Key Generators For Cryptographic Devices

Abstract

In a digital key generator, comprising a network of counters triggered by a clock, and feeding a logical circuit having a plurality of outputs supplying the digits of a quasi-random member, at least some of those outputs respectively feed corresponding shift-register converters whose outputs are substituted for the corresponding outputs of the logical circuit, in order to improve the quasi-random nature of the number delivered by the logical circuit.

Description

The present invention relates to key generators for cryptographic links, wherein the transmission intelligence is effected in the following way:

Each intelligence element, a latter for example, is first coded into a number I; for each of those intelligence elements, a device, known as a key generator, supplies a key C, i.e., another number, building up a one-element key, or a sequence of several numbers, each of which is an element of the key; a ciphering apparatus supplies an enciphered intelligence element I' which is a function of C and I, such that I may be recovered from C and I'. To this end, at the receiver, a key generator, identical to that of the transmitter, and synchronized therewith, supplies the key C when the ciphered intelligence element I' is received.

From this mode of operation results that the two identical key generators, starting from the same state, will supply the same sequence of keys, strictly determined by their identical structure;further, this sequence will necessarily have a given period, i.e., will repeat itself after a predetermined number of keys.

However, the secrecy requirements imply that each key should appear as "unexpected" as possible, which is expressed by saying that the key must be of a "quasi-random" nature. This involves various desired conditions, such as a very long period, within which the various numbers which can build up the key or each of the key elements appear about the same numbers of times (equiprobability of the keys).

Very complex key generators have been proposed to this end, in particular, key generators are known wherein a number, already of a quasi-random nature and which will be referred to here as a "primary number," is first elaborated; the primary number is thereafter again handled so as to increase its quasi-random character, the transformed number thus obtained, which will be referred to as a "secondary number," either building up the ultimate key C or anelement thereof, or being again handled with a view towards elaborating the key.

In the same way, it will be noted that the "primary number," as understood here, may itself result from the handling of one or more previous quasi-random numbers, and is necessarily primary only with respect to the corresponding secondary number.

The primary number also has a periodic character, the period of the corresponding secondary number of being generally much longer.

The present invention concerns more particularly key generators of the following type: they comprise a clock; a stage of counters controlled by the clock, at least some of the outputs of those counters being connected to the inputs of a logical circuit, which, generally, does not include any memory device; the outputs of the logical circuit respectively supply the n digits of a quasi-random number, which is a "primary number" as understood here.

The applicant has previously proposed to have this logical circuit followed by another circuit, comprising auxiliary counters, the outputs of which supply a corresponding "secondary number."

The present invention provides for a higher improvement of the quasi-random character of a primary number, expressed in a system whose base is b, b being a positive integer higher than 1, through the use of shift registers, and more precisely, of shaft register arrangements of the type, comprising: a shift register, each stage of which has b stable states; a modulo b adder, which will be referred to as the input adder, whose first input builds up the input of the arrangement, and whose output in connected to the input of the shift register, and a network of modulo b adders and/or other logical operators, inserted in series with the stages of the register, and/or coupled in parallel with these stages, the output of this network being coupled to the second input of the input adder. The output of the arrangement may be placed at various points thereof, and in particular at the output of the input adder.

A shift register arrangement of the hereinabove described type will be hereinafter, and in the claims, referred to as a "modulo b shift register converter."

According to the invention, there is provided a key generator for supplying a key to the enciphering apparatus of a cryptographic link, said key generator comprising: a clock; a network of counters; said counters having outputs and being controlled by said clock; a logical circuit having inputs coupled to a least some of the outputs of said counters, and n outputs, referred to as the primary outputs, for respectfully supplying the n digits of a quasi-random number, expressed in a system whose base is b; and an output circuit having outputs designed to be coupled to said enciphering apparatus, said output circuit comprising at least a converting circuit having p outputs, referred to as the secondary outputs, for converting said quasi-random number into another quasi-random number of p digits expressed in said system of base b, said p digits being respectively supplied by said p secondary outputs; n, b and p being positive integers, and b being greater than 1; wherein said converting circuit comprises q modulo b shift register converters, q being a positive integer not greater than n, said q shift registers converters having respective inputs respectively coupled to q of said n primary outputs, and each of said converters having an output building up one of said p secondary outputs.

The invention will be best understood, and other characteristics thereof will appear, from the following description and appended drawing, wherein:

FIG. 1 is the block circuit of one embodiment of a key generator according to the invention; and

FIGS. 2, 3, and 4 are various embodiments of the shift register converters of the circuit of FIG. 1.

FIG. 5 shows a detailed embodiment of the counters and logical circuit stages of the block circuit of FIG. 1.

In the Figures, the same reference numbers are used to designate the same elements.

The invention will be described, in a non-limitative way, in the case of a key generator operating in a parallel binary code.

