JP4938430B2 - Nonlinear function unit, stream cipher encryption apparatus, decryption apparatus, MAC generation apparatus, stream cipher encryption method, decryption method, MAC generation method, and program - Google Patents

Description

  The present invention relates to a nonlinear function device, a stream cipher encryption device, a decryption device, a MAC generation device, a stream cipher encryption method, a decryption method, a MAC generation method, and a program.

  In recent years, various services using computers have been provided due to the remarkable spread of the Internet. Many of the services provided in this way use encryption to conceal the communication contents. Here, as the encryption method, a common key encryption method in which encryption and decryption are performed with one key is common, but this common key encryption method is roughly divided into a block encryption method and a stream encryption method. Is done.

Since the stream encryption method can be expected to process faster than the block encryption method, for example, as a method for transmitting large-capacity data such as a movie in recent years, attention has been paid to the stream encryption method. There is a problem that the encryption process and the decryption process must be synchronized. For this reason, a self-synchronous stream cipher apparatus that automatically recovers synchronization using a ciphertext received without error of a certain size or more has been proposed (for example, see Patent Document 1).
JP 2001-16197 A

  Here, a generator for generating a periodic sequence and a non-linear filter exist as components of the stream cipher, but its security depends mainly on the non-linear filter configuration method. However, conventionally, since nonlinear processing is performed in units of bits, there has been a problem that the processing speed is not sufficient and the safety is insufficient.

  Therefore, the present invention has been made in view of the above-described problems, and a nonlinear function unit that enables safe and high-speed processing, and an encryption device, a decryption device, a MAC generation device, and a stream cipher using the nonlinear function device, An object of the present invention is to provide an encryption method, a decryption method, a MAC generation method, and a program for a stream cipher.

The present invention proposes the following matters in order to solve the above problems.
(1) The present invention is a non-linear function unit to the bit data of the random number sequence input from the periodic sequence generating unit, and outputs the converted bit data from a plurality of internal memories, each key sequence generator, the periodic sequence A computing unit for computing bit data of a random number sequence input from a generation device and data stored in one internal memory of the plurality of internal memories; data after computation by the computing unit; or the plurality of internal memories The data stored in one of the internal memories is read out and nonlinearly replaced, and the data after the nonlinear replacement is used as input data of the arithmetic unit or other nonlinear replacer as one of the plurality of internal memories and a plurality of non-linear substitution device to be input to said plurality of internal memories, via the plurality of non-linear substitution device, characterized in that it is connected to the annular It has proposed a non-linear function unit for.

  According to the present invention, the plurality of internal memories are connected in a ring shape via the non-linear replacer. Therefore, when this is used for a stream encryption device or the like, the security can be increased synergistically.

(2) The present invention is a non-linear function unit to the bit data of the random number sequence input from the periodic sequence generating unit, and outputs the converted bit data from a plurality of internal memories, each key sequence generator, the periodic sequence a plurality of arithmetic units for calculating the data with random sequence of bit data inputted from the generator is stored to an internal memory of the plurality of internal memory, after the operation by the arithmetic unit data or a plurality of The data stored in one internal memory of the internal memories is read out and nonlinearly replaced, and the data after the nonlinear replacement is used as input data of the arithmetic unit or another nonlinear replacer as one of the plurality of internal memories. comprising a plurality of non-linear substitution device to enter the internal memory, wherein the plurality of internal memory via the plurality of non-linear substitution unit and said plurality of arithmetic units, cyclic It has proposed a non-linear function unit, characterized in that it is connected.

  According to the present invention, a plurality of internal memories are connected in a ring shape via the nonlinear replacer and the arithmetic unit. Therefore, the processing can be speeded up because the number of non-linear replacement units is small.

  (3) In the nonlinear function device of (1) or (2), the present invention provides that the bit length of the bit data of the random number sequence is greater than the bit length of the converted bit data output from the plurality of internal memories. We have proposed a non-linear function unit that is characterized by its long length.

  According to the present invention, the output bit length is longer than the input bit length of the nonlinear function unit. Therefore, this can improve the performance of the entire stream cipher.

  (4) According to the present invention, there is provided a non-linear function device characterized in that the non-linear function device (1) to (3) executes a non-linear replacement process based on a data table stored in advance. is suggesting.

  According to this invention, the non-linear replacement unit executes the non-linear replacement process based on the data table stored in advance. Therefore, it is possible to realize speeding up in software implementation.

  (5) The present invention generates one of the nonlinear function units (1) to (4) (for example, equivalent to the nonlinear function unit 2 in FIG. 1) and bit data of a random number sequence to be input to the nonlinear function unit. Random number sequence data generating means (for example, corresponding to the periodic sequence generating device 1 in FIG. 1) and key sequence data generating means for generating key sequence bit data from the converted bit data output from the nonlinear function unit ( For example, it is equivalent to the key sequence generation unit 3 in FIG. 1) and the exclusive OR operation of the bit sequence of the key sequence generated by the key sequence data generation means and the plaintext to output the ciphertext An encryption apparatus for stream ciphers characterized by comprising OR operation means (for example, corresponding to XOR4 in FIG. 1) is proposed.

