JP2004045641A - Encryption processing device and method therefor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an encryption processing device and a method therefor which reduce the processing load on software by shortening the processing time for enciphering or deciphering data streams of character data or the like in an OFB mode or a CFB mode of a DES encryption system. <P>SOLUTION: In an initial cycle, initial data in an IV register 22 is taken into an IV data holding part 31, and arithmetic operation in a block cipher arithmetic part 11 is executed, and L2 upper bits of an arithmetic result are added to held data in an encryption data holding part 32 and the IV data holding part 31. In following processing, held data in the IV data holding part 31 and the encryption data holding part 32 are successively updated by the arithmetic result of the block cipher arithmetic part 11 in the same manner. This processing is repeated the number of times which is equal to the number of unit data of L2 bits included in input data S, and finally enciphered or deciphered data is obtained in a second data extraction part 52 by exclusive OR between extracted data and input data S. <P>COPYRIGHT: (C)2004,JPO

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention relates to a cryptographic processing device and a method thereof, and for example, to a cryptographic processing device and a method using a block encryption system such as DES encryption.
[0002]
[Prior art]
There are various digital data encryption methods. Of the block encryption methods that encrypt data of a fixed length in block units, the encryption algorithm that is currently most widely used As such, DES (data encryption standard) encryption is known. The DES cipher is a standardized cipher defined in the US standard cipher FIPS (federal information processing standard) 46-2.
[0003]
In the DES encryption, four operation modes (ECB mode, CBC mode, OFB mode, and CFB mode) are defined in the FIPS 81.
[0004]
FIG. 21 is a diagram for describing an overview of an ECB (electronic codebook) mode.
In the ECB mode, the transmitted 64-bit message M is encrypted by the DES encryption unit 1a on the sender side by the DES encryption method, and is converted into a 64-bit ciphertext C. The ciphertext C is decrypted by the DES encryption unit 1b on the receiver side by the DES encryption method, and is restored to the original message M.
The ECB mode is a basic operation mode and has the simplest configuration, but has a weak point that the same message M is always encrypted into the same ciphertext C.
[0005]
FIG. 22 is a diagram for describing an outline of a CBC (cipher block chaining) mode.
In the CBC mode, the ciphertext transmitted last time is held in the register 2a on the transmitting side, and the exclusive OR of the held ciphertext and the message M is operated in the arithmetic circuit 3a. The result of this operation is encrypted in the DES encryption operation section 1a, whereby a ciphertext C is generated. The generated ciphertext C is held in the register 2a and is used for calculating an exclusive OR with a message to be transmitted next time. On the receiving side of the ciphertext C, the ciphertext previously received is held in the register 2b, and the held ciphertext and the ciphertext C received next are decrypted in the DES cryptographic operation unit 1b. The original message M is restored by calculating the exclusive OR with the data obtained in the calculation circuit 3b.
[0006]
FIG. 23 is a diagram for describing an overview of an OFB (output feedback) mode.
In the OFB mode, 64-bit initial vector (IV) data is held in the register 2a in the initial state, and this IV data is encrypted in the DES encryption operation unit 1a, and the encrypted data E is output. Next, random number data R is extracted by the data extraction unit 4a from the data of the upper k bits (where k represents an integer of 1 ≦ k ≦ 64) of the encrypted data E, and the exclusive OR of the random number data R and the message M is extracted. Is calculated in the arithmetic circuit 3a. A k-bit ciphertext C is obtained from the operation result. The random number data R is added to the lower bits of the IV data held in the register 2a, and the data of the upper k bits is rejected. The 64-bit data thus generated is newly held in the register 2a, and is used to generate random number data of a ciphertext to be transmitted next time. On the receiving side of the ciphertext C, the same random number data R is generated by the same configuration as that on the transmitting side, and the original message M is restored from the result of the exclusive OR operation of this and the ciphertext C.
[0007]
FIG. 24 is a diagram for describing an outline of a cipher feedback (CFB) mode.
In the CFB mode, a ciphertext is generated by the same operation as in the OFB mode, except that the data fed back to the register is a ciphertext.
That is, in the initial state, the IV data is held in the register 2a, and the IV data is encrypted in the DES encryption operation unit 1a, and the encrypted data E is output. Next, random number data R is extracted from the data of the upper k bits of the encrypted data E, and a k-bit cipher text C is generated by an exclusive OR operation of the random number data R and the k-bit message M. The generated k-bit ciphertext C is added to the lower bits of the IV data held in the register 2a, and the data of the upper k bits is rejected and held in the register 2a. The random number data of the ciphertext transmitted next time is generated using the updated data.
[0008]
On the receiving side of the ciphertext C, in the initial state, the IV data is held in the register 2b, and the IV data is encrypted in the DES cryptographic operation unit 1b, and the encrypted data E is output. Next, the random number data R is extracted from the data of the upper k bits of the encrypted data E, and the k-bit message M is restored by the exclusive OR operation of this and the k-bit ciphertext C. The received k-bit cipher text C is added to the lower bits of the IV data held in the register 2b, and the data of the upper k bits is rejected and held in the register 2b. Random number data to be subjected to an exclusive OR operation with a ciphertext to be received next time is generated using the updated data.
[0009]
[Problems to be solved by the invention]
By using the above-described OFB mode and CFB mode, encryption and decryption can be performed in units having a data length shorter than 64 bits, which is a block unit of the DES encryption. For example, when transmitting a message by a data stream composed of character-by-character encrypted data, the character data supplied on the transmission side can be immediately encrypted and added to the data stream. Further, this can be immediately decoded on the receiving side and restored to character data. Therefore, compared to other operation modes in which transmission is performed in units of blocks, it is possible to efficiently encrypt and decrypt short data such as character data, and to shorten the processing time. .
[0010]
However, even if encryption or decryption can be performed in a unit having a short data length as described above, when such data is continuously encrypted or decrypted, a plurality of generated It is necessary to sequentially process encrypted data and decrypted data. For example, when the generated data is sequentially output to a register or the like, the data is sequentially moved to another storage medium so that the previous data held in the register is not overwritten by the next output data. Processing is required. Usually, such processing is controlled by software, and it is necessary to execute such processing each time data is generated. For this reason, there arises a problem that the processing time required for encryption and decryption becomes long and a problem that software processing becomes complicated.
[0011]
Also, as a feature of the OFB mode and the CFB mode, out of the 64-bit data output from the DES cryptographic operation unit, data of predetermined high-order bits (k-bit data in the above example) is regarded as valid data. When these modes are used in combination with the ECB mode or the CBC mode, it is necessary to control not to process data of invalid bits in the operation result of the DES encryption. is there. Since such control is generally processed by software, problems such as an increase in processing time and complication of software arise as described above.
[0012]
The present invention has been made in view of the above circumstances, and an object of the present invention is to provide a method for sequentially encrypting or decrypting a plurality of data having a shorter data length than unit block data using a block encryption method. An object of the present invention is to provide a cryptographic processing device and a method thereof that can shorten the time and reduce the processing load of software.
[0013]
[Means for Solving the Problems]
In order to achieve the above object, a cryptographic processing device according to a first aspect of the present invention includes a block cipher operation unit that encrypts supplied data having a first data length based on supplied key data. An initial data holding unit capable of holding data having the first data length, and a second data length shorter than the first data length from the upper bit side of the data calculated by the block cipher calculation unit. And adds the data to the lower bits of the data held in the initial data holding means, and extracts and outputs the data of the first data length from the lower bits of the data after the addition. First data extracting means for selecting data output from the first data extracting means or supplied initial data and supplying the selected initial data to the initial data holding means; Encrypted data holding means capable of holding data having a third data length longer than the second data length; and Data is extracted and added to the upper bit side of the data held in the encrypted data holding means, and data of the third data length is extracted and output from the upper bit side of the added data. A second data extracting unit, a logical operation unit that receives the input data having the third data length and the output data of the second data extracting unit, and executes a predetermined logical operation; The first selection means selects the initial data, causes the initial data holding means to hold the initial data, and supplies the held data of the initial data holding means to the block cipher operation means. Receiving the operation result of the block cipher operation means, holding the data output from the second data extracting means in the encrypted data holding means, and executing the operation result of the block cipher operation means. In response to this, the data output from the first data extracting means is selected by the first selecting means and held in the initial data holding means. In the processing subsequent to the initial cycle, the first selecting means Control means for repeating a process equivalent to the initial cycle by the number of cycles corresponding to the second data length and the third data length in a state where the output data of the first data extraction means is selected; And in the last processing cycle of the control means, the data output from the second data extraction means in response to the calculation result of the block calculation means, and The result of the operation performed on the input data by the logical operation means is output as encrypted data or decrypted data corresponding to the input data.
[0014]
According to the cryptographic processing device of the first aspect of the present invention, in the initial cycle, the initial data is selected by the first selecting means and held in the initial data holding means, and the held data is stored in the block. The operation is supplied to the cryptographic operation means and the operation based on the key data is executed. The operation result of the block cipher operation means is supplied to the second data extraction means, and in response thereto, data output from the second data extraction means is held in the encrypted data holding means. The operation result of the block cipher operation means is also supplied to the first data extraction means, and the data output from the first data extraction means is selected by the first selection means. Then, the data is held in the initial data holding means. This held data is supplied to the block cipher operation means in the next cycle. In the processing subsequent to the initial cycle, a cycle according to the second data length and the third data length in a state where the output data of the first data extracting means is selected by the first selecting means. A process equivalent to the above initial cycle is repeated by the number of times. After the repetition of the processing, in the last processing cycle, the data output from the second data extracting means in response to the operation result of the block operation means and the input data are operated by the logical operation means, and the operation is performed. The result is output as encrypted data or decrypted data corresponding to the input data.
[0015]
Further, the input data holding means capable of holding data having the third data length, and the data held in the input data holding means are shifted to the lower bit side by the second data length, and Bit rotating means for returning data overflowing from the least significant bit to the upper bit side by shifting, and selecting the data processed by the bit rotating means or the input data to be supplied to the input data holding means Second selection means may be further included. In this case, the logic operation means receives the data held in the input data holding means and the output data of the second data extraction means, and executes the predetermined logic operation. In the cycle, the second selection means selects the input data, causes the input data holding means to hold the input data, and causes the input data holding means to perform the bit rotation processing on the held data. The processed data is selected by the second selecting means and held by the input data holding means. In a processing cycle following the initial cycle, the data processed by the bit rotating means is selected by the second selecting means. May be stored in the input data holding means.
[0016]
According to the above configuration, in the initial cycle, the input data is selected by the second selection means and held in the input data holding means, and the processing of the bit rotation means is performed on the held data. Then, the processed data is selected by the second selecting means and held in the input data holding means. In a processing cycle following the initial cycle, the data processed by the bit rotate means is selected by the second selection means and held in the input data holding means, whereby the data held in the input data holding means is stored. Are sequentially updated to the data processed by the bit rotation means.
In each of the processing cycles, the data output from the second data extraction means in response to the operation result of the block operation means and the data held in the input data holding means are operated by the logic operation means. At least the data of the second data length in the operation result is output as encrypted data or decrypted data corresponding to unit data having one or more second data lengths included in the input data. Is done.
[0017]
A cryptographic processing device according to a second aspect of the present invention includes a block cipher operation unit for encrypting data of a supplied first data length based on supplied key data; An initial data holding unit capable of holding data having the data, and extracting data of a second data length from a higher-order bit side of the supplied data to a lower-order bit side of the data held by the initial data holding unit. First data extraction means for adding and extracting data of the first data length from the lower bit side of the data after the addition, and data output from the first data extraction means; or First selection means for selecting the supplied initial data and supplying it to the initial data holding means; and encrypted data holding means capable of holding data having a third data length longer than the second data length. And input data holding means for extracting data of the second data length from the upper bits of the data calculated by the block cipher calculation means, and extracting the upper bits of the data held by the encrypted data holding means. A second data extracting means for extracting the data of the third data length from the higher-order bit side of the data after the addition and outputting the data, and data held in the input data holding means. A bit rotating means for shifting the lower bits by the second data length and returning data overflowing from the least significant bit to the upper bits by the shift; data processed by the bit rotating means; Second selecting means for selecting input data having a data length of 3 and supplying the selected input data to the input data holding means; First logical operation means for executing a predetermined logical operation in response to the data held by the means and the output data of the second data extracting means, the data held by the input data holding means and the block A second logical operation unit that receives the data calculated by the cryptographic operation unit and executes the predetermined logical operation; and a data held by the input data holding unit or an operation performed by the second logical operation unit. A third selecting means for selecting the selected data and supplying the selected data to the first data extracting means; and performing an encryption process in a first operation mode, in the initial cycle, the first selecting means transmits the data to the first selecting means. Selecting the initial data and causing the initial data holding means to hold the data; supplying the held data of the initial data holding means to the block cipher operation means to execute the operation; Upon receiving the calculation result of the block cipher calculation means, the data output from the second data extraction means is held in the encrypted data holding means, and the second selection means is allowed to select the input data and to input the data. The data holding means holds the input data holding means, and the stored data of the input data holding means is processed by the bit rotating means. The processed data is selected by the second selecting means to hold the input data. Means for receiving the data held by the input data holding means and the operation result of the block cipher operation means, and causing the third selection means to select the operation result of the second logical operation means. The first data extracting means is supplied with the data, and the data output from the first data extracting means is selected by the first selecting means upon receiving the supplied data. In the processing following the initial cycle, the output data of the first data extracting means is stored in the first selecting means, and the processing data of the bit rotating means is stored in the second selecting means. Are respectively selected, a process equivalent to the initial cycle is repeated by the number of cycles corresponding to the second data length and the third data length, and the decoding process in the first operation mode is performed. Is performed, in the initial cycle, the first selecting means selects the initial data and causes the initial data holding means to hold the initial data, and stores the held data of the initial data holding means in the block cipher operation means. The data is supplied to execute the operation, and the data output from the second data extraction means in response to the operation result of the block cipher operation means is converted to the encrypted data. The input data is held by the holding means, the input data is selected by the second selecting means, and the input data holding means is held by the input data holding means. Then, the processed data is selected by the second selecting means and held by the input data holding means, and the held data is selected by the third selecting means and supplied to the first data extracting means. Receiving the supply data, causing the first selection means to select the data output from the first data extraction means, and holding the data in the initial data holding means, and in a process following the initial cycle, The first selection means selects the output data of the first data extraction means, and the second selection means selects the processing data of the bit rotation means. Control means for repeating a process equivalent to the initial cycle by the number of cycles corresponding to the second data length and the third data length, and in each processing cycle of the control means, The data output from the second data extraction means in response to the operation result of the operation means and the data processed by the bit rotation means held in the input data holding means are combined with the first logical operation means Of the result calculated in the above, at least data corresponding to the second data length is converted into encrypted data or decrypted data corresponding to unit data having one or more second data lengths included in the input data. Output as data.
