WO2001067425A1 - Systeme de chiffrage de blocs utilisant la conversion auxiliaire - Google Patents
Systeme de chiffrage de blocs utilisant la conversion auxiliaire Download PDFInfo
- Publication number
- WO2001067425A1 WO2001067425A1 PCT/JP2001/001796 JP0101796W WO0167425A1 WO 2001067425 A1 WO2001067425 A1 WO 2001067425A1 JP 0101796 W JP0101796 W JP 0101796W WO 0167425 A1 WO0167425 A1 WO 0167425A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- key
- conversion
- bit
- unit
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
- G09C1/00—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/122—Hardware reduction or efficient architectures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/125—Parallelization or pipelining, e.g. for accelerating processing of cryptographic operations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/24—Key scheduling, i.e. generating round keys or sub-keys for block encryption
Definitions
- Computer-readable recording medium storing a program to be executed by a block cipher device using assistive conversion
- the present invention relates to a data conversion device, a data conversion method, and a recording medium on which a data conversion method for encrypting and decrypting digital data, spreading data, and the like for protecting digital information in information communication and the like.
- Figure 25 is a diagram showing the cryptographic functions used in the conventional DES ciphers described in “Modern Cryptography Theory” (The Institute of Electronics, Information and Communication Engineers, published on January 15, 1997, page 46). It is.
- FIG. 25 shows eight S boxes. Each of these eight S boxes is a different table. Each table outputs 4-bit output data from 6-bit input data.
- Figure 26 shows the non-linear conversion function described in “Specificationof E 2-a 1 28-bit B lock C ipherJ FIG.
- each S function section is provided with eight S boxes.
- a plurality of S boxes are provided. Ah In different ciphers, different tables are prepared, so the storage capacity increases compared to using one S-box. In another cipher, only one S-box is used. There is a problem of lowering.
- the encryption unit and the decoding unit have the same configuration.
- the encryption unit and the decoding unit have the same configuration.
- a complicated operation was required to generate a more secure expanded key.
- the number of bits of key data input as a value had to be constant.
- the present invention makes the circuits for encryption and decryption the same, reduces the circuit scale, program size, and memory capacity used for nonlinear function calculation, and generates an expanded key with a simple configuration.
- the purpose is to provide a system that can generate it. Disclosure of the invention
- a data conversion device is a data conversion device including a data processing unit that receives key data and performs at least one of data encryption and data conversion.
- the data processing unit divides data to be subjected to data conversion into first data (L) and second data (R) and performs data conversion,
- the data processing unit includes: A data normal conversion unit (FL) for converting the first data (L) and a data reverse conversion unit (FL) for converting the second data (R) in the reverse conversion to the conversion of the data normal conversion unit (FL). FL— 1 ) and
- the data processing unit has a first input, a second input, a first output, and a second output,
- the data normal conversion unit (F L) outputs the converted data to a first input of the data processing unit
- the data inversion unit (F L ⁇ ) converts data output from the second output of the data processing unit and outputs the converted data.
- the data processing unit has a first input, a second input, a first output, and a second output,
- the data normal conversion unit (F L) outputs the converted data to a second input of the data processing unit
- the data conversion unit (FL-) converts the data output from the first output of the data processing unit and outputs the converted data.
- the data conversion device according to the present invention A data conversion device having a data processing unit for performing at least one of data decoding and data decoding.
- the data processing unit includes a non-linear conversion unit that performs non-linear conversion of data.
- a part of the data to be converted is input as the first partial data, the first partial data is converted using the conversion table T which converts the value of the input data to another value and outputs the converted data, and converts the converted data.
- Data of at least another part of the data to be converted is input as the second partial data, the second partial data is converted using the conversion using the conversion table T and the second partial operation, and the converted data is converted.
- a second conversion unit (s 2 ) that outputs
- the data processing unit further includes:
- a part of the data to be converted that is different from the first partial data and the second partial data is input as the third partial data, and a part of the data that is different from the first partial data, the second partial data, and the third partial data is input.
- the conversion using the conversion table T and the second partial operation of the second conversion unit (s 2 ) are different from the third partial operation and the fourth partial operation, respectively. by the use operation, wherein the third partial data and the fourth partial data converted respectively, and a third conversion unit (s 3) and the fourth conversion unit and outputs the converted data (s 4)
- the data conversion device receives the key data and In a data conversion device provided with a data processing unit for performing either data encryption or data decryption,
- the data processing unit inputs the data to be converted, regards the input data as an element of a certain field (fieId), converts the data using an inverse element circuit using the subfield, and outputs the converted data.
- a sub-body conversion unit converts the data to be converted, regards the input data as an element of a certain field (fieId), converts the data using an inverse element circuit using the subfield, and outputs the converted data.
- the data on GF ( 2N ), which is converted to at least one of the former stage and the latter stage of the subfield conversion unit, is regarded as a source of GF (2) n with a natural correspondence, and the vector on GF (2) is It is characterized by having an affine transformation unit for the space GF (2) n .
- X X for N (N is an even number) bits of data X. + ⁇ X, ( ⁇ 0 , ⁇ ⁇ : element of the subfield, ⁇ : element of the original field)
- Yi 1 / (X.
- the data conversion device includes: a data processing unit that inputs key data and performs at least one of data encryption and data conversion;
- a key generation unit that generates key data used by the data processing unit and supplies the key data to the data processing unit;
- the data processing unit includes a multi-stage nonlinear data conversion unit connected to a plurality of stages for performing an nonlinear conversion by inputting an expanded key for each stage,
- the key generation unit may generate at least one of key data and data dependent on key data generated from the key data when generating an expanded key to be supplied to each stage of the plurality of stages of nonlinear data conversion units.
- a key shift unit that generates
- the key shift unit The key shift unit,
- a cyclic shift register that performs a cyclic shift of (Z i + 1 — Zi) bits (B bits) in one operation;
- the cyclic shift register is a circuit that performs a cyclic shift of Z i + 1 — Zi bits (B bits) in one clock cycle of an operating clock supplied to operate the cyclic shift register. .
- a data conversion device includes: a data processing unit that inputs key data and performs at least one of data encryption and data decryption;
- a key generation unit that generates key data used by the data processing unit and supplies the key data to the data processing unit;
- the data processing unit includes a multi-stage nonlinear data conversion unit connected to a plurality of stages for performing an nonlinear conversion by inputting an expanded key for each stage,
- the key generation unit cyclically shifts certain key data by a predetermined number of bits (B bits) in order to generate an extended key to be supplied to each stage of the plurality of stages of nonlinear data conversion units.
- B bits a predetermined number of bits
- the key shift unit does not generate an expanded key by ignoring some of the data cyclically shifted by B bits in order, and generates an expanded key from the remaining data.
- a data conversion device includes: a data processing unit that inputs key data and performs at least one of data encryption and data decryption;
- a key generation unit that generates key data used by the data processing unit and supplies the key data to the data processing unit;
- a data conversion device provided with
- the key generation unit includes:
- a first G-bit key conversion unit that inputs and converts G-bit G-bit key data and outputs first G-bit conversion key data of G bits;
- the second G-bit that receives the first G-bit conversion key data output from the first G-bit key conversion unit, converts it, and outputs the G-bit second G-bit conversion key data Conversion part and
- the key generation unit receives the G-bit key data K
- the G-bit key data K is input to the first G-bit key conversion unit, converted, and output by the first G-bit key conversion unit. And outputs the converted first G-bit conversion key data as converted G-bit key data.
- the key generation unit receives the 2 G-bit key data K
- the G-bit key data generated by generating the G-bit key data from the 2 G-bit key data K is input to the first G-bit key conversion unit. And outputs the first G-bit conversion key data 1 ⁇ , and inputs the first G-bit conversion key data to the second G-bit conversion unit and converts it to obtain the second G-bit conversion key data. and outputs the converted ⁇ data kappa 2, the first G-bit transformation key data output by the first G-bit key transformation unit kappa: a second G-bit output by the second G-bit transformation unit
- the conversion key data 2 is concatenated and output as converted 2 G-bit key data (Ki, K 2 ).
- the first G-bit key conversion unit
- a two-stage nonlinear data converter for nonlinearly transforming G-bit key data, and G-bit key data in the middle of conversion output from the second-stage nonlinear data converter;
- a logical operation unit that performs a logical operation on the G-bit key data input by the first G-bit key conversion unit;
- the key generation unit further includes a bit length conversion unit that converts the Q-bit key data into 2 G-bit key data when Q-bit (G ⁇ Q ⁇ 2G) key data is input.
- a data conversion device includes: a data processing unit that inputs key data and performs at least one of data encryption and data decryption;
- a key generation unit that generates key data used by the data processing unit and supplies the key data to the data processing unit;
- a key function part that performs a logical operation on the data to be converted and the key data; an S function part that replaces the data that is to be converted with another data;
- a data conversion device includes: a data processing unit that inputs key data and performs at least one of data encryption and data decryption;
- a key generation unit that generates key data used by the data processing unit and supplies the key data to the data processing unit;
- a data conversion device provided with
- a key function part that performs logical operation on the data to be converted and the key data; an s function part that replaces and converts the data that is to be converted with other data;
- the non-linear function part (F) is characterized in that the key function part is arranged either before or after both the S function part and the P function part.
- the S function part is
- a part of the data to be converted is input as the first partial data, the first partial data is converted using the conversion table T which converts the value of the input data to another value and outputs the converted data, and converts the converted data.
- Data of at least another part of the data to be converted is input as the second partial data, and the second partial data is converted and converted using the conversion table T and the second partial operation.
- Second conversion unit that outputs data
- a data conversion device is a data conversion device including a data processing unit that performs at least one of data encryption and data decryption.
- the P function part inputs eight 4 ⁇ ( ⁇ is an integer of 1 or more) bit data of Z l , ⁇ 2 , ⁇ ⁇ ⁇ , ⁇ 8 ,
- a cyclic circuit that performs a cyclic shift on U x ,
- a data conversion method according to the present invention is directed to a data conversion method for executing data processing of inputting key data and performing at least one of data encryption and data decryption.
- the above data processing divides the data to be converted into first data (L) and second data (R),
- the data processing includes a data normal conversion processing (F L) for converting the first data (L),
- the data reverse conversion process (FL- 1 ) which performs the reverse conversion of the second data (R) on the data normal conversion process (FL)
- the data conversion method according to the present invention includes the steps of: In a data conversion method of performing data processing of performing data conversion of either data encryption or data decryption,
- the data processing includes a non-linear conversion process for non-linearly converting data.
- a part of the data to be converted is input as the first partial data
- the first partial data is converted using the conversion table T which converts the value of the input data to another value and outputs the converted data, and converts the converted data.
- the first conversion process () to output
- a data conversion method is directed to a data conversion method for executing data processing of inputting key data and performing at least one of data encryption and data decryption.
