WO2003100751A1 - Dispositif et procede de conversion de donnees - Google Patents
Dispositif et procede de conversion de donnees Download PDFInfo
- Publication number
- WO2003100751A1 WO2003100751A1 PCT/JP2003/002689 JP0302689W WO03100751A1 WO 2003100751 A1 WO2003100751 A1 WO 2003100751A1 JP 0302689 W JP0302689 W JP 0302689W WO 03100751 A1 WO03100751 A1 WO 03100751A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- data
- input
- selector
- conversion
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
- G09C1/00—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/122—Hardware reduction or efficient architectures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/125—Parallelization or pipelining, e.g. for accelerating processing of cryptographic operations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/24—Key scheduling, i.e. generating round keys or sub-keys for block encryption
Definitions
- the present invention relates to a data conversion device and a data conversion method for performing data encryption or data decryption.
- FIG. 56 is a configuration and operation diagram of a related data conversion device.
- the data conversion device that performs the block cipher processing includes a key generation unit 20 and a data agitation unit 30.
- the key generation unit 20 is a key generation unit that generates a key for performing data encryption and Z decryption.
- the data agitating unit 30 is a unit that encrypts or decrypts the input data.
- the key generation unit 20 includes an intermediate key generation unit 40 and a key schedule unit 210.
- the intermediate key 'generating unit 40 is a unit that inputs a secret key and generates an intermediate key (key KL) and an output key (key KA) from the input secret key.
- the key schedule unit 210 inputs the intermediate key (key KL) and the output key (key KA) generated by the intermediate key generation unit 40 (key KLL, key KLH, key KAL, key KAH), and The keys to be supplied from each key to the mixer 30 are scheduled.
- the intermediate key generation unit 40 and the key schedule unit 210 perform key generation and key scheduling.
- the data agitation unit 30 When P (plaintext) is input, the data agitation unit 30 performs data conversion for encrypting the data, and outputs the converted data as C (ciphertext). When P (encrypted text) is input, the data agitating unit 30 performs data conversion for data decryption, and outputs the converted data as C (decrypted text). As described above, the data agitation unit 30 performs data encryption processing and data decryption processing.
- the main conversion section 320 and the sub-conversion section 330 are serially connected.
- the main conversion unit 320 is a unit that performs non-linear conversion of data. That is, the main conversion unit 320 has one or more stages of the F function for performing non-linear conversion of data, or has a part of the F function, and has the F function or a part of the F function. To perform an overnight nonlinear transformation. In FIG. 57, the main conversion section 320 has one or more stages of the F function.
- the sub-conversion unit 330 is at least one of a data normal conversion unit (FL) that performs linear conversion of data and a data inverse conversion unit (FL " 1 ") that performs reverse conversion of the data normal conversion unit (FL).
- FL data normal conversion unit
- FL " 1 " data inverse conversion unit
- This is a unit that linearly converts data input using a data normal conversion unit (FL) or a data reverse conversion unit (FL) using an input key.
- the selector 310 is a selector that selects one signal from the input signals using the main conversion unit 320, the sub-conversion unit 330, P (plaintext or ciphertext), and the key as input signals.
- the selector 310 shown in FIG. 56 has three selectors that select one output signal from four input signals and output one output signal from two input signals in terms of a 2-1 selector.
- the arithmetic register 350 is a memory for holding data output as the main conversion unit 320 and the sub-conversion unit 330 and C (encrypted or decrypted text) for a predetermined period. 02689
- the data agitating section 30 alternately repeats a plurality of times that the input data P (plaintext or ciphertext) is non-linearly converted by the main converting section 320 and linearly converted by the sub-converting section 330. And then decrypt the data and output it as C (encrypted or decrypted).
- P plaintext or ciphertext
- main conversion section 320 The internal configuration of main conversion section 320 will be described.
- FIG. 57 shows an example of the internal configuration of main conversion section 320.
- main conversion section 320 is composed of six F function sections.
- the F function part is composed of a circuit that performs one stage of F function processing
- the main conversion unit 320 shown in FIG. 57 performs nonlinear data conversion processing using six stages of F functions.
- the main conversion unit 320 may have six F function processing circuits, or may have one F function processing circuit and repeat the processing by the F function six times. May perform data processing using a six-stage F-function.
- the higher-order data divided from the input data is input to the F function unit 321a.
- the key 1 scheduled by the key schedule unit 210 is also input.
- the F function part 32 la as described above, the higher-order input data is nonlinearly transformed using the key.
- the EXOR circuit 322a performs an exclusive OR operation on the non-linearly converted data and the lower input data.
- the data output from the EXOR circuit 322a becomes the input data of the F function part 321b.
- the F function unit 32 lb performs a non-linear conversion process in the same manner as the F function unit 32 la, and the exclusive OR of the data converted by the EXOR circuit 322 b and the higher-order input data is obtained.
- the data output from the EXOR circuit 322b becomes the input data of the F function unit 321c.
- the same processing as the processing by the F function unit 321 a and the EXOR circuit 322 a is performed by the F function unit 321 b and the EXOR circuit 322 a.
- the transformed data is output.
- FEI STEL structure As typical structures for randomizing data, there are the above-mentioned FEI STEL structure and SPN (Substi tut i on P er mu t a t i ot Ne two rk) structures.
- the main conversion unit 320 having the SPN structure is said to be excellent in parallel processing.
- the main converter 320 having the FEI STEL structure is said to be excellent in reducing the size of hardware.
- the SPN structure does not split the input data, as in the FEI STEL structure, but has a structure in which the F function consisting of the S layer (non-linear layer) and the P layer (linear layer) is repeated. .
- sub-conversion section 330 The internal configuration of sub-conversion section 330 will be described.
- FIG. 58 is a diagram showing a circuit constituting the sub-conversion unit 330.
- the data normal conversion unit 50 the logical product of the upper 32 bits data and the key 1 of the 64 bit data input by the AND circuit 54 is taken, and the result is cyclically shifted left by 1 bit, and the EXOR circuit 55 The exclusive OR with the lower 32 bits of the input data is obtained, and the result is output as an output signal of the lower 32 bits and input to the OR circuit 57.
- the OR circuit 57 the logical sum with the key 2 is calculated, and in the EXOR circuit 56, the exclusive OR with the upper 32 bits of the input data is calculated, and the result is output as the upper 32 bits output signal. Is output. In this way, the input data of 64 bits is linearly converted and output as a 64 bit output signal.
- the OR of the lower 32 bits data of the 64 bit data input by the OR circuit 74 and the key 3 is obtained, and the EXOR circuit 75 outputs the upper bit of the input data.
- An exclusive OR with 32 bits is obtained, and the result is output as an output signal of the upper 32 bits and input to the AND circuit 77.
- the AND circuit 77 the logical AND with the key 4 is obtained, the result is cyclically shifted one bit to the left, and the exclusive OR with the lower 32 bits of the input data is obtained by the EX ⁇ R circuit 76, The result is output as the lower 32 bits output signal.
- the 64-bit input data is linearly converted by the data normal conversion unit 50 and the data inverse conversion unit 70, and is output as a 64-bit output signal.
- the keys 1 to 4 are supplied from the key schedule unit 210.
- FIG. 59 is a diagram showing, as another example of the sub-conversion unit 330, a circuit in which the data normal conversion unit 50 and the data reverse conversion unit 70 are shared.
- Selector 99a selects input signal A from input signal E and input signal A, outputs it as output signal B, ANDs with key 1 by AND circuit 101, and cyclically shifts one bit to the left After that, the exclusive OR with the lower 32 bits of the input data is taken by the EXOR circuit 91 and output as the lower 32 bits output signal, and the input signal C is input to the 2-1 selector 99b. Is done.
- the 2-1 selector 99b selects the input signal C from the input signal C and the input signal F and outputs it as the output signal D.
- the OR circuit 92 the output signal D and the key 2 are ORed, and the EXOR circuit 93 performs the exclusive OR operation with the upper 32-bit data of the input data, and is output as the upper 32-bit output signal. You.
- 2-1 Selector 99b selects input signal F from input signal C and input signal F, outputs it as output signal D, ORs with key 2 by OR circuit 92, and inputs by EXOR circuit 93
- the exclusive OR is calculated with the upper 32 bits of the data, output as the upper 32 bits output signal, and input as the input signal E to the 2-1 selector 99a.
- the 2-1 selector 99a selects the input signal E from the input signal A and the input signal E and outputs it as the output signal B.
- the AND circuit 101 the logical sum of the output signal B and the key 1 is obtained, and after a cyclic shift to the left by 1 bit, EXO
- the exclusive OR with the lower 32 bits of the input data is obtained by the R circuit 91 and output as a lower 32 bits output signal.
- FIG. 60 is a diagram showing a data conversion device in a case where the main conversion unit 320 has a 1Z2 X (x ⁇ l) F function for processing less than one stage of the F function, in contrast to the data conversion device shown in FIG. 56. It is.
- the main conversion unit 320 has, for example, a 1/2 F function
- the main conversion unit 320 has a 2F path via the sub conversion unit 330, the selector 310, and the operation register 350 to the main conversion unit 320.
- the cycle process By performing the cycle process, the process of nonlinearly converting the data by the F function can be performed once.
- the data conversion device shown in FIG. 60 is different from the data conversion device shown in FIG. 56 in that a path from the operation register 350 to the selector 310 is added.
- FIG. 61 illustrates the internal configuration of the main conversion section 320.
- the main conversion section 320 is composed of, for example, a 12-stage F function section (1Z2 F function) for performing 1/2 F-function processing for processing less than one stage of F function.
- the data conversion using the F function section 32 1 a of the main conversion section 320 of FIG. 57 and the EXOR circuit 322 a is performed by the F function section 1 32 1 a and the F function section 1 32 1 b and EXOR circuit 1322a and EXOR circuit 1322b.
- the upper data divided from the upper input data is input to the F function section 1321a.
- a key 1 H composed of upper bits of the key 1 scheduled by the key schedule unit 210 is also input.
- the F function unit 132 la performs the above non-linear conversion using the key 1H.
- Translated data 8 is input to the EXOR circuit 1322a, and the exclusive OR of the lower input data and the divided upper data is obtained.
- the data output from the EXOR circuit 1322a is held as an intermediate data in the arithmetic register 350 until the data is processed in the EXOR circuit 1322b.
- the divided lower data of the upper input data is input to the F function section 1321b. Also, a key 1 L composed of lower bits of the key 1 scheduled by the key schedule section 210 is input.
- the F function section 1322b performs a non-linear conversion of the lower data using the key 1L.
- the converted data is input to the EXOR circuit 1322b.
- the intermediate data which is the output data from the EXOR circuit 1 322a held in the arithmetic register 350 previously, to the EXOR circuit 1 322b. Therefore, a path from the operation register 350 to the selector 310 is required. That is, by using the path from the operation register 350 to the selector 310, the intermediate data held in the operation register 350 can be input to the selector 310.
- the selector 310 selects the input intermediate data.
- the intermediate data is input to the main conversion section 320 via the arithmetic register 350, and is subjected to an exclusive OR operation with the output data of the F function section 1321b by the EXOR circuit 1322b.
- the data output from the EXOR circuit 1 322 b becomes the input data of the F function section 1 321 c.
- EXOR circuit 1 32 21 This is performed as processing. In this way, after performing the non-linear transformation of the data by the F function part in 12 stages (or 12 times), the transformed data is output. Challenge 1.
- the key generation unit 20 uses a part of the main conversion unit 320 and a part of the sub-conversion unit 330 to generate a key used for data encryption / decryption. .
- Part of the main conversion unit 320 and part of the sub conversion unit 330 are used for key generation in order to reduce the size of the entire data conversion device.
- the main converting section 320 and the sub-converting section 330 are serially connected. Therefore, the operating frequency is univocal due to the path from the main conversion section 320 to the sub-conversion section 330, the selector 310, the operation register 350, and the return to the main conversion section 320. And the improvement of the operating frequency was hindered. Therefore, it has been desired to increase the operating frequency by shortening the maximum path for data processing in the data agitating section 30 and to dramatically improve the processing speed.
- the data conversion device since there is no path for inputting the data output from the selector 310 and the arithmetic register 350 to the sub-converter 330 without passing through the main converter 330, the data conversion device has an internal path. The system could not respond flexibly to configuration changes, resulting in a lack of flexibility in the operations that could be performed as a whole.
- the data to be converted in one cycle is a part of the input data. 1) 2). For this reason, some conversion data of the input data is held in the arithmetic register 350, and A path for sending the data to the sub-conversion unit 330 later is provided in the data agitation unit 30 or a transfer for transferring the main conversion unit 320 and sending it to the sub-conversion unit 330 after a certain period of time. A path had to be provided in the main converter 320.
- An object of the present invention is to reduce the size of a data conversion device.
- Another object of the present invention is to improve the operating frequency of the data conversion device. Disclosure of the invention
- a data conversion device is a data conversion device that inputs a key and data, and performs at least one of data encryption and decryption of input data using the input key.
- the data conversion device includes a data agitation unit for converting data, a control unit for controlling a transfer signal instructing to transfer any of the input key and the input data,
- the controller outputs a transfer signal when transferring either the key or the data
- the data agitation unit converts at least one of data encryption and data decryption by converting the data using the input key, and transmits the transfer signal output by the control unit. If you enter In this case, a sub-conversion unit for transferring at least one of the input key and the input data without performing data conversion is provided.
- the data agitator further includes:
- It has a main conversion unit that inputs data and converts the input data to non-linear data.
- the controller outputs a data transfer signal as a transfer signal when transferring data
- the sub-conversion unit receives the data transfer signal output by the control unit and the data converted by the main conversion unit, and transfers the input data according to the input data transfer signal. It is characterized by doing.
- the data conversion device further comprises:
- a key generation unit that generates a key
- the controller outputs a key transfer signal as a transfer signal when transferring the key
- the sub-conversion unit receives the key transfer signal output by the control unit and the key generated by the key generation unit, and transfers the input key according to the input key transfer signal.
- the key generation unit further includes:
- An intermediate key generation unit that inputs a secret key and generates an intermediate key from the input secret key
- the sub-conversion unit transfers the intermediate key generated by the intermediate key generation unit according to the input key transfer signal to the main conversion unit,
- the main conversion unit repeats at least one of converting and outputting the intermediate key transferred by the sub-conversion unit,
- the sub-transformation unit repeats at least one of converting and outputting the intermediate key output by the main conversion unit
- At least one of the main conversion unit and the sub conversion unit repeats one or more times of converting and outputting the intermediate key
- the main conversion unit outputs an intermediate key output by at least one of the main conversion unit and the sub conversion unit as an output key
- the intermediate key generation unit is characterized in that, by inputting the output key output by the main conversion unit, an expanded key including the intermediate key and the output key is generated.
- the intermediate key generation unit selects a key from the input six keys and a key KL register that holds one key selected from the sixty-one KL selector and one key selected from the 6-1 KL selector as an intermediate key.
- the 6-1 KL selector inputs a secret key, and inputs the secret key, the intermediate key held by the key KL Regisu, and the four different shifts from the intermediate key held by the key KL Regisu Enter six keys consisting of four keys, each of which is cyclically bit-shifted by a number, select one key from the six keys entered,
- the key KL register holds the key selected by the 6-1 KL selector
- the sub-transformer when receiving the key transfer signal output from the controller, inputs the key held in the key KL register as an intermediate key and transfers the input intermediate key. And
- the above intermediate key generation unit selects one key from the four input keys, and selects one key from the three input keys.
- the three-key selector and the three-key selector select A key KL register for holding one selected key as an intermediate key,
- the four-one selector inputs four keys that are cyclically bit-shifted by four different shift numbers from the intermediate key held by the key KL Regis, and selects one key from the four input keys.
- the above 3-1 KL selector inputs the secret key, and the three keys consisting of the input secret key, the one key selected by the 411 selector and the intermediate key held in the key KL register are entered. Enter, select one key from the three keys entered,
- the key generation unit further includes:
- the expanded key generated by the intermediate key generation unit and a predetermined constant are input, and any of the expanded key and the predetermined constant input according to predetermined conditions is at least one of the main conversion unit and the sub conversion unit.
