JPH11212451A - Criptographic device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a cryptographic device which has a high processing speed and a general usefulness and can cope with any kind of cryptography and is suitable for processing of common cryptography adopting exclusive OR, cyclic shift, and remainder operation with essential transposition and conversion like DES or FEAL. SOLUTION: A transposition processing means 201 for execution of an arbitrary transposition processing, a conversion processing means 202 for execution of an arbitrary conversion processing, a storage means where the processing result of the transposition processing means 201 and that of the conversion processing means 202 are stored, and a means which uses the processing results in the storage means to repeat the transposition processing and the conversion processing are provided. The transposition processing means 201 consists of a rewritable switch matrix, and the conversion processing means 202 consists of a rewritable random access memory.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a cryptographic processing device, and in particular, has a high processing speed, is versatile,
The present invention relates to a cryptographic processing device that can be adapted to any type of cryptography.

[0002]

2. Description of the Related Art Conventionally, various schemes have been proposed as encryption schemes. As a typical example, there is a type called a symmetric encryption in which an encryption key code and a decryption key code are the same, that is, a so-called conventional encryption. A representative example is the data encryption standard DES (Data Encryption S), which was established by the US Bureau of Standards and Commerce in 1977.
standard). In Japan, there is a system called FEAL developed and proposed by Nippon Telegraph and Telephone Corporation.
The basis of these conventional cryptographic techniques is to encrypt transmission data and files by a method of substitution, transposition, or a combination of both.

[0003] Substitution encryption (substitution)
cipher) has a long history. It replaces a character with another character. A code book method that creates a correspondence table of the replaced character for each character in advance. Caesar shifts characters by a certain number. Encryption (Vigi) that periodically changes the key of the
ner cipher). Similarly,
Transposition cipher
In r), the message is divided for each fixed number of characters, ie, a period, and the character arrangement is changed for each divided number of characters.

[0004] A combination of the above-described substitution method and transposition method is a mixed method. One of them is DES, which divides the message into 64-bit blocks,
Substitution and transposition are repeated 16 times using a 64-bit key, which is characterized by high encryption strength. The key code used at this time must be kept secret (secret key method). The algorithm of this DES is public. In the case of DES, there are 2 ⁵⁶ (about 10 ¹⁷ ) types of keys, and it is said that it takes an enormous amount of time to find a key code according to an algorithm.

In the DES, first, substitution, transposition, or bit shift is sequentially performed on a 56-bit key arbitrarily provided by a user, and each 48-bit key is converted into 16 keys from K1 to K16.
Make seeds. Next, the message is divided into 64-bit blocks, and each block is converted into a 64-bit ciphertext. That is, first, one message block is divided into a left half L0 and a right half R0 of 32 bits each. Next, the following operation is performed 16 times. Ln = Rn-1 Rn = Ln-1 + f (Kn, Rn-1)

The sum of the above equation is modulo 2 for each digit (Mod
2), that is, the exclusive OR, and f (K, R)
Is an operation of expanding a 32-bit R into 48 bits by appropriate transposition, and performing a kind of substitution using the 48-bit key Kn, and again converting it to 32 bits. The above equation is converted 16 times to obtain 64 bits of ciphertext.

The cipher system represented by the DES is also called a block cipher, and is suitable for dividing a message into a certain length and encrypting the message. On the other hand, there is a stream cipher system in which a data string constituting a message is encrypted one bit at a time. A typical example is a substitution cipher using a random number, Vernam cipher.
It has been known. Also in Japan, there is a stream cipher announced by Okamoto in 1993.

As a concrete means for realizing the encryption system represented by the DES, a general-purpose microprocessor of 8 bits, 16 bits or 32 bits can be used. In this case, encryption processing is executed by control software of the microprocessor, and an average processing capability of 1K to 1 Mbps is obtained. Also, a dedicated LSI for encryption processing has been developed, and in that case, a processing capacity of 1 M to 100 Mbps has been obtained. In recent years, the processing capability of microprocessors used in personal computers has improved,
In many cases, encryption processing is performed only by software.

Another one of the encryption systems is a public key system devised to eliminate the troublesome key management of the secret key system. The public key system is an asymmetric cryptosystem that uses different key codes for encryption and decryption, respectively.
The principle of public key cryptography was introduced in 1976 by Diffie and Hel
lman and then in 1978 R
est, Shamir, Adleman, R
The SA crypto was proposed, and in 1985 ElGamal
Proposed the El Gamal cipher. The RSA cryptosystem, which is a representative of asymmetric cryptosystems, uses a modular exponentiation operation. Even if a dedicated LSI developed for this cryptographic process is used, the processing speed obtained is an average of 1 Kbps to 100 Kbps.
bps, and it is difficult to speed up the encryption process as compared with conventional encryption using a secret key.

[0010]

Conventional cryptography represented by DES is cryptographically processed by combining processing elements such as transposition processing, substitution processing, exclusive OR, cyclic shift, and remainder operation. If all processing elements are to be implemented in software, no significant processing power is available. On the other hand, if all elements of the cryptographic processing including the processing elements are made into dedicated LSIs, high processing performance can be obtained, but the apparatus becomes very expensive in view of the market size of the cryptographic processing. Accordingly, an object of the present invention is to provide a cryptographic processing device that has a high processing speed, is versatile, and can cope with any type of cryptography. In particular, the present invention mainly deals with transposition and substitution as in DES and FEAL. It is an object of the present invention to provide a cryptographic processing device suitable for processing of a conventional cryptosystem that performs an exclusive OR, a cyclic shift, and a remainder operation.

[0011]

According to a first aspect of the present invention, there is provided a cryptographic processing apparatus comprising: a transposition processing unit for executing an arbitrary transposition process; and a substitution processing unit for executing an arbitrary transposition process. Processing means; storage means for storing a processing result by the transposition processing means and a processing result by the substitution processing means; and means for repeating transposition processing or substitution processing using the processing result of the storage means. ing.

Further, the cryptographic processing device of the present invention is characterized in that
The transposition processing means is constituted by a rewritable switch matrix, and the substitution processing means is constituted by a rewritable random access memory. Have been.

[0013]

DESCRIPTION OF THE PREFERRED EMBODIMENTS (Mechanism of DES Cryptography) Before describing an embodiment of the present invention, an outline of DES, which is a representative of conventional cryptography using a secret key, will be described first.
FIG. 11 is a block diagram of the encryption processing in the DES. In DES, first, a 64-bit key code K
, 16 kinds of series key codes K1 to K16 are generated. First, the 64-bit key code K is reduced to 56 bits in the contracted transposition process PC1.
After performing predetermined code agitation by the transposition process, the top 28
It is divided into bit C0 and lower 28 bits D0. Next, the obtained C0 and D0 are respectively converted into C1 and D1 by performing a left cyclic shift process LS1 of a predetermined number of bits.