- a part that inputs data to be converted regards the input data as an element of a certain field (iie 1d), converts the input data using an inverse element circuit using the partial field, and outputs the converted data Body conversion processing,
- the data on GF ( 2n ), which is converted to at least one of the pre-processing and post-processing of the above-mentioned subfield conversion processing, is regarded as a natural element of GF (2) n , and the data on GF (2) It is characterized by having one of the affine transformation processing of the beta space GF (2) n .
- the data conversion method according to the present invention is a data processing method for inputting key data and performing at least one of data encryption and data decryption.
- Key generation processing for generating key data used in the data processing and supplying the key data to the data processing
- the data processing includes a multi-stage nonlinear data conversion process that is connected in multiple stages and performs nonlinear conversion by inputting an expanded key for each stage.
- Z i + is obtained by the cyclic shift processing.
- Z i + 1 bit cyclic tour Kai shift processing to shift the given key data by operating I times IX (Z i + 1 _Zi) bit ( I XB bits) to perform a cyclic shift to generate key data that is Z i +2 bits cyclically shifted by the cyclic shift processing.
- a data conversion method includes: a data processing of inputting key data and performing at least one of data encryption and data decryption;
- Key generation processing for generating key data used in the data processing and supplying the key data to the data processing
- the data processing includes a multi-stage nonlinear data conversion process that is connected in multiple stages and performs nonlinear conversion by inputting an expanded key for each stage.
- a data conversion method includes: a data processing of inputting key data and performing at least one of data encryption and data decryption;
- Key generation processing for generating key data used in the data processing and supplying the key data to the data processing
- the key generation process is as follows:
- the second G-bit that receives the first G-bit conversion key data output from the first G-bit key conversion process, converts it, and outputs the G-bit second G-bit conversion key data Conversion process and
- the key generation unit receives the G-bit key data K
- the G-bit key data K is input to the first G-bit key conversion unit, converted, and output by the first G-bit key conversion process. And outputs the converted first G-bit converted key data 1 ⁇ as converted G-bit key data.
- a data conversion method includes: a data processing of inputting key data and performing at least one of data conversion and data conversion;
- Key generation processing for generating key data used in the data processing and supplying the key data to the data processing
- Key function processing for performing logical operation on data to be subjected to data conversion and key data; S function processing for replacing data for data conversion with other data; P function processing that performs logical operation between data to be converted and
- the non-linear function processing (F) is characterized in that the key function is operated between the S function processing and the P function processing.
- a data conversion method according to the present invention includes: a data processing of inputting key data and performing at least one of data encryption and data decryption;
- Key generation processing for generating key data used in the data processing and supplying the key data to the data processing
- the nonlinear function processing (F) is characterized in that the key function processing is operated either before or after both the S function processing and the P function processing.
- a data conversion device is a data conversion device including a data processing unit that inputs key data and performs at least one of data encryption and data conversion.
- the data processing unit includes:
- a first input data normal conversion unit for converting data input to the first input unit
- a second output data inverse conversion unit that receives data output from the second output unit and performs a conversion reverse to the conversion of the first input data normal conversion unit;
- the first input data and the second input data are non-linearly converted using the encryption key data to generate first converted data and second converted data, and convert the first converted data into the first converted data.
- Output from the output unit is non-linearly converted using the encryption key data to generate first converted data and second converted data, and convert the first converted data into the first converted data.
- the first conversion data is input from the second input unit,
- the second converted data is input from a first input unit, the first converted data and the second converted data are non-linearly converted using the decryption key data, and the first output data and the second output Generate data and
- the first input data and the second output data are the same, and the algorithm is such that the second input data and the first output data are the same.
- the data processing unit further includes: A second input data normal conversion unit that converts data input to the second input unit;
- a data conversion device includes: a data processing unit that inputs key data and performs at least one of data encryption and data decryption;
- a key generation unit that generates key data used by the data processing unit and supplies the key data to the data processing unit;
- the data processing unit includes a non-linear function unit (F) for performing non-linear conversion of data to be subjected to data conversion,
- F non-linear function unit
- a data conversion method includes a data processing of inputting key data and performing at least one of data conversion of data encryption and data decryption;
- Key generation processing for generating key data used in the data processing and supplying the key data to the data processing
- the data processing includes a non-linear function processing (F) for performing non-linear conversion of data to be subjected to data conversion
- the key generation process involves processing key data to be supplied to the non-linear function process (F), supplying the processed key data to a process other than the non-linear function process (F) in the data process, and calculating the data.
- the present invention is a computer-readable recording medium recording a program for causing a computer to execute the data conversion method.
- the present invention is also a program for causing a computer to execute the data conversion method.
- FIG. 1 is a diagram showing an encryption data conversion device 100 and a decryption data conversion device 400.
- FIG. 2 is an explanatory diagram of symbols and symbols.
- FIG. 3 is a configuration diagram of the encryption unit 200 or the decryption unit 500.
- FIG. 4 is another configuration diagram of the encryption unit 200 or the decryption unit 500.
- FIG. 5 is a configuration diagram of the data normal conversion unit (FL) 25 1.
- Figure 6 shows the configuration of the data inverse converter (FL-271).
- FIG. 7 is a diagram illustrating a part of a conventional encryption unit and a part of a decryption unit.
- FIG. 8 is a diagram showing a part of an encryption unit 200 and a decryption unit 500.
- Figure 9 is a diagram showing a data forward conversion unit (FL) 25 1 and a data inverse conversion unit (FL-271) placed in point symmetry.
- FIG. 10 is a diagram showing a relationship between a point-symmetric data forward conversion unit (FL) and a data inverse conversion unit (FL ′ 1 ).
- FIG. 11 is a diagram showing a nonlinear function part F.
- FIG. 12 is a configuration diagram of the S-box first conversion unit 13 and the S-box second conversion unit 14.
- FIG. 13 is a configuration diagram of the S-box converter 21.
- FIG. 14 is a configuration diagram of the linear conversion unit 85.
- FIG. 15 is a configuration diagram of the linear conversion unit 87.
- FIG. 16 is a configuration diagram of the key generation unit 300 or the key generation unit 600.
- FIG. 17 is an explanatory diagram of the operation of the bit length converter 310.
- Figure 18 shows the configuration of shift register A341.
- FIG. 19 is a configuration diagram of a control table of the shift control section 345.
- FIG. 20 is an explanatory diagram of the operation of shift register A 341 and shift register B 342.
- Figure 21 shows the correspondence between shift register A 341 and shift register B 342 and the expanded key.
- FIG. 22 is an explanatory diagram of the operation of the shift register A 341 to the shift register D 344.
- Figure 23 shows the correspondence between shift register A 341 to shift register D 344 and the expanded key.
- FIG. 24 is a diagram showing a computer in which the encryption data converter 100 and the decryption data converter 400 are mounted.
- Figure 25 shows the configuration of a conventional DES cryptographic function.
- FIG. 26 is a diagram showing a nonlinear function of the conventional 128-bit block cipher E2.
- FIG. 27 is a diagram illustrating another example of the S-box conversion unit.
- FIG. 28 is a diagram showing a non-linear function part F using the S box first to fourth conversion parts.
- FIG. 29 is a diagram in which the arrangement of the key function unit 25 is changed.
- FIG. 30 is another diagram in which the arrangement of the key function unit 25 is changed.
- FIG. 31 is another configuration diagram of the P function unit 30.
- FIG. 32 is another configuration diagram of the P function unit 30.
- FIG. 33 is a diagram showing the configuration and operation of S1 to S4 in FIG.
- Figure 34 is an explanatory diagram of non-existence proof of an equivalent key.
- Figure 35 is an explanatory diagram of non-existence proof of the equivalent key.
- FIG. 36 is another configuration diagram of the encryption unit 200 or the decryption unit 500.
- FIG. 37 is another configuration diagram of the encryption unit 200 or the decryption unit 500.
- FIG. 38 is another configuration diagram of the encryption unit 200 or the decryption unit 500.
- FIG. 39 is another configuration diagram of the encryption unit 200 or the decryption unit 500.
- FIG. 40 is another configuration diagram of the encryption unit 200 or the decryption unit 500.
- FIG. 41 is another configuration diagram of the encryption unit 200 or the decryption unit 500.
- FIG. 42 is a diagram showing a case where FIG. 39 and FIG. 40 are combined.
- FIG. 43 is a configuration diagram when the non-linear function unit F shown in FIG. 28 is used for the encryption unit 200 or the decryption unit 500 shown in FIG.
- FIG. 44 is a diagram illustrating a case where a non-linear function part F ′ obtained by removing the key function part 25 from the non-linear function part F illustrated in FIG. 43 is used.
- FIG. 45 is a diagram showing a case in which the operation of the white Jung extended key is further performed with the extended key in the configuration of FIG. 44.
- Figure 46 shows the case where the nonlinear function part F has the configuration shown in Figure 29.
- Figure 47 shows that when the nonlinear function part F has the configuration shown in Fig. 30, the key function part 25 is deleted from the nonlinear function part F, and the expanded key k, which has been nonlinearly transformed, is replaced by the XOR The figure which shows the case where it supplies to the circuit 298.
- FIG. 1 is a diagram showing an encryption data converter 100 and a decryption data converter 400 of this embodiment.
- the encryption data conversion device 100 is, for example, an encryption device that inputs a 128-bit plaintext and outputs a 128-bit ciphertext.
- the decryption data converter 400 is a decryption device that inputs a 128-bit ciphertext and outputs a 128-bit plaintext.
- the encryption data converter 100 is composed of an encryption unit 200 and a key generation unit 300.
- the encryption unit 2000 is an encryption data processing unit that performs plaintext encryption.
- the key generator 300 inputs the 128-bit, 192-bit, or 256-bit key data, and expands a plurality (n) of 64 bits or 128 bits using the constant Vi. A key is generated and supplied to the encryption unit 200.
- the data conversion device for decryption 400 includes a decryption unit 500 and a key generation unit 600.
- the decryption unit 500 is a decryption data processing unit that inputs an encrypted text and decrypts the encrypted text.
- the key generation unit 600 is the same as or similar to the key generation unit 300 described above. The same unit can be used for the encryption unit 2000 and the decryption unit 500. In the figure, the encryption unit 200 and the decryption unit 500 are shown separately. , One circuit or one program. Similarly, the key generation unit 300 and the key generation unit 600 can be shared by one circuit or one program. That is, the same data conversion device 100 and the same data conversion device 400 can be shared by the same circuit or the same program.
- FIG. 2 shows the meaning of symbols used in the following figures and explanations.
- the left data is referred to as left data L
- the right data is referred to as right data R in the figures.
- non-linear The data to be input to the shape data converters 210, 220, 230, 240 are called input data
- the data for the nonlinear data converters 210, 220, 230, 240 internal data is referred to as intermediate data, it will be referred to as the data output from the non-linear data transformation unit 2 1 0, 2 2 0 2 3 0, 24 0 and output data 0
- FIG. 3 is a diagram illustrating an example of the encryption unit 200 or the decryption unit 500.
