JP2015114434A - Device for encrypting stream cipher, device for decrypting stream cipher, method for encrypting stream cipher, method for decrypting stream cipher, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To impart message authentication without changing the configuration of a stream cipher processing unit.SOLUTION: An initial key and an initial vector are inputted to update an internal state, a key sequence (random number) is generated, and exclusive-ORing with plaintext divided in accordance with the generated key sequence and the data size of the key sequence is performed, whereby cipher text is outputted. Next, the outputted cipher text is inputted, one internal state is selected, in accordance with the inputted cipher text, from among internal states stored in a plurality of registers, and updating of the stored data of each register is executed, in a message authentication register composed of a plurality of registers, for all of cipher texts in accordance with the inputted internal state. Then, a prescribed fixed bit data string is inputted and an updating process is executed, and a message authenticator is outputted from the message authentication register.

Description

  The present invention relates to a stream cipher encryption apparatus, a stream cipher decryption apparatus, a stream cipher encryption method, a stream cipher decryption method, and a program for providing message authentication without changing the configuration of the stream cipher processing unit About.

  In recent years, various services using computers have been provided. In many services, encryption is used to conceal communication. The most common encryption method is a common key encryption method that performs encryption and decryption with a single key, but the common key encryption method is roughly divided into a block encryption method and a stream encryption method. The former is the method that is most commonly used, but the latter has been attracting attention in recent years because it is superior in processing speed. Here, in the stream cipher, an initial key is stirred by an initialization process, an initial internal state is generated, and each sequence of encryption is generated while sequentially updating the generated state (see, for example, Patent Document 1). .)

JP 2000-209195 A

  However, the conventional stream cipher only provides an encryption function, but has a problem that it cannot provide a message authentication function for preventing falsification.

  Therefore, the present invention has been made in view of the above-described problems. A stream cipher encryption apparatus, a stream cipher decryption apparatus, and a stream that provide message authentication without changing the configuration of the stream cipher processing section. It is an object of the present invention to provide a cipher encryption method, a stream cipher decryption method, and a program.

  The present invention proposes the following matters in order to solve the above problems.

(1) The present invention inputs an initial key and an initial vector, updates the internal state, generates an generated key sequence (random number), and the generated key sequence and the data size of the key sequence The exclusive OR operation with the plaintext divided according to the above, and an exclusive OR operator that outputs the ciphertext and the output ciphertext, and according to the input ciphertext, a plurality of A selection function unit that selects one internal state from internal states stored in a register, a message authentication register that includes a plurality of registers and stores the selected internal state, and the message authentication register; Depending on the input internal state, update of the stored data of each register is executed until there is no output from the selection function unit, and then a predetermined fixed bit data string is input. An update means for updating stored data; an output control means for outputting the data stored in the message authentication register as a message authenticator after the processing of the update means is completed; and the output message authenticator; There is proposed a stream cipher encryption apparatus comprising output means for combining and outputting ciphertext output by the exclusive OR calculator.

(2) The present invention relates to the stream cipher encryption apparatus according to (1), wherein the selection function unit is configured such that modn (n is a constant consisting of a positive integer) A stream cipher encryption device that performs arithmetic processing and uses the remainder as an index to select an internal state of a register corresponding to the index from among the internal states stored in the plurality of registers. doing.

(3) The present invention relates to the stream cipher encryption apparatus according to (1) or (2), wherein the initialization processing means includes a feedback shift register and a feedback calculator, and an input bit string of the feedback calculator A first operation table generating unit that dynamically generates a first operation table that associates an output bit sequence and makes the output bit sequence have a different period so that the output bit sequence becomes a different bit sequence; and the generated first operation table And a stream cipher encryption device characterized in that initialization processing is performed using.

(4) The present invention provides a stream cipher decrypting device for decrypting a ciphertext with a message authenticator generated by the stream cipher encrypting device according to (1) or (2), wherein the message authenticator Separation means for separating the attached ciphertext into ciphertext and message authenticator, storage means for storing the separated message authenticator, an initial value and an initial vector are input, the internal state is updated, and the generated key sequence An initial processing means for generating (random number) and an exclusive OR operation of the generated key sequence and the ciphertext obtained by dividing the separated ciphertext according to the data size of the key sequence, and outputting plaintext An exclusive OR operator and a ciphertext obtained by dividing the separated ciphertext according to the data size of the key sequence are input, and 1 is determined from internal states stored in a plurality of registers according to the input ciphertext. One A selection function unit that selects an internal state, a plurality of registers, a message authentication register that stores the selected internal state, and the message authentication register, each of the registers according to the input internal state Update means for updating stored data until there is no output from the selection function unit, then inputting a predetermined fixed bit data string, and further updating the stored data of each register, and the update After the processing of the means is completed, the output control means for outputting the data stored in the message authentication register as a message authenticator, and the message authenticator stored in the storage means are compared with the output message authenticator And a stream cipher decryption device characterized by comprising a collating means for performing