- the sub-conversion unit includes at least a data normal conversion unit (FL) that performs linear data conversion and a data inverse conversion unit (FL- 1 ) that performs data conversion reverse to the data normal conversion unit (FL).
- At least one of the data normal conversion unit (FL) and the data inverse conversion unit (FL) performs data conversion, and if the control unit outputs a trans-transmission signal, A transfer signal output by the control unit is input, and at least one of data and a key is transferred without data conversion according to the input transfer signal.
- a key transfer signal which is a key transfer signal, and a mask signal are output as transfer signals to be transmitted.
- At least one of the data normal conversion unit (FL) and the data inverse conversion unit (FL) is input when the key transfer signal and the mask signal output by the control unit are input.
- the input unit invalidates the input data by the received key transfer signal, and transfers the key by passing the input key by the input mask signal.
- a data transfer signal which is a data transfer signal, is output as a transfer signal for transferring data,
- At least one of the data normal conversion unit (FL) and the data inverse conversion unit (FL) receives the data transfer signal output by the control unit when the input data transfer signal is input.
- the sub-transformer performs a linear data transformation of the data and invalidates the key inputted by the sub-transformer, and transfers the data by passing the inputted data. It has 12 sub-transformers that share the same circuit to perform data inverse transforms that perform data transforms that are the reverse of data normal transforms. — If the control unit outputs a transfer signal while the evening is converted to the data, the transfer signal output by the control unit is input, and at least one of the key and the data is transmitted according to the input transfer signal. Characterized by transferring
- the sub-conversion unit has a data normal conversion unit (FL) for performing linear data conversion of data and a data inverse conversion unit (FL- 1 ) for performing reverse data conversion of the data normal conversion unit (FL). And the data normal conversion section (FL) and the data reverse conversion section (FL) are arranged in series,
- Either the data normal conversion unit (FL) or the data inverse conversion unit (FL) is either the data normal conversion unit (FL) or the data inverse conversion unit (FL " 1 "). Enter the converted data, the transferred key, the transferred data, or the data converted by the other, and enter the converted data, the transferred key, or the transferred data It is characterized in that either data conversion, key transfer or data transfer is performed by using either of the above data.
- the data conversion method according to the present invention is characterized in that a key of any one of the bits is input and data input is converted using the input key. Use the key to enter at least the encryption and data
- the data conversion method described above instructs that, when transferring either the key or the data, either the input key or the input data is transferred. Output the transfer signal
- a data conversion program includes a key and data, and a data conversion that performs at least one of data encryption and data decryption using the input key.
- the data conversion program outputs a transfer signal instructing to transfer either the input key or the input data when transferring the key or the data. Processing,
- a computer-readable recording medium on which a data conversion program according to the present invention is recorded is provided with a key and data, and at least one of data encryption and data decryption using the input key.
- a computer-readable recording medium storing a data conversion program for performing the data conversion
- At least one of data encryption and data decryption is performed by converting data using the input key, and if the output transfer signal is input, it is input. It is a computer-readable recording medium storing a data conversion program for causing a computer to execute a process of transferring at least one of a key and input data without data conversion.
- the data conversion device further comprises:
- a key generation unit that generates a key
- the key generation unit further includes:
- An intermediate key generation unit that inputs a secret key, generates an intermediate key from the input secret key, and generates an output key from the generated intermediate key using the main conversion unit and the sub conversion unit. I do.
- the intermediate key generator inputs six keys and selects one key from the input six keys, and intermediately selects one key selected from the 6-1 KL selector.
- the above 6—1 KL selector inputs the secret key, and the entered secret key, the intermediate key held in the key KL Regis, and the intermediate key held in the key KL Regis Input 6 keys consisting of 4 keys each of which is cyclically bit-shifted by the number of shifts, select one key from the input 6 keys, PC leak 89
- the 6-1 KA selector inputs an output key generated using the main conversion unit and the sub conversion unit, and outputs the input output key, the output key held in the key KA register, and the key From the output key held in the KA register, input four keys that are cyclically bit-shifted by four different shift numbers and six keys consisting of, and select one key from the input six keys.
- the key KA registry stores the key selected by the 6-1 KA selector as an output key.
- the above-mentioned intermediate key generation unit selects one key from two keys, 2-1 selector, one key from four keys, four selectors, and one key from three keys.
- the 2-1 selector selects one key from the intermediate key held in the key KL register and the output key held in the key KA register, and the 4-1 selector selects the 2-1 selector Enter the four keys, each of which is cyclically bit-shifted by four different shift numbers from the key selected by, select one key from the input four keys,
- the 3-1 KL selector inputs a secret key, and the three keys consisting of the input secret key, the key selected by the 4-1 selector, and the intermediate key held by the key KL REGISTER And select one of the three keys you entered,
- the key KL register is selected by the 3-1 KL selector Keep the key as an intermediate key
- the 3-1 KA selector inputs an output key generated using the main conversion unit and the sub-conversion unit, outputs the input output key, the key selected by the 4-1 selector, Key KA Regis Input three keys consisting of the output key held in the evening, select one key from the three input keys, and set the key KA register to the key selected by the 3-1 KA selector. Is held as an output key.
- the intermediate key generation unit includes a 2 ⁇ 1 KL selector for selecting one key from two keys, a key KL register for holding a key selected from a 2 ⁇ 1 KL selector, and Select one key 2 — 1 KA selector, 2 — 1 KA selector holding key selected from KA selector, 2 — 1 selector to select one key from 2 keys, and 8 keys Choose one key from 8 — 1 selector and
- the 2-1 KL selector inputs a secret key, selects one key from the input secret key and the key held in the key KL register,
- the 2-1 KA selector inputs an output key generated using the main conversion unit and the sub-conversion unit, and selects one key from the input output key and the key held in the key KA register. And select
- the 2-1 selector selects one key from the two keys selected by the 2-1 KL selector and the 2-1 KA selector,
- the 8-1 selector inputs eight keys that are cyclically bit-shifted by eight different shift numbers from the key selected by the 2-1 selector, and selects one key from the input eight keys It is characterized by the following.
- a data conversion device provides a data conversion device that converts data all at once.
- the data agitation unit includes a main conversion unit that inputs data and performs non-linear data conversion of the input data and a sub-conversion unit that linearly converts the input data.
- the main conversion unit inputs the key and the data, and nonlinearly converts the input data based on the F-function, which is a function for performing non-linear data conversion using the input key. And outputs the non-linearly transformed data,
- the sub-transformation unit inputs the key and the data, linearly converts the input data using the input key, and outputs the linearly converted data.
- the main conversion unit and the sub-conversion unit repeatedly perform data conversion by the main conversion unit and data conversion by the sub-conversion unit so that at least one of data encryption and data decryption is performed. It is characterized by performing conversion.
- the main conversion unit includes an F function unit that performs nonlinear data conversion of input data using the input key based on an F function and outputs the converted data a plurality of times. I do.
- the F function section repeats 2 X times to perform non-linear data conversion of the input data using the input key based on the 1 2 X F function (X ⁇ 0) and output the data converted data.
- Non-linear data conversion based on the F function is performed multiple times by repeating the non-linear data conversion based on the F function for one time and outputting the completed data multiple times.
- the above-mentioned F function part is for data divided into upper data and lower data. Either one of them is input, the input data is non-linearly converted, one of the upper data and lower data is output, and one of the output upper data and lower data is output and the upper data and lower data are converted.
- Exclusive OR operation with one of the data and the exclusive OR operation is performed, and the upper data or lower data not input to the above-mentioned F function part is compared with the other. It is characterized in that the output is switched.
- the data conversion device further comprises:
- a key generation unit that generates a key
- the key generation unit further includes:
- An intermediate key generation unit that inputs a secret key, generates an intermediate key from the input secret key, and generates an output key from the generated intermediate key using the main conversion unit and the sub conversion unit. I do.
- the key generation unit further includes:
- the intermediate key, output key, and predetermined constant generated by the intermediate key generation unit are input, and the main conversion unit and the sub conversion unit are input from the input intermediate key, output key, and predetermined constant according to predetermined conditions.
- a key scheduler that schedules the key used for line-to-line conversion.
- the sub-conversion unit and the main conversion unit input the keys scheduled by the key schedule unit, respectively, and perform data conversion of the data input to each based on the input keys. I do.
- the intermediate key generator inputs six keys and selects one key from the input six keys, and intermediately selects one key selected from the 6-1 KL selector. Key to hold as key KL Regis Yu and six keys JP03 / 02689
- a key KA register for holding one key selected from the 6-1 KA selector as an output key.
- the 6 _ 1 KL selector inputs a secret key, and shifts the input secret key, an intermediate key held in the key KL register, and an intermediate key held in the key KL register in four different shifts. Enter six keys, each consisting of four keys cyclically bit-shifted by a number, select one key from the six keys entered,
- the key KL register holds the key selected by the 6-1 KL selector as an intermediate key
- the 6-1 KA selector inputs an output key generated by using the main conversion unit and the sub conversion unit, and outputs the input output key, the output key held in the key KA register, Keys KA Regis Enters six keys, consisting of four keys, each of which is cyclically bit-shifted by four different shift numbers from the output key held in the evening, and one key from the input six keys. ,
- the key KA register holds the key selected by the 6-1 KA selector as an output key.
- the above-mentioned intermediate key generation unit selects one key from two keys, 2-1 selector, one key from four keys, four selectors, and one key from three keys.
- the 2-1 selector selects one key from the intermediate key held in the key KL register and the output key held in the key KA register,
- the four-to-one selector inputs four keys that are cyclically bit-shifted by four different shift numbers from the key selected by the two-to-one selector, and selects one key from the four input keys
- the 3-1 KL selector inputs a secret key, and the three keys consisting of the input secret key, the key selected by the 4-1 selector, and the intermediate key held in the key KL register are entered. Enter, select one key from the three keys entered,
- the key KL Regis holds the key selected by the 3-1 KL selector as an intermediate key
- the 3-1 KA selector inputs an output key generated using the main conversion unit and the sub-conversion unit, outputs the input output key, the key selected by the 4-1 selector, Key KA Regis Input three keys consisting of the output key held in the evening, select one key from the three input keys, and set the key KA register to the key selected by the 3-1 KA selector. Is held as an output key.
- the intermediate key generation unit selects a key from two keys, a KL selector for holding a key selected from a 2-1 KL selector, and a KL register for holding a key selected from a 2-1 KL selector. Select one key 2-1 KA selector, 2-1 KA register holding key selected from 2-1 KA selector, and select one key from two keys 2-1 Selector, 8 8-1 selector to select one key from the keys,
- the above 2-1 KL selector inputs the secret key, selects one key from the input secret key and the key held at the key KL REGISU,
- the 2_1 KA selector inputs the output key generated using the main conversion unit and the sub conversion unit, and stores the input output key and the key KA register.
- the 2_1 selector selects one key from the two keys selected by the 2-1 KL selector and the 2-1 KA selector
- the 8-1 selector inputs eight keys that are cyclically bit-shifted by eight different shift numbers from the key selected by the 2-1 selector, and selects one key from the input eight keys It is characterized by doing.
- the sub-conversion unit is at least one of a data normal conversion unit (FL) for linearly converting data and a data reverse conversion unit (FL- 1 ) for performing a conversion reverse to the conversion of the data normal conversion unit (FL).
- the data conversion is performed by at least one of the data normal conversion unit (FL) and the data inverse conversion unit (FL- 1 ).
- the sub-conversion unit includes a 1/2 sub-conversion unit that performs the data normal conversion for linearly converting data and the data reverse conversion for performing the reverse conversion of the data conversion by sharing the same circuit.
- a data conversion method according to the present invention is arranged in parallel to a sub-conversion unit that converts data into linear conversion, inputs a key and data, and performs non-linear data conversion using the input key. Based on the F function, which is a function of 03 02689
- a data conversion program is provided with a function for inputting a key and data, and performing a non-linear data conversion using the input key, the data conversion program being arranged in parallel in a sub-conversion unit that converts data into linear conversion.
- the main conversion unit which converts the input data to non-linear data based on the F-function, is used to convert the input data to non-linear data and output the non-linearly converted data.
- the process of linearly converting the data input using the key by the sub-transformer arranged in parallel with the main transformer and outputting the linearly-converted data is repeatedly performed, thereby at least encrypting the data. It is characterized by causing a computer to execute any one of the data decoding processes for data decoding.
- a computer-readable recording medium on which a data conversion program according to the present invention is recorded is arranged in parallel in a sub-conversion unit that converts data into linear conversion, and inputs a key and a data.
- the F function which is a function for performing non-linear data conversion using, the input data is converted to non-linear data by the main conversion unit, which performs non-linear data conversion. Processing to output
- the key and the data are input, and the input data is linearly converted by the sub-transformer arranged in parallel with the main convertor using the input key.
- the input data is linearly converted by the sub-transformer arranged in parallel with the main convertor using the input key.
- FIG. 1 is a configuration diagram of the data conversion device according to the first embodiment.
- FIG. 2 is a diagram showing an operation in which the intermediate key generation unit 40 generates an output key from the intermediate key in the case of a 128-bit key.
- FIG. 3 is a diagram showing the internal configuration of the key schedule unit 210 and its operation.
- FIG. 4 is a diagram illustrating the operation of the data encryption / decryption processing of the data agitation unit 30.
- FIG. 5 is a diagram showing the internal configuration and operation of the F function unit 3221.
- FIG. 6 is a configuration diagram of a data conversion device in which the main conversion unit 320 and the sub conversion unit 330 of FIG. 1 are arranged in reverse.
- FIG. 7 is a configuration diagram of a data conversion device in which a main conversion unit 320 and a sub conversion unit 330 are arranged in parallel.
- FIG. 8 is a diagram showing the internal configuration of the 6-1 KL selector 222 and the 6-1 KA selector 230 of the intermediate key generation unit 40.
- FIG. 9 is a diagram showing another configuration example of the intermediate key generation unit 40.
- FIG. 10 is an internal configuration diagram of the sub-conversion unit 330 when the data normal conversion unit 50 has a key transfer function.
- FIG. 11 is an internal configuration diagram of the sub-conversion unit 330 when the data inverse conversion unit 70 has a key transfer function.
- Figure 12 shows that the data normal conversion unit 50 and the data inverse conversion unit 70 are key transfer functions.
- 30 is an internal configuration diagram of the sub-conversion unit 330 in the case of having.
- FIG. 13 is an internal configuration diagram of the sub-conversion unit 330 when the data normal conversion unit 50 according to the second embodiment has a data transfer function.
- FIG. 14 is an internal configuration diagram of the sub-conversion unit 330 when the data inverse conversion unit 70 has a data transfer function.
- FIG. 15 is an internal configuration diagram of the sub-conversion unit 330 when the data normal conversion unit 50 and the data reverse conversion unit 70 have a data transfer function.
- FIG. 16 is an internal configuration diagram of the sub-conversion unit 330 when the data normal conversion unit 50 has a key transfer function and a data transfer function and the data inverse conversion unit 70 has a key transfer function in the third embodiment. It is.
- FIG. 17 is an internal configuration diagram of the sub-conversion unit 330 when the data reverse conversion unit 70 has a key transfer function and a data transfer function, and the data conversion unit 50 has a key transfer function.
- FIG. 18 is an internal configuration diagram of the sub-conversion unit 330 when the data normal conversion unit 50 and the data reverse conversion unit 70 have a key transfer function and a data transfer function.
- FIG. 19 is an internal configuration diagram of the sub-conversion unit 330 when the data normal conversion unit 50 has a key transfer function and a data transfer function.
- FIG. 20 is an internal configuration diagram of the sub-conversion unit 330 when the data inverse conversion unit 70 has a key transfer function and a data transfer function.
- FIG. 21 is a configuration diagram of the sub-conversion unit 330 when the data normal conversion unit 50 has a key transfer function and a data transfer function, and the data inverse conversion unit 70 has a data transfer function.