In FIG. 1, a clock 2 has an output connected to a circuit 1 comprising a plurality of counters, whose maximal counts differ between them, these counters being controlled by the signals supplied by clock 2 for each step thereof. The N outputs of circuit 1 are respectively connected to the N inputs of a logical circuit 3, comprising elements such as decoders, permutators, coders and gate, this logical circuit having n outputs 7.

For each step of the clock, N binary digits appear respectively on the N outputs of circuit 1, and as a consequence n binary digits also appear on the n outputs 7 respectively; these n binary digits, each of which has a quasi-random character, build up a quasi-random binary number, which is the primary number considered here, the n outputs 7 being the primary outputs.

The assembly built up by the circuits 1 and 3 may for example comprise the parts 1 to 4 and 10 to 33 of the circuit shown in FIG. 2 of U.S. Pat. No. 3,250,855, the primary outputs being the outputs of the gates 19 to 21, 23 to 25, 29 to 31 and 31 to 33 of this figure; or else may be as illustrated in FIG. 1 of the French Addition Patent No. 79,634 the primary terminals being then the outputs of the circuit of this last mentioned figure.

FIG. 5 corresponds to the latter example. Block 1 of FIG. 1 is formed by three binary counters 102 to 104, having inputs feed in parallel by an output of clock 2, and the respective maximum counts of which are 61, 59 and 31. A circuit 105, which is a decoding-permutating-coding circuits, i.e. includes a decoder followed by a permutator itself followed by a coder, the latter coding again in a binary system the permutated decoded signal delivered by the permutator, has four inputs, three of which are respectively connected to one output of each of the counters. Two further outputs of counters 102, and a further output of each one of the counters 103 and 104 are unconnected. The remaining outputs of the three counters are connected to 10 inputs of a permutator 106 having 16 inputs and 16 outputs, the other 6 inputs of the permutator being connected to 6 outputs thereof by respective feedback loops, this sextuple connection being shown in the drawing by a single loop with an arrow. Two of the other 10 outputs of permutator 106, are unconnected, one feeds the fourth input of circuit 105.

The logical circuit comprises three further decoding-permutating-coding circuits 7, 8 and 9, each having four inputs which are fed as follows:

As concerns circuits 109 and 108, two of their inputs are fed by two outputs of permutator 106, one by an output of circuit 105, and one by an output of circuit 107, the other two outputs of which are unconnected.

Three of the inputs of circuit 107 are fed by permutator 106, and one by circuit 105, the last output of which is unconnected.

Finally, a permutator 110 with 16 inputs and 16 outputs has eight of its outputs connected to eight of its inputs by respective feedback loops, this being again shown by a single loop with an arrow, the remaining eight inputs being connected to the four outputs of circuit 108 and to the four outputs of circuit 109, while the remaining eight outputs of permutator 110 are the outputs of the logical circuit 3 of FIG. 1.

The permutators of the circuit are adjustable permutators whose internal connections determining a one-to-one correspondency between the inputs and the outputs thereof may thus be changed from time to time, according to a given program.

In this preferred embodiment of the invention, each output of circuit 3 is connected to the signal input of a modulo 2 shift register converter 4, having an advance input 6 connected to clock 2, and an output building up one secondary output, and also one of the outputs of the key generator.

The output signals of the circuit 3 are applied to the inputs of the converters 4, and cause other signals, which depend in a quasi-random way on the corresponding digits of the primary number, to be displayed on the outputs of the converters.

FIG. 2 shows an embodiment of the converters 4 of FIG. 1.

The converter 4 comprises a conventional shift register, having a number of stages 10, each of which has its output connected to the input of the following one. Each stage 10 has two stable states.

Modulo 2 adders, 11, are connected to give the sum S of the signals stored by a predetermined group of the stages of the register. To this end, the first one of those adders 11 receives the signals of the last two stages of this group, and each of the other adders 11 receives the output signal of the preceding adder and the signal stored by the preceding stage of the group, the output of the last adder 11 being connected to the second input 12 of another modulo 2 adder, 14, whose output is connected to the input of the first stage of the register. The first input of the "input adder" 14, which is the input of the converter, is connected to the corresponding output 7 of circuit 3. The output of the adder 14 is also connected to the output 5 building up the output of the converter.

In this Figure, the conventional connections between the various stages of the register and the advance input 6 thereof (FIG. 1) have not been shown.

The operation of the converter is as follows:

a. Assuming that the system includes only the stages 10 of the register, it is known that a digit appearing at the input thereof is stored by the input stage of the register, erasing that which it contained previously. The latter is forwarded to the next stage, and so on. Thus a digit successively goes through all the stages of the register, under the control of the advance pulses supplied by the clock 2 (FIG. 1);

b. Assuming the converter to operate in the "autonomous way," i.e., in cooperation with adders 11 and 14, but terminal 7 constantly receiving a zero signal, it is known that the period of the register, starting of course from an initial state other than "0" in each stage of the register, can, through an adequate choice of the network of adders 11 for forming the sum modulo 2, S, reach the maximal value 2.sup.K -1, where K is the number of stages in the register. Preferably, this network will be designed in this way. (To this end, the tables of appendix C of the work of W. Wesley Peterson, Error-Correcting codes, John Wiley and Sons may be used.)

c. But actually, the register will operate in a much more complicated way, due to the fact that a quasi-random digit is applied to the first input 7 of adder 4 before the apparition of each advance clock pulse.