(5) The present invention relates to the stream cipher decryption device according to (4), wherein the selection function unit is configured such that modn (n is a constant composed of a positive integer) with respect to the input ciphertext (numerical data). A stream cipher decryption device that performs arithmetic processing and uses the remainder as an index to select an internal state of a register corresponding to the index from among the internal states stored in the plurality of registers. doing.

(6) The present invention relates to the stream cipher decryption device according to (4) or (5), wherein the initialization processing means includes a feedback shift register and a feedback calculator, and an input bit string of the feedback calculator A first operation table generating unit that dynamically generates a first operation table that associates an output bit sequence and makes the output bit sequence have a different period so that the output bit sequence becomes a different bit sequence; and the generated first operation table And a stream cipher decryption device characterized by performing initialization processing using the.

(7) The present invention provides a first step in which a computer inputs an initial key and an initial vector, updates an internal state, and generates a key sequence (random number), and the generated key sequence and key sequence data A second step of performing an exclusive OR operation with the plaintext divided according to the size to output the ciphertext, and inputting the output ciphertext, and a plurality of registers according to the input ciphertext In a third step of selecting one internal state from the internal states stored in and a message authentication register composed of a plurality of registers, updating of stored data in each register according to the input internal state A fourth step of executing the process until there is no output from the third step, a fifth step of executing the update process by inputting a predetermined fixed bit data string, and the message authentication. A sixth step of outputting a message authenticator from the register for registering, and a seventh step of combining and outputting the message authenticator output in the sixth step and the ciphertext output in the second step And a stream cipher encryption method characterized by executing the following.

(8) The present invention provides a stream cipher decryption method for decrypting a ciphertext with a message authenticator generated by the stream cipher encryption method according to (7), wherein a computer includes the message authenticator A first step of separating the ciphertext into a ciphertext and a message authenticator, a second step of storing the separated message authenticator, an initial key and an initial vector are input, the internal state is updated, and the key A third step of generating a sequence (random number), and performing an exclusive OR operation on the generated key sequence and the ciphertext obtained by dividing the separated ciphertext according to the data size of the key sequence, A fourth step of outputting, a ciphertext obtained by dividing the separated ciphertext according to the data size of the key sequence, and an internal state stored in a plurality of registers according to the input ciphertext In the fifth step of selecting one internal state from the above and a message authentication register composed of a plurality of registers, the update processing of the data stored in each register is performed according to the input internal state. A sixth step that is executed until there is no output from the step; a seventh step that executes the updating process by inputting a predetermined fixed bit data string; and a message that outputs a message authenticator from the message authentication register. The stream cipher decryption method is characterized by executing step 8 and a ninth step of collating the output message authenticator with the stored message authenticator.

(9) According to the present invention, a first step of inputting an initial key and an initial vector to a computer, updating an internal state to generate a key sequence (random number), and the generated key sequence and key sequence data A second step of performing an exclusive OR operation with the plaintext divided according to the size to output the ciphertext, and inputting the output ciphertext, and a plurality of registers according to the input ciphertext In a third step of selecting one internal state from the internal states stored in and a message authentication register composed of a plurality of registers, updating of stored data in each register according to the input internal state A fourth step of executing the process until there is no output from the third step, a fifth step of executing the update process by inputting a predetermined fixed bit data string, and the message authentication. A sixth step of outputting a message authenticator from the register for registering, and a seventh step of combining and outputting the message authenticator output in the sixth step and the ciphertext output in the second step And we have proposed a program to execute.

