JPH1145049A - Ciphering device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To improve the reliability of a cipher with a small-scale circuit constitution, to shorten a development term, and to reduce costs, by making it possible to change from outside an arithmetic processing with a 2nd arithmetic processing circuit as a data processing means. SOLUTION: A 1st arithmetic processing circuit 105 operates an arithmetic processing of a selector output SIC based on a criptographic key SID outputted from a criptographic key control circuit 106. Here, criptographic keys peculiar and corresponding to 1st through, for example 16th respective arithmetic processings are used by the 1st arithmetic processing circuit 105. Next, a 2nd arithmetic processing circuit 107 processes 64-bit output data SIE from the 1st arithmetic processing circuit 105 by transposition. In this case, this transposition processing is controlled by the 2nd arithmetic processing control circuit 108. This 2nd arithmetic processing control circuit 108 outputs a selection control signal to the 2nd arithmetic processing circuit 107. Thus, it becomes possible to change from outside the arithmetic processing with the 2nd arithmetic processing circuit 107.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an encryption device, and more particularly to a configuration for safely encrypting and decrypting a large amount of data.

[0002]

2. Description of the Related Art Conventionally, there is a symmetric encryption method as a data encryption method. The symmetric encryption scheme is an encryption scheme in which an encryption key used to encrypt a plaintext and a decryption key used to decrypt the encrypted text are the same.

[0003] The symmetric encryption system includes a DES encryption system. DES (data encryption standard) encryption system is the National Bureau of Sta
ndard Technology, current NIST: National Institute o
f Standard Technology) is an encryption standard determined on January 15, 1977, and is currently the most frequently used encryption method. FIG. 26 is a diagram showing a circuit configuration for performing an encryption process according to the DES encryption method.
In the processing of the S encryption method, a 64-bit plaintext input is converted to a 64-bit ciphertext output. In this process, the encryption key has a 64-bit configuration as in the case of plaintext input, but since 8 bits are used for parity, the effective encryption key has a 56-bit configuration.

In FIG. 1, reference numeral 10 denotes a circuit for performing an encryption process by the DES system, and an initial transposition processing unit 1 for performing an initial transposition process (IP process) on a 64-bit plaintext input Hin.
0a, an arithmetic processing unit 10b for performing arithmetic processing on the initial transposed output from the initial transposition processing unit 10a, and a final transposed processing (IP ^-1) for the arithmetic output from the arithmetic processing unit 10b.
Processing) and outputs a 64-bit ciphertext output Aout.

Here, the initial transposition processing unit 10a
An initial transposition process for changing the data arrangement in the 4-bit plaintext input Hin is performed based on the transposition data shown in FIG. FIG. 2A is a table showing transposition data for performing the initial transposition process. The initial transposition table is obtained by converting the data of each bit of the 64-bit plaintext input into the data obtained by performing the initial transposition process on the plaintext input. It shows what bit of the bit initial transposition output is to be used.

More specifically, the row in the initial transposition table shown in FIG. 2A indicates the byte position counted from the LSB (least significant bit) of the 64-bit plaintext input, and the column is the 64-bit plaintext input. Indicates the bit position counted from the LSB (least significant bit) in the byte of (a). Also, the numbers corresponding to the intersections of the rows and columns indicate the bit positions in the initial transposition output from the initial transposition processing unit 10a.

For example, the first bit of the LSB of the input signal is the first bit of the first byte.
It is converted to the bit. Since the 30th bit data of the input signal is the 6th bit of the 4th byte, it is converted into the 24th bit of the output signal from the value of 24 in the 4th row and 6th column in the initial transposition table. Furthermore, 6 of the input signal
Since the fourth bit is the eighth bit of the eighth byte, it is converted to the seventh bit of the output signal from the value 7 in the eighth row and the eighth column in the initial transposition table. The above conversion is performed for the input signal 6
By performing the operation on all four bits, bit positions corresponding to each of the 64 bits of the output signal can be obtained. The arithmetic processing unit 10b receives the upper 32 bits of the 64-bit initial transposed output as the input signal L0 and receives the lower 32 bits as the input signal R0, and performs arithmetic processing on these input signals L0 and R0. First arithmetic unit 10 to be applied
b1 and second to sixteenth arithmetic units 10b2 for performing arithmetic processing on the outputs of the arithmetic units 10b1 to 10b15 at the preceding stage.
To 10b16.

Here, the first computing unit 10b1 receives the input signal R0 which is the lower 32 bits of the initial transposed output.
On the basis of the encryption key K1 to output a function operation output f (R0, K1).
And an exclusive OR circuit (ExOR circuit) 12b for obtaining an exclusive OR of the function operation output f (R0, K1) and the input signal L0 which is the upper 32 bits of the initial transposed output.
In this configuration, the input signal R0 is output as the upper 32-bit signal L1 and the exclusive OR is output as the lower 32-bit signal R1 to the arithmetic unit 10b2 at the subsequent stage.

The second to sixteenth computing units 10b2 to 10b-10
b16 denotes function operation circuits 11b2 to 11b16 and exclusive OR circuits (ExOR circuits) 12b2 to 12b, respectively.
16 and the lower-order 32 bit signals R1 to R15 from the operation units 10b1 to 10b15 at the preceding stage are set as upper 32 bit signals L2 to L16, and the outputs of the ExOR circuits 12b1 to 12b5 are set as lower 32 bit signals R2 to R16. It is configured to output to the stage side. The function operation circuits 11b2 to 11b2 in the second to sixteenth operation units 10b2 to 10b16
11b16 is the ExO of the preceding operation units 10b1 to 10b15.
The 32-bit outputs from the R circuits 12b1 to 12b15 are subjected to arithmetic processing based on the encryption keys K2 to K16 to output function operation outputs f (R1, K2) to f (R15, K16). The second to sixteenth computing units 10b
ExOR circuits 12b2 to 12b16 in 2 to 10b16
Are the function operation outputs f (R1, K2) to f (R15, K1).
6) and the exclusive-OR of the upper 32-bit signals L1 to L15 output from the preceding arithmetic unit.

Here, the conversion processing by the above-mentioned function operation is generally shown. Inputs to be converted in the n-th arithmetic unit are (Ln-1, Rn-1) and are used for this conversion processing. Assuming that the key input is Kn, the calculation processing result (L
n, Rn) is given by Ln = Rn-1 Rn = Ln-1 eorf (Rn-1, Kn). Here, eor indicates an exclusive OR.

Further, f (R, K) indicates a 32-bit conversion result obtained by converting 32-bit information R depending on 48-bit information K. This function is a non-linear function described in "Introduction to Cryptography" by Eiji Okamoto, Kyoritsu Shuppan Co., Ltd., pp. 38-41.

Further, the final transposition processing unit 10c performs a final transposition process for changing the arrangement of data in the 64-bit operation signal composed of the upper 32-bit signal L16 and the lower 32-bit signal R16 from the arithmetic unit 10b16. FIG.
The configuration is based on the transposition data shown in (b).

The final transposition process IP- ¹ is performed based on the inverted transposition data shown in FIG. The inverted transposition data indicates, like the transposition data, the number of bits of the 64-bit signal obtained by subjecting each bit data of the 64-bit signal to the final transposition processing of the signal to be the 64-bit signal. The rows in the final transposition table indicate the byte positions of the input bits, as in the initial transposition table shown in FIG. 2A, and the columns in the final transposition table indicate the bit positions in the byte of the input bits. Is shown.

Next, the operation will be described. In the DES encryption processing, first, a 64-bit plaintext Hin is added to the encryption circuit 10.
Is input, the initial transposition processor 10a performs a predetermined initial transposition process IP on the plaintext input. The 64-bit signal that has been subjected to the initial transposition processing is output to the arithmetic processing unit 10
The conversion processing is performed by the 16-stage arithmetic units 10b1 to 10b16 in b.

That is, when the 64-bit initial transposition signal is input to the arithmetic processing unit 10b, first, the first arithmetic unit 10b1 uses the encryption key K1 for the lower 32-bit signal R0. Then, the exclusive OR of the operation output f (R0, K1) and the upper 32-bit signal L0 of the initial transposition signal is expressed by Ex.
The exclusive OR is obtained as a lower-order 32-bit signal R1 from the arithmetic unit 10b1.
The lower-order 32-bit signal R0 is output as the upper-order 32-bit signal L1 to the second arithmetic unit 10b2 at the subsequent stage.

In the second arithmetic unit 10b2, a function operation process using the encryption key K2 is performed on the lower 32 bit signal R1, and the operation output f (R1, K
2) and the exclusive OR of the upper 32-bit signal L1 is obtained by an ExOR circuit 12b2.
b2, the exclusive OR is calculated from the lower 32-bit signal R2
The lower-order 32-bit signal R1 is output as a higher-order 32-bit signal L2 to a subsequent computing unit.

Subsequently, in each of the arithmetic units 10b3 to 10b16 at a stage subsequent to the second arithmetic unit, the upper 32 bit signals L2 to L15 and the lower 32 bit signal R input thereto are respectively inputted.
The same processing as that in the second computing unit 10b2 is performed on 2 to R15 using the encryption keys K3 to K16.

The lower 32-bit signal R16 from the sixteenth arithmetic unit 10b16 is used as the lower 32-bit signal L16 from the sixteenth arithmetic unit 10b16.
16 as the upper 32-bit signal,
c, and the final transposition processing unit 10c performs the final transposition processing IP ^-1 on each bit of the 64-bit signal as in the initial transposition processing IP. By the conversion by the final transposition process IP- ¹ , the above 64-bit plaintext Hin is obtained.
Is output.

As a symmetric encryption method other than the DES encryption method, FEAL (fast encryption algorithm) is used.
There is. The FEAL scheme is an encryption algorithm devised by NTT, and includes FEAL-NX and FEAL-N. FEAL-NX uses a 128-bit key,
This is an encryption method that converts bit plaintext into ciphertext.
L-N is a method of performing encryption by setting all 64 high-order bits of a 128-bit encryption key in FEAL-NX to 0, that is, the lower 6 bits of the encryption key in FEAL-NX.
This is an encryption method using only 4 bits. Here, N represents the number of stages, that is, the number of conversion processes in the encryption process, and takes a value of 4, 8, 16, 32,.

FIG. 27 is a diagram for explaining the circuit configuration of the FEAL-8 encryption system, which is most often used as a common key encryption system. In FIG. 27, reference numeral 20 denotes a 64-bit plaintext Hin converted by the FEAL-8 encryption system. 64-bit ciphertext A
This is an encryption circuit for converting to out. This encryption circuit 20
Is an input-side ExOR operation unit 20a that performs an exclusive OR operation on a 64-bit plaintext Hin, and outputs
Conversion processing unit 2 for performing conversion processing using encryption keys K0 to K7
0b, and an output-side ExOR operation unit 20c that performs an exclusive OR operation on the output of the conversion processing unit 20b.

