JP2007013503A - Encryption device and method and decryption device and method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an encryption method using an encryption block chain where it is difficult to decode/presume an encrypted sentence by generating a different encrypted sentence each time even from the same plaintext. <P>SOLUTION: A random number is added before a plaintext, and it is encrypted by an encryption block chain system so that encrypted sentence strings to be generated from the same plaintext A<SB>m</SB>are different. A bit operation is added to the encryption processing result of a block A<SB>i-1</SB>before it is used for the encryption processing of the next block A<SB>i</SB>, so that the relevancy between random number or an encrypted sentence B<SB>0</SB>of the random number and generated encrypted sentence series B<SB>1</SB>, B<SB>2</SB>to B<SB>n</SB>can be made difficult to understand. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an encryption apparatus and method for converting plaintext into a ciphertext string, and a decryption apparatus and method for converting a ciphertext string back into plaintext.

  Conventionally, as an encryption method, for example, a method of encrypting plaintext using a secret key or a public key is known. This method divides plaintext into fixed blocks and encrypts them with a key in block units. Further, for example, Patent Document 1 discloses that a cipher block chaining method (CBC), a cipher feedback method (CFB), and an output feedback method (OFB) are used to increase block-based cipher strength. .

In these methods, the result of the encryption process of the previous block is used for the encryption process of the next block. For this reason, the encrypted data of each block is connected in a daisy chain, and the encrypted data of a certain block is dependent on the entire past encryption process, so that decryption becomes difficult. Also, in Patent Document 1, in an encryption method using an encryption block chain method, an encryption device that can select an encryption algorithm using a plurality of different encryption block chains based on an encryption key including encryption mode setting information The encryption algorithm for the use mode is set, and decryption is performed using the encryption key.
JP 2001-177518 A

  In the conventional encryption method, ciphertext strings generated by encrypting plaintext having the same content are the same. For example, if a plaintext ABCD is encrypted and a ciphertext string EFGH is generated, a ciphertext string EFGH is generated every time ABCD is encrypted. Therefore, for example, in the case of an ID representing an individual or a device having a plain text ABCD, even if the ciphertext string EFGH cannot be decrypted, there is a possibility that an individual or device existing in a third party may be specified. Patent Document 1 also provides a highly confidential encryption / decryption device and method by selecting an encryption mode, but the above-described problem has not been solved.

  The present invention has been made in view of the above circumstances, and an object thereof is to provide an encryption method and an encryption method that are difficult to decipher, estimate, specify, and the like.

In order to achieve the above object, an encryption apparatus according to the first aspect of the present invention provides:
By dividing the plaintext to be encrypted into blocks of a predetermined size, operating the data of the next block using the result of the encryption processing of the previous block, and sequentially repeating the process of encrypting the data after the operation, An encryption device for encrypting the plaintext,
Means for generating random numbers to generate first data;
Means for storing predetermined second data;
With
The first data is operated using the second data, and the 0th operation data obtained by encrypting the first data is encrypted to generate the 0th encrypted data. By operating the block data (i is a natural number) using the (i-1) th encrypted data to generate the i-th operation data and encrypting the i-th operation data, repeat the process of generating the encrypted data of i,
It is characterized by that.

  For example, when generating the i-th encrypted data, the encryption device performs a predetermined operation corresponding to the data on the (i-1) -th encrypted data, and the (i-1) th after the operation. The data of the i-th block may be manipulated using the encrypted data of).

In order to achieve the above object, a decoding device according to the second aspect of the present invention provides:
The ciphertext composed of 0th to nth (n is a natural number) encrypted data of a predetermined size is decrypted with the ith (i is a natural number equal to or less than n) encrypted data to generate ith data. A decryption device for decrypting the ciphertext by sequentially repeating the process of generating the i-th decrypted data by manipulating the i-th data using the (i-1) -th encrypted data And when generating the i-th decoded data,
A predetermined operation corresponding to the data is performed on the (i-1) -th encrypted data, and the encrypted data of the i-th block is operated using the (i-1) -th encrypted data after the operation. And decrypt
It is characterized by that.

