JPH06138820A - Ciphering device and deciphering device - Google Patents

Abstract

PURPOSE:To cipher fixed-data-length data of a sector, a frame, etc., without varying the data length. CONSTITUTION:An input plain sentence is divided by a division part 10 into (k) bit plain sentence blocks and a separation part 11 separates the plain sentence blocks into blocks of >(n) constitution and blocks of <=(n) constitution; and a bit inversion part 12 inverts the bits of the plain sentence blocks of >(n) constitution to convert them into plain sentence blocks of <=(n) constitution, and both the plain sentence blocks of <(n) constitution are ciphered by RSA ciphering by using open keys (e) and (n). A mapping part 13 perform 1:1 mapping to values (n)-2k for blocks corresponding to blocks converted to <=(n) among the ciphered blocks and ciphered blocks for values larger than (n) and plain sentence block of <=(n) constitution which are not converted are put together by a composition part 14 in the order of corresponding divided plain sentence blocks, thereby outputting a ciphered sentence.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention defines plaintext data that is m-adic (m: 2 or more) and is sufficiently longer than k digits (k: natural number), and uses the plaintext as an exponentiation using a k-divisor n. The present invention relates to an encryption device and an encryption / decryption device that are known by an RSA public key encryption algorithm (hereinafter abbreviated as RSA encryption) that uses a remainder calculation.

[0002]

2. Description of the Related Art RSA encryption is known as a representative example of conventional public key encryption algorithms. As a feature of the public key cryptographic algorithm, the encryption key can be made public (it has an advantage that the encryption key does not need to be secretly delivered). Here, regarding the RSA encryption, only matters related to the present invention will be shown. For a detailed explanation, refer to Chapter 6 of Contemporary Cryptography, published by The Institute of Electronics, Information and Communication Engineers.

The security of the RSA cryptosystem is based on the difficulty of factoring two large prime numbers (in the actual system, about 2600). It is a cipher that performs encryption / decryption by calculating a modular exponentiation. Here, the encryption is E, the decryption is D, the plaintext is M, the ciphertext is C, the encryption key is e, n, and the decryption key is d, n. e and n are made public, and d is kept secret by the decryption side.

Processing on the encryption side and the decryption side is C = E (M) = M ^e mod n ... Processing on the encryption side M = D (C) = C ^d mod n. Do the same as on the side. Incidentally, D with respect to 0 ≦ M ≦ n-1 becomes any integer M (E (M)) = M words, M ^ed M≡1 (mod n) it holds.

Generation of parameters (i) Two large prime numbers p and q which are different from each other are selected, and the product n = pq is calculated. (Ii) The least common multiple L of (p-1) and (q-1) is calculated, and an arbitrary integer e relatively prime to L and smaller than L is obtained. (Iii) ed ≡ 1 (mod L) is solved by the Euclidean mutual division method to obtain d.

The public key cryptosystem utilizing the modular exponentiation of such RSA public key cryptosystem algorithm is limited to the encryption of only positive numbers less than the k digit divisor n due to the characteristics of the algorithm. Therefore, when it is attempted to encrypt the number of digits sufficiently longer than k digits or data that occurs continuously, it becomes necessary to divide the data into data of less than n. The delimited data may be k digits of the divisor n or k-1 digits. FIG. 7A shows a specific example when m = 2, n = 21, and k = 5. Since the first k = 5 digits (10110) is n = 21 or more, k
-1 = 4 digits separated by (1011), next 5 digits (001
Since 00) is 21 or less, it is delimited by 5 digits (00100), and the next 5 digits (11101) is 21 or more and is delimited by 4 digits (1110). Similarly, k = 5 digits is k−1 =
Divide into 4 digits.

Further, even if the data of a certain delimiter has k-1 digits, the encrypted data may have k digits. Therefore, the number of digits in the data encrypted with respect to the original data increases. On the contrary, when k-digit data is encrypted, it may be reduced to k-1 digits.
Further, in order to perform digit alignment for facilitating the decryption of such encrypted data, one digit of 0 must be inserted at the beginning of the head bit for k-1 digit encrypted data. Can't decrypt. FIG. 7B shows data obtained by encrypting each of the delimited data shown in FIG. 7A, and FIG. 7C shows data obtained by inserting D at the head of each encrypted data having k−1 = 4 digits. In this way, the number of digits in the entire ciphertext is larger than the number of digits in plaintext.

