(12) Patent Application Publication (10) Pub. No.: US 2015/0086013 A1 Metzler Et Al

US 20150.086013A1 (19) United States (12) Patent Application Publication (10) Pub. No.: US 2015/0086013 A1 Metzler et al. (43) Pub. Date: Mar. 26, 2015

(54) SYSTEMS AND METHODS FOR Publication Classification SMULTANEOUS COMPRESSION AND (51) Int. Cl. ENCRYPTION H4N2L/647 (2006.01) H4N2L/845 (2006.01) (71) Applicant: The Board of Regents of the University (52) U.S. Cl. of Texas System, Austin, TX (US) CPC ..... H04N 21/64715 (2013.01); H04N 2 1/8458 (2013.01) (72) Inventors: Richard E. L. Metzler, San Antonio, USPC ...... 380/210 TX (US); Sos S. Agaian, San Antonio, (57) ABSTRACT TX (US) Embodiments of reversible systems and methods for fast, secure and efficient transmission, storage, and protection of (21) Appl. No.: 14/395,674 digital multimedia are disclosed. The embodiments may have the ability to simultaneously compress and encrypt digital data in order to concurrently reduce data size and prevent (22) PCT Fled: Apr. 22, 2013 reconstruction without the for encryption key. E. ments of a method may include pre-processing data to opti (86) PCT NO.: PCT/US 13/37651 mize the size of data segments to be compressed, transform S371 (c)(1) ing the data for improving the compressibility of the before (2) Date: Oct. 20, 2014 mentioned data segments, processing the data sequentially to generate predictive statistical models, encoding the data for simultaneously encrypting and compressing data segments using a keystream, and increasing both the compression ratio Related U.S. Application Data and security of these encoding processes using a block cipher. (60) Provisional application No. 61/636,113, filed on Apr. Embodiments of these methods may be suitable for use on 20, 2012. both encrypted and unencrypted media.

EnCryption 206 input Outputr 208 Key Plaintext Ciphertext

401 PSeudo-Randon Pre-Processing Number & Optionalr CompreSSion/ Generation Transformation Encryption of 405 Plaintext

Simultaneous Compression/ BitStrean Encryption Generation Coding

Sub-Histogram Simultaneous 402 Generation Compression/ CompreSSion/ 406 Encryption --Sub-Histograms Coding Encryption of 404 StatistiCS !-- Final Histogram Run-Length Block Cipher 406 Coding EnCryption Patent Application Publication Mar. 26, 2015 Sheet 1 of 8 US 2015/0O86013 A1

TranSmitting Receiving DeWiCe NetWOrk DeVice 102 106 104

FIG. 1

206 204 208

EnCryption Original Compressed/ Key Media Encrypted Media

Preparation/ TranSformation Of Media Data

Quantization

Preparation of TranSform COefficientS for COmpreSSiOn 202 Simultaneous CompreSSion/ EnCryption COding

FIG 2 Patent Application Publication Mar. 26, 2015 Sheet 2 of 8 US 2015/0O86013 A1

206 208 204

EnCryption CompreSSed/ Original Key Encrypted Media Media 302 Simultaneous DeCompression/ DeCryption COding

ReCOnStrLICtion Of Quantized TranSform COefficientS

Dequantization

Inverse TranSformation

ReCOnStrLICtion of Original Media

FIG. 3 Patent Application Publication Mar. 26, 2015 Sheet 3 of 8 US 2015/0O86013 A1

?ndin0

------

KeyStream

Patent Application Publication Mar. 26, 2015 Sheet 4 of 8 US 2015/0O86013 A1

903

KeyStream Patent Application Publication Mar. 26, 2015 Sheet 5 of 8 US 2015/0O86013 A1

Patent Application Publication Mar. 26, 2015 Sheet 6 of 8 US 2015/0O86013 A1

Input Plaintext

Interpret Header

DeCiSiOn for Context Sorting TranSformation

Determination Of CompressionBlockSize from Header (lf Required)

In VerSe COnteXt Sorting Transform

Output Plaintext

FIG. 7 Patent Application Publication Mar. 26, 2015 Sheet 7 of 8 US 2015/0O86013 A1

