JP3202544B2 - Encryption communication device and encryption device - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an encryption communication device and an encryption device for encrypting and communicating information in order to keep the information confidential.

[0002]

2. Description of the Related Art In recent years, with the development of optical fiber networks in trunk communication networks, the spread of cable television systems, the practical use of satellite communications, and the spread of local area networks, various types of information have been exchanged using such communication networks. Is about to be realized. In addition, transmission of multimedia information such as moving image data, still image data, audio data, and computer data has been considered as the information. In such multimedia communication, the amount of information and required transmission quality vary greatly depending on the type of information exchanged. Therefore, in multimedia communication, it is necessary to start communication after discussing the transmission speed and transmission quality between the transmitting side and the receiving side according to the type of information to be exchanged.

In the case of information that requires real-time properties, such as a moving image, real-time communication cannot be performed unless the receiving side can also receive data at the transmission speed transmitted by the transmitting side. In such a case, it is necessary to make an adjustment such as reducing the transmission quality of the moving image to reduce the amount of information so that the receiving side can also receive the data at the transmission speed transmitted by the transmitting side.

[0004] On the other hand, in such a communication network, it is important to transmit information safely, and a common key encryption is known as a means for that. Among these common key cryptosystems, DES (Data Encryption) described later is used.
n Standard encryption or FEAL (Fast d)
ata Encipherment ALgorith
m) A public key block cipher represented by an algorithm, such as a cipher, has a drawback that when a set of ciphertext and plaintext with the same key is output in a certain number or more, the key can be analyzed. In order to eliminate this drawback, as shown in FIG. 23, the key is updated at any time by a pseudorandom number which is secure in terms of computational complexity before outputting a set of ciphertexts and plaintexts required for analysis.
Encryption methods that make key analysis more difficult are considered (Ref. 1. Yamamoto, Iwamura, Matsumoto, Imai: "Practical encryption method using square-type pseudorandom number generator and block cipher", IEICE Tech. , ISEC 93-29, 1993-08).

[0005] Here, a pseudo-random number sequence that is computationally safe is a computationally difficult one if there is a polynomial time algorithm that predicts a subsequent pseudo-random number sequence from a part of the pseudo-random number sequence. It refers to a pseudo-random number sequence that has been proven to be able to construct a polynomial time algorithm for a problem that is said to exist. That is, a pseudo-random number sequence that is secure in terms of computational complexity is a sequence in which it is extremely difficult to predict subsequent sequences from the output sequence in terms of computational complexity. This is A. C. Yao, "Theory and
Applications of Trapdoor
Functions. "Proceedings of
the 23rd IEEE Symposium
on Foundations of Campout
er Science, IEEE, pp. 80-91,
1982. Or, M. Blum and S.M. Mica
li, “How to Generate Crypto
ographically Strong Seque
nces of Pseudo-Random Bit
s. "Proc. 22nd FOCS, IEEE, p.
p. 112-117, 1982. Etc. are discussed in detail. As an algorithm for generating a pseudorandom number which is secure in terms of computational complexity, reference 2 "Cryptography and Information Security"
(Tsujii, Kasahara, 1990, Shokosha, 8
6)), a method using a square-type random number, RSA encryption, discrete logarithm, and reciprocal encryption is known.

An encryption device that performs the encryption method shown in FIG.
Pseudo random number generator 10, arithmetic unit 20, and block encryptor 30
Consists of As an algorithm of the block cipher 30, a block cipher such as a DES cipher or a FEAL cipher is used. The block encryptor 30 encrypts plaintext and decrypts ciphertext. The pseudorandom number generator 10 generates a pseudorandom number according to a pseudorandom number generation algorithm that is computationally safe. In general, a pseudorandom number sequence b ₁ which is computationally safe,
b _2, ... are generated from initial value x ₀ according to the following equation. x _{i + 1} = f (x _i ) (i = 0, 1,...) (1) b _{i + 1} = g (x _{i + 1} ) (i = 0, 1,...) … (2)

[0007] The pseudo random number generator 10 is shown in FIG.
Processing circuit 1 that performs the feedback calculation of equation (1)
1 and a processing circuit 12 for performing the operation of equation (2).
ing. Therefore, the operation of the pseudo random number generator 10 is as follows.
Swell. 1. Initial value x₀Is input to the pseudo random number generator 10. 2. According to equation (1), x₁, X_Two, ..., x_iGenerate
You. 3. X generated₁, X_Two, ..., x_iIn contrast, equation (2)
And the resulting b ₁, B_Two, ..., b_iWith pseudo-random numbers
And output.

Further, the computing unit 20 shown in FIG. 23 converts the obtained b ₁ , b ₂ ,..., B _i into a key sequence of a block cipher. Each key of the block cipher is a bit string of a length determined by the algorithm of the block cipher to be used, and the arithmetic unit 20 outputs, for example, a pseudorandom number sequence b ₁ , which is computationally secure,
It is generated by dividing b ₂ ,..., b _i for each bit length. In FIG. 23, M _uv (u = 1, 2,...,
t; v = 1, 2,... s) represents a plaintext block and _ku (u
= 1, 2,..., T) represents the key of the block cipher and k
_u (M _uv ) (u = 1, 2,..., t; v = 1, 2 _,.
s) denotes a ciphertext block obtained by encrypting the encryption key k _u plaintext block M _uv. Here, M _u1 to M
s number of blocks up to _us is encrypted with the same key k _u. By sequentially using the key sequence systems k ₁ , k ₂ ,... Updated by the pseudorandom number generator 10 and the arithmetic unit 20 as keys of the block cipher, the plaintext block in FIG. 23 is encrypted by a plurality of encryption keys. .

[0009] In this case, the number s of the block to be encrypted with the same key k _u is determined in the following manner. Assuming that the number of block cipher keys generated in one second is w _k and the number of blocks that can be encrypted in one second is w _b , the number of blocks s encrypted with one encryption key is s = w It is calculated in _b / w _k. That is, the number s of blocks are encrypted with the same key k _u is determined depending on the encryption processing speed and the key generation rate of the block cipher. With the above-described conventional encryption method, the number of plaintext blocks encrypted with the same key can be limited, and key analysis can be made difficult.

Next, a description will be given of the encryption communication by this encryption method. In the cryptographic communication network, as shown in FIG. 21, a unique and secret key is shared in advance between network subscribers. A, B, C, ..., N are the subscribers of the network, K _AB , K _AC , ... are the keys shared between the subscribers A and B, and the keys shared between the subscribers A and C, respectively. , .... Further, each subscriber has a block encryptor 30 that performs encryption (and decryption) according to an algorithm determined by the network, as shown in FIG. 23, and is computationally secure according to the algorithm determined by the network. The communication terminal includes a pseudo-random number generator 10 that generates a pseudo-random number, and an arithmetic unit 20 that converts the pseudo-random number output from the pseudo-random number generator 10 into a key sequence of an encryptor.

