JP5110956B2 - Encryption device and decryption device - Google Patents

Description

  The present invention relates to an encryption and decryption technique using, for example, synchronization information called an initial vector (IV).

There is a technique for encrypting information using synchronization information called an initial vector. In this technique, a terminal on the transmission side of digital information generates an initial vector, and encrypts the digital information using the generated initial vector. The transmitting terminal transmits the generated initial vector together with the encrypted digital information to the receiving terminal. The terminal on the digital information receiving side decrypts the encrypted digital information using the received initial vector. Here, the terminal on the transmission side generates an initial vector independently of the digital information to be encrypted (see Non-Patent Document 1).
William Stirlings, Ishibashi, Mikawa, Fukuda, "Cryptography and Network Security Theory and Practice", Pearson Education, 2001, 484-485

  In the conventional technology, an initial vector is generated independently of information to be encrypted. Therefore, when digital information is transmitted after being encrypted, the amount of data to be transmitted is smaller than when digital information is transmitted without being encrypted. More vectors. For this reason, there is a problem that transmission efficiency decreases when data is transmitted after being encrypted by the conventional technology. In particular, when an initial vector is generated and transmitted for each packet or frame in a communication path in which information is transmitted using a format having a short packet length or frame length, transmission efficiency is significantly reduced.

  In addition, when digital information is transmitted, there is a possibility that a data error occurs in the digital information (noise is added) on the transmission path. Here, if a data error occurs in the initial vector in the transmission path, the data error increases during decryption due to the nature of the encryption. That is, when a data error occurs in the initial vector in the transmission path, there is a problem that many data errors occur in the decoded data. For example, when digital voice is encrypted and transmitted, if a data error occurs in the initial vector, there is a problem that the quality of the voice information may be remarkably deteriorated.

  An object of the present invention is, for example, to encrypt and transmit digital information without reducing transmission efficiency. It is another object of the present invention to suppress the influence on the quality of voice information when a data error occurs in an initial vector in a transmission path.

The encryption device according to the present invention is, for example, an encryption device that encrypts information based on an initial vector and a predetermined key,
A plaintext information input unit for inputting plaintext information;
The plaintext information input by the plaintext information input unit, the encryption side splitting unit for generating the encryption target data to be encrypted and the non-encryption target data not to be encrypted;
Selecting at least part of the non-encryption target data generated by the encryption side dividing unit as selection information, and generating an IV based on the selection information;
An encryption unit that encrypts the encryption target data and generates encryption information using an IV generated by the encryption side IV generation unit and a predetermined key stored in advance in a storage device;
An encryption unit generated by the encryption unit and an output unit that outputs the non-encryption target data are provided.

  In the encryption apparatus according to the present invention, an initial vector is generated based on a part of the input plaintext information. Therefore, the data amount does not increase by the initial vector. Therefore, the amount of data to be transmitted does not increase due to the encryption process. That is, even if encryption processing is performed when transmitting information, transmission efficiency is not reduced.

Embodiment 1 FIG.
In this embodiment, an encryption device 10 that does not increase the amount of information transmitted by encryption processing and a decryption device 20 that decrypts information encrypted by the encryption device 10 will be described. Here, a description will be given using audio information as an example of information to be transmitted.
The encryption device 10 and the decryption device 20 according to this embodiment use a part of the input voice information as an initial vector to prevent an increase in the amount of data transmitted by the encryption process.

  First, the external appearance of the encryption device 10 and the decryption device 20 in this embodiment and the following embodiments will be described. FIG. 1 is a diagram illustrating an example of an appearance of a transmission / reception system 100 including an encryption device 10 and a decryption device 20.

As shown in FIG. 1, the transmission / reception system 100 includes a mobile phone 916, a mobile phone 917, and a base station server 918, for example. The mobile phone 916 and the mobile phone 917 are examples of the encryption device 10 and the decryption device 20.
Here, the cellular phone 916 and the cellular phone 917 transmit and receive voice information and the like via wireless communication via the base station server 918. When audio information is transmitted from the mobile phone 916 to the mobile phone 917, the mobile phone 916 on the transmission side is the encryption device 10 and the mobile phone 917 on the reception side is the decryption device 20. Conversely, when transmitting voice information from the mobile phone 917 to the mobile phone 916, the mobile phone 917 on the transmission side is the encryption device 10 and the mobile phone 916 on the reception side is the decryption device 20.
Here, the mobile phone is an example of the encryption device 10 and the decryption device 20, but the encryption device 10 and the decryption device 20 may not be mobile phones. The encryption device 10 and the decryption device 20 may be, for example, a computer such as a PC (Personal Computer) or a server, or may be a component provided in a mobile phone such as the mobile phone 916, a PC, or a server. . Further, the base station server 918 may be the encryption device 10 or the decryption device 20.

Next, the hardware configuration of the encryption device 10 and the decryption device 20 in this embodiment and the following embodiments will be described. FIG. 2 is a diagram illustrating an example of the hardware configuration of the encryption device 10, the decryption device 20, and the like.
As shown in FIG. 2, the encryption device 10 and the decryption device 20 include a CPU 911 (Central Processing Unit, a central processing unit, a processing unit, an arithmetic unit, a microprocessor, a microcomputer, and a processor that executes a program. Say). The CPU 911 is connected to the ROM 913, the RAM 914, the keyboard 902, the microphone 903, the speaker 904, and the communication board 915 with an antenna via the bus 912, and controls these hardware devices. Further, the CPU 911 may be a DSP (Digital Signal Processor). Further, wired communication without an antenna may be performed.

