JP2000019958A - Cipher processor, cipher processing method and storage medium storing cipher processing program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a cipher processor which realizes a high speed processing by reducing the data quantity and the generation frequency of cipher table data and also which does not impaire safety. SOLUTION: This processor is provided with division parts A0 to A3 generating respective 8-bit divided data by four pieces by dividing 32-bit input data into equal four pieces, a cipher table data saving part 3001 which saves the 32-bit cipher table data by (2 to 8) pieces and outputs four pieces of respective 32-bit cipher data by respectively specifying one piece from (2 to 8) pieces of cipher data based on respective four pieces of divided data, first to third table value translating parts 3002 to 3004 generating 32-bit translated data by four pieces by applying respectively different fixed translations to the four pieces of cipher data and output data generating parts 3005 to 3007 generating 32-bit output data by applying synthetic processings to all of the four pieces of translated data.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an encryption processing apparatus for encrypting or decrypting data to be encrypted in block units based on a secret key, an encryption processing method used in the apparatus, and an encryption processing method. The present invention relates to a storage medium that stores an encryption processing program to be described, and more particularly to a technique that realizes high-speed encryption processing by reducing the data amount and generation frequency of substitution table data and does not impair security.

[0002]

2. Description of the Related Art In recent years, remittance by digital communication and communication of all kinds of information have become widespread, so that important information to be transmitted is protected from eavesdropping and tampering by a third party, and a technique for improving security is improved. The demand for is increasing. One of the effective technologies to improve security is cryptography.
raphy).

[0003] In a system that communicates using encryption, the original message is called plaintext.
The one whose meaning is converted into a form that is difficult for a third party to understand is called a cryptogram. Also, this conversion is called encryption, and conversely, the inverse conversion for restoring the ciphertext to the original plaintext is decrypted (decryption).
(cryption).

[0004] The contents of conversion between encryption and decryption are specified by an algorithm and a parameter key. The algorithm identifies a family of transforms consisting of multiple transforms, and the key identifies one transform within that family. Usually, what corresponds to a fixed part of the device is an algorithm, and what is sometimes replaced in one device is a key.

[0005] The ciphertext is assumed to be eavesdropped. The fact that an eavesdropper or the like attempts to decrypt into plain text without having algorithm or key information,
It is referred to as cryptoanalysis. A person attempting to decipher (hereinafter, referred to as “cryptanalyst (crypt
analyst) ") performs decryption on the assumption that the ciphertext is known.

Basically, a decryption method for determining a secret plaintext or key only from ciphertext is referred to as “ciphertext alone attack (ciphert alone attack).
ext-only attack) ". Further, a decryption method for determining a secret key from some unspecified ciphertext and plaintext pairs and determining a plaintext corresponding to an arbitrary ciphertext is referred to as a “known-plaintext attack (known-plaintext attack).
attack) ".

(First Conventional Example) One example of encryption is pseudo-random number addition type encryption. In this cipher, a sender and a receiver secretly share the same key, and the key is seeded using a random number generator having the same algorithm as a predetermined number of bits (hereinafter referred to as a “block”). In the encryption performed by the sender, a ciphertext is generated by performing an exclusive OR operation on the random number and the plaintext for each corresponding bit in block units, thereby generating a ciphertext. In the decryption according to, a plaintext is generated by performing an exclusive OR operation on the random number and the ciphertext for each corresponding bit in block units.

Here, the plaintext in block units is “M”, the ciphertext in block units is “C”, the random number is “R”, and the exclusive OR operation for each corresponding bit is “(+)”. Then, encryption can be expressed by the following (Equation 1), and decryption can be expressed by the following (Equation 2). C = M (+) R (Equation 1) M = C (+) R (Equation 2) The problem of this encryption is that it is very weak against “known plaintext attack”.

For example, if a pair of a plaintext and a ciphertext in each block is known, the random number R is obtained from the following (Equation 3), so that all other plaintexts can be decrypted. R = M (+) C (Equation 3) Therefore, the cryptanalyst can very easily decrypt the pseudorandom number addition type encryption by the known plaintext attack.

(Second conventional example) An example of a cipher that cannot be easily deciphered by a known plaintext attack is DES (DataEn
crypto Standard or FEAL (Fast Data Encipherm)
ent Algorithm). These are described in detail in "Introduction to Cryptography" (Eiji Okamoto, published by Kyoritsu Shuppan).

[0011] These ciphers make 64 bits one block, and strongly disturb data in block units. For example, the DES algorithm uses transpos
(ion) and substitution (substitution) are repeated 16 times. One type of block encryption system represented by DES and FEAL is a Blowfish encryption system.

Regarding the Blowfish encryption method, Br
`` Description of a New Variable-Lengt '' by uce Schneier
h Key, 64-Bit Block Cipher (Blowfish), ''('' Fast Sof
tware Encryption, '' edited by Ross Anderson, Lecture Notes
in Computer Science Vol.809, pp.191-204, Springer-
Verlag.). Hereinafter, this Blowfish encryption method will be described.

FIG. 14 is a diagram showing the configuration of a data encryption device using the Blowfish encryption method. The data encryption device 3010 shown in FIG.
1, a stage number control unit 3012, a partial key generation unit 3013, and a substitution table data generation unit 3014.

The substitution table data generation unit 3014 generates 32K bits (table value 32 bits × 1024) of substitution table data from 64-bit input key data according to a substitution table data generation algorithm.
Here, since the substitution table data generation algorithm is not the gist of the present invention, its description is omitted. The partial key generation unit 3013 calculates 64
256-bit bit data is generated from the bit input key data, and the generated bit data is divided into eight sets of 32 bits each and stored as partial keys SK0 to SK7. Here, the partial key generation algorithm has nothing to do with the gist of the present invention, and a description thereof will be omitted.

The data disturbing unit 3011 includes a 32K-bit (table value 32 bits × 1024) substitution table data generated by the substitution table data generation unit 3014 and a 32-bit partial key data generated by the partial key generation unit 3013. Is used to repeatedly perform data disturbance on the input 64-bit data, and output 64-bit data. Normally, encryption is completed by repeating such data disturbance processing 16 times.

The number-of-stages control unit 3012 controls the data disturbing unit until 64-bit ciphertext data (hereinafter, referred to as “ciphertext block”) is generated from 64-bit plaintext data (hereinafter, referred to as “plaintext block”). Reference numeral 3011 controls the number of times of repeated data disturbance. Therefore, the stage number control unit 3
In step 012, the number of data disturbances is counted for each plaintext block. If the number of data disturbances is less than a predetermined number, the output of the data disturbance unit 3011 is input to the data disturbance unit 3011 to repeat the data disturbance, and the data disturbance is repeated. In the case of the number of times, it is output as a ciphertext block.

Here, the partial key SK0 is used for the first data disturbance of the plaintext block, and thereafter, SK1, SK2,..., SK7 are used in order each time the data disturbance is repeatedly performed. Of course, SK0 is used after SK7. FIG. 15 is a diagram illustrating a configuration of a data decryption device using the Blowfish encryption method.

Data decoding device 4010 shown in FIG.
Are a data disturbance unit 4011, a stage number control unit 4012, a partial key generation unit 4013, and a substitution table data generation unit 401.
4 is provided. The substitution table data generation unit 4014 is the same as the substitution table data generation unit 3014 in FIG.

The partial key generator 4013 is the same as the partial key generator 3013 in FIG. Data disturbance unit 4011
Are the same as those of the data disturbance unit 3011 in FIG. The stage number control unit 4012 controls the number of times of data disturbance that the data disturbance unit 4011 repeatedly performs until a plaintext block is generated from a ciphertext block. Stage number control unit 4012
Counts the number of data disturbances for each ciphertext block, and when the number of data disturbances is less than a predetermined number, inputs the output of the data disturbance unit 4011 to the data disturbance unit 4011 and repeats the data disturbance. In the case of the number of times, it is output as a plaintext block.

Here, the partial key SK7 is used for the first data disturbance of the ciphertext block, and thereafter, every time the data disturbance is repeatedly performed, the partial keys SK6, SK5,... Of course, SK7 is used after SK0. FIG. 16 is a diagram showing a detailed configuration of the data disturbance unit 3011 using the Blowfish encryption method shown in FIG.

A data disturbing unit 3011 shown in FIG. 16 includes a first exclusive OR unit 3111 and a second exclusive OR unit 311.
2 and a data conversion unit 3113. (The description of the data disturbance unit 3011 is deleted.) The first exclusive OR unit 3111 excludes the 32-bit partial key data and the upper 32 bits (“X1” in FIG. 16) of the input data for each bit. A logical OR operation is performed, and a 32-bit operation value S0 is output. The calculated value S0 is input to the data conversion unit 3113, and becomes the lower 32 bits (“Y0” in FIG. 16) of the output data as it is.

The data conversion unit 3113 is generally called an f-function. Here, the data conversion unit 3113 converts a 32-bit operation value S0 using a 32-Kbit substitution table data and outputs a 32-bit conversion value S1. . The second exclusive-OR unit 3112 performs an exclusive-OR operation for each bit of the 32-bit conversion value S1 and the lower 32 bits (“X0” in FIG. 16) of the input data, Is output. This operation value Y1 becomes the upper 32 bits of the output data as it is.

Hereinafter, an example of the operation of the data disturbance unit 3011 will be described. (1) First, 64-bit input data is divided into two sets of 32 bits. The upper side of the divided input data portion is referred to as X1, and the lower side is referred to as X0. (2) The first exclusive OR unit 3111 performs an exclusive OR operation on each of the 32-bit X1 and the partial key data for each bit. The 32-bit data generated here is referred to as Y0. This Y0 is the lower 32 bits of the output data.

(3) The data conversion unit 3113 converts the S0 generated by the first exclusive OR unit 3111 and outputs 32-bit data S1. (4) The second exclusive OR unit 3112 performs an exclusive OR operation for each of the 32 bits X0 and S1. The 32-bit data generated here is referred to as Y1. This Y1 is the upper 32 bits of the output data.

Note that Y1 and Y output from the above operation are
“0” is output from the data disturbance unit 3011 as 64-bit output data in synchronization with a clock (not shown). FIG. 17 is a diagram showing a detailed configuration of the data disturbance unit 4011 using the Blowfish encryption method shown in FIG. The data disturbing unit 4011 illustrated in FIG. 17 includes a first exclusive OR unit 4111, a second exclusive OR unit 4112,
And a data conversion unit 4113.

The first exclusive OR unit 4111 is provided with a 32-bit partial key data and the lower 32 bits of the input data (FIG. 1).
7 to “Z0”), an exclusive OR operation is performed for each bit, and a 32-bit operation value W1 is output. “Z0” of the lower 32 bits of the input data is input to the data conversion unit 4113 as the input value T0. The calculated value W1 becomes the upper 32 bits of the output data as it is.

The data conversion unit 4113 is a data conversion unit 3
Similar to 113, this is generally called an f-function. In this case, using 32K-bit substitution table data,
It converts a 32-bit input value T0 and outputs a 32-bit converted value T1. The second exclusive OR unit 4112 calculates
An exclusive OR operation is performed for each bit on the converted value T1 of the bit and the upper 32 bits (“Z1” in FIG. 17) of the input data, and a 32-bit operation value W0 is output. This operation value W0 is the lower 32 bits of the output data as it is.
Bit.

The operation of the data disturbing unit 4011 is the same as that of the data disturbing unit 3011, and a description thereof will be omitted. FIG.
FIG. 17 is a diagram illustrating a detailed configuration of a data conversion unit 3113 illustrated in FIG. 16. The data conversion unit 3113 shown in FIG. 18 includes a first substitution table data storage unit 3201, a second substitution table data storage unit 3202, a third substitution table data storage unit 3203, a fourth substitution table data storage unit 3204,
A first adder 3205, a second adder 3206, and an exclusive OR unit 3207 are provided.

The 32K-bit substitution table data is divided into four sets each having 8K bits. The 32-bit input data S0 is divided into four sets of 8 bits each. The first to fourth substitution table data storage units 3201 to 3204 divide and store the corresponding divided 8K-bit substitution table data into 256 table values of 32 bits each from the upper bit, and store each of the S0. Based on the 8-bit input divided into four, 1 of the 256 table values is obtained.
Identify and output. Here, Tab1 [0], Tab1 [1], Tab1 [1], and the 32-bit table values stored in the first substitution table data storage unit 3201 are arranged in order from the highest level.
, Tab1 [255], and similarly, the table value stored by the second substitution table data storage unit 3202 is Ta
b2 [0], Tab2 [1],..., Tab2 [25
5], the table values stored by the third substitution table data storage unit 3203 are Tab3 [0], Tab3 [1],
, Tab3 [255], the table values stored by the fourth substitution table data storage unit 3204 are Tab4 [0],
Tab4 [1],..., Tab4 [255]. Also, first to fourth substitution table data storage units 3201 to 32
The eight bits obtained by dividing S0 input to 04 are referred to as V3, V2, V1, and V0 in order from the higher order.

The first addition unit 3205 performs an arithmetic addition operation on the 32-bit table value output from the first substitution table data storage unit 3201 and the 32-bit table value output from the second substitution table data storage unit 3202. , And outputs only the lower 32 bits of data, ignoring carry-over. Here, the 32-bit data output from the first substitution table data storage unit 3201 is J3, and the 32-bit data output from the second substitution table data storage unit 3202 is J3.
2. When the 32-bit data output by the first adder 3205 is expressed as Q0 in the equation, Q0 = (J3 + J2) mod (2 ＾ 32). Here, “a ＾ b” means a raised to the power b, and “α
“mod β” means the remainder of α divided by β, and so on.

The exclusive-OR unit 3207 performs an exclusive-OR operation on the Q0 and the 32-bit data output from the third substitution table data storage unit 3203 to obtain 3 bits.
Output 2-bit data. Here, when the 32-bit data output from the third substitution table data storage unit 3203 is expressed as J1 and the 32-bit data output from the exclusive OR unit 3207 is expressed as Q1, Q1 = Q0 (+) J1. . Here, “α (+) β” means that exclusive OR operation is performed for α and β on a bit-by-bit basis, and so on.

