Method and device for encrypting digital data, associated method and device for decryption
The method partitions messages into sub-messages using cryptographic parameters to enable efficient, partial decryption and authentication of sub-parts, addressing inefficiencies in existing encryption methods for embedded systems.
Patent Information
- Authority / Receiving Office
- FR · FR
- Patent Type
- Applications
- Current Assignee / Owner
- THALES SA
- Filing Date
- 2024-12-18
- Publication Date
- 2026-06-19
Abstract
Description
Title of the invention: Method and device for encrypting digital data, associated method and decryption device
[0001] The present invention relates to a method for encrypting digital data forming a message comprising a sequence of initial blocks of predetermined size.
[0002] The invention also relates to an associated digital data encryption device, and an associated encryption computer program, as well as an associated decryption method, decryption device and decryption computer program.
[0003] The invention lies in the field of securing digital data within software or hardware components.
[0004] Encryption of digital data is critical to ensure data security and prevent the appropriation of confidential data by third parties.
[0005] Several mechanisms for encrypting and decrypting digital data have been developed and standardized.
[0006] AES encryption (for "Advanced Encryption Standard") was standardized by NIST ("National Institute of Standards and Technology") in 2001. AES encryption takes as input 128-bit (or 16-byte) blocks and cryptographic keys of 128, 192, or 256 bits. However, AES encryption is poorly suited for use in embedded environments with limited computing resources.
[0007] To better suit implementation with limited computing resources, the ASCON lightweight cryptography standard was selected. The ASCON standard ensures confidentiality and authenticates digital data, as described in the specification "Ascon-Based Lightweight Cryptography Standards for Constrained Devices: Authenticated Encryption, Hash, and Extendable Output Functions," published under NIST SP 800-232.
[0008] In its current version, the ASCON standard uses, in AEAD mode (for "Authenticated Encryption with Associated Data"), a sequence of encryptions of predetermined-size blocks forming a message to be encrypted. More precisely, ASCON's AEAD mode, after initialization and then processing of the associated data, encrypts the plaintext sequentially block by block by applying the XOR (exclusive OR) operation to the current initial (plaintext) block and to a part of the internal state, which will also be called the internal key, in order to obtain the corresponding ciphertext block. This ciphertext block is then re-injected into the internal state; the repeated application of a permutation on the internal state then makes it possible to obtain the internal state that allows encryption. of the next initial block and so on. The decryption operation proceeds similarly to decrypt the blocks, from the first to the last, by applying the XOR operation to the encrypted block and to a part of the current internal state.
[0009] This sequence does not allow for partial decryption: to decrypt a sub-part of a message, it is necessary to decrypt all the blocks preceding the blocks of the sub-part of the message to be decrypted. Furthermore, authentication necessarily applies to the entire encrypted message.
[0010] In certain practical applications, it is useful to be able to decipher sub-parts of an encrypted message without having to decipher the entire message, or at least all the blocks of the message preceding the sub-part of the message that one wishes to decipher.
[0011] The invention aims to remedy the aforementioned drawbacks by proposing an encryption method and device of the type described above but allowing access for decryption by sub-parts.
[0012] To this end, the invention relates to a method for encrypting digital data forming a message comprising a sequence of initial blocks of predetermined size, each initial block having an associated index in said sequence of blocks. The encryption comprises an initialization step implementing a triplet of cryptographic parameters to provide an internal key, and a chain of block ciphers of the initial blocks depending on the internal key. This method comprises the following steps, executed by a computing processor of a programmable electronic device:
[0013] -a partition of the message into at least two sub-messages, each sub-message comprising one or more successive initial blocks, between a start block of first index and an end block of second index
[0014] the method comprising encrypting each sub-message to form an overall encrypted message,
[0015] the encryption of a sub-message comprising, during the initialization step:
[0016] - an application of a cryptographic transformation on elements of the triplet of cryptographic parameters for obtaining an intermediate internal key,
[0017] - a combination of the intermediate internal key with said first index and second clue, then
[0018] - a new application of said cryptographic transformation on the result of the combination to obtain said internal key for said sub-message, said internal key then being used for chaining block ciphers of the initial blocks of said sub-message.