  The ROM 913 is an example of a nonvolatile memory. The RAM 914 is an example of a volatile memory. The ROM 913 and the RAM 914 are examples of storage devices. The communication board 915, the keyboard 902, and the microphone 903 are examples of input devices. The speaker 904 and the communication board 915 are examples of an output device. Furthermore, the communication board 915 is an example of a communication device.

  In the ROM 913, for example, an operating system 921 (OS), a program group 922, and a file group 923 are stored. The programs in the program group 922 are executed by the CPU 911 and the operating system 921.

The program group 922 includes “speech information input unit 11”, “speech encoding unit 12 (plaintext information input unit)”, “encryption side division unit 13”, “encryption side IV generation unit 14”, “Encryption unit 15”, “encryption side coupling unit 16”, “output unit 17”, “error detection code generation unit 18”, “error correction code generation unit 19”, “encryption information input unit 21”, “decryption side” "Dividing unit 22", "decoding side IV generating unit 23", "decoding unit 24", "decoding side combining unit 25", "voice decoding unit 26", "error correcting unit 27", "error detecting unit 28", " A program for executing a function described as “control unit 29” and the like and other programs are stored. The program is read and executed by the CPU 911.
In the following description, the file group 923 includes “voice information”, “voice code information”, “encryption target data”, “non-encryption target data”, “initial vector”, “encryption information”, “output data”, Information, data, signal values, variable values, etc. described as “transmission information”, “error detection code”, “error correction code”, “input information”, “decoding information”, “restoration information”, “control information”, etc. Parameters are stored as items of “file” and “database”. The “file” and “database” are stored in a recording medium such as a disk or a memory. Information, data, signal values, variable values, and parameters stored in a storage medium such as a disk or memory are read out to the main memory or cache memory by the CPU 911 via a read / write circuit, and extracted, searched, referenced, compared, It is used for operations of the CPU 911 such as calculation / calculation / processing / output / printing / display. Information, data, signal values, variable values, and parameters are temporarily stored in the main memory, cache memory, and buffer memory during the operation of the CPU 911 for extraction, search, reference, comparison, calculation, calculation, processing, output, printing, and display. Is remembered.
In the following description, the arrows in the flowchart mainly indicate input / output of data and signals, and the data and signal values are recorded in a memory of the RAM 914 and other recording media such as an optical disk. Data and signals are transmitted online via a bus 912, signal lines, cables, or other transmission media.

  In addition, what is described as “to part” in the following description may be “to circuit”, “to device”, “to device”, “to means”, and “to function”. It may be “step”, “˜procedure”, “˜processing”. Further, what is described as “to process” may be “to step”. That is, what is described as “˜unit” may be realized by firmware stored in the ROM 913. Alternatively, it may be implemented only by software, or only by hardware such as elements, devices, substrates, and wirings, by a combination of software and hardware, or by a combination of firmware. Firmware and software are stored in a recording medium such as ROM 913 as a program. The program is read by the CPU 911 and executed by the CPU 911. That is, the program causes a computer or the like to function as “to part” described below. Alternatively, the procedure or method of “to part” described below is executed by a computer or the like.

Next, an example of the encryption process of the encryption apparatus 10 and the decryption process of the decryption apparatus 20 will be described with reference to FIG. FIG. 3 is a diagram illustrating an example of a configuration of a function for performing an encryption process and a function for performing a decryption process.
As a premise, the encryption device 10 according to this embodiment encrypts plaintext information using synchronization information called an initial vector and a predetermined key. Similarly, the decryption device 20 according to this embodiment decrypts encryption information using synchronization information called an initial vector and a predetermined key. Here, it is assumed that the encryption device 10 and the decryption device 20 share the predetermined key in advance. The initial vector is newly generated every time a packet or frame is encrypted by the encryption device 10 and is transmitted to the decryption device 20 together with encryption information obtained by encrypting the packet or frame.

The operation of the function for performing the encryption process and the function for performing the decryption process illustrated in FIG. 3 will be described. Here, it is assumed that the initial vector is 64 bits. In FIG. 3, each arrow (S1-S6) means 64 signal lines. The configuration shown in FIG. 3 is called a so-called block cipher OFB (Output Feed Back) mode.
First, a 64-bit initial vector (IV) is output to the encryption / decryption operation unit 32 through the selector 31. The initial vector is encrypted by a predetermined key (encryption key information or decryption key information) stored in advance in the storage device by the encryption / decryption operation unit 32 and output to the exclusive OR operation unit 33 as 64-bit random number information. Then, the exclusive OR operation unit 33 performs exclusive OR (EXOR) between the 64-bit random number information and the first 64 bits of the input information (plain text information for the encryption process and encryption information for the decryption process). Is calculated, and the calculated value becomes the first 64 bits of the output information (encryption information for the encryption process, decryption information for the decryption process).
On the other hand, 64-bit random number information is fed back to the selector 31 and output to the encryption / decryption operation unit 32. The random number information is encrypted by the encryption / decryption calculation unit 32 with the predetermined key, and is output to the exclusive OR calculation unit 33 as 64-bit new random number information. The exclusive OR operation unit 33 calculates an exclusive OR of the new 64-bit random number information and the next 64 bits of the input information (plain text information for the encryption process and cipher information for the decryption process). The calculated value is the next 64 bits of the output information (encryption information for the encryption process and decryption information for the decryption process). By repeating this, it is possible to encrypt plaintext information having an arbitrary length and to decrypt encrypted information having an arbitrary length.
Note that all of the signal lines indicated by the arrows in FIG. 3 do not have to be 64 bits. For example, S3-S6 may be a single signal line. In this case, the exclusive OR operation unit 33 calculates a 1-bit exclusive OR.