The conventional encryption communication from the subscriber A to the subscriber B is performed in the following procedure. 1. A sets in advance the secret key K _AB shared with the transmission destination B as an initial value of this communication, and sets the pseudo random number generator 1
0 is operated to generate a pseudorandom number sequence that is safe in terms of computational complexity. Further, the generated pseudo-random number sequence is converted into a key sequence of a block cipher by an arithmetic unit. The communication message is encrypted by the block encryptor 30 by using them as a block cipher key while being updated as needed, and the encrypted message is transmitted to B. 2. B is a secret key K shared with the sender A in advance.
_AB is set as the initial value of this communication, and the pseudo random number generator 10
To generate a pseudorandom number sequence that is computationally safe. Further, the generated pseudo-random number sequence is converted into a block cipher key sequence. The received message from A is decrypted by the block encryptor 30 by using these while updating as needed as a key of the block cipher, and a communication message is obtained.

Next, a description will be given of the above-mentioned DES encryption algorithm which has been most often used as commercial encryption. DES encryption is an encryption method standardized for general business use by the U.S. Department of Commerce, and its algorithm is open to the public. In DES encryption, encryption and decryption are performed in units of 64-bit data blocks, and the key length is 56 bits.
Bits (64 bits when 8 parity bits are added). The encryption algorithm is based on a transposition type and a substitution type, and by repeating a process of appropriately combining these transpositions and substitutions in 16 stages, the plaintext bit pattern is mixed and converted into a ciphertext whose meaning is incomprehensible. In the case of decryption, reverse stirring
Restore the original plaintext.

The parameters of the stirring method are designated by a 56-bit key. The number of key candidates is 2 to the 56th power (about 10
In the case of brute force decryption, that is, decryption in which the obtained ciphertext and plaintext pair is changed and changed once for each key, if one check takes 500 ns (128 Mbps) Processing speed), 100 in total
It takes about 0 years. Details of the DES algorithm are published in the Federal Information Processing Standard. FIG.
1 shows an overall block diagram of the S algorithm. As described above, DES is a cipher that inputs a 64-bit plaintext (or ciphertext) and outputs a 64-bit ciphertext (or plaintext) under the control of a 56-bit key. Hereinafter, the details of DES will be described separately for (1) encryption processing, (2) decryption processing, (3) encryption function, and (4) key scheduling.

(1) Encryption process In the encryption process, first, a 64-bit plaintext is transposed.
(Initial transposition IP) is performed. This initial transpose is fixed.
You. The output of this transposition process is a complicated 16-stage encryption process on the way.
Transposed at the end (the final transposed IP^-1) Is performed. This
Is also fixed. 64 bits with initial transposition
Data is divided into 32 bits each left and right, and the left half is
L₀, Right half is R₀Becomes This L₀And R₀To L₁₆When
R₁₆The processing shown in FIG.
Is In other words, the left and right
32 bits each L_n, R_nThen, L_n, R_n
Is represented by the following equation. L_n= R_n-1 R_n= L_n-1#F (R_n-1, K_nHere, # means exclusive OR of mod2 for each bit
Then K_nIs a 48-bit key input to the n-th stage, L_n-1
And R_n-1Is the output of the (n-1) th stage, and f is _n-1And K
_nIs a function that outputs 32-bit data using.
The details of f will be described later in (3).

(2) Decryption Processing Decryption processing from ciphertext to plaintext can be performed using exactly the same algorithm as encryption processing from plaintext to ciphertext. Decryption can be done by reverse conversion of encryption.
As described above, the final transposed IP ^-1 is the inverse of the initial transposed IP, and in each of the 16 stages, L _n-1 = R _n L _n-1 = R _n #f (L _n , K _n ), so as to obtain R _n-1 and L _n-1 , R _n ,
If L _n and K _n exist, the same function f can be used. Therefore, the decoding can be executed by performing the processing using the same K _n as used in the encryption in the conversion of each stage. Specifically, the cipher text input to the DES algorithm is converted into L ₁₆ and R ₁₆ by initial transposition 1P.
In the first stage, L ₁₅ and R ₁₅ are obtained using K ₁₆ ,
Then, using K ₁₅ to obtain L ₁₄ and R ₁₄ , 16
By performing the processing of the stage, L ₀ and R ₀ are obtained. Finally, L ₀ and R ₀
The final plaintext is output by performing the final transposition IP- ¹ on the composite of

(3) Encryption Function f (R, K) FIG. 26 shows a method for calculating the encryption function f (R, K).
In the DES encryption method, all parts other than f (R, K) are linear in binary arithmetic, but since the conversion of f (R, K) is non-linear, the encryption strength is increased. 32
The bits R are first rearranged by an expansion transpose E and some bits are duplicated and expanded to 48 bits. The 48 bits are subjected to an exclusive OR operation with the same 48-bit key K, and are divided into 8 sets of 6 bits each.
Is input to the box from ₁ to S _8. S ₁ to S ₈
Is a selection function or S-box, which is a substitution table that inputs 6 bits and outputs 4 bits. Four types of substitution tables are prepared in one S box, and correspond to row numbers 0, 1, 2, and 3 in the table, respectively. Which of the four types of substitution tables is used is determined by the first and last bits of the input 6 bits, and the central 4 bits of the input 6 bits are substituted according to the selected substitution table. Become. Output 32 from 8 S-boxes
The bits are then transposed P to provide the final output of f (R, K).

(4) Key Scheduling As shown in (1) to (3), a key requires 48 bits for each stage, and a key of 48 × 16 = 768 bits is practically used for all 16 stages. Required. To generate a key 16 48 bits from these K ₁ to K ₁₆ based on 56-bit key that is input to the DES algorithm (scheduling) is as follows. The input key of 64 bits including the parity bit is transposed (reduced key transposition PC-
According to 1), the transposition is performed and the parity bits are removed to be 56 bits. These 56 bits are also 2
The upper half 28 bits are C ₀ , and the lower half is D
It becomes ₀ . By shifting C ₀ and D ₀ sequentially to the left, C ₁ and D ₁ are sequentially generated from C ₁₆ and D ₁₆ . The key in the n-th stage is inputted with 56 bits consisting of C _n and D _n, and is transposed (key-reduced transposition PC-2) to obtain 4 bits.
It becomes 8 bits.

[0018]

As described above, in multimedia communication, the amount of information and required transmission quality greatly differ according to the type of information exchanged. Therefore, in multimedia communication, it is necessary to start communication after discussing the transmission speed and transmission quality between the transmitting side and the receiving side according to the type of information to be exchanged. However, in the conventional multimedia communication, no consideration has been given to adjustments such as negotiating the transmission speed and the transmission quality between the transmitting side and the receiving side according to the type of information exchanged. In particular, regarding the case where communication information is concealed by encryption, no consideration has been given to adjustment such as negotiating the processing speed of encryption and decryption between the transmitting side and the receiving side. Therefore, when there is a difference in the processing capability of the encryptor between the sender and the receiver, no consideration has been given to how to adjust between the sender and the receiver to realize the encrypted communication. Also, as described above, in the conventional encryption method, the number of plaintext blocks encrypted with the same key is limited to make it difficult to analyze the key, but in the past, the encryption processing speed of the encryptor was variable. Was not considered.

