WO2006022058A1 - Appareil de cryptage de texte et appareil de décryptage de texte - Google Patents

Appareil de cryptage de texte et appareil de décryptage de texte Download PDF

Info

Publication number
WO2006022058A1
WO2006022058A1 PCT/JP2005/009473 JP2005009473W WO2006022058A1 WO 2006022058 A1 WO2006022058 A1 WO 2006022058A1 JP 2005009473 W JP2005009473 W JP 2005009473W WO 2006022058 A1 WO2006022058 A1 WO 2006022058A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
ciphertext
initial input
input value
value
Prior art date
Application number
PCT/JP2005/009473
Other languages
English (en)
Japanese (ja)
Inventor
Kazuhiko Minematsu
Original Assignee
Nec Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nec Corporation filed Critical Nec Corporation
Publication of WO2006022058A1 publication Critical patent/WO2006022058A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/30Compression, e.g. Merkle-Damgard construction

Definitions

  • Ciphertext generation apparatus plaintext restoration apparatus, cryptographic communication system, ciphertext generation method, plaintext restoration method, program for ciphertext generation method, program for plaintext restoration method, and computer-readable information recording medium on which these programs are recorded
  • the present invention relates to a cryptographic communication system, and in particular, a cryptographic communication system using stream encryption by a combination of highly secure cryptographic processing and high-speed cryptographic processing, and a computer on which an encrypted communication program is recorded.
  • the present invention relates to a readable information recording medium. Background art
  • stream cipher One type of common key cryptography is called stream cipher.
  • a stream cipher takes a short secret key as input and generates a pseudo-random number sequence (called a key stream) of any length.
  • the ciphertext is obtained by performing a simple operation (in most cases, bitwise exclusive OR) between the plaintext and the key stream of the same length as the plaintext.
  • stream ciphers do not require padding into plaintext, and depending on the cipher, the keystream can be calculated separately from the plaintext. Can be calculated in advance.
  • stream ciphers are said to be encryption schemes suitable for high-speed cipher communication.
  • RC4 stream cipher is used for wireless LAN communication.
  • RC4 stream cipher is disclosed in Non-Patent Document 1.
  • Patent Document 1 One example of such an approach is disclosed in Patent Document 1. Such an approach has the problem that it is difficult to prove force safety, which is realistic.
  • Another approach is to increase the speed of stream ciphers in the secure block cipher mode by introducing components that are cryptographically weaker than the block ciphers but operate faster.
  • the former approach uses a block cipher component (part of the encryption processing), but this approach uses the block cipher itself.
  • Patent Document 2 As this approach, there are an invention disclosed in Patent Document 2 and a method disclosed in Non-Patent Document 2.
  • the invention disclosed in Patent Document 2 is a method of expanding the output of cryptographic processing secure against a selected plaintext attack by using a plurality of cryptographic processing secure against known plaintext attacks.
  • the “cryptographic processing that is safe against selected plaintext attacks” required by this method can be obtained, for example, by operating a secure block cipher in a certain mode.
  • Non-Patent Document 2 proposes a cryptographic hash function as a secure cryptographic process against known plaintext attacks.
  • the selected plaintext attack is an attack in which an attacker can obtain a ciphertext corresponding to an arbitrary plaintext
  • a known plaintext attack is a ciphertext corresponding to a randomly selected plaintext.
  • a cipher that is secure against a selected plaintext attack is P1
  • a cipher that is safe against a known plaintext attack is P2.
  • P1's key be Kl
  • ⁇ 2's mutually independent t keys t is a predetermined positive integer
  • Equation (1) the key stream G for one block is expressed by Equation (1).
  • Y represents the output P1 [K1] (c) of P1 when the initial input is c and the key is K1.
  • Patent Document 2 US Pat. No. 6,104,811
  • Non-Special Reference 1 Applied Cryptography: Protocols, Algorithms, and bource Code in, 2nd Edition, Bruce Schneier, Wiley
  • Non-Patent Document 2 W. Aiello, S. Rajagopalan and R. Venkatesan, High-Speed Pseudoran dom Number Generation with Small Memory, Fast Software Encryption, 6th International Workshop, FSE'99, Lecture Notes in Computer Science; Vol. 1636
  • Patent Document 2 has the following problems.
  • the first problem is that the method of the invention disclosed in Patent Document 2 requires a long time to start outputting a key stream because the time required for key setup is long.
  • the reason for this is that when the enlargement factor is 3 ⁇ 4, the invention disclosed in Patent Document 2 requires one key for cipher P1 and t keys for cipher P2, so the bit length of the secret key is long. Because it becomes.
  • processing such as a protocol using public key cryptography is generally required. Since the time required for this process increases according to the length of the secret key, the problem arises that time is required for key setup.
  • a second problem is that the invention disclosed in Patent Document 2 is capable of higher speed.
  • “Cryptographic processing secure against selected plaintext attack” and “Cryptographic processing safe against known plaintext attack” used in the invention disclosed in Patent Document 2 can be used. Under such conditions, the key stream to be generated can be lengthened with the same calculation amount as the invention disclosed in Patent Document 2.
  • Patent Document 2 includes a lot of waste in cryptographic key processing.
  • the present invention has been made in view of an energetic problem, and a ciphertext generation device, a plaintext restoration device, a ciphertext communication system, a ciphertext generation method, and a high-speed cipher communication that requires a short time for key setup. It is an object to provide a plaintext restoration method, a ciphertext generation method program, a plaintext restoration method program, and a computer-readable information recording medium in which these programs are recorded.
  • the present invention provides, as a first aspect, an initial input generation means for generating an initial input value, and an encryption means for generating an intermediate input value by encrypting the initial input value.
  • An intermediate output enlarging means for enlarging the intermediate input value to generate an enlarged output value
  • a concatenating means for concatenating the intermediate output value and the enlarged output value to generate a key stream
