JP2001175167A - Ciphering method, deciphering method, and device therefor - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a method for ciphering and deciphering with higher secrecy and a device therefor permitting to set the number of involution steps according to whether speed is valued or encipherment strength is valued. SOLUTION: A key data storage part 105 stores a cryptographic key including the number of involution steps. The number of involution steps selection signal generating part 104 reads the cryptographic key from the key data storage part 105, and outputs a selection signal for selecting the number of involution steps. The number of involution steps control part 102 sets the number of involution steps of ciphering/deciphering algorithm part 101 by the selection signal. By the setting of the above, a ciphering/deciphering processing part 103 converts data of a plaintext or a ciphertext from a data input-output part 106 into a ciphertext or a plaintext and outputs it. It is possible to selectively set the number of involution steps in addition to the cryptographic key for ciphering/ deciphering by embedding the information on the number of involution steps in the cryptographic key, and this makes it possible to select an encipherment mode whether speed is valued or encipherment strength is valued, and the secrecy can be increased.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

TECHNICAL FIELD The present invention relates to an encryption system,
In particular, the present invention relates to an encryption and decryption method of a common key encryption method having an involution type (ladder type) structure.

[0002]

2. Description of the Related Art A common key cryptosystem is based on the premise that the encryption / decryption side originally possesses the same encryption key by key distribution. Information on the number of involution stages on the / decryption side is shared, and encryption processing is performed using the same involution stage configuration.

In the conventional involution type encryption system, a plaintext is divided into certain blocks, and a stirring process is performed by a plurality of round function units in block units. Also, in this encryption method, there is a method in which an encryption block chaining method is applied in order to increase the encryption strength (for example, JP-A-11-7239).

In any case, in an encryption system having an involution type structure, as the number of stages of the involution (round function) increases, the encryption strength, which is difficult to decipher, increases, but the processing speed increases. As the number of stages increases, it decreases, which is disadvantageous. Conventionally, regardless of the degree of importance of information to be encrypted in terms of security, encryption and decryption have been performed by a uniform encryption method for setting a fixed number of involution stages.

As described above, in the block cryptosystem of the involution type common key cryptosystem, the number of involution stages is fixedly set on the encryption side and the decryption side by an original method to perform encryption and decryption. It is composed.

[0006]

In the conventional involution type encryption system, encryption and decryption are performed by setting the number of involution stages to be used fixedly, but each stage function has the same configuration. Therefore, there is a tendency that the encryption strength is increased by increasing the round function part because the encryption strength is reduced in that the encryption strength is reduced. However, an increase in the number of involution stages causes a reduction in processing speed, and even when encryption / decryption is possible according to which of processing speed and encryption strength is important, the number of involution stages must be appropriately selected. There was a problem that can not be.

(Object of the Invention) An object of the present invention is to provide an encryption method and a decryption method capable of setting the number of stages of involution in encryption / decryption having an involution structure according to whether importance is attached to speed or encryption strength. It is to provide a method and an apparatus.

Another object of the present invention is to provide an encryption method, a decryption method and an apparatus having higher secrecy by setting the number of involution stages.

[0009]

According to the present invention, there is provided an encryption method comprising:
In an involution type encryption method using a common key cryptosystem for encryption and decryption, an encryption in which a plurality of encryption algorithms having different numbers of involution stages can be selected based on an encryption key including setting information of the number of involution stages. The apparatus sets an encryption algorithm for the number of involution stages and performs encryption using the encryption key. Further, the decoding method of the present invention
In an involution type decryption method using a common key cryptosystem for encryption and decryption, a decryption method in which a plurality of decryption algorithms of different numbers of involution stages can be selected based on an encryption key including setting information of the number of involution stages. A decryption algorithm for the number of involution stages is set by a device, and decryption is performed using the encryption key.

[0010] An encryption device according to the present invention includes a key data storage unit for storing an encryption key of a common key encryption system, reading an encryption key from the key data storage unit, detecting the number of involution stages in the encryption key, and detecting the number of involution stages. An involution stage number selection signal generating unit that outputs a selection signal for selecting a selection signal, and an encryption algorithm of the number of involution stages designated by the selection signal from a plurality of encryption algorithms of different involution stages that input the selection signal. And an encryption processing unit for converting plaintext data input by the selected encryption algorithm into ciphertext data and outputting the data. In addition, the decryption device of the present invention includes a key data storage unit that stores an encryption key of a common key encryption method, reads an encryption key from the key data storage unit, detects the number of involution stages in the encryption key, and determines the number of involution stages. An involution stage number selection signal generation unit that outputs a selection signal to be selected, and the selection signal is input, and a decoding algorithm of the number of involution stages designated by the selection signal is decoded from a plurality of different involution stage number decoding algorithms. And a decryption processing unit for converting ciphertext data input by the selected decryption algorithm into plaintext data and outputting the data.