FIG. 4 is a diagram illustrating an example different from FIG. 3 of the configuration of the function for performing the encryption process and the function for performing the decryption process. The operation of the function for performing the encryption process and the function for performing the decryption process illustrated in FIG. 4 will be described. Here, similarly to the above description, the initial vector is assumed to be 64 bits. In addition, each arrow (S1-S5) in FIG. 4 means 64 signal lines. The configuration of the encryption unit 15 or the decryption unit 24 shown in FIG. 4 is called a so-called block cipher CTR (Count TR) mode.
First, the 64-bit initial vector is output to the encryption / decryption operation unit 42 through the counter 41. The initial vector is encrypted with a predetermined key (encryption key information or decryption key information) stored in advance in the storage device by the encryption / decryption operation unit 42 and output to the exclusive OR operation unit 43 as 64-bit random number information. Then, the exclusive OR operation unit 43 calculates the exclusive OR of the 64-bit random number information and the first 64 bits of the input information (plain text information for the encryption process and encryption information for the decryption process). The calculated value is the first 64 bits of the output information (encryption information for the encryption process and decryption information for the decryption process).
Next, the counter 41 increments the value of the initial vector by “+1” and outputs a 64-bit long value to the encryption / decryption operation unit 42. The incremented value is encrypted by the encryption / decryption calculation unit 42 with the predetermined key stored in the storage device in advance, and is output to the exclusive OR calculation unit 43 as 64-bit new random number information. The exclusive OR operation unit 43 calculates the exclusive OR of the 64-bit new random number information and the input information (plain text information for the encryption process, cipher information for the decryption process), and the calculated value is This is the next 64 bits of output information (encrypted information for encryption processing and decrypted information for decryption processing). By repeating this, it becomes possible to encrypt plaintext information having an arbitrary length and to decrypt encrypted information having an arbitrary length.
Note that all the signal lines indicated by the arrows in FIG. 4 do not have to be 64 bits. For example, S3-S5 may be a single signal line. In this case, the exclusive OR operation unit 43 calculates a 1-bit exclusive OR.

  Here, the encryption / decryption operation unit 32 and the encryption / decryption operation unit 42 are, for example, MISTY (registered trademark), AES (Advanced Encryption Standard), DES (Data Encryption Standard), and Camellia (registered trademark).

Next, functions and operations of the encryption device 10 and the decryption device 20 according to this embodiment will be described.
First, the function and operation of the encryption device 10 according to this embodiment will be described with reference to FIGS. FIG. 5 is a functional block diagram showing functions of the encryption device 10 according to this embodiment. FIG. 6 is a flowchart showing the operation of the encryption apparatus 10 according to this embodiment.

The encryption device 10 includes a speech information input unit 11, a speech encoding unit 12 (plaintext information input unit), an encryption side division unit 13, an encryption side IV generation unit 14, an encryption unit 15, an encryption side combination unit 16, and an output unit. 17. In the encryption apparatus 10, each function operates as follows.
First, in the voice information input process (S101), the voice information input unit 11 inputs voice information through the microphone 903 or the like. That is, the voice information input here is analog data.
Next, in the audio encoding process (S102), the audio encoding unit 12 encodes the audio information input in the audio information input process (S101) by the processing device, for example, 140-bit audio code information (plain text information). Example) is generated and stored in the storage device. That is, the speech encoding unit 12 converts speech information that is analog data into speech code information that is digital data. Here, a method for encoding the voice information is, for example, a CELP (Code-Excited Linear Prediction) method, a PCM (Pulse Code Modulation) method, or the like.
Next, in the encryption side division process (S103), the encryption side division unit 13 does not encrypt the data (for example, 128 bits) that encrypts the 140-bit audio code information generated in the audio encoding process (S102). The data is divided into data (for example, 12 bits) by the processing device and stored in the storage device. Here, data to be encrypted is referred to as encryption target data, and data that is not encrypted is referred to as non-encryption target data. For example, the encryption-side dividing unit 13 determines in advance that the number of bits to how many bits of the audio code information is non-encryption target data and the rest as encryption target data, and performs division based on this.
Next, in the encryption side IV generation processing (S104), the encryption side IV generation unit 14 generates an initial vector by the processing device based on the non-encryption target data generated in the encryption side division processing (S103) and stores it in the storage device. To do. Specific processing contents for generating the initial vector based on the non-encrypted data will be described later. Here, for the sake of simplicity, the initial vector is assumed to be the non-encrypted data itself. That is, the initial vector is 12 bits here.
Next, in the encryption process (S105), the encryption unit 15 uses the 12-bit initial vector generated in the encryption side IV generation process (S104) and a predetermined key stored in the storage device in advance to encrypt the data. The 128-bit encryption target data generated in the side division process (S103) is encrypted by the processing device. Then, the encryption unit 15 encrypts the 128-bit encryption target data to generate 128-bit encryption information and stores it in the storage device. That is, the encryption unit 15 has the configuration shown in FIGS. 3 and 4, for example, and operates as described based on FIGS. That is, the input in FIGS. 3 and 4 is encryption target data here, and the output is encryption information.
Next, in the encryption side combining process (S106), the encryption side combining unit 16 combines the 128-bit encryption information generated in the encryption process (S105) and the 12-bit non-encrypted data by the processing device. 140-bit output data is generated and stored in the storage device. That is, the combined data includes all information included in the speech code information generated by the conversion in the speech encoding process (S102).
In the output process (S107), the output unit 17 outputs the output data generated in the encryption side combining process (S106) as transmission information by the output device. That is, for example, the output unit 17 transmits the output data to the decoding device 20 via the network by the communication device.
Here, the encryption side dividing unit 13, the encryption side combining unit 16, and the output unit 17 may include a 128-bit register.

  Next, the function and operation of the decoding device 20 according to this embodiment will be described based on FIG. 7 and FIG. FIG. 7 is a functional block diagram showing functions of the decoding device 20 according to this embodiment. FIG. 8 is a flowchart showing the operation of the decoding apparatus 20 according to this embodiment.

