WO2010070336A2 - Cryptography - Google Patents

Cryptography Download PDF

Info

Publication number
WO2010070336A2
WO2010070336A2 PCT/GB2009/051717 GB2009051717W WO2010070336A2 WO 2010070336 A2 WO2010070336 A2 WO 2010070336A2 GB 2009051717 W GB2009051717 W GB 2009051717W WO 2010070336 A2 WO2010070336 A2 WO 2010070336A2
Authority
WO
WIPO (PCT)
Prior art keywords
message
encrypted message
private key
encrypted
inverse
Prior art date
Application number
PCT/GB2009/051717
Other languages
French (fr)
Other versions
WO2010070336A3 (en
Inventor
Leslie Hatton
Original Assignee
Leslie Hatton
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Leslie Hatton filed Critical Leslie Hatton
Priority to GB1112117A priority Critical patent/GB2478685A/en
Publication of WO2010070336A2 publication Critical patent/WO2010070336A2/en
Publication of WO2010070336A3 publication Critical patent/WO2010070336A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3093Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving Lattices or polynomial equations, e.g. NTRU scheme

Definitions

  • This invention relates to a method and apparatus for encrypting and/or decrypting a message such that the message can be exchanged between a sender and a receiver without being acquired by an eavesdropper.
  • a method of transmitting a message comprising a sender encrypting the message using a first private key to result in a first encrypted message and sending the first encrypted message to a receiver, the receiver encrypting the first encrypted message using a second private key to result in a second encrypted message and sending the second encrypted message to the sender, the sender decrypting the second encrypted message using an inverse of the first private key to result in a third encrypted message and sending the third encrypted message to the receiver and the receiver decrypting the third encrypted message using an inverse of the second private key.
  • a method of transmitting a true message comprising a sender encrypting a false message using a first private key to result in a first encrypted message and sending the first encrypted message to a receiver, the receiver encrypting the first encrypted message using a second private key to result in a second encrypted message and sending the second encrypted message to the sender, the sender encrypting the true message with a third private key, the third private key comprising an inverse of the first encrypted message and the second encrypted message, to result in a third encrypted message and sending the third encrypted message to the receiver, the receiver decrypting the third encrypted message using an inverse of the second private key.
  • An advantage of both aspects of the above invention is that neither method requires the use of a public key (the first private key of the sender and the second private key of the receiver are kept private) and the private keys can be changed for the transmission of different messages without requiring an agreement protocol. This may increase the security of transmitting and receiving the message.
  • a further advantage of the second aspect of the invention is that the true message is only transferred once between the sender and receiver, instead of twice in the case of the first aspect of the invention, thus decreasing the risk of the true message being obtained by an eavesdropper.
  • a method for sending a message comprising encrypting the message using a first private key to result in a first encrypted message and sending the first encrypted message to a receiver, receiving a second encrypted message from the receiver, the second encrypted message resulting from an encryption of the first encrypted message with a second private key, decrypting the second encrypted message using an inverse of the first private key to result in a third encrypted message and sending the third encrypted message to the receiver.
  • a method for sending a message comprising encrypting a false message using a first private key to result in a first encrypted message and sending the first encrypted message to a receiver, receiving a second encrypted message from the receiver, the second encrypted message resulting from an encryption of the first encrypted message with a second private key, encrypting a true message with a third private key, the third private key comprising an inverse of the first encrypted message and the second encrypted message, to result in a third encrypted message and sending the third encrypted message to the receiver.
  • a method for receiving a message comprising receiving a first encrypted message from a sender, the first encrypted message resulting from an encryption using a first private key, encrypting the first encrypted message using a second private key to result in a second encrypted message and sending the second encrypted message to the sender, receiving a third encrypted message from a sender, the third encrypted message resulting from a decryption of the second encrypted message using an inverse of the first private key or an encryption of a true message using a third private key, the third private key comprising an inverse of the first encrypted message and the second encrypted message, and decrypting the third encrypted message using an inverse of the second private key.
  • a transmitter device for transmitting a message comprising an input for receiving a message, a processor arranged to encrypt the message using a first private key to result in a first encrypted message, a transceiver for transmitting the first encrypted message to a receiver device and receiving a second encrypted message from the receiver device, the second encrypted message being a result of an encryption of the first encrypted message using a second private key, the processor further arranged to decrypt the second encrypted message using an inverse of the first private key to result in a third encrypted message and cause the transceiver to transmit the third encrypted message to the receiver device.
  • transmitter in relation to the invention is a device comprising a transmitter and receiver that is not limited to transmitter and receiver devices that share the same circuitry.
  • a transmitter device for transmitting a message comprising an input for receiving a true message, a processor arranged to encrypt a false message using a first private key to result in a first encrypted message, a transceiver for transmitting the first encrypted message to a receiver device and receiving a second encrypted message from the receiver device, the second encrypted message being a result of an encryption of the first encrypted message using a second private key, where the processor is further arranged to encrypt the true message with a third private key, the third private key comprising an inverse of the first encrypted message and the second encrypted message, to result in a third encrypted message and cause the transceiver to transmit the third encrypted message to the receiver device.
  • a receiver device for receiving a message comprising a transceiver for receiving a first encrypted message from a transmitter device, the first encryption being a result of encrypting a message using a first private key, a processor arranged to encrypt the first encrypted message using a second private key to result in a second encrypted message and cause the transceiver to transmit the second encrypted message to the transmitter device and receive a third encrypted message from the transmitter device, the third encrypted message being a result of a decryption of the second encrypted message using an inverse of the first private key or an encryption of a true message with a third private key, the third private key comprising an inverse of the first encrypted message and the second encrypted message, the processor further arranged to decrypt the third encrypted message using an inverse of the second private key.
  • a communication system comprising a transmitter device according to the sixth or seventh aspects of the invention arranged to communicate across a network path with a receiver device according to the eighth aspect of the invention.
  • a data carrier having stored thereon instructions which when executed by processors of a communication system causes the communication system to carry out the method of either the first or the second aspects of the invention.
  • a data carrier having stored thereon instructions which when executed by a processor of a communication device causes the communication device to carry out the method of any one of the third to the fifth aspects of the invention.
  • the steps of encrypting and decrypting is commutative, in that each of the encrypted messages is independent of the order in which the steps of encrypting and/or decrypting, that result in that encrypted message, is carried out.
  • may mean the approximation f*g ⁇ / is defined such that the original message is recovered after the encrypting and decrypting steps have been carried out.
  • the message may comprise different numerical values representing different text characters and the accuracy of f*g ⁇ / may be such that the numerical elements of a final decrypted message are close enough to the numerical values of the original message that the original message can be recovered.
  • the step of encrypting or decrypting a message may comprise a discrete convolution, wherein the process of encrypting or decrypting the message is given by,
  • m is an array of L n , elements to be encrypted or decrypted
  • h is one of the private keys or one of the inverses of one of the private keys comprising an array of Lh elements
  • e is the resulting encrypted or decrypted message comprising an array of L e elements.
  • An advantage of using the discrete convolution to encrypt and decrypt a message is that it is very sensitive to errors in the private key, as during the decryption stage this error is spread over many adjacent elements.
  • the method is thus very secure against attempts by an eavesdropper to decrypt and understand the message fully as the eavesdropper would have to obtain the private key very precisely.
  • the method for determining an inverse, g, of a private key, f may be approximated, wherein a Wiener-Hopf equation as follows is solved for g,
  • Lg - 1 wherein L g is a number of elements of g and the desired output d is chosen to be equal to an isolated unit value such that g*f ⁇ I.
  • the method for determining an inverse, g, of a private key,/ may be approximated by solving Wiener-Hopf equation using an algorithm due to Norman Levinson quoted in the Appendix of "N. Wiener. The Extrapolation, Interpolation and Smoothing of Stationary Time Series, MIT Press, 1942".
