JP2008039844A - Cryptographic processing program and cryptographic processing method - Google Patents

Abstract

Even when a large number of plaintexts whose leading parts are likely to be the same are encrypted, a decrease in encryption security is prevented.
A dummy character selection unit 1b selects one or more characters at a predetermined position of an input plaintext 3 as dummy characters. The encryption unit 1a encrypts the selected dummy character in accordance with an encryption usage mode having a chain function and updates a register value in which an initial vector is set in advance. Thereafter, the encryption unit 1a further encrypts the plaintext 3 using the updated register value. The ciphertext output unit 1c outputs the result of the encryption process on the plaintext 3 by the encryption unit 1a as the ciphertext 4.
[Selection] Figure 1

Description

  The present invention relates to a cryptographic processing program and a cryptographic processing method, and more particularly to a cryptographic processing program and a cryptographic processing method for performing cryptographic processing using a cryptographic usage mode having a chain function.

  Currently, encryption technology is widely used for maintaining confidentiality of communication contents and stored data. Here, there are two types of encryption methods, a public key encryption method and a common key encryption method. The public key cryptosystem is a scheme in which one of a pair of keys is a public key for encryption and the other is a secret key for decryption, and has an advantage that it is easy to maintain the encryption strength. The common key encryption method is a method of performing encryption / decryption using a common key shared between the encryption side and the decryption side, and has an advantage that the calculation amount is smaller than that of the public key encryption method. Generally, when it is necessary to encrypt a large amount of data, a common key cryptosystem with a small calculation amount is used. Known encryption algorithms for the common key cryptosystem include DES (Data Encryption Standard) and AES (Advanced Encryption Standard) (see, for example, Patent Document 1).

  Here, in many encryption algorithms, the data length that can be encrypted at one time is fixed. For example, 64 bits for DES and 128 bits for AES. In order to encrypt a plaintext having a data length equal to or larger than an encryption unit (hereinafter referred to as a block), an encryption usage mode is prepared. The encryption usage mode defines a series of encryption processing procedures when a plurality of blocks are encrypted. One of the simplest encryption usage modes is an ECB (Electronic Code Book) mode. The ECB mode is a method in which plaintext is divided into blocks and each block is encrypted independently. However, in the ECB mode, when a block consisting of the same character string is encrypted, the same encrypted value is always generated as long as the encryption key is the same. Therefore, if plaintext in which the same character string appears many times is encrypted, a cracking hint is given to the attacker, and there is a problem that the security of the encryption is lowered.

Therefore, in order to safely encrypt a long plaintext, an encryption usage mode having a chain function is known. The cipher usage mode having a chain function is a method of encrypting the next block using a value obtained by the encryption processing of the previous block, and it is possible to have a dependency between the encrypted blocks. In the encryption of the first block, since there is no result of the encryption process to be made dependent, a preset initial value called an initial vector is used. By using a cipher usage mode with a chain function, if a different character string appears once in the middle of the plaintext, even if the same character string appears after that, the cipher that differs from the previous cipher value A value is generated. As a result, it is possible to prevent the encryption security from being lowered. As a cipher usage mode having a chain function, a CBC (Cipher Block Chaining) mode, a CFB (Cipher FeedBack) mode, an OFB (Output FeedBack) mode, and the like are known.
JP-A-8-227269

  However, in the existing cipher usage mode as described above, there is a problem that the encryption strength is lowered when a large number of plaintexts whose leading parts are likely to be the same are encrypted. For example, a plain text representing an address has a high probability that a specific character string such as “Tokyo-ku-ku-ku” appears at the top. For this reason, when a large number of plaintexts representing addresses are encrypted, even if a cipher usage mode having a chain function is used for encrypting individual plaintexts, a large number of ciphertexts having the same head portion are generated. And since the character string of the head part which tends to become the same like this is easy to guess, a pair of plaintext and ciphertext is guessed by the attacker. In this way, an attacker who has acquired a set of plaintext and ciphertext can perform a known plaintext attack using linear cryptanalysis and the like, and the possibility that the cipher will be decrypted increases.

  The present invention has been made in view of the above points, and an encryption processing program and an encryption processing method that do not reduce encryption security even when encrypting a large number of plaintexts whose leading parts are likely to be the same. The purpose is to provide.

  In order to solve the above-described problems, the present invention provides a cryptographic processing program as shown in FIG. The encryption processing program according to the present invention can cause a computer to execute the functions of the encryption device 1 shown in FIG. 1 in order to generate a ciphertext from plaintext.

  The encryption device 1 includes an encryption unit 1a, a dummy character selection unit 1b, and a ciphertext output unit 1c. The encryption unit 1a has an initial vector as a register value in advance. When the encryption source data is obtained, the encryption unit 1a obtains a value obtained by character encryption using the register value and encryption processing according to a predetermined encryption use mode. By repeating the updating of the used register value, encrypted data having a dependency relationship between the encryption units is generated. When the plaintext 3 is input, the dummy character selection unit 1b selects one or more characters at a predetermined position of the plaintext 3 as dummy characters, inputs the dummy characters as encryption source data to the encryption unit 1a, Discard the obtained encrypted data. When the register value of the encryption unit 1a is updated by encryption of the dummy character, the ciphertext output unit 1c then inputs the plaintext 3 as the encryption source data to the encryption unit 1a and uses the obtained encrypted data. Output as ciphertext 4.