[0018]
According to the encryption processing device according to the second aspect of the present invention, when the encryption processing in the first operation mode is performed, in the initial cycle, the first selection means selects the initial data, and The data is held in the initial data holding means, and the held data is supplied to the block cipher operation means to execute the operation. The data output from the second data extraction unit in response to the operation result of the block cipher operation unit is held in the encrypted data holding unit. On the other hand, the input data is selected by the second selecting means and held in the input data holding means, and the held data is processed by the bit rotating means. 2 is selected by the selection means and held in the input data holding means. In response to the data held in the input data holding means and the operation result of the block cipher operation means, a predetermined logical operation is executed in the second logical operation means, and the operation result is stored in the third selection operation. The selected data is supplied to the first data extracting means. The data output from the first data extracting means in response to the supplied data is selected by the first selecting means and held in the initial data holding means, and is supplied to the block cipher operation means in the next cycle. Is done. In the processing subsequent to the initial cycle, the output data of the first data extraction means is selected by the first selection means, and the processing data of the bit rotation means is selected by the second selection means. The same processing as the initial cycle is repeated by the number of cycles corresponding to the second data length and the third data length.
Further, when the decoding process of the first operation mode is performed, in the initial cycle, the initial data is selected by the first selecting means and held in the initial data holding means, and the held data is stored in the initial data holding means. The calculation is supplied to the block cipher calculation means and executed. The data output from the second data extraction unit in response to the operation result of the block cipher operation unit is held in the encrypted data holding unit. On the other hand, the input data is selected by the second selecting means and held in the input data holding means, and the held data is processed by the bit rotating means. 2 is selected by the selection means and held in the input data holding means. The data held by the input data holding means is selected by the third selecting means and supplied to the first data extracting means, and the data outputted from the first data extracting means in response to the supplied data Is selected by the first selection means, held in the initial data holding means, and supplied to the block cipher operation means in the next cycle. In the processing subsequent to the initial cycle, the output data of the first data extraction means is selected by the first selection means, and the processing data of the bit rotation means is selected by the second selection means. The same processing as the initial cycle is repeated by the number of cycles corresponding to the second data length and the third data length.
In each processing cycle of the control means, the data output from the second data extraction means in response to the operation result of the block operation means, and the data after processing by the bit rotation means held in the input data holding means. Is calculated by the first logical operation means, and at least the data of the second data length out of the operation result is output as encrypted data or decrypted data corresponding to the unit data. .
[0019]
Further, the third selecting means can select an operation result of the block cipher operation means and supply the result to the first data extracting means, and the control means can execute an encryption process or a second operation mode. In performing the decoding process, the second selection means selects the input data and the input data holding means holds the input data. In the initial cycle, the first selection means selects the initial data. Holding the initial data holding means, supplying the held data of the initial data holding means to the block cipher operation means to execute the operation, receiving the operation result of the block cipher operation means, and receiving the second data The data output from the extracting means is held in the encrypted data holding means, and the operation result of the block cipher operation means is selected by the third selecting means. Receiving the supplied data, causing the first selection means to select the data output from the first data extraction means, and holding the data in the initial data holding means; In a process following the initial cycle, the number of cycles according to the first data length and the second data length in a state where the first selection means selects the output data of the first data extraction means. Only, the same processing as in the above initial cycle may be repeated.
[0020]
According to the above configuration, when the encryption processing or the decryption processing in the second operation mode is performed, the input data is selected by the second selection means and held in the input data holding means. In the initial cycle, the initial data is selected by the first selecting means and held in the initial data holding means, and the held data is supplied to the block cipher operation means to execute an operation. The data output from the second data extraction unit in response to the operation result of the block cipher operation unit is held in the encrypted data holding unit. Further, the operation result of the block cipher operation means is selected by the third selection means and supplied to the first data extraction means. The data output from the first data extracting means in response to the supplied data is selected by the first selecting means and held in the initial data holding means. In a process following the initial cycle, a cycle corresponding to the first data length and the second data length in a state where the output data of the first data extraction unit is selected by the first selection unit. A process equivalent to the above initial cycle is repeated by the number of times.
In the last processing cycle, the data output from the second data extraction means in response to the operation result of the block operation means and the input data held in the input data holding means are input to the first logic operation means. The operation is performed, and the operation result is output as encrypted data or decrypted data corresponding to the input data.
[0021]
Further, when performing the encryption process or the decryption process in the second operation mode, the control unit causes the second selection unit to select the input data in the initial cycle, and causes the input data holding unit to select the input data. And causing the input data holding means to perform the processing of the bit rotation means on the held data, causing the second selection means to select the processed data, and causing the input data holding means to hold the data. In a processing cycle following the initial cycle, the data processed by the bit rotating means may be selected by the second selecting means and held by the input data holding means.
[0022]
According to the above configuration, when the encryption processing or the decryption processing in the second operation mode is performed, in the initial cycle, the input data is selected by the second selection means and the input data holding means is selected. Is processed by the bit rotating means, and the processed data is selected by the second selecting means and held by the input data holding means. In the processing cycle following the initial cycle, the data processed by the bit rotate means is selected by the second selection means and held by the input data holding means, whereby the data held by the input data holding means is held. Are sequentially updated to the data processed by the bit rotation means.
In each of the processing cycles, the data output from the second data extraction means in response to the operation result of the block operation means and the data held in the input data holding means are calculated by the first logic operation means. Out of the operation result, at least data of the second data length is encrypted data or decryption data corresponding to unit data having one or more second data lengths included in the input data. Output as data.
[0023]
A fourth selecting means for selecting the data held in the initial data holding means or the data held in the input data holding means and supplying the selected data to the block cipher operation means; And a fifth selecting means for selecting and outputting the data calculated in the above or the data calculated in the block cipher calculating means. In this case, the block cipher operation unit performs an encryption operation or a decryption operation on the supplied data, and the control unit performs an encryption operation or a decryption operation in the third operation mode. The selection means selects the input data and causes the input data holding means to hold the input data, and causes the fourth selection means to select the holding data of the input data holding means and supplies the data to the block cipher operation means. When performing the calculation, causing the fifth selection means to select and output the calculation result of the block cipher calculation means, and performing the processing in the first operation mode or the second operation mode, The data held by the initial data holding means is selected by the fourth selection means and supplied to the block cipher operation means, and the operation data of the first logic operation means is transmitted to the block cipher operation means. To 5 of the selection means may be output by selection.
[0024]
According to the above configuration, when the encryption process or the decryption process in the third operation mode is performed, the input data is selected by the second selection unit and is stored in the input data storage unit, and the input data is stored in the input data storage unit. The selection data of the input data holding means is selected by the selection means and supplied to the block cipher operation means. An encryption operation or a decryption operation is executed in the block cipher operation means receiving the supply data, and the operation result is selected and output by the fifth selecting means. On the other hand, when the processing of the first operation mode or the second operation mode is performed, the data held by the initial data holding means is selected by the fourth selection means and supplied to the block cipher operation means. At the same time, the operation data of the first logic operation means is selected and output by the fifth selection means.
[0025]
A third logical operation means for receiving the data held in the initial data holding means and the data held in the input data holding means and executing the predetermined logical operation; A fourth logical operation unit that receives the held data and the data calculated by the block cipher operation unit and executes the predetermined logical operation may be further included. The fourth selecting means can select the data calculated by the third logical calculating means and supply the data to the block cipher calculating means, and the fifth selecting means can select the data calculated by the fourth logical calculating means. The data calculated by the calculation means may be selected and output. Further, when performing the encryption process in the fourth operation mode, the control means causes the first selection means to select the initial data in the initial cycle and causes the initial data holding means to hold the initial data. A second selection means for selecting the input data and holding the input data in the input data holding means, and receiving the held data of the initial data holding means and the held data of the input data holding means; The operation result of the means is selected by the fourth selecting means and supplied to the block cipher operation means, the operation is executed, and the operation result of the block cipher operation means is selected by the fifth selecting means. And the third cipher selecting means selects the calculation result of the block cipher calculating means and supplies it to the first data extracting means. The data for the first data length of the supply data is extracted, and the extracted data of the first data extraction means is selected by the first selection means and held by the initial data holding means. In the processing cycle following the cycle, the same processing as in the initial cycle is executed with the first selecting means selecting the extracted data of the first data extracting means, and the decoding of the fourth operation mode is performed. In the case of performing the conversion process, in the initial cycle, the first selection means selects the initial data, the initial data holding means holds the initial data, and the second selection means selects the input data. The input data holding unit holds the input data, the input data holding unit selects the data held by the fourth selection unit, and supplies the selected data to the block cipher operation unit. Calculation, and the fifth selection means selects and outputs the operation result of the fourth logic operation means which receives the operation result of the block cipher operation means and the held data of the initial data holding means. Then, the data held by the input data holding means is selected by the third selection means and supplied to the first data extraction means, and the first data extraction means causes the first data extraction means to select the first data of the supplied data. The first data extracting means selects the extracted data by the first data extracting means and causes the initial data holding means to hold the extracted data. In a processing cycle subsequent to the initial cycle, A process equivalent to the initial cycle may be executed in a state where the first selection unit selects the extracted data of the first data extraction unit.
[0026]
According to the above configuration, when the encryption processing in the fourth operation mode is performed, in the initial cycle, the initial data is selected by the first selecting means and held in the initial data holding means. Further, the input data is selected by the second selecting means and held by the input data holding means. Upon receiving the data held by the initial data holding means and the data held by the input data holding means, a predetermined logical operation is executed in the third logical operation means, and the operation result is stored in the fourth selection means. And is supplied to the block cipher operation means. Receiving the supplied data, the block cipher operation means performs an encryption operation, and the operation result is selected and output by the fifth selecting means. The operation result of the block cipher operation means is selected by the third selecting means and supplied to the first data extracting means, and the first data extracting means selects the first data of the supplied data. The long data is extracted. The extracted data of the first data extracting means is selected by the first selecting means and held by the initial data holding means. In a processing cycle subsequent to the initial cycle, a process equivalent to that of the initial cycle is executed in a state where the extracted data of the first data extracting unit is selected by the first selecting unit.
In the case where the decoding process in the fourth operation mode is performed, in the initial cycle, the initial data is selected by the first selecting means and held in the initial data holding means. Further, the input data is selected by the second selecting means and held by the input data holding means. The data held by the input data holding means is selected by the fourth selection means and supplied to the block cipher operation means, and the encryption operation is executed. Upon receiving the operation result of the block cipher operation unit and the data held by the initial data holding unit, a predetermined logical operation is executed in the fourth logical operation unit, and the operation result is sent to the fifth selection unit. Selected and output. Further, the held data of the input data holding means is selected by the third selection means and supplied to the first data extraction means, and the first data extraction means selects the first data of the supplied data. Data of the data length is extracted. The extracted data of the first data extracting means is selected by the first selecting means and held by the initial data holding means. In a processing cycle subsequent to the initial cycle, a process equivalent to that of the initial cycle is executed in a state where the extracted data of the first data extracting unit is selected by the first selecting unit.