  • the method steps according to the first to the fifth aspects of the invention comprises determining the first and/or the second private key(s).
  • the first and/or the second private key(s) are predetermined, for example retrieved from memory.
  • the number of elements of the private key Lf and the number of elements of an inverse of a private key L g are suitably large such that a message can be recovered after the encrypting and decrypting steps have been carried out.
  • the number of elements of a private key Lf is suitably large such that an encryption of a message has a desired level of protection.
  • the method comprises identifying the desired level of protection and determining the number of elements of a private key Lf based on the identified desired level of protection.
  • the desired level of protection may be the probability of an encrypted message being decrypted by a brute force attack, i.e. an eavesdropper guessing the private key by systematically trying a large number of number sequences as possible private keys.
  • the number of elements of the private key is one of the factors that determine the probability of an encrypted message being decrypted by a brute force attack.
  • the step of encrypting a message comprising a discrete convolution in one embodiment may comprise determining the Fourier transform of the message, determining the Fourier transform of a private key, determining a product of the Fourier transform of the message and the Fourier transform of the private key and determining the inverse Fourier transform of the product.
  • the step of decrypting a message comprising a discrete convolution in one embodiment may comprise determining the Fourier transform of the message, determining the Fourier transform of an inverse of a private key, determining a product of the Fourier transform of the message and the Fourier transform of an inverse of the private key and determining the inverse Fourier transform of the product.
  • the Fourier transforms can take the form of Fast Fourier
  • FFTs Transforms
  • An advantage of the invention is for a particularly long message the Fourier Transform in the form of the FFT is particularly efficient requiring n log n operations for n numbers.
  • the message may be encoded from text to numerical form using standard schemes, in one embodiment the message may be encoded using ASCII.
  • Such a method is vulnerable to attack if the message remains unchanged throughout the steps of encryption and decryption as an eavesdropper listening on the initial exchange of the first encrypted message and second encrypted message would in principal be able to recover the private key of the receiver (the second private key).
  • the eavesdropper was able to listen in on the transfer of the third encrypted message, the eavesdropper could recover the original message by decrypting the third encrypted message with the private key of the receiver without the sender or receiver realising.
  • encrypting the first encrypted message may comprise adding a (first) additional message element, such as randomly generated text, to the first encrypted message and encrypting the first encrypted message together with the (first) additional message element using a second private key to result in a second encrypted message.
  • the additional message element is added to the end of the first encrypted message.
  • decrypting the second encrypted message using an inverse of the first private key to result in a third encrypted message may comprise adding a (second) additional message element, such as randomly generated text, to the second encrypted message and decrypting the second encrypted message together with the
  • (second) additional message element with the inverse of the first private key.
  • the additional message element is added to the end of the second encrypted message.
  • decryption of the third encrypted message using an inverse of the second private key will result in the original message plus the encoded additional message elements.
  • the original message can be extracted based on a known location of the encoded additional message elements, for example if it is known that the encoded additional message elements will appear at the end of the message decoded by the receiver. Leakage of the encoded additional message elements into the message can be avoided by selecting the first and second private keys to be minimum phase. If first and second private keys are used that are not minimum phase then the lengths of each additional message element needs to be matched to any anticipation components in the first/second private key. An anticipation component is that part of the key that appears before time zero.
  • Ar O where m is the message to be encrypted comprising an array of L n , elements, A is a key or an inverse of a key comprising of an array of Lh elements and e is the resulting encrypted message comprising an array of L e elements.
  • Such a method of encryption and decryption can be used with the method described above as part of a Public Key Cryptography scheme.
  • the method may comprise encrypting a message, w, by convo luting the message, w, with a private key,f s , (to obtain w*f s ), encrypting the private key with a public key of the receiver and sending the encrypted private key and the encrypted method to the receiver.
  • the receiver can then decrypt the encrypted private key using the private key and decrypt the message, w, using the decrypted private key.
  • Such methods are valuable because full public key encryption of large messages is resource intensive and conforms with encryption schemes, such as Zimmerman's PGP.
  • the eavesdropper comes across f v and decrypts the encrypted message using f v ⁇ ' , they would get v, which is entirely reasonable but wrong.
  • a reason that such non-uniqueness arises is because when the message is encoded, for example form ASCII, to floating point, it increases in size by typically a factor of eight. However, this manifests itself as redundancy and then non-uniqueness.
  • a method for encrypting a message comprising determining the Fourier transform of the message, determining the Fourier transform of a key, determining a product of the Fourier transform of the message and the Fourier transform of the key and determining the inverse Fourier transform of the product.
  • a fourteenth aspect of the invention there is a method for determining an inverse, g, of a key,/, where/is used for encrypting a message and g is used for decrypting a message, wherein the following Wiener-Hopf equation is solved for g,
  • Figure 1 shows a schematic view of a communication system used to send and receive messages according to an embodiment of the invention
  • Figure 2 shows a flow chart of the steps of transmitting a message secretly between a sender and a receiver in accordance with a first embodiment of the invention
  • Figure 3 shows a flow chart of the steps of transmitting a message secretly between a sender and a receiver in accordance with a second embodiment of the invention
  • Figure 4 gives an example of a suitable choice for a first private key containing 118 elements, constructed using the Hubert transform
  • Figure 5 gives an example of a suitable choice for a first private key containing 64 elements, constructed using the Hubert transform
  • Figure 6 shows the results of a sensitivity test of the invention.
  • Figure 7 shows a flow chart of the steps of transmitting a message secretly between a sender and a receiver in accordance with a third embodiment of the invention.
  • a communication system used to send and receive a message secretly comprises a transmitter device 1, a network path 2 and a receiver device 3.
  • the transmitter device 1 and the receiver device 3 operate in two-way communication (as indicated by the arrows) across the network path 2.
  • the transmitter device 1 comprises an input 4, a processor 5, a transceiver 6 and a data carrier 10.
  • the input 4 is arranged to receive a message, for example, the input 4 may be a keyboard of a computer.
  • the transmitter device 1 may further comprise a display device 11 for viewing the message.
  • the receiver device 3 comprises a transceiver 7, a processor 8 and a data carrier 10.
  • the receiver device 3 may further comprise a display/input device 9 for displaying and/or modifying a message, for example the display/input device 9 may comprise a computer monitor and keyboard.
  • the processors 5 and 8 may be the processors of a computer and the transceivers 6 and 7 may be modems of a computer, where the network path 2 is the Internet.
  • a transmitter device 1 receives a message w via the input device 4 in step 101.
  • the message may be text represented in numerical form using standard schemes, such as ASCII.
  • the transmitter device 1 selects a suitable first private key/j, for example /j may comprise a string of numbers between -10 and 10 with a non-zero DC component.
  • DC component of a key means the DC frequency component after the Fourier transform of the key.
  • the key, f when Fourier transformed should have a non-zero DC component at all frequencies. In practice, this is trivial to achieve if filters are designed in the frequency domain.
  • the message is encrypted in step 102 by the processor 5 using the first private key s to result in a first encrypted message given by w*f$.
  • the encryption and decryption operator * comprises a discrete convolution, given by
  • m is an array of L n , elements
  • h is one of the private keys or one of the inverses of one of the private keys comprising an array of Lh elements
  • e is the resulting encrypted or decrypted message comprising an array of L e elements.
  • the encryption and decryption processes are carried out by taking FFTs.
  • the FFTs of w and/j (designated W and F) are multiplied and the inverse Fourier transform is then calculated to give the discrete convolution
  • step 103 the transmitter device 1 using the transceiver 6 sends the first encrypted message across the network path 2 to the receiver device 3.
  • the receiver device 3 receives the first encrypted message through transceiver 7 and the processor 8 encrypts the first encrypted message in step 104 using a second private key / R in accordance with equation 1 to result in a second encrypted message given by w*fs*f ⁇ .
  • the receiver device 3 sends the second encrypted message using the transceiver 7 across the network path 2 to the transmitter device 1.
  • step 106 the transmitter device 1 receives the second encrypted message through transceiver 6 and decrypts part of the second encrypted message with an inverse of the first private key using equation 1 to produce a third encrypted message. Again, this may be carried out using Fourier transforms of the second encrypted message and the inverse (the Fourier transform of the inverse denoted G).