  According to the present invention, a stream cipher encryption apparatus can be configured using any one of the nonlinear function units (1) to (4). Therefore, it is possible to configure a stream cipher encryption apparatus that enables safe and high-speed processing.

  (6) The present invention generates any one of the nonlinear function units (1) to (4) (for example, equivalent to the nonlinear function unit 2 in FIG. 4) and bit data of a random number sequence input to the nonlinear function unit. Random number sequence data generation means (for example, corresponding to the periodic sequence generation device 1 in FIG. 4), and key sequence data generation means for generating key sequence bit data from the converted bit data output from the nonlinear function unit ( For example, it is equivalent to the key sequence generation unit 3 in FIG. 4) and the exclusive OR operation of the bit sequence of the key sequence generated by the key sequence data generation means and the ciphertext is performed and the plaintext is output. A stream cipher decryption device characterized by comprising an OR operation means (e.g., corresponding to XOR5 in FIG. 1) is proposed.

  According to the present invention, a stream cipher decryption apparatus can be configured using any one of the nonlinear function units (1) to (4). Therefore, it is possible to configure a stream cipher decryption device that enables safe and high-speed processing.

  (7) The present invention generates one of the nonlinear function units (1) to (4) (e.g., equivalent to the nonlinear function unit 2 in FIG. 6) and the bit data of the random number sequence input to the nonlinear function unit. Random number sequence data generating means (for example, corresponding to the periodic sequence generating device 1 in FIG. 6) and key sequence data generating means for generating key sequence bit data from the converted bit data output from the nonlinear function unit ( For example, it corresponds to the key sequence generation unit 3 in FIG. 6) and the bit sequence of the key sequence generated by the key sequence data generation means and the plaintext are subjected to an exclusive OR operation, and the operation result is obtained as the random number sequence data. And an exclusive OR operation means (for example, equivalent to XOR4 in FIG. 6) which feeds back to the generation means and outputs the final ciphertext as a message authenticator. It has proposed the formation apparatus.

  According to the present invention, the MAC generation device can be configured using any one of the nonlinear function units (1) to (4). Therefore, it is possible to configure a MAC generation device that enables safe and high-speed processing.

  (8) In the first step of the present invention, the bit data of the random number sequence and the first internal memory data are arithmetically added, and the bit data subjected to arithmetic addition is subjected to nonlinear processing and stored in the second internal memory ( For example, it is equivalent to steps S101 and S102 in FIG. 3), the bit data of the random number sequence and the third internal memory data are arithmetically added, and the arithmetically added bit data is subjected to non-linear processing to be stored in the fourth internal memory. A second step (for example, equivalent to steps S101 and S102 in FIG. 3), and a third step (for example, FIG. 3) that performs nonlinear processing on the second internal memory data and stores it in the third internal memory. And a fourth step (for example, equivalent to step S103 in FIG. 3) that performs non-linear processing on the fourth internal memory data and stores it in the first internal memory. And a fifth step (for example, corresponding to step S104 of FIG. 3) for outputting the updated data in each internal memory as a converted bit string, and a sixth step for calculating a key sequence from the converted bit string (E.g., corresponding to step S105 in FIG. 3) and the seventh step (e.g., in step S106 in FIG. 3) of performing the exclusive OR operation of the calculated key sequence and plaintext and outputting the ciphertext And a stream cipher encryption method characterized by comprising:

  According to this invention, the bit data of the random number sequence and the first internal memory data are arithmetically added, and the bit data subjected to the arithmetic addition is subjected to nonlinear processing and stored in the second internal memory. Next, the bit data of the random number sequence and the third internal memory data are arithmetically added, and the bit data subjected to the arithmetic addition is subjected to non-linear processing and stored in the fourth internal memory. The second internal memory data is subjected to nonlinear processing and stored in the third internal memory, and the fourth internal memory data is subjected to nonlinear processing and stored in the first internal memory. Outputs memory data as a converted bit string. Further, a key sequence is calculated from the converted bit string, an exclusive OR operation is performed on the calculated key sequence and plaintext, and a ciphertext is output. Therefore, according to the above, it is possible to encrypt plaintext into ciphertext safely and at high speed.

  (9) The first step of arithmetically adding bit data of the random number sequence and the first internal memory data, performing non-linear processing on the bit data subjected to the arithmetic addition, and storing it in the second internal memory ( For example, it corresponds to steps S201 and S202 in FIG. 5), and the bit data of the random number sequence and the third internal memory data are arithmetically added, and nonlinear processing is performed on the arithmetically added bit data to obtain the fourth internal memory. A second step (for example, corresponding to steps S201 and S202 in FIG. 5) and a third step (for example, FIG. 5) that performs nonlinear processing on the second internal memory data and stores it in the third internal memory. And a fourth step (for example, equivalent to step S203 in FIG. 5) that performs non-linear processing on the fourth internal memory data and stores it in the first internal memory. A fifth step (for example, corresponding to step S204 in FIG. 5) for outputting the updated data in each internal memory as a converted bit string, and a sixth step for calculating a key sequence from the converted bit string (E.g., corresponding to step S205 in FIG. 5) and a seventh step (e.g., in step S206 in FIG. 5) that performs an exclusive OR operation on the calculated key sequence and ciphertext and outputs plaintext A stream cipher decryption method characterized by comprising:

  According to this invention, the bit data of the random number sequence and the first internal memory data are arithmetically added, and the bit data subjected to the arithmetic addition is subjected to nonlinear processing and stored in the second internal memory. Next, the bit data of the random number sequence and the third internal memory data are arithmetically added, and the bit data subjected to the arithmetic addition is subjected to non-linear processing and stored in the fourth internal memory. The second internal memory data is subjected to nonlinear processing and stored in the third internal memory, and the fourth internal memory data is subjected to nonlinear processing and stored in the first internal memory. Outputs memory data as a converted bit string. Further, a key sequence is calculated from the converted bit string, an exclusive OR operation is performed on the calculated key sequence and the ciphertext, and a plaintext is output. Therefore, according to the above, the ciphertext can be decrypted into plaintext safely and at high speed.

  (10) According to the present invention, the bit data of the random number sequence input from the periodic sequence device and the first internal memory data are arithmetically added, and the bit data subjected to the arithmetic addition is subjected to nonlinear processing and stored in the second internal memory. The first step (e.g., corresponding to steps S301 and S302 in FIG. 7), the bit data of the random number sequence input from the periodic sequence device, and the third internal memory data are arithmetically added, and the bit data subjected to the arithmetic addition A second step (for example, equivalent to steps S301 and S302 in FIG. 7) that is subjected to nonlinear processing and stored in the fourth internal memory, and third internal memory that is subjected to nonlinear processing on the second internal memory data And a third step (for example, corresponding to step S303 in FIG. 7) and a fourth step of performing non-linear processing on the fourth internal memory data and storing it in the first internal memory Step (for example, corresponding to step S303 in FIG. 7), a fifth step (for example, corresponding to step S304 in FIG. 7) for outputting the updated internal memory data as a converted bit string, and the conversion A sixth step (for example, corresponding to step S305 in FIG. 7) for calculating a key sequence from the calculated bit string, an exclusive OR operation of the calculated key sequence and plaintext, and calculating the result as the period And a seventh step (for example, corresponding to steps S306, S307, and S308 in FIG. 7) for feeding back to the affiliated device and outputting the final ciphertext as a message authenticator. Proposed method.

  According to this invention, the bit data of the random number sequence and the first internal memory data are arithmetically added, and the bit data subjected to the arithmetic addition is subjected to nonlinear processing and stored in the second internal memory. Next, the bit data of the random number sequence and the third internal memory data are arithmetically added, and the bit data subjected to the arithmetic addition is subjected to non-linear processing and stored in the fourth internal memory. The second internal memory data is subjected to nonlinear processing and stored in the third internal memory, and the fourth internal memory data is subjected to nonlinear processing and stored in the first internal memory. Outputs memory data as a converted bit string. Furthermore, the key sequence is calculated from the converted bit sequence, the exclusive OR operation of the calculated key sequence and the plaintext is performed, the calculation result is fed back to the periodic sequence device, and the final ciphertext is authenticated by the message. Output as a child. Therefore, according to the above, the MAC can be generated safely and at high speed.

  (11) The present invention is a program for causing a computer to execute a stream cipher encryption method, arithmetically adding bit data of a random number sequence and first internal memory data, to the bit data subjected to arithmetic addition A first step (for example, equivalent to steps S101 and S102 in FIG. 3) that performs nonlinear processing and stores the second internal memory, and arithmetically adds the bit data of the random number sequence and the third internal memory data, A second step (for example, equivalent to steps S101 and S102 in FIG. 3) for performing nonlinear processing on the bit data subjected to arithmetic addition and storing it in the fourth internal memory, and performing nonlinear processing on the second internal memory data The third step (for example, corresponding to step S103 in FIG. 3) stored in the third internal memory and the fourth internal memory data are subjected to nonlinear processing. A fourth step (for example, corresponding to step S103 in FIG. 3) for storing in the first internal memory, and a fifth step (for example, FIG. 3) for outputting the updated data in each internal memory as a converted bit string. 6) (corresponding to step S105 in FIG. 3), and an exclusive OR of the calculated key sequence and plaintext. A program is proposed for causing a computer to execute a seventh step (for example, corresponding to step S106 in FIG. 3) that performs computation and outputs a ciphertext.

  According to this invention, the bit data of the random number sequence and the first internal memory data are arithmetically added, and the bit data subjected to the arithmetic addition is subjected to nonlinear processing and stored in the second internal memory. Next, the bit data of the random number sequence and the third internal memory data are arithmetically added, and the bit data subjected to the arithmetic addition is subjected to non-linear processing and stored in the fourth internal memory. The second internal memory data is subjected to nonlinear processing and stored in the third internal memory, and the fourth internal memory data is subjected to nonlinear processing and stored in the first internal memory. Outputs memory data as a converted bit string. Further, a key sequence is calculated from the converted bit string, an exclusive OR operation is performed on the calculated key sequence and plaintext, and a ciphertext is output. Therefore, according to the above, it is possible to encrypt plaintext into ciphertext safely and at high speed.