The second addition section 3206 performs an arithmetic addition operation on the Q1 and the 32-bit data output from the fourth substitution table data storage section 3204, and outputs only the lower 32 bits of data ignoring the carry. I do. Here, when the 32-bit data output from the fourth substitution table data storage unit 3204 is expressed as J0 and the 32-bit data output from the second addition unit 3206 is expressed as Q2, Q2 = (Q1 + J0) mod (2) # 32)

The output Q2 of the second adder 3206 is the output S1 of the data converter 3113. Hereinafter, an operation example of the data conversion unit 3113 will be described. (1) The input table value of 32 bits × 1024 substitution table data is divided into four sets of table values of 32 bits × 256. Here, the divided substitution table data is referred to as R3, R2, R1, and R0 in order from the top. R3, R2, R1, and R0 are a first substitution table data storage unit 3201, a second substitution table data storage unit 3202, and a third substitution table data storage unit 320, respectively.
Third, it is stored in the fourth substitution table data storage unit 3204.

(2) The input 32-bit input data is divided into four sets of 8-bit data. Here, V3, V3
2, V1 and V0. (3) First to fourth substitution table data storage units 3201
3204 specifies and outputs one of the 256 table values stored by each based on the input of each 8 bits obtained by dividing S0 into four parts. The table values output here are sequentially described as J3, J2, J1, and J0.

(4) The first adder 3205 determines whether J3 and J2
And the lower 32 bits ignoring the carry
It outputs bit data Q0. (5) The exclusive OR unit 3207 performs an exclusive OR operation on Q0 and J1, and outputs 32-bit data Q1. (6) The second adder 3206 performs an arithmetic addition operation on Q1 and J0, and outputs lower-order 32 bits of data Q2 (= S1) ignoring the carry.

The data disturbance unit 3011 as described above
The security of the data encryption system with
The conversion operation at 113 largely depends on the data disturbance function. The data conversion unit 3113 includes four types of substitution table data storage units 3201 to 3203 each of which performs processing independently.
Since 3204 is used, high security is obtained. Therefore, it is stronger against decryption and active fraud.

The detailed configuration of the data conversion unit 4113 shown in FIG. 17 is the same as that of the data conversion unit 3113, and therefore the description thereof is omitted. (Third conventional example) As typical decryption methods for the block encryption method, there are a differential decryption method and a linear decryption method. The third conventional example is an encryption scheme devised for the purpose of enhancing security against these decryption methods. For details of differential cryptanalysis and shape cryptanalysis, see E. Biham and A. Shamir, respectively.
Author, '' Differential Cryptanalysis of the Data Encryp
tion Standard, '' Springer-Verlag. and Mitsuru Matsui, ''
Linear Decryption Method of DES Cryptography (I), '' 1993 Cryptography and Information Security Symposium (SCIS'93), Proceedings SCIS93-3C.

In the differential cryptanalysis method and the linear cryptanalysis method, a large number of pairs of plaintext and ciphertext using the same key data are prepared, and a known key data used for encryption is obtained by analyzing them. This is a type of plaintext attack. These decryptions assume that each block of the ciphertext to be decrypted is always encrypted using the same key data.

Therefore, when a plurality of plaintext blocks are encrypted, if encryption is performed using different key data for each plaintext block, the security against these decryption methods is enhanced. Here, it is not realistic to prepare the same number of key data as the number of plaintext blocks because the number of key data increases in proportion to the number of plaintext blocks. Therefore, a method of updating key data by using a block of ciphertext one block before as "variable information" is disclosed in Japanese Patent No. 1250077 Key Chain Method / US4074066 (Message verification and t
ransmission error detection by block chaining). In this patent, the key data can be updated every time one block is encrypted without preparing the same number of key data as the number of plaintext blocks. That is, since different key data is generated and used for each block based on one key data, the security against the differential cryptanalysis and the linear cryptanalysis is enhanced without increasing the key data.

[0040]

However, the data disturbing unit 3011 in the second conventional example needs to store a huge amount of substitution table data as large as 32 Kbits, so that it is easy to implement in both hardware and software. In addition, there is a problem in terms of performance, and there is a problem in that it takes a certain amount of processing time to generate a huge amount of substitution table data. On the other hand, simply reducing the data amount of the substitution table data is not preferable because the security may be impaired.

Further, Blo as shown in the second prior art example
When the key chain method of the third conventional example is used for the wfish encryption method, the following problem occurs. Second as described above
The conventional Blowfish encryption method generates 32K-bit substitution table data based on input key data and uses it for encryption. The third conventional key chaining method encrypts one block of plaintext. Update the input key data every time. Therefore, when the key chain method is used for the Blowfish encryption method, substitution table data is generated each time one block of plaintext is encrypted. Since the substitution table data has an enormous amount of data of 32 Kbits, the processing load on the processor is large,
If the substitution table data is frequently generated, the processing speed of the encryption processing is significantly reduced. On the other hand, simply reducing the frequency of generating substitution table data is not preferable because it may impair security.

These problems are not limited to the Blowfish encryption method, but are a problem common to the block encryption method that generates substitution table data based on an input key and uses it for encryption processing. Therefore, the present invention has been made in view of such a problem, and in a block cipher system that generates substitution table data based on an input key such as a Blowfish encryption method and uses the same for encryption, the data amount of the substitution table data and It is an object of the present invention to provide a cryptographic processing device, a cryptographic processing method, and a storage medium storing a cryptographic processing program that realize high-speed processing by reducing the generation frequency and do not impair security.

[0043]

In order to achieve the above object, an encryption processing apparatus according to the present invention is an encryption processing apparatus that performs encryption processing on input data using substitution data to generate output data, When N and M are integers of 2 or more, storage means for storing (2 ＾ N) replacement data of a predetermined bit, and (N × M) -bit input data equally divided into M pieces, each of which is N bits Dividing means for generating M pieces of divided data, and input storing data generated by subjecting the M pieces of divided data generated by the dividing means or the divided data to synthesis processing, and storing means for each input of N bits. Keep (2
(N) substitution means for specifying and outputting one of the predetermined bits of substitution data from the substitution data, and converting the predetermined bits by inputting the substitution data output by the substitution means and performing a plurality of different fixed conversions It is characterized by comprising fixed conversion means for generating M data, and output data generation means for generating (N × M) -bit output data based on the M converted data generated by the fixed conversion means.

Thus, high security can be obtained with a small number of substitution table data. Further, in the cryptographic processing device according to the present invention, the predetermined bits of the substitution data stored by the storage unit are (N × M) bits, and the substitution unit stores the predetermined number of bits in each of the M divided data generated by the division unit. Based on the (2 ＾ N) pieces of substitution data stored by the storage means, one of each is specified, and M pieces of (N × M) -bit substitution data are output, and the fixed conversion means outputs the M data output by the substitution means. By performing different fixed conversions on each of the character substitution data, M conversion data of (N × M) bits are generated, and the output data generation unit performs processing on all of the M conversion data generated by the fixed conversion unit. , By generating a (N × M) -bit output data.

As a result, the substitution table data can be reduced to 1 / M of the conventional one without impairing the security. Also,
In the encryption processing device according to the present invention, the predetermined bits of the substitution data stored by the storage unit are N bits, and the substitution unit performs a total synthesis process on all of the M divided data generated by the division unit. The storage means includes input synthesizing means for generating N-bit input synthesized data by performing the processing and stores the data based on the N-bit input synthesized data (2 ＾).
One of N) substitution data is specified, and N-bit substitution data is output. The fixed conversion unit performs N-bit conversion by individually performing M different fixed conversions on the substitution data output by the substitution unit. M pieces of data are generated, and the output data generating means determines one of the M pieces of divided data generated by the dividing means and one of the M pieces of converted data generated by the fixed converting means. Output synthesizing means for generating M pieces of N-bit output synthesized data by subjecting the object to individual synthesizing processing, respectively;
A concatenating unit that generates (N × M) bits of output data by performing concatenation processing of the M pieces of output combined data of bits.

As a result, the substitution table data can be reduced to 1 / M / M of the prior art without impairing the security. In order to achieve the above object, a cryptographic processing device according to the present invention is a cryptographic processing device that creates substitution table data, performs cryptographic processing on input data using the substitution table data to generate output data, and stores key data. Key data holding means, character table data holding means for holding character table data, blocking means for dividing input data into blocks of a predetermined number of bits, and sequentially outputting as input blocks, and a predetermined number of input blocks. Substitution table data creating means for creating substitution table data when performing encryption processing on the next input block after performing encryption processing, and updating the substitution table data held in the substitution table data holding means to the created substitution table data If encryption processing is performed on the previous input block and then encryption processing is performed on the next input block, the key data Key data conversion means for performing bit conversion by using an output block generated by the encryption processing means when the key data held in the holding means is subjected to encryption processing on the previous input block, thereby converting the key data; and substitution table data A cryptographic processing unit for sequentially generating an output block by performing an encryption process on an input block sequentially output by the blocking unit using the substitution table data and the key data stored in the storage unit;

A cryptographic processing apparatus for generating substitution table data, performing encryption processing on input data using the substitution table data, and generating output data, comprising: key data retaining means for retaining key data; A substitution table data holding unit, a block unit for dividing input data into blocks of a predetermined number of bits, and sequentially outputting the divided blocks as an input block; Substitution table data creating means for creating substitution table data when performing encryption processing and updating the substitution table data held in the substitution table data holding means to the created substitution table data, and performing encryption processing on the previous input block When performing encryption processing on the next input block later, the key data held in the key data holding Key data conversion means for performing bit conversion using the input block to convert the key data; and an input block sequentially output by the blocking means using the substitution table data and the key data held in the substitution table data holding means. Encryption processing means for sequentially generating output blocks by performing encryption processing.

A cryptographic processing apparatus for generating substitution table data, performing encryption processing on input data using the substitution table data, and generating output data, comprising key data retaining means for retaining key data, and retaining the substitution table data A substitution table data holding unit, a block unit for dividing input data into blocks of a predetermined number of bits, and sequentially outputting the divided blocks as an input block; A substitution table data creating unit that creates substitution table data when performing encryption processing and updates the substitution table data held in the substitution table data holding unit with the created substitution table data, and performs encryption processing on one input block. When the next input block is subjected to the encryption processing later, the key data held in the key data holding means is Key data conversion means for performing bit conversion by using an intermediate block generated by the encryption processing means while performing encryption processing on the input block to convert key data; substitution table data held in the substitution table data holding means; And performing encryption processing on the input blocks sequentially output by the blocking means using the data and an encryption processing means for generating an intermediate block obtained in the course of the encryption processing and an output block obtained as a result of the encryption processing. It may be provided.

As a result, the substitution table data generated from the key data is not generated every time one block is processed, but the key data is converted every time one block is processed.

[0050]

(Embodiment 1) First to fourth substitution table data storage units 3201 to 3204 shown in FIG.
When sharing the substitution table data stored by the data conversion unit 3113, the substitution table data to be input to the data conversion unit 3113 is reduced to ４, but there is a problem in security in the following points.

In FIG. 18, for example, when V2 = V3, if the substitution table data is shared, J2 = J3, so that the first adder 3205 performs the arithmetic addition operation on the same value. Cryptographic systems have low data disruption capabilities and low security. The first embodiment of the present invention obtains a plurality of outputs from one substitution table data, and performs fixed conversion such as rotation of different number of times or addition of different constants on each output to use the data. Encryption and decryption without reducing security while reducing the amount (hereinafter, "encryption processing"
).

FIG. 1 is a diagram showing a configuration of a cryptographic communication system according to Embodiment 1 of the present invention. Hereinafter, it is shown that the components (here, the data encryption device 10 and the data decryption device 20) surrounded by double lines in the drawing are developed in more detail in another drawing.

The encryption communication system shown in FIG.
And a receiver 2. The transmitter 1 and the receiver 2 are, for example, a server and a terminal of a video server system that transmits and receives digital image information. The transmitter 1 includes a data encryption device 10 and a transmission unit 11. The data encryption device 10 uses the 256-bit key data and the 8K-bit (32-bit table value × 256) substitution table data to perform cipher processing on the plaintext data in 64-bit units to generate ciphertext data. . Here, the plaintext data is, for example, digitally encoded audio or image information,
The key data and the substitution table data are secretly shared between the transmitter 1 and the receiver 2 in advance.

The transmitting section 11 transmits the transmission signal generated by parallel-to-serial conversion, modulation and amplification of the ciphertext data generated by the data encryption device 10 to the transmission path 3. Receiver 2
Includes a data decoding device 20 and a receiving unit 21. The receiving unit 21 receives the transmission signal transmitted from the transmitting unit 11 via the transmission path 3 and performs processing reverse to that of the transmitting unit 11 to restore the ciphertext data.

The data decryption device 20 has 256 bits of key data and 8 K bits (table value 32 bits × 25).
Using the (six) substitution table data, ciphertext data is subjected to encryption processing in 64-bit units to generate decrypted text data (= plaintext data). The decoded text data generated here is, for example, digitally encoded audio or image information, and is decoded by a dedicated decoder (not shown) and reproduced by a speaker or a display.

FIG. 2 shows the data encryption device 10 shown in FIG.
FIG. 3 is a diagram showing a detailed configuration of the embodiment. Data encryption device 10
Includes a data disturbance unit 101, a stage number control unit 102, and a key control unit 103. The key control unit 103 divides the 256-bit key data into eight sets of data of 32 bits each from the higher order to generate partial keys K0 to K7, each time a new block to be processed is input to the data disturbance unit 101. Then, the partial keys K0 to K7 are sequentially output to the data disturbance unit 101. Of course, after K7, K0 is output.