  • An inverse g of a private key / may be approximated by solving the following Wiener-Hopf equation for g,
  • the unit value / contains Lj+ L g -1 samples altogether, with the single unit value preceded by L ⁇ O zeros.
  • L L is known as the lag or delay and is related to the phase spectrum of the key,/, if it is to be treated as a time series. This is an important factor in the performance of the inverse of the key, as will be discussed below.
  • the processor 5 decrypts the second encrypted message in step 106 using gs to result in a third encrypted message given by w*/s% *gs.
  • the transmitter device 1 sends the third encrypted message using the transceiver 6, in step 107, to the receiver 3 via the network path 2.
  • the receiver device 3 receives the third encrypted message through the transceiver 7.
  • the processor 8 calculates an inverse gR of the second private key/? using the equation 2 such that f ⁇ *g ⁇ ⁇ I, which may be done beforehand or on receiving the third encrypted message.
  • the invention may comprise a further step 109, where the processor 8 decodes the message from numerical to text form using standard schemes, such as ASCII.
  • ASCII standard schemes
  • the accuracy of the reconstruction by the receiver must be such that, if n e is the number representing the text before encryption and rid is the decrypted number, then: ne ⁇ n d ° - 5
  • a user may read the message and/or makes alterations to the message using the display/input device 9 for displaying and/or modifying a message.
  • the receiver device 3 may be further arranged to forward the message secretly to another receiver by carrying out the steps in figure 2.
  • the transmitter device 1 receives a true message w t (i.e. a message to be communicated to the receiver device 3) via the input 4 in step 201.
  • the transmitter device 1 chooses a suitable first private key/j and encrypts a false message w/ (i.e. a message to be transmitted but not communicated to the receiver 3) in step 202 using the processor 5 with a first private key /j to result in a first encrypted message, given by w/*fs.
  • the false message may be a predetermined false message stored on the data carrier 10 or may be an original false message received from the input 4.
  • Steps 203 to 205 are the same as the corresponding steps 103 to 105 in the first embodiment of the invention and will not be described again in detail.
  • the transmitter device 1 determines a third private key (w/fs) '1 * w/fs*f ⁇ , comprising of an inverse of the first encrypted message o ⁇ (w/fs) '! and the second encrypted message w/fs*f ⁇ .
  • Step 207 is the same as step 107 in figure 2.
  • the receiver device 3 receives the third encrypted message through the transceiver 7.
  • the processor 8 calculates an inverse gR of the second private key / R , such that f R *g R ⁇ I.
  • Step 209 is the same as step 109 in figure 2.
  • the determination of a private key may comprise a random aspect, where the private key is chosen randomly (or at least pseudo randomly) within the constraints of suitable choices for private keys.
  • the choice of constraints for a suitable private key will now be described.
  • the performance in terms of reliable reproduction of an original message after undergoing the encryption/decryption depends on the accuracy of/*g ⁇ /, which depends how accurately an inverse g of a private key / can be calculated.
  • the accuracy of the inversion of a private key/ depends on the ratio of the number of elements L g of g and the number of elements Lf of / i.e. L g /Lf.
  • L g is typically a factor often larger than Lf.
  • phase of a key means the phase spectrum of the Fourier transform of the key.
  • Private key inversions are simpler to calculate if the private key is minimum phase. A minimum phase key appears front-loaded in the sense that its "energy" appears early in the key (in short, the key looks big at the start and small at the end). A maximum phase key is the minimum phase key time-reversed, so it is small at the start and big at the end.. Mixed phase keys in very trivial terms are small at each end and bigger in the middle.
  • a suitable length L g should be chosen long enough so that inversion errors are sufficiently small so that all of the original text in the message can be recovered.
  • an invertible private key when encrypting and decrypting a message where the message has been encoded into a number sequence containing a range of decimal numbers, for example, for ASCII, decimal numbers between 32 and 100, the message will have a non-zero mean, which is equivalent to a DC (zero frequency) component in the Fourier transform of the message. If the Fourier transform of the private key, F, has a zero DC component then the product F*W will also have a zero component whatever the DC component of W, making any non-zero DC component of W unrecoverable. For this reason, F should not have a zero DC component at any frequency. In order for a successful recovery of a message the DC component of the product of the private key and an inverse of the private key should be equal to the DC component of the message. Therefore, the DC component of the private key has to be non-zero.
  • FIG. 4 An example of the performance of the invention is shown in figures 4 to 6.
  • Figures 4 and 5 shows two examples of minimum phase private keys where the private keys have been constructed using the Hubert Transformation.
  • the corresponding values of each element of the private keys are shown on the vertical axis.
  • the values shown on the vertical axis of figures 4 and 5, have been specified to six significant figures in the following calculation.
  • the DC component of figure 4 is 0.062 and that of figure 5 is 0.018, both accurate to three decimal places.
  • the time it takes to carry out the method of the invention depends on, amongst other things, Lf, L g and the number of elements in the message L m ..
  • Table 1 Timings to encrypt and decrypt various texts with the private key of figure 4.
  • the sensitivity of the invention relates to the level of imprecision in guessing one of the significant figures in one element of the encrypting private key that causes the decryption to fail.
  • An advantage of the discrete convolution given in equation (1) is that an error is spread over many adjacent elements and the algorithm is very sensitive as a result.
  • the sensitivity will depend on, amongst other things, the number of elements L/ of the private key.
  • Figure 6 shows the input message w on the left and the decrypted version on the right, where the message was encrypted using the private key given in figure 4 and decrypted using an inverse of a slightly altered version of the private key, where a change of just one unit in the second significant place of one of the 118 elements has been made to the private key of figure 4.
  • the error rapidly spreads and complete nonsense results for the remaining characters. In practice, some gibberish text at the beginning would render the whole of the original plain text indecipherable. It is worth noting that the imprecision of the decrypted message shown in figure 6 only relates to the inversion of the private key. It is independent of the length of the encrypted message in the first embodiment of the invention.
  • Figure 6 shows how the level of sensitivity of the decryption depends on the number of elements in the private key.
  • the probability of guessing 2x118 significant figures in the right order is 1 in 10 236 . Therefore the probability of obtaining the message by guessing the private key is very low, even when the private key length is known. Other factors such as getting the signs right give another multiplication factor of around 2 118 . The total is comparable to approximately 1 in 10 280 .
  • the uncertainty of the private key length and its phase are included the algorithm looks very secure to brute force attacks.
  • the sender encrypts the message with a minimum phase first private key /j 302 and sends the resultant first encrypted message to the receiver 303.
  • the receiver adds additional message element, r, in this embodiment, a randomly generated text string, to an end of the first encrypted message w*fa and encrypts the first encrypted message and its augmentation with a minimum phase second private key fa to get the second encrypted message (w*fs+r) *fa.
  • the receiver then returns this second encrypted message to the sender 305.
  • step 306 the sender adds additional message element, s, in this embodiment, a randomly generated text string, to an end of the second encrypted message and applies the inverse of the first public key fs '1 to the second encrypted message and its augmentation to obtain a third encrypted message, ((w*fa+r) * fa+s)* fs '1 ' , which since * is commutative can be written w* fs* fs '1 * fa+r* fs '1 * fa+s* fs '1 ⁇ w* fa+r* fs ⁇ 1 * fa+s* fa '1 ' ⁇
  • the third encrypted message is then sent to the receiver 307.
  • the receiver now applies the inverse of the second public key / R 1 to the third encrypted message to get w*f R *f R 1 +r*f s 1 *f R *f R 1 +s*f s 1 *f R 1 ⁇ w+r ⁇ //'+**// ! * fn '1 .
  • This will reveal the original encoded message w because r and s were chosen to start at the end of their respective messages.
  • the private keys (filters) fsf R are minimum phase, so are their inverses fs '1 /a '1 , so that there is no forward leakage into the message from either augmented text, r and s.
  • r* fs 1 starts where r used to and s* fs 1 * / R '1 starts where s used to.
  • Message, w appears at the beginning of the whole message and can be trivially extracted and coded back into text as described above.
  • the third embodiment of the invention has three eavesdrop points but five unknowns).
  • the sender has no knowledge of the private key, ⁇ , or the additional text element, r, and the receiver has no knowledge of the private key, fs, or the additional text element, s. Accordingly, even though the system is an asymmetric system, the system still does not require any public knowledge of any key; keys/j and / R are generated uniquely and privately by each of the sender and receiver as appropriate and do not need to be revealed to anybody. It will be understood that other embodiments of the invention may achieve all, some or none of the advantages described. Furthermore, it will be understood that the invention is not limited to the described embodiments but the invention includes modification and alterations that fall within the scope of the invention described herein
  • processors of the communication system and transmitter and receiver devices as recited in the claims may be arranged to carry out any or all of the steps recited in the method claims.

