JPS6113233B2 - - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION The present invention relates to an encryption processing system, particularly an encryption processing system that performs encryption processing and/or decryption processing by microprogram processing. The present invention relates to an encryption processing system that improves processing speed by performing necessary code conversion operations and bit position substitution operations using table lookup processing.

An encryption (decryption) method generally called product cryptography involves (i) a code conversion operation (including changing the bit value) that replaces a certain bit string with another bit string, and ( ii) The basic operation is a bit position replacement operation that replaces the position within the bit string without changing the value of the bit. And this 2
By repeating the operation multiple times, data is encrypted and encrypted data is decrypted.

A typical example of this type of cryptography is the one published by NBS in the United States.
FIPS46 DES is known. The DES basically has the configuration shown in FIG. 1, and is processed as follows. That is, (1) the sub-key calculation unit 1 performs a predetermined conversion process on the given cryptographic key KO, and then generates one sub-key K1.

(2) On the other hand, the data preparation circuit section performs a predetermined conversion process on the given data D0.
It is divided into two pieces of data R and L, one of which is data D1.

(3) The data D1 and the subkey K1 are input to the encryption processing section 3 to obtain an output (D1*K1). That is, an exclusive OR is performed on both data bitwise. Then, the 48 bits created by the exclusive OR are divided into 8 data sets of 6 bits each. The eight sets of data are S1 to S, respectively.
Code conversion is performed according to an algorithm called 8 to obtain 8 sets of data of 4 bits each. A bit position permutation operation is performed on the resulting 32 bits using an algorithm called P. Then, for the data subjected to the position replacement operation, an exclusive OR is performed with the remaining data L in a bitwise manner.

(4) The output data (D1*K1) is returned to the data preparation circuit section 2 to obtain data D2 in the same manner as above.

(5) On the other hand, the sub-key calculating section 1 generates a sub-key K2 which is converted to the above-mentioned sub-key K1.

(6) The data D2 and the subkey K2 are input to the encryption processing section 3 to obtain output data (D2*K2).

(7) The above process is performed, for example, 16 times, and at this stage the output data (D1
6*K16), the encryption result (decryption result)
is output as data.

When encryption is performed by the hardware, it is necessary to perform the generation process of the subkeys K1, K2, . . . , K16 in parallel with the generation process of the data D1, D2, . If the generation of the above-mentioned sub-keys were to be executed by a microprogram by bit processing without using dedicated hardware such as the sub-key calculating section 1 shown in the figure, a very large number of processing steps would be required. For this reason, if subkeys K1, K2, etc. are generated each time for encryption, the processing time for generating the subkeys will be large, and the encryption processing time will be significantly increased. Becomes large.

In addition, many processing steps are required for code conversion and bit position replacement in the cryptographic processing section corresponding to the bits.

An object of the present invention is to improve processing speed by efficiently executing the above points, particularly code conversion and bit position substitution. Therefore, the encryption processing system of the present invention performs encryption processing and/or decryption processing by applying a subkey generated based on a specified encryption key to specified data, and performs encryption processing and/or decryption processing on specified data. Or, in an encryption processing system in which a process including a predetermined code conversion operation and a predetermined bit position substitution operation is performed in the decryption process, information corresponding to the code conversion operation and the bit position substitution operation. Create a conversion table,
The information conversion table is accessed by address information given by a function of logical processing data resulting from logical processing of the above data and the subkey, and the contents of the address position of the information conversion table are changed to the above data. It is characterized in that it is configured to correspond to the result of performing the above-mentioned bit position substitution operation after performing the above-mentioned code conversion operation on the data.

This will be explained below with reference to the drawings.

FIG. 2 shows an example instruction format of the encryption (decryption) processing instruction used in the present invention, FIG. 3 shows an example of the data format of the parameters referred to in the present application, and FIG. FIG. 5 is a flowchart of an embodiment of the present invention, and FIG. Figure 7 shows S in DES.
Figure 8 is an explanatory diagram explaining code conversion using the P algorithm in DES. Figure 9 is an explanatory diagram explaining bit position substitution using the P algorithm in DES.
FIG. 10 is an explanatory diagram illustrating bit expansion using the E algorithm in DES. FIG. 10 is an explanatory diagram illustrating the S1 correspondence table among the information conversion tables used in the present invention.

