SYSTEM AND METHOD FOR SENDING AND/OR RECEIVING ENTROPY AND ENTROPY EXPANSION

Abstract

A message is embedded within an entropy stream. The message is encrypted using a onetime pad (OTP) and thus looks like part of the entropy string since the OTP encrypted messages is, as long as the “pad” material and message content are known, itself random to the observer. The encrypted message contains information used to identify and/or point to relevant information in another part of the entropy stream. For example, the OTP-encrypted message may indicate the number of units of the message, and point to a position in another part of the stream where another message is located. The stream may be randomly and deterministically expanded. Other techniques encrypt a stream using standard encryption, the stream comprising messages that are deterministically OTP encrypted; expand said encryption using a byte vector/array of randomness including at least one random vector; periodically swap out at least one member from the vector; hide vector random bytes in messages and/or using the messages to direct which bytes to remove from the stream of randomness/entropy; and store a stash of randomness separately from the messages and/or pull off the random/entropy stream as directed by the messages. By using true random and determinism, we create a method of generate a known pool of randomness that, if intercepted, cannot be discovered through mathematical analysis.

Claims

1. A secure transmission method comprising: embedding a onetime pad encrypted message within a random message stream, the onetime pad encrypted message comprising at least a pointer within the same or different stream to another one time pad encrypted message; and transmitting the random message stream including the embedded one time pad encrypted message to at least one receiver.

2. A secure receiving method comprising: receiving a random message stream including an embedded one time pad encrypted message; and decrypting the one time pad encrypted message to obtain at least a pointer to another one time pad encrypted message within the same or different stream.

3. A method comprising: receiving entropy; receiving at least one message with the entropy, the received message containing an instruction for expanding the transmitted entropy; recovering the instruction from the message using a One Time Pad decryption; and expanding the received entropy based on the instruction using a deterministic process.

4. The method of claim 3 wherein the at least one message is embedded in the received entropy.

5. The method of claim 3 wherein the entropy is transmitted over the Internet.

6. The method of claim 3 further including generating the entropy with a random number generator.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0013] Features and advantages of example non-limiting implementations may be understood from the following detailed description of example non-limiting embodiments, in conjunction with the drawings of which:

[0014] FIG. 1 shows an example non-limiting random information sharing system.

[0015] FIG. 1A shows an example entropy sending system,

[0016] FIG. 1B shows an example entropy receiving system.

[0017] FIG. 2 shows an example non-limiting entropy stream format.

[0018] FIG. 2A shows an example non-limiting embedded system message.

[0019] FIG. 3 shows an example entropy expansion technique.

[0020] FIG. 4 shows an example non-limiting transmission of an entropy stream.

[0021] FIG. 5 shows a system that expands the transmitted entropy stream.

DETAILED DESCRIPTION OF NON-LIMITING EMBODIMENTS

[0022] Non-limiting features and advantages of example non-limiting embodiments include: [0023] A stream that in some embodiments can use standard encryption [0024] Messages (deterministic) are OTP encrypted in the stream [0025] Both sides expand the encryption using byte vectors/arrays of randomness [0026] There is one or plural (e.g., two) random vectors [0027] Plural N (where N may be a random number) vectors provides better obfuscation (it may simply be a second pass) [0028] N number vectors have members periodically swapped out. [0029] Vector random bytes are hidden in messages; or in other embodiments, the messages direct which bytes may be swapped out from the stream of randomness/entropy. [0030] In some embodiments, a small stash of randomness is stored separately and comes in the messages and/or is pulled off the random/entropy stream as directed by the messages. This has a separate expansion vector process. [0031] Such a separate stash could also come from the expanded entropy as directed by the messaging. [0032] Vectors can start at different points per expansion as directed. [0033] Vectors can also be scrambled as directed per pass.

[0034] In one example non-limiting implementations, random information is transmitted in unencrypted form over a communications channel. In most practical systems, the designers of the system will assume that an attacker will have access to and can eavesdrop upon the random stream transmission.

