JPH09233065A - Ciphering device and ciphering method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To conduct ciphering processing without mistake by decoding an outputted ciphering text data and comparing the decoded text data with received plain text data. SOLUTION: A ciphering section 2 ciphers plain text data received from an input terminal t1 with a prescribed ciphering algorithm and outputs the resulting data as ciphering data from an output terminal t2. The ciphered text data are fed also to a decoding section 3. The decoding section 3 decodes the ciphering text data and gives the decoded text data to a comparator 5. A delay section 4 delays the plain text data received from the input terminal t1 by a prescribed timing and outputs the data to the comparator 5. The comparator 5 compares the decoded text data with the plain text data. When the plain text data and the decoded text data are dissident, the comparator 5 provides an output of a dissidence signal to a control section 6. Upon the receipt of this signal, the control section 6 stops the transmission of the ciphering device 1.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an encryption method and device for encrypting plaintext, and a decryption method and device for decrypting ciphertext.

[0002]

2. Description of the Related Art It has been conventionally known to encrypt information in order to keep information confidential in communication, recording and the like.
In this encryption, information is encrypted so that it does not make sense, and the encrypted information is transmitted or recorded on a recording medium or the like. Then, the encrypted information is received and decrypted to obtain the original information. Such encryption / decryption is roughly classified into a secret key cryptosystem (conventional key cryptosystem) and a public key cryptosystem. The secret key cryptosystem uses the same key for encryption and decryption, and the encryption side and the decryption side have the same key in secret. On the other hand, the public key cryptosystem is a system in which different keys are used on the encryption side and the decryption side, and the encryption side key is made public, but the decryption side key is not made public.

As one of the conventional key cryptosystems for such an encryption / decryption system, DE, which is a standard system in the United States, is used.
An encryption algorithm of the S (Data Encryption Standard) system is known. In this DES method, the cryptographic algorithm is made public and the cryptographic strength is maintained only by the cryptographic key. Even if a cryptographic algorithm is made public, if it does not have an encryption key, the amount of calculation for decryption will be enormous, and even if a high-speed arithmetic device is used, it is expected to take hundreds or thousands of years or more. Because it is. By the way, basically, encryption is performed by combining transposition for changing the order of characters and substitution for replacing one character with another according to a certain rule. Then, the encryption algorithm and the encryption key indicate in what order characters are to be exchanged and which characters are to be replaced.

By the way, there are various types of cryptographic algorithms, not limited to DES, and a system having higher security and higher speed has been developed. As an example of this, US Pat. No. 4,982,429, US Pat.
The encryption method (MULTI2 method) described in Japanese Patent No. 3,479 and Japanese Patent Laid-Open No. 1-276189 is known. The International Organization for Standardization (ISO) also has an encryption method registered as ISO9979 / 0009 and an encryption use mode registered as ISO / IEC10116.

In the above-mentioned MULTI2 encryption method,
Input data size is 64 bits, output data size is 6
A 4-bit work key of 256-bit size for encryption and a system key of 256-bit size,
It is generated from a 64-bit size data key. Also,
The number of encryption steps is a positive integer step. FIG. 6 shows a schematic configuration of the encryption algorithm in this MULTI2 system.
As shown in FIG. 6, the MULTI2 system generates a 256-bit work key Kw by executing an encryption algorithm using a 64-bit data key Ks and a 256-bit system key J. This is called a key schedule process, and this key schedule process is executed by the cryptographic algorithm executing means C. The generated work key Kw is encrypted by encrypting the plaintext of the 64-bit block supplied to the encryption algorithm execution means F and input. The cryptographic algorithms executed by the cryptographic algorithm executing means C and the cryptographic algorithm executing means F can be the same cryptographic algorithm.

[0006] Such encryption is a basic encryption algorithm of the MULTI2 system. In this method, the distribution of the frequency of occurrence of characters or words is statistically processed in advance, and the character string of the obtained encrypted text is obtained. The plaintext may be estimated (deciphered) by matching the pattern frequency distribution. Therefore, there is a method of creating an encrypted text by calculating the exclusive OR of the encrypted 64-bit cipher block and the next input 64-bit input data. CBC (Ciph
er Block Chaining) mode. In addition, in the above-mentioned cryptographic algorithm execution means F, such a cryptographic algorithm in the CBC mode is executed.

