JP2622223B2 - Data spreader - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[Industrial applications]

[0002] The present invention relates to a data spreading device as a core of an encryption system, and more particularly to a data spreading device and a data spreading method which can realize data spreading effectively without using a transposed matrix.

[Prior art]

Conventionally, the most widely used encryption method is DES (“Data Encryption Standard”, FI
PS PUB46, NBS Jan. 1977), and the data diffusion device in this DES is configured by combining substitution and transposition. FIG. 4 is a block diagram schematically showing the function. As shown in FIG.
A data input unit 1 for inputting bit input data R, and expanding the 32-bit input data R by an expansion function E
A 48-bit expansion function operation unit 2, a 48-bit register 3 for the expanded data, a key data input unit 4 for inputting 48-bit key data K, and an expanded input data and key data An exclusive-OR circuit 5 for performing an exclusive-OR operation, and the 48-bit output from the exclusive-OR circuit 5 are replaced with 6-bit blocks each of the substitution functions S1 and S.
2, a substitution function operation unit 6 that converts the data into 4-bit data in accordance with S8 to obtain 32-bit data.
It comprises a transposition function calculation unit 7 for changing the bit position of the 32-bit output according to the transposition function P, and a spread data output unit 8.

[0004] The process of data diffusion will be described below. First, a 32-bit input data R is converted into a 48-bit data E by an expansion function E shown in Table 1 in an expansion function calculator 2.
(R). Output E (R) of enlargement function operation unit 2
Are represented by eight blocks of 6 bits each, and are obtained by selecting the bits in the input blocks according to the order from the top left to the bottom right shown in Table 1. That is, for example, for the first three bits of the output data E (R), the values of the bit positions 32, 1, and 2 of the input data R are selected, and for the last three bits, the bit positions 31, 32, and. A value of 1 is selected. Subsequently, in the exclusive OR circuit 5, the expanded 48-bit data E
An exclusive OR is calculated between (R) and the key data K.

[0005] Next, in the substitution function operation unit 6, from the output of the exclusive OR circuit 5, the substitution functions S1,
According to S2,..., S8, a 32-bit output is obtained. The usage of the substitution function shown in Table 2 will be described using the substitution function S1 as an example. When B is a 6-bit block, the output S
1 (B) is determined as follows. 6-bit block B
Let i be the binary number consisting of the first and last bit in, this is in the range 0-3. If the center 4 bits of block B are a binary number j, this is in the range of 0-15. The output S1 (B) is determined by these binary numbers i and j. That is, the output S1 (B) is the number in the range from 0 to 15 in the i-th row and the j-th column in S1 of Table 2. For example, assuming that the input is 011011, the row is 01 and the column is 1101, that is, since the data of the 13th row and 13th column of the substitution function S1 is 5 from Table 2, 0101 is obtained as the output.

Finally, a transposition function P as shown in Table 3 is applied in the transposition function calculation section 7. That is, the transposition function operation unit 7 converts the data from the substitution function operation unit 6 into the 16th bit from the left by 1 according to the transposition function in Table 3.
Third, output data is generated by replacing the seventh bit with the second,..., And the 25th bit with the 32nd.

[Problems to be solved by the invention]

[0007] In a data spreading apparatus, it is important to use as many kinds of substitution functions as possible from the viewpoint of improving data diffusion efficiency. In the conventional DES, this is realized by selecting four types of substitution functions using two bits at both ends of the input 6 bits. This is a clever method, but has two problems: (1) A change of one bit at the input can only achieve an effect of expanding to about four bits at the output. (2) Because the substitution function is 4-bit to 4-bit conversion, and uses a transposition function of the bit position, many bit operations are required. This greatly hinders speeding up. The above problem (1) is caused by the fact that there is no mutual interference until the blocks of every 6 bits are subjected to the substitution processing and reach the transposition function P. The problem (2) is caused by the fact that this algorithm is not designed for a processing procedure that does not use an 8-bit substitution function and a transposition function P that are effective for processing in byte units. The purpose of the present invention is
An object of the present invention is to solve the above-described problems of the related art. That is, the data diffusion effect can be enhanced without increasing the processing procedure, and the processing speed can be further increased by performing the calculation in byte units.

