JP2000075785A - High-speed cipher processing circuit and processing method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To execute both cipher block chaining(CBC) mode and cipher feedback(CFB) mode by executing a function processing used within a block encipherment processing, and executing the processing corresponding to the operation mode of the block encipherment processing. SOLUTION: A data storing means 1 stores an initial vector used for block encipherment processing, a processing intermediate value or a processing final result, and it consists of, for example, a resistor. A function processing device 2 executes a block encipherment processing, for example, a plurality of steps of conversion using f-function as a function processing used in data encryption standard(DES) processing. A mode processing means 3 is provided between the data storing means 1 and the function processing means 2 and executes the processing corresponding to the operation mode of the block encipherment, for example, CBC mode or CFB mode, by use of the data stored in the data storing means 1.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a digital data encryption system, and more particularly, to a high-speed encryption processing circuit for executing CBC mode and CFB mode processing of DES encryption as a typical block encryption.

[0002]

2. Description of the Related Art In recent years, digital data encryption processing has attracted attention, and data to be encrypted has been increasing. For example, requests for encryption processing of moving image data and transaction processing in a server have been issued, and the encryption processing itself has been required to be faster.

[0003] Digital data encryption methods include:
For example, there are a block cipher system in which encryption is performed for each block with 64 bits as one block, and a stream cipher system in which, for example, one bit is sequentially encrypted.

[0004] The encryption system to which the present invention is applied is a block cipher, which is the most typical DES cipher. DES (Data Encryption Standard) is a data encryption standard established by the U.S. Department of Commerce Standards Bureau in January 1977, and is currently the most widely used encryption algorithm.

[0005] For the DES encryption, four modes are defined as operation modes. The mode is ECB
(Electronic code block), CBC (cipher block chaining), CFB (cipher block)
Feedback) and OFB (output feedback).

[0006] Of these four modes, the two modes directly related to the present invention are CBC and CFB. Therefore, encryption and decryption processing in these two operation modes will be described with reference to FIGS. This will be described with reference to FIG.

FIG. 24 is a basic explanatory diagram of encryption and decryption in the CBC mode. Plaintext sequence M ₁ that is divided into 64 bits in this mode, M _2, M _3, but ... is input, first for the M ₁ as the first 64-bit exclusive of the initial vector IV sum 51 is taken, the results encryption E52 is performed on to the ciphertext sequence _{C 1, C 2, C 3} , C 1 as the first 64 bits of ... is obtained. Here, E as encryption processing
Reference numeral 52 denotes a 16-stage conversion of the same structure using the initial transposed IP and f function, left and right 32-bit exchange, and inverse transposed IP ^−1.
Is included.

For the next input of M ₂ as 64 bits, an exclusive OR 56 with C ₁ as the first 64 bits of the cipher text is obtained, and the result is subjected to encryption processing E.
57 is performed, it is reluctant C ₂ as the next 64 bits of ciphertext. In the same manner, a ciphertext is created 64 bits at a time.

In the decryption process, the first 64 ciphertexts are used.
C as a bit₁Decryption processing D53
Is performed. This process is the same as the encryption process E52.
16-stage conversion using IP function and f function, left and right 32 bits
Permutation and reverse transposition IP ^-1Containing
Key sequence is reversed in 16-stage conversion unlike encryption
Are used in this order. For the result of the decryption process D53,
An exclusive OR 54 with the initial vector IV is obtained, and a plaintext
M as the first 64 bits of₁Is obtained.

[0010] XOR of after decoding D58 to the input of C ₂ as the next 64-bit ciphertext is performed, a C ₁ as the first 64 bits of the ciphertext on the result 59 is taken, and M ₂ is obtained as the next 64 bits of the plaintext. Hereinafter, a plaintext as a decryption result is created in the same manner.

FIG. 25 is a basic explanatory diagram of the operation in the CFB mode. The CFB mode performs a random number generation operation. The plaintext is divided into k bits of 1 or more and 64 or less, and the sequence is M ₁ , M ₂ , M ₂ as in FIG.
₃ , ...

M in plaintext, eg, as the first 8 bits
_In response to the input of ₁ , encryption processing E67 of the initial vector IV stored in the register 66 is performed. This encryption processing itself is the same as in the CBC mode in FIG. Of the 64 bits resulting from the encryption processing, only the left 8 bits are extracted, and an exclusive OR 68 with M ₁ is obtained.
Then, the first 8 bits C ₁ of the cipher text are output, and the 8 bits C ₁ as the cipher text are stored in the register 66.
Is stored on the rightmost side of That is, the initial vector IV stored in the register 66 is shifted left by 8 bits, the left 8 bits are discarded, and C ₁ is stored at the rightmost.

In response to the input of the next 8-bit M ₂ of the plaintext, an encryption process E67 for the contents stored in the register 66 is performed.
And the exclusive OR 68 of the left 8 bits of the resulting 64 bits and M ₂ is obtained and output as the next 8 bits C ₂ of the ciphertext, and the 8 bits are stored in the register 66. Is stored on the rightmost side of That is, register 6
6 is shifted 8 bits to the left, and the initial vector I
Another 8 bits of V are discarded, and C ₂ is stored at the rightmost side of the register 66. Following exactly the same operation for the 8-bit C ₃ following ciphertext sequence is performed.