  According to the computer that executes such an encryption processing program, the dummy character selection unit 1b selects one or more characters at a predetermined position of the input plaintext 3 as dummy characters. Next, the encryption unit 1a encrypts the selected dummy character according to the encryption usage mode having a chain function and updates the register value in which the initial vector is set in advance. Thereafter, the plaintext 3 is further encrypted using the updated register value by the encryption means 1a, and the result of the encryption processing by the encryption means 1a is output as the ciphertext 4 by the ciphertext output means 1c.

  In order to solve the above problem, in a cryptographic processing method for performing cryptographic processing using a cipher usage mode having a chain function, when plaintext is input, one or more characters at a predetermined position of the plaintext are converted. Select a dummy character, encrypt the dummy character using a predetermined initial vector as a register value according to the predetermined encryption usage mode, and update the register value using a value obtained by encryption processing In addition, after the encrypted data corresponding to the dummy character is discarded and the register value is updated by the encryption of the dummy character, the character is encrypted and encrypted using the register value according to the encryption usage mode. By repeatedly updating the register value using the value obtained by processing, encrypted data having a dependency relationship between encryption units is generated and output as ciphertext. To encryption processing method is provided, characterized in that.

  According to such an encryption processing method, one or more characters at a predetermined position of the input plaintext 3 are selected as dummy characters. Next, the selected dummy character is encrypted according to the encryption usage mode having a chain function, and the register value in which the initial vector is set in advance is updated. Thereafter, the plaintext 3 is further encrypted using the updated register value, and the result of the encryption process is output as the ciphertext 4.

  In the present invention, a character at a predetermined position in the input plaintext is selected as a dummy character, and after the dummy character is encrypted using a cipher usage mode having a chain function, the input plaintext is subsequently encrypted. It was decided. As a result, the initial vector is updated before the plaintext is encrypted, and even if the plaintext having the same head portion is encrypted, the head portion of the corresponding ciphertext is not the same. Therefore, it is difficult for an attacker to guess the plaintext, and the encryption security can be prevented from being lowered.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
FIG. 1 is a diagram showing an outline of the present embodiment. As shown in FIG. 1, in this embodiment, plaintext 3 is encrypted by the encryption device 1 and ciphertext 4 is output. Also, the ciphertext 5 encrypted by the encryption device 1 is decrypted by the decryption device 2 and a plaintext 6 is output.

The encryption device 1 includes encryption means 1a, dummy character selection means 1b, ciphertext output means 1c, and order conversion means 1d.
The encryption unit 1a has an initial vector as a register value in advance. The register value is initialized every time the encryption process is started, and an initial vector is set. When the encryption unit 1a acquires the encryption source data, the encryption unit 1a performs the encryption process using the register value according to the encryption use mode having a predetermined chain function. Specifically, the encryption of the encryption source data for each encryption unit and the update of the register value using the value obtained by the encryption process are repeated. For example, one of a CBC mode, a CFB mode, and an OFB mode is used as the encryption use mode. As a result, encrypted data having a dependency relationship between the encryption units is generated.

  When the plaintext 3 is input, the order conversion means 1d converts the character order of the plaintext 3 and generates a new plaintext. Specifically, the order conversion unit 1d regards the input plaintext 3 as a cyclic character string in which the head and the tail are continuous, and designates one character on the cyclic character string as a new head. Then, the order conversion means 1d outputs the specified character string starting from the new head as a new plain text.

  When a new plaintext is input from the order conversion unit 1d, the dummy character selection unit 1b selects one or more characters at a predetermined position of the new plaintext as dummy characters. For example, the third character from the end of the new plaintext is selected as a dummy character. Then, the dummy character selection unit 1b inputs the selected dummy character as encryption source data to the encryption unit 1a. The encryption unit 1a to which the dummy character is input encrypts the dummy character. In the course of this encryption process, the register value in which the initial vector is set is updated. When the dummy character selection unit 1b obtains the encrypted data corresponding to the dummy character from the encryption unit 1a, the dummy character selection unit 1b discards it.

  When the register value of the encryption unit 1a is updated by encryption of the dummy character, the ciphertext output unit 1c then inputs a new plaintext as encryption source data to the encryption unit 1a. The encryption unit 1a to which the new plaintext is input encrypts the new plaintext depending on the updated register value. When the ciphertext output unit 1c acquires the encrypted data corresponding to the new plaintext from the encryption unit 1a, the ciphertext output unit 1c outputs it as the ciphertext 4 for the plaintext 3.

The decryption device 2 includes decryption means 2a, dummy cipher selection means 2b, plaintext output means 2c, and order reproduction means 2d.
The decryption means 2a has the same initial vector as the encryption means 1a in advance as a register value. The register value is initialized every time the decoding process is started, and an initial vector is set. When obtaining the encrypted data, the decrypting means 2a performs the decrypting process using the register value in accordance with the same encryption usage mode as that used in the encrypting means 1a. Specifically, the decryption of the encrypted data for each encryption unit and the update of the register value using the value obtained by the decryption process are repeated. As a result, decrypted data obtained by decrypting encrypted data having a dependency relationship between the encryption units is generated.

