JP3427993B2 - Cryptographic algorithm development support device and cryptographic program development support device - Google Patents

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a device for supporting the development of a block cipher algorithm based on a block cipher algorithm specification description notation previously defined and a device for supporting the development of a program for realizing the algorithm. Is.

[0002]

2. Description of the Related Art As the sharing of information progresses due to the development of computer network technology and the like, the need for encryption technology for preventing information leakage is increasing. Cryptography can be roughly classified into secret key cryptography that uses the same key for encryption and decryption, and public key cryptography that uses different key pairs of a private key and a public key. Secret key cryptography has a problem in that a key is shared between a sender and a recipient when performing cryptographic communication. Public key cryptography does not have this problem.

However, public key cryptography requires a larger amount of calculation for encryption and decryption than private key cryptography. Therefore, both are properly used depending on the purpose.

Block ciphers that perform encryption and decryption in units of fixed-length data (blocks) are often used as secret key ciphers. Various block cipher algorithms have been devised so far. Reference `` Federal Information Processing Standards Publi
cation 46-2 1993 December 30; Announcing the DATAEN
The DES introduced in "CRYPTION STANDARD (DES)" is a typical example.

By the way, as the research and development on such a block cipher algorithm and means for realizing the block cipher algorithm progresses, the decryption technology also becomes more sophisticated. In other words, cryptographic algorithms that are currently strong are not always the case. Therefore, it is necessary to efficiently develop a new block cipher algorithm that can withstand the new decryption technology.

Therefore, as an example of conventional block cipher development support means, an intermediate coincidence closedness test (strength test) of a block cipher can be executed in a small storage area as disclosed in Japanese Patent Laid-Open No. 5-14340. As described in Japanese Patent Application Laid-Open No. 8-190344,
Invol such as FEAL which has more search calculation amount than DES
There is known a cryptographic algorithm strength evaluation device that can be applied to a motion type encryption in a practical time.

[0007]

However, the above-mentioned strength test or strength evaluation is carried out after the creation of the encryption algorithm, and basically, the efficiency of the new block cipher algorithm that can withstand the new decryption technique is improved. The issue is how we can support good development.

For that purpose, a means for streamlining the development of the block cipher algorithm is required. In particular,
(1) Notation for describing a block cipher algorithm, (2) means for supporting description and editing of a block cipher algorithm by the notation, (3) means for experimentally executing the block cipher algorithm described by the notation (4) A means for evaluating the strength of the block cipher algorithm is required.

At present, an informal data flow diagram is usually used as a notation for describing a block cipher algorithm, but it has not been possible to describe the block cipher algorithm accurately in detail. Absent. This is the first problem.

On the other hand, if the cryptographic algorithm is not realized accurately, the expected effect cannot be obtained. A normal block cipher algorithm only repeats a relatively simple operation on a fixed-length bit string, so
It is not difficult to create a program that reflects the algorithm as it is. However, in reality, some optimization is often performed due to the demand for higher speed. In that case,
It is necessary to make sure that the program correctly implements the original algorithm. Therefore, many test cases are required to test a block cipher program.

In order to create a test case, it is necessary to actually operate the cryptographic algorithm to create a set of plaintext and its corresponding ciphertext. However, conventionally, it was impossible to efficiently generate a large number of reliable test cases because the test cases were created by hand.
This is the second problem.

On the other hand, the above-mentioned cryptographic algorithm notation is rather a notation suitable for realization by hardware, and is unsuitable as a design specification of a program for realizing a block cipher algorithm. This is the third problem.

Further, as described above, in order to create a practical block cipher program, it is necessary to perform optimization, which requires man-hours. When developing an application program that incorporates the block cipher program,
Until the development of the block cipher program is completed, stubs (test dummy subroutines) will be used. Therefore, during that time, the block cipher cannot be used when testing the application program. This is the fourth problem.

A first object of the present invention is to provide a cryptographic algorithm development support device capable of efficiently supporting description and editing of a block cryptographic algorithm based on a pre-defined block cryptographic algorithm notation.

A second object of the present invention is to provide a test case that can be used when testing a program that realizes the block cipher algorithm by directly interpreting and executing the block cipher algorithm described by the block cipher algorithm notation. An object is to provide a cryptographic program development support device that can automatically generate and efficiently support a test of a cryptographic program.

A third object of the present invention is to automatically generate design specifications of a program suitable for the purpose of program development from the block cipher algorithm described by the block cipher algorithm notation, and efficiently support the generation of the cipher program. It is to provide a cryptographic program development support device capable of performing the above.

A fourth object of the present invention is to automatically generate a program for realizing the block cipher algorithm from the program design specifications automatically generated from the block cipher algorithm, and to efficiently support the generation of the cipher program. It is to provide a cryptographic program development support device capable of performing the above.

A fifth object of the present invention is to enable a cryptographic program to be efficiently tested by using automatically generated test cases in accordance with a schedule designated by a user in the test step of cryptographic program development. To provide a development support device.

[0019]

In order to achieve the above first object, the present invention assists a user in describing and editing a diagram representation of a block cipher algorithm in a predefined block cipher algorithm specification description notation. Cipher diagram editing means, cipher diagram storing means for storing the diagram representation of the block cipher algorithm edited by the cipher diagram editing means, and cipher diagram interpretation executing means for interpreting and executing the stored diagram representation of the block cipher algorithm. , A cipher diagram execution environment storage means for storing the state of a variable appearing in the diagram representation of the block cipher algorithm during interpretation execution, and a cipher diagram execution environment for checking the contents of the block cipher diagram execution environment storage means Characterized in that it comprises a 査 means.

Here, the block cipher algorithm specification description notation, which is the premise of the present invention, has a diagram representation of a variable whose value is bit string data and a diagram representation of an operation on the bit string data as constituent elements. As a diagram representation for combining the variable and the operation, a diagram representation of the reference operation from the variable,
Diagram representation of the assignment operation to the variable, diagram representation of the operation of applying the operation to the bit string data, diagram representation of the dividing operation of the bit string data, diagram representation of the concatenation operation of the bit string data, and the bit string It is characterized by including a diagrammatic representation of a data duplication operation, a diagrammatic representation of repetitive processing on the bit string data, and a diagrammatic representation for defining an operation on the bit string data.

In order to achieve the second object, the present invention provides
A cipher program test case storage unit for storing a block cipher program test case consisting of an ID for distinguishing test cases, an encryption key, a plaintext, and a ciphertext obtained by encrypting the plaintext with the encryption key, and the ID A block cipher algorithm development support means for generating the ciphertext, comprising: an ID counting means for generating the encryption key; a key generation means for generating the encryption key; and a plaintext generation means for generating the plaintext. And is provided.

In order to achieve the third object, the present invention provides
Diagram parsing means for parsing the syntax of the diagram representation of the block cipher algorithm, diagram syntax tree storing means for storing the diagram syntax tree as the analysis result, and design specifications for generating program design specifications from the stored diagram syntax tree. The present invention is characterized by including a generation unit, a correspondence table defining a correspondence relation between a diagram and a program design specification, and a cryptographic program design specification storage unit for storing the generated design specification.