[0014] In the decoding process of the CFB mode, first corresponds to the first input of the 8-bit C ₁ ciphertext, encryption E71 initial vector IV which has been stored in the register 70 is performed. Unlike the CBC mode of FIG. 24, the decoding process uses the process E instead of the process D. Left 8 bits of the 64-bit result of this process is extracted, the exclusive OR 72 and C ₁ ciphertext is taken, the first 8-bit M ₁ of the plaintext is output. Same as well as at the same time definitive for encryption processing, the contents of register 70 are 8-bit left shift, 8-bit C ₁ ciphertext is stored in the rightmost.

The process corresponding to the next input of the 8-bit C ₂ ciphertext sequence is exactly the same. That is, the encryption processing E71 is performed on the contents of the register 70, and the result 6
The exclusive OR 72 of the left 8 bits of the 4 bits and C ₂ is obtained to obtain the next 8 bits M ₂ of the plaintext, and the contents of the register 70 are shifted left by 8 bits to obtain the 8 bits of the ciphertext.
Bit C ₂ is stored in the rightmost register 70. Similarly, the decryption process of the ciphertext series C ₃ ,... Is executed.

FIG. 26 shows a conventional example of a CBC mode encryption processing circuit. FIG. 1A shows an encryption circuit. In the figure, as in FIG. 24, the first 8 bits M ₁ of the plaintext
Is input, the exclusive OR with the initial vector IV stored in the register 75 is obtained by the EXOR circuit 76, and the result is input to the f-function 77.

As the f function 77, 16 using the f function is used.
A 16-stage conversion circuit may be provided to perform all the stage conversions. For example, in order to reduce the amount of hardware, a 4-stage conversion circuit is provided, and an intermediate result of the processing is transmitted via the register 75 and the EXOR circuit 76 By looping four times, a 16-stage conversion can be realized. in this case,
During the processing of the loop, by setting the value of the input to the EXOR circuit 76 to, for example, "0" for all 64 bits, the contents stored in the register 75 can be directly output to the f-function 77.

Although only the f-function 77 is shown here for the sake of simplicity, the initial transposed IP included in the encryption processing E52 in FIG. 24 is assumed to be included in the processing of the first-stage f-function, for example. The last 32 bits permutation and the inverse transpose IP ⁻¹ can be considered to be included in the processing of the f function in the 16th stage.

At the end of the fourth loop, 64 bits output from the f-function 77 and stored in the register 75 are output as the first block C ₁ of the ciphertext, and the next block M of the input plaintext. _It is used to take an exclusive OR with M ₂ at the point of input of ₂ . The following processing is the same as that described with reference to FIG. 24, and a description thereof will not be repeated.

FIG. 26B shows a conventional example of a CBC decoding circuit. When the first block C ₁ of the ciphertext is input in the figure, the input is provided to the f function 81 via the selector 80.

The f-function 81 is for executing the decoding process D53 in FIG. 24. If it is provided with a four-stage conversion circuit as in FIG. After the operation of the loop is completed, the decryption result of the input ciphertext block C ₁ is output to the register 82, and the initial transposition IP, 1
The conversion of the 6th stage is left and right 32-bit conversion and inverse transposition IP ^-1
Shall be included.

The result of decryption of the first block C ₁ of the ciphertext stored in the register 82 is input to an EXOR circuit 84, where the result is exclusive-ORed with the initial vector IV stored in the register 83, and the plaintext of the plaintext is obtained. It is output as the first block M _1. This time to take the exclusive OR decoding result of the next block C _2, the first block C ₁ of the input ciphertext is stored in the register 83. Since the decoding processing for the next input block C ₂ of the ciphertext is performed as in the FIG. 24, description thereof is omitted below.

FIG. 27 shows a conventional example of a CFB mode encryption processing circuit. FIG. 1A shows an encryption circuit, and FIG. 1B shows a decryption circuit. In response to the first input of the 8-bit M ₁ plaintext in FIG. 27 (a), the value of the initial vector IV is output to the f function 87 that is first stored in the register 86.

The f-function 87 corresponds to the encryption processing E in FIG.
67, that is, a process similar to the encryption process E52 in FIG. 24, and includes, for example, a four-stage conversion circuit as in FIG. Of the 64 bits as the processing result of the 16-stage conversion (including the initial transposition, the transposition of the left and right 32 bits, and the reverse transposition as in FIG. 26) by the processing of the four loops through the selector 90 and the register 86, Only the left 8 bits are EXOR circuit 91
Is output to the exclusive OR between 8 bits M ₁ of the input plaintext is output tolerant, as the first block C ₁ of the ciphertext.

[0025] As described above, the initial vector stored in the register 86 IV is f function 8 in response to the input of M ₁
7, the contents of which are shifted 8 bits to the left, ie, the left 8 bits are discarded and stored in register 88. The number of bits is 56 bits.
of the output after the fourth loop of f functions 87, most only 8 bits left is input to the EXOR circuit 89, taken exclusive OR of the input M ₁ is, as a result of the 8-bit rightmost The 56 bits stored in the register 88 are stored as 64-bit data in the register 86 via the selector 90 in a format arranged on the left side. This 64-bit, in response to the next input block M ₂ of the plaintext, and is output to the encryption process E67 in FIG. 25. Since the operation for M ₂ The following blocks are the same, it is omitted from the following description.

[0026] In FIG. 27 (b), the input time of the first 8-bit C ₁ ciphertext, the initial vector IV is given in the f function 94 stored in the register 93, similarly to the above selector 95, a register Conversion using a 16-stage f-function is performed by the processing of four loops through 93, and the left 8 bits out of the 64 bits as the output of the encryption processing E71 in FIG. exclusive OR of the ciphertext block C ₁ is taken, the plaintext M ₁ is outputted.