  (12) The present invention is a program for causing a computer to execute a method of decrypting a stream cipher. The bit data of a random number sequence and first internal memory data are arithmetically added to the arithmetically added bit data. A first step (for example, equivalent to steps S201 and S202 in FIG. 5) that performs non-linear processing and stores the second internal memory, arithmetically adds the bit data of the random number sequence and the third internal memory data, A second step (for example, equivalent to steps S201 and S202 in FIG. 5) that performs non-linear processing on the bit data subjected to arithmetic addition and stores it in the fourth internal memory, and non-linear processing is performed on the second internal memory data. The third step (for example, corresponding to step S203 in FIG. 5) stored in the third internal memory and the fourth internal memory data are subjected to nonlinear processing. A fourth step (for example, corresponding to step S203 in FIG. 5) for storing in the first internal memory, and a fifth step (for example, FIG. 5) for outputting the updated data in each internal memory as a converted bit string. 6) (corresponding to step S205 in FIG. 5), an exclusive logic between the calculated key sequence and the ciphertext, and a sixth step for calculating a key sequence from the converted bit string. A program is proposed for causing a computer to execute a seventh step (for example, corresponding to step S206 in FIG. 5) that performs a sum operation and outputs a plaintext.

  According to this invention, the bit data of the random number sequence and the first internal memory data are arithmetically added, and the bit data subjected to the arithmetic addition is subjected to nonlinear processing and stored in the second internal memory. Next, the bit data of the random number sequence and the third internal memory data are arithmetically added, and the bit data subjected to the arithmetic addition is subjected to non-linear processing and stored in the fourth internal memory. The second internal memory data is subjected to nonlinear processing and stored in the third internal memory, and the fourth internal memory data is subjected to nonlinear processing and stored in the first internal memory. Outputs memory data as a converted bit string. Further, a key sequence is calculated from the converted bit string, an exclusive OR operation is performed on the calculated key sequence and the ciphertext, and a plaintext is output. Therefore, according to the above, the ciphertext can be decrypted into plaintext safely and at high speed.

  (13) The present invention is a program for causing a computer to execute a MAC generation method, wherein the random number sequence bit data input from the periodic sequence device and the first internal memory data are arithmetically added and arithmetically added. A first step (for example, equivalent to steps S301 and S302 in FIG. 7) for performing non-linear processing on the bit data and storing it in the second internal memory, a random number sequence bit data input from the periodic sequence device, and a third A second step (for example, corresponding to steps S301 and S302 in FIG. 7), which performs arithmetic addition with the internal memory data, performs nonlinear processing on the bit data subjected to the arithmetic addition, and stores the result in the fourth internal memory; A third step (for example, corresponding to step S303 in FIG. 7) of performing a non-linear process on the internal memory data and storing it in the third internal memory; A fourth step (for example, corresponding to step S303 in FIG. 7) that performs non-linear processing on the internal memory data and stores it in the first internal memory, and outputs the updated data in each internal memory as a converted bit string A fifth step (for example, corresponding to step S304 in FIG. 7), a sixth step (for example, corresponding to step S305 in FIG. 7) for calculating a key sequence from the converted bit string, and the calculated key A seventh step (for example, step S306 in FIG. 7) performs an exclusive OR operation between the sequence and the plaintext, feeds back the operation result to the periodic sequence device, and outputs the final ciphertext as a message authenticator. , Corresponding to S307 and S308), are proposed.

  According to this invention, the bit data of the random number sequence and the first internal memory data are arithmetically added, and the bit data subjected to the arithmetic addition is subjected to nonlinear processing and stored in the second internal memory. Next, the bit data of the random number sequence and the third internal memory data are arithmetically added, and the bit data subjected to the arithmetic addition is subjected to non-linear processing and stored in the fourth internal memory. The second internal memory data is subjected to nonlinear processing and stored in the third internal memory, and the fourth internal memory data is subjected to nonlinear processing and stored in the first internal memory. Outputs memory data as a converted bit string. Furthermore, the key sequence is calculated from the converted bit sequence, the exclusive OR operation of the calculated key sequence and the plaintext is performed, the calculation result is fed back to the periodic sequence device, and the final ciphertext is authenticated by the message. Output as a child. Therefore, according to the above, the MAC can be generated safely and at high speed.

  According to the present invention, since a plurality of internal memories are connected in a ring shape through at least a non-linear replacer, when this is used in a stream cipher apparatus or the like, safety can be increased synergistically. There is an effect that can be done. Further, since the output bit length is longer than the input bit length of the nonlinear function unit, this has the effect of improving the performance of the entire stream cipher. Furthermore, since the non-linear replacement unit executes the non-linear replacement process based on the data table stored in advance, there is an effect that it is possible to realize high speed in software implementation.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
Note that the constituent elements in the present embodiment can be appropriately replaced with existing constituent elements and the like, and various variations including combinations with other existing constituent elements are possible. Therefore, the description of the present embodiment does not limit the contents of the invention described in the claims.