As described in the background art, the number s of blocks to be encrypted with the same key is determined depending on the encryption processing speed of the block cipher and the key generation speed. Therefore, when the key generation speed is constant and the encryption (decryption) processing speed of the block cipher is slow, s becomes small and the security increases. Conversely, if the encryption (decryption) processing speed of the block cipher is high, practicality increases, but s increases and security decreases. Also,
If the encryption (decryption) processing speed of the block cipher is constant,
If the key generation speed can be increased, s can be reduced, and security can be improved. Conversely, if the key generation speed can be reduced, the processing can be simplified instead of increasing s and lowering the security. Furthermore, if the encryption (decryption) processing speed and the key generation speed of the block cipher are both variable, cryptographic communication with more options and more freedom in trade-off between processing complexity and security can be realized. It becomes possible.

In the conventional method, it has not been considered that the encryption processing speed of the block cipher is made variable. For example, in the case of data such as a video which requires a large capacity and a high-speed real-time property. To speed up the encryption processing speed of block ciphers and achieve high-speed encryption communication even if the security of the encryption is somewhat sacrificed, In the case of data, the encryption processing speed of the block cipher is reduced to increase security, and secure encryption communication is realized.
I couldn't do that. Furthermore, in the conventional method, it was not considered that the key generation speed could be made variable. For example, especially for highly confidential data, the key generation speed was increased to realize encrypted communication with improved security. ,
I couldn't do that. The conventional cryptographic communication has the above problems.

An object of the present invention is to solve the above problems and to obtain an encryption communication device and an encryption device capable of changing the encryption processing speed.

[0022]

According to the present invention, there is provided an encryption communication apparatus for encrypting transmission data and decrypting received encryption data and performing communication, and at least one of the encryption and decryption. Changing means for changing a cryptographic processing speed, the cryptographic communication means comprising: an encryptor for performing encryption and decryption according to a predetermined algorithm; and a pseudorandom number generator for generating a pseudorandom number sequence by performing a predetermined operation. And a calculator for converting the pseudo-random number sequence output from the pseudo-random number generator to a key sequence of the encryptor, wherein the encryption key of the encryptor is updated by the key sequence generated by the calculator. Wherein the changing means changes at least one of a processing speed of the encryptor and a generation speed of the pseudo-random number sequence.

Another feature of the cryptographic communication apparatus of the present invention is that a square-type pseudorandom number generator is used as the pseudorandom number generator. According to another feature of the cryptographic communication device of the present invention, the changing unit includes a plurality of processing units that perform a part of a repetitive process in a process performed by at least one of the encryptor and the pseudorandom number generator, Selecting means for selecting the number of the plurality of processing means to be used.

Another feature of the cryptographic communication apparatus of the present invention is that a cryptographic communication means for encrypting transmission data and decrypting received encryption data and performing communication, and at least one of the encryption and decryption. And a changing means for changing an encryption processing speed of the clock, wherein the changing means uses a clock selecting means capable of selecting an arbitrary clock from a plurality of clocks having different frequencies.

An encryption device according to the present invention includes an encryption unit that performs at least one of encryption and decryption of a predetermined algorithm, and a change unit that changes the processing speed of the encryption unit without changing the algorithm. It is characterized by having.

[0026]

Since the encryption processing speed and the encryption strength can be changed, the changed encryption processing speed and the encryption strength are shared between the sender and the receiver prior to the transmission of the ciphertext, so that the encryption processing speed and the encryption strength are conventionally considered. It enables the selection of the processing speed of the encryption that was not available, and enables the encryption communication with a high degree of freedom.

Further, by changing at least one of the processing speed of the encryptor and the pseudo-random number generation speed by the changing means, the changed encryption processing speed and pseudo-random number generation speed of the encryptor can be changed before transmitting the ciphertext. By sharing between the sender and the receiver, it is possible to select a trade-off between encryption security and processing speed, which was not possible in the past, thereby enabling highly flexible encryption communication. In addition, thereby, even when there is a difference between the processing capability of the encryptor and the capability of the pseudorandom number generation speed between the sender and the receiver, the encrypted communication can be realized.

[0028]

EXAMPLES Examples 1 to 9 of the present invention will be described below, each of which has the following viewpoints. [Example 1] For a general encryption method, an encryption (decryption) speed is set by preparing a plurality of clocks. [Second Embodiment] An encryption (decryption) speed is set by preparing a plurality of circuits for performing a repetition process of an encryption process for a general encryption method. Third Embodiment For a general encryption method, a circuit for performing a repetition process of an encryption process is prepared, and an encryption (decryption) speed is set by selecting the number of times the repetition process is performed. Embodiment 4 The generation speed is set by preparing a plurality of clocks for the pseudo random number generator. Fifth Embodiment A generation speed is set by preparing a plurality of circuits for performing a repetition process of a generation process for a pseudo random number generator.

[Embodiment 6] Internal variables of a pseudo random number generator whose generation speed can be set can be read. [Seventh Embodiment] In contrast to the encryption system of the seventh embodiment, one of the pseudorandom number generator and the encryptor whose processing speed cannot be set is used. [Eighth Embodiment] An encryption (decryption) speed and a generation speed are set by preparing a plurality of clocks for an encryption system including a pseudo-random number generator, an arithmetic unit, and a block encryptor. Ninth Embodiment A means for setting an encryption (decryption) speed and a pseudo-random number generation speed is integrated with the encryption system of the seventh embodiment.

[Embodiment 1] In this embodiment, as shown in FIG. 1, an encryptor 30 for performing encryption (and decryption) according to an algorithm determined by a network, a communication interface 40, and an encryption speed setting Encrypted communication is performed using the communication terminal 60 provided with the device 50. The encryption device 30 can set the encryption speed by the encryption speed setting device 50. This can be realized, for example, by preparing a plurality of clocks having different frequencies as clocks for operating the encryptor 30, and selecting an operation clock from among them according to an externally set encryption speed.

FIG. 2 shows an example of the encryption speed setting device 50. The encryption speed setting device 50 of FIG. 2 includes t clock generators 51 and selectors 52. In CK _qi of the clock generator 51 generates a clock signal q _i. The clock signal q generated by each clock generator 51
_{1, q 2, ..., q} it is inputted to the selector 52, either by the subscriber to use the communication terminal 60 is selected. The selector 52 is controlled by a speed setting signal.

The communication interface 40 transmits information indicating the processing speed of encryption (decryption), the transmission message encrypted by the encryptor 30 to the transfer path, and information indicating the processing speed of encryption (decryption). This is a communication interface for receiving the transmission message encrypted by the encryptor 30 from the transmission path.