When the value of the initial vector IV as the content of the register 93 is output to the f-function 94, the content is simultaneously shifted left by 8 bits, and 56 bits are stored in the register 9
6 is stored. Then the 56 bit left at the end of the fourth loop, in input format ciphertext 8-bit C ₁ is disposed on the right side, through the selector 95 register 93
Stores 64-bit data. This data corresponds to the next input ciphertext block C _2, those given in the f function 94. Since the decoding processing for the ciphertext block C ₂ or less are the same, description thereof is omitted.

[0028]

In order to speed up such a DES encryption process, conventionally, in order to speed up a 16-stage conversion process using an f-function, a conversion circuit of the f-function is required as much as possible. A large number of stages are connected to reduce a loop loss, a processing procedure of a conversion including an f function is changed to reduce a delay for one loop, and, for example, a mode processing corresponding to an operation mode is encrypted in CBC encryption processing. For example, a method of reducing the number of clocks required for processing by putting it in a loop, ie, a loop, has been used. These systems are disclosed in the following US patents:

U. S. Patent 5,381,480, Butter et a
l. "System for Translating Encrypted Data" However, even if the conversion using the f-function is connected as many stages as possible, the greater the number of stages, the larger the amount of hardware and the higher the cost. There was a problem that it could not be done.

Next, as described above, the operation modes of the DES block cipher are ECB, CBC, CFB and OFB.
There are two operation modes. The ECB mode only combines the DES encryption process and the decryption process, and does not require a special mode processing circuit for the operation mode. O
In the FB mode, the processing for the next block can be performed as it is using the processing result for the previous block in the processing loop of the DES encryption, and the special processing corresponding to the mode includes the final processing result of the DES. It is only necessary to take an exclusive OR with the input block data, and it is not necessary to consider the occurrence of delay in the processing loop.

On the other hand, in the CBC mode, for example, it is necessary to take the exclusive OR of the value of the initial vector IV and the input block, and perform DES processing on this value. In the CFB mode, when updating the contents of the register storing the initial vector IV in the encryption process, the value of the initial vector is shifted to the left, and a part of the processing result of the DES process and the exclusion of the input block to the right. It is necessary to set the value of the logical OR.

That is, the mode processing for the CBC is
The difference is that the mode processing for the CFB is performed at the beginning of the S processing and at the end of the processing for the CFB. Both of these processes are DE
It is included in the loop of S processing.

As a processing circuit for performing the DES encryption processing, it is desirable to configure a circuit capable of executing all of these four operation modes.
There is a problem that it is difficult to configure a processing circuit commonly used for the C mode and the CFB mode. This is because one of the mode processes corresponding to these two modes is at the beginning of the processing loop of the DES process and the other is at the end.

It is an object of the present invention to provide a cryptographic processing circuit capable of executing both the CBC mode and the CFB mode, and to reduce the processing delay in the circuit as much as possible.

[0035]

FIG. 1 is a block diagram showing the basic configuration corresponding to a first embodiment of the present invention. The figure shows
For example, it is a configuration block diagram of a high-speed encryption processing circuit that performs block encryption processing that can execute both DES encryption processing in the CBC mode and the CFB mode as operation modes.

In FIG. 1, data storage means 1 includes an initial vector, a processing intermediate value,
Alternatively, it stores the final processing result, and is, for example, a register.

The function processing means 2 executes a block encryption process, for example, a multistage conversion using an f-function as a function process used in the DES process. The mode processing unit 3 is provided between the data storage unit 1 and the function processing unit 2, and uses a data stored in the data storage unit 1 to correspond to an operation mode of block encryption, for example, a CBC mode or a CFB mode. The processing is executed.

In the processing in the CFB mode, the function processing means 2 performs 16-stage conversion using the nonlinear function as the above-described function processing in the encryption of the input block data into the DES encryption a plurality of times, for example, four times. Be executed. In that case, in one function process, four-stage conversion using a non-linear function is executed.

The execution result of each of the plurality of processes except the last one is stored in the data storage unit 1 by the function processing unit 2. Further, an encrypted data output unit is further provided to output the encrypted block data for the input block data using the result of the last one processing.

Before the first execution of the plurality of processes, mode processing is executed by the mode processing means 3, and the execution result is output to the function processing means 2. Further provided is a mode processing result storage means in which a part is stored. When the function processing unit 2 executes the last of a plurality of processes, a part of the execution result of the mode processing is output to the data storage unit 1 by the mode processing result storage unit, and the function processing unit 2 A part of the execution result is output to the data storage unit 1.

At the time of executing the encryption process in the CBC mode, similarly to the CFB mode, the 16-stage conversion using the nonlinear function as the function process in the encryption of the block data into the DES encryption is performed a plurality of times. It is executed separately. The result of each execution of the plurality of processes is stored in the data storage unit 1 by the function processing unit 2.

Before the first execution of the plurality of processes by the function processing means 2, mode processing using the block data input by the mode processing means 3 and the data stored in the data storage means is performed. It is executed, and the result of the mode processing is output to the function processing means 2.

FIG. 2 is a block diagram showing the basic configuration corresponding to the second embodiment of the present invention. In the figure, in addition to the first mode processing means 4 corresponding to the mode processing means 3 of FIG. 1, the apparatus is provided between the function processing means 2 and the data storage means 1 and corresponds to the operation mode of block encryption. Second mode processing means 5 for executing the second processing is added.