- FIG. 3 shows a case where a six-stage nonlinear data converter 210, a six-stage nonlinear data converter 220, and a six-stage nonlinear data converter 230 are cascaded. Between the six-stage nonlinear data converter 210 and the six-stage nonlinear data converter 220, a data forward converter (FL) 251 and a data inverse converter (FL-271) are provided. In addition, between the six-stage nonlinear data converter 220 and the six-stage nonlinear data converter 230, there are a data forward converter (FL) 253 and a data inverse converter (FL- 1).
- FL data forward converter
- FL-271 data inverse converter
- the two-stage nonlinear data converter 210 is provided with a six-stage nonlinear data converter.
- one nonlinear data converter 280 is It is composed of a non-linear function part F and an XOR (exclusive OR) circuit 290.
- XOR exclusive OR
- the non-linear data conversion unit 210 is configured to output any two right input data R. And the left input data L Q. Is subjected to a first non-linear conversion using a first expanded key l ⁇ , and the output data subjected to the first non-linear conversion and the right input data R described above.
- a first non-linear data converter 280 that outputs an exclusive OR of the input data as first left intermediate data and outputs the left input data L Q as first right intermediate data;
- the intermediate data is subjected to a second non-linear transformation using the second expanded key k 2 , and the exclusive-OR of the output data subjected to the second non-linear transformation and the first right intermediate data 1 ⁇ is calculated as a second non-linear transformation.
- the first a left intermediate data the second right intermediate data a second example Bei a non-linear data transformation unit 2 8 1 for outputting as R 2
- a first non-linear data transformation unit 28 from 0 cascaded non-linear data transformation unit 2 8 5 sixth, the final right intermediate data R 6 and the left intermediate data L 6 is to output data after conversion.
- a data forward conversion unit (FL) 255, a data reverse conversion unit (FL- 1 ) 275, and a six-stage nonlinear data conversion unit 240 are added to the encryption unit 200 of FIG.
- the figure shows a case where conversion is performed by a total of 24 stages of nonlinear data converters.
- FIG. 5 is a diagram showing the data normal conversion unit (FL) 251.
- the input data of the data normal conversion unit (FL) 251 is divided into left input data 51 and right input data 52, and after performing a logical operation, left output data 60 and right output data 6 1 shows the case where output data is created.
- the left input data 51 is ANDed with the expanded key 53 in the AND circuit 54, and thereafter, in the 1-bit cyclic left shift section 55, a 1-bit cyclic shift to the left (together with the circular shift) is performed. Is performed.
- the exclusive OR with the right input data 52 is calculated by the XOR circuit 56.
- the output of the XOR circuit 56 becomes the right output data 61, and the OR circuit 58 adds the logical sum with the expanded key 57, and the result is further input to the XOR circuit 59 to output the left input data 5 An exclusive OR operation with 1 is performed, and the left output data 60 is obtained.
- FIG. 6 is a diagram showing the data inverse conversion unit (F L- 1 ) 271.
- Figure 6 shows a case where input data is divided into left input data 71 and right input data 72, and after performing logical operation, output data is created from left output data 80 and right output data 81. ing.
- the right input data 72 is ORed with the expanded key 73 in the OR circuit 74. Then, the exclusive OR with the left input data 71 is calculated by the first circuit 75. As a result, the output from the XOR circuit 75 becomes left output data 80, and the logical product with the expanded key 76 is obtained in the AND circuit 77, and the left direction is output in the 1-bit cyclic left shift unit 78. Is shifted left by one bit, and the result is further XORed with the right input data 72 in the XOR circuit 79 to become the right output data 81 .
- the data normal conversion unit (FL) 251 shown in FIG. 5 and the data inverse conversion unit (FL- 1 ) 271 shown in FIG. 6 perform operations in the opposite direction. Therefore, by making the output data Y in FIG. 5 into the input data Y in FIG. 6 under the same expanded key, the input data in FIG.
- a relationship in which one input data can be obtained as the other output data is referred to as a relationship between a forward transform and an inverse transform.
- the data normal conversion unit (FL) 25 1 and the data reverse conversion unit (FL 1 ) 27 1 are circuits that perform such normal conversion and reverse conversion.
- the 1-bit cyclic left shift unit 55 in FIG. 5 and the 1-bit cyclic left shift unit 78 in FIG. 6 both shift left, but both may shift right.
- the data normal conversion unit (FL) 251 and the data reverse conversion unit (FL- 1 ) 271 may have other configurations as long as they perform normal conversion and reverse conversion. For example, the number of cyclic shifts may be changed.
- an AND circuit containing not, an OR circuit containing not, and an XOR circuit containing not may be further added. That is, if the AND circuit containing not, the OR circuit containing not, and the XOR circuit containing not are represented as andn, orn, and xorn, respectively, the definitions are as follows. xandny: (notx) andy
- Some recent CPUs have an d, or, and xor instructions that also include not. These instructions can be executed at a similar cost as the and, or, and xor instructions.
- FIG. 7 shows a conventional encryption unit 201 and a conventional decryption unit 501.
- the conventional encryption unit 201 two data normal conversion units FL are provided. For this reason, in order to perform the reverse operation, two decoding units FL- 1 must be provided in the decoding unit. Therefore, the configurations of the encryption unit and the decryption unit generally differ, and the encryption unit and the decryption unit cannot be formed in the same circuit.
- the data normal conversion unit (FL) 251 and the data reverse conversion unit (FL-271) are arranged side by side. Therefore, decoding can be performed with exactly the same configuration in the decoding unit 500.
- the right data R is converted by the data normal conversion unit (FL) 251, to obtain the left data L '
- the left data L is 'when obtaining the left data L' inverse data varying section (FL- 1) 2 7 1
- right data is converted by the R by'll by inputting data inverse converting portion (FL- 1) 2 7 1
- the right data R can be obtained, and the left data L can be obtained by inputting the right data R 'to the data normal conversion unit (FL) 251.
- the encryption unit 200 and the decryption unit 500 can be realized with exactly the same configuration, and the encryption unit 200 and the decryption unit 500 can be used in common.
- Figure 9 shows the data normal conversion unit (FL) 251 and the data reverse conversion unit (FL- 1 )
- FIG. 10 shows the correspondence between the data normal conversion unit (FL) and the data inverse conversion unit (FL- 1 ) located at point-symmetric positions.
- the data normal conversion unit (FL) 25 1 and the data inverse conversion unit (FL- 1 ) 273 are point-symmetrical with the six-stage nonlinear data conversion unit 220 as the center. It is shown that it is arranged at the position of.
- FIG. 36 shows a case where an encryption unit 200 is configured by using a six-stage nonlinear data converter 210, a six-stage nonlinear data converter 220, and a six-stage nonlinear data converter 230. I have.
- the six-stage nonlinear data converter 210, the six-stage nonlinear data converter 220, and the six-stage nonlinear data converter 230 are circuits that can be used for both encryption and decryption.
- the six-stage nonlinear data converter 210, data forward converter (FL) 250, and data inverse converter (FL- 1 ) 271 constitute a forward / reverse data converter 211.
- the forward / reverse data conversion unit refers to a circuit that can be used for both encryption and decryption. That is, by using one output data as the other input data, the forward / reverse data converter performs one normal conversion and one inverse conversion that can obtain one input data as the other output data. Circuit.
- the forward / reverse data converter 2 21 is composed of 5 1 and the data reverse converter (FL-273).
- a six-stage nonlinear data conversion unit 230, a data normal conversion unit (FL) 253, and a data reverse conversion unit (FL-275) constitute a normal / reverse data conversion unit 231.
- the forward / reverse data converter 2 11 1, the forward / reverse data converter 2 21, and the forward / reverse data converter 2 31 are connected in tandem to form an encryption unit 200.
- This encryption unit 2000 can also be used as the decryption unit 500.
- the nonlinear data conversion unit 1 210 is a circuit that can be used for both encryption and decryption.
- the non-linear data converter 1 210, the data normal converter (FL) 250 and the data inverse converter (FL-273) constitute a normal / inverse data converter 1 211.
- the six-stage nonlinear data converter 220, the six-stage nonlinear data converter 230, the data forward converter (FL) 253, and the data inverse converter (FL- 1 ) 273 are non-linear. If the data conversion unit is regarded as 1 220, the non-linear data conversion unit 1 220 and the data normal conversion unit (FL) 251 and the data reverse conversion unit (FL- 1 ) 275 perform normal / reverse data conversion. Part 1 2 2 1 is constituted.
- the forward / reverse data converter 1 2 1 1 and the forward / reverse data converter 1 2 2 1 can also be used for the decoding unit 500.
- the nonlinear data conversion unit 220 Circuit that can be used for both is there.
- non-linear data conversion section 2 210 the data normal conversion section (FL) 250 and the data reverse conversion section (FL— 1 ) 2 75 constitute the forward / reverse data conversion section 2 2 1 1 I have.
- the forward / reverse data converter 2 211 can also be used for the decryption unit 500
- the encryption unit 200 or the decryption unit 500 is configured by cascading a plurality of forward / reverse data converters. By doing so, it can be configured.
- the encryption / recovery unit 2000 or the decryption unit 500 / can include a forward / reverse data conversion unit in the forward / reverse data conversion unit, thereby forming a hierarchy of the forward / reverse data conversion unit.
- FIG. 37 illustrates an example in which the encryption unit 200 and the decryption unit 500 having the six-stage nonlinear data conversion unit 210 have the same configuration.
- the six-stage nonlinear data converter 210 of FIG. 37 has an even-number nonlinear data converter 280 as shown in FIGS.
- the data A is converted into data A 'by the first input data normal conversion unit 256, and is input to the first input unit 261, and the data A' input from the first input unit 261 is It is output as data A from the first output unit 263.
- the data B input from the second input unit 262 is output as data from the second output unit 264.
- the data 1 output from the second output unit 264 is converted by the second output data inverse conversion unit 279 and output as data ′.
- the data output from the first output unit 263 of the encryption unit 200 is input to the second input unit 262 of the decryption unit 500 as data A.
- the data output from the second output data reverse conversion unit 279 of the encryption unit 200 is transmitted to the first input data normal conversion unit 258 of the decryption unit 500. 'Input and output as data.
- the non-linear data converter 210 inputs data and outputs data B. Further, the non-linear data converter 210 inputs data and outputs data A ′. The second output data inverse converter 279 inputs the data A, and outputs the data A.
- the odd-numbered stage nonlinear data converter 219 has an odd-numbered stage nonlinear data converter 280. Therefore, the data A ′ input from the first input unit 26 1 is output as data from the second output unit 264, converted by the second output data inverse conversion unit 27 9, and the data ⁇ ′ is output. Is output as The data ⁇ input from the second input unit 262 is output as data from the first output unit 263.
- Data B 1 output from the first output portion 2 6 3 of the encryption unit 2 0 0 is input as data to the second input section 2 6 2 decoding unit 5 0 0.