The data disturbance unit 101 performs data disturbance on the 64-bit data by using the 8K-bit substitution table data and the 32-bit partial key data, and outputs 64-bit data. The stage number control unit 102 controls the number of times of data disturbance that the data disturbance unit 101 repeatedly performs until a plaintext block is generated into a ciphertext block. The stage number control unit 102 counts the number of data disturbances for each plaintext block, and outputs an output of the data disturbance unit 101 if the number of data disturbances is less than a predetermined number.
And repeats the data disturbance, and outputs a ciphertext block if the number of times is specified in advance. here,
The number of times specified in advance is eight times.

FIG. 3 shows the data decoding apparatus 20 shown in FIG.
FIG. 3 is a diagram showing a detailed configuration of the embodiment. Data decryption device 20
Includes a data disturbance unit 201, a stage number control unit 202, and a key control unit 203. The key control unit 203 divides the 256-bit key data into eight sets of data of 32 bits each from the high order to generate partial keys K0 to K7, and each time a new block to be processed is input to the data disturbance unit 201. , Partial key K
The data is output to the data disturbance unit 201 in the order of 7 to K0. Of course,
After K0, K7 is output.

The data disturbance unit 201 is the same as the data disturbance unit 101 in FIG. The stage number control unit 202 controls the data disturbing unit 2 until 64-bit decrypted text data (hereinafter referred to as “decrypted text block”) is generated from the ciphertext block.
01 controls the number of times of data disturbance to be repeatedly performed. The stage number control unit 202 counts the number of data disturbances for each ciphertext block, and if the number is less than a predetermined number, inputs the output of the data disturbance unit 201 to the data disturbance unit 201 and repeats the data disturbance. In the case of the number of times specified in advance, it is output as a decrypted text block. Here, the number of times specified in advance is eight times.

FIG. 4 is a diagram showing a detailed configuration of the data disturbance unit 101 shown in FIG. The data disturbing unit 101 includes a first exclusive OR unit 1011 and a second exclusive OR unit 101
2 and a data conversion unit 300. The data disturbing unit 101 shown in FIG. 4 is similar to the data disturbing unit 3011 shown in FIG.

The first exclusive OR unit 1011 is the same as the first exclusive OR unit 3111 shown in FIG. The second exclusive OR unit 1012 is the same as the second exclusive OR unit 3112 shown in FIG. The data conversion unit 300
Using the K-bit substitution table data, a 32-bit operation value S0 is converted and a 32-bit conversion value S1 is output.

FIG. 5 is a diagram showing a detailed configuration of the data disturbance unit 201 shown in FIG. The data disturbing unit 201 includes a first exclusive OR unit 2011 and a second exclusive OR unit 201.
2 and a data conversion unit 301. The data disturber 201 shown in FIG. 5 is similar to the data disturber 4011 shown in FIG.

The first exclusive OR section 2011 is the same as the first exclusive OR section 4111 shown in FIG. The second exclusive OR unit 2012 is the same as the second exclusive OR unit 4112 shown in FIG. Data conversion section 301 is the same as data conversion section 300 shown in FIG.

FIG. 6 is a diagram showing a detailed configuration of the data conversion unit 300 shown in FIG. The data conversion unit 300 includes a substitution table data storage unit 3001, a first table value conversion unit 3002, a second table value conversion unit 3003, a third table value conversion unit 3004, a first addition unit 3005, a second addition unit 3006, and exclusion. The logical OR unit 3007 is provided.

The 32-bit input data S0 is divided into four sets each having 8 bits. Substitution table data storage unit 30
01 stores the input 8K-bit substitution table data by dividing it into 256 table values of 32 bits each from the higher order, and based on each of the 8-bit inputs obtained by dividing S0 into four, the 256 bits are stored. The four table values are specified and output. Here, Tab [0], Tab [1],..., And Tab [0], Tab [1],.
[255]. Also, the substitution table data storage unit 3
The eight bits obtained by dividing S0 input to 001 are A3, A2, A1, and A0 in the order from the upper bit, and the corresponding outputs are B3, B2, B1, and B0.

The first table value converter 3002 performs a one-bit cyclic bit shift conversion of the input 32-bit table value B2 in the upper direction, and outputs 32-bit conversion data C2. The second table value conversion unit 3003
The input 32-bit table value B1 is subjected to a 2-bit cyclic bit shift conversion in the upper direction to output 32-bit conversion data C1.

The third table value converter 3004 performs a 3-bit cyclic bit shift conversion of the input 32-bit table value B0 in the upper direction, and outputs 32-bit conversion data C0. The first addition unit 3005 performs an arithmetic addition operation on the 32-bit table value B3 output from the substitution table data storage unit 3001 and the 32-bit table value C2 output from the first table value conversion unit 3002,
It outputs 32-bit data D0 ignoring the carry over bits.

This can be expressed as follows: D0 = (B3 + C2) mod (2 ＾ 32) The exclusive OR unit 3007 performs an exclusive OR operation on the D0 and the 32-bit table value C1 output by the second table value conversion unit 3003, and outputs 32-bit data D1.

This can be expressed as follows: D1 = D0 (+) C1 The second adder 3006 performs an arithmetic addition operation on the D1 and the 32-bit table value C0 output from the third table value converter 3004, and ignores the carry of the 32nd bit or more, and ignores the 32-bit data D2. Is output.

When this is expressed by an equation, D2 = (D1 + C0) mod (2 ＾ 32). The output D2 of the second adder 3006 is the output S1 of the data converter 300. Hereinafter, the data conversion unit 30
An operation example of 0 is shown.

(1) The input 8K-bit (32-bit table value × 256) substitution table data is stored in the substitution table data storage unit 3001. (2) The input 32-bit input data is divided into four sets each having 8 bits. The input data divided here are A3, A2, A1, and A0 in order from the higher order. (3) The substitution table data storage unit 3001
Based on each of the divided 8-bit inputs, four of the 256 table values are specified, and four 32-bit table values are output. The data output here is B3, B2, B1, B0.

(4) The first table value converter 3002 performs a one-bit cyclic bit shift conversion of the table value B2 in the upper direction and outputs conversion data C2, and the second table value converter 3003 converts the table value B1 to the higher order. The data is subjected to cyclic bit shift conversion of 2 bits in the direction, and converted data C1 is output.
The table value conversion unit 3004 performs a 3-bit cyclic bit shift conversion of the table value B0 in the upper direction to convert the table value B0
Is output.

(5) The first adder 3005 performs an arithmetic addition operation on the table value B3 and the table value C2, and outputs the lower 32 bits of data D0 ignoring the carry. (6) The exclusive OR unit 3007 performs exclusive OR on the D0 and the table value C1, and outputs 32-bit data D1. (7) The second adder 3006 calculates the D1 and the table value C
Arithmetic addition of 0 and the lower 3
It outputs 2-bit data D2 (= S1).

The security of the data encryption system having the data disturbing unit 101 as described above
The conversion operation at 0 depends heavily on the data perturbation function. The data conversion unit 300 obtains four table values using one substitution table data storage unit 3001, and three of the table values are first to third table value conversion units 3002 to 300.
Since the cyclic bit shift conversion in which the number of shift bits is different in 4 is performed, high security equivalent to the case where four types of substitution table data storage units are used can be obtained even though one substitution table data is used.

Therefore, it is more resistant to decryption and active fraud. Data conversion unit 301 shown in FIG.
Is similar to that of the data conversion unit 300, and a description thereof will be omitted. The data disturbance unit 1 shown in FIG.
The principle that the plaintext data encrypted at 01 is decrypted by the data disrupting unit 201 shown in FIG. 5 will be described.

As described above, X1, X0, Y1, Y0, S0 and S0 in the data disturbance unit 101 shown in FIG.
The following relationship is established between S1. Below, 32
Bit partial key data is Ki, 8K-bit substitution table data is R, and (+) is exclusive OR operation. Here, F (R, α) is the output of the data conversion unit 300 when the table value is R and the input data is α.

S0 = Ki (+) X1− (Equation 4) S1 = F (R, S0) − (Equation 5) Y1 = S1 (+) X0− (Equation 6) Y0 = S0− (Equation 7) Z1, Z0, W1, in the data disturbance unit 201 shown in FIG.
The following relationship is established between W0 and T1.

T1 = F (R, Z0) − (Equation 8) W1 = Ki (+) Z0− (Equation 9) W0 = T1 (+) Z1− (Equation 10) Here, output data of the data disturbance unit 101 Is assumed as input data of the data disturbance unit 201. That is, Y1 = Z1− (Equation 11) Y0 = Z0− (Equation 12)

(1) From (Equation 7) and (Equation 12): Y0 = Z0 = S0− (Equation 13) From (2) (Equation 13), (Equation 9) is obtained by W1 = Ki (+) S0− (Equation 9) 14) (3) Here, the following property of exclusive OR is used.

Β (+) {β (+) γ} = γ− (Equation 15) By substituting (Equation 4) into (Equation 14) and using (Equation 15), W1 = Ki (+) ｛Ki (+) X1｝ = X1− (Expression 16) (4) From (Expression 8) and (Expression 13), T1 = F (R, S0) − (Expression 17) (5) (Expression 17) and (Expression 5) From S1 = T1− (Equation 18) (6) From (Equation 11) and (Equation 18) (Equation 10), W0 = S1 (+) Y1− (Equation 19) (7) (Equation 6) is replaced by (Equation 19) ) And using (Equation 15), W0 = S1 (+) {S1 (+) X0} = X0-(Equation 20) From the (Equation 16) and (Equation 20), the data It can be seen that the transformed plaintext data is decoded by the data disrupting unit 201.

The data encryption device 10 shown in FIG.
The principle of decrypting the plaintext data encrypted by the data decryption device 20 shown in FIG. 3 will be described. First, an operation of generating a ciphertext block A by performing an encryption process on the plaintext block A using the 256-bit key data K and the 8K-bit substitution table data R in the data encryption device 10 will be described.

The key controller 103 controls the data disturber 10
, K0, K1,..., K
6 and K7. Further, during the encryption processing of the plaintext block A, one set of substitution table data R is repeatedly used. The data disturbance unit 101 performs data disturbance on the plaintext block A using the partial key data K0 and the substitution table data R to generate an intermediate block A1, and generates the intermediate block A1 using the partial key data K1 and the substitution table data R. The data is disturbed to generate the intermediate block A2.

Similarly, the intermediate blocks A2 to A6 are subjected to data disturbance using the partial key data K2 to K7 and the substitution table data R to generate a ciphertext block A. Next, in the data decryption device 20, the ciphertext block A generated by the data encryption device 10 is subjected to encryption processing by using the key data K and the substitution table data R, and the decrypted text block A (= plaintext block The operation for generating A) will be described.

The key controller 203 controls the data disturber 20
1 has 32 bits of partial key data, K7, K6,.
1 and K0. Further, during the encryption processing of the ciphertext block A, one set of substitution table data R is repeatedly used. The data disturber 201 stores the partial key data K7
Then, data is disturbed on the ciphertext block A using the substitution table data R to generate an intermediate block A6, and data is disturbed on the intermediate block A6 using the partial key data K6 and the substitution table data R to generate the intermediate block A5. Generate.

Similarly, the intermediate blocks A5 to A1 are subjected to data disturbance using the partial key data K5 to K0 and the substitution table data R to generate decrypted text data A. From the above, it can be seen that the plaintext data encrypted by the data encryption device 10 shown in FIG. 2 is decrypted by the data decryption device 20 shown in FIG. Here, the data encryption device 1
0 is described.

A conventional data converter 3 as shown in FIG.
Compared with 113, the data conversion unit 300 of the present embodiment as shown in FIG. 6 has the first table value conversion unit 3002 to the third table value conversion unit despite sharing the substitution table data. By adding 3004, the same effect as holding pseudo four substitution table data is obtained. For example, when A2 = A3 in FIG. 6, the substitution table data is shared, so that B2 = B3. However, since B2 is converted into another value C2 by the first table value conversion unit 3002, the first addition unit 3005 does not perform the arithmetic addition operation on the same value. Therefore, such an encryption system does not have a low data disturbing ability and maintains security.

Therefore, the data conversion unit 30 of the present embodiment
The cryptographic processing device having 0 does not impair security.
The data amount of the substitution table data to be stored is smaller than that of the conventional encryption processing apparatus having the conventional data conversion unit 3113 by 1 /.
It has been reduced to 4. As described above, the present invention provides
In the block cipher system using the substitution table data such as the fish cipher system, the amount of data to be stored is greatly reduced, thereby simplifying the implementation in both hardware and software and maintaining high security. (Embodiment 2) Embodiment 2 of the present invention outputs one substitution data using one substitution table data,
A fixed conversion such as a different number of rotations or addition of different constants is applied to one output to obtain a plurality of outputs, and by using them, the data amount of the substitution table data is reduced and the security is not impaired. This is a cryptographic processing device that realizes this.

In the second embodiment of the present invention, the data converter 300 of the first embodiment replaces the data converter 500, and the data converter 301 replaces the data converter 501. In addition, the data amount of the substitution table data used in the second embodiment
Is 2K bits, which is a quarter of that of the first embodiment. FIG. 7 is a diagram showing a detailed configuration of the data conversion unit 500 shown in FIG.

The data conversion unit 500 includes a substitution table data storage unit 5001, a first input conversion unit 5002, a second input conversion unit 5003, a third input conversion unit 5004, a fourth input conversion unit 5005, a first exclusive OR. Section 5006, second exclusive OR section 5007, third exclusive OR section 5008, first table value conversion section 5009, second table value conversion section 5
010, third table value converter 5011, first adder 5
012, a second adder 5013, a third value adder 5014, and a fourth adder 5015.

The input 32 bits of data are divided into four sets of 8 bits each from the uppermost bit. Here, S0 is 4
E8, E2, E1, E0
And The first input conversion unit 5002 performs a one-bit cyclic bit shift conversion of E3 in the upper direction, and outputs 8-bit conversion data F3.

The second input conversion unit 5003 calculates E2 by
A 2-bit cyclic bit shift conversion is performed in the upper direction, and 8-bit conversion data F2 is output. Third input converter 50
04 performs a 3-bit cyclic bit shift conversion of E1 in the upper direction, and outputs 8-bit conversion data F1. The first exclusive OR unit 5006 includes a first input conversion unit 5
002 and the second input converter 5
An exclusive-OR operation is performed on the conversion data F2 output by 003 to output 8-bit data G2.