The decryption device 20 is a device that decrypts the encryption information generated by the encryption device 10 based on the initial vector and a predetermined key. The decryption device 20 includes an encryption information input unit 21, a decryption side division unit 22, a decryption side IV generation unit 23, a decryption unit 24, a decryption side combination unit 25, and a speech decryption unit 26. In the decoding device 20, each function operates as follows.
First, in the encryption information input process (S201), the encryption information input unit 21 receives 140-bit transmission information transmitted by the encryption device 10 by the communication device and inputs it as 140-bit input information. That is, if there is no data error in the transmission path, the input information is the same data as the output information output by the encryption apparatus 10 in the output process (S107).
Next, in the decryption-side division process (S202), the decryption-side division unit 22 divides the 140-bit input information input in the encryption information input process (S201) to obtain 128-bit encryption information and 12-bit non-encryption. The target data is generated by the processing device and stored in the storage device. For example, between the encryption device 10 and the decryption device 20, it is determined in advance from what bit to what bit of the input information the non-encryption target data and the rest is the encryption information. The dividing unit 22 can divide input information into encrypted information and non-encrypted data.
Next, in the decryption-side IV generation processing (S203), the decryption-side IV generation unit 23 generates an initial vector by the processing device based on the non-encryption target data generated in the decryption-side division processing (S202) and stores it in the storage device. To do. Here, as in the encryption IV generation process (S104), the initial vector is the non-encrypted data itself. That is, the initial vector is 12 bits here.
Next, in the decryption process (S204), the decryption unit 24 uses the 12-bit initial vector generated in the decryption side IV generation process (S203) and the predetermined key stored in the storage device in advance to perform the decryption side division. The 128-bit encryption information generated in the processing (S202) is decrypted by the processing device. Then, the decryption unit 24 decrypts the 128-bit encryption information to generate 128-bit decryption information and stores it in the storage device. Here, the predetermined key is, for example, a key shared in advance with the encryption device 10, and is the same key used for encryption in the encryption process (S105). That is, the decoding unit 24 has the configuration shown in FIGS. 3 and 4, for example, and operates as described based on FIGS. 3 and 4. That is, the input in FIGS. 3 and 4 is encryption information here, and the output is decryption information.
Next, in the decryption-side combining process (S205), the decryption-side combining unit 25 combines the 128-bit decryption information and the 12-bit non-encrypted data by the processing device to generate 140-bit restored data and store it. Store in the device. Since the decryption information is in principle the same data as the data to be encrypted, the restored data is in principle the same data as the speech code information. Here, the decryption-side combining unit 25 combines the decryption information and the non-encryption target data in accordance with the processing divided into the encryption target data and the non-encryption target data in the encryption side division process (S103), thereby generating the voice. It can be restored to the same data as the code information. For example, if the 11th to 20th bits of the audio code information are set as non-encryption target data and the rest are set as encryption target data in the encryption side division process (S103), the 11th to 20th bits are non-encrypted. The non-encryption target data may be inserted into the decryption information so that the encryption target data is obtained.
In the audio decoding process (S206), the audio decoding unit 26 generates audio information by decoding (audio decoding) the restored data using the processing device. The generated audio information is output from an output device such as a speaker 904, for example.
Here, the encryption information input unit 21, the decryption-side dividing unit 22, and the decryption-side combining unit 25 may include a 128-bit register.

That is, the encryption device 10 and the decryption device 20 according to this embodiment do not generate an initial vector independently of the speech code information, but use a part of the speech code information as the initial vector. Therefore, even if the process of encrypting the information to be transmitted is performed, the data amount of the information to be transmitted does not increase by the initial vector compared to the case where the process of encrypting is not performed.
It will be described in detail that the data amount of the voice code information and the transmission information is the same. First, as is apparent from the fact that 64-bit output information is generated from 64-bit input information in the description of the encryption processing based on FIGS. 3 and 4, when certain information is encrypted, encryption is performed. It is possible to make the previous data amount the same as the encrypted data amount. That is, when encryption information is generated by encrypting encryption target data in the encryption process (S105), it is possible to make the data amount of the encryption target data equal to the data amount of the encryption information. A combination of encryption target data and non-encryption target data is voice code information, and a combination of encryption information and non-encryption target data is output data (transmission information). The amount of data can be the same. In other words, when the encryption process is performed by the encryption apparatus 10 according to this embodiment, the data amount of the transmission information is equal to the data amount of information (voice code information) transmitted when the encryption process is not performed. Are the same.
This is an effect obtained by using a part of the speech code information as the initial vector, instead of generating the initial vector separately from the speech code information as in the prior art.
That is, according to the transmission / reception system 100 including the encryption device 10 and the decryption device 20 according to this embodiment, the effect that the transmission efficiency is not lowered even if the encryption process is performed when information is transmitted. Can be obtained.