- the data A "output from the second output data inverse conversion unit 279 of the encryption unit 200 is input as the data ⁇ 'of the decryption unit 500, and the first input data normal conversion unit 257 Is input to
- the encryption unit 200 and the decryption unit 500 have the same configuration, and can perform encryption and decryption.
- the second input section 262 has a second input data normal conversion section 257
- the first output section 263 has a first output data reverse conversion section 278. The case is shown.
- a first input data inverse converter 276 is provided in the first input unit 261
- a second output data normal converter 259 is provided in the second output unit 264. The case is shown.
- Figure 41 shows the input / output sections 26 1, 26 3 on the left side, and the data normal conversion section 25 6,
- FIG. 42 shows a case where FIG. 39 and FIG. 40 are combined.
- FIG. 37 and FIG. 39 may be combined. Further, FIG. 38 and FIG. 39 may be combined. Although not shown, the six-stage (even-numbered) non-linear data converters 210 in FIGS. 37 and 39 to FIG. 42 can be replaced by odd-numbered non-linear data converters 219. Good. 39 to 42 can also be realized by the same configuration of the encryption unit 200 and the decryption unit 500.
- FIG. 11 is a configuration diagram of the nonlinear function unit F of the nonlinear data conversion unit 280.
- Non-linear function part F receives F-function input data 10, performs non-linear conversion, and outputs F-function output data 40.
- 6 4-bit F-function input data 10 has eight data points. "The data is processed as 8-bit data. Each 8-bit data is input to the eight XOR circuits 12 of the key function part 25, exclusive-ORed with the expanded key 11, and the permutation is performed in the S function part 20. After that, the P-function part 30 performs an operation on the 8-bit data by 16 XOR circuits 8 15 as shown in the figure, and outputs the 64-bit F-function output data. The output is 40.
- the S function part 20 is provided with four S box first conversion parts 13 and four S box second conversion parts 14.
- FIG. 12 is a diagram illustrating an implementation example of the S-box first conversion unit 13 and the S-box second conversion unit 14.
- a conversion table T is provided inside the S-box first conversion unit 13.
- the conversion table T stores in advance the values of 0 to 255 that are arbitrarily (randomly) associated with the values of 0 to 255, and inputs the values of 0 to 255. Output a value (0 to 255) corresponding to each value. Pull. For example, when 1 is input, 7 is output from the conversion table T.
- the conversion table T performs non-linear conversion in consideration of safety such as bijection and whether the maximum difference probability is sufficiently small.
- the S-box second conversion unit 14 includes the S-box first conversion unit 13 and the 1-bit cyclic left shift unit 2 2 (the “KUKUKU” in “KUKUKU 1” in the figure is a cyclic left shift , And “1” indicates one bit).
- the 1-bit cyclic left shift unit 22 performs a 1-bit cyclic left shift on the output of the S-box first conversion unit 13. For example, when 1 is input, the S-box first conversion units 13 to 7 are output, and the 1-bit cyclic left shift units 22 to 14 are output.
- the 1-bit cyclic right shift unit (the S box in FIG. 27 By providing ">>>>1") of the three conversion units 15, the same effect as in the case of providing a further different conversion table T can be obtained.
- a 1-bit cyclic left shift unit (“Kuku 1” of the S-box fourth conversion unit 16 in FIG. 27) is provided for the input data y to shift the input data y first. After that, conversion may be performed using the conversion table T.
- FIG. 28 is a diagram showing the S function unit 20 using the four S box first to fourth conversion units 13, 14, 15, and 16 shown in FIG. 27.
- FIG. 31 shows another configuration of the P function section 30.
- the exclusive OR with the result of the OR operation is taken by the circuit 917 and output as Z l , ⁇ 2 ′, ⁇ 3 ′, ⁇ 4 ′, and the exclusive OR from the circuit 913 A one-byte cyclic shift is performed on the left side of the operation result (in Fig.
- the 32-bit data ⁇ 2 , ⁇ 3 , and ⁇ 4 are obtained by referring to S 5, S 6, S 7, and S 8, respectively. These are subjected to an exclusive OR operation by the circuit 933, and the operation result ⁇ is output from the circuit 933.
- the input data y 5 8-bit, y 6, y 7, the y 8, respectively S 9, SA, SB, data Z 5 reference to 3 2-bit to SC, Z 6, Z 7, Z 8 are output, and these are subjected to an exclusive OR operation by the circuit 936, and the operation result B is output from the circuit 936.
- the operation result B is cyclically shifted right by one byte by the circuit 937 (in FIG.
- the operation result D is circulated upward (left) by the circuit 941 by two bytes, and the output of the circuit 939 and the exclusive OR operation are performed by the circuit 942.
- the calculation result E is one bar in (right) by the circuit 943.
- the circuit 944 performs an exclusive OR operation with the output of the circuit 941.
- Output F is Z l ,, z 2 ,, ⁇ 3 of the circuit 944 ', z 4, and, the output of circuit 94 3 z 5', z 6 ', z 7', z 8, is output as.
- S 5 and SC are logical shifts with the S box first conversion unit 13
- S 6 and S 9 are logical shifts with the S box second conversion unit 14
- S 7 and 3 are 3 box third conversions
- the unit 15 and the logical shift are used, and S8 and SB are configured using the S-box fourth conversion unit 16 and the logical shift.
- the logical shift is used to output 8-bit output data from each conversion unit to a predetermined position in the 32-bit output data, and is 0 for S5 and SA, 1 byte for SB, 1 byte for SB, and 7 and SC are set to shift left by 2 bytes, and S8 and S9 are set to shift left by 3 bytes.
- a permutation table of 8 bits input and 32 bits output calculated to directly output a predetermined output may be prepared.
- the S-box first conversion unit 13 and the S-box second conversion unit 14 shown in FIG. 12 are required to input eight 8-bit data in a time-division manner.
- the conventional eight individual S boxes can be replaced with only the S box first conversion unit 13 and the S box second conversion unit 14 shown in FIG.
- FIG. 13 is a diagram showing another example of the S box of the S function unit 20.
- the S-box converter 21 receives 8-bit data and outputs 8-bit data.
- the N-bit linear conversion unit 17 performs 8-bit operation.
- the subfield conversion unit 18 performs an operation using only the 4 bits that are the elements of the Galois field GF (2 4 ).
- the N-bit linear conversion unit 19 performs an 8-bit operation.
- the linear conversion unit 85 of the N-bit linear conversion unit 17 is a circuit that performs a linear conversion as shown in FIG.
- the linear conversion unit 87 is a circuit that performs a linear conversion as shown in FIG.
- Linear transformation unit 8 5 8 performs bit conversion data (X), without the data of 8 bits obtained (X ') regarded Galois field GF (2 8), X, upper from 4 bits and lower 4 bits of data and X. ) Are regarded as elements of the subfield GF (2 4 ), and are output to the subfield conversion unit 18.
- the subfield GF (2 underlying 4) is expressed as [1, shed, shed 2, shed 3], G and used to Element X of F (2 4 ).
- a inverse element circuit using a configured subfield based on circuit. as the operation result of this inverse element circuit, each GF (2 4) based on the considered upper 4-bit data and the lower 4 bits of data ( Y 1 and Upsilon.) is output to the linear transformation section 8 7 as force GF (2 8) of the 8-bit original can be regarded on the data Y. from where, ⁇ ⁇ . +] is 3 ⁇ 1. above,
- the operation speed may be reduced by operating only 4 bits, but there is an advantage that the scale of the entire circuit can be made much smaller than using an 8-bit operation element.
- the S-box converter 21 is implemented using the sub-field converter 18, the size of the entire circuit becomes smaller and the structure becomes simpler than when a conversion table T that stores random values is used. It has the advantage that it can be used, but on the contrary, it may reduce security. Therefore, a linear transformation or an affine transformation is performed on both sides of the subfield conversion unit 18 so as to eliminate the decrease in security due to the use of the subfield conversion unit 18.
- the subfield conversion is performed.
- the linear transformation is performed on both sides of the unit 18, it may be provided on only one side. Alternatively, linear transformation may be performed on one side and affine transformation may be performed on the other side.
- FIG. 29 shows the key function part 25 shown in FIG. 11, that is, the key function part 25 before the S function part 20 and the P function part 30, and the S function part 20 and the P function It is arranged after part 30.
- FIG. 30 shows the key function unit 25 arranged between the S function unit 20 and the P function unit 30.
- FIG. 43 is a diagram corresponding to the encrypting unit 200 or the decrypting unit 500 shown in FIG. 29 is a configuration diagram when the nonlinear function unit F shown in FIG. 28 is used.
- FIG. 43 is a diagram corresponding to the encrypting unit 200 or the decrypting unit 500 shown in FIG. 29 is a configuration diagram when the nonlinear function unit F shown in FIG. 28 is used.
- the left data is input to the nonlinear function part F as the F function input data 10 and the F function output data 40 is output.
- the F function output data 40 is subjected to an exclusive OR operation with the right data, and the result becomes the left data of the next stage.
- the left data is input to the nonlinear function part F as F function input data 10 and used as the right data of the next stage.
- the operation of the key function part 25, the S function part 20, and the P function part 30 is performed in the non-linear function part F, so that the operation load in the non-linear function part F is large. It will be.
- An example in which the processing load is speeded up by distributing and executing the calculation load in the nonlinear function unit F will be described below with reference to the drawings.
- FIG. 44 shows a case where a non-linear function part F ′ obtained by removing the key function part 25 from the non-linear function part F shown in FIG. 43 is used.
- the expanded key 1 ⁇ is the left data L in the XOR circuit 891.
- an exclusive OR operation is performed.
- it extended key k 2 is exclusive ORed with the right data R Q at the XOR circuit 29 7 is performed.
- the left data is input to the non-linear function part F ′ as F function input data 10, and undergoes conversion between the S function part 20 and the P function part 30.
- An exclusive OR operation is performed on the output of the XOR circuit 297 and the F function output data 40 in the XOR circuit 290, and the left data is output.
- the key generation unit 300, 600 performs exclusive OR operation between enlarged keys and k 3, and outputs an expanded key + k 3 this to processed.
- the output of XOR circuits 8 9 1 and extended key + k 3 is, exclusive OR operation Te XOR circuit 2 98 smell is performed, and outputs the right data.
- the key generation unit 300, 60 by processing the expanded key, l ⁇ + ks, k 2 + k 4, k 3 + k 5, ⁇ ⁇ ⁇ , and generates a k 16 + k 18 outputs.
- the key generation units 300 and 600 supply the expanded key obtained by the calibration to processing other than the non-linear function processing (F) and transmit the data. Is calculated. As a result, the same data as in the case of FIG. 43 is obtained as the left data L 18 and the right data R 18 .
- the calculation of the S function part 20 and the P function part 30 in the non-linear function part F ' is performed.