The input-side ExOR operation unit 20a has 64
A first exclusive OR circuit (ExOR circuit) 20a1 for taking a logical exclusive OR of the bit plaintext Hin and the 64-bit encryption key and outputting a 64-bit exclusive OR signal; The exclusive OR of the upper 32-bit signal Ls and the lower 32-bit signal Rs is calculated.
A second exclusive OR (ExOR circuit) 20a2 for outputting a 2-bit exclusive OR signal.
The bit signal Ls is output as the 32-bit upper input L0 of the conversion processor 20b, and the output of the ExOR circuit 20a2 is output as the 32-bit lower input R0 of the conversion processor 20b. Here, in the first ExOR circuit 20a1, 1-bit is used as a 64-bit encryption key.
Four 6-bit encryption keys, that is, encryption keys K ₈ , K ₉ , K
_A, is used K _B.

The conversion processing unit 20b receives the 32-bit upper-side input L0 and the 32-bit lower-side input R0 from the ExOR operation unit 20a, and receives these input signals L0 and R0.
A first arithmetic unit 20b0 for performing arithmetic processing on 0, and second to eighth arithmetic units 10b1 to 10b7 for performing arithmetic processing on the outputs of the preceding arithmetic units 20b0 to 10b6. I have.

Here, the first computing unit 20b0 performs a computing process based on the encryption key K0 on the lower 32 bits of the input signal R0 of the input-side ExOR circuit 20a to output a function computing output f0. Function operation circuit 21b0
And the function operation output f0 and the input-side ExOR circuit 20
Exclusive OR circuit (ExOR circuit) 22b for obtaining exclusive OR with input signal L0 which is the upper 32 bits of a
0, the input signal R0 is output as the upper 32-bit signal L1, and the exclusive OR is output as the lower 32-bit signal R1 to the subsequent computing unit 20b1.

The second to eighth computing units 20b1 to 20b1 to 20b1
20b7 are function operation circuits 21b1 to 21b7, respectively.
, And an exclusive OR circuit (ExOR circuit) 22b1-
The ExOR circuits 22b1 to 22b are provided with lower-order 32-bit signals R0 to R6 from the preceding operation units 20b0 to 20b6 as upper-order 32-bit signals L1 to L7.
The output of b7 is output to the subsequent stage as lower 32-bit signals R1 to R7. The function operation circuits 21b1 to 11b7 in the second to eighth operation units are the ExOR circuits 22b0 of the preceding operation units 20b0 to 20b6.
To the 32-bit output from .about.22b6 to the encryption keys K1 to K7
, And outputs function operation outputs f1 to f7. The ExOR circuits 22b1 to 22b7 in the second to eighth arithmetic units output the function operation outputs f1 to f7 and the upper 32-bit signals L1 to L7 (R0 to R6) output from the preceding arithmetic unit. To obtain an exclusive OR of

The output-side ExOR operation unit 20c outputs the output L of the ExOR circuit 22b7 of the eighth operation unit 20b7.
A first exclusive OR circuit (ExO) which takes an exclusive OR of E and the 32-bit lower input R7 of the ExOR circuit 22b7 and outputs a 32-bit exclusive OR signal RE
R circuit) 20c1 and the exclusive OR signals RE and L
A second exclusive OR (ExOR circuit) 20c2 for taking an exclusive OR of a 64-bit signal by E and a 64-bit encryption key and outputting a 64-bit ciphertext Aout. Here, the second ExOR circuit 20c2
Uses four 16-bit encryption keys, that is, encryption keys K _C , K _D , K _E , and K _F , as 64-bit encryption keys.

Next, the operation will be briefly described. When a 64-bit plaintext Hin is input to the encryption circuit 20, the exclusive OR of the plaintext input and a 64-bit signal composed of the encryption keys K ₈ , K ₉ , K _A , and K _B is calculated by an ExOR circuit 20a.
Required by 1. Furthermore, the upper 3 side of this logical operation output
The exclusive OR of the 2-bit signal L _S and its lower 32-bit signal R _S is obtained by the ExOR circuit 20a2.

When the exclusive OR is input to the arithmetic processing unit 20b as the lower 32-bit signal R0 and the upper 32-bit signal L _S is input to the arithmetic processing unit 20b as the upper 32-bit input L0, the arithmetic processing unit Conversion processing is performed by eight stages of arithmetic units 20b0 to 20b7 in 20b.

That is, the first arithmetic unit 10b1 performs a conversion process using the encryption key K0 on the lower 32-bit input R0, and further obtains a conversion output f0 and
Exclusive OR with the upper 32-bit input L0 is Ex
The exclusive OR is calculated as the lower 32-bit signal R1 and the lower 32-bit signal R0 is calculated as the upper 32-bit signal L1 from the arithmetic unit 20b0. Is output to the device 20b1.

Subsequently, in each of the arithmetic units 20b1 to 20b7 at a stage subsequent to the first arithmetic unit 20b0, the upper 32-bit signals L1 to L7 and the lower 32-bit signals R1 to R7, which are respectively input, are processed as described above. First computing unit 20b0
Are performed using the encryption keys K1 to K7.

In the first ExOR circuit 20c1 of the output side ExOR operation unit 20c, the eighth arithmetic unit 2
The exclusive-OR of the output LE of the ExOR circuit 22b7 of 0b7 and the lower 32-bit input R7 of the eighth computing unit 20b7 is obtained, and a 32-bit exclusive-OR signal RE is output. The ExOR circuit 20c2 calculates the exclusive OR of the 64-bit signal based on the exclusive-OR signals RE and LE and the 64-bit encryption key based on the four 16-bit encryption keys KC, KD, KE, and KF.
The 64-bit ciphertext Aout is output.

FIG. 28 is a diagram for explaining the configuration of arithmetic processing circuits 21b0 to 21b7 for performing arithmetic processing by the function f in the first to eighth arithmetic units 20b0 to 20b7. In the figure, 22 is a 16-bit encryption key input K
And a lower-order 32-bit input R, converts the input R, and outputs a converted output f (R, K). Are divided into four 8-bit inputs R ⁰ -R
³ are subjected to a predetermined conversion process, and the converted 8-bit inputs R ^{0 to} R ³ are combined into 32
It is configured to output as a bit conversion output f (R, K). Here, a 16-bit encryption key K is used as the encryption key.
Are divided into two, and two 8-bit encryption keys K ⁰ and K ¹ are used.

That is, the arithmetic processing circuit 22 includes an ExOR circuit 221a for obtaining an exclusive OR of the 8-bit input R ¹ and the 8-bit encryption key K ⁰ , an exclusive-OR output and the 8-bit input R ⁰ exclusive OR Request ExOR circuit 221b of the ExOR circuit 221c for obtaining an exclusive OR between the 8-bit input R ² and 8-bit cryptographic key K ^1, the exclusive OR output and the 8-bit and a ExOR circuit 221d for obtaining the exclusive OR of the input R ^3.

The arithmetic processing circuit 22 is provided with the ExO
8-bit output of R circuit 221b and ExOR circuit 221d
As input and 8-bit output of the first conversion circuit 222a for performing arithmetic processing by the function S _1, the conversion circuit 22
And the output of 2a in output and the ExOR circuit 221d as an input, a second conversion circuit 222b for performing arithmetic processing by the function S _0, an output and the 8-bit input R ⁰ of the conversion circuit 222a as an input, a function A third conversion circuit 222c that performs arithmetic processing by S _0, and the conversion circuit 222b
And the 8-bit input R ³ as an input, the function S
_{And a} fourth conversion circuit 222d for performing the arithmetic processing by ₁ .

Here, the functions S ₀ and S ₁ are calculated by the following equations (1).
A general function S _j with variables x and y as inputs
(J = 0, 1).

S _j (x, y) = rot 2 (x + y + j (mod 256)) (1) where x and y are inputs, j is a parameter of 0 or 1, and rot 2 is (x + y + j (mod 256)). An arithmetic operation that cyclically shifts data to the left by 2 bits, (x +
y + j (mod256)) indicates the remainder when x + y + j is divided by 256.

In the conversion circuit 22 having such a configuration, 32
When the bit input R and the 16-bit encryption key are input, 3
The 2-bit input R is a signal of four groups of 8 bits each from the upper side or the lower side, that is, the 8-bit inputs R ⁰ to R ⁰ .
Divided into R ^3, 16-bit encryption key input K is divided into upper side and the signal K of the two groups of lower ^0, K ^1. Then, a 32-bit conversion output f (R, K) corresponding to the 32-bit input R is obtained by a logical operation in each of the ExOR circuits 221a to 221d and a function operation in the conversion circuits 222a to 222d.

FIG. 29 shows the configuration of an encryption key creation circuit for creating encryption keys K _{0 to} K ₉ and K _{A to} K _F used in the encryption circuit 20. In the figure, reference numeral 30 denotes the encryption keys K _{0 to} K ₉ , K _A to K based on 64-bit key information.
This is an encryption key generation circuit for generating K _F , and is an eight-stage arithmetic unit 3
0a0 to 30a7.

The first stage computing unit 30a0 uses two 32-bit key information obtained by dividing the 64-bit key information into two parts as first and second inputs, respectively, and performs an operation based on the function fK to generate a 16-bit key information. The second stage arithmetic unit 30a1 is composed of a 32-bit output of the preceding-stage encryption key generator 31a0 and a 32-bit input thereof, which comprises an encryption key generator 31a0 that generates a 32-bit output including the encryption keys K0 and K1. An ExOR circuit 32a1 for obtaining an exclusive OR with (one of the two 32-bit key information) and an output of the ExOR circuit and the other of the two 32-bit key information are referred to as a first and a second.
And an encryption key generator 31a1 that generates a 32-bit encryption key output including 16-bit encryption keys K1 and K2 by an operation based on the function fK. Further, the arithmetic units 30a2 to 30a7 at the third to eighth stages provide an exclusive OR of the 32-bit output of the encryption key generation units 31a1 to 31a6 at the preceding stage and the 32-bit input thereof.
Using the outputs of the R circuits 32a2 to 32a7 and the outputs of the ExOR circuits and the 32-bit outputs of the encryption key generators 31a0 to 31a5 at the two stages before and as the first and second inputs, a 16-bit encryption key is calculated based on the function fK. (K2, K3)-(KE
, KF), and an encryption key generator 31a2 to 31a7 for generating a 32-bit output.

FIG. 30 shows the configuration of an encryption key generation unit at each stage for performing an operation using the function fK. In the figure,
31 is a 32-bit first input A and a 32-bit second input A
Receives input B and outputs 32-bit encryption key fK (A, B)
And an encryption key generator 32 for generating
Are four 8-bit inputs A ^{0 to} A ³ obtained by dividing the 32-bit first input A into four, and the 32-bit second input B
Is subjected to arithmetic processing using four 8-bit inputs B ^{0 to} B ³ obtained by dividing the data into four parts to generate the 32-bit encryption key output fK (A, B).