There is a communication system in which the unit of data to be communicated is predetermined such as packet communication, but in the block encryption system in which 64 bits are one block, the number of bits of one block is When a data unit that cannot be divided is input, fractional data that is less than one block is generated. Therefore, the rounding process is OF
Processing is performed in B (Output Feedback) mode. That is, when the data has a fractional part, the fractional part of the data is supplied to the encryption algorithm executing means G,
The OFB mode is set so that the random number generated using the work key Kw is used for encryption. This gives 6
It becomes possible to obtain a ciphertext of data which is less than 64 bits when 4 bits are set as one block. In addition,
The CBC mode and the OFB mode are called the encryption use mode.

Further, FIG. 7 shows a schematic structure of a decoding algorithm in the MULTI2 system. As shown in FIG. 7, 64
A 256-bit work key Kw is generated by executing an encryption algorithm using the 256-bit system key J for the bit data key Ks. The generation of this work key is performed by the key schedule process of the same encryption algorithm as the encryption side. This cryptographic algorithm is executed by the cryptographic algorithm executing means c. The generated work key Kw is supplied to the decryption algorithm executing means f and the input 64-bit ciphertext is decrypted.

In this decryption algorithm, the substitution and transposition algorithms in the encryption algorithm of the encryption algorithm executing means F are performed in the reverse order. The ciphertext encrypted in the OFB mode is supplied to the encryption algorithm executing means g and decrypted by using the random number generated using the work key Kw. As a result, one block of 64-bit ciphertext can be decrypted to obtain a 64-bit block of plaintext. Further, the decryption algorithm executing means f is CBC.
It is designed to perform mode decryption algorithms.

Here, the encryption use mode will be described with reference to FIG. 8. FIG. 8A shows a schematic configuration of encryption / decryption in the CBC mode, and FIG. 8B shows an OFB mode. 2 shows a schematic configuration of encryption / decryption of. In the CBC mode, as shown in FIG. 8A, the i-th plaintext block M (i) is input to the exclusive OR circuit 101 and is delayed by the register (REG) 103 to be fed back by one block. The exclusive OR with the ciphertext block C (i-1) is calculated. The calculated data is encrypted by the encryption algorithm executing means 102 with the work key generated based on the data key Ks. The encrypted i-th ciphertext block C (i) can be expressed as C (i) = EKs (M (i) .EOR.C (i-1)). However, EKs (m) means that m is encrypted with Ks, and EOR indicates that an exclusive OR operation is performed.

Then, the ciphertext block C (i) is transmitted and received at the receiving side. The received ciphertext block C (i) is decrypted by the decryption algorithm executing means 111 using the work key generated based on the data key Ks, and is supplied to the exclusive disjunction circuit 113. The exclusive OR circuit 113 has a register (RE
G) The delayed ciphertext block C (i-1) one block before is input in 112, and the exclusive disjunction of the two is calculated. At this time, the data keys Ks on the transmitting side and the receiving side are equal to each other, whereby the i-th plaintext block M (i) is decrypted by the exclusive OR circuit 113. The i-th plaintext block M (i) can be expressed as follows. M (i) = DKs (C (i) .EOR.C (i-1)) where DKs (c) indicates that Ks decrypts c.

In the OFB mode, the i-th plaintext block M (i) is supplied to the exclusive OR circuit 105. The exclusive OR circuit 105 is supplied with the output of the encryption algorithm executing means 104 which is randomized by the work key generated based on the data key Ks. The output of the cryptographic algorithm executing means 104 is delayed by one block by the register 103 and returned to the cryptographic algorithm executing means 104. As a result, the exclusive OR circuit 105 outputs the ciphertext block C (i) encrypted by the random number.

Then, this ciphertext block C (i) is transmitted and received at the receiving side. The received ciphertext block C (i) is supplied to the exclusive disjunction circuit 114. The exclusive OR circuit 114 is supplied with a randomized output using a work key generated based on the data key Ks in the encryption algorithm executing means 115. The output of the encryption algorithm executing means 115 is delayed by one block in the register (REG) 112 and returned to the encryption algorithm executing means 115. In this case, the random number supplied to the exclusive OR circuit 114 is equal to the random number supplied to the exclusive OR circuit 105, whereby the i-th plaintext block M ( i) is obtained.