Again, C1 and D1 combined into 56 bits
Is reduced to 48 bits in the reduced transposition process PC2, and the transposition process is performed to agitate the code to obtain a sequence key code K1. On the other hand, C1 and D1 subjected to the left cyclic shift processing in LS1 are sequentially subjected to the left cyclic shift processing represented by LSn, and are converted into Cn and Dn, respectively. Based on Cn and Dn, a reduced transposition process PC2 is performed to obtain a 48-bit sequence key code Kn, that is, 16 types of sequence key codes K1 to K16.

In encrypting a message in the DES, first, the message is divided into 64 bits, and each plaintext data M of 64 bits is subjected to an encryption process.
In the encryption processing of the plaintext data M, first, the initial transposition processing I
After the plaintext data M is mixed by P, it is divided into upper 32 bits L0 and lower 32 bits R0. Encryption is
The upper and lower 32-bit data divided into two are processed by using the sequence key code Kn, that is, K1 to K16. This encryption process is performed 16 times based on the following equation. Ln = Rn-1 Rn = Ln-1 + f (Kn, Rn-1)

The sum in the above equation is a sum modulo 2 for each digit (Mod2), that is, an exclusive OR. The function f (K, R) is obtained by enlarging a 32-bit R into 48 bits by an extended transposition process and then performing a kind of substitution using the 48-bit sequence key code Kn, and again converting the 32-bit R to a 32-bit value. This is the conversion operation. The above process is repeated 16 times, and after the obtained L16 and R16 are exchanged, the inverse initial transposition process IP- ¹ is performed to obtain 64-bit ciphertext data C.

FIG. 13 shows details of the processing of the function f (K, R) in the DES. As shown in the figure, the function f
The processing of (K, R) is performed first by using a 32-bit original character string Rn.
Is enlarged to 48 bits by the enlargement transposition process E, and the data is agitated. Next, an exclusive OR with the 48-bit key code Kn obtained in the series key code generation processing is obtained. Next, the obtained 48-bit data is divided into 8 blocks of 6 bits each,
The data is subjected to the substitution processing shown in S8 to S8 to agitate the data to obtain 4-bit substitution data. Further, the substitution processing S
Transposition processing P is performed on the 4 × 8 = 32-bit substitution data obtained in 1 to S8 to agitate the data to obtain a 32-bit substitution string.

The above description is an example of encryption processing in DES. Next, a decryption method for decrypting the encrypted data into the original message will be described. FIG.
Is a block diagram of the decryption of the DES ciphertext. In decryption of a ciphertext, similarly to the encryption, first, a series key code for decryption is generated. As shown in the figure, the DES decryption key code is first reduced to 56 bits in the reduced transposition process PC1 based on the same 64-bit key code K as the key code used for encryption. After a predetermined code agitation is performed by the transposition process, the data is divided into upper 28 bits C16 and lower 28 bits D16. Then, the obtained C
16 and D16 are combined, and the reduced transposition process PC2 generates 4
The code is reduced to 8 bits, and the code is agitated by the transposition process to obtain the first sequence key code K16.

On the other hand, C obtained by contracted transposition processing PC1
16 and D16 are subjected to right cyclic shift processing by RS15, and are converted into C15 and D15. Based on these C15 and D15, a contracted transposition process PC2 is performed to obtain a 48-bit key sequence code K15. Similarly, a decoding sequence key code Kn (not shown), that is, K16 to K1, is obtained based on Cn and Dn (not shown) obtained by the right cyclic shifts RS15 to RS1. In the DES, these series key codes K16 to K1 for decryption are the same as the key series codes K1 to K16 generated in the above-described encryption processing, and the order of generation is only reversed.

In the decryption of the ciphertext in the DES, first, the ciphertext is divided into 64 bits, and each 64-bit ciphertext data C is subjected to a decryption process. In the decryption process of the ciphertext C, first, the ciphertext data C is agitated by the initial transposition process IP, and then the upper 32 bits L
16 and lower 32 bits R16. Decoding is performed on the upper and lower 32-bit data divided into two,
The decryption sequence key code Kn, that is, K16 to K1
Is processed using This decoding process is performed 16 times based on the following equation. Rn-1 = Ln Ln-1 = Rn + f (Kn, Ln)

The sum of the above equation is modulo 2 for each digit (Mod
2), that is, an exclusive OR. The function f (K, L) is obtained by expanding L of 32 bits by 4
Expanded to 8 bits, the 48-bit sequence key code Kn
This is an operation to convert again to 32 bits while performing a kind of substitution using. The above process is repeated 16 times, and the last obtained L0 and R0 are exchanged. Then, the inverse initial transposition process IP- ¹ is applied to obtain 64-bit decoded text data M-1.
Is obtained. In the above-described decryption processing, the upper and lower 32-bit data are processed in the same manner as in the encryption processing, but the basic processing procedure is executed by the same logic as the encryption processing.

In the DES encryption process described above, various transposition processes are performed, and a specific example of the process is shown in FIG. FIG. 10 is a table showing to which output bits the input bits in each of the transposition processes IP, E, P, IP ⁻¹ , PC1 and PC2 executed by the DES are output. For example, in the initial transposition process IP, the data of the 58th bit of the input bit is replaced with the first bit of the output bit.
This indicates that the data of the 50th bit of the input bit is output to the second bit of the output bit. Similarly, the relationship between input bits and output bits in each transposition process is shown.

In the DES encryption process, an initial transposition process IP, an enlarged transposition process E, and an inverse initial transposition process I
In P- ¹ , the arrangement of input / output bits is fixed by convention. On the other hand, transposition processes PC1 and PC1, which are executed in a part for generating sequence key codes K1 to K16 from key code K,
2, and function f (K, R) or function f (K, L)
The arrangement of the transposition processing P executed in the processing of (1) can be changed by the user of the DES.
The conversion example shown in FIG.

Similarly, in the DES encryption process, FIG.
FIG. 9 shows a specific example of the substitution processing S1 to S8 executed in the processing of the function f (K, R) shown in FIG. FIG.
In the substitution processing S1 to S8 executed by the DES, the contents of 4-bit output data corresponding to 6-bit input data in each substitution processing are shown in a table. This table indicates that, for example, if the input data in the substitution process S1 is 2
When the value is “000000” in base, it indicates that the output data is “1110”. Hereinafter, similarly, each of the substitution processing S1 to S8
6-bit input data "000000" to "111111"
, The output 4-bit substitution data is partially omitted. According to the DES rules, the contents of the output data of the substitution processing S1 to S8 are not fixed, and can be changed by the user of the DES. The array shown in FIG. is there.

