JPH0575596A - Signal scrambler and ciphering device - Google Patents

Abstract

PURPOSE:To obtain a ciphering device for secret communication which is capable of processing of plural ciphering algorithms. CONSTITUTION:Left and right halves of an input signal are inputted to registers 97 and 98 respectively. A signal scrambler 96 repeatedly scrambles a ciphering key and the output of the register 98 at each time of input of a clock pulse. When a preliminarily set number of clock pulses are inputted, a pulse control circuit 99 sends an update signal to registers 97 and 98 to rewrite contents of registers 97 and 98. This operation is performed as the processing in one stage, and the number of pulses in each stage is independently set.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an encryption device for secret communication of digital signals.

[0002]

2. Description of the Related Art A conventional cryptographic device is shown in, for example, "Fast Data Algorithm FEAL" (Journal of the Institute of Electronics, Information and Communication Engineers J-70-D No. 7 pp1413-1423).

FIG. 6 is a block diagram of basic processing in a conventional encryption device. Here, 124, 125, 126,
127 is a 32-bit register, 128 is a signal mixer, and 129 is an exclusive OR circuit for bit operations.
The 64-bit input signal is divided into signal blocks L _n-1 and R _n-1 of 32 bits each and input to the registers 124 and 125, respectively. Here, the signal stirring device 128
The key k and the right signal block R _n-1 are input to the input terminal, and the output of the key k is exclusive ORed with the left signal block by bit operation.
That is, if the processing in the signal agitator is f (R, k),
The newly created signals L _n and R _n are

[0004]

[Equation 1]

And registers 126 and 127, respectively.
Be paid in. FIG. 7 is a configuration diagram of processing in the signal agitation device 128. Here, 130, 131, 132,
133 is an encryption processing device called an S box,
When the input is x, y, the output is

[0006]

[Equation 2]

It is represented by However, ROT2 indicates a 2-bit cyclic shift. 134,135,136,137
Is an exclusive OR circuit for bit operation. When the input signal is α and the key is β, α is divided into blocks of equal bit length of 8 bits α ₀ , α ₁ , α ₂ and α ₃ . Then, β is divided into blocks of 8 bits β ₀ and β ₁ and α ₁ and α ₂ respectively.
After performing the exclusive OR of the bit operations of the above, the exclusive OR between the blocks and the processing in the S box are processed in a pit-like manner to obtain a 32-bit output f (α, β).

The signal processing as described above is performed as one step, and this processing is performed several times to perform encryption. (Figure 8)
This is a FEAL encryption processing unit configured by 8 stages. Where 1
38 to 145 are signal agitation devices, and 146 to 157 are exclusive OR circuits for bit operations. Eight stages of cryptographic processing units (FIG. 6) are provided, and different keys are input to each. This key is generated by a key generation unit that separately generates an encryption key to be input to each stage from a 64-bit key, but description thereof will be omitted here. In addition to the 8-step process, the exclusive OR of the encryption key and the exclusive OR of the left block and the right block are performed at the beginning and end of the encryption process. In the encryption device as described above, the signal agitation device performs the processing like a crevice between the divided blocks, so that the other blocks are always affected between the blocks and the signals can be effectively agitated. Therefore, the plaintext data can be converted into ciphertext data close to a random number by performing the process described in FIG. 6 including the signal agitation device 128 in several stages. Also, when implementing with actual hardware,
Only the cryptographic processing unit for one stage as shown in (FIG. 6) is prepared, and the processes of the subsequent stages can be fed back to be repeatedly processed, and the circuit scale can be reduced.

[0009]

However, in the above-mentioned configuration, the signal agitation device, which determines the difficulty of decryption, is always the same at each stage of the cryptographic processing, so the signal agitation property is sufficient. However, there is a problem in that it is easy to attempt decryption utilizing the structural characteristics. When the cryptographic device of this conventional example was actually developed, it was a 4-step process, but it was a security problem, and it was 8 steps. The process has been changed, and the specifications have been changed to increase the number of stages. As described above, it is conceivable to prepare a more complicated signal agitation device or to prepare a plurality of signal agitation devices to perform different processing for each stage for decoding using the structural features. Neither is a good method when considering the circuit scale in hardware. Further, if a change is made to increase the number of cryptographic processing steps, the processing speed of the device will change, and changing the cryptographic algorithm itself is easy with software, but difficult with hardware.

