JP2587423B2 - Cryptographic processing unit - Google Patents
Cryptographic processing unitInfo
- Publication number
- JP2587423B2 JP2587423B2 JP62114244A JP11424487A JP2587423B2 JP 2587423 B2 JP2587423 B2 JP 2587423B2 JP 62114244 A JP62114244 A JP 62114244A JP 11424487 A JP11424487 A JP 11424487A JP 2587423 B2 JP2587423 B2 JP 2587423B2
- Authority
- JP
- Japan
- Prior art keywords
- processing
- encryption
- stages
- decryption
- plaintext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Description
【発明の詳細な説明】 [産業上の利用分野] 本発明は、情報処理装置に適する暗号処理装置に関す
る。特に、暗号化処理段数を可変にして柔軟な暗号化を
行えるようにした慣用系暗号器の可変型の暗号処理装置
に関する。Description: TECHNICAL FIELD The present invention relates to a cryptographic processing device suitable for an information processing device. In particular, the present invention relates to a variable type cryptographic processing device of a conventional type cryptographic device which can perform flexible encryption by changing the number of encryption processing stages.
[概要] 本発明は情報処理装置に適する暗号処理装置におい
て、暗号用キーに暗号処理の段数の情報を含ませ、この
情報を解読し、解読した処理段数に対応する暗号処理ブ
ロックを選択することにより、情報処理装置の扱うデー
タ量と機密性とに見合った暗号強度および暗号処理性能
を柔軟に設定できるようにしたものである。[Summary] The present invention provides a cryptographic processing apparatus suitable for an information processing apparatus, in which information on the number of stages of encryption processing is included in an encryption key, the information is decrypted, and an encryption processing block corresponding to the number of decrypted processing steps is selected. Thus, it is possible to flexibly set the encryption strength and the encryption processing performance according to the amount of data handled by the information processing apparatus and the confidentiality.
[従来の技術] 従来、暗号処理方式は、n個の暗号処理ブロックでn
回の暗号化処理を行うことによってその暗号強度を保つ
ようになされていた。このような従来の暗号処理方式と
しては米国のエフ・アイ・ピー・エス(FIPS,Federal I
nformation Processing Standards)の設定したデータ
暗号規格(Date Encryption Standard方式、以下、DES
方式と云う。)がある(FIPS Publication 46)。[Prior Art] Conventionally, an encryption processing method is composed of n encryption processing blocks and n encryption processing blocks.
The encryption strength is maintained by performing the encryption process twice. As such a conventional cryptographic processing method, US FIPS (FIPS, Federal I
Data Encryption Standard (Date Encryption Standard, hereinafter DES)
It is called a method. ) (FIPS Publication 46).
このDESについては、岩波書店発行 岩波講座 情報
科学−4 情報と符号の理論 1985年 頁223〜227 宮
川洋他に概要が記載されている。The outline of this DES is described in Iwanami Shoten Publishing Co., Ltd. Iwanami Course Information Science-4 Information and Coding Theory 1985 pp. 223-227 Hiroshi Miyagawa et al.
[発明が解決しようとする問題点] しかし、このような従来の暗号処理方式では、暗号処
理自体が公開され、大規模集積回路化され市販される等
暗号の普及に有利であるが、暗号の強度を保つことに専
念するあまり暗号化処理を組込んだ情報処理装置では以
下に示すような欠点があった。すなわち、 大量のデータを処理する必要のあるデータ処理、た
とえば磁気テープファイルを用いたデータ交換などに適
用すると多段式の暗号処理(DES方式では16段)では暗
号化に費やす時間が多くかかるために全体の処理時間が
長くなりすぎる、 情報の持つ秘匿価値が短期間に減少するような情報
(たとえば新聞など発表する前の企業の決算報告等)を
同一情報処理装置で暗号化する場合でも重要機密に対す
ると同様に解読に何年もかかるような暗号強度を保つよ
うにしか暗号化できないために、不要な暗号化処理時間
を費やすことになる、 などの欠点があった。[Problems to be Solved by the Invention] However, in such a conventional cryptographic processing method, the cryptographic processing itself is disclosed, and it is advantageous for the spread of cryptography such as being integrated into a large-scale integrated circuit and commercially available. An information processing apparatus that incorporates an encryption process that focuses on maintaining strength has the following disadvantages. In other words, when applied to data processing that needs to process a large amount of data, for example, data exchange using a magnetic tape file, multi-stage encryption processing (16 stages in the DES method) takes a lot of time to encrypt. Even if the entire information processing time is too long, or the information that reduces the confidential value of the information in a short period of time (for example, a financial report of a company before publication, such as a newspaper) is encrypted with the same information processing device, important confidentiality is maintained. In the same way as with, encryption can be performed only to maintain encryption strength that takes years to decrypt, so that unnecessary encryption processing time is wasted.
