JP3164347B2 - IC tag - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

TECHNICAL FIELD OF THE INVENTION

The present invention relates to an IC tag and a communication device used in an encryption method used for protecting data transmitted in a computer network system.

[0002]

[Prior art]

The encryption technology prevents information from being stolen or leaked by an attacker, and enables reliable communication based on mutual authentication. In a large-scale distributed information communication network system that will arrive in earnest, the development and spread of such encryption technology is indispensable in order to protect information.

[0003] Encryption methods are roughly classified into a common key method (common key method) and a public key method. In the conventional key method, the encryption key and the decryption key are common. In the public key method, the encryption key and the decryption key are different, and the encryption key is made public.

[0004] Various types of encryption methods have been proposed. Practical codes are DES (Data Encryption Standard) and FEA,
There is L (Fast Data Encipherment Algolism) method, and in public key encryption method, RSA (Rivest Shamir Adlem
an) There is a method.

[0005] In the DES method and the FEAL method, encryption is performed by an algorithm that performs strong encryption. In such a strong encryption method, it can be said that the relationship between the input plaintext and the output ciphertext and the relationship between the key and the output ciphertext are randomly established. Such a relationship can be expressed as f (p, K) = Rand (p, K), where the input plaintext is p and the key is K.

Further, in such a strong encryption method, the bit change height of the output ciphertext with respect to the bit change height of the input plaintext and the bit change height of the output ciphertext with respect to the bit change height of the key are random. And f (Δp, ΔK) = Rand (Δp, ΔK).

In general, such an encryption algorithm has an involution structure. The involution structure is a structure where f = f ⁻¹ holds when c = f (p) and p = f ⁻¹ (c). In the case of having an involution structure, encryption and decryption can be performed by the same processing process. The algorithm that takes the EX-OR (the algorithm that performs addition of mod2) is a simple example of an involution structure.

As described above, various encryption schemes have been proposed. In order to ensure reliability and to share hardware, standardization of an encryption method is being studied.

However, due to the development of computer technology such as the development of a massively parallel processing computer, the above-mentioned conventional encryption method has not been sufficiently secure. This is one obstacle in standardizing the encryption method.

That is, one barometer of the strength of encryption is the key bit length. In other words, the longer the bit length of the key, the lower the risk of being broken by exhaustion.
Therefore, the encryption strength can be increased by increasing the bit length of the key.

However, when the number of bits of the key increases, the processing becomes complicated and cost performance deteriorates. As an appropriate compromise, the bit length is conventionally 64 bits in the DES and FEAL systems.

[0012] In such a case, for example, in the DES method, in order to decrypt the encrypted with lice look crushed, there is a need for operation of 2 ⁵⁵ times. F
In EAL, to decrypt the encrypted with lice look crushed, there is a need for operation of 2 ⁶⁴ times. Therefore, 1 μs
, It takes about 1100 years for DES method to perform decoding at the speed of one operation,
The L method takes about 510,000 years, and the DES and FEAL methods are sufficiently secure encryption.

[0013] However, improvement in recent years of Konpita processing speed is remarkable, in the case where is possible to perform the operation in a parallel processing of 10 ⁶ has become feasible, to perform the decryption in lice look crushed, 9.6 hours in the DES method It will be good in about 6.1 months.

[0014] Therefore, an encryption method in which a key itself is added with a structured key of an encryption algorithm in series with an algorithm that performs strong encryption such as the DES method or the FEAL method, thereby enhancing the encryption strength. Has been proposed by the present applicant. If a bit translator is used as such a structured key, for example, if the bit length B is 64 bits, it takes 10 ¹⁰⁸ operations to perform decoding with exhaustion, and the processing speed for one time is reduced. Even if the decoding is performed by performing 10 ⁶ parallel processes at 1 μs, it will take about ¹⁰⁸⁹ years.

[0015]

[Problems to be solved by the invention]

However, no matter what secure encryption method is used, if the key or structured key is known, the encryption can be easily decrypted. It can be said that the security of the encryption is determined by key management. For this reason, the encryption method is also applied to the key management procedure to protect the key in a double or triple manner. For this reason, the key management procedure method has become considerably complicated.

Conventionally, when performing data communication by performing encryption using the DES method or the FEAL method, an encryption / decryption device is disposed between a computer system and a modem, and key management is performed on the computer system side. Like that. As mentioned above, DES
When using an encryption method that strengthens the encryption strength by adding the structured key of the encryption algorithm in series with the algorithm that performs strong encryption, such as the As shown in 10, it is conceivable that the structured key means and the key management means are processed by software.

