35 results about "Key schedule" patented technology

The invention discloses an identity authentication method and an identity authentication system. The method comprises the following steps: fixed identity identification information, a key schedule and a dynamic identity function are exchanged between a server and a client; a first random number is transmitted to the server and first response information transmitted by the client and second random number are received; the hash values of the first random number, the first dynamic identity information and the fixed client identity identification information as original texts are calculated and compared with the first response information, if the same hash values are present, the authentication is qualified; second response information is calculated and transmitted to the client, so that the hash values of the second random number, the second dynamic identity information and the fixed server identity identification information as the original texts are calculated by the client and compared with the second response information; if the same hash values are present, the authentication is qualified. The method is characterized in that the dynamic identity information is flexible and changeable, the information can be prevented from being revealed, the password encoding difficulty is increased and the security of the identity authentication is improved. Besides the method further comprises the following steps of key negotiation, heartbeat authentication and key schedule update, and thus the communication security and the periodic identity authentication are ensured.

Expanded key schedule circuit for common key encryption system in which expanded keys are used in a predetermined order in data randomizing process for encryption and in a reversed order in data randomizing process for decryption, comprises round processing circuits connected in series. The round processing circuits subject the common key or sub key of a previous stage to a round function to output a sub key. The sub key of the last stage is equal to the common key. The expanded keys are generated from the sub keys.

An encryption chaining mode takes plaintext block N, generates encryption key N by combining, preferably by XOR, encryption key N−1 and plaintext block N−1 and encrypts plaintext block N using an encryption algorithm with encryption key N to output ciphertext block N. Encryption key for the first plaintext block is generated by XOR-ing a random Initialization vector and a random initialization key K. In a preferred embodiment, initialization key K is subkeys resulting from a key schedule algorithm and encryption key N−1 is only one of the subkeys. Encryption key for the first plaintext block is generated by XOR-ing a random Initialization vector and one subkey resulting from a key schedule algorithm. Also provided is a corresponding decryption method, an encryption device, a decryption device.

An apparatus and method for performing cryptographic operations. In one embodiment, an apparatus is provided for performing cryptographic operations. The apparatus includes fetch logic, keygen logic, and execution logic. The fetch logic is disposed within a microprocessor and receives cryptographic instruction single atomic cryptographic instruction as part of an instruction flow executing on the microprocessor. The cryptographic instruction single atomic cryptographic instruction prescribes one of the cryptographic operations, and also prescribes that a provided cryptographic key be expanded into a corresponding key schedule for employment during execution of the one of the cryptographic operations. The keygen logic is disposed within the microprocessor and is operatively coupled to the single atomic cryptographic instruction. The keygen logic directs the microprocessor to expand the provided cryptographic key into the corresponding key schedule. The execution logic is coupled to the keygen logic. The execution logic is disposed within the microprocessor and expands the provided cryptographic key into the corresponding key schedule.

Circuitry for encrypting at least a part of an input data flow and generating a tag based on the input data flow with the same ciphering algorithm and the same key including a first ciphering branch arranged to encrypt the at least part of the input data; a second ciphering branch arranged to generate the tag; and a single key schedule unit arranged to receive the key, to generate at least one sub-key based on the key and to provide the at least one sub-key to the first and second ciphering branches.

Circuits, methods, and systems are provided for securing an integrated circuit device against Differential Power Analysis (DPA) attacks. Plaintext (e.g., configuration data for a programmable device) may be encrypted in an encryption system using a cryptographic algorithm. Ciphertext may be decrypted in a decryption system using the cryptographic algorithm. The encryption and/or decryption systems may obfuscate the plaintext, the ciphertext, and/or the substitution tables used by the cryptographic algorithm. The encryption and/or decryption systems may also generate cryptographic key schedules by using different keys for encrypting/decrypting different blocks and/or by expanding round keys between encryption/decryption blocks. These techniques may help mitigate or altogether eliminate the vulnerability of cryptographic elements revealing power consumption information to learn the value of secret information, e.g., through DPA.

A processor including instruction support for implementing the Data Encryption Standard (DES) block cipher algorithm may issue, for execution, programmer-selectable instructions from a defined instruction set architecture (ISA). The processor may include a cryptographic unit that may receive instructions for execution. The instructions include one or more DES instructions defined within the ISA. In addition, the DES instructions may be executable by the cryptographic unit to implement portions of an DES cipher that is compliant with Federal Information Processing Standards Publication 46-3 (FIPS 46-3). In response to receiving a DES key expansion instruction defined within the ISA, the cryptographic unit may generate one or more expanded cipher keys of the DES cipher key schedule from an input key.

Some embodiments provide a method for performing a cryptographic process. The method receives first and second cipher keys. The method generates a set of subkeys corresponding to each of the first and second cipher keys. The set of subkeys for the first cipher key is dependent on the first cipher key and the second cipher key. The method performs the cryptographic process by using the generated sets of subkeys.

An object is to evaluate the strength in consideration of the relationship held between keys, to allow the detection of a weak key condition to lower the difficulty in decrypting ciphertext, and to detect a weak key based on the weak key condition. Based on the relationship between keys in a key schedule and based on estimated keys, a certain estimated extended key can be calculated by utilizing the relationship between the estimated extended key in the key schedule and an estimated extended key having been calculated, and cost information required for calculation is outputted to allow the verification of a weak key condition. A weak key can be detected based on the weak key condition, and the difficulty in decrypting ciphertext can be increased without modifying an encryption apparatus.

Method and System for encrypting plaintext digital data divided into a sequence comprising successive plaintext blocks of a same length of bits each and a residual plaintext block having a length of bits lower than the length of one of the successive plaintext blocks. The successive plaintext blocks are ciphered with the main encryption key by using a ciphering algorithm based on a cipher block chaining mode to obtain a sequence of successive ciphered blocks having the same length as the successive plaintext blocks. A set of round keys having a same length, are generated by applying a key schedule function on a string obtained by adding the last ciphered block to the main encryption key. The round keys of the set are added together to obtain a resulting string having a length equal to the length of a block of the sequence. The residual plaintext block is then added to the most left bits of the resulting string forming a string) having a length equal to the length of the residual block to obtain a residual ciphered block. The method and the system apply also to decipher a sequence of successive ciphered blocks followed by a residual ciphered block.

An apparatus and method for performing cryptographic operations within microprocessor. The apparatus includes an instruction register having a cryptographic instruction disposed therein, a keygen unit, and an execution unit. The cryptographic instruction is received by a microprocessor as part of an instruction flow executing on the microprocessor. The cryptographic instruction prescribes one of the cryptographic operations, and also prescribes that a user-generated key schedule be employed when executing the one of the cryptographic operations. The keygen unit is operatively coupled to the instruction register. The keygen unit directs the microprocessor to load the user-generated key schedule. The execution unit is operatively coupled to the keygen unit. The execution unit employs the user-generated key schedule to execute the one of the cryptographic operations. The execution unit includes a cryptography unit.

Shift registers are cipher components used for generating pseudo random sequences in the field of secret communication, comprising linear feedback shift registers LFSRs, non-linear feedback shift registers NLFSRs, and so on, wherein the maximum period T of the shift register is not greater than 2n. The feedback mode of an n-level non-linear cyclic shift register NRR refers to the following formula, in the formula, i>=0, n>=2, word length m is determined by the number of bits of a platform; <<<j represents ring shift left with j bits; a symbol referring to the description represents modular addition; c is an odd number within the range from 1 to 2<m>-1; initial values a<0>-a<n-1>of n inputted words are unlimited, and each word is an arbitrary m-digit number. When the word length is m bits, the period of the n-level non-linear cyclic shift register NRR is greater than (2<m>)<n>, i.e., the security of the n-level non-linear cyclic shift register NRR is better than the security of a traditional (non-)linear feedback shift register (N)LFSR, and the efficiency of the n-level non-linear cyclic shift register NRR is also better than the efficiency of a common (non-)linear feedback shift register (N)LFSR. The lightweight stream cipher LSNRR is designed through four non-linear cyclic shift registers NRRs, wherein the first NRR is used for secret key schedule, and modular addition is performed for outputs of the other three NRRs to generate a secret key stream of the LSNRR. The efficiency of the LSNRR is better than the efficiency of a common symmetric cipher, thus the LSNRR is suitable for the a resource-constrained environment and a resource-unconstrained environment, and is mainly used for data encryption and decryption.

Disclosed is an apparatus for encrypting/decrypting a real-time input stream. The present invention includes a control unit, a key schedule unit, and a block round unit. Accordingly, the present invention realizes the encryption and decryption of AES algorithm in a manner of hardware, thereby enabling to carry out the encryption and decryption of the real-time input stream real-timely. And, the present invention finds the key for encryption or decryption of one block every round when realizing the encryption and decryption of the AES algorithm in a hardware manner, and then outputs the found keys to the block round unit. The present invention reduces the size of the key register required for the encryption/decryption of block data, thereby enabling to reduce a size of hardware as well as cost of product.

The invention relates to a fast verification method for an MAC (Message Authentication Code) of an RSSP-II (Railway Signal Security Protocol-II) based on FPGAs (Field Programmable Gate Arrays). The FPGA1 and FPGA2 are programmed with the following module through programming language hardware: a data interface module, an MAC scheduling module, a DES module and a dual-channel comparison module, wherein the DES module comprises a DES top module, a DES core module, a Key-schedule sub-key generation module and a crp single-round circulation module; the dual-channel comparison module is used for communication between the two FPGAs, forms a two-out-of-two structure, and sends a dual-channel comparison status flag to a CPU through the data interface module when the two FPGAs are inconsistent in result; and subsequent message transmission is carried out if it passes the dual-channel comparison, otherwise, the process enters an error processing program. The fast verification device adopts the design method of a finite state machine and an assembly line, fully takes the consumption of system resources into account on the basis of ensuring the processing speed and achieves the balance betweenspeed and area. The fast verification device effectively reduces the CPU resource occupation of the RSSP-II for high-speed railway train-ground wireless security communication, greatly improves the data throughout, shortens the train-ground authentication delay and has higher security and reliability.

A cryptographic system can include a register containing a key and a processor coupled to the register. The processor can be operable for performing a first encrypting operation, where the encrypting operation includes computing a key schedule using the register as a workspace. At the end of the first encrypting operation, the key is recovered from the register for use in a second encrypting operation.

The invention discloses a flash starting treatment method and system of a mobile terminal. The method comprises the following steps: current stored flash delay time is acquired when the mobile terminal is capable of flashing and photographing and the behavior of users pressing camera key is detected, wherein the flash delay time is the average value of time difference between pressing camera key scheduled times before current camera key is pressed currently and acquiring images. When the waiting time of the mobile terminal exceeds the flash delay time, flash is automatically started. According to the method, when starting flash and photographing, the mobile terminal automatically records the flash starting time. The mobile terminal photographs again and automatically starts flash according to current stored routine flash starting time so that to lower total flash starting time and save electric quantity when flash light is opened.