JPS62113191A - Data diffuser - Google Patents

Abstract

(57) [Summary] This bulletin contains application data before electronic filing, so abstract data is not recorded.

Description

Detailed Description of the Invention (Industrial Application Field) The present invention relates to a data diffusion device that is the core of an encryption method, and in particular to a data diffusion device that enables effective data diffusion without using a transposed matrix. It is something that takes place in between.

(Prior art) One of the most widely used encryption methods is DES (Data Encryption).
5 standard J, FIPS PUB 46.
NBS Jan, 1977), and this DE
The data spreading device in S is constructed by combining substitution and transposition. FIG. 4 is a block diagram schematically showing its functions. As shown in the figure, this data spreading device has a data input unit 1 that inputs 32-bit input data R, and an expansion number that expands the 32-bit input data R by an expansion number E to make it 48 bits. Arithmetic unit 2 and 48-bit registers 3 and 4 for the expanded data.
a key data input section 4 for inputting 8-bit key data K;
An exclusive OR circuit 5 performs an exclusive OR operation between the expanded input data and the key data, and the 48 bits output from the exclusive OR circuit 5 are converted into 6-bit blocks each with the number of substitutions St, S2. . . . a conversion unit 6 that converts to 4 bits according to S8 and obtains 32 bits of data;
A transposed space calculation unit 7 that replaces the pit position of the 32-bit output of the substitution space calculation unit 6 according to the transposed space number P;
It consists of a spread data output section 8.

The process of data diffusion will be explained below.

First, the 32-bit input data R is expanded to 48-bit data E(R) by the expansion number calculation section 2 using the expansion number E shown in Table 1. Output E(
R) is represented by 8 blocks of 6 bits each and is obtained by selecting the □ bits in the input block according to the order from the uppermost left to the lowermost crotch shown in Table 1.

That is, for example, the first three bits of output data E(R) are selected from the values of bit positions 32 and 1.2 of input data R, and the last three bits are selected from input data R.
Bit positions 31, 32. A value of 1 is selected.

Next, in the exclusive OR circuit 5, the expanded 4
The 8-bit data E(R) and the key data are exclusively ORed.

Next, in the substitution interval calculation unit 6, the exclusive OR circuit 5
From the output of , the number of substitutions sl shown in Table 2 is obtained.

S2. S3. . . . Obtain 32-bit output according to S8.

How to use the number of substitutions shown in Table 2 will be explained using the number of substitutions 51 as an example. When B is a 6-bit block, the output 5l(B) is determined as follows. Let i be the binary number consisting of the first and last bits in block B of 6 bits, which is in the range 0 to 3. Then, if the central 4 bits of block B are the binary number J, this is 0 to 1.
It is in the range of 5.

These binary numbers 1. The output 5l(b) is determined by J. That is, the output 5l(b) is the first row in Sl of Table 2,
It is a number in the range of 0 to 15 in column j. For example, if the input is 011011, the row is 1101, i.e. the second
From the table, the data in the 1st row and 13th column of the substitution interval r11st is 5, so 0101 is obtained as the output.

Finally, the transposition number calculation unit 7 applies the number of transpositions P as shown in Table 3. That is, the transposed interval calculation unit 7
According to the transposed number in Table 3, the data from the substitution number calculation section 6 is set to 7, with the 16th bit from the left as the first.
Output data is generated in which the th bit is replaced with the 2nd bit, the 25th bit is replaced with the 32nd bit, etc.

(Problems to be Solved by the Invention) In a data diffusion device, it is important to use as many types of substitution numbers as possible from the viewpoint of increasing data diffusion efficiency. In the conventional DES, this is achieved by selecting the number of substitutions in four ways using the two bits at both ends of the six input bits. Although this is a clever method, there are two problems:

l) It is only possible to achieve the effect that a 1-bit change in the input is expanded to about 4 bits in the output.

2) Many bit operations are required because the number of substitutions is a 4-bit to 4-bit conversion and the number of transpositions of pit positions is used. This is a major hindrance to speeding up.

The above problem (1) is due to the fact that there is no mutual interference even once the blocks of every 6 bits are replaced and the number of transposes reaches P. Further, the above problem 2) is due to the fact that this algorithm is not designed for a processing procedure that does not use the 8-bit number of substitutions and the number of transpositions P, which are effective for processing in bytes.