Lae,J9000UJ

KeyStream

Patent Application Publication Mar. 26, 2015 Sheet 8 of 8 US 2015/0O86013 A1

------

KeyStream

US 2015/0O86013 A1 Mar. 26, 2015

SYSTEMS AND METHODS FOR nology of choice. At the receiver end of the information SIMULTANEOUS COMPRESSION AND channel, one decoder first performs decryption using the ENCRYPTION encryption key, and another decoderfinally decompresses the 0001. This application claims the benefit of priority to decrypted bitstream to reconstruct the original data. U.S. Provisional Patent Application Ser. No. 61/636,113, (0011 U.S. Pat. No. 6,122.379 describes a method by filed Apr. 20, 2012, hereby incorporated by reference in its which a signal could be simultaneously encrypted by using an entirety. adaptive data modeler which updates the cumulative statistics of an arithmetic encoder and random instances according to a STATEMENT REGARDING FEDERALLY randomly generated keystream. This method has four key SPONSORED RESEARCH ORDEVELOPMENT faults: 1) because the plaintext statistics are only updated at random instances an optimal compression ratio cannot be 0002 This invention was made with government support achieved, 2) if a plaintext exhibits high statistical regularity, under NSF-MD0932339 entitled “Center for Simulation random statistical updates only marginally alter the statistical Visualization & Real Time Prediction' awarded by the representation of the plaintext by the encoder and provide a National Science Foundation. The government has certain weak encryption, 3) if a plaintext exhibits quick variations in rights in the invention. its statistics (as is common audio and visual media), then method of adaptive modeling presented will not serve as a BACKGROUND OF THE INVENTION good prediction for future plaintext symbols, resulting in a far 0003 1. Field of the Invention less than optimal compression ratio, and 4) the method only 0004. This invention relates to multimedia compression uses a stream cipher, which are known to be susceptible to and encryption and more particularly relates to systems and known-plaintext attacks, and will provide Sub-standard Secu methods for simultaneous compression and encryption. rity. 0005 2. Description of the Related Art (0012 U.S. patent application Ser. No. 1 1/740,742 0006 Data compression and encryption have become describes a method which serves simultaneously compresses integral parts of digital interactions. These two operations are an encrypts a binary plaintext by applying a one-time-pad (the fundamental to the efficient bandwidth utilization and infor XOR operation) with a randomly generated binary sequence mational security during transmission of data-dense media and using a type of run-length coding in which the encoder (such as image and video) over large-scale communication compresses long runs recognized from the random sequence. networks such as the Internet. This combination of compres In fact, considering that the input plaintext is encrypted with sion and encryption improves the rate of transmission of large a one-time-pad before any type of compression takes place, files while privatizing the informational content even over a this method is not a true simultaneous compression and publicly accessed network. encryption method; rather, it is a sequential method which 0007 Media formats specify how a type of file should be first encrypts data, then compresses that data based on the packaged. Specifically, formats specify how information knowledge of how it was encrypted. This method clearly has describing a file should be represented as digital data. Often, limitations as it can only process binary data and can only formats describing files containing, large amounts of data offer competitive compression of highly redundant data. It is (such as audio, image, and video media) include a method for also susceptible to the well-documented weakness in security which to compress the file. This minimizes the amount of data of practical implementation of a one-time-pad. needed to contain the file by removing extraneous informa (0013 U.S. Pat. No. 5,479,512 is a much generalized tion and statistical redundancies. This in turn allows for more method for simultaneous compression and encryption (al efficient movement of the file from hard drives to memory and though it is truly a sequential Solution). Here the data is first back, and over distributed communications networks. compressed and afterwards segmented, shuffled, and 0008 Because information is being exchanged with encrypted. This is not a true implementation of simultaneous increasing frequency over these communications networks, it compression and encryption and will Suffer from the compu is also imperative to ensure the security of these files. Using tational complexity of two distinct operations rather than one. encryption, data is rendered unintelligible to the unlicensed 0014 U.S. Pat. No. 4,386,416 is an amalgamation of an user or a user that does not possess the proper decryption key. adaptive-dictionary coder and a Huffman coder used to pro Indeed, for many applications—e.g., confidential transmis vide simultaneous compression and encryption. Based on the Sion, video Surveillance, military, and medical data transfer— occurrence of a word in the adaptive library, the encoder will data security is of the utmost importance. switch between the library representation and a Huffman 0009. However, because encryption hides the redundan coded output. This type of coding cannot approach the com cies within a data set which a compression algorithm must pression ratios of many modern coders and does not provide exploit, encryption should not (in general) be performed a true encryption as the output is not key dependent. There before compression. Therefore, it is usually a requirement to fore, one only needs to know the method by which a file was compress a file before encrypting it. If a file has little redun compressed in order to decode it. dancy to begin with, this type of system will provide a Sub (0015 U.S. Pat. No. 6,154,542 chooses a compression optimal compression ratio. In many cases, the compression method based on a key in order to provide simultaneous operation will actually inflate the size of the file that was compression and encryption. This method has extremely intended to be compressed. weak security as an attacker only needs to decompress the 0010. Therefore, the traditional means to compress and ciphertext with known compression methods until a sensical encrypt data is to first compress the data as near as possible to plaintext is recovered. This will also recover the key used to its entropy rate using a standard entropy encoder. This opera choose the compression type. Furthermore, because the type tion immediately strips the data of statistical redundancies. of compression used could vary greatly, so could the resulting Following compression, the data is encrypted using the tech compression ratios of files to be encoded. US 2015/0O86013 A1 Mar. 26, 2015