  When the ciphertext 5 encrypted by the encryption device 1 is input, the dummy cipher selection unit 2b selects one or two or more cipher values at a predetermined position of the ciphertext 5 as a dummy cipher. The predetermined position here is a position corresponding to the dummy character selected by the dummy character selection means 1b. Then, the dummy cipher selection unit 2b inputs the selected dummy cipher to the decryption unit 2a as encrypted data. The decryption means 2a to which the dummy cipher is input decrypts the dummy cipher. In the course of this decoding process, the register value in which the initial vector is set is updated. When the dummy cipher selection unit 2b obtains the decryption data corresponding to the dummy cipher from the decryption unit 2a, the dummy cipher selection unit 2b discards it.

  When the register value of the decryption means 2a is updated by decryption of the dummy cipher, the plaintext output means 2c then inputs the ciphertext 5 to the decryption means 2a as cipher original data. The decryption means 2a to which the ciphertext 5 is input decrypts the ciphertext 5 depending on the updated register value. When the plaintext output unit 2c acquires the decrypted data corresponding to the ciphertext 5 from the decryption unit 2a, the plaintext output unit 2c outputs the plaintext after the order conversion.

  When the plaintext whose order has been converted is input from the plaintext output means 2c, the order reproduction means 2d reproduces the character order and generates plaintext 6. Specifically, the order reproduction means 2d regards the plaintext subjected to the order conversion as a cyclic character string in which the beginning and the end are continuous, and reproduces the character order in the reverse procedure to the order conversion means 1d. As a result, plaintext 6 for ciphertext 5 is output. Here, if the ciphertext 4 and the ciphertext 5 are the same, the plaintext 6 identical to the plaintext 3 is reproduced.

  Note that the new head designation method in the order conversion unit 1d and the dummy character designation method in the dummy character selection unit 1b may be determined in advance between the encryption device 1 and the decryption device 2. . Alternatively, when a different designation method is adopted each time, the information on the designation method may be transmitted by another means before the ciphertext is transmitted from the encryption device 1 to the decryption device 2. Or you may make it include the information of the said designation | designated method in the ciphertext to transmit.

  According to such an encryption apparatus 1, the order conversion unit 1d converts the character order of the input plaintext 3 and generates a new plaintext. Next, one or more characters at a predetermined position in the new plaintext are selected as dummy characters by the dummy character selection means 1b, and the dummy characters are selected by the encryption means 1a having a register value in which an initial vector is set. Encrypted. Then, a new plaintext is further encrypted using the updated register value by the encryption unit 1a, and a ciphertext 4 is output by the ciphertext output unit 1c.

  Further, according to such a decryption apparatus 2, one or more cipher values at a predetermined position of the input ciphertext 5 are selected as dummy ciphers by the dummy cipher selection unit 2b, and an initial vector is set. The dummy cipher is decrypted by the decrypting means 2a having the register value. Next, the ciphertext 5 is further decrypted using the updated register value by the decryption means 2a, and the plaintext subjected to the order conversion by the plaintext output means 2c is output. Then, the order reproducing means 2d reproduces the order of the character strings and outputs plain text 6.

  As a result, even when a large number of plaintexts having the same head part are encrypted, the order of the character strings is converted with respect to the plaintext, so that the possibility that the head parts of the ciphertexts are the same can be reduced. Further, since the initial vector is updated each time the dummy character is encrypted, even if the head part of the plaintext after the order conversion is the same, the head part of the corresponding ciphertext is not the same. Therefore, it is difficult for an attacker to guess a plaintext from a large number of ciphertexts, and it is possible to prevent a decrease in the security of the ciphers.

  Such an encryption device 1 and a decryption device 2 can be used, for example, for encryption and decryption of data stored in a database. That is, in order to prevent unauthorized access to the storage device for which the database is constructed and information leakage due to theft of the storage device, it is desirable to store each data encrypted. Here, the database may store a large amount of character data such as addresses and telephone numbers that tend to have the same leading part. In this case, even if the conventional cipher usage mode having a chain function is used, a large number of ciphertexts having the same head portion appear, which may be a clue to decryption.

Therefore, an embodiment of the present invention will be specifically described by taking an example of encryption processing for character data stored in a database.
[First Embodiment]
FIG. 2 is a diagram showing a system configuration of the present embodiment. The database system shown in FIG. 2 performs cryptographic processing on character data stored in the database. The database system according to the present embodiment includes a server 100, a database 110, a client 21, and a network 10.

  The client 21 is connected to the server 100 via the network 10. The client 21 is a computer used by the user. The server 100 is connected to the database 110. The server 100 is a computer having a management function for the database 110. Character data is encrypted and stored in the database 110.

  When using data stored in the database 110, the client 21 makes a data processing request to the server 100 through the network 10. The server 100 processes data stored in the database 110 in response to a request from the client 21. Here, in the case of data update, the server 100 encrypts character data and stores it in the database 110. In the case of data search, the server 100 decrypts the acquired ciphertext and responds to the client 21.

