ZK-Crypt – Crypto Engines for a Long Secure Future
The ZK-Crypt engines are compact hardware modules which can be used in SOC designs to efficiently encrypt, decrypt and authenticate clear and cipher text; or spawn unpredictable on-line provable true random numbers.
The triple function ZK-Crypt configurable engines are designed to operate at from 0.5 to 200MHz; where an engine processes 32 bits on every clock cycle.
The ZK-Crypt engine and protocol have achieved highest marks in the most rigorous crypto-tests: NIST, Maurer, DieHard, Repeated Word, Binary Differentials, Distinguishing & Impossible Features, and demonstrate immunity to Differential and other known Cryptanalytic attack strategies. ZK-Crypt's mathematical complexity precludes attacks on future quantum or conventional computation platforms.
Compare to Industry Standards:
AES family
- at least x2.5 faster and far stronger
- about 1/20 AES's μWatt/sec per processed bit
- multipermutation vs. Feistal-like architecture
- ZK-Crypt is inherently immune to algebraic attacks
- ZK-Crypt replaces costly & non AIS 31 compliant RNGs
NIST HMAC Compliance - ZK-ENMAC is Best
- ZK-Crypt efficently performs NIST HMAC FIPS 198 and 198a authentication.
- ZK-ENMAC protocol operating on encrypted data is stronger and more efficient.
- Patents on Architecture, Orthogonal Feedback and Random and Deterministic Noise Generator
ZK-Crypt Highlights:
- Hybrid non-Linear Filters Maximize Diffusion
- Multipermutation with only 9.5 K gates
- Portable– using the same block for Servers & Smart Cards
- Highly Diffusive-1 bit Affects 144 bits
- Inherent Side Channel Attack (DPA) Immunity
- Hi-throughput: 5 Giga bit/sec @ 160 MHz
- ZK-ENMAC-Fastest Robust Authenticator
- AIS 31 All Digital True Noise Generator
- Fastest Strongest Password Authentication
- Precludes Message Modification
ZK-Crypt Target Applications:
- Secure Wireless and Mobile Comms
- Fast Secure Communication and emerging 10 Gb/s Protocols, e.g. EPON and GBE
- True Random Number Generation for Crypto, CPU simulators and SED generators
- Secure download of content from anywhere using FTP, HTTPS, VPN
- De/Encrypts mass storage of video and multimedia broadband on the fly (e.g. for Pay TV)
- Personal portable storage - USB Memory Stick, Unsecured Hard Drives, Smart Cards
- Secured Boot - Servers, Home PCs, Embedded Systems & Military apps
- Tamper Proof Automotive Controllers
ZK-Crypt Multipermutation Architecture
The Register Bank- a Leak-Proof Secret Vault consists of 4 pairs of concatenated unique pseudoLinear Feedback Shift Registers- nLFSRs in 4 tiers. FSRs and tiers are clocked and permutation controlled by the Random Controller, and fed dense and LFSR feedbacks. Tiers are filtered and non-linear combined to output a 32 bit word to the Data Churn.
The Data Churn- 8 Layers of Multipermutation consists of tiers of hybrid linear/non-linear combiners with memory, and 2 four rule displacement matrices. The Data Churn inputs two versions of the Lower Feedback and outputs five uncorrelated 32 bit words to the Result/Dual Feedback Processor. The stand alone Churn possesses intractable Algebraic Complexity.
Result/Feedback Processor- Precludes Fraud consists of one Result and 2 Feedback Registers with random logic to generate two dense orthogonal Feedback streams, provably precluding hostile Message modification.
Random Controller- Multiplepermutation deterministically and randomly regulates clocks and permutations in the Register Bank and Churn.
Configurations: Used in tandem, twin engines simultaneously encrypt/decrypt input data whilst authenticating same input data and validating the source of said data.
With concatenated engine configuration, twin engines work on a 64 bit bus, robustly granting doubled speed with 'better than military' cryptocomplexity with same low per-processed-bit current consumption.
The all-digital AIS 31 Noise Generator breeds hi-entropy true random permuting signals thousands of times faster than expensive mixed signal analog noise sources.
ZK-Crypt Block Diagram
| SOC |
System on a Chip - especially important for embedded applications where engine and secret keys are securely sequestered. |
| RNG |
(TRNG=True) Random Number Generator - a generator of unpredictable numbers for TRNGs, see werner.schindler@bsi.bund.de |
| NIST |
National Institute of Standards and Technology - the leader in cryptographic standardisation, see http://csrc.nist.gov/ |
| AES |
Advanced Encryption Standard - latest NIST approved block cipher - replaces DES, see http://csrc.nist.gov/ |
| HMAC |
Hash Message Authentication Code - generally the NIST protocol for Secret Key Hashing, see http://csrc.nist.gov/ |
| DPA |
Differential Power Analysis - learning secret sequences and variables by monitoring Vcc. Name invented by Cryptography Research, CRI |
| FIPS |
Federal Information Processing Standards - the HMAC is the FIPS 198 & 198a protocol. See http://csrc.nist.gov/publications
|
| AIS 31 |
BIS's (German Secured Standards Institute) standard for provable on-line testing noise sources, see http://www.bsi.de/ |
|
Print Version
Send to a friend