The encryption communication network shown in FIG. 21 is used. A unique and secret key is shared between network subscribers in advance. A, B, C, ..., N are the subscribers of the network, K _AB , K _AC , ... are the keys shared between the subscribers A and B, and the keys shared between the subscribers A and C, respectively. , .... Key sharing can be realized by a network administrator or the like setting a key in advance. Also, "Cryptography and Information Security"
(By Tsujii and Kasahara, published in 1990, Shokosha Co., Ltd., 7
2 to 73 and pages 97 to 104).

The cryptographic communication from the subscriber A to the subscriber B according to the present invention is performed in the following procedure. [Pre-procedure 1 of encrypted communication according to the present invention] The sender A sends information indicating the processing speed of the encryptor 30 to the receiver B via the communication interface 40. 2. Recipient B receives the encryptor 30 sent from sender A.
Receiving the information indicating the processing speed of the communication terminal 60 via the information communication interface 40 and using the communication terminal 60
Is confirmed to be capable of processing at the processing speed, and the start of the encrypted communication is acknowledged by the communication interface 40.
To the sender A via. When it is difficult to process at the processing speed, the possible processing speed is transmitted to the sender A via the communication interface 40. 3. The above procedure is repeated until the sender and the receiver agree on the processing speed of the encryptor 30.

In the preceding procedure 1, the information indicating the processing speed of the encryptor 30 is shown from the sender, but it is also possible to show the information from the receiver as follows. [Pre-procedure 2 of encrypted communication according to the present invention] The receiver B sends a request for information provision and information indicating the encryption processing speed of the information to the sender A via the communication interface 40. 2. The sender A receives a request for providing information and information indicating the processing speed of the encryptor sent from the receiver B via the information communication interface 40, and the communication terminal used by the sender A After confirming that the encryptor 30 at 60 can process at the processing speed, the acknowledgment of the start of the encrypted communication is transmitted to the receiver B via the communication interface 40. When it is difficult to process at the processing speed, the possible processing speed is transmitted to the receiver B via the communication interface 40. 3. The above procedure is repeated until the sender and the receiver agree on the processing speed of the encryptor 30.

The above procedure is effective when the sender does not know the processing speed that can be set on the receiving side, or when the receiver does not know the processing speed that can be set on the transmitting side. If the sender knows the processing speed that can be set on the receiving side,
Alternatively, if the receiver knows the processing speed that can be set on the transmission side, the above procedure 1. And the next encrypted communication can be started. Further, in a cryptographic communication network in which a key sharing scheme is negotiated between a sender and a receiver prior to cryptographic communication, in a key sharing protocol, not only information for key sharing but also processing speed information is used. It is possible to share. In such a case, the above procedure 1. To start encrypted communication.

Hereinafter, the procedure between the sender A and the receiver B will be continued with respect to the processing speed of encryption (decryption) of the encryptor 30. [Encryption communication procedure of data according to the present invention (related to sender A)] The processing speed is set to the one determined in the previous procedure by the speed setting signal. 2. The secret key K _AB shared with the receiver B is set in the encryptor 30 in advance. 3. The data is encrypted by the encryptor 30 and transmitted to B via the communication interface 40.

[Data Encryption Communication Procedure According to the Present Invention (Related to Recipient B)] The processing speed is set to the one determined in the previous procedure by the speed setting signal. 2. The secret key K _AB shared with the receiver A is set in the encryptor 30 in advance. 3. The encrypted data is received from the transmission line via the communication interface 40, and the encrypted data sent from A is decrypted by the encryptor 30.

According to the above procedure, the encryption processing speed can be selected with a high degree of freedom. In addition, the communication terminal 60
Even if there is a difference in the encryption processing capabilities of the above, the adjustment can be performed by the pre-procedures 1 and 2, and encrypted communication can be performed. Therefore, for example, when there is a difference in the capability of the communication terminal 60 between the transmitter and the receiver, when performing cryptographic communication of information having a high real-time property, the communication quality is lowered to reduce the amount of information, and the encryption processing speed is adjusted to the lower-capacity cryptographic processing speed. For encryption communication.

The pre-procedures 1 and 2 do not need to be performed for each communication. For example, this is not necessary when the processing speed is previously discussed between the transmitting and receiving parties and the encrypted communication is performed at the processing speed.

Each subscriber of the cryptographic communication network has a portable storage device 70 as shown in FIG. 20 for storing secret information such as a key of each user necessary for cryptographic communication. May be. The portable storage device 70 stores confidential information of each user required for encrypted communication.
In addition to the portable storage device, each user has a portable storage device. If a physically secure area can be secured for each user, the portable storage device 70 may be a part of the communication terminal 60. In that case, the communication terminal 60 that can be used for encrypted communication for each user You will be restricted. The communication terminal 60 and the portable storage device 70 are separated from each other,
By not storing the secret information of each user in 0, the user can exchange secret information of the user via his or her portable storage device 70 at any communication terminal 60 and use it for encrypted communication. Is convenient.

The portable storage device 70 is connected to the communication terminal 6.
0 can be exchanged via a secure communication path, and has a physically secure area as the holding means 71. Only the authorized owner can operate the portable storage device 70 normally, and it is determined whether or not the authorized owner is in accordance with an authentication procedure such as a password. Also,
Of the above shared keys, those related to the owner of the portable storage device 70 are held in the holding means 71. This portable storage device 70 can be realized by an IC card or the like. In all of the embodiments 2-9 described below, the portable storage device 70 can be used.

[Embodiment 2] In this embodiment, encrypted communication is performed using a communication terminal 60 as shown in FIG. In this embodiment, DES encryption is used as an encryption method for simplicity. Since the DES encryption is an algorithm that repeats the same process in 16 stages as described above, it is possible to repeat the process with the same circuit. For example, the DES shown in FIG.
If the processing for one stage of encryption is implemented as a circuit as one processing unit (processing unit: PE), the encryptor 30 capable of changing the processing speed as described below can be realized.

In this embodiment, the DES encryption circuit is constituted by using a plurality of circuits each having a selector at the input of each PE, so that the encryption (decryption) processing speed can be changed according to the required processing speed. In which an encryptor 30 is configured. FIG. 4 shows an example of the encryptor 30 capable of changing the processing speed according to the present invention. The encryptor 30 shown in FIG. 4 includes a processing circuit 31 for one stage of the DES encryption shown in FIG.
E (arithmetic element) is composed of two (PE3, PE4) and two selectors 32 (selector 3, selector 4). The selector 32 is controlled by a speed setting signal.

When it is desired to operate the encryptor 30 at a high speed, the encryption processing is performed using both of the two PEs. That is, at the start of the operation, the selector 3 selects the signal 3a, the selector 4 selects the signal 4b, and thereafter, the selector 3 selects the signal 3b and repeatedly uses PE3 and PE4 eight times.

When it is desired to operate the encryptor 30 at a low speed, the encryption processing is performed using one PE (PE4). That is, at the start of the operation, the selector 4 outputs the signal 4a.
After that, the selector 4 selects the signal 4c and repeatedly uses PE4 16 times. Selector 3 and PE3
Is not used. In this case, the time required for the DES encryption processing is almost twice as long as when two PEs are used, and the processing speed is reduced to almost half.