(10) The present invention is a program for causing a computer to execute a stream cipher decryption method for decrypting a ciphertext with a message authenticator generated by the stream cipher encryption method according to (7), A computer inputs a first step of separating the ciphertext with a message authenticator into a ciphertext and a message authenticator, a second step of storing the separated message authenticator, an initial key and an initial vector, A third step of updating the internal state to generate a key sequence (random number), and an exclusive logic of the generated key sequence and a ciphertext obtained by dividing the separated ciphertext according to the data size of the key sequence A fourth step of performing a sum operation and outputting a plaintext; and input a ciphertext obtained by dividing the separated ciphertext according to the data size of the key sequence. Accordingly, in the fifth step of selecting one internal state from the internal states stored in the plurality of registers, and in the message authentication register composed of a plurality of registers, each of the input internal states A sixth step of executing the update process of the data stored in the register until there is no output from the fifth step; a seventh step of executing the update process by inputting a predetermined fixed bit data string; A program for executing an eighth step of outputting a message authenticator from the message authentication register and a ninth step of collating the output message authenticator with the stored message authenticator is suggesting.

  According to the present invention, there is an effect that message authentication can be given without changing the configuration of the stream encryption processing unit.

It is a figure which shows the structure of the encryption apparatus of the stream encryption which concerns on embodiment of this invention. It is a figure which shows the structure of the initial stage process part which concerns on embodiment of this invention. It is a figure which shows the process of the encryption apparatus of the stream encryption which concerns on embodiment of this invention. It is a figure which shows the structure of the decoding apparatus of the stream encryption which concerns on embodiment of this invention. It is a figure which shows the process of the decoding apparatus of the stream encryption which concerns on embodiment of this invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
Note that the constituent elements in the present embodiment can be appropriately replaced with existing constituent elements and the like, and various variations including combinations with other existing constituent elements are possible. Therefore, the description of the present embodiment does not limit the contents of the invention described in the claims.

<Configuration of Stream Cipher Encryption Device>
As shown in FIG. 1, the stream cipher encryption apparatus according to the present embodiment includes an initialization processing unit 100, an exclusive OR calculator 200, a selection function unit 300, a message authenticator register 400, The update unit 500 includes an output control unit 600 and an output unit 650.

  The initialization processing unit 100 receives an initial key and an initial vector, updates the internal state, and generates a key sequence (random number). Here, the obtained internal state is stored in a plurality of registers provided therein. Each of the plurality of registers is assigned an index. The detailed configuration of the initialization processing unit 100 will be described later. The exclusive OR calculator 200 performs an exclusive OR operation on the generated key sequence and the plaintext divided according to the data size of the key sequence, and outputs a ciphertext.

  The selection function unit 300 receives the ciphertext output from the exclusive OR calculator 200, and stores internal data stored in a plurality of registers provided in the initialization processing unit 100 in accordance with the input ciphertext. One internal state is selected from the states and output to the updating unit 500. For example, the input ciphertext (numerical data) is subjected to arithmetic processing of modn (n; a constant consisting of a positive integer), and the remainder is used as an index among the internal states stored in a plurality of registers The internal state of the register corresponding to the index is selected. The above arithmetic processing may be performed by converting the ciphertext into, for example, a binary number or a decimal number.

The message authenticator register 400 includes a plurality of unit registers. Note that the number of unit registers to be configured is determined so that the bit size of the message authenticator register 400 becomes a bit size according to required security requirements.

  In the message authenticator register 400, the update unit 500 updates the data stored in each register until there is no output from the selection function unit 300 according to the internal state output by the selection function unit 300, and then The fixed bit data string is input, and the data stored in each register is updated. For example, the update of the data stored in each register according to the internal state output by the selection function unit 300 is performed by inputting the value of the first register and the input when the message authentication register is composed of four 32-bit registers. The second register data is moved to the first register, the third register data is moved to the second register, the fourth register data is moved to the third register, and the fourth register becomes empty. This process is performed by inputting the previously added value into the register. The predetermined fixed bits may be all 1 data strings, all 0 data strings, or the like, or an initial vector may be used. At this time, the update process is performed at least once, but it is preferable to increase the number of times. These update processes are agitated so that the contents of the ciphertext are propagated to all data, and this can increase resistance to attacks by third parties.

The output controller 600 causes the data stored in the message authentication register to be output as a message authenticator after the processing of the updating means is completed. The output unit 650 combines and outputs the output message authenticator and the ciphertext output by the exclusive OR calculator.
<Detailed configuration of initialization processing unit>

  As shown in FIG. 2, the initialization processing unit 100 includes feedback shift registers 110 and 120, feedback calculators 130, 140 and 150, and a clock controller 160.

  The feedback shift registers 110 and 120 are shift registers whose input bits are a linear mapping of the immediately previous state, and are shift registers whose input bits are the exclusive OR of a part of the bit string constituting the value.

