Improve LFSR-Based Encryption With An Extra Layer Of Protection
Encryption coding schemes for asynchronous data used in message/speech communication systems typically employ an LFSR-based (linear feedback shift register) design. Such a design creates a single minimal polynomial pseudorandom bit sequence (PRBS) code. The state of the shift registers periodically changes according to another algorithm called the keying algorithm. To enhance security, the keying algorithm is changed periodically (say, every six months), depending on the algorithm’s crack resistivity.
If designers could use a random code with a repetition period approximating infinity, the crack resistivity would increase tremendously. The approach described here provides a simple way to achieve performance nearly that of a random code for encryption. Furthermore, it can be implemented using the well-known LSFR-based system.
In a conventional LFSR-based encryptor, the clock used to run the shift registers and the keying algorithm generator is the same as that used by or recovered from the incoming data (Fig. 1). The incoming data is XORed (Exclusive ORed) with the output from the last shift register in the main algorithm generator. The keying algorithm generator only resets the keys of the shift registers periodically in synchronicity with the main algorithm. The encryptor’s final data output is transmitted to the intended receiver, which has the same hardware as used in the transmitter. In the receiver, the initialization of the shift register and the keying algorithm generator is accomplished using the start signal from the transmitter.
The major factor in creating an encryption code is its pseudorandomness. That is, although it’s large, the code has a finite number of bits, after which it repeats from the beginning. The scheme described here simulates the increase of this repetition period to the point where, for all practical purposes, the code is random.
While the scheme can be developed using any number of different algorithms, for clarity it’s explained here using five algorithms, each with its own keying algorithm—that is, Alg1/ K1 through Alg5/K5—with only one in use at a particular instant (Fig. 2). The difference between the conventional technique and this coding is that the algorithms’ sequence changes in a random way from one period to the next (Fig. 2, again). Depending on the number of algorithms used and their arrangement, the repetition of the complete encryption code can approximate a true random bit pattern.
Considering the example of five algorithms and five different keys corresponding to each, simple mathematics shows that the crack resistivity for such patterns can be 55 times the crack resistivity of a single code, assuming that all of the codes individually have the same crack resistivity. Depending on the system’s requirements, the arrangement of concatenation can be any serialization of the five algorithms, with the maximum length of the period being 55 – 1, i.e., 3124.
Figure 3 shows a block diagram of the transmission side of this enhanced coding scheme. The clock is derived from the incoming data to maintain phase synchronization between the encryption code and the data. Each code generator’s output is fed to the multiplexer input port that corresponds to the algorithm’s position in the encryption code. The control port is also a code generator but with a parallel output connected to the multiplexer’s input control port.
Initially, all five algorithm generators work at the same clock rate—the clock frequency. The control code generator selects the sequence of the positions of various code patterns. As soon as the system is ready for transmission of data, the Tx Ready signal is applied. This initializes all registers and the keying generator at its initial code setting, so that the code starts immediately from period 1, as in Figure 2. The duration of stay at any Alg i is determined by the time the multiplexer stays at a particular place.
The structure of the algorithm generator and keying generator on the receive side is similar to that on the transmitter side (Fig. 4; the clock is derived from the received data similar to the Tx side, but not shown in the figure). But on the receive side, the initializing signal to set the shift registers at their initial setting in synchronization with the transmitter side is a Data Ready pulse received from the signaling channel to indicate the start of the data.
The control signal from the demultiplexer selects the algorithm corresponding to the time slot of the encryption code. The incoming data is XORed in the XOR gate and then ANDed with the timing pulse corresponding to the location of the appropriate algorithm to regenerate the transmitted data.
A unique advantage of this approach is that after getting the start signal, all of the algorithm generators perform independently. Their selection by the control code (which, depending on the system’s requirements, can be an algorithm different from the main algorithms) has no bearing on the algorithm’s periodicity. Looking at Figure 2, this means that in frame period 1 and period Y, the bit patterns within any algorithm, say Alg i, will not be same for any specific Alg i. If planned properly in the selection of encryption algorithms, this feature will provide near true randomness in the data pattern, thus increasing the crack resistivity significantly.