In the second embodiment of the present invention, the first
As in the embodiment, the cryptographic processing circuit can execute both the operation modes of the CFB mode and the CBC mode, but the basic mode of the mode processing in the CBC mode is executed in the first mode. The basic mode processing in the CFB mode is executed by the second mode processing unit 5 in contrast to the processing unit 4.

In the CFB mode, the 16-stage conversion using the non-linear function by the function processing means 2 is executed in a plurality of times as in the first embodiment. Is given to the function processing means 2 without any special processing by the first mode processing means 3. The processing result of each of the function processing means 2 except for the last one of the plurality of processings is stored in the data storage means 1.

Using the processing result of the last round by the function processing means 2, the encrypted block data for the input block data is output in the same manner as in the first embodiment, and a part of the processing result and the input data block The second mode processing is executed by the second mode processing means by using the result, and the result and a part of the data stored in the data storage means 1 before the first execution of the plurality of times are stored in the data. It is stored in the storage means 1 and is used for the encryption processing of the next block data.

In the CBC mode, the first mode processing means 4 executes the same processing as the mode processing means 3 for the first embodiment, and the second mode processing means performs substantially no function. As a result, the same processing as in the first embodiment is executed as a result.

In the encryption processing method of the present invention, for example, in the encryption processing method of performing DES block encryption processing, the processing result is output at the end of the encryption processing of one block data, and the initial vector is stored. The processed intermediate value in the encryption process or the final result of the process is stored in the registered register.

An operation corresponding to the operation mode of the block encryption is executed between the data stored in the register and the one block data or the next block data following the one block. Further, the calculation result is used as a value corresponding to an initial vector in the encryption processing for the next block data following the one block, and the encryption processing for the next block data is performed.

In the encryption processing method of the present invention, an initial vector is first stored in the above-described register, and the initial vector corresponds to the operation mode between input block data in the CBC mode, for example. In the CFB mode, a special operation corresponding to the operation mode is not substantially executed, and a 16-stage conversion using a nonlinear function corresponding to the operation result is executed in a plurality of times in the CFB mode. Is done. This encryption method is used in the first embodiment.

As described above, according to the present invention, CB
An encryption processing circuit that executes both the C mode and the CFB mode can be realized. In the first embodiment, the mode processing means corresponding to the two modes can be shared.

[0052]

FIG. 3 shows the configuration of a CFB mode encryption circuit used in the first embodiment of the present invention. This figure corresponds to the conventional example shown in FIG. 27 (a). However, the EXOR used in FIG. 27 (a) is used in combination with a CBC mode encryption circuit.
The circuit 89 is omitted, and an EXOR circuit 12 is used at the output side of the register 11 instead.

In FIG. 3, the initial vector IV is stored in the register 11. An input time of the first 8-bit M ₁ plaintext, the value of the initial vector IV from the register 11 is f
The function (processing circuit) 13 is provided. At this time, for example, “0” is output from the register 14 to the EXOR circuit 12, so that the value of the initial vector IV stored in the register 11 is directly provided to the f function 13.

The f-function 13 comprises a conversion circuit using, for example, four stages of f-functions as in FIG. 27A, and uses the f-function by processing four loops through the selector 15 and the register 11. It is assumed that stage conversion is performed. Further, as described above, the initial transposition IP, the transposition of left and right 32 bits with respect to the result of the 16th stage, and the reverse transposition IP- ¹ are included.

The left 8 bits of the output of the f-function 13 after the four loops are supplied to the EXOR circuit 18 and exclusive-ORed with the input plaintext block M ₁ to obtain the first ciphertext block C _1. Is output as

[0056] In response to the input of the block M ₁ register 1
When the initial vector IV is output from 1, the left 56 bits of the contents are left as they are from the register 11.
The right 8 bits are output to the register 17 in a format given through the EXOR circuit 12, and the 64 bits are shifted by 8 bits, the leftmost 8 bits are discarded, and then stored in the register 17. . At the end of the four loops, 64 bits of data are stored in the register 11 via the selector 15 in such a format that 56 bits of the content are stored on the left and 8 bits of the left of the output of the f-function 13 are stored on the right. Is stored. At this time, the register 14 stores 8 bits of the input block M ₁ . Here 64-bit stored in the register 11, D for f function 13 at the input point of the next input block M ₂ is intact
It cannot be used as a target of ES encryption processing.

[0057] at the point of input of the block M _2, register 11
Right 8 bits of storage contents of the output to the EXOR circuit 12, the exclusive OR of the first eight bits of the block M ₁ stored in the register 14 is taken, the register 1
It is input to the f-function 13 together with the left 56 bits output directly from 1. At this time, 64 bits that are substantially input to the f-function 13 are shifted left by 8 bits in the same manner as described above, and 56 bits are stored in the register 17. This is because the input data creation to the f function 13 at the input time point of the next block M _3.

F function 13, selector 15, register 11
At the end of the four loops through the EXOR circuit 18, the exclusive OR of the left 8 bits of the output of the f function 13 and the input M ₂ 8 bits is obtained by the EXOR circuit 18, and the next block C _{2 of the} ciphertext sequence Is output as During the four loop processes, the contents stored in the register 14 are not output, and the EXOR
It is assumed that “0” is given to the circuit 12, for example. Hereinafter, the same processing is performed, and the description thereof will be omitted.

