Search

US-20260129032-A1 - FAULT TOLERANT CIPHER PROCESSING UTILIZING CRYPTOGRAPHIC CONTROLS

US20260129032A1US 20260129032 A1US20260129032 A1US 20260129032A1US-20260129032-A1

Abstract

A system may include a first cipher engine, a second cipher engine, and a plaintext compare engine, wherein the first cipher engine, the second cipher engine, and the plaintext compare engine are configured to receive copies of an outbound data packet, wherein the first cipher engine and the second cipher engine are configured to encrypt the outbound data packet via at least one security policy, generating a first ciphertext data packet and a second ciphertext data packet. The system may include a set of first random number generators (RNGs) configured to generate a set of one-time pads. The system may include a set of front-end logic gates configured to encrypt the first ciphertext data packet according to the set of one-time pads. A system may include a hold register and a set of back-end logic gates configured to decrypt the first ciphertext data according to the set of one-time-pads.

Inventors

  • Reginald D. Bean
  • Joseph T. Constant

Assignees

  • ROCKWELL COLLINS, INC.

Dates

Publication Date
20260507
Application Date
20250930

Claims (20)

  1. 1 . A fault tolerant cryptographic control system, comprising: a first cipher engine, a second cipher engine, and a plaintext compare engine, wherein the first cipher engine, the second cipher engine, and the plaintext compare engine are configured to receive copies of an outbound data packet, wherein the first cipher engine and the second cipher engine are configured to encrypt the outbound data packet via at least one security policy, generating a first ciphertext data packet and a second ciphertext data packet; a first random number generator (RNG) configured to generate a first one-time pad; a second RNG configured to generate at least one second one-time pad; a third RNG configured to generate a third one-time pad; a first front-end logic gate configured to encrypt the first ciphertext data packet according to the first one-time pad; a second front-end logic gate configured to double encrypt the first ciphertext data packet according to the at least one second one-time pad; a third front-end logic gate configured to triple encrypt the first ciphertext data packet according to an at least one third one-time pad; and a hold register configured to store at least one third encrypted ciphertext data packet.
  2. 2 . The fault tolerant cryptographic control system of claim 1 , wherein the first ciphertext data packet and the second ciphertext data packet are inspected via a first compare engine according to the at least one security policy, wherein the first ciphertext data packet and the second ciphertext data packet are inspected via an second compare engine according to the at least one security policy, wherein the outbound data packet and the second ciphertext data packet are inspected by the plaintext compare engine, wherein a successful comparison of the first ciphertext data packet and the second ciphertext data packet by the first compare engine is indicated by 1) transmitting a first release signal to the hold register and 2) transmitting the first one-time pad to a first back-end logic gate, wherein successful comparison of the first ciphertext data packet and the second ciphertext data packet by the second compare engine is indicated by 1) transmitting at least one second release signal to the hold register and 2) transmitting the at least one second one-time pad to a second back-end logic gate, wherein a successful comparison of the outbound data packet and the second ciphertext data packet by the plaintext compare engine is indicated by; 1) transmitting at least one third release signal to the hold register and 2) transmitting the at least one third one-time pad to at least one third back-end logic gate, wherein the hold register is configured to release the at least one third encrypted ciphertext data packet to the first back-end logic gate when the hold register has received the first release signal, the at least one second release signal, and the at least one third release signal.
  3. 3 . The fault tolerant cryptographic control system of claim 2 , further comprising: the first back-end logic gate, wherein the first back-end logic gate is configured to partially decrypt the at least one third encrypted ciphertext data packet according to the first one-time pad; the second back-end logic gate, wherein the second back-end logic gate is configured to partially decrypt the double encrypted ciphertext data packet according to the at least one second one-time pad; and the third back-end logic gate, wherein the third back-end logic gate is configured to fully decrypt the partially decrypted ciphertext data packet according to the third one-time pad.
  4. 4 . The fault tolerant cryptographic control system of claim 3 , wherein the first front-end logic gate, the at least one second front-end logic gate, the first back-end logic gate, and the at least one second back-end logic gate include at least one bitwise exclusive-or (XOR) logic gate.
  5. 5 . The fault tolerant cryptographic control system of claim 3 , wherein a fault of the first cipher engine prevents the first cipher engine from generating a first ciphertext data packet, wherein preventing the first cipher engine from generating a first ciphertext data packet causes the first compare engine and the second compare engine to halt operation and prevents the first ciphertext data packet from being released from the hold register.
  6. 6 . The fault tolerant cryptographic control system of claim 3 , wherein a fault of the first cipher engine prevents the second cipher engine from generating a second ciphertext data packet, wherein preventing the second cipher engine from generating a second ciphertext data packet causes the first compare engine and the second compare engine to halt operation and prevents the first ciphertext data packet from being released from the hold register.
  7. 7 . The fault tolerant cryptographic control system of claim 3 , wherein a fault one or more RNGs causes a generation of poor quality random numbers, wherein the generation of poor quality random numbers does not prevent encryption of the generating a first ciphertext data packet by the first cipher engine, and does not prevent the first ciphertext data packet from being received by a ciphertext output port.