The encryption key generating unit 32 calculates the exclusive OR of the 8-bit inputs A ⁰ and A ^{1 and} the exclusive-OR of the 8-bit inputs A ² and A ^3. a second ExOR circuit 311b for obtaining, and a third ExOR circuit 311c for obtaining the exclusive OR of the output and the 8-bit input B ⁰ of the circuit 311b.
Further, the encryption key generation unit 32 includes first and third ExOR
The output of the circuit 311a and 311c as the first, second input, a first conversion circuit 31 for performing arithmetic processing by the function S ₁
2a and, fourth ExOR circuit 31 for obtaining the exclusive OR of the output and the 8-bit input B ¹ of the converter circuit 312a
1d, the second and fourth ExOR circuits 311b and 311
The output of the d as the first, second input, and a second conversion circuit 312b for performing arithmetic processing by the function S _0. Further, the encryption key generation unit 31 includes the first conversion circuit 312
obtaining the exclusive OR of the fifth ExOR circuit 311e for obtaining an exclusive OR, output and the 8-bit input B ² of the second converter circuit 312b of the output and the 8-bit input B ³ of a A sixth ExOR circuit 311f and a fifth ExOR circuit 311f
The output of the OR circuit 311e and the 8-bit input A ⁰ are connected to the first,
As a second input, and a third conversion circuit 312c for performing arithmetic processing by the function S _0, an output and a 8-bit input A ³ of the sixth ExOR circuit 311e as a first, second input, operation by the function S ₁ And a fourth conversion circuit 312d for performing processing.

[0041]

By the way, in the encryption device, it is required to protect the data from danger of eavesdropping, forgery, falsification, etc. of the data by a third party.
Recently, the reliability of the encryption device has been reduced due to the improvement of the processing speed of the computer as the encryption device and the development of the decryption method.

Therefore, although encryption devices employing various algorithms have been developed to counter the decryption method, there is a trade-off between the encryption device and the conventional encryption device in exchange for improvement in the reliability of decryption. There is a problem that compatibility is lost. In other words, if you try to give the improved cryptographic device compatibility with conventional cryptographic devices,
It is necessary to add a new circuit, and the circuit scale of the entire device becomes large, which leads to an increase in development time and cost.

The present invention has been made in view of the above-described problems, and improves the reliability of encryption by a small-scale circuit configuration and maintains compatibility with a conventional encryption device. It is an object of the present invention to obtain an encryption device capable of reducing the development period and the cost.

[0044]

An encryption device according to the present invention (claim 1) is an encryption device for encrypting individual divided data obtained by dividing a plurality of bits of plaintext data, and comprising: Has multiple processing modes with different contents,
Data processing means for performing an arithmetic processing for encrypting the divided data in the processing mode selected by the selection control signal, and arithmetic processing control means for outputting the selection control signal to the data processing means based on an external input It is provided with.

According to a second aspect of the present invention, in the encryption device according to the first aspect, the data processing means generates initial transposed data by rearranging the divided data input from the outside in a bit unit or a byte unit. An initial transposition means, and transposition based on the function data, which has predetermined function data, and which is performed on the initial transposition data or the operation processing data obtained by performing arithmetic processing on the initial transposition data, using an encryption key having predetermined bits. A first arithmetic processing circuit for performing a first arithmetic processing including processing and data change processing, and a plurality of transposition processing modes having different transposition processing contents, wherein the first arithmetic processing circuit has a selected transposition processing mode. A second arithmetic processing circuit for performing a second arithmetic processing for transposing the output data of the second arithmetic processing circuit and one of the output data of the second arithmetic processing circuit and the initial transposed data. A selector for selecting based on a selection signal and outputting the selected data to the first arithmetic processing circuit; and performing a predetermined number of continuous arithmetic processings on the initial transposed data by the first and second arithmetic processing circuits. A number-of-operations control circuit for controlling the selector means by the data selection signal; and a final transposition means for performing final transposition processing on output data of the second arithmetic processing circuit and outputting final operation processing data. And the arithmetic processing control means includes a transposition processing control circuit for selecting a transposition processing mode in the second arithmetic processing circuit based on an external input.

According to a third aspect of the present invention, in the encryption device according to the second aspect, the first arithmetic processing circuit is configured to apply the first arithmetic processing again to the first output data obtained by subjecting the input data to the first arithmetic processing. When the first output processing is performed to obtain the second output data, the input data and the second output data have the same value in the involution operation mode.

According to a fourth aspect of the present invention, in the encryption device according to the second aspect, the first arithmetic processing circuit has a plurality of function data based on function data selected by an external control signal. Thus, arithmetic processing is performed on the input data.

According to a fifth aspect of the present invention, in the encryption device according to the second aspect, the second arithmetic processing circuit is configured to perform the second arithmetic processing on the input data to the first output data. When the second operation processing is performed again to obtain the second output data, the configuration has an involution operation mode in which the input data and the second output data have the same value.

According to a sixth aspect of the present invention, in the encryption device according to the fifth aspect, there is provided a logic circuit for obtaining an exclusive OR of an external input of n bits and an initial value of n bits that cannot be changed. The transposition processing control circuit is configured to select a transposition processing mode in the second arithmetic processing circuit based on m bits (m ≦ n) of the value of the exclusive OR.

According to a seventh aspect of the present invention, in the encryption device according to the fifth aspect, an exclusive OR of the initial transposition data output from the initial transposition means and an unchangeable n-bit initial set value is provided. , And the transposition processing control circuit is configured to set the transposition processing control circuit to m bits (m ≦
The transposition processing mode in the second arithmetic processing circuit is selected based on n).

According to the present invention (claim 8), in the cryptographic apparatus according to claim 5, a random number generating means for generating an s-bit random number, a value of the random number, an unchangeable s-bit initial setting value, A logic circuit for calculating an exclusive OR of the transposition processing control circuit in the second arithmetic processing circuit based on m bits (m ≦ s) of the value of the exclusive OR. Is selected.

According to a ninth aspect of the present invention, in the encryption device according to any one of the third to fifth aspects, the first arithmetic processing circuit performs a first arithmetic processing using output data thereof as input data. The configuration has a multiple involution operation mode in which the first input data and the final output data have the same value when performed a number of times.

According to a tenth aspect of the present invention, in the encryption device according to any one of the sixth to eighth aspects, the second arithmetic processing circuit uses the output data of the second arithmetic processing circuit as input data.
Is performed a predetermined number of times, the first input data and the final output data have the same value.

According to the present invention (claim 11), in the encryption device according to any one of claims 6 to 9, the data processing means is forcibly activated by inputting a predetermined external signal to the second arithmetic processing circuit. The involution encryption process is configured to be performed by a target encryption method using the same encryption key for the encryption process and the decryption process, and the involution encryption process is performed a predetermined number of times in the encryption process. And the predetermined number of operations in the decryption process, the initial input data subjected to the first operation process in the encryption process and the final output data obtained as a result of the final operation process in the decryption process have the same value. The processing is as follows.

According to a twelfth aspect of the present invention, in the cryptographic device according to the eleventh aspect, a function used in the first arithmetic processing in the first arithmetic processing circuit is used to determine corresponding input data based on output data. The backward operation process is a one-way function that requires more operation processing than the forward operation process in which corresponding output data is obtained based on input data.

According to a thirteenth aspect of the present invention, in the encryption device according to the eleventh or twelfth aspect, the initial transposition means has a plurality of initial transposition processing modes in which the contents of the initial transposition processing are different from each other. An initial transposition process is performed on the input divided data in a required initial transposition mode selected based on a mode selection signal generated inside the apparatus.

According to a fourteenth aspect of the present invention, in the encryption device according to the eleventh or twelfth aspect, the final transposition means has a plurality of final transposition processing modes in which the contents of the final transposition are different from each other. The output data of the data processing means is subjected to a final transposition in a required final transposition processing mode selected based on a mode selection signal generated inside the apparatus.

[0058]

Embodiments of the present invention will be described below. Embodiment 1 FIG. FIG. 1 is a block diagram showing the configuration of the encryption device according to the first embodiment of the present invention.
Reference numeral 0 denotes an encryption device according to the first embodiment, which includes an input data latch circuit 101 for holding input data,
Initial transposition circuit 1 that performs initial transposition processing on the output of No. 01
02, and a selector 1 that selects one of the initial transposition output S1A and the arithmetic processing output S1G based on the select signal S1B output from the arithmetic processing number control circuit 104.
03. Further, the cryptographic device 100 processes the output S1C of the selector based on the encryption key S1D from the encryption key control circuit 106.
And the transposition selection signal S from the second arithmetic processing control circuit 108
1F is received at its control terminal Fe2 and the transposition selection signal S
1F, a second arithmetic processing circuit 107 that processes the first arithmetic processing output S1E, and a second arithmetic processing output S1G.
, A final transposition circuit 109 for performing a final transposition process, and an output data latch circuit 111 for latching the output of the final transposition circuit 109.

Further, the encryption device 100 has the external input V
It has an exclusive OR circuit 110 for taking the exclusive OR of in and the initial value V1. The exclusive OR output Aex1 is supplied to the second arithmetic processing control circuit 108.

Here, the initial transposition circuit 102 corresponds to FIG.
The transposing process is performed on 64-bit input data based on the transposed data in the initial transposition table shown in FIG. As shown in FIG. 3, the arithmetic processing number control circuit 104 increments the count value each time the selector output S1C is processed by the first arithmetic processing circuit, and resets the count value when the count value reaches 16 times. And a comparator 104c that compares the outputs of the two circuits and outputs the select signal S1B according to the comparison result. I have.

As shown in FIG. 4, the first arithmetic processing circuit 105 applies the lower 32-bit signal LSB of the 64-bit selector output S1C based on the encryption key S1D from the encryption key control circuit 106. A function operation circuit 105a for performing a function operation process using a function f, and X which is an exclusive OR of an output of the operation circuit 105a and a signal MSB of the upper 32 bits in the selector output S1C.
An OR circuit 105b, and 3 of the XOR circuit 105b.
It is configured to output a 64-bit first operation processing signal S1E including a 2-bit output and the lower 32 bits of the signal LSB. Here, the function f is the same as the nonlinear function f described in Eiji Okamoto, “Introduction to Cryptography Theory”, pp. 38-39.

As shown in FIG. 5, the encryption key processing control circuit 106 determines a predetermined encryption key from the first to sixteenth encryption keys in accordance with the number of times of the first arithmetic processing on the initial transposed data. It has a selector circuit 106a that selects and outputs the selected encryption key S1D to the first arithmetic processing circuit 105.

FIG. 6 is a diagram for explaining the function of the second arithmetic processing circuit 107. One byte data of the first to eighth bits of the 64-bit input data is represented by B1,
The 9th to 16th 1-byte data is B2, the 17th to 24th 1-byte data is B3, the 25th to 32nd 1-byte data is B4, and the 33rd to 40th 1-byte data is B2. B5, the one-byte data from the 41st to the 48th is B6, the 1-byte data from the 49th to the 56th is B7,
40 is a table showing transposition positions in each of modes 1 to 4 when 1-byte data from 57th to 64th is B8. For example, in the mode 0, the 1-byte data B8 and B7 in the input data are transposed to the 5th and 6th bytes from the MSB, respectively.