(Mechanism of FEAL Cryptography) FEAL, which is one type of conventional encryption using a secret key, is an encryption method developed by Nippon Telegraph and Telephone Corporation, and uses a 128-bit or 64-bit key code to generate 64 bits. Converts a message that is blocked bit by bit into ciphertext. The DE
In S, the message is agitated 16 times in the encryption process, whereas in FEAL, the agitation process is performed 4, 8, 16, or 32 or more times. In addition, in the encryption process, a two-bit cyclic shift and a remainder operation (mo
d256) is used. Further, when generating a sequence key code and mixing data, the data length is divided into blocks of 8 bits for processing, which is more suitable for high-speed processing and software processing than DES.

(Summary of the present invention) In the present invention, the D
An object of the present invention is to obtain a cryptographic processing device that performs encryption processing such as ES and FEAL, and decryption processing, which has a high processing speed, is versatile, and can cope with any type of encryption. The present invention provides a cryptographic processing apparatus suitable for processing of conventional cryptography for performing transposition, substitution, exclusive OR, cyclic shift, and remainder operation. That is, the cryptographic processing device of the present invention executes a transposing process and a dedicated means for performing at least the transposing process among cryptographic processing elements such as transposition and substitution, exclusive OR, cyclic shift, and remainder operation. And a dedicated means for performing the transposition process or the substitution process a predetermined number of times by using any one of the means.

(Configuration of Apparatus) Next, the configuration of the cryptographic processing apparatus of the present invention will be described in detail with reference to the drawings of the embodiments. FIG. 1 is a conceptual diagram of the cryptographic processing device of the present invention. FIG. 2 is a block diagram showing a configuration example of the entire cryptographic processing device of the present invention. FIG. 3 is a block diagram showing a detailed embodiment of the encryption processing unit.

(Outline of Apparatus) First, an outline of the encryption processing apparatus of the present invention will be described with reference to FIG. In the figure, reference numeral 1 denotes a cryptographic processing device. The cryptographic processing device 1 is a device that receives plaintext data M or ciphertext data C, encrypts the plaintext data M into ciphertext data C, and decrypts the ciphertext data C into plaintext data M. The cryptographic processing device 1 includes a control unit 100 for performing a cryptographic process, a transposition processing unit 201 for performing a transposition process among the cryptographic processes, and a dedicated permutation process for performing a permutation process. And a cryptographic processing unit 200 having means 202. As shown in the figure, the transposition processing means 201 and the substitution processing means 202 provided in the cryptographic processing unit 200 are configured such that each data input terminal has a common input data register 2.
03, and the output terminal of each processing means is connected to the input terminal of the output data selector 204. Further, the output terminal of the output data selector 204 is connected to the input terminal of the input data register 203.

In the cryptographic processing apparatus 1 having the above configuration, when performing cryptographic processing, first, the control unit 100 inputs the first data to be subjected to cryptographic processing to the input data register 203 of the cryptographic processing unit 200. . The data input to the input data register 203 is input to the transposition processing unit 201 and the substitution processing unit 202, where the transposition processing and the substitution processing are executed, and the processing result is input to the output data selector 204. Then
The control unit 100 selects one of the transposition processing and the substitution processing from among the processing results input to the output data selector 204. The selected processing result is input to the input data register 203 via the output terminal of the output data selector 204, and the transposition processing and the substitution processing are performed again. That is, once data is input to the input data register 201, the control unit 100 selects the processing result of the transposition processing or the substitution processing by the output data selector 204, and performs the transposition processing or the substitution processing continuously. Can be executed one after another.

On the other hand, the processing result of the transposition process or the substitution process selected by the output data selector 204 is stored in the data storage means (not shown) of the control unit 100 via the output terminal of the output data selector 204 and becomes necessary. Accordingly, the control unit 100 can re-input the data to the input data register 203 of the encryption processing unit 200. in this case,
Transposition processing and substitution processing of a plurality of data can be performed substantially in parallel.

For example, the DES key code K is
0 to generate the sequence key codes K1 to K16 used for encryption, first, the key code K is
Executes the reduced transposition process PC1, and then shifts the obtained result leftward cyclically. This cyclic shift is substantially the same as the transposition processing. After the contracted transposition processing PC1 is executed, the processing result is again transposed by the transposition processing means 201 to generate the sequence key code K1. To obtain the data subjected to the left cyclic shift.

The data obtained by the transposition process that can obtain substantially the same result as the left cyclic shift is the following sequence key code K
2 is temporarily stored in the control unit 100 as data for the left cyclic shift for generating the second shift. Next, the data obtained to generate the sequence key code K1 is input to the input data register 203, and the transposition processing means 201 executes the contracted transposition process PC2 to obtain the sequence key code K1.
This is stored in the control unit 100.

Next, the data for the next left-handed cyclic shift for generating the sequence key code K2 previously stored in the control unit 100 is stored in the input data register 2 of the encryption processing unit 200.
By inputting the data to the key code 03 and performing a transposition process substantially equivalent to the left cyclic shift, data for generating the next necessary sequence key code is obtained. As described above, by sequentially performing the transposition processing using the transposition processing means 201 of the cryptographic processing unit 200, it is possible to obtain 16 types of series key codes K1 to K16 required for encryption.

As will be described in detail later, the relationship between the input bits and the output bits in the transposition processing means 201 provided in the encryption processing unit 200 depends on the content of the transposition processing, for example, the reduced transposition processing PC1, PC2, or the left cyclic operation. Shift LS1
It is necessary to change the relationship between the input bits and the output bits of the transposition processing unit 201 before performing the transposition processing because it differs depending on LS15 and the like.

The substitution processing means 2 of the encryption processing section 200
02 is used, for example, in the selective substitution processing of S1 to S8 included in the non-linear function f (K, R) or f (K, L) used for encryption and decryption of DES.
For example, the control unit 100 first stores 48-bit data obtained by an exclusive OR operation of the original character string R or L subjected to the extended transposition processing E and the sequence key code K. Next, the 48-bit data is divided into eight blocks, and the 6-bit data is sequentially input from the control unit 100 to the input data register 203 of the encryption processing unit 200. Steps S1 to S8 are sequentially executed. Since the substitution processing is executed eight times, each time, 6-bit data is input to the input data register 203 and the 4-bit substitution processing result obtained by the substitution processing means 202 is selected by the output data register 204. Is stored in the data storage means of the control unit 100 to obtain a total of 32 bits of substitution data.

At this time, the relationship between the input bits and the output bits of the substitution processing means 202 is different for each of the substitution processing S1... S8, so that each time the selected substitution processing S1 to S8 is executed, the substitution processing means 202 is executed. It is necessary to change the relationship between the input bits and the output bits.