The second exclusive OR unit 5007 performs an exclusive OR operation on the data G2 output by the first exclusive OR unit 5006 and the conversion data F1 output by the third input conversion unit 5004. And outputs 8-bit data G1. The fourth input conversion unit 5005 includes a second exclusive OR unit 5
The data G1 output from the data 007 is subjected to cyclic bit shift conversion of 5 bits in the upper direction, and converted data F0 of 8 bits.
Is output.

The third exclusive OR section 5008 calculates the value of E0
And conversion data F0 output by the fourth input conversion unit 5005
And an exclusive-OR operation is performed on the data to output 8-bit data G0. Substitution table data storage unit 5001
Divides the input 2K-bit substitution table data into 256 table values of 8 bits each from the higher order and stores the table values. Based on the data G0 output by the third exclusive OR unit 5008, the 256 One of the table values is specified and output. Here, this output is used as the table value H0.
And

The first table value converter 5009 performs a one-bit cyclic bit shift conversion of the 8-bit table value H0 output from the substitution table data storage 5001 and outputs 8-bit conversion data I2. I do. Second
The table value conversion unit 5010 cyclically shifts the 8-bit table value H0 output from the substitution table data storage unit 5001 by 2 bits in the upper direction, and outputs 8-bit conversion data I1.

The third table value conversion unit 5011 performs a 3-bit cyclic bit shift conversion of the 8-bit table value H0 output from the substitution table data storage unit 5001 in the upper direction, and outputs 8-bit conversion data I0. I do. First
The addition unit 5012 performs an arithmetic addition operation on the 8-bit conversion data F3 output from the first input conversion unit 5002 and the 8-bit table value H0 output from the substitution table data storage unit 5001, and performs the repetition of the eighth bit or more. It outputs 8-bit data J0 ignoring the rise.

This can be expressed as follows: J0 = (F3 + H0) mod (2 ＾ 8) The second adder 5013 includes a second input converter 500
3 and the 8-bit conversion data I output by the first table value conversion unit 5009.
2 and an arithmetic addition operation is performed, and 8-bit data J3 is output ignoring the carry of the 8th bit or more.

This can be expressed as follows: J3 = (F2 + I2) mod (2 ＾ 8) The third adder 5014 includes a third input converter 500
4 and the 8-bit conversion data I output by the second table value conversion unit 5010.
An arithmetic addition operation of 1 is performed, and 8-bit data J2 is output ignoring carry-over of the 8th bit or more.

This can be expressed as follows: J2 = (F1 + I1) mod (2 ＾ 8) The fourth adder 5015 performs an arithmetic addition operation on the above E0 and the 8-bit conversion data I0 output from the third table value converter 5011, and ignores the carry-up of the 8th bit or more, and ignores the 8-bit data. J1 is output.

This can be expressed as follows: J1 = (E0 + I0) mod (2 ＾ 8) A 32-bit data in which output data J3 of the second addition unit 5013, output data J2 of the third addition unit 5014, output data J1 of the fourth addition unit 5015, and output data J0 of the first addition unit 5012 are sequentially connected is This is the output S1 of the data converter 500.

Hereinafter, an operation example of the data conversion unit 500 will be described. (1) Input 2K bits (table value 8 bits × 2)
56) of substitution table data are stored in the substitution table data storage unit 5001. (2) The input 32-bit input data is divided into four sets each having 8 bits. The input data divided here are E3, E2, E1, and E0 in order from the higher order. (3) First input converter 5002, second input converter 500
3. Third input converter 5004, fourth input converter 500
5, the first exclusive OR unit 5006, the second exclusive OR unit 5007, and the third exclusive OR unit 5008
3, E2, E1, and E0 are bit-operated to generate 8-bit data G0.

(4) Substitution table data storage unit 5001
Specifies one of the 256 table values based on the data G0 and outputs the table value H0. (5) The first table value conversion unit 5009 outputs the table value H
0 is shifted upward by one bit in a cyclic bit manner and converted data I2 is output.
Transforms the table value H0 upward by 2 bits in a cyclic bit manner and outputs converted data I1. The third table value conversion unit 5011 converts the table value H0 upward by 3 bits in a cyclic bit shift manner. The conversion data I0 is output.

(6) The second adder 5013 outputs the converted data F
2 and the converted data I2 are arithmetically operated to output 8-bit data J3 ignoring the carry of the 8th bit or more, and the third adder 5014 performs an arithmetic addition operation on the converted data F1 and the converted data I1. The fourth adder 5015 performs an arithmetic addition operation on E0 and the converted data I0, ignoring the carry of the eighth bit or more, and outputting the 8-bit data J2.
The first adder 5012 outputs 8-bit data J1 while ignoring the carry-over of the bit or more.
And the table value H0 are arithmetically added, and 8-bit data J0 is output ignoring the carry-over of the 8th bit or more.

(7) 8-bit data J3 and data J
2, the data J1 and the data J0 are sequentially connected, and 32
It outputs bit data (= S1). The security of the data encryption system including the data disturbance unit 101 as described above largely depends on the data disturbance function of the conversion operation in the data conversion unit 500. The data conversion unit 500
One table value is obtained by using one substitution table data storage unit 5001, and the first to third table value conversion units 5009 are obtained.
In step 5011, cyclic conversion is performed to obtain three pieces of conversion data, and concatenates the table value and the three pieces of conversion data to generate output data. Therefore, one substitution table data whose table value is 1/4 is used. Nevertheless, high security equivalent to the case where four types of substitution table data storage units are used can be obtained.

Therefore, the system is more resistant to decryption and active fraud. Data converter 501 shown in FIG.
Is similar to that of the data conversion unit 500, and a description thereof will be omitted. Each component of the data encryption device 10 and the data decryption device 20 of the first and second embodiments can be realized by dedicated hardware using a logic circuit such as EXOR (Exclusive-OR). As well as
Needless to say, the present invention can be realized by software on a computer system including a general-purpose microprocessor, a control program, a ROM storing the above table, and a RAM as a work area.

In the first and second embodiments, the partial key 3
The data combination of 2 bits, input data of 32 bits, and data of 32 bits is performed by the exclusive OR unit 1011, 1
012, 2011, and 2012. However, it is needless to say that this is not limited to exclusive OR if it is a reversible operation such as a full adder with carry. However, in the first embodiment, the first exclusive OR unit 10
The operation used for the first exclusive OR unit 2011 and the second exclusive OR unit 2012 uses the inverse operation, while the operation used for the 11th and the second exclusive OR unit 1012 uses the inverse operation. In contrast to the operation used for the first exclusive OR unit 1011 and the second exclusive OR unit 1012, the operation used for the first exclusive OR unit 2011 and the second exclusive OR unit 2012 must use the inverse operation. Must. further,
The calculation used here is desirably a simple one that does not impair the high-speed operation.

Further, in the data encryption device 10 or the data decryption device 20 described in the first and second embodiments,
Although the number of times of repeating the input to the data disturbing unit 101 and the data disturbing unit 201 is set to eight, the number may not be eight. When the number of repetitions is less than 8, the number of bits of the key data input to the data encryption device 10 and the data decryption device 20 can be made smaller than 256 bits. On the other hand, if the number of repetitions is more than 8,
The number of bits of the key data input to the data encryption device 10 and the data decryption device 20 may be larger than 256 bits. Even when the number of repetitions is greater than 8, the key data can be left at 256 bits and the divided partial key data can be used repeatedly. In addition, 25
For key data less than 6 bits, the above-mentioned DE
It is also possible to generate a partial key by using a partial key generation means as in the S scheme or the FEAL scheme.

The first of the data conversion units 300 and 301
Table value converter 3002, second table value converter 30
03, third table value converter 3004, data converter 5
00, 501, the first input converter 5002, the second input converter 5003, the third input converter 5004, the fourth input converter 5005, the first table value converter 5009, the second table value converter 5010, and the third In the bit shift operation of table value conversion section 5011, the number of bits shifted upward is not limited to the number of bits in Embodiments 1 and 2, and the number of bits shifted in each section that inputs the same data is different. Any value is acceptable. Further, if the number of bits to be shifted is determined by the partial key data, a better data disturbing function can be obtained. For example, the number of bits 0 to 31 represented by bits 0 to 4 in the 32-bit partial key data is set as the number of bits to be shifted by the first table value conversion unit 3002, and 8 to 12 bits of the 32-bit partial key data Is the number of bits to be shifted by the second table value conversion unit 3003, and 0 to 31 represented by 16 to 20 bits of the 32-bit partial key data.
Is the number of bits to be shifted by the third table value converter 3004.

The first of the data conversion units 300 and 301
Table value converter 3002, second table value converter 30
03, third table value converter 3004, data converter 5
00, 501, a first table value converter 5009, a second table value converter 5010, and a third table value converter 501
The first conversion means is not limited to the configurations of the first and second embodiments, but may be any conversion capable of uniquely specifying output data from input data. That is, one-way conversion that cannot restore output data to input data before conversion may be used. However, the conversion means used in the same data conversion unit must be different. Further, the calculation used here is desirably a simple one that does not impair the high speed.

Further, in the first and second embodiments, each exclusive-OR unit and each data conversion unit use 32-bit data or 8-bit data as a conversion unit. It is not limited. For example, if the present invention is realized by a general-purpose 64-bit CPU, 6
In consideration of the high-speed processing, 4-bit data is used as a conversion unit.
(6 bit data) alone.

Further, in the first and second embodiments, three conversion data obtained by performing different fixed conversions by three table value conversion units, and one table value not subjected to the fixed conversion are stored. Are used in accordance with the four table values obtained using the four types of substitution table data storage units, but the four table values obtained by performing different fixed conversions by the four table value conversion units are used. May be used. However, the fixed conversion in the case of using four table value conversion units includes no conversion. Here, when the fixed conversion by any one of the four table value conversion units is no conversion, this is equivalent to the case where three table value conversion units are used. The non-conversion means that the shift number is zero if the fixed conversion is a cyclic bit shift conversion, and that the constant is zero if the addition of different constants is performed. In short, even if the table values before being subjected to the fixed conversion are the same data, any table value conversion unit that performs conversion so as to obtain different data may be used.

In the first and second embodiments, four data values corresponding to four table values obtained by using four types of substitution table data storage units are converted into three or four table value conversion values. However, the present invention is not limited to such a number. (Embodiment 3) Embodiment 3 of the present invention is a cryptographic processing apparatus that updates input key data by performing conversion on real key data using a previous ciphertext block and does not update substitution table data. This is a cryptographic processing apparatus that realizes high-speed processing by reducing the generation frequency of substitution table data and that does not impair security by updating input key data.

FIG. 8 is a diagram showing a configuration of a cryptographic communication system according to the third embodiment of the present invention. 8 includes a transmitter 6 and a receiver 7. The transmitter 6 includes a data encryption device 60 and a transmission unit 61. The data encryption device 60 performs encryption processing on the plaintext data in 64-bit units using 64-bit × 10 sets of encryption key data to generate ciphertext data. Here, the plaintext data is, for example, digitally encoded audio or image information, and the encryption key data is secretly shared between the transmitter 6 and the receiver 7 in advance.

The transmitting section 61 transmits a transmission signal generated by parallel-to-serial conversion, modulation and amplification of the ciphertext data generated by the data encryption device 60, to the transmission line 8. Receiver 7
Includes a data decoding device 70 and a receiving unit 71. The receiving unit 71 receives the transmission signal transmitted from the transmitting unit 61 via the transmission line 8 and performs processing reverse to that of the transmitting unit 61 to restore the ciphertext data.

The data decoding device 70 is 64 bits × 1
Using 0 sets of encryption key data, encryption processing is performed on ciphertext data in 64-bit units to generate decryption data (= plaintext data). The decrypted text data generated here is, for example, digitally encoded voice or image information,
The data is decoded by a dedicated decoder (not shown) and reproduced by a speaker or a display.

FIG. 9 shows the data encryption device 60 shown in FIG.
FIG. 3 is a diagram showing a detailed configuration of the embodiment. Data encryption device 60
Includes a data encryption unit 601, a substitution table data generation unit 602, an input key generation unit 603, and a key control unit 604. The key control unit 604 divides the 640-bit encrypted key data into 10
[0] to K [9] are generated, and each time the data encryption unit 601 processes 1024 plaintext blocks, the real key data K [0] to K [9] are sequentially converted to the substitution table data generation unit 6.
02 and the input key generation unit 603. Of course, K
After [9], K [0] is output.

Only when the 64-bit real key data is input from the key control unit 604, the substitution table data generation unit 602 uses the 32K bits (32-bit table value) according to the substitution table data generation algorithm used for the Blowfish encryption method. (* 1024) substitution character table data is generated and output to the data encryption unit 601.

The input key generation unit 603 inputs and stores 64-bit real key data from the key control unit 604, and every time a ciphertext block is generated by the data encryption unit 601,
The data encryption unit 601 performs an exclusive OR operation on the ciphertext block and the stored 64-bit real key data, and performs an encryption process on the next plaintext block using the operation value as input key data. Output to When performing an exclusive OR operation, when performing encryption processing on the first plaintext block, since there is no previous ciphertext block, a 64-bit initial value IV (hereinafter referred to as “initial block IV”) is used. ) And the real key data are subjected to an exclusive OR operation, and the operation value is output to the data encryption unit 601 in order to perform encryption processing on the first plaintext block as input key data. Of course, it is assumed that the 64-bit initial block IV is stored in the input key generation unit 603 in advance.

In the case of performing an exclusive-OR operation, for example, when performing encryption processing on the next plaintext block after 32 ciphertext blocks have been generated, the ciphertext block is not targeted. An exclusive OR operation may be performed on the initial block IV and the real key data. That is, in this case, the target for performing an exclusive OR operation with the real key data is initialized every 32 times.

The data encryption unit 601 performs encryption processing on the plaintext data in 64-bit units using 64-bit input key data and 32K-bit substitution table data to generate ciphertext data. Only when 32K-bit substitution table data is input from the substitution table data generation unit 602, the input substitution table data is updated.