- FIG. 22 is a configuration diagram of the sub-transformer 330 when the data reverse converter 70 has a key transfer function and a data transfer function, and the data corrector 50 has a data transfer function.
- FIG. 3 is a configuration diagram of a sub-conversion unit 330 when 0 has a key transfer function.
- FIG. 24 is a configuration diagram of the sub-conversion unit 330 when the data normal conversion unit 50 has a key transfer function and the data reverse conversion unit 70 has an overnight transfer function.
- FIG. 25 shows a case where the data reverse conversion unit 70 and the data conversion unit 50 are serially connected, and the data normal conversion unit 50 and the data reverse conversion unit 70 each have a data transfer function.
- 3 is a configuration diagram of a sub-conversion unit 330.
- FIG. 26 is a configuration diagram of the sub-conversion unit 330 when the data conversion unit 50 and the data inverse conversion unit 70 in FIG. 25 are switched upside down.
- FIG. 27 shows a serial connection of a data conversion unit 50 and a data conversion unit 70 in serial.
- the data conversion unit 50 has a key transfer function and a data transfer function.
- FIG. 3 is a configuration diagram of a sub-conversion unit 330 when 0 has a data transfer function.
- FIG. 28 is a configuration diagram of the sub-conversion unit 330 when the data normal conversion unit 50 and the data reverse conversion unit 70 in FIG. 27 are switched upside down.
- FIG. 29 is a configuration diagram of a sub-conversion unit 330 having a data transfer function.
- FIG. 30 is a configuration diagram of the sub-conversion unit 330 when the data normal conversion unit 50 and the data reverse conversion unit 70 in FIG. 29 are switched upside down.
- FIG. 31 is a configuration diagram of sub-transformer 330 when a key transfer function and a data transfer function are added to 1/2 sub-transformer 90 in the fourth embodiment.
- FIG. 32 is a configuration diagram of the sub-conversion unit 330 when a data transfer function is added to the 12 sub-conversion unit 90.
- FIG. 33 is a configuration diagram of the sub-conversion unit 330 when a key transfer function is added to the 1Z2 sub-conversion unit 90.
- FIG. 34 is a diagram showing a data encryption process in a CAMEL LIA data conversion device using a 128-bit key.
- FIG. 35 is a diagram showing a data decryption process in a CAMEL LIA data conversion device using a 128-bit key.
- FIG. 36 is an internal configuration diagram of the F function in the CAMEL LIA data converter.
- FIG. 37 is a diagram showing the overall configuration and operation of the fifth embodiment.
- FIG. 38 is a diagram showing the overall configuration and operation of the sixth embodiment.
- FIG. 39 is a diagram showing the overall configuration and operation of the eleventh embodiment.
- FIG. 40 is a diagram showing the overall configuration and operation of Embodiment 12.
- FIG. 41 is a diagram showing the overall configuration and operation of the thirteenth embodiment.
- FIG. 42 is a diagram illustrating the overall configuration and operation of the fourteenth embodiment.
- FIG. 43 shows an overall configuration and operation of the fifteenth embodiment.
- FIG. 44 shows an overall configuration and operation of the sixteenth embodiment.
- FIG. 45 shows an overall configuration and operation of the seventeenth embodiment.
- FIG. 46 is a diagram showing the overall configuration and operation of the eighteenth embodiment.
- FIG. 47 is a diagram showing the overall configuration and operation of the seventh embodiment.
- FIG. 48 shows an overall configuration and operation of the eighth embodiment.
- FIG. 49 shows the overall configuration and operation of the ninth embodiment.
- FIG. 50 shows an overall configuration and operation of the tenth embodiment.
- FIG. 51 is a diagram showing the overall configuration and operation of Embodiment 19.
- FIG. 52 shows the overall configuration and operation of the twentieth embodiment.
- FIG. 53 is a diagram illustrating an operation in which the intermediate key generation unit 40 generates an output key from the intermediate key in the case of a 192 or 256 bit key.
- FIG. 54 is a diagram showing a data encryption process in a CAME LLIA data conversion device using a 192, 256-bit key.
- FIG. 55 is a diagram showing a data decryption process in the CAM ELLIA data conversion device using the 192- and 256-bit keys.
- FIG. 56 is an example of a configuration and operation diagram of a related data conversion device.
- FIG. 57 shows an example of the internal configuration of the main conversion section 320.
- FIG. 58 is a diagram showing a circuit constituting the sub-conversion unit 330.
- FIG. 59 is a diagram showing a circuit in which the data normal conversion unit 50 and the data inverse conversion unit 70 constituting the sub conversion unit 330 are shared.
- FIG. 60 is another example of a configuration and operation diagram of a related data conversion device.
- FIG. 61 shows another example of the internal configuration of main conversion section 320.
- FIG. 21 is a configuration diagram of a sub-conversion unit 330 in the case.
- FIG. 63 is a configuration diagram of the sub-conversion unit 330 when the data normal conversion unit 50 and the data reverse conversion unit 70 in FIG. 62 are switched upside down.
- FIG. 64 is an example of the internal configuration of the main conversion section 320 of CAMELLIA. BEST MODE FOR CARRYING OUT THE INVENTION
- a data conversion device described in the present embodiment will be described. Data converter.
- FIG. 1 is a configuration and operation diagram of a data conversion device according to the present embodiment.
- the intermediate key (key KL) output from the key KL register 240 is not directly input to the selector 310, and is transmitted from the key KL register 240 to the key schedule unit 210. It is input to the sub-transformer 330 via the key scheduler 210 using the conventional path.
- main conversion section 320 It has a “data conversion mode” and a “key or data transfer mode”.
- key When a key is input, the mode is switched to the “key or data transfer mode” and the input key is selected by the selector.
- the data that has been nonlinearly converted by main conversion section 320 is not directly input to selector 310, but is input to sub conversion section 330.
- the sub conversion section 330 switches the mode to the "key or data transfer mode", and switches the input data to the selector 310. Forward.
- FIG. 2 shows an operation in which the intermediate key generation unit 40 generates an output key from the intermediate key.
- the secret key is input to the intermediate key generation unit 40, and the key is output to the key KL register 240 through the 6 ⁇ 1 KL selector 220. It is stored as an intermediate key (key KL).
- the secret key held in the key KL register 240 is input to the main conversion unit 320 via the key schedule unit 210 as an intermediate key (key KL).
- the upper bits of the input intermediate key (key KL) are nonlinearly converted using the constant ⁇ 1 output from the key schedule section 210, and EXOR The circuit 322a performs an exclusive OR operation with the lower bits of the intermediate key (key KL) and inputs the result to the F function part 32 lb.
- the key output from the EXOR circuit 322 a is nonlinearly transformed using the constant ⁇ 2 output from the key schedule section 210 in the F function section 321 b, and the intermediate key (key) is output by the EXOR circuit 322 b.
- Exclusive OR with the lower bit of KL As a result, the output key is set as the upper bits of the key, and the key output from EXOR circuit 322a is output to sub-converter 330 as the lower bits of the key.
- the sub-conversion unit 330 inputs these data, and the two exclusive OR (EXOR) units included in the data conversion unit 50 of the sub-conversion unit 330
- the exclusive OR operation is performed on the upper bits of the key and the lower bits of the key using two exclusive OR units (EXOR) included in the data inverse converter 70 of the converter 330, and the result is output.
- the input data is input to the main conversion unit 320 again.
- the main conversion unit 320 like the processing using a part of the main conversion unit 320 described above, connects the F function unit 321a and the EXOR circuit 322a and the F function unit 321b of the main conversion unit 320 to the EXOR circuit 322. Performs a two-stage conversion process including b and exchanges the upper and lower bits of the converted key and outputs the result.
- the output data is input to the 6-1 KA selector 230 of the intermediate key generation unit 40, and is held in the key KA register 250 as an output key (key KA).
- the intermediate key generation unit 40 uses the part of the main conversion unit .320 and the part of the sub conversion unit 330, which are components for performing the encryption Z Generate the output key (key KA) from KL).
- the two keys are input to the key schedule section 210 and are used as keys for encrypting and decrypting data (referred to as extended keys). Further, by using the output key (key KA) and the intermediate key (key KL) generated in this manner, a new intermediate key and an output key are generated at predetermined intervals by the same processing. Key schedule.
- FIG. 3 is a diagram showing the internal configuration and operation of the key schedule unit 210.
- the intermediate key (key KL) output from the intermediate key generation unit 40 is divided into a high-order key KLH and a low-order key KLL, and is input to the 4-1 selector 2 16 and the 4 11 selector 2 17 You.
- the output key (key KA) output from the intermediate key generation unit 40 is divided into a key KAH and a key KAL and input to the 411 selector 211 and the 411 selector 217.
- 4-1 selector 2 16 and 4-1 selector 217 select one key from these four keys.
- the key schedule unit 210 does not always perform the process of cyclically shifting right by one bit, but considers the number and direction in which the cyclic shifter of the sub-transformer 330 cyclically shifts the signal.
- the input key may be previously cyclically shifted by the number of times the cyclic shifter of the sub-conversion unit 330 cyclically shifts in the direction. Therefore, the 2-1 selector 2 14 and the 2-1 selector 2 15 select a signal related to one key from these two signals, but output the key to the sub-converter 330 when the output key (key KA) is generated. In this case, a key in which predetermined bits are cyclically shifted is always selected and output to the sub-transformer 330.
- the keys output from the 2-1 selector 214 and the 2-1 selector 2 15 are input to the sub-conversion unit 330 when the sub-conversion unit 330 is used when generating the output key (key KA), and the output key ( Key KA)
- the key is input to the 2-1 selector 2 12, and the key shifted cyclically right or left by 1 byte is input to the 2-1 selector 212.
- the key that is cyclically shifted to the right or left by 1 byte is input to the 2-1 selector 2 1 2 because the F function part is less than 1 such as 1 or 2 or 1Z4 or 1Z8 during data encryption / decryption processing. This is necessary if it is composed of a part that processes data. Details will be described later.
- the 8-1 selector 2 1 3 inputs the constants ⁇ 1 to ⁇ 4 divided into upper data and lower data, selects one signal from these 8 input signals, and selects the 2-1 selector 2 1 Input to 1.
- the 2-1 selector 2 1 1 selects one signal from the two input signals and outputs the selected signal to the main converter 320 as a key. Data encryption / decryption processing.
- FIG. 4 is a diagram showing the operation of the encryption / decryption processing of the data agitation unit 30.
- P plaintext or ciphertext
- P plaintext or ciphertext
- the input data P is input to the EXOR circuit 3 la, input to the key generation unit 20, and is exclusive with the secret key (128-bit length) output through the intermediate key generation unit 40 and the key schedule unit 210.
- the logical sum is taken.
- the secret key is first input to the intermediate key generation unit 40, selected by the 6-1 KL selector 220, and held in the key KL register 240 as an intermediate key (key KL). Is input to the key schedule section 210.
- the EXOR circuit 3 la and the EXOR circuit 3 lb use an exclusive logical operation unit of the sub-conversion unit 330. That is, as shown in FIG. 58, the input data is divided into the upper data of the upper pit and the lower data of the lower pit, and each of the divided data and the input key are divided by the data conversion unit 50.
- the exclusive OR is calculated by the EXOR circuit 55 and EXOR circuit 56 of the OR or the EXOR circuit 75 and the EXOR circuit 76 of the data inversion unit 70, and the output data is output from the key schedule unit 210.
- Data conversion is performed by main conversion section 320 and sub-conversion section 330 using any of the expanded keys.
- data conversion is performed alternately by a main conversion unit 320a, a sub-conversion unit 330a, a main conversion unit 320b, a sub-conversion unit 330b, and a main conversion unit 320c.
- the data converted in this manner is exclusive-ORed with the key output from the key schedule unit 210 by the EXOR circuit 31b of the sub-conversion unit 330, and is obtained as C (ciphertext or decrypted text). Output.
- Main conversion unit 3 performed in data agitation unit 30 in CAMEL LIA
- the data output from the EXOR circuit 31a is divided into upper data and lower data, and each is input to the main converter 320a.
- the main conversion unit 320a nonlinearly converts each input data, and uses the converted lower data as upper data, and the converted upper data as lower data, that is, as shown in FIG.
- the high-order data and the low-order data are exchanged and input to the sub-conversion unit 330a.
- the sub-transformer 330 a linearly transforms the input data.
- the main conversion section 320b and the sub conversion section 330b repeat the processing of the main conversion section 320a and the sub conversion section 330a, and the main conversion section 320c again executes the main conversion section. Repeat the same process as for 320a.
- the output data from the main conversion unit 320c is obtained by taking the exclusive OR of the output data after the repetition by the EXOR circuit 311b and the key data output from the key schedule unit 210, and outputting the result as C. Power.
- 31b uses an exclusive logical operation unit included in the sub-conversion unit 330, like the EXR circuit 31a.
- the main conversion section 320a, main conversion sections 320b and 320c perform data conversion by repeating the processing using the same main conversion section 320.
- the main conversion section 320a, the main conversion section 320b, and the main conversion section 320c having the same internal configuration are separately provided. The same applies to the sub-conversion units 330a and 330b.
- the main conversion unit 320 has a one-stage F function processing part, and when performing data conversion processing using six stages of F functions as shown in FIG. By repeating the processing by 6 times, it is possible to complete the data conversion processing by the 6-stage F function.
- FIG. 1 the path from the main converter 3 2 0 through the selector 3 1 0 and the arithmetic register 3 5 0 to return to the main converter 3 2 0 is used six times repeatedly to use the main converter 3 2 0 Means that the data conversion processing by the six-stage F function is completed. Therefore, in the related art shown in FIGS. 56 and 60, a “path for inputting output data from the main conversion unit 320 to the selector 310” was required.
- the sub-conversion unit 330 since the sub-conversion unit 330 has a transfer function as described later, the output data from the main conversion unit 320 is To be input to the selector 310. Therefore, in the data conversion apparatus of the present embodiment, by using “the path in which the output data from the main conversion unit 320 is transferred by the sub-conversion unit 330 and input to the selector 310”, The "path for inputting output data from the main converter 320 to the selector 310" becomes unnecessary. Main conversion processing-Main conversion unit 3 2 0.
- main conversion section 320 The internal configuration and operation of main conversion section 320 have been described above with reference to FIGS. 57 and 61.
- the structure of the main conversion unit 320 that is, the input data is divided into upper data of the upper bit and lower data of the lower bit, and the divided upper data and lower data are divided. Either one is nonlinearly transformed by the F-function, and the data to be input to the F-function is generated from either the upper-order data or the lower-order data and the other one of the upper-order data and the lower-order data that are nonlinearly transformed
- the FEISTEL structure is called a FEISTEL structure, which divides the generated data into upper data and lower data as the input data and repeats the conversion using the F function.
- FIG. 5 is a diagram showing the internal configuration and operation of the F function unit 3221.
- the input data is exclusive-ORed with the expanded key by the EXOR circuit 323, divided into eight, and input to the S function 324.
- the expanded key is a key obtained by combining the output key (key KA) and the intermediate key (key KL) generated from the secret key by the intermediate key generation unit 40. If the private key is 1 2 8 bits long In the case of CAMELL IA, the expanded key is 256 bits.
- the intermediate key (key KL) is divided into the upper bit key KLH and the lower pit key KLL.
- the output key (key KA) is divided into the upper bit key KAH and the lower bit key KAL.
- the S function 324 is a function (S i to S 4 ) obtained by combining the inverse operation of GF (2 8 ) and the affine transformation, and performs non-linear conversion in byte units.
- the converted and output data is input to the P function 325, which is output after the data is agitated by the P function 325 which performs linear conversion.