[0035] In example non-limiting embodiments, a message is embedded within the stream. The messages encrypted using a random one time pad (OTP) look like part of the random string since the OTP is itself random. The encrypted message contains information used to identify and/or point to relevant information in another part of the random stream. For example, the OTP-encrypted message may indicate the number of units of the message, and point to a position in another part of the stream where another message is located.

[0036] In some example embodiments, the message is also a random string, i.e., a sequence of random values generated by a random number generator. Using a random One Time Pad to transpose or encrypt a sequence of random values results in a random string that cannot be attacked through frequency analysis or any other known cryptanalysis—it is perfectly secure. In some embodiments, the resulting random string is further encrypted using conventional encryption (e.g., AES 256 or any other symmetrical or asymmetrical encryption) before transmission. If desired, further precautions such as cryptographic key rotation, port rotation, and/or transmission of decoy stream, may be used to further increase security and make the random string inaccessible to an attacker. However, even if the attacker could defeat such additional security to obtain the transmitted random string, the attacker would still not be able to learn the underlying random string message because it has been encrypted using a perfectly secure One Time Pad.

[0037] In some non-limiting embodiments, the amount of transmitted random (entropy) data actually used to enable cryptographic processes can be reduced or minimized, and each (or multiple) ends of a cryptographic process can used shared secrets to expand the entropy data as needed. The shared secrets can be transmitted in additional expansion-instruction messages embedded within the stream that provide vectors for entropy expansion. These expansion-instruction messages can be entrypted using one time pads that comprise parts of the entropy stream or the expanded entropy stream. In some embodiments, the expansion-instruction messages can be shared at times that are different from when the entropy data is transmitted, using different communications channels. In some embodiments, the expansion-instruction messages could be shared in a highly secure way such as by courier or personal meeting. For example, they could be stored in tamper-resistant dongles or other memory devices that are provided in physical form.

[0038] When an attacker intercepts a random stream transmitted over the Internet or other insecure communications channel, he or she will not be able to distinguish the encrypted message from any other part of the stream. Because the message (which may itself be entropy) is encrypted using a onetime pad, it is perfectly secure. Only if one knows where the message is embedded and the length and format of the message as well as the random information used to encrypt the message using the one time pad (which, in a correct implementation is not accessible), is it possible to decrypt the message in order to learn its contents. In some cases, message contents indicate the other parts of the stream that contain particular random data used to encrypt messages to be communicated, expansion vector information (instructions used to expand the entropy stream), as well as other housekeeping information such as check sums and time stamps. In short, this system uses determinism and randomness to remove all but the expansion pass(es). For expansion, the vector, provided in the OTP encrypted messages, and the output are known. Even if we do not encrypt the stream of randomness to be expanded, the expanded entropy is still unknown. The proof, we know the random data is 10, is: 10.Math.Y=Z. There is no way to discover the values of Y or Z as there is not enough information. This makes discovering the expanded randomness impossible through mathematical analysis.

[0039] In accordance with other non-limiting aspects, the entropy transmission system can “farm” the output of the entropy generator in order to harvest random data for use. In such example non-limiting implementations, the system may direct the output of an entropy generator to a buffer in a memory device. The system may harvest selected portions of the buffer, deduplicate them to avoid possible duplicative information (although this will generally not be necessary if the entropy is truly random), and transmit the deduplicated information over a communications channel. The harvesting and deduplication processes are preferably performed in such a way that does not decrease the amount of entropy in the information being sent.

[0040] Example Entropy Farming System

[0041] FIG. 1 shows an example non-limiting entropy transmission system 50 including an entropy transmitter 100 and an entropy receiver 200. Within entropy transmitter 100, an entropy generator (random or pseudorandom number generator) 102 generates a stream of random or pseudorandom data values. This stream is “farmed” by an entropy farmer 103 and stored in an entropy pool 106. The entropy pool 106 is harvested or reaped by an entropy reaper 108 and formatted into entropy files 250. The files 250 are provided to an entropy sender (transmitter) 116 for transmission/communication to an entropy receiver 202.

[0042] The entropy receiver 202 recovers the entropy files 250′ and stores the received entropy files in an entropy cache 210 for use in any application where entropy is useful.

