JPH1063183A - Data encryption method for subscriber limitation receiving for digital broadcasting - Google Patents

Abstract

PROBLEM TO BE SOLVED: To make a data encryption method not inferior in terms of execution speed as well while maintaining high safety and confidentiality, by adding a byte shift function and dynamic allocation transform scheme to conventional data encryption standard algorithm. SOLUTION: The bit shift function(BSF) is executed before a right side block (32 bit)) is applied to the next round to deal with a linear cryptoanalysis. Namely, the bit shift function(BSF) is a method for comparing the input and output of an S box, analyzing the correlative relation thereof and determining a linear approximation equation relating to the nonlinear S box. The input of the bit shift function(BSF) is shifted by using a module path as an element for dealing with relating to the linear cryptoanalysis method. The dynamic allocation transform (DATA) is executed by using the round key (Ki) formed in order to intensify the function of an (f) function after the bit shift function(BSF) is executed. The confidentiality of the data is improved by proving the method with the element relating to differential cryptoanalysis.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a conditional access system (CAS) for realizing a pay broadcasting service in a digital satellite broadcasting system.
em) provides data for performing qualification control and qualification management functions.
In particular, the conventional protection methods include linear cryptography (LC: Linear Cryptanalysis) and differential cryptography (DC: D
The present invention relates to a method for encrypting data for subscriber restriction reception for digital broadcasting, to which an element capable of protecting against digital data (ifferential cryptography) is added.

[0002]

2. Description of the Related Art The encryption / decryption of a digital broadcasting system uses a 64-bit encryption system. Conventionally, the most widely used data encryption standard (DES: Data Enc
The ryption standard) algorithm is also configured with a 64-bit input / output and key system, and thus is applicable to the encryption / decryption system of the restricted reception system.

However, the conventional data encryption standard (D
The decoding method related to the (ES) algorithm has been published in many papers, and furthermore, with the rapid development of computer hardware, the operation speed of computers has been increasing day by day. Data Encryption Standard (DES)
There is a need for the development of new protection techniques with even higher confidentiality than algorithms. Since radio waves emitted from a communication satellite can be heard by anyone on the ground, there is a problem that leakage of encrypted data is easier than transmission through a communication line.

[0004] Therefore, it can be said that the development of an encryption system having a higher degree of security is inevitable, and a data encryption method having a high execution speed and a sufficient level of security is required for an encryption / decryption function. is required.

[0005]

The present invention, which has been proposed to solve the above-mentioned problems of the prior art, has higher security and confidentiality than the conventional data encryption method. SUMMARY OF THE INVENTION It is an object of the present invention to provide a data encryption method for subscriber limited reception for digital broadcasting which is not inferior in execution speed.

In order to achieve the above object, the present invention relates to a data encryption method for subscriber limited reception applied to a digital satellite broadcasting system, wherein an initial message given to an input message is replaced. After the first replacement with the table, the message is stored in two equal parts on the left and right sides, the stored right block is read out, divided into four equal parts and re-used by the function of the byte transfer function. Make the placement, 0,
The binary representation of the number of 1's at 4, 8, 12, 16, 20, 24, and 28 bit positions is divided into 6, and the remaining bits are compared with the values of the non-linear look-up table column. After determining the remaining bits as the value of the row of the look-up table and outputting the value of the look-up table corresponding to the determined row and column, did 16 rounds be repeated? , And if the 16th round is not repeated in the first step, the left block of the current round and the output value of the look-up table are XORed, and the XOR is calculated. The value made is applied to the right block position of the next round, and the look-up table of the current round is used.
The right block before being applied to the first block is applied to the left block position of the next round, and then the first block of the right block is read and divided into four equal parts.
If the round is repeated, a final step of performing a final substitution by a substitution table and outputting an encrypted message is included.

[0007]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, an embodiment of the present invention will be described in detail with reference to the attached drawings.

FIG. 1 is an overall block diagram of a digital broadcasting system to which the present invention is applied. In the drawing, "1" is a broadcast distribution network, "2" is a remultiplexing apparatus,
"3" is an input data format section, "4" is a monitor / alarm control section (MAC: Monitor, Alarm and Control), "5" is an encoder, "6" is a resource and subscriber management system / limitation. Receiving system, "7" is a multiplexer (MUX),
“8” indicates a satellite transmission device, “9” indicates a satellite, “10” indicates a receiving antenna, and “11” indicates a subscriber coupling unit.

The present invention relates to a resource and subscriber management system.
Restricted reception system (6) and receiver connection unit (Set-T
op-Box) 11
It is done in the world.

[0010] In the broadcast program generated by the broadcaster inputted through the broadcast distribution network 1, the MPEG2 data sequence is multiplexed by the remultiplexing device 2 and then inputted to the multiplexer 7 to be video / audio. The digital digital analog data is formed in the input data format section 3 and encoded by the encoder 5 and then input to the multiplexer 7.

A monitoring / alarm control unit (MAC: Monitor, Alarm a)
nd Control) has a function of controlling the states of the broadcast distribution network 1, the remultiplexing device 2, and the input data format unit 3.

