WO2014003117A1 - 暗号化装置、暗号化方法およびプログラム - Google Patents
暗号化装置、暗号化方法およびプログラム Download PDFInfo
- Publication number
- WO2014003117A1 WO2014003117A1 PCT/JP2013/067652 JP2013067652W WO2014003117A1 WO 2014003117 A1 WO2014003117 A1 WO 2014003117A1 JP 2013067652 W JP2013067652 W JP 2013067652W WO 2014003117 A1 WO2014003117 A1 WO 2014003117A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- memory
- data
- box
- table entry
- round key
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
- G09C1/00—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/24—Key scheduling, i.e. generating round keys or sub-keys for block encryption
Definitions
- the present invention is based on a Japanese patent application: Japanese Patent Application No. 2012-145470 (filed on June 28, 2012), and the entire contents of this application are incorporated in the present specification by reference.
- the present invention relates to an encryption device, an encryption method, and a program, and more particularly, to an encryption device, an encryption method, and a program based on a common key block cipher for concealing data during data communication and storage.
- Block encryption is known as a technique for concealing communication data and stored data.
- Typical block encryption algorithms include DES (Data Encryption Standard) and AES (Advanced Encryption Standard) described in Non-Patent Document 1.
- FIG. 7 is a block diagram illustrating an example of the configuration of the encryption device 110 that converts plaintext to ciphertext based on block cipher.
- the encryption device 110 includes a key schedule unit 111 and a data agitation unit 112.
- the key schedule unit 111 generates a round key from a secret key (cipher key).
- cipher key When the encryption apparatus 110 is realized by being implemented as software on a computer, the generated round key is held in a memory.
- the data agitation unit 112 agitates the plain text and the round key to generate a cipher text.
- the flow of encryption processing is as follows.
- the key schedule unit 111 operates at the time of starting the program operation or updating the secret key, and generates a round key from the secret key.
- the data agitation unit 112 performs the operation a number of times corresponding to the length of the plaintext during the encryption process.
- a substitution table called S-box (also referred to as a substitution table) is used.
- the S-box is a component that performs a non-linear operation, and is one of the components that form the basis of safety.
- Cryptographic security required for the S-box includes a difference probability, a linear probability, a Boolean algebraic degree, and the number of terms of an interpolation polynomial.
- a method for designing an S-box having good properties with respect to these items a method that combines a power operation on a Galois field and an affine transformation is known.
- an implementation method is employed in which the calculation results calculated in advance are stored in a table. When performing the encryption process, it is possible to obtain the calculation result by referring to the data before the calculation as a table index.
- key data round key
- An exclusive OR exclusive OR, hereinafter referred to as “XOR”
- XOR exclusive OR
- Equation 2 ⁇ is a symbol representing XOR.
- the key data k is generated from the secret key by the key schedule unit 111.
- r1 to r4 are registers, and data x is assigned to the register r1, the head address of the table S is assigned to the register r3, and the address of the round key k is assigned to the register r4.
- the key data k is loaded into the register r2 by the first LOAD instruction.
- x ⁇ k that is the XOR of the data x and the key data k is calculated, and the result is assigned to the register r1.
- (x ⁇ k) is added to the head address of the table S, and the result is stored in the register r1. By this addition, an address where the calculation result is stored is obtained.
- the operation result stored at the address r1 is loaded into the register r2 by the second LOAD instruction.
- Equation 3 As described above, in order to perform S-box reference, it is necessary to execute a series of four instructions shown in Equation 3.
- Microcomputers used in embedded systems often have lower functions than processors used in personal computers and servers. For example, functions such as instruction pipeline and out-of-order optimize the execution order of instructions and shorten the processing time in a high-performance processor. However, low-function microcomputers often do not have these functions. Therefore, when implementing cryptographic algorithms on a microcomputer, implementation with a reduced number of instructions is required.
- the objective of this invention is providing the encryption apparatus, encryption method, and program which solve this subject.
