ADDRESS-DEPENDENT KEY GENERATION WITH A SUBSTITUTION-PERMUTATION NETWORK

摘要

A method of providing security in a computer system includes producing an initial block of data from a respective address of a memory location. An updated block of data may be calculated for each round of a plurality of rounds in a substitution-permutation network. This may include mixing an input block through a substitution layer including a plurality of substitution boxes, and a linear transformation layer including a permutation, to produce the updated block, before or after which respectively the input block or updated block may be mixed with a round key. The input block may be the initial block for the first round, and the updated block for an immediately preceding round for each round thereafter. A block of ciphertext may be produced with a key composed of the updated block for the last round, and the block of ciphertext may be written at the memory location.

主权项

1. A system for providing security in a computer system, the system comprising one or more logic circuits configured to at least:
produce an initial block of data from a respective address of a memory location in a memory, and a data version value that is updated with each write operation at the memory location having the respective address; generate a key from the initial block of data, including the one or more logic circuits being configured to calculate an updated block of data for each round of a plurality of rounds in a substitution-permutation network, including being configured to mix an input block of data through a substitution layer including a plurality of substitution boxes, and a linear transformation layer including a permutation, to produce the updated block of data, the input block of data or updated block of data being mixed with a round key respectively before the substitution layer or after the linear transformation layer, wherein the input block of data is the initial block of data for a first of the plurality of rounds, and the updated block of data for an immediately preceding round for each round thereafter, and the key is composed of the updated block of data for a last of the plurality of rounds; produce a block of ciphertext with the key; and perform a write operation to write the block of ciphertext at the memory location having the respective address, wherein the memory includes a window of memory locations each memory location of which stores a respective block of ciphertext produced with a respective key, and the respective key changes from memory location to memory location, and depends on the data version value and thereby changes with each write operation at each memory location.