  As described above, the server 100 encrypts and decrypts the character data, and relays the data between the client 21 and the database 110. Note that communication between the server 100 and the client 21 can also be performed by encryption using an encryption technique such as DES or AES.

  FIG. 3 is a diagram illustrating a hardware configuration of the server. The server 100 is entirely controlled by a CPU (Central Processing Unit) 101. A random access memory (RAM) 102, a hard disk drive (HDD) 103, a graphic processing device 104, an input interface 105, a communication interface 106, and a storage device interface 107 are connected to the CPU 101 via a bus 108. .

  The RAM 102 temporarily stores at least part of an OS (Operating System) program and application programs to be executed by the CPU 101. The RAM 102 stores various data necessary for processing by the CPU 101. The HDD 103 stores an OS and application programs.

  A monitor 11 is connected to the graphic processing device 104. The graphic processing device 104 displays an image on the screen of the monitor 11 in accordance with a command from the CPU 101. A keyboard 12 and a mouse 13 are connected to the input interface 105. The input interface 105 transmits a signal sent from the keyboard 12 or the mouse 13 to the CPU 101 via the bus 108.

  The communication interface 106 is connected to the network 10. The communication interface 106 transmits / receives data to / from another computer via the network 10. The storage device interface 107 is a communication interface for inputting / outputting data to / from the database 110.

  With the hardware configuration as described above, the processing functions of the present embodiment can be realized. Although FIG. 3 shows the hardware configuration of the server 100, the client 21 can also be realized by similar hardware.

  FIG. 4 is a block diagram illustrating an example of functions of the server according to the first embodiment. The server 100 includes a database management unit 120, an initial value storage unit 131, a common key storage unit 132, a dummy position storage unit 133, an encryption unit 140, and a decryption unit 150.

  The database management unit 120 inputs / outputs data in the database 110 in response to a request from the client 21. Here, when inputting character data to the database 110, the database management unit 120 writes the character data into the database 110 via the encryption unit 140. When acquiring and outputting character data from the database 110, the database management unit 120 acquires character data in the database 110 via the decryption unit 150.

  The initial value storage unit 131 stores an initial vector used by the encryption unit 140 and the decryption unit 150 for encryption processing. The common key storage unit 132 stores a common key used by the encryption unit 140 and the decryption unit 150 for encryption processing. The dummy position storage unit 133 stores position information designating a character selected by the encryption unit 140 as a dummy character and a position of an encryption value selected by the decryption unit 150 as a dummy cipher. For example, the information that the third character or the cipher value from the last is used as a dummy character or a dummy cipher is stored.

  The encryption unit 140 encrypts the character data received from the database management unit 120 and stores it in the database 110. In the encryption, the initial value storage unit 131, the common key storage unit 132, and the dummy position storage unit 133 are referred to.

  The decryption unit 150 acquires the encrypted character data from the database 110 in response to a request from the database management unit 120, and decrypts the acquired character data. Then, the decryption unit 150 passes the decrypted character data to the database management unit 120. In the decryption, the initial value storage unit 131, the common key storage unit 132, and the dummy position storage unit 133 are referred to.

  Next, the encryption processing function of the encryption unit 140 will be described in detail. In the following, the case where the CFB mode is used as the cipher usage mode will be described first, and then a modified example where the OFB mode is used instead of the CFB mode will be described. In the first embodiment, the encryption unit is one character (in the case of Japanese, the data length is 16 bits).

  FIG. 5 is a block diagram illustrating a functional example of the encryption unit according to the first embodiment. The encryption unit 140 shown in FIG. 5 uses the CFB mode. The encryption unit 140 includes an order conversion unit 141, a shift register 142, an encryption processing unit 143, an encrypted data storage unit 144, an exclusive OR operation unit 145, a dummy character selection unit 146, and a ciphertext output unit 147. Yes.

  When the plaintext 31 is input as character data from the database management unit 120, the order conversion unit 141 converts the character order of the plaintext 31 and generates a new plaintext. Specifically, the order conversion unit 141 regards the input plain text 31 as a cyclic character string in which the head and the tail are continuous, and determines the rotation direction in which the first character and the second and subsequent characters are traced on the cyclic character string. specify. Thereby, the character string which carried out the order conversion is produced | generated. Then, the order conversion unit 141 adds designation information specifying the first character and the rotation direction to the head of the character string after the order conversion, and notifies the dummy character selection unit 146 as a new plain text.

  The shift register 142 is a register that can shift data by a predetermined number of bits each time an operation result is output from the exclusive OR operation unit 145. In the first embodiment, the data in the shift register 142 is shifted to the left by one character each time, and the operation result of the exclusive OR operation unit 145 is stored on the right side. When starting the encryption process, the initial vector stored in the initial value storage unit 131 is set in the shift register 142.

  The encryption processing unit 143 encrypts the value set in the shift register 142 using the common key stored in the common key storage unit 132. For example, DES or AES can be used as the encryption algorithm of the encryption processing performed by the encryption processing unit 143. Then, the encryption processing unit 143 stores the result of the encryption processing in the encrypted data storage unit 144.