Alternatively, when operating at low speed, PE
It is also possible to perform encryption for different subscribers by using different keys in 3 and PE4. That is, at the start of the operation, the selector 3 selects the signal 3a, the selector 4 selects the signal 4a, and thereafter, the selector 3 selects the signal 3c, the selector 4 selects the signal 4c, and PE3 and PE4 are used 16 times each. At this time, if keys for different communication partners are set in PE3 and PE4, ciphertexts addressed to different subscribers can be obtained.

That is, the encryptor 3 is constructed by using a plurality of PEs.
0, and the processing path is determined according to the required processing speed, whereby the encryptor 30 capable of changing the processing speed can be realized. Although FIG. 4 shows a case where two PEs are used, the number of PEs is not particularly limited in the present invention.

The communication interface 40 can be the same as that of the first embodiment, and the one shown in FIG. 21 is used as the encryption communication network. The encryption communication from the subscribers A to B is performed in the same procedure as the procedure described in the first embodiment.
According to the present embodiment, similarly to the first embodiment, even when there is a difference in the encryption processing capability of the communication terminal 60 between the sender and the receiver,
Encrypted communication can be performed.

[Embodiment 3] In this embodiment, DES encryption is used as an encryption system for simplicity, and encrypted communication is performed using a communication terminal 60 as shown in FIG. Further, an encryptor 30 shown in FIG. 5 is used. The encryptor in FIG. 5 includes one PE 31 (PE) configured to perform one stage of processing of the DES encryption.
5) and one selector 32 (selector 5). The selector 32 is controlled by a speed setting signal.

High-strength encrypted communication using the encryptor 30 is realized by performing encryption processing using the PE 5 many times. That is, at the start of the operation, the selector 5
Selects the signal 5a, and thereafter, the selector 5 selects the signal 5a.
Select b and use PE5 repeatedly until the desired strength is obtained. For example, the DES cipher performs 16 steps of processing, so if it is desired to increase the strength over the DES cipher, set PE5 to 1
It may be used six or more times. However, the encryption processing speed decreases in inverse proportion to the number of times PE5 is repeatedly used.

The low-strength encrypted communication using the encryptor 30 can be realized by performing the encryption process by reducing the number of times the PE 5 is used. However, as the number of times PE5 is repeatedly used is reduced, the encryption processing speed is improved. For example, since the DES encryption performs 16 steps of processing, if it is desired to reduce the strength compared to the DES encryption, set PE5 to 1
It may be used repeatedly six times or less. In this case, DE
Encryption can be performed at a higher processing speed than S encryption. That is, the encryption strength and the processing speed can be changed by the speed setting signal 5 controlling the selector 5.

FIG. 5 shows the case where one PE is used, but the number of PEs is not particularly limited. The communication interface 40 can use the same one as in the first embodiment,
The encryption communication network shown in FIG. 21 is used.
The encryption communication from the subscribers A to B is performed in the same procedure as the procedure described in the first embodiment. According to the present embodiment, it is possible to perform encrypted communication in which the encryption strength of the communication terminal 60 can be selected between the transmitting and receiving parties.

[Embodiment 4] In this embodiment, a pseudo-random number generator 10 that can set a pseudo-random number generation speed by a generation speed setting device is used. As shown in FIG. 6, the pseudo-random number generator 10 according to the present embodiment can set the pseudo-random number generation speed by the generation speed setting device 13. This can be realized, for example, by preparing a plurality of clocks having different frequencies as clocks for operating the pseudorandom number generator 10 and selecting an operation clock from among them according to the setting of the pseudorandom number generation speed from the outside. it can.

FIG. 7 shows a production rate feeding device 13 according to the present invention.
An example is shown below. The generation speed setting device 13 shown in FIG. 7 includes u clock generators 13a and selectors 13b. The clock signal r is applied to CK _{ri of} the clock generator 13a.
Generate _i . Each clock generator clock signal r ₁ generated by _{13a, r 2, ..., r} u selector 13
b, and the subscriber using the communication terminal 60 selects one of them. The selector 13b is controlled by a speed setting signal.

The algorithm for generating the pseudo-random number sequence used in the present embodiment is not particularly limited, and any algorithm can be used. The case where the random number sequence generation algorithm is used, particularly the case where the square-type pseudo random number sequence is used, will be described below.

The square-type pseudo-random number sequence is a pseudo-random number sequence b ₁ , b ₂ ,... Generated by the following procedure. [Square-type pseudo-random number sequence] p and q are expressed as p≡q≡3 (mod
4) as a prime number, N = p · q, and an initial value x
_{0 (1 <x 0 <N} -1 becomes an integer) recursive formula ^{_{x i + 1 = x i 2}} modN (i = 0,1,2, ...) ......... (3) b i = lsb j (x i ) (I = 1, 2,...) (4) The bit sequences b ₁ , b ₂ ,. Here, lsb _j (x _i ) represents the lower j bits of x _i , and j = n when the number of bits of N is n.
O (log ₂ n).

The square-type pseudo-random number sequence is a pseudo-random number sequence that is computationally safe under the assumption that the problem of determining the quadratic residue in the modulus N is computationally difficult. In order to make the square-type pseudorandom number sufficiently secure, it is desirable that the number n of bits of the modulus N of the square operation expression (3) be about 512 bits. Further, keys (initial values of pseudo-random number generators) K _A , K _B ,.
, 1 <K _A , K _B ,... <N−1.

Pseudorandom for generating this square-type pseudorandom number sequence
The number generator 10 is shown in FIG. The pseudo-random number generator of FIG.
Is a processing circuit 14 for performing the feedback operation of the equation (3).
And a processing circuit 15 for performing the operation of equation (4).
The operation of the pseudo random number generator 10 is as follows. 1. Initial value x₀Is input to the pseudo random number generator. 2. From equation (3), x₁, X_Two, ..., x_iGenerate
You. 3. X generated₁, X_Two, ..., x_iFor the equation (4)
And the resulting b ₁, B_Two, ..., b_iWith pseudo-random numbers
And output.

Using the pseudo-random number generator 10 described above, an encryptor 30 whose processing speed can be set can be configured as shown in FIG. Encryptor 30 in the present embodiment
Is a stream encryption method, and the encryptor 30 in FIG. 9 includes the pseudorandom number generator 10 and the exclusive OR circuit 33.

When encryption is performed by using the encryptor 30, the cipher text is obtained by performing an exclusive OR for each bit between the input plain text and the pseudo random number sequence generated by the pseudo random number generator 10. can get. When performing decryption, a plaintext is obtained by taking an exclusive OR for each bit between the input ciphertext and the pseudo-random number sequence generated by the pseudo-random number generator 10 (the same sequence as when encrypted). .

In this embodiment, encrypted communication is performed using a communication terminal 60 as shown in FIG. As the communication interface 40, the same one as in the first embodiment can be used, and the encryption communication network shown in FIG. 21 is used. When using a stream cipher, a key shared in advance with a communication partner is used as an initial value for generating a pseudo-random number sequence.