- the encryption device is: Round key generation means for generating a round key from a secret key; The start address of the S-box table of n (n ⁇ 2) bits arranged at the 2 m (m ⁇ n) bit boundary of the memory and the round key are added, and the obtained value is held as a table entry.
- Table entry generation means Data agitation means for agitating the data by referring to the S-box stored in the memory using an exclusive OR of the table entry and data as a table index;
- the encryption method is: A computer generating a round key from a secret key; The start address of the S-box table of n (n ⁇ 2) bits arranged at the 2 m (m ⁇ n) bit boundary of the memory and the round key are added, and the obtained value is held as a table entry. Process, And agitation of the data by referring to the S-box stored in the memory using an exclusive OR of the table entry and data as a table index.
- the program according to the third aspect of the present invention is: Processing to generate a round key from a secret key; The start address of the S-box table of n (n ⁇ 2) bits arranged at the 2 m (m ⁇ n) bit boundary of the memory and the round key are added, and the obtained value is held as a table entry. Processing, By referring to the S-box stored in the memory using the exclusive OR of the table entry and data as a table index, the computer is caused to execute the process of mixing the data.
- the program can be provided as a program product recorded on a computer-readable recording medium (non-transitory computer-readable storage medium).
- the encryption apparatus the encryption method, and the program according to the present invention, it is possible to reduce processing time when a block cipher that refers to a table is implemented by software.
- FIG. 1 is a block diagram showing an example of the configuration of an encryption device (10) according to the present invention.
- the encryption device (10) includes a key schedule unit (11) and data agitation means (12).
- FIG. 2 is a block diagram showing a detailed configuration of the key schedule unit (11) as an example.
- the key schedule unit (11) includes a round key generation unit (13) and a table entry generation unit (14).
- the round key generation means (13) generates a round key from the secret key.
- the table entry generating means (14) adds the head address (ST) of the n (n ⁇ 2) bit S-box table arranged at the 2 m (m ⁇ n) bit boundary of the memory and the round key. The obtained value is held as a table entry.
- the data agitation means (12) agitates the data by referring to the S-box stored in the memory using the exclusive OR of the table entry and the data as a table index.
- the table entry generating means (14) The start address (ST) of the S-box table on the first memory (ROM) and the round key may be added, and the obtained value may be stored in the second memory (for example, RAM) as a table entry.
- the data agitation means (12) uses the exclusive OR of the table entry and data stored in the second memory (RAM) as a table index, and stores the S ⁇ stored in the first memory (ROM). The data is agitated by referring to the box.
- the table entry generating means 15
- the S-box table is copied to the 2 m (m ⁇ n) bit boundary of the second memory (for example, RAM), and the first address (ST) of the S-box table on the second memory (RAM) and the round
- the value obtained by adding the key may be stored in the second memory (RAM) as a table entry.
- the data agitation means (12) uses the exclusive OR of the table entry and data stored in the second memory (RAM) as a table index, and stores the S ⁇ stored in the second memory (RAM). The data is agitated by referring to the box table.
- k ′ is the sum of the address of the S-box table and the key data k.
- Equation 4 it can be seen that the ADD instruction in Equation 3 can be reduced.
- the S-box table is referenced many times. For example, in the case of AES-128, 160 S-box table references are performed in one encryption process. That is, by reducing one instruction per S-box table reference, 160 instructions can be reduced by one encryption process. Therefore, according to the encryption device (10) of the present invention, the processing time when the block cipher that refers to the table is implemented by software can be greatly reduced.
- the value obtained by the operation A + (BBC) for the data A, B, and C is different from the value obtained by the operation (A + B) BC in which the operation order is changed between addition and XOR. .
- the addition instruction may cause a carry from the lower bit to the upper bit.
- the data width of data A is n A
- the data width of data B and C is n (n A > n).
- FIG. 1 is a block diagram showing an example of the configuration of an encryption device 10 according to this embodiment.
- the encryption device 10 includes a key schedule unit 11 and a data agitation unit 12.