SUMMARY OF THE INVENTION 0021. The term “coupled' is defined as connected, although not necessarily directly, and not necessarily 0016 Embodiments of systems and methods for simulta mechanically. neous encryption and compression which provide strong 0022. The terms “a” and “an are defined as one or more security, competitive compression ratios, Suitability for use unless this disclosure explicitly requires otherwise. on encrypted or highly random data, and a fast implementa 0023 The term “substantially' and its variations are tion with respect to sequential compression and encryption defined as being largely but not necessarily wholly what is are presented. specified as understood by one of ordinary skill in the art, and 0017 Such embodiments may include reversible systems in one non-limiting embodiment “substantially’ refers to and methods configured to perform fast, secure and efficient ranges within 10%, preferably within 5%, more preferably transmission, storage, and protection of digital multimedia within 1%, and most preferably within 0.5% of what is speci data. In various embodiments, multimedia data may include fied. text, audio, video, 3D, and other media. The embodiments 0024. The terms “comprise' (and any form of comprise, may simultaneously compress and encrypt digital data in Such as “comprises' and "comprising”), “have (and any order to concurrently reduce data size and prevent reconstruc form of have, such as “has and “having”), “include’ (and any tion without the proper encryption key. Embodiments of a form of include, such as “includes and “including') and method may include pre-processing data to optimize the size “contain' (and any form of contain, such as "contains and of data segments to be compressed, transforming the data for “containing) are open-ended linking verbs. As a result, a improving the compressibility of the before-mentioned data method or device that “comprises.” “has “includes” or “con segments, encoding the data for simultaneously encrypting tains one or more steps or elements possesses those one or and compressing data segments using a keystream, and more steps or elements, but is not limited to possessing only increasing both the compression ratio and security of these those one or more elements. Likewise, a step of a method or encoding processes using a block cipher. Embodiments of an element of a device that “comprises.” “has.” “includes” or these methods may be suitable for use on both encrypted and “contains one or more features possesses those one or more unencrypted media. features, but is not limited to possessing only those one or 0018. This invention has immediate application to all enti more features. Furthermore, a device or structure that is con ties participation in the storage or transmission of digital data. figured in a certain way is configured in at least that way, but Because of the prevalence of both wired and wireless com may also be configured in ways that are not listed. munication channels in modern society, there is a need for two 0025. Other features and associated advantages will things for which the disclosed invention can provide: 1) become apparent with reference to the following detailed Secure storage and transfer of private information, and 2) description of specific embodiments in connection with the Reliable storage transfer of information. Data security accompanying drawings. requires encryption of information in order to disguise it from unwanted interceptors while reliable storage and transfer BRIEF DESCRIPTION OF THE DRAWINGS requires compression of data to minimize processing time and to minimize bandwidth usage. 0026. The following drawings form part of the present 0019 Embodiments of the present invention primarily specification and are included to further demonstrate certain focus on performing compression and encryption of data in a aspects of the present invention. The invention may be better single 'simultaneous' step, rather than in two distinct, com understood by reference to one or more of these drawings in putationally expensive operations. By integrating the encryp combination with the detailed description of specific embodi tion process into the behavior of the compressive coder, the ments presented herein. methods ensure that at no time can the output be compressed 0027 FIG. 1 is a schematic block diagram illustrating one but not encrypted or encrypted but not compressed (unless the embodiment of a system for simultaneously compressing and encryption key is made public). In many cases, the encryption encrypting data. steps detailed here actually improve compressive perfor 0028 FIG. 2 is a schematic diagram illustrating one mance of an encoder beyond that of other contemporary embodiment of a system for simultaneously compressing and compression algorithms. The present embodiments include encrypting data. methods for altering the state of an entropy coder (such as 0029 FIG. 3 is a schematic diagram illustrating one Huffman, arithmetic, or range type coder) based on a key embodiment of a system for simultaneously decompressing stream which concurrently randomizes and optimizes the and decrypting data. compression/encryption process. Such a method may be 0030 FIG. 4 is a schematic diagram illustrating one referred to as either “secure compression' or “simultaneous embodiment of a system for simultaneously compressing and compression and encryption” (“SCE Coding as used encrypting data. herein). 0031 FIG. 5 is a schematic diagram illustrating one 0020 Potential uses may include medical imaging, media embodiment of a system for simultaneously decompressing distribution, military applications, intellectual property pro and decrypting data. tection, confidential transmission, secure banking, identity 0032 FIG. 6 is a schematic diagram illustrating one protection, video Surveillance, and general protection of pri embodiment of a method for pre-processing and data prepa vacy. In medical imaging, images are high resolution with ration. extremely large file sizes and typically are secured for patient 0033 FIG. 7 is a schematic diagram illustrating one confidentiality. In media distribution, large encrypted files are embodiment of a method for a reverse algorithm for SCE transmitted quickly and efficiently. Accordingly, the present pre-processing and data preparation. embodiments are useful for at least these described applica 0034 FIG. 8 is a schematic diagram illustrating one tions. embodiment of a method for encryptive entropy encoding. US 2015/0O86013 A1 Mar. 26, 2015