FIG. 7 is a circuit diagram of the second arithmetic processing circuit 107.
The logic circuits 187 and 177 (FIGS. (A) and (b)) corresponding to the eighth and seventh bytes when viewed from the MSB are shown. The logic circuits corresponding to the other byte outputs in the second arithmetic processing circuit 107 have the same configuration as the logic circuits corresponding to the eighth and seventh bytes.

In other words, the logic circuits 187 and 177 corresponding to each byte output are provided with a logical product circuit 107b that receives the transposition selection signal S1F and the external control signal F2C as inputs, and a mode 0 based on the output of the logical product circuit 107b. To a byte selection circuit 107a for selecting any one of the five bytes corresponding to mode 4. Here, a selector is used for the byte selection circuit, but a multiplexer may be used for this.

The second arithmetic processing control circuit 108 operates as shown in FIG.
Receives the 64-bit XOR output Aex1 as shown in
A 1-bit adder circuit 108a for outputting a corresponding 6-bit signal is provided, and a comparator 108b receiving the output of the adder circuit and outputting a corresponding 3-bit transpose selection signal S1F. Transposition selection signal S
1F controls the transposition processing in the second arithmetic processing circuit 107.

Further, the above-mentioned final transposition circuit 109 is constructed as shown in FIG.
The transposition process is performed on 64-bit input data based on the transposed data in the final transposed table shown in (b). That is, the final transposition circuit 109 is
2. A transposition process is performed to restore the input data subjected to the transposition process to 2. Here, 64-bit input data is converted into 64-bit output data based on the final transposition table shown in FIG. 2B. Note that FIG.
The final transposition table shown in (b) shows how many bytes the row counts from the LSB of the input bit, and the column shows the column of the input bit, as in the initial transposition table shown in FIG. 2 (a). It shows the bit position counted from the LSB in the byte, and this final transposition table is the same as that in the DES device described in Eiji Okamoto, “Introduction to Cryptography Theory”, paragraphs 33 to 48.

Next, the operation will be described. Hereinafter, 128
A process of encrypting a plaintext of bits will be described. 12
An 8-bit plaintext is composed of two 64-bit plaintext blocks, ie, a 64-bit first plaintext block and a 64-bit plaintext block.
And a second plaintext block of bits. Note that the plaintext is not limited to 64 bits, and the bit size for dividing the plaintext is not limited to 64 bits.

Then, the encryption processing of each of the divided plaintext blocks is performed by the encryption device 100 of the first embodiment. That is, the first and second plaintext blocks are:
Input to the input data latch circuit 101, this circuit 10
At 1, the plaintext block is held until the encryption process is completed. The output data of the input data latch circuit 101 is input to a selector 103 after being subjected to a transposition process in an initial transposition circuit 102.

The selector 103 corresponds to 15 times obtained by subtracting the first one from the predetermined number of times of encryption (16 times) stored in the number-of-times-of-operations storage unit 104b of the number-of-times-of-encryption control circuit 104. Receiving the signal S1B,
Based on this, an output S1A is selected from the output S1G of the second arithmetic processing circuit 107 and the output S1A of the initial transposition circuit 102, and this is output to the first arithmetic processing circuit 105 as a selector output S1C.

At this time, the first input of the first arithmetic processing circuit 105 is a value obtained by transposing the output of the input data latch circuit 101 by the initial transposition circuit 102. This first
The arithmetic processing circuit 105 outputs the selector output S1 based on the encryption key S1D output from the encryption key control circuit 106.
The arithmetic processing of C is performed. Here, the encryption key control circuit 1
The first to sixteenth encryption keys of 48 bits corresponding to 16 times of the number of encryption processes are set in 06, and the first to sixteenth processes in the first arithmetic processing circuit 105 are respectively performed. The corresponding unique encryption key is used. The number of encryption processes is not limited to 16 and the encryption key is not limited to 48 bits.

Next, in the second arithmetic processing circuit 107, the first
The transposition processing of the 64-bit output data S1E of the arithmetic processing circuit 105 is performed. At this time, the transposition process is controlled by the second arithmetic processing control circuit 108. In particular,
At this time, the exclusive OR circuit 110 receives the 64-bit external input Vin and the 64-bit initial value V1 as inputs,
The 64-bit signal Aex1, which is the exclusive OR, is output to the second arithmetic processing control circuit 108. The external input is not limited to 64 bits. The initial value V1 is a value that is stored in advance in the present encryption device and cannot be changed from outside. The second arithmetic processing control circuit 108 generates a 3-bit transposition selection signal S1F for controlling the transposition processing of the second arithmetic processing circuit 107 based on the 64-bit signal Aex1 which is the exclusive OR. Output to the circuit 107.

In the second arithmetic processing circuit 107, when the external control signal F2C input to the control terminal Fe2 is at the L level, the second arithmetic processing circuit 107 forcibly has the mode 0 data array. The data of each bit of the first arithmetic processing circuit output S1F is transposed and output. At this time, the second arithmetic processing control circuit 108 outputs the signal Aex
Mode 1 when the number of bits whose value is 1 among the bits constituting 1 is 23 or less, mode 2 when the number is 1 or more and 24 or less, and mode 3 or 49 when the number is 25 or more and 48 or less. When the number is 64 or less, the transposition selection signal S1F for selecting the mode 4 is output to the second arithmetic processing circuit 107. Here, a different transposition process is performed for each mode. In the above selection conditions,
When the number of bits whose value is 1 in the signal Aex1 is 1 or more and 23 or less, both the mode 1 and the mode 2 are selected. Thus, when the modes overlap each other, It is necessary to add a condition such as selecting a higher or lower mode.

FIG. 6 shows the positions of data obtained by transposing the input in mode 0 to mode 4 in correspondence with the data position in the input.
From 1 to B8, for example, the eighth byte (B4) in the output when transposed in mode 0 is the fourth byte (B4) of the input when viewed from the LSB, and the LSB in the output in this case is the fourth byte (B4). The seventh byte (B3) indicates the third byte (B3) of the input.

The mode 4 implements a multiple involution function. In this mode 4, the second
By performing the arithmetic processing by the arithmetic processing circuit 107 multiple times of 8, the final arithmetic output becomes the same as the value of the first input.

The method of selecting the mode based on the value of the signal Aex1 includes a method based on a threshold value, a method based on a certain bit value, and a method based on a plurality of consecutive bits, in addition to the method of counting 1 of all the bits. A method based on a value can be considered.

Here, the method based on the threshold value is Ae
The mode is selected based on a certain set value from a value when the arrangement of 1 in the bit string of the x1 signal is viewed as a binary number. Further, the method based on the value of a certain bit does not perform mode selection based on all 64 bits constituting the Aex1 signal, but uses a predetermined bit in the Aex1 signal, for example, an even bit, or 2,4,4. In this method, mode selection is performed based on specific bits such as 8, 16, 32, and 64. Further, the method based on the value of a plurality of consecutive bits is based on a set threshold value based on the number of 1s in a plurality of bits, such as upper 32 bits or lower 16 bits, or a binary value of the plurality of bits. Mode selection. Second arithmetic processing circuit 1 corresponding to modes 1 to 4
07 is not limited to the transposition arrangement shown in FIG. Further, the number of modes is not limited to four.

Then, the first arithmetic processing circuit 10 is operated by the number of encryption processings stored in the encryption processing number control circuit 104.
After performing the processing in the fifth and second arithmetic processing circuits 107,
The output S1G of the second arithmetic processing circuit 107 is subjected to final transposition processing by the final transposition circuit 109 for the first time, and is held in the output data latch circuit 111. At the same time, the next plaintext block is held in the input data latch circuit 101, and the same processing as that of the previous plaintext block is performed.

When the encryption processing of all the plaintext blocks is completed, the encryption processing of the plaintext ends. For example, by setting the external control signal F2C to a certain value, mode 0 can be selected, and the encryption device 10 according to the first embodiment can be selected.
0a has the same function as the DES encryption device.

As described above, in the first embodiment, the first arithmetic processing circuit 105 which encrypts the input plaintext data by the arithmetic processing based on the predetermined function, and the plurality of transposition processing modes having different transposition processing contents A second operation processing circuit 107 that performs transposition processing on the output of the first operation processing circuit 105 in the transposition processing mode selected by the selection control signal, and the second operation processing circuit 107 Since the second arithmetic processing circuit 107 is provided with the arithmetic processing control circuit 108 for outputting the selection control signal, the arithmetic processing in the second arithmetic processing circuit 107 can be externally changed. In other words, when data is transferred over an open network such as the Internet, cryptographic devices are generally used to avoid eavesdropping and tampering attacks by third parties. This makes it even more difficult to protect the transferred data from attacks such as eavesdropping, falsification, and decryption of data by a third party, and even if the algorithm of the cryptographic device is decrypted, the specification of the cryptographic device is changed. Without changing the encryption algorithm, data security can be maintained.

When the external control signal F2C is set to the L level, the second arithmetic processing circuit 107 is forcibly transposed in the 0 mode, that is, the upper 32 bits of the 64-bit input.
Since the transposing process for exchanging bits and the lower 32 bits is performed, the encryption device 100 according to the first embodiment is configured.
a has data compatibility with other DES encryption devices.

Further, depending on the value of the external control signal F2C, the transposition processing mode in the second arithmetic processing circuit 107 can be set to a mode other than the above-described 0 mode. An encryption device having a different encryption algorithm from the encryption device can be used.

As a result, the encryption device 100 of the present embodiment
Then, it is possible to decrypt the data encrypted by the DES encryption device already held in the storage medium such as the hard disk, change the encryption algorithm again, and save the data again in the storage medium.

Further, since the second arithmetic processing control circuit 108 for controlling the second arithmetic processing circuit 107 can be controlled by the exclusive OR of the external input Vin and the initial value V1, the second arithmetic processing circuit 107 can be controlled. It is possible to control from the outside, and even if the algorithm of the encryption circuit is decrypted by a third party, it is possible to change the encryption algorithm from the outside without changing the device specifications,
Again, decoding can be difficult. It is also possible to change the external input Vin for each plaintext block to be transferred, thereby further increasing the security of encryption.

Also, in the first embodiment, the first arithmetic processing circuit 105 performs an arithmetic operation using a function f including an exclusive OR operation and a cyclic shift operation on data on input data to encrypt the input data. And the second arithmetic processing circuit 10
7 is configured to perform the encryption by transposing the input data, so that all the encryption processing is executed only by the involution operation. For this reason, the encryption device according to the first embodiment can be easily converted to a decryption device.

In addition, the encryption device 100 of the first embodiment
Includes a second arithmetic processing circuit 107 having a plurality of transposition processing modes and performing only transposition processing as encryption processing;
Since the encryption algorithm is switched by selecting a predetermined transposition processing mode, an encryption device that can easily switch the encryption algorithm is provided by a selection circuit that selects the mode selection in the second arithmetic processing circuit 107. It can be easily realized only by adding, and the circuit scale of the encryption device in which the encryption algorithm is variable can be made smaller than that of the first arithmetic processing circuit in which the encryption algorithm is variable.