[First Embodiment]
<Configuration of Stream Cipher Encryption Device>
As shown in FIG. 1, the stream cipher encryption apparatus according to the present embodiment includes a periodic sequence generation device 1, a nonlinear function unit 2, a key sequence generation unit 3, and an exclusive OR calculator (XOR) 4. It consists of and.

  The periodic sequence generation device 1 generates a bit string of a random number sequence and supplies it to the nonlinear function unit 2. The nonlinear function unit 2 inputs the supplied bit string of the random number sequence, and outputs the converted bit string. Details of the configuration will be described later. The key sequence generation unit 3 generates a bit sequence of the key sequence from the converted bit sequence output from the nonlinear function unit 2. The exclusive OR operator (XOR) 4 inputs the bit string of the key sequence generated by the key sequence generation unit 3 and the plaintext, and outputs the ciphertext by executing these exclusive OR operations.

<Configuration of nonlinear function part>
As shown in FIG. 2, the non-linear function unit 2 includes a plurality of internal memories 11, 12, 13, and 14 (L1, L2, R1, and R2 in the figure), adders 15a and 15b, and a non-linear substituter (sub ) 16a, 16b, 16c, 16d. As shown in FIG. 2, the nonlinear function unit according to the present embodiment includes L 2 → adder 15 a → nonlinear substituter (sub) 16 b → R 2 → nonlinear substituter (sub) 16 d → R 2 → adder 15 b → nonlinear substituter. A plurality of internal memories 11, 12, 13, 14 such as (sub) 16 c → L 1 → nonlinear permuter (sub) 16 a → L 2 are connected in a ring shape via the non-linear permuters (sub) 16 a, 16 b, 16 c, 16 d There is a feature in that. By adopting such a configuration, it is possible to synergistically increase the effect of non-linear replacement and improve the security of the encryption device or the like.

  Since the plurality of internal memories 11, 12, 13, and 14 are configured as described above, the data in the adjacent internal memories are nonlinearly replaced by the nonlinear replacement units (sub) 16 a, 16 b, 16 c, and 16 d. The updated data is output as a converted bit string.

  The adders 15a and 15b add the bit sequence of the random number sequence output from the periodic sequence generation device 1 and the bit sequence data stored in some of the plurality of internal memories 11, 12, 13, and 14. It is a computing unit. In the present embodiment, the adders 15a and 15b are exemplified, but an exclusive OR calculator (XOR) may be used instead.

  The non-linear replacement units (sub) 16a, 16b, 16c, and 16d perform non-linear replacement on input bit string data. The non-linear permuters (sub) 16a, 16b, 16c, and 16d are provided with a data table that stores a result calculated in advance by a desired function in association with input bit string data (not shown). Thereby, high-speed processing in software implementation can be realized. In addition, as shown in FIG. 2, the nonlinear function unit of the present embodiment has a configuration of two inputs and four outputs. Thus, by increasing the output bit length with respect to the input bit length, the performance of the entire stream cipher can be improved. Furthermore, the input lengths and output lengths of the adders 15a and 15b and the nonlinear permuters (sub) 16a, 16b, 16c, and 16d are both the CPU word length (for example, 32 bits). Therefore, efficient software implementation is possible.

  As shown in FIG. 3, a plurality of internal memories 11, 12 such as L2 → adder 15a → R2 → nonlinear replacement (sub) 16d → R2 → adder 15b → L1 → nonlinear replacement (sub) 16a → L2 , 13, 14 may be connected in a circular manner via non-linear permuters (sub) 16 a, 16 d and adders 15 a, 15 b. In this case, since the number of non-linear replacement units (sub) is reduced, there is an advantage that the processing speed can be improved.

<Processing of encryption device for stream cipher>
Next, the processing of the stream cipher encryption apparatus will be described with reference to FIG.
First, the bit sequence input from the periodic sequence generation device 1 and the internal memories L2 and R2 are individually subjected to arithmetic addition processing in adders 15a and 15b, and then nonlinearly replaced in nonlinear permuters (sub) 16b and 16c. A replacement process is performed (step S101). The value calculated from the internal memory L2 is stored in the internal memory R1, and the value calculated from the internal memory R2 is stored in the internal memory L1 (step S102).

  Next, the values originally stored in the internal memories L1 and R1 are subjected to nonlinear replacement in the nonlinear replacement units (sub) 16a and 16d, and then stored in the internal memories L2 and R2 (step S103). Then, the updated information in the internal memories R1, R2, L1, and L2 is output as a converted bit string (step S104).

  Further, the key sequence generation unit 3 calculates and outputs the bit sequence of the key sequence from the output bit sequence (step S105), and inputs the bit sequence of the key sequence and the plaintext to the exclusive OR calculator (XOR) 4. Then, an exclusive OR operation is performed and output as ciphertext (step S106).