本発明は上記の欠点を解決するもので、情報処理装置
の扱うデータ量と機密性とに見合った暗号強度および暗
号化処理速度を柔軟に設定できる暗号処理装置を提供す
ることを目的とする。SUMMARY OF THE INVENTION An object of the present invention is to solve the above-mentioned drawbacks, and an object of the present invention is to provide an encryption processing device capable of flexibly setting an encryption strength and an encryption processing speed according to the amount of data handled by an information processing device and confidentiality.
[問題点を解決するための手段] 本発明は、複数のキーをそれぞれ入力し、平文を暗号
化して暗号文とする、または暗号文を復号化して平文と
する処理を行う複数の処理ブロックと、暗号化処理の段
数を示す情報を含む暗号用キーを入力し、該情報から暗
号化処理の段数を得る処理段数解読回路と、暗号化時に
は、暗号化処理の対象となる平文を入力し、前記処理段
数解読回路から暗号化処理の段数を得て、該平文が該段
数分の前記処理ブロックにより順次暗号化されるように
回路を接続するとともに、復号化時には、復号化の対象
となる暗号分を入力し、前記処理段数解読回路から暗号
化処理の段数を得て復号化処理の段数とし、該暗号文が
該段数分の前記処理ブロックにより順次復号化されるよ
うに回路を接続する処理段数切換器と、前記暗号用キー
を入力して前記複数のキーを作成し、暗号化時には、該
複数のキーを、それぞれ対応する前記処理ブロックに順
次供給し、復号化時には、該複数のキーを暗号化時とは
逆の順番で前記処理ブロックに順次供給するキー供給回
路とを備えたことを特徴とする。[Means for Solving the Problems] The present invention relates to a plurality of processing blocks for inputting a plurality of keys and encrypting a plaintext to form a ciphertext, or performing a process of decoding a ciphertext to form a plaintext. Inputting an encryption key including information indicating the number of stages of encryption processing, and inputting a processing stage number decryption circuit for obtaining the number of stages of encryption processing from the information, and at the time of encryption, inputting a plaintext to be subjected to encryption processing; The number of encryption processing stages is obtained from the processing stage number decryption circuit, and circuits are connected so that the plaintext is sequentially encrypted by the processing blocks corresponding to the number of stages, and at the time of decryption, the encryption target to be decrypted is decrypted. A process of inputting the minutes and obtaining the number of stages of encryption processing from the processing stage number decryption circuit to obtain the number of stages of decryption processing, and connecting the circuits so that the ciphertext is sequentially decrypted by the processing blocks corresponding to the number of stages. Stage number switcher and front A plurality of keys are created by inputting the encryption key, and during encryption, the plurality of keys are sequentially supplied to the corresponding processing blocks. And a key supply circuit for sequentially supplying the processing blocks to the processing block in reverse order.
[作用] 暗号用キーに含まれた暗号処理を行う段数を示す情報
を処理段数解読回路で解読して処理段数を出力する。処
理段数切換手段でこの処理段数に基づいて暗号処理を行
う暗号処理ブロックを選択する。以上の動作により情報
処理装置の扱うデータ量と機密性とに見合った暗号強度
および暗号化処理性能を柔軟に設定できる。[Operation] Information indicating the number of stages for performing the encryption process included in the encryption key is decrypted by the processing stage number decryption circuit, and the number of processing stages is output. The number of processing stages switching means selects an encryption processing block for performing encryption processing based on the number of processing stages. By the above operation, the encryption strength and the encryption processing performance can be flexibly set according to the data amount and confidentiality handled by the information processing apparatus.