Abstract

A method of encrypting or decrypting a message comprising carrying out a discrete convolution given by Formula (I), where m is the message to be encrypted or decrypted comprising an array of Lm elements, h is a key or an inverse of a key comprising an array of Lh elements and e is the resulting encrypted or decrypted message comprising an array of Le elements.

Description

CRYPTOGRAPHY
This invention relates to a method and apparatus for encrypting and/or decrypting a message such that the message can be exchanged between a sender and a receiver without being acquired by an eavesdropper.
Background
Conventionally, messages are exchanged secretly using Public Key Cryptography, where an encoded message is encrypted by a sender using a public key and decrypted by a receiver using their private key. The method relies on a mathematical relation of the public key to the private key, with the degree of security depending on the difficulty in obtaining the private key from the public key. Current techniques use mathematical relations containing large prime numbers where the level of security is connected to the presumed difficulty of factorizing large integers, a problem for which there is no known efficient general technique.
However, a problem with Public Key Cryptography is that, in theory, it is possible to derive the private key from the public key with the creation of either an algorithm with a sufficiently high efficiency or a computer processor with a sufficiently high processing power. The method is therefore always under threat from advances in these fields. Efforts have been made to increase the difficulty in solving the mathematical relation by increasing the numerical size of the public and private keys. However, larger key sizes require more computer processing power, leading to a reduction in the encryption/decryption processing rates.
Summary
According to a first aspect of the invention there is provided a method of transmitting a message comprising a sender encrypting the message using a first private key to result in a first encrypted message and sending the first encrypted message to a receiver, the receiver encrypting the first encrypted message using a second private key to result in a second encrypted message and sending the second encrypted message to the sender, the sender decrypting the second encrypted message using an inverse of the first private key to result in a third encrypted message and sending the third encrypted message to the receiver and the receiver decrypting the third encrypted message using an inverse of the second private key.
According to a second aspect of the invention there is provided a method of transmitting a true message comprising a sender encrypting a false message using a first private key to result in a first encrypted message and sending the first encrypted message to a receiver, the receiver encrypting the first encrypted message using a second private key to result in a second encrypted message and sending the second encrypted message to the sender, the sender encrypting the true message with a third private key, the third private key comprising an inverse of the first encrypted message and the second encrypted message, to result in a third encrypted message and sending the third encrypted message to the receiver, the receiver decrypting the third encrypted message using an inverse of the second private key.
An advantage of both aspects of the above invention is that neither method requires the use of a public key (the first private key of the sender and the second private key of the receiver are kept private) and the private keys can be changed for the transmission of different messages without requiring an agreement protocol. This may increase the security of transmitting and receiving the message.
A further advantage of the second aspect of the invention is that the true message is only transferred once between the sender and receiver, instead of twice in the case of the first aspect of the invention, thus decreasing the risk of the true message being obtained by an eavesdropper.
According to a third aspect of the invention there is provided a method for sending a message comprising encrypting the message using a first private key to result in a first encrypted message and sending the first encrypted message to a receiver, receiving a second encrypted message from the receiver, the second encrypted message resulting from an encryption of the first encrypted message with a second private key, decrypting the second encrypted message using an inverse of the first private key to result in a third encrypted message and sending the third encrypted message to the receiver. According to a fourth aspect there is provided a method for sending a message comprising encrypting a false message using a first private key to result in a first encrypted message and sending the first encrypted message to a receiver, receiving a second encrypted message from the receiver, the second encrypted message resulting from an encryption of the first encrypted message with a second private key, encrypting a true message with a third private key, the third private key comprising an inverse of the first encrypted message and the second encrypted message, to result in a third encrypted message and sending the third encrypted message to the receiver.
According to a fifth aspect of the invention there is provided a method for receiving a message comprising receiving a first encrypted message from a sender, the first encrypted message resulting from an encryption using a first private key, encrypting the first encrypted message using a second private key to result in a second encrypted message and sending the second encrypted message to the sender, receiving a third encrypted message from a sender, the third encrypted message resulting from a decryption of the second encrypted message using an inverse of the first private key or an encryption of a true message using a third private key, the third private key comprising an inverse of the first encrypted message and the second encrypted message, and decrypting the third encrypted message using an inverse of the second private key.
According to a sixth aspect of the invention there is provided a transmitter device for transmitting a message comprising an input for receiving a message, a processor arranged to encrypt the message using a first private key to result in a first encrypted message, a transceiver for transmitting the first encrypted message to a receiver device and receiving a second encrypted message from the receiver device, the second encrypted message being a result of an encryption of the first encrypted message using a second private key, the processor further arranged to decrypt the second encrypted message using an inverse of the first private key to result in a third encrypted message and cause the transceiver to transmit the third encrypted message to the receiver device.
It will be understood that the use of the term "transceiver" in relation to the invention is a device comprising a transmitter and receiver that is not limited to transmitter and receiver devices that share the same circuitry.
According to a seventh aspect of the invention there is provided a transmitter device for transmitting a message comprising an input for receiving a true message, a processor arranged to encrypt a false message using a first private key to result in a first encrypted message, a transceiver for transmitting the first encrypted message to a receiver device and receiving a second encrypted message from the receiver device, the second encrypted message being a result of an encryption of the first encrypted message using a second private key, where the processor is further arranged to encrypt the true message with a third private key, the third private key comprising an inverse of the first encrypted message and the second encrypted message, to result in a third encrypted message and cause the transceiver to transmit the third encrypted message to the receiver device. According to an eighth aspect of the invention there is a receiver device for receiving a message comprising a transceiver for receiving a first encrypted message from a transmitter device, the first encryption being a result of encrypting a message using a first private key, a processor arranged to encrypt the first encrypted message using a second private key to result in a second encrypted message and cause the transceiver to transmit the second encrypted message to the transmitter device and receive a third encrypted message from the transmitter device, the third encrypted message being a result of a decryption of the second encrypted message using an inverse of the first private key or an encryption of a true message with a third private key, the third private key comprising an inverse of the first encrypted message and the second encrypted message, the processor further arranged to decrypt the third encrypted message using an inverse of the second private key.
According to a ninth aspect of the invention there is a communication system comprising a transmitter device according to the sixth or seventh aspects of the invention arranged to communicate across a network path with a receiver device according to the eighth aspect of the invention.
According to a tenth aspect of the invention there is provided a data carrier having stored thereon instructions which when executed by processors of a communication system causes the communication system to carry out the method of either the first or the second aspects of the invention. According to an eleventh aspect of the invention there is provided a data carrier having stored thereon instructions which when executed by a processor of a communication device causes the communication device to carry out the method of any one of the third to the fifth aspects of the invention.
In one embodiment the steps of encrypting and decrypting is commutative, in that each of the encrypted messages is independent of the order in which the steps of encrypting and/or decrypting, that result in that encrypted message, is carried out.
A private key,/, and an inverse of the private key, g, may be chosen such that/*g ~ /, where / is an identity operator such that w*I = w, wherein * is an operator used in the steps of encrypting and decrypting and w is a message.