- FIG. 2 is a block diagram illustrating a detailed configuration of the key schedule unit 11 as an example.
- the key schedule unit 11 includes a round key generation unit 13 and a table entry generation unit 14.
- the round key generation means 13 is implemented according to a method defined by the encryption algorithm, and generates a round key from the secret key.
- the table entry generation unit 14 generates a table entry from the start address ST of the S-box table arranged on the ROM and the round key generated by the round key generation unit 13, and stores the table entry in a RAM (Random Access Memory). .
- Non-Patent Document 1 AES-128 (Non-Patent Document 1) will be described as an example of the encryption algorithm.
- FIG. 3 shows the AES-128 encryption process.
- AddRoundKey exclusively ORs a 128-bit round key RK i (0 ⁇ i ⁇ 10) to 128-bit data.
- SubBytes divides 128-bit data into 16 8-bit data, and performs conversion by S-box.
- ShiftRows is a data transposition process in units of 8 bits.
- MixColumns performs an operation on 8-bit ⁇ 4 data using an MDS (Maximum Distance Separable) matrix. Details of the algorithm are described in Non-Patent Document 1.
- FIG. 4 shows the configuration of the round key generation means 13 for AES-128.
- FIG. 4 shows a procedure for generating RK i + 1 from the round key RK i (0 ⁇ i ⁇ 9).
- RK 0 a 128-bit secret key is set.
- the round key generation unit 13 inputs the round keys RK 0 to RK 10 to the table entry generation unit 14. As a delivery method, all the round keys RK 0 to RK 10 may be generated and then stored in the memory via the table entry generating means 14, or the table entry generating means every time the round key RK i is generated. 14 may be transferred.
- the table entry generation means 14 also receives the head address ST of the S-box referred to by SubBytes.
- the A-ES S-box is an 8-bit input / output, it is assumed that the head of the S-box is arranged on a 2 m- bit boundary (m ⁇ 8). That is, the lower m bits of the head address ST are 0. However, the length of the address ST itself is m + 1 bits or more.
- the table entry generation means 14 divides the round key RK i (0 ⁇ i ⁇ 9) into 8-bit units.
- the divided 8-bit round key is set as RK i j (0 ⁇ j ⁇ 15).
- the table entry generation means 14 adds RK i j and the head address ST to form a table entry (see FIG. 5).
- the generated table entry is stored on the RAM. However, since SubBytes does not exist after RK 10 's AddRoundKey, addition with the head address ST is not performed, and only RK 10 is stored.
- the head address of the n-bit S-box table referred to by the data agitation unit 12 is arranged at a 2 m (m ⁇ n) bit boundary on the ROM, and the key schedule unit 11 generates A value obtained by converting the head address of the table into the round key is stored in the RAM as a table entry.
- the data agitation unit 12 loads the data with the data added to the table entry as an address.
- the S-box table is referred to according to Equation 4, and the table can be referred to with a smaller number of instructions than when the S-box table is referred to according to Equation 3. Therefore, according to the encryption device 10, it is possible to greatly reduce the processing time when the block cipher that refers to the table is implemented by software.
- the encryption device according to the present embodiment includes a key schedule unit 11 and a data agitation unit 12 as in the configuration of the encryption device 10 according to the first embodiment (FIG. 1).
- FIG. 6 is a block diagram showing, as an example, a detailed configuration of the key schedule unit 11 in the encryption device of the present embodiment.
- the key schedule unit 11 includes a round key generation unit 13 and a table entry generation unit 15.
- an S-box table on a ROM Read Only Memory
- the table entry generating means 15 copies the S-box table on the ROM to the 2 m- bit boundary ST on the RAM.
- the table entry generating unit 15 generates a table entry from the head address ST of the S-box table copied on the RAM and the round key generated by the round key generating unit 13, and stores it on the RAM.
- the S-box table is referenced according to Equation 4, and compared with the case where the S-box table is referenced according to Equation 3.
- table reference can be performed with a small number of instructions. According to such an encryption apparatus, it is possible to greatly reduce the processing time when the block cipher that refers to the table is implemented by software.