  • a plaintext to be encrypted The present invention provides a ciphertext generation device having a plaintext acquisition unit for acquiring, and a ciphertext generation unit for generating a ciphertext from a key stream, an initial input value, and plaintext.
  • the first aspect of the present invention it is preferable to further include means for transmitting the ciphertext to another device via a network.
  • a master key storing means for storing a master key, a means for generating an initial input value for scheduling, an initial value for scheduling and a master key
  • Intermediate key generation means for generating an intermediate key from the master key stored in the storage means
  • intermediate key expansion means for generating an extended key by expanding the intermediate key
  • the initial input generation means stores the number of times the encryption key means has been operated before, and uses the number as the initial input value. It is preferable. Alternatively, the initial input generation means may use the intermediate input value output immediately before by the encryption key means. The initial input value is preferable. Alternatively, the initial input generation means preferably uses a part of the ciphertext generated immediately before by the ciphertext generation means as the initial input value.
  • the present invention provides a ciphertext acquisition unit that acquires ciphertext, an initial input reading unit that extracts an initial input value from the ciphertext, and an initial input.
  • An encryption unit that encrypts a value to generate an intermediate output value
  • an intermediate output expansion unit that expands the intermediate output value to generate an expanded output value
  • the present invention provides a plaintext restoration apparatus having a connecting means for generating, and a plaintext generating means for generating a plaintext from a key stream, an initial input value and a ciphertext.
  • the second aspect of the present invention it is preferable to further include means for receiving the ciphertext by another device via the network.
  • a master key storing means for storing a master key, a means for generating an initial input value for scheduling, an initial value for scheduling and a master key
  • Intermediate key generation means for generating an intermediate key from the master key stored in the storage means
  • intermediate key expansion means for generating an extended key by expanding the intermediate key
  • a key scheduling device provided with expanded key setting means as a key of the means.
  • the initial input generation means stores the number of times the encryption key means has been operated before, and uses the number as the initial input value. It is preferable.
  • the initial input generating means preferably uses the intermediate input value output immediately before by the encryption key means as the initial input value.
  • the initial input generation means preferably uses a part of the ciphertext generated immediately before by the ciphertext generation means as the initial input value.
  • the present invention provides, as a third aspect, an encryption communication system that performs encryption communication using a common key stream cipher between a transmission device and a reception device.
  • the first input generation means for generating the initial input value, the first encryption means for encrypting the initial input value to generate the first intermediate input value, and the first intermediate input value are expanded to the first
  • a second encryption means for generating a second intermediate output value, a second intermediate output enlargement means for generating a second enlarged output value by expanding the second intermediate output value, and a second A concatenating means for concatenating the intermediate output value and the second expanded output value to generate a second key stream; and a plaintext generating means for generating plaintext from the second key stream, the initial input value and the ciphertext.
  • the present invention provides an encryption communication system characterized by comprising:
  • each of the transmission device and the reception device includes a master key storage unit that stores a master key, a unit that generates an initial input value for scheduling, and an initial value for scheduling.
  • a master key stored in the master key storage means and a key scheduling device comprising: an intermediate key generation means for generating an intermediate key; and an intermediate key expansion means for expanding the intermediate key to generate an extended key.
  • the key scheduling apparatus of the transmitting device includes first expanded key setting means that uses the expanded key as a key of the first encryption means and the first intermediate output expanding means, and the key scheduling apparatus of the receiving apparatus is It is preferable that a second expanded key setting unit that uses the expanded key as a key of the second encryption unit and the second intermediate output expansion unit is provided.
  • the initial input generation means stores the number of times the encryption key means has been operated before, and uses the number as the initial input value. It is preferable.
  • the initial input generating means preferably uses the intermediate input value output immediately before by the encryption key means as the initial input value.
  • the initial input generation means preferably uses a part of the ciphertext generated immediately before by the ciphertext generation means as the initial input value.
  • the present invention provides, as a fourth aspect, an initial input generation step for generating an initial input value and an encryption key for generating an intermediate input value by encrypting the initial input value. It is the target of encryption, an intermediate output expansion step that generates an expanded output value by expanding the intermediate input value, a concatenation step that generates a key stream by concatenating the intermediate output value and the expanded output value, and encryption.
  • a plaintext acquisition process for acquiring plaintext, and encryption from the key stream, initial input value, and plaintext The present invention provides a ciphertext generation method including a ciphertext generation manual step for generating a sentence.
  • the initial input value for scheduling is stored in the initial value for scheduling and the master key storage means.
  • An intermediate key generation process for generating an intermediate key from the master key, an intermediate key expansion process for generating an extended key by expanding the intermediate key, and an extended key using the extended key as a key in the encryption process and the intermediate output expansion process More preferably, the key scheduling process including the setting means is performed separately from the series of processes from the initial input generation process to the ciphertext refining process.
