Browse Prior Art Database

Method for Multiple Encryption using N Data Encryption Standard Keys

IP.com Disclosure Number: IPCOM000116388D
Original Publication Date: 1995-Sep-01
Included in the Prior Art Database: 2005-Mar-30
Document File: 2 page(s) / 75K

Publishing Venue

IBM

Related People

Johnson, DB: AUTHOR [+2]

Abstract

Disclosed is a method of combining an arbitrary number of symmetric algorithm keys, for example, Data Encryption Standard (DES) keys, in a computer, using a multiple encryption technique to decrease the feasibility of key exhaustion.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Method for Multiple Encryption using N Data Encryption Standard Keys

      Disclosed is a method of combining an arbitrary number of
symmetric algorithm keys, for example, Data Encryption Standard (DES)
keys, in a computer, using a multiple encryption technique to
decrease the feasibility of key exhaustion.

      The Data Encryption Standard (DES) is the most used commercial
cryptographic algorithm in the world.  A DES key has 56 bits used to
determine the cryptographic transformation.  With the increase in
computational power and decrease in cost of computation, the ability
to exhaust all DES key possibilities is becoming more feasible.  This
article describes a simple method of combining multiple DES keys to
make key exhaustion less feasible.

      The method is as follows:  Create a set of N DES keys and add
to this set a 64-bit counter, initialized to binary zeros.  Call this
the Key-Set.  Key 1 in the Key-Set is called Key-Set-Key1, Key 2 in
the Key-Set is called Key-Set-Key2, and so forth, and the counter is
called Key-Set-Counter.

      For a given encryption, the inputs are the Key-Set, the text
length, and the clear text.  The outputs are a 64-bit text-counter
and the encrypted text.  The text-counter and the encrypted text are
sent to the receiver, who does the decryption.

      For a given decryption, the inputs are the Key-Set, the text
length, the text-counter, and the encrypted text.  The output is the
cleartext.

The multiple encryption algorithm is as follows:
  1.  Determine how many 64-bit blocks of text are to be encrypted by
       dividing the text length by 64 and adding 1 to the result if
       there is any remainder.  Call this result block-number.
  2.  If Key-Set-Counter + block-number overflows 64 bits, abort the
       request, a different Key-Set must be used.  (In practise, this
       condition should often be rare and may be omitted if it is
       determined that it will not occur.)
  3.  Do I = 1 to block-number by 1
     a.  String(I) := DES-Encrypt(Key-Set-Key1, Key-Set-Counter + I)
XOR
                      DES-Encrypt(Key-Set-Key2, Key-Set-Counter + I)
XOR
        ...