0035 FIG. 9 is a schematic diagram illustrating one instances, well-known structures, materials, or operations are embodiment of a method for encryptive entropy decoding. not shown or described in detail to avoid obscuring aspects of the invention. DETAILED DESCRIPTION 0041. One embodiment of a system for implementing a stream cipher based Elias coding method which can produce 0036 Various features and advantageous details are a secure, compressed code is described. First, a keystream is explained more fully with reference to the nonlimiting generated from the input of an encryption key into a pseudo embodiments that are illustrated in the accompanying draw random number generator (PRNG). The input plaintext is ings and detailed in the following description. Descriptions of analyzed by a statistics modeler which generates a mapping well known starting materials, processing techniques, com of the plaintext statistics for use in an entropy coder. As each ponents, and equipment are omitted so as not to unnecessarily plaintext symbol is processed by the entropy coder, the sta obscure the invention in detail. It should be understood, how tistical representation of the plaintext is updated, remapped, ever, that the detailed description and the specific examples, and optimized in a pseudo-random fashion according to the while indicating embodiments of the invention, are given by keystream. This results in a compressed output that is also way of illustration only, and not by way of limitation. Various encrypted according to the encryption key. Substitutions, modifications, additions, and/or rearrange 0042 A Fast, Efficiency-Preserving System for Simulta ments within the spirit and/or scope of the underlying inven neous Compression & Encryption, describes further aspects tive concept will become apparent to those skilled in the art of an embodiment of Elias coding that may be adapted for use from this disclosure. according to embodiments of the present invention. Proc. 0037 Certain units described in this specification have SPIE 8063, Mobile Multimedia/Image Processing, Security, been labeled as modules, in order to more particularly empha and Applications 2011,80630F (May 26, 2011). The contents size their implementation independence. A module is “a of this publication are incorporated herein by reference. self-contained hardware or software component that interacts 0043 FIG. 1 is a schematic block diagram illustrating one with a larger system. Alan Freedman, “The Computer Glos embodiment of a system 100 for simultaneous compression sary 268 (8th ed. 1998). A module comprises a machine or and encoding (SCE) of data. In the depicted embodiment, the machines executable instructions. For example, a module system 100 includes a transmitting device 102 and a receiving may be implemented as a hardware circuit comprising cus device 104. The transmitting device 102 may be coupled to tom VLSI circuits or gate arrays, off-the-shelf semiconduc the receiving device 104 through a network 106. For example, tors such as logic chips, transistors, or other discrete compo the transmitting device 102 may be a multimedia server and nents. A module may also be implemented in programmable the receiving device may be a user device such as a personal hardware devices such as field programmable gate arrays, computer, a laptop, a mobile device such as a Smartphone or programmable array logic, programmable logic devices or tablet computer, or the like. In one such example, a Smart the like. phone may be coupled to the multimedia server via a wireless 0038 Modules may also include software-defined units or broadband data network or the Internet. One of ordinary skill instructions, that when executed by a processing machine or in the art will recognize a variety of devices that may com device, transform data stored on a data storage device from a prise the transmitting device 102 and the receiving device first state to a second state. An identified module of executable 104. code may, for instance, comprise one or more physical or 0044 SCE can be used by itself or as a distinct operation logical blocks of computer instructions which may be orga within the framework of a compressive codec in order to nized as an object, procedure, or function. Nevertheless, the achieve fast, simultaneous compression and encryption. executables of an identified module need not be physically Functional block diagrams using SCE for compression and located together, but may comprise disparate instructions decompression as specified by a media codec are shown in stored in different locations which, when joined logically FIGS. 2 and 3. In these examples, the Simultaneous Com together, comprise the module, and when executed by the pression/Encryption Coding (SCE) block 210 replaces the processor, achieve the stated data transformation. usual lossless coder in the same location. This allows the 0039 Indeed, a module of executable code may be a single codec to provide simultaneous encryption with compression. instruction, or many instructions, and may even be distributed Other processing blocks describe the usual components of the over several different code segments, among different pro codec which are used to prepare the media for compression. grams, and across several memory devices. Similarly, opera 0045 FIG. 2 is illustrative of an example of a Simulta tional data may be identified and illustrated herein within neous Compression/Encryption (SCE) integrated into a modules, and may be embodied in any suitable form and media codec. The embodiment of FIG. 2 illustrates how an organized within any Suitable type of data structure. The encryption key 206 is used by SCE coding module 202 to operational data may be collected as a single data set, or may generate compressed and encrypted media 208 from original be distributed over different locations including over different media 204. FIG. 2 also illustrates modules for preparing storage devices. and/or transforming data such that it is suitable for the SCE 0040. In the following description, numerous specific process, quantization, and preparation of transform coeffi details are provided. Such as examples of programming, soft cients for compression. One of ordinary sill in the art may ware modules, user selections, network transactions, data recognize one or more methods that may be suitably adapted base queries, database structures, hardware modules, hard for use with these modules such that the original media 202 ware circuits, hardware chips, etc., to provide a thorough may be simultaneously compressed and encrypted by SCE understanding of the present embodiments. One skilled in the coding module 202. relevant art will recognize, however, that the invention may be 0046 FIG. 3 is illustrative of an example of a Simulta practiced without one or more of the specific details, or with neous Decompression/Decryption integrated into a media other methods, components, materials, and so forth. In