JPH07177139A - Data disturbance circuit - Google Patents

Abstract

PURPOSE:To simplify the configuration and to reduce the cost by applying different transposition to bit data comprising plural bit strings based on the value of a received key and applying prescribed character conversion to the transposed bit data. CONSTITUTION:A variable transposition section 11 applies different transposition to bit data comprising plural bit strings based on the value of a received key and a fixed character conversion section 12 applies predetermined character conversion to the transposed bit data. Thus, character conversion and transposition are applied to bit data and the character conversion is fixed, then the configuration of character conversion is simplified. Furthermore, a data disturbance control section 15 is provided, which controls implementation of plural number of times of transposition and character conversion to the variable transposition section 11 and the fixed character conversion section 12, and the variable transposition section 11 is preferably provided with a variable bit replacement section 111 replacing bit data with a key between adjacent bit data and a fixed transposition section 112 applying prescribed transposition to the replaced bit data.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data disturbing circuit applicable to data encryption / authentication in a computer system or a communication system.

[0002]

2. Description of the Related Art In recent years, as computer systems have become OA and electronic, many users have come to access one computer system. Therefore, there is a possibility that the confidential data may be leaked to another person when the confidential data is transmitted and received. Therefore, when storing confidential data in the external storage medium, it is necessary to retain the confidential data by encryption.

In recent years, small and lightweight communication devices such as mobile phones have become widespread, and even in such devices, data encryption is required to prevent wiretapping. Alternatively, when a communication terminal requests communication, by determining whether the communication terminal is a legitimate communication terminal,
There is a demand for an authentication technology that illuminates the validity of the terminal.

In this case, the terminal to be communicated to receive the authentication transfers a unique identification number to the communication terminal of the other party,
Even if the identification code was intercepted by another device, the data had to be encrypted so that the content could not be understood.

DES (Da
ta Encryption Standard) method and FEAL (Fast Data)
An encryption method such as the Encipherment Algorithm) method is adopted. FEAL is an algorithm open type secret key cryptosystem, and high-speed cryptographic processing can be realized by software.

The DES method is one of common key methods which is an encryption method using the same key or a pair of keys from which one can be easily derived, and is a complex combination of random numbers, substitutions and transpositions. . Substitution is the procedure of replacing a character with another character in the manner specified by the key. Transposition is a procedure for changing the order of characters. There is a data disturbing circuit that disturbs the data by performing such substitution and transposition so that the data cannot be decrypted by others.

For example, a data disturbing circuit 20 as shown in FIGS. 8 (a) and 8 (b) has a basic structure and is constructed by connecting a fixed transposing unit 21 and a convertible character unit 22 in parallel. .
In this fixed transposition unit 21, for example, as shown in FIG. 9, a predetermined transposition is performed on 8-bit bit data.

As shown in FIG. 10, the convertible character part 22 has, for example, four replacement tables 23a to 23a which perform different replacements.
23d and a selector 26. In the substitution table 23a, when bit data "0" arrives, the substitution is performed for A, and when the substitution data 23b receives bit data "0", the substitution is performed for B. Then, the selector 26 selects one of the substitution tables according to the selector signal so as to perform the convertible letters.

By repeating such transposition and substitution, the data is complicatedly encrypted so that it cannot be decrypted. Further, in the example shown in FIG. 11, a plurality of data disturbing circuits as shown in FIG. 8 are connected in cascade, and the data bits input in each data disturbing circuit are replaced and transposed in order. Therefore, the data is disturbed by transposing and transposing by the number of data disturbing circuits. For example, in the case of the DES method, character substitution and transposition are repeated 16 times.

[0010]

However, the convertible character portion 22 requires many elements in order to make the character substitution variable. For example, when a circuit is composed of a large-scale integrated circuit (LSI), hardware of 5000 gates or more is required. For this reason, the circuit becomes complicated and
The cost was high.

Further, even when the characters are transposed and transposed by software, a general-purpose processor is required due to the memory capacity and the processing speed, resulting in a high cost. The present invention is
The present invention has been made in view of such a point, and an object thereof is to provide a data disturbing circuit having a simple configuration and capable of reducing the cost.

[0012]

The present invention has the following constitution in order to solve the above problems. FIG. 1 shows the principle of the present invention.