It will be understood that the use of the term "~" may mean the approximation f*g ~ / is defined such that the original message is recovered after the encrypting and decrypting steps have been carried out. For example, the message may comprise different numerical values representing different text characters and the accuracy of f*g ~ / may be such that the numerical elements of a final decrypted message are close enough to the numerical values of the original message that the original message can be recovered. The step of encrypting or decrypting a message may comprise a discrete convolution, wherein the process of encrypting or decrypting the message is given by,
L - \ ,
Figure imgf000009_0001
where m is an array of Ln, elements to be encrypted or decrypted, h is one of the private keys or one of the inverses of one of the private keys comprising an array of Lh elements, and e is the resulting encrypted or decrypted message comprising an array of Le elements.
An advantage of using the discrete convolution to encrypt and decrypt a message is that it is very sensitive to errors in the private key, as during the decryption stage this error is spread over many adjacent elements. The method is thus very secure against attempts by an eavesdropper to decrypt and understand the message fully as the eavesdropper would have to obtain the private key very precisely.
In one embodiment, the method for determining an inverse, g, of a private key, f, may be approximated, wherein a Wiener-Hopf equation as follows is solved for g,
∑ gt ∑ fk- tfk-j= ∑ dkfk t=0 k=0 k=0 for j = 0, 1..., Lg - 1, wherein Lg is a number of elements of g and the desired output d is chosen to be equal to an isolated unit value such that g*f ~ I.
Accordingly, the method for determining an inverse, g, of a private key,/, may be approximated by solving Wiener-Hopf equation using an algorithm due to Norman Levinson quoted in the Appendix of "N. Wiener. The Extrapolation, Interpolation and Smoothing of Stationary Time Series, MIT Press, 1942".
An advantage of using the algorithm due to Norman Levinson is that this is a very fast way of solving the Wiener-Hopf equation.
In one embodiment the method steps according to the first to the fifth aspects of the invention comprises determining the first and/or the second private key(s). In a further embodiment, the first and/or the second private key(s) are predetermined, for example retrieved from memory.
The number of elements of the private key Lf and the number of elements of an inverse of a private key Lg are suitably large such that a message can be recovered after the encrypting and decrypting steps have been carried out.
The number of elements of a private key Lf is suitably large such that an encryption of a message has a desired level of protection. In one embodiment, the method comprises identifying the desired level of protection and determining the number of elements of a private key Lf based on the identified desired level of protection. The desired level of protection may be the probability of an encrypted message being decrypted by a brute force attack, i.e. an eavesdropper guessing the private key by systematically trying a large number of number sequences as possible private keys. The number of elements of the private key is one of the factors that determine the probability of an encrypted message being decrypted by a brute force attack. For example, the probability P may be equal to 1 in 102i^, and therefore for an identified desired level of protection, the number of elements of the private key may be calculated using Lf = -Vi log (P).
The step of encrypting a message comprising a discrete convolution in one embodiment may comprise determining the Fourier transform of the message, determining the Fourier transform of a private key, determining a product of the Fourier transform of the message and the Fourier transform of the private key and determining the inverse Fourier transform of the product.
The step of decrypting a message comprising a discrete convolution in one embodiment may comprise determining the Fourier transform of the message, determining the Fourier transform of an inverse of a private key, determining a product of the Fourier transform of the message and the Fourier transform of an inverse of the private key and determining the inverse Fourier transform of the product. In one embodiment the Fourier transforms can take the form of Fast Fourier
Transforms (FFTs).
An advantage of the invention is for a particularly long message the Fourier Transform in the form of the FFT is particularly efficient requiring n log n operations for n numbers.
The message may be encoded from text to numerical form using standard schemes, in one embodiment the message may be encoded using ASCII.
Such a method is vulnerable to attack if the message remains unchanged throughout the steps of encryption and decryption as an eavesdropper listening on the initial exchange of the first encrypted message and second encrypted message would in principal be able to recover the private key of the receiver (the second private key). With this knowledge, if the eavesdropper was able to listen in on the transfer of the third encrypted message, the eavesdropper could recover the original message by decrypting the third encrypted message with the private key of the receiver without the sender or receiver realising.
Accordingly, encrypting the first encrypted message may comprise adding a (first) additional message element, such as randomly generated text, to the first encrypted message and encrypting the first encrypted message together with the (first) additional message element using a second private key to result in a second encrypted message. In a preferred embodiment, the additional message element is added to the end of the first encrypted message.
Furthermore, decrypting the second encrypted message using an inverse of the first private key to result in a third encrypted message may comprise adding a (second) additional message element, such as randomly generated text, to the second encrypted message and decrypting the second encrypted message together with the
(second) additional message element with the inverse of the first private key. In a preferred embodiment, the additional message element is added to the end of the second encrypted message.
This defeats the eavesdropper because the presence of the additional message elements deprives the eavesdropper access to the necessary information to recover the first and/or second private keys.
If encryption and decryption of the message involves the addition of additional message elements, decryption of the third encrypted message using an inverse of the second private key will result in the original message plus the encoded additional message elements. The original message can be extracted based on a known location of the encoded additional message elements, for example if it is known that the encoded additional message elements will appear at the end of the message decoded by the receiver. Leakage of the encoded additional message elements into the message can be avoided by selecting the first and second private keys to be minimum phase. If first and second private keys are used that are not minimum phase then the lengths of each additional message element needs to be matched to any anticipation components in the first/second private key. An anticipation component is that part of the key that appears before time zero.
According to a twelfth aspect of the invention there is a method of encrypting or decrypting a message comprising carrying out a discrete convolution given by
e = ∑ hkm k ,
Ar=O where m is the message to be encrypted comprising an array of Ln, elements, A is a key or an inverse of a key comprising of an array of Lh elements and e is the resulting encrypted message comprising an array of Le elements.
Such a method of encryption and decryption can be used with the method described above as part of a Public Key Cryptography scheme. For example, the method may comprise encrypting a message, w, by convo luting the message, w, with a private key,fs, (to obtain w*fs), encrypting the private key with a public key of the receiver and sending the encrypted private key and the encrypted method to the receiver. The receiver can then decrypt the encrypted private key using the private key and decrypt the message, w, using the decrypted private key. Such methods are valuable because full public key encryption of large messages is resource intensive and conforms with encryption schemes, such as Zimmerman's PGP.
If an eavesdropper obtains w*fs when it is sent to the receiver, the results of the convolution is non-unique increasing the difficulty on breaking the encryption by a brute force attack when compared to schemes with a unique inverse and message.
More specifically, the nature of the encryption means that there exists a false key/ such that v*fv = w*fs. In other words, if in a brute force search for a key to break the encryption, the eavesdropper comes across fv and decrypts the encrypted message using fv ~' , they would get v, which is entirely reasonable but wrong. A reason that such non-uniqueness arises is because when the message is encoded, for example form ASCII, to floating point, it increases in size by typically a factor of eight. However, this manifests itself as redundancy and then non-uniqueness.
There are potentially a very large number of spurious answers/ making guessing of the actual private key very difficult.
According to a thirteenth aspect of the invention there is a method for encrypting a message comprising determining the Fourier transform of the message, determining the Fourier transform of a key, determining a product of the Fourier transform of the message and the Fourier transform of the key and determining the inverse Fourier transform of the product.
According to a fourteenth aspect of the invention there is a method for determining an inverse, g, of a key,/, where/is used for encrypting a message and g is used for decrypting a message, wherein the following Wiener-Hopf equation is solved for g,
Figure imgf000015_0001
for j = 0, 1..., Lg - 1, wherein Lg is a number of elements of g and the desired output d is chosen to be equal to an isolated unit value / = {1,0,0, ...,Oj, such that
Description
Embodiments for the invention will now be described, by example only with reference to the accompanying drawing, in which:-
Figure 1 shows a schematic view of a communication system used to send and receive messages according to an embodiment of the invention;
Figure 2 shows a flow chart of the steps of transmitting a message secretly between a sender and a receiver in accordance with a first embodiment of the invention;