- the calculation with the key data can be performed outside the nonlinear function part F, that is, ⁇ 1 circuits 297, 298, and the calculation of the key function part 25 disappears from the nonlinear function part F.
- the load on section F is distributed, enabling high-speed mounting.
- FIG. 45 shows a case where the operation of the whitening expanded key k Wl is further performed on the configuration of FIG. 44 together with the expanded key.
- the key generation unit performs an exclusive OR operation of a part of the white Jung expanded key kw lhigh and the first expanded key in advance (that is, the key generation unit processes the expanded key ),
- the XOR circuit 891 is shown.
- the key generation part is a part of the whitening expanded key k Wll .
- the key generation unit uses a part kw 21 of the expanded white key kw 2 .
- the exclusive OR operation of w and the expanded key k 17 is performed (that is, the key generation unit processes the expanded key), and the result is supplied to the XOR circuit 299.
- the key generation unit performs an exclusive OR operation on the other portion kw 2high of the expanded white key and the expanded key k 18 (that is, the key generation unit processes the expanded key). To supply.
- Fig. 46 shows the case where the nonlinear function part F has the configuration shown in Fig. 29.
- the key function part 25 is deleted from the nonlinear function part F, and the key generation part supplies the expanded key k to the XOR circuit 298 instead.
- Fig. 47 shows that when the non-linear function part F has the configuration as shown in Fig. 30, the key function part 25 is deleted from the non-linear function part F, and the key generation part is nonlinearly converted instead.
- the case where the extended key k ′ P (k) is supplied to the XOR circuit 298 is shown.
- the same operation as the operation by the P function processing is performed on the key data to generate the non-linearly converted key data, and the non-linearly converted key data is used as the key data used in the above data processing.
- the figure shows a case where the data is supplied to a process other than the nonlinear function process (F) of the data process and is operated on. In both cases of FIGS.
- the key function part 25 is deleted from the non-linear function part F, so the calculation load of the non-linear function part F is reduced, and the calculation load of the non-linear function part F is reduced. Since the operation of the 0 13 ⁇ 4 circuit 298 outside the nonlinear function part F can be performed, high-speed processing can be performed.
- FIG. 16 is a configuration diagram of the key generation unit 300 (or the key generation unit 600) shown in FIG.
- the chain generation unit 300 includes a bit length conversion unit 310, a first G-bit key conversion unit 320, a second G-bit key conversion unit 330, and a key shift unit 340. Have been.
- the key generation unit 3 0 0, 1 key data 2 8-bit or 1 9 2-bit or 2 5 6 bits are inputted, 1 2 8-bit key data and 1 2 8-bit key data K 2 is Generated and multiple 64 bit expanded keys are output.
- the bit length conversion unit 310 even if key data with different numbers of bits is input, conversion is performed so that the bit length of the output key data is constant. That is, the bit length converter 310 internally generates the upper 128- bit key data SK high and the lower 128- bit key data SK 1 () W internally.
- the former is output to the first G-bit key converter 320 and the key shifter 340.
- the latter is output to a second G-bit key conversion section 330 and a key shift section 340. Also, it outputs the 128-bit key data obtained by taking the exclusive OR of the former and the latter to the first G-bit key converter 320.
- FIG. 17 is a diagram showing the internal operation of the bit length conversion unit 310.
- the input key data is output as it is as the upper 128- bit key data SK high .
- the lower 128- bit key data SKLOT is set to 0 and output.
- the upper 128-bit data of the input key data is directly changed to the upper 128-bit linked data SK. Output as high .
- the lower 64 bits of the input 192-bit key data and the inverted 64-bit data obtained by inverting the lower 64 bits of data are concatenated to form the lower 128 bits of the key data.
- Key data SK lQW is generated and output.
- the first G-bit key converter 320 receives the exclusive OR of 128- bit key data SK high and SK lQW from the bit length converter 310 , and performs a two-stage nonlinear conversion. After receiving the key data, exclusive OR is performed with the high- order 128-bit key data SK high. The data is further subjected to two-stage nonlinear conversion, and the 128-bit key data 1 ⁇ is output.
- the key data of 128 bits output from the first G-bit key conversion unit 320 Key shift section 340 is expanded using the original key data Generate a large key.
- the length of the key data input to the bit length conversion unit 310 is 192 bits or 256 bits
- the 1 2 0 output from the first G-bit key conversion unit 320 is used.
- the 8-bit key data is further input to the second G-bit key conversion unit 330, which performs an exclusive OR operation with the lower-order 128-bit key data SK low to perform a two-stage nonlinear conversion. after, and it outputs the key data K 2 1 2 8-bit.
- the key shift unit 340 contains two 128-bit key data output from both the first G-bit key conversion unit 320 and the second G-bit key conversion unit 330.
- the key shift unit 340 generates an extended key using both the output and the input original key data.
- the key shift section 340 is composed of shift register A 3 4 1 and shift register B 3
- the shift controller 345 outputs a select signal 346 to each shift register to control the operation of the shift register.
- FIG. 18 is a diagram showing a configuration of the shift register A341.
- the shift register A 348 has a selector A 347 having a switch group of 128 bits and a register A 348 of 128 bits.
- the select signal 346 includes a switch signal indicating that all switches of the selector A 347 are simultaneously connected to either the A side or the B side.
- the figure shows the case where the switch group of the selector A 347 selects A by the select signal 346.
- the register A 348 cyclically shifts to the left by 17 bits. Shows the case.
- the switch group connects B it indicates that register A shifts cyclically to the left by 15 bits. This 15-bit shift or 17-bit shift is performed in one clock cycle.
- the number of shifts (15, 17) of the cyclic shift is an example, and other shifts are different. It can be any number.
- FIG. 19 is a diagram showing a part of the control table stored in the shift control section 345.
- This control table is a table that stores how many bits the register is shifted for each session. For example, the register A control table indicates that the shift is performed by 15 bits at the first clock. It also indicates that the data is shifted further by 15 bits at the second clock. Similarly, the third and fourth clocks are shifted by 15 bits. The fifth to eighth clocks indicate that each shift is performed by 17 bits.
- FIG. 20 is a diagram illustrating a result of the shift control unit 345 controlling each shift register using the table illustrated in FIG. 19 when generating an expanded key from 128-bit key data. .
- 128-bit key data Ki output from the first G-bit key conversion section 320 is set.
- the shift register A 341 and the shift register B 342 operate according to the control table shown in FIG. In FIG. 20, the hatched portions are ignored and indicate that no output is made. Other unhatched parts are output as expanded keys as shown in Figure 21.
- FIG. 21 is a diagram showing the correspondence between register values and extended keys.
- FIG. 20 shows a case where a shift is performed by 15 bits every clock for four times, and a shift is performed by 17 bits every clock from the fifth clock.
- FIG. 22 shows a case where an extended key is generated from 192-bit or 256-bit key data.
- the upper 128- bit key data SK high input from the bit length converter 3110 is set in the shift register A341
- the lower 128- bit key data SK10ff is set in the shift register B342 .
- the first G-bit key conversion unit 320 sets the output of the 128-bit key data output from the first G-bit key conversion unit 320 into the shift register C 343, and the second G-bit key conversion unit 330 into the shift register D 344. shows a case of setting a 28-bit key data kappa 2 outputted from.
- the hatched portion indicates a key that is not used as an expanded key.
- FIG. 23 is a diagram showing the correspondence between register values and extended keys.
- the control table in the above-described control unit also stores keys that are not used as extended keys and correspondence between the values of the registers shown in FIG. 23 and the extended keys.
- the reason for returning the total number of shifts to the initial state as 128 bits (the number of bits in the register) is that if the next processing is performed on the register in the initial state, the next processing can be started as it is Because. Also, when performing the reverse conversion process (decryption), the process for generating the extended key starts from the same initial state. Therefore, by setting the initial state, the conversion process (encryption) is performed. ) And inverse transformation (decoding) can be performed.
- the reason why the sum of the number of shifts is not larger than 128 bits (the number of bits of the register) is, for example, a 2-bit cyclic shift of 128 bits or less (the number of bits of the register) and 128 bits (the number of bits of the register).
- the difference between the number of shifts is 15 bits and 30 bits.
- the number of shifts (30 bits or 34 bits) that is an integral multiple (2 times 1) of the number of shifts (15 bits and 17 bits) at one time. I do.
- the shift amount is only 1-bit soil for multiples of 8, for example, a CPU that has only a 1-bit shift instruction must perform higher-speed processing than a 3-bit or 5-bit shift. May be possible.
- this shift processing is performed using hardware that can shift only one bit, high-speed processing can be applied similarly.
- bit length conversion unit 310 In the above description of the bit length conversion unit 310, the case of inputting key data having three types of bit widths has been described. Even if key data having a bit length Q between 56 bits (2 G bits) Q (G ⁇ Q ⁇ 2 G) is input, 256 bits of key data are input using some algorithm. Key data can be decompressed to the same size as that of the key data. In other words, when chained data having a length Q between G bits and 2 Gbits is input, the bit length conversion unit 310 converts the Q bit key data into 2 Gbit key data. Can be converted.
- ⁇ ⁇ ⁇ 0 is output for the input of ⁇ ⁇ 0, so if “at least ⁇ ⁇ 0 or AB ⁇ 0” For example, “at least ⁇ ⁇ 0 or AD ⁇ 0”. Therefore, it means that it is impossible to output the same data from SK l high and SK 2 high by two-stage nonlinear transformation, which proves that there is no equivalent key.
- a general nonlinear transformation outputs equivalent SK1 from different SK1 and SK2, that is, there is a possibility that an equivalent key exists.
- the two-stage nonlinear transformation described in Sec. Can prove that there is no equivalent key.
- FIG. 24 is a diagram illustrating a computer on which the data conversion device for encryption 100 or the data conversion device for decryption 400 is mounted.
- the data converter for encryption 100 or the data converter for Z and decryption 400 is connected to the bus as a print circuit board.
- This print circuit board is provided with a CPU, a memory, and a logic circuit element.
- the encryption data conversion device 100 or the decryption data conversion device 400 can be realized by using all hardware. Further, the data conversion device for encryption 100 or the data conversion device for decryption 400 can also be realized as a data conversion method using software. That is, the above-described operation can be performed using a program stored in a magnetic disk device or a flexible disk device. Alternatively, although not shown, hardware and software may be combined to realize the above-described operation. Also, it is not necessary to realize all the operations described above with a single computer, the force S (not shown), and the above-described distributed system such as a server and a client, or a host computer and a terminal computer. Operation may be achieved.
- bit lengths of the plaintext, ciphertext, key data, and expanded key change, the bit length of each part, each process, and each process changes according to the bit length.
- a data normal conversion unit (FL) 251 and a data reverse conversion unit (FL- 1 ) 271 are provided so that encryption and decryption can be performed by the same algorithm. Therefore, the encryption unit 200 and the decryption unit 500 can be used in combination.