That is, in FIG. 10, a computer system 51 that performs communication includes a structured key unit 52 and the structured key unit 52.
Key management means 53 for managing the key for managing the key and the key for the encryption / decryption device. The structured key means 52 and the key management means 53 are processed by, for example, software.
The encryption / decryption device 55 and the model 56 are connected to a control line 57.
Through a computer system 51.

However, if the structured key means and the key management means are processed by software as described above, it is very troublesome to ensure the procedure and key management. Also, DES
In order to maintain compatibility with a conventional encryption method such as a method, it is preferable that the key management unit of the encryption / decryption unit and the structured key and its management unit are independent of each other.

It is conceivable to store the structured key in, for example, an IC card. However, when the structured key is stored in the IC card, it is necessary to mount the IC card in a computer system and operate the keys. It is.

The present invention can simplify the key management procedure,
An object of the present invention is to provide an IC tag and a communication device that can improve the reliability of key management.

[0021]

[Means for Solving the Problems]

According to the present invention, to solve the above-described problems, the input code is x, the key code is k, the bit change height of any input code is Δx, and the bit change height of any key code is Δk.
^Where f = f ⁻¹ or f ⁻¹ exists, and an algorithm f that satisfies f (x, k) = Rand (x, k) f (Δx, Δk) = Rand (Δx, Δk) Characterized in that a structured key, which is connected in series to the algorithm f of the encryption means for performing the encryption and is independent of the algorithm key and the key itself is a bit-transposed encryption algorithm, is provided. It is a contact type IC tag.

Further, the present invention provides an input code x, a key code k, an arbitrary input code bit change height Δx, and an arbitrary key code bit change height Δk, f = f ⁻¹ or f- ¹ exists, and f (x, k) = Rand (x, k). The algorithm f is encrypted so as to satisfy f (Δx, Δk) = Rand (Δx, Δk). In a communication device for transmitting a signal, an encryption means for encrypting an algorithm f and a structured key which is an encryption algorithm of a bit transposition independent of a key of the algorithm f are provided. A non-contact type IC tag that encrypts with a structured key and outputs an encrypted signal, supplies an input code to the IC tag, and
A communication apparatus comprising: a control unit that receives an output of a tag and supplies the output to an encryption unit; and a transmission unit that transmits an output of the encryption unit.

Also, the present invention provides an input code x, a key code k, an arbitrary input code bit change height Δx, and an arbitrary key code bit change height Δk, f = f ⁻¹ or f ^-1 exists, f (x, k) = Rand (x, k) f (Δx, Δk) = Rand (Δx, Δk) receives the encrypted signal with the algorithm f that satisfies In a communication device for decryption, a receiving means for receiving a signal encrypted by the algorithm f, a decrypting means for decrypting and outputting a signal encrypted by the algorithm f received by the receiving means, and a key of the algorithm f Independently, structured giga, which is an encryption algorithm for live transposition, is also received, a contactless IC tag that decrypts the output of the decryption means into an input code using a structured key and outputs it, Output to IC tag and output of IC tag And a control unit for receiving the communication device.

The encryption strength is enhanced by adding the structured key of the encryption algorithm to the key in series with an algorithm that performs strong encryption such as the DES method or the FEAL method. By storing such a structured key algorithm in a contactless IC tag, the procedure can be simplified,
The reliability of key management is improved.

[0025]

BEST MODE FOR CARRYING OUT THE INVENTION

An embodiment of the present invention will be described in the following order. a. Encryption method to which the present invention can be applied a1. Structured key a2. Consideration when using EX-OR as structured key a3. Consideration when using bit transpose as structured key b. This invention Description of one embodiment

A. Encryption method to which the present invention can be applied a1. Structured key In the modern cryptographic protocol, the following protocol is proposed in order to ensure the reliability and security of cryptography. The encryption process other than the key is disclosed. Given that the cracker knows all the information except the key, no cracking method is known other than the exhaustive cracking of the key or the computationally secure method.

A method of performing stronger encryption while observing such a rule will be considered.

In the conventional encryption algorithm, the key is only a simple code. In order to perform stronger encryption, it is conceivable to additionally use a structured key.

That is, it is conceivable to provide a key having a structure in which the key itself performs encryption in series with a strong encryption algorithm such as the DES method or the FEAL method. The use of a structured key in this way would make decryption more difficult.

Such a structured key is kept secret. Then, all the encryption processes other than the structured key are disclosed in accordance with the modern encryption protocol. The structured key is desirably a simple structure because it is stored in a recording medium and kept secret.