In order to achieve the fourth object, the present invention provides
A design specification syntax analysis means for analyzing the syntax of the design specifications of the block cipher program, a design specification syntax tree storage means for storing the design specification syntax tree as the analysis result, and a program generated from the stored design specification syntax tree. It is characterized by comprising a program generation means, a correspondence table defining a correspondence relationship between design specifications and programs, and an encryption program storage means for storing the generated programs.

In order to achieve the fifth object, the present invention provides
Test schedule storing means for storing a test schedule of the block cipher program, test case selecting means for selecting a test case according to the test schedule stored in the test schedule storing means, and cipher program storing means for storing the block cipher program, A program executing means for executing a stored block cipher program by giving a key and plaintext which are the constituents of the selected test case and executing the ciphertext, which is the execution result, and the constituents of the selected test case. It is characterized by further comprising a comparing means for comparing with a ciphertext, and an encryption program test result storing means for storing a test result including the ID of the selected test case and a comparison result.

[0025]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described in detail below with reference to the drawings.

Prior to the description of the embodiments, the block cipher algorithm specification description notation used in each embodiment of the present invention will be described.

[Block Cipher Algorithm Specification Description Method] FIGS. 1 and 2 are diagrams showing a list of grammars of the block cipher algorithm specification description method used in each embodiment of the present invention. The specification description method is, as shown in FIGS. 1A to 1C, a diagram representation 11 to 13 of a variable whose value is bit string data.
And the diagram representations 14 to 18 of the operation on the bit string data, as shown in FIGS. 1D to 1H.

Further, as a diagrammatic representation for combining the variable and the operation, as shown in FIG. 1I, a diagrammatic representation 19 of a reference operation from the variable is given.
1 (j), a diagrammatic representation 20 of the assignment operation to the variable, and a diagrammatic representation 21 of the operation applying operation to the bit string data as shown in FIG. 1 (k), As shown in FIG. 1M, a diagrammatic representation 22 of the bit string data division operation, as shown in FIG. 1N, a diagrammatic representation 23 of the bit string data concatenation operation, and as shown in FIG. A diagrammatic representation 24 of the bit string data duplication operation, a diagrammatic representation 25 of the iterative process on the bit string data as shown in FIG. 2A, and an operation on the bit string data as shown in FIG. 2B. Has a diagrammatic representation 26 for

In the block cipher algorithm specification description method of this example, only bit string data is handled. All variables are used only to store bit string data, and operations can only be used on bit string data.

For example, the diagram representation 1 of FIG.
1 represents a variable named "B" for storing "64-bit data". The diagrammatic representation 12 of FIG. 1B is "L" for storing "32-bit data".
It represents a variable with a subscript named "_0", and "0" in the variable name is a subscript. The diagram representation 13 of FIG. 1C shows 16 (i = 1 to 16) subscripted variables “L_1” to “L_1” for storing “32-bit data”.
6 ”. Diagram representation 14 of FIG. 1 (d)
Represents an operation named "f".

FIGS. 1E to 1H are examples of frequently used operations, and such special operations are introduced as needed. The diagram representation 15 of FIG. 1E represents an exclusive OR of two bit string data. Figure 1
The diagram representation 16 of (f) represents an operation for reducing and transposing "64-bit data" to "56-bit data". The diagrammatic representation 17 of FIG. 1 (g) represents an operation for shifting the bit string data by "KS bits". The diagrammatic representation 18 of FIG. 1 (h) represents an operation for substituting "4 bit data" for "2 bit data" and "4 bit data".

The diagrammatic representation 19 of FIG. 1 (i) is a representation for referring to the bit string data stored in the variable, and in particular, it is a variable for storing the input / output data of the algorithm to be described. Is labeled "input" or "output".

The diagrammatic representation 20 of FIG. 1 (j) is a representation for substituting "64-bit string data" for the variable "CB". The diagrammatic representation 21 of FIG. 1 (k) is a representation for applying an operation named "f" to bit string data.

The diagrammatic representation 22 of FIG. 1 (m) is an expression for dividing the bit string data and storing it in the variables X and Y as a plurality of bit string data. The diagram expression 23 of FIG. 1 (n) is an expression for connecting a plurality of bit string data into one bit string data. The diagrammatic representation 24 of FIG. 1 (p) is a representation for duplicating bit string data into a plurality of same bit string data.

The diagrammatic representation 25 of FIG. 2A is i
The same processing is repeatedly applied to the bit string data stored in the variable X with a number of subscripts (i = 1 to 16), and the result is applied to the number of i (i = 1 to 16) with another subscript. It is an expression for storing in the variable Y. The contents within the dotted line are repetitive contents, and are described using the above expression and, if necessary, the repetitive expression. The number of repetitions is described in the upper left as "16 times".

The "i" on the left side of the dotted line is a repetition variable indicating the current repetition number. This iteration variable "i" starts from "1" and is incremented by "1" in order, and when the number of iterations is reached, the entire iterative process ends.

The diagrammatic representation 26 of FIG. 2B is a representation for defining an operation. The operations defined by this representation can be used elsewhere by the representation of diagram representation 14. The contents within the dotted line are the contents of the calculation and are described using the above-mentioned expressions.

Different occurrences of a variable of the same name represent the same variable. Data can be stored in variables only once. You can refer to a variable any number of times, but you cannot refer to a variable that does not contain data.

[Description Example] FIGS. 3 to 5 are algorithm configuration diagrams in which the block encryption algorithm "DES" is described by the block cipher algorithm specification description method of the present invention. FIG. 3 shows the entire block cipher algorithm DES. 4 and FIG. 4 shows the operation “f” 11 used in FIG.
2 shows the details of the processing of No. 2, and FIG. 5 shows the generation processing of the 16 keys K stored in the variable “K_i (i = 1..16) 109 used in FIG. 3 in detail. .

Details of the transliteration, shift, and substitution operations used in FIGS. 3 to 5 are given separately as shown in FIG. 6, for example. FIG. 6A shows the details of the transliteration operation “IP” used in FIG. 3. For example, the first bit of the output bit string is the 58th bit of the input bit string. FIG. 6B is a detail of the expanded transliteration operation “EP” used in FIG. 4. For example, the first bit of the output bit string is the 32nd bit of the input bit string. FIG. 6C shows the details of the substitution operation “S_1” used in FIG. 4, and expresses a matrix of combinations of 4 cases represented by 2-bit input and 16 cases of 4-bit input. And output 4
The value of the bit string becomes the value of each cell in the matrix. Figure 6
(D) is a detail of the shift operation used in FIG.
For example, "K_1" represents shifting the input bit string by 1 bit to the left.

The details of the algorithm of FIG. 3 are as follows.

First, the plaintext data to be encrypted is
It is stored in the 64-bit variable 101 named “B”. This variable "B" is labeled "input", indicating that it is an input to the algorithm. The plaintext data is sent to the transliteration 103 for the 64-bit data named "IP" via the arrow 102 representing the reference to the variable "B".

The 64-bit data which is the result of this transfer processing passes through the arrow 104 indicating the division of the data and passes through the upper 32 bits.
The bit data is stored in the 32-bit variable 105 named "L_0", and the lower 32-bit data is stored in the 32-bit variable 107 named "R_0".

Next, the iterative process 110 is entered, and the same process is repeated 16 times ("16 time" in this process).
s ").