- the configuration is simplified. effective.
- the configuration is simplified, and the linear conversion section 85 and the linear conversion section 87 are provided. Safety is improved even when the converter 18 is used. You.
- the shift control unit 345 operates the shift register an integer number of times, so that the number of non-constant shifts of only 15 bits ⁇ 17 bits (for example, 30 bits or The key data can be shifted using (3 4 bits), and the security can be improved. Further, according to the embodiment of the present invention, since the case where the data shifted in the shift register is not used as an extended key is provided, the security can be further improved.
- bit length conversion section 310 even when key data having a different number of bits is input, it is converted into key data of a fixed length by bit length conversion section 310, so that flexible key generation is possible. Operations can be performed.
- first G-bit chain transformation unit 320 since two stages of nonlinear transformation are used in first G-bit chain transformation unit 320, it can be proved that there is no equivalent key for Performance can be improved. Further, according to the embodiment of the present invention, the arrangement position of key function section 25 is changed, so that high-speed processing can be performed.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
- Facsimile Transmission Control (AREA)
- Slot Machines And Peripheral Devices (AREA)
- Mobile Radio Communication Systems (AREA)
- Treatments For Attaching Organic Compounds To Fibrous Goods (AREA)
- Lock And Its Accessories (AREA)
- Prostheses (AREA)
- Electrophonic Musical Instruments (AREA)
- Studio Circuits (AREA)
- Materials For Medical Uses (AREA)
- Stereo-Broadcasting Methods (AREA)
- Fittings On The Vehicle Exterior For Carrying Loads, And Devices For Holding Or Mounting Articles (AREA)
- Communication Control (AREA)
- Document Processing Apparatus (AREA)
- Complex Calculations (AREA)
- Chair Legs, Seat Parts, And Backrests (AREA)
- Cable Transmission Systems, Equalization Of Radio And Reduction Of Echo (AREA)
- Burglar Alarm Systems (AREA)
- Input Circuits Of Receivers And Coupling Of Receivers And Audio Equipment (AREA)
Description
Claims
Priority Applications (28)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR10-2004-7008606A KR100465074B1 (ko) | 2000-03-09 | 2001-03-08 | 보조 변환을 이용한 블럭 암호 장치 |
KR10-2004-7008596A KR100465071B1 (ko) | 2000-03-09 | 2001-03-08 | 보조 변환을 이용한 블럭 암호 장치 |
KR10-2004-7008607A KR100465075B1 (ko) | 2000-03-09 | 2001-03-08 | 보조 변환을 이용한 블럭 암호 장치 |
DK06010074T DK1686720T3 (da) | 2000-03-09 | 2001-03-08 | Blokkrypteringsanordning og blokkrypteringsfremgangsmåde, der indbefatter planlægning af en nögle med variabel længde |
KR10-2004-7008598A KR100468338B1 (ko) | 2000-03-09 | 2001-03-08 | 보조 변환을 이용한 블럭 암호 장치 |
KR10-2004-7008602A KR100465072B1 (ko) | 2000-03-09 | 2001-03-08 | 보조 변환을 이용한 블럭 암호 장치 |
EP01912172A EP1193665B8 (en) | 2000-03-09 | 2001-03-08 | Block encryption device using auxiliary conversion |
DK06010077T DK1689114T3 (da) | 2000-03-09 | 2001-03-08 | Blokchiffer-apparat, hvortil der anvendes hj lpetransformation |
ES01912172T ES2382454T3 (es) | 2000-03-09 | 2001-03-08 | Aparato de cifrado en bloques que utiliza una transformación auxiliar |
JP2001565161A JP4127472B2 (ja) | 2000-03-09 | 2001-03-08 | データ変換装置及びデータ変換装置のデータ変換方法及びプログラム及びコンピュータ読み取り可能な記録媒体 |
DK01912172.2T DK1193665T3 (da) | 2000-03-09 | 2001-03-08 | Blokkrypteringsindretning, som anvender hjælpekonvertering |
KR10-2004-7008595A KR100465070B1 (ko) | 2000-03-09 | 2001-03-08 | 보조 변환을 이용한 블럭 암호 장치 |
MXPA01011323A MXPA01011323A (es) | 2000-03-09 | 2001-03-08 | Aparato de cifrado en bloque usando transformacion auxiliar. |
AU41058/01A AU767323B2 (en) | 2000-03-09 | 2001-03-08 | Block encryption device using auxiliary conversion |
AT01912172T ATE545991T1 (de) | 2000-03-09 | 2001-03-08 | Blockverschlüsselungseinrichtung unter verwendung von hilfsumwandlungen |
DK06010073T DK1686719T3 (da) | 2000-03-09 | 2001-03-08 | Blokkrypteringsapparat |
CA002373432A CA2373432C (en) | 2000-03-09 | 2001-03-08 | Block cipher apparatus using auxiliary transformation |
US09/959,853 US7864950B2 (en) | 2000-03-09 | 2001-03-08 | Block encryption device using auxiliary conversion |
KR10-2004-7008605A KR100465073B1 (ko) | 2000-03-09 | 2001-03-08 | 보조 변환을 이용한 블럭 암호 장치 |
NO20015461A NO333209B1 (no) | 2000-03-09 | 2001-11-08 | Blokkryptogram-apparat som benytter hjelpetransformasjon |
AU2003213312A AU2003213312C1 (en) | 2000-03-09 | 2003-07-08 | Block cipher apparatus using auxiliary transformation |
AU2003213317A AU2003213317B2 (en) | 2000-03-09 | 2003-07-08 | Block cipher apparatus using auxiliary transformation |
AU2003213315A AU2003213315B2 (en) | 2000-03-09 | 2003-07-08 | Block cipher apparatus using auxiliary transformation |
AU2003213318A AU2003213318B2 (en) | 2000-03-09 | 2003-07-08 | Block cipher apparatus using auxiliary transformation |
US11/260,111 US7697684B2 (en) | 2000-03-09 | 2005-10-28 | Block cipher apparatus using auxiliary transformation |
US11/260,126 US7760871B2 (en) | 2000-03-09 | 2005-10-28 | Block cipher using auxiliary transformation |
US11/260,129 US7822196B2 (en) | 2000-03-09 | 2005-10-28 | Block cipher apparatus using auxiliary transformation |
US11/260,110 US7760870B2 (en) | 2000-03-09 | 2005-10-28 | Block cipher apparatus using auxiliary transformation |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2000-064614 | 2000-03-09 | ||
JP2000064614 | 2000-03-09 |
Related Child Applications (5)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09959853 A-371-Of-International | 2001-03-08 | ||
US11/260,126 Division US7760871B2 (en) | 2000-03-09 | 2005-10-28 | Block cipher using auxiliary transformation |
US11/260,110 Division US7760870B2 (en) | 2000-03-09 | 2005-10-28 | Block cipher apparatus using auxiliary transformation |
US11/260,111 Division US7697684B2 (en) | 2000-03-09 | 2005-10-28 | Block cipher apparatus using auxiliary transformation |
US11/260,129 Division US7822196B2 (en) | 2000-03-09 | 2005-10-28 | Block cipher apparatus using auxiliary transformation |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2001067425A1 true WO2001067425A1 (fr) | 2001-09-13 |
Family
ID=18584290
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2001/001796 WO2001067425A1 (fr) | 2000-03-09 | 2001-03-08 | Systeme de chiffrage de blocs utilisant la conversion auxiliaire |
Country Status (16)
Country | Link |
---|---|
US (5) | US7864950B2 (ja) |
EP (7) | EP1686721B1 (ja) |
JP (3) | JP4127472B2 (ja) |
KR (8) | KR100468338B1 (ja) |
CN (5) | CN100392688C (ja) |
AT (3) | ATE545991T1 (ja) |
AU (5) | AU767323B2 (ja) |
CA (5) | CA2449665C (ja) |
DE (3) | DE60139280D1 (ja) |
DK (7) | DK1689113T3 (ja) |
ES (7) | ES2616544T3 (ja) |
MX (1) | MXPA01011323A (ja) |
NO (1) | NO333209B1 (ja) |
SG (4) | SG124291A1 (ja) |
TW (1) | TWI275049B (ja) |
WO (1) | WO2001067425A1 (ja) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003037482A (ja) * | 2001-01-23 | 2003-02-07 | Hitachi Ltd | 疑似乱数生成装置またはそれを用いた暗号復号処理装置 |
JP2007324733A (ja) * | 2006-05-30 | 2007-12-13 | Mitsubishi Electric Corp | データ変換装置 |
JP2008058828A (ja) * | 2006-09-01 | 2008-03-13 | Sony Corp | 暗号処理装置、および暗号処理方法、並びにコンピュータ・プログラム |
JP2008058830A (ja) * | 2006-09-01 | 2008-03-13 | Sony Corp | データ変換装置、およびデータ変換方法、並びにコンピュータ・プログラム |
JP2008145791A (ja) * | 2006-12-11 | 2008-06-26 | Sony Corp | 暗号処理装置、および暗号処理方法、並びにコンピュータ・プログラム |
JP2012155349A (ja) * | 2012-05-22 | 2012-08-16 | Sony Corp | 復号処理装置、情報処理装置、および復号処理方法、並びにコンピュータ・プログラム |
JP2014041389A (ja) * | 2013-12-02 | 2014-03-06 | Sony Corp | データ変換装置、およびデータ変換方法、並びにコンピュータ・プログラム |
Families Citing this family (48)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100468338B1 (ko) * | 2000-03-09 | 2005-01-28 | 니뽄 덴신 덴와 가부시키가이샤 | 보조 변환을 이용한 블럭 암호 장치 |
US7269615B2 (en) | 2001-12-18 | 2007-09-11 | Analog Devices, Inc. | Reconfigurable input Galois field linear transformer system |
US7283628B2 (en) * | 2001-11-30 | 2007-10-16 | Analog Devices, Inc. | Programmable data encryption engine |
US7508937B2 (en) * | 2001-12-18 | 2009-03-24 | Analog Devices, Inc. | Programmable data encryption engine for advanced encryption standard algorithm |
JP4128395B2 (ja) * | 2002-05-23 | 2008-07-30 | 三菱電機株式会社 | データ変換装置 |
JP3503638B1 (ja) * | 2002-09-26 | 2004-03-08 | 日本電気株式会社 | 暗号装置及び暗号プログラム |