  • the initial input value is the number of times the ciphering process has been executed previously. Yes.
  • the intermediate input value output in the encryption process executed immediately before is used as the initial input value.
  • a part of the ciphertext generated in the ciphertext generation step executed immediately before is used as the initial input value.
  • the present invention provides a ciphertext acquisition step of acquiring ciphertext, an initial input reading step of extracting an initial input value from the ciphertext, and an initial input.
  • the key stream is generated by concatenating the intermediate output value and the enlarged output value, the encryption step for encrypting the value to generate the intermediate output value, the intermediate output expanding step for generating the enlarged output value by expanding the intermediate output value, and the intermediate output value.
  • the present invention provides a plaintext restoration method having a concatenation step of generating, and a plaintext generation step of generating plaintext from a key stream, an initial input value, and a ciphertext.
  • the ciphertext is also received by another device through the network.
  • a step of generating an initial input value for scheduling, a master key stored in the initial value for scheduling and the master key storage means, and An intermediate key generation process for generating an intermediate key from A key scheduling process comprising an intermediate key expansion process for generating an extended key and an expanded key setting process using the expanded key as a key in the encryption process and the intermediate output expansion process is performed from the ciphertext acquisition process to the plaintext generation process. It is preferable to do this separately from the series of processing.
  • the initial input value is the number of times the encryption means has been operated before in the initial input generation step.
  • the initial input generation step it is preferable to use the intermediate input value output in the encryption step executed immediately before as the initial input value.
  • the initial input generation it is preferable that a part of the ciphertext generated in the ciphertext generation process executed immediately before is used as the initial input value.
  • the present invention provides, as a sixth aspect, an initial input generation step for generating an initial input value and an intermediate input by encrypting the initial input value in a substantial computer.
  • An encryption step for generating a force value for generating a force value
  • an intermediate output expansion step for generating an expanded output value by expanding the intermediate input value for generating an expanded output value by expanding the intermediate input value
  • a ciphertext generation method characterized by executing a plaintext acquisition step of acquiring plaintext to be encrypted, and a ciphertext generation manual step of generating ciphertext from a key stream, an initial input value, and plaintext.
  • a program is provided.
  • the ciphertext transmission step of transmitting the ciphertext to another device via the network is further executed by a substantial computer after the ciphertext generation step. Is preferred.
  • the step of generating the initial input value for scheduling is stored in the substantial computer, and the initial value for scheduling and the master one key storage means are stored.
  • An intermediate key generation step for generating an intermediate key from the master key, an intermediate key expansion step for generating an extended key by expanding the intermediate key, and the extended key as a key in the encryption step and the intermediate output expansion step It is preferable that the key scheduling process including the expanded key setting unit is performed separately from a series of processes from the initial input generation process to the ciphertext generation process.
  • the process of setting the initial input value as the number of times the encryption process has been executed previously is substantially performed.
  • Co Preferably executed by a computer.
  • the present invention provides, as a seventh aspect, a ciphertext acquisition step of acquiring a ciphertext in a substantial computer, and an initial input value extracted from the ciphertext.
  • An input reading process, an encryption process that encrypts the initial input value to generate an intermediate output value, an intermediate output expansion process that generates an expanded output value by expanding the intermediate output value, and an intermediate output value and an expanded output Provided is a plaintext restoration method program characterized in that a concatenation step of concatenating values to generate a key stream and a plaintext generation step of generating plaintext from the keystream, the initial input value and ciphertext are provided. To do.
  • the ciphertext acquisition step it is preferable to cause a substantial computer to perform a process of receiving ciphertext from another device via a network.
  • a substantial computer it is preferable to cause a substantial computer to perform processing for reading the information recording medium on which the ciphertext is recorded.
  • the step of generating an initial input value for scheduling in the substantial computer, the initial value for scheduling, and the master one-key storage means are stored.
  • An intermediate key generation step for generating an intermediate key from the master key, an intermediate key expansion step for generating an extended key by expanding the intermediate key, and the extended key as a key in the encryption step and the intermediate output expansion step The key scheduling process including the expanded key setting process is preferably performed separately from a series of processes from the ciphertext acquisition process to the plaintext generation process.
  • the process of setting the initial input value as the number of times the encryption means has been operated before is substantially performed by a computer. It is preferable to let this be performed.
  • execute immediately before It is preferable to cause a substantial computer to execute a process in which a part of the ciphertext generated in the ciphertext generation step is an initial input value.
  • the present invention provides, as an eighth aspect, a computer in which a program of a ciphertext generation method that works in the configuration of any of the sixth aspect of the present invention is recorded.
  • a readable information recording medium is provided.
  • the present invention provides a computer in which a program of a plaintext restoration method that works on the configuration of any of the seventh aspect of the present invention is recorded.
  • a readable information recording medium is provided.