[0019] Advantageously, the invention allows encryption by sub-messages individually accessible for subsequent decryption, while avoiding increasing significantly reduces the size of the overall encrypted message. Indeed, the proposed method does not require the use of a triplet of cryptographic parameters to initialize the sub-message encryption, but only a single triplet of cryptographic parameters for the entire message, while ensuring the robustness of the sub-message encryption through the injection of the first and second indices.
[0020] According to other advantageous aspects of the invention, the encryption method comprises one or more of the following features, taken individually or in all technically possible combinations.
[0021] The encryption process further comprises, for each sub-message, the application of said chain of block ciphers of the initial blocks of said sub-message, and an insertion of the cipher blocks obtained sequentially into the overall cipher message.
[0022] The chain of encryptions of the initial blocks comprises, for a current initial block, the application of said cryptographic transformation to provide a current ciphertext block and a transformed internal key, and taking as input a combination of the current initial block and a previous ciphertext block, and a transformed internal key from the previous encryption step.
[0023] The cryptographic transformation comprises composing a predetermined number B of times of the same elementary transformation.
[0024] The cryptographic transformation is said to be the first cryptographic transformation, the process further comprising the generation of an integrity pattern per sub-message, said integrity pattern being calculated by applying a second cryptographic transformation to the last ciphertext block of the sub-message, said second cryptographic transformation comprising the composition a predetermined number A of times of the elementary transformation, the number A being at least equal to twice the number B.
[0025] The method further comprises an integration of the integrity pattern by sub-message into the overall encrypted message, in association with said sub-message.
[0026] The initialization step includes a combination of the intermediate internal key with a concatenation of the first index, second index and the integrity pattern generated for a previous sub-message.
[0027] The method includes a temporary storage, for each sub-message, of the associated integrity pattern and the application of a chain of encryptions of the successive integrity patterns associated with the successive sub-messages of said message to obtain an overall integrity pattern.
[0028] The method involves inserting the global integrity pattern into the global encrypted message.
[0029] According to another aspect, the invention relates to a device for encrypting digital data forming a message comprising a sequence of initial blocks of predetermined size, each initial block having an associated index in said sequence of blocks. The encryption device comprises an initialization module implementing a triplet of cryptographic parameters to provide an internal key, and an encryption module chaining ciphers of the initial blocks depending on the internal key. This encryption device includes a computing processor configured to execute:
[0030] -a message partitioning module into at least two sub-messages, each sub-message comprising one or more successive initial blocks, between a start block of first index and an end block of second index,
[0031] the encryption device being configured to perform encryption of each sub-message to form an overall encrypted message, the encryption of a sub-message comprising the implementation, by the initialization module:
[0032] of a module for applying a cryptographic transformation to elements of the cryptographic parameter triplet to obtain an intermediate internal key,
[0033] of a module for combining the intermediate internal key with said first index and second index, then
[0034] of an application module of said cryptographic transformation on the result of the combination to obtain said internal key for said sub-message, said internal key then being used for the chaining of ciphers of the initial blocks of said sub-message.
[0035] Advantageously, the encryption device is configured to perform the digital data encryption process as briefly described above.
[0036] The invention also relates to a computer program comprising software instructions which, when executed by a computer, implement an encryption method as defined above.
[0037] According to another aspect, the invention also relates to a method for decrypting digital data from a sub-message of a message comprising a sequence of initial blocks of predetermined size, each initial block having an associated index in said sequence of blocks, from an overall encrypted message obtained by applying an encryption method as described above, the decryption method comprising the following steps, executed by a computing processor of a programmable electronic device:
[0038] - obtaining a first index of the start of the sub-message and a second index of the end of said sub-message,
[0039] - initialization of an internal key associated with the sub-message containing
[0040] - an application of the cryptographic transformation on elements of the triplet of cryptographic parameters, allowing the generation of an intermediate internal key,
[0041] - a combination of the intermediate internal key with said first index and second clue, then
[0042] - a new application of said cryptographic transformation on the result of the combination to obtain said internal key for said sub-message,
[0043] - extraction of the ciphertext block with index equal to said first index of the ciphertext message global and sequence of decryptions with the calculated internal key.