other codec. In the depicted embodiment, the encryption key 206 US 2015/0O86013 A1 Mar. 26, 2015 may be used by the simultaneous decompression/decryption 0.052 Pre-processing consists of a windowed entropy coding module 302 to simultaneously decompress and measure and frequency analysis thereof. In order to compute decrypt the compressed and encrypted media 208 to extract the windowed entropy measure, the entropy is calculated over the original media 202. Additional modules for reconstruc sliding windows of plaintext data and normalized by division tion of quantized transform coefficients, dequantization, of the entire plaintext entropy. Small variation in the entropy inverse transformation, and reconstruction of the original measure indicates little contextual ordering within the plain media 202. text and that a context-ordering transform will not be benefi 0047. An embodiment of a system may be configured to cial. Larger variance, on the other hand, will indicate that the perform methods for SCE coding, including: 1) data pre statistics of the plaintext vary regionally and can benefit from processing, 2) data preparation, 3) histogram decomposition, a context-ordering transform. This decision can be imple 4) encryptive entropy coding, 5) run-length, predictive, or mented using thresholding or a fuZZy decision system. adaptive dictionary coding, 6) block cipher encryption, and 7) 0053 Frequency analysis can mathematically describe public key encryption. One or more of these steps may be this variance in entropy over the plaintext and used to deter optional. Block diagrams of embodiments of an encoder and mine an optimal segmentation size—that is, how many sym decoder are provided in FIG.3 and FIG. 4 respectively. bols should be grouped into blocks of data to be compressed 0048 FIG. 4 Illustrative an example of an SCE encoder separately. One option is to take a period value corresponding configuration. In the embodiment of FIG. 4, the system may to a significant peak in the magnitude of Fourier Transform of include a pseudo-random number generator 405 configured the entropy measure sequence. This value will indicate the to provide a keystream to the SCE coding modules 202. One period over which the statistics of the plaintext regularly or more SCE coding modules 202 may be used. The input data change. A fraction of this value should provide a good seg 202 may be pre-prosessed and optionally transformed by mentation size. pre-processing/transformation module 401. Additionally, a histogram generation module 402 may generate a histogram Data Preparation describing a the statistics of an input sequence. The key stream, the pre-processed input data and the histogram may 0054 Data preparation is the implementation of an opera be used by a first SCE coding module 202 to generate SCE tion which improves compression of the plaintext segmenta data. tions. In this example, the decision is made by the pre-pro 0049. In one embodiment, the system may include addi cessing step to perform or skip a context-ordering transform tional histogram modules 402, 406 for generating sub-histo step. Such a transform is the Burrows-Wheeler Transform grams and Sub-Sub histograms for use by a second SCE cod (BWT). The context sorting properties of the BWT can be ing module 202. Inafurther embodiment, a run-length coding improved with respect to the plaintext segmentation by appli module 408 and a block cipher encryption module 410 may cation of the BWT to different bit extensions of the plaintext. additionally be used to encode and encrypt the sub histo For example, if we have 7-bit ASCII coded text to compress, grams. These blocks ciphered histograms may be combined a 56 bit extension of the plaintext (which are groups of 8 with the SCE data by bitstream generation module and an ASCII symbols) could be sorted by the BWT, followed by a output cipher coded bitstream may be formed. 28-bit extension of the plaintext (groups of 4 ASCII symbols) 0050 FIG. 5 Illustrative an example of an SCE decoder for sorting by the BWT, followed by a 14-bit extension configuration. In this embodiment, a pseudo-random number (groups of 2 ASCII symbols) for sorting by the BWT, and generator 405 also generates a keystream. The input data 208 finally a 7-bit extension (groups of 1 ASCII symbol) for the compressed header of the input data 208 is decrypted by sorting by the BWT. module 504. The deader of the input data 208 is then decom 0055. The forward pre-processing and optional prepara pressed by the run-length decompression module 506. The tion steps are described in the block diagram of FIG. 6. The histograms and original data sizes are extracted by module reverse process is shown in FIG. 7. 502 and provided along with the keystream to the SCE decompression/decryption module 302. Finally, an output Histogram Decomposition 510 is generated by inverse transformation module 508 using 0056. Histogram decomposition involves measurement of the header information. the statistics of each segment to be compressed from the plaintext (or transformed plaintext). (Those skilled in the art Pre-Processing will realize that the measured statistics need not be explicitly 0051. The goal of the pre-processing step is to determine a stored as histograms, but can be alternately stored using a proper segmentation of the plaintext into compression blocks probabilistic model of choice.) These histograms (or some bit and whether or not to perform a context-ordering transform. extension or contraction thereof) are further decomposed into The purpose of segmenting the plaintext into compression Sub-histograms measuring the histogram statistics. This pro blocks is to exploit contextual redundancy in Surrounding cess is repeated until the length of a Sub-histogram sequence data samples to achieve better compression. For example, the is less than or equal to the plaintext segmentation size. All sequence 222 2000 0 1 1 11 33 33 is highly random over histograms and Sub-histograms are stored for encryption and the entire length of the sequence and cannot be compressed compression. For reconstruction, an exact representation of a efficiently using an entropy coder. However, it is noticeable Sub-histogram must be used to decompress/decrypt the data that the sequence only changes characters every four sym one level up. bols. Thus, we can segment the sequence into groups of four symbols and compress each segment separately to gain a Encryptive Entropy Coding higher compression ratio. Contextual ordering reduces the 0057 The state of lossless compressive encoder is altered entropy of these segments by grouping symbols which fre according to both the input file to be encoded and a randomly quently occur near each other. generated keystream for which the encoder outputs a simul US 2015/0O86013 A1 Mar. 26, 2015 taneously compressed and encrypted ciphertext file. The can be increased by only performing these permutations interaction between the encoder, input