  • a ciphertext generation apparatus a plaintext restoration apparatus, a cryptographic communication system, a ciphertext generation method, a plaintext restoration method, and a ciphertext generation that can perform high-speed cryptographic communication with a short key setup time. It is possible to provide a method program, a plaintext restoration method program, and a computer-readable information recording medium in which these programs are recorded.
  • the master key is expanded by a process called key scheduling that can be executed separately on the transmission side and the reception side, and the encryption key is expanded. Used for.
  • Key setup includes the time required for key scheduling. This time is much shorter than the time spent on the protocol for sharing secret keys. Therefore, the time required for key setup is shortened, and the time until the key stream starts to be output is also shortened.
  • key scheduling is separately performed on the transmission side and the reception side and the master key is expanded and used for encryption, when compared with the invention disclosed in Patent Document 2, a longer key with the same amount of computation is used. A stream can be generated. For this reason, a higher-speed stream cipher is realized.
  • the present invention can be used in any situation where a stream cipher has been conventionally used.
  • a stream cipher called RC4 is generally used.
  • the present invention can be used for a wireless LAN cipher as well.
  • the master key may be shared by communication using a cryptographic protocol.
  • the master key may be recorded on a portable information recording medium (such as a magnetic disk) and physically moved to share the master key between the transmitting side and the receiving side. In any case, it is not limited to these methods.
  • FIG. 1 shows the configuration of an encryption communication system that works on this embodiment.
  • This encryption communication system has a configuration in which a sender encryption communication device 10 and a receiver encryption communication device 12 are connected.
  • the sender's encryption communication device 10 is composed of an encryption device 100 and a key scheduling 110.
  • the encrypted communication device 12 for recipients is composed of a decryption device 120 and a key scheduling 130.
  • the sender encryption communication device 10 and the receiver encryption communication device 12 include a control unit 1001, 120 1 (CPU, MPU, etc.), a main storage device 1002, 1202 (memory), and an auxiliary storage device 1003, 12 03. This can be realized by using an information processing device equipped with a communication control device 1004, 1204 (such as a modem). Each unit in the sender's encryption communication device 10 and the receiver's encryption communication device 12 reads the program stored in the auxiliary storage devices 1003, 1203 by the control unit 1001, 1201 onto the main storage devices 1002, 1202. This is possible by executing.
  • the sender cryptographic communication device 10 and the receiver cryptographic communication device 12 are connected via a computer network (such as the Internet).
  • a computer network such as the Internet
  • the key scheduling 110 includes an initial value generation unit 111 for scheduling, an intermediate key generation unit 112, a master key input unit 113, an intermediate key expansion unit 114, and an extended key setting unit 115.
  • the intermediate key generation unit 112 generates an intermediate key using the scheduling initial value output from the scheduling initial value generation unit 111 and the master key.
  • the expanded key setting unit 115 sets the expanded key output by the intermediate key expanding unit 114 as the key for the encryption unit 101 and the intermediate output expanding unit 103.
  • the encryption device 100 includes an initial input generation unit 101, an encryption unit 102, an intermediate output expansion unit 103, a concatenation unit 104, a plaintext input unit 105, a ciphertext calculation unit 106, and a ciphertext transmission unit 107.
  • the generation unit 101 generates an initial input necessary for generating a key stream. The initial input is generated so that there is little or no overlap with the initial input generated in the past.
  • the counter value incremented by 1 each time the encryption unit 102 is operated the output of the past encryption unit 102, part of the past key stream and ciphertext, etc. are applied as the initial input. Is possible. For example, if the counter value is used as the initial input, the initial value should be 0, and increment the count by 1 each time the initial input is output.
  • the method of updating the counter value is not limited to this, and it is always sufficient to update the counter value so that it does not overlap with the past value.
  • the encryption key unit 102 encrypts the initial input with the extended key K1 to obtain an intermediate output. More specifically, the cipher unit 102 encrypts the initial input generated by the initial input generation unit 101 using the cryptographic process P 1 [K1], and outputs the ciphertext as an intermediate output.
  • the intermediate output enlargement unit 103 enlarges the intermediate output output from the encryption unit 102 to obtain an enlarged output.
  • the concatenation unit 104 concatenates the intermediate output and the enlarged output to obtain a key stream.
  • the plaintext input unit 105 is an IZF for the user to input plaintext that is the target of encryption, and is realized by a character input device such as a keyboard.
  • the plaintext input unit 105 may be an information recording medium (such as a magnetic disk) reader.
  • the ciphertext calculation unit 106 calculates a ciphertext from the key stream and plaintext.
  • a typical example of the operation is a method of taking an exclusive OR for each bit.
  • the ciphertext is represented by (initial input, (exclusive OR of plaintext and key stream)).
  • simple operations such as arithmetic sums are not limited to exclusive ORs.
  • the ciphertext transmission unit 107 transmits the ciphertext output by the ciphertext calculation unit 106 to the receiver's cipher communication device 12 via a computer network (such as the Internet).
  • a computer network such as the Internet
  • the receiver encryption communication device 12 will be described.
  • Key scheduling 130 is an initial value generator 131 for scheduling, master key input Unit 132, intermediate key generation unit 133, intermediate key expansion unit 134, and extended key setting unit 135.
  • the intermediate key generation unit 133 generates an intermediate key using the scheduling initial value output from the scheduling initial value generation unit 131 and the master key.
  • the intermediate key expansion unit 134 expands the intermediate key.