Embodiment 2 FIG. 9 is a block diagram showing a configuration of an encryption device according to the second embodiment of the present invention. In the figure, reference numeral 200 denotes an encryption device according to the second embodiment, and an input data latch circuit 201 for holding input data; An initial transposition circuit 202 for performing an initial transposition process on the output of the latch circuit 201, and transposition data S from the initial transposition circuit 202;
A selector 203 for switching and outputting 2A and the data S2G being processed based on the select signal S2B from the encryption processing number control circuit 204;

Further, the encryption device 200 includes a first arithmetic processing circuit 205 for performing a first arithmetic processing on the selector output S2C based on the encryption key S2D from the encryption key control circuit 206, and a second arithmetic processing circuit. A second arithmetic processing circuit 207 which receives the transposition selection signal S2F from the processing control circuit 208, and performs a second arithmetic processing on the output S2E of the first arithmetic processing circuit 206 based on the transposition selection signal S2F; A final transposition circuit 210 that performs a final transposition process on the second arithmetic processing output S2G, and the final transposed output from the circuit 210 is latched by an output data latch circuit 211.

Further, the encryption device 200 includes a previous plaintext latch circuit 213 for latching the previous initial transposition output, that is, data obtained by subjecting the plaintext block subjected to the previous encryption process to the initial transposition process. 64 of circuit 213
The exclusive OR of the latch information of the bit and the initial value V2 of 64 bits is calculated, and this is calculated by the second arithmetic processing control circuit 20.
8 exclusive OR circuit (XOR circuit) 212
And a previous plaintext block latch circuit 213 that latches a signal obtained by subjecting the plaintext data subjected to the previous process to the initial transposition process.

Hereinafter, each of the above circuits will be described in detail. As shown in FIG. 10 (a), the initial transposition circuit 202 performs exclusive control of upper data MSB consisting of upper 32 bits of 64-bit latch data and lower data LSB consisting of lower 32 bits of the latch data. An XOR circuit 202a that outputs a 32-bit XOR signal as a logical sum is provided, and a 64-bit signal composed of each bit of the XOR signal and each bit of the higher-order data MSB is subjected to an initial transposition output S2A.
Is output.

The above-mentioned encryption processing number control circuit 204 has a
As shown in FIG. 1, each time the selector output S2C is processed by the first arithmetic processing circuit, the count value is incremented, and the count value is increased to 16 times. Then, the counter 204a reset, the number of encryption processes stored in the numerical value storage unit 204b, and the count value of the counter 204a are compared, and the select signal S2B is set to the selector 20a.
3 and a comparator 204c that outputs the signal to the comparator 3c.

As shown in FIG. 12, the first arithmetic processing circuit 205 performs arithmetic processing based on the function f on the lower 32-bit signal LSB of the 64-bit selector output S2C, and performs the 32-bit processing. A function operation circuit 205a that outputs an operation processing signal, the 32-bit operation processing signal, and the upper 32 bits of the 64-bit selector output S2C
XOR circuit 205b that outputs a 32-bit XOR selector signal as an exclusive OR with bit signal MSB
And 64 bits each consisting of each bit of the XOR selector signal and each bit of the lower 32 bits of the signal LSB.
It is configured to output a bit signal as a first operation processing output S2E. Here, the function f is the same as the function f described in Eiji Okamoto, “Introduction to Cryptography Theory,” Item 51.

As shown in FIG. 13, the encryption key control circuit 206 includes a selector circuit 206a that selects the first to sixteenth encryption keys based on a predetermined control signal and outputs a selected encryption key S2D. ing.

FIG. 14 shows the second arithmetic processing circuit 20.
7 is a diagram for explaining the transposition process by No. 7 and shows, in units of bytes, a data array in input data of 64 bits and a data array in input data subjected to the transposition process. That is, 64 input to the second arithmetic processing circuit
The bit data (first operation processing output) S2E is divided into 8 bits from the lower bit side. The first to eighth bits of the operation processing output S2E are byte data B1, and the 9th to 16th bits are byte data B1. Is the byte data B2,
Up to 7 to 24 bits of byte data B3,
Up to 32 bits of byte data B4, 33 to 40
Bits up to bits are byte data B5, bits 41 to 48 are byte data B6, bits 49 to 56 are byte data B7, and bits 57 to 64 are byte data B8.

Further, as can be seen from FIG. 14, the transposition processing includes processing corresponding to each of mode 0 to mode 4. For example, in FIG. 14, the byte data B8 and B7 in the first operation processing output S2E, which is an input signal to the second operation processing circuit 207, are 64 bytes after the transposition processing in mode 0.
This indicates that the bit is transposed at the fifth and sixth bytes from the MSB in the transposition signal.

FIG. 15A shows the second operation processing circuit 207.
15th logical circuit of the 8th byte viewed from the MSB, FIG.
(b) shows the logic circuit of the seventh byte of the second arithmetic processing circuit 207 when viewed from the MSB. The logic circuits corresponding to the other bytes are the same as those shown in FIG. That is, the logic circuits 287 and 277 corresponding to each byte output
Is a 3-bit transpose selection signal S2F and an external control signal F2
AND circuit 207b having C as an input, and a byte selection circuit 20 for selecting any of the five bytes corresponding to the transposition modes 0 to 4 based on the output of the AND circuit.
7a. Here, a selector is used for the byte selection circuit, but a multiplexer may be used for this.

The second arithmetic processing control circuit 208 is the same as that shown in FIG.
As shown in FIG. 6, a 1-bit full adder 208a that outputs a 6-bit signal in response to the 64-bit XOR signal Aer2 from the XOR circuit 212 and outputs a 3-bit transposition selection signal S2F in response to the output And a comparator 208b.

As shown in FIG. 10 (b), the final transposition circuit 210 outputs a signal MSB of the upper 32 bits of the second arithmetic processing output S2G of 64 bits and a signal LSB of the lower 32 bits thereof. XOR circuit 210a that outputs a 32-bit XOR signal as an exclusive OR of
The configuration is such that a 64-bit signal composed of each bit of the OR signal and each bit of the high-order 32-bit signal MSB is output to the output data latch circuit 211 as the final transposed output.

Next, the operation will be described. Hereinafter, 128
A process of encrypting a plaintext of bits will be described. 12
The 8-bit plaintext is divided into 64-bit first and second plaintext blocks, and each plaintext block is encrypted by the encryption device 200 according to the second embodiment. That is, the first and second plaintext blocks are input to the input data latch circuit 201, and are held by the latch circuit 201 until the encryption processing of the plaintext block is completed.

The output data of the input data latch circuit 201 is subjected to initial transposition processing by the initial transposition circuit 202, and the plaintext block subjected to the initial transposition processing is latched by the previous plaintext block latch circuit 213. , Are input to the selector 203. At this time, the selector 203
, The second operation output S2G of the second operation processing circuit 207 is also input, and the selector 203 receives the initial transposition data S2A and the second operation output S2G based on the select signal S2B from the encryption processing number control circuit 204. Select one of That is, in a state in which the encryption process is not performed on the initial transposed data, the selector 203 selects the initial transposed data S2A.
Indicates the number of encryption processes (16
The second arithmetic output S2G is selected and output to the first arithmetic processing circuit 205 over the number of times (15 times) obtained by subtracting the first time from the second time.

Therefore, the data input first to the first arithmetic processing circuit 205 is the input data latch circuit 201
Are subjected to a transposition process by the initial transposition circuit 202, and thereafter, the second operation output S2G becomes the first
The data is input to the arithmetic processing circuit 205.

The first arithmetic processing circuit 205 performs arithmetic processing on input data based on the encryption key S2D output from the encryption key control circuit 206. In the encryption key processing control circuit 206, a 128-bit encryption key corresponding to the number of encryption processes (16 times) is set.
A unique encryption key S2D corresponding to each of the processing from the first to the 16th processing is used. Here, the number of encryption processes is not limited to 16 and the encryption key S2D is not limited to 128 bits.

In the second arithmetic processing circuit 207, the first
The transposition processing is performed on the first operation output S2E from the operation processing circuit 205. At this time, the transposition processing is controlled by the second operation processing control circuit 208.

That is, the second arithmetic processing control circuit 20
8, a 64-bit value corresponding to an exclusive OR of the 64-bit output value of the previous plaintext block latch circuit 213 and a 64-bit initial setting value V2 which is stored in the encryption device in advance and cannot be changed from the outside. 3 for controlling the transposition processing in the second arithmetic processing circuit 207 based on the signal Aex2
A bit transposition selection signal S2F is output. Here, in the encryption processing for the first plaintext block, Ae
The value of the initial value V2 is used as it is as the x2 signal. Note that the initial value V2 is not limited to 64 bits. Here, if the value of the external input F2C input to the second arithmetic processing circuit 207 is fixed to a certain value, for example, L level, the second arithmetic processing circuit 207 forcibly transposes the mode 0. Processing is performed.

At this time, the second arithmetic processing control circuit 208
Then, substantially, the first, ninth,
A two-bit number (the exclusive OR of each of the 17th and 25th bits is an upper bit, and the exclusive OR of each of the 33rd, 41st, 49th, and 57th bits is a lower bit. The mode of the transposition process of the second arithmetic processing circuit 207 is changed according to the Mex signal. Mex
If the value of the signal as a binary number is 0 or 1, the transposition mode is mode 1, if the value is 2, the transposition mode is mode 2, and if the value is 3, A transposition selection signal S2F is output to the second arithmetic processing circuit 207 so that the transposition processing mode becomes mode 3. Here, the content of the transposition process differs for each mode.

When the Mex signal has 3 bits, mode 4 may be selected when the value of the Mex signal is 4 or more. In this transposition process in mode 4,
It has multiple involution functions. When the transposition processing mode is mode 4, the second arithmetic processing circuit 20
The inversion function (multiple-time involution function) is realized by the 16 transpositions in step 7.

Here, the method of selecting a mode based on the value of the Aex2 signal is different from the method of calculating the exclusive OR of certain bits of the Aex2 signal as described in the first embodiment. Also, a method based on a threshold value, a method based on a certain bit value, a method based on a plurality of consecutive bits, a method based on the number of 1 that is the value of each bit, and all the bits of the Aex2 signal, or a part thereof Can be considered based on the value of several bits of. Further, the transposition processing in each mode from mode 1 to mode 4 is not limited to the transposition array shown in the transposition table of FIG. 14, and the number of transposition processing modes is also limited to four. is not.

Then, the encryption processing number control circuit 204
When the arithmetic processing in the first arithmetic processing circuit 205 and the second arithmetic processing circuit 207 is completed by the number of encryption processings stored in the second processing processing circuit 207, the output S2G of the second arithmetic processing circuit 207 is output by the final transposition circuit 209 for the first time. The data is input, subjected to final transposition processing, and held in the output data latch circuit 211. At the same time, the next plaintext block is held in the input data latch circuit 201, and the same processing as that of the previous plaintext block is performed.