file, and keystream is according to sequential readings of an extension of the bit nonlinear and serves to secure both the original file and the Stream. keystream while providing better compression ratios than 0061 This solution provides a fast optimization to the other contemporary lossless coders. With knowledge of the compression process and adds inherent encryption. This type proper keystream and ciphertext, this process can be reversed of coding should be applied to the plaintext all but the final to recover the original file. The methods are fast and are easily Sub-histogram sequence stored for compression. In order to integrated into both lossless and lossy media compression decrypt the ciphertext, each Sub-histogram must be decrypted standards. properly in order to decrypt the higher-level Sub-histogram 0058. The coding procedure employs a key-based entropy (or actual plaintext data) it describes. This effectively creates encoder. Either prior or concurrent to the encoding process, a a short sequence, the final Sub-histogram, which is essential binary keystream must be generated from an input code key. to decrypting the entire ciphertext. This can be accomplished using a pseudorandom number 0062 Simple block diagrams of the forward and reverse generator. The key sequence is not required to be long, but encryptive entropy coding steps are illustrated in FIG. 8 and should have length (either total or period) which is relatively FIG. 9. prime to any bit extension used in representation of the sta tistics of the input data. Run Length or Adaptive-Dictionary Coding 0059 An entropy encoder uses a mapping of the inputs statistics in order to provide compression. The inputs statis 0063. Because no statistics are measured for the final sub tics may be provided dynamically from either an adaptive or histogram it cannot be compressed by and entropy coder. non-adaptive predictor, or from a previously measured set of However, an effect of the histogram decomposition process is statistics. During the coding process, a pre-defined operation that the entropy of each Successive Sub-histogram is reduced. based on an alphabetic extension of the keystream is applied Thus, the final Sub-histogram sequence should have long runs to the statistical representation of the input in order to alter the of similar symbols. Run length and adaptive-dictionary state of the encoder. This operation will both optimize and encoders such as DEFLATE, LZW, PPM, CTW, or other randomize the state of the encoder. If the size of the extension predictive compression methods can be used to compress the is dependent on both the statistics and the ordering of the final Sub-histogram. input plaintext, a nonlinear relation will be maintained between the encryption and the keystream. The significance Block Cipher Encryption and Public Key Encryption of this nonlinearity increases with the use of adaptive coding. Effectively, this makes the functional keystream unpredict 0064. Because the final sub-histogram (or statistical rep able in size and serves to obscure the original keystream while resentation of choice) is key to unlocking all higher-level encrypting the input plaintext while maintaining the com Sub-histograms, histograms, and plaintext sequences the final pression performance of the encoder. sub-histogram should also be encrypted. This can be solved 0060 For example, we can modify an adaptive range by application of either a block cipher (such as DES or AES) encoder to compress and encrypt using a randomly generated or a public key cipher (such as RSA) depending on the desired keystream. To do this, we create a binary keystream of length usage. In general, these ciphers are very hard to crack even which is relatively prime to the number of symbols within the with a known plaintext attack. However, because of their plaintext alphabet. The encoder will operate on a representa computational complexity they can be very slow in imple tion of the plaintext statistics in the form of a histogram or mentation. Because SCE only employs these methods on a probability distribution, the former as calculated in the pre Small amount of data which is necessary for reconstruction of vious histogram decomposition step and the latter calculated the original plaintext, the computational computation time dynamically from either a pre-determined statistical model spent on these operations is minimized. and or an adaptively updated Statistical model based on pre 0065. When statistical models are generated by updating viously observed sequential data. This histogram or distribu and predicting statistics based upon previously observed tion is mapped to a set of intervals used for coding. These sequential data, the statistical models used in prediction can intervals will be permuted according to the keystream at be obscured through further encryption of an initial portion of variable stages also defined by the keystream. However, it is the already compressed and encrypted sequence. This can be not desirable to move more-likely intervals to the top of the achieved by application of either a block cipher (such as DES range and less-likely intervals to the bottom as this can nega or AES) or a public key cipher (such as RSA) to a small, initial tively impact coding efficiency. To mitigate this problem, the portion of the encoded bit stream. In general, these ciphers are intervals are sorted in descending size and only permuted very hard to crack even with a known plaintext attack. How with intervals of similar size. In this particular case, intervals ever, because of their computational complexity they can be with equivalent significant bits are permuted together. How very slow in implementation. Because SCE only employs these permutations are Supposed to take place is defined by bit these methods on a small amount of data which is necessary extensions of the keystream, the size of which is determined for reconstruction of the original plaintext, the computational by the number of similarly-sized intervals to be permuted computation time spent on these operations is minimized. together. Thus, the bit extensions of the keystream can vary 0066. The overall security obtained by using a stream greatly. Because the encoder is adaptive, the intervals are cipher (which are the permutations in the encryptive entropy updated each time a new symbol is input, and the size of each coding stage), compression (locking the necessary recon interval corresponding to a symbol will change as well. This struction data in shorter-and-shorter Sub-histograms), and a causes groups of intervals corresponding to different symbols block cipher provides a highly secure ciphertext. Because the to be permuted together each time. This process need not be overall computational complexity similar to a common carried out every time a symbol is input and the encoder speed entropy encoder Such an implementation can also be very fast. US 2015/0O86013 A1 Mar. 26, 2015