[0044] According to another aspect, the invention relates to a device for decrypting digital data from a sub-message of a message comprising a sequence of initial blocks of predetermined size, each initial block having an associated index in said sequence of blocks, from an overall encrypted message obtained by an encryption device as described above, the decryption device comprising a computing processor configured to execute:
[0045] - a module for obtaining a first index for the start of a sub-message and a second index for the end of said sub-message,
[0046] - an initialization module for an internal key associated with the sub-message putting in artwork :
[0047] - an application module for said cryptographic transformation on elements of the triplet of cryptographic parameters, allowing the generation of an intermediate internal key,
[0048] - a module for combining the intermediate internal key with said first index and second index, then
[0049] - an application module for said cryptographic transformation on the result of the combination to obtain said internal key for said sub-message,
[0050] - a module for extracting the ciphertext block with index equal to said first index of the global encrypted message and sequence of decryptions with the calculated internal key.
[0051] The invention also relates to a computer program comprising software instructions which, when executed by a computer, implement a decryption method as defined above.
[0052] The invention will become clearer upon reading the following description, given solely by way of non-limiting example, and made with reference to the drawings in which:
[0053] [Fig-1] [Fig.1] is a functional representation of an encryption system / decryption implementing the invention;
[0054] [Fig.2] [Fig.2] is a flowchart of the main steps of an encryption process according to one embodiment;
[0055] [Fig.3] [Fig.3] illustrates steps in the encryption process according to a first embodiment;
[0056] [Fig.4] [Fig.4] illustrates steps in the encryption process according to a second embodiment;
[0057] [Fig.5] [Fig.5] illustrates steps in the encryption process according to a third embodiment;
[0058] [Fig.6] [Fig.6] is a flowchart of the main steps of a decryption process according to an embodiment.
[0059] The invention finds applications in various fields of transmission and / or storage of digital data in a secure form.
[0060] Advantageously, the proposed encryption and decryption methods preserve the advantages of the ASCON standard in terms of throughput and computational complexity, and also in terms of cryptographic security.
[0061] According to one embodiment, an encryption / decryption system 2 represented in [Fig.1] comprises an encryption device 4 and a decryption device 6, which are programmable electronic devices, for example computers.
[0062] In one embodiment, the encryption device 4 and the decryption device 6 are adapted to communicate via a communications network, through integrated communication interfaces.
[0063] According to one variant, the encryption device 4 and the decryption device 6 are implemented by the same programmable electronic device, the encrypted data being stored locally and decrypted on request from a user or a client application.
[0064] The encryption device 4 includes a computing processor 8, capable of executing calculations and computer program code instructions when the device 4 is powered on, an electronic memory 10, adapted to store data in the form of files or registers for example, a communication interface 12 and a human-machine interface 14. The elements 8, 10, 12, 14 of the encryption device are adapted to communicate with each other via communication buses 15.
[0065] The encryption device 4 is configured to receive digital data to be encrypted in the form of a Mess message, referenced 16 in [Fig. 1], encoded as a sequence of initial blocks {mb .., mi,...,mQ}, each initial data block having a predetermined size r, each initial block having an associated index i. For example, each of the initial blocks has a size r equal to 64 bits (i.e., r = 64 bits).
[0066] The initial blocks are unencrypted; their content is readable. The initial blocks are also said to be "in plain text".
[0067] The encryption device 4 is configured to also obtain, in association with a message 16, a triplet of cryptographic parameters 18, useful for encryption according to the ASCON standard.
[0068] The cryptographic parameter triplet 18 comprises an Initialization Vector IV, a cryptographic key K and a cipher number N, also called a "nonce".