[0008]

Various methods have been adopted for recording / transmitting computer data, and a common feature is that recording / transmitting a certain data length as a unit (sector / frame). It is often done. As described above, what is required when a certain length of data is encrypted is that the original plaintext and the ciphertext do not increase or decrease. In particular, it is impossible to record all the information in the same place as the sector / frame where the original plaintext is, because the ciphertext is increased compared to the plaintext. In other words, it is impossible to encrypt a floppy disk in which data is recorded in all sectors.

However, when the RSA encryption is used for data communication or data storage, the original data (hereinafter referred to as plaintext) and the encrypted plaintext (hereinafter referred to as ciphertext) are used as described above. Since the numbers of digits do not always match, when performing encryption processing on fixed block data such as a sector of a magnetic disk or the frame length of a communication system, the original ciphertext changes the original sector or frame length. In the past, the RSA encryption cannot be applied to a device or system in which the data length is fixed.

An object of the present invention is to encrypt a public key cryptosystem in which plaintext data and encrypted data always have the same number of digits when data is encrypted by using a public key cryptographic algorithm for data communication and data storage. It is to provide an encryption device and an encryption / decryption device.

[0011]

According to the invention of claim 1, the input plaintext is divided into k-digit blocks by the plaintext dividing means, and the divided plaintext blocks are plaintext blocks of n or more and plaintexts of less than n. The plaintext block is separated into blocks by a plaintext separating means, and the separated plaintext blocks of n or more are taken as absolute values of the difference between the numerical value of each digit and m-1 by each digit inverting means to form a plaintext block of less than n. To be converted. The plaintext block converted to less than n and the plaintext block not converted to less than n are converted to an encrypted block less than n using the public encryption keys e and n by the encryption means, and a plaintext block converted to less than n. The encrypted block for is mapped (converted) to a value of n or more on a one-to-one basis by the mapping means. Each encryption block and each mapped value of n or more are combined by the combining means in the order of the corresponding plaintext blocks divided by the plaintext dividing means and output as an encrypted text.

According to the second aspect of the present invention, the input ciphertext is divided into k-digit ciphertext blocks by the ciphertext dividing means, and the divided ciphertext blocks are ciphertext blocks less than n and n or more. The ciphertext block is separated into ciphertext blocks, and the ciphertext blocks of n or more are subjected to reverse mapping by the reverse mapping means to obtain ciphertext blocks of less than n. . The inverse-mapped ciphertext block of less than n and the non-inverse-mapped ciphertext block of less than n are decrypted into plaintext blocks by the decryption means using the secret key d and the public encryption key n. The ciphertext block that has become less than n by the inverse mapping is converted into a plaintext block of n or more by taking the absolute value of the difference between the numerical value of each digit and m-1 by each digit inverting means. The n or more plaintext blocks and the unconverted plaintext blocks are combined by the combining means in the order of corresponding ones of the divided ciphertext blocks, and output as decrypted plaintext.

In the above-mentioned encryption, the ciphertext is changed without changing the number of digits of the plaintext by setting n to be either a divisor or a multiple of the data length of the divided plaintext block (for example, sector or frame unit). To generate. That is, for example, if a plaintext is divided into plaintext blocks in units (sectors, frames, etc.), and the plaintext block is represented by a binary number with p bits, and when n is represented by a binary number with j bits, then j = pk (k = ... 1/3, 1/2, 1, 2, 3, ...) are established.

For a plaintext block of n or more, in the case of an m-ary number, by taking the absolute value of the difference between the value of each digit of the plaintext block and m-1 (in the case of a binary number, the same meaning as all bit inversion). , The reason why it becomes a plaintext block less than n
Use to explain. The fact that m is k bits means that the numerical value of the most significant bit is not 0 (that is, 1). Because the most significant bit is 0, it can be said that n is k-1 bits or less, assuming that the bit is not present. In addition, since the reversal of 1 is 0, the most significant bit becomes 0 by taking the absolute value of the difference between each digit and m−1, which means that any block of n or more has any numerical value. Since it is always converted into blocks smaller than n, data blocks larger than n (see FIG. 1A).
It can be seen that if all bits are inverted (corresponding to the shaded portion of the original data block), a value less than n is always mapped (corresponding to the shaded portion of all-bit inversion in FIG. 1B). When the hatched portion of all bit inversion in FIG. 1B is encrypted, it is spread to the encrypted hatched portion of FIG. 1C. By assigning numbers from n to 2 ^k to the spread data in ascending order,
One-to-one mapping can be performed on the hatched portion of the encryption of FIG. 1C to the hatched portion (between n and 2 ^k ) of the mapping of FIG. 1D.