In the i-th (i = 1..16) th processing,
A 32-bit variable 105 named "L_ (i-1)"
Or 106 and 32 named "R_ (i-1)"
The data of the bit variable 107 or 108 and the 48-bit variable 109 named “K_i” is referenced, and the processing result is the 32-bit variable 114 or 115 named “L_i” and the 32-bit variable 1 named “R_i”.
16 or 117.

Details of the contents of the repetitive processing 110 are as follows. The variable “R_ (i−1)” is stored in the variable “L_i” 114 or 115 via the arrow 111 representing the duplication of data, and the other is input to one of the two inputs of the operation “f” 112. Become.

Another input variable of operation "f" 112 is "K_i". The result of this operation “f” 112 becomes the input of the exclusive OR 113 together with the input variable “L_ (i−1)”. The result of the exclusive OR 113 is stored in the output variable “R_i” 116 or 117.

When all such repeating processes are completed, the data of the 32-bit variable 115 named "L_16" and the data of the 32-bit variable 117 named "R_16" are concatenated via the arrow 118 representing the concatenation of the data. It becomes 64-bit data and is input to the transliteration 119 called "IP ^ -1" (reverse of transliteration IP).

The processing result of this transliteration 119 is a ciphertext, and is stored in the 64-bit variable 121 named "CB" via the arrow 120 representing the storage of data. This variable 121 is labeled "output", which indicates that it is an output from the DES algorithm.

In FIG. 3, the variable "L_i (i =
1. ． 15) ”has two occurrences 106 and 115,
Represents the same variable. The variable “R_i (i = 1.
The same applies to "5)".

Details of the definition 112 of the operation "f" in FIG. 4 are as follows. 32-bit data "R" in operation "f"
32-bit data “f (R, K)” 149 is calculated from two inputs of 132 and 48-bit data “K” 133.

The input data "R" 132 is converted to 48-bit data 135 by the expanded transcribing "EP" 134 of 32-bit data to 48-bit data, and is exclusive with another 48-bit data "K" 133. OR 1
36 inputs. The operation result 137 of the exclusive OR 136 is divided into 8 (j = 1..8) 6-bit data, and eight 6-bit data variables “X_j (j =
1. ． 8) ”138. The arrow 137 indicating the storage of the data represents the division of the data because it is connected to the variable with the subscript here.

Next, the iterative process 139 is entered, and the following process is performed for each of the eight 6-bit data variables X_j (j = 1..8).

First, the 6-bit data variable "X_j" 13
8 is divided into 1-bit, 4-bit, and 1-bit data, and 1-bit data variable “r1” 140 and 4 respectively.
The bit data variable “c” 141 is stored in the 1-bit data variable “r2” 142. Here, the variable "r1" 1
40, the variable “c” 141, and the variable “r2” 142 are newly prepared each time the repeated variable j is added.

2-bit data 143 obtained by concatenating the data of the variables "r1" 140 and "r2" 141 and the variable "c" 1
The 4-bit data 144 of 42 is the substitution operation “S_j” 14
Input to 5. The result of this operation is the 4-bit variable "Y_
j ”146.

When all such repeating processes are completed, eight 4-bit data "Y_j (j = 1..8)"
146 are concatenated to form 32-bit data 147, 3
It is input to the transcribed "P" 148 for 2-bit data. The arrow indicating the reference of the data 147 indicates the connection of the data, since the reference is made from the array of subscripted variables here. The result of this calculation is “f (R, K)” 149.

The variable "K_i (i = 1 ... 1) shown in FIG.
6) ”167 generation processing is as follows. First, the key (K) input to the DES algorithm is stored in the 64-bit data variable “K” 151. This 64-bit data variable “K” 151 passes through the arrow 152, and the reduced transliteration “KP” 1 from 64-bit to 56-bit.
It is input to 53 and converted into 56-bit data 154.

This 56-bit data 154 has two 2
It is divided into 8-bit data and stored in 28-bit variables "KL_0" 155 and "KR_0" 157, respectively.

Next, the iterative process (1) 159 is entered,
Each “KL_ (i−1)” (i = 1..16) 155 or 156 and “KR_ (i−1) (i = 1.
6) ”157 or 158 is subjected to the following processing, and“ KL_i (i = 1..16) ”162 and“ KR
_I (i = 1..16) ”163 is sequentially generated.

Each "KL_ (i-1)" 155 or 1
56 is an input of the shift operation “KS_i” 160. The calculation result is stored in the variable “KL_i” 162.

In addition, each variable “KR_ (i−1)” 157
Alternatively, 158 becomes an input of the shift operation “KS_i” 161. The calculation result is stored in the variable “KR_i” 163.

After the above iterative processing or in parallel, each "KL_i (i = 1..16)" 162 and "KR_i"
_I (i = 1..16) ”163, the following iterative process (2) 164 is performed.

Each "KL_i" 162 and "KR_i" 16
The reduced transliteration “PC” 166 from 56 bits to 48 bits is applied to the 56-bit data 165 obtained by concatenating 3 and the result is stored in the 48-bit variable “K_i” 167.

As shown in this description example, according to the block cipher algorithm description notation of this example, the details of the block cipher algorithm can be described exactly and concisely.

[First Embodiment] Next, an embodiment of a cryptographic algorithm development supporting apparatus realized by using the above-mentioned block cipher algorithm specification description notation will be concretely described with reference to the drawings.

FIG. 7 is a functional block diagram showing an embodiment of a block cipher algorithm development support device. This first
The block cipher algorithm development support apparatus according to the embodiment of the present invention provides a cipher diagram editing apparatus 201 that assists the user to describe and edit the above-described diagram representation of the cryptographic algorithm, and a diagram representation of the described and edited block cipher algorithm. A cryptographic diagram storage device 204 for storing, a cryptographic diagram interpretation / execution device 202 for interpreting and executing a diagram representation of a block cipher algorithm, and a cryptographic diagram execution environment storage for storing states of variables appearing in the diagram representation of a block cipher algorithm during interpretation and execution It comprises a device 205 and a cryptographic diagram execution environment inspection device 203 for inspecting the contents of the cryptographic diagram execution environment storage device 205.

The cipher diagram editing apparatus 201 is shown in FIG.
It is intended to help the user to describe and edit the diagram representation of the block cipher algorithm as shown in (4) and can be realized by the conventional diagram editing technique. This cipher diagram editing device 201
It also has a function for defining the details of the operation as shown in FIG. 6, and this definition is stored in the cryptographic diagram storage device 204.

The cipher diagram interpretation and execution device 202
A cryptographic diagram storage device 2 for interpreting and executing a diagram representation of a block cipher algorithm.
The constituent elements of the cipher diagram stored in 04 are calculated in order from the computable one, and the value as the calculation result is stored in the cipher diagram execution environment storage device 205. However, the fact that the components of the diagram are "computable" is defined as follows.

[Definition of Computability of Components] (A) The input variables of the algorithm can be calculated.

(B) In the built-in operation, the output can be calculated if the values of all the inputs are determined.

(C) The variable can be calculated if the value to be substituted is determined.

(D) The first iteration of the n-th iterative portion can be calculated if the values of all the input variables are determined when the subscript of the iteration is "1".