- the part where the F function part processes 1/2 of the F function consists of the EXOR circuit 3 2 3 and four S boxes from S 4 324 e to 324 h and the P function part of about half of Fig. 5. . From these configurations, first, 1Z2 processing of data conversion processing for one stage of the F function is performed. Next, the same processing is performed again to complete the processing for one stage of the F function. In the first process, as described above in the key scheduler 210, a key and data that are cyclically shifted one byte to the right or left are used. A key and data that cyclically shifting the 1-byte left or right, the same effect as the shifting one byte the S box without changing the arrangement of S-boxes that are arranged from S E to S 4 be able to.
- FIG. 6 shows a data converter in which the main conversion unit 320 and sub conversion unit 330 in FIG. 1 are arranged in reverse. It is a structure and operation
- the sub-converter 330 has a transfer function. Then, the data is transferred to the main conversion unit 320 by transferring the data. Using such a path, the main conversion unit 320 can complete the overnight conversion process using the six-stage F function. Therefore, the “path for inputting the output data from the sub-conversion unit 330 to the selector 310” shown in FIGS. 56 and 60 is unnecessary.
- the intermediate key (key KL) output from the key KL register 240 is not directly input to the selector 310, and the path from the key KL register 240 to the key schedule section 210 is not transmitted. And is input to the sub-conversion unit 330 via the key schedule unit 210. When the key is input, the sub-transformer 330 transfers the input key to the main converter 320 using the transfer function.
- FIG. 7 shows that the main conversion unit 320 and the sub conversion unit 330 are compared with FIG. 1 and FIG. It is a diagram showing a data conversion device that is different in that it is arranged in parallel and that there is a selector 340 for selecting one output signal from two input signals. The same is true.
- the main conversion unit 320 and the sub-conversion unit 330 are arranged in parallel, so that the data is output from the main conversion unit 320 and the sub-conversion unit 330.
- a selector 340 for selecting one of the signals is required. The signal selected by the selector 340 and passed through the arithmetic register 350 and the P (plaintext or ciphertext) is selected by the selector 310 into the main converter 320 and the sub-converter. Input to the section 330.
- the output key (key KA) is generated, the intermediate key (key KL) output from the key KL register 240 is not directly input to the selector 310, and the output from the key KL register 240 is not performed.
- the path to the key schedule section 210 it is input to the sub-transform section 330 via the key schedule section 210.
- the sub-transformer 330 transfers the input key to the main converter 320 using the transfer function. Therefore, the "path for inputting the intermediate key (key KL) output from the key KL register 240 to the selector 310" shown in FIGS. 56 and 60 can be eliminated.
- FIG. 8 shows the intermediate key generation unit 40 6-1 selectors 220 and 6-1 K
- FIG. 3 is a diagram showing an internal configuration of an A selector 230.
- the intermediate key (key KL) held in the key KL register 240 in the intermediate key generation unit 40 is output to the key schedule unit 210 and again input to the 611 KL selector 220.
- the 6-1 KL selector 220 has a 6-1 selector 221 therein.
- the input intermediate key (key KL) is input to the 6-1 selector 221, and the intermediate key (key KL) is cyclically shifted by four different shift numbers. Input four signals to 6-1 selector 22 1.
- the intermediate key is 17 bits to the left, 15 bits to the left, 17 bits to the right, and 15 bits to the right. Conceivable.
- the 6-1 selector 221 selects one output signal from the six input signals and outputs the selected output signal. Have the signal stored at Key KL Regis 240 as a new intermediate key (Key KL).
- the method of generating a new output key (key KA) from an output key (key KA) is exactly the same as the method of generating a new intermediate key (key KL) from an intermediate key (key KL).
- FIG. 9 is a diagram illustrating another configuration example of the intermediate key generation unit 40.
- the selector shown by 4-1 selector 223 is shared as compared with FIG. That is, the intermediate key (key KL) output from the key KL register 240 and the output key (key KA) output from the key KA register 250 are input to the 2-1 selector 224, and the 2-1 selector 224 One key is selected from the keys, the selected key is cyclically shifted by four different shift numbers to generate four signals, and the four signals are input to the 411 selector 223.
- 4-1 Selector 223 outputs 1 Select one signal and output it to the 3-1 KL selector 222 or 3-1 KA selector 232.
- the 3-1 KL selector 222 selects one key from the key selected by the 4-1 selector 223, the secret key, and the intermediate key (key KL) held in the key KL register 240, and generates a new intermediate key. And stored in the key KL register 240.
- the IKA selector 232 determines one key from the key selected by the four-one selector 223, the generated output key (key KA), and the output key (key KA) held in the key KA register 250. Select and store it in the key KL register 240 as a new output key (key KA).
- FIG. 8 requires 10 in terms of a 2-1 selector
- the configuration shown in FIG. 9 requires only eight 2-1 selectors, so the intermediate configuration shown in FIG. Compared with the key generation unit 40, two 2-1 selectors can be reduced. In this way, it is possible to reduce the circuit scale.
- the configuration of the intermediate key generation unit 40 shown in FIG. 8 can be applied to the data converter of all the embodiments. Further, the configuration of the intermediate key generation unit 40 shown in FIG. 9 can also be applied to the data conversion devices of all the embodiments.
- Sub-conversion processing-sub-conversion unit 330 can be applied to the data conversion devices of all the embodiments.
- FIG. 10 is a diagram showing the internal configuration and operation of the sub-conversion unit 330.
- the transfer signals for transferring the key or data and the transfer signals The accompanying circuit has been added.
- the data normal conversion unit 50 has a function of transferring an input key.
- a transfer signal for transferring the key to the data normal conversion unit 50 is input, and the data normal conversion unit 50 to which the transfer signal is input transfers the input key according to the transfer signal.
- an FL key transfer signal and an FL mask signal are output.
- the data conversion unit 50 receives the FL key transfer signal and the FL mask signal output by the control unit 5.
- the FL key transfer signal is set to 0 and input to the AND circuit 51.
- the data to be encrypted and decrypted is also input to the AND circuit 51.
- the input data is suppressed by the AND circuit of the AND circuit 51 and becomes invalid. That is, no matter what value the input data takes, the output data of the AND circuit 51 becomes 0.
- the FL mask signal is input to the NOT circuit 52.
- the control unit 5 sets the FL mask signal to 0, so that the output signal of the NOT circuit 52 becomes 1, and the output signal of the R circuit 53 sets the input signal to 0 and 1, Outputs 1.
- the AND circuit 54 Since the AND circuit 54 inputs the value 1 output by the OR circuit 53 and the information of the key 1, the output data of the AND circuit 54 always becomes the key 1 itself.
- the key 1 output by the AND circuit 54 is cyclically shifted left by one bit and input to the EXOR circuit 55. Since the key 1 itself has been cyclically shifted right by one bit in advance in the key schedule unit 210 shown in FIG. 3, the key 1 output by the AND circuit 54 is transferred by being cyclically shifted left by one bit. The value of the original key 1 should be.
- the key 1 itself is output by the operation of the EXOR circuit 55. This is the lower bit of the output signal. Therefore, the data normal conversion unit 50 can output the key 1 as an output signal as it is by the FL key transfer signal and the FL mask signal. Similarly, the key 2 can be output by the FL key transfer signal and the FL mask signal. Are transmitted as output signals as they are. This operation will be described below.
- the FL mask signal is 0 as described above. Therefore, 0 and the key 1 output by the EXOR circuit 55 are input to the AND circuit 58, and 0 is always output.
- the key 2 is input to the EXOR circuit 56, and the exclusive OR with the upper data 0 output by the AND circuit 51 is obtained, so that the output is always the key 2. This is the upper bit of the output signal.
- the control unit 5 which controls the FL key transfer signal and the FL key mask signal, which are transfer signals, is not shown in FIGS. 11, 12, and 14 to 33, but is similar to that of FIG. This is controlled by the control unit 5.
- Sub-conversion processing 1 Sub-conversion unit 3 30-When the data inverse conversion unit 70 has a key transfer function.
- FIG. 11 is a diagram showing a case where the data reverse conversion unit 70 has a key transfer function.
- the AND circuit 71 receives the FL- 1 key transfer signal and data.
- the FL- 1 key transfer signal holds 0, so the data input to the AND circuit 71 is suppressed and invalidated, and the output data of the AND circuit 71 is Fixed to 0.
- the signals input to the AND circuit 73 are both 0, and the output data of the AND circuit 73 is fixed at 0.
- the OR circuit 74 outputs the key 3 because the output data 0 of the AND circuit 73 and the key 3 are input signals.
- the EXOR circuit 75 outputs the key 3 to input the upper bit 0 of the output data 0 from the AND circuit 71 and the key 3. This is the upper bit of the output signal.
- the value 1 obtained by inverting the FL- 1 mask signal 0 by the NOT circuit 72 and the key 3 are input, so that the OR circuit 78 outputs 1. Since the AND circuit 77 inputs the output data 1 and the key 4 from the OR circuit 78, the output of the AND circuit 77 becomes the key 4. Chain 4 is cyclically shifted left by one bit and input to EXOR circuit 76. Here also, key 4 is cyclically shifted to the right by 1 bit in advance by key schedule section 210 and input to data inverse transform section 70, so that it is cyclically shifted to the left by 1 bit to obtain the original key 4 Value.
- the EXOR circuit 76 receives the lower order pit of the output data of the AND circuit 71 .0 and the key 4, so that the EXOR circuit 76 outputs the key 4. This is the lower bit of the output signal.
- the data reverse conversion unit 70 keeps the input keys (key 3, key 4) as they are. It is possible to output.
- Sub-conversion processing One sub-conversion part 330
- One data normal conversion part 50 and data reverse conversion part 70 have a key transfer function.
- FIG. 12 is an internal configuration diagram of the sub-conversion unit 330 when the data normal conversion unit 50 and the data reverse conversion unit 70 have a function of transferring a key.
- the data normal conversion unit 50 has the same configuration and the same operation as the data normal conversion unit 50 of FIG. Therefore, the internal configuration and operation are omitted.
- the key path from the register 240 to the selector 310 is not required, and the key is input from the key KL register 240 to the sub-transformer 330 via the key scheduler 210 and the key is transferred.
- the transfer signal to be transmitted is input to the sub-conversion unit 330, and the key can be transferred to the selector 310 by the sub-conversion unit 330.
- the data converter can reduce the number of selectors as a whole.
- the data conversion device uses a function for generating an expanded key by the intermediate key generation unit 40, a main conversion unit 320, and a sub-conversion unit 330, in order to reduce the size.
- the function for performing the de-conversion is shared, but at this time, as shown in Fig. 56 and Fig.
- the key KL register 240 is input to the selector 310,
- the path of the intermediate key (key KL) input to the main conversion unit 320 through the operation register 350 is described as follows:
- the key schedule unit 210 is transmitted from the key L register 240
- the path of the intermediate key (key KL) which is transferred to the selector 310 by the sub-transformer 3330 via the sub-transformer 3350, An increase in the number of selectors can be suppressed.
- the input keys input in FIGS. 10 to 33 may be different keys or the same key.
- the FL key transfer signal and the FL- 1 key transfer signal may be the same signal.
- the FL mask signal and the FL- 1 mask signal may be the same signal.
- FIG. 13 is an internal configuration diagram of the sub-conversion unit 330 when the data normal conversion unit 50 has a function of transferring data.
- the control unit 5 inputs an FL data transfer signal to the data normal conversion unit 50 as a signal for transferring data.
- the FL data transfer signal input to the data normal conversion unit 50 has a value of 0. This signal is input to the AND circuit 59 and the AND circuit 60.
- the AND circuit 54 the upper bit of the input data and the key 1 are input to the AND circuit 54.
- the output data of the AND circuit 54 is unspecified depending on the value of the input data. However, even if data obtained by circulating the output data one bit to the left is input to the AND circuit 60, the other signal, the FL data transformer, is output. Since the spha signal has a value of 0, the output signal of the AND circuit 60 is 0 regardless of the value of the output signal of the AND circuit 54.
- the output data 0 of the AND circuit 60 is input to the EXOR circuit 55. Is exclusive-ORed with Since the output of the AND circuit 60 is 0, the EXOR circuit 55 outputs the lower bits of the input data and outputs the lower bits of the output signal.
- the output data of the EXOR circuit 55 becomes the input signal of the OR circuit 57 together with the key.
- the output signal of the OR circuit 57 is unspecified, but since the FL data transfer signal is fixed at 0, the output data of the AND circuit 59 is 0, and the EXOR circuit 56 outputs the upper bit of the input data. Since the exclusive OR with 0, which is the output data of the AND circuit 59, is taken, the upper bits of the input data are output and output as the upper data of the output signal.
- the data normal conversion unit 50 can output the input data as it is regardless of the key input.
- the data inverse transform unit 70 in FIG. 13 has the same configuration as the data inverse transform unit 70 shown in FIG. 57, and thus the description is omitted.
- Sub-conversion processing One sub-conversion unit 330-When the data inverse conversion unit 70 has a data transfer function.
- FIG. 14 shows an internal configuration diagram of the sub-conversion unit 330 when the data inverse conversion unit 70 has a data transfer function.
- the data reverse conversion unit 70 inputs an FL- 1 data transfer signal for transferring data.
- the AND circuit 79 outputs "0" regardless of the value of the output signal of the OR circuit 74. Therefore, in the EXOR circuit 75, the upper bits of the input data are output as they are, and become the upper data of the output signal. Further, since the FL- 1 data transfer signal is input to the AND circuit 80, the output signal of the AND circuit 80 becomes 0 regardless of the value of the output signal of the AND circuit 77. Therefore, the lower bits of the input data are output as they are by the EXOR circuit 76 and become the lower bits of the output signal. In this way, the data inverting section 70 transfers the data as it is as the output signal be able to.
- Sub-conversion processing 1-sub-conversion unit 3 3 0--when data normal conversion unit 50 and data reverse conversion unit 70 have a data transfer function.
- FIG. 15 is an internal configuration diagram of the sub-conversion unit 330 when the data normal conversion unit 50 and the data inverse conversion unit 70 have a data transfer function.
- the configuration of the data normal conversion unit 50 is the same as that of the data normal conversion unit 50 in FIG. 13, and the configuration of the data inverse conversion unit 70 is the same as that of the data inverse conversion unit 70 of FIG. It is. Therefore, the data normal conversion unit 50 and the data inverse conversion unit 70 shown in FIG. 15 can directly output the data input to each.
- the sub-conversion unit 330 has a function of transferring the input data as it is and inputting it to the selector 310, so that the output data of the main conversion unit 320 shown in FIG. No path to transfer to 0 is required.
- the non-linearity of one stage of F functions is As described above, it is necessary for the arithmetic register 350 to hold the intermediate data for a certain period in order to perform the conversion. This means that the main converter 320 needs its own loop path.
- the intermediate data output from the main converter 320 passes through the selector 310. This corresponds to a loop path output to the operation register 350.
- the above-mentioned loop path becomes unnecessary. That is, the intermediate data output from the main conversion unit 320 is transferred by the sub conversion unit 330, input to the selector 310, and the selector 310 selects the input intermediate data. Is sent to the main converter 320.
- the number of input signals to the selector 310 can be reduced compared to the number of input signals to the selector 310 shown in FIGS. Can be reduced or reduced.
- the data converters shown in FIGS. 6 and 7 do not require a path from the main converter 320 to the selector 310, which can reduce the size of the device and reduce the number of selectors. Power consumption can be reduced.
- the FL data transfer signal and the FL- 1 data transfer signal may be the same signal. Embodiment 3.
- FIG. 10 is an internal configuration diagram of the sub-transformer 330 when the data forward converter 50 has a key transfer function and a data transfer function, and the data inverse converter 70 has a key transfer function.
- the configuration and operation of the data inverse transform unit 70 are the same as those of the data inverse transform unit 70 having the key transfer function shown in FIG. 11, and thus the description is omitted here.
- the configuration of the data normal transform unit 50 The operation is a combination of the data normal conversion unit 50 having the key transfer function shown in FIG. 10 and the data normal conversion unit 50 having the data transfer function shown in FIG.
- the FL key transfer signal has a function of suppressing and invalidating the input data
- the FL mask signal has a function of passing the input key
- the FL data transfer signal has a function of invalidating the input key and passing the data through the data.