That is, the relationship between the input bits and the output bits of the transposition processing means 201 and the substitution processing means 202
The relationship between the input bits and the output bits of
Each time the transposition process or the substitution process is performed, the control unit 100 changes the configuration.

(Example of Apparatus Configuration) FIG. 2 shows a specific example of an apparatus configuration of an encryption processing apparatus for performing an encryption process including a process of changing the relationship between the input bits and the output bits. In FIG. 2, reference numeral 10 denotes a CPU such as a microprocessor.
(Arithmetic control device), 20 is a RAM (random access memory) for temporarily storing processing data, 30 is a CPU
And a ROM (read-only) for storing, as control data, a program for causing the transposition processing means 201 to operate, and a relation between input and output bits of the transposition processing means 201 and a relation between input and output bits of the substitution processing means 202. A cryptographic processing unit (C) comprising the transposition processing means 201, the substitution processing means 202, the input data register 203, and the output data selector 204 shown in FIG.
LU).

The CPU 10, RAM 20, ROM 3
0 and the CLU 40 are interconnected via the bus 11 and can transmit programs and data. Further, a data input / output control unit 12 indicated by I / O is connected to the bus 11, and receives a message and a key code input from an external device via an input terminal 13 and an output terminal 14 thereof. It is configured to convert a message into a ciphertext and send it out, or conversely, receive a ciphertext and a key code, decode the ciphertext and convert it into a decrypted sentence and send it out.

(Configuration of Cryptographic Processing Unit) Next, a more detailed circuit configuration of the cryptographic processing unit (CLU) 40 will be described. FIG. 3 is a detailed configuration diagram of the encryption processing unit 40. In the figure, reference numeral 40 denotes a cryptographic processing unit (CLU). The cryptographic processing unit 40 is configured by a semiconductor integrated circuit, and controls the bus 11 of the cryptographic processing device 1 via a built-in control register 41.
Connected to. The control register 41 is controlled by the CPU 10 connected to the bus 11 and
It controls the operation of each of the circuits for encryption processing incorporated in the, and controls the input and output of data. Each circuit in the encryption processing unit 40 is connected to the control register 41 via a data bus 42 and a control bus 43,
It receives the data set to 1 and executes encryption processing, and transfers the processing result to the control register 41. The data bus 42 has a data width of 64 bits.

As shown in FIG. 3, the encryption processing unit 40
It has a 64-bit key code to be subjected to encryption processing such as transposition processing and substitution processing, and two input data registers 44 and 45 for setting plaintext data and encrypted text data divided into 64 bits. The input terminals of the two input data registers 44 and 45 each have a data width of 64 bits and are connected to the control register 41 via the data bus 42. An output terminal of the input data register 44 includes a programmable switch matrix array 50 for performing transposition processing, a programmable RAM (random access memory) 60 for performing substitution processing, and the other input data. It is connected to an exclusive OR operation circuit 70 for executing an exclusive OR operation with the data set in the register 45.

Further, the switch matrix array 5
0, the output terminal of the RAM 60, and the output terminal of the exclusive OR operation circuit 70 are connected to the output data selector 46.
Are connected to the input terminals X, Y, and Z, respectively. The output terminal of the output data selector 46 is connected to the control register 41 via the data bus 42.
The output terminal of the output data selector 46 has a data width of 64 bits, and selects the content of any of the X, Y, or Z input terminals and transfers the data to the control register 41.

Here, the programmable switch matrix array 50 for performing the transposition process will be described in more detail. The programmable switch matrix array 50 includes a register unit 51 and a switch matrix unit 52. The switch matrix unit 52 is composed of, for example, a 64-input, 64-output semiconductor switch group, and the relationship between input bits and output bits is determined by data set in the register unit 51. The data set in the register unit 51 is 64 bits × 64 bits = 4096 bits, that is, 512 bytes. The CPU 10 inputs 512 bytes of transposition control data read from the ROM 30 to the control register 41, and outputs the data. Register unit 5 via bus 42
1 and set. According to the transposition control data of 4096 bits set in the register unit 51, 64 input lines provided in the switch matrix unit 52 and 6
The connection or disconnection with the four output lines is determined, and the data set in the input data register 44 is input to the 64 input lines, so that the data transposed to a predetermined output line is output. Is done. The transposed data is input to the input terminal X of the output data selector 46.

The programmable RAM (random access memory) 60 for performing the substitution process has, for example, an 8-bit address input line and an 8-bit data output line, and stores a maximum of 256 bytes of substitution control data. Can be held. Like the transposition control data, the substitution control data is read out from the ROM 30 by the CPU 10, input to the control register 41, transferred to the RAM 60 via the data bus 42, and set. Substitution control data is written in the RAM 60, and data to be subjected to substitution processing is set in the input data register 44, so that the lower 8 bits of data set in the input data register 44 are applied to the address input line of the RAM 60. The input, the substitute data corresponding to the address is output to the data output line of the RAM 60, and the data subjected to the substitute processing is input to the input terminal Y of the output data selector 46.

In the encryption processing unit 40 of this embodiment, the exclusive logic of two input data set in the input data register 44 and the input data register 45 is set separately from the transposition processing circuit and the substitution processing circuit. An exclusive OR operation circuit 70 for operating the sum is provided. The exclusive OR operation circuit 70 performs an exclusive OR operation on the two 64-bit data, and inputs the operation result to the input terminal Z of the output data selector 46.

(Operation of Apparatus) Next, the operation of the cryptographic processing apparatus of the present invention will be described. As an operation example, D
The case of ES encryption processing will be described. Figure 4 shows the DE
It is the flowchart which showed typically the data processing for demonstrating operation | movement of the encryption process of S. In the DES encryption processing, first, as shown in FIG. 4A, 64-bit transposed data is obtained from the 64-bit plaintext data M by the initial transposition processing IP. This process is a process performed in the switch matrix unit 52 shown in FIG.

When performing the initial transposition process IP in the cryptographic processing unit 40, first, the CPU 10 reads the transposition control data from the ROM 30, and inputs this to the control register 41 of the cryptographic processing unit 40. The transposition control data input to the control register 41 is stored in the data bus 42 and the control bus 4
3, the data is transferred to a register section 51 provided in a programmable switch matrix array 50. With the transposition control data transferred to the register unit 51, the semiconductor switches provided at the respective intersections of the input lines and the output lines of the switch matrix unit 52 are turned on and off, and the relationship between the input bits and the output bits is set.