  Therefore, in the stream cipher encryption apparatus according to the present embodiment, the apparatus is configured by the above-described nonlinear function unit, so that safe and high-speed processing can be realized.

[Second Embodiment]
<Configuration of Decryption Device for Stream Cipher>
As shown in FIG. 5, the stream cipher decryption device according to the present embodiment includes a periodic sequence generation device 1, a nonlinear function unit 2, a key sequence generation unit 3, and an exclusive OR calculator (XOR) 5. It consists of and. In addition, about the element which attaches | subjects the code | symbol similar to 1st Embodiment, since it has the same function, detailed description is abbreviate | omitted. In the stream cipher decryption apparatus according to the present embodiment, an exclusive OR calculator (XOR) 5 is generated by the key sequence generation unit 3 as compared with the stream cipher encryption apparatus according to the first embodiment. The key sequence and the ciphertext are inputted, and a plaintext is outputted by executing these exclusive OR operations.

<Processing of Decryption Device for Stream Cipher>
Next, the processing of the stream cipher decryption apparatus will be described with reference to FIG.
First, the bit sequence input from the periodic sequence generation device 1 and the internal memories L2 and R2 are individually subjected to arithmetic addition processing in adders 15a and 15b, and then nonlinearly replaced in nonlinear permuters (sub) 16b and 16c. A replacement process is performed (step S201). The value calculated from the internal memory L2 is stored in the internal memory R1, and the value calculated from the internal memory R2 is stored in the internal memory L1 (step S202).

  Next, the values originally stored in the internal memories L1 and R1 are subjected to nonlinear replacement in the nonlinear replacement units (sub) 16a and 16d, and then stored in the internal memories L2 and R2 (step S203). Then, the updated information in the internal memories R1, R2, L1, and L2 is output as a converted bit string (step S204).

  Further, the key sequence generation unit 3 calculates and outputs a key sequence bit sequence from the output bit sequence (step S205), and inputs the key sequence bit sequence and the ciphertext to the exclusive OR calculator (XOR) 5. Then, an exclusive OR operation is performed and output as plain text (step S206).

  Therefore, in the decryption apparatus for stream cipher of the present embodiment, the apparatus is configured by the nonlinear function unit, so that safe and high-speed processing can be realized.

[Third Embodiment]
<Configuration of MAC generator>
As shown in FIG. 7, the MAC generation device according to the present embodiment includes a periodic sequence generation device 1, a nonlinear function unit 2, a key sequence generation unit 3, and an exclusive OR calculator (XOR) 4. Has been. In addition, about the element which attaches | subjects the code | symbol similar to 1st Embodiment, since it has the same function, detailed description is abbreviate | omitted. The basic configuration of the MAC generation apparatus according to this embodiment is the same as that of the stream cipher encryption apparatus according to the first embodiment, except that the ciphertext output from the exclusive OR calculator (XOR) 4 is a period. The difference is that feedback is made to the sequence generation device 1.

<Process of MAC generator>
Next, processing of the MAC generation device will be described with reference to FIG.
First, the bit sequence input from the periodic sequence generation device 1 and the internal memories L2 and R2 are individually subjected to arithmetic addition processing in adders 15a and 15b, and then nonlinearly replaced in nonlinear permuters (sub) 16b and 16c. A replacement process is performed (step S301). The value calculated from the internal memory L2 is stored in the internal memory R1, and the value calculated from the internal memory R2 is stored in the internal memory L1 (step S302).

  Next, the values originally stored in the internal memories L1 and R1 are subjected to nonlinear replacement in the nonlinear replacement units (sub) 16a and 16d, and then stored in the internal memories L2 and R2 (step S303). Then, the updated information in the internal memories R1, R2, L1, and L2 is output as a converted bit string (step S304).

  Further, the bit sequence of the key sequence is calculated and output from the bit sequence output in the key sequence generation unit 3 (step S305), the bit sequence of the key sequence and the plaintext are input to the exclusive OR calculator (XOR) 4, An exclusive OR operation is performed and output as a ciphertext, which is fed back to the periodic sequence generation device 1 (step S306).

  Then, it is determined whether or not all plaintexts have been input (step S307). When it is determined that all plaintexts have been input (“Yes” in step S307), a message authenticator is output (step S308). When it is determined that no plaintext is input (“No” in step S307), the process returns to step S301 to continue the process.

  Therefore, in the MAC generation apparatus according to the present embodiment, the apparatus is configured by the above-described nonlinear function unit, so that safe and high-speed processing can be realized.

  The above-described series of processing is recorded as a program on a computer-readable recording medium, and the program recorded on the recording medium is read by a stream cipher encryption device, a stream cipher decryption device, and a MAC generation device, By executing this, the stream cipher encryption apparatus, stream cipher decryption apparatus, and MAC generation apparatus of the present invention can be realized.

  In addition, if a WWW (World Wide Web) system is used, a homepage providing environment (or display environment) is also included. Further, the program may be transmitted from a computer storing the program in a storage device or the like to another computer via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.