In the case of the present invention, a parameter 4 as shown in FIG. 3 is prepared prior to encryption processing, and the parameter 4 is
(i) Encryption key K0 used for encryption processing, (ii) Address information (starting address) where the data subject to encryption processing is stored, (iii) Information on whether to perform encryption processing or decryption processing. (iv) data length information of the data to be cryptographically processed. In the encryption (decryption) process, the parameter 4 shown in FIG. 3 is accessed based on the contents of the "parameter start address" part 6 given in the processing command 5 shown in FIG.

FIG. 4 shows the configuration of an embodiment of the encryption processing system of the present invention, in which reference numeral 4 is a parameter (or parameter storage area), 5 is a processing instruction (or instruction storage area), and 6 is a parameter start address. Part 7 is a storage device, 8 is a data processing device, 9 is a data storage area, 10 is a control storage section in which microinstructions are stored, 11 is a work memory section, 12 is a subkey storage area, 13 represents the S1 to S8 tables.

As will be clear from the flowchart shown in FIG. 5, the following processing is performed. That is, (8) the processing instruction 5 is read and the data processing device 8
When given, the contents of the parameter start address part 6 in the processing instruction 5 indicate the start address A1 of the parameter storage area 4.

(9) Based on the start address A1, the contents of the illustrated parameter 4 are fetched to the data processing device 8.

(10) The data processing device 8 calculates sub-keys K1, K2, .

(11) The data processing device 8 then fetches the data DA based on the content A2 of the "data start address" part in the parameter 4.

(12) If the process involves encryption, address (A3+DL), address (A3
+2DL), etc., sub keys K1, K2,...
..., prepare to take out K16. Further, if the process is decoding, the subkey K1 is input from the illustrated address A4 of the subkey storage area 12.
6.K15,..., prepare to take out K1.

(13) If the process involves encryption, the fetched data DA is regarded as data D1 and converted into data D1, similar to processes (3) to (7) explained with reference to Figure 1 above. Data (D1*K1) obtained by activating the subkey K1 is obtained. Then, the data (D1*K1) is set as data D2,
Activate the subkey K2.

(14) Then, the data (D16*K16) is set as the encrypted result data _DA ' corresponding to the above data DA.

(15) The data processing device 8 then fetches the data DB and processes it in the same way to create the encrypted result data _DB '. Processing is performed in the same manner thereafter, and when the cryptographic processing is executed on the data of the length specified by the "data length" part of parameter 4, the processing instructed by the processing command 6 is completed. Note that the series of processes in the data processing device 8 may be considered to be executed by a microprogram stored in the illustrated control storage 10.

(16) If the processing is decoding, the fetched data DA is regarded as data D1, and data (D1*K16) obtained by applying the subkey K16 to the data D1 is obtained. Then, the data (D1*K16) is set as data D2, the subkey K15 is activated, and the data (D16*K1) is set as data D _A '' of the decoding result corresponding to the data DA.

(17) The data processing device 8 then fetches the data DB and similarly processes it to create data _DB' ' as a decoding result.

(18) The decoding process will be performed in the same manner below, but these processes can be considered to be executed by a microprogram in the same way as described in the above process (15).

A series of processes are performed as described above, and FIG. 6 shows a flowchart specifically representing the process in the "encryption/decryption process" portion shown in FIG. In the same manner as described above for the case of DES in conjunction with FIG. 1, in the case of the present invention, microprogram processing is used to (a) separate data into data L and R, (b) exclusive to subkey Ki. (c) Code conversion using S1 to S8 algorithms, bit position replacement using P algorithm, E
Processing such as bit expansion using an algorithm and indexing of a table (FIG. 10) is performed using subkeys K1 to K16 in order for the data L side and R side. The above process (c) can be considered to be performed by indexing the S1 to S8 tables 13 shown in FIG. Below, S
The information conversion table used in the present invention will be explained by taking one table as an example.