[実施例] 本発明の実施例について図面を参照して説明する。第
1図は本発明の一実施例である暗号処理装置のブロック
構成図である。第1図において、暗号処理装置は、図外
から暗号用キーを入力する入力端子Aと、入力端子Aか
ら暗号用キーを入力し所定の規則に従ってn個の異なる
キーK1〜Knを作成し暗号化時と復号化時とでは順序を逆
にして出力するキー供給回路1と、キー供給回路1から
キーK1〜Knを入力して暗号化または復号化の処理を行う
継続接続された暗号処理ブロック2 1〜2nとを備える。Example An example of the present invention will be described with reference to the drawings. FIG. 1 is a block diagram of a cryptographic processing apparatus according to one embodiment of the present invention. In FIG. 1, a cryptographic processing apparatus includes an input terminal A for inputting an encryption key from outside the figure, and an encryption key input from the input terminal A, and generates n different keys K1 to Kn according to a predetermined rule to perform encryption. A key supply circuit 1 that outputs the keys in reverse order during encryption and decryption, and a continuously connected encryption processing block that inputs keys K1 to Kn from the key supply circuit 1 and performs encryption or decryption processing 2 1-2n.
また、暗号処理装置は、図外から入力する暗号用キー
は暗号化または復号化する処理段数を示す情報が含ま
れ、この情報を解読する処理段数解読回路3と、図外か
ら平文または暗号文を入力する入力端子Bと、入力端子
Bから平文または暗号文を入力し、処理段数解読回路3
から暗号化時には処理段数xまたは復号化時には復号化
であることを入力して内部スイッチを切り換える(復号
化時は端子a)暗号処理段数切換器4と、暗号処理段数
切換器4の出力を処理段数xの暗号処理ブロック2を経
由するように与える分割回路5と、暗号化または復号化
処理されたデータを受ける併合回路6と、処理段数解読
回路3から暗号化時には暗号化であることまたは復号化
時には処理段数xを入力して内部スイッチを切り換えて
(暗号化時には端子b)併合回路6の出力を入力する復
号処理段数切換器7と、復号処理段数切換器7の出力を
入力して図外に出力する出力端子Cを備える。Further, the cryptographic processing device includes an encryption key input from outside the drawing including information indicating the number of processing stages to be encrypted or decrypted, a processing stage number decoding circuit 3 for decoding this information, and a plaintext or ciphertext from outside the drawing. Input terminal B, and a plaintext or ciphertext is input from the input terminal B, and the processing stage number decoding circuit 3
The internal switch is switched by inputting the number of processing stages x for encryption or the decryption for decryption (terminal a at the time of decryption) to process the output of the encryption processing stage number switching device 4 and the output of the encryption processing stage number switching device 4 A dividing circuit 5 for passing the data through the cryptographic processing block 2 having the number of stages x, a merging circuit 6 for receiving data that has been subjected to encryption or decryption processing, and a decryption circuit 3 for determining whether or not the data is encrypted at the time of encryption. The number of processing stages x is input at the time of encryption, and the internal switch is switched (terminal b at the time of encryption) to input the output of the merging circuit 6 and the output of the decryption stage number switch 7 is input. An output terminal C for outputting to the outside is provided.
このような構成の暗号処理装置の動作について説明す
る。第1図において、まず暗号用キーを決める。次に、
この実施例では暗号用キーに暗号化の処理段数の情報を
含ませる。すなわち、暗号用キーの作り方は例えば従来
のように乱数を発生させて暗号用キー(たとえばDES方
式では56ビット)を得た後にその先頭mビットで処理段
数を示すように先頭mビットを変更する公知な方法を用
いる。第1図では、上記暗号用キーの先頭mビットに処
理段数を示す方法を用いた場合で説明する。The operation of the cryptographic processing device having such a configuration will be described. In FIG. 1, an encryption key is determined first. next,
In this embodiment, the encryption key includes information on the number of encryption stages. That is, as for the method of creating an encryption key, for example, a random number is generated as in the conventional technique, and an encryption key (for example, 56 bits in the DES method) is obtained, and then the first m bits are changed so that the first m bits indicate the number of processing stages. A known method is used. FIG. 1 illustrates a case where a method of indicating the number of processing stages in the first m bits of the encryption key is used.