(E) The i-th (i =
2. ． The n) th time can be calculated if the output variables of the 1st to (i−1) th times are determined and all the input variable values are determined when the subscript of the repetition is i.

(F) The user-defined operation can be calculated if the values of all input variables are determined.

The cipher diagram interpretation / execution device 202
As shown in the detailed configuration diagram of FIG. 8, a diagram scanning device 206 for reading the cryptographic diagram stored in the cryptographic diagram storage device 204, and the computability of the components of the cryptographic diagram based on the scan result of the cryptographic diagram. Computability test device 2 for testing
07, an initial value setting device 208 for setting the input variable of the cryptographic algorithm, and a value calculation device 209 for calculating the values of the constituent elements of the cryptographic diagram.

Cipher Diagram Execution Environment Inspection Device 203
Is a cryptographic diagram execution environment storage device 205
Of the cryptographic diagram, as shown in the detailed configuration diagram of FIG. 9, an inspection target designating device 210 for reading the value of the element designated by the user, and the reading target designating device 210. The inspection result display device 211 for displaying the measured values.

The basic method of using the cryptographic algorithm development support device of the first embodiment is as follows.

First, the user uses the cipher diagram editing device 201 to describe and edit the diagram representation of the block cipher algorithm according to the notation shown in FIG. 3, and stores it in the cipher diagram storage device 204.

Next, in order to confirm that the block cipher algorithm stored in the cipher diagram storage device 204 operates as intended by the user, the cipher diagram interpretation execution device 202 is used to actually execute the block cipher algorithm. Let it run. This execution result is stored in the cryptographic diagram execution environment storage device 205 as shown in FIGS.
It is stored as a table as shown in.

Finally, the user uses the cryptographic diagram execution environment checking device 203 to examine the execution result in detail.

Hereinafter, the cryptographic diagram interpretation execution device 20
The operation No. 2 will be described in detail step by step based on the flowchart shown in FIG.

Step 212 : The diagram scanning device 206 examines the components of the diagram stored in the cryptographic diagram storage device 204, and the cryptographic diagram execution environment storage device 205.
To initialize. The cryptographic diagram execution environment is initialized by creating a table for the entire algorithm, a table corresponding to each time of each repeating unit, and a table corresponding to a user-defined operation.

For example, in the case of the generation processing of the DES encryption algorithm shown in FIGS. 3 to 5, a table 1100 of the entire generation processing of the encryption algorithm DES shown in FIG.
1 (b) shows a table 1110 relating to the repeating unit 139 of the entire DES, and a table 112 showing the entire key generation process shown in FIG.
0, a table 1130 for each time of the first iterative unit during the key generation process shown in FIG. 13A, and a table 1140 for each time of the second iterative unit during the key generation process are created and initialized.

Here, each of these tables is a "component" 1
Each of the columns 101, "Is it calculable?" 1102, and "Value" 1103 is set. In the column "Component" 1101, the names of the diagram expressions such as variables described in the block cipher algorithm are set. Also, "Is it possible to calculate?" 1
In the column of 102, "NO" is set at the initial stage, and "YES" is set at the stage when calculation becomes possible. Further, in the column of “value” 1103, a calculation result of a diagram expression such as a variable is set.

Step 213 The computability checking device 207 lists all the computable values 1103 in the diagram representation according to the above definition of computability. At this time, the relationship between the components is examined by the diagram scanning device 206.

Step 214 The value 1 of the computable component listed in Step 213
103 is calculated by the value calculation device 209. At this time, the diagram scanning device 206 examines other components having a value necessary for calculation, and the value is referred from the cryptographic diagram execution environment storage device 205. When the constituent element is an input variable to the algorithm, the value designated by the user by the initial value setting device 208 is used as the calculated value.

Step 215 It is checked whether values have been stored in all output variables of the cryptographic algorithm. If so, the execution ends. Otherwise, return to step 213.

For example, the encryption algorithm DE shown in FIG.
In the key generation process of S, the output variable “K
Tables 1120 and 113 until “_1” 167 is generated
The contents of 0, 1140 are as shown in FIGS.

That is, step 21 immediately after the start of execution
When the cryptographic diagram execution environment storage device 205 is initialized in step 2, all the constituent elements cannot be calculated because the conditions are not met. In FIG. 14 to FIG. 16, the “start” column 1 indicates whether calculation is possible at the time of initialization.
Reference numeral 401 indicates “NO”.

Next, in step 213, according to the above-mentioned definition of computability by the computability checking device 207,
Only the input variable K of the algorithm is enumerated as a calculable component, and in step 214, the value X specified by the user by the value calculation device 209 and the initial value setting device 208 becomes the calculated value of K. In FIG. 14, the input variable K = X is shown in (1) of the calculation stage column 1402. In addition, at this time point, it is indicated that the “calculation possible?” Of the input variable K is updated to “YES”.

At step 215, it is checked whether or not values have been stored in all the output variables of the cryptographic algorithm, but since this is not the case, the process returns to step 213. Second step 21
In 3, the value of the input variable K is determined, and therefore the computability checking device 207 enumerates the transliteration operation KP as a computable element according to the above definition of computability. Then, in the transliteration operation KP, "is it possible to calculate?"
ES ”is updated.

In step 214, KP (X) is calculated by the value calculation device 209 and becomes the value of KP. In FIG. 14, KP (X) indicates that the value of KP has been obtained in (2) of the calculation stage column 1402. In the subsequent third step 213 and step 214, “KL_0” and “K
The value of "R_0" is calculated. FIG. 14 shows that the values of “KL_0” and “KR_0” have been obtained in (3) of the calculation stage column 1402.

Fourth step 213 and step 214
Then, the case of i = 1 in the repeating unit (1) can be calculated, and the values of the input variables “KL_0” and “KR_0” are determined. FIG. 15 shows that the values of “KL_0” and “KR_0” have been obtained in (4) of the calculation stage column 1402.

Fifth step 213 and step 214
Then, two values of "KS_1" are calculated, and in Steps 213 and 214 for the sixth time, the repeating unit (1)
"KL_1" and "KR" which are output variables when i = 1
The value of "_1" is determined. In FIG. 15, the calculation stage column 140
2 (5) indicates that the value of "KS_1" has been obtained, and (6) of the calculation stage column 1402 indicates "KL_1".
And that the values of “KR — 1” have been obtained.

In the same manner, the execution of the cryptographic algorithm described by the diagram representation of FIG. 5 is continued. As a result, the twelfth step 213 and step 21
At 4, the value of the first (i = 1) output variable “K_1” is determined. FIG. 16 shows that the value of “K_1” is obtained in (12) of the calculation stage column 1402.

Such processing is repeatedly executed until i = 16. As a result, the variable “K_1” corresponding to 16 keys is generated. The processing of the entire encryption algorithm DES ends when the value of the variable “CB” is obtained. When the value of the variable “CB” is obtained, all the columns of “Is it possible to calculate?” 1102 in the table 1100 of FIG. 11 are “YES”.

As described above, according to the first embodiment, it is possible to assist the user in describing and editing the diagram expression of the block cipher algorithm according to the above-mentioned notation, and at the same time, interpret and execute the diagram expression of the block cipher algorithm. However, the block cipher diagram execution environment can be examined in detail, and the block cipher algorithm can be efficiently developed.

