CS), while the receiving entity (200) includes a processor that is configured to perform steps of: receiving the secondary encrypted block of 2*m bits thus encrypted (CS) coming from the sending entity (100); applying an inverse bit permutation (PI) on the secondary encrypted block (CS) thus received to obtain the de-concatenation of a random mask (MA) of m bits and a primary encrypted block (CPV) of m bits; applying an exclusive OR operation (XOR) between the primary encrypted block (CPV) and the random mask (MA) thus de-concatenated to obtain a block in clear (T) of m bits, the permutation (PE) and its inverse permutation (PI) being secret and only shared and known by the sending (100) and receiving (200) entities.

8. The system according to claim 7, characterized in that the sending entity (100) and the receiving entity (200) communicate the secondary encrypted data (CS) between one another through a communication channel (400).

9. The system according to claim 7, characterized in that the secondary encrypted data (CS) is stored in at least one of a volatile memory and a non-volatile memory.

10. The system according to claim 7, characterized in that the processor of at least one of the sending and/or receiving entity (100, 200) includes one of fixed and programmable logic circuits.

Description

(1) Other features and advantages of the invention will appear in light of the description and drawings, in which:

(2) FIG. 1 is a flowchart illustrating the steps of the encryption method according to the invention;

(3) FIG. 2 is a flowchart illustrating the steps of the decryption method according to the invention;

(4) FIG. 3 is a flowchart illustrating the steps of the encryption method by block in which the last block of the message has a size identical to that of the block;

(5) FIG. 4 is a flowchart illustrating the steps of the encryption method by block in which the last block of the message has a size smaller than that of the block;

(6) FIG. 5 is a flowchart illustrating the steps of the decryption method according to the invention in which the last block of the method has a size identical to that of the block;

(7) FIG. 6 is a flowchart illustrating the steps of the decryption method according to the invention in which the last block of the message has a size smaller than that of the block;

(8) FIG. 7 schematically illustrates the method for encrypting/decrypting data stored on a permanent memory, non-volatile memory or the like;

(9) FIG. 8 schematically illustrates the communication of encrypted data between two entities;

(10) FIG. 9 schematically illustrates the communication of encrypted data between two entities with prior decision by the entity using the inverse permutation; and

(11) FIGS. 10, 11, 12, and 13 illustrate examples of encrypted/decrypted messages according to the invention.

(12) In reference to FIG. 1, an initial message in clear T to be encrypted has m raw data bits. A random generator GA generates a random mask MA with m bits. For example, the random generator is based on the observation of a physical phenomenon. Alternatively, the generator GA may be of the quasi- or pseudorandom type.

(13) The random mask MA with m bits is generated for each new message T to be encrypted. As described above, it is the random mask MA that will serve as encryption key.

(14) An exclusive OR operation (XOR) is then applied between the message in clear T to be encrypted and the random mask MA thus generated to obtain a primary encrypted message CPV with m bits. As described above, the primary encrypted message CPV is a “Vernam” cipher with the qualities described above that result therefrom.

(15) Lastly, a bit permutation PE is applied on the concatenation of the random mask MA with m bits and the primary encrypted block CPV with m bits to obtain a secondary encrypted message CS with 2*m bits (two times m bits). The size of the secondary encrypted message CS is therefore twice that of the message T to be encrypted.

(16) The permutation of bits PE is secret and only shared and known by sending and receiving entities that will be described in more detail hereinafter in reference to FIGS. 7 to 9.

(17) Preferably, the permutation of bits substantially has no fixed point (derangement). Examples of permutation of bits PE are described in reference to FIGS. 10 to 13.

(18) The computing security of the encryption depends on the size p of the permutation and the number of its fixed points. Ideally, it is preferable use permutations without fixed points, also called derangements.

(19) In reference to FIG. 2, we have described the decryption method counteracting the encryption method described in reference to FIG. 1. The message to be decrypted is made up of 2*m bits. The shared secret is a permutation of bits PE with size 2*M bits, for which it is necessary to use the inverse permutation PI for the decryption. One thus applies an inverse permutation PI on the secondary encrypted block thus received to obtain the de-concatenation of a random mask of m bits MA and a primary encrypted block CPV of m bits. One next applies an exclusive OR operation (XOR) between the primary encrypted block CPV and the random mask MA thus de-concatenated to obtain a block in clear T of m bits corresponding to the original message with m bits.

(20) In reference to FIG. 3, we have shown block encryption of a message in clear made up of N blocks with m bits each. Here, the last block N of the message to be encrypted has size m bits. In this example, a new block N+1 is then added to the message T to be encrypted.

(21) The processing of the block N is according to that described in reference to FIG. 1 to arrive at a secondary encrypted block CS N of 2*m bits.

(22) The processing of the block N+1 consists of creating a padding (filler) block N+1 here referenced BG N+1 made up of a bit with binary value 1 followed by m−1 bits with binary value 0. One then applies the encryption of the block BG N+1 using the method according to FIG. 1 to arrive at the secondary encrypted block CS N+1 with 2*m bits that makes up the last block of the encrypted message.