FIG. 10 shows the data decoding device 7 shown in FIG.
FIG. 3 is a diagram showing a detailed configuration of a 0. Data decryption device 70
Includes a data decryption unit 701, a substitution table data generation unit 702, an input key generation unit 703, and a key control unit 704. The key control unit 704 divides the 64-bit × 10 sets of encrypted key data into 10 sets of 64 bits each from the higher order to generate real key data K [0] to K [9]. The real key data K [0] to K [9] are sequentially output to the substitution table data generation unit 702 and the input key generation unit 703 for each processing of 1024 ciphertext blocks. Of course, after K [9], K [0] is output.

The substitution table data generation unit 702 generates 32K-bit substitution table data according to the substitution table data generation algorithm used for the Blowfish encryption method only when 64-bit real key data is input from the key control unit 704. And a data decryption unit 701
Output to The input key generation unit 703 receives and stores 64-bit real key data from the key control unit 704, and each time a plaintext block is generated by the data decryption unit 701, a ciphertext block corresponding to the plaintext block is generated. An exclusive OR operation is performed on the stored 64-bit real key data, and the operation value is output to the data decryption unit 701 in order to perform encryption processing on the next cipher text block as input key data. When performing an exclusive OR operation,
When performing encryption processing on the first ciphertext block, since there is no previous ciphertext block, an exclusive OR operation is performed on the initial block IV and the real key data, and the operation value is used as input key data. The first ciphertext block is output to the data decryption unit 701 in order to perform encryption processing. Of course,
The 64-bit initial block IV is stored in the input key generation unit 70 in advance.
3

In the case of performing an exclusive OR operation, for example, when the encryption processing is performed on the next ciphertext block after 32 plaintext blocks are generated, the ciphertext block corresponding to the plaintext block is used. , The exclusive OR operation may be performed on the initial block IV and the real key data. That is, in this case, the target for performing an exclusive OR operation with the real key data is initialized every 32 times.

The data decryption unit 701 updates the input substitution table data only when the 32K-bit substitution table data is input from the substitution table data generation unit 702, and outputs the 64-bit input key data and the 32-Kbit substitution character. Using the table data, ciphertext data is subjected to encryption processing in 64-bit units to generate plaintext data. FIG. 11 is a diagram showing a detailed configuration of the data encryption unit 601 shown in FIG.

The data encryption unit 601 includes the data disruption unit 6
011, stage number control unit 6012, partial key generation unit 6013
Is provided. The partial key generation unit 6013 uses the Blowfish
According to the partial key generation algorithm used in the encryption method, 256-bit bit data is generated from the 64-bit input key data, and the generated bit data is
It is divided into eight sets of bits and stored as partial keys SK0 to SK7.

The data disturbance section 6011 repeatedly performs data disturbance on the input 64-bit data using the 32 K-bit substitution table data and the 32-bit partial key data generated by the partial key generation section 6013. 64
Output bit data. The stage number control unit 6012 controls the number of times of data disturbance that the data disturbance unit 6011 repeatedly performs until a ciphertext block is generated from a plaintext block. The stage number control unit 7012 counts the number of data disturbances for each plaintext block. If the number of data disturbances is less than a predetermined number, the output of the data disturbance unit 6011 is input to the data disturbance unit 6011 to repeat data disturbance, and In the case of the specified number of times, it is output as a ciphertext block. Here, the number of times specified in advance is eight times.

Here, the partial key SK0 is used for the first data disturbance of the plaintext block, and thereafter, each time the data disturbance is repeatedly performed, the partial key SK1, SK2,... Of course, SK0 is used after SK7. FIG. 12 is a diagram showing a detailed configuration of the data decoding unit 701 shown in FIG. The data decryption unit 701 includes a data disturbance unit 7011, a stage number control unit 7012, and a partial key generation unit 7013.

The partial key generation unit 7013 is the same as the partial key generation unit 6013 in FIG. Data disturbance unit 7011
Are the same as those of the data disturbance unit 6011 in FIG. The stage number control unit 7012 controls the number of times of data disturbance that the data disturbance unit 7011 repeatedly performs until a plaintext block is generated from a ciphertext block. Stage number control unit 7012
Counts the number of data disturbances for each ciphertext block. If the number of data disturbances is less than a predetermined number, the output of the data disturbance unit 7011 is input to the data disturbance unit 7011 to repeat the data disturbance, and the data disturbance is repeated. In the case of the number of times, it is output as a plaintext block. Here, the number of times specified in advance is eight times.

Here, the partial key SK7 is used for the first data disturbance of the ciphertext block. Thereafter, each time the data disturbance is repeatedly performed, the partial key SK7 is used in the order of SK6, SK5,. Of course, SK7 is used after SK0. Further, the data disturbance unit 6011 shown in FIG.
6 is the same as the data disturbing unit 3011 shown in FIG. 6, and the configuration of the data disturbing unit 7011 shown in FIG. 12 is the same as that of the data disturbing unit 4011 shown in FIG.

FIG. FIG. 6 is a diagram showing a correspondence relationship among t, real key data, input key data, and substitution table data. Here, the block No. “t” is obtained by dividing input plaintext data into blocks of 64-bit units from the beginning and numbering them in order from 0. The real key data "-" in the figure indicates that there is no output from the key control unit 604. (+) Is an exclusive OR operation for each bit, IV is an initial block IV, and C
t is the block number. A ciphertext block obtained by subjecting a plaintext block of t to encryption processing. TG (K
[I]) is (i = 0, 1,..., 9) and the real key data K
Refers to the substitution table data generated from [i].

As shown in FIG. 13, the input key data is 32
For each block, K [i] (+) IV (i = 0, 1,...,
Reset to 9). Also, every 1024 blocks,
When the real key data is output from the key control unit 604, the substitution table data and the input key data are updated. Here, an example of the operation of the entire cryptographic communication system will be described.

In the transmitter 6 shown in FIG. 8, the input plaintext data is subjected to encryption processing in 64-bit units from the head using the encryption key data stored in advance. Hereinafter, the plaintext data is divided into 64-bit units from the beginning, and described as a plaintext block Pt (t = 0, 1,...) In order. (1) First, the encryption processing of the plaintext block P0 will be described.

The key control unit 604 shown in FIG. 9 outputs the real key data K [0] generated from the encrypted key data for use in the encryption processing of the plaintext block P0. FIG.
The substitution table data TG generated from the real key data K [0] in the substitution table data generation unit 602 shown in FIG.
(K [0]) is output. Input key generation unit 6 shown in FIG.
03, the real key data K [0] and the initial block IV
And an exclusive OR operation is performed on the input key data K
[0] (+) IV is output.

In the data encryption section 601 shown in FIG. 9, the plaintext block P0 is subjected to an encryption process by using the substitution table data TG (K [0]) and the input key data K [0] (+) IV to perform encryption. Generate statement block C0. (2) Subsequently, the encryption processing of the plaintext block P1 will be described. In the encryption processing of the plaintext block P1, no new real key data is output from the key control unit 604, and the substitution table data generation unit 602 does not generate new substitution table data.

In the input key generation unit 603, an exclusive OR operation is performed on the real key data K [0] and the immediately preceding ciphertext block C0, and the input key data K [0] (+) C
0 is output. In data encryption section 601, substitution table data TG (K [0]) and input key data K
Using [0] (+) C0, the plaintext block P1 is subjected to encryption processing to generate a ciphertext block C1.

(3) The encryption processing of the plaintext blocks P2 to P31 is the same as that of the plaintext block P1. (4) Next, the encryption process of the plaintext block P32 will be described. Also in the encryption processing of the plaintext block P32, new real key data is not output from the key control unit 604, and the substitution table data generation unit 602 does not generate new substitution table data.

In input key generation section 603, exclusive OR operation is performed on real key data K [0] and initial block IV, and input key data K [0] (+) IV is output. In data encryption section 601, substitution table data TG (K [0]) and input key data K [0] (+)
Using the IV, the plaintext block P32 is subjected to cryptographic processing to generate a ciphertext block C32.

(5) The encryption processing of the plaintext blocks P33 to P63 is the same as that of the plaintext block P1. (6) Hereinafter, up to the plaintext block P1023, the same encryption processing as that of the plaintext blocks P32 to P63 is repeated. (7) Next, the encryption processing of the plaintext block P1024 will be described.

At the key control unit 604, the plaintext block P
The real key data K [1] generated from the encrypted key data is output for use in the 1024 encryption process. In the substitution table data generation unit 602, the real key data K [1]
The substitution table data TG (K [1]) generated from is output. The input key generation unit 603 performs an exclusive OR operation on the real key data K [1] and the initial block IV, and outputs input key data K [1] (+) IV.

In data encryption section 601, substitution table data TG (K [1]) and input key data K [1]
Using the (+) IV, the plaintext block P1024 is subjected to encryption processing to generate a ciphertext block C1024. (8) Next, the encryption process of the plaintext block P1025 will be described. In the encryption processing of the plaintext block P1025, new real key data is not output from the key control unit 604, and the substitution table data generation unit 602 does not generate new substitution table data.

In the input key generation unit 603, an exclusive OR operation is performed on the real key data K [1] and the immediately preceding ciphertext block C1024, and the input key data K [1] is obtained.
(+) C1024 is output. Data encryption unit 601
, Using the substitution table data TG (K [1]) and the input key data K [1] (+) C1024, the plaintext block P1025 is subjected to encryption processing, and
1025 is generated.

(9) Thereafter, the same encryption processing as that of the plaintext blocks P0 to P1023 is repeated until the last block. (10) The encryption process of the ciphertext block is the inverse conversion of the above (1) to (9), and the target of performing an exclusive OR operation with the real key data is the ciphertext generated by the data encryption unit 601 The only difference is that the block is not the block but the previous ciphertext block input to the data decryption unit 701.

Hereinafter, a more specific description will be given using mathematical expressions. In addition, each symbol used in the following description of the encryption process is suffixed with the initial letter “e” of encryption, and each symbol used in the description of the decryption process is , Decryption (descrypt
) is added as a subscript.

The key control unit 604 sends the plaintext block Pe (1
024 × k) (k = 0, 1,...)
It outputs the real key data Ke [k mod 10], and does not output the real key data at the time of encryption processing other than the plaintext block Pe (1024 × k). Substitution table data generator 60
2 is the real key data Ke [k input from the key control unit 604 during the encryption processing of the plaintext block Pe (1024 × k).
[Mod. 10], and generates and outputs substitution table data. In the case of encryption processing other than the plaintext block Pe (1024 × k), the substitution table data is not output.

The input key generation unit 603 generates a plaintext block Pe.
In the encryption processing of (32 × j) (j = 0, 1,...),
Initial block IVe and real key data Ke [(((32 ×
j)-((32 x j) mod 1024)) / 1024)
mod 10] to generate and output input key data. Plain text block Pe (3
In the encryption processing of the plaintext block Pet other than 2 × j), the ciphertext block Ce (t−1) and the real key data Ke
[((T- (tmod1024)) / 1024) mod
10] to generate and output input key data. Therefore, t = (32 × j)
When (j = 0, 1,...), The input key data IKet used in the encryption processing of the plaintext block Pet is as follows: input key data IKet = Ke [((t− (tmod1024)) / 1024) mod 10] ( +) IVe− (Equation 21) When t = (32 × j) (j = 0, 1,...), The input key data IKet used in the encryption processing of the plaintext block Pet is input key data IKet = Ke [((T− (tmod1024)) / 1024) mod 10] (+) Ce (t−1) − (formula 22)

I = ((t− (tmod1024)) / 1
024) Assuming mod 10, the substitution table data T
Ge (Ke [i]), the plaintext block Pet (t
= 0, 1,...) Can be expressed by a ciphertext block Cet = Enc (Pet, TGe (Ke [i]), IKet) − (Equation 23). . Here, Enc represents the processing content inside the data encryption unit 601.

Therefore, the data encryption unit 601 converts the input key data IKet and the substitution table data TGe (Ke
Using [i]), a plaintext block Pe in 64-bit units
t is subjected to an encryption process and a ciphertext block Cet = Enc
(Pet, TGe (Ke [i]), IKet) are generated. The key control unit 704 sends the ciphertext block Cd (1024
.Times.k) (k = 0, 1,...), The real key data Kd [k mod 10] is output, and the ciphertext block C
During encryption processing other than d (1024 × k), no real key data is output.

The substitution table data generation section 702 performs the real key data Kd [k mod input from the key control section 704 during the encryption processing of the ciphertext block Cd (1024 × k).
10], and generates and outputs substitution table data.
At the time of encryption processing other than the ciphertext block Cd (1024 × k), the substitution table data is not output. The input key generation unit 703 calculates the ciphertext block Cd (32 × j) (j =
During the encryption processing of 0, 1,..., The initial block IVd and the real key data Kd [(((32 × j) − ((32 × j) m
od1024)) / 1024) mod 10] to generate and output input key data. When performing cryptographic processing on ciphertext blocks Cdt other than the ciphertext block Cd (32 × j), the ciphertext block C
d (t-1) and real key data Kd [((t- (tmod1
024)) / 1024) mod 10] to generate and output input key data. Therefore, when t = (32 × j) (j = 0, 1,...), The input key data IKdt used in the encryption processing of the ciphertext block Cdt is input key data IKdt = Kd [((t− ( tmod1024)) / 1024) mod 10] (+) IVd− (Equation 24) When t = (32 × j) (j = 0, 1,...), an input used in the encryption processing of the ciphertext block Cdt. The key data IKdt is as follows: input key data IKdt = Kd [((t− (tmod1024)) / 1024) mod 10] (+) Cd (t−1) − (Equation 25)

The aforementioned i = ((t− (tmod102)
4)) / 1024) Since the substitution table data TGd (Kd [i]) is used when mod 10 is used, a 64-bit decrypted text obtained by performing cryptographic processing on the encrypted text block Cdt (t = 0, 1,...) The block Ddt can be represented by a decrypted text block Ddt = Dec (Cdt, TGd (Kd [i]), IKdt) − (Equation 26). Here, Dec represents the processing content inside the data decoding unit 701.