[Means for Solving the Problems]

[0008]

A data spreading device according to the present invention is a data spreading device in a block cipher device having an involution structure, wherein 16-bit input data is converted into two blocks having the same data length (8 bits). And data of two blocks divided by the dividing means, key data, and data of parameters, which are subjected to a fusion substitution process on the data of the two blocks and output. Means for inputting and combining data of two blocks of the same length output from the fusion substituting means, and outputting new spread data having the same length as the input data length. The substitution means receives the data of one block and the data of the key, performs an operation, fuses these data, and inputs the data. First data generating means for generating data of a new block having the same length as the block data, data of the other block, output data of the first data generating means, and parameter data are input. A second fusion unit for generating a new block of data having the same length as the input block data, and performing a substitution process on the output data of the second fusion unit. the substitution means for generating data of a new block of data in the same length of the block is input, it comprises a plurality of sets, the data of one block is Oite the input before the set, first in the next set 2 as the data of the other block input to the fusing means, and the data of the block output from the substitution means in the previous set as the data of one block in the next set. Was carried out over a plurality of sets, the influence of the data of all the blocks divided the processing result is achieved by a data diffusion apparatus characterized by a what is exerted. Further, the first fusing means includes means for performing an exclusive OR operation between the input data, and the second fusing means includes an operation means for performing an addition and remainder operation between the input data. The substitution means includes means for performing a bit rotation operation on the data of the block, and the substitution means is constituted by a substitution table for referring to the data of the block by using an address.

[0009]

According to the present invention, as described above, in each fusion processing step of a plurality of blocks to be processed, a fusion means for introducing and fusing data from another block or parameter is provided. Since the data of each block is configured to be generated under the influence of the data of all the input blocks, the transposition function P can be made unnecessary, and compared with a conventional DES data diffusion device. The diffusion efficiency is high, the configuration is simple, and the processing can be speeded up. Also, fusion processing
By performing the substitution processing on a block (byte) basis, the bit processing is minimized, so that the processing speed is further remarkable.

FIG. 1 is a diagram for explaining an embodiment of the present invention, and shows a schematic structure of a data spreading device for obtaining 32-bit spread output data from 32-bit input data. In FIG. 1, R is a 32-bit input data block, R0 to R3 are four data blocks of 8 bits (1 byte) obtained by dividing the input data R, K0 and K.
1 is a 1-byte parameter, XOR is an exclusive OR circuit, and S is a fusion substitution function operation unit for fusing and converting two input data blocks to obtain one data block. The operation of the data spreading device according to the present embodiment configured as shown in FIG. 1 will be described. First, a 32-bit input data block R is composed of 1-byte processing blocks R0 and R.
1, R2 and R3. Each processing block is processed sequentially according to the processing procedure described below, and is finally output as 32 bits. “=” In the following expression indicates that the right side is newly calculated as the left side data after the operation. <Processing Procedure> Step 1: R1 = R1 XOR K0 XOR R0 Step 2: R2 = R2 XOR K1 XOR R3 Here, XOR indicates an exclusive OR operation. Subsequently, Step 3: R1 = S (R1, R2, 1) Step 4: R2 = S (R2, R1, 0) Step 5: R0 = S (R0, R1, 0) Step 6: R3 = S (R3 , R2, 1) where S (a, b, δ) (where δ = 0 or 1) is
Represents the function of continuously performing the fusion means and the substitution means. S will be described later in detail. After this processing procedure, R0, R
1, R2 and R3 are combined to form an output block. As can be seen from the structure of FIG. 1, each output block is generated under the influence of all the input blocks. That is, it is possible to obtain an effect that the output changes by an average of 11 bits with respect to a change of one bit of the input data. This improvement is remarkable compared to the prior art in which only about 4 bits of diffusion were obtained. In addition, the bit position transposition function P is not required to extend this diffusion effect between the processing blocks. In the present embodiment, the transposition function P is obtained by performing the fusion processing and the substitution processing while causing each block to interfere with each other, that is, by directly or indirectly calculating the data of all the other blocks at least once. It achieves a data diffusion effect that greatly exceeds the conventional technology without using it. The mutual interference between the processing blocks is caused by an exclusive OR circuit XOR as shown in FIG.
And, it is realized in the form of input to the fusion substitution function operation unit S.