  The feedback calculators 130, 140, and 150 generate bit strings that are fed back by multiplying the bit strings input from the feedback shift registers 110 and 120 by coefficients. The clock controller 160 outputs a bit string to the feedback calculators 130, 140, and 150 in synchronization with the clock.

  The initialization processing unit 100 as shown in FIG. 2 associates an input bit string and an output bit string of a feedback arithmetic unit that constitutes a part of the initialization processing unit 100 so that the output bit string becomes a different bit string. The operation table to be generated is dynamically generated. The processing of this calculation table will be described below.

Now, the feedback shift register 110 (LFSR-A) is composed of five registers of 32 bits per register, and the feedback function f _A (x) is expressed by Equation 1. Here, α ₀ gives a conversion from 32 bits to 32 bits.

Assuming that the value of the feedback shift register 110 (LFSR-A) at time t ≧ 0 is Equation 2, At _{+ 5} is given by Equation 3 from the feedback function.

α ₀ is an element of GF (2 ³² ) and is a root of Equation 4. Where β is the root of the primitive polynomial number 5.

Therefore, the α ₀ transformation is represented by multiplication in GF (2 ³² ).
That is, the relationship of Equation 6 is established.

Here, when the number 7 A, using alpha _0, A is represented by the number 8.

Therefore, α ₀ · A is expressed as shown in Equation 9, and is expressed as shown in Equation 10 using vector notation.

Here, when the a ₃ → (a ₃ β ²⁴ , a ₃ β ³ , a ₃ β ¹² , a ₃ β ⁷¹ ) conversion is tabulated, the following formula 11 is obtained.

Using this table, the α ₀ transformation can be calculated as in the following _{equation (} 12).

This table k2_alpha0_mul is dynamically generated at the time of execution. Specifically, by calculating the previous step, a ₃ → (a ₃ β ²⁴ , a ₃ β ³ , a ₃ β ¹² , a ₃ β ⁷¹ ) for all a ₃ at runtime, Generate a table. The same processing is performed for the feedback shift register 120 (LFSR-B).

<Processing of encryption device for stream cipher>
The processing of the stream cipher encryption apparatus according to the embodiment of the present invention will be described with reference to FIG.

  First, an initial key and an initial vector are input, the internal state is updated, a key sequence (random number) is generated (step S110), and the generated key sequence and the plaintext divided according to the data size of the key sequence are excluded. A logical OR operation is performed to output a ciphertext (step S120).

  Next, the output ciphertext is input, and according to the input ciphertext, one internal state is selected from the internal states stored in the plurality of registers (step S130), and the plurality of registers are configured. In the message authentication register, the process of updating the data stored in each register is executed according to the input internal state until there is no output from the selection function device 300 (step S140).

  Then, a predetermined fixed bit data string is input and update processing is executed (step S150), and a message authenticator is output from the message authentication register (step S160). Then, the message authenticator and the ciphertext are combined to obtain a final output (step S170).

  As described above, according to the present embodiment, message authentication can be given without changing the configuration of the stream encryption processing unit.

<Configuration of Decryption Device for Stream Cipher>
As shown in FIG. 4, the stream cipher decryption apparatus according to the present embodiment includes an initialization processing unit 100, an exclusive OR calculator 210, a selection function unit 300, a message authenticator register 400, The update unit 500, the output control unit 600, the separation unit 700, the storage unit 800, and the collation unit 900 are configured. In addition, since the component which attaches | subjects the code | symbol same as the encryption apparatus of a stream cipher has the same function, the detailed description is abbreviate | omitted.

  The separating unit 700 separates the ciphertext with a message authenticator into a ciphertext and a message authenticator. The exclusive OR calculator 210 performs an exclusive OR operation on the ciphertext obtained by dividing the key sequence generated by the initialization processing unit 100 and the ciphertext separated by the separation unit 700 according to the data size of the key sequence. Line and output plaintext. The storage unit 800 stores the message authenticator separated by the separation unit 700. The collation unit 900 collates the message authenticator stored in the storage unit 800 with the message authenticator output from the message authenticator register 400.

<Processing of Decryption Device for Stream Cipher>
The processing of the stream cipher decryption apparatus according to the embodiment of the present invention will be described with reference to FIG.

  First, the ciphertext with a message authenticator is separated into a ciphertext and a message authenticator (step S210), and the separated message authenticator is stored (step S220).

  Next, the initial key and the initial vector are input, the internal state is updated, a key sequence (random number) is generated (step S230), and the ciphertext separated from the generated key sequence is divided according to the data size of the key sequence An exclusive OR operation with the ciphertext is performed, and a plaintext is output (step S240).