Therefore, data decryption section 701 receives input key data IKdt and substitution table data TGd (Kd
Using [i]), ciphertext block C in 64-bit units
dt is subjected to encryption processing and a decrypted text block Ddt = Dec
(Cdt, TGd (Kd [i]), IKdt) are generated. Here, a certain plaintext block sequence Pe0, Pe1,.
In contrast, the ciphertext block string encrypted by the data encryption device 60 using the arbitrary real key data and the initial block is the same as that used by the data encryption device 60 in the data decryption device 70. The decrypted text block sequences Dd0, Dd1,... Decrypted using the key data and the initial block indicate that they are equal to the original plaintext block sequence. However, the substitution table data generation unit 602 and the substitution table data generation unit 702
Have exactly the same function. Therefore, the substitution table data generated by the substitution table data generation unit 602 according to certain real key data is, of course, the same as the substitution table data generated by the substitution table data generation unit 702 according to the same real key data.

(1) Since the same real key data is used in the data encryption device 60 and the data decryption device 70, the real key data Ke = the real key data Kd. These are hereinafter referred to as real key data Ks. (2) Since the same initial block is used in the data encryption device 60 and the data decryption device 70, the initial block IVe is equal to the initial block IVd.

(3) Since the ciphertext block string encrypted by the data encryption device 60 is decrypted by the data decryption device 70, the ciphertext block Cet = the ciphertext block Cdt. . (4) From the above (1), (2) and (Equation 21), t =
When (32 × j) (j = 0, 1,...), Input key data IKet used for encryption processing of the plaintext block Pet
Is input key data IKet = Ks [((t− (tmod1024)) / 1024) mod 10] (+) IVs− (expression 27) (5) From the above (1), (2) and (expression 24), t =
When (32 × j) (j = 0, 1,...), The input key data IKd used in the encryption processing of the ciphertext block Cst
t is input key data IKdt = Ks [((t− (tmod1024)) / 1024) mod 10] (+) IVs− (expression 28) (6) The right side of (expression 27) and the right side of (expression 28) Therefore, when t = (32 × j) (j = 0, 1,...), Input key data IKet = input key data IKdt holds.

(7) The above (1), (3) and (Equation 22)
Therefore, at times other than t = (32 × j) (j = 0, 1,...), The input key data IKet used in the encryption processing of the plaintext block Pet is input key data IKet = Ks [((t− ( tmod1024)) / 1024) mod 10] (+) Cs (t-1)-(Formula 29) (8) From the above (1), (3) and (Formula 25), t =
(32 × j) (j = 0, 1,...), The input key data I used for the encryption processing of the ciphertext block Cdt
Kdt is input key data IKdt = Ks [((t− (tmod1024)) / 1024) mod 10] (+) Cs (t−1) − (Equation 30) (9) (Expression 29) and (Expression 29) Since the right side of (30) is equal, when t = (32 × j) (j = 0, 1,...), Input key data IKet = input key data IKdt holds.

(10) From the above (6) and (9), t =
Also when (32 × j) (j = 0, 1,...), T = (3
2 × j) (j = 0, 1,...), Input key data IKet = input key data IKdt holds.

Hereinafter, these are referred to as input key data IKst. (11) Since the substitution table data generation unit 602 and the substitution table data generation unit 702 have exactly the same function, the substitution table data TGe (Ks [i]) = substitution table data TGd (Ks [i]). To the substitution table data TGs (Ks
[I]).

(12) The above (10), (11), and (2)
According to 3), the 64-bit ciphertext block Cst obtained by performing the encryption process on the plaintext block Pet (t = 0, 1,...) Is as follows: ciphertext block Cst = Enc (Pet, TGs (Ks [i]), IKst)-(Equation 31) (13) From the above (10), (11), and (Equation 26), a 64-bit decryption obtained by performing encryption processing on the ciphertext block Cst (t = 0, 1,...) The sentence block Ddt is obtained by substituting (Equation 31) into Cst of (14) (Equation 32), and (Equation 31). Block Ddt = Dec (Enc (Pet, TGs (Ks [i]), IKst), TGs (Ks [i]), IKst)-(Equation 33) (15) Here, the data described in the first embodiment Disturber 101 By the same principle as the encrypted plaintext data is decrypted by the data disturbance unit 201, the data encryption unit 601, 32K plaintext block α
The block resulting from the encryption according to the bit substitution table data β and the 64-bit input key data γ is decrypted by the data decryption unit 701 using the same substitution table data β and the input key data γ as those used in the encryption. Is equal to the original plaintext block α, that is, Dec (Enc (α, β, γ), β, γ) = α− (Equation 34) According to (16), (Equation 33) and (Equation 33) From Expression 34), the decrypted text block Ddt = plaintext block Pet− (Expression 35) holds.

Here, the security of the data encryption device 60 will be described. This security greatly depends on the security of the data encryption unit 601. In the case of the present embodiment, assuming that real key data is CKt, input key data IKt input to data encryption section 601 is input key data IKt = CKt (+) IV (when t = k × 32). Key data IKt = CKt (+) C (t−1) (when t ≠ k × 32). − (Equation 36) Here, k = 0, 1,...

In (Equation 36), C (t-1) is a ciphertext block, which is known to the cryptanalyst. However, since the initial value IV and the real key data CKt output from the key control unit 604 are unknown values to the decryption person, the values of the input key data IKt are also unknown to the decryption person.
Therefore, even if the cryptanalyst simulates the data encryption unit 601 on the computer by the known plaintext attack, the cryptanalyst cannot find the encryption key data.

In this embodiment, since the input key data is updated every time the plaintext block Pt is encrypted, the security is improved as compared with the case where all the input key data are the same. Further, in the present embodiment, 1
Each time 024 plaintext blocks are encrypted, the substitution table data input to the data encryption unit is updated.
The security is improved compared to the case where all the substitution table data is the same.

In the present embodiment, the generation of the 32K-bit substitution table data is performed by encrypting or decrypting the data.
It is performed only once every four times, and it takes much longer to generate substitution table data than to generate a 256-bit partial key inside the data encryption unit 601 and data decryption unit 701. Therefore, the security is enhanced without impairing the high-speed encryption as in Conventional Example 3.

In the present embodiment, the input key generators 603 and 703 perform exclusive OR operation on two 64-bit operation targets for each bit. The same effect can be obtained by using. In the present embodiment, the key control unit 60
The real key data generated from 4,704 is 64 bits, but does not necessarily have to be 64 bits. In the case where the real key data is 64 bits or less, for example, 40 bits, a data fusion unit that makes the output data 64 bits may be used for the input key generation units 603 and 703.

In this embodiment, the ciphertext data generated by the immediately preceding encryption is input to the input key generation unit 603, but it is obtained in the previous encryption process. Any 64 bit value is acceptable. Further, this value does not necessarily have to be 64 bits, and when the value is 64 bits or less, for example, 40 bits, the output data is 64 bits.
The data fusion means which becomes a bit
03, 703.

Further, in the present embodiment, the data encryption unit 601 uses the Blowfish encryption method, but any block encryption method that generates substitution table data based on key data may be used. Further, in the present embodiment, the encryption key data composed of 10 sets of 64-bit real key data is stored in the apparatus, but one 64-bit real key data used for the encryption processing of the first block is stored in the apparatus. Only the other key data is stored, and the other real key data is encrypted together with the plaintext data and transmitted from the transmission side. Alternatively, the encrypted key data is distributed using a public key encryption method such as Diffie-Hellman method. May be shared.

In each of the above embodiments, plaintext data is input and encrypted by the data encryption device, and ciphertext data is decrypted by the data decryption device. Since the decryption in the data decryption device is inversely related to the decryption, the data decryption device can function as both an encryption device and a decryption device. Therefore, in each of the above embodiments, each of the data decryption devices may input and encrypt plaintext data, and each of the data encryption devices may decrypt the ciphertext data.

In each embodiment, hardware such as LogicIC has been described. However, hardware may be realized by software. Furthermore, the software may be produced, used, transferred, loaned, imported, or offered to be transferred or loaned in a form stored in a computer-readable storage medium such as a CD-ROM, as in the case of the device. Subject to.

[0165]

The cryptographic processing device according to the present invention is a cryptographic processing device that performs cryptographic processing on input data using substitution data to generate output data, wherein N and M are integers of 2 or more. Storage means for storing (2 ＾ N) pieces of substitution data of predetermined bits;
A dividing means for equally dividing the data into N pieces of N-bit divided data, and M divided data generated by the dividing means or input synthesized data generated by subjecting the divided data to synthesis processing as input data Substitution means for identifying and outputting one of the predetermined bits of substitution data from (2 ＾ N) pieces of substitution data stored by the storage means for each input of N bits, and a plurality of substitution data output from the substitution means. Fixed conversion means for generating M pieces of the conversion data of the predetermined bits by performing different fixed conversions, and (N × M) -bit output data based on the M pieces of conversion data generated by the fixed conversion means. Output data generating means.

As a result, high security can be obtained with a small number of substitution table data. Therefore, a data encryption device that can be easily implemented in both hardware and software can be realized. Also, each fixed conversion in the fixed conversion means is a rotation process, and each fixed conversion has a different number of bits to be rotated.

As a result, different fixed conversions are performed in each fixed conversion only by changing the number of rotation bits of each fixed conversion to each other. Further, the cryptographic processing apparatus further includes: a key obtaining unit that obtains key data; and a number determining unit that determines the number of rotations of each fixed conversion in the fixed conversion unit based on the key data obtained by the key obtaining unit. May be provided.

As a result, the number of rotations can be determined based on the key data. Therefore, higher security can be obtained. Also, the predetermined bits of the substitution data stored by the storage unit are (N × M) bits, and the substitution unit stores the substitution data based on each of the M divided data generated by the division unit (2).
One of each of the (N) substitution data is specified, and each (N)
X M) bits of the substitution data are output, and the fixed conversion means performs different fixed conversions on the M substitution data output by the substitution means, thereby converting the (N x M) bits of the conversion data into M pieces. The output data generation means generates (N × M) bits of output data by subjecting all of the M pieces of conversion data generated by the fixed conversion means to a synthesis process. Can also.

As a result, the substitution table data can be reduced to 1 / M of the conventional one without impairing the security. Therefore, a data encryption device that can be easily implemented in both hardware and software can be realized. Further, each of the processes constituting the synthesizing process in the output data generating means may perform any one of an arithmetic sum and an exclusive OR for each bit.

As a result, the combining process is performed by performing any one of the arithmetic sum and the exclusive OR for each bit. Therefore, the processing is simple and the processing speed does not matter. Also, the predetermined bits of the substitution data stored by the storage unit are N bits, and the substitution unit performs N-bit input by performing a total synthesis process on all of the M divided data generated by the division unit. The storage means includes input combining means for generating combined data, specifies one out of (2 ＾ N) pieces of replacement data stored by the storage means based on the N-bit input combined data, and outputs N-bit replacement data; The conversion unit generates M conversion data of N bits by individually performing M different fixed conversions on the substitution data output by the substitution unit, and the output data generation unit outputs the M conversion data generated by the division unit. The individual combined processing is performed on one of the divided data and one of the M pieces of converted data generated by the fixed converting means, so that the N-bit output combined data is obtained. Output combining means for generating a plurality of output combined data, and connecting means for generating (N × M) -bit output data by subjecting each of the N output combined data generated by the output combining means to connection processing. Can also be characterized.

As a result, the substitution table data can be reduced to 1 / M / M of the prior art without impairing the security. Therefore, a data encryption device that can be easily implemented in both hardware and software can be realized. Further, each of the processes constituting the overall combining process in the input combining means may perform any one of an arithmetic sum and an exclusive OR for each bit.

As a result, the whole synthesis processing is performed by performing any one of the arithmetic sum and the exclusive OR for each bit. Therefore, the processing is simple and the processing speed does not matter. In addition, each processing constituting the overall synthesis processing in the input synthesis means performs a different fixed conversion on each of the M pieces of divided data generated by the division means, and then performs each of the arithmetic sum and the exclusive OR for each bit. Or any of the following.

As a result, the whole synthesis processing is performed by performing any one of the arithmetic sum and the exclusive OR for each bit after performing different fixed conversions. Therefore,
The processing is simple, the processing speed does not matter, and high security can be obtained by performing the fixed conversion. Each of the individual synthesizing processes in the output synthesizing means may perform one of an arithmetic sum and an exclusive OR for each bit.

Thus, the individual combining process is performed by performing any one of the arithmetic sum and the exclusive OR for each bit. Therefore, the processing is simple and the processing speed does not matter. A cryptographic processing apparatus according to the present invention is a cryptographic processing apparatus that generates substitution table data, performs encryption processing on input data using the substitution table data to generate output data, and includes a key data holding unit that holds key data; Substitution table data holding means for holding table data, blocking means for dividing input data into blocks each having a predetermined number of bits, and sequentially outputting the input data as input blocks. When performing encryption processing on an input block, a substitution table data creating unit that creates substitution table data and updates the substitution table data held in the substitution table data holding unit to the created substitution table data; When performing encryption processing on the next input block after performing the processing, the key data stored in the key data storage Key data conversion means for performing bit conversion by using the output block generated by the encryption processing means when the encryption processing is performed on the previous input block and converting the key data; A cryptographic processing unit for performing an encryption process on the input block sequentially output by the blocking unit using the table data and the key data, thereby sequentially generating an output block.

A cryptographic processing apparatus for generating substitution table data, performing encryption processing on input data using the substitution table data, and generating output data, comprising: key data retaining means for retaining key data; A substitution table data holding unit, a block unit for dividing input data into blocks of a predetermined number of bits, and sequentially outputting the divided blocks as an input block; Substitution table data creating means for creating substitution table data when performing encryption processing and updating the substitution table data held in the substitution table data holding means to the created substitution table data, and performing encryption processing on the previous input block When performing encryption processing on the next input block later, the key data held in the key data holding Key data conversion means for performing bit conversion using the input block to convert the key data; and an input block sequentially output by the blocking means using the substitution table data and the key data held in the substitution table data holding means. Encryption processing means for sequentially generating output blocks by performing encryption processing.