- the FL key transfer signal and the FL mask signal hold 0 as the transfer signal for transferring the key, data transfer cannot be performed, and the FL data transfer signal is used to transfer the data. 0 cannot be held as the transmission number.
- the FL data transfer signal holds 0 as a transfer signal for transferring data, the key cannot be transferred, so the FL key transfer signal and FL mask signal transfer the key. 0 cannot be held as a transfer signal.
- the data forward transform unit 5 0 The data reverse conversion unit 70 performs linear conversion processing of input data that should be performed originally. First, the operation of the data normal conversion unit 50 for transferring a key will be described. The data normal conversion unit 50 outputs 0 as the FL key transfer signal, Input 0 as the lock signal. Since the data is not transferred overnight, the FL data transfer signal remains at 1.
- the AND circuit 51 suppresses the data with the FL key transfer signal and invalidates the data.
- the key 1 passes through the AND circuit 54 as it is, is cyclically shifted left by one bit, and is input to the AND circuit 60. Since the FL data transfer signal is 1, key 1 passes through the AND circuit 60 as it is, and in the £ 1 circuit 55, the key 1 and the lower bit of the output data 0 output from the AND circuit 51 are exclusive. Key 1 is output as lower-order data of the output signal to obtain the logical OR.
- the key 2 passes through the OR circuit 57 with the 0 output from the AND circuit 58, passes through the AND circuit 59 with the FL data transfer signal, and outputs the output data 0 output from the AND circuit 51 with the EX EXR circuit 56. Since the exclusive OR with the upper bit is obtained, it also passes through the EXOR circuit 56 and becomes the upper data of the output signal. In this way, the data normal conversion unit 50 can transfer the keys (key 1 and key 2) as they are.
- the input signal of the FL data transfer signal is 0.
- the FL key transfer signal and the FL mask signal keep “1”.
- the AND circuit 51 passes the data, and the lower bits of the passed data are input to the EXOR circuit 55.
- the output of the AND circuit 60 since the input FL data transfer signal is 0, the output of the AND circuit 60 becomes 0. It is output as lower data of the signal.
- the output of the AND circuit 59 becomes 0 because the FL data transfer signal is 0, and the higher-order bit of the data input to the EXOR circuit 56 is output. Is output as higher-order data of the output signal through the EXOR circuit 56. In this manner, the data normal conversion unit 50 can transfer the data as it is.
- the key transfer signal which is an FL key transfer signal or FL- 1 key transfer signal
- the mask signal consisting of the FL mask signal and the FL- 1 mask signal transfer the key
- the FL data transfer signal is the data transfer signal. Transfer evening.
- Sub-conversion processing One sub-conversion unit 3 3 0 -Data normal conversion unit 50 has a key transfer function, and data reverse conversion unit 70 has a key transfer function and a data transfer function.
- FIG. 7 is an internal configuration diagram of a sub-conversion unit 330 of a conversion unit in which the conversion unit 50 has a key transfer function and the data inverse conversion unit 70 has a key transfer function and a data transfer function.
- the configuration and operation of the data normal conversion unit 50 are the same as those of the data normal conversion unit 50 having the key transfer function shown in FIG. Performs the same operation as the data normal conversion unit 50 shown in FIG. 16, and the details of the operation have already been described, and thus will be omitted.
- FIG. 18 is a configuration diagram of the sub-conversion unit 330 when the data normal conversion unit 50 and the data reverse conversion unit 70 each have a key transfer function and a data transfer function.
- the transfer operation performed by the data normal conversion unit 50 and the data inverse conversion unit 70 Is omitted because it has already been described.
- the data conversion device since both the data normal conversion unit 50 and the data reverse conversion unit 70 have a key transfer function and a data transfer function, the data conversion device performs advanced key and data transfer processing. be able to.
- the data conversion unit 50 has a key transfer function and a data transfer function
- the data inverse conversion unit 70 has a configuration of the sub-conversion unit 330 when neither of these transfer functions is provided.
- Sub-conversion processing-sub-conversion section 330-Data normal conversion section 50 has key transfer function and data transfer function
- data reverse conversion section 70 has data transfer function.
- the data normal conversion unit 50 has both a key transfer function and a data transfer function
- the data reverse conversion unit 70 has only a data transfer function.
- 26 is a configuration diagram of a sub-conversion unit 330 in the case of FIG.
- FIG. 9 is a configuration diagram of a sub-conversion unit 330 when the normal conversion unit 50 has a data transfer function and the data reverse conversion unit 70 has a key transfer function and a data transfer function.
- Sub-conversion processing One sub-conversion part 330
- One data normal conversion part 50 has a data transfer function
- data reverse conversion part 70 has a key transfer function.
- FIG. 23 is a configuration diagram of the sub-conversion unit 330 when the data normal conversion unit 50 has a data transfer function and the data reverse conversion unit 70 has a key transfer function. Each operation has been described above and will not be described. When the sub-conversion processing sub-conversion unit 330 and the data normal conversion unit 50 have a key transfer function and the data reverse conversion unit 70 has a data transfer function.
- FIG. 24 is a configuration diagram of the sub-conversion unit 330 when the data normal conversion unit 50 has a key transfer function and the data inverse conversion unit 70 has a data transfer function. Each operation has been described above and will not be described.
- Sub-conversion processing sub-conversion unit 3 3 0 1 data inverse conversion unit 7 0 and data normal conversion unit 5 0 is serially connected-when the data conversion unit 50 and the data conversion unit 70 have a data transfer function.
- the data reverse conversion unit 70 and the data normal conversion unit 50 are serially connected, the data reverse conversion unit 70 has a data transfer function, and the data normal conversion unit 50 also has a data transfer function.
- FIG. 25 the data reverse conversion unit 70 and the data normal conversion unit 50 are serially connected, the data reverse conversion unit 70 has a data transfer function, and the data normal conversion unit 50 also has a data transfer function.
- the data transferred by the data reverse conversion unit 70 is input to the data normal conversion unit 50, and is output as an output signal further transferred by the data normal conversion unit 50.
- this configuration is effective when data conversion is desired to be performed only by the data normal conversion unit 50 or only the data inverse conversion unit 70. Such an effect can be similarly exerted in the sub-conversion unit 330 shown in FIGS. 26 to 30 described later.
- Sub-conversion processing Sub-conversion unit 3 3 0 One-data normal conversion unit 50 and data inverse conversion unit 70 are serially connected One data normal conversion unit 50 and data inverse conversion unit 70 have a data transfer function If you have.
- FIG. 26 shows the configuration of the sub-conversion unit 330 when the data normal conversion unit 50 and the data reverse conversion unit 70 in FIG. 25 are switched upside down.
- FIG. 27 is a configuration diagram of a sub-conversion unit 330 in which a key transfer function is further added to the data normal conversion unit 50 of FIG.
- FIG. 28 shows the sub-conversion unit 33 when the data normal conversion unit 50 and the data inverse conversion unit 70 in FIG. 27 are switched upside down. The configuration of 0 is shown.
- FIG. 29 is a configuration diagram obtained by adding the key transfer function of the data inverse conversion unit 70 to the configuration shown in FIG.
- the configuration and operation of the data normal conversion unit 50 and the data inverse conversion unit 70 have been described above, and will not be described.
- Sub-conversion processing-sub-conversion unit 3 3 0 serial connection of data inverse conversion unit 70 and data normal conversion unit 50-data normal conversion unit 50 has data transfer function, data reverse conversion unit 70 Has a key transfer function and a data transfer function.
- Fig. 30 shows the sub-conversion unit 33 0 when the data normal conversion unit 50 and the data reverse conversion unit 70 in Fig. 29 are switched upside down. Is shown.
- the FL key transfer signal and the FL- 1 key transfer signal have a function of suppressing and invalidating input data, and the FL mask signal and the FL- 1 mask signal pass the input key. Has functions.
- the FL data transfer signal and the FL- 1 data transfer signal have a function of invalidating an input key and passing data.
- the above six signals are all transfer signals, and when these transfer signals are not input, as shown in the related art, the data normal conversion unit 50 and the data inverse conversion unit 70 are inherently Perform a linear transformation of the data to be performed.
- Sub-conversion processing One sub-conversion part 3 3 0
- One data normal conversion part 50 and data reverse conversion part 70 are serially connected
- One data normal conversion part 50 and data one-time reverse conversion part 70 have key transfer function and If you have a data transfer function.
- FIG. 62 includes the configuration of the data normal conversion unit 50 shown in FIG. 27 and the configuration of the data inverse conversion unit 70 shown in FIG. That is, the serially connected data normal conversion unit 50 and data inverse conversion unit 70 both have a key transfer function and a data transfer function.
- Sub-conversion processing Sub-conversion unit 3 3 0 One data inverse conversion unit 70 and data normal conversion unit 50 are serially connected-Data overnight conversion unit 50 and Data overnight conversion unit 70 are keys When it has a transfer function and a data transfer function.
- FIG. 63 shows the configuration of the sub-conversion unit 330 when the data normal conversion unit 50 and the data reverse conversion unit 70 in FIG. 62 are switched upside down.
- Embodiment 4 The internal configuration and operation are omitted because they have been described above. Embodiment 4.
- Sub-conversion processing sub-conversion section 330-1/2 When sub-conversion section 90 has a key transfer function and a data transfer function.
- FIG. 31 is a configuration diagram of the sub-conversion unit 330 when a key transfer function and a data transfer function are added to the 1Z2 sub-conversion unit 90.
- the switching signal is a signal for switching between the data normal conversion unit 50 and the data inverse conversion unit 70.
- the A signal is selected by the switching signal from the A signal and the E signal input to the 2_1 selector 99a, output as the output signal B, and the C signal and the F signal input to the 2-1 selector 99b.
- the C signal is selected by the switching signal from The sub-conversion unit 90 performs the same data conversion as the data conversion unit 50.
- the conversion unit 90 performs the same data conversion as the data inverse conversion unit 70.
- the operation shown in FIG. 31 is the same as the operation of the data normal conversion unit 50 shown in FIG. 18 . That is, the key transfer signal corresponds to the FL key transfer signal in Fig. 18, the mask signal corresponds to the FL mask signal in Fig. 18, and the data transfer signal corresponds to the FL data transfer signal in Fig. 18. I do.
- the 1/2 sub-conversion unit 90 can exhibit the function of the data normal conversion unit 50 in FIG.
- the keys key 1 and key 2
- the keys can be transferred by using the input key as an output signal. Note that these operations are the same as those of the data normal conversion unit 50 in FIG.
- the operation shown in FIG. 31 is the same as the operation of the data inverse conversion unit 70 shown in FIG. Becomes That is, the key transfer signal is It corresponds to the FL- 1 key transfer signal, the mask signal corresponds to the FL- 1 mask signal in Fig. 18, and the data transfer signal corresponds to the FL- 1 data transfer signal in Fig. 18.
- each circuit 98 corresponds to the AND circuit 71 (FIG. 18), 91 corresponds to the £ 0 shading circuit 76 (FIG. 18), 95 corresponds to the AND circuit 80 (FIG. 18), 10 1 is an AND circuit 7 7 (Fig. 18), 94 is an OR circuit 78 (Fig. 18), 96 is an AND circuit 73 (Fig. 18), 92 is an OR circuit 74 (Fig. 18), 97 is an AND circuit 7 9 (FIG. 18) and 93 correspond to the circuit 75 (FIG. 18).
- the 1Z2 sub-conversion unit 90 can exhibit the function of the data inverse conversion unit 70 in FIG. That is, when a key transfer signal is input while performing the inverse conversion of data, the key (key 3, key 4) can be transferred by using the input key as an output signal. Note that these operations are the same as those of the data inverse conversion unit 70 in FIG.
- Sub-conversion processing One sub-conversion unit 330-1Z 2 When the sub-conversion unit 90 has a data transfer function.
- FIG. 32 is a configuration diagram of the sub-conversion unit 330 when a data transfer function is added to the 1/2 sub-conversion unit 90.
- the 1/2 sub-converter 90 when the A signal is selected by the 2-1 selector 99a and the C signal is selected by the 2-1 selector 99b, the 1/2 sub-converter 90 outputs the data of FIG. It has the same function as the normal conversion unit 50. In this case, the data transfer signal corresponds to the FL data transfer signal.
- the E signal is selected by the 2-1 selector 99a according to the switching signal.
- the 1Z2 sub-converter 90 has the same function as the data inverse converter 70 in FIG. In this case, the data transfer signal corresponds to the FL- 1 data transfer signal.
- the 1/2 sub-conversion unit 90 converts the data and outputs the data without conversion when a transfer signal for transferring the data is input. This makes it possible to perform transfer processing.
- Sub-conversion processing One sub-conversion unit 330-1/2 When the sub-conversion unit 90 has a key transfer function.
- FIG. 33 is a configuration diagram of the sub-conversion unit 330 when a key transfer function is added to the 1/2 sub-conversion unit 90.
- the 1Z2 sub-converter 90 performs the data normal conversion shown in FIG. It has the same function as the unit 50.
- the key transfer signal and the mask signal correspond to the FL key transfer signal and the FL mask signal.
- the 1Z2 sub-conversion unit 90 When the E signal is selected by the 2_1 selector 99a and the F signal is selected by the 2-1 selector 99b by the switching signal, the 1Z2 sub-conversion unit 90 performs the data inverse conversion of FIG. It has the same function as the part 70.
- the key transfer signal and the mask signal correspond to the FL- 1 key transfer signal and the FL- 1 mask signal.
- the data conversion unit 50 and the data inverse conversion unit 70 are configured as a shared circuit.
- the 1Z2 sub-conversion unit 90 functions to transfer the key and transfers the data.
- the size of the sub-converter 330 can be reduced, and the increase in the number of selectors can be prevented by eliminating the need for the key path and data path as described above.
- the data conversion apparatuses that perform block ciphers disclosed in Embodiments 1 to 4 have been described centering around the configuration of CAMELL IA.
- the sub-converter 330 having the transfer function described above can be applied to a data converter that performs block encryption, such as CAMELL IA, MISTY, and KASUM I.
- the number of 2-1 selectors constituting the selector 310 can be one or two.
- 310 requires four 2-1 selectors to select one output signal from five input signals. Become.
- the data conversion device shown in FIG. 1, FIG. 6, or FIG. 7 it is possible to reduce the number of selectors constituting the data agitation unit 30 as compared with the data conversion device according to the related art. Furthermore, in the data conversion device shown in FIG. 7, one selector 340 is required because main conversion unit 320 and sub-conversion unit 330 are arranged in parallel.
- the selector 340 is composed of one 2-1 selector that inputs two output signals output from the main converter 320 and the sub converter 330 as input signals and selects one input signal from the two input signals. Have been. Therefore, in FIG. 7, the number of 2-1 selections required for the selector 310 and the selector 340 is two.
- CAMELL IA has a block length of 128 bits and a key length of 128 bits, 192 bits, and 256 bits can be used.
- the configuration of the algorithm is a FEI STEL structure having the above-mentioned features, and the encryption and decryption processes can be basically realized by the same hardware or software.
- the F function depends on the key length. For a 128-bit key, 18 stages (6 stages of the main conversion unit 320 in FIG. 34 X 3), and for 192 bits and 256 bits, FIG. 54 and FIG. As shown in the figure, there are 24 stages. 54 and 55 will be described later.
- FIG. 34 is a diagram showing an encryption process in the case of CAMEL LIA with a 128-bit key. That is, in Fig. 34, the main conversion unit 320 Then, data conversion (data encryption) is performed by the and the sub-conversion unit 330, and C ( ⁇ symbol) is output. In FIG. 34, FL (data normal conversion function) and FL- 1 (data reverse conversion function) are inserted every six stages of the F function.
- FIG. 34 The left side of FIG. 34 is the same as the operation described by the data agitating unit 30 of FIG. That is, the EXOR circuit 31 a and the EXOR circuit 3 lb in FIG. 4 correspond to the EXOR circuit 600 and the EXOR circuit 601 in FIG. 34, and are actually processed by the EXOR included in the sub-conversion unit 330.