  8. 8 . The fault tolerant cryptographic control system of claim 3 , wherein a fault in the first compare engine causes a mis-comparison between the first ciphertext data packet and the second first ciphertext data packet, wherein a mis-comparison between the first ciphertext data packet and the second first ciphertext data packet prevents the first ciphertext data packet from being released from the hold register.
  9. 9 . The fault tolerant cryptographic control system of claim 3 , wherein a fault in the second compare engine causes a mis-comparison between the first ciphertext data packet and the second first ciphertext data packet, wherein a mis-comparison between the first ciphertext data packet and the second first ciphertext data packet prevents the first ciphertext data packet from being released from the hold register.
  10. 10 . The fault tolerant cryptographic control system of claim 3 , wherein a fault in the hold register causes a premature release of first ciphertext data packet, wherein a premature release of the first ciphertext data packet causes first ciphertext data packets received by a ciphertext output port that are encrypted by the first cipher engine.
  11. 11 . The fault tolerant cryptographic control system of claim 3 , wherein a fault in one or more logic gates causes the first ciphertext data packets received by a ciphertext output port that are encrypted by the first cipher engine.
  12. 12 . The fault tolerant cryptographic control system of claim 3 , wherein a failure of both the first cipher engine and the second cipher engine causes the plaintext compare engine to halt operation, causing the plaintext compare engine to halt operation prevents the first ciphertext data packet from being released from the hold register.
  13. 13 . The fault tolerant cryptographic control system of claim 3 , wherein upon a failure of at least two of the first compare engine, the second compare engine, and the plaintext compare engine prevents the first ciphertext data packet from being released from the hold register.
  14. 14 . The fault tolerant cryptographic control system of claim 3 , wherein a fault of 1) the first cipher engine or the second cipher engine and 2) one or more of the first compare engine, the second compare engine, and the plaintext compare engine prevents the first ciphertext data packet from being released from the hold register.
  15. 15 . A method for cross-domain comparison with fault tolerant cryptographic control comprising: transmitting copies of an outbound data packet from a first domain to a first cipher engine, a second cipher engine, and a plaintext compare engine; encrypting the outbound data packet via the first cipher engine, the encryption creating a first ciphertext data packet; encrypting the outbound data packet via the second cipher engine, the encryption creating a second ciphertext data packet; generating a first one-time pad via a first random number generator (RNG); transmitting the first one-time pad to a first front-end logic gate and a first compare engine; generating at least one second one-time pad via at least one second RNG; transmitting the at least one second one-time pad to at least one second front-end logic gate and at least one second compare engine; generating a third one-time-pad via one third RNG; transmitting the third one-time-pad to a third-front end logic gate and plaintext compare engine; single encrypting the first ciphertext data packet via the first front-end logic gate according to the first one-time pad; double encrypting the first ciphertext data packet via the at least one second front-end logic gate according to the at least one second one-time pad; triple encrypting the first ciphertext data packet via at least one third front-end logic gate according to an at least one third one-time pad; storing the at least one third encrypted ciphertext data packet within a hold register; comparing, via the first compare engine the first ciphertext data packet and the second ciphertext data packet according to at least one security policy; comparing, via the at least one second compare engine, the first ciphertext data packet and the second ciphertext data packet according to the at least one security policy; comparing, via the plaintext compare engine, the outbound data packet and the second ciphertext data packet; indicating a successful comparison of the first ciphertext data packet and the second ciphertext data packet by the first compare engine by 1) transmitting a first release signal to the hold register and 2) transmitting the first one-time pad to a first back-end logic gate; indicating a successful comparison of the first ciphertext data packet and the second ciphertext data packet by the at least one second compare engine by 1) transmitting at least one second release signal to the hold register and 2) transmitting the at least one second one-time pad to the at least one second back-end logic gate; indicating a successful comparison of the outbound data packet and the second ciphertext data packet by the plaintext compare engine by; 1) transmitting at least one third release signal to the hold register and 2) transmitting the at least one third one-time pad to at least one third back-end logic gate; when the hold register has received the first release signal, the at least one second release signal, and the at least one third release signal, releasing the at least one third encrypted ciphertext data packet to the first back-end logic gate; partially decrypting the at least one third encrypted ciphertext data packet via the first back-end logic gate according to the first one-time pad; partially decrypting the at least one double encrypted ciphertext data packet via the second back-end logic gate according to the second one-time pad; fully decrypting the at least one partially decrypted ciphertext data packet via the at least one third back-end logic gate according to the at least one third one-time pad; and transmitting from the at least one third back-end logic gate the at least one fully decrypted ciphertext data packet.
  16. 16 . The method of claim 15 , wherein the first front-end logic gate, the at least one second front-end logic gate, the first back-end logic gate, and the at least one second back-end logic gate include at least one bitwise exclusive-or (XOR) logic gate.