まず入力端子Aから暗号用キーを入力しまた入力端子
Bから平文を入力する。処理段数解読回路3は、暗号用
キーの先頭mビットを解読し処理段数xを得た後に、暗
号処理段数切換器4に処理段数xを通知する。また復号
処理段数切換器7に暗号化であることを通知する。暗号
処理段数切換器4は処理段数xに従って内部スイッチを
切り換え、平文がx段文のブロックを通過して暗号化さ
れるように回路を持続する。また復号処理段数切換器7
は暗号化である旨の指示に従って暗号処理ブロック2nの
出力を得るように回路を接続する。First, an encryption key is input from the input terminal A, and plaintext is input from the input terminal B. The processing stage number decryption circuit 3 decodes the first m bits of the encryption key to obtain the processing stage number x, and then notifies the encryption processing stage number switch 4 of the processing stage number x. Further, it notifies the decryption processing stage number switch 7 that the encryption is performed. The encryption processing stage number switch 4 switches the internal switch according to the processing stage number x, and maintains the circuit so that the plaintext passes through the block of the x-stage sentence and is encrypted. Decoding processing stage number switch 7
Connects a circuit so as to obtain the output of the encryption processing block 2n according to the instruction of encryption.
第1図では x=n−1 の場合を示しており、平文はキー供給器1によって得ら
れたキーK2に従って暗号処理ブロック2 2で暗号化さ
れ、次にキーK3に従って暗号処理ブロック2 3で暗号化
され、以後同様にキーKnに従って暗号処理ブロック2nに
よって暗号化されて暗号文となり、端子bを経て出力端
子Cから出力される。すなわち、平文は暗号用キーの先
頭mビットに格納された処理段数xだけ暗号化処理を受
ける。FIG. 1 shows the case where x = n-1, where the plaintext is encrypted in a cryptographic processing block 22 according to the key K2 obtained by the key supplier 1 and then in a cryptographic processing block 23 according to the key K3. The data is encrypted and thereafter similarly encrypted by the encryption processing block 2n according to the key Kn to become a ciphertext, which is output from the output terminal C via the terminal b. That is, the plaintext is subjected to encryption processing for the number of processing stages x stored in the first m bits of the encryption key.
次に、暗号文を平文に戻す復号化処理では、上記暗号
化時に与えた暗号用キーと同じものを入力端子Aから入
力し、また暗号文を入力端子Bから入力する。処理段数
解読回路3は暗号用キーの先頭mビットより処理段数x
を得た後に復号処理段数切換器7に処理段数xを通知す
る。また、暗号処理段数切換器4には復号化であること
を通知する。復号処理段数切換器7は処理段数xに従っ
て内部スイッチを切り換え、暗号文がx段分の暗号処理
ブロック2を通過して復号化されるように、また暗号処
理段数切換器4は、復号化である旨の指示に従って暗号
処理ブロック2 1に入力を与えるように各々回路を接続
する。上述のようにして得た暗号文を復号化する場合に
は、入力端子Bからの入力は端子aを通って暗号処理ブ
ロック2 1へ流れ、出力端子Cへの出力は暗号処理ブロ
ック2Xから流れるように接続される。Next, in the decryption process for returning the cipher text to plain text, the same encryption key given at the time of encryption is input from the input terminal A, and the cipher text is input from the input terminal B. The processing stage number decoding circuit 3 calculates the processing stage number x from the first m bits of the encryption key.
After that, the number of processing stages x is notified to the decoding stage number switch 7. Further, the encryption processing stage number switch 4 is notified that the decryption is performed. The number-of-decryption-stages switch 7 switches the internal switch according to the number of processing stages x so that the ciphertext passes through the x-stage encryption processing blocks 2 and is decrypted. Each circuit is connected so as to provide an input to the cryptographic processing block 21 in accordance with an instruction to that effect. When decrypting the ciphertext obtained as described above, the input from the input terminal B flows to the cryptographic processing block 21 through the terminal a, and the output to the output terminal C flows from the cryptographic processing block 2X. Connected.