- all the keys shown in FIG. 34 are keys that are scheduled and output by the key schedule unit 210 and input.
- FIG. 34 The right side of FIG. 34 is the same as the diagram shown in FIG.
- FIG. 35 shows a decryption process in the case of CAMEL LIA with a 128-bit key.
- FIG. 35 data conversion (data decryption) is performed on C (cipher text) by main conversion section 320 and sub-conversion section 330, and P (decrypted text) is output.
- C cipher text
- P decrypted text
- FIG. 36 is an internal configuration diagram of the F function of CAMELLIA.
- the inside of the F function of C AME LLIA has a SPN structure, and its data processing is basically performed in 8-bit units from input data (1) to input data (8), and from the S box It is formed by a linear transformation using exclusive OR (EXOR) called S function 324 and P function 325.
- EXOR exclusive OR
- input data (1) to input data (8) are input in units of 8 bits, and the input 64-bit input data is input in 8 bits from the key (1) to the key (8).
- the exclusive logic of the 64-bit key is output.
- the output data is input to S function 324 and G Non-linear conversion is performed in byte units by the S function 324 that combines the inverse operation of F (2 s ) and the affine transformation.
- the data is linearly converted by an exclusive OR by the P function 325, and the data is agitated through such an operation, and then output as output data (1) to output data (8).
- the data width of the F function of C AME LLIA is 64 bits.
- two sets of S boxes of S i to S 4 are added to the S function 324 (one set of S 2 , S 3 > S 4 from the bottom of FIG. 36 and S 2 , S 3 , S 4 , a set)
- F function EXOR of the key and the input data Isseki (exclusive OR), 4 types of S function (3 1 to 3 4) twice, and by calculation that by the P function 325 It realizes a non-linear conversion over time.
- C AME LLIA A typical operation of C AME LLIA is S BOX (inverse circuit + affine transformation on GF (2 8 )) S function 324 from Si to S 4 , P function 325, data normal transformation (FL) and data transformation Even inverse transformation (Since it is a FL function, it can be realized by a simple combination of Boolean algebras.
- FIG. 37 is a diagram showing the overall configuration and operation of CAMELL IA. If the input secret key is a 128-bit key, CAMELL IA internally expands it to 256 bits, and performs data encryption / decryption processing using the expanded key.
- the input secret key is a 192-bit or 256-bit key, it is internally expanded to 512 bits and used for data encryption / decryption. It will be described later.
- the entire algorithm of CAMELLIA is realized by the main conversion unit 320 repeatedly performing the same F function.
- the F function has the configuration shown in FIG.
- the data agitating section 30 performs an exclusive OR operation (EXOR) between the input data and the output data and the key, as shown in the EXOR circuit 31a and the EXOR circuit 31b in FIG. This is called wh i t e n i n g.
- EXOR exclusive OR operation
- a sub-conversion section having a data normal conversion (FL) and a data reverse conversion (FL- 1 ) is provided for each main conversion section 320 having six F-functions.
- a data conversion device that realizes the CAM ELL IA algorithm from the sub-conversion unit 330 with data normal conversion (FL) and data reverse conversion (FL- 1 ), P function 325, and four types of S-boxes You can see what you can do.
- the description transformation of z5 to z8 as zz2, zz3, zz4, zz1 is as follows.
- z 2 z 1-z 2 + z 4 + z z 1 + ⁇ ⁇ 2 + ⁇ ⁇ 4
- the P function can be configured with about half the circuit.
- a data conversion device using CAMELL IA will be described with reference to FIG. 37.
- a main conversion unit 320 and a sub-conversion unit 330 are arranged in parallel.
- the sub-conversion unit 330 has a data normal conversion unit 50 and a data reverse conversion unit 70.
- the main conversion section 320 has an F function section composed of a 1Z2 F function. If the main transform unit 320 is composed of an F function less than the F function, that is, a 1Z2 X (x ⁇ 1) F function, as described using the 1/2 F function in FIG. 61 as an example, one step Must hold the output result of the EXOR circuit 1 322a, which is the intermediate result between the processing by the F function part 1321a and the processing by the F function part 1321b.
- the circuit scale of the F function becomes Although decreasing, the number of circuits such as control circuits for controlling the loop and selectors for inputting keys to each F function increases.
- the circuit scale for the F function and the circuit scale for controlling the loop have a trade-off relationship.
- CAMELL IA In the case of CAMELL IA, as described above, a part of the main conversion unit 320 of the data agitation unit 30 is used for a function used to generate an output key (key KA). Therefore, also in this case, it is necessary to sufficiently consider the influence of the selector and the like added to use the F function of the data agitating unit 30, as described with reference to FIG. 36, the F function of the CAMELL IA is using twice the S box of four is used for 8-bit input and output (S ⁇ S 2, S 3 , S 4). Here, it is necessary to consider whether to implement eight S BOXes or four S BOXes and repeat twice.
- the circuit will be smaller by mounting 4 mm and repeating twice, rather than mounting eight S boxes.
- the F function part 321 of the data converter of CAMEL LIA can perform one data conversion by mounting eight S-boxes, but it can perform two data conversions by mounting four S-boxes. By repeating the data conversion, it is possible to perform the data conversion overnight, and any of them may be used. However, considering the circuit scale, it is preferable to repeat the data conversion twice.
- this sequence allows data to be encrypted and decrypted in 40 cycles of the intermediate key generation unit. realizable.
- Step 1 the sub-transformation unit 330 is used to calculate W i t e n i n g.
- step 2 the 1Z2 processing (1Z2 F function) of the F function is calculated using the main conversion unit 320.
- step 3 the main conversion unit 320 is used to calculate the 1-by-2 processing of the remaining F function (1/2 F function).
- steps 4 to 13 steps 2 to 3 are performed five times.
- step 14 data conversion is performed by calculating the data normal conversion (FL) and data reverse conversion (FL-1) functions of the sub conversion unit 330. Further, steps 2 to 14 are repeated in steps 15 to 27.
- steps 28 to 39 steps 2 to 13 are repeated.
- Step 40 the same Witennig as in Step S1 is calculated.
- Step 1 shows the operation by the EXOR circuit 31a in FIG. 4
- Step 40 shows the operation by the EXOR circuit 31b in FIG. That is, the EXOR circuit 3 la and the EXOR circuit 3 lb perform an operation using EXOR provided in the data normal conversion unit 50 and the data reverse conversion unit 70 provided in the sub conversion unit 330.
- the main conversion unit 320 Performs data conversion using a single F-function. The specific operation of this data processing will be described with reference to FIGS. 37 and 64.
- FIG. 64 is different from FIG. 61 in that a lower key is input first as an input key, and an upper key is input next to realize processing.
- the input data P (plaintext or decrypted text) is selected by the 2-1 selector 31 1 and divided into upper data and lower data.
- the upper data is Wh by the data normal conversion unit 50 of the sub conversion unit 330.
- the lower-order data is input to the data inverse converter 70 of the sub-converter 330, and is similarly whitened.
- the high-order data and low-order data that have been Whiten input are input to the 2-1 selector H340 and the 3-1 selector L342 of the 2-1 selector 340.
- the input data is selected by the 2-1 selector H 341 and the 3-1 selector L 342, and is held in the operation register H 351 and the operation register L 352.
- step 2 Next, the operation of step 2 will be described.
- the upper bit of the upper data held in the arithmetic register H 35 1 is input to the 2-1 selector 312, and the lower pit of the upper data is rotated by one byte and input to the 2-1 selector 3 1 2 Is done.
- the 2-1 selector 3 12 selects the lower-order bit that is rotated and shifted from the two pieces of input data, and outputs it to the main converter 320.
- each input data (5) to (8) can be applied to each S box and input as shown in FIG.
- the main conversion section 320 the upper half data conversion of the first stage shown in FIG. 64 is performed by the F function section 321 having the 1/2 F function.
- FIG. 64 In the data conversion by the F function part 1 321a shown in the following, the lower half bits of the input upper data are converted using the key 1L, and the converted data is sent to the EXOR circuit 1322a. Output.
- the EXOR circuit 1322a inputs the converted data output by the F function section 1321a, and performs an exclusive OR operation with the input lower data. That is, the output data (intermediate data) is input from the main converter 320 to the 3-1 selector L 342, and is held in the arithmetic register L 352.
- the upper data of P held in the arithmetic register H 351 passes through the 2-1 selector 3 1 1, and uses the data transfer of the sub conversion unit 330, for example, the data normal conversion unit 50. Then, the data is transferred overnight, and is passed through the 2-1 selector H341 from the arithmetic register H351 to the arithmetic register H351 again.
- step 3 Next, the operation of step 3 will be described.
- the overnight processing by the F function section 1321b in FIG. 64 is realized by the second cycle processing by the main conversion section 320 in FIG. That is, the 2-1 selector 312 selects the upper bit of the higher order data input to the 2-1 selector 312 without shifting by one pilot bit, and outputs it to the main converter 320.
- the data of the upper half of the higher-order data is nonlinearly converted by the F function part 1321b and output to the EXOR circuit 1322b.
- the main conversion section 320 outputs in the first cycle, and the intermediate data held in the arithmetic register L 352 is input to the main conversion section 320, so that Input to circuit 1322b.
- the output data after the exclusive OR is obtained by the EXOR circuit 1 322 b is selected by the 2-1 selector H 341 and held in the operation register H 351.
- the upper data of P is held in the calculation register L 352 via the 3-1 selector L 342. Obedience Therefore, the upper and lower data used for the second-stage data conversion process performed by the main conversion section 320 of FIG. 64 are held in the operation register H 351 and the operation register L 352. It will be.
- steps 4 to 13 steps 2 to 3 are performed five times. That is, the data conversion of the second stage is performed by the F function section 1 3 2 1 and the EXOR circuit 1 3
- the processing performed in two cycles that is, one cycle with 22c and one cycle with the F function part 1321d and the EXOR circuit 1322d corresponds to the processing of step 4 and step 5.
- the processing from the third stage to the sixth stage is performed in the same manner, but this corresponds to the processing from step 6 to step 13.
- step 14 The function of 3 2 1 1 is the same as the function of the F function section 3 2 1 in FIG. 37. Next, the processing of step 14 will be described.
- the high-order data and the low-order data after the processing of step 13 held in the arithmetic register H 3 51 and the arithmetic register L 3 52 are input to the 2-1 selector 3 1 1, selected, and The high-order data is input to the data normal conversion unit 50, and the low-order data is input to the data reverse conversion unit 70.
- the data normal conversion unit 50 and the data inverse conversion unit 70 linearly convert each input data, and the conversion data by the data normal conversion unit 50 is output to a 2-1 selector H 3 41.
- the converted data from the data inverse converter 70 is input to the 3-1 selector L 3 42, selected, and held in the operation register H 3 51 and the operation register L 3 52, respectively.
- step 15 to step 27 corresponds to the processing of the main conversion unit 320 and the processing of the sub conversion unit 330 in FIG.
- the processing from step 28 to step 39 corresponds to the processing of the main conversion unit 320 in FIG.
- step 40 as in step 1, W hiten inn is performed using the EXOR of the sub-conversion unit 330.
- the main conversion unit 320 and the sub-conversion unit 330 are arranged in parallel, so that they are arranged in series. As compared with, the cycle time of one cycle can be reduced, and the operating frequency can be improved.
- the data conversion device using CAMELLIA in which the main conversion unit 320 and the sub conversion unit 330 are arranged in series, as described above, when performing one data conversion by the F function in a plurality of cycles as described above, Since the data to be converted in one cycle is a part of the input data, a part of the converted data of the input data is held in the arithmetic register 350 and is sent to the sub-converter 330 after a certain period of time. Path in the data agitation unit 30 or a transfer path for transferring the main conversion unit 320 and sending it to the sub-conversion unit 330 after a certain period of time. Had to be provided.
- main conversion section 320 and sub conversion section 330 are arranged in parallel. Since they are arranged in a row, it is not necessary to add the above-described path or the transfer path function of the main conversion unit 320, and it is possible to suppress an increase in the circuit scale of the device. Furthermore, when the shared circuit of the data normal conversion unit 50 and the data inverse conversion unit 70 shown in FIG. 59 is used, the path of A ⁇ B ⁇ C ⁇ D ⁇ E ⁇ B ⁇ C It becomes a circuit. For this reason, when implementing an actual LSI, it is necessary to devise a device that does not become a transmission circuit due to the effects of signal racing and noise due to the difference in the propagation delay of the switching signal. Also, a circuit having such a loop circuit (FEEDBACK-LOOP circuit) has a problem that a logic synthesis tool cannot cope with it and logic synthesis is not performed efficiently.
- FEEDBACK-LOOP circuit has a problem that a logic synthesis tool cannot cope with it and logic synthesis
- the data normal conversion unit 50 and the data reverse conversion unit 70 of the sub conversion unit 330 are provided separately. For this reason, it has become possible to construct a data conversion device that does not cause the above-mentioned problems such as lasing.
- the key path from the key KL register 240 and the data path from the main conversion section 320 are unnecessary by using the key and data transfer function of the sub conversion section 330. can do. Therefore, it is possible to further reduce the size and power consumption of the data conversion device that performs the block processing of CAMELL IA.
- Embodiment 6 the key path from the key KL register 240 and the data path from the main conversion section 320 are unnecessary by using the key and data transfer function of the sub conversion section 330. can do. Therefore, it is possible to further reduce the size and power consumption of the data conversion device that performs the block processing of CAMELL IA. Embodiment 6.
- FIG. 38 is a configuration diagram of a CAMELL IA data conversion device according to the sixth embodiment.
- sub-conversion unit 330 is configured by a 1/2 sub-conversion unit 90 in which the data normal conversion unit 50 and the data inverse conversion unit 70 are shared circuits. For this reason, the 2-1 selector 2 15 and 4-1 selector in Figure 37 2 17 is unnecessary.
- the four selectors required for the 2-1 selector 215 and the 411 selector 217 and the key output by the 2_1 selector 215 are used as sub-selectors.
- the path input to the conversion unit 330 is not required. For this reason, the configuration of the key schedule unit 210 can be simplified, and the size of the data converter can be further reduced.
- FIG. 47 is a configuration diagram of a CAMEL LIA data converter according to the seventh embodiment.
- This embodiment is different from the configuration diagram of FIG. 37 in that the F function section 321 of the main conversion section 320 is composed of a 1-8 F function. That is, in the present embodiment, main conversion section 320 performs data conversion of one F function in eight cycles. Therefore, as compared with FIG. 37, the 2-1 selector 3 12 in FIG. 37 is changed to the 8-1 selector 3 15. Other configurations are the same as those in FIG. Embodiment 8.
- FIG. 48 is a configuration diagram of a CAMEL LIA data converter according to the eighth embodiment.
- the present embodiment is different from the embodiment shown in FIG. 47 in that 330 includes 12 sub-transformers 90. Therefore, the 2_1 selector 2 15 and the 4 ⁇ 1 selector 2 17 shown in FIG. 47 are not required.
- FIG. 49 is a configuration diagram of a CAMEL LIA data converter according to the ninth embodiment.
- the present embodiment is different from FIG. 37 in that the F function section 32 1 of the main conversion section 320 is composed of 14 F functions. Therefore, the 2-1 selector 3 12 in FIG. 37 is a 4-1 selector 3 16 in FIG. 4 — 1 Selector 316 Using the 16-bit input data selected by 316, the main conversion unit 320 performs data conversion of one cycle by performing 4-cycle data conversion by the F function unit 321. .
- Other configurations are the same as in FIG. Embodiment 10
- FIG. 50 is a configuration diagram of a CAMEL LIA data converter according to the tenth embodiment.
- sub-conversion section 330 includes 1/2 sub-conversion section 90. Therefore, as compared with FIG. 49, the 2-1 selector 2 15 and the 4_1 selector 2 17 are not required. Other configurations are the same as in FIG. Embodiment 1 1.
- FIG. 39 is a configuration diagram of a CAMEL LIA data converter according to the eleventh embodiment.