In the case of DES, the S1 algorithm is performed as shown in FIG. That is, data Di and subkey Ki
The 48 bits obtained by performing the exclusive OR on a bit-by-bit basis are divided into 8 sets of data of 6 bits each, and one set is input to the S1 algorithm. If the 6-bit data {d ₁ , d ₂ , d ₃ , d ₄ , d ₅ , d ₆ } is given as "101010", it is created with bits d ₆ and d ₀ . 7th by the value “01” of {d ₆ , d ₀ }
The diagram line "1" is selected and the bits {d ₂ , d ₃ , d ₄ ,
d ₅ }, column "5" shown in FIG. 7 is selected. In the illustrated case, the value corresponding to the row and column is "2", and the result of code conversion by the S1 algorithm is "0010", which is the binary representation of the value "2".

Similar code conversion was performed for the other seven pairs at S2.
A total of 32 bits (4 bits x 8) are obtained using the S8 algorithm.

In the case of DES, the P algorithm is performed as shown in FIG. That is, for the 32-bit data obtained above, the bit value at the input bit position "1" is moved to the output bit position "9", and the bit value at the input bit position "2" is moved to the output bit position "9". 17'', and bit position replacement operations are performed so that...

And in the case of DES, the E algorithm is the 9th
This is done as shown in the figure. 32-bit data {e ₁ ,
e ₂ ,...e ₃₂ } into eight bit groups of 4 bits each. Regarding the first bit group, that is, the bits {e ₁ , e ₂ , e ₃ , e ₄ }, as shown in FIG. 9, {e ₃₂ , e ₁ , e ₂ , e ₃ , e ₄ , e ₆ } Expand it to 6 bits using other bits as shown in . Further, in the case of the third group _of bits, that is, _the bits _{ e ₉ , e ₁₀ , e ₁₁ , _{e 12} }, as shown in FIG _.
e ₁₃ } to 6 bits.

FIG. 10 shows an explanatory diagram for explaining the above-mentioned S1 correspondence table among the information conversion tables used in the present invention. It performs conversion according to each algorithm.

The 4 bits obtained through the S1 algorithm corresponding to FIG. 7 above are, as is clear from FIG. 8, the output of the P algorithm, that is, the input bit numbers shown in _{FIG .} , e ₃ , e ₄
corresponds to Therefore, in the E algorithm corresponding to FIG. 9, the bits appear at the bit positions circled in FIG. _{From this} , when considering the 48 bits that are the output _{of the} E algorithm shown in FIG _. , f ₁₄ , f ₂₄ , f ₂₆ ,
Compatible with f ₃₄ and f ₄₆ . That is, S1 shown in FIG.
The output 4 bits of the algorithm are the above bits f ₁₂ ,
Appears only in f ₁₄ , f ₂₄ , f ₂₆ , f ₃₄ , and f ₄₆ .

Therefore, among the information conversion tables used in the present invention, the S1 correspondence table is prepared as follows.

That is _, if _the input bits of _the S1 algorithm _{shown in FIG .} , d ₃ ′, d ₄ ′, d ₅ ′}, the above bits f ₁₂ = f ₁₄ = d ₂ ′, f ₂₄ = f ₂₆ = d ₃ ′, f ₃₄ = d ₄ ′, f ₄₆
=
d ₅ ′. Taking advantage of this, in FIG. 10, the input bits {d ₁ , d ₂ , d ₃ , d ₄ , d ₅ ,
d ₆ } Value determined based on d ₆ ×2 ⁵ + d ₅ × 2 ⁴ + d ₄ × 2 ³ + d ₃ × 2 ² + d ₂ × 2 ¹ + d ₁ × 2 Information stored at the address position with ⁰ as the address When {f ₁ , f ₂ , ..., f ₄₈ }, the information is {0, 0, ... d ₂ ′ (= f ₁₂ ), O, d ₂ ′ (=
f ₁₂ ), O, ... O, d ₃ ′ (= f ₂₄ ), O, d ₃ ′ (=
f ₂₆ ), O, ... O, d ₄ ′ (= f ₃₄ ), O, ... O,
d ₅ '(=f ₄₆ ), O, O}.