[Second Embodiment] Next, an embodiment of a cryptographic program test case generation device to which the present invention is applied will be specifically described with reference to the drawings.

FIG. 17 is a functional block diagram showing an embodiment of the cryptographic program test case generation device. The cryptographic program test case generation device 300 of this embodiment has an ID (identification information) 3041 for distinguishing test cases.
And a cipher program test case storage device 305 for storing a block cipher program test case 304 consisting of an encryption key 3042, a plaintext 3043, and a ciphertext 3044 obtained by encrypting the plaintext 3043 with the encryption key 3042, and the ID 3041. And a plaintext generator 303 for generating the plaintext 3043, and an ID counting device 301 for generating the ciphertext 3044, and an ID counting device 301 for generating the ciphertext 3044. In order to do so, the cryptographic algorithm development support device 200 of the first embodiment described above is used.

The basic usage of the cryptographic program test case generation device 300 of this embodiment is as follows.

The user uses the above-mentioned encryption algorithm development support device 200 to develop a block cipher algorithm in advance. Then, the user can create a test case used when inspecting the program that realizes the block cipher algorithm, by using the cryptographic program test case generation device 300 of the present embodiment.

First, the ID counter 301 generates a new test case ID 3041. Next, the key generation device 302 generates the encryption key 3042, and the plaintext generation device 303 further encrypts the plaintext 3
043 is generated.

The key generation device 302 and the plaintext generation device 303 use an encryption key 3042 and a plaintext 304 by means of random numbers or the like.
3 is generated. In this case, the user may directly input the encryption key 3042 or the plaintext 3043.

After the encryption key 3042 and the plaintext 3043 are generated, the encryption key 3 is transferred to the block cipher diagram interpretation execution device 203 of the encryption algorithm development support device 200.
By inputting 042 and plaintext 3043 and interpreting and executing the encryption algorithm according to the procedure described in the first embodiment, a ciphertext 3044 obtained by encrypting the plaintext 3043 with the encryption algorithm is obtained.

Therefore, the ID 3041 and the encryption key 30
42 and plaintext 3043 and ciphertext 3044 are paired,
The test cases 304 are stored and stored in the cryptographic program test case storage device 305.

As described above, according to the second embodiment, it is possible to efficiently and mechanically generate a test case for testing a program that realizes a newly developed block cipher algorithm.

[Third Embodiment] Next, a block cipher program design specification generating apparatus according to a third embodiment of the present invention will be specifically described with reference to the drawings.

FIG. 18 is a functional block diagram of the block cipher program design specification generation device. The block cipher program design specification generation device 400 of this embodiment is a block cipher algorithm generated by the cipher algorithm development support device 200. A diagram parsing device 401 that analyzes the syntax of a diagram expression, a diagram syntax tree storage device 403 that stores the diagram syntax tree that is the analysis result, and a program design specification is generated from the diagram syntax tree stored in this storage device 403. A design specification generation device 402, a diagram design specification correspondence table 405 that defines the correspondence between diagrams and program design specifications, and an encryption program design specification storage device 404 for storing the generated design specifications. It

Details of the operation of the block cipher program design specification generation device of the third embodiment are as follows.

First, the cipher diagram stored in the cipher diagram storage device 204 of the block cipher algorithm development support device 200 is parsed by the diagram parsing device 401.

The analysis result is stored in the diagram syntax tree storage device 403. Then, according to the diagram design specification correspondence table 405, the design specification generation device 40
2, the program design specification is generated from the diagram syntax tree. The generated design specifications are stored in the cryptographic program design specification storage device 404.

PA is used as the description notation of the program design specification.
When using D (Problem Analysis Diagram), details of the diagram design specification correspondence table 405 are shown in FIG.
And as defined in FIG.

In FIG. 19 and FIG. 20, item number (1)
Is a diagram representation field 405 during the diagram description.
2 indicates that the generated program design specification generates a variable declaration as shown in the design specification (PAD) expression column 4053.

Item number (2) is the program design specification generated when there is a sequence of subscripted variables shown in the diagram representation column 4052 in the diagram description.
This indicates that the declaration of the array of subscripted variables as shown in the design specification (PAD) expression column 4053 is generated.

Item number (3) is shown in the design specification (PAD) expression column 4053 in the generated program design specification when the transliteration operation shown in the diagram expression column 4052 is present in the diagram description. This means that a transliteration definition like this is generated. The contents of this definition are shown in FIG.
Details of the transliteration operation as shown in (b).

Item number (4) is as shown in the design specification (PAD) representation column 4053 in the generated program design specification when the shift operation shown in the diagram representation column 4052 is present in the diagram description. It means that a definition of a simple shift operation is generated. The definition contents are stored in the cryptographic diagram storage device 204 as shown in FIG.
The details of the shift operation are as follows.

Item number (5) is as shown in the design specification (PAD) expression column 4053 in the generated program design specification when the substitution operation shown in the diagram expression column 4052 is included in the diagram description. It means that the definition of the assignment operation is generated. The definition contents are the details of the substitution operation in the encryption diagram storage device 204 as shown in FIG.

Item number (6) is a design specification (PAD) expression field 4053 in the generated program design specification when there is an expression representing a reference to a variable shown in the diagram expression field 4052 in the diagram description. It means that the reference of the variable is generated as a partial expression of the expression in the executable statement as shown in FIG.

Item number (7) is a column of design specification (PAD) expression in the generated program design specification when there is an expression representing substitution to the variable shown in the diagram expression field 4052 in the diagram description. As indicated by reference numeral 4053, an execution statement that substitutes the calculation result up to that point into the variable is generated.

Item number (8) is a design specification (PAD) expression column 4053 in the generated program design specification when there is an expression representing application of the operation shown in the diagram expression column 4052 in the diagram description. As shown in, the expression that applies the operation to the calculation result up to that time is generated as a partial expression of the expression in the executable statement.

Item number (9) is a design specification (PAD) expression column 4053 in the generated program design specification when there is an expression representing division of data shown in the diagram expression column 4052 in the diagram description. As shown in, it indicates that an executable statement that assigns the calculation results up to that point to multiple variables is generated.

Item number (10) is a design specification (PAD) expression field 4053 in the generated program design specification when there is an expression representing the data connection shown in the diagram expression field 4052 in the diagram description. As shown in, the expression that connects a plurality of expressions representing the calculation results up to that time is generated as a partial expression of the expression in the executable statement.

The item number (11) is a design specification (PAD) expression column 4053 in the generated program design specification when there is an expression representing the duplication of the data shown in the diagram expression column 4052 in the diagram description. As shown in (3), as a partial expression of the expression in the executable statement, a plurality of expressions representing the calculation results up to that point are generated.

Item number (12) is indicated in the design specification (PAD) expression column 4053 in the generated program design specification when there is an expression representing the repetition shown in the diagram expression column 4052 in the diagram description. As described above, the execution statement having the PAD repeating structure is generated as a partial expression of the expression in the execution statement.

Item number (13) is a column for design specification (PAD) expression in the generated program design specification when the input variable and output variable shown in the diagram expression field 4052 are included in the diagram description. As indicated by reference numeral 4053, the expression of the operation definition of PAD in which the input variable is an argument and the value of the output variable is a return value is generated.

