KR100406724B1 - A multiplicative inverse operator for modulo n and data encryption apparatus including the same operator - Google Patents

Abstract

The present invention is modular An inverse operator for multiplying by three modular multipliers with n-bit binary data A as the first input, each connected in series to perform a square of the input value A first group of modular multipliers for outputting the remainder divided by; Multiplies the output of the first multiplier among the A and the first group of modular multipliers and then modulates it A first modular multiplier for outputting the remainder divided by; Multiply the output of the first modular multiplier by the output of the second multiplier of the first group of modular multipliers, and then A second modular multiplier for outputting the remainder divided by; Multiply the final output of the first group of modular multipliers by the output of the second modular multiplier A third modular multiplier for outputting the remainder divided by; Four modular multipliers with the output of the third modular multiplier as the first input are connected in series to perform squares of the input values, respectively. A second group of modular multipliers for outputting the remainder divided by; Four modular multipliers that take the final outputs of the second group of modular multipliers as inputs are connected in series to perform squares of the input values, respectively, and then modular A third group of modular multipliers for outputting the remainder divided by; Four modular multipliers that take the final output of the third group of modular multipliers as inputs are connected in series to perform squares of the input values, respectively. A fourth group of modular multipliers for outputting the remainder divided by; After multiplying the output of the third modular multiplier and the final output of the second group of modular multipliers, it is modular. A fourth modular multiplier for outputting the remainder divided by; Modular multipliers of Groups 3 and 4 multiply the final output and then modular A fifth modular multiplier for outputting a remainder divided by; Multiply the outputs of the fourth and fifth modular multipliers and then modularize them Divide the remainder by And a sixth modular multiplier for outputting the inverse of the multiplication.

Description

A MULTIPLICATIVE INVERSE OPERATOR FOR MODULO N AND DATA ENCRYPTION APPARATUS INCLUDING THE SAME OPERATOR}

TECHNICAL FIELD The present invention relates to a data encryption system, and in particular, a modular that requires the largest amount of computation in the International Data Encryption Algorithm (IDEA). And a data encryption device comprising the inverse operator of the multiplication.

The information age is coming due to the rapid development of information and communication technology and the rapid growth of the Internet based on the web. This means that in the future, information will be recognized as the value of the goods and become an important factor in the economic economy. In other words, in the 21st century, information will be recognized as the most important factor for the state, corporation and individual. Recently, however, there have been frequent reports of information dysfunctions such as illegal use and duplication of information by unauthorized intruders, leakage and alteration and damage of important information of corporations, illegal invasion of communication networks, and distribution of viruses. In fact, the damages are also serious. In order to solve these dysfunctions, many researches have been conducted on information security and are currently in progress. It protects important data of corporations and individuals from unauthorized intruders and prevents illegal eavesdropping or alteration of contents transmitted through computer communication network. Cryptography technology is emerging to do this. Cryptography is a technique that makes information available only to authorized persons and does not expose any information to unauthorized persons.

An encryption algorithm is used for the encryption technique, which consists of an encryption process for converting a plain text into a cipher text and a decryption process for converting a cipher text into plain text. Encryption methods are largely classified into symmetric encryption methods having the same encryption / decryption key and asymmetric encryption methods having different encryption / decryption keys according to the type of key. On the other hand, symmetric cryptography is fast, but lacks authentication, while asymmetric cryptography is authentic but slow. Symmetric cryptographic algorithms include Data Encryption Standard (DES), International Data Encryption Algorithm (IDEA), and asymmetric cryptographic methods include Rist-Shamir-Adleman (RSA) and Elliptic Curve Cryptosystem (ECC).

DES was proposed by IBM's Water Tuchman and Carl Meyer for the safe transfer and storage of information, standardized in January 1977, and is still widely used. However, because the internal structure consists of substitutions and transpositions, a new cryptographic algorithm is required due to the potential vulnerability to brute-force attacks. Since 1990 several symmetric cryptographic algorithms have been proposed to replace DES. Among them, IDEA, which was proposed by Xuejia Lai and James Massey and increases the cryptographic strength by using three operations with different algebraic structures, is considered to be the safest, and is actually used for e-mail security programs.

In the past, cryptographic algorithms were implemented by software. However, the software method running on a specific processor has a relatively long time required for encrypting / decrypting a complex encryption algorithm, and thus, a processing speed is slowed. Since the actual encryption algorithm is additionally necessary for computer systems or communication systems, slower processing speeds may result in system delays.