[0069] For example, the cryptographic key is encoded on 128 bits or 160 bits. For a 128-bit cryptographic key, the classical security level is 128 bits and the post-quantum security level is 64 bits. For a 160-bit key, the classical security level is 160 bits and the post-quantum security level is 80 bits.
[0070] The encryption number N is, for example, a 128-bit number.
[0071] The processor 8 of the encryption device 4 is configured to execute a module The message Mess is partitioned into sub-messages (SM), each sub-message being defined by a first index ib, which is the index of the initial first block of the sub-message, and a second index i2, which is the index of the last block of the sub-message. In other words, the first index ii is a start index of the sub-message and the second index i2 is an end index of the sub-message.
[0072] Each sub-message comprises one or more initial blocks, the number of initial blocks of a sub-message being able to vary from one sub-message to another.
[0073] The processor 8 of the encryption device 4 is further configured to execute modules 22 and 24 to perform sub-message encryption.
[0074] The initialization module 22 comprises:
[0075] -a module 21 for applying a cryptographic transformation to elements of the cryptographic parameter triplet 18 allowing an intermediate internal key to be obtained;
[0076] -a module 23 for combining the intermediate internal key with the first index and the second index;
[0077] - a module 25 for applying the cryptographic transformation to the result of the combination, to obtain an internal key associated with the sub-message.
[0078] Module 24 for encrypting the initial blocks of the submessage implements a chain of ciphers following the sequence of blocks forming the submessage, using the internal key associated with the submessage.
[0079] For encryption according to the ASCON standard, the internal key is akin to an internal state of functions applied for encryption / decryption. The internal key, that is to say the internal state, evolves at each step of block encryption.
[0080] Optionally, the processor 8 is configured to implement a module 26 for generating one or more integrity patterns, thus also enabling authentication of encrypted data.
[0081] Modules 20, 22, 24 and 26 cooperate to implement an encryption process as described below.
[0082] In one embodiment, modules 20, 22, 24, and 26 are implemented as software and form a computer program comprising program code instructions executable by a programmable electronic device to implement the encryption method described below. The computer program is also capable of being stored on a computer-readable medium (not shown). The computer-readable medium is, for example, a medium capable of storing electronic instructions and being connected to a bus of a computer system. For example, the readable medium is an optical disc, a magneto-optical disc, ROM, RAM, any type of non-volatile memory (e.g., FLASH or NVRAM), or a magnetic card.
[0083] Alternatively, modules 20, 22, 24 and 26 are each implemented as a programmable logic component, such as an FPGA (Field Programmable Gamut Arras), a GPU (Graphics Processing Unit) or a GPGPU (General-Purpose Graphics Processing Unit), or as a dedicated integrated circuit, such as an ASIC (Application-Specific Integrated Circuit).
[0084] The encryption device outputs a global ciphertext message 30, comprising ciphertext blocks {ci,...,cQ}, optionally one or more integrity patterns. The cryptographic parameter triplet 16 is also associated with the global ciphertext message 30.
[0085] More generally, the triplet of cryptographic parameters is known both by the encryption device 4 and by the decryption device 6.
[0086] The overall encrypted message 30 is stored and / or transmitted via a communications network to a decryption device 6.
[0087] Advantageously, thanks to the encryption process implemented by the encryption device 4, the decryption of a sub-message comprising blocks with indices h to i2 is feasible without the need to decrypt all the ciphered blocks preceding the block with first index il.
[0088] The decryption device 6 is a programmable electronic device, comprising a processing unit 32, capable of executing calculations and computer program code instructions when the programmable electronic device 6 is powered on, an electronic memory 34, adapted to store data in the form of files or registers, for example, a communication interface 36 and a human-machine interface 38. The elements 32, 34, 36, 38 of the device decryption systems are adapted to communicate with each other via communication buses 35.
[0089] The computing processor 32 is configured to execute a module 40 for obtaining the first index ii and the second index i2 which are respectively the start and end index of a sub-message to be deciphered.