[0011] Regarding a configuration example of the fusion substitution function operation unit S,
This will be described below. When data a and b are input, S
(A, b, δ) is given by the following equation. S (a, b, δ)
= ｛(A + b + δ) mod256｝ ro12 where a and b are S inputs, δ is a constant of 0 or 1, S input, x mod
y is an operation for obtaining a remainder generated by dividing x by y, and x rol y is an operation for rotating x to the left by the numerical value shown in y. Hereinafter, S (a, b, δ) is simply referred to as S (x). Where x is (a + b + δ)
mod256 In general, xmod256 can be easily realized by assigning a numerical value to an 8-bit register of a microprocessor.
Further, as shown in FIG. 2, the fusion substitution function operation unit is implemented by a combination of an adder ADD as fusion means and a cyclic shift register as substitution means. Also, of the fusion substitution function calculation unit, the substitution processing can be configured using a substitution table. That is, when programming in a high-level language, for example, S (x) (x = 0
511) [However, it is effective to prepare the value of a + b + δ) mod 256 as a substitution table in advance.
If a method of preparing a substitution table is used, a plurality of substitution functions other than the bit rotation method described above can be used. For example, the substitution table shown in Table 4 includes upper left S (0) to upper right S (15) and second left S (1).
6) to values from the right S (31) to the lower right S (255). This substitution table has two different 0-25
5 and the reference values 00 and 01 of the substitution table corresponding to the respective inputs, the former Hamming distances H10, 11 and the latter Hamming distances H00, 0
The relationship shown in Table 5 occurs between 1 and 1. A substitution table that can be generated by applying the same 8-bit transposed matrix T to each element of the substitution table and adding a constant A by an exclusive OR circuit has the same properties. In general, this type of substitution table uses a transpose matrix T and a constant A, and for input X, TX + A when the number of X bits is even, and TＴX + A (〜X is X Are obtained by setting the bit inverted values of the above) as the respective values. In any case, the substitution table that inputs the sum of 1-byte data of 0 to 255 and outputs 1-byte data is a two-sided table of the same type that substitutes any value of 0 to 255. By continuously preparing, input of 0 to 511 can be replaced with 1 byte data of 0 to 255. That is, in S (a + b),
It is assumed that b plays a role of shifting the start address of the substitution table for substituting a by b. mod256
Is used, the substitution table may be one.

The above-described embodiment of the present invention can be realized with a dynamic step of 1/10 or less and uses a small amount of memory as compared with the conventional DES data diffusion apparatus. , It is possible to obtain a data diffusion effect that is twice or more. Further, in the above embodiment, the unit of the substitution and other processing is 8 bits (1 byte). However, the data terminals, personal computers, etc., which are now widely used, use an 8-bit, 16-bit CPU. Because it is something. In the future, as the technology advances, if the mainstream shifts from 16 bits to 32 bits, the technology of the present invention can easily cope with this. That is, the unit of substitution and other processing is 16 bits (2 bytes)
To In this case, the structure of the embodiment shown in FIG. 1 is not changed, but 256 in the fusion substitution function S is replaced by 65536. The fusion substitution function S is as follows. S (a) = (a mod 65536) rol 2 In principle, the processing unit can be set arbitrarily. In addition to the two-input substitution processing shown in the present embodiment, it is also possible to use a three-person input or a combination of these and a bypass by exclusive OR.