0067 Illustrative embodiment 1: Consider a media distri 0072 All of the methods disclosed and claimed hereincan bution system for a video content provider. It is desirable to be made and executed without undue experimentation in light compress the media so that video media can be transferred to of the present disclosure. While the apparatus and methods of a user efficiently: quickly and using minimal bandwidth. It is this invention have been described in terms of preferred also desirable for the bit stream representing the video media embodiments, it will be apparent to those of skill in the art that to be encrypted so that an unregistered user cannot access the variations may be applied to the methods and in the steps or in uncompressed content. If the media is in high definition, it the sequence of steps of the method described herein without might be compressed using a standard Such as H.264 (mpeg departing from the concept, spirit and scope of the invention. 4). This standard uses a series of algorithms to prepare video In addition, modifications may be made to the disclosed appa data into a form more usable by an entropy encoder. Typically, ratus and components may be eliminated or Substituted for this is a specialized arithmetic coder. To provide encryption the components described herein where the same or similar without loss of compressive performance, the arithmetic results would be achieved. All such similar substitutes and coder can be simply modified according to the methods laid modifications apparent to those skilled in the art are deemed out here. Only an authorized user with access to the encryp to be within the spirit, scope, and concept of the invention as tion key can reconstruct the original video. defined by the appended claims. 0068 Illustrative embodiment 2: Consider a situation 1. A method comprising: where it is desirable to store or exchange reconnaissance using an encryption key to dynamically permute a statisti images for military application. Many images are taken and cal mapping of an input data set within an Elias encoder are required to be compressed for minimal storage and expe to simultaneously compress and encrypt the input data dient transmission. It is not desirable for these images to be Set. accessible to persons without clearance, and the images must 2. A method for simultaneously compressing and encrypt also be encrypted. Typically, encryption and compression ing an input data set comprising: must be performed one after the other. However, it is impos pre-processing the input data set for optimizing compres sible to compress encrypted data. Therefore, if the images are sion; highly secure and must first be encrypted before any distri generating one or more statistical models that represent a bution, compression will be ineffective. Rather, it is more statistical measurement of the input data set; efficient to encrypt and compress simultaneously for both changing a state of a compressive entropy encoder accord security and efficient distribution or storage. ing to an encryption key and the one or more statistical 0069 Illustrative embodiment 3: Considera detailed clas models to simultaneously compress and encrypt the sified government document of very long length. It is input data set. encrypted upon creation but must be sent to another govern 3. A method for simultaneously compressing and encrypt ment official. In this case, compression cannot be performed ing an input data set comprising: because the document is encrypted and the file cannot be sequentially processing the input data set for optimizing efficiently transmitted. Also, compression must be lossless in compression; order to preserve both the integrity and readability of the generating one or more statistical models that represent a document. To facilitate both the requirements of encryption statistical measurement of the processed data set; and compression, a simultaneous method as described above predicting one or more statistical models that represent a should be used to fulfill both encryption and compression future statistical measurement of the yet-to-be processed requirements. data set; sequentially updating one or more statistical models that EXAMPLES represent a statistical measurement of the processed data 0070 An adaptive SCE encoder (and corresponding set after a new set of observations; decoder) was implemented in MATLAB code. The encoder changing a state of a compressive entropy encoder accord output was compared to MATLAB implementations of pure ing to an encryption key and the one or more statistical Huffman and Adaptive Arithmetic entropy coders in the loss models to simultaneously and sequentially compress less case with respect to both compression performance and and encrypt the input data set. algorithm complexity. Compression performance was mea 4. The method of claim 2, further comprising compressing sured by the compression ratio C=bits original/bits com the one or more histograms according to a Run-Length com pressed which provides a measure of how many times Smaller pression process. a compressed file is. Therefore, the larger the compression 5. The method of claim 2, further comprising compressing ratio, the better the compression performance of the coder. the one or more histograms according to an Adaptive Dictio 0071. SCE was also integrated into an implementation of nary compression process. the JPEG standard to provide a lossy compression at similar 6. The method of claim 2, further comprising encrypting quality levels. Total compression between the SCE version of the one or more histograms according to a block cipher pro JPEG and traditional JPEG was also compared with the qual CCSS, ity level set to medium. Results are summarized for each of 7. The method of claim3, further comprising encrypting an three images of six classes which exhibit different types of initial portion of a simultaneously compressed and encrypted statistics. Table 3 summarizes the results for natural, binary, sequence according to a block cipher process. textured, and commonly tested, randomly generated, and 8. The method of claim 2, further comprising preparing the already-encrypted image classes, respectively. Table 4 pro input data set to improve compression of plaintext data seg vides the average computational time comparison between mentation. SCE and Adaptive Arithmetic compression followed by AES 9. The method of claim 8, wherein preparing further com encryption for the images of Table 3. prises performing a context sorting process. US 2015/0O86013 A1 Mar. 26, 2015