[0027]
According to a third aspect of the present invention, there is provided an encryption processing method comprising: holding an initial data having a first data length in an initial data holding device; and encrypting the initial data based on given key data. And extracting the data of the second data length shorter than the first data length from the upper bits of the data encrypted in the first step, and setting the extracted data as the upper bits. A second step of generating data having a third data length longer than the second data length, and causing the encrypted data holding device to hold the data; and a higher bit side of the data encrypted in the first step. , The data corresponding to the second data length is extracted and added to the lower bits of the initial data held in the initial data holding device, and the first data is read from the lower bits of the data after the addition. A third step of extracting data of a data length and updating the initial data held in the initial data holding device to the extracted data, and holding the initial data held in the initial data holding device. A fourth step of encrypting the encrypted data based on the key data, and extracting data of the second data length from the upper bit side of the data encrypted in the fourth step, The data is added to the upper bit side of the data held in the encrypted data holding device, the data of the third data length is extracted from the upper bit side of the data after the addition, and held in the encrypted data holding device. A fifth step of updating the encrypted data with the extracted data, and extracting data of the second data length from the upper bits of the data encrypted in the fourth step. The data held in the initial data holding device is added to the lower bit side, and the data of the first data length is extracted from the lower bit side of the data after the addition. And a sixth step of updating the data held in the first data into the extracted data by the number of times corresponding to the second data length and the third data length. A predetermined logical operation is performed on the data having the third data length extracted in step 5 and the input data having the third data length to obtain the encrypted data or the decrypted data corresponding to the input data. Generate
[0028]
According to a fourth aspect of the present invention, there is provided an encryption processing method comprising: holding an initial data having a first data length in an initial data holding device; and encrypting the initial data based on given key data. And shifting the input data having the third data length to the lower bit side by the first data length and the second data length shorter than the third data length. Performing a process of returning data overflowing from the upper bits to the upper bit side, and holding the processed data in the input data holding device; and performing the second step from the upper bits side of the data encrypted in the first step. 2, and generates data having the third data length with the extracted data as upper bits, and stores the data in the encrypted data holding device. Performing a predetermined logical operation on the data encrypted in the first step and the data held in the input data holding device, and performing a second logical operation on the upper bit side of the operation result. Is extracted and added to the lower bits of the initial data held in the initial data holding device, and the data of the first data length is added from the lower bits of the data after the addition. A fourth step of extracting and updating the initial data held in the initial data holding device to the extracted data; a data held in the input data holding device; The predetermined logical operation is performed on the data having the third data length to generate encrypted data corresponding to the unit data having the second data length included in the input data. A fifth step of encrypting the data held in the initial data holding device based on the key data, and a sixth step of encrypting the data held in the initial data holding device. Is shifted to the lower bit side by the second data length, and data overflowing from the least significant bit is returned to the upper bit side by the shift, and the data held in the input data holding device is shifted to the lower bit side. A seventh step of updating the data after processing, and extracting data of a second data length from the upper bit side of the data encrypted in the sixth step, and holding the extracted data in the encrypted data holding device. The data having the third data length is extracted from the upper bit side of the data after the addition, and is added to the upper bit side of the added data. An eighth step of updating the data held in the data holding device to the extracted data; the data encrypted in the sixth step; and the updated data of the input data holding device. , And extracts data of the second data length from the upper bit side of the operation result, and adds the data to the lower bit side of the data held in the initial data holding device. A ninth step of extracting data of the first data length from the lower bit side of the data and updating the data held in the initial data holding device to the extracted data; and updating the input data holding device. The predetermined logical operation is performed on the extracted data and the data having the third data length extracted in the eighth step to correspond to at least one unit data. The tenth iteration step including the steps of generating encrypted data is repeated a number of times corresponding to the said second data length and the third data length.
[0029]
A cryptographic processing method according to a fifth aspect of the present invention is a cryptographic processing method, comprising: holding initial data having a first data length in an initial data holding device; and encrypting the initial data based on given key data. And shifting the encrypted input data having the third data length to the lower bit side by the first data length and the second data length shorter than the third data length. A second step of returning the data overflowing from the least significant bit to the upper bit side, and holding the processed data in the input data holding device; and a higher bit of the data encrypted in the first step. Side to extract data of the second data length, generate data having the third data length using the extracted data as upper bits, and generate encrypted data. A third step of holding the data held by the holding device; extracting data of the second data length from the higher-order bit side of the data held by the input data holding device; The data is added to the lower bit side of the data, the data of the first data length is extracted from the lower bit side of the added data, and the initial data held in the initial data holding device is updated to the extracted data. Performing a predetermined logical operation on the data held in the input data holding device and the data having the third data length generated in the third step to obtain the input data. And a fifth step of generating decoded data corresponding to the unit data having the second data length included in the initial data holding unit. A sixth step of encrypting the obtained data on the basis of the key data, and shifting the data held in the input data holding device to the lower bits by the second data length. A seventh step of performing a process of returning data overflowing from the least significant bit to the upper bit side, and updating the data held in the input data holding device to the processed data; and The data of the second data length is extracted from the upper bits of the data, and added to the upper bits of the data held in the encrypted data holding device. An eighth step of extracting data of a third data length and updating the data held in the encrypted data holding device to the extracted data; The data of the second data length is extracted from the upper bit side of the updated data of the input data holding device, and added to the lower bit side of the data held in the initial data holding device. A ninth step of extracting the data of the first data length from the lower bit side of the data and updating the data held in the initial data holding device to the extracted data; The predetermined logical operation is performed on the updated data and the data having the third data length extracted in the eighth step to generate decoded data corresponding to at least one of the unit data. The repetition step including the tenth step is repeated a number of times corresponding to the second data length and the third data length.
[0030]
BEST MODE FOR CARRYING OUT THE INVENTION
Hereinafter, three embodiments of the present invention will be described with reference to the drawings.
[0031]
(1st Embodiment)
FIG. 1 is a block diagram illustrating a configuration example of the cryptographic processing device according to the first embodiment of the present invention.
The cryptographic processing apparatus shown in FIG. 1 includes a block cipher operation unit 11, an input register 21, an IV register 22, an output register 23, a data length setting register 24, an IV data holding unit 31, an encrypted data holding unit 32, a first selection It has a unit 41, a first data extraction unit 51, a second data extraction unit 52, and a control unit 71.
The block cipher operation unit 11 is an embodiment of the block cipher operation means of the present invention.
The IV data holding unit 31 is an embodiment of the initial data holding unit of the present invention.
The encrypted data holding unit 32 is an embodiment of the encrypted data holding unit of the present invention.
The first selector 41 is an embodiment of the first selector of the present invention.
The first data extracting unit 51 is an embodiment of the first data extracting unit of the present invention.
The second data extraction unit 52 is an embodiment of the second data extraction unit of the present invention.
The first logical operation unit 61 is an embodiment of the logical operation unit and the first logical operation unit of the present invention.
The control unit 71 is an embodiment of the control means of the present invention.
[0032]
The block cipher operation unit 11 is a unit for encrypting the supplied data having a predetermined data length based on the supplied key data. For example, based on the DES encryption method, an encryption operation is performed using 64 bits as one block unit. In the following description, the data length (first data length) as the unit of encryption in the block cipher operation unit 11 is L1 bits.
[0033]
The input register 21 holds data S to be encrypted or decrypted. The data length of the input data held in the input register 21 may be equal to or longer than the L1 bit, which is a processing unit of the block cipher operation unit 11. In the following description, the data length (third data length) of the data held in the input register 21 as an object to be encrypted or decrypted is L3 bits.
[0034]
The IV register 22 holds L1 bit data (hereinafter, referred to as IV data) used in an initial processing cycle when continuous encryption or decryption is performed.
[0035]
The output register 23 holds data R generated as a result of encryption or decryption.
[0036]
The data length setting register 24 holds data for setting a data length (second data length) as a unit of encryption or decryption. This data length needs to be shorter than the data length of L1 bit, which is the unit of encryption in the block cipher operation unit 11, and the data length of L3 bit supplied from the input register. In the following description, the second data length is L2 bits.
[0037]
FIG. 2 is a diagram for explaining the correspondence between the data held in the input register 21 and the data held in the output register 23.
FIG. 2A shows an example in which “L2 = 1 bit” is set in the data length setting register 24. In the case of “L2 = 1 bit”, as described later, 1-bit encrypted data or decrypted data is generated each time the encryption operation is performed once in the block cipher operation unit 11, so that the input register 21 If 64-bit data is held, 64 encrypted data or decrypted data can be continuously generated. In this case, the data (S0,..., S63) before the operation held in the input register 21 and the data (R0,..., R63) after the operation held in the output register 23 are one-to-one for each bit. Corresponding to
FIG. 2B shows an example in which “L2 = 8 bits” is set in the data length setting register 24. In the case of “L2 = 8 bits”, the encryption / decryption data of 8 bits is generated each time the encryption operation is performed once in the block cipher operation unit 11. If the data is held, it is possible to continuously generate eight pieces of encrypted data or decrypted data. In this case, the pre-operation data (S0,..., S7) held in the input register 21 and the post-operation data (R0,..., R7) held in the output register 23 are divided into 8-bit blocks. They correspond one-to-one.
[0038]
The IV data holding unit 31 holds L1 bit data used for encryption or decryption. As described later, the IV data holding unit 31 holds the L1 bit IV data supplied from the IV register 22 in the initial processing cycle, but in the subsequent processing cycle, the first data extraction unit 51 extracts the L1 bit IV data. L1 bit data held.
The data held in the IV data holding unit 31 is supplied to the block cipher operation unit 11 and the first data extraction unit 51.
[0039]
The encrypted data holding unit 32 holds the data extracted by the second data extracting unit 52. The data held in the encrypted data holding unit 32 is supplied to the second data extraction unit 52.
[0040]
The first selector 41 selects the IV data held in the IV register 22 or the output data from the first data extractor 51 according to a control signal (not shown) from the controller 71, and selects the selected data. To the IV data holding unit 31.
[0041]
The first data extracting unit 51 extracts L2 bits of data from the upper bits of the data calculated by the block cipher calculator 11 and adds the L2 bits to the lower bits of the data held in the IV data holding unit 31. Then, L1 bits of data are extracted from the lower bits of the added (L1 + L2) bits of data, and output to the first selector 41.
[0042]
The second data extraction unit 52 extracts L2 bits of data from the upper bits of the data calculated by the block cipher operation block cipher operation unit 11, and outputs the L2 bits of the data held in the encrypted data holding unit 32. The data is added to the bit side, L3 bit data is extracted from the upper bit side of the added (L3 + L2) bit data, and output to the encrypted data holding unit 32 and the first logical operation unit 61.
[0043]
The first logical operation unit 61 receives data supplied from the input register 21 and data output from the second data extraction unit 52, and performs a predetermined logical operation, for example, an exclusive OR operation on each bit. Execute
[0044]
The control unit 71 sets the data length (L2 bits) of the upper bits extracted by the first data extraction unit 51 and the second data extraction unit 52 according to the value set in the data length setting register 24. I do. In addition, according to the set data length (L2 bits) and the data length (L3 bits) of the input data S held in the input register 21, output data R corresponding to the input data S is generated. First, the number of times of performing the arithmetic processing in the block cipher arithmetic unit 11 is determined. For example, as shown in FIG. 2A, when “L2 = 8 bits” is set for the 64-bit input data S, the number of times the operation is repeated in the block cipher operation unit 11 is eight.
[0045]
Then, in the initial cycle of the repeated processing, the first selector 41 selects the IV data of the IV register 22 and causes the IV data holding unit 31 to hold the IV data, and supplies the held data to the block cipher operation unit 11. To execute the encryption operation. Further, the data output from the second data extraction unit 52 in response to the operation result of the block cipher operation unit 11 is stored in the encrypted data storage unit 32. Further, in response to the operation result of the block cipher operation unit 11, the data output from the first data extraction unit 51 is selected by the first selection unit 41 and held in the IV data holding unit 31, and in the next processing cycle, The data to be supplied to the block cipher operation unit 11 is prepared. In the processing cycle following this initial cycle, the same processing as the initial cycle is repeated a set number of times with the first selector 41 selecting the output data of the first data extractor 51. .
[0046]
Here, the operation of the cryptographic processing apparatus of FIG. 1 having the above configuration will be described with reference to FIG.
FIG. 3 is a flowchart for explaining a flow of an encryption process or a decryption process in the encryption processing device of FIG.
[0047]
Step ST101:
The L1 bit IV data held in the input register 21 is selected by the first selector 41 and held in the IV data holder 31. Then, the held IV data is supplied to the block cipher operation unit 11, and a predetermined encryption operation is performed based on the given key data.
[0048]
Step ST102:
In step ST101, L2 bits of data are extracted by the second data extracting unit 52 from the upper bits of the data encrypted by the block cipher operation unit 11, and the extracted data is L3 bits of data. Is stored in the encrypted data storage unit 32. In this case, the lower (L3-L2) bits of the data held in the encrypted data holding unit 32 include the upper (L3-L2) bits of the data held in the encrypted data holding unit 32 in the initial state. Is added.
[0049]
Step ST103:
In step ST101, L2 bits of data are extracted by the first data extraction unit 51 from the upper bits of the data encrypted by the block cipher operation unit 11, and the lower bits of the IV data held in the IV data holding unit 31 are extracted. The L1 bit data is extracted from the lower bit side of the added (L1 + L2) bit data and output to the first selection unit 41. The first selection unit 41 selects the extracted L1 bit data and supplies it to the IV data holding unit 31. The IV data held in the IV data holding unit 31 is updated to the extracted L1 bit data.
[0050]
Steps ST102 and ST103 can be performed in parallel in the cryptographic processing apparatus of FIG.
[0051]
Step ST104:
Subsequent to the initial cycle of steps ST101 to ST103, a processing cycle of steps ST105 to ST107 described below is repeated. As described above, the number of repetitions is set according to the data length (L2 bits) set in the bit number setting register 24 and the data length (L3 bits) of the input data S held in the input register 21. You.
