32.jpg)
56.jpg)
SECURE KEY AGREEMENT WITH UNTRUSTED PARTIES
US2021385079, EP3709563, WO2019092299, CN111566990A
UK3709563T3, FR3709563T3, EP18849475SW, EP18849475GE
Traditional key generation methods in a noisy network often assume trusted devices and are thus vulnerable to many attacks including covert channels. The present invention differs from previous key generation schemes in that it presents a mechanism which allows secure key generation with untrusted devices in a noisy network with a prescribed access structure. Patent granted and validated in UK, France, Switzerland and Germany.
- The problems encountered in the prior art are solved or circumvented, and technical advantages are typically obtained, by providing a method and system whereby two or more cryptographic stations generate a shared secure key within a prescribed access structure, in the presence of a noisy channel in a network and possibly untrusted components within one or more cryptographic stations. <br> - The invention provides security in the presence of both untrusted key generation units and untrusted classical post-processing units. <br> - Our invention may be used to prevent attacks exploiting covert channels, and protect against the presence of Trojans in both hardware and software. In this way, the security of the generated key does not depend on any assumptions about the computational capability of the potential attacker. <br> - The solution can provide information-theoretic security for the generated key, which can consequently be used to achieve communication and authentication with unconditional security. <br> - The key can subsequently be used to achieve unconditionally secure data communications and authentication. <br>
In a first aspect, the present invention proposes a method for secure cryptographic keys generation in the presence of untrusted units in a cryptographic system. The system comprising a first and a second cryptographic stations (A,B) where each cryptographic station comprises n raw data generation units, KGUAi, KGUBi with i=1, 2, …, n, where n>1, and at least one post-processing unit CLPUA CLPUB. <p>
Figure 3 shows a schematic block diagram of a secure key generation procedure according to one embodiment of the invention, in a scenario where at least one key generation unit KGU, is untrusted. <p>
Figure 4 shows a schematic block diagram of a secure key generation procedure according to one embodiment of the invention, in a scenario where at least one key classical processing unit untrusted. <p>
Figure 6 shows a schematic block diagram of a secure key generation procedure according to an embodiment of the invention, in a scenario where each cryptographic station contains more than one key generation unit, KGU, and more than one classical post-processing unit, CLPU.