FIG. 3 shows an encryption process using such a structured key. In FIG. 3, 1 is a structured key means, 2
Is an encryption means. The structured key means 1 and the encryption means 2 are arranged in series.

The structured key unit 1 encrypts an input plaintext p by an algorithm g to generate an intermediate code p ′. The algorithm used to encrypt the structured key 1 is kept secret.

The encryption means 2 is provided with the intermediate code p ′ output from the structured key means 1 and a key K. The encryption means 2 performs strong encryption of the intermediate code p 'by the algorithm f using the key K,
Is generated. The algorithm of the encryption means 2 can be made public.

FIG. 4 shows a decryption process for decrypting a ciphertext encrypted using such a structured key. Decryption corresponds to the encryption process shown in FIG.

In FIG. 4, reference numeral 3 denotes a decryption unit, and 4 denotes a structured key unit. The decryption means 3 uses the key K to generate an algorithm f
^-1 is used to generate an intermediate code p 'from the ciphertext c. The intermediate code p ′ decrypted by the decrypting means 3 is given to the structured key means 4. The structured key means 4 generates the intermediate code p 'or the plaintext p. As a result, the plaintext p is decrypted from the ciphertext c.

Here, the algorithm f and the algorithm g will be described. The algorithm f performs strong encryption. This algorithm f satisfies the following conditions. f = f ⁻¹ (involution structure) or f ⁻¹ exists. Assuming an input p 'and a key K, f (p', K) = Rand (p ', K) That is, the output f (p', K) randomly corresponds to p 'or K. Assuming that the input bit change amount is Δp ′ and the key bit change amount is ΔK, f (Δp ′, ΔK) = Rand (Δp ′, ΔK) That is, for Δp ′ and ΔK, the output change amount is also random. Corresponding.

The encryption can be expressed by c = f (p ′), and the decryption can be expressed by p ′ = f ⁻¹ (c). However, if it is an involution structure, p '= f (c). When the input p 'and the output c are known, the key K can be decrypted by exhaustive inspection of the key K, but when either p' or c is unknown, the key and the key K cannot be decrypted. Take.

As such an algorithm f, the DES method or the FEAL
A method can be used.

The algorithm g performed by the structured key means 1 has the following structure. g = g ^-1 or g ^-1 is present. For a bit change height Δp of the input p, g (Δp) ≠ Rand (Δp) may be satisfied. When both the input p and the output p 'are known, the structure of g may be known, but when the structure of g and the variables in g are unknown, one of p and p' may be known. , Can not know the other.

As the algorithm g, an extremely simple structure, for example, an EX-OR structure, bit transposition, substitution table, or the like can be considered.
As described later, an algorithm g used as a structured key
However, bit transposition is preferable, and the EX-OR structure cannot sufficiently enhance encryption.

A2. Consideration when EX-OR is used as a structured key As a structured key for encryption processing for performing strong encryption, an algorithm that takes an EX-OR using a key k selected at all at random is adopted. Consider the case.

FIG. 5 shows an example of a case where the algorithm g of the structured key is an EX-OR structure. In FIG. 5, reference numeral 11 denotes structured key means. In this case, the structured key means 11 is a circuit that performs an EX-OR of the key k and the input p. The encryption processing means 12 is an encryption circuit that performs strong encryption such as the DES method or the FEAL method.

As described above, the encryption strength when the algorithm that takes the EX-OR is used as the structured key for the algorithm of the strong encryption method will be considered. It is assumed that f = f ⁻¹ for convenience. In the following, the addition symbol “+” indicates exclusive OR.

In such an encryption, if a plain text is p, an intermediate code output from the EX-OR circuit is p ′, and an encrypted text is c, c = f (p ′, K), p ′ = p + k Is shown. Also, the decoding is: p = k + p ', p' = f (c, k), where f is a random function. To summarize the above equation, encryption can be expressed as c = f (p + k, K) = Rand (p + k, K), and decryption can be expressed as p = k + f (c, K) = k + Rand (c, K).

The following can be understood from the above equation. In other words, the encryption procedure is based on a random function of two keys k and K, but the decryption procedure is based on a random function of one key K. Is necessary, but k does not have to be exhausted.

That is, in the direction of decoding, the relationship f (c, K) + p = k = constant holds. For this reason, the attacker uses a known i number of samples (c _i , p _i ), as shown in FIG. 6, to include a circuit 13 for processing the algorithm f and a circuit 14 for EX-OR. The key K can be retrieved by the processing circuit of. In other words, all the samples i
When the output is constant for each unit, the output at that time (k)
And K are known as keys. Thus, decryption trouble of this approach is the i · 2 ^{B (B:} the number of bits of the key and input code).