Item number (14) is shown in the design specification (PAD) expression column 4053 in the generated program design specification when there is an expression of the operation definition shown in the diagram expression column 4052 in the diagram description. So that
It represents that the expression of the operation definition of PAD is generated.

The correspondence table 405 illustrated in FIGS. 19 and 20 is recursively applied. For example, if the design specifications of the DES algorithm of FIGS. 3, 4 and 5 are generated, the program design specifications as shown in FIGS. 21 and 22 are obtained according to the correspondence table 405.

Here, the program specification by the PAD expression of FIG. 21 corresponds to the combination of the diagram descriptions of FIG. 3 and FIG. For example, the calculation “des_
definition 411 of “main”, declaration 412 of output variable CB,
The expression 426 that returns the output variable CB as the operation result is shown in FIG.
“Input variable B” 101 of FIG. 5, “Input variable K” 151 of FIG.
And “output variable CB” 121 in FIG. 3 contains the item number (1
This is the result of applying the definition of 5).

Similarly, the variables and various operation declarations 413 in FIG. 21 are the “transliteration IP” 103 and the variable sequence “L_i (i = 0..16)” 105, 106 and 11 in FIG.
5. Variable sequence “R_i (i = 0..16)” 107, 108 and 117, Variable sequence “K_i (i = 1.
6) ”109,“ transliteration KP ”153 in FIG. 5, variable sequences“ KL_i (i = 0..16) ”155 and 162, and variable sequences“ KL_i (i = 0..16) ”157 and 16
3. Sequence of shift operations “KS_i (i = 1..16)”
160, “Transcribing PC” 166, and the item number (1) in FIG.
It is the result of applying (2), (3), and (4).

Reference numerals 414 to 419 in FIG. 21 are steps generated by the key generation unit in FIG. The first step 414 of the key generation of FIG. 21 is to apply the item number (6) of FIG. 19 to the “reference” 152 of the data of FIG.
Is a step generated by applying the item number (9) of FIG.

The second step (iteration (1)) 415 of the key generation of FIG. 21 is the “iteration process (1)” 15 of FIG.
This is a step generated by applying the item number (12) in FIG. Also, the first sub-step 4 of repetition (1)
16 refers to the item number (6) of FIG. 19 for the reference of the variable “KL_ (i−1)” and the item number (8) of FIG. 19 for the application of the shift operation “KS_i” 160 to the variable “KL_i”. Figure 1 for substitution
This is a step generated by applying the item number (7) of item 9.
The same applies to the second sub-step 417 of repetition (1). Third step of key generation (iteration (2)) 418
The same applies to sub-step 419.

Reference numerals 420 to 425 in FIG. 21 denote DES in FIG.
Is a step generated from the entire description of the above, and the generation process is the same as that of the key generation unit.

The step 433 of returning the definition 427 of the operation "f" and the calculated value of the operation "f" in FIG. 22 applies the item number (14) of FIG. 20 to the definition 139 of the operation "f" in FIG. It was generated. However, in step 433 which returns the calculated value of the operation “f”, the item number (10) of FIG. 19 is added to the data concatenation 147 of FIG. 4 and the item number (8) of FIG. The expression obtained by applying () is the calculated value of the operation “f”.

The other steps 428 to 432 in FIG.
It is generated in the same manner as the above example.

As described above, the user uses the cipher program design specification generation device 400 of the present embodiment and sets the design specifications of the program that realizes the block cipher algorithm developed by using the block cipher algorithm development support device 200. Can be generated automatically.

Although PAD is used as the program design specification expression in this embodiment, it can be easily realized in the same manner even when other program design specification expression such as a flowchart is used.

[Fourth Embodiment] Next, a block cipher program generation apparatus according to a fourth embodiment of the present invention will be specifically described with reference to the drawings.

FIG. 23 shows a cryptographic program generation device 500.
FIG. 3 is a functional configuration diagram of a cryptographic program generation device 500 according to this embodiment.
No. 0 cryptographic program design specification storage device 404, a design specification syntax analysis device 501 that analyzes the syntax of the block cipher program design specification, and a design specification syntax tree storage device 503 that stores the design specification syntax tree that is the analysis result.
And a program generation device 502 for generating a program from the design specification syntax tree stored in the storage device 503,
It is composed of a design specification program correspondence table 505 which defines correspondence accounting between design specifications and programs, and an encryption program storage device 504 for storing the generated programs.

Details of the operation of the block cipher program generation apparatus according to the fourth embodiment are as follows.

First, the cipher program design specifications stored in the cipher program design specification storage device 404 of the cipher program design specification generation device 400 are syntactically analyzed by the design specification syntactic analysis device 501.

The analysis result is stored in the design specification syntax tree storage device 503. Then, according to the design specification program correspondence table 505, the program generation device 502 generates a program from the design specification syntax tree. The generated program is the encryption program storage device 5
It is stored in 04.

The generated cryptographic program is compiled /
Compiled by linker 506, library 507
Executable cryptographic program 508 is obtained by linking with. The library 507 includes types and procedures of bit data used in the generated cryptographic program.

PA is used as the description notation of the program design specification.
When D (Problem Analysis Diagram) is used and C language is used as a programming language, details of the design specification program correspondence table 505 are defined as shown in FIGS. 24 and 25, for example.

Item number (1) is as shown in the C language expression column 5053 in the generated program when there is a variable declaration shown in the design specification (PAD) expression column 5052 in the program design specification. , A variable declaration of the corresponding bit type is generated.

Item number (2) is shown in the C language expression column 5053 in the generated program when there is a declaration of the variable arrangement shown in the design specification (PAD) expression column 5052 in the program design specification. Thus, the declaration of an array variable of the corresponding bit type is generated.

In the item number (3), when there is a transliteration definition in the program design specification, in the generated program, the definition of the int type array variable is generated as shown in the column 5053 of the C language expression. It means that.

Item number (4) is that if a shift definition shown in the design specification (PAD) expression column 5052 is included in the program design specification, an int type variable definition is generated in the generated program. Is represented.

The item number (5) is as shown in the column 5053 of the C language expression in the generated program when the assignment definition shown in the column 5052 of the design specification (PAD) expression is included in the program design specification. , Int type two-dimensional array variable definitions are generated. However, for example, if the input is 2 bits and 4 bits, the size of the array is 4
(= 2 squared) × 16 (= 2 squared).

Item number (6) is a partial expression of the expression in the sentence in the generated program when the program design specification has an expression indicating the reference of the variable shown in the column 5052 of the design specification (PAD) expression. , It means that a reference to the variable is generated.

The item number (7) is similar to the item number (6), but it indicates that the reference to the array element corresponds to the variable with the subscript.

Item number (8) is a column of C language expression in the generated program when there is an expression representing substitution to a variable shown in the field 5052 of design specification (PAD) expression in the program design specification. As indicated by 5053, it indicates that an assignment statement is generated.

Item number (9) is the same as item number (8), but it is indicated that the subscript variable corresponds to the assignment to the array element.

Item number (10) is a column 5053 of C language expression in the generated program when there is an expression in the program design specification showing application of the operation shown in the column 5052 of design specification (PAD) expression. As shown in, the expression that applies the operation is generated as a partial expression of the expression in the executable statement.