Therefore, high speed encryption must be solved for high speed computing or high speed communication. In other words, it is necessary to improve the processing speed by making the existing cryptographic algorithm, which has been implemented by software method, into a dedicated chip. The most important problem is to design the operator so that the inverse operation of the multiplication for can be performed at high speed.

Therefore, an object of the present invention is a modular operation that is the highest computational amount in IDEA An inverse inverter capable of performing inverse computation of multiplication for a fast and a data encryption apparatus including the same.

It is still another object of the present invention to provide a one-chip data encryption apparatus capable of processing an existing encryption algorithm at high speed and consequently improving the performance of an information security system.

Still another object of the present invention is to provide a data encryption device capable of interworking with a main processor for high speed computing or high speed communication.

1 is an exemplary multiplication / addition structure for explaining a theoretical background of an IDEA encryption algorithm.

2 is a complete IDEA block diagram.

3 is a repeating structure diagram of IDEA.

4 is an output conversion structure diagram of IDEA.

5 illustrates an example of generating IDEA subkeys.

6 is an exemplary diagram for explaining encryption and decryption of IDEA.

7 is an exemplary view of the entire specification of a data encryption device according to a preferred embodiment of the present invention.

8 is a detailed configuration diagram of a data encryption device according to a preferred embodiment of the present invention.

9 is modular in accordance with a preferred embodiment of the present invention. Inverse operator schematic for multiplication.

According to an aspect of the present invention for achieving the above object, the modular of the present invention The inverse operator of multiplication for;

Three modular multipliers with n-bit binary data A as the first input are connected in series to perform squares of the input values A first group of modular multipliers for outputting the remainder divided by;

multiplies the output of the first multiplier of the first group of modular multipliers by the n-bit binary data A and then modulates the output; A first modular multiplier for outputting the remainder divided by;

Multiplying the output of the first modular multiplier by the output of the second multiplier of the first group of modular multipliers, and A second modular multiplier for outputting the remainder divided by;

Multiplying the final output of the first group of modular multipliers and the output of the second modular multiplier by the modular A third modular multiplier for outputting the remainder divided by;

Four modular multipliers having the output of the third modular multiplier as the first input are connected in series to perform squares of input values, respectively, and then the modular multipliers are respectively used. A second group of modular multipliers for outputting the remainder divided by;

Four modular multipliers having the final outputs of the second group of modular multipliers as inputs are connected in series to perform squares of input values, respectively, and then the modular multipliers are respectively used. A third group of modular multipliers for outputting the remainder divided by;

Four modular multipliers that take the final output of the third group of modular multipliers as inputs are connected in series to perform squares of input values, respectively, and then the modular multipliers A fourth group of modular multipliers for outputting the remainder divided by;

Multiplying the output of the third modular multiplier by the final output of the second group of modular multipliers and then modulating the modular output; A fourth modular multiplier for outputting the remainder divided by;

Multiply the final output of the modular multipliers of the third and fourth groups and then multiply the modular output; A fifth modular multiplier for outputting a remainder divided by;

Multiply the outputs of the fourth and fifth modular multipliers and then multiply them; Divide the remainder by And a sixth modular multiplier for outputting the inverse of the multiplication.

In addition, the data encryption apparatus according to an aspect of the present invention;

a data input unit for receiving n-bit plain text in m-bit units;

a key input unit configured to receive a k-bit key bit by m-bit unit;

A control unit for generating and outputting a control signal necessary for generating a subkey required for each round from the k-bit key bit and a control signal for converting n-bit plain text into a cipher text;

An encryption processing unit for selecting one of n-bit plain text output from the data input unit and an output value of each round, and encrypting the encrypted text using an l-bit subkey to output the encrypted text;

Modular according to claim 1 A subkey generator for generating a subkey necessary for each round from k-bit key data output from the key input unit, the subkey generator including at least a multiplication inverse operator

And a data output unit for outputting an encrypted text which is output data of the encryption processing unit.

Hereinafter, the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily understand and reproduce.

Before describing the configuration and operation of the present invention, a theoretical background of the IDEA encryption algorithm will be described.

First, IDEA is a block cipher that uses a 128-bit key to encrypt data in a 64-bit block. The following characteristics of IDEA relate to cryptographic strength.

→ block length:

The block length should be long enough to prevent statistical analysis, to prevent such an advantage that some blocks appear more frequently than others. On the other hand, the complexity of implementing efficient cryptographic functions is known to increase block size by power. In general, using a block size of 64 bits is considered powerful enough.

→ length of key:

The key should be long enough to effectively prevent massive key retrieval. If it is 128 bits long, IDEA is considered safe in the future.