FIG. 9 shows a schematic configuration of the encryption / decryption system having the encryption use mode described above. In this figure, the sender has a scrambler 10 for encrypting data.
0 is provided, and the input data is scrambled, that is, encrypted by the scrambler 100 and transmitted. The scrambled transmission data is propagated through a transmission path such as space and is received by the receiving side. On the receiving side,
The descrambler 110 is provided, and the transmission data scrambled by the descrambler 110 is descrambled, that is, decrypted, restored to the original data, and output.

The scrambler 100 is a CBC mode cipher including an Encryptor 102 which is an encryption algorithm executing means for encrypting input data (plain text), a register 103, and an exclusive OR circuit (EX-OR) 101. Encryption unit and Encryptor, which is the means for executing cryptographic algorithms
104 and an OFB mode encryption unit including an exclusive OR circuit (EX-OR) 105. In addition,
Encrypto that generates work key from data key and system key
r 106 is also included in the scrambler 100. The generated work key is supplied to the Encryptor 102, 104. By the way, Encryptor 102, Encryptor 10
4. The Encryptor 106 can have the same encryption algorithm, so one Encryptor can generate three Encr
Can also be used as yptor. The operations of the CBC mode encryption unit and the OFB mode encryption unit are as described above, and will not be repeated here.

The descrambler 110 provided on the receiving side is a decryption algorithm executing means for decrypting the received data (ciphertext) that has been input.
, The register 112, and the exclusive OR circuit (EX-O
R) 113, a CBC mode decryption unit, an encryption algorithm executing means, Encryptor 115, and an exclusive OR circuit (EX-OR) 114, an OFB mode decryption unit. An Encryptor 116 for generating a work key from the data key and the system key is also provided in the descrambler 110. The generated work key is supplied to the Decryptor 111 and the Encryptor 115. Since the Encryptor 115 and Encryptor 116 can have the same encryption algorithm, one En
Two Encryptors can be shared by cryptor. The operations of the CBC mode decoding unit and the OFB mode decoding unit are the same as described above, and will not be repeated here.

[0017]

By the way, in the scrambler / descrambler shown in FIG. 9, since the transmission data encrypted on the transmission side is transmitted to the reception side as it is, the scrambler / descrambler is applied to, for example, a broadcasting system. When used, if a problem occurs in the scrambler and some or all of the transmission data is destroyed, the transmission data (reception data) cannot be decoded by the receiving device arranged in each home, for example. May occur. This is because the higher the secrecy of the algorithm of the encryption device, the greater the degree of contribution that a defect in a small portion has on the entire transmission data. In addition, for example, MPEG (Motion Picture Exp)
In the case of transmitting data encoded by a high compression encoding method such as erts Group), propagation of erroneous data will continue.

Therefore, an object of the present invention is to provide an encryption device and method capable of performing error-free encryption processing.

[0019]

SUMMARY OF THE INVENTION The present invention has been made to solve the above problems, and outputs plaintext data by inputting plaintext data and performing a cryptographic process of a predetermined cryptographic algorithm. In the encryption device, the encryption means for encrypting the plaintext data and outputting the ciphertext data, and the ciphertext data output from the encryption means is subjected to a deciphering process of a predetermined deciphering algorithm to decipher the deciphered text data. Decryption means for outputting, delay means for delaying and outputting the plaintext data according to the processing time of the encryption means and the decryption means, plaintext data output from the delay means, and the decryption means An encryption device is provided with a comparison means for comparing the decrypted text data that is decrypted and output.

As an encryption method, the plaintext data is encrypted to generate ciphertext data, and the ciphertext data is decrypted by a predetermined decryption algorithm to generate decrypted text data. The plaintext data delayed according to the decryption processing time is compared with the decrypted text data, and the cryptographic processing is controlled according to the result.

According to the present invention, when a problem occurs in the encryption device and correct encryption cannot be performed,
This error can be detected on the encryption device side by comparing the input plaintext data with the plaintext data that has been encrypted and then decrypted. Therefore, it becomes possible to prevent the transmission of the destroyed data. In addition, if it is detected that the ciphertext has not been properly encrypted, it is possible to switch to a standby device prepared in advance, so that it is possible to prevent erroneous transmission data from being continuously transmitted. become able to.