FIG. 4 is a block diagram showing the configuration of the cryptographic processing circuit according to the first embodiment of the present invention. FIG. 1 is a block diagram showing the configuration of a cryptographic processing circuit that executes processing in both the CFB mode and the CBC mode. The CFB mode encryption operation using this circuit will be described with reference to FIGS.

FIG. 5 shows the CFB mode encryption operation (1).
FIG. The connection portions of the circuits used here are shown by solid lines, and the unused portions are shown by broken lines. First in response to the first input of the plaintext blocks M ₁ (from) the initial stored in the register 21 vector IV selectors 22, 23, EXOR circuit 24,
25 to the f-function 26. At this time, selector 2
2, 23 select the output from register 21 and
56-bit and 8-bit “0” data are input to the OR circuits 24 and 25 via the selectors 31 and 32. Therefore, the value of the initial vector IV stored in the register 21 is given to the f-function 26 as it is. Further, the value of IV stored in the register 21 is stored in the register 28 substantially as it is by shifting only 8 bits. The processing results of the four-stage conversion circuit included in the f-function 26 are stored in the register 21 via the selector 27.

FIG. 6 shows CFB mode encryption operation (part 2).
FIG. FIG. 9 is an explanatory diagram of the processing operation in the second and third loops among the four loops via the f function 26, the selector 27, and the register 21. In these loops, the selectors 22 and 23 use the register 2
1 and the selectors 31 and 32 select 56 outputs.
EXOR each bit “0” and 8-bit “0”
Since the data is output to the circuits 24 and 25, the data of the register 21 is directly provided to the f-function 26, and the processing results of the four stages are stored in the register 21 via the selector 27.

FIG. 7 shows the CFB mode encryption operation (part 3).
FIG. In the figure, the processing result of the third loop stored in the register 21 is directly provided to the f-function 26 via the selectors 22 and 23 and the EXOR circuits 24 and 25 as described above. The output of the f-function 26 is 1
Since an encryption processing result of the initial vector IV using f function of six stages, the left 8 bits are taken out, the logical sum EXOR circuit with the first 8 bits of the block M ₁ of the plaintext applied to the input 30 taken by and outputted from the output as the first block C ₁ of the ciphertext. The 8-bit plaintext blocks M ₁ is stored in register 33.

The 56 stored in the register 28 at the same time
64-bit data is stored in the register 21 via the selector 27 in such a format that bits are stored on the left and eight bits of the output of the f-function 26 are stored on the right.

FIG. 8 shows the CFB mode encryption operation (part 4).
FIG. Wherein the first process corresponding to the plaintext block M ₂ input is performed. First, 64-bit data stored in the register 21 (part 3) is supplied to the two EXOR circuits 24 and 25 via the selectors 22 and 23. At this time, the selector 31 sets the 56-bit "0"
A data is stored in the register 33 32, that is, to output the first data block M ₁ of the input plaintext, EXOR circuit 24 is output to the left 56 bits of the 64-bit as the f function 26 , The circuit 25 outputs the exclusive OR of the right 8 bits and M ₁ 8 bits, and the resulting 64 bits are the f function 26 at the beginning of the processing of the four loops corresponding to the input of the block M _2. Given to. In effect, this input is shifted by 8 bits and stored in the register 28. The result of the four-stage conversion process (including the initial transposition) in the f-function 26 is stored in the register 21 via the selector 27.

FIG. 9 is a timing chart of the CFB mode encryption operation.
It is a chart. Figures for the operation flow are shown in FIGS.
Numbers corresponding to the encryption processes 1 to 4 described in FIG.
Character. First block M of plaintext₁Input
Correspond to the four clocks, 1, 2,
2 and 3 are executed and the first block of output
C ₁Is obtained. Next input block M_TwoFor
Are four, two, four
2. The processing of the third step is executed, and the output block C_TwoThe following
can get. Note that, for example, the ciphertext block C₁Is explained in FIG.
As described above, at the end of the fourth loop, the f-function 26 is output.
Power and plaintext block M₁Short as a result of exclusive OR with
The output time is shown in the figure.
Minutes are shown. If a latch circuit is provided before the output terminal
This period can be extended before the output of the next ciphertext block.
Both are possible.

FIG. 10 is a CFB mode decoding operation (1).
FIG. In the figure, in response to the input of the first block C ₁ of the ciphertext, the value selectors 22 and 23 of the initial vector IV which has been stored in the register 21, EX
The signal is directly supplied to the f-function 26 via the OR circuits 24 and 25. The initial vector IV is stored in the register 28 only by shifting left by 8 bits. After the completion of the four-stage processing by the f-function including the initial transposition, the result is stored in the register 21 via the selector 27.

FIG. 11 is a CFB mode decoding operation (2).
FIG. FIG. 11 is an explanatory diagram of the processing operation of the second loop and the third loop of the four loops as the processing using the f function. The 64-bit data stored in the register 21 is supplied to the selectors 22, 23, EXO
The f-function 26 is supplied to the f-function 26 via the R circuits 24 and 25, and the output of the f-function 26 is stored in the register 21 via the selector 27.