[0013]

In the above embodiment, the spreading process is performed on a 32-bit input.
FIG. 3 shows the case of bit input. First, 16
The bit input block R is divided into 1-byte processing blocks R0 and R1. Each processing block is processed according to the following processing procedure, and finally outputs 16 bits. K0 and K1 are parameter data. <Processing Procedure> Step 1: R1 = S (R1, R0 XOR K0, 1) Step 2: R0 = S (R0, R1 XOR K1, 0) Here, XOR indicates an exclusive OR operation. Arithmetic symbols,
The function S and the like are the same as in the embodiment of FIG.

[Table 1]

[0014]

[Table 2]

[0015]

[Table 3]

[0016]

[Table 4]

[0017]

[Table 5]

[0018]

【The invention's effect】

[0019]

According to the present invention, as described in detail above, when a plurality of blocks to be processed are fused, data from another block is merged at least once with data from the own block. Is completed, each block is configured to be generated under the influence of all the input blocks, so that the transposition function P can be made unnecessary, and the data diffusion device in the conventional DES can be used. Compared with this, the configuration is simpler and the processing can be speeded up. The DES encryption data spreading method shown in FIG.
The length of the block is 4 bits, 6 bits, 32 bits, 48 bits
However, while there are multiple
Both the operation used and the operation used in the substitution method are the same data.
Since the operation is only between blocks of data length, the bit processing
The arithmetic operation is performed using the IC card firmware (IC card program).
ROMs) and personal computers
Significant speed improvement in any software processing
Is effective.

[Brief description of the drawings]

FIG. 1 is a basic block diagram of a first embodiment of the present invention.

FIG. 2 is a diagram showing a first embodiment of the present invention.

FIG. 3 is a diagram schematically showing the configuration of a second embodiment of the present invention.

FIG. 4 is a diagram schematically showing a configuration of a data spreading device in DES as a conventional technique.

[Explanation of symbols]

 R: Input data blocks R0 to R3: Blocks of first to fourth bytes from the left K: Key data K0, K1: Key block of 1 byte each S: Fusion substituting function operation unit XOR: Exclusive Logical OR circuit ADD: Adder ROL: 2-bit left circular register

 ──────────────────────────────────────────────────続 き Continuation of the front page (56) References JP-B-3-33269 (JP, B2) IEICE Transactions D, J70-D [7] (1987), FEAL, P.E. 1413-1423

Claims (5)

(57) [Claims] 1. A data spreading device in a block encryption device having an involution structure, comprising: one dividing means for dividing 16-bit input data into two blocks having the same data length (8 bits); Fusion substituting means for inputting data of two divided blocks, key data, and parameter data, performing fusion substituting processing on the data of the two blocks, and outputting the data; And one combining means for inputting and combining data of two blocks having the same length and outputting new spread data having the same length as the input data length. And the data of
An arithmetic operation is performed to fuse these data to generate a new block of data having the same length as the input block data. Second fusion means for receiving output data and parameter data, performing an operation, fusing these data, and generating new block data having the same length as the input block data; subjected to substitution process on the output data of the second fusion means, a substitution means for generating data of a new block of data in the same length of the block is input, it comprises a plurality of sets, Oite the input before the set the data of one block is, as the other blocks of data input to the second fusion means in the next set, the data of the blocks output from the substitution section in the previous set Data diffusion, characterized in that the fused substitution processing is performed over a plurality of sets as data of one block in the next set, and the processing result is assumed to be influenced by the data of all divided blocks. apparatus. 2. The data spreading apparatus according to claim 1, wherein said first fusing means includes means for performing an exclusive OR operation between input data. 3. The data spreading apparatus according to claim 1, wherein said second fusion means includes an arithmetic means for performing addition and remainder operations between input data. 4. The data spreading apparatus according to claim 1, wherein said substitution means includes means for performing a bit rotation operation on the data of the block. 5. The data spreading device according to claim 1, wherein said substitution means is constituted by a substitution table which refers to block data as an address.