- the main conversion section 320 is configured by an F function section 321 having one F function. Accordingly, the main conversion unit 320 can perform the processing of one stage of the F function in one cycle, and thus the 2-1 selector 312 which is present in FIG. 37 is not required. Also, the 2-1 selector in Figure 37 The 2-1 selector 213 selects one constant from the four constants, and the 2-1 selector 213 has changed to the 4-1 selector 218. Embodiment 1 2.
- FIG. 40 is a configuration diagram of a CAME LLIA data converter according to the twelfth embodiment.
- a 2-1 selector 3 13 is added. This is because, because the sub-transformer 3 30 is composed of the 1Z2 sub-transformer 90, either the upper data or the lower data is selected from the data selected by the 2-1 selector 31 1. To do that.
- the 2-1 selector 312 is not required as in FIG. Further, the 2-1 selector 215 and the 4-1 selector 217 in FIG. 39 are not required.
- FIG. 41 is a configuration diagram of a CAMEL LIA data converter according to the thirteenth embodiment.
- the main conversion unit 320 does not repeat the F function unit 321 six times, but the main conversion unit 320 has six stages of F function units 321 in series and performs data conversion. Different in that. Therefore, in the present embodiment, the output signal of main conversion section 320 is increased by one. This is because the output data of the second-stage F function of the main conversion unit 320 is input to the 3-1 selector H343 and the 4-1 selector L344, and is output by the arithmetic register H351 and the arithmetic register L352. It is for holding. For this reason, the 3-1 selector H 343 There are three signals, and four-one selector L344 has four input signals.
- FIG. 42 is a configuration diagram of a CAMEL LIA data converter according to the fourteenth embodiment.
- FIG. 42 differs from FIG. 40 in that the main conversion section 320 includes an F function section having six stages of F functions in series, similarly to FIG. For this reason, as in the case of FIG. 41, the input signals of the 3_1 selector H 343 and the 4-1-1 selector L 344 are increased by one, and the 4-1-1 selector 500 and the 4-1-1 selector are different from those of FIG. It is necessary to provide four sets of selectors 501.
- the key scheduler 210 is also configured to supply the keys to the sub-transformer 330 and the main transformer 320 from the other selectors 411 and 3-1 selectors 502 and 504. I have. Note that three input signals are input to the 3_1 selector 504. Embodiment 1 5.
- FIG. 43 is a configuration diagram of a CAMEL LIA data converter according to the fifteenth embodiment.
- the present embodiment is different from FIG. 41 in that main conversion section 320 has F function section 321 having two stages of F functions. Therefore, as compared with FIG. 41, the 3-1 selector H343 and the 4-1 selector L 344 are replaced with the 2-1 selector H34 1 and the 3-1 selector L 342, and the 4-1 selector 500 and the 4-1 selector 501 are replaced. Eliminates the need for four sets of selectors
- FIG. 44 is a configuration diagram of a CAMEL LIA data converter according to the sixteenth embodiment.
- This embodiment is different from the embodiment of FIG. 42 in that F function section 321 provided in main conversion section 320 is composed of two-stage F functions. Therefore, the 3-1 selector H343 and the 4-1 selector L 344 in FIG. 42 are replaced by the 2-1 selector H 341 and the 3-1 selector L 342, and the 4-1 selector 500 and the 4-1 selector 501 are replaced with each other. Four sets of selectors are not needed.
- FIG. 45 is a configuration diagram of a CAMEL LIA data converter according to the seventeenth embodiment.
- F function section 321 of main conversion section 320 has three stages of F functions. Therefore, as compared with FIG. 41, four sets of selectors including the 411 selector 500 and the 411 selector 501 become unnecessary, and a 411 selector 505 is added instead. 4-1 The signal selected by the selector 505 is input to the main converter 320.
- Embodiment 1 8.
- FIG. 46 is a configuration diagram of a CAME LLIA data converter according to the eighteenth embodiment.
- the F function unit 321 of the main conversion unit 320 has three stages of F functions.
- sub-converting section 330 includes 1/2 sub-converting section 90 in the present embodiment.
- Other configurations are the same.
- FIG. 51 is a configuration diagram of the CAME LLIA data converter according to the nineteenth embodiment.
- the configuration of the intermediate key generation unit 40 is different from that of FIG. Since the configuration of the intermediate key generation unit 40 shown in the present embodiment is equivalent to the configuration of the intermediate key generation unit 40 shown in FIG. 37, the intermediate key generation unit 40 shown in FIG. It can be replaced with part 40.
- the 2-1 KL selector 29 1 inputs the input secret key and the intermediate key (key KL) held in the key KL register 240, selects one signal from the two input signals, The key is stored in the KL register 240.
- the 2-1 KA selector 292 inputs the output key generated by the intermediate key generation unit 40 and the output key (key KA) held in the key KA register 250.
- the 2-1 KA selector 292 selects one signal from the input two input signals, and the key KA register 250 holds the selected signal.
- 2-1 Selector 227 consists of key KL register 240 and key KA register 2
- One key is selected from the intermediate key (key KL) and the output key (key KA) held in 50 and output to the 8-1 selector 228.
- the 8-1 selector 228 converts the key selected by the 2-1 selector 227 into eight bits of 0, 15, 30, 30, 45, 60, 77, 94, and 1 1 as shown in FIG. To shift right or left cyclically. That is, if the number of cyclic shift pits is 0, no data is shifted. If the number of cyclic shift bits is 15, the 15-bit data is cyclically shifted right or left. Others are the same. As described above, eight signals are generated by cyclically shifting data, and the eight-to-one selector 228 selects and outputs one signal from the eight signals.
- the function similar to the function of the intermediate key generation unit 40 in FIG. 37 can be performed by the intermediate key generation unit 40 having the configuration of the present embodiment.
- the high-order half bits are KLH and the low-order half bits are KLL, and the key scheduler unit 210 2 ⁇ ;! Selectors 510 and 2-1 Input to selector 5 1 1.
- the 4-1 selector 216 and the 4-1 selector 217 in FIG. 37 can be replaced with the 2-1 selector 510 and the 2-1 selector 511 in the present embodiment.
- the intermediate key generation unit 40 shown in FIG. 52 requires 10 2-1 selectors in the same manner as the intermediate key generation unit 40 shown in FIG. 37, but the 2-1 selector 510 and 2-1 Since only two 2-1 selectors are required for the selectors 5 1 and 1, the 2-1 selector required for the intermediate key generators 40 and 2-1 selector 5 10 and the 2-1 selector 5 1 1 Is 12 in total.
- 10 2 _ 1 selectors are required, and 4 1 1 selectors 2 16 and 4 ⁇ ⁇ ⁇ ⁇ 1 selectors 217 require 6 ⁇ 1 1 selectors. Therefore, the intermediate key generator 40 and the 4-1-1 selector
- the 2-1 selectors 216 and 4-1 selectors 2 17 need to be provided with a total of 16 selectors.
- the data converter of the present embodiment can reduce four 2-1 selectors as a whole.
- FIG. 52 is a configuration diagram of a CAMEL LIA data converter according to the twentieth embodiment.
- sub-conversion section 330 includes 1Z2 sub-conversion section 90. Therefore, the 2-1 selector 2 15 and the 2-1 selector 5 11 shown in FIG. 51 are unnecessary in the present embodiment.
- Other configurations are the same as in FIG.
- the number of rotate shift bits shown in FIGS. 51 and 52 is the same as the number of cyclic shift bits. Embodiment 21.
- FIG. 34 and FIG. 35 shown in the description of the fourth embodiment show a process of performing an encryption process and a decryption process by CAMEL LIA using a key having a length of 128 bits.
- the configuration diagram of the data conversion device for all the embodiments is as follows.
- the present invention can also be applied to a CAME LLIA data conversion device that performs encryption / decryption processing based on not only a 28-bit key but also a 192-bit key and a 256-bit key.
- FIG. 53 is a diagram showing a process of generating a 192 pit key.
- keys KL and KR are intermediate keys, and keys KA and KB are output keys. Furthermore, since the key KL, key KR, key KA, and key KB are all 128 bits, they are added up to generate an expanded key of 512 bits.
- the key KL is 128 bits of the upper half bit of the input secret key
- the key KR is lower 128 bits.
- the key KL and the key KR are exclusive-ORed and input to a part of the main conversion unit 320 as shown in FIG.
- FIG. 53 corresponds to the right part of FIG. 2 showing a method of generating an extended key when the secret key is 128 bits long.
- the method of generating the output key KA from the input key on the left side of Fig. 53 is the same as the method of generating the output key KA shown in Fig. 2, except that the exclusive OR of the key KL and the key KR becomes the input key. It is.
- the process of generating the output key KB from the key KR on the right side of FIG. 53 does not exist in FIG. Therefore, the method of generating the output key (key KB) will be described.
- the lower 128 bits are used as the input key (key KR) and input to the main converter 320.
- the upper bit of the lower 128 bits uses the F function part 321a located at the first stage of the main converter 320. Is nonlinearly converted by the constant ⁇ 5 and output.
- the output data is exclusive-ORed with the lower bit of the input key (key KR) by the EXOR circuit 322a, and is input to the F function section 321b.
- the data is nonlinearly converted again by the constant ⁇ 6, and the exclusive OR is performed by the EXOR circuit 322 b between the converted data and the upper bits of the input key (key KR). The sum is taken.
- the converted data after the operation by the EXOR circuit 322 b is output as the upper 64 bits of the output key (key KB), and the data obtained by the operation by the EXOR circuit 322 a is the lower 64 bits of the output key (key KB). Output as evening.
- the output key (key KA and key KB) and the input key (key KL and key KR) generated in this way are converted from the intermediate key generation unit 40 to the key schedule unit 2 as a 512-bit expanded key.
- the key is sent to the key schedule section 210, and the key is scheduled by the key schedule section 210, which is used for data encryption / decryption.
- the secret key is 192 bits
- the upper 128 bits of the input secret key will be the key KL.
- the lower 64 bits of the input secret key are the upper 64 bits of the key KR.
- the lower 64 bits of the key KR are the upper 64 bits of the key KR, that is, the inverted lower 64 bits of the input secret key.
- the other key generation methods are the same as in the case where the secret key is 256 bits, and a description thereof will be omitted.
- FIG. 54 is a diagram showing the encryption processing of the 192 bit key and the 256 bit key CAMEL LIA.
- FIG. 55 is a diagram showing a CAME LLIA decryption process for a 192 pit key and a 256-bit key.
- Fig. 35 shows the CAMEL LIA decryption process for a 128-bit key.Comparing with Fig. 35, the number of main conversion units 320 and sub-conversion units 330 is increased to three. As in the case, the F function has 24 stages. The other configuration is the same as that of the CAMELL IA decryption process for the 128-bit key, and thus the description is omitted.
- All the embodiments described above can be applied to a 128-bit key data converter, a 192-bit key data converter, and a 256-bit key data converter.
- each operation of each component is related to each other, and the operation of each component can be replaced as a series of operations while taking into account the relation of the operations described above. . Then, by substituting in this way, an embodiment of the method invention can be obtained.
- an embodiment of a computer-readable recording medium recorded on the program can be provided.
- Embodiment of a program and computer reading recorded in the program All of the embodiments of the recording medium that can be used can be constituted by a program that can be operated by a computer.
- Each process in the embodiment of the program and the embodiment of the computer-readable recording medium on which the program is recorded is executed by the program.
- This program is recorded in the recording device, and is stored in the recording device. (CPU), and each flowchart is executed by the central processing unit.
- the recording device and the central processing unit are not shown.
- the software and programs of each embodiment may be realized by firmware stored in a ROM (READ ONLY MEMORY).
- the functions of the above-described program may be realized by a combination of software, firmware, and hardware.
- the size of the device can be reduced.
- power consumption can be reduced by reducing the number of gates in the entire circuit.
- the operating frequency can be improved.
- the sub-transformer can transfer the input data or the input key.