Figure 3 shows a flow chart of the steps of transmitting a message secretly between a sender and a receiver in accordance with a second embodiment of the invention;
Figure 4 gives an example of a suitable choice for a first private key containing 118 elements, constructed using the Hubert transform; Figure 5 gives an example of a suitable choice for a first private key containing 64 elements, constructed using the Hubert transform;
Figure 6 shows the results of a sensitivity test of the invention; and
Figure 7 shows a flow chart of the steps of transmitting a message secretly between a sender and a receiver in accordance with a third embodiment of the invention.
Referring to figure 1, a communication system used to send and receive a message secretly according to an embodiment of the invention comprises a transmitter device 1, a network path 2 and a receiver device 3. The transmitter device 1 and the receiver device 3 operate in two-way communication (as indicated by the arrows) across the network path 2.
The transmitter device 1 comprises an input 4, a processor 5, a transceiver 6 and a data carrier 10. The input 4 is arranged to receive a message, for example, the input 4 may be a keyboard of a computer. The transmitter device 1 may further comprise a display device 11 for viewing the message.
The receiver device 3 comprises a transceiver 7, a processor 8 and a data carrier 10. The receiver device 3 may further comprise a display/input device 9 for displaying and/or modifying a message, for example the display/input device 9 may comprise a computer monitor and keyboard. For example, the processors 5 and 8 may be the processors of a computer and the transceivers 6 and 7 may be modems of a computer, where the network path 2 is the Internet. The data carrier 10, which in this case is memory, stores amongst other things a computer program which when executed by the processors 5 or 8 to cause the communication system to operate in accordance with the invention, which will now be described with reference to Figure 2.
A transmitter device 1 receives a message w via the input device 4 in step 101. For example the message may be text represented in numerical form using standard schemes, such as ASCII.
On receiving the message, w, the transmitter device 1 selects a suitable first private key/j, for example /j may comprise a string of numbers between -10 and 10 with a non-zero DC component.
It will be understood that the term "DC component" of a key means the DC frequency component after the Fourier transform of the key. For the reasons explained below, the key, f, when Fourier transformed should have a non-zero DC component at all frequencies. In practice, this is trivial to achieve if filters are designed in the frequency domain.
The message is encrypted in step 102 by the processor 5 using the first private key s to result in a first encrypted message given by w*f$. The encryption and decryption operator * comprises a discrete convolution, given by
L1,- I
Figure imgf000019_0001
where m is an array of Ln, elements, h is one of the private keys or one of the inverses of one of the private keys comprising an array of Lh elements, and e is the resulting encrypted or decrypted message comprising an array of Le elements.
The encryption and decryption processes are carried out by taking FFTs. For the first encrypted message, the FFTs of w and/j (designated W and F) are multiplied and the inverse Fourier transform is then calculated to give the discrete convolution
In step 103, the transmitter device 1 using the transceiver 6 sends the first encrypted message across the network path 2 to the receiver device 3.
The receiver device 3 receives the first encrypted message through transceiver 7 and the processor 8 encrypts the first encrypted message in step 104 using a second private key /R in accordance with equation 1 to result in a second encrypted message given by w*fs*fκ. In step 105, the receiver device 3 sends the second encrypted message using the transceiver 7 across the network path 2 to the transmitter device 1.
In step 106, the transmitter device 1 receives the second encrypted message through transceiver 6 and decrypts part of the second encrypted message with an inverse of the first private key using equation 1 to produce a third encrypted message. Again, this may be carried out using Fourier transforms of the second encrypted message and the inverse (the Fourier transform of the inverse denoted G).
The processor 5 calculates an inverse gs of the first private key/j, such that fs*gs ~ I, where / is an identity operator such that w*I = w. This may be done beforehand or on receiving the message.
An inverse g of a private key / may be approximated by solving the following Wiener-Hopf equation for g,
Figure imgf000020_0001
for / = 0, 1..., Ls - 1, wherein Ls is a number of elements in g and the desired output d is chosen to be equal to an isolated unit value such that g*f ~ I. For efficiency, this is done using an algorithm due to Norman Levinson quoted in the Appendix of "N. Wiener. The Extrapolation, Interpolation and Smoothing of
Stationary Time Series, MIT Press, 1942".
The unit value / contains Lj+ Lg-1 samples altogether, with the single unit value preceded by Lϊ≥O zeros. LL is known as the lag or delay and is related to the phase spectrum of the key,/, if it is to be treated as a time series. This is an important factor in the performance of the inverse of the key, as will be discussed below.
The processor 5 decrypts the second encrypted message in step 106 using gs to result in a third encrypted message given by w*/s% *gs.
As the discrete convolution function * is commutative, the third encrypted message is independent of the order in which the steps of encrypting and/or decrypting is carried out. Therefore the third encrypted message is equivalent to the message w encrypted with the second private key, i.e. w*fs*fκ*gs = w*fs*gs*fκ ~ W*I*/R = w%.
The transmitter device 1 sends the third encrypted message using the transceiver 6, in step 107, to the receiver 3 via the network path 2.
In step 108, the receiver device 3 receives the third encrypted message through the transceiver 7. The processor 8 calculates an inverse gR of the second private key/? using the equation 2 such that fκ*gκ ~ I, which may be done beforehand or on receiving the third encrypted message. The processor 8 decrypts the third encrypted message using gR to result in w*fs*fκ*gs*gR ≡ w*fs*gs*fκ*gR ~ w*I*I = w, thus recovering the original message w.
The invention may comprise a further step 109, where the processor 8 decodes the message from numerical to text form using standard schemes, such as ASCII. For an encoding step such as ASCII which produces integers in the range between 30 and 100, the accuracy of the reconstruction by the receiver must be such that, if ne is the number representing the text before encryption and rid is the decrypted number, then: ne~ nd ° - 5
After transmission of the message and decryption a user may read the message and/or makes alterations to the message using the display/input device 9 for displaying and/or modifying a message. The receiver device 3 may be further arranged to forward the message secretly to another receiver by carrying out the steps in figure 2.
A second embodiment of the invention will now be described with reference to figure 3.
In a second embodiment of the invention the transmitter device 1 receives a true message wt (i.e. a message to be communicated to the receiver device 3) via the input 4 in step 201. The transmitter device 1 chooses a suitable first private key/j and encrypts a false message w/ (i.e. a message to be transmitted but not communicated to the receiver 3) in step 202 using the processor 5 with a first private key /j to result in a first encrypted message, given by w/*fs. The false message may be a predetermined false message stored on the data carrier 10 or may be an original false message received from the input 4.
Steps 203 to 205 are the same as the corresponding steps 103 to 105 in the first embodiment of the invention and will not be described again in detail.
The transmitter device 1 calculates an inverse (w/fs)'1 of the first encrypted message using processor 5, such that w/fs* (w/fs)'1 ~ I, where / is an identity operator such that w*I = w. This may be done beforehand or after receiving the second encrypted message. The transmitter device 1 then determines a third private key (w/fs)'1 * w/fs*fκ , comprising of an inverse of the first encrypted message oϊ(w/fs)'! and the second encrypted message w/fs*fκ.
In step 206 the transmitter device 1 encrypts the true message wt with the third private key using the processor 5 to result in a third encrypted message, given by Wt*(w/fs)'J '*w/fs*fR ≡ wt* w/fs* (w/fs)'1 *fR ~ wt*I* fR = wt*fR, where the third encrypted message is equivalent to the true message encrypted with the second private key.
Step 207 is the same as step 107 in figure 2. In step 208, the receiver device 3 receives the third encrypted message through the transceiver 7. The processor 8 calculates an inverse gR of the second private key /R, such that fR*gR ~ I. The processor 8 decrypts the third encrypted message using gR to result in wt*(wf*fs)~' *wf*fs*fR *gR ≡ wt* Wf*fs*(wf*fs)~' %*gκ ~ wt*I*I = wt, thus recovering the true message wt.
Step 209 is the same as step 109 in figure 2.
The determination of a private key may comprise a random aspect, where the private key is chosen randomly (or at least pseudo randomly) within the constraints of suitable choices for private keys. The choice of constraints for a suitable private key will now be described.
The performance in terms of reliable reproduction of an original message after undergoing the encryption/decryption depends on the accuracy of/*g ~ /, which depends how accurately an inverse g of a private key / can be calculated. The accuracy of the inversion of a private key/ depends on the ratio of the number of elements Lg of g and the number of elements Lf of / i.e. Lg/Lf. In practice, to make the computation of g accurate enough to recover a message, Lg is typically a factor often larger than Lf.