Item numbers (11) to (15) are item numbers (10).
However, each operation of exclusive OR, transliteration, reverse character, shift, and substitution represents that a special expression using a C function corresponding to the operation corresponds.

Item number (16) is a column 5053 of C language expression in the generated program when there is an expression representing division of data shown in the field 5052 of design specification (PAD) expression in the program design specification. , "Div
This means that an executable statement representing data division using the C function "ide" is generated.

Item No. (17) is a C language expression field 5053 in the generated program when the program design specification includes an expression representing the data connection shown in the design specification (PAD) expression field 5052. As shown in, the expression "represents data concatenation" using the C function "concat" is generated as a partial expression of the expression in the executable statement.

Item number (18) is indicated in the C language expression column 5053 in the generated program when the program design specification includes the expression indicating the repetition shown in the design specification (PAD) expression column 5052. So, "for
It means that a "sentence" is generated.

Item number (19) is a C language expression in the generated program when the program design specification has a (return value) expression that returns the value shown in the design specification (PAD) expression column 5052. As shown in column 5053, "retu
"rn sentence" is generated.

Item number (20) is C in the generated program when the operation definition expression shown in the design specification (PAD) expression column 5052 is included in the program design specification.
As shown in the language expression column 5053, the function declaration and definition are generated. This FIG. 24 and FIG.
The correspondence table 405 having the contents shown in FIG. 5 is applied recursively.

When the C language is used as the programming language, the header file of the library 507 is as shown in FIG. 27, for example. In this, the prototypes of the data types and functions used in the C language representation of the correspondence table 405 having the contents shown in FIGS. 24 and 25 are declared.

According to the correspondence table 405 having the contents shown in FIGS. 24 and 25, for example, when the program of the DES algorithm shown in FIG. 21 is generated, FIG.
Programs 4041 and 4042 as shown in (b) are obtained.

FIG. 26A shows a program generated from the design specifications shown in FIG. 21, and FIG. 26B shows the program shown in FIG.
It is a program generated from the design specifications shown in.

As described above, in this embodiment, the program for realizing the block cipher algorithm developed by using the block cipher algorithm development support apparatus 200 and the block cipher program design specification generation apparatus 400 described above is automatically generated. can do. The generated block cipher program can be used as a stub when developing an application program that uses the block cipher.

Although PAD is used as the program design specification expression and C language is used as the programming language in this embodiment, other program design specification expressions such as a flowchart and other programming languages such as C ++ and Pascal are used. Even when used, it can be similarly realized.

[Fifth Embodiment] Next, a block cipher program test support device according to a fifth embodiment of the present invention will be specifically described with reference to the drawings.

FIG. 28 is a functional block diagram of the block cipher program test support apparatus. The block cipher program test support apparatus 600 of this embodiment includes a test schedule storage device 601 for storing the test schedule of the block cipher program, and a storage. The test case selection device 602 for selecting the test case 304 according to the stored test schedule, the cipher program storage device 605 for storing the block cipher program, and the test case 3 selected for the stored block cipher program.
04, a program execution device 603 that gives and executes the encryption key 3042 and the plaintext 3043, the ciphertext as the execution result, and the selected test case 30.
Comparison device 604 for comparing the ciphertext 3044 which is a component of No. 4, and the selected test case 304.
And an encryption program test result storage device 606 for storing a test result 607 including an ID 3041 which is a component of the above and a comparison result of the comparison device 604.

Details of the operation of the block cipher program test support apparatus 600 according to the fifth embodiment are as follows.

First, the user previously generates the test case 304 of the cipher program by the block cipher program test case generation device 300 described above.

Further, the cryptographic program to be tested is stored in the cryptographic program storage device 605, as shown in FIG.
The test schedule 6010 as shown in is stored in the test schedule storage device 601. Then, the block cipher program test support device 600 according to the present embodiment.
30 sequentially executes the tests of the cryptographic program according to the flowchart shown in FIG. 30 and accumulates the results.

First, immediately after the start, it is checked in step 608 whether the tests of all item numbers shown in the test schedule 6010 have been completed. If so, the process ends.
Otherwise, go to step 609.

At step 609, the test case selection device 602 causes the test schedule storage device 601.
29, the next test case 304 is selected from the cryptographic program test case storage device 305 according to the test schedule 6010 as shown in FIG.

In step 610, the program execution unit 603 sets the encryption key 3042 and plaintext 3043, which are the constituents of the selected test case 304, to the encryption program to be tested stored in the encryption program storage unit 605. It is given and executed to generate a ciphertext.

In step 611, the comparison device 604 compares the ciphertext which is the execution result of the cryptographic program to be tested with the ciphertext 3044 which is a constituent element of the selected test case 304.

In step 612, the test result 607 including the ID 3041 which is a component of the selected test case 304 and the comparison result of the comparison device 604 is stored in the cryptographic program test result storage device 606, and the process returns to step 608.

As described above, according to the fifth embodiment, the cryptographic program test case 304 generated by the test case generating apparatus 300 is given to the cryptographic program to be tested according to the test schedule 601, and the cryptographic code to be tested is given. The reliability of the program can be tested.

Each functional block in the development support device described in each of the above embodiments can be realized by a computer-executable program, and the program is stored in a storage medium such as a CDROM and provided to the user. To be done.

[0177]

As described above, according to the present invention, a new cryptographic algorithm that efficiently supports the description and editing of the block cryptographic algorithm based on a pre-defined block cryptographic algorithm notation and can endure a new decryption technique is developed. Can be efficiently supported.

Further, by directly interpreting and executing the block cipher algorithm described by the block cipher algorithm notation, a test case that can be used when testing a program realizing the block cipher algorithm is automatically generated, and the cipher program Can efficiently support the test.

Further, it is possible to automatically generate design specifications of a program suitable for the purpose of program development from the block cipher algorithm described by the block cipher algorithm notation, and efficiently support the generation of the cipher program.

Further, it is possible to automatically generate a program that realizes the block cipher algorithm from the program design specifications automatically generated from the block cipher algorithm, and efficiently support the generation of the cipher program.

Further, in the test process of developing the cryptographic program, the cryptographic program can be efficiently tested by using the automatically generated test cases in accordance with the schedule specified by the user. It is extremely effective in improving efficiency in developing a reliable encryption program.

[Brief description of drawings]

FIG. 1 is a diagram showing a diagram representation used in a cryptographic algorithm specification description notation used in the present invention.

FIG. 2 is a diagram showing a diagram representation used in the cryptographic algorithm specification description notation with FIG. 1.

FIG. 3 is a diagrammatic representation showing an example in which the overall function of a block cipher algorithm DES is described.

FIG. 4 is a diagrammatic representation showing an example in which the function of operation definition in FIG. 3 is described.

5 is a block cipher algorithm DES in FIG.
5 is a diagrammatic representation showing an example in which the function of the key generation unit of FIG.

FIG. 6 is a diagram showing details of a table used for a transliteration, a shift, and a substitution operation used in FIGS. 3, 4, and 5;

FIG. 7 is a functional configuration diagram of the block cipher algorithm development support device according to the first embodiment of the present invention.

8 is a functional configuration diagram of the cipher diagram interpretation / execution device in FIG. 7. FIG.

9 is a functional block diagram of the cryptographic diagram execution environment inspection device in FIG. 7. FIG.