An object of the present invention is to solve the problems of the prior art described above. That is, the purpose is to enhance the data diffusion effect without increasing the number of processing steps, and to achieve even higher speed by making most of the units of processing into byte-based operations.

(Means for Solving the Problems) In order to solve the above problems, the data diffusion device of the present invention includes means for dividing input data into a plurality of blocks of the same data length, and data of each divided block. For,
means for performing a logical operation on the data of at least one other block and merging it; means for performing a substitution process on the data of each block newly generated by the fusion; The present invention is characterized by comprising means for combining blocks and outputting spread data of the input data.

According to an embodiment, the means for performing a logical operation and merging includes one or both of a means for performing an exclusive OR operation between data in a block and a means for performing an exclusive OR operation between data in a block. It consists of

According to an embodiment, the means for performing the character substitution process is configured by means for performing a bit rotation operation on the block newly generated by the fusion.

Furthermore, according to an embodiment of the invention, the means for performing the character substitution process is constituted by a substitution table that refers to the block newly generated by the fusion as an address.

(Function) As described above, the present invention provides a means (bypass) for drawing in and fusing information from other blocks in the substitution processing process of each of the plurality of blocks to be processed, and when the processing is completed. Since each block is configured to be generated under the influence of all input blocks, the number of transposes P can be eliminated, and the conventional D
The diffusion efficiency is higher than that of the data diffusion device in ES.

The configuration becomes simple and processing speed can be increased. Furthermore, by performing the substitution process in units of blocks (bytes), bit processing is eliminated as much as possible, resulting in a remarkable increase in processing speed.

(Example) FIG. 1 is a diagram for explaining the present invention in detail,
This figure schematically shows the configuration of a data spreading device that obtains 32-bit spread output data from 32-bit input data.

In FIG. 1, R is a 32-bit input data block;
RO-R3 is divided into 4 data blocks consisting of 8 bits (1 byte) of input data R, KO and Kl are 1 each.
The byte key block, XOR is an exclusive OR circuit, and S is a substitution calculation unit that fuses two input data blocks and performs substitution conversion to obtain one data block.

The operation of the data diffusion device of this embodiment configured as shown in FIG. 1 will be explained.

First, a 32-bit input data block R is divided into processing blocks RO, R1, R2, and R3 each of 1 byte. Each processing block is processed in order according to the processing procedure shown below, and finally a 32-bit output is produced. The "=" in the following formula indicates that the right side is to be used as the new data on the left side after the calculation.

Processing procedure> R1=R10 to 0+RO R2=1 to R2++R3 Then, R1=5(R1+R2+ 1) R2=5(R2+R1) RO=5(RO+R1) R3=5(R3+R2+ 1) S( a ) (a = 0 to 511) is 1 corresponding to a
This is byte substitution data. S will be explained in detail later.

After this processing procedure, RO, R1, R2, and R3 become output blocks, but as is clear from the structure in Figure 1, each output block is generated under the influence of all input blocks. . That is, it is possible to obtain the effect that the output changes by 10 bits or more for a 1-bit change in input data. This improvement effect is remarkable compared to the prior art in which only about 4 bits of spreading was obtained. Moreover, in order to spread this diffusion effect between processing blocks, the number P between bit position transpositions is not required.

In this embodiment, by performing character substitution processing without causing processing blocks to interfere with each other, a data diffusion effect that is significantly superior to that of the prior art is achieved without using the number of transpositions P. This mutual interference between the processing blocks is realized by two bypasses in the form of inputs to the exclusive OR circuit XOR and the inter-substitution arithmetic unit S, as shown in FIG.

An example of the configuration of the substitution number calculation unit S will be described below.

When data a is input, 5(a) is given by the following equation.

S(a) = (a mod 256) rol 2
Here, x mod y is an operation to obtain a remainder when X is divided by y, and x mod y is an operation to bit-rotate X to the left by the value indicated by y.

In general, x mod 256 can be easily implemented by assigning numerical values to 8-bit registers of a microprocessor.

In addition, as shown in FIG.
The combination of D and a circular shift register allows for hardware-only implementation.

Further, the substitution interval calculation section can be configured using a substitution table. That is, when programming in a high-level language, it is effective to prepare the values of 5(a) (a=0 to 511) in advance as a substitution table.