A cryptographic processing apparatus for generating substitution table data and performing encryption processing on input data using the substitution table data to generate output data, comprising key data holding means for holding key data, and key data holding means for holding the substitution table data A substitution table data holding unit, a block unit for dividing input data into blocks of a predetermined number of bits, and sequentially outputting the divided blocks as an input block; A substitution table data creating unit that creates substitution table data when performing encryption processing and updates the substitution table data held in the substitution table data holding unit with the created substitution table data, and performs encryption processing on one input block. When the next input block is subjected to the encryption processing later, the key data held in the key data holding means is Key data conversion means for performing bit conversion by using an intermediate block generated by the encryption processing means while performing encryption processing on the input block to convert key data; substitution table data held in the substitution table data holding means; And performing encryption processing on the input blocks sequentially output by the blocking means using the data and an encryption processing means for generating an intermediate block obtained in the course of the encryption processing and an output block obtained as a result of the encryption processing. It may be provided.

As a result, the substitution table data generated from the key data is not generated each time one block is processed, but the key data is converted each time one block is processed. Therefore, a data encryption device with high security can be realized without impairing the high-speed operation.

Further, the cryptographic processing device further obtains key data when performing cryptographic processing on the predetermined number of input blocks and then performs cryptographic processing on the next input block, and stores the key data in the key data storing means. Key data obtaining means for updating the obtained key data, wherein the substitution table data generating means generates the substitution table data based on the key data obtained by the key data obtaining means.

Thus, every time a predetermined number of input blocks are subjected to encryption processing, substitution table data can be created based on updated key data. Further, the key data obtaining means further obtains key data when performing encryption processing on the first input block in the input data and holds the key data in the key data holding means, and the substitution table data creating means further comprises: When encryption processing is performed on the first input block in the input data, it is possible to create substitution table data based on the key data obtained by the key data obtaining unit and store the substitution table data in the substitution table data holding unit. .

In this way, when performing encryption processing on the first input block, substitution table data can be created based on the updated key data. Further, the key data conversion means holds the initial block of the predetermined number of bits in advance and performs encryption processing on the first input block in the input data, and performs encryption processing on a fixed number of input blocks smaller than the predetermined number. When performing encryption processing on the next input block after performing the above, the key data held in the key data holding means is subjected to bit conversion using the initial block to convert the key data, and the encryption processing means holds the substitution table data. The input block sequentially output by the blocking unit is subjected to encryption processing using the substitution table data held by the unit and the key data converted by the key data conversion unit, thereby sequentially generating an output block. You can also.

Thus, the key data can be converted by performing bit conversion using the initial block when the encryption processing is performed on the first input block and every time when the encryption processing is performed on a fixed number of input blocks. Therefore, when garbled bits or the like occur, the effect can be suppressed to a range of a fixed number of input blocks.

Further, the bit conversion in the key data conversion means may be a process of performing either an arithmetic sum or an exclusive OR for each bit. As a result, the bit conversion in the key data conversion unit is performed by performing any one of the arithmetic sum and the exclusive OR for each bit. Therefore, the processing is simple and the processing speed does not matter.

[Brief description of the drawings]

FIG. 1 is a diagram showing a configuration of a cryptographic communication system according to a first embodiment of the present invention.

FIG. 2 is a diagram showing a detailed configuration of the data encryption device 10;

FIG. 3 is a diagram showing a detailed configuration of a data decoding device 20.

FIG. 4 is a diagram showing a detailed configuration of a data disturbance unit 101.

FIG. 5 is a diagram showing a detailed configuration of a data disturbance unit 201.

FIG. 6 is a diagram showing a detailed configuration of a data conversion unit 300.

FIG. 7 is a diagram showing a detailed configuration of a data conversion unit 500.

FIG. 8 is a diagram showing a configuration of a cryptographic communication system according to Embodiment 3 of the present invention.

FIG. 9 is a diagram showing a detailed configuration of a data encryption device 60.

FIG. 10 is a diagram showing a detailed configuration of a data decoding device 70.

FIG. 11 is a diagram showing a detailed configuration of a data encryption unit 601.

FIG. 12 is a diagram illustrating a detailed configuration of a data decoding unit 701.

FIG. FIG. 6 is a diagram showing a correspondence relationship among t, real key data, input key data, and substitution table data.

FIG. 14 is a diagram showing a configuration of a data encryption device using the Blowfish encryption method.

FIG. 15 is a diagram showing a configuration of a data decryption device using the Blowfish encryption method.

FIG. 16 is a diagram showing a detailed configuration of a data disturbance unit 3011 using the Blowfish encryption method.

FIG. 17 is a diagram illustrating a detailed configuration of a data disturbance unit 4011 using the Blowfish encryption method.

FIG. 18 is a diagram illustrating a detailed configuration of a data conversion unit 3113.

[Description of Signs] 1 transmitter 2 receiver 3 transmission path 6 transmitter 7 receiver 8 transmission path 10 data encryption device 11 transmission unit 20 data decryption device 21 reception unit 60 data encryption device 61 transmission unit 70 data decryption Device 71 receiving unit 101 data disturbing unit 102 stage number controlling unit 103 key controlling unit 201 data disturbing unit 202 stage number controlling unit 203 key controlling unit 300 data converting unit 301 data converting unit 301 500 data converting unit 501 data converting unit 601 data encryption Unit 602 Substitution table data generation unit 603 Input key generation unit 604 Key control unit 701 Data decryption unit 702 Substitution table data generation unit 703 Input key generation unit 704 Key control unit 1011 First exclusive OR unit 1012 Second exclusive logic Sum part 2011 first exclusive OR part 2012 second exclusive theory Sum unit 3001 Substitution table data storage unit 3002 First table value conversion unit 3003 Second table value conversion unit 3004 Third table value conversion unit 3005 First addition unit 3006 Second addition unit 3007 Exclusive OR unit 5001 Substitution table data storage Section 5002 first input conversion section 5003 second input conversion section 5004 third input conversion section 5005 fourth input conversion section 5006 first exclusive OR section 5007 second exclusive OR section 5008 third exclusive OR section 5009 First table value converter 5010 Second table value converter 5011 Third table value converter 5012 Fourth table value converter 5012 First adder 5013 Second adder 5014 Third adder 5015 Fourth adder 6011 Data disturbance Unit 6012 stage number control unit 6013 partial key generation unit 7011 Data disturbance 7012 the number of stages control unit 7013 partial key generation unit

Claims (36)