FIG. 5 shows which output lines are connected to the 64 input lines of the switch matrix unit 52 in the initial transposition process IP. In the figure, the vertical axis indicates an input line for 64 bits, and the * line indicates which bit line of the input line is connected to each input line. For example, the first bit of the input line is connected to the 40th bit of the output line, and the second bit of the input line is connected to the eighth bit of the output line.
Connected to a bit. Therefore, the data of the first bit input to the input line of the switch matrix unit 52 is output to the 40th bit of the output line, and the data input to the second bit is output to the 8th bit of the output line and subjected to transposition processing. Will be. Note that this switch matrix unit 52
There are four input lines and 64 output lines, one at each intersection.
Since 4096 semiconductor switches are provided for each unit, it is possible to freely set to which output line each bit of the input data is output.

The transposition control data is transferred to the register unit 51, and the switch matrix unit 5 for the initial transposition process IP is transferred.
After completing the setting of 2, the CPU 10 inputs the 64-bit plaintext data M to be encrypted to the control register 41 of the encryption processing unit 40. The 64-bit plaintext data M input to the control register 41 is transmitted to the data bus 42,
The data is transferred to the input data register 44 via the control bus 43. The 64-bit plaintext data M transferred to the input data register 44 is connected to the switch matrix section 52 of the programmable switch matrix array 50 connected to the output line of the input data register 44, and a programmable RAM (random access memory) 60. And the exclusive OR operation circuit 70, and the respective processing results are output to the input terminals X, Y and Z of the output data selector 46. Here, the output data selector 46 selects the transposition processing result X according to the operation result selection data set in the control register 41 in advance. As a result, the processing result of the initial transposition processing IP in the switch matrix unit 52 with respect to the 64-bit plaintext data M input to the control register 41 is output from the output data selector 46, and is transmitted via the data bus 42 to the control register 41. Is set to the result. At the same time, the input data register 44
, The processing result of the initial transposition processing IP is transferred.

Next, the result of the initial transposition process IP set in the control register 41 is read by the CPU 10 and stored in the RAM 2.
0 is stored. At this time, the result of the 64-bit initial transposition process IP is divided into upper 32 bits L0 and lower 32 bits R0, as shown in FIG.
It is stored in the RAM 20.

Next, the CPU 10 executes main processing of encryption using the sequence key codes K1 to K16 generated in advance based on the key code K. This main processing is shown in FIG.
As shown in the figure, the lower-order 32 bits R0 of the result obtained by performing the initial transposition process IP are first subjected to the expanded transposition process E
To calculate the exclusive logical sum of the 48-bit data obtained as a result and the 48-bit sequence key code K1 generated in advance, and then perform the selective substitution processing represented by S1 to S8. To obtain 32-bit substitution data. Further, a transposition processing P is performed, and the result is compared with the upper 32 bits L0 stored in the RAM 20 in advance.
And exclusive-OR operation to obtain a 32-bit R1
Store in AM20. On the other hand, the lower 32 bits R0 stored in the RAM 20 in advance are converted into the upper 32 bits L1 for the next encryption processing and stored in the RAM 20. Next, using R1 and L1 and the previously generated sequence key code K2, R2,
Calculate L2. These processes are repeated 16 times, and 3
Obtaining 2-bit R16 and L16 is the main processing of encryption.

In the cryptographic processing apparatus shown in FIG. 3, the main processing is executed in the following procedure. First, in order to execute the enlarged transposition processing E, transposition control data is read from the ROM 30 and input to the control register 41. The transposition control data is transferred from the control register 41 to the register unit 51 provided in the programmable switch matrix array 50 via the data bus 42 and the control bus 43. With the transposition control data transferred to the register unit 51, the semiconductor switches provided at the respective intersections of the input lines and the output lines of the switch matrix unit 52 are turned on and off, and the relationship between the input bits and the output bits is set. FIG. 6 shows a relationship between input bits and output bits of the switch matrix unit 52 in the enlarged transposition processing E. In FIG. 6, the vertical axis indicates input bits and the horizontal axis indicates output bits. For example, the first bit of input data is output to the second and 48th output lines of the output line. Similarly, in the same manner, in the enlargement transposition processing E, it indicates to which output line of 48 bits shown on the vertical axis the 32-bit input data shown on the vertical axis is output.
That is, 32-bit input data is expanded to 48 bits, that is, a specific input bit is output to a plurality of output lines, and the bit position of the data is agitated.

When the setting of the switch matrix section 52 is completed as described above, the CPU 10 reads out the 32-bit R 0 stored in the RAM 20 and inputs the read R 0 into the control register 41. R0 input to the control register 41 is transferred to the input data register 44 via the data bus 42 and the control bus 43. The 32-bit R0 transferred to the input data register 44 includes a switch matrix unit 52 of a programmable switch matrix array 50 connected to the output line of the input data register 44, a programmable RAM (random access memory) 60, The result is input to the exclusive OR operation circuit 70, and the respective processing results are output to the input terminals X, Y, and Z of the output data selector 46. Here, the output data selector 46 selects the transposition processing result X according to the operation result selection data set in the control register 41 in advance. As a result, the switch matrix unit 52 enlarges and transposes E to the 32-bit R0 input to the control register 41.
Is output from the output data selector 46,
The processing result is set in the control register 41 via the data bus 42, and at the same time, the processing result of the enlarged transposition processing E is transferred to the input data register 44.

Next, the CPU 10 reads the first sequence key code K1 from the RAM 20 among the 48-bit sequence key codes K1 to K16 generated in advance based on the 64-bit key code K from the RAM 20, and reads the control register 41. Via the second input register 45 via As a result, in the exclusive OR operation circuit 70, an exclusive OR operation of the processing result of the transposition processing E transferred to the input data register 44 and the first sequence key code K1 is executed, and the output data selector 46 A 48-bit operation result is output to the input terminal Z of the. In the output data selector 46, the control register 4
The input terminal Z is selected by one control bus 43, and the result of the exclusive OR operation is output to the output terminal of the output data selector 46. The 48-bit operation result is set in the control register 41 and transferred to the input data register 44. Next, the control register 4
The result of the exclusive OR operation set to 1 is sent to the CPU 10
Is read out and stored in the RAM 20.

Next, the CPU 10 executes a substitution process S shown in FIG. The substitution process S is to obtain 32-bit mixed output data from 48-bit input data. Specifically, the input 48-bit data is divided into 8 blocks of 6 bits each, and S1 The 6-bit data is converted into another 4-bit data by the selective substitution process consisting of .about.S8 to obtain 4 bits.times.8 blocks = 32 bits. This substitution process is a process executed using a programmable RAM (random access memory) 60 shown in FIG.

