A message transmission system for the secure transmission of multi-block data messages from a sending station to a receiving station. The sending station contains cryptographic apparatus operative in successive cycles of operation during each of which an input block of clear data bits is ciphered under control of an input set of cipher key bits to generate an output block of ciphered data bits for transmission to the receiving station. Included in the cryptographic apparatus of the sending station is means providing one of the inputs for each succeeding ciphering cycle of operation as a function of each preceding ciphering cycle of operation. As a result, each succeeding output block of ciphered data bits is effectively chained to all preceding cycles of operation of the cryptographic apparatus of the sending station and is a function of the corresponding input block of clear data bits, all preceding input blocks of clear data bits and the initial input set of cipher key bits.
The invention relates to a method for checking data sequences, comprising a protection step and a verification step, with a control sequence being formed in the protection step on the basis of an identification sequence, which identification sequence comprises identification values which identify data sequences which are to be protected, and which control sequence comprises control values of which at least some have been formed on the basis of operation values, which operation values have been derived from data of sequences which were identified by the said identification values, and with the data sequences being verified, in the verification step, on the basis of the control values. In accordance with the invention control values are formed, successively, by combining an identification value with an operation value related to a preceding control value. The invention is especially useful for verifying data files.
A method and apparatus for providing improved error-recovery and cryptographic strength when enciphering blocks which succeed short blocks in a Key-Controlled Block-Cipher Cryptographic System with chaining. Beginning with a pre-existing current chaining value (V), the system determines whether a current input block (X) of data to be encrypted is a full block or a short block. Both in the previous system and in proposed improvement, if the block is a full block, the system first combines the chaining value (V) with said full block (X) by a reversible operation such as exclusive-or and then block-enciphers the result of said exclusive-or under control of the user's cryptographic key (K) to produce an output cipher full block (Y); but if the block is a short block, of length L.sub.s then the system first block-enciphers the current chaining value (V) under control of the user's key (K), producing a result W, and then combines the short block (X), in a reversible operation, with the left-most portion, of length L.sub.s, of W to produce an output cipher short block (Y), of length L.sub.s. In either case, in the proposed improvement, the system then sets a new chaining value (V') for the system, as being equal to the terminal full block's length of the concatenation of the current chaining value (V) with the produced block of ciphertext (Y), and causes this new chaining value (V') to be the chaining value (V) for the next block. In the case of a short block this gives increased strength to, and speeded error-recovery for, the succeeding block or blocks to be enciphered, over the previous practice, in which the new chaining value was the last-previous output (W) of the block-cipher system.
A process and arrangement that gives selective access to a security system, particularly in a payment system using debit cards, credit cards, or withdrawal of funds contained in a so-called smart card, and in particular on a chip card. The system comprises at least one first device and at least one second device that must be used in a correct configuration with one another in order to gain access. Access is gained by verifying that a certain coded key K2, held in the second device, is recognized as being valid by the first device, after comparing it with a renewing key K1 and previous versions of the code key K1 contained in the first device.
There is provided a data processor in which a plain text or a cipher text is segmented into two or more small blocks, the small blocks are each data-processed one small block as a unit to transform to a new small blocks and then the new small blocks are encrypted or decrypted. The data processor comprises transformation means F for transforming small blocks with keys, mutual action means for causing a mutual action to a pair of a small block which has been transformed by the transformation means and another small block, chaining means for chaining small blocks. With the data processor, even when a block length in encryption is short, high transmission efficiency can be enjoyed and Feistel type cryptosystem can be realized while preventing reduction in a degree of security due to shortness of a block length.
Encryption and decryption of information of a message is performed by partitioning a plaintext message into blocks of binary digits and by further partitioning said blocks into subblocks which are interpreted as elements in a Galois-field. A plaintext matrix (M) of said elements is multiplied by a first key matrix (A) of a group over said Galois-field, the resulting product M.multidot.A) being multiplied by a second key matrix (B) of the same group over said Galois-field. The final product (B.multidot.M.multidot.A) thus received constitutes the encrypted message block (K). Decryption is performed by multiplying the transmitted product (B.multidot.M.multidot.A) by inverse key matrices (A.sup.-1, B.sup.-1) generated by the same keys (a, b) as used for decryption and taken in the proper order. (FIG. 2)
