Cryptography – Key management – Having particular key generator
Reexamination Certificate
1997-03-11
2004-11-23
Meislahn, Douglas J. (Department: 2137)
Cryptography
Key management
Having particular key generator
Reexamination Certificate
active
06823069
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to an encrypting technology that is widely used for encrypting a file and/or a mail and securing information such as a qualification of a message and/or a user, in particular, to an encrypting system for encrypting information, a decrypting system for decrypting encrypted information, and an encrypting/decrypting method.
2. Description of the Related Art
Currently used encrypting technologies can be roughly categorized as secret key encrypting technologies and public key encrypting technologies.
Among these technologies, DES (Data Encryption Standard) encrypting technology and RSA (Rived-Shamir-Adleman) encrypting technology will be exemplified.
The DES technology is a typical secret key encrypting algorithm standard that has been used mainly in the United States. In the DES encrypting algorithm, digitized plaintext data is divided into fixed length blocks (of for example, 64 bits). By calculating each block with a secret key, the plaintext is encrypted. The bit length of the secret key is the same as the bit length of the plaintext that is data to be encrypted.
FIG. 1
is a schematic diagram showing a DES encrypting algorithm in the case that the block length is 64 bits. In
FIG. 1
, a 64-bit encrypting key is performed to contraction transposing
1
and then supplied to a first stage processing. The contraction transposing
1
means to transpose all except a part of input data. In contrast, a transposing means to substitute part of input data.
The transposed encrypting key is divided into a first half portion and a second half portion. The first half portion and the second half portion are supplied to respective circulation shifting
2
. The circulation shifting
2
means cyclically to shift input data leftward or rightward. After circulation shifting
2
, the data is performed to contraction transposing
3
.
After transposing
4
, a 64-bit plaintext is divided into a first half portion and a second half portion. The first half portion and the second half portion are input to the first stage process. One of the divided portions is performed to a non-linear transforming
5
. The non-linear transforming
5
non-linearly transforms the data with the encrypting key that has been performed the contraction transposing
3
. After the non-linear transforming
5
, the data is added to another divided portion in adding
6
. This process is repeated up to m-th stage. Output data of the m-th stage process is performed to a transposing
7
. After the transposing
7
, a 64-bit cryptogram is generated.
Although the DES decrypting algorithm is almost the same as that of the DES encrypting algorithm shown in
FIG. 1
, the circulation shifting
2
shift data in the reverse direction of the DES encrypting algorithm.
Next, RSA encrypting algorithm will be described.
The RSA encrypting algorithm is a very strong public key encrypting algorithm that can not only encrypt data, but also qualify a message and/or a user. This algorithm uses two keys that are a public key (encrypting key) and a secret key (decrypting key). The public key is open to the public as a document or data on a network so that any user can access it. On the other hand, the secret key should be strictly controlled by the owner thereof.
The RSA encrypting algorithm employs mathematical calculations due to the fact that it is very difficult to factorize very large integral numbers.
FIG. 2
is a schematic diagram showing RSA encrypting/decrypting algorithms. In
FIG. 2
, an encrypting key (e, n) used in an encrypting
8
is composed of predetermined integers e and n that are open to the public. A decrypting key (d, n) used in a decrypting
9
is composed of integers n and d, where n is the same of the encrypting key, but d is kept secret. These integers are defined corresponding to the following formula.
n=p·q
(1)
e·d≡
1(
mod
((
p
−1)·(
q
−1))) (2)
where p and q are prime numbers; mod is a modulo; A(mod B)=C represents that the remainder of which A is divided by B is C (in other words, (A−C) is a multiple of B). Thus, formula (2) means that (e·d−1) can be divided by (p−1)·(q−1). The relation of (e<n) is satisfied. Moreover, e and (p−1)·(q−1) are relatively prime.
In the encrypting
8
, a plaintext is converted to M into a cryptogram C that satisfies the following congruence.
C≡M
e
(
mod n
) (3)
In other words, the e-th power of the plaintext M is obtained. The result is divided by n and the remainder C is obtained as the cryptogram. In the decrypting
9
, the cryptogram C is decrypted to the plaintext M that satisfies the following congruence.
M≡C
d
(
mod n
) (4)
In other words, the d-th power of the cryptogram C is obtained. The result is divided by n and the remainder is obtained as the plaintext M.
To decrypt the cryptogram C, it is necessary to know the value of the secret key d. To do that, n should be factorized into prime factors to obtain prime numbers p and q. However, when n is a very large number, with the power of a current computer, it cannot be factorized in prime factors within a practical processing time.
However, the conventional encrypting/decrypting technologies have the following problem.
In such strong encrypting algorithms, since complicated calculations are performed with an encrypting key having a relatively long bit length, it takes a long processing time. Thus, when the encrypting/decrypting algorithms are installed as software tools, they are limited to small-scaled data processes. In particular, such algorithms are not practically used for processes on real-time basis performed between information processing units connected through a network.
To solve such a problem, chips that accomplish the above-described encrypting algorithms as hardware tools have been released. However, since available algorithms, the bit length of encrypting key, and so forth are limited, the chips lack flexibility.
In particular, the block length of DES algorithms, the bit length of the encrypting key of RSA algorithms, and so forth strongly relate to the power of the encrypting algorithms. When they are insufficient, cryptograms can be encrypted with techniques and powerful computer operations by unauthorized people. To assure the security of the cryptograms, sufficient setup values should be employed corresponding to the degree of security and the computer power at the time.
SUMMARY OF THE INVENTION
An object of the present invention is to provide an encrypting/decrypting system and an encrypting/decrypting method thereof that allows an encrypting/decrypting algorithm to be flexibly changed corresponding to required conditions such as degree of security and that can operate at high speed.
An encrypting/decrypting system according to the present invention has a circuit unit and a changing unit.
The circuit unit includes at least one programmable logic device. With the programmable logic device, the circuit unit forms a circuit corresponding to given encrypting/decrypting specifications.
The changing unit reads change data for changing the encrypting/decrypting specifications and automatically changes the circuit corresponding to the change data.
Using an existing mapping data object or a mapping data object generated by compiling a library, as a mapping data object that represents the structure of the circuit, the changing unit changes the circuits by writing the mapping data object to the programmable logic device.
The encrypting/decrypting system according to the present invention may have a communication network connecting unit that connects the system to a communication network so as to receive the change data from the network.
According to the encrypting/decrypting system of the present invention, since the encrypting/decrypting circuit can be changed, the specifications of the encrypting/decrypting circuit can be dynamically and automatically changed corresponding to the degree of security and the application
Fueki Shunsuke
Kitajima Hironobu
Fujitsu Limited
Meislahn Douglas J.
LandOfFree
Encrypting/decrypting system with programmable logic... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Encrypting/decrypting system with programmable logic..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Encrypting/decrypting system with programmable logic... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3311024