A HARDWARE-FRIENDLY ENCRYPTION SCHEME - GENERAL OUTLINE

The motivation behind inventing this scheme was spelled out in my March 8th
post to alt.privacy.clipper, which said that the interests of individual
freedom would be advanced by the free distribution of any secure encryption
scheme that was easy and cheap to implement in hardware. This is an attempt
to come up with a hardware-friendly scheme of this sort.

This scheme is based on a large and complex finite state machine. I haven't
got any serious background in cryptanalysis and therefore haven't been able
to test its security in a serious way. I suspect it will be fairly hard to
break. The design will be very easy to implement in digital logic. It uses a
shared secret key of arbitrary length. The preferred implementation would
probably be with a single programmable logic device, such as a Xilinx
programmable gate array. (We use them a lot where I work, and I'm fond of
them. So sue me already.)

The state machine has 100 state bits, and its transition rules are made as
random as possible. Those with experience in designing state machines know
how nasty they can be, even when they are carefully designed to be as simple
as possible. Over the course of an encryption, one byte of cleartext and one
byte from a multi-byte key are passed to the state machine as inputs. Eight
of the 100 state bits are XORed with the cleartext byte to produce a
ciphertext byte. On each byte, the state machine makes one state transition.
Any single bit in either the key or the cleartext will typically influence
about half of the state bits within eight transitions.

The program in sm.c demonstrates the basic principle. There are two
important parameters that relate to hardware implementation and therefore
bear discussion. MACHINE_SIZE is the number of bits in the state machine. I
haven't done a Xilinx design for one of these circuits yet, but 100 looks
like a good number as far as providing security while still fitting in a
reasonable-sized chip. NUM_INPUTS_PER_BIT determines how many bits influence
a single transition of any state bit, and for implementation purposes, is a
function of the fan-in available for each macrocell or logic block.
Increasing either of these parameters can reasonably be expected to increase
the security of the scheme. On that basis one might prefer Altera
programmable logic devices to Xilinx, as Altera offers much wider fan-ins,
but Altera parts work like EPROMs and require special programmers. Xilinx
parts can be loaded at power-up from a microprocessor, or load themselves
automatically from a standard EPROM.

Depending on the kind of response I get to this, I will consider making up a
real Xilinx design, and posting the configuration file for anybody who wants
to build the circuit. Whether I do this would mainly depend on whether the
scheme stands up to more thorough cryptanalysis than I can bring to bear,
and secondarily on hardware and feasibility issues.

The program sm.c was compiled under MS-DOS with Microsoft C version 6.0. The
makefile. works with Microsoft's make facility.

Please address any questions or comments to <wware@world.std.com>.