FIG. 12 is a CFB mode decoding operation (3).
FIG. The figure shows the fourth loop using the f function.
Shows the processing operation. 64 stored in the register 21
The bit data is supplied to selectors 22 and 23 and an EXOR circuit.
24 and 25 to the f-function 26. f function
Four-stage conversion used, swap left and right 32 bits, and vice versa
Transpose IP^-1After the processing of
The left 8 bits of the bit are given to the EXOR circuit 30,
First ciphertext block C input from input ₁8
XOR with the output and the result is
First block M of plaintext₁Is output as Also at the same time
56 bits stored in the register 28 on the left side,
Input ciphertext block C₁8 bits are placed on the right
In the register 21 via the selector 27
This is stored as default data.

FIG. 13 is a timing chart of the CFB mode decoding operation. Figures in the operation flow
FIG. 12 shows processes 1 to 3 of FIG. For the first input of the block C ₁ of the input ciphertext, 1 in its four clock, Part 2, Part 2, the processing of the three runs, the first block M ₁ output plaintext is output. Even for the next input ciphertext block C ₂ following inputs, exactly the same operation is performed.

FIG. 14 is an explanatory diagram of the CBC mode encryption operation (1). In the CBC mode, an input plaintext block is input from an input, and an output ciphertext block is output from an output. First, in the first 64 bits of the plaintext block M ₁ input from the input, the left 56 bits are supplied to the selector 31 and the right 8 bits are supplied to the 32.
Then, the selector 31 converts the 56 bits into the EXOR circuit 2
4 and 32 give 8 bits to 25.

[0071] On the other hand the initial vector IV which has been stored in the register 21 is supplied to the EXOR circuits 24 and 25 via the selector 22 and 23, exclusive of the initial vector IV and the first plaintext input block M ₁ is bets And the result is given to the f-function 26. Then, the result of the conversion using the four-stage f-function including the initial transpose IP is stored in the register 21 via the selector 27.

FIG. 15 is an explanatory diagram of the CBC mode encryption operation (2). FIG. 11 is an explanatory diagram of the operation in the second and third loops among the four loops using the f function. The 64-bit data stored in the register 21 is supplied to two EXs via selectors 22 and 23.
This is applied to OR circuits 24 and 25. At this time, selector 3
Since 1 and 32 output 56-bit “0” and 8-bit “0”, the 64-bit data is directly supplied to the f-function 26. The result of the four-stage conversion process using the f function is stored in the register 21 via the selector 27.

FIG. 16 is an explanatory diagram of the CBC mode encryption operation (3). FIG. 11 illustrates the operation of the fourth loop using the f function. The 64-bit data stored in the register 21 is directly supplied to the f-function 26 via the selectors 22 and 23 and the EXOR circuits 24 and 25 as described above. The processing results of the four-stage conversion using the f-function, the swapping of left and right 32 bits, and the inverse transposition IP ⁻¹ are stored in the register 21 via the selector 27. 64-bit data is stored in the register 21, the output monkey as it is from the output through the EXOR circuit 34 as a first block C ₁ of the output ciphertext. At this time, the selector 35 outputs “0” of 64 bits to the EXOR circuit 34. The first block C ₁ of the output ciphertext stored in the register 21, input block M at the input point of the next plaintext block M ₂ by the encryption operation (Part 1)
Exclusive OR is performed with ₂ in the same manner as described above.

FIG. 17 is a timing chart of the CBC mode encryption operation. In response to the input of the input plaintext block M _1, Part 1 in four clocks, Part 2, Part 2, Part 3 of the operation is performed, the first block C ₁ of the output ciphertext is output. Operation for the plaintext block M ₂ following input is exactly the same.

FIG. 18 is a CBC mode decoding operation (1).
FIG. In the CBC mode decoding operation, the initial vector IV is stored in the register 37. When the first ciphertext block C ₁ is input from the input selector 3
In the case of 1, the left 56 bits are selected, and in the case of 32, the right 8 bits are selected and supplied to the two EXOR circuits 24 and 25. "0" at this time the selector 22 and 23 are both 56 bits, and outputs "0" of 8 bits, thus 64 bits of the input ciphertext block C ₁ is as f function 2
6 given. Then, the processing results of the four stages using the f function, including the initial transposition IP, are stored in the register 21 via the selector 27.

FIG. 19 shows a CBC mode decoding operation (2).
FIG. FIG. 9 is an explanatory diagram of the operation in the second and third loops among the four loops using the f function. In the figure, 64-bit data stored in the register 21 is transmitted to the selectors 22 and 23 and the EXOR circuit 2.
The processing result of the four-stage conversion using the f-function is directly stored in the register 21 via the selector 27. The initial vector IV stored in the register 37 is stored in the register 36 at the time of, for example, the third (or second) loop processing.

FIG. 20 shows a CBC mode decoding operation (3).
FIG. As the fourth loop in FIG.
The 64-bit data stored in the register 21 is directly provided to the f-function 26, and the processing results of the four-stage conversion using the f-function, exchanging the left and right 32 bits, and the inverse transposition IP ⁻¹ are passed through the selector 27. It is provided to a register 21. 64-bit data stored in the register 21 is supplied to the EXOR circuit 34, the exclusive OR of the initial vector IV is taken, which is stored in the register 36, output as the first block M ₁ outputs the plain text from the output Is done. As data to be output to the EXOR circuit 34 in the operation of (3) this time for the next ciphertext block C _2, the first block C ₁ of the input ciphertext is stored in the register 37.

FIG. 21 is a timing chart of the CBC mode decoding operation. For the first input of the block C ₁ of the ciphertext in the figure, the 1 in four clocks, Part 2, Part 2, Part 3 of the operation is performed, the first block M ₁ of the plaintext is output . The operation for the input of the next block C ₂ ... Of the cipher text is exactly the same.