[0090] The computing processor 32 is further configured to execute an initialization module 42 of an internal key associated with the sub-message, the module 42 being analogous to the initialization module 22 implemented by the encryption device 4.
[0091] The initialization module 42 comprises:
[0092] -a sub-application of a cryptographic transformation on elements of the cryptographic parameter triplet 18 allowing to obtain an intermediate internal key;
[0093] -a sub-43 combination of the intermediate internal key with the first index and the second index;
[0094] - a sub-application of the cryptographic transformation on the result of the combination, to obtain an internal key associated with the sub-message.
[0095] The computing processor 32 is further configured to execute a module 44 for extracting the ciphertext block of index h and chaining decryptions using the calculated internal key, up to the last ciphertext block of the sub-message of index h-
[0096] Optionally, the computing processor 32 is also configured to execute a sub-message authentication module 46 based on the authentication pattern(s) received.
[0097] At output the decryption device provides at least one decrypted sub-message SM={mii,...mi2} referenced 48 in [Fig.1].
[0098] Modules 40, 42, 44 and 46 cooperate to implement a decryption process as described below.
[0099] In one embodiment, modules 40, 42, 44, and 46 are implemented as software and form a computer program comprising program code instructions executable by a programmable electronic device to implement the decryption method described below. The computer program is also capable of being stored on a computer-readable medium (not shown). The computer-readable medium is, for example, a medium capable of storing electronic instructions and being connected to a bus of a computer system. For example, the readable medium is an optical disc, a magneto-optical disc, ROM, RAM, any type of non-volatile memory (e.g., FLASH or NVRAM), or a magnetic card.
[0100] Alternatively, modules 40, 42, 44 and 46 are each implemented as a programmable logic component, such as an FPGA (Field Programmable Gamut Arras), a GPU (Graphics Processor) or a GPGPU (General-Purpose Graphics Processing Unit), or as a dedicated integrated circuit, such as an ASIC (Application-Specific Integrated Circuit).
[0101] Figures 2 and 3 represent the main steps of an encryption process according to one embodiment.
[0102] The inputs to the process are provided: a message Mess={mi,....,mii,...,mi2,....mQ] and a triplet of cryptographic parameters comprising an initialization vector IV, a cryptographic key K and a cryptographic number N.
[0103] The process includes a step 50 of partitioning the message into sub-messages of varying or equal sizes.
[0104] For each sub-message SM={m;i,.. .,mi2}, the process includes an initialization step 52, comprising the following sub-steps: - application 54 of a cryptographic transformation on elements of the triplet of cryptographic parameters allowing to obtain an intermediate internal key; - combination 56 of the intermediate internal key with the first index ii and the second index i2, optionally adding zeros if necessary to obtain a vector of predetermined size; - new application 58 of said cryptographic transformation on the result of the combination to obtain an internal key for said sub-message, the internal key then being used for the chaining of encryption steps of the initial blocks of the sub-message SM.
[0105] For example, in step 54, the cryptographic transformation is applied to a concatenation of the IV, K and N parameters of the cryptographic parameter triplet
[0106] The cryptographic transformation is a transformation denoted pB, consisting of the composition a number B of times of an elementary transformation p. The elementary transformation p is, for example, a permutation, as defined by the ASCON standard, reference NIST SP 800-232.]
[0107] Combination 56 implements a concatenation of the first and second indices, optionally with a number of "0"s to form a vector of given size, and the application of an "exclusive OR" (XOR) operator, denoted © in Figures 3 to 5. The concatenation operation is represented by the symbol "II" in Figures 3 to 5.
[0108] The initialization step 52 provides the internal key associated with the message, which is then combined in step 60 with the cryptographic key K.
[0109] The method then includes the application 62 of a chain of block ciphers of the initial blocks mn to mi2 of the submessage SM, allowing to obtain corresponding cipher blocks Cü to ci2, the cipher blocks being inserted sequentially into a global cipher message.