  The exclusive OR operation unit 145 calculates the exclusive OR of the input character data and the data for one character from the beginning of the encrypted data storage unit 144. Then, the exclusive OR operation unit 145 outputs the operation result and gives it as an input to the shift register 142.

  When the new plaintext is acquired from the order conversion unit 141, the dummy character selection unit 146 acquires position information stored in the dummy position storage unit 133, and selects a character specified by the position information as a dummy character. Then, the dummy character selection unit 146 inputs the selected dummy character to the exclusive OR operation unit 145. Thereby, the exclusive OR operation unit 145 calculates and outputs the cipher value corresponding to the dummy character, and the data of the shift register 142 is updated using the output cipher value.

  Thereafter, the dummy character selection unit 146 discards the acquired encrypted value and notifies the ciphertext output unit 147 of the new plaintext acquired from the order conversion unit 141. Note that the dummy character selection unit 146 may select two or more characters as dummy characters and continuously input them to the exclusive OR operation unit 145.

  When the ciphertext output unit 147 acquires a new plaintext from the dummy character selection unit 146, the ciphertext output unit 147 inputs the new plaintext to the exclusive OR operation unit 145 character by character. As a result, the operation by the exclusive OR operation unit 145 and the update of the data in the shift register 142 are alternately performed, and an encrypted value corresponding to one new plaintext character is sequentially output. When the ciphertext output unit 147 acquires all cipher values corresponding to the new plaintext, the ciphertext output unit 147 outputs the ciphertext as the ciphertext 32 for the plaintext 31 and stores it in the database 110.

  FIG. 6 is a diagram showing an outline of the order conversion process. The order conversion unit 141 regards the input plaintext 31 as a cyclic character string as shown in FIG. That is, when the plain text 31 is composed of n characters (n is a natural number), it is considered that the first character D1 and the last character Dn are continuous. Here, the order conversion unit 141 designates any one character Dk (k is a natural number between 1 and n) in the cyclic character string as a new first character.

  Further, the order conversion unit 141 designates the rotation direction (forward / reverse direction) in which the second and subsequent characters are traced from the designated first character. For example, when the reverse direction is designated from the character Dk, character strings Dk, Dk−1,..., D1, Dn,. By changing the order of the character strings in this way, it is possible to reduce the appearance frequency of character strings having the same head part. In addition, by converting the order using the rotation of the cyclic character string, less setting information is required to reproduce the order.

  FIG. 7 is a diagram illustrating an example of progress of the encryption processing according to the first embodiment. In the example shown in FIG. 7, one dummy character D1 and the subsequent three plaintext characters D2, D3, and D4 are encrypted in the CFB mode.

  In the first state [ST11], the flow of the encryption process for the dummy character D1 is shown. At this time, an initial vector is set in the shift register 142. When the encryption process is started, first, the value in the shift register 142 is encrypted by the encryption processing unit 143 and stored in the encrypted data storage unit 144. At this time, the data for the first character of the encrypted data is X1. Next, the exclusive OR operation unit 145 calculates the exclusive OR of the data X1 for the first character in the encrypted data storage unit 144 and the dummy character D1, and obtains the encrypted value C1 as the operation result.

  The second state [ST12] shows the flow of the encryption process for the character D2. At this time, the shift register 142 is shifted one character to the left, and the previous calculation result C1 is stored on the right. In this state, the value in the shift register 142 is encrypted by the encryption processing unit 143 and stored in the encrypted data storage unit 144. At this time, the data for the first character of the encrypted data is X2. Next, the exclusive OR operation unit 145 calculates the exclusive OR of the data X2 for the first character in the encrypted data storage unit 144 and the character D2, and obtains the encrypted value C2 as the operation result.

  Thereafter, similarly, the characters D3 and D4 are sequentially encrypted. The third state [ST13] shows the flow of the encryption process for the character D3. In this example, the cipher value C3 is obtained as the operation result of the exclusive OR of X3 and D3. The fourth state [ST14] shows the flow of encryption processing for the character D4. In this example, the encrypted value C4 is obtained as the result of the exclusive OR operation between X4 and D4.

The sequence of cipher values C2, C3, and C4 obtained by the above processing is output as ciphertext 32 by the ciphertext output unit 147.
Next, encryption processing when the OFB mode is used as the encryption usage mode will be described.

  FIG. 8 is a block diagram illustrating another example of the function of the encryption unit according to the first embodiment. The encryption unit 140a shown in FIG. 8 uses the OFB mode. The encryption unit 140a includes an order conversion unit 141, a shift register 142a, an encryption processing unit 143, an encrypted data storage unit 144, an exclusive OR operation unit 145, a dummy character selection unit 146, and a ciphertext output unit 147. Yes. Since functional blocks with the same reference numerals as those of the encryption unit 140 have the same functions, descriptions thereof are omitted.

  Each time the operation result is output from the exclusive OR operation unit 145, the shift register 142a shifts the data to the left by one character, and stores the data for the first character in the encrypted data storage unit 144 on the right side. Using the data updated in this way, the encryption processing unit 143 performs the next encryption processing.