  17. 17 . The method of claim 15 , wherein a fault of the first cipher engine prevents the first cipher engine from generating a first ciphertext data packet, wherein preventing the first cipher engine from generating a first ciphertext data packet causes the first compare engine and the second compare engine to halt operation and prevents the first ciphertext data packet from being released from the hold register.
  18. 18 . The method of claim 15 , wherein a fault of the first cipher engine prevents the second cipher engine from generating a second ciphertext data packet, wherein preventing the second cipher engine from generating a second ciphertext data packet causes the first compare engine and the second compare engine to halt operation and prevents the first ciphertext data packet from being released from the hold register.
  19. 19 . The method of claim 16 , wherein a fault in the first compare engine causes a mis-comparison between the first ciphertext data packet and the second first ciphertext data packet, wherein a mis-comparison between the first ciphertext data packet and the second first ciphertext data packet prevents the first ciphertext data packet from being released from the hold register.
  20. 20 . The method of claim 16 , wherein a successful comparison of a plaintext input data packet to the second ciphertext data packet is a determination that the plaintext input data packet and the second ciphertext data packet are not equal.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS The present application claims the benefit of U.S. Provisional Patent Application No. 63/715,978 filed Nov. 4, 2024, titled “FAULT TOLERANT CIPHER PROCESSING UTILIZING CRYPTOGRAPHIC CONTROLS”, which is incorporated herein by reference in the entirety. TECHNICAL FIELD The subject matter disclosed by the instant application is directed generally to cryptographic systems and more particularly to the fault-tolerant cryptographic systems. BACKGROUND Traditional cipher engines that perform encryption and decryption for communication systems are susceptible to single faults that can cause the cipher engine to leak information. A leak occurs when plaintext information inadvertently arrives at the cipher text output of the cipher engine, resulting in the release of information that should have been encrypted but was not. Therefore, there is a need for systems and methods to prevent the release of non-encrypted information when a fault occurs. SUMMARY In some embodiments, the techniques described herein relate to a fault tolerant cryptographic control system, including: a first cipher engine, a second cipher engine, and a plaintext compare engine, wherein the first cipher engine, the second cipher engine, and the plaintext compare engine are configured to receive copies of an outbound data packet, wherein the first cipher engine and the second cipher engine are configured to encrypt the outbound data packet via at least one security policy, generating a first ciphertext data packet and a second ciphertext data packet; a first random number generator (RNG) configured to generate a first one-time pad; a second RNG configured to generate at least one second one-time pad; a third RNG configured to generate a third one-time pad; a first front-end logic gate configured to encrypt the first ciphertext data packet according to the first one-time pad; a second front-end logic gate configured to double encrypt the first ciphertext data packet according to the at least one second one-time pad; a third front-end logic gate configured to triple encrypt the first ciphertext data packet according to an at least one third one-time pad; and a hold register configured to store at least one third encrypted ciphertext data packet. In some embodiments, the techniques described herein relate to a fault tolerant cryptographic control system, wherein the first ciphertext data packet and the second ciphertext data packet are inspected via a first compare engine according to the at least one security policy, wherein the first ciphertext data packet and the second ciphertext data packet are inspected via an second compare engine according to the at least one security policy, wherein the outbound data packet and the second ciphertext data packet are inspected by the plaintext compare engine, wherein a successful comparison of the first ciphertext data packet and the second ciphertext data packet by the first compare engine is indicated by 1) transmitting a first release signal to the hold register and 2) transmitting the first one-time pad to a first back-end logic gate, wherein successful comparison of the first ciphertext data packet and the second ciphertext data packet by the second compare engine is indicated by 1) transmitting at least one second release signal to the hold register and 2) transmitting the at least one second one-time pad to a second back-end logic gate, wherein a successful comparison of the outbound data packet and the second ciphertext data packet by the plaintext compare engine is indicated by; 1) transmitting at least one third release signal to the hold register and 2) transmitting the at least one third one-time pad to at least one third back-end logic gate, wherein the hold register is configured to release the at least one third encrypted ciphertext data packet to the first back-end logic gate when the hold register has received the first release signal, the at least one second release signal, and the at least one third release signal. In some embodiments, the techniques described herein relate to a fault tolerant cryptographic control system, further including: the first back-end logic gate, wherein the first back-end logic gate is configured to partially decrypt the at least one third encrypted ciphertext data packet according to the first one-time pad; the second back-end logic gate, wherein the second back-end logic gate is configured to partially decrypt the double encrypted ciphertext data packet according to the at least one second one-time pad; and the third back-end logic gate, wherein the third back-end logic gate is configured to fully decrypt the partially decrypted ciphertext data packet according to the third one-time pad. In some embodiments, the techniques described herein relate to a fault tolerant cryptographic control system, wherein the first front-end logic gate, the at least one second front-end logic gate, the first back-end logic gate, and the at leas