[0022]

Embodiments of the present invention will be described below. FIG. 1 is a block diagram showing an outline of the configuration of the encryption device of this embodiment. An encryption device (scrambler) 1 surrounded by a one-dot chain line inputs a plaintext data of 64-bit block which is normal data (for example, characters, images, etc.) and encrypts it with a predetermined encryption algorithm. It is configured to output data. The encryption device 1 is composed of, for example, an encryption unit 2, a delay unit 3, a decryption unit 4, a comparator 5 and the like.

The encryption unit 1 encrypts the plaintext data input from the input terminal t1 by a predetermined encryption algorithm and outputs it as ciphertext data from the output terminal t2. The ciphertext data encrypted here is also supplied to the decryption unit 3. The encryption unit 1 is configured to perform the same processing as the transmitting side described above with reference to FIG. That is, 6
A 256-bit work key is generated by executing a cryptographic algorithm using a 4-bit data key and a 256-bit system key, and plaintext data is encrypted using this work key (CBC mode). When the data has a fractional part, the fractional part of the data is supplied to the encryption algorithm executing means G and encrypted using the random number generated using the work key Kw (OFB mode).

The decryption unit 3 is configured to decrypt the ciphertext encrypted by the encryption unit 1 and supply it to the comparator 5. Here, similarly to the encryption unit 1, a 256-bit work key is generated by executing an encryption algorithm using a 64-bit system key for a 64-bit data key, and the encrypted data is decrypted using this work key. Turn (C
BC mode). In the case of the OFB mode, the decryption is performed using the random number generated by using the work key, which is supplied to the cryptographic algorithm executing means g.

The delay unit 4 is configured to delay the plaintext data input from the input terminal t1 by a predetermined timing and output the plaintext data to the comparator 5. Then, the comparator 5 compares the decrypted text data decrypted by the decryption unit 3 with the plaintext data input from the input terminal t1, and outputs a determination signal as to whether the plaintext data and the decrypted text data match. Output. This discrimination signal is shown in FIG.
As described with reference to FIG. 3, it is supplied to, for example, a control unit that controls the operation of the encryption device 1 or a control unit that controls and controls the system on the transmission side. Therefore, if the plaintext data and the decrypted text data do not match, for example, it is considered that the encryption device 1 has a problem, and it is possible to continue the transmission by switching to a standby device prepared in advance and performing the encryption process. Become.

The structure of plaintext data and ciphertext data used in this embodiment is, for example, an MPEG transport stream (Trans Port Stream ... simply TS). This TS has a packet structure of 188 bytes, and is usually 184 after the header of 4 bytes.
The byte payload follows. In addition, since a parity for error correction is added to the transmission error, a 16-byte dummy period is provided, and the header, the payload, and the dummy are repeated streams.

In the header of this TS, PID (Packet Identification) information indicating whether the packet is composed of video data, audio data, or another data string. , Or TSC (Transp
ort Scrambling Control) information and other packet attribute information.

FIG. 2 is a diagram for explaining in detail one configuration example of the encryption device 1. The encryption unit 2 has a data table, a key table 2a in which a system key is written, and an encryption L formed by having the encryption algorithm shown on the transmission side in FIG.
It is composed of SI2b. The key table 2a is supplied with an address, key data and the like from the control unit 6,
256-bit system key, initial value of register in CBC mode and OFB mode (64 bits), and data key corresponding to all PIDs (64 bits x PID)
Number) is set.

Plaintext data is input to the encryption LSI 2b from the input terminal t1, the 13-bit PID included in the header of the TS is detected, and it corresponds to this PID.
The 4-bit data key is read from the key table 2a. The system key is supplied from the control unit 6 to the encryption LSI 2b through a path (not shown) at the time of initial processing executed when the power is turned on. The normal encryption side has a table of data keys corresponding to all PIDs.

Similar to the encryption unit 2, the decryption unit 3 has a key table 3a in which a data key and a system key are written, and a decryption LSI 3b formed by having the decryption algorithm shown on the receiving side in FIG. It is composed by. Similarly to the key table 2a, an address and key data are supplied to the key table 3a from the control unit 6, and the 256-bit system key, the initial value (64 bits) of the register in the CBC mode and the OFB mode, and all PI
A data key (64 bits × PID number) corresponding to D is set.

The ciphertext data output from the encryption LSI 2b is input to the decryption LSI 3b, the 13-bit PID included in the header of the TS output as the ciphertext data is detected, and this PID is detected. The corresponding 64-bit data key is read from the key table 3a.