  • the expanded key setting unit sets the expanded key output by the intermediate key expanding unit 134 as a key for the encryption unit 122 and the intermediate output expanding unit 123.
  • the decryption device 120 includes an initial input reading unit 121, an encryption unit 122, an intermediate output expansion unit 123, a concatenation unit 125, a ciphertext input unit 126, a plaintext calculation unit 127, and a plaintext output unit 128.
  • the initial input reading unit 121 reads the initial input from the ciphertext sent from the transmission side.
  • the encryption key unit 122 encrypts the initial input with the extended key K1 to obtain an intermediate output.
  • the intermediate output enlargement unit 123 enlarges the intermediate output output from the encryption key unit 122 to obtain an enlarged output.
  • the concatenation unit 124 concatenates the intermediate output and the enlarged output to obtain a key stream.
  • the ciphertext input unit 125 inputs the ciphertext that has also been transmitted by the transmitting side.
  • the plaintext calculation unit 126 calculates a plaintext from the key stream, the initial input, and the ciphertext.
  • the plaintext output unit 127 outputs plaintext.
  • the master key input unit 113 generates a master key.
  • the master key is a secret key shared between the sender's encryption communication device 10 and the receiver's encryption communication device 12.
  • Scheduling initial value generation section 111 generates an initial value for scheduling necessary for key scheduling. This can be achieved by using several different inputs to cipher P1 as initial values for scheduling. Specifically, it is only necessary to generate three different initial inputs. For example, if the master key is 128 bits, the 128-bit block cipher AES (Advanced Encryption Standard) with a 128-bit key is used as the cipher P1, and the initial value for scheduling is a numerical value in the 128-bit space 1, 2 , 3 can be realized. However, cipher P1 needs to be secure against selective plaintext attacks.
  • the intermediate key generation unit 112 generates an intermediate key using the scheduling initial value output from the scheduling initial value generation unit 111 and the master key output from the master key input unit 113. Specifically, the ciphertext obtained by setting the encryption P1 key as the master key and encrypting the initial value for scheduling is the intermediate key. For example, for scheduling If the initial values are 1, 2, and 3 and the master key is MK, the intermediate keys are (P1 [MK] (1), P1 [MK] (2), PI [MK] (3)).
  • the intermediate key expansion unit 114 expands the intermediate key output by the intermediate key generation unit 112 using the encryption P2 that is secure against a known plaintext attack, and generates an extended key.
  • the extended key L is (Kl, K2, R) as the intermediate key.
  • P2 [K2 # (i-l)] (R) indicates the ciphertext when R is encrypted by setting the key of cipher P2 with K2ffi-1.
  • t is a positive integer as in the equation (1), and is also referred to as an enlargement factor.
  • the enlargement ratio t is a parameter that represents how much the intermediate output is enlarged in the intermediate output enlargement unit 103 and the intermediate output enlargement unit 123. The larger the t, the longer the output after enlargement.
  • P2 must not be a cipher for which an existing selective plaintext attack has been reported. This means that it is impossible to use DES (Data Encryption Standard), which is capable of known plaintext attacks, as P2.
  • DES Data Encryption Standard
  • the intermediate key expansion unit 114 can be realized by using, for example, an existing block cipher whose known plaintext attack is not known.
  • a block cipher having a multi-level structure is a block cipher that performs ciphering by repeating a process called a round function.
  • 128-bit key AES has 10 rounds of round function, so P 1 can be realized by using AES, and P2 can be realized by using AES in block cipher with 7 rounds of round function.
  • 7-stage AES for example, the selected plaintext attack is known / recognized by the following literature. However, the known plaintext attack has been discovered in spite of many studies, so it is safer against the known plaintext attack. It can be regarded as having.
  • the expanded key setting unit 115 sets the expanded key element as the key of the encryption device 110.
  • the key of the cipher P1 is K1
  • the key of the cipher P2 is K2-1, ⁇ 2_2, ⁇ ⁇ 2—t, and t + 1 cipher processing PI [Kl], Prepare P2 [K2_2], ..., P2 [K2_t].
  • the scheduling initial value generation unit 111 when the master key is twice the key length of P1, the scheduling initial value generation unit 111 generates two different inputs to P1.
  • the intermediate key generation unit 112 concatenates two ciphertexts obtained by encrypting with the initial value P1 for scheduling and half of the master key to obtain an intermediate key.
  • the intermediate key is (MK1, P1 [MK2] (1), PI [MK2] (2))
  • the master key is three times the length of P1
  • the master key is (MK1, MK2, MK3)
  • the intermediate key is simply the master key itself (MK1, MK2, MK3). In this case, P 1 does not need to be used at all.
  • the intermediate key expansion unit 114 and the extended key setting unit 115 are the same as when the master key is equal to the key length of P1.
  • the intermediate output enlarging unit 103 enlarges the intermediate output output from the encryption key unit 102 and outputs it as an enlarged output.
  • the enlargement output E is expressed by equation (3).
  • K2— 1, K2_2, ... K2—t is an intermediate key element.
  • the intermediate output enlarging unit 103 may perform the process of the expression (3) a plurality of times and set the sum of these results as the expanded output. Specifically, when the expansion rate t is a product of a positive integer s and d, the expanded output E is expressed by Equation (4).
  • the matrix element of the expanded output E is composed of the exclusive OR of the finer vectors, so the security of the entire cipher is generally improved.
  • the intermediate output enlargement unit 103 may include other simple processing before and after the processing of Expression (3).
  • the intermediate output may be cyclically shifted by a constant bit, and this may be used as X to perform the processing of equation (3).
  • the circulation direction and the number of stages to be shifted can be arbitrarily set.
  • the concatenation unit 104 concatenates the intermediate output generated by the encryption unit 102 and the expanded output output by the intermediate output expansion unit 103 to generate a key stream.
  • the order in which the intermediate output and the enlarged output are connected is arbitrary.
  • the connecting unit 104 may output only the enlarged output. This is particularly effective when the cipher P2 is a block cipher and the intermediate output enlargement unit 103 performs the processing of equation (4).