That is, for example, the input bits {d ₁ , d ₂ , d ₃ , d ₄ , d ₅ , d ₆ } input to the S1 algorithm shown in FIG.
is " ¹⁰¹⁰¹⁰ ", ^the information is { ⁰⁰⁰⁰ ,
0000, 0000, 0000, 0000, 0000, 0000, 0000,
0100, 0000, 0000, 0000}. It can be easily inferred that the above input bits have different values.

Of course, in the case of the present invention, S in the above-mentioned DES
It goes without saying that tables similar to those shown in FIG. 10 are prepared corresponding to the S2 algorithm to the S8 algorithm, respectively.

Then, the data {f ₁ , f ₂ , which is the output of the E algorithm corresponding to FIG. 9 in the case of DES
...f ₄₈ } is the logical OR for each bit of the output of the S1 table (48 bits), the output of the S2 table (48 bits), and the output of the S8 table (48 bits) as shown in Fig. 10 above. It is made to take. The reason why a correct output can be obtained by the logical sum of the bits can be easily understood by considering the following. That is, bit f ₁₂ ,
Regarding f ₁₄ , f ₂₄ , f ₂₆ , f ₃₄ , and f ₄₆ , only the output of the S1 table can take a value other than logic "0", and the outputs from the S2 to S8 tables are all logic "0" at the corresponding bit. It can be easily understood from this.

As explained above, according to the present invention, the above DES
S1 to S8 algorithms in the case of P
The processing corresponding to the algorithm and the E algorithm can be performed all at once by indexing the S1 table to the S8 table. Therefore, when performing encryption (decryption) processing by program processing as in the case of the present invention, the number of processing steps is significantly reduced.

[Brief explanation of the drawing]

Fig. 1 is an explanatory diagram illustrating the concept of a dedicated hardware device according to DES, Fig. 2 is an example instruction format of an encryption (decryption) processing instruction used in the present invention, and Fig. 3 is a parameter referred to in the present application. FIG. 4 is a configuration of an embodiment of the encryption processing system of the present invention, FIG. 5 is a flowchart of an embodiment explaining the processing of the present invention,
FIG. 6 is a flowchart specifically showing the processing in the "encryption/decryption processing" part shown in FIG.
Fig. 7 is an explanatory diagram for explaining code conversion using the S1 algorithm in DES, Fig. 8 is an explanatory diagram for explaining bit position substitution using the P algorithm in DES, and Fig. 9 is an explanatory diagram for explaining bit extension using the E algorithm in DES. Figure, 1st
FIG. 0 shows an explanatory diagram for explaining the above-mentioned S1 correspondence table among the information conversion tables used in the present invention. In the figure, 4 is a parameter storage area, 5 is an instruction storage area, 7 is a storage device, 8 is a data processing device, 9 is a data storage area, 10 is a control storage unit, 12 is a subkey storage area, 13 is S1 to S8 Represents the table storage area.

Claims (1)

[Scope of Claims] 1. Performs encryption processing and/or decryption processing by applying a subkey generated based on a specified encryption key to specified data, and performs encryption processing and/or decryption processing on specified data. In an encryption processing system in which a process including a predetermined code conversion operation and a predetermined bit position replacement operation is performed, an information conversion table corresponding to the code conversion operation and the bit position replacement operation is created. , the information conversion table is accessed by address information given by a function of logical processing data as a result of logical processing of the above data and the subkey, and the contents of the address position of the information conversion table are An encryption processing system characterized in that it is configured to correspond to the result of performing the bit position substitution operation on data after performing the code conversion operation on the data. 2. Claim 1, wherein the information conversion table is composed of a plurality of tables, and the read output from each table is logically processed in correspondence with bits to form a single piece of data. Described cryptographic processing system.