- One of the data normal conversion unit 50 and the data inverse conversion unit 70 can perform data data conversion, and the other of the data normal conversion unit 50 and the data inverse conversion unit 70 can transfer the input data or key.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
- Compression, Expansion, Code Conversion, And Decoders (AREA)
- Holo Graphy (AREA)
- Document Processing Apparatus (AREA)
Description
Claims
Priority Applications (9)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP03755263.5A EP1507247B1 (en) | 2002-05-23 | 2003-03-07 | Data conversion apparatus and data conversion method |
ES03755263.5T ES2565816T3 (es) | 2002-05-23 | 2003-03-07 | Aparato de conversión de datos y método de conversión de datos |
US10/514,637 US7639800B2 (en) | 2002-05-23 | 2003-03-07 | Data conversion device and data conversion method |
CN038088339A CN1647139B (zh) | 2002-05-23 | 2003-03-07 | 数据变换装置和数据变换方法 |
CA2485943A CA2485943C (en) | 2002-05-23 | 2003-03-07 | Data conversion apparatus and data conversion method |
AU2003211779A AU2003211779A1 (en) | 2002-05-23 | 2003-03-07 | Data conversion device and data conversion method |
DK03755263.5T DK1507247T3 (en) | 2002-05-23 | 2003-03-07 | Data converter and data conversion method |
KR1020047018842A KR100806468B1 (ko) | 2002-05-23 | 2003-03-07 | 데이터 변환 장치, 데이터 변환 방법 및 데이터 변환 프로그램을 기록한 컴퓨터 판독 가능한 기록 매체 |
NO20045596A NO337611B1 (no) | 2002-05-23 | 2004-12-22 | Fremgangsmåte og anordning for omforming av data |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2002148786A JP4128395B2 (ja) | 2002-05-23 | 2002-05-23 | データ変換装置 |
JP2002-148786 | 2002-05-23 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2003100751A1 true WO2003100751A1 (fr) | 2003-12-04 |
Family
ID=29561194
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2003/002689 WO2003100751A1 (fr) | 2002-05-23 | 2003-03-07 | Dispositif et procede de conversion de donnees |
Country Status (12)
Country | Link |
---|---|
US (1) | US7639800B2 (ja) |
EP (1) | EP1507247B1 (ja) |
JP (1) | JP4128395B2 (ja) |
KR (1) | KR100806468B1 (ja) |
CN (1) | CN1647139B (ja) |
AU (1) | AU2003211779A1 (ja) |
CA (1) | CA2485943C (ja) |
DK (1) | DK1507247T3 (ja) |
ES (1) | ES2565816T3 (ja) |
NO (1) | NO337611B1 (ja) |
TW (1) | TWI229299B (ja) |
WO (1) | WO2003100751A1 (ja) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101335985B (zh) * | 2007-06-29 | 2011-05-11 | 华为技术有限公司 | 安全快速切换的方法及系统 |
US11838402B2 (en) | 2019-03-13 | 2023-12-05 | The Research Foundation For The State University Of New York | Ultra low power core for lightweight encryption |
Families Citing this family (56)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7760874B2 (en) | 2004-07-14 | 2010-07-20 | Broadcom Corporation | Method and system for implementing FI function in KASUMI algorithm for accelerating cryptography in GSM/GPRS/EDGE compliant handsets |
US7623658B2 (en) * | 2004-08-23 | 2009-11-24 | Broadcom Corporation | Method and system for implementing the A5/3 encryption algorithm for GSM and EDGE compliant handsets |
US7627115B2 (en) * | 2004-08-23 | 2009-12-01 | Broadcom Corporation | Method and system for implementing the GEA3 encryption algorithm for GPRS compliant handsets |
US7627113B2 (en) * | 2005-02-08 | 2009-12-01 | Broadcom Corporation | Method and system for hardware accelerator for implementing f8 confidentiality algorithm in WCDMA compliant handsets |
WO2006098015A1 (ja) | 2005-03-16 | 2006-09-21 | Mitsubishi Denki Kabushiki Kaisha | データ変換装置及びデータ変換方法 |
JP2007199156A (ja) * | 2006-01-24 | 2007-08-09 | Sony Corp | 暗号処理装置、暗号処理装置製造装置、および方法、並びにコンピュータ・プログラム |
JP4790541B2 (ja) * | 2006-08-25 | 2011-10-12 | 日本電信電話株式会社 | ハッシュ関数回路及びその演算方法 |
JP4961909B2 (ja) * | 2006-09-01 | 2012-06-27 | ソニー株式会社 | 暗号処理装置、および暗号処理方法、並びにコンピュータ・プログラム |
JP5055993B2 (ja) * | 2006-12-11 | 2012-10-24 | ソニー株式会社 | 暗号処理装置、および暗号処理方法、並びにコンピュータ・プログラム |
JP5223245B2 (ja) * | 2007-06-25 | 2013-06-26 | ソニー株式会社 | 暗号処理装置、および暗号処理方法、並びにコンピュータ・プログラム |
US8959307B1 (en) | 2007-11-16 | 2015-02-17 | Bitmicro Networks, Inc. | Reduced latency memory read transactions in storage devices |
US8619976B2 (en) | 2007-12-13 | 2013-12-31 | Nec Corporation | Encryption method, decryption method, device, and program |
JP5272417B2 (ja) * | 2008-01-21 | 2013-08-28 | ソニー株式会社 | データ変換装置、およびデータ変換方法、並びにコンピュータ・プログラム |
US9729316B2 (en) | 2008-02-27 | 2017-08-08 | International Business Machines Corporation | Unified broadcast encryption system |
JP5200949B2 (ja) * | 2009-01-16 | 2013-06-05 | 富士通株式会社 | 暗号処理装置 |
US9317286B2 (en) * | 2009-03-31 | 2016-04-19 | Oracle America, Inc. | Apparatus and method for implementing instruction support for the camellia cipher algorithm |
US8665601B1 (en) | 2009-09-04 | 2014-03-04 | Bitmicro Networks, Inc. | Solid state drive with improved enclosure assembly |
US8447908B2 (en) | 2009-09-07 | 2013-05-21 | Bitmicro Networks, Inc. | Multilevel memory bus system for solid-state mass storage |
US8560804B2 (en) | 2009-09-14 | 2013-10-15 | Bitmicro Networks, Inc. | Reducing erase cycles in an electronic storage device that uses at least one erase-limited memory device |
JP5605197B2 (ja) | 2010-12-09 | 2014-10-15 | ソニー株式会社 | 暗号処理装置、および暗号処理方法、並びにプログラム |
JP5652363B2 (ja) * | 2011-03-28 | 2015-01-14 | ソニー株式会社 | 暗号処理装置、および暗号処理方法、並びにプログラム |
WO2012141189A1 (ja) * | 2011-04-11 | 2012-10-18 | 日本電気株式会社 | 暗号化方法、暗号化装置および暗号化プログラム |
US9372755B1 (en) | 2011-10-05 | 2016-06-21 | Bitmicro Networks, Inc. | Adaptive power cycle sequences for data recovery |
US9043669B1 (en) | 2012-05-18 | 2015-05-26 | Bitmicro Networks, Inc. | Distributed ECC engine for storage media |
US9423457B2 (en) | 2013-03-14 | 2016-08-23 | Bitmicro Networks, Inc. | Self-test solution for delay locked loops |
US9971524B1 (en) | 2013-03-15 | 2018-05-15 | Bitmicro Networks, Inc. | Scatter-gather approach for parallel data transfer in a mass storage system |
US9672178B1 (en) | 2013-03-15 | 2017-06-06 | Bitmicro Networks, Inc. | Bit-mapped DMA transfer with dependency table configured to monitor status so that a processor is not rendered as a bottleneck in a system |
US9858084B2 (en) | 2013-03-15 | 2018-01-02 | Bitmicro Networks, Inc. | Copying of power-on reset sequencer descriptor from nonvolatile memory to random access memory |
US9400617B2 (en) | 2013-03-15 | 2016-07-26 | Bitmicro Networks, Inc. | Hardware-assisted DMA transfer with dependency table configured to permit-in parallel-data drain from cache without processor intervention when filled or drained |
US9720603B1 (en) | 2013-03-15 | 2017-08-01 | Bitmicro Networks, Inc. | IOC to IOC distributed caching architecture |
US9798688B1 (en) | 2013-03-15 | 2017-10-24 | Bitmicro Networks, Inc. | Bus arbitration with routing and failover mechanism |
US9842024B1 (en) | 2013-03-15 | 2017-12-12 | Bitmicro Networks, Inc. | Flash electronic disk with RAID controller |
US9934045B1 (en) | 2013-03-15 | 2018-04-03 | Bitmicro Networks, Inc. | Embedded system boot from a storage device |
US9734067B1 (en) | 2013-03-15 | 2017-08-15 | Bitmicro Networks, Inc. | Write buffering |
US9501436B1 (en) | 2013-03-15 | 2016-11-22 | Bitmicro Networks, Inc. | Multi-level message passing descriptor |
US9430386B2 (en) | 2013-03-15 | 2016-08-30 | Bitmicro Networks, Inc. | Multi-leveled cache management in a hybrid storage system |
US10489318B1 (en) | 2013-03-15 | 2019-11-26 | Bitmicro Networks, Inc. | Scatter-gather approach for parallel data transfer in a mass storage system |
US9875205B1 (en) | 2013-03-15 | 2018-01-23 | Bitmicro Networks, Inc. | Network of memory systems |
US10148430B1 (en) * | 2013-04-17 | 2018-12-04 | Amazon Technologies, Inc | Revocable stream ciphers for upgrading encryption in a shared resource environment |
US9684580B2 (en) * | 2013-11-05 | 2017-06-20 | Ixia | Methods, systems, and computer readable media for efficient scrambling of data for line rate transmission in high speed communications networks |
JP2015130580A (ja) * | 2014-01-07 | 2015-07-16 | 富士通株式会社 | データスクランブル装置、セキュリティ装置、セキュリティシステム及びデータスクランブル方法 |
US10078604B1 (en) | 2014-04-17 | 2018-09-18 | Bitmicro Networks, Inc. | Interrupt coalescing |
US10042792B1 (en) | 2014-04-17 | 2018-08-07 | Bitmicro Networks, Inc. | Method for transferring and receiving frames across PCI express bus for SSD device |
US10025736B1 (en) | 2014-04-17 | 2018-07-17 | Bitmicro Networks, Inc. | Exchange message protocol message transmission between two devices |
US10055150B1 (en) | 2014-04-17 | 2018-08-21 | Bitmicro Networks, Inc. | Writing volatile scattered memory metadata to flash device |
US9811461B1 (en) | 2014-04-17 | 2017-11-07 | Bitmicro Networks, Inc. | Data storage system |
US9952991B1 (en) | 2014-04-17 | 2018-04-24 | Bitmicro Networks, Inc. | Systematic method on queuing of descriptors for multiple flash intelligent DMA engine operation |
JP6187624B1 (ja) * | 2016-03-17 | 2017-08-30 | 富士電機株式会社 | 情報処理装置、情報処理方法及びプログラム |
US10404459B2 (en) * | 2017-02-09 | 2019-09-03 | Intel Corporation | Technologies for elliptic curve cryptography hardware acceleration |
US10552050B1 (en) | 2017-04-07 | 2020-02-04 | Bitmicro Llc | Multi-dimensional computer storage system |
US10698839B2 (en) * | 2017-12-12 | 2020-06-30 | Western Digital Technologies, Inc. | Seed scrambling |
US10635400B2 (en) | 2017-12-12 | 2020-04-28 | Western Digital Technologies, Inc. | Seed generation |
CN112805769B (zh) * | 2018-10-04 | 2023-11-07 | 日本电信电话株式会社 | 秘密s型函数计算系统、装置、方法及记录介质 |
US11240022B1 (en) | 2019-04-11 | 2022-02-01 | Wells Fargo Bank, N.A. | Passive encryption rotation keys |
US11632231B2 (en) * | 2020-03-05 | 2023-04-18 | Novatek Microelectronics Corp. | Substitute box, substitute method and apparatus thereof |
CN114282469B (zh) * | 2021-12-24 | 2024-08-13 | 中国人民解放军国防科技大学 | 一种Camellia算法P函数的硬件电路及优化方法 |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH10172298A (ja) * | 1996-12-05 | 1998-06-26 | Mitsubishi Electric Corp | 半導体記憶装置 |
GB2321728B (en) * | 1997-01-30 | 2001-12-19 | Motorola Inc | Apparatus and method for accessing secured data stored in a portable data carrier |
JP3600454B2 (ja) * | 1998-08-20 | 2004-12-15 | 株式会社東芝 | 暗号化・復号装置、暗号化・復号方法、およびそのプログラム記憶媒体 |
US7184549B2 (en) * | 2000-01-14 | 2007-02-27 | Mitsubishi Denki Kabushiki Kaisha | Method and apparatus for encryption, method and apparatus for decryption, and computer-readable medium storing program |
SG124294A1 (en) * | 2000-03-09 | 2006-08-30 | Mitsubishi Electric Corp | Block cipher apparatus using auxiliary tranformation |
JP4457474B2 (ja) * | 2000-04-04 | 2010-04-28 | ソニー株式会社 | 情報記録装置、情報再生装置、情報記録方法、情報再生方法、および情報記録媒体、並びにプログラム提供媒体 |
DK1376922T3 (da) * | 2001-04-03 | 2014-10-27 | Mitsubishi Electric Corp | Krypteringsindretning |
JP2003067340A (ja) * | 2001-08-28 | 2003-03-07 | Mitsubishi Electric Corp | 認証の選択システム、認証システム |
US7986820B2 (en) * | 2001-10-19 | 2011-07-26 | Mitsubishi Electric Research Laboratories, Inc. | Method for comparing features extracted from images of fingerprints |
-
2002
- 2002-05-23 JP JP2002148786A patent/JP4128395B2/ja not_active Expired - Lifetime
-
2003
- 2003-02-19 TW TW092103375A patent/TWI229299B/zh not_active IP Right Cessation
- 2003-03-07 AU AU2003211779A patent/AU2003211779A1/en not_active Abandoned
- 2003-03-07 ES ES03755263.5T patent/ES2565816T3/es not_active Expired - Lifetime
- 2003-03-07 DK DK03755263.5T patent/DK1507247T3/en active
- 2003-03-07 KR KR1020047018842A patent/KR100806468B1/ko active IP Right Grant
- 2003-03-07 CN CN038088339A patent/CN1647139B/zh not_active Expired - Fee Related
- 2003-03-07 WO PCT/JP2003/002689 patent/WO2003100751A1/ja active Application Filing
- 2003-03-07 US US10/514,637 patent/US7639800B2/en not_active Expired - Fee Related
- 2003-03-07 EP EP03755263.5A patent/EP1507247B1/en not_active Expired - Lifetime
- 2003-03-07 CA CA2485943A patent/CA2485943C/en not_active Expired - Fee Related
-
2004
- 2004-12-22 NO NO20045596A patent/NO337611B1/no not_active IP Right Cessation
Non-Patent Citations (6)
Title |
---|
AKASHI SATOH ET AL.: "128 Bit block ango Camellia no kogata hardware architecture", 2002 NEN ANGO TO JOHO SECURITY SYMPOSIUM YOKOSHU, vol. 2, 29 January 2002 (2002-01-29), pages 595 - 598, XP002970445 * |
AKASHI SATOH ET AL.: "PARALLEL AND DISTRIBUTED PROCESSING AND APPLICATIONS: SECOND INTERNATIONAL SYMPOSIUM, WA 2004 PROCEEDINGS, HONG KONG, CHINA", 1 January 2001, SPRINGER, article "A Compact Rijndael Hardware Architecture with S-Box Optimization", pages: 239 - 254 |
AOKI K ET AL.: "THE 128-BIT BLOCK CIPHER CAMELLIA", IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS, COMMUNICATIONS AND COMPUTER SCIENCES, ENGINEERING SCIENCES SOCIETY, TOKYO, JP, vol. E85-A, no. 1, 1 January 2002 (2002-01-01), pages 11 - 24 |
KAZUMARO AOKI ET AL.: "128 Bit block ango Camellia no jisso hyoka", THE INSTITUTE OF ELECTRONICS, INFORMATION AND COMMUNICATION ENGINEERS, GIJUTSU KENKYU HOKOKU (ISEC 2000-68 TO 78), vol. 100, no. 324, 22 September 2000 (2000-09-22), pages 131 - 138, XP002942211 * |
See also references of EP1507247A4 |
TETSUYA ICHIKAWA, TOMOMI KASUYA, MITSURU MATSUI: "128 Bit block ango Camellia no kogata hardware jisso ni okeru ichihoho", THE INSTITUTE OF ELECTRONICS, INFORMATION AND COMMUNICATION ENGINEERS, GIJUTSU KENKYU HOKOKU (SST 2001-160 TO 217), vol. 101, no. 730, 12 March 2002 (2002-03-12), pages 121 - 126, XP002970446 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101335985B (zh) * | 2007-06-29 | 2011-05-11 | 华为技术有限公司 | 安全快速切换的方法及系统 |
US11838402B2 (en) | 2019-03-13 | 2023-12-05 | The Research Foundation For The State University Of New York | Ultra low power core for lightweight encryption |
Also Published As
Publication number | Publication date |
---|---|
DK1507247T3 (en) | 2016-03-29 |
JP4128395B2 (ja) | 2008-07-30 |
JP2003345244A (ja) | 2003-12-03 |
US20050226407A1 (en) | 2005-10-13 |
US7639800B2 (en) | 2009-12-29 |
KR20050004187A (ko) | 2005-01-12 |
EP1507247B1 (en) | 2016-02-24 |
NO337611B1 (no) | 2016-05-09 |
CN1647139B (zh) | 2011-09-14 |
NO20045596L (no) | 2005-02-18 |
CA2485943A1 (en) | 2003-12-04 |
AU2003211779A1 (en) | 2003-12-12 |
KR100806468B1 (ko) | 2008-02-21 |
CN1647139A (zh) | 2005-07-27 |
EP1507247A4 (en) | 2011-01-19 |
EP1507247A1 (en) | 2005-02-16 |
ES2565816T3 (es) | 2016-04-07 |
TWI229299B (en) | 2005-03-11 |
CA2485943C (en) | 2011-04-19 |
TW200307226A (en) | 2003-12-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4128395B2 (ja) | データ変換装置 | |
JP4127472B2 (ja) | データ変換装置及びデータ変換装置のデータ変換方法及びプログラム及びコンピュータ読み取り可能な記録媒体 | |
KR100435052B1 (ko) | 암호화장치 | |
JP2007041620A5 (ja) | ||
JP4025722B2 (ja) | データ暗号化のための方法および装置 | |
JPH10240500A (ja) | 乱数生成装置及び方法、暗号化装置及び方法、復号装置及び方法、並びにストリーム暗号システム | |
JP6052166B2 (ja) | 暗号化方法、暗号化装置および暗号化プログラム | |
JP5605197B2 (ja) | 暗号処理装置、および暗号処理方法、並びにプログラム | |
RU2359415C2 (ru) | Способ криптографического преобразования блоков цифровых данных | |
KR20160108861A (ko) | 경량 블록암호 lea 기반 암호화 및 복호화 장치 | |
JP5929757B2 (ja) | 暗号処理装置および暗号処理方法 | |
JP3748184B2 (ja) | 秘話通信装置 | |
KR20010107089A (ko) | 데이터 암호화 표준 알고리즘을 이용한 암호화 장치 | |
JPWO2002058037A1 (ja) | 暗号回路 | |
JPH0385835A (ja) | 巡回符号理論を用いた暗号化方式 | |
JPH10301489A (ja) | データ変換装置 | |
JP2009003312A (ja) | 暗号処理装置、および暗号処理方法、並びにコンピュータ・プログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AU CA CN KR MX NO SG US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 20038088339 Country of ref document: CN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2485943 Country of ref document: CA |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10514637 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2003755263 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020047018842 Country of ref document: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 1020047018842 Country of ref document: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 2003755263 Country of ref document: EP |