Here, a process of generating an initial vector based on non-encryption target data in the encryption side IV generation process (S104) and the decryption side IV generation process (S203) will be described.
In the above description, for the sake of simplicity, the initial vector is assumed to be non-encrypted data itself. However, it may be necessary to increase the number of bits of the initial vector more than the number of bits of the non-encrypted data. That is, for example, when the initial vector requires 64 bits, the number of bits of the non-encrypted data can be secured only 12 bits. In such a case, information other than non-encrypted data may be included in the initial vector. For example, the initial vector deficiency (52 bits in the above example) may be filled with a frame number or a fixed value. Alternatively, it may be filled with logic shared between the encryption device 10 and the decryption device 20. That is, by sharing a method for filling the shortage of the initial vector between the encryption device 10 and the decryption device 20, the shortage of the initial vector is added to the data to be transmitted and the decryption device is transferred from the encryption device 10 to the decryption device. There is no need to transmit to 20. That is, the amount of information to be transmitted does not increase.
Similarly, the initial vector may be generated from some bits of the non-encrypted data. That is, when the number of bits of non-encryption target data is 12 bits, the initial vector may include only 5 bits of the non-encryption target data, and the remaining 59 bits may be filled by a predetermined method. Here, in order not to increase the data amount of information to be transmitted, it is necessary to share a 5-bit selection method included in the initial vector between the encryption device 10 and the decryption device 20.
That is, in other words, the encryption-side IV generation unit 14 and the decryption-side IV generation unit 23 use a predetermined method that is shared in advance between the encryption device 10 and the decryption device 20 using at least a part of the non-encryption target data as selection information. The initial vector may be generated by a predetermined method selected in advance and shared by the encryption device 10 and the decryption device 20 based on the selection information.

As shown here, if the generated initial vector is 64 bits and the encryption target data or encryption information is 128 bits, the calculation of the exclusive OR described with reference to FIGS. It is possible to calculate exclusive OR for all input information. In other words, when the number of bits of encryption target data or encryption information can be divided by the number of bits of the initial vector, if the exclusive OR is calculated a predetermined number of times, the exclusive OR is calculated for all input information. It can be carried out.
However, as shown in the description of the flowchart, when the initial vector is 12 bits and the encryption target data or encryption information is 128 bits, that is, the number of bits of the encryption target data or encryption information is the number of bits of the initial vector. If it is divisible, even if the exclusive OR is calculated a predetermined number of times, it is not possible to calculate the exclusive OR for all input information. In other words, a fraction is output. For example, when the initial vector is 12 bits and the data to be encrypted or the encryption information is 128 bits, the next input information becomes 8 bits when the exclusive OR is calculated 10 times. In this case, the encryption unit 15 or the decryption unit 24, for example, fills the remaining 4 bits (12 bits-8 bits) with 0, calculates the initial vector and exclusive OR, and then performs the encryption side combination. The 4 bits padded with 0 by the part 16 or the output part 17 may be discarded. Alternatively, the encryption side combining unit 16 or the output unit 17 may output the transmission information including 4 bits padded with zeros. That is, the transmission information in this case is 144 bits (140 bits + 4 bits). Alternatively, the encryption unit 15 or the decryption unit 24 may calculate an exclusive OR of the 8-bit input information and the first 8 bits of the initial vector.

Further, in this embodiment, the description has been given using audio information as an example of information to be transmitted. Therefore, the encryption device 10 can be paraphrased as a voice information transmitting device, and the decryption device 20 as a voice information receiving device.
That is, in other words, the encryption apparatus 10 according to this embodiment has speech encoding means and encryption means, and uses a part of the speech information digitally encoded by the speech encoding means to A voice information transmitting apparatus characterized in that a part or all of the voice information is generated and part or all of the other voice information is encrypted by an encryption means. Similarly, the decryption apparatus 20 according to this embodiment is a voice information reception apparatus that receives encrypted voice information transmitted by the voice information transmission apparatus and outputs it as voice information.

Embodiment 2. FIG.
In this embodiment, an encryption apparatus 10 and a decryption apparatus 20 that prevent the quality of audio information that is output from significantly deteriorating when a data error occurs in an initial vector on a transmission path will be described.
In the encryption device 10 and the decryption device 20 according to this embodiment, the encryption device 10 adds an error detection code to the initial vector and transmits it to the decryption device 20, and decrypts when there is a data error in the initial vector. Since the apparatus 20 does not generate audio information, the quality of the audio information is prevented from being significantly deteriorated.

First, the reason why the influence on the quality of voice information is large when a data error occurs in the initial vector will be briefly described.
According to the configuration shown in FIG. 3 and FIG. 4, as described above, the input information (plain text information for the encryption process, cipher information for the decryption process) is divided into 64 bits, and each is divided. And the initial vector are calculated, and the calculation result is output (encryption information for the encryption process, decryption information for the decryption process). That is, when calculating the information to be output, each bit of the input information is used only once, whereas each bit of the initial vector is used “number of bits of input information / 64” times. .
Therefore, even if data errors are included in information other than the initial vector, the data errors do not expand during decoding. That is, when a 1-bit data error is included in addition to the initial vector, the output only includes a 1-bit data error. That is, even if a data error is included in addition to the initial vector, the influence on the voice quality is small.
On the other hand, when a data error is included in the initial vector, the data error is enlarged at the time of decoding. That is, when a 1-bit data error is included in the initial vector, all bits for which an exclusive OR is calculated with the bit are data errors. That is, when the initial vector contains a data error, the influence on the voice quality is great.

Next, the encryption apparatus 10 according to this embodiment will be described.
The encryption device 10 according to this embodiment is obtained by adding a function for generating an error detection code and a function for generating an error correction code to the encryption device 10 described in the first embodiment.
Based on FIG. 9 and FIG. 10, the function and operation of the encryption apparatus 10 according to this embodiment will be described. FIG. 9 is a functional block diagram showing functions of the encryption device 10 according to this embodiment. FIG. 10 is a flowchart showing the operation of the encryption apparatus 10 according to this embodiment.