The data disturbing circuit of the present invention comprises a variable transposing unit 1
1, the fixed character-changing part 12 was provided. The variable transposing unit 11 performs different transposition on the bit data composed of a plurality of bit strings depending on the value of the input key.

The fixed substituting unit 12 performs a predetermined substituting on the bit data transposed by the variable transposing unit 11. Further, the present invention is provided with a data disturbance control unit 15 for controlling the variable transposition unit 11 and the fixed transposition unit 12 to transpose and transpose a plurality of times.

The variable transposing unit 11 includes a variable bit replacing unit 111 and a fixed transposing unit 112.
The variable bit swapping unit 111 swaps bit data between adjacent bit data according to a key value.

The fixed transposition unit 112 performs a predetermined transposition on the bit data exchanged by the variable bit exchange unit 111. Also, the variable bit replacement unit 111 is configured by selectors 24 corresponding to the number of bits, and each selector 24 is configured to select one bit data of two adjacent bit data according to a key value. Become.

[0017]

According to the present invention, first, the variable transposing unit 11 performs different transposition on the bit data consisting of a plurality of bit strings depending on the value of the input key. And the fixed replacement part 1
2 performs a predetermined substitution on the bit data transposed by the variable transposing unit 11.

As a result, the character substitution and transposition can be performed on the bit data, and the character substitution is fixed, so that the composition of the character substitution can be simplified.

[0019]

Embodiments of the data disturbing circuit of the present invention will be described below. FIG. 2 is a configuration block diagram of an embodiment of the data disturbing circuit of the present invention. <Structure of Embodiment> In FIG. 2, the data disturbing circuit 10 includes a variable transposing unit 11, a fixed character changing unit 12, and a data disturbing control unit 1.
5, a key generation circuit 130 is provided.

The variable transposing unit 11 performs different transposition on the bit data consisting of a plurality of bit strings depending on the value of the input key. The fixed substituting unit 12 performs predetermined substituting on the bit data transposed by the variable transposing unit 11.

The data disturbance control unit 15 includes the variable transposition unit 1
1 and the fixed substituting unit 12, and controls the variable transposing unit 11 and the fixed substituting unit 12 to perform transposition and substituting a plurality of times.

The variable transposing unit 11 is provided with a variable bit replacing unit 111 and a fixed transposing unit 112.
The variable bit swapping unit 111 swaps bit data between adjacent bit data according to the value of the key 13 generated by the key generation circuit 130.

The fixed transposition unit 112 performs a predetermined transposition on the bit data exchanged by the variable bit exchange unit 111. Also, the variable bit replacement unit 111 is configured by selectors 24 corresponding to the number of bits, and each selector 24 is configured to select one bit data of two adjacent bit data according to a key value. Become.

FIG. 3 shows an example of the configuration of the variable transposition unit. As shown in FIG. 3, the variable bit interchange unit 111 is a pair of 2-input selectors (hereinafter, referred to as SEL) 24a to 2a.
4h is installed side by side, and adjacent bit data is exchanged according to the value of the key 13 input from the outside.

Here, the number of bits is generally about 32 or 64 bits. In the example,
For simplicity, the number of bits is 8 bits and IN1 to IN8
To bit positions 1 to 8 are input to positions P1 to P8. Note that the bit data is a digital value of "0" and "1", but the bit data 1 to 8 were used for the explanation of the bit interchange.

Here, for example, the SELs 24a and 24b select either the bit data 1 at the position P1 or the bit data 2 at the position P2. The fixed transposition unit 112 is SE
The data from L24a is transposed to position P1, the data from SEL24b to position P5, and the data from SEL24c to position P2. The fixed transposing unit 112 is the SEL 24d.
The data from 1 is transposed to the position P6, the data from the SEL 24e is transposed to the position P3, and the data from the SEL 24f is transposed to the position P7. Furthermore, the fixed transposition unit 112 is SEL24g.
The data from 1 is transposed to the position P4, and the data from the SEL 24h is transposed to the position P8.

The outputs of the respective positions P1 to P8 of the fixed transposing unit 112 are the fixed character changing unit 12 and the data disturbance control unit 15 (not shown).
Is input to IN1 to IN8 via. That is, the data disturbance control unit 15 is configured to repeat a plurality of rotations and substitutions.