The present invention solves the above-mentioned problems and enables a complicated stirring process with a small circuit scale. Further, the complexity of the stirring process can be changed as necessary, and a plurality of signal stirring processes can be performed. The present invention provides a cryptographic device capable of processing a plurality of cryptographic algorithms with a single cryptographic device, and changing the algorithm without changing the cryptographic processing speed. It is an object of the present invention to provide a cryptographic device that is difficult to decipher by changing.

[0011]

According to the present invention, every time an update command is input, a storage means for storing the signal being input at that time as an output is provided with the number of bits of input data, and these are arranged in order. Directly connecting adjacent outputs and inputs, or
Connected via an exclusive OR circuit that takes the logical operation value of the output of the storage means as the other input, gives an initial value depending on the input data to each storage means, and gives an update command to each storage means several times. And a signal agitation device that performs signal agitation processing by dividing the input data into two signal blocks having the same bit length, one signal block and the output of the agitation device using the encryption key as input and the other signal block. Repeats the processing of the cryptographic processing stage including the exclusive OR processing of the bit operations and several times. The signal agitating device of each stage of the cryptographic device repeatedly performs a constant agitating process represented by the agitating device. Use the signal agitator and set the number of agitation processes in the signal agitator at each stage separately for each stage, and as a setting method, each bit of the signal block input to the signal agitator. It is intended to determine the value and the value of the encryption key.

[0012]

According to the present invention, with the above-described configuration, the processing in the signal agitator device performs a constant agitation processing for each update command, and by repeating the processing, a complicated agitation processing is performed even if the circuit scale is small. Further, a plurality of different stirring processes can be realized by changing the number of times the update command is given, and the complexity of the process can be changed according to the required confidentiality. Then, in the cryptographic device in which each stage of the cryptographic processing is configured by using the signal agitating device that repeatedly performs the constant agitating process as represented by the signal agitating device, the number of repetitions of the signal agitating process is set separately in each stage. Therefore, even with an encryption device that has a processing unit for one stage of encryption processing with one signal agitation device, data can be agitated by different agitation methods at each stage, and the set value of the number of repetitions of agitation processing is set. Different cryptographic processing can be easily performed by changing. Also, at that time, by changing the method of distributing the number of repetitions given to each stage under the condition while keeping the total number of repetitions of the stirring processing performed by the signal mixing device through all the cryptographic processing,
The algorithm can be changed without changing the processing time as a whole. Further, the number of repetitions of the stirring process in each stage is determined by the signal block and the key which are the inputs to the signal stirring device, which makes it difficult to decipher from the structural characteristics of the cryptographic algorithm.

[0013]

(Embodiment) (FIG. 1) is a block diagram of a signal agitation device in a first embodiment of the present invention. In FIG. 1, 1 to 32 are clocked D flip-flops to which a common clock pulse signal is input. 33 to 79 are exclusive OR circuits. 80 to 95 are NAND circuits. The outputs of the odd-numbered D flip-flops and the inputs of the even-numbered D flip-flops are directly connected, and the outputs of the even-numbered D flip-flops and the inputs of the odd-numbered D flip-flops are respectively connected from the exclusive OR circuit 33. Four
The output of the even-numbered flip-flop is connected to one input of the exclusive-OR circuit and the output of the exclusive-OR circuit is connected to the input to the odd-numbered D flip-flop via 7. The other inputs to the exclusive OR circuits 33 to 47 and the input to the D flip-flop 1 are
The logical operation values of the outputs of the D flip-flops 1 to 32 generated by the exclusive OR circuits 48 to 79 and the NAND circuits 80 to 95 are input. Each D from 1 to 32
The outputs of the flip-flops are P ₁ to P _15, and the other inputs F ₁ to F ₁₅ and the inputs to the D flip-flop 1 which are not the outputs of the D flip-flops at the respective inputs of the exclusive OR circuits 33 to 47. F ₀ is as follows.