  • the ciphertext calculation unit 106 performs an operation on the key stream output from the concatenation unit 104 and the plaintext output from the plaintext input unit 105, and outputs the result and the initial input generated by the initial input generation unit 101. Concatenated and output as ciphertext.
  • the ciphertext input unit 125 is a device for taking in the ciphertext sent from the sender's cipher communication device 10 via the network into the decryption device 120. It is Nobe.
  • the initial input reading unit 121 extracts the initial input from the ciphertext output by the ciphertext input unit 125.
  • the plaintext calculation unit 126 performs an operation on the portion obtained by removing the initial input from the ciphertext output by the ciphertext input unit 125 and the key stream output by the concatenation unit 124 to generate plaintext.
  • the calculation rule used is the same as that used by the ciphertext calculation unit 106 of the encryption device 100.
  • the plaintext output unit 127 is a device that outputs the plaintext calculated by the plaintext calculation unit 126. Examples are monitor displays and printers.
  • the encryption unit 122, the intermediate output enlargement unit 123, and the concatenation unit 124 are the same as the encryption unit 102, the intermediate output enlargement unit 103, and the concatenation unit 104, respectively, included in the encryption device 100.
  • the flow of operations of the cryptographic communication system that works on this embodiment will be described.
  • Fig. 2 shows the operational flow of the cryptographic communication system that is relevant to the embodiment.
  • the control unit 1001 confirms whether or not the communication with the receiver encryption communication device 12 is the first time (step S101). If it is the first communication (step SlOlZYes), the control unit 1001 operates the key scheduling 110 to obtain an expanded key (step S102).
  • step S103 When the communication with the receiver encryption communication device 12 is not the first time (step SlOlZNo) or when the generation of the extended key is completed, the control unit 1001 generates an initial input by the initial input generation unit 101 (step S103). . Thereafter, the control unit 1001 operates the encryption unit 102, expands the initial input using the expanded key, and obtains an intermediate output (step S104). Next, the control unit 1001 causes the intermediate output enlarging unit 103 to calculate the expanded key and the intermediate output to obtain an expanded output (step S105). Next, the control unit 1001 causes the concatenating unit 104 to concatenate the enlarged output and the intermediate output to generate a key stream (step S106).
  • the control unit 1001 acquires the plaintext that is the target of the encryption key by the user's input operation of the sender cryptographic communication device 10 using the plaintext input unit 105 (step S107).
  • the control unit 1001 inputs the acquired plaintext to the ciphertext calculation unit 106, and calculates ciphertext based on the key stream and the initial input (step S108).
  • the control unit 1001 sends the ciphertext calculated by the ciphertext calculation unit 106 to the ciphertext transmission unit 107 and causes the ciphertext transmission unit 107 to transmit the ciphertext.
  • control unit 1201 When the control unit 1201 receives the ciphertext sent from the sender cryptographic communication device 10 using the ciphertext input unit 125 (step S201), the control unit 1201 is the first to communicate with the sender cryptographic communication device 10. Confirm whether or not (step S202). If it is the first communication (step S202ZYes), the control unit 1201 operates the key scheduling 130 to obtain an expanded key (step S203).
  • control unit 1201 extracts the initial input from the ciphertext by the initial input reading unit 121 ( Step S204).
  • control unit 1201 operates the encryption key unit 122, expands the initial input using the expanded key, and obtains an intermediate output (step S205).
  • control unit 1201 causes the intermediate output enlarging unit 123 to calculate the expanded key and the intermediate output, and obtains an expanded output (step S206).
  • control unit 1201 causes the concatenating unit 124 to concatenate the expanded output and the intermediate output, thereby generating a key stream (step S207).
  • the control unit 1201 inputs the ciphertext to the plaintext calculation unit 126 and calculates the plaintext based on the key stream and the initial input (step S208).
  • the control unit 1201 sends the plaintext calculated by the plaintext calculation unit 126 to the plaintext output unit 127 and outputs it to the image display device or the image forming apparatus.
  • control unit 1001 since the extended key has already been generated, the control unit 1001 does not operate the key scheduling 110 (step SlOlZNo), and performs the initial input generation operation by the initial input generation unit 101. Do. Similarly, in the receiver encryption communication apparatus 12, the control unit 1201 extracts the initial input by the initial input reading unit 121 without operating the key scheduling 130 (step S202ZNO).
  • the cryptographic communication system according to the present embodiment can be applied to applications such as a system for safely distributing contents such as movies and music, and a file encryption system for safely operating data on a computer server.
  • applications such as a system for safely distributing contents such as movies and music, and a file encryption system for safely operating data on a computer server.
  • the above embodiment is an example of a preferred embodiment of the present invention, and the present invention is not limited to this.
  • the sender encryption communication device and the receiver encryption communication device are connected via a network, and the ciphertext is transmitted via the network.
  • the ciphertext is recorded on the information recording medium in the sender's encryption communication device, and the ciphertext is transmitted from the sender's encryption communication device to the receiver's encryption communication device by reading it in the receiver's encryption communication device. OK!
  • the present invention can be variously modified.
  • FIG. 1 is a diagram showing a configuration of a cryptographic communication system according to a first embodiment in which the present invention is preferably implemented.
  • FIG. 2 is a diagram showing a configuration of a sender cryptographic communication apparatus.
  • FIG. 3 is a diagram showing a configuration of a recipient encryption communication apparatus.
  • FIG. 4 is a flowchart showing an operation flow of the sender cryptographic communication apparatus.
  • FIG. 5 is a flowchart showing a flow of operations of the receiver cryptographic communication apparatus.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