Since the function f is a random function, the output (k) is 1
When he became times constant, the probability output at that time (k) and key (K) is not a real (error rate), equivalent to enough low probability 2 ^-B to take one of the code of code number 2 in the ^B number. That is, i = 2
But it's decipherable enough.

From the above consideration results, the EX-OR
In such a configuration, the encryption strength is not sufficiently enhanced.

A3. Consideration when using a bit translator as a structured key Consider a case where a bit translator is used as a structured key. As shown in FIG. 7, the bit translator randomly replaces each bit of the input code. The algorithm g (p) of the bit translator can be expressed as g (p) = Rand (p) g (Δp) ≠ Rand (Δp) g ≠ g ⁻¹ .

FIG. 8 shows an encryption process when a bit translator is used as a structured key, and FIG. 9 shows a decryption process.

In the encryption processing shown in FIG. 8, reference numeral 21 denotes a bit translator as structured key means. The bit transposition unit 21 transposes the input bits by the algorithm g. 22 is an encryption means. The encryption means 22 performs strong encryption by the algorithm f. This algorithm includes:
The DES method and the FEAL method are used.

In the decryption process shown in FIG. 9, reference numeral 23 denotes a decryption unit, and the decryption unit 23 generates an intermediate code p ′ from the ciphertext c by the algorithm f. This intermediate code p 'is supplied to the reverse bit translator 24,
Is ^subjected to inverse bit conversion by the algorithm g ^-1 .

In the encryption in this case, the algorithm of the encryption means 22 is f, the algorithm of the bit translator 21 is g, the input plaintext is p, the intermediate code is p ', and the ciphertext is c. f (p ', k) = f (g (p), K). The decoding can be expressed as p = g ^-1 (p ') = g ^-1 (f (c, K)).

Since the algorithm shown by f performs strong encryption, the bit change height (Δp, ΔK, and Δ
Since the output is randomly associated with c),
For a decryption attack against a high bit change, the key K of the algorithm f is obtained by exhaustion, and the connection of the algorithm g is obtained by exhaustion. Also,
Since the algorithm g has no special relation between its input and output, it can be concluded that there is no deciphering method other than the attack of the algorithm f and the algorithm g even for an attack other than an attack with a high bit change.

Assuming that the number of input and output bits is B, when the key K of the algorithm f is exhaustively searched, 2 ^B operations are required, and the number of exhaustions of the connection of the algorithm g is B! Therefore, when encryption is performed using such an algorithm, both operations require 2 ^B · B! Operations to decipher with exhaustion. If B = 64 bits, B! B10 ⁸⁹ 2B · B! ≒ 10 ¹⁰⁸ . In this case, as 1μs a one-time processing speed, as well as subjected to parallel processing of 10 ^6, to perform the decryption in lice look crushed, it will need about 10 ⁸⁹ years.

B. Description of One Embodiment of the Present Invention As described above, the present invention provides a method in which a key itself is a structured key of an encryption algorithm in series with an algorithm that performs strong encryption such as the DES method or the FEAL method. By adding
This is applied when data communication is performed using an encryption method that enhances the encryption strength.

FIG. 1 shows a communication system in a case where communication is performed by strengthening the encryption strength using a structured key.
In FIG. 1, 31 is a computer system, 32 is a cipher /
A decoder, 33 is a modem, and 34 is a contactless IC tag to which the present invention is applied. The IC tag 34 has a structured key unit 41 for performing an operation of the algorithm g. The algorithm g of the structured key means 41 performs weak encryption and does not require a complicated operation, so that it can be easily stored in the capacity in the IC tag.

Such an IC tag 34 is configured as shown in FIG. That is, such an IC tag 34 includes an arithmetic circuit 41
And a memory 40. The output data of the arithmetic circuit 41 is modulated by the transmission / reception unit 2 so that the data can be transmitted wirelessly from the antenna 43. This IC tag 34
A battery 45 for supplying power to each unit is provided.

As shown in, for example, Japanese Patent Application Laid-Open No. Sho 62-26591, such an IC tag 34 can be carried by a user, for example, by attaching it to a breast pocket. If the user carries such an IC tag 34, the user can use the computer system.
Just approaching 31 and computer system 31 and IC tag
Data can be exchanged with 34.

Computer System 31 for Communication and Encryption / Decryption
32 and the modem 33 are connected via a control line 37.