If you take the method of preparing a substitution table, you can use a more complicated number of substitutions other than the bit rotation method shown above.0For example, the substitution table shown in Table 4 is From top right 5 (15), second row left 5 (1
6) to right 5 (31) and lower right 5 (255). This substitution table has two different data 10 and 11 from 0 to 255 and reference values OO and Ol of the substitution table corresponding to the respective inputs, and the Hamming distance III) 1 (+0.11) of the former and The relationship shown in Table 5 is produced between the Hammig distance) 1 (00, 01).

A substitution table that can be generated by applying the same 8-bit transposed matrix T to each element of this substitution table and adding a constant A using an exclusive OR circuit exhibits similar properties.

Generally, this type of substitution table uses a transpose matrix T and a constant A, and for input X, when the number of bits of bit inversion value) as the respective values.

In either case, a substitution table that inputs the sum of data from 0 to 25,501 bytes and outputs 1 byte of data is created by creating two consecutive tables of the same type that substitute values from 0 to 255. By preparing
The input number 511 can be converted into 1-byte data from 0 to 255. That is, in S (a+b), b
Think of it as having the role of shifting the start address of the substitution table for substituting a by b. mod
When using H.256, only one substitution table is required.

The embodiment of the present invention described above is based on the prior art DES.
Compared to the data diffusion device of 2005, this can be realized with less than one-tenth the dynamic step, the amount of memory used is small, and the data diffusion effect can be more than twice as large.

Furthermore, in the above embodiment, the unit of processing such as substitution is 8 bits (1 byte), but this is because currently popular data terminals, personal computers, etc. use 8-bit and 16-bit CPUs. Because it is a thing. In the future, as technology advances, these mainstream
If there is a transition from 6 bits to 32 bits, the technique of the present invention can easily handle this. That is, the unit of processing such as substitution is set to 16 bits (2 bytes).

In this case, the structure of the embodiment shown in FIG. 1 is not changed, but 256 in the number of substitutions S is changed to 65,536. The number of substitution intervals S is given by the following formula.

S (a) = (a mad 65536) r
ol 2 In principle, the processing unit can be set arbitrarily.

In addition to the two-input substitution process shown in this embodiment, three
It is also possible to use input signals or a combination of these and exclusive OR bypass.

In the embodiment described above, an example was shown in which spreading processing is performed for a 32-bit input, but as a second embodiment, one for a 16-bit input is shown in FIG. First, input block R of 16 bits 1 is converted into processing blocks RO and R of 1 byte each.
Divided into 1. Each processing block is processed in order according to the processing procedure shown below, and finally outputs 16 bits. 1 in O2 is key data.

Processing Procedure> R1=RO+KO RO=R1 to 1 Subsequently, RO=5(RO+R1) R1=5(R1+RO+1) The operation symbols, function S, etc. are the same as in the embodiment shown in FIG.

(Effects of the Invention) As described in detail above, the present invention provides a means (bypass) for drawing in and fusing information from other blocks in the substitution processing process of each of a plurality of blocks to be processed, so that the processing can be carried out. Since each block at the time of completion is configured to be generated under the influence of all input blocks, the number of transpositions P can be made unnecessary.
Compared to the conventional DES data diffusion device, the configuration is simpler and processing speed can be increased.

Furthermore, by performing the substitution process in units of blocks (bytes), bit processing is eliminated as much as possible, resulting in a remarkable increase in processing speed.

Further, the present invention can be implemented by partially combining hardware such as a data terminal or a personal computer with software for performing the above-mentioned processing procedure, and the program scale is small in this case. It is suitable for application to the security of IC cards, which are expected to rapidly expand into uses such as credit cards in the future.

Table 2 Examples of substitution functions S1 to S8 Table 4 Example of substitution table 138531012181D 20615833116
203155361434896 Z23162297
7242・89230182 99222717912
1672472247125194146 45134
, 57105214131 60108211120
199151 40168 23 71248 832
3618g 3 86233185 6L73
18 66253215104 56135 4414
7'195124 4115019812121010
9 61130321592071122191005
21392229749142371542Q2 [7
1286311120812319614843126
193145461'33 58106213

[Brief explanation of drawings]

