公开(公告)号：DE69416809D1

公开(公告)日：1999-04-08

申请号：DE69416809

申请日：1994-12-16

Applicant: IBM

Inventor： ROGAWAY PHILLIP W

IPC: G09C1/00 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32

Abstract: A method is described for substantially concurrently performing entity authentication operations and short-lived secret key distribution operations over an insecure communication channel between communication partners, wherein authenticity of communication partners is determined by possession of the long-lived shared secret key. The method includes a number of steps. Data flows are exchanged between the communication partners to define a composite key. At least a portion of the data flows have been encrypted or otherwise masked in a manner which utilizes the long-lived shared secret key. At least one authentication tag is passed between communication partners over the communication channel. The at least one authentication tag is based at least partially upon the composite key. The authentication tag is utilized to determine the authenticity of at least one communication partner.

公开(公告)号：DE69416809T2

公开(公告)日：1999-10-07

申请号：DE69416809

申请日：1994-12-16

Applicant: IBM

Inventor： ROGAWAY PHILLIP W

IPC: G09C1/00 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32

Abstract: A method is described for substantially concurrently performing entity authentication operations and short-lived secret key distribution operations over an insecure communication channel between communication partners, wherein authenticity of communication partners is determined by possession of the long-lived shared secret key. The method includes a number of steps. Data flows are exchanged between the communication partners to define a composite key. At least a portion of the data flows have been encrypted or otherwise masked in a manner which utilizes the long-lived shared secret key. At least one authentication tag is passed between communication partners over the communication channel. The at least one authentication tag is based at least partially upon the composite key. The authentication tag is utilized to determine the authenticity of at least one communication partner.

公开(公告)号：DE69431390D1

公开(公告)日：2002-10-24

申请号：DE69431390

申请日：1994-11-09

Applicant: IBM

Inventor： COPPERSMITH DON ,  ROGAWAY PHILLIP W

IPC: G09C1/00 ,  G06F12/14 ,  G06F21/00 ,  G06F21/24 ,  H04L9/18 ,  H04L9/22

Abstract: A software-efficient pseudorandom function maps an index and an encryption key to a pseudorandom bit string useful for constructing a stream cipher. The method begins by preprocessing the encryption key into a table of pseudorandom values. The index and a set of values from the table is then used to generate a set of initial values for the registers. At least some of the register values are modified in part by taking a current value of a register and replacing the current value with a function of the current value and a value retrieved from the table, the latter value being determined by the values in one or more other registers. After modifying the register values in this fashion, the values are masked using other values from the table and the results then concatenated into the pseudorandom bit string. The modification step is repeated and a new masked function of the register values is then concatenated into the pseudorandom bit string. The modification and concatenation steps are repeated to continue growing the pseudorandom bit string until the string reaches some desired length.

公开(公告)号：DE69431390T2

公开(公告)日：2003-06-05

申请号：DE69431390

申请日：1994-11-09

Applicant: IBM

Inventor： COPPERSMITH DON ,  ROGAWAY PHILLIP W

IPC: G09C1/00 ,  G06F12/14 ,  G06F21/00 ,  G06F21/24 ,  H04L9/18 ,  H04L9/22

Abstract: A software-efficient pseudorandom function maps an index and an encryption key to a pseudorandom bit string useful for constructing a stream cipher. The method begins by preprocessing the encryption key into a table of pseudorandom values. The index and a set of values from the table is then used to generate a set of initial values for the registers. At least some of the register values are modified in part by taking a current value of a register and replacing the current value with a function of the current value and a value retrieved from the table, the latter value being determined by the values in one or more other registers. After modifying the register values in this fashion, the values are masked using other values from the table and the results then concatenated into the pseudorandom bit string. The modification step is repeated and a new masked function of the register values is then concatenated into the pseudorandom bit string. The modification and concatenation steps are repeated to continue growing the pseudorandom bit string until the string reaches some desired length.

公开(公告)号：DE69618040T2

公开(公告)日：2002-08-29

申请号：DE69618040

申请日：1996-01-25

Applicant: IBM

Inventor： BELLARE MIHIR ,  ROGAWAY PHILLIP W

IPC: G09C1/00 ,  H04L9/06 ,  H04L9/32

Abstract: A method for encrypting a plaintext string into ciphertext begins by cipher block chaining (CBC) (70) the plaintext using a first key and a null initialization vector to generate a CBC message authentication code (MAC) whose length is equal to the block length. The plaintext string is then cipher block chained (72) again, now using a second key and the CBC-MAC as the initialization vector, to generate an enciphered string. The CBC-MAC and a prefix of the enciphered string comprising all of the enciphered string except the last block are then combined (74) to create the ciphertext. The described mode of operation is length-preserving, yet has the property that related plaintexts give rise to unrelated ciphertexts.

公开(公告)号：DE69618040D1

公开(公告)日：2002-01-31

申请号：DE69618040

申请日：1996-01-25

Applicant: IBM

Inventor： BELLARE MIHIR ,  ROGAWAY PHILLIP W

IPC: G09C1/00 ,  H04L9/06 ,  H04L9/32

Abstract: A method for encrypting a plaintext string into ciphertext begins by cipher block chaining (CBC) (70) the plaintext using a first key and a null initialization vector to generate a CBC message authentication code (MAC) whose length is equal to the block length. The plaintext string is then cipher block chained (72) again, now using a second key and the CBC-MAC as the initialization vector, to generate an enciphered string. The CBC-MAC and a prefix of the enciphered string comprising all of the enciphered string except the last block are then combined (74) to create the ciphertext. The described mode of operation is length-preserving, yet has the property that related plaintexts give rise to unrelated ciphertexts.

公开(公告)号：SG44363A1

公开(公告)日：1997-12-19

申请号：SG1995002314

申请日：1994-11-09

Applicant: IBM

Inventor： COPPERSMITH DON ,  ROGAWAY PHILLIP W

IPC: G09C1/00 ,  G06F12/14 ,  G06F21/00 ,  G06F21/24 ,  H04L9/18 ,  H04L9/22

Abstract: A software-efficient pseudorandom function maps an index and an encryption key to a pseudorandom bit string useful for constructing a stream cipher. The method begins by preprocessing the encryption key into a table of pseudorandom values. The index and a set of values from the table is then used to generate a set of initial values for the registers. At least some of the register values are modified in part by taking a current value of a register and replacing the current value with a function of the current value and a value retrieved from the table, the latter value being determined by the values in one or more other registers. After modifying the register values in this fashion, the values are masked using other values from the table and the results then concatenated into the pseudorandom bit string. The modification step is repeated and a new masked function of the register values is then concatenated into the pseudorandom bit string. The modification and concatenation steps are repeated to continue growing the pseudorandom bit string until the string reaches some desired length.