When data is output from the computer system 31 via the line 38, the computer system 31 and the IC tag 34
And are connected wirelessly. Algorithm g of structured key means 41 in which data from computer system 31 is in IC tag 34
Is converted to an intermediate code. This intermediate code is supplied to the encryption / decryption unit 32. The data is encrypted by the encryption / decryption unit 32 by the algorithm f, and the encrypted data is output to the line 38 via the modem 33.

When the data transmitted via the line 38 is received by the computer system 31, the data transmitted via the line 38 is supplied to the encryption / decryption unit 32 via the modem 33. In the encryption / decryption unit 32, the data sent by the algorithm f is decrypted, and an intermediate code is generated.

The computer system 31 and the IC tag 34 are connected via radio, and this intermediate code is supplied to the structured key means 41 of the IC tag 34. The structured key means 41 decrypts the data from the intermediate code.

[0064]

【The invention's effect】

According to the present invention, the encryption strength is enhanced by adding the structured key of the encryption algorithm to the key itself in series with the algorithm that performs strong encryption such as the DES method or the FEAL method. By storing such a structured key algorithm in an IC tag, the procedure can be simplified, and the reliability of key management is improved. That is, if such a structured key is stored in an IC tag, the procedure for using the structured key is completed only by approaching the user. In addition, compatibility with conventional encryption methods such as the DES method and the FEAL method can be maintained.

[Brief description of the drawings]

FIG. 1 is a block diagram of one embodiment of the present invention.

FIG. 2 is a block diagram used for describing an embodiment of the present invention.

FIG. 3 is a block diagram used for explaining encryption using a structured key.

FIG. 4 is a block diagram used for explaining encryption decryption using a structured key.

FIG. 5 is a block diagram used for description when EX-OR is used as a structured key.

FIG. 6 is a block diagram used to explain decryption when an EX-OR is used as a structured key.

FIG. 7 is a schematic diagram used for describing a bit transposer.

FIG. 8 is a block diagram used to describe an encryption process when a bit translator is used as a structured key.

FIG. 9 is a block diagram used for explaining a decoding process when a bit translator is used as a structured key.

FIG. 10 is a block diagram used for explaining a conventional example.

[Explanation of symbols]

31 Computer system 32 Structured key means 34
…… IC tag

Continuation of the front page (56) References JP-A-62-81140 (JP, A) JP-A-60-164787 (JP, A) JP-A-59-122255 (JP, A) Edited by the Institute of Electronics, Information and Communication Engineers Modern Cryptography, 2nd Edition (Showa 62-6-10), Corona Co., Ltd. p. 54−56

Claims (3)

(57) [Claims] When an input code is x, a key code is k, a bit change height of an arbitrary input code is Δx, and a bit change height of an arbitrary key code is Δk, f = f ⁻¹ or f ⁻¹ is obtained. Exists in series with the above-mentioned algorithm f of the encryption means for encrypting the algorithm f such that f (x, k) = Rand (x, k) f (Δx, Δk) = Rand (Δx, Δk) A non-contact type IC tag provided with a structured key that is independent of the key of the above algorithm and that is a bit transposition encryption algorithm. 2. When the input code is x, the key code is k, the bit change height of an arbitrary input code is Δx, and the bit change height of an arbitrary key code is Δk, f = f ^-1 or f ^-1 is obtained. Exists, performs encryption of the algorithm f so as to satisfy f (x, k) = Rand (x, k) f (Δx, Δk) = Rand (Δx, Δk), and transmits an encrypted signal. In the communication device, an encryption means for encrypting the algorithm f, and a structured key independent of the key of the algorithm f and the key itself is a bit-transposed encryption algorithm are provided. Encrypted with the above structured key,
A contactless IC tag that outputs an encrypted signal, and the input code is supplied to the IC tag and the IC
A communication device comprising: control means for receiving an output of a tag and supplying the output to the encryption means; and transmission means for transmitting the output of the encryption means. 3. When an input code is x, a key code is k, a bit change height of an arbitrary input code is Δx, and a bit change height of an arbitrary key code is Δk, f = f ^-1 or f ^-1 is obtained. A communication apparatus that receives and decrypts a signal that exists and is encrypted with an algorithm f that satisfies f (x, k) = Rand (x, k) f (Δx, Δk) = Rand (Δx, Δk) In the above, receiving means for receiving the signal encrypted by the algorithm f, decoding means for decoding and outputting the signal encrypted by the algorithm f received by the receiving means, and a key of the algorithm f, A non-contact type IC tag provided with a structured key that is independent and the key itself is an encryption algorithm of bit transposition, and decrypts the output of the decryption means to the input code by the structured key and outputs the input code; Supply the output of the decryption means to the IC tag Both communication apparatus characterized by comprising a control means for receiving the output of the IC tag.