  Further, the ciphertext obtained by dividing the separated ciphertext according to the data size of the key sequence is input, and one internal state is selected from the internal states stored in a plurality of registers according to the input ciphertext ( In step S250), in the message authentication register composed of a plurality of registers, the update processing of the data stored in each register is executed according to the input internal state until there is no output from the selection function unit 300 (step S260). After that, a predetermined fixed bit data string is input and the update process is executed similarly (step S270).

  Then, the message authentication code is output from the message authentication register (step S280), and the output message authentication code is compared with the stored message authentication code (step S290).

  As described above, according to the present embodiment, message authentication can be easily executed without changing the configuration of the stream encryption processing unit.

  The processing of the stream cipher encryption device and the stream cipher decryption device is recorded on a computer-readable recording medium, and the program recorded on the recording medium is read into the information collecting system and executed. The stream cipher encryption apparatus and stream cipher decryption apparatus of the present invention can be realized. The computer system here includes an OS and hardware such as peripheral devices.

  Further, the “computer system” includes a homepage providing environment (or display environment) if a WWW (World Wide Web) system is used. The program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.

  The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, what is called a difference file (difference program) may be sufficient.

  The embodiments of the present invention have been described in detail with reference to the drawings. However, the specific configuration is not limited to the embodiments, and includes designs and the like that do not depart from the gist of the present invention.

DESCRIPTION OF SYMBOLS 100; Initialization processing part 110; Feedback shift register 120; Feedback shift register 130; Feedback calculator 140; Feedback calculator 150; Feedback calculator 160; Clock controller 200; Exclusive OR operator 210; Exclusive OR operation Unit 300; selection function unit 400; message authenticator register 500; update unit 600; output control unit 650; output unit 700; separation unit 800; storage unit 900;

Claims (10)