[0014]

[Equation 3]

Although not shown in FIG. 1, the value of each bit of the data obtained by performing the exclusive OR operation of the bit operations of the 32-bit input data and the 32-bit key data to each D flip-flop. Are D flip-flops 1 to 3
It is given as an initial value of 2.

The following operation will be described in the signal agitating device of the embodiment configured as described above. First, the value of each bit of the data obtained by the exclusive OR of the bit operations of the input data and the key data is given as the initial value of the D flip-flops 1 to 32. Then, the clock pulse signal is input to each D flip-flop 1 to 32. Each of the D flip-flops 1 to 32 reads the signal input to each of the D flip-flops 1 to 32 at the time when the clock pulse is input, and uses it as a new output signal. As a result, the output of each flip-flop after the clock pulse is input is as follows. First, the output of the odd-numbered D flip-flop immediately before the clock pulse input is directly shifted to the output of the even-numbered D flip-flop, and the outputs of the odd-numbered D flip-flops are respectively exclusive OR circuits 33. To 47, which is the value of the exclusive logical operation between the output of the even-numbered D flip-flop immediately before the clock pulse input and F _i (where i is an integer from 1 to 15). However, the output of the D flip-flop 1 becomes the value of F ₀ when the clock pulse is input.
Therefore, for each clock pulse, half of the bits are affected by the outputs of the other D flip-flops. When two clock pulses are input, all bits are affected by a plurality of initial values.

As described above, according to the present embodiment, even if the circuit configuration is simple such that only half of the bits in the data are affected, the clock pulse is input a plurality of times, which makes it complicated. The stirring process can be performed and the circuit scale can be reduced.

FIG. 2 is a block diagram of an encryption device according to the second embodiment of the present invention. Reference numeral 96 is a signal mixer of the first embodiment of the present invention, and reference numerals 97 and 98 are 32-bit registers. A pulse control circuit 99 generates one pulse signal each time a number of clock pulses determined by the control signal is input. Reference numeral 100 is an exclusive OR circuit for bit operation, and although omitted in FIG. 2, register 9
7 and the register 98 are provided with means for inputting plaintext data of right half 32 bits and left half 32 bits, respectively. The output of the register 97 is the exclusive OR circuit 10
Input to 0. The output of the signal agitation device 96 is connected to the other input of the exclusive OR circuit 100.
To the signal agitating device 96, the output of the register 98 is connected and the encryption key and the clock pulse signal are input. The output of the exclusive OR circuit 100 is connected to the input of the register 98. The output of the register 98 is connected to the input of the signal mixer 96 and the input of the register 97.

The operation of the cryptographic device of the embodiment configured as described above will be described below. First, 64-bit plaintext data is set to the left and right halves as output values of the registers 97 and 98, respectively, and the register 9
Each D in the signal agitator 96 by the output of 8 and the encryption key
The output of the flip-flop is initialized. After that, the processing in the signal agitating device 96 is performed by the clock pulse signal. The pulse control circuit 99 receives the clock pulse signal, and when the set number of clock pulses is input, the register 97, the register 98, and the signal mixer 96.
Pulse signal to. When the pulse signals are received, the registers 97 and 98 read the signals currently input, and update their values as new outputs. Also,
In the signal stirring device 96, the output of each D flip-flop in the signal stirring device 96 is initialized by a pulse signal from the pulse control circuit. At the time of initialization, the timing is set so that it is initialized by the output of the register 98 newly updated by the pulse signal of the pulse control circuit 99 and the initial value determined by the encryption key in the next encryption processing stage. The circuit should take into consideration the above. As the value of the encryption key, immediately after the initialization of the signal agitation device, the value updated to the encryption key of the next stage is input.