Most sectors are 128, 256, 51
2,1024 bytes such as 1024 bits (= 128
It is a multiple of (byte). Therefore, n is 1024 bits
(Ii) is satisfied if p and q are determined so that After that, the encryption keys e, n and the decryption key d may be generated in the same manner as the normal RSA encryption algorithm.

[0016]

FIG. 2 shows a public key cryptosystem using the encryption device and the encryption / decryption device of the present invention. The encryption processing side includes an encryption extension processing unit 2 in addition to the conventional RSA encryption processing unit 1, and the decryption processing side similarly includes a decryption expansion processing unit 4 in addition to the RAS decryption processing unit 3. Encryption of the plaintext 7 on the encryption processing side is performed by the encryption extension processing unit 2 and the RSA encryption processing unit 1 using the encryption key 5 (e, n) to obtain the ciphertext 8. This ciphertext 8 is written back to the magnetic disk, for example. Decryption of the ciphertext 8 on the decryption processing side is
The decryption key 6 (d, n) is used to perform the decryption extension processing unit 4 and the RSA decryption processing unit 3 to obtain a decrypted text (= plain text) 9. In the conventional system, the encryption extension processing unit 2 and the decryption extension processing unit 4 were not provided.

FIG. 3 shows an embodiment of the encryption device according to the first aspect of the invention, and the operation thereof will be described with reference to FIG. 3 and FIG. The plaintext dividing unit 10 divides the input plaintext 7 into plaintext blocks for each k bits having the same bit length k as n. The divided plaintext block is divided into plaintext blocks of n or more and plaintext blocks of less than n by the plaintext separation unit 11 (A in FIG. 4).
Equivalent to the shaded area on the top and bottom).

Since the plain block of n or more cannot be encrypted as it is, by inverting all bits by the bit inverting unit (each digit inverting unit) 12,
Convert to a flat block less than n (FIG. 4B). The plaintext block converted to less than n and the plaintext block less than n that is not converted are encrypted by the RSA encryption processing unit 1 (FIG. 4C). The encrypted blocks of plaintext blocks less than n that are not converted are directly transmitted to the data synthesizing unit 14. The encrypted block that has been subjected to all bit inversion and then encrypted is mapped by the mapping unit 13 to a value of n or more (FIG. 4D). In the specific example of FIG. 4, each value of the encrypted block is from n to 2 in ascending order.
Assign numbers up to ^k . This mapping method does not have to be in the ascending order, but even if the eavesdropper learns that the mapping is done in the ascending order, it does not depend on the decrease in the encryption strength, so there is no problem in choosing one method for convenience. .

The encrypted block that has passed through the mapping unit 13 and the encrypted block that has been directly supplied to the data combining unit 14 are combined in the order of the block strings divided by the plaintext dividing unit 10 and output as ciphertext 8 (FIG. 4E). ). This ciphertext is written back to the magnetic disk on which the input plaintext was recorded, for example. FIG. 5 shows an embodiment of the encryption / decryption device according to the invention of claim 2, and its operation will be described with reference to FIG.

The input ciphertext 8 is divided into ciphertext blocks for every k bits by the ciphertext division unit 15. Next, the ciphertext block is divided by the ciphertext separation unit 16 depending on whether the ciphertext block is less than n or greater than n. Are separated (the non-shaded portion and the shaded portion of FIG. 6A).
The SA decoding processing unit 3 decodes the data and transmits it to the data synthesizing unit 19. On the other hand, for the ciphertext blocks of n or more, the inverse mapping unit 17 performs the inverse mapping based on the parameter based on the parameter (FIG. 6B). The parameters used in the inverse mapping unit 17 are generated from the values of the encryption keys n and e. This generation method is from n to 2
Encrypted data is generated by making all values up to ^k exactly the same as the cryptographic process. Keep this in memory and
To be able to associate 2 ^k plaintexts with their ciphertexts.