[0043] FIG. 1A shows an example entropy generator and transmission system 100 in the particular context of an encrypted message transmission system. System 100 includes entropy generator 102 that generates random or pseudorandom data with a high degree of entropy, i.e., unpredictability. Such generator 102 can operate on known principles based on for example electrical discharge, temperature fluctuations, quantum physics, etc. The entropy generator output 104 is “farmed” by being selectively written into a memory 106 such as a magnetic disk drive, a semiconductor memory or any other storage device to provide an entropy pool. An entropy “harvester” or “reaper” 108 reads random or pseudorandom data from memory (entropy pool) 106, just as a combine harvests crops from a farmer's field, breaking the data up into files or blocks. The entropy data can be “conditioned” such as (but not limited to) deduplicated by a deduplicator 110 as part of this process to eliminate redundancy (if necessary) to provide a random stream of values use such as by encryption performed by encryptor 112. Deduping may also be performed right before expansion. This further hides OTP encrypted messages embedded in the data stream that will likely contain some duplicates. This further masks the messages in the steam of random information. To that point, conditioning/deduplicating can be performed in any order. A file formatter 114 formats the deduplicated random values into files (which may be of variable length). In some embodiments, files are not deduplicated until they reach the receiver and/or are expanded at the receiver (see below).

[0044] The system 100 also inserts, preferably at some random position within the random file stream, an embedded message encrypted using a One Time Pad (OTP).

[0045] A transmitter 116 transmits the file stream with embedded message(s) over one or more entropy channel(s). See e.g., U.S. Pat. Nos. 8,995,652 and 9,584,313. Port facading and other moving target defense strategies may be used to make it more difficult for an attacker to intercept any useful portion of the transmitted stream. The same or different transmitter 118 may be used to transmit, over the same or different channels, ciphertexts of messages the encryptor 112 encrypts.

[0046] FIG. 2 shows an example output stream that the FIG. 1A transmit system 100 generators. The output stream comprises a plurality of sequentially transmitted files 250 embedded in which is an OTP encrypted message 252. Message 252 may comprise a number of fields including for example:

[0047] number of files 254

[0048] file names 1-N (256(1)-256(N)) corresponding to N files 254

[0049] cyclic redundancy check (CRC) values 258—one for each file

[0050] pointer 260 to the position of another message in the same or different file stream.

[0051] a random variable length pad 252a.

[0052] In the embodiment shown in FIG. 2, the overall transmission stream is not encrypted but the embedded message portion is encrypted. In other example embodiments, some or all of the rest of the transmission stream is also encrypted using conventional encryption such as AES, DES, Public Key, block cipher chain or any other conventional form of encryption.

[0053] FIG. 2A shows another example non-limiting embedded system message. In example embodiments, system messages are put at different spots in the OTP stream and are variable in length. The number of OTPs being sent is also variable to ensure the streams cannot be easily identified. The System Messages are OTP encrypted to ensure they cannot be decrypted by an attacker. They contain deterministic information around port rotation, expansion and other important information required to keep the two sides of the OTP transfer in synchronization.

[0054] The number of files 254 may be variable and may change randomly with each transmission. Thus, the number of files needed to cover a particular cache is a moving target that an attacker will not be able to predict beforehand.

[0055] The pointer 260 in some examples could point to the position of the next message 252 in the same file stream. In other implementations, the file stream could be transmitted in any order, and message 252 could point to a previously transmitted part of the file stream as opposed to a part of the file stream that already has been transmitted. The system 50 preferably locates the initially transmitted message via some convention that is not known to or discoverable by an attacker, and that can itself be randomized.

[0056] The message 252 is padded with a random length data string 252a of random content. Additional random content may be included in other parts of the stream in some embodiments such as before and/or after the file stream (or in some cases, in between files).