An initialization processing means for inputting an initial key and an initial vector, updating an internal state, and generating a generated key sequence (random number);
An exclusive OR operation unit that performs an exclusive OR operation between the generated key sequence and the plaintext divided according to the data size of the key sequence, and outputs a ciphertext;
A selection function unit that inputs the output ciphertext and selects one internal state from the internal states stored in a plurality of registers according to the input ciphertext;
A message authentication register configured by a plurality of registers and storing the selected internal state;
In the message authentication register, according to the input internal state, update the stored data of each register until there is no output from the selection function unit, and then input a predetermined fixed bit data string, Update means for updating the data stored in each register;
Output control means for outputting the data stored in the message authentication register as a message authenticator after the processing of the updating means is completed;
Output means for combining the output message authenticator and the ciphertext output by the exclusive OR calculator to output a ciphertext with a message authenticator;
A stream cipher encryption apparatus comprising:   The selection function unit performs a modn (n: constant consisting of a positive integer) operation on the input ciphertext (numerical data) and stores the remainder as an index in the plurality of registers. 2. The stream cipher encryption apparatus according to claim 1, wherein an internal state of a register corresponding to the index is selected from the internal states.   The initialization processing means includes a feedback shift register and a feedback arithmetic unit, associates an input bit string and an output bit string of the feedback arithmetic unit, and makes a long period so that the output bit string becomes a different bit string. The first calculation table generation unit that dynamically generates a calculation table is provided, and initialization processing is performed using the generated first calculation table. Stream cipher encryption device. A stream cipher decrypting device for decrypting a ciphertext with a message authenticator generated by the stream cipher encrypting device according to claim 1,
Separating means for separating the ciphertext with the message authenticator into a ciphertext and a message authenticator;
Storage means for storing the separated message authenticator;
An initial processing means for inputting an initial value and an initial vector, updating an internal state, and generating a generated key sequence (random number);
Performing an exclusive OR operation on the generated key sequence and the ciphertext obtained by dividing the separated ciphertext according to the data size of the key sequence, and outputting a plaintext;
A selection function that inputs a ciphertext obtained by dividing the separated ciphertext according to the data size of the key sequence and selects one internal state from the internal states stored in a plurality of registers according to the input ciphertext And
A message authentication register configured by a plurality of registers and storing the selected internal state;
In the message authentication register, according to the input internal state, update the stored data of each register until there is no output from the selection function unit, and then input a predetermined fixed bit data string, Update means for updating the data stored in each register;
Output control means for outputting the data stored in the message authentication register as a message authenticator after the processing of the updating means is completed;
Collation means for collating the message authenticator stored in the storage means with the output message authenticator;
An apparatus for decrypting a stream cipher, comprising:   The selection function unit performs a modn (n: constant consisting of a positive integer) operation on the input ciphertext (numerical data) and stores the remainder as an index in the plurality of registers. 5. The apparatus for decrypting a stream cipher according to claim 4, wherein an internal state of a register corresponding to the index is selected from the internal states.   The initialization processing means includes a feedback shift register and a feedback arithmetic unit, associates an input bit string and an output bit string of the feedback arithmetic unit, and makes a long period so that the output bit string becomes a different bit string. 6. The method according to claim 4, further comprising first calculation table generation means for dynamically generating a calculation table, wherein initialization processing is performed using the generated first calculation table. Stream cipher decryption device. Computer
A first step of inputting an initial key and an initial vector, updating an internal state, and generating a key sequence (random number);
A second step of performing an exclusive OR operation between the generated key sequence and the plaintext divided according to the data size of the key sequence, and outputting a ciphertext;
A third step of inputting the output ciphertext and selecting one internal state from the internal states stored in a plurality of registers according to the input ciphertext;
In a message authentication register composed of a plurality of registers, a fourth step of executing update processing of stored data in each register in accordance with the input internal state until there is no output from the third step; ,
A fifth step of inputting a predetermined fixed bit data string and executing the updating process;
A sixth step of outputting a message authenticator from the message authentication register;
A seventh step of combining and outputting the message authenticator output in the sixth step and the ciphertext output in the second step;
A stream cipher encryption method characterized by executing A stream cipher decryption method for decrypting a ciphertext with a message authenticator generated by the stream cipher encryption method according to claim 7,
Computer
A first step of separating the ciphertext with the message authenticator into a ciphertext and a message authenticator;
A second step of storing the separated message authenticator;
A third step of inputting an initial key and an initial vector, updating an internal state, and generating a key sequence (random number);
A fourth step of performing an exclusive OR operation on the generated key sequence and the ciphertext obtained by dividing the separated ciphertext according to the data size of the key sequence, and outputting plaintext;
A ciphertext obtained by dividing the separated ciphertext according to the data size of the key sequence is input, and one internal state is selected from internal states stored in a plurality of registers according to the input ciphertext. 5 steps,
In a message authentication register composed of a plurality of registers, a sixth step of executing update processing of stored data in each register until there is no output from the fifth step in accordance with the input internal state; ,
A seventh step of inputting the predetermined fixed bit data string and executing the updating process;
An eighth step of outputting a message authenticator from the message authentication register;
A ninth step of collating the output message authenticator with the stored message authenticator;
A method of decrypting a stream cipher, characterized in that: On the computer,
A first step of inputting an initial key and an initial vector, updating an internal state, and generating a key sequence (random number);
A second step of performing an exclusive OR operation between the generated key sequence and the plaintext divided according to the data size of the key sequence, and outputting a ciphertext;
A third step of inputting the output ciphertext and selecting one internal state from the internal states stored in a plurality of registers according to the input ciphertext;
In a message authentication register composed of a plurality of registers, a fourth step of executing update processing of stored data in each register in accordance with the input internal state until there is no output from the third step; ,
A fifth step of inputting a predetermined fixed bit data string and executing the updating process;
A sixth step of outputting a message authenticator from the message authentication register;
A seventh step of combining and outputting the message authenticator output in the sixth step and the ciphertext output in the second step;
A program for running A program for causing a computer to execute a stream cipher decryption method for decrypting a ciphertext with a message authenticator generated by the stream cipher encryption method according to claim 7,
On the computer,
A first step of separating the ciphertext with the message authenticator into a ciphertext and a message authenticator;
A second step of storing the separated message authenticator;
A third step of inputting an initial key and an initial vector, updating an internal state, and generating a key sequence (random number);
A fourth step of performing an exclusive OR operation on the generated key sequence and the ciphertext obtained by dividing the separated ciphertext according to the data size of the key sequence, and outputting plaintext;
A ciphertext obtained by dividing the separated ciphertext according to the data size of the key sequence is input, and one internal state is selected from internal states stored in a plurality of registers according to the input ciphertext. 5 steps,
In a message authentication register composed of a plurality of registers, a sixth step of executing update processing of stored data in each register until there is no output from the fifth step in accordance with the input internal state; ,
A seventh step of inputting the predetermined fixed bit data string and executing the updating process;
An eighth step of outputting a message authenticator from the message authentication register;
A ninth step of collating the output message authenticator with the stored message authenticator;
A program for running

Images