DE10345457A1 (de) * | 2003-09-30 | 2005-04-28 | Infineon Technologies Ag | Verfahren und Vorrichtung zur Ver- und Entschlüsselung |
US7580519B1 (en) | 2003-12-08 | 2009-08-25 | Advanced Micro Devices, Inc. | Triple DES gigabit/s performance using single DES engine |
US7545928B1 (en) * | 2003-12-08 | 2009-06-09 | Advanced Micro Devices, Inc. | Triple DES critical timing path improvement |
US7257225B2 (en) * | 2003-12-29 | 2007-08-14 | American Express Travel Related Services Company, Inc. | System and method for high speed reversible data encryption |
JP3933647B2 (ja) * | 2004-05-10 | 2007-06-20 | シャープ株式会社 | 消費電力解析防止機能つき半導体装置 |
US7885405B1 (en) | 2004-06-04 | 2011-02-08 | GlobalFoundries, Inc. | Multi-gigabit per second concurrent encryption in block cipher modes |
US7526085B1 (en) | 2004-07-13 | 2009-04-28 | Advanced Micro Devices, Inc. | Throughput and latency of inbound and outbound IPsec processing |
JP4129280B2 (ja) * | 2004-09-14 | 2008-08-06 | 松下電器産業株式会社 | バレルシフト装置 |
US7783037B1 (en) | 2004-09-20 | 2010-08-24 | Globalfoundries Inc. | Multi-gigabit per second computing of the rijndael inverse cipher |
JP4882598B2 (ja) * | 2006-07-28 | 2012-02-22 | ソニー株式会社 | 暗号処理装置、暗号処理アルゴリズム構築方法、および暗号処理方法、並びにコンピュータ・プログラム |
CN100436555C (zh) * | 2006-09-06 | 2008-11-26 | 深圳市永仁包装印刷材料有限公司 | 一种水溶性金银墨及其制备方法 |
US8036377B1 (en) | 2006-12-12 | 2011-10-11 | Marvell International Ltd. | Method and apparatus of high speed encryption and decryption |
JP4857230B2 (ja) * | 2007-03-30 | 2012-01-18 | 株式会社日立製作所 | 疑似乱数生成装置及びそれを用いた暗号化処理装置 |
US7890565B2 (en) * | 2007-04-30 | 2011-02-15 | Lsi Corporation | Efficient hardware implementation of tweakable block cipher |
CN100495961C (zh) | 2007-11-19 | 2009-06-03 | 西安西电捷通无线网络通信有限公司 | 一种基于分组密码算法的加密处理方法 |
CN100581101C (zh) * | 2007-11-19 | 2010-01-13 | 西安西电捷通无线网络通信有限公司 | 一种基于分组密码算法的加密处理设备 |
JP5272417B2 (ja) * | 2008-01-21 | 2013-08-28 | ソニー株式会社 | データ変換装置、およびデータ変換方法、並びにコンピュータ・プログラム |
US20090186966A1 (en) * | 2008-01-22 | 2009-07-23 | Sabic Innovative Plastics Ip B.V. | Thermoplastic polyestercarbonate composition |
JP5200949B2 (ja) * | 2009-01-16 | 2013-06-05 | 富士通株式会社 | 暗号処理装置 |
US20100250965A1 (en) * | 2009-03-31 | 2010-09-30 | Olson Christopher H | Apparatus and method for implementing instruction support for the advanced encryption standard (aes) algorithm |
US8654970B2 (en) * | 2009-03-31 | 2014-02-18 | Oracle America, Inc. | Apparatus and method for implementing instruction support for the data encryption standard (DES) algorithm |
US9317286B2 (en) * | 2009-03-31 | 2016-04-19 | Oracle America, Inc. | Apparatus and method for implementing instruction support for the camellia cipher algorithm |
US8832464B2 (en) * | 2009-03-31 | 2014-09-09 | Oracle America, Inc. | Processor and method for implementing instruction support for hash algorithms |
US20100246815A1 (en) * | 2009-03-31 | 2010-09-30 | Olson Christopher H | Apparatus and method for implementing instruction support for the kasumi cipher algorithm |
JP5296217B2 (ja) * | 2009-09-24 | 2013-09-25 | 株式会社東芝 | 鍵スケジュール装置および方法 |
JP2011130340A (ja) * | 2009-12-21 | 2011-06-30 | Kddi Corp | ストリーム暗号の暗号化装置、ストリーム暗号の復号化装置、ストリーム暗号の暗号化方法、ストリーム暗号の復号化方法およびプログラム |
KR101334040B1 (ko) * | 2010-01-20 | 2013-11-28 | 한국전자통신연구원 | 대칭키 암호화 시스템의 마스킹 연산 방법 및 장치 |
JP5539024B2 (ja) * | 2010-05-27 | 2014-07-02 | キヤノン株式会社 | データ暗号化装置およびその制御方法 |
US8611540B2 (en) * | 2010-06-23 | 2013-12-17 | Damaka, Inc. | System and method for secure messaging in a hybrid peer-to-peer network |
US20120079462A1 (en) * | 2010-09-24 | 2012-03-29 | SoftKrypt LLC | Systems and methods of source software code obfuscation |
FR2966953B1 (fr) | 2010-11-02 | 2015-08-28 | St Microelectronics Rousset | Procede de contremesure cryptographique par derivation d'une donnee secrete |
US8958550B2 (en) * | 2011-09-13 | 2015-02-17 | Combined Conditional Access Development & Support. LLC (CCAD) | Encryption operation with real data rounds, dummy data rounds, and delay periods |
JP5481455B2 (ja) * | 2011-09-27 | 2014-04-23 | 株式会社東芝 | 暗号処理装置 |
CN105215593A (zh) * | 2014-07-01 | 2016-01-06 | 长治市澳瑞特欣鑫健身器材有限公司 | 一种篮圈焊接模具 |
CN104917610B (zh) * | 2015-06-15 | 2018-03-06 | 上海交通大学 | 基于量子真随机数的通信中继服务器安全系统及方法 |
KR20170002836A (ko) | 2015-06-30 | 2017-01-09 | 주식회사 피엔아이티 | Nfc를 이용한 미아방지용 캐릭터 목걸이. |
EP3391583B1 (en) | 2015-12-15 | 2019-07-24 | Koninklijke Philips N.V. | A computation device and method |
US10157289B2 (en) * | 2016-09-26 | 2018-12-18 | Bank Of America Corporation | Progressive key rotation for format preserving encryption (FPE) |
EP4280574A3 (en) * | 2018-10-10 | 2024-01-03 | Nippon Telegraph And Telephone Corporation | Secure right shift computation system, secure division system, methods therefor, secure computation apparatus, and program |
CN109756231B (zh) * | 2018-12-27 | 2023-01-31 | 北京思朗科技有限责任公司 | 循环移位处理装置及方法 |
US11632231B2 (en) * | 2020-03-05 | 2023-04-18 | Novatek Microelectronics Corp. | Substitute box, substitute method and apparatus thereof |
KR20230110668A (ko) | 2022-01-16 | 2023-07-25 | 주식회사 네이처라인즈 | 반려동물용 휠 운동장치 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1997009705A1 (fr) * | 1995-09-05 | 1997-03-13 | Mitsubishi Denki Kabushiki Kaisha | Appareil de conversion de donnees et procede de conversion de donnees |
JPH09269727A (ja) * | 1996-03-29 | 1997-10-14 | Toshiba Corp | 暗号化方法および暗号化装置 |
JPH1152849A (ja) * | 1997-08-07 | 1999-02-26 | Nec Corp | 暗号装置及び暗号装置を実現するプログラムを記録したコンピューターが読みとり可能な記録媒体 |
Family Cites Families (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2641285B2 (ja) | 1988-05-23 | 1997-08-13 | 三菱電機株式会社 | ガロア体除算回路及び乗除算共用回路 |
JPH0651698A (ja) * | 1992-06-03 | 1994-02-25 | Nippon Telegr & Teleph Corp <Ntt> | データ攪拌装置およびデータ攪拌方法 |
US5351299A (en) * | 1992-06-05 | 1994-09-27 | Matsushita Electric Industrial Co., Ltd. | Apparatus and method for data encryption with block selection keys and data encryption keys |
US5623549A (en) * | 1995-01-30 | 1997-04-22 | Ritter; Terry F. | Cipher mechanisms with fencing and balanced block mixing |
US5673319A (en) * | 1995-02-06 | 1997-09-30 | International Business Machines Corporation | Block cipher mode of operation for secure, length-preserving encryption |
US5594797A (en) * | 1995-02-22 | 1997-01-14 | Nokia Mobile Phones | Variable security level encryption |
JP2772937B2 (ja) * | 1995-07-11 | 1998-07-09 | 太陽誘電株式会社 | チップ型電子部品の製造方法 |
JPH0990870A (ja) * | 1995-09-27 | 1997-04-04 | Nec Corp | 基本変換方法、暗号化方法、基本変換回路および暗号装置 |
KR100473536B1 (ko) * | 1996-05-22 | 2005-05-16 | 마츠시타 덴끼 산교 가부시키가이샤 | 기기간통신의안전성을확보하는암호화장치및통신시스템 |
US6028939A (en) * | 1997-01-03 | 2000-02-22 | Redcreek Communications, Inc. | Data security system and method |
JP3515306B2 (ja) * | 1997-01-29 | 2004-04-05 | 日本電信電話株式会社 | 逆元演算装置 |
US6459792B2 (en) * | 1997-04-23 | 2002-10-01 | Matsushita Electric Industrial Co., Ltd. | Block cipher using key data merged with an intermediate block generated from a previous block |
US6510228B2 (en) * | 1997-09-22 | 2003-01-21 | Qualcomm, Incorporated | Method and apparatus for generating encryption stream ciphers |
KR100296958B1 (ko) * | 1998-05-06 | 2001-09-22 | 이석우 | 블록 데이터 암호화 장치 |
US6269163B1 (en) * | 1998-06-15 | 2001-07-31 | Rsa Security Inc. | Enhanced block ciphers with data-dependent rotations |
JP3600454B2 (ja) * | 1998-08-20 | 2004-12-15 | 株式会社東芝 | 暗号化・復号装置、暗号化・復号方法、およびそのプログラム記憶媒体 |
JP2000066586A (ja) | 1998-08-24 | 2000-03-03 | Toshiba Corp | データ処理装置及び通信システム並びに記録媒体 |
TW556111B (en) * | 1999-08-31 | 2003-10-01 | Toshiba Corp | Extended key generator, encryption/decryption unit, extended key generation method, and storage medium |
KR100468338B1 (ko) * | 2000-03-09 | 2005-01-28 | 니뽄 덴신 덴와 가부시키가이샤 | 보조 변환을 이용한 블럭 암호 장치 |
-
2001
- 2001-03-08 KR KR10-2004-7008598A patent/KR100468338B1/ko active IP Right Grant
- 2001-03-08 AT AT01912172T patent/ATE545991T1/de active
- 2001-03-08 SG SG200407157A patent/SG124291A1/en unknown
- 2001-03-08 ES ES06010078.1T patent/ES2616544T3/es not_active Expired - Lifetime
- 2001-03-08 KR KR10-2001-7014247A patent/KR100449594B1/ko active IP Right Grant
- 2001-03-08 CA CA002449665A patent/CA2449665C/en not_active Expired - Lifetime
- 2001-03-08 EP EP06010075A patent/EP1686721B1/en not_active Expired - Lifetime
- 2001-03-08 KR KR10-2004-7008602A patent/KR100465072B1/ko active IP Right Grant
- 2001-03-08 KR KR10-2004-7008596A patent/KR100465071B1/ko active IP Right Grant
- 2001-03-08 DE DE60139280T patent/DE60139280D1/de not_active Expired - Lifetime
- 2001-03-08 CA CA002449669A patent/CA2449669C/en not_active Expired - Lifetime