In order to achieve the above object, an encryption method according to a third aspect of the present invention includes:
The first data generated by generating a random number is operated using predetermined second data, and the zeroth operation data obtained by encrypting the first data is encrypted to obtain the zeroth encrypted data. Thereafter, the i-th operation data is generated by manipulating the data of the i-th (i is a natural number) block of the plaintext to be encrypted using the (i-1) -th encrypted data. Repeating the step of generating the i-th encrypted data by encrypting the i-th operation data;
It is characterized by that.

In order to achieve the above object, a decoding method according to the fourth aspect of the present invention includes:
The i-th data is generated by decrypting the i-th (i is a natural number equal to or less than n) encrypted data of ciphertext composed of 0th to n-th (n is a natural number) encrypted data of a predetermined size. And decrypting the ciphertext by sequentially repeating the process of generating the i-th decrypted data by manipulating the i-th data using the (i-1) -th encrypted data A method of
When generating the i th decoded data,
A predetermined operation corresponding to the data is performed on the (i-1) -th encrypted data, and the encrypted data of the i-th block is operated using the (i-1) -th encrypted data after the operation. And generating the i th decoded data,
It is characterized by that.

In order to achieve the above object, an encryption program according to the fifth aspect of the present invention provides:
On the computer,
The first data generated by generating a random number is operated using predetermined second data, and the zeroth operation data obtained by encrypting the first data is encrypted to obtain the zeroth encrypted data. Generate and
Thereafter, the i-th operation data is generated by operating the data of the i-th (i is a natural number) block of the data to be encrypted using the (i-1) -th encrypted data. A process of repeating the procedure of generating the i-th encrypted data by encrypting the data;
Is executed.

In order to achieve the above object, a decryption program according to the sixth aspect of the present invention provides:
On the computer,
Decrypting i-th (i is a natural number equal to or less than n) encrypted data for ciphertext consisting of 0th to n-th (n is a natural number) encrypted data of a predetermined size to generate i-th data; A process of operating the i-th data using the (i-1) -th encrypted data to sequentially generate the i-th decrypted data and decrypting the ciphertext,
When generating the i th decoded data,
A predetermined operation corresponding to the data is performed on the (i-1) -th encrypted data, and the i-th data is operated using the (i-1) -th encrypted data after the operation. generate decrypted data for i,
To execute the process,
It is characterized by that.

  According to the present invention, even ciphertexts generated from the same plaintext have different results, making it difficult to decipher, estimate and identify the original plaintext, and to provide highly reliable encryption Technology can be provided. On the other hand, at the time of decryption, the ciphertext can be decrypted with almost no increase in burden.

Hereinafter, an encryption apparatus and method and a decryption apparatus and method according to embodiments of the present invention will be described.
(Embodiment 1)

  As shown in FIG. 1, the cryptographic communication system 10 according to Embodiment 1 of the present invention includes a terminal device T1 and a terminal device T2 connected to a network NW, and the terminal device T1 encrypts arbitrary data (plain text). The encrypted data is transmitted to the terminal device T2 via the network NW, and the terminal device T2 receives and decrypts it.

  The terminal device T1 is composed of, for example, a normal computer device, and includes an input unit 20, a processor 30, a memory 40, a communication unit 50, and the like. The terminal device T1 encrypts plaintext to generate ciphertext, and the generated ciphertext is transmitted to the network NW. Is transmitted to the terminal device T2.

  The input unit 20 includes, for example, a USB (Universal Serial Bus) device, a keyboard, a mouse, and various drive devices (input devices such as an FD drive and a CD-ROM drive), and plain text to be encrypted along with various instructions. Enter.

  The processor 30 includes a microprocessor, a DSP (Digital Signal Processor), and the like, and operates according to an operation program stored in the memory 40. In this embodiment, in particular, the processor 30 stores the plaintext input from the input unit 20 in the memory 40, and further encrypts this plaintext using the encryption program 43 stored in the memory 40. The data is transmitted to the terminal device T2 via the communication unit 50. Specific operations of the processor 30 will be described later.

  The memory 40 includes a RAM (Random Access Memory), a ROM (Read Only Memory), a hard disk device, and the like. The memory 40 functions as a work area of the processor 30, and includes an encryption key 41 for encryption, an initial vector 42, a cipher. Storing a computer program 43, a random number program 44, and the like. In the work area, for example, input plaintext, generated ciphertext, and various data in the encryption generation process are stored.