If the set number of repetitions has been reached, the process proceeds to step ST108; otherwise, the process proceeds to step ST105.
[0052]
Step ST105:
The data held in the IV data holding unit 31 is supplied to the block cipher operation unit 11, and the encryption operation is executed.
[0053]
Step ST106:
In step ST105, L2 bits of data are extracted by the second data extracting unit 52 from the upper bits of the data encrypted by the block cipher operation unit 11, and the upper bits of the data held in the encrypted data holding unit 32 are extracted. The L3 bit data is extracted from the upper bit side of the (L3 + L2) bit data after the addition. The data held in the encrypted data holding unit 32 is updated to the extracted L3-bit data.
[0054]
Step ST107:
In step ST105, L2 bits of data are extracted by the first data extracting unit 51 from the upper bits of the data encrypted by the block cipher operation unit 11, and the lower bits of the data held in the IV data holding unit 31 are extracted. The L1 bit data is extracted from the lower bit side of the added (L1 + L2) bit data, and output to the first selector 41. The data held in the IV data holding unit 31 is updated again with the extracted L1 bit data.
[0055]
It should be noted that the processes in steps ST106 and ST107 can be performed in parallel, similarly to steps ST102 and ST103.
[0056]
Step ST108:
If the end of the operation is determined in step ST104, the L3 bit data extracted by the second data extraction unit 52 in the last executed step ST106 and the L3 bit input data held in the input register 21 Is subjected to a predetermined logical operation in the first logical operation unit 61, thereby generating encrypted data or decrypted data corresponding to the input data. For example, an exclusive OR of corresponding bits of both data is calculated to generate encrypted data or decrypted data. The generated data is held in the output register 23 as output data R.
[0057]
Based on the above-described processing flow, changes in data stored in the encrypted data storage unit 32 will be described with reference to a specific example illustrated in FIG.
For example, assume that the L3 bit is four times the L2 bit. In this case, as shown in FIG. 4E, the input data S of L3 bits can be divided into four unit data (S0,..., S3) having a length of L2 bits.
[0058]
When the encrypted data E is output from the block cipher operation unit 11 in step ST101 of the initial cycle, the data E0 of L2 bits on the upper bit side is extracted in step ST102, and the extracted data E0 is set as the upper bit. The L3-bit data is held in the encrypted data holding unit 32 (FIG. 4A).
[0059]
When the encrypted data E is output from the block cipher operation unit 11 in step ST105 of the next processing cycle, the data E1 corresponding to the upper L2 bits is extracted and further higher than E0 held in the encrypted data holding unit 32. It is added to the bit side (FIG. 4B). Similarly, in the subsequent cycle, the upper L2 bits of the encrypted data E output from the block cipher operation unit 11 are extracted and added to the upper side of the data held in the encrypted data holding unit 32. , The lower L2 bits of data are rejected. As a result, the upper L2 bits of the encrypted data E output from the block cipher operation unit 11 in each processing cycle are stored in the encrypted data storage unit 32 in the output order, arranged from the lower side (see FIG. 4D). The four encrypted data (E0,..., E3) having a length of L2 bits generated in this way and the four unit data (S0,. The logical operation unit 61 performs an operation such as an exclusive OR operation to generate L3-bit output data R corresponding to the L3-bit input data S.
[0060]
Note that the above-described change in data is the same in the IV data holding unit 31 except that data is sequentially added to the lower bit side. That is, the data of the upper L2 bits of the encrypted data E output from the block cipher operation unit 11 is sequentially added to the lower bits of the data held in the IV data holding unit 31, and the upper L2 bits of the data are stored. Are sequentially rejected.
[0061]
As described above, according to the cryptographic processing device shown in FIG. 1, a part of the calculation result (upper L2 bits) of the block cipher operation unit 11 is fed back to the input of the block cipher operation unit 11 and is generated next. It is used to generate L2-bit encrypted data or decrypted data. Therefore, it is possible to realize the same processing as the OFB mode encryption processing and decryption processing shown in FIG.
[0062]
The upper L2 bits of the operation result of the block cipher operation unit 11 are extracted and added to the lower bit side of the data supplied to the block cipher operation unit 11 used for this operation. Data of L1 bits is extracted from the bit side and prepared as data to be supplied to the block cipher operation unit 11 in the next processing cycle. Therefore, unnecessary waiting time can be reduced as compared with the case where the same processing is realized by software, and the block cipher operation unit 11 can perform a continuous operation.
Furthermore, the upper L2 bits of the operation result of the block cipher operation unit 11 are extracted, and the extracted data is packed in the encrypted data holding unit 32 in order from the upper bit side. The valid operation result output from the data 11 is surely retained without being lost by overwriting or the like.
[0063]
In addition, according to the data length (L2 bits) set in the bit number setting register 24 and the data length (L3 bits) of the input data S held in the input register 21, the number of operations of the block cipher operation unit 11 is reduced. The process is automatically set, and the set number of processes are continuously repeated, so that the required number of valid operation results of the block cipher operation unit 11 are held in the encrypted data holding unit 32. Therefore, a plurality of L2-bit unit data held in the input register 21 can be collectively encrypted or decrypted. For example, every time L2-bit encrypted data or decrypted data is generated, The processing time can be reduced and the processing load of the software can be reduced as compared with the case where the transfer of the generated data is processed by the software.
[0064]
By the way, in the cryptographic processing apparatus of FIG. 1, L3-bit input data S including a plurality of L2-bit unit data are collectively processed, and a plurality of encrypted data or decrypted data are generated at the same time. Depending on the processing method, there may be a case where it is desired to encrypt or decrypt a desired number of L2-bit unit data.
[0065]
FIG. 5 is a block diagram illustrating a configuration example of a cryptographic processing device that can realize such processing.
5 and 1 indicate the same components. In the cryptographic processing device of FIG. 5, the control unit 71 in the cryptographic processing device of FIG. 1 is replaced with a control unit 71 ′. In addition, the encryption processing device of FIG. 5 includes an input data holding unit 33, a second selection unit 42, and a right rotate circuit 81.
The input data holding unit 33 is an embodiment of the input data holding unit of the present invention.
The second selector 42 is an embodiment of the second selector of the present invention.
The right rotate circuit 81 is an embodiment of the bit rotate means of the present invention.
[0066]
The input data holding unit 33 holds L3-bit data output from the second selection unit 42.
The right rotate circuit 81 shifts the data held in the input data holding unit 33 to the lower bit side by L2 bits and returns data overflowing from the least significant bit to the upper bit side by this bit shift (hereinafter, referred to as “higher bit side”). Right rotation process).
The second selection unit 42 selects the data rotated right by the right rotation circuit 81 or the input data S of L3 bit held in the input register 21 and supplies the selected data to the input data holding unit 33.
[0067]
The first logical operation unit 61 receives the data held in the input data holding unit 33 and the output data of the second data extraction unit 52 and executes a logical operation such as an exclusive OR operation. The result is output to the output register 23.
[0068]
The control unit 71 'performs substantially the same processing as the control unit 71, and the following processing is added. In the initial cycle in which the IV data held in the IV register 22 is held in the IV data holding unit 31, the second selection unit 42 selects the input data S of the input register 21 and sends it to the input data holding unit 33. Hold. Next, a right rotation process of the right rotation circuit 81 is performed on the input data S held in the input data holding unit 33, and the processed data is selected by the second selection unit 42, and the input data holding unit 33 is again operated. 33.
The input data held in the input data holding unit 33 after being rotated rightward and the data output from the second data extraction unit 52 in response to the operation result of the block cipher operation unit 11 are compared with the first data. A logical operation such as exclusive OR is performed in the logical operation unit 61, and L2-bit encrypted data or decrypted data is obtained from the operation result.
[0069]
In the processing cycle following the initial cycle, the output data of the right rotation circuit 81 is set to be selected in the second selection section 42, and the data held in the input data holding section 33 in the previous processing cycle is shifted to the right. The circuit 81 is again rotated rightward and held in the input data holding unit 33.
A logical operation such as exclusive OR is performed on the data after the right rotation and the output data of the second data extracting unit 52, and L2-bit encrypted data or decrypted data is obtained from the operation result. .
[0070]
Here, the operation of the cryptographic processing apparatus of FIG. 5 having the above configuration will be described with reference to FIG.
FIG. 6 is a flowchart for explaining the flow of encryption processing or decryption processing in the encryption processing device of FIG.
[0071]
Step ST201:
The same processing as step ST101 in FIG. 3 is performed. That is, the IV data of the input register 21 is held in the IV data holding unit 31, and the encryption operation of the block cipher operation unit 11 is performed on the IV data.
[0072]
Step ST202:
The L3-bit input data S is selected by the second selector 42 and is stored in the input data storage 33. Next, in the right rotate circuit 81, the held data is right-rotated by L2 bits to the lower bit side, and the data after the right rotate processing is selected in the second selecting unit 42 and held in the input data holding unit 33. Is done. As a result, the input data S held in the input register 21 is held in the input data holding unit 33 in a state where the input data S has been rotated right only once.
The processing in step ST202 can be executed in parallel with the processing in steps ST201, ST203, and ST204.
[0073]
Step ST203:
The same processing as step ST102 in FIG. 3 is performed. That is, in step ST201, L2 bits of data are extracted from the upper bits of the data encrypted by the block cipher operation unit 11 by the second data extraction unit 52, and data having L3 bits with this as the upper bits is extracted. The extracted data is stored in the encrypted data storage unit 32.
[0074]
Step ST204:
The same processing as step ST103 in FIG. 3 is performed. That is, in step ST201, data of L2 bits is extracted by the first data extraction unit 51 from the upper bit side of the data encrypted by the block cipher operation unit 11, and the IV data held in the IV data holding unit 31 is extracted. The data is added to the lower bit side, and the L1 bit data is extracted from the lower bit side of the (L1 + L2) bit data after the addition. The data held in the IV data holding unit 31 is updated to the extracted L1 bit data.
[0075]
Steps ST203 and ST204 can be executed in parallel, similarly to steps ST101 and ST102 in FIG.
[0076]
Step ST205:
A predetermined logical operation such as an exclusive OR operation is performed on the data held in the input data holding unit 33 and the L3-bit data extracted by the second data extracting unit 52 in step ST203 by the first logical operation. This is executed in the unit 61. As a result, encrypted data or decrypted data corresponding to one of the plurality of L2-bit unit data included in the input data S of the input register 21 is generated and held in the output register 23.
[0077]
Step ST206:
Subsequent to the initial cycle of steps ST201 to ST205, a processing cycle of steps ST207 to ST211 described below is repeated. The number of repetitions is determined by the data length (L2 bits) set in the bit number setting register 24 and the data length (L3 bits) of the input data S held in the input register 21, as in the cryptographic processing device of FIG. It is set according to.
When the set number of repetitions has been reached, the processing of the input data S is terminated.
[0078]
Step ST207:
The same processing as in step ST105 in FIG. 3 is performed. That is, the L1 bit data held in the IV data holding unit 31 is supplied to the block cipher operation unit 11, and the encryption operation is executed.
[0079]
Step ST208:
The data after the previous right rotation processing held in the input data holding unit 33 is further rotated right by the right rotation circuit 81, selected by the second selection unit 42, and supplied to the input data holding unit 33. The data held in the input data holding unit 33 is updated to the data after the right rotation processing.
The processing in step ST208 can be executed in parallel with the processing in steps ST207, ST209, and ST210.
[0080]
Step ST209:
The same processing as step ST106 in FIG. 3 is performed. That is, in step ST207, L2 bits of data are extracted by the second data extraction unit 52 from the upper bit side of the data encrypted by the block encryption operation unit 11, and the data stored in the encrypted data storage unit 32 L3 bits of data are extracted from the upper bits of the added (L3 + L2) bits of data added to the upper bits. The data held in the encrypted data holding unit 32 is updated to the extracted L3-bit data.
[0081]
Step ST210:
The same processing as step ST107 in FIG. 3 is performed. That is, in step ST207, L2 bits of data are extracted from the upper bits of the data encrypted by the block cipher operation unit 11 by the first data extraction unit 51, and the lower bits of the data held in the IV data holding unit 31 are extracted. The L1 bit data is extracted from the lower bit side of the (L1 + L2) bit data added to the bit side. The data held in the IV data holding unit 31 is updated to the extracted L1 bit data.
[0082]
Step ST211:
A predetermined logical operation such as an exclusive OR is performed by the first logical operation on the data held in the input data holding unit 33 and the L3-bit data extracted by the second data extracting unit 52 in step ST209. This is executed in the unit 61. Thus, among the plurality of L2-bit unit data included in the input data S of the input register 21, encrypted data or decrypted data corresponding to at least one of the unit data is generated and held in the output register 23.
[0083]
It should be noted that the processes in steps ST210 and ST211 can be executed in parallel, similarly to steps ST203 and ST204.
[0084]
Here, changes in data held in the encrypted data holding unit 32 and the input data holding unit 33 in the encryption processing device in FIG. 5 will be described with reference to a specific example shown in FIG.
Similar to the example of FIG. 4, it is assumed that the L3 bit is four times the L2 bit in the example of FIG. Therefore, the input data S of L3 bits can be divided into four unit data (S0,..., S3) having a length of L2 bits.