It is thus seen that the output digit of the converter is an intricate function of the digit applied to input 7 of the converter, and of the digits previously applied thereto.

A remarkable advantage of the use of such converters in the key generator according to the invention will appear from a comparison between the conversions respectively effected on the one hand by a converter having the period P = 2.sup.K -1 (when it operates in an autonomous way) and a counter, having the same period P.

In both cases, e.sub.i will designate here, in a general way, the i.sup.th binary digit applied to the input of the converter or of the counter, and s.sub.i the i.sup.th output signal supplied by either, it being understood that, as concerns the counter, s.sub.i will be a k digit number such that 2.sup.k = P.

In the case of the counter, the r.sup.th output signal s.sub.r, will obviously always result, whatever r, from the law

But, as concerns the converter, experience indicates, and theoretical considerations confirm, that P successive output signals, s.sub.r to s.sub.r.sub.+P.sub.-1 are formed according to P different laws as a function of the corresponding input signals (considered starting from the first one) and the preceding input signals.

This fact is of course of great advantage as concerns the secrecy requirements.

It should be noted that an advantage of this kind would not obtain if a shift register with a feedback circuit, but operating in the autonomous way (in other words an apparatus such as shown in FIG. 2, but wherein the input 12 would be directly connected to the input of the shift register) were used to generate a quasi-random sequence with the period P directly.

Of course, the output digit may be picked up not only at the input of the first stage of the register, as shown in FIG. 2, but also at the input or output of any stage thereof.

Further, the key generator being provided with a plurality of converters 4, the laws according to which the output digits of each converter are formed depend upon the length of the register and the corresponding network of adders. Thus a different design may be advantageously chosen for each converter, which will make each secondary number a very intricate function of the corresponding primary number and of the preceding ones.

FIG. 3 shows another embodiment of the converter 4, wherein an adder 15 is serially inserted between two stages of the shift register.

FIG. 4 shows a third embodiment of the converter, wherein the outputs of each stage are connected to a device 16, which effects on its inputs signals a predetermined logical operation, supplying the signal S, which is added in 14 to the signal displayed on terminal 7.

It can be shown that, in this case, it is possible to devise a converter with any period up to 2.sup.K (cf "Counting with non-lineary binary feedback registers," I.E.E. Transaction on Electronic Computers, Aug. 12, 1963, p. 357).

Of course the invention is not limited to the embodiments described and shown.

In this respect is should be noted, in particular, that it may be applied to a key generator wherein the primary and secondary quasi-random numbers are generated serially, in which case a single converter is required.

On the other hand, the invention also applies if the base b of the system, in which this primary and secondary quasi-random numbers are expressed, is greater than 2. The converters should then be modulo b converters, which involves that each stage of the registers has b stable states, and that the adders or other logical operators of the converters are modulo b operators. However, for technological reasons, it is generally preferred to use a binary code.

Lastly it should be understood that the terms input or output used here for an input or output receiving or supplying a digit, of course allude to an input or an output comprising the single or several wires used to express this digit. It is known for example that an input for receiving a binary digit may be built up either by a single wire or by two wires with corresponding energization codes.

Claims

What is claimed is:

1. A key generator for supplying a key to the enciphering apparatus of a cryptographic link, said key generator comprising: a clock; a network of counters, said counters having outputs and being controlled by said clock; a logical circuit having inputs coupled to a least some of the outputs of said counters, and n outputs, referred to as the primary outputs, for respectfully supplying the n digits of a quasi-random number, expressed in a system whose base is b, and an output circuit having outputs designed to be coupled to said enciphering apparatus, said output circuit comprising at least a converting circuit having p outputs, referred to as the secondary outputs, for converting said quasi-random number into another quasi-random number of p digits expressed in said system of base b, and p digits being respectively supplied by said p secondary outputs; n, b, and p being positive integers, and b being greater than one; wherein said converting circuit comprises q modulo b shift register converters, q being a positive integer not greater than n, said q shift registers converters having respective inputs respectively coupled to q of said n primary outputs, and each of said converters having an output building up one of said p secondary outputs.

2. A key generator as claimed in claim 1, wherein b = 2.

3. A key generator as claimed in claim 1, wherein q = n = p.

4. A key generator as claimed in claim 1, wherein said q converters have different structures.

5. A key generator as claimed in claim 2, wherein the period P of each of said converters is equal to P = 2.sup.K -1, K being the number of the stages thereof.