The plaintext data (plaintext block) held in the preceding plaintext block latch circuit 213 may be any plaintext data other than the previous plaintext data, as long as it retains the previous plaintext data. For example, even in the case of the output of the selector 203 and the outputs of the first and second arithmetic processing circuits 205 and 207, plaintext data set in advance as initial setting values is stored in the previous plaintext block latch circuit 213. Is also good.

When all the plaintext blocks have been encrypted, the encryption of the plaintext ends. Embodiment 2 having such a configuration
Then, the external control signal F2C is set to a certain value (for example, L level).
Thus, the second arithmetic processing circuit 207 performs transposition processing in the 0 mode, that is, the upper 32 bits of the 64-bit input.
Since the transposition process for exchanging bits and the lower 32 bits is selected, the encryption device 200 has the same function as the FEAL encryption device. In other words, the encryption device 200 according to the second embodiment is different from the other FEAL
It is compatible with data transfer with the encryption device.

As a result, in the encryption device of the present embodiment,
It is also possible to decrypt data encrypted by the FEAL encryption device already held in a storage medium such as a hard disk, change the algorithm, and save the data again in the storage medium.

Further, in the present embodiment, the previous plaintext block latch circuit 213 that latches the plaintext block targeted for the previous encryption process, and the second arithmetic processing control circuit 208 in accordance with the output of the latch circuit 213 Since the transposition mode in the second arithmetic processing circuit 207 is selected,
The transposition processing in the second arithmetic processing circuit 207 changes according to the plaintext block subjected to the previous encryption processing, so that it is possible to realize information encryption processing that is difficult to be decrypted by a third party.

Also, in the second embodiment, as in the first embodiment, the second arithmetic processing circuit 205 and the second arithmetic processing circuit 207 are configured such that the encryption processing in each circuit is performed only by the involution operation. Since the encryption device is configured to be executed, the encryption device of the second embodiment can be easily diverted to a decryption device as in the first embodiment.

Moreover, the encryption device 200 according to the second embodiment
, The switching of the encryption algorithm is performed by the second arithmetic processing circuit 207 that performs only the transposition process as the encryption process.
, The predetermined transposition processing mode is selected and performed, so that the circuit scale of the encryption device in which the encryption algorithm is variable can be made smaller than that in which the encryption algorithm in the first arithmetic processing circuit is variable.

Embodiment 3 FIG. 17 is a block diagram illustrating a configuration of an encryption device according to Embodiment 3 of the present invention. In the figure, reference numeral 300 denotes an encryption device according to Embodiment 3;
This encryption device 300 is based on an input data latch circuit 301 that holds input data, an initial transposition circuit 302 that performs transposition processing on the output of the latch circuit 301, and a selector signal S3B from an encryption processing number control circuit 304. And a selector 303 for selecting and outputting one of the initial transposed output S3A and the second arithmetic processing output S3G during the arithmetic processing.

Further, the encryption device 300 includes a first arithmetic processing circuit 305 for performing arithmetic processing for encryption on the selector output S3C based on the encryption key S3D from the encryption key control circuit 306; 2 arithmetic processing control circuit 308
And a second arithmetic processing circuit 307 that performs a second arithmetic processing on the output S3E of the first arithmetic processing circuit 305 based on the transposition selection signal S3F from

Further, the encryption device 300 includes a random number generation circuit 311 for generating an s-bit random number based on the seed.
And the signal Ae as the exclusive OR of the random number and the initial value V3
an exclusive OR circuit 309 for generating x3, a final transposition circuit 310 for performing a final transposition process on the output S3G of the second arithmetic processing circuit, and an output data latch circuit 312 for latching the final transposition output. ing.

Hereinafter, each of the above circuits will be described in detail. As shown in FIG. 18, the initial transposition circuit 302 performs a first initial transposition process on the latch data R, that is, the output of the input data latch circuit 301.
a, its transposed output S1M and latch data R,
A first selector circuit 302b for selecting one of them based on a 2-bit external control signal F1C;
A second initial transposition means 302c that performs a second initial transposition process on the output of the second transposition process 02b;
A second selector circuit 302d that receives the first transposition processing output S1M and selects one of them based on the external control signal F1C.

Here, the first transposition processing means 302a
Performs the same processing as the transposition processing shown in FIG. 2A, and the second transposition processing means 302c performs the processing shown in FIG.
Has the same configuration as the initial transposition circuit 202 shown in FIG.

Also, the arithmetic processing number control circuit 304
19, as shown in FIG. 19, an arithmetic processing number storage section 304b storing the number of arithmetic processing, a counter 304a for incrementing a count value each time the selector output is processed by the first arithmetic processing circuit, It comprises a comparator 304c that compares the number of arithmetic processings, which is a stored value of the unit 304b, with the count value of the counter 304a, and outputs a select signal S3B to the selector 303 based on the comparison result.

As shown in FIG. 20, the first arithmetic processing circuit 305 performs arithmetic processing based on the function f1 on the lower 32-bit signal LSB of the 64-bit selector output S3C, and performs the 32-bit processing. A first arithmetic circuit 305b that outputs an arithmetic processing signal Sf1, and a second arithmetic circuit 305c that performs an arithmetic processing based on the function f2 on the lower 32 bits of the signal LSB and outputs a 32-bit arithmetic processing signal Sf2 And the first and second arithmetic processing circuits 305b, 30
A selector circuit 305a that receives the output of the selector 5c and selects one of them based on the external control signal F1C, the selected output, and the upper 32 bits of the 64-bit selector output S3C
XOR circuit 305d that outputs a 32-bit XOR selector signal as an exclusive OR with bit signal MSB
And each bit of the XOR selector signal and 3
64 consisting of each bit of the signal LSB on the lower side of 2 bits
It is configured to output a bit signal as a first operation processing output S3E. Here, the function f1 is a function D1 described in Eiji Okamura, “Introduction to Cryptography Theory,” paragraphs 38 to 39.
The function f is the function f of the ES cipher, and the function f2 is the function f of the FEAL cipher described in Eiji Okamoto, “Introduction to Cryptography Theory,” paragraph 51.

As shown in FIG. 21, the encryption key control circuit 306 comprises a selector circuit 306a for selecting the first to sixteenth encryption keys based on a predetermined control signal and outputting the selected encryption key S3D. ing.

FIG. 22 shows the second arithmetic processing circuit 30.
7 is a diagram for explaining the transposition process by No. 7 and shows, in units of bytes, a data array of 64-bit input data and a data array of input data subjected to the transposition process.

That is, 64-bit data (first operation processing output S3E) input to the second operation processing circuit 307
Is divided into 8 bits from the lower bit side. The first to eighth bits of the operation processing output S3E are byte data B1, and the 9th to 16th bits are byte data B1.
2. The 17th to 24th bits are byte data B3,
The 25th to 32nd bits are byte data B4, and the 33rd to 40th bits are byte data B5.
Byte data B6 of the 1st to 48th bits,
Up to 56 bits of byte data B7, 57th to 64th
Up to bits are byte data B8.

Further, as can be seen from FIG. 22, the transposition processing includes processing corresponding to each of mode 0 to mode 4. For example, in FIG. 22, the byte data B8 and B7 in the first arithmetic processing output S3E, which is an input signal to the second arithmetic processing circuit 307, are 64 bytes after the mode 0 transposition processing.
This indicates that the bit is transposed at the fifth and sixth bytes from the MSB in the transposition signal.

FIG. 23 (a) shows the second arithmetic processing circuit 307
23, the logic circuit at the 8th byte as viewed from the MSB, FIG.
(b) shows the seventh of the second arithmetic processing circuit 307 viewed from the MSB.
The logic circuit at the byte is shown. The logic circuits corresponding to the other bytes are the same as those described above.

That is, the logic circuits 387 and 377 corresponding to each byte output output the 3-bit transposition selection signals S3F and 2
An AND circuit 307b that receives the external control signal F2C of a bit as an input, and a byte selection circuit 307a that selects five bytes based on the output of the AND circuit.
Here, a selector is used for the byte selection circuit.
This may use a multiplexer. The second arithmetic processing circuit 307 has an involution operation function, that is, an operation function in which processed data obtained by performing transposition processing on input data a predetermined number of times matches input data.

The second arithmetic processing control unit 308 operates as shown in FIG.
As shown in the figure, an exclusive-OR circuit 308a that receives a 64-bit XOR signal from the XOR circuit 309 and outputs a 6-bit signal, and outputs a 3-bit transposition selection signal S3F in response to the output. And a comparator 308b.

As shown in FIG. 25, the final transposition circuit 310 performs a first final transposition process on the output S3G of the second arithmetic processing circuit, a first final transposition circuit 310a, A first selector circuit 310b which receives the processing circuit output S3G and selects one of them based on an external control signal F1C, and a second final transposition means 310c which performs a second final transposition process on the output of the selector circuit 310b
And a second selector circuit 310d that receives the second final transposition processing output and the first final transposition processing output and selects one of them based on the external control signal F1C.

Next, the operation will be described. Hereinafter, 128
A process of encrypting a plaintext of bits will be described. 12
The 8-bit plaintext is divided into 64-bit first and second plaintext blocks, and each plaintext block is encrypted by the encryption device 300. That is, the first and second plaintext blocks are input to the input data latch circuit 301 and are held until the encryption processing of the plaintext block is completed.

The output data of the input data latch circuit 301 is input to the selector 303 after being subjected to initial transposition by the initial transposition circuit 302. The initial transposition circuit 302 generates the first initial transposition means 30 based on the external control signal F1C.
One or both of the outputs of 2a and the second initial transposition means 302c are used. Note that the initial transposition circuit 302 uses the first initial transposition means 3 based on the value of the random number generation circuit 311.
02a and / or the output of the second initial transposition means 302c may be used randomly.

At this time, the output S3G of the second arithmetic processing circuit of the second arithmetic processing circuit 307 is also input to the selector 303.
4, one of the initial transposition data S3A and the second processing circuit output S3G is selected. In other words, when the encryption processing is not performed on the initial transposed data, the selector 303 selects the initial transposed data S3A.
Is the number of encryption processes (16 times) for the initial transposed data
Over the number of times (15 times) minus the first one from
The second arithmetic processing circuit output S3G is selected and output to the first arithmetic processing circuit 305. Therefore, the first arithmetic processing circuit 305 first has the input data latch circuit 301
, The data obtained by performing the transposition process by the initial transposition circuit 302 is input, and thereafter, the output S3G of the second arithmetic processing circuit is input.

In the encryption key processing control circuit 306, a 128-bit encryption key corresponding to the number of times of encryption processing (16 times) is set, and the first arithmetic processing circuit 305 performs processing from the first time to the 16th time. Is used, a unique encryption key S3D corresponding to each is used. Here, the number of encryption processes is not limited to 16 and the encryption key S3D is also one.
It is not limited to 28 bits.