[0085]
In step ST202 of the initial cycle, once the right rotation process is performed on the input data S of the input register 21, the unit data S0 on the LSB side is moved to the MSB side in the data held in the input data holding unit 33. (FIG. 7A). Therefore, a logical operation such as an exclusive OR operation is performed between corresponding bits of the unit data S0 shifted to the MSB side and the data E0 of the upper L2 bits in the data output from the second data extracting unit 52. When executed, encrypted data or decrypted data corresponding to the unit data S0 is obtained from the upper L2 bits of the operation result.
[0086]
In step ST208 of the next processing cycle, when the right rotation processing is performed once on the input data S of the input register 21, the unit data S1 on the LSB side is replaced with the data on the MSB side in the data held in the input data holding unit 33. (FIG. 7B). Therefore, when a logical operation such as exclusive OR is performed between corresponding bits of the unit data S1 and data E1 corresponding to the upper L2 bits of data output from the block cipher operation unit 11, the operation result is obtained. , Encrypted data or decrypted data corresponding to the unit data S1 is obtained. Further, the unit data S0 located second from the MSB side of the data held in the input data holding unit 33 and the L2 bit located second from the MSB side of the data output from the second data extraction unit 52 By performing a logical operation on the data E0, encrypted data or decrypted data corresponding to the unit data S0 is also obtained. That is, encrypted data or decrypted data corresponding to two unit data can be obtained at the same time.
[0087]
The same applies to the subsequent processing cycles. The number of times of the right rotation process increases, and the number of encrypted data or decrypted data obtained simultaneously also increases. Finally, the data rotates once by the right rotation processing by the right rotation circuit 81, and the arrangement order of the unit data in the data held in the input data holding unit 33 and the arrangement order of the unit data held in the input register 21 are determined. Are the same, encrypted data or decrypted data corresponding to all unit data included in the input data S can be collectively obtained.
[0088]
As described above, according to the cryptographic processing device shown in FIG. 5, it is possible to sequentially and sequentially output the encrypted data or the decrypted data corresponding to each of the plurality of unit data included in the input data S. Further, by appropriately setting a processing cycle for reading data from the output register 23, a desired number of encrypted data or decrypted data can be collectively read.
[0089]
(Second embodiment)
Although the encryption processing apparatus of FIG. 1 according to the first embodiment can execute the encryption processing and the decryption processing using the OFB mode shown in FIG. 23, the encryption processing apparatus of FIG. In the processing device, in addition to the OFB mode, an encryption process and a decryption process using the CFB mode shown in FIG. 24 can be executed.
[0090]
FIG. 8 is a block diagram illustrating a configuration example of a cryptographic processing device according to the second embodiment of the present invention.
8 and 5 indicate the same components. In the cryptographic processing device of FIG. 8, the control unit 71 'in the cryptographic processing device of FIG. In addition, the cryptographic processing device of FIG. 8 includes a third selecting unit 43 and a second logical operation unit 62.
The third selector 43 is an embodiment of the third selector of the present invention.
The second logical operation unit 62 is an embodiment of the second logical operation unit of the present invention.
[0091]
The second logical operation unit 62 receives the data held in the input data holding unit 33 and the data calculated in the block cipher operation unit 11 and executes a predetermined logical operation such as an exclusive OR.
[0092]
The third selection unit 43 selects the data held in the input data holding unit 33, the data calculated in the second logical operation unit 62, or the data calculated in the block cipher operation unit 11, and selects the first data. Is supplied to the data extraction unit 51.
[0093]
The first data extraction unit 51 extracts L2 bits of data from the upper bits of the data selected by the third selection unit 43, and extracts the lower bits of the data held in the IV data holding unit 31. , And extracts L1 bit data from the lower bit side of the (L1 + L2) bit data after the addition, and outputs the extracted data to the first selector 41.
[0094]
The control unit 72 performs various controls for performing encryption or decryption in the OFB mode or the CFB mode.
In any of the operation modes, first, the data length (L2) of the upper bit extracted by the first data extraction unit 51 and the second data extraction unit 52 according to the value set in the data length setting register 24. Bit). Further, in order to generate output data R corresponding to the input data S in accordance with the set data length (L2 bits) and the data length of the input data S held in the input register 21 (L3 bits). The number of times that the block cipher operation unit 11 performs the operation process is determined.
[0095]
When the encryption process in the CFB mode is performed, in the initial cycle, the first selector 41 selects the IV data of the IV register 22 and causes the IV data holding unit 31 to hold the IV data. To perform an encryption operation. Next, the data output from the second data extraction unit 52 in response to the operation result of the block cipher operation unit 11 is stored in the encrypted data storage unit 32. Further, the second selection unit 42 selects the input data S of the input register 21 and stores the input data S in the input data holding unit 33, and executes the right rotation processing of the right rotation circuit 81 on the held data. The data is made to be selected by the second selecting unit 42 and held by the input data holding unit 33. The first logical operation is performed on the input data rotated right and held in the input data holding unit 33 and the data output from the second data extraction unit 52 in response to the operation result of the block cipher operation unit 11. A logical operation such as an exclusive OR operation is performed in the unit 61, and L2-bit encrypted data or decrypted data is obtained from the operation result. Further, the third selector 43 receives the data after the right rotation processing held in the input data holding unit 33 and the operation result of the block cipher operation unit 11 and outputs the operation result output from the second logical operation unit 62. And the data is supplied to the first data extraction unit 51. In response to the supply data, the data output from the first data extraction unit 51 is selected by the first selection unit 41 and held in the IV data holding unit 31, and is supplied to the block cipher operation unit 11 in the next cycle. Prepare the data to be prepared.
In the processing subsequent to this initial cycle, the first selector 41 selects the output data of the first data extractor 51, and the second selector 42 selects the data after the processing by the right rotate circuit 81. Then, the same processing as the above-described initial cycle is repeated a set number of times.
[0096]
When the CFB mode decoding process is performed, in the initial cycle, the first selection unit 41 selects the IV data of the IV register 22 and stores the selected data in the IV data storage unit 31. It is supplied to the cryptographic operation unit 11 to execute an encryption operation. Next, the data output from the second data extraction unit 52 in response to the operation result of the block cipher operation unit 11 is stored in the encrypted data storage unit 32. Further, the second selection unit 42 selects the input data S of the input register 21 and stores the input data S in the input data holding unit 33, and executes the right rotation processing of the right rotation circuit 81 on the held data. The data is made to be selected by the second selecting unit 42 and held by the input data holding unit 33. The first logical operation is performed on the input data rotated right and held in the input data holding unit 33 and the data output from the second data extraction unit 52 in response to the operation result of the block cipher operation unit 11. A logical operation such as an exclusive OR operation is performed in the unit 61, and L2-bit encrypted data or decrypted data is obtained from the operation result. The above is the same as the encryption processing in the CFB mode. In the decoding process in the CFB mode, the data after the right rotation process held in the input data holding unit 33 is selected by the third selecting unit 43 and supplied to the first data extracting unit 51. The data output from the first data extraction unit 51 is selected by the first selection unit 41 and held in the IV data holding unit 31, so that the data supplied to the block cipher operation unit 11 in the next cycle is Get ready.
In the processing subsequent to this initial cycle, the first selector 41 selects the output data of the first data extractor 51, and the second selector 42 selects the data after the processing by the right rotate circuit 81. Then, the same processing as the above-described initial cycle is repeated a set number of times.
[0097]
When performing the encryption process or the decryption process in the OFB mode, the third selection unit 43 is set to a state where the operation result of the block cipher operation unit 11 is selected. Other controls are the same as those of the control unit 71 'in FIG.
[0098]
Here, the operation of the cryptographic processing apparatus of FIG. 8 having the above-described configuration will be described with reference to FIGS.
FIG. 9 is a flowchart for explaining the flow of the encryption processing in the CFB mode in the encryption processing device of FIG.
FIG. 10 shows signals that become valid or invalid when the CFB mode encryption processing is performed in the encryption processing device of FIG.
FIG. 11 shows signals that become valid or invalid when the decryption process in the CFB mode is performed in the cryptographic processing device in FIG.
FIG. 12 shows signals that become valid or invalid when the encryption processing or decryption processing in the OFB mode is performed in the encryption processing apparatus in FIG.
In FIGS. 10 to 12 and FIG. 8, the same reference numerals indicate the same components, and the signal indicated by a solid line indicates a valid signal, and the signal indicated by a dotted line indicates an invalid signal. ing.
[0099]
First, a case where the encryption processing in the CFB mode is performed will be described.
In this case, as shown in FIG. 10, the output signal from the second logical operation unit 62 is selected by the third selection unit 43 and supplied to the first data extraction unit 51.
[0100]
Step ST301:
The same processing as step ST201 in FIG. 6 is performed. That is, the IV data of the input register 21 is held in the IV data holding unit 31, and the encryption operation of the block cipher operation unit 11 is performed on the IV data.
[0101]
Step ST302:
The same processing as step ST202 in FIG. 6 is performed. That is, the input data S of L3 bits is selected by the second selector 42 and is stored in the input data storage 33. Next, in the right rotate circuit 81, the held data is right-rotated by L2 bits to the lower bit side, and the data after the right rotate processing is selected in the second selecting unit 42 and held in the input data holding unit 33. Is done. As a result, the input data S held in the input register 21 is held in the input data holding unit 33 in a state where the input data S has been rotated right only once.
The processing in step ST302 can be executed in parallel with the processing in steps ST301 and ST303.
[0102]
Step ST303:
The same processing as step ST203 in FIG. 6 is performed. That is, in step ST301, L2 bits of data are extracted from the upper bits of the data encrypted by the block cipher operation unit 11 by the second data extraction unit 52, and data having L3 bits with this as the upper bits is extracted. The extracted data is stored in the encrypted data storage unit 32.
[0103]
Step ST304:
The second logical operation unit 62 performs an exclusive logic operation on the data encrypted by the block encryption operation unit 11 in step ST301 and the data held in the input data storage unit 33 after the right rotation processing in step ST302. A logical operation such as a sum is executed, and the operation result is selected by the third selecting unit 43 and supplied to the first data extracting unit 51. In the first data extraction unit 51, L2 bits of data are extracted from the upper bits of the supplied data, added to the lower bits of the IV data held in the IV data holding unit 31, and added. Data of L1 bits is extracted from the lower bits of (L1 + L2) bits of data. The extracted data is selected by the first selection unit 41 and supplied to the IV data holding unit 31. The data held in the IV data holding unit 31 is updated to the extracted L1 bit data.
Note that the process of step ST304 can be executed in parallel with the processes of step ST303 and step ST305.
[0104]
Step ST305:
A predetermined logical operation such as exclusive OR is performed on the data after the right rotation processing held in the input data holding unit 33 and the L3-bit data extracted by the second data extracting unit 52 in step ST303. This is executed in the first logical operation unit 61. As a result, encrypted data or decrypted data corresponding to one of the plurality of L2-bit unit data included in the input data S of the input register 21 is generated and held in the output register 23.
[0105]
Step ST306:
Subsequent to the initial cycle of steps ST301 to ST305, a processing cycle of steps ST307 to ST311 described below is repeated. The number of repetitions is determined by the data length (L2 bits) set in the bit number setting register 24 and the data length (L3 bits) of the input data S held in the input register 21, as in the cryptographic processing device of FIG. It is set according to.
When the set number of repetitions has been reached, the processing of the input data S is terminated.
[0106]
Step ST307:
The same processing as step ST207 in FIG. 6 is performed. That is, the L1 bit data held in the IV data holding unit 31 is supplied to the block cipher operation unit 11, and the encryption operation is executed.
[0107]
Step ST308:
The same processing as step ST208 in FIG. 6 is performed. That is, the data after the previous right rotation processing held in the input data holding unit 33 is further rotated right by the right rotation circuit 81, selected by the second selection unit 42, and supplied to the input data holding unit 33. You. The data held in the input data holding unit 33 is updated to the data after the right rotation processing.
The processing in step ST308 can be executed in parallel with the processing in steps ST307 and ST309.
[0108]
Step ST309:
The same processing as step ST209 in FIG. 6 is performed. That is, in step ST307, data of L2 bits is extracted by the second data extraction unit 52 from the upper bit side of the data encrypted by the block encryption operation unit 11, and the data stored in the encrypted data storage unit 32 L3 bits of data are extracted from the upper bits of the added (L3 + L2) bits of data added to the upper bits. The data held in the encrypted data holding unit 32 is updated to the extracted L3-bit data.
[0109]
Step ST310:
The second logical operation unit 62 excludes the data encrypted by the block encryption operation unit 11 in step ST307 and the data held in the input data holding unit 33 after the right rotation processing in the previous processing cycle. A logical operation such as a logical OR is executed, and the result of the operation is selected by the third selecting unit 43 and supplied to the first data extracting unit 51. In the first data extraction unit 51, L2 bits of data are extracted from the upper bits of the supplied data, added to the lower bits of the IV data held in the IV data holding unit 31, and added. Data of L1 bits is extracted from the lower bits of (L1 + L2) bits of data. The extracted data is selected by the first selection unit 41 and supplied to the IV data holding unit 31. The data held in the IV data holding unit 31 is updated to the extracted L1 bit data.