FIG. 22 is a block diagram showing a configuration of a cryptographic processing circuit for executing two operations of the CFB mode and the CBC mode according to the second embodiment of the present invention. In the first embodiment of FIG. 4, two EXOR circuits 24 and 25 are CB
In the encryption operation not only in the C mode but also in the CFB mode, the data is used to perform an exclusive OR operation on the left 8 bits of the 64-bit data to be given to the f-function 26, but in FIG. There is a fundamental difference in that the exclusive OR is taken by the EXOR circuit 45. Therefore, the selectors 22 and 23 of FIG. 4 are realized by one selector 41, the EXOR circuits 24 and 25 are realized by one EXOR circuit 42, and the selectors 31 and 32 are realized by one selector 43.

The difference between the second embodiment shown in FIG. 22 and the first embodiment shown in FIG. 4 resides in the CFB mode encryption operation. Therefore, FIG. 22 will be described focusing on the operation. In FIG. 22, the initial vector IV stored in the register 21 is directly supplied to the f-function 26 via the selector 41 and the EXOR circuit 42 in correspondence with the above-described CFB mode encryption operation (part 1). The result is selector 46
Is stored in the register 21 via the. The same applies to the operation in the encryption operation (2).

Equivalent to the encryption operation (No. 3), the left 8 bits of the output of the f function 26 as the fourth loop are the first plaintext blocks M ₁ and E
XOR is taken by the XOR circuit 30 is output first as the ciphertext block C ₁ from the output. At the same time, 56 bits stored in the register 44 are on the left, and the exclusive OR of the left 8 bits of the output of the f-function 26 and the input block M ₁ 8 bits by the EXOR circuit 45 is on the right. In the arrangement format, 64-bit data is stored in the register 21 via the selector 46. Right 8 bits of data stored in the register 21 are those already exclusive OR of the input taken via a selector 41, EXOR circuit 42 in response to the input of the next plaintext block M ₂ F function 26
Will be given to

CFB mode decryption, CBC mode encryption,
Since the operation of CBC mode decoding is substantially the same as that of the first embodiment, description thereof will be omitted. FIG. 23 shows the first embodiment and the second embodiment.
FIG. 4 is an explanatory diagram of a process included in one clock. In each of the first embodiment shown in FIG. 4 and the second embodiment shown in FIG. 22, 16-stage conversion using the f-function 26 is performed by dividing four clocks into four stages, and one The point that four clocks are required for the encryption processing on the block data is the same in any of the embodiments. However, in the first embodiment, 1
The total delay time of the processing performed within one clock is the second
As a result, the clock speed can be increased, and the encryption process can be sped up.

In the first loop including the conversion of the first to fourth stages by the f function in FIG. 23, the delay caused by the output from the register 21 in FIG.
Delay by selectors 22 and 23, EXOR circuits 24 and 2
In addition to the processing delay by 5, the delay of the conversion (including the initial transposition) using the four-stage f-function, and the delay by the selector 27, the delay due to the setup of the data in the register 21 is included in one clock. .

On the other hand, in the circuit shown in FIG. 22 corresponding to the second embodiment in the upper stage, the delay of the data output by the register 21, the delay by the selector 41, the delay by the EXOR circuit 42, and the four-stage conversion using the f function , A delay due to the EXOR circuit 45, a delay due to the selector 27, and a delay due to data setup of the register 21 are included. That is, EXO is different from that of the first embodiment.
The delay due to the R circuit 45 is additionally included, and the clock cycle is longer in the second embodiment than in the first embodiment, which is inferior to the first embodiment in terms of speeding up. Become. However, except for this point, also in the second embodiment, a cryptographic processing circuit that executes both operation modes of the CFB mode and the CBC mode is realized.

[0085]

As described above in detail, according to the present invention, it is possible to realize a cryptographic processing circuit capable of executing both the CBC mode and the CFB mode of the DES encryption. In the first embodiment, CFB
By moving the mode processing in the mode to the beginning of the processing for the next block data, it is possible to use the same part as the part that executes the processing in the CBC mode, and it is possible to reduce the maximum delay of the processing loop. ,
High-speed processing becomes possible. At the same time, the number of exclusive OR circuits can be reduced, and the amount of hardware can be reduced, which greatly contributes to improving the practicality of the encryption processing method.

[Brief description of the drawings]

FIG. 1 is a principle configuration block diagram corresponding to a first embodiment.

FIG. 2 is a principle configuration block diagram corresponding to a second embodiment.

FIG. 3 shows C used in the first embodiment of the present invention.
FIG. 3 is a block diagram illustrating a configuration of an FB mode encryption circuit.

FIG. 4 is a block diagram illustrating a configuration of a cryptographic processing circuit according to the first embodiment of the present invention.

FIG. 5 is an explanatory diagram of a CFB mode encryption operation (1) in the first embodiment.

FIG. 6 is an explanatory diagram of a CFB mode encryption operation (2) in the first embodiment.

FIG. 7 is an explanatory diagram of a CFB mode encryption operation (3) in the first embodiment.

FIG. 8 is an explanatory diagram of a CFB mode encryption operation (part 4) in the first embodiment.

FIG. 9 is a timing chart of a CFB mode encryption operation.

FIG. 10 is an explanatory diagram of a CFB mode decoding operation (part 1) in the first embodiment.