→ Confusion:

Ciphertext must rely on plaintext and keys in complex and difficult ways. The purpose of chaos is to complicate decisions about how the statistical properties of ciphertext depend on the statistical properties of plaintext. IDEA provides three different operations (described below). ) To achieve this purpose. This is in contrast to the DES approach, which basically relies on XOR operations and small nonlinear Sboxes.

→ Diffusion:

Each plaintext bit must affect all ciphertext bits, and each key bit must affect all ciphertext bits. The spread of one plaintext bit into multiple ciphertext bits hides the statistical structure of the plaintext. IDEA is very efficient in this respect.

In IDEA, chaos can be achieved by mixing three different operations. Each operation is performed to produce one 16-bit result from two 16-bit inputs. The operation is as follows.

→ XOR bit by bit, Represented by

→ integer modularity for inputs and outputs treated as 16-bit unsigned integers (mod 65536) Addition, this operation is represented by ▣.

→ integer modularity for inputs and outputs treated as unsigned 16-bit integers multiplication of (mod 65537), except when the block bits are all '0' Represented by This operation Represented by

For example, 0000000000000000 1000000000000000 = 1000000000000001 because Because it is. Table 1 (functions used in IDEA) is an example of two bits rather than using 16 bits, and shows the result values of three operation operations.

X Y X▣ Y X Y X Y 0 00 0 00 0 00 1 01 0 00 0 00 1 01 1 01 0 00 1 01 0 00 2 10 2 10 3 11 2 10 0 00 3 11 3 11 2 10 3 11 1 01 0 00 1 01 0 00 1 01 1 01 1 01 2 10 1 01 0 00 1 01 2 10 3 11 2 10 3 11 1 01 3 11 0 00 3 11 2 10 2 10 0 00 2 10 3 11 2 10 2 10 1 01 3 11 2 10 3 11 2 10 2 10 0 00 0 00 0 00 2 10 3 11 1 01 1 01 1 01 3 11 0 00 3 11 2 10 3 11 3 11 1 01 0 00 3 11 2 10 3 11 2 10 1 01 0 00 1 01 3 11 3 11 2 10 0 00 0 00

And the combination law and the distribution law do not hold in the combination of these three operations.

The use of these three separate operations in combination provides for complex conversion of input. It's the only way to make decryption more difficult than using an algorithm like DES that only relies on XOR functions.

Spread in IDEA is provided by the basic building blocks of an algorithm known as a multiply / add (MA) structure, as shown in FIG. This structure takes as input, a 16-bit value inferred from plain text and two 6-bit subkeys inferred from a key, and provides two 16-bit result values. Extensive computer inspection determines whether each result of the first round depends on every bit of the subkey and every bit of input derived from plaintext. This particular structure is repeated eight times in the algorithm because it provides very efficient spreading. The structure also uses the minimum number of operations (number 4) required to achieve full spreading. [Lai, X., and Messay, J. "A Proposal for a New Block Encryption Standard." Proceedings, EUROCRYPT '90, 1990; published by Springer-Verlag.]

On the other hand, in order to implement IDEA cryptographic algorithm in hardware, there must be similarity between encryption and decryption, and it must have regular structure. Encryption and decryption should differ only in the way that keys are used. That is, the same device must be able to be used for both encryption and decryption. IDEA has a structure that meets this requirement. And the cipher must have a regular module structure to facilitate VLSI implementation. This is because IDEA consists of two basic module building blocks that repeat over time.

Hereinafter, IDEA encryption will be described. First, an entire block diagram of a general IDEA is shown in FIG. 2. As with other encryption methods, the encryption function has two inputs (plain and key) that you want to encrypt. In this case the plain text is 64 bits and the key is 128 bits. 2, the IDEA cryptographic algorithm consists of eight rounds or iterations to the last transform function. The algorithm takes four 16-bit subblocks as inputs and generates four 16-bit result blocks. The final transform also produces four 16-bit blocks, which in turn are concatenated to form a 64-bit ciphertext. Each iteration uses six 16-bit subkeys for a total of 52 subkeys, while the final transformation uses four subkeys. The part shown on the right in FIG. 2 shows that all of these 52 subkeys are generated from the initial 128-bit key.

FIG. 3 illustrates a repetition structure of IDEA, and is illustrated to explain in more detail the algorithm for repetition illustrated in FIG. 2. 3 shows the first iteration in FIG. 2. The resulting iterations have the same structure, but the subkeys and inputs derived from the plain text are different. Iteration begins with a transformation that combines four input subblocks with four subkeys using addition and multiplication operations. The transformation is concentrated within the rectangle indicated by reference number 10. In this transformation four output blocks are used in combination with the XOR operation to form two 16-bit blocks input to the MA structure 20, which is shown in the rectangle indicated by reference numeral 10. The MA structure 20 also accepts two subkeys as inputs and combines these inputs to produce two 16-bit outputs.

Finally, the four output blocks from the higher transform are combined with the two output blocks of the MA structure 20 using the XOR operation to produce four output blocks for this iteration. Second and third inputs ( Wow The two results partially formed by) are the second and third ( Wow Note that they are interchanged with each other for output. This increases the mixing of bits to be processed and makes the algorithm well tolerant of differential decryption.

FIG. 4 shows the output conversion structure of IDEA shown in FIG. 2 and has the same structure as reference numeral 10 shown in the repetition structure of IDEA shown in FIG. 3, the difference being that the second and third inputs are the computing devices. Is exchanged before it is entered and processed. In effect, this is the result of no exchange at the end of the eighth iteration. The reason for this additional exchange is that the decryption has a structure like encryption. Also, compared to the six subkey inputs for each of the first eight stages, this ninth stage requires only four inputs.

Subsequently, subkey generation will be described in detail. First, as shown in FIG. 2, 52 16-bit subkeys are generated from a 128-bit encryption key. The generation method is as follows.

The first eight subkeys labeled with Equal to the most significant 16 bits of, Then corresponds to the 16 bits and so on in order to accept directly from the key. Then apply it to the key with a 25-bit cyclic left shift to get the next eight subkeys. This procedure is repeated until all 52 subkeys have been extracted. 5 shows bit designations for all subkeys corresponding to the initial key. This approach provides an efficient technique for diversifying the key bits used for the subkey in eight iterations. Note that the first subkey used in each round uses a different set of bits in the key. If the key as a whole is labeled Z [1, ..., 128], the first key of the eight iterations has the following bit designation:

= Z [1 .... 16]

= Z [97 ..... 112]

= Z [90 .... 105]

= Z [83 ..... 98]

= Z [76 ..... 91]

= Z [44 ..... 59]

= Z [37 ..... 52]

= Z [30 ..... 45]

Also, the 96 subkey bits used for repetition are not contiguous except for the first and eighth repetitions, so there is even no simple shifting relationship between one round of subkeys and another round of subkeys. This happens because six subkeys are used in each iteration, while eight subkeys are extracted with the key and each rotation.

Hereinafter, IDEA decoding will be described.

First, decryption processing is essentially the same operation as encryption processing. Decryption is obtained by using a cipher text as input with an IDEA structure as shown in FIG. However, the choice of subkeys is different. Decryption subkey Is inferred from the cryptographic subkey under the following conditions:

In decryption iteration i the first four subkeys are derived from the first four subkeys in cipher iteration (10-i). The conversion step is counted as iteration nine. The first and fourth decryption subkeys are modular corresponding to the first and fourth cryptographic subkeys. Equivalent to the inverse of multiplication at. For iterations 2 through 8, the second and third decryption subkeys are modular corresponding to the third and second cryptographic subkeys. Equivalent to the inverse of Esau's addition. For iterations 1 and 9, the second and third decryption subkeys are modular in the second and third cryptographic subkeys. Same as addition in.

For the first eight iterations, the last two subkeys of decryption iteration i are the same as the two last subkeys of cipher iteration (9-i). Table 2 below summarizes this relationship.

Encryption (Z) and Decryption (U) condition selection Same value Repeat 1 Repeat 2 Repeat 3 Repeat 4 Repeat 5 Repeat 6 Repeat 7 Repeat 8 conversion

Inverse of multiplication symbol Represented by In such a case to be. because Since is a prime number, each nonzero integer Silver modular Has the inverse of the only multiplication. Modular Inverse of addition symbol Represented by In such a case ▣ = 0.

Referring to FIG. 6, which shows the encryption and decryption process of IDEA to confirm that the same algorithm with the decryption subkey produces the correct result, it can be seen that encryption is performed downwards on the left side of FIG. You can see the work going up from the right side up. Each of eight iterations is broken down into two sub-steps: sub-coding and transforming. The converting sub-step corresponds to the rectangle of reference numeral 10 shown in Fig. 3, and the sub-encrypting step represents the rest of the iterative processing.

From the perspective of the encryption process for the box at the bottom of Table 2, the relationships maintain the following output transformations.

The first substep of the first iteration in the decoding process has the following relationship.

Therefore, if you replace:

Therefore, the result of the first substep of the decryption process is the same as the last step in encryption, except for the exchange of the second and third blocks.

Consider the following relationship that can be derived from FIG.

Where we have inputs X and Y Is the right output of the MA structure of FIG. 1 and has inputs X and Y Is the left output of the MA structure. therefore Is as below to be.

In a similar way Is

The output of the second substep of the decryption process is the same as the input of the next to the last substep of the encryption operation except for the exchange of the second and third blocks. Using the same derivation process, this relationship can be seen to hold at each corresponding point in FIG. 6 until the following equation is obtained.

Finally, since the output conversion of the decryption process is the same as the first sub-step of the encryption process except that the second and third blocks are exchanged, it has the output of the entire encryption process as the input of the encryption process.

Hereinafter, a data encryption apparatus designed based on the theoretical background of the IDEA encryption algorithm described above will be described.

First, an IDEA-based data encryption apparatus according to an embodiment of the present invention is divided into four subblocks, namely, an encryption / decryption processing unit, a subkey generation unit, a control unit, and an input / output unit, in a top-down manner. Can be designed. The encryption / decryption processing unit converts the 64-bit plain text into a meaningless cipher text with a 96-bit subkey. The subkey generator expands the 128-bit key bit to generate 96 bits of the subkey required in each round, and the controller controls the input / output and encryption / decryption processing unit and the subkey generator of data (plain text and keys). Function to control. The input unit receives data (plain text, key) in 16-bit units, and the output unit is used to output 64-bit cipher text or plain text.

There are two reasons for designing the input in units of 16 bits. The first is to perform chip test efficiently using 16-bit microcontroller when chip test after chip manufacturing. The second is to visualize the encryption and decryption process when sending and receiving data on the PC.

7 is a view showing the overall specifications of the data encryption apparatus according to an embodiment of the present invention, Table 3 shows a function table for the input and output ports. Such a data encryption device may be used in conjunction with a main processor (not shown) embedded in a digital system for information security.

Signal Signal direction Description Plain_text (15: 0) Input Plain text Plain_address (3: 0) Input Plain text input address Key (15: 0) Input key Key_address (7: 0) Input Key input address Reset Input Reset signal Clock Input Clock signal Start Input Encrypt / Decrypt Start Signal Mode Input Encryption / Decoding Select Signal Crypto_text (63: 0) Output Cancer / Decryption Text Output Finish Output Encryption / decryption end signal

In order to receive 64-bit plain text and 128-bit key divided into 16 bits, it is necessary to define an address input port for data. For example, when a 64-bit plain text is input in 16-bit units, first, if plain_address is "00", the input 16-bit plain text represents 0 to 16th plain text input, and if plain_address is "01", 17 Represents plain text input from the 31st bit to, and if plain_address is "10", the input 16-bit plain text represents the 32 to 47th plain text input, and if plain_address is "11", the plain text input to 48th to 63rd bits Indicates. The mode is an input port to select encryption and decryption, and finish is an output port indicating the end of encryption.

FIG. 8 illustrates a detailed configuration diagram of the data encryption device shown in FIG. 7, wherein the data encryption device includes a data input unit 30, a key input unit 40, an output block 50, an output block, and a controller. 60, the encryption and decryption processing unit 70, and the subkey generation unit 80.

First, the data input unit 30, which is an input block, is a buffer for receiving 64-bit plain text or crypto text in 16-bit units, and inputs plain text or encrypted text in 16-bit units from a main processor in a digital information security system. This is stored by the control signal output from the control logic circuit 66.

The key input unit 40, which is another input block, is a buffer for receiving input by dividing a 128-bit key bit into 16-bit units, which is also controlled by the control logic circuit 66.

The output register 50, which is an output block, is a functional block that outputs a 64-bit ciphertext or plaintext, and stores the final output of the encryption and decryption processing unit 70.

On the other hand, the control block 60, which is a control block, generates control signals necessary for the encryption and decryption processing unit 70 and the sub key generation unit 80 such that the IDEA encryption / decryption execution time is minimized. In more detail, the control unit 60 converts a control signal for generating a subkey necessary for each round from a 128-bit key bit, and converts a 64-bit plain text (or cipher text) into a cipher text (or plain text). Generate the necessary control signal. The control unit 60 is composed of a counter 62, a decoder 64 and a control logic circuit 66. The counter 62 counts a system clock and outputs a timing value of 5-bit data. The decoder 64 decodes the counted timing value and generates and outputs a 29-bit timing signal necessary for controlling each part of the data encryption apparatus. In response to the input of the timing signal, the control logic circuit 66 generates a control signal necessary for the operation of the encryption and decryption processing unit 70 and the subkey generation unit 80. The controller 60 is designed at the microoperation level so that a signal for controlling the operation of the encryption and decryption algorithm is generated according to the clock input. Table 4 below shows microoperation levels to be performed according to timing.

Clock Microoperation Level t1 Shift register ← Key memory ← Shift register t2 Shift register Left circular execution memory ← Shift register t3 Register ← Round (Memory, Message) Shift Register Left Circular Execution Memory ← Shift Register t4

In general, the encryption and decryption processing portion of the block cipher algorithm is composed of several rounds that perform the same operation. When designing the encryption and decryption processing parts in hardware, there are two round-type implementations in which the entire round is connected in series, and a single-round implementation in which a single round is repeatedly executed several times. In the present invention, a single round processor 74 implements the encryption and decryption processing part of IDEA consisting of eight round operations, and adopts a single round iterative design scheme to perform eight iterations. This method has the advantage of reducing the size of the circuit than the all-round implementation.

Meanwhile, in order to design the IDEA in a single round method, a multiplexer 72, a single round process 74, a register 76, and an output converter 78 are required as shown in FIG. The register 76 is needed to store the result of every round and the data length is 64 bits. The multiplexer 72 is required to select the 64-bit plain text or ciphertext Crypto_text output from the data input unit 32 and the output value of each round. The 64-bit plain text or crypto text and the selection signal Select for selecting the output value of each round are output from the control logic circuit 66 of the controller 60.

The single round process 74 and the output converter 78 are composed of three operations that are algebraically different. The single round process 34 consists of six 16-bit to bit XOR operations, four modular Addition to, four modular It is defined as a multiplication for. And the output converter 78 is two modular Addition to, 2 modular It is defined as a multiplication for.

① XOR operation bit to bit

Integer integers for inputs and outputs treated as 16-bit unsigned integers ( operation of mod) (mod 65536)

(3) integer modularity for inputs and outputs treated as unsigned 16-bit integers. multiplication operation of (mod 65537), except when the block bits are all '0' ( ).

① and ② operations are commonly used operations, while ③ operations are special operations used in cryptography such as residue number system, signal processing, and IDEA. ① and ② are easy to design because the library can be used in hardware design, but ③ multiplies two 16-bit input data and returns the result ( It's hard to calculate by hand, and it's not supported by the library. Therefore, the performance of the circuit depends a lot on how the hardware is designed. In the present invention, a hardware design is performed using a low-high algorithm that is considered to be the best among the existing studies. The low-high algorithm for is shown below.

1.D = X × Y

D.lower = D (15 down to 0)

D.higher = D (31 down to 16)

2.If (D.lower≥D.higher) then

Z = D.lower-D.higher

else

Z = D.higher-D.lower +

On the other hand, the subkey generation unit 80 generates the necessary subkey every round from the 128-bit key data. The subkey generation method is shown in Table 2 above. In other words, the encryption subkeys are generated first by sequentially matching 128-bit encryption keys, and the next encryption key may be generated by 25-bit cyclic shift to the left of the current encryption key. And the decryption subkey is modular to the key generated by the encryption subkey generation rule. Inverse and Modular for Additions Generate by applying the inverse of the multiplication to. In order to implement the subkey generator 80 in hardware, a shift register 82, an inverse module 86, a memory 84, and a multiplexer 88 are required.

The shift register 82 receives and stores the 128-bit key data output from the key input unit 40, and shifts the 128-bit key received according to the shift instruction Sh25_sh2 input from the control logic circuit 25 to the left. Bit cyclic shift. The memory 84 is required to store the subkeys required for each round of the encryption and decryption processing unit 70. The write address Waddress, read address Raddress, memory write control signal W, and memory read control signal R applied to the memory 84 are output from the control logic circuit 66 of the controller 60. . The multiplexer 88 selects and outputs whether the subkey to be output is an encryption key or a decryption key. In this case, the multiplexer 88 outputs one subkey according to the selection signal Sel_mux2 output from the control logic circuit 66.

Meanwhile, the inverse module 86 is modular Inverse operator and modular in addition to It consists of an inverse operator of multiplication for. For reference, the inverse signal applied to the inverse module 86 divides 96 bits of data into 16 bits and modulates each of them. Inverse Arithmetic and Modularity of Multiplication for A signal that controls generation to the inverse of the addition to the signal, which is also output from the control logic circuit. This inverse module 86 includes: a;

① ▣ = 0; Input And modular When you perform an addition operation on a, the remainder is zero. To obtain.

② ⊙ = 1; Input And modular Multiplication operation on results in a remainder of 1. To save.

① is easy to design by using design library, but ② is the most complicated operation in IDEA. Therefore, design is required to operate with high performance because it greatly affects the area and operating speed of the actual chip.

The operations used in the encryption and decryption processing part and subkey generation part in IDEA are as follows and are shown in the order of complexity.

Modular ( Inverse Arithmetic of Multiplication for Multiply » Multiplication Operations for) »Modular ( Inverse Arithmetic of Additions to '' Modular ( Addition operation for bits »bitwise bitwise XOR operation

In the present invention, the highest complexity in IDEA ( The inverse operation of the multiplication for) is designed to the optimal hardware structure using Fermat's predetermined equation.

First, the extended Euclidean algorithm, which is the inverse design method of multiplication for the modular p, is explained. to be. That is, if gcd (d, f) = 1 (the greatest common divisor of d and f is 1), d has a multiplication inverse for modular f. This is for positive integer d <f like mod f <F is present. In summary, the extended Euclidean algorithm finds the multiplication inverse of d if gcd (d, f) = 1 in the Euclidean algorithm, which is known for determining the greatest common divisor. The extended Euclidean algorithm is shown below. Where Y [1] is Where X [1] is equal to 0 When set to input data between), the Euclidean algorithm repeats until the greatest common divisor of X [1] and Y [1] is 1. Modularity of X [1] To find the inverse of the multiplication for Must be calculated. Finally obtained Modular ( ) Is the inverse of the product of X [1].

Where Y [1] = , X [1]: 0 to Any number,

Modularity of: X [1] Inverse for multiplication for

Y [i] = Y [i-1]% X [i-1], = Y [i] / X [i], ;

X [i] = X [i-1]% Y [i], = X [i-1] / Y [i],

In order to compare the above-described extended Euclidean algorithm and the scheme proposed by the present invention, the same calculation amount of multiplication, division, and surplus operations used in the Euclidean algorithm is evaluated. Since the extended Euclidean algorithm performs two iterations, two divisions, and two multiplications nine times, it can be said that a total of 52 multiplication circuits are required.

In the present invention, by applying the Fermat predetermined formula of the number theory Find the inverse of the multiplication for. First, we will look at the Fermat number and the Perma prime number.The following integer is called Fermat number.

Especially When this prime is called, it is called Fermat prime. What is currently known to be a minority among the Fermat numbers;

Etc.

Is the largest known number of Ferma numbers, Due to the complexity of the calculation, the related operations are used in the surplus number system field, signal processing field, and cryptography field.

In the present invention ( In view of the fact that The inverse of the multiplication for is found to be the optimal hardware structure.

In more detail, first by Ferma's predetermined logic, Is established and can be converted as follows.

Thus obtained Is mod ( A for) You can see that it is the result of multiplying times.

Meanwhile Is converted to

ego, Is, Because of

Since A B mod N = A mod N B mod N, Finally, the following is summarized.

Finally 9 may be represented by the input and output latch circuits 90 and 120 and a plurality of modular multipliers. The input latch circuit 90 receives and stores 16-bit binary numbers, and each modular multiplier squares the input 16-bit binary number and outputs the result. In other words Outputs the rest of the values divided by. The output latch circuit 120 temporarily stores data to be output.

Modular shown in Figure 9 below In more detail, the inverse operator behavior of multiplication with respect to

First, when a 16-bit binary number A is input to the input latch circuit 90, the modular multiplier 100 that takes the output value of the input latch circuit 90 as an input. After performing ( Divide by) and print the rest. And The modular multiplier 101 that takes an output value of After Divide by and print the rest. Meanwhile The modular multiplier 102 which inputs the output value of and the output value of the input latch circuit 90 After Output the remainder divided by. In this case, the modular multipliers 101 and 102 operate in parallel in parallel. And The modular multiplier 103 that takes an output value of After performing Output the remainder divided by And the output of The modular multiplier 104 that takes an output value of After performing Output the remainder divided by. This is also parallel in parallel.

Meanwhile And the output of The modular multiplier 105 for inputting the output value of After performing Output the remainder divided by The modular multiplier 106 that takes the output value of After performing Output the remainder divided by. The modular multiplier 107 that takes an output value of After performing Output the remainder divided by Modular multiplier 108 that takes the output value of After performing Output the remainder divided by. And the output of The modular multiplier 109 that takes an output value of After Output the remainder divided by. And And the output of Modular multiplier 110 that takes the output value of After performing Output the remainder divided by. Also And the output of The modular multiplier 111 that takes an output value of After performing Outputting the remainder divided by, the output latch circuit 120 After performing The remainder divided by.