1 and 2 are diagrams showing the configuration of a first embodiment of the present invention, FIG. 3 is a diagram schematically showing the configuration of a second embodiment of the present invention, and FIG. FIG. 2 is a diagram schematically showing the configuration of a data spreading device in the DBS of FIG. R... Input data block, RO to R3... 1st to 4th byte block from the left of R, K... Key data, 1 to 0°... Key block of 1 byte each, S...・Substitution number calculation unit, XOR ・Exclusive OR circuit, ADD・
...Adder, ROL...2-bit left circular register. Patent applicant Nippon Telegraph and Telephone Corporation Figure 1 Figure 2 Procedural amendment (voluntary) March 14, 1985 Director General of the Patent Office Michibe Uga 1, Indication of case Patent application No. 1988-252650 2,
Title of the invention Data dissemination device 3, relationship to the person making the amendment case Applicant (name changed on April 1, 1985 (all at once)) Address 1-1-6 Uchisaiwai-cho, Chiyoda-ku, Tokyo Name
(422) Representative of Nippon Telegraph and Telephone Corporation
Tsune Shindo 4, Address: 3-3-3-6 Nishi-Shinbashi, Minato-ku, Tokyo, Detailed explanation of the invention column 7 of the specification subject to the amendment, Contents of the amendment (1) Page 5 of the specification Each line of 7 and 8 rs1 (b) J
Correct it as rsl (B) J. (2) In the same book, page 5, row io, row r, "" is corrected to "row is 01° column is". (3) "Exclusive OR operation" on page 7, line 20 to page 8, line 1 of the same book is corrected to "addition and remainder operation." (4) The same book, page 11, line 17, rx nod yJ is corrected to ``x rolyJ.'' (5) The same book, page 12, line 3, ``Figure 2'' is corrected to ``Figure 3''. The above procedural amendments were submitted February 9, 1988 by the Commissioner of the Patent Office, Kuro 1) Mr. Akio 1, Indication of the case Patent Application No. 1988-252650 2,
Name of the invention Data dissemination device 3, relationship with the person making the amendment Applicant address 1-1-6 Uchisaiwai-cho, Chiyoda-ku, Tokyo Name (422) Nippon Telegraph and Telephone Corporation Representative Tsune Shindo 4, agent residence Address: 3-3-3-6 Nishi-Shinbashi, Minato-ku, Tokyo, Full text of the specification to be amended 7, Contents of the amendment: The full text of the specification is amended as shown in the attached sheet. Full text correction statement! , Title of the Invention Data Diffusion Device 2, Claims (+) An i tag means for dividing input data into a plurality of blocks of the same data length; Replacement processing is performed on the data of the block of "L-contact 2Lh" and the data of the L-color block (LIJL) Mouth...
-1 or 7 """' means, and a combination means for combining the data of each of the blocks and adding a diffusion data input section of the input data. Characteristic data dissemination device. (2) The data LL bar of the block is
2. The data spreading device according to claim 1, further comprising means for performing an exclusive OR operation of -4. (3) The data LL bar of the block is -
--11'l addition and remainder calculation. The data spreading device according to claim 1, further comprising calculation means for performing addition and remainder calculation. (4) The data spreading device according to claim (1), wherein the conversion stage 11 is a means for bit rotation for each block of data. (5) The data spreading device according to claim (1), wherein the conversion table is constituted by a substitution table that refers to each block as an address. 3. Detailed description of the invention (industrial application field) This publication relates to a data diffusion device that is the core of an encryption method, and in particular, a data diffusion device that enables effective data diffusion without using a transposed matrix. It is related to the device. (Prior art) One of the most popular encryption methods is DES (rData Encryption).
5 standard”, FIPS PUB 46. N8
S., Ian, 1977), and this DES
The data dissemination device in is constructed by combining substitution and transposition. The fourth country is a block diagram schematically showing its functions. As shown in the figure, this data spreading device includes a data input section 1 that inputs 32-bit input data R, and an expansion function operation section 2 that expands the 32-bit input data R to 48 bits using an expansion interval rJIE. and 48-bit registers 3 and 4 for the expanded data.
A key data input section 4 that inputs 8-bit key data (), an exclusive OR circuit 5 that performs an exclusive OR operation between the enlarged input data and the key data, and an exclusive OR circuit 5
The 48 bits outputted by the 48 bits are converted into 6-bit blocks each with the number of substitutions S1. S2. . . . A replacement leap number calculation unit 6 that converts to 4 bits according to S8 to obtain 32-bit data, and a transposition function calculation unit 7 that replaces the bit position of the 32-bit output of the replacement function calculation unit 6 according to the transposition function P. and a spread data output section 8. The process of data diffusion will be explained below. First, 32-bit input data R is expanded into 48-bit data E(R) by the expansion function calculation section 2 using the expansion interval E shown in Table 1. Output E(