暗号文はキー供給器1によって逆順に与えられたキー
Knに従って暗号処理ブロック2 1で復号化され、次にキ
ーKn−1に従って暗号処理ブロック2 2でさらに復号化
され、以後同様にキーK2に従って暗号処理ブロック2n−
1で復号化されて平文となり出力端子Cから出力され
る。すなわち、平文は暗号用キーの先頭mビットに格納
された処理段数xだけ復号化処理を受ける。The ciphertext is the key given in reverse order by the key supplier 1.
According to Kn, the data is decrypted in the cryptographic processing block 21 and then in the cryptographic processing block 22 in accordance with the key Kn-1.
1 is decrypted into plaintext, which is output from the output terminal C. That is, the plaintext undergoes decryption processing for the number of processing stages x stored in the first m bits of the encryption key.
上述のように、本実施例は暗号処理段数を多くすれば
処理性能は遅いが暗号強度は強いものが得られるので、
特に重要な少量の情報の暗号化に適しており、また暗号
処理段数を少なくすれば暗号強度は弱いが処理性能が速
いので秘匿期間があまり長くなく大量の情報の暗号化に
適した暗号処理を実現することができる。As described above, in this embodiment, if the number of encryption processing stages is increased, processing performance is slow but encryption strength is strong.
It is particularly suitable for encrypting a small amount of important information, and if the number of encryption processing steps is reduced, the encryption strength is weak but the processing performance is fast. Can be realized.
[発明の効果] 以上説明したように、本発明は、暗号用キーに暗号処
理段数の情報を含ませ、この情報を処理段数解読回路で
読み取って暗号化処理および復号化処理の段数を制御す
ることにより、情報処理装置が扱うデータの量と機密性
とに見合った暗号強度および暗号処理性能を柔軟に設定
できる優れた効果がある。[Effects of the Invention] As described above, according to the present invention, information on the number of encryption processing stages is included in an encryption key, and this information is read by a processing stage number decryption circuit to control the number of encryption and decryption processes. As a result, there is an excellent effect that the encryption strength and the encryption processing performance can be flexibly set according to the amount of data handled by the information processing apparatus and the confidentiality.
第1図は、本発明の一実施例である暗号処理装置のブロ
ック構成図である。 1……キー供給回路、2 1〜2n……暗号処理ブロック、
3……処理段数解読回路、4……暗号処理段数切換器、
5……分割回路、6……併合回路、7……復号処理段数
切換器、A、B……入力端子、C……出力端子、K1〜Kn
……キー、a、b……端子、x……処理段数。FIG. 1 is a block diagram of a cryptographic processing apparatus according to one embodiment of the present invention. 1 ... key supply circuit, 21-2n ... encryption processing block,
3... Processing stage number decryption circuit, 4... Encryption processing stage number switcher,
5 split circuit, 6 merge circuit, 7 decoding processing stage number switch, A, B ... input terminal, C ... output terminal, K1 to Kn
... Keys, a, b... Terminals, x.
