Browse Prior Art Database

Strong Cryptographic Coupling of the Leftmost and Rightmost 64 Bits of a Cryptographic Key

IP.com Disclosure Number: IPCOM000108341D
Original Publication Date: 1992-May-01
Included in the Prior Art Database: 2005-Mar-22
Document File: 4 page(s) / 182K

Publishing Venue

IBM

Related People

Matyas, SM: AUTHOR

Abstract

This article describes a scheme for cryptographically coupling the leftmost and rightmost 64-bit parts of a 128-bit cryptographic key. Key management designs based on the Data Encryption Algorithm (DEA) (1) commonly use (a) 128-key key-encrypting keys to encrypt all keys transmitted from one cryptographic device to another and (b) 128-bit master keys to encrypt all keys stored locally in a cryptographic key data set, or key storage. The key encryption algorithm directly encrypts 64-bit keys and separately encrypts the leftmost and rightmost 64-bit parts of 128-bit keys.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 40% of the total text.

Strong Cryptographic Coupling of the Leftmost and Rightmost 64 Bits of a Cryptographic Key

       This article describes a scheme for cryptographically
coupling the leftmost and rightmost 64-bit parts of a 128-bit
cryptographic key.  Key management designs based on the Data
Encryption Algorithm (DEA) (1) commonly use (a) 128-key
key-encrypting keys to encrypt all keys transmitted from one
cryptographic device to another and (b) 128-bit master keys to
encrypt all keys stored locally in a cryptographic key data set, or
key storage.  The key encryption algorithm directly encrypts 64-bit
keys and separately encrypts the leftmost and rightmost 64-bit parts
of 128-bit keys.

      In a key management design, cryptographic security often
depends on cryptographically separating 64-bit keys from 128-bit keys
and, in the case of 128-bit keys, cryptographically separating the
leftmost 64-bit parts from the rightmost 64-bit parts of these keys.
It is likewise advantageous to cryptographically couple the leftmost
and rightmost 64-bit parts of each key so that the leftmost part of
one key cannot be mixed and used with the rightmost part of another
key.  In this case, an adversary cannot attack one part of one key by
mixing it with another part of another (possibly already compromised)
key.  The method of cryptographic coupling described in this article
is such that if one 64-bit part of a key (either the leftmost or
rightmost part), say, Ki, is discovered or becomes known to an
adversary, it cannot be used beneficially to cryptanalyze a 64-bit
part of any other key Kj (either the leftmost or rightmost part).

      Fig. 1 illustrates a cryptographic system consisting of a
cryptographic facility (CF) 1 with a cryptographic instruction
execution unit 2 capable of executing a set of cryptographic
instructions, a key storage 3, a cryptographic facility access
program (CFAP) 4, and application programs (APPLs) 5.  CF 1 has a
master key register 6 for storage of a system master key (KM)
consisting of 64-bit leftmost part (KML) and a 64-bit rightmost part
(KMR).  A hand-held key-entry device 8 that attaches to front panel 7
permits cryptographic variables, such as the master key, to be
manually loaded into the CF.  All keys except the master key are
stored outside the cryptographic facility, in key storage 3,
encrypted with the master key or with a variant-key derived from the
master key.

      A common method for encrypting a 128-bit key K = (KL,KR) with a
128-bit master key KM is to make use of the key encryption algorithm
described in ANSI Standard X9.17 (2).  This key encryption algorithm
separately encrypts KL and KR, as shown below:
Encrypted   Left Part   e*KM(KL)   Encrypted   Right   Part e*KM(KR)

      The asterisk ('*') denotes encryption with a 128-bit key.  The
particular method of encryption with KM is unimportant to the
discussion of cryptographic coupling that follows.

      As one sees, the above me...