As described above, in the OFB mode, data stored on the right side of the shift register is different from that in the CFB mode.
FIG. 9 is a diagram illustrating another progress example of the encryption processing according to the first embodiment. In the example shown in FIG. 9, characters similar to those in the example of FIG. 7 are encrypted in the OFB mode.

  In the first state [ST21], the flow of encryption processing for the dummy character D1 is shown. At this time, an initial vector is set in the shift register 142a. When the encryption process is started, first, the value in the shift register 142 a is encrypted by the encryption processing unit 143 and stored in the encrypted data storage unit 144. At this time, the data for the first character of the encrypted data is X1. Next, the exclusive OR operation unit 145 calculates the exclusive OR of the data X1 for the first character in the encrypted data storage unit 144 and the dummy character D1, and obtains the encrypted value C1 as the operation result.

  The second state [ST22] shows the flow of the encryption process for the character D2. At this time, the shift register 142a is shifted to the left by one character, and data X1 for the first character in the encrypted data storage unit 144 is stored on the right. In this state, the value in the shift register 142 a is encrypted by the encryption processing unit 143 and stored in the encrypted data storage unit 144. At this time, the data for the first character of the encrypted data is X2. Next, the exclusive OR operation unit 145 calculates the exclusive OR of the data X2 for the first character in the encrypted data storage unit 144 and the character D2, and obtains the encrypted value C2 as the operation result.

  Thereafter, similarly, the characters D3 and D4 are sequentially encrypted. The third state [ST23] shows the flow of the encryption process for the character D3. In this example, the cipher value C3 is obtained as the operation result of the exclusive OR of X3 and D3. In the fourth state [ST24], the flow of the encryption process for the character D4 is shown. In this example, the encrypted value C4 is obtained as the result of the exclusive OR operation between X4 and D4.

  Next, the function of the decoding process of the decoding unit 150 will be described in detail. Hereinafter, the encryption mode will be described first in the case of the CFB mode, and then in the case of the OFB mode.

  FIG. 10 is a block diagram illustrating an exemplary function of the decoding unit according to the first embodiment. The decrypting unit 150 shown in FIG. 10 decrypts ciphertext encrypted using the CFB mode. The decryption unit 150 includes a shift register 151, an encryption processing unit 152, an encrypted data storage unit 153, an exclusive OR operation unit 154, a dummy cipher selection unit 155, a plaintext output unit 156, and an order reproduction unit 157.

  The shift register 151 is a register that can shift a predetermined number of bits of data each time an operation result is output from the exclusive OR operation unit 154. In the first embodiment, the data in the shift register 151 is shifted one character to the left each time, and the encrypted value input to the exclusive OR operation unit 154 is stored on the right side. When starting the encryption process, the initial vector stored in the initial value storage unit 131 is set in the shift register 151.

  The encryption processing unit 152 encrypts the value set in the shift register 151 using the common key stored in the common key storage unit 132. The encryption algorithm of the encryption process performed by the encryption processing unit 152 is the same as that used by the encryption unit 140. Then, the encryption processing unit 152 stores the result of the encryption processing in the encrypted data storage unit 153.

  The exclusive OR operation unit 154 calculates the exclusive OR of the input encrypted value and the data for one character from the beginning of the encrypted data storage unit 153. Then, the exclusive OR operation unit 154 outputs the operation result and provides the input encryption value as an input of the shift register 151.

  When the dummy cipher selection unit 155 acquires the ciphertext 33 from the database 110 in response to a request from the database management unit 120, the dummy cipher selection unit 155 acquires the position information stored in the dummy position storage unit 133, and the cipher specified by the position information. Select the value as a dummy cipher. Then, the dummy cipher selection unit 155 inputs the selected dummy cipher to the exclusive OR operation unit 154. As a result, the character data corresponding to the dummy cipher is calculated and output by the exclusive OR operation unit 154, and the data of the shift register 151 is updated using the dummy cipher.

Thereafter, the dummy cipher selection unit 155 discards the acquired character data and notifies the ciphertext 33 to the plaintext output unit 156.
When the plaintext output unit 156 acquires the ciphertext 33 from the dummy cipher selection unit 155, the plaintext output unit 156 inputs the ciphertext 33 to the exclusive OR operation unit 154 one character at a time. As a result, the calculation by the exclusive OR operation unit 154 and the update of the data in the shift register 151 are alternately performed, and character data corresponding to the ciphertext 33 is output character by character. When the plaintext output unit 156 acquires all the character data corresponding to the ciphertext 33, the plaintext output unit 156 notifies the sequence reproduction unit 157 of this character string.

  Upon obtaining the character string from the plaintext output unit 156, the order reproduction unit 157 performs reverse conversion on the character order converted by the order conversion unit 141 of the encryption unit 140 and reproduces the plaintext 34. Specifically, the order reproduction unit 157 extracts the designation information added to the head of the character string, and grasps the position and rotation direction of the head character. Then, the order reproduction unit 157 regards the remaining character string as a cyclic character string in which the beginning and the end are continuous, and performs an operation reverse to that of the order conversion unit 141. Thereby, the character order of the character string is reproduced. Then, the order reproduction unit 157 passes the plaintext 34 obtained by reproducing the character order to the database management unit 120.