[0057] FIG. 1B shows an example non-limiting receiving system 200. Receiving system 200 includes a receiver 204 that receives information transmitter 118 transmits over message channel(s) 120, and the same or different receiver 202 that receives information transmitter 116 transits over entropy channel(s) 117. Receiver 202 provides the received random stream to a deformatter 206 that deformats the transmitted information to recover the original stream and also recovers the embedded formatting message (which is recovered using OTP decryption). In the example shown, the deformatter 206 uses information in the recovered message to resolve the received stream into file structures matching (or at least bearing a predetermined relationship with) the corresponding file structures at transmitter 100. An error corrector 208 uses forward error correction information from the recovered embedded information to correct errors in the received stream. The output of error corrector 208 may be provided to buffer in a memory (pool) 210, and may also be provided to a decryptor that decrypts the ciphertext received by receiver 204 to provide clear text.

[0058] While transmitter 100 includes an encryptor 112 and transmitter and receiver 200 includes a receiver 204 and decryptor 212 to convey encrypted messages securely, other embodiments (such as shown in FIG. 1) need not include such components and may instead use the system primarily or exclusively to convey entropy from transmitting system 100 to receiving system 200. Alternatively, systems 100, 200 could include additional components in addition to those shown that use the communicated entropy for any purpose including but not limited to science, art, statistics, cryptography, gaming, gambling, and other fields.

[0059] The examples shown in FIGS. 1A, 1B can be implemented in any desired structure including hardware, software or a combination of hardware and software. For example, in one implementation, one or more hardware processors and/or processors executing software are used to implement the various blocks of FIGS. 1A, 1B. For example, the steps described herein can be performed by at least one processor based on instructions stored in one or more non-transitory memories that the processor executes. The channels 117, 120 can be any type of communications channels including but not limited to wired or wireless, Internet, cellular telephone, remote or local, and/or sneakernet.

[0060] Example Entropy Expansion

[0061] As shown in FIG. 1, system 50 includes further an additional entropy expansion feature including entropy expanders 300 that develop additional entropy, acting as a sort of an entropy synthesis. FIG. 3 shows how an entropy file 250(A) can be expanded into any number N of entropy files 250(1), . . . , 250(N) comprising new random files 290(A.1), . . . 290(A.N). An expansion manifest 302 (see FIG. 1) is used for the expansion function. The expansion function in one example non-limiting embodiment does not add any additional entropy, but rather provides a non-random transformation between the original entropy file and a number of additional new files 290 which are different from one another but still have the same entropy as the original entropy file. Example transformations for the expansion manifest 302 could include for example XOR, addition, multiplication, or any mathematical and/or logical transformation. One example is to XOR the file against a randomly-selected vector of files, and discarding the file immediately after a single use. The vector of files can be randomly selected after each use. Such expansion not only reduces the amount of information that needs to be exchanged, but also means that the new random files actually used by an application to provide random values are never themselves transmitted or otherwise revealed outside of the transmitter 100 and receiver 200 (each side independently derives them from other information).

[0062] If the expansion vector is randomly and deterministically changed, the overall message does not need to be encrypted before transmission and will nevertheless remain secure. Security is derived from the deterministically random expansion vector feature, which has the effect of preventing an attacker from learning the content of the underlying, untransmitted random string. Other embodiments may encrypt some or all of the message using for example standard encryption techniques.

[0063] Example Entropy Expansion System

[0064] FIGS. 4 and 5 show a further embodiment of an entropy transmission and expansion system 1000. FIG. 4 shows an example transfer process and FIG. 5 shows a transfer and expansion process. The expansion creates an even more secure transfer as the raw entropy is not actually what is being used for encryption. As long as everything on both ends remains secure, there is no way to discover the actual “Pad” used for encryption. In this context, True Random data is being referred to as “entropy” and what we are OTP encrypting with as a pad in this expansion scenario. Once we process it, it is no longer entropy by strict definition but we can prove it is still unknown, hence true, random. When true randomness is used with determinism, we are reaching perfect security when this expanded randomness is used for OTP Encryption of data ancillary to this system.