(Operation) In a common key cryptosystem having an involution type structure, confidentiality is originally guaranteed, and information on the number of involution stages is incorporated in an encryption key shared between the encryption side and the decryption side. The number of involution stages is set based on the information. By embedding the information of the number of involutions in the encryption key, it is possible to select speed-oriented or encryption-strength-oriented according to the importance of the information to be encrypted and decrypted. In addition, it is possible to further enhance confidentiality.

[0012]

FIG. 1 is a block diagram showing an embodiment of an encryption method, a decryption method and an apparatus according to the present invention.

An encryption / decryption processing unit 103 comprising an encryption / decryption algorithm unit 101, an involution stage number control unit 102, and an involution stage number selection signal generation unit 10
4. It comprises a key data storage unit 105 and a data input / output unit 106. The functional outline of each part is as follows.

The key data storage unit 105 has a function of storing encryption key data (key data) including the sign of the number of involution stages. The involution stage number selection signal generation unit 104 reads the key data stored in the key data storage unit 105, detects the sign of the number of involution stages of the encryption key included in the key data, and selects an encryption / decryption algorithm. And a function of outputting the generated data to the encryption / decryption processing unit 103.

The encryption / decryption processing unit 103 inputs key data for encryption / decryption for encryption / decryption from the key data storage unit 105, and inputs and inputs data from the data input / output unit 106. It has a function of encrypting or decrypting data and outputting the data to the data input / output unit 106. The encryption / decryption processing unit 103 includes the encryption / decryption algorithm unit 10
1 and an involution stage number control unit 102. The involution stage number control unit 102 executes an algorithm executed by the encryption / decryption algorithm unit 101 based on the selection signal from the involution stage number selection signal generation unit 104. The encryption / decryption algorithm unit 101 has a function of executing a plurality of encryption / decryption algorithms having different numbers of involution stages, and encrypts data according to the algorithm specified by the involution stage number control unit 102. Perform decryption or decryption.

FIG. 2 is a diagram showing a configuration of an encryption / decryption algorithm unit according to the present embodiment. It shows an example of the configuration of an involution type (ladder type), and is configured to be able to select encryption / decryption for a plurality of involution stages.

The configuration of the involution type encryption system of the present embodiment is such that a function unit f which inputs a plaintext or ciphertext in block units and encrypts a half block thereof with an encryption key.
And an exclusive-OR operation with the other half block is used, and this inter-stage number portion is connected in a ladder shape, and the inter-stage number portion is set in units of four stage function units f × 4. Block 201-2
As 04, encryption / decryption is performed. A plurality of encryption / decryption algorithms of the encryption / decryption algorithm unit 101 are provided with a switch 205 in which each output from each interstage number block 201 to 204 is controlled by an involution stage number selection signal.
It is configured to switch according to.

FIG. 3 is a diagram showing an example of the contents of the encryption key (key data) and the selection setting of the number of involution stages. A setting bit for selecting the number of involution stages is provided in the (n + 1) -bit key data, and one of a plurality of encryption / decryption algorithms is set by the setting bit.

(Explanation of Operation) Next, the operation of the encryption method, the decryption method and the apparatus of this embodiment will be described with reference to the drawings.

The key data storage unit 105 stores an actual cipher /
The key data used before performing the decryption processing is stored. Here, the key data is composed of n + 1 bits from b0 to bn as shown in FIG. 3, the bits from b2 to bn are data of an involution type encryption / decryption algorithm, and b0 and b1 are the number of involution stages. Can be set.

In the present embodiment, as shown in FIG. 2, the number-of-stage blocks 201 to 20 are set in units of four stage functions f × 4.
4, the output of which can be selected by the switch 205, the bit data is (0, 0), (0, 1),
(1, 0) and (1, 1) make it possible to set the number of four involution stages, that is, four, eight, twelve and sixteen stages. Also, the data of the involution type encryption / decryption algorithm is changed from b0 to bn.
And b0 and b1 may also have information as bits specifying the number of involution stages.

Next, the involution stage number selection signal generating section 104 and the encryption / decryption processing section 103 read the key data stored in the key data storage section 105, respectively. The number-of-involution-stages selection signal generating unit 104
An involution stage number setting bit is extracted from the read key data to generate a selection signal, and the selection signal is sent to the involution stage number control unit 102.