The encryption key 41 is a common key / secret key for encrypting arbitrary data.
The initial vector 42 is fixed data having a preset length, for example, m (m is an arbitrary natural number) bytes.
The encryption program 43 is a program for controlling the processor 30 and encrypting plaintext by a process described later. Details of the encryption program 43 will be described later.
The random number program 44 is a program that is executed by the processor 30 to generate, for example, a 4-byte long random number.

  The communication unit 50 is composed of a communication device such as a modem device, for example, is connected to the network NW, and transmits encrypted data to the terminal device T2.

  The terminal device T2 is composed of, for example, a normal computer device, and includes a communication unit 60, a processor 70, a memory 80, and an output unit 90. The terminal device T2 generates plaintext by decrypting the ciphertext transmitted from the terminal device T1. To do.

  The communication unit 60 includes a communication device such as a modem, is connected to the network NW, and receives encrypted data from the terminal device T1.

  The processor 70 includes a microprocessor, a DSP (Digital Signal Processor), and the like, and operates according to an operation program stored in the memory 80. In this embodiment, in particular, the processor 70 stores the ciphertext received via the communication unit 60 in the memory 80, and further decrypts the ciphertext by the decryption program 82 stored in the memory 80. The plaintext obtained by the decryption is output via the output unit 90. Specific operation of the processor 70 will be described later.

  The memory 80 includes a RAM, a ROM, a hard disk, and the like, functions as a work area for the processor 70, and stores a decryption key 81 for decryption, a decryption program 82, and the like. In the work area, received ciphertext, decrypted plaintext, and various data in the process of decryption are stored.

The decryption key 81 is an encryption key for decrypting received data, and is the same as the encryption key 41.
The decryption program 82 controls the processor 70 to decrypt the received ciphertext.

  The output unit 90 outputs the plain text generated by the processor 70 decrypting it.

  Next, operations of the cryptographic communication system 10 having the above-described configuration are shown in FIG. 2 (encryption process) and FIG. 4 (decryption process), and FIG. 3 (encryption process) and FIG. 5 (decryption process). The processing diagram will be described with reference to FIG.

  The encryption process is performed in the terminal device T1, and the decryption process is performed in the terminal device T2.

(Encryption processing)
It is assumed that the plaintext to be encrypted is input from the input unit 20 of the terminal device T1 and stored in the memory 40. It is assumed that the processor 30 is instructed to encrypt the input plaintext and transmit it to the terminal device T2.

  In response to the instruction, the processor 30 starts the processing procedure shown in the flowchart of FIG. 2 (the processing shown in FIG. 3), first starts the random number program 44, and has, for example, an m-byte length (the same as the initial vector). A random number F of (data length) is generated (step S1).

Next, the processor 30 performs an exclusive OR (XOR) of the generated random number F and the initial vector 42 stored in the memory 40 (step S2).
Next, the processor 30, the result is encrypted by the encryption program 43 by using the encryption key 41 to generate the ciphertext B _0, it is stored in the memory 40 (step S3).

Subsequently, the processor 30 performs a bit operation to the ciphertext B _0, generates the following block encryption bit string H _0, is stored in the memory 40 (step S4). As the bit operation, the bit operation rule is changed according to the result of the ciphertext B ₀ . For example, paying attention to the lower 4 bits, if “0”, each bit data of the ciphertext B ₀ is inverted, if “1”, the bit data of a specific bit is inverted, and if “2”, the predetermined bit is left Rotate several times, and if it is “3”, perform processing such as rotating a predetermined number of bits to the right. The content of the bit operation itself is arbitrary. In addition, not only the bit operation but also a predetermined addition operation or subtraction operation may be performed according to the result of the ciphertext B ₀ , but in that case, an operation at the time of decryption to be described later (steps T 1 and T 4) Then, when an addition operation is performed on the ciphertext, an operation for returning the operation performed at the time of encryption, such as a subtraction operation, is performed.

  Next, the processor 30 sets a count value i for sequentially encrypting plaintext to 1 (step S5).