- the encryption device can be applied to uses such as concealment of communication data such as a voice communication terminal and a data communication device, and encryption of data stored on a storage.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
Description
本発明は、日本国特許出願:特願2012-145470号(2012年6月28日出願)に基づくものであり、同出願の全記載内容は引用をもって本書に組み込み記載されているものとする。
本発明は、暗号化装置、暗号化方法およびプログラムに関し、特に、データの通信や蓄積の際にデータを秘匿するための共通鍵ブロック暗号に基づく暗号化装置、暗号化方法およびプログラムに関する。
S[256]={0x63,0x7C,0x77,…,0x16}
y=S[x○k]
LOAD r2,[r4]
XOR r1,r2
ADD r1,r3
LOAD r2,[r1]
秘密鍵からラウンド鍵を生成するラウンド鍵生成手段と、
メモリの2m(m≧n)ビット境界に配置されたn(n≧2)ビットのS-boxテーブルの先頭アドレスと前記ラウンド鍵とを加算して、得られた値をテーブルエントリとして保持するテーブルエントリ生成手段と、
前記テーブルエントリとデータとの排他的論理和をテーブルインデックスとして、前記メモリに格納された前記S-boxを参照することで、前記データを攪拌するデータ攪拌手段と、を備える。
コンピュータが、秘密鍵からラウンド鍵を生成する工程と、
メモリの2m(m≧n)ビット境界に配置されたn(n≧2)ビットのS-boxテーブルの先頭アドレスと前記ラウンド鍵とを加算して、得られた値をテーブルエントリとして保持する工程と、
前記テーブルエントリとデータとの排他的論理和をテーブルインデックスとして、前記メモリに格納された前記S-boxを参照することで、前記データを攪拌する工程と、を含む。
秘密鍵からラウンド鍵を生成する処理と、
メモリの2m(m≧n)ビット境界に配置されたn(n≧2)ビットのS-boxテーブルの先頭アドレスと前記ラウンド鍵とを加算して、得られた値をテーブルエントリとして保持する処理と、
前記テーブルエントリとデータとの排他的論理和をテーブルインデックスとして、前記メモリに格納された前記S-boxを参照することで、前記データを攪拌する処理と、をコンピュータに実行させる。
LOAD r2,[r4]
XOR r1,r2
LOAD r2,[r1]
第1の実施形態に係る暗号化装置について、図面を参照して詳細に説明する。図1は、本実施形態に係る暗号化装置10の構成を一例として示すブロック図である。図1を参照すると、暗号化装置10は、鍵スケジュール部11およびデータ攪拌手段12を備える。
第2の実施形態に係る暗号化装置について、図面を参照して詳細に説明する。本実施形態に係る暗号化装置は、第1の実施形態に係る暗号化装置10の構成(図1)と同様に、鍵スケジュール部11およびデータ攪拌手段12を備える。
11、111 鍵スケジュール部
12、112 データ攪拌手段
13 ラウンド鍵生成手段
14、15 テーブルエントリ生成手段
Claims (12)
- 秘密鍵からラウンド鍵を生成するラウンド鍵生成手段と、
メモリの2m(m≧n)ビット境界に配置されたn(n≧2)ビットのS-boxテーブルの先頭アドレスと前記ラウンド鍵とを加算して、得られた値をテーブルエントリとして保持するテーブルエントリ生成手段と、
前記テーブルエントリとデータとの排他的論理和をテーブルインデックスとして、前記メモリに格納された前記S-boxを参照することで、前記データを攪拌するデータ攪拌手段と、を備える、暗号化装置。 - 前記テーブルエントリ生成手段は、前記S-boxテーブルが第1のメモリの2m(m≧n)ビット境界に配置されている場合、前記第1のメモリ上における前記S-boxテーブルの先頭アドレスと前記ラウンド鍵とを加算して、得られた値をテーブルエントリとして第2のメモリに格納し、
前記データ攪拌手段は、前記第2のメモリに格納された前記テーブルエントリとデータとの排他的論理和をテーブルインデックスとして、前記第1のメモリに格納された前記S-boxを参照することで、前記データを攪拌する、請求項1に記載の暗号化装置。 - 前記テーブルエントリ生成手段は、前記S-boxテーブルが第1のメモリの2m(m≧n)ビット境界に配置されていない場合、前記S-boxテーブルを第2のメモリの2m(m≧n)ビット境界にコピーし、前記第2のメモリ上における前記S-boxテーブルの先頭アドレスと前記ラウンド鍵とを加算して、得られた値をテーブルエントリとして第2のメモリに格納し、
前記データ攪拌手段は、前記第2のメモリに格納された前記テーブルエントリとデータとの排他的論理和をテーブルインデックスとして、前記第2のメモリに格納された前記S-boxテーブルを参照することで、前記データを攪拌する、請求項1に記載の暗号化装置。 - 前記データ攪拌手段は、AES(Advanced Encryption Standard)のアルゴリズムに従って前記データを攪拌する、請求項1ないし3のいずれか1項に記載の暗号化装置。
- コンピュータが、秘密鍵からラウンド鍵を生成する工程と、
メモリの2m(m≧n)ビット境界に配置されたn(n≧2)ビットのS-boxテーブルの先頭アドレスと前記ラウンド鍵とを加算して、得られた値をテーブルエントリとして保持する工程と、