Note that the process of step ST310 can be executed in parallel with the processes of step ST309 and step ST311.
[0110]
Step ST311:
A predetermined logical operation such as exclusive OR is performed on the data after the right rotation processing held in the input data holding unit 33 and the L3-bit data extracted by the second data extracting unit 52 in step ST309. This is executed in the first logical operation unit 61. Thereby, encrypted data corresponding to at least one of the plurality of L2-bit unit data included in the input data S of the input register 21 is generated and held in the output register 23.
[0111]
Although the above-mentioned processing flow relates to the encryption processing in the CFB mode, the same processing is executed also in the decryption processing in the CFB mode. However, in the decoding process in the CFB mode, as shown in FIG. 11, the data held in the input data holding unit 33 is selected by the third selecting unit 43 and supplied to the first data extracting unit 51. It is different from the case of encryption processing. That is, in the above-described steps ST304 and ST310, the first data extraction unit 51 performs an extraction process from the data after the right rotation process held in the input data holding unit 33, and performs a block cipher operation in the next processing cycle. Data to be supplied to the unit 11 is generated. Other steps are the same as in the case of the encryption processing.
[0112]
When the encryption process or the decryption process in the OFB mode is performed, the operation result of the block cipher operation unit 11 is selected in the third selection unit 43 and the first data is It is supplied to the extraction unit 51. Therefore, the configuration in the connection state of FIG. 12 is equivalent to the cryptographic processing device of FIG. In this connection state, processing similar to that of the control unit 71 'in FIG. 5 is executed in the control unit 72, and the same OFB mode processing as that of the cryptographic processing apparatus in FIG. 5 is realized.
[0113]
As described above, the cryptographic processing device shown in FIG. 8 has a simple configuration in which the third selecting unit 43 and the second logical operation unit 62 are added to the cryptographic processing device of FIG. , And CFB mode processing in addition to OFB mode.
[0114]
In the CFB mode, similarly to the OFB mode in the cryptographic processing apparatus in FIG. 5, encrypted data or decrypted data corresponding to each of a plurality of unit data included in the input data S is output sequentially and sequentially. can do. If a processing cycle for reading data from the output register 23 is appropriately set, a desired number of encrypted data or decrypted data can be read at once.
[0115]
(Third embodiment)
The cryptographic processing device of FIG. 8 according to the second embodiment can execute the OFB mode and CFB mode processing, but the cryptographic processing device of FIG. 13 according to the third embodiment described below performs these operations. In addition to the mode, processing in the ECB mode shown in FIG. 21 and the processing in the CBC mode shown in FIG. 22 can also be executed.
[0116]
FIG. 13 is a block diagram illustrating a configuration example of a cryptographic processing device according to the third embodiment of the present invention.
The same reference numerals in FIGS. 13 and 8 indicate the same components. In the cryptographic processing device of FIG. 13, the control unit 72 in the cryptographic processing device of FIG. In addition, the cryptographic processing device of FIG. 13 includes a fourth selector 44, a fifth selector 45, a third logical operation unit 63, and a fourth logical operation unit 64.
The fourth selector 44 is an embodiment of the fourth selector of the present invention.
The fifth selector 45 is one embodiment of the fifth selector of the present invention.
The third logical operation unit 63 is an embodiment of the third logical operation means of the present invention.
The fourth logical operation unit 64 is an embodiment of the fourth logical operation unit of the present invention.
[0117]
The third logical operation unit 63 receives the data held in the IV data holding unit 31 and the data held in the input data holding unit 33, and executes a predetermined logical operation such as exclusive OR.
[0118]
The fourth selection unit 44 selects the data held in the IV data holding unit 31, the data held in the input data holding unit 33, or the data calculated in the third logical operation unit 63, and selects the block cipher. It is supplied to the operation unit 11.
[0119]
The block cipher operation unit 11 performs an encryption operation or a decryption operation on the data supplied from the fourth selection unit 44 based on the given key data.
[0120]
The fourth logical operation unit 64 receives the data held in the IV data holding unit 31 and the data calculated in the block cipher operation unit 11 and executes a predetermined logical operation such as exclusive OR.
[0121]
The fifth selector 45 selects the data calculated by the first logical calculator 61, the data calculated by the block cipher calculator 11, or the data calculated by the fourth logical calculator 64, Output to the output register 23.
[0122]
The control unit 73 performs various controls for performing encryption or decryption in the ECB mode, the CBC mode, the OFB mode, or the CFB mode.
[0123]
Here, an operation in each operation mode of the cryptographic processing apparatus of FIG. 8 having the above-described configuration will be described with reference to FIGS.
FIG. 14 shows signals that become valid or invalid when the encryption processing or the decryption processing in the ECB mode is performed in the encryption processing apparatus in FIG.
FIG. 16 shows signals that become valid or invalid when the encryption processing in FIG. 13 performs the encryption processing in the CBC mode.
FIG. 17 shows signals that become valid or invalid when the decryption processing in the CBC mode is performed in the cryptographic processing device in FIG. 13.
FIG. 18 shows signals that become valid or invalid when the encryption processing or decryption processing in the OFB mode is performed in the encryption processing apparatus in FIG.
FIG. 19 shows signals that become valid or invalid when the encryption processing in the CFB mode is performed in the cryptographic processing apparatus in FIG. 13.
FIG. 20 shows signals that are valid or invalid when the decryption encryption processing in the CFB mode is performed in the encryption processing device in FIG.
14 and FIGS. 16 to 20 and FIG. 13, the same reference numerals denote the same components, the signal indicated by a solid line is a valid signal, and the signal indicated by a dotted line is an invalid signal. Are respectively shown.
[0124]
<Encryption processing and decryption processing in ECB mode>
When the encryption or decryption processing in the ECB mode is performed, as shown in FIG. 14, the input register 21, the second selection unit 42, the input data holding unit 33, the fourth selection unit 44, the block encryption operation unit 11, the fifth selecting unit 45 and the output register 23 are enabled, and the IV register 22, the IV data holding unit 31, the encrypted data holding unit 32, the first selecting unit 41, the third selecting unit 43, and the first Data extraction unit 51, second data extraction unit 52, first logical operation unit 61, second logical operation unit 62, third logical operation unit 63, fourth logical operation unit 64, and right rotate circuit 81 Becomes invalid.
[0125]
In this case, the input data of the input register 21 is selected by the second selection unit 42 and supplied to the input data holding unit 33, and the input data held by the input data holding unit 33 is selected by the fourth selection unit 44. Is supplied to the block cipher operation unit 11 to be encrypted or decrypted. The operation result of the block cipher operation unit 11 is selected by the fifth selection unit 45 and output to the output register 23. That is, the input data held in the input register 21 is supplied to the block cipher operation unit 11 as it is, and an operation of encryption or decryption is executed, and the operation result is output to the output register 23.
Therefore, the data length (L3 bits) of the input data held in the input register 21 is equal to the data length (L1 bits) processed in the block cipher operation unit 11. For example, when “L1 = L3 = 64 bits”, as shown in FIG. 15, 64-bit encrypted data or decrypted data corresponding to the 64-bit input data stored in the input register is stored in the output register 23. Is done.
[0126]
<Encryption processing in CBC mode>
When the encryption process in the CBC mode is performed, as shown in FIG. 16, the block cipher operation unit 11, the input register 21, the IV register 22, the output register 23, the IV data holding unit 31, the input data holding unit 33, and the first Selection unit 41, second selection unit 42, third selection unit 43, fourth selection unit 44, fifth selection unit 45, first data extraction unit 51, and third logical operation unit 63 are valid. And the encrypted data holding unit 32, the second data extracting unit 52, the first logical operating unit 61, the second logical operating unit 62, the fourth logical operating unit 64, and the right rotate circuit 81 are disabled. Become.
[0127]
In this case, first, in the initial cycle in which the encrypted data corresponding to the first input data is generated, the IV data of the IV register 22 is selected by the first selection unit 41 and held in the IV data holding unit 31. At the same time, the input data of the input register 21 is selected in the second selection 42 and is held in the input data holding unit 33. Then, the IV data held in the IV data holding unit 31 and the input data held in the input data holding unit 33 are input to the third logical operation unit 63, and a logical operation such as an exclusive OR is executed. . The operation result of the third logical operation unit 63 is selected by the fourth selection unit 44 and supplied to the block cipher operation unit 11, where the operation of encryption is executed, and the operation result is stored in the fifth selection unit 45. And output to the output register 23.
[0128]
In this initial cycle, the operation result of the block cipher operation unit 11 is selected by the third selection unit 43 and is also supplied to the first data extraction unit 51. In this case, in the first data extraction unit 51, unlike the operation of the cryptographic processing device of FIG. 1 and the like described above, the L1 bit data output from the block cipher operation unit 11 is directly used by the first selection unit. It is output to 41. In the first selection unit 41, the data output from the first data extraction unit 51 (ie, the operation result of the block cipher operation unit 11) is selected and held in the IV data holding unit 31, and in the next processing cycle It is prepared to generate data to be supplied to the block cipher operation unit 11.
[0129]
In a cycle following the initial cycle in which encrypted data corresponding to the second and subsequent input data is generated, in a state where the data output from the first data extraction unit 51 is selected in the first selection unit 41, Processing equivalent to the above-described initial cycle is executed. That is, the operation result of the block cipher operation unit 11 is directly output to the output register 23, and the operation result is used for generating data to be supplied to the block cipher operation unit 11 in the next cycle.
[0130]
<Decoding process in CBC mode>
When the decryption process in the CBC mode is performed, as shown in FIG. 17, the block cipher operation unit 11, the input register 21, the IV register 22, the output register 23, the IV data holding unit 31, the input data holding unit 33, the first Selection unit 41, second selection unit 42, third selection unit 43, fourth selection unit 44, fifth selection unit 45, first data extraction unit 51, and fourth logical operation unit 64 are valid. And the encrypted data holding unit 32, the second data extracting unit 52, the first logical operating unit 61, the second logical operating unit 62, the third logical operating unit 63, and the right rotate circuit 81 are disabled. Become.
[0131]
In this case, first, in the initial cycle in which the encrypted data corresponding to the first input data is generated, the IV data of the IV register 22 is selected by the first selection unit 41 and held in the IV data holding unit 31. At the same time, the input data of the input register 21 is selected in the second selection 42 and is held in the input data holding unit 33. The IV data held in the IV data holding unit 31 is selected by the fourth selection unit 44 and supplied to the block cipher operation unit 11, where the encryption operation is executed. The operation result and the IV data held in the IV data holding unit 31 are input to the fourth logical operation unit 64 to execute an operation such as exclusive OR, and the operation result is output to the fifth selection unit 45. And output to the output register 23.
[0132]
In this initial cycle, the input data held in the input data holding unit 33 is selected by the third selection unit 43 and supplied to the first data extraction unit 51. In the case of the encryption processing in the CBC mode, Similarly, the data of L1 bits held in the input register 21 is output to the first selector 41 as it is. In the first selector 41, the data output from the first data extractor 51 (that is, the input data held in the input data holder 33) is selected and held in the IV data holder 31. It is prepared as data to be supplied to the block cipher operation unit 11 in a processing cycle.
[0133]
In a cycle following the initial cycle in which encrypted data corresponding to the second and subsequent input data is generated, in a state where the data output from the first data extraction unit 51 is selected in the first selection unit 41, Processing equivalent to the above-described initial cycle is executed. That is, the input data of the previous cycle held in the input data holding unit 33 is supplied to the block cipher operation unit 11 in the next cycle as it is.
[0134]
In the above-described encryption and decryption processing in the CBC mode, the data length (L3 bits) of the input data held in the input register 21 is processed in the block encryption operation unit 11 as in the case of the ECB mode. Data length (L1 bit). That is, as shown in FIG. 15, L1 bit encrypted data or decryption corresponding to the L1 bit input data held in the input register is generated and held in the output register 23.
[0135]
<Encryption processing and decryption processing in OFB mode>
When encryption processing and decryption processing in the OFB mode are performed, as shown in FIG. 18, the block cipher operation unit 11, the input register 21, the IV register 22, the output register 23, the IV data holding unit 31, and the encrypted data holding Unit 32, input data holding unit 33, first selection unit 41, second selection unit 42, third selection unit 43, fourth selection unit 44, fifth selection unit 45, first data extraction unit 51, the second data extraction unit 52, the first logical operation unit 61, and the right rotate circuit 81 are enabled, and the second logical operation unit 62, the third logical operation unit 63, and the fourth logical operation unit 64 Becomes invalid.
[0136]
In this case, the data stored in the IV data storage unit 31 is selected by the fourth selection unit 44 and supplied to the block cipher operation unit 11, and the operation result of the first logical operation unit 61 is selected by the fifth selection unit 45. Then, the result is output to the output register 23, and the operation result of the block cipher operation unit 11 is selected by the third selection unit 43 and output to the first data extraction unit 51. The connection state shown in FIG. 18 is equivalent to the connection state shown in FIG. 12 of the cryptographic processing device shown in FIG. Therefore, by performing the same control in the control unit 73 as in the OFB mode in the cryptographic processing apparatus of FIG. 8, it is possible to realize the same OFB mode processing as in the cryptographic processing apparatus of FIG.