[0110] Encryptions are performed by applying the cryptographic transformation pB, as illustrated in [Fig.3].
[0111] For an initial current block denoted mk (block "in plaintext") the cryptographic transformation is applied to provide an ciphertext current block ck and a transformed internal key (i.e. a transformed internal state), taking as input a combination of the initial current block mk and a previous ciphertext block ck.i (corresponding to the encryption of the initial block mk4) and a transformed internal key from the previous encryption step.
[0112] In one embodiment, the method further comprises a step 64 of generating an integrity pattern of the sub-message SM.
[0113] For example, as recommended in the ASCON standard, the integrity pattern per submessage is calculated by applying a second cryptographic transformation pA, by composing a number A of times the elementary transformation p. The number A satisfies the condition: A > 2B. The second cryptographic transformation is applied to the last ciphertext block of the submessage, as illustrated in [Fig.4].
[0114] Optionally, in a second embodiment, step 64 is followed by the generation 66 of a global integrity pattern corresponding to the global ciphertext message, as illustrated in [Fig. 4]. In this embodiment, preferably, the global integrity pattern is integrated into the global ciphertext message and transmitted for subsequent authentication. Sub-message integrity patterns are not retained.
[0115] As illustrated in [Fig. 4], in this second embodiment, the integrity patterns per sub-message are temporarily stored. Step 66 of generating a global integrity pattern implements encryption according to the ASCON AEAD standard of the integrity patterns per sub-message, with chaining of encryptions of successive integrity patterns associated with the sub-messages, initialized with a triplet of cryptographic parameters {IV, K', N}, the cryptographic key K' being distinct from the cryptographic key K used for the encryption of the message blocks.
[0116] According to one variant, the cryptographic key K' is identical to the cryptographic key K.
[0117] The global integrity pattern is inserted into the global ciphertext message 30, the sub-message integrity patterns not being retained in the global ciphertext message 30.
[0118] According to a third embodiment, illustrated in [Fig. 5], the initialization 52 is modified into an initialization step 52', in which the integrity pattern of the preceding sub-message denoted Tibi is used for calculating the internal key. For example, the integrity pattern of the preceding sub-message denoted TiMest is concatenated with the first index pet with the second index i2, the result of the concatenation being combined with the result of step 54.
[0119] An integrity pattern is generated and stored for each sub-message, and integrated into the overall encrypted message.
[0120] In this third embodiment, a sub-message integration pattern is transmitted to the decryption device. Advantageously, compared to the embodiment described with reference to [Fig. 4], it is not necessary to perform a complete decryption from a global integrity pattern to authenticate a sub-message. In this embodiment, it is possible to authenticate each sub-message independently of the other sub-messages, but the size of the overall encrypted message is increased.
[0121] Advantageously, the initialization vector indicates the encryption mode to be used.
[0122] Advantageously, in all the embodiments described, the initialization step makes it possible to obtain an internal key specific to the sub-message, and consequently to modify or disrupt the internal state of the encryption transformations in a way that is unique and specific to the sub-message to be encrypted, while preserving the same level of cryptographic security as the ASCON standard.
[0123] Figure 6 is a synoptic diagram of the main steps in a method for decrypting a sub-message from an overall encrypted message obtained by an encryption method as described above. The decryption method is implemented by a programmable electronic decryption device as described above.
[0124] The inputs are provided the overall encrypted message, the triplet of cryptographic parameters and the first index h and second index i2 associated with the sub-message to be decrypted.
[0125] For example, the indices ib i2 are provided at a provisioning step 70, either by a user via a human-machine interface or by a client application.
[0126] The decryption process then includes an initialization step 72, analogous to the initialization step carried out during encryption by the encryption device, to obtain the internal key associated with the sub-message containing the index blocks ii to i2.