The encryption communication from subscriber A to B is performed in the first embodiment.
The procedure is performed in the same manner as the procedure shown in FIG. However, the difference is that in the pre-procedures 1 and 2, "information indicating the processing speed of the pseudorandom number generator 10" is exchanged via the communication interface 40 instead of "information indicating the processing speed of the encryptor". According to the present embodiment, as in the first embodiment, even when there is a difference in the encryption processing capability of the communication terminal 60 between the sender and the receiver, the encrypted communication can be performed.

[Embodiment 5] In this embodiment, a pseudo random number generator 10 capable of setting a pseudo random number generation speed as shown in FIG. 11 is used. The pseudo-random number generator 10 of this embodiment can set the generation speed from outside. For example, the pseudo-random number generator 10 is described in Reference 3 “Remainder multiplication method by Montgomery method suitable for power-residue method and systolic array realizing it” (Megumi Iwamura, Tsutomu Matsumoto,
Hideki Imai, IEICE (A), Vol. 76, No. 8, p
p. 1214-1223, 1993. ) Can be realized. In this method, the pseudo-random number generator 10 is realized by a repetitive processing by a processing element (processing element: PE) 14 as shown in FIG. 11, and from a small-scale circuit (low-speed processing) to a large-scale processing in accordance with the number of PEs 14 to be used. It is shown that a circuit of a scale (high-speed processing) can be realized. PE shown in FIG.
14 is configured as shown in FIG. 12, and R1, R2,
.., A register indicated by R9, an adder 15, a multiplier 16
Consists of

Therefore, by previously constructing the pseudo random number generator 10 so as to repeatedly perform processing by a plurality of PEs, for example, when all of the PEs are operated, the pseudo random number can be generated at a high speed. Some P
It is possible to configure the pseudo random number generator 10 that can generate pseudo random numbers at a low speed when E is operated.

FIG. 15 shows an example of the pseudorandom number generator 10 according to the present invention which can change the processing speed. The pseudo random number generator 10 shown in FIG. 15 has two PEs (PE
1, PE2) 17 and two selectors (selector 1, selector 2) 18. The selector 18 is controlled by a speed setting signal.

When it is desired to operate the pseudo random number generator 10 at high speed, a pseudo random number is generated using both of the two PEs. That is, at the start of the operation, the selector 1 selects the signal 1a and the selector 2 selects the signal 2b. Thereafter, the selector 1 selects the signal 1b and repeatedly uses PE1 and PE2 as needed for the square type operation.

When the pseudo-random number generator is to be operated at a low speed, a pseudo-random number is generated using one PE (PE2). That is, at the start of the operation, the selector 2 selects the signal 2a, and thereafter, the selector 2 selects the signal 2c and repeatedly uses PE2 as necessary for the square type operation. The selector 1 and PE1 are not used. In this case, the time required for the square operation is almost twice as long as the case where two PEs are used, and the generation speed is almost halved.

Alternatively, when operating at low speed, PE
It is also possible to perform encryption for different subscribers with different keys in 1 and PE2. That is, at the start of the operation, the selector 1 selects the signal 1a, the selector 2 selects the signal a, and thereafter, the selector 1 selects the signal 1c, the selector 2 selects the signal 2c, and PE1 and PE2 are required for the square operation. Use as many times as possible. At this time, PE1, P
By setting keys for different communication partners in E2, ciphertexts addressed to different subscribers can be obtained.

In other words, the pseudo random number generator 10 is constituted by using a plurality of PEs, and the processing path is determined according to the required processing speed, whereby the pseudo random number generator 10 capable of changing the processing speed can be realized. . FIG. 15 shows a case where two PEs are used, but the number of PEs is not particularly limited.

FIG. 3 shows an encryptor 30 using the pseudorandom number generator 10 in this embodiment. In this embodiment, FIG.
The encrypted communication is performed using the communication terminal 60 shown in FIG.

As the communication interface 40, the same one as in the first embodiment can be used, and an encryption communication network shown in FIG. 21 is used. The encrypted communication from the subscriber A to the subscriber B is performed in the same procedure as the procedure described in the fourth embodiment. According to the present embodiment, similarly to the first embodiment, even when the encryption capability of the communication terminal 60 differs between the sender and the receiver,
Encrypted communication can be performed.

[Embodiment 6] In this embodiment, a pseudo random number generator 10 capable of setting a pseudo random number generation speed is used. In the fourth and fifth embodiments, since the key shared between the subscribers is fixed, the initial value of the pseudo random number generator 10 is always the same when the sender and the receiver are the same, and the same pseudo random number sequence is generated. Problem. Therefore, in the present embodiment, even if the sender and the receiver are the same, the initial value of the pseudo random number generator 10 is changed every time the pseudorandom number generator 10 is used, so that the security can be improved.

In the pseudo-random number generation procedure shown in the fourth embodiment (3), in equation (4), x _{i + 1} updated one after another by feedback operation is called an internal variable of the pseudo-random number generator 10. To Pseudo random number generator 10 of the present embodiment
Is composed of a processing circuit 19a for performing the feedback operation of Expression (3) and a processing circuit 19b for performing the operation of Expression (4) as shown in FIG. It is configured to read variables.
The read internal variables are stored in, for example, the holding unit 71 of the portable storage device 70 connected to the communication terminal 60 shown in FIG.
Is stored. In the fourth and fifth embodiments, the pseudo random number generator 10
Although the movement of data is in one direction only by setting an initial value to, the internal variable of the pseudo random number generator 10 can be read in the reverse direction in this embodiment. The read internal variable is used as the common key used for the next cryptographic communication.
Replacement is performed on the common key used for the current cryptographic communication.

FIG. 9 or FIG.
The processing speed can be made variable by replacing the pseudo random number generator 10 with the pseudo random number generator 10, and the encryptor 30 that can be changed every time the initial value of the pseudo random number generator 10 is used can be configured. Furthermore, the communication terminal 60 of FIG. 10 or FIG. 14 can be configured by using this encryptor.

According to the present embodiment, the encrypted communication from the subscriber A to the subscriber B is performed in the same procedure as the procedure shown in the fourth embodiment.
However, in the cryptographic communication procedure, both the sender and the receiver use the portable type as the new initial value for the next cryptographic communication with A (or B) using the value of the internal variable of the pseudo-random number generator when the decryption of the cryptographic data is completed Finally, the procedure of "keeping the information secret in the holding means of the storage device" is required.

According to this embodiment, as in the first embodiment,
Even when there is a difference in the encryption processing capability of the communication terminal 60 between the transmitting and receiving parties, encrypted communication can be performed.

[Embodiment 7] This embodiment relates to Embodiments 4, 5,
Pseudo random number generator 1 capable of setting processing speed described in 6
0, the pseudo-random number sequence generated by
This is a case where the present invention is applied to the encryption method used as a key sequence of an encryptor capable of setting the processing speed described in (1). This encryption method is the same as the encryption method described in the prior art (Yamamoto, Iwamura, Matsumoto,
Imai, "Practical Cryptography Using Squared Pseudorandom Number Generator and Block Cipher", IEICE Tech.
93-08), it is possible to set the processing speed of an encryptor and a pseudo-random number generator.