The resource and subscriber management system / restricted reception system 6 outputs an RSMS data stream to a multiplexer 7 for paying for broadcasting at the transmitting station. To be transmitted. At this time, in order to protect the broadcast information data, such data is encrypted and transmitted by the resource and subscriber management system / restricted reception system 6.

The receiving section receives the broadcast data by the receiving antenna 10 and stores the encrypted data in a subscriber combining section (Set-Top-Box) 11 combined with the subscriber. Decoding is performed by the inserted smart card. This is because an information protection algorithm capable of restoring data is installed in the smart card.

FIG. 2 shows a general data encryption standard (DES).
FIG. 4 shows an explanatory diagram of the algorithm.

[0015] Data encryption standard (DES)
Standard) algorithm basically consists of 16 rounds, and encryption is performed by repeating the same operation process. Decryption is the same as the encryption process, but only the keys used need to work in reverse order.

Important techniques for implementing the Data Encryption Standard (DES) algorithm include replacement (P-box), substitution (S-box), and key scheduling.

The inside of the data encryption is in the form of 16 rounds of involution (involution), with an initial replacement IP (Initial Permutation) at the input and an inverse initial replacement (IP ^-1 ) at the output. It is configured. In the initial replacement IP table, the meaning of the given number indicates the position of the input review after the initial replacement.

In the key generation unit, first, after removing 8 bits of parity bits from the 64 bits of key,
From the remaining 56-bit key to the 48-bit operation key Ki (i = 1,
2,..., 16) are generated and act on the data encryption unit.

The f function is a bit selection table E having a large linear structure, a replacement P, and an S box (S-both) which is a table look-up method indicating a non-linear structure.
x).

The structure of the f-function is to extend the right block (32 bits) of the previous round to 48 bits by a bit extension table, and perform an exclusive OR (Exc) with each round key (48 bits).
lusive-OR). The result is applied to the S box, and the S box consists of eight S boxes (S1, S
2,..., S8), and each S box (B
ox) is configured in the form of a (4 × 16) matrix, and among the 6-bit inputs, the most significant bit (Most Significant)
Bit; MSB) and Least Significant Bit (LS)
B) has a non-linear structure in which the address of the row of the matrix is input to the address of the row, and the remaining 4 bits are input to the address of the column, and the 4-bit data stored at this address is output.

The input of all eight S boxes is 48 bits, and the output is 32 bits. Each S box (Box) has a property that when its input changes its one-bit value, at least its output two-bit value changes.

The 64-bit key data generates a 48-bit round key according to a round key schedule.
Used as a round key (ki) generated for each round.

FIG. 3 is a schematic diagram illustrating a data encryption method according to the present invention. In the present invention, 16 rounds are performed in the same manner for each round. This is a byte shifting function (BSF: Byte Shifting Fun) compared to the conventional Data Encryption Standard (DES) algorithm.
ction) and dynamic allocation conversion (DAT: Dynamic Allo
cation Transformation) The addition of a scheme, Linear Decryption (LC) and Differential Decryption
(DC).

According to the present invention, before the right block (32 bits) is applied to the next round, a bit shift function (BSF: Bit
Shifting Function) to support linear decryption (LC), and after performing the bit transfer function, dynamically allocate using the round key (Ki) generated to enhance the function of the f function. It has a structure that performs conversion (DAT) and has a corresponding element relating to differential decryption to improve the confidentiality of data.

FIG. 4 shows a bit transfer function (B) according to the present invention.
FIG. 4 shows an explanatory diagram of the operation of SF). This is a method of comparing the input and output of the S box (Box) and analyzing the correlation thereof to obtain a linear approximation equation for the non-linear S box (Box). ) Is used to move the input of the bit transfer function (BSF) using a module path.

Ri is the i-th round bit transfer function (BSF)
And the input 32-bit data is divided into four equal 8-bit blocks. The bit shift function (BSF) is defined as follows together with its key (Ki).

BSF (Ri, Ki) = (Ri1, Ri2, Ri3, Ri4) Ki = 0 (Ri2, Ri3, Ri4, Ri1) Ki = 1 (Ri3, Ri4, Ri1, Ri2) Ki = 2 (Ri4, Ri1, Ri2, Ri3) Ki = 3 Here, Ki is defined as follows.

[0028]

(Equation 1)

Accordingly, Ki is arbitrarily and evenly distributed with the following probability.

Prob {Ki = 0} = Prob {Ki = 1} = Prob {Ki = 2}
= Additional stability during the Prob {Ki = 3} = 0.25 bit shift function (BSF) is 2 ^67,
Very secure.

FIG. 5 is a diagram for explaining the operation of the dynamic assignment conversion (DAT) according to the present invention.

Dynamic allocation conversion according to the present invention
(DAT) is as follows.

It can be seen that the following substitutions have been added before each S box:

Ω: {0, 1, 2, 3, 4, 5} → {0,
1, 2, 3, 4, 5}, that is, a number occurs when 2 ⁶ = 64.