On the other hand, the plaintext data input from the input terminal t1 is input to the encryption unit 2 and, for example, FI.
The signal is delayed by the delay unit 4 configured by FO (First in First Out) and supplied to the comparator 5. The delay amount here is the sum of the delay amount according to the processing time of the encryption LSI 2b and the delay amount according to the processing time of the decryption LSI 3b. Therefore, since the plaintext data and the decoded text data input to the comparator 5 are in phase with each other, all the data other than the TSC flag period included in the TS header match.

When it is determined that the plaintext data and the decrypted text data do not match, the comparator 5 outputs a mismatch signal to notify the control unit 6 that a problem has occurred in the encryption control of the encryption device 1. Will be done. When the control unit 6 receives this inconsistency signal, for example, it stops the transmission of the encryption device 1 or outputs a control signal to, for example, a backup device or the like not shown in this figure to encrypt the backup device. It becomes possible to switch the chemical processing. As a result, even if a problem occurs in the encryption device 1, it becomes possible to shift to the standby device, perform the encryption process, and continue the transmission.

Next, another embodiment will be described with reference to FIG. In the other embodiments, as in the above-described embodiments, the key table 2a is supplied with an address, key data, etc. from the control unit 6, a 256-bit system key, and an initial value (64 bits) of a register in the CBC mode and the OFB mode. ), And data keys (64 bits × PID number) corresponding to all PIDs are set.

Plaintext data is input to the encryption LSI 2b from the input terminal t1, a 13-bit PID included in the header of the TS is detected, and 6 bits corresponding to this PID are detected.
The 4-bit data key is read from the key table 2a. The system key is supplied from the control unit 6 to the encryption LSI 2b through a path (not shown) at the time of initial processing executed when the power is turned on. The normal encryption side has a table of data keys corresponding to all PIDs.

Further, the decryption LSI 3b has the key table 2a.
The data bus is connected so that the system key, the register initial value, and the data key can be referred to from. Also, the encryption LSI 2b and the decryption LSI 3b are connected by a data bus, the timing at which the encryption LSI 2b refers to the system key is SKENBN, the timing at which the register initial value is referred to is RVENBN, and the timing at which the data key is referred to is DKENBN. At this timing, the data key is written in the key table 3b of the decryption LSI 3b.

Decryption L from the encryption LSI 2b in this case
The timing of delivery of SI3b is as shown in the schematic diagram of FIG. Note that the TS is 18 as described above.
It has a packet structure of 8 bytes, and if a dummy of 16 bytes is added, the clock will be 204 bytes (0 to 20
3) is one cycle. In FIG. 4, (a) is a synchronization signal,
(B) is a clock, (c) is a data key, (d) is a timing DKENBN that refers to a data key, (e) is a timing SYENBN that refers to a system key, and (f) is a timing that refers to a register initial value. It shows RVENBN. FIG. 4
The data key is written at the timing shown by (c).

As shown, for example, in FIG.
In the period of 4 clocks from 5 clocks to 8 clocks shown in FIG.
4), the DKENBN is output within this period (FIG. 4 (d)) to write the data key in the decryption LSI 3b (FIG. 4 (c)). Also, for example, 178 clocks to 1
Encryption LSI 2b in a period of 16 clocks of 93 clocks
Outputs the SYENBN within this period with reference to the system key (16 bits × 16) (FIG. 4 (e)), thereby writing the system key in the decryption LSI 3b (FIG. 4 (c)). Further, for example, the encryption LSI 2b receives the register initial value (1
6 bits × 4), RVENBN is output within this period to write the register initial value to the decoding LSI 3b (FIG. 4 (c)).

The flow of processing of the entire encryption device 1 will be described below.
A description will be given according to the timing charts shown in FIGS. 5A is a plaintext input signal as a plaintext input signal and its synchronization signal, FIG. 5B is a ciphertext output signal as a ciphertext output signal and its synchronization signal, and FIG. 5C is a delayed comparator decryption input signal. 5 (d) shows the plaintext data and its synchronization signal as the comparator plaintext input, and FIG. 5 (e) shows the non-coincidence signal between the plaintext data and the decrypted text data as an example of the comparator output signal. ing.