[0137]
<CFB mode encryption processing>
When the encryption processing in the CFB mode is performed, as shown in FIG. 19, the block cipher operation unit 11, the input register 21, the IV register 22, the output register 23, the IV data holding unit 31, the encrypted data holding unit 32, the input data Data holding unit 33, first selection unit 41, second selection unit 42, third selection unit 43, fourth selection unit 44, fifth selection unit 45, first data extraction unit 51, second data The data extraction unit 52, the first logical operation unit 61, the second logical operation unit 62, and the right rotate circuit 81 are in the valid state, and the third logical operation unit 63 and the fourth logical operation unit 64 are in the invalid state. Become.
[0138]
In this case, the data stored in the IV data storage unit 31 is selected by the fourth selection unit 44 and supplied to the block cipher operation unit 11, and the operation result of the first logical operation unit 61 is selected by the fifth selection unit 45. Then, the result is output to the output register 23, and the operation result of the second logical operation unit 62 is selected by the third selection unit 43 and output to the first data extraction unit 51. The connection state of FIG. 19 is equivalent to the connection state of the cryptographic processing device of FIG. 8 shown in FIG. Therefore, the same control as in the case of the encryption processing in the CFB mode in the encryption processing apparatus of FIG. 8 is performed in the control unit 73, thereby realizing the same encryption processing in the CFB mode as in the encryption processing apparatus of FIG. Becomes possible.
[0139]
<Decoding process in CFB mode>
When the decryption process in the CFB mode is performed, as shown in FIG. 20, the block cipher operation unit 11, the input register 21, the IV register 22, the output register 23, the IV data holding unit 31, the encrypted data holding unit 32, the input data Data holding unit 33, first selection unit 41, second selection unit 42, third selection unit 43, fourth selection unit 44, fifth selection unit 45, first data extraction unit 51, second data The data extraction unit 52, the first logical operation unit 61, and the right rotate circuit 81 are in the valid state, and the second logical operation unit 62, the third logical operation unit 63, and the fourth logical operation unit 64 are in the invalid state. Become.
[0140]
In this case, the data stored in the IV data storage unit 31 is selected by the fourth selection unit 44 and supplied to the block cipher operation unit 11, and the operation result of the first logical operation unit 61 is selected by the fifth selection unit 45. Then, the data is output to the output register 23, and the data held in the input data holding unit 33 is selected by the third selecting unit 43 and output to the first data extracting unit 51. The connection state shown in FIG. 20 is equivalent to the connection state shown in FIG. 11 of the cryptographic processing device shown in FIG. Therefore, the same control as in the case of the decryption process of the CFB mode in the cryptographic processing device of FIG. 8 is performed in the control unit 73, thereby realizing the same decryption process of the CFB mode as the cryptographic processing device of FIG. Becomes possible.
[0141]
As described above, according to the encryption processing device shown in FIG. 13, the fourth selection unit 44, the fifth selection unit 45, the third logical operation unit 63, and the fourth With the simple configuration in which the logical operation unit 64 is added, it is possible to perform processing in the ECB mode and the CBC mode in addition to the processing in the OFB mode and the CFB mode. Therefore, when a unit that performs, for example, an encryption or decryption operation of the DES encryption method is applied as the block encryption operation unit 11, according to the encryption processing device illustrated in FIG. 13, the four operation modes defined in the FIPS 81 are changed. All can be realized.
[0142]
Note that the present invention is not limited to the embodiment described above.
For example, the distinction between “upper” and “lower” of a bit string used in the description of the embodiment of the present invention is obtained by appropriately defining one end of a bit string of data to be processed as “upper”. Means that the end of the bit string is regarded as “lower” and distinguished, and that the “upper” and “lower” of the bit string are limited according to the data content and value, the order in which the data is transmitted, etc. Not.
[0143]
【The invention's effect】
According to the present invention, firstly, when sequentially encrypting or decrypting a plurality of data having a shorter data length than the unit block data using the block encryption method, the processing time can be further reduced. Thus, the processing load of software can be reduced.
Secondly, it is possible to execute processing in a plurality of operation modes with a simple configuration.
[Brief description of the drawings]
FIG. 1 is a block diagram illustrating a configuration example of a cryptographic processing device according to a first embodiment of the present invention.
FIG. 2 is a first diagram for explaining a correspondence relationship between data held in an input register and data held in an output register.
FIG. 3 is a flowchart illustrating a flow of an encryption process or a decryption process in the encryption processing device of FIG. 1;
FIG. 4 is a diagram illustrating a change in data held in an encrypted data holding unit.
FIG. 5 is a block diagram illustrating another configuration example of the cryptographic processing device according to the first embodiment of the present invention.
FIG. 6 is a flowchart illustrating a flow of an encryption process or a decryption process in the encryption processing device of FIG. 5;
FIG. 7 is a diagram for explaining changes in data held in an encrypted data holding unit and an input data holding unit.
FIG. 8 is a block diagram illustrating a configuration example of a cryptographic processing device according to a second embodiment of the present invention.
FIG. 9 is a flowchart illustrating a flow of a CFB mode encryption process in the encryption processing device of FIG. 8;
10 is a diagram illustrating signals that are valid or invalid when the encryption processing in the CFB mode is performed in the encryption processing device of FIG. 8;
11 is a diagram illustrating signals that become valid or invalid when a decryption process in the CFB mode is performed in the cryptographic processing device in FIG. 8;
12 is a diagram illustrating signals that become valid or invalid when the encryption processing or the decryption processing in the OFB mode is performed in the encryption processing apparatus in FIG. 8;
FIG. 13 is a block diagram illustrating a configuration example of a cryptographic processing device according to a third embodiment of the present invention.
14 is a diagram illustrating signals that are enabled or disabled when an encryption process or a decryption process in the ECB mode is performed in the encryption processing device in FIG. 13;
FIG. 15 is a second diagram illustrating a correspondence between data held in an input register and data held in an output register.
16 is a diagram illustrating signals that become valid or invalid when encryption processing in the CBC mode is performed in the encryption processing device in FIG. 13;
17 is a diagram illustrating signals that are valid or invalid when the CBC mode decryption processing is performed in the cryptographic processing device of FIG. 13;
18 is a diagram illustrating signals that are valid or invalid when the encryption processing or the decryption processing in the OFB mode is performed in the encryption processing apparatus in FIG. 13;
19 is a diagram illustrating signals that become valid or invalid when the encryption processing in the CFB mode is performed in the encryption processing device in FIG. 13;
20 is a diagram illustrating signals that become valid or invalid when the decryption encryption processing in the CFB mode is performed in the encryption processing device in FIG. 13;
FIG. 21 is a diagram for describing an outline of an ECB mode.
FIG. 22 is a diagram for describing an overview of a CBC mode.
FIG. 23 is a diagram for describing an outline of an OFB mode.
FIG. 24 is a diagram illustrating an overview of a CFB mode.
[Explanation of symbols]
11: Block cipher operation unit, 21: Input register, 22: IV register, 23: Output register, 24: Data length setting register, 31: IV data holding unit, 32: Encrypted data holding unit, 33: Input data holding unit 41, a first selector, 42, a second selector, 43, a third selector, 44, a fourth selector, 45, a fifth selector, 51, a first data extractor, 52: second data extraction unit, 61: first logical operation unit, 62: second logical operation unit, 63: third logical operation unit, 64: fourth logical operation unit, 71, 71 ', 72, 73: control unit, 81: right rotate circuit.

Claims (11)

Block cipher operation means for encrypting the supplied first data length data based on the supplied key data;
Initial data holding means capable of holding data having the first data length;
Data of a second data length shorter than the first data length is extracted from the higher bit side of the data calculated by the block cipher calculating means, and the lower bit of the data held by the initial data holding means is extracted. First data extracting means for extracting the data of the first data length from the lower bit side of the added data and outputting the extracted data.
First selection means for selecting data output from the first data extraction means or supplied initial data and supplying the selected data to the initial data holding means;
Encrypted data holding means capable of holding data having a third data length longer than the second data length;
The data corresponding to the second data length is extracted from the upper bits of the data calculated by the block cipher calculator, and added to the upper bits of the data held in the encrypted data holding means. Second data extracting means for extracting and outputting data of the third data length from the upper bit side of the subsequent data;
Logic operation means for receiving input data having the third data length and output data of the second data extraction means and executing a predetermined logic operation;
In the initial cycle, the first selecting means selects the initial data, causes the initial data holding means to hold the initial data, supplies the held data of the initial data holding means to the block cipher operation means, and executes the operation. Receiving the operation result of the block cipher operation means, holding the data output from the second data extracting means in the encrypted data holding means, receiving the operation result of the block cipher operation means, The data output from the first data extracting means is selected by the first selecting means and held in the initial data holding means. In the processing subsequent to the initial cycle, the first data is sent to the first selecting means. In a state where the output data of the extracting means is selected, the number of cycles corresponding to the second data length and the third data length is equal to the initial cycle. And a control means for repeating the same process and,
In the last processing cycle of the control means, receiving the operation result of the block operation means, the data output from the second data extraction means and the input data are calculated by the logic operation means, Output as encrypted data or decrypted data corresponding to the input data,
Cryptographic processing unit. Input data holding means capable of holding data having the third data length;
Bit rotating means for shifting the data held in the input data holding means to the lower bits by the second data length, and returning data overflowing from the least significant bits to the upper bits by the shift;
Second selecting means for selecting the data processed by the bit rotating means or the input data to be supplied and supplying the selected data to the input data holding means,
The logic operation means receives the data held in the input data holding means and the output data of the second data extraction means, and executes the predetermined logic operation;
In the initial cycle, the control means causes the second selection means to select the input data and causes the input data holding means to hold the input data, and the bit rotation means for the held data of the input data holding means. Is performed, and the processed data is selected by the second selection means and held by the input data holding means. In a processing cycle following the initial cycle, the data processed by the bit rotation means is processed. Is selected by the second selection means and held by the input data holding means,
In each processing cycle of the control means, in response to the operation result of the block operation means, the data output from the second data extraction means and the data held in the input data holding means are operated by the logic operation means. Among the results obtained, at least data of the second data length is used as encrypted data or decrypted data corresponding to unit data having one or more second data lengths included in the input data. Output,
The cryptographic processing device according to claim 1. Block cipher operation means for encrypting the supplied first data length data based on the supplied key data;
Initial data holding means capable of holding data having the first data length;
Data of the second data length is extracted from the upper bit side of the supplied data and added to the lower bit side of the data held in the initial data holding means, and from the lower bit side of the data after the addition. First data extraction means for extracting and outputting data of the first data length;
First selection means for selecting data output from the first data extraction means or supplied initial data and supplying the selected data to the initial data holding means;
Encrypted data holding means and input data holding means capable of holding data having a third data length longer than the second data length;
The data corresponding to the second data length is extracted from the upper bits of the data calculated by the block cipher calculator, and added to the upper bits of the data held in the encrypted data holding means. Second data extracting means for extracting and outputting data of the third data length from the upper bit side of the subsequent data;
Bit rotating means for shifting the data held in the input data holding means to the lower bits by the second data length, and returning data overflowing from the least significant bits to the upper bits by the shift;
Second selecting means for selecting the data processed by the bit rotating means or the input data having the third data length and supplying the selected data to the input data holding means;
First logic operation means for receiving a data held in the input data holding means and output data of the second data extraction means and executing a predetermined logic operation;
A second logical operation unit that receives the data held in the input data holding unit and the data calculated in the block cipher operation unit, and executes the predetermined logical operation;
Third selection means for selecting the data held in the input data holding means or the data calculated in the second logic operation means and supplying the selected data to the first data extraction means;
When performing the encryption processing in the first operation mode, in the initial cycle, the first selection means selects the initial data and causes the initial data holding means to hold the initial data. Is supplied to the block cipher operation means to execute the operation, and the data output from the second data extraction means in response to the operation result of the block cipher operation means is held in the encrypted data holding means, The second selection means selects the input data, causes the input data holding means to hold the input data, and causes the bit data rotating means to perform processing on the held data of the input data holding means. The data is selected by the second selecting means and held by the input data holding means, and the held data of the input data holding means and the block The third selection means selects the operation result of the second logical operation means receiving the operation result of the encryption operation means and supplies the result to the first data extraction means. The data outputted from the first data extracting means is selected by the first selecting means and held in the initial data holding means. In the processing subsequent to the initial cycle, the first selecting means causes the first selecting means to select the first data. The number of cycles corresponding to the second data length and the third data length in a state where the output data of the data extracting means is selected by the second selecting means and the processing data of the bit rotating means, respectively. Only, the same process as the above initial cycle is repeated,
When performing the decoding process in the first operation mode, in the initial cycle, the first selection means selects the initial data and causes the initial data holding means to hold the initial data. The stored data is supplied to the block cipher operation means to execute the operation, and the data output from the second data extracting means in response to the operation result of the block cipher operation means is transmitted to the encrypted data holding means. Causing the second selection means to select the input data, causing the input data holding means to hold the input data, and causing the bit data rotating means to perform processing on the held data of the input data holding means; The processed data is selected by the second selection means and held by the input data holding means, and the held data is selected by the third selection means. Receiving the supplied data, causing the first selection means to select data output from the first data extraction means, and causing the initial data holding means to hold the data, In a process following the initial cycle, in a state where the output data of the first data extraction unit is selected by the first selection unit and the processing data of the bit rotation unit is selected by the second selection unit, Control means for repeating a process equivalent to the initial cycle by the number of cycles corresponding to the second data length and the third data length,
In each processing cycle of the control means, the data output from the second data extraction means in response to the operation result of the block operation means, and the data output from the bit rotation means held in the input data holding means. And at least one second data length included in the input data among at least the data of the second data length among the results obtained by the first logical operation means. Output as encrypted data or decrypted data corresponding to the unit data,
Cryptographic processing unit. The third selecting means can select the operation result of the block cipher operation means and supply it to the first data extracting means,