[0127] The initialization step 72 comprises the following substeps: - application 74 cryptographic transformation on elements of the triplet of cryptographic parameters allowing to obtain an intermediate internal key; - combination 76 of the intermediate internal key with the first index ii and the second index i2, optionally adding zeros if necessary to obtain a vector of predetermined size; - new application 78 of said cryptographic transformation on the result of the combination to obtain said internal key (or in other words the internal state) for said sub-message.
[0128] The cryptographic transformation is the same as that used during encryption.
[0129] The internal key is then used for the sequence of decryption steps the initial blocks of said sub-message.
[0130] The decryption process also includes a combination 80 with the key K, for example by applying an "exclusive OR" operation, then a step 82 of extracting the overall ciphertext message from the ciphertext block of first index ii and a chain of decryptions of the ciphertext blocks up to the block of index i2 in the manner explained in the ASCON standard.
[0131] The decryption process optionally includes a step 84 of decrypting the integrity pattern of the submessage and a step 86 of authentication.
[0132] The implementation of step 84 depends on the method of implementation of the encryption, as described above.
[0133] In the second embodiment where only one global integrity pattern is transmitted, this global integrity pattern is decrypted sequentially to obtain the integrity pattern of the sub-message under consideration.
[0134] In the third embodiment where the integrity patterns per submessage are included in the overall ciphertext message, the integrity pattern associated with the processed submessage is extracted. It should be noted that in this embodiment, mirroring the initialization step 52', the initialization step 72 is modified to take into account the integrity pattern of the preceding submessage, TAi.
[0135] The authentication step 86 is carried out in a conventional manner, based on the integrity pattern, called the first integrity pattern, associated with the sub-message and the decrypted sub-message: a second integrity pattern is calculated from the decrypted sub-message and compared to the first integrity pattern obtained in step 84.
[0136] Advantageously, the invention makes it possible to add a partial decryption functionality to the ASCON standard, while preserving the advantages of ASCON in terms of the use of computing resources and in terms of cryptographic security.
Claims
Demands
1. A method for encrypting digital data forming a message (16) comprising a sequence of initial blocks of predetermined size, each initial block having an associated index in said sequence of blocks, the encryption comprising an initialization step implementing a triplet of cryptographic parameters (18) to provide an internal key, and a chain of block ciphers of the initial blocks depending on the internal key, the method being characterized in that it comprises the following steps, executed by a computing processor of a programmable electronic device: - a partition (50) of the message (16) into at least two sub-messages, each sub-message comprising one or more successive initial blocks, between a start block of first index (11) and an end block of second index (12), the method comprising an encryption of each sub-message to form an overall ciphertext message, the encryption of a sub-message (SM) comprising,during the initialization step (52): - an application (54) of a cryptographic transformation on elements of the triplet of cryptographic parameters to obtain an intermediate internal key, - a combination (56) of the intermediate internal key with said first index and second index, then - a further application (58) of said cryptographic transformation on the result of the combination to obtain said internal key for said sub-message, said internal key then being used for chaining block ciphers (62) of the initial blocks of said sub-message.
2. An encryption method according to claim 1, further comprising, for each sub-message, the application (62) of said chain of block ciphers of the initial blocks of said sub-message, and an insertion of the cipher blocks obtained sequentially into the overall cipher message (30).
3. A method according to claim 1 or 2, wherein said initial block cipher sequence comprises, for a current initial block, the application of said cryptographic transformation to provide a current ciphertext block and a transformed internal key, and taking as input a combination of the current initial block and a previous encrypted block, and a transformed internal key from the previous encryption step.
4. A method according to any one of claims 1 to 3, wherein said cryptographic transformation comprises composing a predetermined number B of times the same elementary transformation.
5. An encryption method according to claim 4, wherein said cryptographic transformation is said to be the first cryptographic transformation, the method further comprising the generation (64) of an integrity pattern per submessage, said integrity pattern being calculated by applying a second cryptographic transformation to the last ciphertext block of the submessage, said second cryptographic transformation comprising composing a predetermined number A of times the elementary transformation, the number A being at least equal to twice the number
6. -D. An encryption method according to claim 5, further comprising an integration of the integrity pattern by sub-message into the overall encrypted message, in association with said sub-message.