前記テーブルエントリとデータとの排他的論理和をテーブルインデックスとして、前記メモリに格納された前記S-boxを参照することで、前記データを攪拌する工程と、を含む、暗号化方法。 - 前記コンピュータが、前記S-boxテーブルが第1のメモリの2m(m≧n)ビット境界に配置されている場合、前記第1のメモリ上における前記S-boxテーブルの先頭アドレスと前記ラウンド鍵とを加算して、得られた値をテーブルエントリとして第2のメモリに格納し、
前記第2のメモリに格納された前記テーブルエントリとデータとの排他的論理和をテーブルインデックスとして、前記第1のメモリに格納された前記S-boxを参照することで、前記データを攪拌する、請求項5に記載の暗号化方法。 - 前記コンピュータが、前記S-boxテーブルが第1のメモリの2m(m≧n)ビット境界に配置されていない場合、前記S-boxテーブルを第2のメモリの2m(m≧n)ビット境界にコピーし、前記第2のメモリ上における前記S-boxテーブルの先頭アドレスと前記ラウンド鍵とを加算して、得られた値をテーブルエントリとして第2のメモリに格納し、
前記第2のメモリに格納された前記テーブルエントリとデータとの排他的論理和をテーブルインデックスとして、前記第2のメモリに格納された前記S-boxテーブルを参照することで、前記データを攪拌する、請求項5に記載の暗号化方法。 - 前記コンピュータが、AES(Advanced Encryption Standard)のアルゴリズムに従って前記データを攪拌する、請求項5ないし7のいずれか1項に記載の暗号化方法。
- 秘密鍵からラウンド鍵を生成する処理と、
メモリの2m(m≧n)ビット境界に配置されたn(n≧2)ビットのS-boxテーブルの先頭アドレスと前記ラウンド鍵とを加算して、得られた値をテーブルエントリとして保持する処理と、
前記テーブルエントリとデータとの排他的論理和をテーブルインデックスとして、前記メモリに格納された前記S-boxを参照することで、前記データを攪拌する処理と、をコンピュータに実行させる、プログラム。 - 前記S-boxテーブルが第1のメモリの2m(m≧n)ビット境界に配置されている場合、前記第1のメモリ上における前記S-boxテーブルの先頭アドレスと前記ラウンド鍵とを加算して、得られた値をテーブルエントリとして第2のメモリに格納し、
前記第2のメモリに格納された前記テーブルエントリとデータとの排他的論理和をテーブルインデックスとして、前記第1のメモリに格納された前記S-boxを参照することで、前記データを攪拌する処理を、前記コンピュータに実行させる、請求項9に記載のプログラム。 - 前記S-boxテーブルが第1のメモリの2m(m≧n)ビット境界に配置されていない場合、前記S-boxテーブルを第2のメモリの2m(m≧n)ビット境界にコピーし、前記第2のメモリ上における前記S-boxテーブルの先頭アドレスと前記ラウンド鍵とを加算して、得られた値をテーブルエントリとして第2のメモリに格納し、
前記第2のメモリに格納された前記テーブルエントリとデータとの排他的論理和をテーブルインデックスとして、前記第2のメモリに格納された前記S-boxテーブルを参照することで、前記データを攪拌する処理を、前記コンピュータに実行させる、請求項9に記載のプログラム。 - AES(Advanced Encryption Standard)のアルゴリズムに従って前記データを攪拌する処理を前記コンピュータに実行させる、請求項9ないし11のいずれか1項に記載のプログラム。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2014522679A JP6028798B2 (ja) | 2012-06-28 | 2013-06-27 | 暗号化装置、暗号化方法およびプログラム |
US14/411,595 US9571269B2 (en) | 2012-06-28 | 2013-06-27 | Encryption device, encryption method and program |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2012145470 | 2012-06-28 | ||
JP2012-145470 | 2012-06-28 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014003117A1 true WO2014003117A1 (ja) | 2014-01-03 |
Family
ID=49783254
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2013/067652 WO2014003117A1 (ja) | 2012-06-28 | 2013-06-27 | 暗号化装置、暗号化方法およびプログラム |
Country Status (3)
Country | Link |
---|---|
US (1) | US9571269B2 (ja) |
JP (1) | JP6028798B2 (ja) |