  FIG. 11 is a diagram illustrating a progress example of the decoding process according to the first embodiment. In the example shown in FIG. 11, the dummy cipher C1 for one character and the three cipher values C2, C3, and C4 of the ciphertext that follow are decrypted in the CFB mode.

  In the first state [ST31], the flow of the decryption process for the dummy cipher C1 is shown. At this time, an initial vector is set in the shift register 151. When the decryption process is started, first, the value in the shift register 151 is encrypted by the encryption processing unit 152 and stored in the encrypted data storage unit 153. At this time, the data for the first character of the encrypted data is X1. Next, the exclusive OR operation unit 154 calculates the exclusive OR of the data X1 for the first character in the encrypted data storage unit 153 and the dummy cipher C1, and obtains the character D1 as the operation result.

  In the second state [ST32], the flow of the decryption process for the encrypted value C2 is shown. At this time, the shift register 151 is shifted to the left by one character, and the encryption value C1 input last time is stored on the right. In this state, the value in the shift register 151 is encrypted by the encryption processing unit 152 and stored in the encrypted data storage unit 153. At this time, the data for the first character of the encrypted data is X2. Next, the exclusive OR operation unit 154 calculates the exclusive OR of the data X2 for the first character in the encrypted data storage unit 153 and the encrypted value C2, and the character D2 is obtained as the operation result.

  Thereafter, similarly, the encrypted values C3 and C4 are sequentially decrypted. The third state [ST33] shows the flow of decryption processing for the encrypted value C3. In this example, the character D3 is obtained as an exclusive OR operation result of X3 and C3. In the fourth state [ST34], the flow of the decryption process for the encrypted value C4 is shown. In this example, the character D4 is obtained as the result of the exclusive OR operation between X4 and C4.

The sequence of characters D2, D3, D4 obtained by the above processing is notified to the sequence reproduction means 157 by the plaintext output unit 156 as a character string.
Next, decryption processing when the OFB mode is used as the encryption usage mode will be described.

  FIG. 12 is a block diagram illustrating another example of functions of the decoding unit according to the first embodiment. The decoding unit 150a illustrated in FIG. 12 uses the OFB mode. The decryption unit 150a includes a shift register 151a, an encryption processing unit 152, an encrypted data storage unit 153, an exclusive OR operation unit 154, a dummy cipher selection unit 155, a plaintext output unit 156, and an order reproduction unit 157. Since functional blocks with the same reference numerals as those of the decoding unit 150 have the same functions, the description thereof is omitted.

  The shift register 151a shifts the data to the left by one character each time an operation result is output from the exclusive OR operation unit 154, and stores the data for the first character in the encrypted data storage unit 153 on the right side. Using the data updated in this way, the encryption processing unit 152 performs the next encryption processing.

FIG. 13 is a diagram illustrating another progress example of the decoding process according to the first embodiment. In the example shown in FIG. 13, the same encryption value as in the example of FIG. 11 is decrypted in the OFB mode.
In the first state [ST41], the flow of the decryption process for the dummy cipher C1 is shown. At this time, an initial vector is set in the shift register 151a. When the decryption process is started, first, the value in the shift register 151 a is encrypted by the encryption processing unit 152 and stored in the encrypted data storage unit 153. At this time, the data for the first character of the encrypted data is X1. Next, the exclusive OR operation unit 154 calculates the exclusive OR of the data X1 for the first character in the encrypted data storage unit 153 and the dummy cipher C1, and obtains the character D1 as the operation result.

  In the second state [ST42], the flow of the decryption process for the encrypted value C2 is shown. At this time, the shift register 151a is shifted to the left by one character, and the data X1 for the first character in the encrypted data storage unit 153 is stored on the right. In this state, the value in the shift register 151 a is encrypted by the encryption processing unit 152 and stored in the encrypted data storage unit 153. At this time, the data for the first character of the encrypted data is X2. Next, the exclusive OR operation unit 154 calculates the exclusive OR of the data X2 for the first character in the encrypted data storage unit 153 and the encrypted value C2, and the character D2 is obtained as the operation result.

  Thereafter, similarly, the encrypted values C3 and C4 are sequentially decrypted. In the third state [ST43], the flow of the decryption process for the encrypted value C3 is shown. In this example, the character D3 is obtained as an exclusive OR operation result of X3 and C3. In the fourth state [ST44], the flow of the decryption process for the encrypted value C4 is shown. In this example, the character D4 is obtained as the result of the exclusive OR operation between X4 and C4.

  By using a server that performs such encryption processing and decryption processing, even when a large number of character data whose leading portions are likely to be the same are encrypted, the order of the character strings is converted, so that the leading portion of the ciphertext The possibility of being the same can be reduced. In addition, since the initial vector is updated every time the dummy characters are encrypted, even if the head portions of the character strings after the order conversion are the same, the head portions of the corresponding ciphertexts are not the same. Therefore, it is difficult to guess the original character string from a large number of ciphertexts stored in the database, and it is possible to efficiently prevent a decrease in the security of the encryption.