[0065] In the FIG. 4 example shown, an entropy service 1002 transmits entropy to an entropy client 1004. The entropy service 1002 generates the entropy as discussed above using an RNG, and transmits it over a potentially insecure or open channel such as the Internet. The entropy service 1002 may transmit the same entropy to multiple entropy clients 1004(1), 1004(2), . . . 1004(n) over the same or different communications channels. The entropy client(s) 1004 can use the entropy for any of a variety of applications including but not limited to cryptographic processes such as encryption and/or authentication. For example, the entropy service 1002 may send entropy to two clients 1004(1), 1004(2) which will use the (now shared) entropy to encrypt and decrypt messages the clients exchange among themselves.

[0066] In the FIG. 4 example, the entropy stream the service 1002 sends to the client(s) 1004 is encrypted. Encryption may be performed using a conventional secure encryption method such as AES 256 or any successors to such encryption standard in common use at the time you are reading this. See e.g., Federal Information Processing Standards. 26 Nov. 2001 doi:10.6028/NIST.FIPS.197.

[0067] Additional messages 1006 are embedded in the FIG. 4 stream. These additional messages 1006(1), 1006(2), . . . 1006(n) comprise OTP encrypted messages and hidden entropy. In this non-limiting embodiment, the OTP encrypted messages 1006 include deterministic information about port rotation, key changes for the legacy (AES256) encryption, entropy rotation (vectors) for expansion and entropy to be expanded for these messages as well as other system information. The configuring of messages 1006 follows the rules of the Vernam Cipher so they are perfectly secured messages. All other information in this stream is pure entropy encrypted with any legacy encryption such as AES256. This is also perfectly secure from brute force discovery as the payload is entropy which is random and unknown.

[0068] As shown in FIG. 5, the entropy client 1004 expands the received entropy using the received entropy expansion vectors and a deterministic process. These expansion vectors are instructions or “a recipe” for expanding the received entropy using a deterministic process. Entropy expansion follows the same basic rules as the One Time Pad. The simple proof is exactly the same:

X+Y=Z.

[0069] As long as two as the variables remain unknown, there is no way to solve for the problem. In this case, we ensure this by One Time Pad encrypting both the vector information and the message information to be expanded. As long as the base entropy is true random for all parts, the result will be an even distribution of probability that will be unsolvable.

[0070] Each message 1006 in this example is OTP encrypted. It contains message (msg) entropy as well replacement entropy for the expansion vector. It also contains determistic messages around rotation. This ensures that the expansion vector, the entropy used to encrypt these messages and any command/control data is perfectly secure and remains unknown. It also ensures that no known data is sent in the raw entropy stream. Command and control information would be repeatable data that could be used to decrypt the legacy encryption protecting the raw entropy. This leaves no opportunity for brute force cracking of the legacy encryption.

[0071] As FIG. 5 shows, the raw base entropy and the message entropy are stored separately in separate storage/buffer devices 1012, 1014 and used for different purposes. In this example, the expanded message entropy or pad is used to decrypt messages 1006 (i.e., as overhead to support system 1000), and the expanded base entropy or pad is used by the entropy client 1004 for the any desired application as discussed above including but not limited to one time pad encryption of messages to be exchanged with one or multiple parties.

[0072] A processor, circuit, or other computing device expands each stored entropy by performing an expansion process 1020 using the techniques described above based on the received expansion vectors. The expansion process 1020 for the raw base entropy can but need not be the same as the expansion process for the message entropy. In the example show, the expansion process is a simple XOR with additional secret random entropy data shared in messages 1006. Multiple such XOR operations with multiple streams of additional shared secret entropy data yield any desired quantity of entropy. The expanded entropy is stored in storage devices 1016, 1018 and used as an expanded base entropy or pad and an expanded message entropy or pad, respectively.

[0073] In some non-limiting embodiments, the messages 1006 provide information in the way of pointers, indices or other constructs to synchronize or line up the resulting expanded entropy for use. For example, not all of the expanded entropy needs to be used—only a subset of the expanded entropy might be used in some embodiments. Additionally, the resulting expanded entropy can be rotated or substituted as needed with other expanded entropy.

[0074] All items cited above are hereby incorporated by reference as if expressly set forth.

[0075] While the invention has been described in connection with what is presently considered to be the most practical and preferred embodiments, it is to be understood that the invention is not to be limited to the disclosed embodiments, but on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.