  The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer, what is called a difference file (difference program) may be sufficient.

  Note that the present invention can be widely applied to various stream cipher evaluations. Therefore, it can be widely used for system construction in broadband communication using stream cipher and mobile communication including mobile phones.

  The embodiments of the present invention have been described in detail with reference to the drawings. However, the specific configuration is not limited to the embodiments, and includes designs and the like that do not depart from the gist of the present invention.

It is a figure which shows the structure of the encryption apparatus of the stream encryption which concerns on 1st Embodiment. It is a figure which shows the structure of the nonlinear function part which concerns on 1st Embodiment. It is a modification which shows the structure of the nonlinear function part which concerns on 1st Embodiment. It is a processing flow of the encryption apparatus of the stream encryption which concerns on 1st Embodiment. It is a figure which shows the structure of the decoding apparatus of the stream encryption which concerns on 2nd Embodiment. It is a processing flow of the decryption apparatus of the stream encryption which concerns on 2nd Embodiment. It is a figure which shows the structure of the MAC production | generation apparatus which concerns on 3rd Embodiment. It is a processing flow of the MAC production | generation apparatus which concerns on 3rd Embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Periodic sequence production | generation apparatus 2 ... Nonlinear function part 3 ... Key sequence production | generation part 4, 5 ... XOR
11, 12, 13, 14... Internal memory (L1, L2, R1, R2)
15a, 15b ... adders 16a, 16b, 16c, 16d ... non-linear replacement (sub)

Claims (13)