L’invention concerne un appareil de cryptage de texte nécessitant un délai court pour configurer une clé pour des communications cryptographiques à grande vitesse, un appareil de décryptage de texte, un système de communication cryptographique, un procédé de cryptage de texte, un procédé de décryptage de texte, un programme associé au procédé de cryptage de texte, un programme associé au procédé de décryptage de texte, et un support d’enregistrement d’informations lisibles par ordinateur sur lequel ces programmes sont enregistrés. L’appareil de communication cryptographique (10) d’un expéditeur comprend une unité de génération d’entrée initiale (101) pour générer une valeur d’entrée initiale, une unité de cryptage (102) pour crypter la valeur d’entrée initiale pour générer une valeur d’entrée intermédiaire, une unité d’extension de sortie intermédiaire (103) pour étendre la valeur d’entrée intermédiaire pour générer une valeur de sortie étendue, une unité de connexion (104) pour connecter l’unité de sortie intermédiaire et la valeur de sortie étendue pour générer une séquence de clé, une unité d’entrée de texte en clair (105) pour acquérir un texte en clair à crypter, et une unité de calcul de texte crypté (106) pour générer un texte crypté à partir de la séquence de clé, la valeur d’entrée initiale et le texte en clair.
PCT/JP2005/009473 2004-08-26 2005-05-24 Appareil de cryptage de texte et appareil de décryptage de texte WO2006022058A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2004-246255 2004-08-26
JP2004246255 2004-08-26