Claims (1)
化して暗号文とする、または暗号文を復号化して平文と
する処理を行う複数の処理ブロックと、 暗号化処理の段数を示す情報を含む暗号用キーを入力
し、該情報から暗号化処理の段数を得る処理段数解読回
路と、 暗号化時には、暗号化処理の対象となる平文を入力し、
前記処理段数解読回路から暗号化処理の段数を得て、該
平文が該段数分の前記処理ブロックにより順次暗号化さ
れるように回路を接続するとともに、復号化時には、復
号化の対象となる暗号分を入力し、前記処理段数解読回
路から暗号化処理の段数を得て復号化処理の段数とし、
該暗号文が該段数分の前記処理ブロックにより順次復号
化されるように回路を接続する処理段数切換器と、 前記暗号用キーを入力して前記複数のキーを作成し、暗
号化時には、該複数のキーを、それぞれ対応する前記処
理ブロックに順次供給し、復号化時には、該複数のキー
を暗号化時とは逆の順番で前記処理ブロックに順次供給
するキー供給回路とを備えたことを特徴とする暗号処理
装置。1. A plurality of processing blocks for inputting a plurality of keys and encrypting a plaintext to form a ciphertext, or performing a process of decrypting a ciphertext to form a plaintext, and information indicating the number of stages of the encryption process. And a processing stage number decryption circuit for obtaining the number of stages of encryption processing from the information, and at the time of encryption, a plaintext to be encrypted is input,
The number of encryption processing stages is obtained from the processing stage number decryption circuit, and circuits are connected so that the plaintext is sequentially encrypted by the processing blocks corresponding to the number of stages. Minutes, and the number of stages of the encryption process is obtained from the number of stages of decryption circuit and the number of stages of the decryption process,
A processing stage number switch for connecting circuits so that the ciphertext is sequentially decrypted by the processing blocks for the number of stages; and inputting the encryption key to create the plurality of keys. A key supply circuit for sequentially supplying a plurality of keys to the corresponding processing blocks, and for sequentially supplying the plurality of keys to the processing block in a reverse order to the decryption at the time of decryption. Characteristic cryptographic processing device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP62114244A JP2587423B2 (en) | 1987-05-11 | 1987-05-11 | Cryptographic processing unit |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP62114244A JP2587423B2 (en) | 1987-05-11 | 1987-05-11 | Cryptographic processing unit |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| JPS63279289A JPS63279289A (en) | 1988-11-16 |
| JP2587423B2 true JP2587423B2 (en) | 1997-03-05 |
Family
ID=14632894
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP62114244A Expired - Lifetime JP2587423B2 (en) | 1987-05-11 | 1987-05-11 | Cryptographic processing unit |
Country Status (1)
| Country | Link |
|---|---|
| JP (1) | JP2587423B2 (en) |
-
1987
- 1987-05-11 JP JP62114244A patent/JP2587423B2/en not_active Expired - Lifetime
Also Published As
| Publication number | Publication date |
|---|---|
| JPS63279289A (en) | 1988-11-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5673319A (en) | Block cipher mode of operation for secure, length-preserving encryption | |
| AU767323B2 (en) | Block encryption device using auxiliary conversion | |
| EP1063811B1 (en) | Cryptographic apparatus and method | |
| GB1526652A (en) | Method and apparatus for enciphering an input message | |
| TW375721B (en) | DES chip processor capable of executing data encryption standard (DES) operation | |
| JP2628660B2 (en) | Encryption / decryption method and apparatus | |
| US6732271B1 (en) | Method of deciphering ciphered data and apparatus for same | |
| JP2587423B2 (en) | Cryptographic processing unit | |
| JP3547474B2 (en) | Cryptographic operation circuit | |
| JPH10173646A (en) | Ciphering assisting method, decoding assisting method and device using them | |
| KR100362170B1 (en) | Apparatus of encryption for round key generating and encryption processing | |
| JP2001177518A (en) | Enciphering method, and decoding method and device | |
| JP4287397B2 (en) | Ciphertext generation apparatus, ciphertext decryption apparatus, ciphertext generation program, and ciphertext decryption program | |
| JP2002510058A (en) | Method for cryptographic conversion of binary data blocks | |
| Kwan et al. | A general purpose technique for locating key scheduling weaknesses in DES-like cryptosystems | |
| JP2000075785A (en) | High-speed cipher processing circuit and processing method | |
| JPH027080A (en) | Variable enciphering device | |
| JPH01234883A (en) | Variable enciphering process control system | |
| KR100494560B1 (en) | Real time block data encryption/decryption processor using Rijndael block cipher and method therefor | |
| JPH0895490A (en) | Confidential key ciphering method and device | |
| JPH10153954A (en) | Ciphering device | |
| KR100546777B1 (en) | Apparatus and method for SEED Encryption/Decryption, and F function processor therefor | |
| JP2001175167A (en) | Ciphering method, deciphering method, and device therefor | |
| JP2834450B2 (en) | Encryption device | |
| JPS59167147A (en) | Ciphering device |