The pseudo random number generator 10 capable of setting the processing speed described in the fourth, fifth, and sixth embodiments, and the encryptor 30 capable of setting the processing speed described in the first, second, and third embodiments are optional. The above cipher system can be configured by the combination of. In the present embodiment, in particular, the pseudo-random number sequence generated by the pseudo-random number generator 10 capable of setting the processing speed described in the fourth embodiment is converted into the pseudo-random number sequence of the encryptor 30 capable of setting the processing speed described in the first embodiment. The case of using as a key sequence will be described.

In this embodiment, as shown in FIG. 17, an encryptor 30 that performs encryption (and decryption) according to an algorithm determined by a network, and a pseudorandom number that is computationally secure according to an algorithm determined by the network , A computing unit 20 that converts the pseudo-random number output from the pseudo-random number generator 10 into a key sequence of an encryptor 30, a communication interface 40, an encryption speed setting device 50, and a generation speed Communication terminal 6 including setting device 13
0 is used.

The encryption speed setting device 50 shown in FIG. 2 is used. This allows the encryption device to set the processing speed from outside. The generation speed setting device 13 uses the one shown in FIG. Thereby, the pseudorandom number generator 1
Reference numeral 3 indicates that the processing speed can be set from outside.

Further, as described in the background art, the arithmetic unit 20 converts the pseudo-random number sequence output from the pseudo-random number generator 10 into a key sequence of an encryptor. Therefore, the processing speed of the arithmetic unit 20 also needs to change in proportion to the processing speed of the pseudorandom number generator 10. Therefore, the clock signal selected by the generation speed setting device 13 also changes the processing speed of the arithmetic unit 20. Further, by selecting and combining both the clocks of the encryption speed setting device 50 and the generation speed setting device 13,
More flexibility.

The communication interface 40 is the same as that used in the first embodiment, and the encryption communication network shown in FIG. 21 is used.

The encryption communication from subscriber A to B is performed in the following procedure. The pre-procedure is the same as in the first embodiment, and will not be described.
However, in the previous procedure, “information indicating the processing speed of the encryptor 30 and the processing speed of the pseudo-random number generator 10” is exchanged via the communication interface 40 instead of “information indicating the processing speed of the encryptor 30”. Is different. Sender A
And the receiver B decides on the processing speed for encryption (decryption) of the encryptor 30 and the pseudo-random number generation speed, and the procedure is continued.

[Data Encryption Communication Procedure According to the Present Invention (Related to Sender A)] Encryptor 30 and pseudo-random number generator 1 based on speed setting signal
The processing speed of 0 is set to that determined in the previous procedure. 2. A secret key K _AB shared and held in advance with the receiver B is set in the pseudo random number generator 10 as an initial value x ₀ . 3. The pseudo-random number generator 60 is operated to generate a pseudo-random number sequence that is safe in terms of computational complexity. 4. The pseudo-random number sequence generated by the arithmetic unit 20 is converted into a key sequence of an encryptor. 5. The key string output from the arithmetic unit 20 is updated and used as a key of the encryptor 30 to encrypt the data by the encryptor 30 and transmit the data to B via the communication interface 40.

[Data Encryption Communication Procedure According to the Present Invention (Related to Recipient B)] Encryptor 30 and pseudo-random number generator 1 based on speed setting signal
The signal of 0 is set to the one determined in the previous procedure. 2. The secret key K _AB shared and held in advance with the sender A is set in the pseudo random number generator 10 as an initial value x ₀ . 3. The pseudorandom number generator 10 is operated to generate a pseudorandom number sequence that is safe in terms of computational complexity. 4. The pseudo-random number sequence generated by the arithmetic unit 20 is
Convert to a key string of 0. 5. The encrypted data is received from the transmission path via the communication interface 40, and the key string output from the arithmetic unit 20 is updated and used by the encryptor 30 as a key of the encryptor 30, and the A
Decrypts the encrypted data sent from.

According to the above procedure, a trade-off between encryption security and processing speed can be selected with a high degree of freedom. However, when the one shown in the sixth embodiment is used as the pseudo-random number generator 10, in the cryptographic communication procedure, both the sender and the receiver are asked "the value of the internal variable of the pseudo-random number generator 10 when the decryption of the encrypted data is completed." Is secretly held in the holding means 71 of the portable storage device 70 as a new initial value for the next cryptographic communication with A (or B) ".

Further, even in the case where there is a difference in the capability of the communication terminal 60 between the transmitting and receiving parties, the adjustment can be performed in the pre-procedures 1 and 2, and the encrypted communication can be performed. Therefore, the processing speed of the encryptor and the pseudo random number generation speed can be selected according to the confidentiality of the data. For example, in the case of highly confidential data, it is desirable that the processing speed of the encryptor 30 be substantially the same as the generation speed of the pseudorandom number which is secure in terms of computational complexity.

The above procedure of the sender 4. And receiver's procedure 4. In the above method, the obtained pseudo random number sequence is divided into key bit lengths (56 bits) of the DES encryption by the arithmetic unit 20 and used as a key of the DES encryption as a key bit length of the DES encryption before the pseudo random number sequence. (56 bits)
There is a method in which the DES encryption key is divided and used as keys of the DES encryption in order. In addition, a pseudo random number sequence is
Any method may be used as a method for converting to a key string of the S cipher as long as it is common to a network that performs cipher communication. In addition, it is not necessary to use a common method for the entire cryptographic communication, but it is sufficient if the common method is used between the transmitting and receiving parties. Although the modulus N of the square operation is 512 bits, the number of bits is not limited.

In this embodiment, the DES encryption is used. However, the invention is not limited to the DES encryption, and any common key encryption can be used. For example, the FEAL encryption can be used. Further, although one DES encryptor is used in the encryptor 30, a plurality of DES encryptors may be used, or the DES encryption and the FEAL encryption may be combined. Furthermore, although a square-type pseudorandom number is used as an algorithm for generating a pseudorandom number which is computationally safe, any pseudorandom number generation algorithm which is computationally safe can be used. RSA, as shown in
An algorithm using cryptography, discrete logarithm, or reciprocal encryption can also be used for the pseudorandom number generation algorithm of the present invention.

[Embodiment 8] In Embodiment 7, Embodiment 4
A case has been described in which the pseudo random number generator 10 capable of setting the processing speed described in 5 and 6 is combined with the encryptor 30 capable of setting the processing speed described in the first, second, and third embodiments. Pseudo-random number generator 10 capable of setting processing speed described in Embodiments 4, 5 and 6, and encryptor 3 having constant processing speed
0, or a combination of the encryptor 30 capable of setting the processing speed described in the first, second, and third embodiments and the pseudorandom number generator 10 having a constant processing speed. The encryption method used is also included in the present invention.