Publications (1)

Publication Number Publication Date
WO2006022058A1 true WO2006022058A1 (fr) 2006-03-02

Family

ID=35967279

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2005/009473 WO2006022058A1 (fr) 2004-08-26 2005-05-24 Appareil de cryptage de texte et appareil de décryptage de texte

Country Status (1)

Country Link
WO (1) WO2006022058A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008294810A (ja) * 2007-05-25 2008-12-04 Renesas Technology Corp 暗号/復号装置
US11838402B2 (en) 2019-03-13 2023-12-05 The Research Foundation For The State University Of New York Ultra low power core for lightweight encryption

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5515307A (en) * 1994-08-04 1996-05-07 Bell Communications Research, Inc. Pseudo-random generator
JP2825205B2 (ja) * 1989-07-20 1998-11-18 日本電信電話株式会社 暗号装置
JP2000502822A (ja) * 1996-08-16 2000-03-07 ベル コミュニケーションズ リサーチ,インコーポレイテッド 高速で安全な暗号化のための改良された暗号的に安全な疑似ランダム・ビット・ジェネレータ
JP2001007800A (ja) * 1999-06-22 2001-01-12 Hitachi Ltd 暗号化装置および方法
JP2002215018A (ja) * 2001-01-22 2002-07-31 Nippon Telegr & Teleph Corp <Ntt> カオス写像を用いた暗号化方法と復号化方法、それらの方法を使用した暗号器と復号器、及びそれらの方法を実施するプログラムとその記録媒体

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2825205B2 (ja) * 1989-07-20 1998-11-18 日本電信電話株式会社 暗号装置
US5515307A (en) * 1994-08-04 1996-05-07 Bell Communications Research, Inc. Pseudo-random generator
JP2000502822A (ja) * 1996-08-16 2000-03-07 ベル コミュニケーションズ リサーチ,インコーポレイテッド 高速で安全な暗号化のための改良された暗号的に安全な疑似ランダム・ビット・ジェネレータ
JP2001007800A (ja) * 1999-06-22 2001-01-12 Hitachi Ltd 暗号化装置および方法
JP2002215018A (ja) * 2001-01-22 2002-07-31 Nippon Telegr & Teleph Corp <Ntt> カオス写像を用いた暗号化方法と復号化方法、それらの方法を使用した暗号器と復号器、及びそれらの方法を実施するプログラムとその記録媒体

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008294810A (ja) * 2007-05-25 2008-12-04 Renesas Technology Corp 暗号/復号装置
US11838402B2 (en) 2019-03-13 2023-12-05 The Research Foundation For The State University Of New York Ultra low power core for lightweight encryption

Similar Documents

Publication Publication Date Title
US7110545B2 (en) Method and apparatus for symmetric-key encryption
US7715553B2 (en) Encrypting a plaintext message with authentication
US8259934B2 (en) Methods and devices for a chained encryption mode
JP7008725B2 (ja) カウンタベースの暗号システムにおける改良型認証付き暗号化のための方法及びシステム
JP5402632B2 (ja) 共通鍵ブロック暗号化装置、共通鍵ブロック暗号化方法及びプログラム
CN101202623B (zh) 消息验证码产生方法、验证/加密和验证/解密方法
WO2015015702A1 (fr) Dispositif, procédé et programme de chiffrement authentifié
JP6035459B2 (ja) 暗号化装置、復号化装置、及びプログラム
WO2011105367A1 (fr) Dispositif de chiffrement par blocs, dispositif de déchiffrement de blocs, procédé de chiffrement par blocs, procédé de déchiffrement de blocs et programme associé
Reyad et al. Key-based enhancement of data encryption standard for text security
Milad et al. Comparative study of performance in cryptography algorithms (Blowfish and Skipjack)
CN109714154B (zh) 一种代码体积困难白盒安全模型下的白盒密码算法的实现方法
More et al. Implementation of AES with time complexity measurement for various input
US8891761B2 (en) Block encryption device, decryption device, encrypting method, decrypting method and program
KR20080072345A (ko) 암호화 장치 및 그 방법
Lee et al. Design and evaluation of a block encryption algorithm using dynamic-key mechanism
WO2006022058A1 (fr) Appareil de cryptage de texte et appareil de décryptage de texte
EP3996321A1 (fr) Procédé de traitement de données chiffrées
JP2015082077A (ja) 暗号化装置、制御方法、及びプログラム
Chandrakar et al. An innovative approach for implementation of one-time pads
JP5293612B2 (ja) 暗号化装置、復号装置、暗号化方法、復号方法およびプログラム
Khaleel et al. A Comparative Performance Analysis of Modified DÓ § mÓ § si’ s Cryptosystem and Data Encryption Standard
Salih et al. Dynamic Stream Ciphering Algorithm
Patil et al. A Survey on an Enhanced Cryptographic Technique for Messages Encryption and Decryption
Samalkha Efficient Implementation of AES

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DPEN Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP