Cryptography – Communication system using cryptography – Data stream/substitution enciphering
Reexamination Certificate
1999-04-21
2003-05-27
Peeso, Thomas R. (Department: 2132)
Cryptography
Communication system using cryptography
Data stream/substitution enciphering
C713S179000, C713S193000
Reexamination Certificate
active
06570989
ABSTRACT:
This application is based on applications Nos. H10-116758 and H10-116759 filed in Japan, the contents of which are hereby incorporated by reference.
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a cryptographic processing apparatus for encrypting/decrypting data in units of blocks based on a secret key, a cryptographic processing method used in the cryptographic processing apparatus, and a storage medium storing a cryptographic processing program for the cryptographic processing method. The present invention especially relates to a cryptographic processing technique that realizes high-speed cryptographic processing by reducing the amount of substitution table data and the frequency of generation of substitution table data, without loss of security.
2. Description of the Prior Art
As communications of various kinds of information, such as remittance by digital communications, have become widespread in recent years, there has been the growing need for techniques that protect important messages against tapping and tampering by unauthorized third parties. A representative of such techniques effective for improving security is a technique called cryptography.
In communication systems using cryptography, the original message is called “plaintext”, the result of converting the plaintext so as to make it unintelligible to third parties is called “ciphertext”, the conversion for the plaintext is called “encryption”, and the reverse conversion for the ciphertext to recover the original plaintext is called “decryption”.
A pattern of encryption and decryption is determined by an algorithm and a key which is used as a parameter for the algorithm. The algorithm specifies a family of conversions, while the key specifies one of the conversions in the family. In general, the algorithm is unchanged in a cryptographic processing apparatus, while the key is occasionally changed in the apparatus.
It is assumed that ciphertexts are vulnerable to tapping. An act of decoding a captured ciphertext to obtain the original message by an attacker without knowledge of an algorithm and a key is called “cryptanalysis”.
Here, such an attacker (hereinafter “cryptanalyst”) performs cryptanalysis on the assumption that ciphertexts are known.
Cryptanalysis of deriving a secret plaintext or key only from a ciphertext is called “ciphertext-only attack”, whereas cryptanalysis of determining a secret key from arbitrary pairs of ciphertexts and plaintexts and specifying a plaintext corresponding to a given ciphertext is called “known-plaintext attack”.
<First Example of Conventional Techniques>
One example of conventional cryptosystems is the pseudorandom-number-add-type cryptography.
In this technique, the sender and the receiver each hold an identical secret key in secrecy and generate a random number of a predetermined bit length (hereinafter, “block”) using the secret key as a seed in a random number generator that contains an identical algorithm. During encryption the sender performs an exclusive-OR operation for corresponding bits in the random number and each block of a plaintext to generate a ciphertext. During decryption the receiver performs an exclusive-OR operation for corresponding bits in the random number and each block of the ciphertext to obtain the original plaintext.
Let “M” be each block of the plaintext, “C” be each block of the ciphertext, “R” be the random number, and “(+)” be an exclusive-OR operation for corresponding bits. The encryption and the decryption can be expressed respectively as
C=M
(+)
R
(Formula 1)
M=C
(+)
R
(Formula 2)
A drawback of this cryptography is that it is vulnerable to known-plaintext attack.
Suppose a pair of a plaintext block and a ciphertext block is known. The random number R can be derived using the following Formula 3, and as a result the other plaintext blocks can be obtained.
R=M
(+)
C
(Formula 3)
Thus, cryptanalysts can easily decode pseudorandom-number-add-type ciphertexts by known-plaintext attack.
<Second Example of Conventional Techniques>
On the other hand, cryptosystems such as the Data Encryption Standard (DES) and the Fast Data Encipherment Algorithm (FEAL) are relatively secure against known-plaintext attack. For details on these methods, see Eiji Okamoto
An Introduction to Encryption Theory
, published by Kyoritsu.
In these cryptosystems, data is divided into blocks of 64 bits and intensely shuffled in units of blocks. In the case of the DES algorithm, a data shuffling process which combines transposition with substitution is repeated for sixteen stages for each block.
One example of the block ciphers represented by DES and FEAL is the Blowfish cipher (for details on this cipher, see Bruce Schneier “Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish)” in Ross Anderson (ed.)
Fast Software Encryption
, Lecture Notes in Computer Science, vol. 809, pp.191-204, published by Springer-Verlag).
The following is a description of the Blowfish cipher.
FIG. 1
shows the configuration of a data encrypting apparatus that uses the Blowfish cipher.
In the figure, a data encrypting apparatus
3010
is roughly composed of a data shuffling unit
3011
, a stage number controlling unit
3012
, a subkey generating unit
3013
, and a substitution table data generating unit
3014
.
The substitution table data generating unit
3014
generates 32K-bit substitution table data (1024 table values that are each 32 bits long) from 64-bit input key data according to a substitution table data generating algorithm. The substitution table data generating algorithm is not a main feature of the present invention and so its explanation is omitted here.
The subkey generating unit
3013
generates 256-bit data from the 64-bit input key data according to a subkey generating algorithm and divides the 256-bit data into eight sets of 32-bit subkey data SK
0
~SK
7
. Since the subkey generating algorithm is not a main feature of the present invention, its explanation is omitted here.
The data shuffling unit
3011
performs data shuffling for 64-bit input plaintext data (hereinafter “plaintext block”) using the 32K-bit substitution table data generated by the substitution table data generating unit
3014
and 32-bit subkey data generated by the subkey generating unit
3013
, and outputs obtained 64-bit data. In general, data shuffling is repeated 16 times to generate 64-bit ciphertext data (hereinafter “ciphertext block”).
The stage number controlling unit
3012
controls the number times data shuffling is performed by the data shuffling unit
3011
to generate a ciphertext block from a plaintext block. The stage number controlling unit
3012
counts the number of times data shuffling is performed for each plaintext block. If the counted number is less than a predetermined number, the stage number controlling unit
3012
inputs output data of the data shuffling unit
3011
in the data shuffling unit
3011
. If the counted number reaches the predetermined number, the stage number controlling unit
3012
outputs the output data as a ciphertext block.
Here, subkey SK
0
is used to perform first data shuffling for a plaintext block, and then data shuffling is repeated using subkeys SK
1
~SK
7
one by one. After subkey SK
7
, subkey SK
0
is used again.
FIG. 2
shows the configuration of a data decrypting apparatus that uses the Blowfish cipher.
In the figure, a data decrypting apparatus
4010
is roughly composed of a data shuffling unit
4011
, a stage number controlling unit
4012
, a subkey generating unit
4013
, and a substitution table data generating unit
4014
.
The data shuffling unit
4011
, the subkey generating unit
4013
, and the substitution table data generating unit
4014
are the same as the data shuffling unit
3011
, the subkey generating unit
3013
, and the substitution table data generating unit
3014
in FIG.
1
.
The stage number controlling unit
4012
controls the number of times data shuffling is performed by the dat
Ohmori Motoji
Yokota Kaoru
Matsushita Electric - Industrial Co., Ltd.
Peeso Thomas R.
Zand Kambiz
LandOfFree
CRYPTOGRAPHIC PROCESSING APPARATUS, CRYPTOGRAPHIC PROCESSING... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with CRYPTOGRAPHIC PROCESSING APPARATUS, CRYPTOGRAPHIC PROCESSING..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and CRYPTOGRAPHIC PROCESSING APPARATUS, CRYPTOGRAPHIC PROCESSING... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3062641