WO (1) | WO2014003117A1 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2017215518A (ja) * | 2016-06-01 | 2017-12-07 | 富士電機株式会社 | データ処理装置、データ処理方法及びプログラム |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9319878B2 (en) * | 2012-09-14 | 2016-04-19 | Qualcomm Incorporated | Streaming alignment of key stream to unaligned data stream |
KR101932680B1 (ko) | 2018-09-27 | 2018-12-26 | (주)아이엔아이 | 데이터를 안전하게 보호하는 암호화 키 생성 모듈 |
JP7383985B2 (ja) * | 2019-10-30 | 2023-11-21 | 富士電機株式会社 | 情報処理装置、情報処理方法及びプログラム |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3818263B2 (ja) * | 2003-01-28 | 2006-09-06 | 日本電気株式会社 | Aes暗号処理装置、aes復号処理装置、aes暗号・復号処理装置、aes暗号処理方法、aes復号処理方法、および、aes暗号・復号処理方法 |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3600454B2 (ja) * | 1998-08-20 | 2004-12-15 | 株式会社東芝 | 暗号化・復号装置、暗号化・復号方法、およびそのプログラム記憶媒体 |
WO2006020238A2 (en) * | 2004-07-16 | 2006-02-23 | Ns8 Corporation | Method and system for managing the use of electronic works |
KR100837270B1 (ko) | 2006-06-07 | 2008-06-11 | 삼성전자주식회사 | 스마트 카드 및 그것의 데이터 보안 방법 |
US20080019524A1 (en) * | 2006-06-29 | 2008-01-24 | Kim Moo S | Apparatus and method for low power aes cryptographic circuit for embedded system |
US8189792B2 (en) * | 2007-12-28 | 2012-05-29 | Intel Corporation | Method and apparatus for performing cryptographic operations |
US9336160B2 (en) * | 2008-10-30 | 2016-05-10 | Qualcomm Incorporated | Low latency block cipher |
US9014370B2 (en) * | 2012-12-09 | 2015-04-21 | Sandisk Technologies Inc. | High performance hardware-based execution unit for performing C2 block cipher encryption/decryption |
-
2013
- 2013-06-27 JP JP2014522679A patent/JP6028798B2/ja active Active
- 2013-06-27 US US14/411,595 patent/US9571269B2/en active Active
- 2013-06-27 WO PCT/JP2013/067652 patent/WO2014003117A1/ja active Application Filing
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3818263B2 (ja) * | 2003-01-28 | 2006-09-06 | 日本電気株式会社 | Aes暗号処理装置、aes復号処理装置、aes暗号・復号処理装置、aes暗号処理方法、aes復号処理方法、および、aes暗号・復号処理方法 |
Non-Patent Citations (2)
Title |
---|
JUNKO NAKAJIMA ET AL.: "Performance evaluation of block encryption algorithms on Core2", MITSUBISHI DENKI GIHO, vol. 82, no. 5, 25 May 2008 (2008-05-25), pages 27 - 30 * |
SEIICHI AMADA ET AL.: "Improvement of Fast Software Implementation of Block Ciphers : A New Algorithm Which Reduces the Number of Instructions in Functions Used in Block Ciphers", IEICE TECHNICAL REPORT, vol. 97, no. 71, 26 May 1997 (1997-05-26), pages 107 - 119 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2017215518A (ja) * | 2016-06-01 | 2017-12-07 | 富士電機株式会社 | データ処理装置、データ処理方法及びプログラム |