[Claims] 1. An encryption processing apparatus for performing encryption processing on input data using substitution data and generating output data, wherein N and M are integers of 2 or more, and the substitution data of a predetermined bit is represented by ( 2 ＾ N) storage means, and (N × M) -bit input data are equally divided into M pieces, and each N
A dividing means for generating M bit divided data; and M divided data generated by the dividing means or input synthesized data generated by performing a synthesizing process on the divided data. The substitution means for specifying and outputting one of the predetermined bits of substitution data from the (2 @ N) pieces of substitution data stored by the storage means, and the substitution data output by the substitution means are input, and a plurality of different substitution data are input. By performing the fixed conversion, fixed conversion means for generating M pieces of the conversion data of the predetermined bit, and based on the M pieces of conversion data generated by the fixed conversion means,
An output data generating means for generating (N × M) -bit output data. 2. The cryptographic processing apparatus according to claim 1, wherein each fixed conversion in said fixed conversion means is a rotation process, and each fixed conversion has a different number of bits to be rotated. 3. The cryptographic processing device further determines a key obtaining unit for obtaining key data, and a number of rotations of each fixed conversion in the fixed conversion unit based on the key data obtained by the key obtaining unit. The cryptographic processing device according to claim 2, further comprising a number-of-times determining means. 4. A method according to claim 1, wherein the predetermined bits of the substitution data stored by the storage unit are (N × M) bits, and the substitution unit stores the substitution data based on each of the M divided data generated by the division unit. Means to keep (2 ＾
One of each of the (N) substitution data is specified, and each (N)
× M) output M replacement data of bits, and the fixed conversion unit performs different fixed conversion on the M replacement data output by the replacement unit,
M pieces of (N × M) -bit conversion data are generated, and the output data generation means generates the M conversion data generated by the fixed conversion means.
The cryptographic processing apparatus according to any one of claims 1 to 3, wherein a synthesis process is performed on all of the converted data to generate (N x M) -bit output data. 5. The processing according to claim 4, wherein each of the processes constituting the combining process in the output data generating means performs one of an arithmetic sum and an exclusive OR for each bit. The cryptographic processing device according to the above. 6. A predetermined bit of substitution data stored by the storage unit is N bits, and the substitution unit performs a total synthesis process on all of the M divided data generated by the division unit. By
An input synthesizing unit for generating N-bit input synthesized data is included, and one of the (2 ＾ N) substitution data stored by the storage unit is specified based on the N-bit input synthesized data,
By outputting N-bit substitution data, the fixed conversion unit individually performs M different fixed conversions on the substitution data output by the substitution unit,
The output data generation unit generates M pieces of N-bit conversion data, and one of the M pieces of conversion data generated by the division unit and the M pieces of conversion data generated by the fixed conversion unit. An output combining means for generating M pieces of N-bit output combined data by subjecting each of the two to individual combining processing; and M output combined data of N bits each generated by the output combining means. 4. A cryptographic processing apparatus according to claim 1, further comprising: a concatenating unit that generates (N × M) bits of output data by performing concatenating processing. 7. The processing according to claim 6, wherein each processing constituting the overall synthesis processing in said input synthesizing means performs one of an arithmetic sum and an exclusive OR for each bit. The cryptographic processing device according to the above. 8. The respective processings constituting the overall synthesis processing in the input synthesis means are respectively performed by applying different fixed conversions to the M pieces of divided data generated by the division means, and then performing an arithmetic sum and a bit operation. 7. The cryptographic processing apparatus according to claim 6, wherein any one of exclusive OR is performed. 9. The cryptographic processing apparatus according to claim 6, wherein each of the individual synthesizing processes in the output synthesizing means performs one of an arithmetic sum and an exclusive OR for each bit. 10. A cryptographic processing apparatus for generating substitution table data, performing encryption processing on input data using the substitution table data, and generating output data, comprising: key data retaining means for retaining key data; A substitution table data holding means for holding the input data, and dividing the input data into blocks of a predetermined number of bits,
Blocking means for sequentially outputting as input blocks, and when performing encryption processing on a predetermined number of input blocks and then performing encryption processing on the next input block, creates substitution table data and retains the substitution table data in the substitution table data retaining means Substitution table data creating means for updating the converted substitution table data to the created substitution table data; and key data holding means for performing encryption processing on the previous input block and then performing encryption processing on the next input block. Key data conversion means for performing bit conversion using the output block generated by the encryption processing means when the encryption processing is performed on the previous input block to the key data held in the key data, and converting the key data; Using the substitution table data held in the holding means and the key data, the input data is sequentially output to the input block by the blocking means. No. processed by the performing encryption processing apparatus characterized by comprising a cryptographic processing means for sequentially generating output block. 11. The cryptographic processing apparatus further comprising: when performing cryptographic processing on the predetermined number of input blocks and then performing cryptographic processing on the next input block, obtains key data and sends the key data to the key data holding unit. A key data obtaining unit for updating the held key data, wherein the substitution table data generating unit generates the substitution table data based on the key data obtained by the key data obtaining unit. The cryptographic processing device according to claim 10. 12. The key data obtaining means further obtains key data and holds the key data in a key data holding means when performing encryption processing on the first input block in the input data; Further, when performing encryption processing on the first input block in the input data, it is necessary to create substitution table data based on the key data obtained by the key data obtaining unit and to store the substitution table data in the substitution table data holding unit. The cryptographic processing device according to claim 11, wherein: 13. The key data conversion means holds an initial block of the predetermined number of bits in advance, performs encryption processing on the first input block in input data, and sets a predetermined number of bits smaller than the predetermined number. When performing encryption processing on the next input block after performing encryption processing on the input block, the key data held in the key data holding means is subjected to bit conversion using the initial block to convert the key data. The encryption processing means performs encryption processing on the input blocks sequentially output by the blocking means, using the substitution table data held in the substitution table data holding means and the key data converted by the key data conversion means. 13. The cryptographic processing apparatus according to claim 12, wherein the output blocks are sequentially generated. 14. The encryption processing device according to claim 13, wherein the bit conversion in the key data conversion means is a process of performing an arithmetic sum or an exclusive OR for each bit. 15. A cryptographic processing apparatus for generating substitution table data, performing encryption processing on input data using the substitution table data, and generating output data, comprising: key data retaining means for retaining key data; A substitution table data holding means for holding the input data, and dividing the input data into blocks of a predetermined number of bits,
Blocking means for sequentially outputting as input blocks, and when performing encryption processing on a predetermined number of input blocks and then performing encryption processing on the next input block, creates substitution table data and retains the substitution table data in the substitution table data retaining means Substitution table data creating means for updating the converted substitution table data to the created substitution table data; and key data holding means for performing encryption processing on the previous input block and then performing encryption processing on the next input block. Key data conversion means for performing bit conversion using the previous input block on the key data held in the key data conversion means, and converting the key data; substitution table data stored in the substitution table data storage means; and the key data. By performing encryption processing on the input blocks sequentially output by the blocking means using the Cryptographic processing apparatus, characterized in that it comprises a processing means. 16. The cryptographic processing apparatus according to claim 1, further comprising: when performing encryption processing on the predetermined number of input blocks and then performing encryption processing on the next input block, obtains key data and sends the key data to the key data holding unit. A key data obtaining unit for updating the held key data, wherein the substitution table data generating unit generates the substitution table data based on the key data obtained by the key data obtaining unit. 16. The encryption processing device according to 15. 17. The key data obtaining means further obtains key data and holds it in a key data holding means when performing encryption processing on a first input block in the input data; Further, in the case where the first input block in the input data is subjected to encryption processing, it is necessary to create substitution table data based on the key data obtained by the key data obtaining unit and to store the substitution table data in the substitution table data holding unit. The cryptographic processing device according to claim 16, wherein: 18. The key data conversion means holds an initial block of the predetermined number of bits in advance, performs encryption processing on the first input block in input data, and sets a predetermined number of bits smaller than the predetermined number. When performing encryption processing on the next input block after performing encryption processing on the input block, the key data held in the key data holding means is subjected to bit conversion using the initial block to convert the key data. The encryption processing means performs encryption processing on the input blocks sequentially output by the blocking means, using the substitution table data held in the substitution table data holding means and the key data converted by the key data conversion means. 18. The cryptographic processing apparatus according to claim 17, wherein output blocks are sequentially generated. 19. The bit conversion in the key data conversion means is a process of performing any one of an arithmetic sum, an exclusive OR for each bit, and a combination of the arithmetic sum and the exclusive OR for each bit. 19. The cryptographic processing device according to claim 18, wherein: 20. A cryptographic processing apparatus for generating substitution table data, performing encryption processing on input data using the substitution table data, and generating output data, comprising: key data holding means for holding key data; A substitution table data holding means for holding the input data, and dividing the input data into blocks of a predetermined number of bits,
Blocking means for sequentially outputting as input blocks, and when performing encryption processing on a predetermined number of input blocks and then performing encryption processing on the next input block, creates substitution table data and retains the substitution table data in the substitution table data retaining means Substitution table data creating means for updating the converted substitution table data to the created substitution table data; and key data holding means for performing encryption processing on one input block and then performing encryption processing on the next input block. Key data conversion means for performing bit conversion using the intermediate block generated by the encryption processing means on the key data held in the input block while performing encryption processing on the previous input block, thereby converting the key data; By using the substitution table data held in the means and the key data, the input block is sequentially output by the blocking means. By subjecting the No. process, successively, an intermediate block obtained in the process of the encryption processing,
A cryptographic processing unit for generating an output block obtained as a result of the cryptographic processing. 21. The cryptographic processing apparatus further comprising: when performing cryptographic processing on the predetermined number of input blocks and then performing cryptographic processing on the next input block, obtains key data and transmits the key data to the key data holding unit. A key data obtaining unit for updating the held key data, wherein the substitution table data generating unit generates the substitution table data based on the key data obtained by the key data obtaining unit. 20. The cryptographic processing device according to 20. 22. The key data obtaining unit further obtains key data and holds the key data in a key data holding unit when performing encryption processing on the first input block in the input data; Further, when performing encryption processing on the first input block in the input data, it is necessary to create substitution table data based on the key data obtained by the key data obtaining unit and to store the substitution table data in the substitution table data holding unit. The cryptographic processing device according to claim 21, wherein: 23. The key data conversion means holds an initial block of the predetermined number of bits in advance, performs encryption processing on the first input block in input data, and sets a predetermined number of bits smaller than the predetermined number. When performing encryption processing on the next input block after performing encryption processing on the input block, the key data held in the key data holding means is subjected to bit conversion using the initial block to convert the key data. The encryption processing means performs encryption processing on the input blocks sequentially output by the blocking means, using the substitution table data held in the substitution table data holding means and the key data converted by the key data conversion means. 23. The encryption processing device according to claim 22, wherein intermediate blocks and output blocks are sequentially generated. 24. The bit conversion in the key data conversion means is a process of performing any one of an arithmetic sum, an exclusive OR for each bit, and a combination of an arithmetic sum and an exclusive OR for each bit. 24. The cryptographic processing device according to claim 23, wherein: 25. When N and M are integers of 2 or more,
What is claimed is: 1. A cryptographic processing apparatus having a storage device for storing (2 ＾ N) pieces of substitution data of a predetermined bit, wherein the encryption processing method performs an encryption process on input data using the substitution data to generate output data, N × M) bits of input data are equally divided into M
A dividing step of generating M pieces of bit-divided data; and M pieces of divided data generated in the dividing step, or input synthesized data generated by performing a synthesizing process on the data. A substitution step for specifying and outputting one of the predetermined bits of substitution data from the (2 @ N) pieces of substitution data stored by the storage device, and a substitution data output in the substitution step; Performing a fixed conversion to generate M pieces of the conversion data of the predetermined bits; and generating (N × M) bits of output data based on the M pieces of conversion data generated by the fixed conversion step. An output data generation step. 26. A method according to claim 26, wherein the predetermined bits of the substitution data stored by the storage device are (N × M) bits, and the substitution step is performed based on each of the M divided data generated in the division step. The apparatus specifies one of each of the (2 ＾ N) substitution data stored and outputs M (N × M) -bit substitution data, and the fixed conversion step includes the M conversion steps output in the substitution step. By performing different fixed conversions on each of the substitution data of (i), (M) (M) conversion data of (N × M) bits. The output data generation step includes a process of combining the M conversion data generated by the fixed conversion step. And (N × M) bits of output data are generated.
6. The encryption processing method according to 5. 27. A method according to claim 27, wherein the predetermined bits of the substitution data stored by the storage device are N bits, and the substitution step is performed by performing a combining process on the M pieces of divided data generated in the dividing step. An input combining sub-step of generating input combined data, wherein one of the (2 ＾ N) substitution data stored by the storage device is specified based on the N-bit input combined data;
Outputting the N-bit substitution data; and performing the fixed conversion step, wherein each of the substitution data output in the substitution step is subjected to M different fixed conversions, thereby generating M N-bit conversion data. The data generation step is one of the M divided data generated in the division step.
And an output combining sub-step of generating M pieces of N-bit output combined data by performing a combining process on each of the converted data and one of the M pieces of converted data generated in the fixed conversion step. 26. A linking sub-step of linking M output synthesized data of each N bits generated in the synthesizing step to generate (N × M) -bit output data. Encryption processing method. 28. A cryptographic processing apparatus including a key data holding device for holding key data and a substitution table data holding device for holding substitution table data, wherein substitution table data is created and used to encrypt input data. A cryptographic processing method for performing processing and generating output data, wherein input data is divided into blocks of a predetermined number of bits,
A block forming step of sequentially outputting as input blocks, and when performing encryption processing on a predetermined number of input blocks and then performing encryption processing on the next input block, creates substitution table data and holds the data in the substitution table data holding device A substituting table data generating step of updating the input substituting table data, and, when performing an enciphering process on one input block and then performing an enciphering process on the next input block, the key data held in the key data holding device. A key data conversion step of performing bit conversion by using the output block generated in the encryption processing step when the previous input block was subjected to the encryption processing, thereby converting the key data; and Using the character substitution table data and the key data, the input blocks sequentially output in the blocking step are encrypted. By performing the processing, the encryption processing method characterized by comprising a cryptographic processing step of sequentially generating output block. 29. A cryptographic processing apparatus including a key data holding device for holding key data and a substitution table data holding device for holding substitution table data, wherein substitution table data is created and used to encrypt input data. A cryptographic processing method for performing processing and generating output data, wherein input data is divided into blocks of a predetermined number of bits,
A block forming step of sequentially outputting as input blocks, and when performing encryption processing on a predetermined number of input blocks and then performing encryption processing on the next input block, creates substitution table data and holds the data in the substitution table data holding device A substituting table data generating step of updating the input substituting table data, and, when performing an enciphering process on one input block and then performing an enciphering process on the next input block, the key data held in the key data holding device. A key data conversion step of performing bit conversion using the previous input block to convert the key data; a substituting table step using the substitution table data held in the substitution table data holding device and the key data. By performing cryptographic processing on input blocks sequentially output by the Cryptographic processing method characterized by comprising a-up. 30. A cryptographic processing apparatus including a key data holding device for holding key data and a substitution table data holding device for holding substitution table data, wherein substitution table data is created and used to encrypt input data. A cryptographic processing method for performing processing and generating output data, wherein input data is divided into blocks of a predetermined number of bits,
A block forming step of sequentially outputting as input blocks, and when performing encryption processing on a predetermined number of input blocks and then performing encryption processing on the next input block, creates substitution table data and holds the data in the substitution table data holding device A substituting table data generating step of updating the input substituting table data, and, when performing an enciphering process on one input block and then performing an enciphering process on the next input block, the key data held in the key data holding device. In addition, a key data conversion step of performing bit conversion using the intermediate block generated in the encryption processing step when the previous input block was subjected to the encryption processing and converting key data, Using the character substitution table data and the key data, the input blocks sequentially output in the blocking step are encrypted. By performing the process sequentially, the cryptographic processing method characterized by comprising an intermediate block obtained in the process of the encryption processing, an encryption processing step of generating an output block obtained result of the encryption processing. 31. When N and M are integers of 2 or more,
In a cryptographic processing apparatus having a storage device for storing (2 ＾ N) pieces of substitution data of a predetermined bit, an encryption processing program for encrypting input data using the substitution data and generating output data is stored. A computer-readable storage medium that divides (N × M) -bit input data into M pieces,
A dividing step of generating M pieces of bit divided data; and M divided data generated in the dividing step, or input combined data generated by performing a combining process on the data, and inputting N bits of input data. A substitution step for specifying and outputting one of the predetermined bits of substitution data from the (2 @ N) pieces of substitution data stored by the storage device, and a substitution data output in the substitution step; Performing a fixed conversion to generate M pieces of the conversion data of the predetermined bits; and generating (N × M) bits of output data based on the M pieces of conversion data generated by the fixed conversion step. A computer-readable storage medium storing an encryption processing program for executing the output data generation step. 32. The predetermined bits of the substitution data stored by the storage device are (N × M) bits, and the substitution step is performed based on each of the M pieces of divided data generated in the division step. The apparatus specifies one of each of the (2 ＾ N) substitution data stored and outputs M (N × M) -bit substitution data, and the fixed conversion step includes the M conversion steps output in the substitution step. By performing different fixed conversions on each of the substitution data of (i), (M) (M) conversion data of (N × M) bits. The output data generation step includes a process of synthesizing the M conversion data generated by the fixed conversion step. And generating (N × M) bits of output data.
A computer-readable storage medium storing the encryption processing program according to claim 1. 33. The predetermined bits of the substitution data stored in the storage device are N bits, and the substitution step is a step of performing a synthesis process on the M pieces of divided data generated in the division step to obtain N bits of the divided data. An input combining sub-step of generating input combined data, wherein one of the (2 ＾ N) substitution data stored by the storage device is specified based on the N-bit input combined data;
Outputting N-bit substitution data, the fixed conversion step performs M fixed conversions different from each other on the substitution data output in the substitution step, thereby generating M N-bit conversion data; The data generation step is one of the M divided data generated in the division step.
And an output combining sub-step of generating M pieces of N-bit output combined data by performing a combining process on each of the converted data and one of the M pieces of converted data generated in the fixed conversion step. 32. A concatenating sub-step of concatenating M output combined data of N bits each generated in the combining step to generate (N × M) -bit output data. A computer-readable storage medium storing the encryption processing program. 34. A cryptographic processing apparatus including a key data holding device for holding key data and a substitution table data holding device for holding substitution table data, wherein substitution table data is created and used to encrypt input data. A computer-readable storage medium storing a cryptographic processing program for performing processing and generating output data, wherein the computer divides input data into blocks of a predetermined number of bits,
A block forming step of sequentially outputting as input blocks, and when performing encryption processing on a predetermined number of input blocks and then performing encryption processing on the next input block, creates substitution table data and holds the data in the substitution table data holding device A substituting table data generating step of updating the input substituting table data, and, when performing an enciphering process on one input block and then performing an enciphering process on the next input block, the key data held in the key data holding device. A key data conversion step of performing bit conversion by using the output block generated in the encryption processing step when the previous input block was subjected to the encryption processing, thereby converting the key data; and Using the character substitution table data and the key data, the input blocks sequentially output in the blocking step are encrypted. By performing processing sequentially recorded computer-readable storage medium encryption processing program for executing an encryption processing step of generating an output block. 35. A cryptographic processing apparatus including a key data holding device for holding key data and a substitution table data holding device for holding substitution table data, wherein substitution table data is created and used to encrypt input data. A computer-readable storage medium storing a cryptographic processing program for performing processing and generating output data, wherein the computer divides input data into blocks of a predetermined number of bits,
A block forming step of sequentially outputting as input blocks, and when performing encryption processing on a predetermined number of input blocks and then performing encryption processing on the next input block, creates substitution table data and holds the data in the substitution table data holding device A substituting table data generating step of updating the input substituting table data, and, when performing an enciphering process on one input block and then performing an enciphering process on the next input block, the key data held in the key data holding device. A key data conversion step of performing bit conversion using the previous input block to convert the key data; a substituting table step using the substitution table data held in the substitution table data holding device and the key data. By performing cryptographic processing on input blocks sequentially output by the A computer-readable storage medium encryption processing program for executing the-up. 36. A cryptographic processing apparatus comprising a key data holding device for holding key data and a substitution table data holding device for retaining substitution table data, wherein substitution table data is created and used to encrypt input data. A computer-readable storage medium storing a cryptographic processing program for performing processing and generating output data, wherein the computer divides input data into blocks of a predetermined number of bits,
A block forming step of sequentially outputting as input blocks, and when performing encryption processing on a predetermined number of input blocks and then performing encryption processing on the next input block, creates substitution table data and holds the data in the substitution table data holding device A substituting table data generating step of updating the input substituting table data, and, when performing an enciphering process on one input block and then performing an enciphering process on the next input block, the key data held in the key data holding device. In addition, a key data conversion step of performing bit conversion using the intermediate block generated in the encryption processing step when the previous input block was subjected to the encryption processing and converting key data, Using the character substitution table data and the key data, the input blocks sequentially output in the blocking step are encrypted. A computer readable recording of a cryptographic processing program for sequentially executing an intermediate processing block obtained in the course of the cryptographic processing and a cryptographic processing step for generating an output block obtained as a result of the cryptographic processing Storage media.