R) is represented by 8 blocks of 6 bits each and is obtained by selecting bits in the input pro-rough according to the order shown in Table 1 from top left to bottom. That is, for example, the first three bits of output data E(R) are selected from the values of bit positions 32, 1, and 2 of input data R, and the last three bits are selected from input data R.
Bit positions 31, 32. A value of 1 is selected. Next, in the exclusive OR circuit 5, the expanded 4
The 8-bit data E(R) and the key data are exclusively ORed. Next, in the substitution interval calculation unit 6, the exclusive OR circuit 5
From the output of , the number of substitution intervals St shown in Table 2 is obtained. S2. S3. . . . Obtain 32-bit output according to S8. How to use the numbers of substitutions shown in Table 2 will be explained using the number of substitutions Sl as an example. When B is a 6-bit block, the output 51 (B) is determined as follows. If the binary number consisting of the first and last bits in the 6-bit block B is 1, then this is in the range 0 to 3. Then, if the central 4 bits of block B are the binary number J, this is 0 to 1.
It is in the range of 5. The output 5l(B) is determined by these binary numbers l1,1. That is, the output 5t(B) is a number in the range of 0 to 15 in the first row and column j of Sl in Table 2. For example, if the input is 011011, the row is 01 and the column is 1101. In other words, from Table 2, the data in the 1st row and 13th column of [51 is 5, so 0101 is obtained as the output. The transposed interval number P shown in Table 3 is applied in the interval calculation unit 7. That is, the transposed interval number calculation unit 7
In accordance with the transposition function shown in Table 3, the data from the intersubstitution number calculation unit 6 is set to 7 with the 168th bit from the left as the first.
Output data is generated in which the th bit is replaced with the 2nd bit, the 25th bit is replaced with the 32nd bit, etc. (Problems to be Solved by the Invention) In a data diffusion device, it is important to use as many types of substitution numbers as possible from the viewpoint of increasing data diffusion efficiency. In the conventional DBS, this is achieved by selecting the number of substitutions in four ways using the two bits at both ends of the six input bits. Although this is a clever method, there are two problems: l〉 A change of 1 bit in the input causes a change of 4 bits in the output.
It is only possible to achieve the effect of magnification to the extent of bits. 2) Many bit operations are required because the number of substitutions is a 4-bit to 4-bit conversion and a pit position transposition function is used. This is a major hindrance to speeding up. The above problem 1) is due to the fact that there is no mutual interference between blocks of every 6 bits until they are replaced and the transposed function P is reached. Further, the above problem 2) is due to the fact that this algorithm is not designed for a processing procedure that does not use an 8-pinto transposition function or a transposition interval ttp that is effective for processing in bytes. The purpose of the present invention is to solve the drawbacks of the above-mentioned prior art. That is, the purpose is to enhance the data diffusion effect without increasing the number of processing steps, and to achieve even higher speed by making most of the units of processing into byte-based operations. (Means for Solving the Problems) In order to solve the problem mentioned above, the data diffusion P device of the present invention includes a dividing means for dividing input data into a plurality of blocks having the same data length, and data of each block. a fusion means that directly or indirectly calculates and fuses the data of all the other blocks at least once to generate data of a new block; a substitution means for generating data;
The apparatus is characterized by comprising a combining means for combining finally obtained data of each block and outputting the resultant data as spread data of the input data. According to an embodiment, the fusion means includes any one of means for performing an exclusive OR operation between block data or parameter data, and calculation means for performing addition and interest calculation between block data or parameter data. or both. According to another embodiment, the transliteration means includes means for performing a bit rotation operation on each of the blocks. According to yet another embodiment, the substitution means is constituted by a substitution table that refers to each block as an address. (Operation) As described above, the present invention provides a fusion means (bypass) for drawing in and merging data from other blocks or parameters in the fusion processing process of each of a plurality of blocks to be processed, and when the processing is completed. Since the data of each block at a point in time is generated under the influence of the data of all input blocks, the number of transpositions P can be eliminated, and the data diffusion in conventional DES is It has higher diffusion efficiency than other devices, has a simpler configuration, and can achieve faster processing. Furthermore, by performing the substitution process in units of blocks (bytes), bit processing is eliminated as much as possible, resulting in a remarkable increase in processing speed. (Example) FIG. 1 is a diagram for explaining the present invention in detail,