The plaintext data shown in FIG.
By being encrypted in the encryption unit 2,
As shown in (b), the ciphertext data is output with a delay according to the processing time, so that the ciphertext data is output with a delay amount D _{1 with} respect to the plaintext data. FIG.
The ciphertext data shown in (b) is output from the output terminal t2 as it is, or is decrypted by the decryption unit 3. The ciphertext data input to the decryption unit 3 is delayed according to the decryption processing time and is output.
As shown in (c), the decrypted text data is output after a delay amount D _{2 with} respect to the ciphertext data.

Therefore, as shown in FIG. 5D, the plaintext data input to the comparator 5 is the delay amount D ₃ which is the sum of the delay amount D ₁ and the delay amount D ₂ by the delay unit 3. Will be delayed. As a result, the phases of the plaintext data and the decrypted text data are synchronized with each other, and when the encryption device 1 is operating normally, the data will always match.
Further, for example, when a problem occurs in the encryption process and the comparison result is inconsistent, the incompatibility signal is output from the comparator 5 as shown in FIG. 5E, for example.
FIG. 5E shows an example in which the plaintext data of the Nth cycle and the decoded text data do not match, for example.
If a mismatch is detected at, the mismatch signal rises and is supplied to the control unit 6 in a latched state thereafter. For example, even if TS of N + 1 or later is input, no processing is performed, or the encryption processing is transferred to the spare device. Such control is performed.

As described above, the present embodiment exemplifies an encryption device for generating 64-bit ciphertext data from 64-bit plaintext data by using a 64-bit data key and a 256-bit system key. Although described, the present invention is not limited to these numerical values. Further, the encryption method is not limited to the method of repeating transposition and substitution. Furthermore, the transmission data format, the types of various controls, the timing of data processing, etc. are also examples, and the present invention is not limited to the examples given in the above embodiments.

[0043]

As described above, when the present invention is applied to the transmitting side of a broadcasting system, for example, when a defect occurs in the encryption processing of the encryption device, this defect can be detected. . As a result, for example, it is possible to prevent the transfer of data that is damaged due to a defect, and it becomes possible to transfer the encryption process to a standby device or the like and continue by detecting the defect. Will be able to improve the stability of. Therefore, it becomes possible to prevent a state in which the data received on the receiving side of the broadcasting system remains undecipherable.

[Brief description of drawings]

FIG. 1 is a block diagram showing an outline of an embodiment of the present invention.

FIG. 2 is a block diagram showing in detail one configuration example of the encryption device of the embodiment.

FIG. 3 is a block diagram showing in detail an example configuration of an encryption device according to another embodiment.

FIG. 4 is a block diagram showing a decryption LSI according to another embodiment.
FIG. 7 is a diagram showing the timing of passing each key and the initial value of a register to and from.

FIG. 5 is a diagram illustrating an overall processing flow of the encryption device according to the embodiment.

FIG. 6 is a diagram showing a conventional encryption algorithm.

FIG. 7 is a diagram showing a conventional decryption algorithm.

FIG. 8 is a diagram showing a configuration of an encryption use mode of a CBC mode and an OFB mode.

FIG. 9 is a diagram showing a configuration of a conventional encryption / decryption method.

[Explanation of symbols]

1 encryption device, 2 encryption unit, 2a, 3a key table, 2b encryption LSI, 3 decryption unit, 3b decryption LSI, 4 delay unit, 5 comparator, 6 control unit

Claims (3)

[Claims] 1. An encryption device for inputting plaintext data and outputting the ciphertext data by performing an encryption process of a predetermined encryption algorithm, wherein the encryption means encrypts the plaintext data and outputs the ciphertext data. A decryption means for performing decryption processing of a predetermined decryption algorithm on the ciphertext data output from the encryption means to output decrypted text data, and the decryption means according to the processing time of the encryption means and the decryption means. A delay unit for delaying and outputting plaintext data; and a comparing unit for comparing the plaintext data output from the delay unit with the decrypted text data decrypted and output by the decryption unit. An encryption device characterized in that. 2. The encryption apparatus according to claim 1, wherein the comparison signal output from the comparison means is supplied to the control means. 3. An encryption method for inputting plaintext data, performing encryption processing of a predetermined encryption algorithm to generate ciphertext data, wherein the plaintext data is encrypted to generate ciphertext data, and the ciphertext data is generated. Decipher the text data with a predetermined deciphering algorithm to generate deciphered text data, compare the plaintext data and the deciphered text data delayed according to the processing time of the encryption and decryption, and depending on the result An encryption method characterized by being adapted to control encryption processing.