FIG. 4 shows the detailed structure of the variable bit replacement unit. Here, for example, as a part, the SEL 24a, 2
4b shows the configuration. Ports PT1 and PT2 are provided in each of the SELs 24a and 24b, and bit data 1
Is input to PT1 of SEL24a or PT2 of SEL24b. Bit data 2 is SEL
It is adapted to be input to PT2 of 24a or PT1 of SEL 24b.

When the key 13 is "H", the SEL 24a is "
1 "is output, and the SEL 24b outputs" 2 ". Key 1
When 3 is "L", the SEL 24a outputs "2" and S
The EL 24b outputs "1". <Operation of Embodiment> FIG. 5 is a flowchart showing the processing of the embodiment. The operation of the embodiment will be described with reference to FIG. First, when the key generation circuit 130 generates the key 13, the variable bit replacement unit 111 inputs the key 13 (step 101).

Next, depending on the value of the key 13, each SEL 24a
24h replaces the bit data (step 1)
02). For example, in the example shown in FIG. 3, SELs 24a, 2
4b selects either bit data 1 at position P1 or bit data 2 at position P2. SEL24c, 24
d selects either bit data 3 at position P3 or bit data 4 at position P4.

The SELs 24e and 24f select either the bit data 5 at the position P5 or the bit data 6 at the position P6. SELs 24g and 24h select either bit data 7 at position P7 or bit data 8 at position P8.

Further, the fixed transposition unit 112 executes fixed transposition on the exchanged bit data (step 103). For example, in the example shown in FIG. 3, the fixed transposition unit 1
12, the data ½ from the SEL 24a is transposed to the position P1, and the data ½ from the SEL 24b is transposed to the position P5.

The data 3/4 from the SEL 24c is set to the position P.
2 is transposed, and the data 3 or 4 from the SEL 24d is transposed to the position P6. The data 5/6 from the SEL 24e is transposed to the position P3, and the data 5/6 from the SEL 24f is transposed to the position P7. Further, the data 7/8 from the SEL 24g is transposed to the position P4, and the data 7/8 from the SEL 24h is transposed to the position P8.

Further, the fixed substitution part 12 executes fixed substitution on the bit data (step 104). Here, the fixed substitution part 12 performs fixed substitution on each bit data by using one substitution table 23a as shown in FIG.

Next, it is determined whether the data disturbance control unit 15 repeats the variable transposition and fixed transposition processing a plurality of times (step 105). Here, when it is necessary to repeatedly perform variable transposition and fixed substitution, the process returns to step 102, and steps 102 to 10 are performed.
The process of 4 is repeated.

For example, the bit swapping operation twice or three times will be described. Here, for simplicity, bit data 1
Or, the bit swapping operation of 2 will be described.
In the second bit swapping operation shown in FIG. 6, the bit data 1/2 at the position P5 of the fixed transposing unit 112 returns to IN5 via the fixed transposing unit 12 and the data disturbance control unit 15 by the first bit swapping operation.

The bit data 1/2 is SEL
It is selected by 24e and 24f. Furthermore, SEL24
The bit data 1/2 selected by e is the fixed transposing unit 1
It is transposed to the 12th position P3. The bit data 1/2 selected by the SEL 24f is the position P of the fixed transposing unit 112.
Transposed to 7.

Next, in the third bit swapping operation shown in FIG. 7, the fixed transposition unit 1 is executed by the second bit swapping operation.
The bit data 1/2 at the position P3 of 12 returns to IN3 via the fixed substituting unit 12 and the data disturbance control unit 15.

This bit data 1/2 is SEL
The bit data 1/2 selected by 24c and 24d and selected by the SEL 24c are transposed to the position P2 of the fixed transposing unit 112. The bit data 1/2 selected by the SEL 24d is transposed to the position P6 of the fixed transposing unit 112.

In this way, the bit data 1/2 originally located at the position P1 of IN1 can be replaced with the arbitrary positions P1 to P8 of the fixed transposing unit 112. Note that other bit data 3/4, 5/6, and 7/8 can be replaced at arbitrary positions by repeating the same process as the above-described process of bit data 1/2.

That is, a plurality of SELs 24 having a simple structure
When the transposition and the transposition are performed a plurality of times using a to 24h and the fixed transposition unit 112, the bit data can be exchanged at an arbitrary position.

On the other hand, in the conventional configuration, a plurality of substitution tables and selectors are used as shown in FIG. 10 when substituting, so that the construction is awkward.
According to this embodiment, as described above, the structure of the data disturbing circuit can be simplified and the cost can be reduced.