In the encryption device 10 shown in FIG. 9, an error detection code generation unit 18 and an error correction code generation unit 19 are added to the encryption device 10 shown in FIG. Others are the same as the encryption apparatus 10 shown in FIG. The encryption device 10 operates as follows.
The process from the voice information input process (S301) to the encryption side combination process (S306) is the same from the voice information input process (S101) to the encryption side combination process (S106).
In the error detection code generation process (S307), the error detection code generation unit 18 generates an error detection code (for example, 9 bits) for detecting a data error for at least a part of the output data by the processing device. Here, the error detection code is, for example, a CRC (Cyclic Redundancy Check) code. Here, the error detection code generation unit 18 generates an error detection code for the selection information that is the source of the initial vector among at least non-target data. This is because if it can be verified that there is no data error in the selection information, it can be verified that there is no data error in the initial vector. That is, generating an error detection code for selection information is the same as generating an error detection code for an initial vector.
In the error correction code generation process (S308), the error correction code generation unit 19 generates an error correction code (for example, 120 bits) capable of correcting a data error for at least a part of the output data by the processing device. Here, the error correction code is, for example, a convolutional code.
In the output process (S309), the output unit 17 outputs the output data including the error detection code and the error correction code as transmission information. That is, in this case, if the output data is 140 bits, the transmission information including the error detection code and the error correction code is 269 bits (140 bits + 9 bits + 120 bits).

Next, the decoding device 20 according to this embodiment will be described.
The decoding device 20 according to this embodiment is obtained by adding an error detection function and an error correction function to the decoding device 20 described in the first embodiment. That is, this decryption device 20 corresponds to the encryption device 10 shown in FIG.

  First, the function and operation of the decoding apparatus 20 according to this embodiment will be described with reference to FIGS. FIG. 11 is a functional block diagram showing functions of the decoding device 20 according to this embodiment. FIG. 12 is a flowchart showing the operation of the decoding device 20 according to this embodiment.

The decoding device 20 shown in FIG. 11 has an error correction unit 27, an error detection unit 28, and a control unit 29 added to the decoding device 20 shown in FIG. Others are the same as the decoding apparatus 20 shown in FIG. Then, the decoding device 20 operates as follows.
First, in the encryption information input process (S401), the encryption information input unit 21 inputs 269-bit input information including an error detection code and an error correction code.
Next, in the error correction process (S402), the error correction unit 27 corrects the data error of the input information based on the error correction code included in the input information input in the encryption information input process (S401). That is, the error correction unit 27 corrects a data error that has occurred in the communication path or the like.
Next, in the error detection process (S403), the error detection unit 28 uses a data error (residual error) in the input information after correcting the data error in the error correction process (S402) based on the error detection code included in the input information. ) Is included. That is, the error detection unit 28 determines whether or not residual errors that cannot be corrected by the error correction code remain in the input information.
Subsequently to the error detection process (S403), a decoding side division process (S404) and a control process (S409) are executed. Here, the process from the decoding side division process (S404) to the voice decoding process (S408) is the same as the process from the decoding side division process (S202) to the voice decoding process (S206).
On the other hand, in the control process (S409), when the error detection unit 28 determines in the error detection process (S403) that the control unit 29 determines that the residual information is included in the input information after error correction, the speech decoding unit 26 Control is performed by the processing device so as not to generate audio information.

That is, the decoding device 20 according to this embodiment corrects a data error in input information and detects a residual error in the input information after error correction. Then, when a residual error is detected, control is performed so that decoding into audio information is not performed. On the other hand, if no residual error is detected, decoding into voice information is performed and the generated voice information is output.
Note that control may be performed so that decoding into audio information is not performed only when a residual error is detected in the selection information. This is because if there is no residual error in the selection information, it can be said that there is no data error in the initial vector.

  Here, as described above, the error detection code is generated for at least selection information. That is, the decoding device 20 according to this embodiment does not perform decoding into audio information at least when a residual error is detected in the selection information. That is, the decoding device 20 according to this embodiment performs control so as not to perform decoding into audio information when a residual error is detected in the selection information, so that the quality of the decoded audio information is significantly deteriorated. It is prevented from doing. Here, when a residual error is detected in the selection information, the decoding to the voice information is not performed. For example, the packet or the frame in which the residual error is detected in the selection information is silenced or the frame is detected, for example. That is, the sound information of the frame is generated from the information of the frame that has been successfully decoded in the vicinity.

Note that it is not always necessary to generate an error correction code. That is, the encryption device 10 may not include the error correction code generation unit 19, and the decryption device 20 may not include the error correction unit 27.
Further, an error detection code may be generated before the voice code information is encrypted.
FIG. 13 is a functional block diagram of the encryption apparatus 10 in the case where the error correction code generation unit 19 is not provided and an error detection code is generated before the audio code information is encrypted. In the encryption apparatus 10 shown in FIG. 13, the error detection code is performed immediately after the voice information input unit 11 inputs the voice information.
In this case, the encryption side dividing unit 13 sets non-encryption target data including at least a part of the information targeted for generating the error detection code, and the encryption side IV generation unit 14 stores the information targeted for generating the error detection code. At least a part is selected as selection information. That is, an error detection code is generated for at least the selection information.

  Further, as shown in FIG. 14, after the encryption side IV generation unit 14 generates the initial vector and before the encryption side combining unit 16 combines the non-encryption target data and the encryption information, the initial vector is processed. An error detection code may be generated.

Here, as in the first embodiment, the encryption device 10 according to this embodiment can be referred to as a voice information transmitting device, and the decryption device 20 as a voice information receiving device.
That is, the encryption apparatus 10 according to this embodiment has, in other words, error detection encoding means, and all or part of the initial vector is a target of error detection encoding. It is a transmission device.
In other words, the decryption device 20 according to this embodiment has speech decryption means, encryption decryption means, and error detection means, and receives information transmitted from the speech information transmission apparatus as an input, and the error detection means performs initial processing. When a residual error is detected in a vector, the speech information receiving apparatus is characterized in that speech decoding is suppressed.