In the encryption processing device of this embodiment, the substitution process S is executed in the following procedure. That is, first, the RAM 6
The predetermined substitution control data is written in 0, and then 6-bit substitution original data is set in the input data register 44. The output terminal of the input data register 44 is connected to an address control line of the RAM 60, and the 6-bit substitution original data set in the input data register 44 is applied to the address input line of the RAM 60. In the RAM 60, predetermined substitution data is written at the corresponding address of the 6-bit address input line, and this substitution data is output to the data output line of the RAM 60 and input to the input terminal Y of the output data selector 46. . The RAM 60 provided in the encryption processing unit 40 of the present embodiment is
Although it has an 8-bit address input line and an 8-bit data output line, when performing the DES substitution process S,
The lower 6 bits of the address input line and the lower 4 bits of the data output line are valid signals.

For example, when performing the substitution process on the result of the exclusive OR operation, the CPU 10
The 48-bit data stored in 0 is divided into 8 blocks, and 6-bit substitution original data is generated. Next, the substitution control data used for the selected substitution processing S1 is stored in the ROM.
30 and read from the control register 4 of the cryptographic processing unit 40.
Enter 1 The substitution control data input to the control register 41 is transferred to the RAM 60 via the data bus 42 and the control bus 43. Then, the previously generated 6
The bit substitution source data is read from the RAM 20 and
It is input to the control register 41 of the encryption processing unit 40. Substitution original data input to the control register 41 is transmitted to the data bus 4
2, and transferred to the input data register 44 via the control bus 43.

As a result of this processing, substitution data corresponding to the 6-bit substitution original data is output from the RAM 60 and input to the input terminal Y of the output data selector 46. Here, the output data selector 46 selects the substitution processing result Y according to the operation result selection data set in the control register 41 in advance. As a result, the control register 41
Is output from the output data selector 46 with respect to the 6-bit substitution original data input to the control register 41, and the processing result is set in the control register 41 via the data bus 42. Next, the CPU 10 reads the 4-bit substitution data set in the control register 41 and temporarily stores it in the RAM 20.

The CPU 10 repeats the above processing corresponding to the selection substitution processing S1 to S8 eight times, and obtains 4-bit substitution data for each 6-bit substitution original data divided in advance into 8 blocks. Next, the CPU 10
Synthesizes the obtained 4-bit substitution data to obtain 32-bit substitution data and stores it in the RAM 20.

Next, the CPU 10 executes a transposition process P shown in FIG. The transposition process P is to obtain 32-bit mixed output data for 32-bit input data. This process is a process executed by the programmable switch matrix array 50 of the encryption processing unit 40, similarly to the above-described enlarged transposition process E. At this time, FIG. 7 shows the connection and disconnection states of the input and output lines of the switch matrix unit 52, which are controlled by the transposition control data set in the register unit 51. The example of FIG. 7 shows that the input first bit data is output to the ninth bit of the output line, and the second bit of the input bit is output to the 17th bit of the output line. It indicates to which output line of 32 bits shown on the horizontal axis the 32-bit input data shown on the axis is output.

In the transposition process P, first, the CPU 10
Reads the transposition control data from the ROM 30 and inputs the transposition control data to the control register 41 of the encryption processing unit 40. The transposition control data input to the control register 41 is transferred to the register unit 51 of the programmable switch matrix array 50, and provided at each intersection of the input line and the output line of the switch matrix unit 52 by the output data of the register unit 51. The connected semiconductor switch is connected and disconnected. Next, the CPU 10 reads the 32-bit substitution data that has been subjected to the substitution processing S and stored in the RAM 20, and inputs the substitution data to the control register 41 of the encryption processing unit 40. The substitution data input to the control register 41 is transferred from the control register 41 to the input data register 44 via the data bus 42 and the control bus 43.

32 transferred to the input data register 44
The bit substitution data is supplied to the switch matrix unit 52 of the programmable switch matrix array 50 connected to the output line of the input data register 44, the programmable RAM (random access memory) 60, and the exclusive OR operation circuit 70. The input and the respective processing results are output to the input terminals X, Y, and Z of the output data selector 46. Here, the output data selector 46 selects the transposition processing result X according to the operation result selection data set in the control register 41 in advance. As a result, the processing result of the transposition processing P in the switch matrix unit 52 with respect to the 32-bit substitution data input to the control register 41 is output from the output data selector 46 and transmitted to the control resist 41 via the data bus 42. The processing result is set, and at the same time, the processing result of the transposition processing P is transferred to the input data register 44.

Next, as shown in FIG. 4B, the CPU 10 stores the processing result of the transposition processing P and the RAM 20 in advance.
The exclusive-OR operation with the 32-bit L0 stored in is performed to obtain 32-bit encrypted data R1. The exclusive OR operation is performed in the same procedure as the exclusive OR operation of the processing result of the extended transposition E and the sequence key code K1. This exclusive OR operation is a process performed by the exclusive OR operation circuit 70 of the encryption processing unit 40. First, the CPU 10 reads the 32-bit L0 stored in the RAM 20, and sets the 32-bit L0 in the input data register 45 via the control register 41.

As a result, in the exclusive OR operation circuit 70, the processing result of the transposition processing P transferred to the input data register 44 and the 32-bit L0 transferred to the input data register 45 are exclusive ORed. The operation is performed,
A 32-bit operation result R1 is output to the input terminal Z of the output data selector 46. In the output data selector 46, the input terminal Z is selected by the control bus 43 of the control register 41, and the operation result R1 of the exclusive OR is output to the output terminal of the output data selector 46. The 32-bit operation result is set in the control register 41 and transferred to the input data register 44.
Next, the CPU 10 reads the exclusive OR operation result R1 set in the control register 41 and stores it in the RAM 20. Further, the 32-bit R0 stored in the RAM 20 is stored as data L1 for the next encryption processing.

Thus, the main processing of the encryption shown in FIG. 4B has been executed once. In the DES encryption process, 32-bit R2 and L2 are obtained by the same procedure as described above, based on the 32-bit R1 and L1 obtained above and the 48-bit sequence key code K2 generated in advance. Similarly, using R2, L2, and K3, R3,
Get L3. In the DES, in the main processing of the encryption shown in FIG. 4B, the above processing is repeated 16 times to obtain encrypted data R16 and L16.

Finally, the CPU 10 uses the 32-bit R16 and L16 obtained in the main processing described above to execute FIG.
The reverse initial transposition process IP- ¹ shown in (c) is executed to obtain ciphertext data C. This process is a process performed by the programmable switch matrix array 50 of the encryption processing unit 40, similarly to the above-described various transposition processes. FIG. 7 shows the switch matrix unit 52 in the inverse initial transposition process IP- ¹ .
Shows the relationship between the input bits and the output bits. The vertical axis indicates the bit position of the input data, and the horizontal axis indicates the bit position of the output data. For example, the first bit of the input data is
It is output to the 58th bit of the output line. The second bit of the input data is output to the 50th bit of the output line. In the initial transposition process IP- ¹ , the 32-bit R16 and L16 obtained in the main process are combined to form 64-bit data. Bit ciphertext data C is obtained.