10. The method of claim8, wherein preparing further com 16. A method of simultaneously decompressing and prises performing a Burrows-Wheeler Transformation on dif decoding an encrypted data set by performing the inverse of ferent binary extensions of the input data set. the steps described in claim 2. 11. The method of claim 2, wherein pre-processing further 17. A system configured to simultaneously compress and comprises: encode an input data set comprising one or more modules configured according to the method steps described in claim performing a windowed entropy measure over plaintext 2. data samples; and 18. A tangible computer readable medium comprising performing frequency analysis of the entropy variation computer executable code ofhardware that when executed by over the plaintext data. a computational device causes the computer to perform 12. The method of claim 2, wherein generating the one or operations for simultaneously compressing and encoding an more histograms further comprises dividing a first histogram input data set, wherein the operations comprise the steps of into a plurality of Sub-histograms until a size of the Sub claim 2. histograms is less than or equal to a predetermined limit. 19. A tangible computer readable medium comprising 13. The method of claim 2, wherein the compressive computer executable code or hardware that when executed by entropy encoder is an Elias encoder. a computational device causes the computer to perform 14. The method of claim 13, wherein the compressive operations for simultaneously decompressing and decoding entropy encoder performs an arithmetic coding process. an input data set, wherein the operations comprise the steps of 15. The method of claim 14, wherein the compressive claim 2. entropy encoder performs a Range coding process.