  Next, it is determined whether or not the count value i is equal to or less than the block number n when divided into m-byte blocks, which are units for encrypting plaintext (step S6). Initially, since the count value i is 1 and is equal to or less than n (step S6: YES), the process proceeds to step S7.

In step S <b> 7, the processor 30 reads the encryption bit string H _i−1 (initially H ₀ obtained in step S <b> 4) stored in the memory 40 and the block A of the plaintext i-th m bytes stored in the memory 40. An exclusive OR C _i (initially C ₁ ) with _i (initially the first m-byte block A ₁ ) is obtained (step S7).

Next, the processor 30 encrypts the exclusive OR C _i by the encryption program 43 using the encryption key 41, so that the plaintext i-th block A _i (initially the first block A ₁ ) is encrypted. A ciphertext B _i (initially B ₁ ) is generated and stored in the memory 40 (step S8).

The processor 30 then performs a bit operation on the ciphertext B _i (initially B ₁ ),
A bit string H _i (initially H ₁ ) for next block encryption is generated and stored in the memory 40 (step S9).
Subsequently, the count value i is incremented by 1 (step S10), and the process returns to step S6.

Thereafter, by repeating the same operation, obtains the encrypted B _i by encrypting the blocks A _i of the plaintext, seeking a bit string H _i subjected to this bit manipulation, and the bit string H _i and the next block A _{i + 1} obtains an exclusive OR C _{i + 1} of this, encrypted by the encryption program 43 using the encryption key 41, and repeats the process for obtaining the ciphertext B _{i + 1.}

When encrypting the last block A _n plaintext obtaining the encrypted B _n, in step S6, it is determined that the count value i> total number of blocks n, ends the processing of this encryption.

Thereafter, the processor 30, the ciphertext _B 0 .about.B _n stored in the storage unit 40, via the communication unit 50 to the terminal device T2.

(Decryption process)
Next, the procedure in which the terminal device T2 decrypts the ciphertext received from the terminal device T1 and generates the original plaintext will be described.
First, as a premise, it is assumed that the communication unit 60 receives the ciphertext (B ₀ to B _n described above) to be decrypted from the terminal device T1, and the processor 70 stores it in the memory 80. It is assumed that the processor 70 is instructed to decrypt the received ciphertext string.

In response to the instruction, the processor 70 starts the processing procedure shown in the flowchart of FIG. 4 (the processing shown in FIG. 5), first reads the first block B _{0 of the} ciphertext from the memory 80, and performs the encryption. performing bit manipulation of the same rule, to generate a bit string H _0, it is stored in the memory 80 (step T1). This bit string H ₀ is equal to the encryption bit string H ₀ generated in step S4 of FIG. It is not necessary to decrypt the first block B _{0 of the} ciphertext.

Next, the processor 70 sets a count value i for sequentially decrypting the ciphertext to 1 (step T2).
Next, the processor 70 determines whether i is equal to or less than the final block number n of the ciphertext (step T3). If the number of encrypted plaintext blocks is n, the random number F generated in step S1 is added to this plaintext, so the number of ciphertext blocks is (n + 1). Since the ciphertext block number starts from 0 (B ₀ ), the final block number is n.

When the count value i is less than or equal to the final block number n (step T3: YES), the processor 70 reads the next block B _i (initially block B ₁ ) of the ciphertext from the memory 80, and at the time of encryption The bit operation of the same rule is performed to generate a bit string H _i (initially, bit string H ₁ ) and store it in the memory 80 (step T4).

Next, the processor 70 generates the bit string C _i (initially the bit string C ₁ ) by decrypting the i-th block B _i of the ciphertext by the decryption program 82 using the decryption key 81 (step T5).

Next, the processor 70 decodes the bit string C _i (initially C ₁ ) decrypted from the i-th block B _i of the ciphertext and the bit string H _i-1 (initially H ₀ ) stored in the memory 80. Are stored in the memory 40 as plain text A _i (initially A1) obtained by decrypting the logical sum (step T6).

  The processor 70 increments the counter i by 1 (step T7), and returns to step T3.