Embodiment 3 FIG.
In this embodiment, an example of a more effective initial vector selection method (generation method) in the first and second embodiments will be described.
In the second embodiment, an initial vector is simply set as an error detection target using an error detection code. However, in this embodiment, deterioration of the quality of the voice information is more effectively prevented by using the bits important for the voice quality as the initial vector.

  In general, in voice coding, an error correction code is further generated after generating an error detection code on the transmission side for bits that are important in terms of voice quality, among digitally coded voice information (voice code information). . On the receiving side, after error correction processing based on the error correction code, residual errors are detected in bits that are particularly important for voice quality based on the error detection code. On the receiving side, when residual errors are detected particularly in bits important for voice quality, decoding into voice information is not performed.

In the encryption apparatus 10 according to this embodiment, paying attention to this speech coding processing mechanism, the initial stage is selected from information (bits that are particularly important in speech quality) that are generally data error detection targets in speech coding. Generate a vector.
In this way, the encryption device 10 does not generate an error detection code separately from the error detection code for speech encoding, and the decoding device 20 prevents decoding into speech information separately from the control of speech encoding. Without providing a control function, decoding of speech information can be prevented when a residual error is detected in the initial vector.
In other words, the error detection code is not generated for the initial vector, but the information that was originally the generation target of the error detection code in the speech encoding process is used as the initial vector. The information that was the error detection code generation target in the speech encoding process is the initial vector. The encryption side division unit 13 divides the information that was the error detection code generation target in the speech encoding process as non-encryption target data. In addition, the encryption IV generation unit 14 selects information that was an error detection code generation target in the speech encoding process as selection information. That is to say, in other words, the encryption side dividing unit 13 is a non-encrypted part that suppresses decoding of the voice code information into the voice information when an error occurs in the data in the voice coding in general. Divide by including in data. In addition, the encryption IV generation unit 14 selects, as selection information, a portion of non-target data that is generally prevented from being decoded into audio information when an error occurs in the data in audio encoding.

As described above, the encryption apparatus 10 according to this embodiment uses, as an initial vector, information that greatly affects the quality of speech information in speech coding. Here, an example of information that greatly affects the quality of speech information in speech coding will be described.
First, information that greatly affects the quality of speech information in speech coding is, in other words, when speech information is generated by decoding speech code information, and the generated speech information indicates that a data error has occurred. This information is greatly different from the original voice information.
As an example, a case where the CELP method is used for speech encoding will be described. In the CELP system, digitally encoded speech information (speech code information) is converted into pitch period information that is sound source information, fixed codebook index information, gain codebook index information, and LSP codebook index information that is spectrum information. Divided. In particular, if there is a data error in the upper bits of the bits representing the pitch period information, gain codebook index information, and LSP codebook index information, the audio information generated by decoding is greatly different from the original audio information. It will be different. That is, these pieces of information are information that greatly affects the quality of speech information in speech coding. In particular, the higher bits of the bits representing the LSP codebook index information, which is spectrum information, have a great influence on the quality of audio information. That is, in the CELP system, it is particularly effective to use the upper bits of the bits representing the LSP codebook index information that is spectrum information as the initial vector. Here, the upper bits are a predetermined number of upper bits among bits indicating each information. The predetermined number of bits is, for example, 1 bit, 3 bits, 5 bits, 10 bits, or the like.

  That is, according to the encryption apparatus 10 according to this embodiment, the quality of audio information in the audio encoding process is deteriorated by selecting information that is generally a data error detection target in audio encoding as selection information. It is possible to perform the prevention process and the deterioration of the quality of the voice information in the encryption process at a time.

  Here, the method in which the encryption apparatus 10 generates the initial vector has been described. However, since the decryption device 20 generates an initial vector by the same method as the encryption device 10, the decryption device 20 also generates an initial vector by the method described in this embodiment.

Embodiment 4 FIG.
The decoding device 20 according to Embodiment 2 is controlled not to perform speech decoding processing when a residual error is detected in the initial vector. In the fourth embodiment, a description will be given of a decryption device 20 that performs control so as not to perform speech decryption processing and perform decryption of encryption information when a residual error is detected in an initial vector.

  First, the function and operation of the decoding device 20 according to this embodiment will be described based on FIG. 15 and FIG. FIG. 15 is a functional block diagram showing functions of the decoding device 20 according to this embodiment. FIG. 16 is a flowchart showing the operation of the decoding device 20 according to this embodiment. That is, this decryption device 20 corresponds to the encryption device 10 shown in FIG.

The decoding device 20 illustrated in FIG. 15 is different from the decoding device 20 illustrated in FIG. 15 in that the control unit 29 also controls the decoding unit 24. Then, the decoding device 20 operates as follows.
The process from the encryption information input process (S501) to the speech decryption process (S508) is the same as the process from the encryption information input process (S401) to the speech decryption process (S408). That is, only the control process (S509) is different from the decoding device 20 according to the second embodiment.
In the control process (S509), when the error detection unit 28 determines that the selection information includes a data error in the error detection process (S403), the control unit 29 does not generate the voice information. And the decoding unit 24 controls not to generate decoding information.

  When receiving the residual detection signal, the decryption device 20 according to this embodiment not only generates voice information but also does not decrypt the encryption information. As a result, the same effect as the decoding device 20 according to the second embodiment can be obtained, and the effect that the power consumption can be reduced can be obtained.

  Here, if audio information is not output by controlling the decoding unit 24 not to generate decoding information, the control unit 29 may control only the decoding unit 24.