In the first arithmetic processing circuit 305, the first arithmetic processing is controlled by a 2-bit signal F1C from outside. When the value of the signal F1C is 00, neither the arithmetic processing output by the f1 function nor the arithmetic processing output by the f2 function is output from the selector circuit 305a. The above signal F1
If the value of C is 01, the operation processing output S by the f1 function
f1 and signal MS of upper 32 bits of selector output S3C
Exclusive OR with B is obtained. The value of F1C is 1
In the case of 0, the exclusive OR of the operation processing output Sf2 by the f2 function and the signal MSB of the upper 32 bits of the selector output S3C is obtained. Further, when the value of the signal F1C is 1
In the case of 1, the exclusive OR of the operation processing output Sf1 by the f1 function and the upper 32 bits signal MSB, and the operation processing output Sf2 by the f2 function and the upper 32 bits signal M
The SB and the exclusive OR are obtained alternately in the sixteenth first arithmetic processing.

Further, in the second arithmetic processing circuit 307, transposition processing is performed on the first arithmetic processing circuit output S3E from the first arithmetic processing circuit 305. At this time, the transposition processing is performed by the second arithmetic processing control. Controlled by circuit 308. In the second arithmetic processing control circuit 308, the value of the 64-bit random number generation circuit 311 and the 64-bit initial value V which are stored in the encryption device in advance and which cannot be changed from the outside are used.
64-bit signal Aex corresponding to exclusive OR with
3, a 3-bit inverted value selection signal S3F for controlling the transposing process of the second arithmetic processing circuit 307 is output. First
In the processing of the plaintext block, the value of the initial value V3 is used as the signal Aex3 as it is. Note that the initial value V3 is not limited to 64 bits. Also,
When the external input F2C input to the second arithmetic processing circuit 307 is at the L level, the second arithmetic processing circuit 307 forcibly performs the transposition processing in mode 0.

In the second arithmetic processing control circuit 308, the signal A
ex3 first to eighth bits, ninth to sixteenth bits, first
7th to 24th bits, 25th to 32nd bits, 33th to 40th bits, 41st to 48th bits, 49th to 56th bits, and 57th to 64th bits Mode 1 when the value of the exclusive OR as a binary number is from 0 to 63, Mode 2 when from 64 to 127, and Mode 3 and 1 when from 128 to 193
In the case of 92 to 255, the transposition processing of mode 4 is performed. Note that transposition processing corresponding to each mode is different from each other. Each mode transposition process implements an involution operation function. For example, when the transposition processing mode is mode 4, when the transposition processing is performed by the second arithmetic processing circuit 307 by a multiple of 8, the input data and the data after the transposition processing are the same.

Note that various methods for selecting a mode based on the value of the signal Aex3 are conceivable as described in the first and second embodiments. Is not limited to the transposition array shown in the transposition table of FIG. 22, and it is needless to say that the number of transposition processing modes is not limited to four.

Then, the first arithmetic processing circuit 30 is stored in the encryption processing number control circuit 304 by the number of encryption processing times.
5 and the processing in the second arithmetic processing circuit 307 are repeated, the output S3C of the second arithmetic processing circuit 307 is subjected to the final transposition processing in the final transposition circuit 309 for the first time and held in the output data latch circuit 311. Is done. At this time, the next plaintext block is held in the input data latch circuit 301 at the same time, and the same processing as that of the previous plaintext block is performed.

When all the plaintext blocks have been encrypted in this way, the plaintext encryption processing ends. In the third embodiment having such a configuration, by setting the external control signal F2C to L level and setting the value of the external control signal F1C to 01 or 10, the encryption device 300 can be connected to the DES encryption device (when the external input F1C is 01 ) Or the FEAL encryption device (when the external F1C is 10). The values of the external control signals F1C and F2C are not limited to these, and may be other values.

As a result, the encryption device according to the third embodiment has
It has compatibility that allows data transfer with other DES encryption devices and FEAL encryption devices. Also, by using this encryption device, encrypted communication as an existing DES encryption device or FEAL encryption device becomes possible.

As a result, in the encryption device of the present embodiment,
It is also possible to decrypt data already encrypted by a DES encryption device or a FEAL encryption device already stored in a storage medium such as a hard disk, change the algorithm, and store the data again in the storage medium.

In the encryption device 300 according to the third embodiment, the first arithmetic processing circuit 305 can be externally controlled, and the transposition processing mode in the second arithmetic processing circuit 307 can be changed according to the random number. Thus, security at the time of data transfer to a third party can be increased.

Also, in the third embodiment, as in the first embodiment, the second arithmetic processing circuit 305 and the second arithmetic processing circuit 307 are configured such that the encryption processing in each circuit is performed only by the involution operation. Thus, the encryption device according to the third embodiment can be easily converted to a decryption device as in the first embodiment.

Further, the encryption device 300 according to the third embodiment
, The switching of the encryption algorithm is performed by the second arithmetic processing circuit 307 which performs only the transposition process as the encryption process.
, The predetermined transposition processing mode is selected and performed, so that the circuit scale of the encryption device in which the encryption algorithm is variable can be made smaller than that in which the encryption algorithm in the first arithmetic processing circuit is variable.

[0145]

As described above, according to the encryption device of the present invention (claim 1), there are a plurality of processing modes in which the contents of the arithmetic processing are different, and the processing mode selected by the selection control signal has: A data processing means for performing arithmetic processing on the input plaintext data; and an arithmetic processing control means for outputting the selection control signal to the data processing means based on an external input. Can be changed externally. In other words, the encryption algorithm can be easily changed from the outside, and the data transferred by this can be eavesdropped on by a third party,
Even if the algorithm of the encryption device is decrypted, the data security can be maintained by changing the encryption algorithm without changing the specification of the encryption device even if the algorithm of the encryption device is decrypted.

According to the present invention (Claim 2), Claim 1
In the encryption device described in the above, as the data processing means,
A first operation processing circuit for performing a first operation process including a transposition process and a data change process based on function data using an encryption key of a predetermined bit, and a first operation processing circuit having the selected transposition processing mode. Second to perform transposition processing on output data
And a second arithmetic processing circuit for performing the arithmetic processing of the above.
By adopting the L encryption method, it is possible to realize an encryption device that is compatible with encryption devices of these methods and that is more difficult to decrypt. Further, since the initial transposition means is provided at a stage preceding the first arithmetic processing circuit, and the final transposition means is provided at a stage subsequent to the second arithmetic processing circuit, the encryption strength can be further improved.

According to the present invention (Claim 3), Claim 2
In the cryptographic device described above, the first arithmetic processing circuit performs the first arithmetic processing again on the first output data obtained by performing the first arithmetic processing on the input data to obtain the second output data. At this time, since the input data and the second output data have an involution operation mode in which the same value is obtained, the configuration of the present encryption device can be easily converted to a decryption device, and the first operation processing circuit can be used. This can be realized by a relatively simple configuration.

According to the present invention (claim 4), claim 2
In the cryptographic device described above, the first arithmetic processing circuit has a configuration having a plurality of function data and performing arithmetic processing on the input data based on function data selected by an external control signal. In the encryption processing in which the arithmetic processing in the first arithmetic processing circuit is performed a plurality of times, the encryption strength can be enhanced by changing the function data for each arithmetic processing. Further, by configuring the first arithmetic processing circuit to have an arithmetic processing mode using the same function as the f function of the data encryption standard such as DES,
It is also possible to make the encryption device compatible with the data encryption standard such as S.

According to the present invention (claim 5), claim 2
In the above-mentioned encryption device, the second arithmetic processing circuit performs a second arithmetic processing on the input data.
When the second arithmetic processing is performed again on the output data of the second and the second output data is obtained, the input data and the second output data have the same value in the involution operation mode. The configuration of the encryption device can be easily diverted to the decryption device, and the first arithmetic processing circuit can be realized with a relatively simple configuration. That is, the involution operation in the transposition process can be realized only by changing the wiring between the input terminal and the output terminal in the circuit.

According to the present invention (Claim 6), Claim 5
In the cipher device described above, the transposition processing mode in the second arithmetic processing circuit is set based on a predetermined bit of an exclusive OR value of an n-bit external input and an unchangeable n-bit initialization value. Since the configuration is made to select, even if the encryption is decrypted, the content of the encryption processing can be easily changed by selecting the transposition processing mode based on the other bits of the exclusive OR value can do.

According to the present invention (claim 7), claim 5
In the cipher device described above, the transposition processing mode in the second arithmetic processing circuit is set based on the exclusive OR of the initial transposition data output from the initial transposition means and an unchangeable initial value of n bits. Since the selection is made, even if the output encrypted data can be obtained, the contents of the encryption processing cannot be decrypted unless the previous encrypted data is known. That is, a set of 64-bit inputs (plaintext)
Even if the output of 64-bit (ciphertext) is known, the cipher cannot be deciphered unless the previous pair of plaintext input and ciphertext output is known. As a result, unless all inputs and outputs are stolen, the encryption Can't decipher Therefore, the encryption processing in the data processing means can be made more difficult to decipher.

According to the present invention (claim 8), claim 5
In the encryption device described above, the transposition processing mode in the second arithmetic processing circuit is selected based on an exclusive OR of a value of a random number from a random number generation unit and an unchangeable initial value of n bits. Therefore, the selection of the transposition processing mode is performed at random, and the encryption processing in the data processing means can be made more difficult to decipher.

According to the present invention (claim 9), claim 3
6. The encryption device according to any one of claims 1 to 5, wherein when the first arithmetic processing circuit performs the first arithmetic processing using the output data as input data for a predetermined number of times of three or more, the first input data and the final Since the configuration has a multiple involution operation mode in which the output data has the same value, a plurality of encrypted data in the encryption device are required for decryption of the encryption, and the security against the decryption can be further improved.

According to the present invention (claim 10), in the encryption device according to any one of claims 6 to 8, the second arithmetic processing circuit uses the output data as input data for the second arithmetic processing circuit. Is performed a predetermined number of times equal to or more than three, the first input data and the final output data have the same value in multiple involution operation modes. Are required, and security against decryption can be further improved.

According to the present invention (claim 11), in the encryption device according to any one of claims 6 to 9, the second arithmetic processing circuit is forcibly encrypted when an external signal is input. Is configured to be changed, so that the calculation mode can be changed randomly every time encryption is transmitted, and the encryption strength can be increased.

According to the present invention (claim 12), in the encryption device according to claim 11, the function used for the first arithmetic processing in the first arithmetic processing circuit is converted into the corresponding input data based on the output data. Is a one-way function that requires much more arithmetic processing than the forward operation process that finds the corresponding output data based on the input data, so decryption of the encrypted data Can be made more difficult.

According to the present invention (claim 13), in the encryption device according to claim 11 or 12, the initial transposition means has a plurality of initial transposition processing modes having different contents of the initial transposition processing, and Alternatively, the configuration is such that an initial transposition process is performed on the input divided data in a required initial transposition processing mode selected based on a mode selection signal from the inside, so that a change in the encryption algorithm can be performed by an external initial transposition. It can also be performed by changing the processing.

According to the invention (Claim 14), in the encryption device according to the invention 11 or 12, the final transposition means has a plurality of final transposition processing modes having different contents of the final transposition processing, and Alternatively, the final transposition processing is performed on the output data of the data processing means in a required final transposition processing mode selected based on a mode selection signal from the inside. It can also be performed by changing the transposition process.