Thereafter, by repeating the same operation to obtain the bit sequence C _i is decrypted using a decryption key blocks B _i of the ciphertext, and the bit sequence C _i, the block B _i-1 of the ciphertext bit manipulation The process of obtaining a logical sum with the obtained bit string H _i−1 and decrypting it into a plaintext block A _{i + 1} is repeated.

When the processor 70 decrypts the last block _Bn of the ciphertext and decrypts it into the plaintext block _An , it is determined in step T3 that the count value i> the total number of blocks n, and the current decryption flow ends. To do.

Through the above processing, the decrypted plaintext A is stored in the memory 80.
The processor 70 outputs the decrypted plaintext A from the output unit 90 as necessary.

As described above, since the terminal device T1 adds a random value to the head of the plaintext and encrypts it using the cipher block chaining method, even when the same plaintext is encrypted, the result is different every time. It becomes. Therefore, even if the plain text is an ID representing an object such as an individual or a device, it is difficult for a third party to specify the object. Furthermore, by performing the above bit operation, it becomes difficult to estimate the plaintext itself by making the relevance of B _{1 to} B _n difficult to see.

  On the other hand, in the terminal device T2, the portion generated using the random number in the received ciphertext is used for decrypting the subsequent ciphertext, but the value itself is not used. Can successfully decrypt the ciphertext.

  Therefore, according to the cryptographic communication system 10 having the above configuration, the processing load hardly changes compared to the conventional cryptographic block communication method, and a more reliable encryption / decryption method can be obtained.

(Embodiment 2)
In Embodiment 1, in the encryption process, obtains the block B _i of the ciphertext by encrypting the blocks A _i of the plaintext, seeking a bit string H _i subjected to this bit manipulation, the bit string H _i and the plaintext following The process of obtaining the logical sum C _{i + 1} with the block A _{i + 1} and encrypting it with the encryption key 41 to obtain the ciphertext block B _{i + 1} is repeated. However, the invention is not limited to this, without performing the process for performing bit operations on blocks B _i of the ciphertext to obtain the logical sum C _{i + 1} of the ciphertext block B _i and the next block A _{i + 1,} which Can be encrypted by the encryption program 43 using the encryption key 41 to obtain the ciphertext B _{i + 1} . In this case, as shown in FIG. 6, in step S7, an exclusive OR C _i of B _i−1 and A _i is obtained, and steps S4 and S9 are deleted. Similarly, as shown in FIG. 7, in step T6, the bit string C _i and the ciphertext block B _i-1 are exclusive ORed, and steps T1 and T4 are removed.

  In this embodiment, in order to facilitate understanding, a configuration has been described in which plaintext is encrypted by the terminal device T1 and decrypted by the terminal device T2. However, the encryption and decryption are performed by one terminal device. Is also possible.

  The present invention is not limited to encryption used for encrypted communication, and can be used for various encryption / decryption.

Further, in the above embodiment, the terminal device T1 temporarily stores the plaintext to be encrypted in the memory 40, encrypts it, and transmits it to the terminal device T2 after the encryption process is completed. The present invention is not limited to this. For example, when the plaintext block to be encrypted is sequentially supplied from the input unit 20, the terminal device T1 (processor 30) sequentially encrypts the supplied block. You may comprise so that it may become. Further, the terminal device T1 (processor 30), for example, every time a plaintext block is encrypted, via the communication unit 50,
You may comprise so that this may be transmitted to terminal device T2. Similarly, for example, when the plaintext block to be encrypted is sequentially supplied from the input unit 20, for example, the terminal device T2 (processor 70) is configured to sequentially encrypt the supplied block. Also good. Further, for example, the terminal device T1 (processor 30) may be configured to transmit this to the terminal device T2 via the communication unit 50 every time a plaintext block is encrypted.

  As described above, the encryption device and / or decryption device of the present invention is not limited to a dedicated device, and can be realized using a general computer (including a processor). In this case, a computer program (encryption program, decryption program) that executes the above-described processing together with necessary fixed data may be installed and executed on the computer by an appropriate method.