The above processing is repeated for the number of encryption processing steps. That is, when the clock pulse is input to the encryption device after the plaintext data is input, one step of the encryption processing is completed every time a pulse of the pulse control signal is generated, and the pulses from the pulse control circuits corresponding to the number of encryption processing steps are generated. Register 9 after occurrence
7. The output of the register 98 becomes ciphertext data. For example, if the number of clocks is independently set in each stage, it becomes equivalent to the processing of the cryptographic device as shown in FIG. 1 in (Fig. 3)
01 to 108 are signal agitators, and 109 to 1
Reference numeral 16 is an exclusive OR circuit for 32-bit bit operation. The signal agitation processing of each stage becomes different agitation processing by independently changing the number of clock pulses input to the signal agitation device.

According to the embodiment of the present invention as described above,
It is possible to realize an encryption device that performs different stirring processes at each stage by only providing one stirring device. Also, if you decide the number of clock pulses to be input in the entire encryption process and distribute the number of clock pulses to each stage, you can change only the encryption process without changing the processing speed. There is no need to make changes such as. For example, assuming that the number of clock pulses in the entire encryption process is 64 bits, which is the same as the data bit length in the 8-stage encryption process, and at least 2 clock pulses are processed in each stage, the remaining 48 clock pulses are 8 stages. how to distribute to the 49 ^7/7
! As there is, at the same processing time 49 ^7/7! The same cryptographic process can be selected by one cryptographic device.

FIG. 4 is a block diagram of an encryption device according to the third embodiment of the present invention. 117 and 118 are 32-bit registers, 119 is a signal mixer, and 120 is
A 32-bit exclusive OR circuit, 121 is a pulse control circuit. The difference between this embodiment and the encryption device of the second embodiment is that the output of the 32-bit register 118 and the encryption key are input to the pulse control circuit 121.
Other than that, the configuration is the same as that of the second embodiment.

The operation of the above arrangement will be described below. The operation of this embodiment is almost the same as that of the second embodiment. However, the control signal of the pulse control circuit that determines the number of clock pulses given to the signal agitation device 120 at each stage serves as the output of the register 118 and the encryption key, and the signal agitation process at each encryption processing stage changes depending on the input plaintext data. .. For example, the value of the lower 3 bits of the result of the exclusive OR operation of the bit operation of the output of the register 118 and the encryption key is 2
If the number of clock pulses to be added to the signal agitating device 120 is set to the number of clock pulses added, the number of clock pulses in each stage changes between 2 clock pulses and 9 clock pulses. Then, there are 8 ^{8 possible} structures, and it is difficult to determine which structure is used for encryption, which makes decryption difficult.

Although the exclusive OR circuit is arranged between the output of the even-numbered D flip-flop and the input of the odd-numbered D flip-flop in the first embodiment, the output of the odd-numbered D flip-flop is provided. And the inputs of even-numbered D flip-flops may be arranged irregularly, the number of arrangement may be increased or decreased, and all D flip-flops may be connected via an exclusive OR circuit. You may. Further, the logical operation of the output of each D flip-flop, which is the other input to the exclusive OR circuit, may be different. Furthermore, although the output after signal agitation is the output of each D flip-flop, the input of the D flip-flop may be the output after signal agitation, or a combination of both.

In the second embodiment, an example is shown in which the total number of clock pulses is restricted. However, if the change in processing speed is not a problem, the number of clock pulses in each stage can be set freely. You may.

Pulse control circuit 12 in the third embodiment
The number of clock pulses in the one-stage process set by 1 is determined by the exclusive OR of the output of the register 118 and the encryption key, and is determined by the lower 3 bits, but it may be determined by another arithmetic method. Good.

Further, in the second and third embodiments, the signal agitating device is the signal agitating device of the first embodiment, but other signal agitating device may be used, for example, as shown in (FIG. 5). A signal agitator as described above may be used. (Fig. 5)
22 is a simple signal mixer, 123 is a 32-bit register, and register 1 is input each time a clock pulse is input.
23 uses the input value at that time as the output value and the output of the register 123 after inputting several clocks as the output of the signal agitation device. The same effect can be expected with the above signal stirring device.