In the case of the conventional data encryption standard (DES) algorithm, the dynamic assignment conversion (DAT) is 2 × 4! For each S box. That is, 33 from the number in the case of 48
% Increase. This is from the case of 2 ⁶⁴ which is the total replacement (for 4 × 16 = 64) that the S box had
1/16, meaning an increase of approximately 6%.

This reduces the number of 0 of 60% of the sub-matrix Aπ of the conventional exclusive-OR (XOR) table by about 6%, and a more uniform exclusive-OR (XOR) table is created. To do.

FIG. 6 is a flowchart of one embodiment of the data encryption method according to the present invention, and operates as follows.

First, when a 64-bit message is input (100), the first permutation is performed by the given first replacement table (101), and then the 64-bit message is sent. Is stored in two equal parts of 32 bits each on the left and right sides (102).

The stored right block (32 bits) is read out, divided into 4 equal portions of 8 bits (103), and rearranged by the function of the byte transfer function (104), 0, 4,
The binary representation of the number of ones at the 8, 12, 16, 20, 24, and 28 bit positions is divided into six, and the remaining bits are determined as the values of the non-linear look-up table column ( 105), the remaining bits are determined as the values of the rows of the look-up table (106), and the values of the look-up table corresponding to the determined rows and columns are output (107). Thereafter, it is checked whether or not 16 rounds have been repeated (108).

If the 16 rounds have not been repeated, an exclusive OR (XOR) operation is performed between the left block of the current round and the output value of the lookup table (109). The value obtained by performing the exclusive OR operation is applied to the block position on the right side of the next round, and the look-up table of the current round is used.
After the right block before being applied to the next block is applied to the position of the left block in the next round (110), the process 103 and the subsequent steps of reading the right block and dividing it into four equal parts are repeated up to 16 rounds.

After 16 rounds are repeated, the replacement text
The final replacement is performed by the table (111), and an encrypted message is output (112).

The present invention, which operates as described above, prevents encrypted data from being easily decrypted, and is superior in security, theoretically or experimentally, to the conventional method. Instead, the conventional method is designed in addition to the standard method, so that in terms of compatibility, the conventional method can be rearranged and used as it is.

The present invention described above can be used by those having ordinary knowledge in the technical field to which the present invention belongs.
Since various substitutions, modifications, and changes can be made without departing from the technical concept of the present invention, the present invention is not limited to the above-described embodiments and drawings.

[Brief description of the drawings]

FIG. 1 is a configuration diagram of a digital broadcasting system to which the present invention is applied.

FIG. 2 is an explanatory diagram of a general data encryption standard (DES) algorithm.

FIG. 3 is a schematic explanatory diagram of a data encryption method according to the present invention.

FIG. 4 is an explanatory diagram of an operation of a bit transfer function (BSF) according to the present invention.

FIG. 5 shows a dynamic assignment conversion (DA) according to the present invention.
It is operation | movement explanatory drawing of T).

FIG. 6 is a flowchart of one embodiment of a data encryption method according to the present invention.

[Explanation of symbols]

1: Broadcast distribution network 2: Remultiplexer 3: Input data format unit (Formatter) 4: Monitor / alarm control unit (MAC: Monitor Alarm and Control)
l) 5: Encoder 6: Resource and subscriber management system / restricted reception system 7: Multiplexer (MUX) 8: Satellite transmission device 9: Satellite 10: Receiving antenna 11: Subscriber coupling unit (Set-Top Box)

Continuing on the front page (72) Inventor Hyunsook Cho Republic of Korea, Daejeon, Yusong, Io-eun-dong, Hanvit Apartment 131-1306 ) Inventor Kyung Ho South Korea, Seoul, Jongnok, Naesdon 167

Claims (2)

[Claims] In a data encryption method for subscriber limited reception applied to a digital satellite broadcasting system, an input message is provided with a first initial table given by a first initial table provided. After the message is stored, the message is divided into two equal parts on the left and right sides, and the stored right-hand block is read out, divided into four equal parts, and rearranged by the function of the byte transfer function. 4, 8, 12, 16, 20, 24,
The binary representation of the number of 1s at the 28-bit position is divided by 6, and the remaining bits are looked up in a non-linear look-up table.
After determining the value of the column of the table and the remaining bits as the value of the row of the look-up table, outputting the value of the look-up table corresponding to the determined row and column, 16 The first stage (100 to 100) to check if the round was repeated
8), If the 16th round is not repeated in the first stage (100 to 108), the block on the left side of the current round and the output value of the look-up table are XORed, and exclusive OR is performed. The value obtained by logical OR is applied to the position of the right block of the next round, and the previous right block applied to the lookup table of the current round is applied to the position of the left block of the next round. After the first stage
Read out the block on the right side of (100-108) and divide it into four equal parts.After repeating 16 rounds, perform the final prefix with the prefix table and output the encrypted message. Subscriber receiving data for digital broadcasting characterized by including a second step (109-112)
Data encryption method. 2. The input data of the first stage (100-108) is:
After prefixing it as a 64-bit unit, 32 bits at a time
2. The method according to claim 1, wherein the data is divided into equal parts.