Finally, when it is not necessary to perform variable transposition and fixed substitution for a plurality of times, or after these processings have been performed a plurality of times, the processing ends. As described above, according to the embodiment, bit data can be transposed to any position by repeating the bit exchange and transposition a plurality of times with a simple configuration.

Such a data disturbing circuit is used for data encryption and authentication in a computer system and communication equipment, and its effect is great. For example, data encryption is performed using the DES method.

DES is a block cipher that inputs 64-bit plaintext (ciphertext) and outputs 64-bit ciphertext (plaintext) under the control of a 56-bit key. DES encrypts and decrypts in units of 64-bit data blocks. The length of the key is 56 bits (64 bits if 8 parity bits are added).

The cryptographic algorithm is based on the transposition type and the substitution type. In DES encryption, by repeating the process of appropriately combining these transpositions and substitutions,
The plaintext bit patterns are mixed and converted into ciphertexts that do not make sense. Further, in the decryption, the original plaintext is decrypted by reversely stirring.

Furthermore, even when substituting and transposing are realized by software, they can be realized by a low-priced microcomputer or the like in terms of memory capacity and processing speed. In the embodiment, the data disturbance control unit is used to perform the character changing and transposing processes a plurality of times. However, for example, a plurality of data disturbing circuits of the embodiment are provided and these are connected in cascade. Then, each data disturbing circuit may sequentially perform character substitution and transposition.

[0048]

According to the present invention, when the variable transposing unit performs different transposition on the bit data consisting of a plurality of bit strings depending on the value of the input key, the fixed transposed portion is transposed by the variable transposing unit. Perform a predetermined substitution on the data.

As a result, the substitution and transposition can be performed on the bit data, and the substitution is fixed, so that the configuration of the substitution can be simplified.

[Brief description of drawings]

FIG. 1 is a principle diagram of a data disturbing circuit of the present invention.

FIG. 2 is a configuration block diagram of an embodiment of a data disturbing circuit of the present invention.

FIG. 3 is a configuration diagram of a variable transposition unit according to an embodiment.

FIG. 4 is a configuration diagram of a variable bit replacement unit.

FIG. 5 is a flowchart showing the processing of the embodiment.

FIG. 6 is a diagram showing a second bit swapping operation of the variable transposing unit.

FIG. 7 is a diagram showing a third bit swapping operation of the variable transposing unit.

FIG. 8 is a diagram showing an example of a conventional data disturbing circuit.

FIG. 9 is a diagram showing fixed transposition.

FIG. 10 is a configuration diagram of a convertible character portion.

FIG. 11 is a diagram showing another example of a conventional data disturbance circuit.

[Explanation of symbols]

 10, 20 ... Data disturbance circuit 11 ... Variable transposition unit 12 ... Fixed transposition unit 13 ... Key 15 ... Data disruption control unit 21 ... Fixed transposition unit 22 ... Convertable character unit 23a-23d ... Substitution Tables 24a to 24h, 26..SEL (selector) 111..Variable bit exchange unit 112..Fixed transposition unit 130..Key generation circuit

Front page continuation (72) Inventor Ryota Akiyama 1015 Kamiodanaka, Nakahara-ku, Kawasaki-shi, Kanagawa Fujitsu Limited

Claims (4)

[Claims] 1. A variable transposing unit (11) that performs different transposition according to a key value input to bit data composed of a plurality of bit strings, and bit data transposed by the variable transposing unit (11). A data disturbing circuit, comprising: a fixed substitution part (12) for performing a predetermined substitution. 2. The data disturbance control unit (15) according to claim 1, further comprising a data disturbance control unit (15) for controlling the variable transposition unit (11) and the fixed transposition unit (12) to perform transposition and transposition a plurality of times. A data disturbance circuit characterized by the above. 3. The variable transposition part (1) according to claim 1,
1) is a variable bit exchange unit (1) that exchanges bit data between adjacent bit data according to a key value.
11) and a fixed transposing unit (112) for performing a predetermined transposition on the bit data exchanged by the variable bit exchanging unit (111), a data disturbance circuit. 4. The variable bit replacement unit (111) according to claim 3, comprising selectors (24) corresponding to the number of bits, and each selector (24) has two adjacent keys depending on a key value. A data disturbing circuit, characterized in that it is configured to select one of the bit data.