A nonlinear function unit that inputs bit data of a random number sequence from a periodic sequence generation device and outputs the converted bit data from a plurality of internal memories to a key sequence generator ,
An arithmetic unit that calculates bit data of a random number sequence input from the periodic sequence generation device and data stored in one internal memory of the plurality of internal memories;
Data after computation by the computing unit or data stored in one internal memory of the plurality of internal memories is read out and nonlinearly replaced, and the data after the nonlinear replacement is stored in the computing unit or other nonlinear replacing unit A plurality of non-linear substituters that input as input data to one of the plurality of internal memories ;
With
The non-linear function unit, wherein the plurality of internal memories are connected in a ring shape via the plurality of non-linear substituters. A nonlinear function unit that inputs bit data of a random number sequence from a periodic sequence generation device and outputs the converted bit data from a plurality of internal memories to a key sequence generator ,
A plurality of arithmetic units for calculating bit data of a random number sequence input from the periodic sequence generation device and data stored in one internal memory among the plurality of internal memories;
Data after computation by the computing unit or data stored in one internal memory of the plurality of internal memories is read out and nonlinearly replaced, and the data after the nonlinear replacement is stored in the computing unit or other nonlinear replacing unit A plurality of non-linear substituters that input as input data to one of the plurality of internal memories ;
With
The non-linear function unit, wherein the plurality of internal memories are connected in a ring through the plurality of non-linear substituters and the plurality of arithmetic units.   3. The nonlinear function device according to claim 1, wherein a bit length of the bit data of the random number series is longer than a bit length of the converted bit data output from the plurality of internal memories.   4. The nonlinear function device according to claim 1, wherein the nonlinear replacement device performs nonlinear replacement processing based on a data table stored in advance. The nonlinear function device according to any one of claims 1 to 4,
Random number sequence data generating means for generating bit data of a random number sequence to be input to the nonlinear function unit;
Key sequence data generation means for generating bit sequence bit data from the converted bit data output from the nonlinear function unit;
An exclusive OR operation unit that performs an exclusive OR operation between the bit data of the key sequence generated by the key sequence data generation unit and the plaintext, and outputs a ciphertext;
A stream cipher encryption apparatus comprising: The nonlinear function device according to any one of claims 1 to 4,
Random number sequence data generating means for generating bit data of a random number sequence to be input to the nonlinear function unit;
Key sequence data generation means for generating bit sequence bit data from the converted bit data output from the nonlinear function unit;
An exclusive OR operation means for performing an exclusive OR operation between the bit data of the key sequence generated in the key sequence data generation means and the ciphertext, and outputting a plaintext;
An apparatus for decrypting a stream cipher, comprising: The nonlinear function device according to any one of claims 1 to 4,
Random number sequence data generating means for generating bit data of a random number sequence to be input to the nonlinear function unit;
Key sequence data generation means for generating bit sequence bit data from the converted bit data output from the nonlinear function unit;
Performs an exclusive OR operation between the bit data of the key sequence generated by the key sequence data generation means and the plaintext, feeds back the operation result to the random number sequence data generation means, and authenticates the final ciphertext by message authentication. An exclusive OR operation means for outputting as a child;
A MAC generation device comprising: A first step of performing arithmetic addition of the bit data of the random number sequence and the first internal memory data, performing non-linear processing on the bit data subjected to the arithmetic addition, and storing the result in the third internal memory;
A second step of arithmetically adding the bit data of the random number sequence and the second internal memory data, performing non-linear processing on the bit data subjected to the arithmetic addition, and storing the result in the fourth internal memory;
A third step of performing non-linear processing on the third internal memory data and storing it in the second internal memory;
A fourth step of performing non-linear processing on the fourth internal memory data and storing it in the first internal memory;
A fifth step of outputting the updated data in each internal memory as a converted bit string;
A sixth step of calculating a key sequence from the converted bit string;
A seventh step of performing an exclusive OR operation between the calculated key sequence and the plaintext, and outputting a ciphertext;
A stream cipher encryption method characterized by comprising: A first step of performing arithmetic addition of the bit data of the random number sequence and the first internal memory data, performing non-linear processing on the bit data subjected to the arithmetic addition, and storing the result in the second internal memory;
A second step of arithmetically adding the bit data of the random number sequence and the third internal memory data, performing non-linear processing on the bit data subjected to the arithmetic addition, and storing it in the fourth internal memory;
A third step of performing non-linear processing on the second internal memory data and storing in the third internal memory;
A fourth step of performing non-linear processing on the fourth internal memory data and storing it in the first internal memory;
A fifth step of outputting the updated data in each internal memory as a converted bit string;
A sixth step of calculating a key sequence from the converted bit string;
A seventh step of performing an exclusive OR operation between the calculated key sequence and the ciphertext and outputting a plaintext;
A method of decrypting a stream cipher, comprising: A first step of performing arithmetic addition on the bit data of the random number sequence input from the periodic sequence device and the first internal memory data, performing non-linear processing on the bit data subjected to arithmetic addition, and storing the bit data in the second internal memory;
A second step of performing arithmetic addition of the bit data of the random number sequence input from the periodic sequence device and the third internal memory data, subjecting the bit data subjected to arithmetic addition to nonlinear processing, and storing the result in the fourth internal memory;
A third step of performing non-linear processing on the second internal memory data and storing in the third internal memory;
A fourth step of performing non-linear processing on the fourth internal memory data and storing it in the first internal memory;
A fifth step of outputting the updated data in each internal memory as a converted bit string;
A sixth step of calculating a key sequence from the converted bit string;
A seventh step of performing an exclusive OR operation between the calculated key sequence and the plaintext, feeding back the operation result to the periodic sequence device, and outputting a final ciphertext as a message authenticator;
A MAC generation method comprising: A program for causing a computer to execute an encryption method of a stream cipher, wherein the bit data of the random number sequence and the first internal memory data are arithmetically added, and non-linear processing is performed on the bit data that has been arithmetically added. A first step of storing in the internal memory of
A second step of arithmetically adding the bit data of the random number sequence and the third internal memory data, performing non-linear processing on the bit data subjected to the arithmetic addition, and storing it in the fourth internal memory;
A third step of performing non-linear processing on the second internal memory data and storing in the third internal memory;
A fourth step of performing non-linear processing on the fourth internal memory data and storing it in the first internal memory;
A fifth step of outputting the updated data in each internal memory as a converted bit string;
A sixth step of calculating a key sequence from the converted bit string;
A seventh step of performing an exclusive OR operation between the calculated key sequence and the plaintext, and outputting a ciphertext;
A program that causes a computer to execute. A program for causing a computer to execute a stream cipher decryption method,
A first step of performing arithmetic addition of the bit data of the random number sequence and the first internal memory data, performing non-linear processing on the bit data subjected to the arithmetic addition, and storing the result in the second internal memory;
A second step of arithmetically adding the bit data of the random number sequence and the third internal memory data, performing non-linear processing on the bit data subjected to the arithmetic addition, and storing it in the fourth internal memory;
A third step of performing non-linear processing on the second internal memory data and storing in the third internal memory;
A fourth step of performing non-linear processing on the fourth internal memory data and storing it in the first internal memory;
A fifth step of outputting the updated data in each internal memory as a converted bit string;
A sixth step of calculating a key sequence from the converted bit string;
A seventh step of performing an exclusive OR operation between the calculated key sequence and the ciphertext and outputting a plaintext;
A program that causes a computer to execute. A program for causing a computer to execute a MAC generation method,
A first step of performing arithmetic addition on the bit data of the random number sequence input from the periodic sequence device and the first internal memory data, performing non-linear processing on the bit data subjected to arithmetic addition, and storing the bit data in the second internal memory;
A second step of performing arithmetic addition of the bit data of the random number sequence input from the periodic sequence device and the third internal memory data, subjecting the bit data subjected to arithmetic addition to nonlinear processing, and storing the result in the fourth internal memory;
A third step of performing non-linear processing on the second internal memory data and storing in the third internal memory;
A fourth step of performing non-linear processing on the fourth internal memory data and storing it in the first internal memory;
A fifth step of outputting the updated data in each internal memory as a converted bit string;
A sixth step of calculating a key sequence from the converted bit string;
A seventh step of performing an exclusive OR operation between the calculated key sequence and the plaintext, feeding back the operation result to the periodic sequence device, and outputting a final ciphertext as a message authenticator;
A program that causes a computer to execute.

Images