When performing the encryption process or the decryption process in the second operation mode, the control unit causes the second selection unit to select the input data and cause the input data holding unit to hold the input data. Causing the first selection means to select the initial data and cause the initial data holding means to hold the initial data; supplying the held data of the initial data holding means to the block cipher operation means to execute the operation; The data output from the second data extraction means in response to the operation result of the operation means is held in the encrypted data holding means, and the operation result of the block cipher operation means is selected by the third selection means. The data is supplied to the first data extracting means, and the data output from the first data extracting means in response to the supplied data is received by the first selecting means. In the initial data holding means, and in a process subsequent to the initial cycle, in a state where the first selecting means selects the output data of the first data extracting means, the first data A process equivalent to the initial cycle is repeated by the number of cycles corresponding to the length and the second data length,
In the last processing cycle of the control means, the data output from the second data extraction means in response to the operation result of the block operation means and the input data held in the input data holding means are stored in the first data cycle. Outputting the result calculated by the logical operation means as encrypted data or decrypted data corresponding to the input data;
The cryptographic processing device according to claim 3. When performing the encryption processing or the decryption processing in the second operation mode, the control means causes the second selection means to select the input data in the initial cycle and causes the input data holding means to hold the input data. Causing the input data holding means to perform the processing of the bit rotation means on the held data, causing the second selection means to select the processed data, and causing the input data holding means to hold the data, In a processing cycle following the initial cycle, the data processed by the bit rotate means is selected by the second selection means and held by the input data holding means,
In each processing cycle of the control means, the data outputted from the second data extraction means in response to the operation result of the block operation means and the data held in the input data holding means are subjected to the first logical operation. In the result calculated by the means, at least data of the second data length is converted into encrypted data or decryption corresponding to unit data having one or more second data lengths included in the input data. Output as coded data,
The cryptographic processing device according to claim 4. Fourth selection means for selecting the data held in the initial data holding means or the data held in the input data holding means and supplying the selected data to the block cipher operation means;
Fifth selecting means for selecting and outputting the data calculated by the first logical calculating means or the data calculated by the block cipher calculating means,
The block cipher operation means performs an encryption operation or a decryption operation on supplied data,
When performing the encryption process or the decryption process in the third operation mode, the control means causes the second selection means to select the input data, causes the input data holding means to hold the input data, and causes the fourth selection mode to perform the fourth selection mode. Means for selecting the held data of the input data holding means, supplying the data to the block cipher operation means, executing the operation, and causing the fifth selection means to select the operation result of the block cipher operation means. When the output is performed and the processing in the first operation mode or the second operation mode is performed, the data held in the initial data holding means is selected by the fourth selection means and supplied to the block cipher operation means. And causing the fifth selection means to select and output the operation data of the first logic operation means,
Outputting encrypted data or decrypted data corresponding to the input data from the fifth selecting means;
The cryptographic processing device according to claim 4. Third logic operation means for receiving the data held in the initial data holding means and the data held in the input data holding means and executing the predetermined logic operation;
A fourth logical operation unit that receives the data held in the initial data holding unit and the data calculated by the block cipher operation unit and executes the predetermined logical operation;
The fourth selecting means can select the data calculated by the third logical calculating means and supply the selected data to the block cipher calculating means,
The fifth selecting means can select and output the data calculated by the fourth logical calculating means,
When performing the encryption processing in the fourth operation mode, the control means causes the first selection means to select the initial data in the initial cycle and causes the initial data holding means to hold the initial data, and The selecting means selects the input data and causes the input data holding means to hold the input data. The third logic operation means receives the held data of the initial data holding means and the held data of the input data holding means. The operation result is selected by the fourth selecting means, supplied to the block cipher operation means, the operation is executed, and the operation result of the block cipher operation means is selected and output by the fifth selecting means. And causing the third selection means to select the calculation result of the block cipher calculation means and to supply the selected result to the first data extraction means. The data for the first data length of the data is extracted, and the extracted data of the first data extracting means is selected by the first selecting means and held by the initial data holding means. In the subsequent processing cycle, with the first selecting means selecting the extracted data of the first data extracting means, a process equivalent to the initial cycle is executed;
When performing the decoding process in the fourth operation mode, in the initial cycle, the first selecting means selects the initial data and causes the initial data holding means to hold the initial data, and the second selecting means To select the input data, hold the input data in the input data holding means, select the data held in the input data holding means by the fourth selection means, supply the selected data to the block cipher operation means, and execute the operation. The fifth selection means selects and outputs the operation result of the fourth logic operation means which has received the operation result of the block cipher operation means and the held data of the initial data holding means, The third selection means selects the data held by the input data holding means and supplies the data to the first data extraction means. A process for extracting data corresponding to the first data length, causing the first selection unit to select the extracted data of the first data extraction unit and holding the selected data in the initial data holding unit, and a process subsequent to the initial cycle. In the cycle, the same processing as in the initial cycle is executed in a state where the first selecting means selects the extracted data of the first data extracting means.
The cryptographic processing device according to claim 6. A first step of causing an initial data holding device to hold initial data having a first data length, and encrypting the initial data based on the given key data;
The second step of extracting data of a second data length shorter than the first data length from the upper bits of the data encrypted in the first step, and setting the extracted data as upper bits; A second step of generating data having a third data length longer than the data length and causing the encrypted data holding device to hold the data;
The data of the second data length is extracted from the upper bits of the data encrypted in the first step, and added to the lower bits of the initial data held in the initial data holding device. Extracting the data of the first data length from the lower bit side of the added data, and updating the initial data held in the initial data holding device to the extracted data. Following the steps,
A fourth step of encrypting the data held in the initial data holding device based on the key data;
The data of the second data length is extracted from the upper bits of the data encrypted in the fourth step, and added to the upper bits of the data held in the encrypted data holding device. A fifth step of extracting data of the third data length from the higher-order bit side of the added data, and updating the data held in the encrypted data holding device to the extracted data;
In the fourth step, data of the second data length is extracted from the upper bits of the data encrypted in the fourth step, and the extracted data is added to the lower bits of the data held in the initial data holding device. A sixth step of extracting the data of the first data length from the lower bit side of the subsequent data and updating the data held in the initial data holding device to the extracted data. , Iterating the number of times according to the second data length and the third data length,
A predetermined logical operation is performed on the data having the third data length extracted in the last fifth step and the input data having the third data length to obtain encrypted data corresponding to the input data. Or generate decrypted data,
Cryptographic processing method. A first step of causing an initial data holding device to hold initial data having a first data length, and encrypting the initial data based on the given key data;
The input data having the third data length is shifted toward the lower bits by the first data length and the second data length shorter than the third data length, and the data overflowing from the least significant bit is shifted by the shift. A second step of performing a process of returning to the upper bit side, and causing the input data holding device to hold the processed data;
Extracting the data of the second data length from the higher-order bit side of the data encrypted in the first step, and generating data having the third data length using the extracted data as the higher-order bit; A third step of holding the encrypted data holding device;
The data of the second data length is extracted from the upper bits of the data encrypted in the first step, and added to the lower bits of the initial data held in the initial data holding device. A fourth step of extracting data of the first data length from the lower bit side of the added data and updating the initial data held in the initial data holding device to the extracted data;
By performing a predetermined logical operation on the data held in the input data holding device and the data having the third data length generated in the third step, the second data included in the input data is processed. A fifth step of generating encrypted data or decrypted data corresponding to the unit data having the data length, and
A sixth step of encrypting the data held in the initial data holding device based on the key data;
The input data holding device shifts the data held in the input data holding device toward the lower bits by the second data length, and returns data overflowing from the least significant bit to the upper bits by the shift. A seventh step of updating the data held in the device with the processed data;
In the sixth step, data of a second data length is extracted from the upper bits of the data encrypted in the sixth step, and the extracted data is added to the upper bits of the data held in the encrypted data holding device. An eighth step of extracting the data of the third data length from the higher-order bit side of the subsequent data and updating the data held in the encrypted data holding device to the extracted data;
In the sixth step, data of the second data length is extracted from the upper bits of the encrypted data and added to the lower bits of the data held in the initial data holding device. A ninth step of extracting data corresponding to the first data length from the lower bit side of the data of (i) and updating the data held in the initial data holding device to the extracted data;
The predetermined logical operation is performed on the updated data of the input data holding device and the data having the third data length extracted in the eighth step to correspond to at least one of the unit data. Repeating a tenth step of generating encrypted data or decrypted data, the number of times corresponding to the second data length and the third data length.
Cryptographic processing method. A first step of causing an initial data holding device to hold initial data having a first data length, and encrypting the initial data based on the given key data;
The input data having the third data length is shifted toward the lower bits by the first data length and the second data length shorter than the third data length, and the data overflowing from the least significant bit is shifted by the shift. A second step of performing a process of returning to the upper bit side, and causing the input data holding device to hold the processed data;
Extracting the data of the second data length from the higher-order bit side of the data encrypted in the first step, and generating data having the third data length using the extracted data as the higher-order bit; A third step of holding the encrypted data holding device;
A predetermined logical operation is performed on the data encrypted in the first step and the data held in the input data holding device, and data corresponding to the second data length is read from the upper bit side of the operation result. Extracted and added to the lower bit side of the initial data held in the initial data holding device, extracting data of the first data length from the lower bit side of the added data, A fourth step of updating the initial data held in the holding device to the extracted data;
The predetermined logical operation is performed on the data held in the input data holding device and the data having the third data length generated in the third step, and the second data included in the input data is processed. A fifth step of generating encrypted data corresponding to unit data having a data length of
A sixth step of encrypting the data held in the initial data holding device based on the key data;
The input data holding device shifts the data held in the input data holding device toward the lower bits by the second data length, and returns data overflowing from the least significant bit to the upper bits by the shift. A seventh step of updating the data held in the device with the processed data;
In the sixth step, data of a second data length is extracted from the upper bits of the data encrypted in the sixth step, and the extracted data is added to the upper bits of the data held in the encrypted data holding device. An eighth step of extracting the data of the third data length from the higher-order bit side of the subsequent data and updating the data held in the encrypted data holding device to the extracted data;
The predetermined logical operation is performed on the data encrypted in the sixth step and the updated data of the input data holding device, and data corresponding to a second data length from the upper bit side of the operation result And adds the data to the lower bit side of the data held in the initial data holding device, extracts data of the first data length from the lower bit side of the data after the addition, and A ninth step of updating the data held in the holding device to the extracted data,
The predetermined logical operation is performed on the updated data of the input data holding device and the data having the third data length extracted in the eighth step to correspond to at least one of the unit data. Repeating the repeating step including the tenth step of generating encrypted data to be performed by the number of times corresponding to the second data length and the third data length.
Cryptographic processing method. A first step of causing an initial data holding device to hold initial data having a first data length, and encrypting the initial data based on the given key data;
The encrypted input data having the third data length is shifted to the lower bit side by the first data length and the second data length shorter than the third data length, and the least significant bit is shifted by the shift. A second step of performing a process of returning data overflowing from the upper bit side, and causing the input data holding device to hold the processed data;
Extracting the data of the second data length from the higher-order bit side of the data encrypted in the first step, and generating data having the third data length using the extracted data as the higher-order bit; A third step of holding the encrypted data holding device;
The data of the second data length is extracted from the upper bits of the data held in the input data holding device, and added to the lower bits of the initial data held in the initial data holding device. A fourth step of extracting data of the first data length from the lower bit side of the subsequent data and updating the initial data held in the initial data holding device to the extracted data;
By performing a predetermined logical operation on the data held in the input data holding device and the data having the third data length generated in the third step, the second data included in the input data is processed. A fifth step of generating decoded data corresponding to the unit data having the data length, and
A sixth step of encrypting the data held in the initial data holding device based on the key data;
The input data holding device shifts the data held in the input data holding device toward the lower bits by the second data length, and returns data overflowing from the least significant bit to the upper bits by the shift. A seventh step of updating the data held in the device with the processed data;
In the sixth step, data of a second data length is extracted from the upper bits of the data encrypted in the sixth step, and the extracted data is added to the upper bits of the data held in the encrypted data holding device. An eighth step of extracting the data of the third data length from the higher-order bit side of the subsequent data and updating the data held in the encrypted data holding device to the extracted data;
The data of the second data length is extracted from the upper bit side of the updated data of the input data holding device and added to the lower bit side of the data held in the initial data holding device. A ninth step of extracting the data of the first data length from the lower bit side of the data of (i) and updating the data held in the initial data holding device to the extracted data;
The predetermined logical operation is performed on the updated data of the input data holding device and the data having the third data length extracted in the eighth step to correspond to at least one of the unit data. Repeating the tenth step of generating the decoded data to be performed by the number of times corresponding to the second data length and the third data length.
Cryptographic processing method.

Images