This figure schematically shows the configuration of a data spreading device that obtains 32-bit spread output data from 32-bit input data. In FIG. 1, R is a 32-bit input data block, R
O~R3 are 8 bits (1 byte) divided from input data R
KO, Kl are parameters of 1 byte each,
This is a fusion substitution calculation unit that obtains two data blocks. The operation of the data diffusion device of this embodiment configured as shown in FIG. 1 will be explained. First, a 32-bit input data block R is divided into processing blocks RO, R1, R2, and R3 each of 1 byte. Each processing block is processed in order according to the processing procedure shown below, and finally a 32-bit output is produced. "=" in the following equation indicates that the right side is the operation t&new data on the left side. Processing Procedure> Step 1: Old=RIKOΦRO Step 2: R2=R2■Kl■R3 Here, ■ indicates an exclusive OR operation. Then, Step 3: R1=:5(R1,82,1) Step 4: R2=S(R2,R1,0) Step 5
: RO=S(RO, R1, O) Step 8 :
R3=S (R3, R2, l) where S (a, b, δ
) (however, δ=0 or 1) performs the function of sequentially performing the fusion means and the substitution means. S will be explained in detail later. After this procedure, RO, R1, R2, and R3 are combined to form an output block, but as is clear from the structure of Figure 1, each output block is affected by all the large blocks. is being generated. That is, it is possible to obtain the effect that the output changes by an average of 11 bits for a change of 1 bit in the input data. This improvement effect is remarkable compared to the prior art, which could only achieve diffusion of about 4 bits. Moreover, there is no need for a new bit position transposition function P in order to spread this diffusion effect between processing blocks. In this embodiment, by performing fusion processing and transposition processing while interfering with each other in each block, in other words, by performing direct or indirect operation with the data of all other blocks at least once, the transposed function It achieves a data diffusion effect that is significantly superior to conventional technology without using P. As shown in FIG. 1, this mutual interference between the processing blocks is realized by two bypasses in the form of an exclusive OR circuit XOR and an input to the fused transliteration arithmetic unit S. A configuration example of the fused substitution function calculation unit S will be described below. When data a and b are input, s(a + b
+ δ) is given by the following formula. S (a, b, δ) = ((a + b + δ) nod 25G
) rol 2 Here, a and b are the inputs of S, δ is a constant of 0 or 1, the input of S, x mod y is the operation to find the remainder when X is divided by y, and x rot
y indicates an operation for bit-rotating X to the left by the value indicated by y. Hereinafter, S(a, b, δ) will be simply expressed as 5(x
). However, X is (a+b+δ) mod 256. Generally, x 1lod 256 can be easily realized by assigning numerical values to the 8-hit register of a microprocessor. Further, the fused character substitution calculation section is implemented by combining an adder ADD as a fusion means and a circular shift register as a substitution means, as shown in FIG. In addition, the substitution process in the fused substitution number calculation section can be configured using a substitution table. In other words, when programming in a high-level language, 5
(x) (x=0~511) [However, (a + b + δ) m
It is effective to prepare the value of [od 256] in advance as a substitution table. If a method of preparing a substitution table is used, a more complicated substitution function other than the hit rotation method described above can be used. For example, the substitution table shown in Table 4 is from upper left 5 (0) to upper right S (+5), and second row left S (+
6) to right 5 (31) and lower right 5 (255). This substitution table calculates the Hamming distance H(10, 11) of the former and the Hamming distance of the latter for two different data 10 and 11 of O to 255 and the reference values 00 and Ol of the substitution table corresponding to the respective inputs. 111H (00, 01), the relationship shown in Table 5 occurs. A substitution table that can be generated by applying the same 8-bit transposed matrix T to each element of the call character table and adding a constant A using an exclusive OR circuit exhibits similar properties. Generally, this type of substitution table uses a transpose matrix T and a constant A, and for input X, when the number of bits of bit inversion value) as the respective values. In either case, a substitution table that takes the sum of 1-byte data from 0 to 255 as input and outputs 1-byte data is a table with two consecutive tables of the same type that substitutes any value from 0 to 255. 0 to 51 by preparing
+ input can be replaced with 1 byte data from 0 to 255. That is, in S (a+b), b is a
The start address of the substitution table for substituting b