US10411881B2 (en) | 2016-06-01 | 2019-09-10 | Fuji Electric Co., Ltd. | Data processing apparatus, method for processing data, and medium |
Also Published As
Publication number | Publication date |
---|---|
US9571269B2 (en) | 2017-02-14 |
US20150163051A1 (en) | 2015-06-11 |
JPWO2014003117A1 (ja) | 2016-06-02 |
JP6028798B2 (ja) | 2016-11-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Rijmen et al. | Advanced encryption standard | |
US8966279B2 (en) | Securing the implementation of a cryptographic process using key expansion | |
US8634549B2 (en) | Ciphertext key chaining | |
US9515818B2 (en) | Multi-block cryptographic operation | |
US9189425B2 (en) | Protecting look up tables by mixing code and operations | |
TWI447683B (zh) | Information processing device | |
Muir | A tutorial on white-box AES | |
US20120170739A1 (en) | Method of diversification of a round function of an encryption algorithm | |
JP5704159B2 (ja) | ブロック暗号化装置、ブロック復号装置、ブロック暗号化方法、ブロック復号方法及びプログラム | |
US20130236005A1 (en) | Cryptographic processing apparatus | |
CN107257279B (zh) | 一种明文数据加密方法及设备 | |
US8675866B2 (en) | Multiplicative splits to protect cipher keys | |
US20120254625A1 (en) | Protecting states of a cryptographic process using group automorphisms | |
US10148427B2 (en) | Information processing apparatus, method for processing information, and medium | |
Gueron | Advanced encryption standard (AES) instructions set | |
JP6028798B2 (ja) | 暗号化装置、暗号化方法およびプログラム | |
Dolmatov | GOST R 34.12-2015: Block Cipher" Kuznyechik" | |
JP5652363B2 (ja) | 暗号処理装置、および暗号処理方法、並びにプログラム | |
US8774402B2 (en) | Encryption/decryption apparatus and method using AES rijndael algorithm | |
WO2022254511A1 (ja) | 暗号装置、方法、及びプログラム | |
JP2010256749A (ja) | ハッシュ値生成装置、ハッシュ値生成方法およびプログラム | |
JP2013205437A (ja) | 非線形関数S−boxの計算方法及び装置 | |
Shi et al. | On security of a white-box implementation of SHARK | |
Dooley et al. | The Machines Take Over: Computer Cryptography | |
JP5096794B2 (ja) | ストリーム暗号の暗号化装置、ストリーム暗号の復号化装置、自己同期型ストリーム暗号の暗号化装置、自己同期型ストリーム暗号の復号化装置、ストリーム暗号の暗号化方法、自己同期型ストリーム暗号の暗号化方法およびプログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13810257 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2014522679 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14411595 Country of ref document: US |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 13810257 Country of ref document: EP Kind code of ref document: A1 |