In the present embodiment, in particular, the case where the pseudo-random number sequence generated by the pseudo-random number generator 10 having a constant processing speed is used as the key sequence of the encryptor 30 capable of setting the processing speed described in the first embodiment. explain. In this embodiment,
An encryptor 30 that performs encryption (and decryption) according to an algorithm determined by a network as shown in FIG.
And a pseudorandom number generator 10 for generating a computationally safe pseudorandom number according to an algorithm determined by the network
And a computing unit 20 that converts a pseudo random number output from the pseudo random number generator 10 into a key sequence of the encryptor 30, a communication interface 40, and a communication terminal 60 including an encryption speed setting device 50. Performs encrypted communication.

The encryption speed setting device 50 shown in FIG. 2 is used. Thus, the processing speed of the encryptor 30 can be set from the outside. Communication interface 40
Uses the same one as in the first embodiment, and uses the one shown in FIG. 21 as the encryption communication network. The encryption communication from the subscriber A to the subscriber B is performed in the same procedure as the procedure shown in the seventh embodiment. However, in the previous procedure, only “information indicating the processing speed of the encryptor 30” is exchanged via the communication interface 40 instead of “information indicating the processing speed of the encryptor 30 and the processing speed of the pseudorandom number generator 10”. Is different.

Ninth Embodiment In the seventh embodiment, the encryption speed setting device 50 in FIG. 2 and the generation speed setting device 13 in FIG. 7 are considered as independent devices. In this embodiment, as shown in FIG. In addition, both are configured as an integrated speed setting device 80. The speed setting device 80 in FIG. 19 includes v clock generators 81 and selectors 82. CK _{pi of the} clock generator 81 generates a clock signal p _i .
The clock signals p ₁ , p ₂ ,..., P _v generated by each clock generator 81 are input to the selector 82. The selector 82 has two outputs, one of which is used as an operation clock of the encryptor 30, and the other is used as an operation clock of the pseudorandom number generator 10 and the arithmetic unit 20. The selector 82 is controlled by the subscriber using the communication terminal 60 according to the speed setting signal, and two of the three inputs are selected. With the configuration shown in FIG. 19, the encryption speed setting device and the generation speed setting device can be integrated.

[0095]

As described above, according to the present invention, the encryption processing speed and encryption strength can be changed between the transmitting and receiving parties performing the encryption communication. By sharing between the sender and the receiver prior to the transmission of the ciphertext, it is possible to select a trade-off between the security of the encryption and the processing speed, which has been impossible in the past, and it is possible to perform the encryption communication with a high degree of freedom. In addition, even when the sender and the receiver have different processing capabilities of the encryptor and the pseudo-random number generator, encrypted communication can be performed.

[Brief description of the drawings]

FIG. 1 is a block diagram of a communication terminal according to a first embodiment of the present invention.

FIG. 2 is a block diagram of an encryption speed setting device for an encryptor according to Embodiments 1 and 7 of the present invention.

FIG. 3 is a block diagram of a communication terminal according to Embodiments 2 and 3 of the present invention.

FIG. 4 is a block diagram of an encryptor capable of setting an encryption speed according to a second embodiment of the present invention.

FIG. 5 is a block diagram of an encryptor capable of setting an encryption strength and a processing speed according to a third embodiment of the present invention.

FIG. 6 is a block diagram of a pseudo random number generator capable of setting a processing speed by a generation speed setting device according to a fourth embodiment of the present invention.

FIG. 7 is a block diagram of a generation speed setting device according to Embodiments 4 and 7 of the present invention.

FIG. 8 is a block diagram of a square-type pseudo random number generator according to Embodiment 4 of the present invention.

FIG. 9 is a block diagram of an encryptor capable of setting an encryption speed according to a fourth embodiment of the present invention.

FIG. 10 is a block diagram of a communication terminal according to Embodiment 5 of the present invention.

FIG. 11 is a block diagram of a pseudo random number generator using a PE according to a fifth embodiment of the present invention.

FIG. 12 is a block diagram of a PE according to a fifth embodiment of the present invention.

FIG. 13 is a block diagram of an encryptor capable of setting an encryption speed according to a fifth embodiment of the present invention.

FIG. 14 is a block diagram of a communication terminal according to Embodiment 5 of the present invention.

FIG. 15 is a block diagram of a pseudo random number generator capable of setting a generation speed according to a fifth embodiment of the present invention.

FIG. 16 is a block diagram of a square-type pseudorandom number generator according to Embodiment 6 of the present invention.

FIG. 17 is a block diagram of a communication terminal according to Embodiment 7 of the present invention.

FIG. 18 is a block diagram of a communication terminal according to an eighth embodiment of the present invention.

FIG. 19 is a block diagram of a speed setting device according to a ninth embodiment of the present invention.

FIG. 20 is a block diagram of a portable storage device according to Embodiments 1 to 9 of the present invention.

FIG. 21 is a configuration diagram of a common key encryption communication network.

FIG. 22 is a block diagram of a pseudo random number generator according to a conventional example.

FIG. 23 is a configuration diagram showing an encryption method according to a conventional example.

FIG. 24 is a block diagram illustrating DES encryption processing.

FIG. 25 is a block diagram showing processing for one stage of the DES encryption.

FIG. 26 is a block diagram illustrating a process of calculating a cryptographic function.

[Explanation of symbols]

 Reference Signs List 10 pseudo-random number generator 13 generation speed setting device 20 arithmetic unit 30 encryptor 40 communication interface 50 encryption speed setting device 60 communication terminal 80 speed setting device

Claims (5)

(57) [Claims] 1. An encryption communication means for encrypting transmission data and decrypting received encryption data and performing communication, and a changing means for changing at least one of the encryption processing speed and the encryption processing speed, The cryptographic communication means includes an encryptor that performs encryption and decryption according to a predetermined algorithm, a pseudorandom number generator that generates a pseudorandom number sequence by performing a predetermined operation, and a pseudorandom number output from the pseudorandom number generator. An arithmetic unit for converting a random number sequence into a key sequence of the encryptor; and updating the encryption key of the encryptor with the key sequence generated by the arithmetic unit. An encryption communication device, wherein at least one of a processing speed and a generation speed of the pseudo-random number sequence is changed. 2. The cryptographic communication apparatus according to claim 1, wherein a square-type pseudo-random number generator is used as said pseudo-random number generator. 3. The changing means includes: a plurality of processing means for performing a part of a repetitive processing in processing performed by at least one of the encryptor and the pseudo-random number generator; 2. The encryption communication device according to claim 1, further comprising a selection unit for selecting. 4. An encryption communication means for encrypting transmission data and decrypting received encryption data and performing communication, and changing means for changing at least one encryption processing speed of the encryption and decryption, An encryption communication device according to claim 1, wherein said changing means uses clock selecting means capable of selecting an arbitrary clock from a plurality of clocks having different frequencies. 5. An image processing apparatus comprising: an encryption unit that performs at least one of encryption and decryption of a predetermined algorithm; and a change unit that changes a processing speed of the encryption unit without changing the algorithm. Encryption device.