7. An encryption method according to claim 6, wherein in the initialization step (52') comprises a combination of the intermediate internal key with a concatenation of the first index, second index and the integrity pattern generated for a previous sub-message.
8. An encryption method according to claim 5, comprising temporarily storing, for each sub-message, the associated integrity pattern and applying a chain of encryptions of successive integrity patterns associated with successive sub-messages of said message to obtain an overall integrity pattern.
9. An encryption method according to claim 8, comprising an insertion of the global integrity pattern into the global ciphertext.
10. A method for decrypting digital data from a sub-message (SM) of a message comprising a sequence of initial blocks of predetermined size, each initial block having an associated index in said sequence of blocks, from an overall encrypted message (30) obtained by applying an encryption method according to any one of claims 1 to 8, the decryption method being characterized in which includes the following steps, executed by a computing processor of a programmable electronic device: - obtaining (70) a first index of the start of the sub-message and a second index of the end of said sub-message, - initialization (72) of an internal key associated with the sub-message comprising - an application (74) of the cryptographic transformation on elements of the triplet of cryptographic parameters, allowing to obtain an intermediate internal key, - a combination (76) of the intermediate internal key with said first index and second index, then - a further application (78) of said cryptographic transformation on the result of the combination to obtain said internal key for said sub-message, - extraction (82) of the cipher block with index equal to said first index of the global cipher message and chaining of decryptions with the calculated internal key.
11. A decryption method according to claim 10, the overall encrypted message (30) comprising at least one integrity pattern, the method comprising a step (84) of decrypting an integrity pattern of the submessage and a step (86) of authenticating the submessage according to said integrity pattern of the submessage.
12. A computer program comprising software instructions which, when implemented by a programmable electronic device, implement a method for encrypting digital data in accordance with claims 1 to 9.
13. Computer program comprising software instructions which, when implemented by a programmable electronic device, implement a method for deciphering digital data in accordance with claims 10 and 11.
14. A digital data encryption device forming a message comprising a sequence of initial blocks of predetermined size, each initial block having an associated index in said block sequence, the encryption device comprising an initialization module (22) implementing a triplet of cryptographic parameters (18) to provide an internal key, and an encryption module (24) by chaining ciphers of the initial blocks depending on the internal key, the encryption device (4) being
15. characterized in that it includes a computing processor configured to execute: -a partitioning module (20) of the message (16) into at least two sub-messages (SM), each sub-message comprising one or more successive initial blocks, between a start block of first index (il) and an end block of second index (i2), the encryption device (4) being configured to perform an encryption of each sub-message to form an overall encrypted message (30), the encryption of a sub-message comprising the implementation, by the initialization module (22): of a module (21) for applying a cryptographic transformation to elements of the triplet of cryptographic parameters to obtain an intermediate internal key, of a module (23) for combining the intermediate internal key with said first index and second index, then -of a module (25) for applying said cryptographic transformation to the result of the combination to obtain said internal key for said sub-message, said internal key then being used for chaining encryptions of the initial blocks of said sub-message. A device for decrypting digital data from a sub-message of a message comprising a sequence of initial blocks of predetermined size, each initial block having an associated index in said sequence of blocks, from an overall encrypted message (30) obtained by an encryption device according to claim 14, the decryption device (6) being characterized in that it comprises a computing processor configured to execute: -a module (40) for obtaining a first index (il) for the start of a sub-message and a second index (i2) for the end of said sub-message, - an initialization module (42) for an internal key associated with the sub-message implementing: - a module (41) for applying said cryptographic transformation to elements of the cryptographic parameter triplet (18), allowing an intermediate internal key to be obtained, - a module (43) for combining the intermediate internal key with said first index and second index, then - a module (45) for applying said cryptographic transformation to the result of the combination to obtain said internal key for said sub-message, - a module (44) for extracting the encrypted block with index equal to said first index of the global encrypted message and chaining decryptions with the calculated internal key.