I think that it plays a role in shifting the position. mod 25
6, one substitution table is sufficient. The embodiment of the present invention described above is based on the prior art DES.
Compared to the data diffusion device of 2005, this can be achieved with less than one-tenth of the dynamic step, the amount of memory used is small, and the data diffusion effect can be more than twice as large. In addition, in the above embodiment, the unit of processing such as substitution is 8 bits (1 byte), which is because currently popular data terminals, personal computers, etc. use 8-bit and 16-bit CPUs. Because it is a thing. In the future, as technology advances, these mainstream
If there is a transition from 6 hits to 32 hits, the technique of the present invention can easily handle this. That is, the unit of processing such as substitution is set to 16 bits (2 bytes). In this case, the structure of the embodiment shown in FIG. 1 is not changed, but the number S of fused substitutions is changed from 256 to 65536. The number S of fused substitutions is given by the following formula. S (a) = (a 1lod 65536) r
ol 2 In principle, the processing unit can be set arbitrarily. In addition to the two-input substitution process shown in this embodiment, three
It is also possible to combine these with input or exclusive OR bypass. In the embodiment described above, an example was shown in which spreading processing is performed for a 32-bit input, but as a second embodiment, one for a 16-bit input is shown in FIG. First, a 16-bit input block R is converted into 1-byte processing blocks RO and R.
Divided into 1. Each processing block is processed in order according to the processing procedure shown below, and outputs 16 bits to ntl. KO and Kl are parameter data. <Processing procedure> R1=S (R1, RO■KO, 1) RO=S (l, 0 for RO, R1■) The operation symbols and the function S are the same as in the embodiment shown in FIG. (Effects of the Invention) As described in detail above, the present invention provides a means (bypass) for drawing in and fusing data from other blocks in each fusion process of a plurality of blocks to be processed, and the process is completed. Since each block at the time of input is generated under the influence of all input blocks, it is possible to eliminate the need for the transposition function P, which is compared to the data spreading device in conventional DBS. This simplifies the configuration and speeds up processing. In addition, by performing substitution processing in blocks (bytes),
Since bit processing is eliminated as much as possible, processing speed is significantly increased. Furthermore, the present invention can be implemented by partially combining hardware such as a data terminal or a personal computer with software for performing the notation processing procedure, and in that case, the scale of the program will be small. Therefore, it is suitable for application to the security of IC cards, which are expected to rapidly become popular in credit card applications in the future. Table 2 Examples of substitution functions S1 to S8 Table 4 Example of substitution table 13853 +012181132061583311
6203155361434896 'L232556
416175 4'18723584 1190238
8125069211704, Brief Description of the Drawings FIGS. 1 and 2 are diagrams showing the configuration of the first embodiment of the present invention, and FIG. 3 is a diagram schematically showing the configuration of the second embodiment of the present invention. FIG. 4 is a diagram schematically showing the configuration of a data diffusion device in DES as a conventional technique. R...Input data block, RO-R3...1st to 4th byte block from the left of R, ■(...key data,
KO, niL...Key block of 1 byte each, S...Fusion substitution inter-digit arithmetic unit, XOR...Exclusive OR circuit, A
DD: Adder, ROL: 2-bit left circular register. Patent applicant: Noboru Iwakami, Nippon Telegraph and Telephone Corporation - Thank you! l], Bi =: Ni':i

Claims (5)

[Claims] (1) means for dividing input data into a plurality of blocks having the same data length; means for performing a logical operation on the data of each divided block and merging the data of at least one other block; A means for performing a substitution process on the data of each newly generated block, and a means for combining the data of the plurality of blocks subjected to the substitution process and outputting diffused data of the input data. A data dissemination device characterized by: (2) The data spreading device according to claim (1), wherein the means for fusing includes means for performing an exclusive OR operation between data of blocks. (3) The data spreading device according to claim (1), wherein the merging means includes arithmetic means for performing addition and remainder calculation between data of blocks. (4) Claim (1) characterized in that the means for performing the character substitution process is constituted by means for performing a bit rotation operation on the data of the block newly generated by the fusion. The data dissemination device described. (5) Data diffusion according to claim (1), wherein the means for performing the substitution process is constituted by a substitution table that refers to a block newly generated by the fusion as an address. Device.