In the reverse initial transposition process IP- ¹ , the CPU 1
0 first reads the transposition control data stored in the ROM 30 and inputs the transposition control data to the control register 41 of the encryption processing unit 40. The transposition control data input to the control register 41 is transferred to the register unit 51 of the programmable switch matrix array 50, and provided at each intersection of the input line and the output line of the switch matrix unit 52 by the output data of the register unit 51. The connected semiconductor switch is connected and disconnected. Next, the CPU 10
20 stored in 32-bit encrypted data R
16 and L16 are read and combined to form 64-bit encrypted data. Next, the 64-bit encrypted data is input to the control register 41 of the encryption processing unit 40. The encrypted data input to the control register 41 is transferred from the control register 41 to the input data register 44 via the data bus 42 and the control bus 43.

The 64 transferred to the input data register 44
The bit encrypted data is connected to the output line of the input data register 44, the switch matrix section 52 of the programmable switch matrix array 50, the programmable RAM (random access memory) 60, and the exclusive OR operation circuit 70. And the respective processing results are output to the input terminals X, Y, and Z of the output data selector 46. Here, the output data selector 46 selects the transposition processing result X according to the operation result selection data set in the control register 41 in advance. As a result, the processing result of the inverse initial transposition processing IP- ^{1 in} the switch matrix unit 52 with respect to the 64-bit encrypted data input to the control register 41 is output from the output data selector 46, and is output via the data bus 42. The result is set in the control resist 41. The CPU 10 reads the processing result of the reverse initial transposition processing IP- ¹ set in the control register 41, and obtains the ciphertext data C.

By the series of processing operations of the cryptographic processing apparatus described above, the DES
, The 64-bit ciphertext data C can be obtained.

In the above description, 64 used for encryption is used.
From the bit key code K, 16 kinds of series key codes K1 to K2 each composed of 48 bits, which are used in the main processing of encryption, are used.
Although the generation of K16 is not described in detail, before performing the encryption processing of the 64-bit plaintext data M shown in FIG. 4, the reduced transpose is performed using the programmable switch matrix array 50 of the encryption processing unit 40. The processing PC1 is executed, and further, transposition processing substantially equivalent to the left cyclic shift,
By repeatedly executing the contracted transposition process PC2, 16 types of series key codes K1 to K16 can be obtained. It is stored once in the RAM 20 and when the plaintext data M is encrypted,
By sequentially reading and using the sequence key codes K1 to K16, DES encryption can be realized.

Further, in the above-described embodiment, the case where one plaintext data composed of 64 bits is converted into a 64-bit ciphertext has been described. In parallel processing, each can be converted into ciphertext data. Of course, it is assumed that the key codes used for the encryption processing are the same. For example, the operation of the cryptographic processing device when converting a plurality of plaintext data M1 to Mn into a plurality of ciphertext data C1 to Cn is as follows.

First, 16 kinds of sequence key codes K1 to K16 each composed of 48 bits generated from the 64-bit key code K are stored in the RAM 20 of the cryptographic processing apparatus shown in FIG.
In advance. The plaintext data M1 to Mn are also stored in the RAM 20 in advance. Further, in the ROM 30 of the cryptographic processing device, an initial transposition process IP, an enlarged transposition process E, a transposition process P,
It is assumed that the transposition control data such as the inverse processing transposition processing IP- ¹ and the respective substitution control data of the selected substitution processing S1 to S8 are stored.

When converting a plurality of plaintext data M1 to Mn into a plurality of ciphertext data C1 to Cn, first, the CPU 1
0 reads the transposition control data of the initial transposition processing IP stored in the ROM 30 and inputs the read data to the control register 41 of the encryption processing unit 40. The input transposition control data is transferred to the register unit 51, and the setting of the switch matrix unit 52 for the initial transposition process IP is completed.

Next, the CPU 10 transmits the 64
Bit plaintext data Mx (1 ≦ x ≦ n) is sequentially input to the control register 41 of the encryption processing unit 40. The 64-bit plaintext data Mx input to the control register 41 is transferred to the input data register 44 via the data bus 42 and the control bus 43. The 64-bit plaintext data Mx transferred to the input data register 44 is input to the switch matrix unit 52 of the programmable switch matrix array 50 connected to the output line of the input data register 44, and the processing result of the initial transposition process IP Are sequentially output to the input terminal X of the output data selector 46.

Here, the output data selector 46 selects the transposition processing result X according to the operation result selection data set in the control register 41 in advance. as a result,
The processing result of the initial transposition processing IP in the switch matrix unit 52 with respect to the 64-bit plaintext data Mx input to the control register 41 is sequentially output from the output data selector 46, and is output via the data bus 42 to the control register 41.
Is set to the result.

During this time, the CPU 10 sends the plaintext data Mx
Each time (1 ≦ x ≦ n) is sequentially input to the control register 41 of the encryption processing unit 40, the processing result of the initial transposition processing IP set in the control register 41 is read and stored in the RAM 20. That is, the transposition control data for executing the initial transposition process IP is first transferred only once to the register unit 51 of the encryption processing unit 40, and the plurality of plaintext data M1
To the Mn can be continuously executed.

In the main processing of the encryption processing shown in FIG. 4B, similarly to the above-described initial transposition processing IP, for example, when the extended transposition processing E is executed, first, the transposition control data is transmitted to the encryption processing unit. The data is transferred to the register unit 51, and the switch matrix unit 52 for the enlarged transposition processing E is set. Next, 32 corresponding to the plurality of plaintext data M1 to Mn.
Each time the bit R0X (1 ≦ x ≦ n) is sequentially read from the RAM 20 and transferred to the input data register 44 via the control register 41 of the encryption processing unit 40, the processing result of the enlarged transposition processing E in the switch matrix unit 52 is read. , Via the output data selector 46 and the control register 41, and sequentially stored in the RAM 20.

Similarly, when performing an exclusive OR operation with the sequence key code Kn (1 ≦ n ≦ 16) shown in FIG. 4B, the sequence key code Kn stored in the RAM 20 in advance is used. The data is read and transferred to the input data register 45 via the control register 41 of the encryption processing unit 40. Next, each time the processing result of the 48-bit enlarged transposition processing E corresponding to the plurality of plaintext data M1 to Mn is sequentially read from the RAM 20 and transferred to the input data register 44 via the control register 41 of the encryption processing unit 40, The operation result of the exclusive OR operation circuit 70 is output to the output data selector 46.
And read out via the control register 41,
Are stored sequentially.

Similarly, in the case where the selective substitution processing S1 to S8 shown in FIG.
The substituting control data stored in the subroutine 30 is read out, and the RA for the substituting process is
Transfer to M60. Next, a plurality of plaintext data M1 to Mn
The 6-bit substitution original data obtained by dividing the operation result of the exclusive OR of 48 bits corresponding to the data into 8 blocks is sequentially read out from the RAM 20 and input to the input data register 44 via the control register 41 of the encryption processing unit 40. Transfer to Next, the substitution data obtained in the substitution RAM 60 is read out via the output data selector 46 and the control register 41 and is sequentially stored in the RAM 20.

In the same procedure as above, the transposition processing P, the processing result of the transposition processing P and the upper 32 bits Ln-
By performing an exclusive OR operation with 1 (1 ≦ n ≦ 16) and the inverse initial transposition process IP ⁻¹ , the ciphertext data C1 is converted from the plurality of plaintext data M1 to Mn in a concurrent parallel process.
~ Cn can be obtained. That is, according to the above-described operation procedure, even in the encryption processing unit having a simple structure as shown in FIG. 3, it is possible to minimize the number of rewriting processes of the transposition control data and the number of rewriting of the substitution control data. As a result, the encryption processing of long-text data can be executed at a practically sufficient processing speed.

In the above description, the encryption processing for converting the plaintext data to the ciphertext data in the cryptographic processing apparatus of the present embodiment has been exemplified. However, the decryption processing for converting the ciphertext data to the decrypted text data is also applicable. Since it can be easily guessed that the cryptographic processing apparatus of the present embodiment can be applied, detailed description on the decryption processing is omitted.

(Other Embodiments) In the cryptographic processing apparatus of the above embodiment, the arithmetic and control unit indicated by the CPU 10 is driven by using the cryptographic processing control program and the cryptographic processing control data incorporated in the ROM. Controlling the encryption processing unit provided with transposition processing means and substitution processing means, but the encryption processing program and encryption processing control data are recorded on a storage medium such as a fixed magnetic disk or a floppy disk,
It may be read out to the RAM to execute the encryption process.

In the encryption processing unit of this embodiment, the transposition processing means is configured as a 64-bit input and a 64-bit output.
It can be changed to bit input / output. Similarly, the substitution processing means is configured as an 8-bit input and an 8-bit output.
It does not restrict the processing bit unit at all. For example,
6-bit input, 4-bit output, or 1
It is composed of 2-bit input and 8-bit output.
1 and S2, S3 and S4, S5 and S6, or S7 and S8
May be simultaneously processed. Further, in the present embodiment, an exclusive OR operation circuit is provided in the cryptographic processing unit. However, this is configured so as to perform an operation using an exclusive OR operation instruction of the operation control device itself shown by the CPU 10. May be.

In the above description, the case of the DES encryption processing has been described. However, the FEAL encryption processing can also be executed by using the encryption processing apparatus of this embodiment. For example, in FEAL, left cyclic shift and remainder operation are performed, but cyclic shift can be substantially realized by using transposition processing means. In addition, remainder operation is substantially equivalent to substitution operation by substitution processing. Can be. Also, since the control data for the transposition processing and the substitution processing in the DES encryption processing is stored in a ROM provided outside the encryption processing unit, the transposition control data and the substitution control data shown in the present embodiment are changed. That is, the cryptographic processing device of the present invention can support various cryptosystems.

[0085]

As described above in detail, the cryptographic processing apparatus of the present invention has a transposition processing means for executing an arbitrary transposition processing and a transposition processing means for executing an arbitrary substitution processing. Substitution processing means, storage means for storing a processing result by the transposition processing means and a processing result by the substitution processing means, and means for repeating transposition processing or substitution processing using the processing result of the storage means Therefore, the encryption process and the decryption process for the conventional encryption using the secret key method such as DES or FEAL can be performed easily and at high speed. Further, since the cryptographic processing circuit has a simple configuration, it can be easily integrated with a microprocessor, a ROM, a RAM, and the like to form a single chip.

The cryptographic processing apparatus according to the present invention is characterized in that:
As described above, in addition to the first aspect of the present invention, the transposition processing means is constituted by a rewritable switch matrix, so that various transposition processes can be executed by one set of transposition processing means. In addition, the size of the encryption processing circuit can be reduced, and the cost can be reduced.

Further, in the cryptographic processing apparatus of the present invention, in addition to the first or second aspect of the present invention, the substitution processing means is constituted by a rewritable random access memory. Therefore, various substitution processing can be performed by one set of substitution processing means, and the size and cost of the encryption processing circuit can be reduced.

[Brief description of the drawings]

FIG. 1 is a schematic configuration diagram of a cryptographic processing device.

FIG. 2 is an overall configuration diagram of a cryptographic processing device.

FIG. 3 is a detailed configuration diagram of an encryption processing unit.

FIG. 4 is a data processing process diagram of an encryption process.

FIG. 5 is a state diagram of a switch matrix in transposition processing IP.

FIG. 6 is a state diagram of a switch matrix in transposition processing E;

FIG. 7 is a state diagram of a switch matrix in transposition processing P;

FIG. 8 is a state diagram of a switch matrix in transposition processing IP- ¹ .

FIG. 9 is a data conversion example of a substitution process.

FIG. 10 is an example of bit position conversion in various transposition processes.

FIG. 11 is a block diagram of an encryption process in DES.

FIG. 12 is a block diagram of a decryption process in DES.

FIG. 13 is a block diagram of a nonlinear function in DES.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 Cryptographic processing unit 10 CPU (arithmetic control unit) 11 Bus 12 Data input / output control unit 13 Input terminal 14 Output terminal 20 RAM 30 ROM 40 Cryptographic processing unit (CLU) 41 Control register 42 Data bus 43 Control bus 44, 45 Input data Register 46 Output data selector 50 Programmable switch matrix array 51 Register section 52 Switch matrix section 60 Programmable random access memory (RA
M) 70 exclusive OR operation circuit 100 control unit 200 encryption processing unit 201 transposition processing means 202 substitution processing means 203 input data register 204 output data selector

Claims (3)

[Claims] 1. A transposition processing unit for performing an arbitrary transposition process, a substitution processing unit for performing an arbitrary substitution process, a processing result by the transposition processing unit, and a processing result by the substitution processing unit. A cryptographic processing apparatus comprising: a storage unit for storing; and a unit for repeating transposition processing or substitution processing using a processing result of the storage unit. 2. The cryptographic processing apparatus according to claim 1, wherein said transposition processing means comprises a rewritable switch matrix. 3. The cryptographic processing apparatus according to claim 1, wherein said substitution processing means is constituted by a rewritable random access memory.