This inverse-mapped ciphertext block is RSA
The decoding processing unit 3 performs decoding, all bits are inverted by the bit inverting unit 18 (FIG. 6D), and the inverted data is used by the data synthesizing unit 1
9 is transmitted. In the data synthesizing unit 19, the blocks decrypted via the two paths are returned in the order of the block strings divided by the ciphertext dividing unit 15 to obtain the decrypted text. As described above, the plaintext encryption at the time of the encryption processing and the decryption of the ciphertext at the time of the decryption processing are established.

[0022]

According to the present invention, by selecting any one of the divisors of the data length to be encrypted, the same number of digits as the encryption key n in m-ary number representation can be obtained without lowering the encryption strength. Data can be encrypted and decrypted, and encryption does not increase the number of plaintext digits. Therefore, a ciphertext can be associated with a sector frame having a fixed data length in the same manner as plaintext.

[Brief description of drawings]

FIG. 1 is a diagram for explaining the reason ^why a value of n or more up to 2 ^k can be encrypted by using the present invention.

FIG. 2 is a block diagram showing a public key cryptosystem according to the present invention.

FIG. 3 is a block diagram showing an embodiment of an encryption device according to the invention of claim 1.

FIG. 4 is a diagram in which specific values are applied to the description of the operation of the apparatus of FIG.

FIG. 5 is a block diagram showing an embodiment of an encryption / decryption device according to the invention of claim 2;

6 is a diagram in which specific values are applied to the description of the operation of the apparatus in FIG.

FIG. 7 is a diagram illustrating an encryption operation using a conventional RSA encryption.

Claims (2)

[Claims] 1. Public disclosure using m-adic number (m: 2 or more), which is sufficiently longer than k digits (k: natural number), as plaintext, and uses the modular exponentiation calculation using the plaintext with a k-digit divisor n. In an encryption device of the key encryption method, a plaintext dividing unit that divides an input plaintext into k-digit blocks and a plaintext block divided into k digits by the plaintext dividing unit is n
The plaintext separating means for separating the above plaintext blocks and the plaintext blocks less than n, and the plaintext blocks of n or more separated by the plaintext separating means are defined as the absolute value of the difference between each digit and m-1. By using each digit inverting means for converting into a plaintext block of less than n, the plaintext block of less than n and the plaintext block converted to less than n using the public encryption keys e and n are encrypted blocks of less than n. An encryption means for converting the encrypted plaintext block to a value less than n and a mapping means for mapping the encrypted block to a value of n or more on a one-to-one basis; and a block encrypted without conversion. An encryption apparatus comprising: a combining unit configured to combine the mapped values of n or more into the order of corresponding plaintext blocks divided by the plaintext dividing unit. 2. Public disclosure using m-adic number (m: 2 or more), which is sufficiently longer than k digits (k: natural number), as plaintext, and uses the modular exponentiation calculation using the plaintext with a k-digit divisor n of m-adic number. In a decryption device for a ciphertext encrypted by a key cryptosystem, a ciphertext dividing unit that divides an input ciphertext into blocks of k digits, and ciphertext blocks divided by the cipher dividing unit are n or more ciphertext blocks. A ciphertext separating unit that divides the ciphertext block into n or less ciphertext blocks, and an inverse mapping to the ciphertext block of n or more to reverse the mapping performed in the encryption process to obtain a ciphertext block of less than n. This inverse mapping n using the mapping means and the private key d and the public encryption key n
A ciphertext block of less than or equal to n and a decryption unit for decrypting the ciphertext block of less than n to a plaintext block, and a decryption plaintext block for a ciphertext block of less than n due to the inverse mapping, the numerical value of each digit and m-1 Each digit inverting means for converting into a plaintext block of n or more by taking an absolute value of the difference between, and the plaintext block of n or more converted, and the decrypted plaintext block not converted are divided by the ciphertext dividing means. An encryption / decryption device comprising: a combining unit that combines the corresponding encrypted blocks in order.