[Brief description of the drawings]

FIG. 1 is a block diagram showing an overall configuration of an encryption device according to a first embodiment of the present invention.

FIG. 2 shows the contents of the transposition processing of the initial transposition circuit which constitutes the above-mentioned encryption device, based on the initial transposition table (FIG. 2A), FIG.

FIG. 3 is a block diagram illustrating a configuration of an arithmetic processing number control circuit included in the encryption device according to the first embodiment;

FIG. 4 is a block diagram illustrating a configuration of a first arithmetic processing circuit included in the encryption device according to the first embodiment;

FIG. 5 is a block diagram illustrating a configuration of an encryption key control circuit included in the encryption device according to the first embodiment.

FIG. 6 is a diagram illustrating transposition processing by a second arithmetic processing circuit constituting the encryption device according to the first embodiment for each mode.

FIG. 7 shows a circuit configuration (FIGS. (A) and (b)) corresponding to the eighth and seventh bytes as viewed from the MSB of the second arithmetic processing circuit constituting the encryption device according to the first embodiment. FIG.

FIG. 8 is a block diagram illustrating a configuration of a second arithmetic processing control circuit included in the encryption device according to the first embodiment;

FIG. 9 is a block diagram showing an overall configuration of an encryption device according to a second embodiment of the present invention.

FIG. 10 shows a configuration of an initial transposition circuit (FIG. 10A) and a configuration of a final transposition circuit (FIG.
It is a block diagram which shows (b)).

FIG. 11 is a block diagram showing a configuration of a control circuit of the number of times of operation constituting the encryption device of the second embodiment.

FIG. 12 shows a first example of the encryption device according to the second embodiment.
FIG. 3 is a block diagram illustrating a configuration of an arithmetic processing circuit.

FIG. 13 is a block diagram illustrating a configuration of an encryption key control circuit included in the encryption device according to the second embodiment.

FIG. 14 shows a second example of the encryption device according to the second embodiment.
It is a figure which shows the transposition process by an arithmetic processing circuit for every mode.

FIG. 15 shows a second example of the encryption device according to the second embodiment.
FIG. 9 is a diagram showing a circuit configuration (FIGS. 9A and 9B) corresponding to the eighth and seventh bytes of the arithmetic processing circuit when viewed from the MSB.

FIG. 16 shows a second example of the encryption device according to the second embodiment.
FIG. 3 is a block diagram illustrating a configuration of an arithmetic processing control circuit.

FIG. 17 is a block diagram illustrating an overall configuration of an encryption device according to a third embodiment of the present invention.

FIG. 18 is a block diagram illustrating a configuration of an initial value conversion circuit included in the encryption device according to the third embodiment.

FIG. 19 is a block diagram showing a configuration of a control circuit for the number of times of arithmetic processing constituting the encryption device of the third embodiment.

FIG. 20 shows a first example of the encryption device according to the third embodiment.
FIG. 3 is a block diagram illustrating a configuration of an arithmetic processing circuit.

FIG. 21 is a block diagram illustrating a configuration of an encryption key control circuit included in the encryption device according to the third embodiment.

FIG. 22 shows a second example of the encryption device according to the third embodiment.
It is a figure which shows the transposition process by an arithmetic processing circuit for every mode.

FIG. 23 shows a second example of the encryption device according to the third embodiment.
FIG. 9 is a diagram showing a circuit configuration (FIGS. 9A and 9B) corresponding to the eighth and seventh bytes of the arithmetic processing circuit when viewed from the MSB.

FIG. 24 shows a second example of the encryption device according to the third embodiment.
FIG. 3 is a block diagram illustrating a configuration of an arithmetic processing control circuit.

FIG. 25 is a block diagram illustrating a configuration of a final conversion circuit that constitutes the encryption device according to the third embodiment.

FIG. 26 is a diagram for explaining a configuration of an encryption circuit according to a conventional DES encryption method.

FIG. 27 is a diagram illustrating a configuration of a conventional encryption circuit using the FEAL-8 encryption method.

FIG. 28 is a diagram for explaining a configuration of an arithmetic processing circuit that performs arithmetic processing using a function f of the FEAL-8 encryption method.

FIG. 29 is a diagram showing a configuration of an encryption key creation circuit for creating an encryption key used in the conventional FEAL-8 encryption method.

FIG. 30 is a diagram showing a configuration of an encryption key generation unit of each stage constituting the encryption key generation circuit.

[Explanation of symbols]

 100, 200, 300 Cryptographic devices 101, 201, 301 Input data latch circuits 102, 202, 302 Initial transposition circuits 103, 203, 303 Selectors 104, 204, 304 Arithmetic processing number control circuits 104a, 204a, 304a Counters 104b, 204b, 304b Number of calculation processing storage units 104c, 204c, 304c Comparators 105, 205, 305 First calculation processing circuits 106, 206, 306 Cryptographic key control circuits 107, 207, 307 Second calculation processing circuits 107a, 207b, 307b Selector circuit 107b, 207b, 307b AND circuit 108, 208, 308 Second arithmetic processing control circuit 108a, 208a 1-bit full adder 108b Comparator circuit 109, 210, 310 Final transposition circuit 111, 211, 312 Output data latch circuit 110, 212, 309 Exclusive OR circuit 213 Pre-plaintext block latch circuit 311 Random number generation circuit 205a f function circuit 302a First initial value circuit 302c Second initial value circuit 305b f1 function circuit 305c f 2 function circuit 310a First final transposition circuit 310c Second final transposition circuit S1A, S2A, S3A Initial transposition data S1B, S2B, S3B Select signal S1C, S2C, S3C Selector output S1D, S2D, S3D Encryption key S1E , S2E, S3E First operation processing circuit output S1F, S2F, S3F Inversion value selection signal S1G, S2G, S3G Second operation processing circuit output

Claims (14)

[Claims] 1. An encryption device for encrypting individual divided data obtained by dividing a plurality of bits of plaintext data, wherein the encryption device has a plurality of processing modes having different arithmetic processing contents and is selected by a selection control signal. Data processing means for performing arithmetic processing for encrypting the divided data in the specified processing mode, and arithmetic processing control means for outputting the selection control signal to the data processing means based on an external input. An encryption device characterized by the above-mentioned. 2. The encryption apparatus according to claim 1, wherein said data processing means is configured to rearrange divided data input from the outside in a bit unit or a byte unit to generate initial transposed data; Including function data, the method includes a transposition process and a data change process based on the function data, using an encryption key of a predetermined bit, with respect to the initial transposition data or the operation processing data obtained by performing an operation process on the initial transposition data. A first arithmetic processing circuit for performing the first arithmetic processing, and a plurality of transposition processing modes having different transposition processing contents;
A second arithmetic processing circuit for performing a second arithmetic processing for transposing the output data of the first arithmetic processing circuit in the selected transposition processing mode; an output data of the second arithmetic processing circuit and the initial transposed data; Selector means for selecting one of them based on a data selection signal and outputting the selected data to the first arithmetic processing circuit; and performing arithmetic processing by the first and second arithmetic processing circuits on the initial transposed data repeatedly in a predetermined manner. An arithmetic processing number control circuit for controlling the selector means by the data selection signal so as to be continuously performed by the number of times; and performing final transposition processing on output data of the second arithmetic processing circuit to obtain final arithmetic processing data. Final transposition means for outputting, and the arithmetic processing control means selects a transposition processing mode in the second arithmetic processing circuit based on an external input. An encryption device comprising a transposition processing control circuit. 3. The encryption device according to claim 2, wherein the first arithmetic processing circuit performs the first arithmetic processing again on the first output data obtained by performing the first arithmetic processing on the input data. An encryption device having an involution operation mode in which the input data and the second output data have the same value when the second output data is obtained. 4. The encryption device according to claim 2, wherein the first arithmetic processing circuit has a plurality of function data, and performs an operation on the input data based on the function data selected by an external control signal. An encryption device configured to perform a process. 5. The encryption device according to claim 2, wherein the second arithmetic processing circuit performs a second operation on the input data.
When the second output data is obtained by performing the second operation process again on the first output data obtained by performing the above operation process, the involution operation in which the input data and the second output data have the same value An encryption device having a mode. 6. The encryption device according to claim 5, further comprising: a logic circuit for obtaining an exclusive OR of an n-bit external input and an unchangeable n-bit initial setting value; An encryption device, wherein the transposition processing mode in the second arithmetic processing circuit is selected based on m bits (m ≦ n) of the value of the exclusive OR. 7. The encryption device according to claim 5, further comprising: a logic circuit for calculating an exclusive OR of the initial transposed data output from the initial transposition means and an unchangeable initial value of n bits. The transposition processing control circuit is configured to select a transposition processing mode in the second arithmetic processing circuit based on m bits (m ≦ n) of the value of the exclusive OR. Encryption device. 8. The encryption device according to claim 5, wherein a random number generating means for generating an s-bit random number, and an exclusive OR of a value of the random number and an unchangeable s-bit initial setting value is obtained. A logic circuit, wherein the transposition processing control circuit is configured to select a transposition processing mode in the second arithmetic processing circuit based on m bits (m ≦ s) of the value of the exclusive OR. An encryption device, characterized in that: 9. The encryption device according to claim 3, wherein the first arithmetic processing circuit performs a first arithmetic processing using the output data as input data a predetermined number of times. An encryption device having a plurality of involution operation modes in which input data and final output data have the same value. 10. The encryption device according to claim 6, wherein the second arithmetic processing circuit performs a first arithmetic operation when the second arithmetic processing using the output data as input data is performed a predetermined number of times. An encryption device having a plurality of involution operation modes in which input data and final output data have the same value. 11. The encryption device according to claim 6, wherein the data processing means forcibly performs an encryption process by inputting a predetermined external signal to the second arithmetic processing circuit. The involution encryption process is configured to be performed by a target encryption method that uses the same encryption key in the decryption process. The involution encryption process includes a predetermined number of operations in the encryption process and decryption. By the predetermined number of operations in the processing, the initial input data subjected to the first operation in the encryption processing and the final output data obtained as a result of the final operation in the decryption processing have the same value. An encryption device characterized by the above-mentioned. 12. The cryptographic device according to claim 11, wherein the function used in the first arithmetic processing in the first arithmetic processing circuit is a function for inputting the corresponding input data based on the output data. An encryption device, which is a one-way function that requires more arithmetic processing than a forward arithmetic process for obtaining corresponding output data based on data. 13. The encryption device according to claim 11, wherein the initial transposition means has a plurality of initial transposition processing modes in which the contents of the initial transposition process are different, and the initial transposition mode is generated outside the device or inside the device. An encryption device characterized in that the input divided data is subjected to an initial transposition process in a required initial transposition processing mode selected based on a mode selection signal. 14. The encryption apparatus according to claim 11, wherein said final transposition means has a plurality of final transposition processing modes in which the content of the final transposition processing is different, and is generated outside the apparatus or inside the apparatus. An encryption apparatus characterized in that final transposition processing is performed on output data of said data processing means in a required final transposition processing mode selected based on a mode selection signal.