FIG. 11 is an explanatory diagram of a CFB mode decoding operation (2) in the first embodiment.

FIG. 12 is an explanatory diagram of a CFB mode decoding operation (part 3) in the first embodiment.

FIG. 13 is a timing chart of a CFB mode decoding operation.

FIG. 14 is an explanatory diagram of a CBC mode encryption operation (part 1) in the first embodiment.

FIG. 15 is an explanatory diagram of a CBC mode encryption operation (part 2) in the first embodiment.

FIG. 16 is an explanatory diagram of a CBC mode encryption operation (3) in the first embodiment.

FIG. 17 is a timing chart of the CBC mode encryption operation.

FIG. 18 is an explanatory diagram of a CBC mode decoding operation (part 1) in the first embodiment.

FIG. 19 is an explanatory diagram of a CBC mode decoding operation (2) in the first embodiment.

FIG. 20 is an explanatory diagram of a CBC mode decoding operation (3) in the first embodiment.

FIG. 21 is a timing chart of a CBC mode decoding operation.

FIG. 22 is a block diagram illustrating a configuration of a cryptographic processing circuit according to a second embodiment of the present invention.

FIG. 23 illustrates a first embodiment and a second embodiment.
FIG. 7 is a diagram illustrating a comparison of processes performed in one clock.

FIG. 24 is a basic explanatory diagram of an encryption process in a CBC mode.

FIG. 25 is a basic explanatory diagram of an encryption process in a CFB mode.

FIG. 26 is a diagram illustrating a conventional example of a CBC mode encryption processing circuit.

FIG. 27 is a diagram showing a conventional example of a CFB mode encryption processing circuit.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 Data storage means 2 Function processing means 3 Mode processing means 4 First mode processing means 5 Second mode processing means 21, 28, 33, 36, 37, 44 Registers 22, 23, 27, 31, 32, 35, 41, 46 selector 24, 25, 30, 34, 42, 45 EXOR circuit 26 f function (processing circuit)

Claims (15)

[Claims] 1. An encryption processing circuit for performing a block encryption process, comprising: a data storage means for storing an initial vector, a processing intermediate value, or a final processing result used for the block encryption process; Function processing means for executing a function processing to be performed, and mode processing means provided between the data storage means and the function processing means for executing processing corresponding to an operation mode of block encryption. High-speed encryption processing circuit. 2. The high-speed encryption processing circuit according to claim 1, wherein said mode processing means comprises an exclusive OR circuit. 3. The block cipher is a DES cipher,
3. The high-speed encryption processing circuit according to claim 1, wherein the operation mode is a CFB mode. 4. The function processing means executes a 16-stage conversion using a non-linear function as the function processing in the block data encryption to the DES encryption in a plurality of times. 3. The high-speed encryption processing circuit according to 3. 5. The high-speed encryption processing circuit according to claim 4, wherein said function processing means outputs an execution result of each time except for the last one of said plurality of times to said data storage means. 6. The apparatus according to claim 1, further comprising an encrypted data output unit that outputs encrypted block data corresponding to input block data by using a result of the plurality of final processes performed by the function processing unit. 4. The high-speed encryption processing circuit according to 4. 7. The mode processing means executes mode processing before the first execution of the plurality of times by the function processing means, and outputs the execution result to the function processing means. 5. The high-speed encryption processing circuit according to claim 4, further comprising mode processing result storage means for storing a part of the processing execution result. 8. When the function processing unit executes the last of the plurality of times, the data stored in the mode processing result storage unit is output to the data storage unit, and the function processing unit is configured to output the data. 8. The high-speed encryption processing circuit according to claim 7, wherein a part of the execution result is output to said data storage means. 9. The block cipher is a DES cipher,
3. The high-speed encryption processing circuit according to claim 1, wherein the operation mode is a CBC mode. 10. The function processing means executes a 16-stage conversion using a non-linear function as the function processing in the encryption of the block data into the DES encryption in a plurality of times. 9. The high-speed encryption processing circuit according to 9. 11. The high-speed encryption processing circuit according to claim 9, wherein said function processing means outputs a result of said plurality of executions to said data storage means. 12. The mode processing means performs a mode process using the input block data and the data stored in the storage means before the first execution of the plurality of times by the function processing means. Executing the mode processing and outputting a result of the mode processing to the function processing means.
A high-speed cryptographic processing circuit as described. 13. A cryptographic processing circuit for performing a block encryption process, comprising: a data storage means for storing an initial vector, a process intermediate value, or a process final result used in the block encryption process; Function processing means for executing a function processing to be performed; first mode processing means provided between the data storage means and the function processing for executing a first processing corresponding to an operation mode of block encryption; A high-speed cryptographic processing circuit comprising: a second mode processing unit that is provided between the function processing unit and the data storage unit and that executes a second process corresponding to an operation mode of block encryption. 14. An encryption processing method for performing block encryption processing, comprising: outputting a processing result at the end of encryption processing of one block data; and storing the processing result in a register storing an initial vector. A processing intermediate value or a processing final result is stored, and the one block data or the data of the next block following the one block and the data stored in the register correspond to the operation mode of the block encryption. And performing the encryption process on the next block data by using the calculation result as a value corresponding to the initial vector in the encryption process on the next block data following the one block. Characteristic cryptographic processing method. 15. The cryptographic processing method according to claim 14, wherein the block cipher is a DES cipher, and the operation mode is a CFB mode or a CBC mode.