The inversion of a private key /may also depend on the phase of/ and the phase may affect the way in which the inversion is calculated. It will be understood that the term "phase" of a key means the phase spectrum of the Fourier transform of the key. Private key inversions are simpler to calculate if the private key is minimum phase. A minimum phase key appears front-loaded in the sense that its "energy" appears early in the key (in short, the key looks big at the start and small at the end). A maximum phase key is the minimum phase key time-reversed, so it is small at the start and big at the end.. Mixed phase keys in very trivial terms are small at each end and bigger in the middle.
For a given length key, the performance of the key varies depending on the phase of the key. A minimum phase key is best inverted with the desired output at zero delay (that is the unit value of/ is at the start). A mixed phase key is best inverted with some non-zero delay. If the phase is resolved correctly, the accuracy then depends on the length of the key. Accordingly, a suitable length Lg should be chosen long enough so that inversion errors are sufficiently small so that all of the original text in the message can be recovered.
In further regard to a suitable choice for an invertible private key, when encrypting and decrypting a message where the message has been encoded into a number sequence containing a range of decimal numbers, for example, for ASCII, decimal numbers between 32 and 100, the message will have a non-zero mean, which is equivalent to a DC (zero frequency) component in the Fourier transform of the message. If the Fourier transform of the private key, F, has a zero DC component then the product F*W will also have a zero component whatever the DC component of W, making any non-zero DC component of W unrecoverable. For this reason, F should not have a zero DC component at any frequency. In order for a successful recovery of a message the DC component of the product of the private key and an inverse of the private key should be equal to the DC component of the message. Therefore, the DC component of the private key has to be non-zero.
An example of the performance of the invention is shown in figures 4 to 6. Figures 4 and 5 shows two examples of minimum phase private keys where the private keys have been constructed using the Hubert Transformation. The number of elements Lf of the private keys is shown on the horizontal axis in figures 4 and 5, where the private keys contains Lf = 118 elements and Lf = 64 elements in figures 4 and 5 respectively. The corresponding values of each element of the private keys are shown on the vertical axis. The values shown on the vertical axis of figures 4 and 5, have been specified to six significant figures in the following calculation. The DC component of figure 4 is 0.062 and that of figure 5 is 0.018, both accurate to three decimal places. An inverse private key nine times the original private key length was constructed in each case by solving equation (2) using an algorithm due to Norman Levinson quoted in the Appendix of "N. Wiener. The Extrapolation, Interpolation and Smoothing of Stationary Time Series, MIT Press, 1942".. Double precision arithmetic is used throughout the calculation.
The accuracy A of Wiener inverse private keys is computed as
Figure imgf000027_0001
where d is the desired output d={l, 0,0,0, ...} where the 1 might be delayed a few positions if the private key/ is not minimum phase, and d'=f*g is the actual output resulting from applying the inverse of the private key g to the private key/ Note that an accuracy of A=LO corresponds to perfection, where there is no difference between the actual output d' and the desired output d. For the private keys above the accuracy was typically A=O.99998 and this led to errors in the inversion of at most around 0.1%, which is well below the level necessary to give the wrong character on decoding.
The time it takes to carry out the method of the invention depends on, amongst other things, Lf, Lg and the number of elements in the message Lm..
To test the time it takes an algorithm to carry out the method of the invention, three standard texts were used and processed using the method described in reference to figure 2 programmed in C. For each of these the time to encode, encrypt, decrypt and decode was measured on a single processor AMD XP2800+ machine, (Linux Bogomips rating 4170.08). The texts were treated in one block using FFT and the private key shown in figure 4. The results are shown in Table 1.
Figure imgf000028_0001
Table 1 : Timings to encrypt and decrypt various texts with the private key of figure 4.
The sensitivity of the invention relates to the level of imprecision in guessing one of the significant figures in one element of the encrypting private key that causes the decryption to fail. An advantage of the discrete convolution given in equation (1) is that an error is spread over many adjacent elements and the algorithm is very sensitive as a result. The sensitivity will depend on, amongst other things, the number of elements L/ of the private key.
Figure 6 shows the input message w on the left and the decrypted version on the right, where the message was encrypted using the private key given in figure 4 and decrypted using an inverse of a slightly altered version of the private key, where a change of just one unit in the second significant place of one of the 118 elements has been made to the private key of figure 4. As can be seen in figure 6, after the first few characters, the error rapidly spreads and complete nonsense results for the remaining characters. In practice, some gibberish text at the beginning would render the whole of the original plain text indecipherable. It is worth noting that the imprecision of the decrypted message shown in figure 6 only relates to the inversion of the private key. It is independent of the length of the encrypted message in the first embodiment of the invention.
Figure 6 shows how the level of sensitivity of the decryption depends on the number of elements in the private key. For a private key of 118 elements, the probability of guessing 2x118 significant figures in the right order is 1 in 10236. Therefore the probability of obtaining the message by guessing the private key is very low, even when the private key length is known. Other factors such as getting the signs right give another multiplication factor of around 2118. The total is comparable to approximately 1 in 10280. When the uncertainty of the private key length and its phase are included the algorithm looks very secure to brute force attacks.
The above considerations in regards to performance, time taken and sensitivity can be equally applied to the second embodiment of the invention.
The methods of encryption using convolutional filters for the private keys described with reference to Figures 2 and 3 are vulnerable to an eavesdropper. These filters of course commute as is required by these methods, but an eavesdropper listening on the initial exchange of the first encrypted message and the exchange of the second encrypted message would in principal be able to recover the second private key ^ by applying the discrete Wiener-Hopf method of equation 2 with an input m*fs*fn and a desired output m*fs where the solution will be fa'1. If the eavesdropper is able to listen to the final exchange of the third encrypted message the eavesdropper could then extract the message without the sender or receiver realising.
The embodiment of the invention described with reference to figures 7 solves this problem.
As with the first embodiment of the invention the sender encrypts the message with a minimum phase first private key /j 302 and sends the resultant first encrypted message to the receiver 303. However, in step 304, the receiver adds additional message element, r, in this embodiment, a randomly generated text string, to an end of the first encrypted message w*fa and encrypts the first encrypted message and its augmentation with a minimum phase second private key fa to get the second encrypted message (w*fs+r) *fa. The receiver then returns this second encrypted message to the sender 305.
In step 306, the sender adds additional message element, s, in this embodiment, a randomly generated text string, to an end of the second encrypted message and applies the inverse of the first public key fs'1 to the second encrypted message and its augmentation to obtain a third encrypted message, ((w*fa+r) * fa+s)* fs'1 ', which since * is commutative can be written w* fs* fs'1 * fa+r* fs'1 * fa+s* fs'1 ~w* fa+r* fs~ 1 * fa+s* fa'1 '■ The third encrypted message is then sent to the receiver 307. The receiver now applies the inverse of the second public key /R 1 to the third encrypted message to get w*fR*fR 1+r*fs 1*fR*fR 1+s*fs 1*fR 1~ w+r //'+**// !* fn'1. This will reveal the original encoded message w because r and s were chosen to start at the end of their respective messages. However, since the private keys (filters) fsfR are minimum phase, so are their inverses fs'1 /a'1, so that there is no forward leakage into the message from either augmented text, r and s. In other words, r* fs 1 starts where r used to and s* fs 1* /R '1 starts where s used to. Message, w, appears at the beginning of the whole message and can be trivially extracted and coded back into text as described above.
This defeats the eavesdropper because the presence of the unknown augmenting texts r and s deprives access to the complete transient convolutions (i.e the full range of t in equation 2, necessary to discover either the filters /j or ^ sufficiently accurately. (Unlike the first and second embodiments which have three unknowns and three eavesdrop points, the third embodiment of the invention has three eavesdrop points but five unknowns).
Furthermore, the sender has no knowledge of the private key, ^, or the additional text element, r, and the receiver has no knowledge of the private key, fs, or the additional text element, s. Accordingly, even though the system is an asymmetric system, the system still does not require any public knowledge of any key; keys/j and /R are generated uniquely and privately by each of the sender and receiver as appropriate and do not need to be revealed to anybody. It will be understood that other embodiments of the invention may achieve all, some or none of the advantages described. Furthermore, it will be understood that the invention is not limited to the described embodiments but the invention includes modification and alterations that fall within the scope of the invention described herein
It will be understood that the processor or processors of the communication system and transmitter and receiver devices as recited in the claims may be arranged to carry out any or all of the steps recited in the method claims.

Claims

1. A method of encrypting or decrypting a message comprising carrying out a discrete convolution given by k
Figure imgf000033_0001
where m is the message to be encrypted or decrypted comprising an array of Ln, elements, A is a key or an inverse of a key comprising an array of Ly1 elements and e is the resulting encrypted or decrypted message comprising an array of Le elements.
2. A method of claim 1, wherein the discrete convolution is carried out by determining a Fourier transform of m, determining the Fourier transform of h, determining a product of the Fourier transform of m and h and determining an inverse Fourier transform of the product.
3. A method of claim 1 or claim 2 wherein the Fourier transforms take the form of fast Fourier Transforms (FFTs).
4. A transmitter device for transmitting a message comprising an input for receiving a message, a processor arranged to encrypt the message using the method of any one of claims 1 to 3 and a transceiver for transmitting the encrypted message to a receiver device.
5. A receiver device for receiving a message comprising an input for receiving an encrypted message and a processor arranged to decrypt the message using the method of any one of the claims 1 to 3.
6. A communication system comprising a transmitter device according to claim 4 and a receiver device according to claim 5 arranged to communicate across a network path.
7. A data carrier having stored thereon instructions which when executed by a processor of a communication device causes the communication device to carry out the method of any one of claims 1 to 3.
8. A method of transmitting a message comprising a sender encrypting the message using a first private key to result in a first encrypted message and sending the first encrypted message to a receiver, the receiver encrypting the first encrypted message using a second private key to result in a second encrypted message and sending the second encrypted message to the sender, the sender decrypting the second encrypted message using an inverse of the first private key to result in a third encrypted message and sending the third encrypted message to the receiver and the receiver decrypting the third encrypted message using an inverse of the second private key.
9. A method of transmitting a true message comprising a sender encrypting a false message using a first private key to result in a first encrypted message and sending the first encrypted message to a receiver, the receiver encrypting the first encrypted message using a second private key to result in a second encrypted message and sending the second encrypted message to the sender, the sender encrypting the true message with a third private key, the third private key comprising an inverse of the first encrypted message and the second encrypted message, to result in a third encrypted message and sending the third encrypted message to the receiver, the receiver decrypting the third encrypted message using an inverse of the second private key.
10. A method for sending a message comprising encrypting the message using a first private key to result in a first encrypted message and sending the first encrypted message to a receiver, receiving a second encrypted message from the receiver, the second encrypted message resulting from an encryption of the first encrypted message with a second private key, decrypting the second encrypted message using an inverse of the first private key to result in a third encrypted message and sending the third encrypted message to the receiver.
11. A method for sending a message comprising encrypting a false message using a first private key to result in a first encrypted message and sending the first encrypted message to a receiver, receiving a second encrypted message from the receiver, the second encrypted message resulting from an encryption of the first encrypted message with a second private key, encrypting a true message with a third private key, the third private key comprising an inverse of the first encrypted message and the second encrypted message, to result in a third encrypted message and sending the third encrypted message to the receiver.
12. A method for receiving a message comprising receiving a first encrypted message from a sender, the first encrypted message resulting from an encryption using a first private key, encrypting the first encrypted message using a second private key to result in a second encrypted message and sending the second encrypted message to the sender, receiving a third encrypted message from a sender, the third encrypted message resulting from a decryption using an inverse of the first private key or an encryption of a true message with a third private key, the third private key comprising an inverse of the first encrypted message and the second encrypted message, and decrypting the third encrypted message using an inverse of the second private key.
13. A method according to claim 8 or claim 12, wherein encrypting the first encrypted message comprises adding a (first) additional message element to the first encrypted message and encrypting the first encrypted message together with the (first) additional message element using the second private key to result in the second encrypted message.
14. A method according to any one of claims 8, 10 and 13, wherein decrypting the second encrypted message using an inverse of the first private key to result in a third encrypted message comprises adding a (second) additional message element to the second encrypted message and decrypting the second encrypted message together with the (second) additional message element with the inverse of the first private key.
15. A method according to claim 13 or claim 14, wherein the first private key and the second private key are minimum phase.
16. A method according to claims 8 to 12 wherein each of the steps of encrypting and decrypting is commutative, in that each of the encrypted messages is independent of the order in which each of the steps of encrypting and/or decrypting that result in that encrypted message are carried out.
17. A method according to claims 8 to 16 wherein a private key,/, and an inverse of the private key, g, is chosen such that/*g ~ /, where / is an identity operator such that m*I = m, wherein * is an operator used in the steps of encrypting and decrypting and w is a message.
18. A method according to claims 8 to 17 wherein each step of encrypting or decrypting comprises a discrete convolution, wherein the process of encrypting or decrypting is given by,
L1,- I
,= Σ k * h mj- k =0 where m is an array of Lm elements to be encrypted or decrypted, h is one of the private keys or one of the inverses of one of the private keys comprising an array of Lh elements, and e is the resulting encrypted or decrypted message comprising an array of Le elements.
19. A method according to claims 8 to 18 wherein the step of encrypting a message comprises determining a Fourier transform of the message, determining a Fourier transform of the private key, determining a product of the Fourier transform of the message and the Fourier transform of the private key and determining the inverse Fourier transform of the product.
20. A method according to claims 8 to 19 wherein the step of decrypting a message comprise determining a Fourier transform of the message, determining a Fourier transform of an inverse of the private key, determining a product of the
Fourier transform of the message and the Fourier transform of the inverse of the private key and determining the inverse Fourier transform of the product.
21. A method according to claim 19 or 20 wherein the Fourier transforms take the form of Fast Fourier Transforms (FFTs).
22. A method according to claims 18 to 21 wherein determining an inverse, g, of a private key,/, comprises solving a Wiener-Hopf equation as follows for g,
Figure imgf000039_0001
for j = 0, 1..., Lg - 1, wherein Lg is the number of elements in g and the desired output d is chosen to be equal to an isolated unit value such that g*f ~ /.
23. A method according to claim 22 wherein g is approximated by solving the Wiener-Hopf equation using an algorithm due to Norman Levinson quoted in the Appendix of "N. Wiener. The Extrapolation, Interpolation and Smoothing of Stationary Time Series, MIT Press, 1942".
24. A transmitter device for transmitting a message comprising an input for receiving a message, a processor arranged to encrypt the message using a first private key to result in a first encrypted message, a transceiver for transmitting the first encrypted message to a receiver device and receiving a second encrypted message from the receiver device, the second encrypted message being a result of an encryption of the first encrypted message using a second private key, the processor further arranged to decrypt the second encrypted message using an inverse of the first private key to result in a third encrypted message and cause the transceiver to transmit the third encrypted message to the receiver device.
25. A transmitter device for transmitting a message comprising an input for receiving a true message, a processor arranged to encrypt a false message using a first private key to result in a first encrypted message, a transceiver for transmitting the first encrypted message to a receiver device and receiving a second encrypted message from the receiver device, the second encrypted message being a result of an encryption of the first encrypted message using a second private key, where the processor is further arranged to encrypt the true message with a third private key, the third private key comprising an inverse of the first encrypted message and the second encrypted message, resulting in a third encrypted message, and cause the transceiver to transmit the third encrypted message to the receiver device.
26. A receiver device for receiving a message comprising a transceiver for receiving a first encrypted message from a transmitter device, the first encryption being a result of encrypting a message using a first private key, a processor arranged to encrypt the first encrypted message using a second private key to result in a second encrypted message and cause the transceiver to transmit the second encrypted message to the transmitter device and receive a third encrypted message from the transmitter device, the third encrypted message being a result of a decryption using an inverse of the first private key or an encryption of a true message with a third private key, the third private key comprising an inverse of the first encrypted message and the second encrypted message, the processor further arranged to decrypt the third encrypted message using an inverse of the second private key.
27. A communication system comprising a transmitter device according to claim 24 or 25 and a receiver device according to claim 26 arranged to communicate across a network path.
28. A data carrier having stored thereon instructions which when executed by processors of a communication system causes the communication system to carry out the method of claims 8 to 23.
29. A method for encrypting a message comprising determining the Fourier transform of the message, determining the Fourier transform of a key, determining a product of the Fourier transform of the message and the Fourier transform of the key and determining the inverse Fourier transform of the product.
30. A method according to claim 29 wherein the Fourier transforms takes the form of Fast Fourier Transforms (FFTs).
31. A method for determining an inverse, g, of a key, /, where / is used for encrypting a message and g is used for decrypting a message, wherein a
Wiener-Hopf equation as follows is solved for g,
Ls +L - 1 t=C
Figure imgf000041_0001
for j = 0, 1..., Lg - 1, wherein Lg is the number of elements in g and the desired output d is chosen to be equal to an isolated unit value such that g*f ~ I.
32. A method according to claim 31 for determining an inverse, g, of a private key, f, where g is approximated by solving the Wiener-Hopf equation using an algorithm due to Norman Levinson quoted in the Appendix of "N. Wiener. The
Extrapolation, Interpolation and Smoothing of Stationary Time Series, MIT Press, 1942".
PCT/GB2009/051717 2008-12-16 2009-12-15 Cryptography WO2010070336A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1112117A GB2478685A (en) 2008-12-16 2009-12-15 Encryption / decryption method, cryptographic protocols and key inversion method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0822870.2 2008-12-16
GB0822870A GB0822870D0 (en) 2008-12-16 2008-12-16 Cryptography

Publications (2)

Publication Number Publication Date
WO2010070336A2 true WO2010070336A2 (en) 2010-06-24
WO2010070336A3 WO2010070336A3 (en) 2010-08-12

Family

ID=40326162

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2009/051717 WO2010070336A2 (en) 2008-12-16 2009-12-15 Cryptography

Country Status (2)

Country Link
GB (2) GB0822870D0 (en)
WO (1) WO2010070336A2 (en)

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU716797B2 (en) * 1996-08-19 2000-03-09 Ntru Cryptosystems, Inc. Public key cryptosystem method and apparatus
KR100577260B1 (en) * 2004-07-29 2006-05-10 엘지전자 주식회사 Apparatus of channel equalizer and Method of same

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
N. WIENER: "The Extrapolation, Interpolation and Smoothing of Stationary Time Series", 1942, MIT PRESS

Also Published As

Publication number Publication date
GB201112117D0 (en) 2011-08-31
GB2478685A (en) 2011-09-14
GB0822870D0 (en) 2009-01-21
WO2010070336A3 (en) 2010-08-12

Similar Documents

Publication Publication Date Title
CN110870250B (en) Key agreement device and method
EP3940988A1 (en) Multi-party threshold authenticated encryption
EP2920908A2 (en) Method for secure substring search
CN109873700B (en) Key generation method, device, computer readable storage medium and terminal equipment
EP2698945A2 (en) Vectorial private equality testing
US7349542B2 (en) Systems, methods and computer program products for encryption and decryption using wavelet transforms
Marton et al. Randomness in digital cryptography: A survey
JP5106124B2 (en) Three-stage data encryption system and method
Abderrahim et al. A chaotic stream cipher based on symbolic dynamic description and synchronization
Olumide et al. A hybrid encryption model for secure cloud computing
Haroun et al. Real-time image encryption using a low-complexity discrete 3D dual chaotic cipher
Islam et al. Denoising and error correction in noisy AES-encrypted images using statistical measures
Haroun et al. A new 3D chaotic cipher for encrypting two data streams simultaneously
CN108599941A (en) Random asymmetries expand byte encryption of communicated data method
Trushechkin On the operational meaning and practical aspects of using the security parameter in quantum key distribution
CN114465708B (en) Privacy data processing method, device, system, electronic equipment and storage medium
CN116383864A (en) Method, system, equipment and medium for protecting privacy and federally learning under distributed environment
WO2010070336A2 (en) Cryptography
WO2001091368A2 (en) Encryption system based on crossed inverse quasigroups
CN113746623B (en) Threshold key verification method and related equipment
CN108429736A (en) A kind of data decryption method
Haroun Secure communications based on chaotic systems
Moussa et al. Secured polar code derived from random hopped frozen-bits
JP5297918B2 (en) Encrypted numeric binary conversion system, method and program
CN113923029B (en) Internet of things information encryption method based on ECC (error correction code) hybrid algorithm

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09799700

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 1112117

Country of ref document: GB

Kind code of ref document: A

Free format text: PCT FILING DATE = 20091215

WWE Wipo information: entry into national phase

Ref document number: 1112117.5

Country of ref document: GB

122 Ep: pct application non-entry in european phase

Ref document number: 09799700

Country of ref document: EP

Kind code of ref document: A2