[0028]

As described above, according to the present invention,
An exclusive OR operation in which a storage means for storing an input signal as an output signal is provided with the number of bits of input data, and the adjacent input and output are directly or one input is a logical operation of the output of the storage element. It is possible to perform complicated agitation processing with a small circuit scale by connecting it through a circuit and inputting update commands several times, and to perform different agitation processing by changing the number of update commands. It is possible to provide a signal agitation device capable of agitation of complexity according to the degree of confidentiality.

Further, since the number of repetitions of the stirring process of the signal stirring device is independently set in each encryption processing stage, the signal stirring process in each stage is different only by preparing one signal stirring device. One cryptographic device can realize many cryptographic processes, and the cryptographic algorithm can be changed without replacing the cryptographic device. Further, if the set value of the number of repetitions of the stirring process in each stage is kept secret, the structure of the cryptographic process itself cannot be determined, so that it is possible to provide a cryptographic device that is difficult to decrypt.

Furthermore, since the number of repetitions of the signal agitation processing at each encryption processing stage is determined by the input to the signal agitation device at that stage and the encryption key, the structure itself of the encryption algorithm changes for each input data. It can be difficult to decipher.

[Brief description of drawings]

FIG. 1 is a configuration diagram of a signal stirring device according to a first embodiment of the present invention.

FIG. 2 is a configuration diagram of a cryptographic device according to a second embodiment of the present invention.

FIG. 3 is an explanatory diagram of encryption processing of an encryption device according to a second embodiment of the present invention.

FIG. 4 is a configuration diagram of a cryptographic device according to a third embodiment of the present invention.

FIG. 5 is a block diagram of an example of a signal stirring device that can be used in the second and third embodiments of the present invention.

FIG. 6 is a block diagram of a conventional encryption device.

FIG. 7 is a block diagram of a signal agitation device used in a conventional encryption device.

FIG. 8 is an explanatory diagram of a cryptographic processing unit in a conventional cryptographic device.

[Explanation of symbols]

1-32 D flip-flop 33-79 Exclusive OR circuit 80-95 NAND circuit 96,119 Signal agitation device 97,98,117,118,123,124-127 3 of 1st Example.
2-bit register 99,121 Pulse control circuit 100,109-116,120,129,146-157
Exclusive OR circuit of 32-bit bit operation 101 to 108 Signal agitator 122 Signal agitator 128,138 to 145 Signal agitator 130 to 133 S box 134 to 137 Exclusive OR circuit of 8-bit bit operation

 ─────────────────────────────────────────────────── ─── Continuation of the front page (72) Inventor Hironori Murakami 1006 Kadoma, Kadoma City, Osaka Prefecture Matsushita Electric Industrial Co., Ltd.

Claims (4)

[Claims] 1. When the number of bits of input data is n bits, there are provided storage means for storing an input signal as an output signal from the first storage means to the nth storage means.
i is an arbitrary integer from 1 to n-1, and the output of the i-th storage means and the input of the i + 1-th storage means are directly or directly between the output of the i-th storage means and the i + 1-th storage means. One of the inputs is connected through an exclusive OR device which is a logical operation of the outputs of some of the storage means, and the logical operations of the outputs of some of the storage means are connected to the first storage means. A signal agitation device comprising means for inputting, and means for giving n-bit data depending on input data as an initial value of each storage means. 2. An exclusive-OR operation unit for input data and an encryption key of equal bit length is provided, and a value of an exclusive-OR operation for input data and an encryption key is set as an output of each storage unit. The signal agitating device according to claim 1, further comprising means. 3. The input data is divided into two equal bit length signal blocks, and the data of one signal block is input to a signal agitation device that repeats a certain agitation process a set number of times, and the output and the other A means for performing a cryptographic processing stage including a process for newly making the other signal block the result of the exclusive OR operation of the bit operation with the signal block of An encryption device having control means for controlling the number of repetitions of each of the processing steps. 4. The cipher according to claim 3, further comprising means for determining the number of repetitions of the stirring process in the signal stirring device at each processing stage by a signal block input to the signal stirring device and an encryption key. apparatus.