(23) In reference to FIG. 4, block encryption is shown of a message in clear made up of N blocks with m bits each in which the last block N has a size d smaller than m bits. In this example, one adds (padding or filler) m−d bits to the block N to obtain a block N with m bits. In practice, the filler consists of adding a bit with binary value 1 followed if necessary by several bits with binary value 0. This block constitutes the last block of the encrypted message.

(24) The processing of block N−1 is according to that described in reference to FIG. 1 to arrive at a secondary encrypted block CSN−1 with 2*m bits.

(25) The processing of the block N consists of encrypting the block N thus filled and here referenced BG N. One then applies the encryption of the block BG N using the method according to FIG. 1 to arrive at a secondary encrypted block CS N with 2*m bits.

(26) In reference to FIG. 5, we have described the decryption method counteracting the encryption method described in FIG. 3. The message to be decrypted is made up of N*2*m bits. The shared secret is a permutation of bits PE with size 2*m bits for which it is necessary to use the inverse permutation PI for the decryption.

(27) To determine the size of the message to be decrypted, one should look in the last secondary encrypted block CS and seek to determine the first bit with binary value 1 starting from the end. If this bit at 1 is the first bit of block N, then the preceding block is the last block to be decrypted. Thus, from an encrypted message made up of N*2*m bits, one obtains a message in clear made up of N−1 blocks for a total of (N−1)*m bits.

(28) In reference to FIG. 6, the decryption method is described that counteracts the encryption method described in reference to FIG. 4. The message to be decrypted is made up of N*2*m bits. The shared secret is a permutation of bits PE with size 2*m bits for which it is necessary to use the inverse permutation PI for the decryption.

(29) To determine the size of the message to be decrypted, one needs to look in the final secondary encrypted block CS and seek to determine the first bit with binary value 1 starting from the end. If this bit at 1 is not the first bit of the block N, then all of the bits to its left constitute the final data bits of the message in clear, i.e., the first d bits of the block N.

(30) Thus, from an encrypted message made up of N*2 m bits, one obtains a message in clear made up of (N−1)*m+d bits, with d less than m.

(31) In reference to FIG. 7, a data processing module 50 is shown intended to be incorporated into a microprocessor or microcontroller computer system and wherein the processing method according to the invention is implemented on a memory of the type belonging to the group formed by a mass memory, a permanent memory, a volatile memory, a nonvolatile memory (hard drive, flash memory, magnetic tape, optical disc, memristor, etc.) or the like.

(32) In practice, the step for writing in the memory 300 consists of receiving a data block in clear T of m bits and applying it 102 to the encryption device 100, which delivers, as output 104, a secondary encrypted block CS of 2*m bits after permutation of bits PE of 2*m bits. The secondary block CS is stored via the input 302 in the memory 300.

(33) Reciprocally, the reading step 304 in the memory 300 consists of reading a block of encrypted data of 2*m bits and applying it 202 to the decryption device 200, which delivers, as output 204, a block in clear T of m bits after inverse permutation PI of 2*m bits.

(34) For example, the architecture of the encryption 100 and decryption 200 devices comprises a processor, a memory and a communication interface connected to one or several data buses (not shown).

(35) In reference to FIGS. 8 and 9, a communication channel 400 is shown for exchanging encrypted data between two entities, individualized into ALICE and BOB.

(36) In reference to FIG. 8, the entity ALICE applies the permutation of bits PE to the encryption device 100-A while the entity BOB applies its inverse permutation PI to the decryption device 200-B to exchange encrypted data CS from ALICE to BOB via the communication channel 400. Reciprocally, the entity BOB applies the permutation PE to the encryption device 100-B while the entity ALICE applies its inverse permutation PI at the decryption device 200-A to exchange encrypted data CS from BOB to ALICE via the communication channel 400.

(37) For example, the communication channel 400 is of the optical, wired or wireless type.

(38) In reference to FIG. 9, an alternative is shown in which it is decided beforehand that it is ALICE who will use the permutation PE both for encryption and decryption while the entity BOB will use only the inverse permutation PI both for encryption and decryption.

(39) In reference to FIGS. 10 to 12, examples of encryptions are shown from blocks with 16 bits. In practice, the method according to the invention applies to permutations of bits with sizes that are multiples of 2.

(40) To facilitate the reading, the examples are given in Hexadecimal coding.

(41) The block T with 16 bits in clear here is equal to 0x3432 in Hexadecimal code. The random mask

(42) MA is equal to 0x13E7 in Hexadecimal. The primary cipher CPV is equal to 0x27D5. The secondary cipher is equal to 0x8A51ECFB in Hexadecimal.

(43) By applying a padding of 0x8000 (FIG. 11), the secondary encrypted message is equal to 0x8A51ECFB7B31BCF7 in Hexadecimal.

(44) By applying a padding of 0x80 (FIG. 12) to block 0x31, the secondary encrypted message CS is 0x79BE5E5E01C4A4D4B in Hexadecimal.

(45) In reference to FIG. 13, we have shown an example message in clear T on 28 bytes corresponding to the message in clear “Liberty Equality Fraternity”. The encryption method according to the invention may provide several different random secondary encrypted messages CSa and CSb from a single permutation of bits PE. In the example of FIG. 13, the permutation has size 32 bits.