In the above description, audio information is used as an example of information to be transmitted. For this reason, when a residual error is detected in the initial vector, control is performed so as not to generate the speech information that is the final output, thereby preventing the quality of the speech information from deteriorating. However, the information to be transmitted is not limited to voice information. That is, the information to be transmitted may be any information such as character information.
When residual information is detected in the initial vector when the information to be transmitted is character information or the like, it is sufficient to simply control the decoding unit 24 not to generate decoding information. Therefore, in this case, the control unit 29 may perform control so that the decoding unit 24 does not generate decoding information. In this case, the control unit 29 may control the decryption unit 24 not to generate the decryption information and may request the encryption device 10 to re-output the transmission information.

Here, as in the first embodiment, the decoding device 20 according to this embodiment can be rephrased as an audio information receiving device.
That is, in other words, the decoding device 20 according to this embodiment has a voice decoding unit, a cryptographic decoding unit, and an error detection unit, and receives information transmitted from the voice information transmission device as an input, and the error detection unit performs initial processing. When a residual error is detected in a vector, the voice information receiving apparatus is characterized in that the decryption of the cipher is suppressed.

1 is a diagram illustrating an example of an appearance of a transmission / reception system 100 including an encryption device 10 and a decryption device 20. FIG. The figure which shows an example of the encryption apparatus 10, the decoding apparatus 20, and a hardware configuration. The figure which shows an example of a structure with the function which performs an encryption process, and the function which performs a decoding process. The figure which shows an example of a structure with the function which performs an encryption process, and the function which performs a decoding process. FIG. 3 is a functional block diagram showing functions of the encryption device 10 according to the first embodiment. 5 is a flowchart showing the operation of the encryption device 10 according to the first embodiment. FIG. 3 is a functional block diagram showing functions of the decoding device 20 according to the first embodiment. 6 is a flowchart showing the operation of the decoding device 20 according to the first embodiment. FIG. 4 is a functional block diagram showing functions of the encryption device 10 according to the second embodiment. 9 is a flowchart showing the operation of the encryption device 10 according to the second embodiment. FIG. 4 is a functional block diagram showing functions of a decoding device 20 according to the second embodiment. 10 is a flowchart showing the operation of the decoding device 20 according to the second embodiment. The functional block diagram of the encryption apparatus 10 which concerns on Embodiment 2 when not providing the error correction code production | generation part 19 and producing | generating an error detection code before encrypting audio | voice code information. An embodiment in which an error detection code is generated for an initial vector after the encryption side IV generation unit 14 generates an initial vector and before the encryption side combining unit 16 combines the non-encryption target data and the encryption information. The functional block diagram of the encryption apparatus 10 which concerns on form 2. FIG. FIG. 10 is a functional block diagram illustrating functions of a decoding device 20 according to a fourth embodiment. 10 is a flowchart showing the operation of the decoding device 20 according to the fourth embodiment.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 10 Encryption apparatus, 11 Voice information input part, 12 Voice encoding part, 13 Encryption side dividing part, 14 Encryption side IV generation part, 15 Encryption part, 16 Encryption side coupling part, 17 Output part, 18 Error detection code generation , 19 Error correction code generation unit, 20 Decoding device, 21 Encryption information input unit, 22 Decoding side division unit, 23 Decoding side IV generation unit, 24 Decoding unit, 25 Decoding side combining unit, 26 Speech decoding unit, 27 Error correction Unit, 28 error detection unit, 29 control unit, 31 selector, 32, 42 encryption / decryption operation unit, 33, 43 exclusive OR operation unit, 41 counter, 902 keyboard, 903 microphone, 904 speaker, 911 CPU, 912 bus, 913 ROM, 914 RAM, 915 communication board, 916, 917 mobile phone, 918 base station server.

Claims (3)

An encryption device for encrypting information based on an initial vector (IV) and a predetermined key;
A voice information input unit for inputting voice information;
A speech encoding unit that encodes speech information input by the speech information input unit to generate speech code information;
A plaintext information input unit for inputting the speech code information generated by the speech encoding unit as plaintext information;
An encryption side dividing unit that divides plaintext information input by the plaintext information input unit to generate encryption target data to be encrypted and non-encryption target data not to be encrypted. An encryption side dividing unit for dividing the non-encryption target data into a non-encryption target data and dividing the non-encryption target data when an error occurs in the data ,
In the non-encryption target data generated by the encryption side dividing unit , the suppression part is selected as selection information, and an encryption side IV generation unit that generates IV based on the selection information;
An encryption unit that encrypts the encryption target data and generates encryption information using an IV generated by the encryption side IV generation unit and a predetermined key stored in advance in a storage device;
An error detection code generator for generating an error detection code for detecting an error in the selection information;
An encryption apparatus comprising: an encryption unit generated by the encryption unit; the non-encryption target data; and an output unit that outputs the error detection code generated by the detection code generation unit as transmission information . A decryption device that decrypts information encrypted by the encryption device according to claim 1 based on an IV and a predetermined key,
An encryption information input unit for inputting the transmission information output by the output unit as input information;
A decryption-side dividing unit that divides the input information input by the encryption information input unit to generate encrypted encrypted information and non-encrypted non-encrypted data;
A decryption side IV generation unit that selects the selection information from the non-encryption target data generated by the decryption side division unit, and generates an IV based on the selected selection information;
A decryption unit that decrypts the encrypted information using the IV generated by the decryption-side IV generation unit and the predetermined key stored in advance in a storage device;
A decryption side combining unit that combines the decryption information generated by the decryption unit and the non-encrypted data to generate restoration information;
A decoding apparatus comprising: a voice decoding unit that decodes the restoration information generated by the decoding side coupling unit to generate voice information . The decoding device further includes:
Based on the error detection code, and determining whether or not the error detection unit contains an error in the selection information which the encryption information input unit inputs,
And a control unit that controls so that at least one of the decoding unit and the speech decoding unit does not decode when the error detection unit determines that an error is included in the selection information. The decoding device according to claim 2 .

Images