It is a block diagram of the encryption communication system which concerns on embodiment of this invention. It is a flowchart of the encryption process which the terminal device T1 shown in FIG. 1 performs. It is a process diagram of the encryption process which the terminal device T1 shown in FIG. 1 performs. It is a flowchart of the decoding process which the terminal device T2 shown in FIG. 1 performs. It is a process diagram of the decoding process which the terminal device T2 shown in FIG. 1 performs. It is a process diagram of the encryption process which concerns on 2nd Embodiment. It is a process diagram of the decoding process which concerns on 2nd Embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Encryption communication system 20 Input part 30 Processor 40 Memory 50 Communication part 41 Encryption key 42 Initial vector 43 Encryption program 44 Random number program 50 Communication part 60 Communication part 70 Processor 80 Memory 81 Decryption key 82 Decryption program 90 Output part

Claims (7)

By dividing the plaintext to be encrypted into blocks of a predetermined size, operating the data of the next block using the result of the encryption processing of the previous block, and sequentially repeating the process of encrypting the data after the operation, An encryption device for encrypting the plaintext,
Means for generating random numbers to generate first data;
Means for storing predetermined second data;
With
The first data is operated using the second data, and the 0th operation data obtained by encrypting the first data is encrypted to generate the 0th encrypted data. By operating the block data (i is a natural number) using the (i-1) th encrypted data to generate the i-th operation data and encrypting the i-th operation data, repeat the process of generating the encrypted data of i,
An encryption device characterized by that. The encryption device is:
When generating the i-th encrypted data,
A predetermined operation according to the data is performed on the (i-1) th encrypted data, and the data of the ith block is operated using the (i-1) th encrypted data after the operation. , Encrypt the plaintext,
The encryption apparatus according to claim 1, wherein: For ciphertext consisting of 0th to nth (n is a natural number) encrypted data of a predetermined size,
Decrypting the i-th (i is a natural number less than or equal to n) encrypted data to generate the i-th data, and operating the i-th data using the (i-1) -th encrypted data, A decryption device that decrypts the ciphertext by sequentially repeating the process of generating the i-th decrypted data,
When generating the i th decoded data,
A predetermined operation corresponding to the data is performed on the (i-1) -th encrypted data, and the i-th data is operated using the (i-1) -th encrypted data after the operation, Generating i th decoded data,
A decoding device characterized by the above. The first data generated by generating a random number is operated using predetermined second data, and the zeroth operation data obtained by encrypting the first data is encrypted to obtain the zeroth encrypted data. Thereafter, the i-th operation data is generated by manipulating the data of the i-th (i is a natural number) block of the plaintext to be encrypted using the (i-1) -th encrypted data. Repeating the step of generating the i-th encrypted data by encrypting the i-th operation data;
An encryption method characterized by the above. The ciphertext composed of 0th to nth (n is a natural number) encrypted data of a predetermined size is decrypted with the ith (i is a natural number equal to or less than n) encrypted data to generate ith data. Decrypting the ciphertext by sequentially repeating the process of generating the i-th decrypted data by manipulating the i-th data using the (i-1) -th encrypted data A method,
When generating the i th decoded data,
A predetermined operation corresponding to the data is performed on the (i-1) -th encrypted data, and the i-th data is operated using the (i-1) -th encrypted data after the operation, Generating i th decoded data,
A decoding method characterized by the above. On the computer,
The first data generated by generating a random number is operated using predetermined second data, and the zeroth operation data obtained by encrypting the first data is encrypted to obtain the zeroth encrypted data. Generate and
Thereafter, the i-th operation data is generated by operating the data of the i-th (i is a natural number) block of the data to be encrypted using the (i-1) -th encrypted data. A process of repeating the procedure of generating the i-th encrypted data by encrypting the data;
An encryption program characterized in that is executed. On the computer,
Decrypting i-th (i is a natural number equal to or less than n) encrypted data for ciphertext consisting of 0th to n-th (n is a natural number) encrypted data of a predetermined size to generate i-th data; A process of operating the i-th data using the (i-1) -th encrypted data to sequentially generate the i-th decrypted data and decrypting the ciphertext,
When generating the i-th decrypted data, the (i-1) encrypted data is subjected to a predetermined operation according to the data, and the (i-1) encrypted data after the operation is Processing to generate the i-th decoded data by operating the i-th data,
A decryption program characterized by causing

Images