- 2001-03-08 JP JP2001565161A patent/JP4127472B2/ja not_active Expired - Lifetime
- 2001-03-08 EP EP06010077A patent/EP1689114B1/en not_active Expired - Lifetime
- 2001-03-08 DK DK06010076.5T patent/DK1689113T3/da active
- 2001-03-08 CN CNB018004709A patent/CN100392688C/zh not_active Expired - Lifetime
- 2001-03-08 CN CN2005100959349A patent/CN1734527B/zh not_active Expired - Lifetime
- 2001-03-08 EP EP06010074A patent/EP1686720B1/en not_active Expired - Lifetime
- 2001-03-08 DK DK01912172.2T patent/DK1193665T3/da active
- 2001-03-08 DK DK06010074T patent/DK1686720T3/da active
- 2001-03-08 US US09/959,853 patent/US7864950B2/en active Active
- 2001-03-08 DK DK06010077T patent/DK1689114T3/da active
- 2001-03-08 ES ES06010075T patent/ES2407463T3/es not_active Expired - Lifetime
- 2001-03-08 KR KR10-2004-7008605A patent/KR100465073B1/ko active IP Right Grant
- 2001-03-08 KR KR10-2004-7008607A patent/KR100465075B1/ko active IP Right Grant
- 2001-03-08 EP EP01912172A patent/EP1193665B8/en not_active Expired - Lifetime
- 2001-03-08 DE DE60138773T patent/DE60138773D1/de not_active Expired - Lifetime
- 2001-03-08 CN CN200510096622A patent/CN100583192C/zh not_active Expired - Lifetime
- 2001-03-08 CA CA002373432A patent/CA2373432C/en not_active Expired - Lifetime
- 2001-03-08 TW TW090105464A patent/TWI275049B/zh not_active IP Right Cessation
- 2001-03-08 SG SG200407209A patent/SG124293A1/en unknown
- 2001-03-08 CA CA002449662A patent/CA2449662C/en not_active Expired - Lifetime
- 2001-03-08 ES ES06010073T patent/ES2319560T3/es not_active Expired - Lifetime
- 2001-03-08 CN CN2005100912925A patent/CN1734526B/zh not_active Expired - Lifetime
- 2001-03-08 DK DK06010078.1T patent/DK1686722T3/en active
- 2001-03-08 ES ES06010074T patent/ES2327263T3/es not_active Expired - Lifetime
- 2001-03-08 ES ES01912172T patent/ES2382454T3/es not_active Expired - Lifetime
- 2001-03-08 EP EP06010073A patent/EP1686719B1/en not_active Expired - Lifetime
- 2001-03-08 ES ES06010077T patent/ES2329819T3/es not_active Expired - Lifetime
- 2001-03-08 EP EP06010076A patent/EP1689113B1/en not_active Expired - Lifetime
- 2001-03-08 AU AU41058/01A patent/AU767323B2/en not_active Expired
- 2001-03-08 ES ES06010076T patent/ES2405942T3/es not_active Expired - Lifetime
- 2001-03-08 DE DE60137269T patent/DE60137269D1/de not_active Expired - Lifetime
- 2001-03-08 SG SG200407161A patent/SG124292A1/en unknown
- 2001-03-08 AT AT06010074T patent/ATE431983T1/de not_active IP Right Cessation
- 2001-03-08 MX MXPA01011323A patent/MXPA01011323A/es active IP Right Grant
- 2001-03-08 SG SG200407213A patent/SG124294A1/en unknown
- 2001-03-08 DK DK06010075.7T patent/DK1686721T3/da active
- 2001-03-08 CN CNB2005100939383A patent/CN100557663C/zh not_active Expired - Lifetime
- 2001-03-08 AT AT06010073T patent/ATE419692T1/de not_active IP Right Cessation
- 2001-03-08 KR KR10-2004-7008606A patent/KR100465074B1/ko active IP Right Grant
- 2001-03-08 KR KR10-2004-7008595A patent/KR100465070B1/ko active IP Right Grant
- 2001-03-08 EP EP06010078.1A patent/EP1686722B1/en not_active Expired - Lifetime
- 2001-03-08 DK DK06010073T patent/DK1686719T3/da active
- 2001-03-08 CA CA002449672A patent/CA2449672C/en not_active Expired - Lifetime
- 2001-03-08 WO PCT/JP2001/001796 patent/WO2001067425A1/ja active IP Right Grant
- 2001-11-08 NO NO20015461A patent/NO333209B1/no not_active IP Right Cessation
-
2003
- 2003-07-08 AU AU2003213312A patent/AU2003213312C1/en not_active Expired
- 2003-07-08 AU AU2003213317A patent/AU2003213317B2/en not_active Expired
- 2003-07-08 AU AU2003213318A patent/AU2003213318B2/en not_active Expired
- 2003-07-08 AU AU2003213315A patent/AU2003213315B2/en not_active Expired
-
2005
- 2005-10-28 US US11/260,126 patent/US7760871B2/en not_active Expired - Lifetime
- 2005-10-28 US US11/260,129 patent/US7822196B2/en not_active Expired - Lifetime
- 2005-10-28 US US11/260,110 patent/US7760870B2/en not_active Expired - Lifetime
- 2005-10-28 US US11/260,111 patent/US7697684B2/en not_active Expired - Lifetime
-
2006
- 2006-11-02 JP JP2006298813A patent/JP4598744B2/ja not_active Expired - Lifetime
-
2010
- 2010-08-27 JP JP2010190217A patent/JP5242642B2/ja not_active Expired - Lifetime
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1997009705A1 (fr) * | 1995-09-05 | 1997-03-13 | Mitsubishi Denki Kabushiki Kaisha | Appareil de conversion de donnees et procede de conversion de donnees |
JPH09269727A (ja) * | 1996-03-29 | 1997-10-14 | Toshiba Corp | 暗号化方法および暗号化装置 |
JPH1152849A (ja) * | 1997-08-07 | 1999-02-26 | Nec Corp | 暗号装置及び暗号装置を実現するプログラムを記録したコンピューターが読みとり可能な記録媒体 |
Non-Patent Citations (5)
Title |
---|
"Applied cryptography", 1995, JOHN WILEY & SONS, INC., XP002942209 * |
FUMIHIKO SANO ET AL.: "Kakucho feistel gata angou kei ni okeru random kansuu ichi to shoumei kanou anzensei no kankei ni tsuite", 1997 NEN, ANGOU TO JOHO SECURITY SYMPOSIUM, SCIS97-24C, 31 January 1997 (1997-01-31), pages 1 - 15, XP002942208 * |
KAZUMARO AOKI ET AL.: "128 Bit block angou camellia no jissou hyouka", DENSHI JOHO TSUSSHIN GAKKAI GIJUTSU KENKYU HOKOKU (ISEC2000-73), vol. 100, no. 324, 22 September 2000 (2000-09-22), pages 131 - 138, XP002942211 * |
KAZUMARO AOKI ET AL.: "128 Bit block angou camellia", DENSHI JOHO TSUUSHIN GAKKAI GIJUTSU KENKYU HOKOKU (ISEC2000-73, vol. 100, no. 76, 18 May 2000 (2000-05-18), pages 47 - 75, XP002942210 * |
MATSUI M: "FAST SOFTWARE ENCRYPTION. 4TH INTERNATIONAL WORKSHOP, FSE '97 PROCEEDINGS", 1997, SPRINGER-VERLAG BERLIN, article "New block encryption algorithm MISTY", pages: 54 - 68 |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003037482A (ja) * | 2001-01-23 | 2003-02-07 | Hitachi Ltd | 疑似乱数生成装置またはそれを用いた暗号復号処理装置 |
JP2007324733A (ja) * | 2006-05-30 | 2007-12-13 | Mitsubishi Electric Corp | データ変換装置 |
JP2008058828A (ja) * | 2006-09-01 | 2008-03-13 | Sony Corp | 暗号処理装置、および暗号処理方法、並びにコンピュータ・プログラム |
JP2008058830A (ja) * | 2006-09-01 | 2008-03-13 | Sony Corp | データ変換装置、およびデータ変換方法、並びにコンピュータ・プログラム |
US8577023B2 (en) | 2006-09-01 | 2013-11-05 | Sony Corporation | Encryption processing method, apparatus, and computer program utilizing different types of S-boxes |
US8787568B2 (en) | 2006-09-01 | 2014-07-22 | Sony Corporation | Data transformation apparatus, data transformation method, and computer program |
TWI447683B (zh) * | 2006-09-01 | 2014-08-01 | Sony Corp | Information processing device |
US9363074B2 (en) | 2006-09-01 | 2016-06-07 | Sony Corporation | Encryption processing apparatus, encryption processing method, and computer program |
JP2008145791A (ja) * | 2006-12-11 | 2008-06-26 | Sony Corp | 暗号処理装置、および暗号処理方法、並びにコンピュータ・プログラム |
US8737603B2 (en) | 2006-12-11 | 2014-05-27 | Sony Corporation | Cryptographic processing apparatus, cryptographic processing method, and computer program |
JP2012155349A (ja) * | 2012-05-22 | 2012-08-16 | Sony Corp | 復号処理装置、情報処理装置、および復号処理方法、並びにコンピュータ・プログラム |
JP2014041389A (ja) * | 2013-12-02 | 2014-03-06 | Sony Corp | データ変換装置、およびデータ変換方法、並びにコンピュータ・プログラム |
Also Published As
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2001067425A1 (fr) | Systeme de chiffrage de blocs utilisant la conversion auxiliaire | |
JP2007041620A5 (ja) | ||
JP3992742B2 (ja) | データブロックおよび鍵を非線形的に結合する暗号方法および装置 | |
JPH0863097A (ja) | データを暗号化するための対称暗号化方法およびシステム | |
JPWO2002058037A1 (ja) | 暗号回路 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 01800470.9 Country of ref document: CN |
|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AU CA CN JP KR MX NO SG US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
ENP | Entry into the national phase |
Ref document number: 2373432 Country of ref document: CA Ref document number: 2373432 Country of ref document: CA Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: PA/a/2001/011323 Country of ref document: MX Ref document number: 2001912172 Country of ref document: EP Ref document number: 41058/01 Country of ref document: AU |
|
ENP | Entry into the national phase |
Ref document number: 2001 565161 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020017014247 Country of ref document: KR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 09959853 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 1020017014247 Country of ref document: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 2001912172 Country of ref document: EP |
|
WWG | Wipo information: grant in national office |
Ref document number: 1020017014247 Country of ref document: KR |