FIG. 10 is a flowchart showing an operation of the cipher diagram interpretation execution device 2.

FIG. 11 is a diagram showing an example of contents of a cryptographic diagram execution environment storage device.

FIG. 12 is a diagram showing an example of the contents of a cryptographic diagram execution environment storage device.

FIG. 13 is a diagram showing an example of contents of a cryptographic diagram execution environment storage device.

FIG. 14 is an explanatory diagram showing an operation example of a cipher diagram interpretation execution device.

FIG. 15 is a flowchart showing a sequel to FIG. 14;

16 is a flowchart showing a continuation of FIG.

FIG. 17 is a functional configuration diagram of a block cipher program test case generation device according to a second embodiment of the present invention.

FIG. 18 is a functional configuration diagram of a block cipher program design specification generation device according to a third embodiment of the present invention.

FIG. 19 is an explanatory diagram showing a definition example of the contents of the diagram design specification correspondence table 405.

FIG. 20 is an explanatory diagram showing a sequel to FIG. 19;

FIG. 21 is an explanatory diagram showing an example of program design specifications corresponding to the DES algorithm of FIGS. 3, 4 and 5;

FIG. 22 is an explanatory diagram showing a sequel to FIG. 21;

FIG. 23 is a functional configuration diagram of a block cipher program generation device according to a fourth embodiment of the present invention.

FIG. 24 is an explanatory diagram showing a definition example of the contents of the design specification program correspondence table 505.

FIG. 25 is an explanatory diagram showing a sequel to FIG. 24;

FIG. 26 is a program list diagram showing an example of a program generated corresponding to the program design specifications of FIGS. 21 and 2.

FIG. 27 is a diagram showing an example of a header file of a C language library for bit operation.

FIG. 28 is a functional configuration diagram of a block cipher program test support device according to a fifth embodiment of the present invention.

FIG. 29 is a diagram showing an example of a test schedule.

FIG. 30 is a flowchart showing the operation of the block cipher program test support device.

[Explanation of symbols]

Reference numeral 200 ... Cryptographic algorithm development support device, 201 ... Cryptographic diagram editing device, 202 ... Cryptographic diagram interpretation execution device, 203 ... Cryptographic diagram execution environment inspection device, 204 ... Cryptographic diagram storage device, 205 ... Cryptographic diagram execution environment storage device, 206 ... Diagram scanning device, 207 ... Computability checking device, 208 ... Initial value setting device, 209 ... Value calculation device, 210 ... Inspection target designation device, 211 ... Inspection result display device, 300 ... Cryptographic program test case generation device, 301 ... ID counting device,
302 ... Key generation device, 303 ... Plaintext generation device, 304 ...
Block cipher program test case, 305 ... Cipher program test case storage device, 400 ... Cipher program design specification generation device, 401 ... Diagram syntax analysis device, 402 ... Design specification generation device, 403 ... Diagram syntax tree storage device, 404 ... Cipher Program design specification storage device, 405 ... Diagram design specification correspondence table, 500 ... Cryptographic program generation device, 501 ... Design specification syntax analysis device, 502 ... Program generation device, 503
... design specification syntax tree storage device, 504 ... encryption program storage device, 505 ... design specification program correspondence table, 5
06 ... Compiler / Linker, 507 ... Library, 50
8 ... Executable format cryptographic program, 600 ... Cryptographic program test support device, 601 ... Test schedule storage device, 602 ... Test case selection device, 603 ... Program execution device, 604 ... Comparison device, 605 ... Cryptographic program storage device, 606 ... Cryptographic program test result storage device, 607 ... Test result.

─────────────────────────────────────────────────── ─── Continuation of front page (51) Int.Cl. ⁷ Identification code FI H04L 9/10 H04L 9/00 611Z 621Z (72) Inventor Toshiyuki Tsutsumi 6-81 Onoue-cho, Naka-ku, Yokohama-shi, Kanagawa Hitachi Software Engineering In-house company (56) Reference JP-A-5-108322 (JP, A) JP-A-6-342258 (JP, A) JP-A-8-190344 (JP, A) (58) Fields investigated (Int .Cl. ⁷ , DB name) G06F 9/44 G06F 9/06 G09C 1/00

Claims (6)

(57) [Claims] 1. A cipher diagram editing means for assisting a user to describe and edit a diagram representation of a block cipher algorithm according to a predefined block cipher algorithm specification description notation, and a block cipher algorithm edited by the cipher diagram editing means. Cipher diagram storing means for storing the diagram representation of the block cipher algorithm, cipher diagram interpretation executing means for interpreting and executing the stored diagram representation of the block cipher algorithm, and storing the state of variables appearing in the diagram representation of the block cipher algorithm under interpretation and execution. A block cipher algorithm opening means for storing a cipher diagram execution environment and a cipher diagram execution environment checking means for checking the contents of the block cipher diagram execution environment storing means. Support device. 2. A block cipher algorithm specification description notation has, as constituent elements, a diagram representation of a variable whose value is bit string data and a diagram representation of an operation on the bit string data, for combining the variable and the operation. As a diagram representation, a diagram representation of a reference operation from the variable, a diagram representation of an assignment operation to the variable, a diagram representation of an operation of applying the operation to the bit string data, and a diagram representation of a split operation of the bit string data. A diagrammatic representation of a concatenation operation of the bit string data, a diagrammatic representation of a duplication operation of the bit string data, a diagrammatic representation of repetitive processing on the bit string data, and a diagrammatic representation for defining an operation on the bit string data. It is characterized by including Motomeko 1 block cipher algorithm development support apparatus according. 3. A cryptographic program test case storage for storing a block cipher program test case consisting of an ID for distinguishing test cases, an encryption key, a plaintext, and a ciphertext obtained by encrypting the plaintext with the encryption key. A block for generating the ciphertext, comprising: means, an ID counting means for generating the ID, a key generating means for generating the encryption key, and a plaintext generating means for generating the plaintext. A block cipher program development support device comprising: a cryptographic algorithm development support means. 4. A diagram syntax analysis means for analyzing a syntax of a diagram representation of a block cipher algorithm, a diagram syntax tree storage means for storing a diagram syntax tree as a result of the analysis, and a program design specification based on the stored diagram syntax tree. And a correspondence table defining a correspondence relationship between a diagram and a program design specification, and a cryptographic program design specification storing means for storing the generated design specification. Block cipher program development support device. 5. A design specification syntax analysis means for analyzing a syntax of a design specification of a block cipher program, a design specification syntax tree storage means for storing a design specification syntax tree as a result of the analysis, and a stored design specification syntax tree. A block cipher program, comprising: a program generation unit that generates a program from a program; a correspondence table that defines a correspondence relationship between design specifications and the program; and a cipher program storage unit that stores the generated program. Development support device. 6. A test schedule storing means for storing a test schedule of a block cipher program, a test case selecting means for selecting a test case according to a test schedule stored in the test schedule storing means, and a cipher for storing a block cipher program. Program storage means, program execution means for executing the stored block cipher program by giving the key and plaintext which are the constituents of the selected test case and executing the ciphertext as the execution result, and the selected test case And a cryptographic program test result storage unit for storing a test result composed of the ID of the selected test case and the comparison result. Characteristic block cipher program development support device