Modular as described above In the inverse operator of the multiplication for, the number of multipliers is 21, and the number of multiplier trees is 18. This represents 9 fewer multipliers (ie, fewer multiplications) than when the Fermat predetermined theory is applied theoretically.

Therefore, the present invention is a modular operation that is the highest computational amount in IDEA By implementing the inverse operation of the multiplication with the inverse operator of the configuration described above, it is possible to perform the inverse operation faster than the conventional research by H. Bonnenberg.

In addition, the most demanding modularity in IDEA Since the inverse of the multiplication for the high speed operation, as a result, the encryption processing speed of the data encryption apparatus is also increased, and the data processing performance of the computing system including the data encryption apparatus can be improved.

As described above, the present invention is the modular, which is the most complex and difficult to calculate in IDEA by applying Ferma's predetermined logic. By designing a hardware structure to efficiently perform inverse operations of multiplication on In addition to the inverse operation of the multiplication for, there is an advantage that the data encryption process can be performed at high speed.

In addition, the present invention is modular In addition to implementing a data encryption device including an inverse operator of multiplication for a one-chip IC, and redefining the input interface to receive data in units of 16 bits, it can be linked with a PC or a microcontroller.

Claims (7)

delete Modular In the inverse operator of multiplication for, a latch circuit for storing n-bit binary data A; Three modular multipliers having n-bit binary data A output from the latch circuit as inputs are connected in series to perform squares of input values, respectively, and then the modular A first group of modular multipliers for outputting the remainder divided by; multiplies the output of the first multiplier of the first group of modular multipliers by the n-bit binary data A and then modulates the output; A first modular multiplier for outputting the remainder divided by; Multiplying the output of the first modular multiplier by the output of the second multiplier of the first group of modular multipliers, and A second modular multiplier for outputting the remainder divided by; Multiplying the final output of the first group of modular multipliers and the output of the second modular multiplier by the modular A third modular multiplier for outputting the remainder divided by; Four modular multipliers having the output of the third modular multiplier as the first input are connected in series to perform squares of input values, respectively, and then the modular multipliers are respectively used. A second group of modular multipliers for outputting the remainder divided by; Four modular multipliers having the final outputs of the second group of modular multipliers as inputs are connected in series to perform squares of input values, respectively, and then the modular multipliers are respectively used. A third group of modular multipliers for outputting the remainder divided by; Four modular multipliers that take the final output of the third group of modular multipliers as inputs are connected in series to perform squares of input values, respectively, and then the modular multipliers A fourth group of modular multipliers for outputting the remainder divided by; Multiplying the output of the third modular multiplier by the final output of the second group of modular multipliers and then modulating the modular output; A fourth modular multiplier for outputting the remainder divided by; Multiply the final output of the modular multipliers of the third and fourth groups and then multiply the modular output; A fifth modular multiplier for outputting a remainder divided by; Multiply the outputs of the fourth and fifth modular multipliers and then multiply them; Divide the remainder by A sixth modular multiplier for outputting as the inverse of the multiplication for; The modular Modular circuit comprising a latch circuit for storing the inverse of the multiplication for Inverse operator for multiplication. In the data encryption device based on IDEA, a data input unit for receiving n-bit plain text in m-bit units; a key input unit configured to receive a k-bit key bit by m-bit unit; A control unit for generating and outputting a control signal necessary for generating a subkey required for each round from the k-bit key bit and a control signal for converting n-bit plain text into a cipher text; An encryption processing unit for selecting one of n-bit plain text output from the data input unit and an output value of each round, and encrypting the encrypted text using an l-bit subkey to output the encrypted text; A shift register for receiving and storing key data from the key input unit and cyclically shifting the input key data to the left according to a shift command output from the controller, a memory for storing an output of the shift register, and a key from the memory Modular data input Inverse Arithmetic and Modularity of Additions to An inverse module for outputting a cipher subkey generated by performing an inverse operation of the multiplication with respect to the sub-key, and outputting one of key data output from the memory and output data of the inverse module according to a selection signal output from the controller A subkey generation unit including a multiplexer; And a data output unit for outputting an encrypted text which is output data of the encryption processing unit. delete The method of claim 3, wherein the control unit; A counter for counting and outputting a system clock; A decoder for decoding the counted timing value and outputting the counted timing value; And a control logic circuit for generating and outputting a control signal necessary for generating a subkey required for each round according to the timing signal input and a control signal for converting a plain text into a cipher text. The data encryption apparatus of claim 5, wherein the encryption processing unit is designed in a single round implementation. delete