The encryption / decryption processing unit 103 receives the key data and the selection signal, and the involution stage number control unit 102 controls an involution type control algorithm corresponding to the number of involution stages set by the selection signal. Set. Here, the number of involution stages is set identically on the encryption side / decryption side so that ciphertext can be extracted from plaintext and plaintext can be extracted from ciphertext.

Then, the encryption / decryption data is input via the data input / output unit 106 to the encryption / decryption processing unit 103 in which the control algorithm for the number of involution stages is configured. Output via the input / output unit 106.

(Other Embodiments) In the embodiment described above, the setting of the number of involution stages is performed by extracting the last two bits ("0" and "1") of the encryption key on the encryption / decryption side. Although it is configured to be used, any m (m <n) bits can be specified and determined in advance from the encryption key. Further, the bit for setting the number of involution stages can be a part of the encryption key or an independent dedicated bit.

In the above-described embodiment, the encryption / decryption processing unit 103 comprising the encryption / decryption algorithm unit 101 and the number of involution stages control unit 102 has a function of performing encryption and decryption, and performs data input / output. The unit 106 outputs the plaintext or ciphertext for conversion processing,
Although the function of inputting the ciphertext or the plaintext generated by the conversion processing is provided, the configuration may be such that each of the functions has an encryption function or a decryption function. Needless to say, the data input / output unit 106 can be configured to be independent of the data input unit and the data output unit. Further, the encryption / decryption algorithm unit 101
Is a series configuration composed of the same round function section, 4 stages, 8 stages.
A combination of different involution stages and different control algorithms, including cipher block chaining, non-cipher chaining block, etc. It is possible.

[0027]

According to the present invention, depending on the data to be handled in the encryption / decryption, a common key encryption is set depending on whether the processing speed is emphasized or the encryption strength is emphasized. Switching can be easily performed. That is, it is possible to select speed priority or encryption strength priority depending on the type of data to be handled.

Further, since the setting of the number of involution stages is performed using the encryption key, the number of involution stages is set at the same time by the setting of the encryption key, so that the confidentiality of the encryption can be sufficiently improved. .

Further, since the key data in the common key cryptosystem for possessing (key distribution) common key data on the encryption side and the decryption side includes the setting information of the number of involution stages, the key distribution system can be used. The advantage is that no new procedures or measures need to be added.

[Brief description of the drawings]

FIG. 1 is a diagram showing an embodiment of encryption and decryption of the present invention.

FIG. 2 is a diagram showing an encryption scheme having an involution type structure in an encryption / decryption algorithm unit according to the present embodiment.

FIG. 3 is a diagram illustrating an example of selection and setting of the contents of key data and the number of involution stages.

[Explanation of symbols]

 101 encryption / decryption algorithm unit 102 involution stage number control unit 103 encryption / decryption processing unit 104 involution stage number selection signal generation unit 105 key data storage unit 106 data input / output unit 201, 202, 203, 204 round function unit block 205 switching unit

Claims (4)

[Claims] 1. An involution type encryption method using a common key cryptosystem for encryption and decryption, wherein an encryption algorithm for a plurality of different involution stages is provided based on an encryption key including setting information of the number of involution stages. With the encryption device that can be selected, select and set the encryption algorithm for the number of involution stages,
An encryption method comprising performing encryption using the encryption key. 2. An involution type decryption method using a common key cryptosystem for encryption and decryption, wherein a plurality of different involution type decryption algorithms are based on an encryption key including setting information of the number of involution stages. A decryption method comprising: selecting a decryption algorithm for the number of involution stages by using a decryption device capable of selecting the decryption algorithm; and performing decryption using the encryption key. 3. A key data storage unit for storing an encryption key of a common key cryptosystem, and a selection signal for reading an encryption key from the key data storage unit, detecting the number of involution stages in the encryption key, and selecting the number of involution stages. An involution stage number selection signal generating unit to be output and the selection signal are input, and an encryption algorithm of the number of involution stages designated by the selection signal is selected from a plurality of encryption algorithms of different involution stages, and selected. An encryption device comprising: an encryption processing unit that converts plaintext data input by an encryption algorithm into ciphertext data and outputs the data. 4. A key data storage unit for storing an encryption key of a common key cryptosystem, and a selection signal for reading an encryption key from the key data storage unit, detecting the number of involution stages in the encryption key, and selecting the number of involution stages. An involution stage number selection signal generating section to be output, and the selection signal are input, and a decoding algorithm of the number of involution stages specified by the selection signal is selected from a plurality of different involution stage decoding algorithms and selected. A decryption processing unit for converting ciphertext data input by a decryption algorithm into plaintext data and outputting the data.