Cryptography – Communication system using cryptography – Time segment interchange
Reexamination Certificate
1998-04-22
2002-10-01
Hayes, Gail (Department: 2131)
Cryptography
Communication system using cryptography
Time segment interchange
Reexamination Certificate
active
06459792
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a cryptographic processing apparatus, a cryptographic processing method, and a storage medium storing a cryptographic processing program for encrypting or decrypting data which is to be subjected to cryptographic processing in units of blocks using secret keys, and especially to a cryptographic processing apparatus, a cryptographic processing program for improving security without greatly increasing hardware scale and processing time.
2. Description of the Prior Art
In recent years, as transferring of a variety of types of information and remittance by digital communication become widespread, there have been increasing needs for techniques which can improve security for protecting important information against attacks by third parties such as eavesdropping and information alteration. One technique for improving security is cryptography.
In communication systems using cryptography, an original communication text is referred to as “plaintext”, while a text converted from the plaintext, from which it is difficult for third parties to derive the plaintext, is referred to as “ciphertext”. Conversion from the plaintext to the ciphertext is referred to as “encryption”, while inverse conversion for restoring the original plaintext from the ciphertext is referred to as “decryption”.
The cryptographic content of ciphertext/plaintext is determined by an algorithm and a key which is a parameter of the algorithm. The algorithm specifies a conversion family composed of a plurality of conversions, while the key specifies one conversion out of the plurality of conversions in the conversion family. Generally, the algorithm corresponds to a fixed part in the apparatus, where the key is occasionally changed.
It is assumed that ciphertexts are apt to suffer from eavesdropping. An act by an unauthorized party such as an eavesdropper of decrypting a stolen ciphertext to obtain an original plaintext without the algorithm or the key is called “cryptanalysis”.
A third party who attempts to decrypt a ciphertext (hereinafter, “cryptanalyst”) does so in the assumption that the ciphertext is known.
A cryptanalysis method in which a secret plaintext or key is derived only from a ciphertext is called “ciphertext-only attack”. On the other hand, a cryptanalysis method in which a plurality of unspecified pairs of a ciphertext and a plaintext are used to determine a secret key, which is then used to obtain a plaintext corresponding to an arbitrary ciphertext, is called “known plaintext attack”.
The pseudo-random-number-sum-type cryptography is described below as an example.
In this cryptographic processing method, a transmitter and a receiver share the same secret key which is used by each device as a seed to generate a random number of a predetermined number of bits (hereinafter, “block”) in a random number generator, where the random number generators of both devices have the same algorithm. Then the transmitter generates a ciphertext by performing an exclusive-OR operation on the random number and a plaintext for each corresponding bit in units of blocks. On receiving thee ciphertext, the receiver generates the original plaintext by performing the an exclusive-OR operation on the random number and the ciphertext for each corresponding bit in units of blocks.
Here, when a block in the plaintext is represented as “M” a block in the ciphertext as “C”, the random number as “R”, and the exclusive-OR operation for each corresponding bit as “(+)”, the encryption can be described as the following “Formula 1”, the decryption as the following “Formula 2”:
C=M
(+)
R
(Formula 1)
M=C
(+)
R
(Formula 2)
A drawback with this cryptographic processing method is that, it is vulnerable against the “known-plaintext attack”.
For instance, when a pair of a plaintext and a ciphertext is known concerning one block, the random number R can be obtained by the following “Formula 3”, and as a result the whole plaintext can be obtained:
R−M
(+)
C
(Formula 3)
Accordingly, the cryptanalyst can decrypt the pseudo-random-number-sum-type ciphertext without difficulty by the known-plaintext attack.
Cryptographic processing methods which are relatively secure against the known-plaintext attack include Data Encryption Standard (DES) and Fast Data Encipherment Algorithm (FEAL). These methods are explained in detail in Eiji Okamoto
An Introduction to Encryption Theory
, published by Kyoritsu.
In these cryptography methods, data is intensely shuttled in units of block (64 bits per block). For example, in the DES algorithm, a process which combines transposition with substitution is repeated for sixteen stages.
Cipher Block Chaining mode (hereinafter, CBC mode) has been proposed in order to improve security or the DES methods against cryptanalysis and other unauthorized acts. The CBC mode is explained in detail in Nobuichi Ikeno and Kenji Koyama
Modern Encryption Theory
, published by Institute of Electronic Information and Communication (pp. 66-67).
FIG. 1
shows the construction of an encryption apparatus
30
which realizes the CBC mode.
The encryption apparatus
30
includes an exclusive-OR unit
301
, a data encryption unit
302
, and a register
303
.
The register
303
stores one ciphertext block which was obtained immediately before processing a present plaintext block. It should be noted that an initial value IV of one block is set in advance for encrypting a first plaintext block.
The exclusive-OR unit
301
performs, for each corresponding bit, an exclusive-OR operation on the immediately preceding ciphertext block which is stored in the register
303
and the present plaintext block to be encrypted, and sends the obtained data to the data encryption unit
302
. When encrypting the first plaintext block, an exclusive-OR operation is performed on the initial value IV and the first plaintext block for each corresponding bit.
The data encryption unit
302
encrypts the 64-bit data sent from the exclusive-OR unit
301
using the DES algorithm 64-bit key data.
Thus, the encryption apparatus
30
first performs an exclusive-OR operation on the initial value IV and the first plaintext block for each corresponding bit and encrypts the result using the 64-bit key data to obtain one ciphertext block. The encryption apparatus
30
then performs an exclusive-OR operation on the ciphertext block and a next plaintext block for each corresponding bit and encrypts the result to obtain another ciphertext block.
When a block in the plaintext is represented as “Mi”, a block in the ciphertext as “Ci” (i is a block number 2, 3, . . . ), the 64-bit key data as “K”, the encryption using the key data K as “Ek”, and the exclusive-OR operation for each corresponding bit as “(+)”, the CBC mode can be described by the following “Formula 4” and “Formula 5”:
C
1
=Ek
(
M
1(+)
IV
) (Formula 4)
Ci=Ek
(
Mi
(+)
Ci−
1)(
i=
2, 3) (Formula 5)
In the CBC mode, each Ci depends un all ciphertext data preceding Ci, so that statistical characteristics of the plaintext are disturbed. As a result, the CBC mode is relatively secure against cryptanalysis and other unauthorized acts.
A drawback with the DES methods, the FEAL methods, the CBC mode in the DES methods and the like is that an algorithm is known and the length of a key is limited, so that it is possible to discovery the proper key by performing decryption using every possible key in the known plaintext attack. It should be noted here that each key of 64 bits in the DES methods includes 8 parity bits, so that the valid key length is 56 bits. Accordingly, the number of possible keys is 2.
When, as in DES methods, the key is around 56 bits long, it is believed that it would be possible with current technology to succeed in decoding by trying all possible keys, though this would require a tremendous cost. However, if encryption is performed in a multilevel manner using a plurality of separate
Maruyama Masakatsu
Matsuzaki Natsume
Ohmori Motoji
Tatebayashi Makoto
Hayes Gail
Matsushita Electric - Industrial Co., Ltd.
Price and Gess
Seal James
LandOfFree
Block cipher using key data merged with an intermediate... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Block cipher using key data merged with an intermediate..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Block cipher using key data merged with an intermediate... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2991777