[Second Embodiment]
Next, a second embodiment will be described. The database system according to the second embodiment is configured such that the encryption process and the decryption process in the first embodiment can be performed in parallel for a plurality of characters. The system configuration of the second embodiment is the same as that of the first embodiment. Hereinafter, the details of the functions of the encryption unit that performs the encryption process and the decryption unit that performs the decryption process will be described with a focus on differences from the first embodiment.

  FIG. 14 is a block diagram illustrating an example of functions of the encryption unit according to the second embodiment. An encryption unit 140b shown in FIG. 14 corresponds to the encryption unit 140 of the first embodiment shown in FIG. 5, and uses the CFB mode. Note that functions corresponding to the order conversion unit 141, the dummy character selection unit 146, and the ciphertext output unit 147 of the encryption unit 140 are the same as those in the first embodiment, and thus functional block descriptions are omitted. .

  The shift register 142b is a register that can shift data by a predetermined number of bits. At the start of the encryption process, an initial vector stored in advance in the initial value storage unit 131 is stored in the shift register 142b. Thereafter, every time 9 characters are encrypted, the value in the shift register 142b is shifted to the left by one character. At this time, the calculation result of the exclusive OR calculation unit 145a is set at the right end.

  The encryption processing unit 143 encrypts the value in the shift register 142b using the common key stored in the common key storage unit 132. Then, the encryption processing unit 143 stores the result of the encryption processing in the encrypted data storage unit 144b. The encrypted data storage unit 144b stores the data encrypted by the encryption processing unit 143. The data stored in the encrypted data storage unit 144b is divided by one character from the beginning, and each data is input to the exclusive OR operation units 145a, 145b, 145c,.

  The exclusive OR operation units 145a, 145b, 145c,..., 145i respectively calculate exclusive OR of the data for one character input from the encrypted data storage unit 144b and the input character. Then, the exclusive OR operation units 145a, 145b, 145c,..., 145i output the respective cipher values while maintaining the correspondence order with the input characters.

  However, when performing the encryption process, it is necessary to input the plain text after the dummy character is encrypted and the data in the shift register 142b is updated without parallel processing of the dummy character and the plain text. This is because, if plain text encryption is started before the data in the shift register 142b is updated, the encryption result of the first few characters cannot be made dependent on dummy characters, and the encryption security cannot be sufficiently maintained.

  FIG. 15 is a block diagram illustrating an example of functions of the decoding unit according to the second embodiment. The decryption unit 150b illustrated in FIG. 15 corresponds to the decryption unit 150 of the first embodiment illustrated in FIG. 10, and decrypts ciphertext encrypted using the CFB mode. Note that functions corresponding to the dummy cipher selection unit 155, the plaintext output unit 156, and the order reproduction unit 157 of the decryption unit 150 are the same as those in the first embodiment, and thus functional block descriptions are omitted.

  The shift register 151b is a register that can shift data by a predetermined number of bits. At the start of the decoding process, an initial vector stored in advance in the initial value storage unit 131 is stored in the shift register 151b. Thereafter, every time 9 characters are decoded, the value in the shift register 151b is shifted to the left by one character. At that time, the first cipher value of the cipher value to be input every nine characters is set at the right end.

  The encryption processing unit 152 encrypts the value in the shift register 151 b using the common key stored in the common key storage unit 132. Then, the encryption processing unit 152 stores the result of the encryption processing in the encrypted data storage unit 153b. The encrypted data storage unit 153b stores the data encrypted by the encryption processing unit 152. The data stored in the encrypted data storage unit 153b is divided by one character from the beginning, and each data is input to the exclusive OR operation units 154a, 154b, 154c,.

  The exclusive OR operation units 154a, 154b, 154c,..., 154i calculate the exclusive OR of the one character data input from the encrypted data storage unit 153b and the input encrypted value, respectively. . Then, the exclusive OR operation units 154a, 154b, 154c,..., 154i hold the corresponding order of the decrypted characters with the input encrypted values and output them.

However, as with the encryption process, the dummy cipher and the ciphertext are not processed in parallel, and the ciphertext must be input after the dummy cipher is decrypted and the data in the shift register 151b is updated.
In the second embodiment, the maximum number of characters to be parallelized is nine characters, but any number of characters can be parallelized within a range not exceeding the bit length of data stored in the shift register 151b and the encrypted data storage unit 153b. Is possible. In the second embodiment, the encryption process and the decryption process in the case where the CFB mode is used have been described. However, as shown in the first embodiment, an encryption having another chain function such as the OFB mode. A usage mode may be used.

  By using a server that performs such encryption processing and decryption processing, the same effect as that of the server of the first embodiment can be obtained. Furthermore, by using the server of the second embodiment, the encryption process and the decryption process can be parallelized without lowering the security of the encryption, and the process can be greatly speeded up.

[Third Embodiment]
Next, a third embodiment will be described. The database system according to the third embodiment converts an input plaintext into a character code of another character code system when the plain text is encoded with a character code system, Encryption processing is performed, and the encryption result is converted back to the character code of the original character code system. Thus, the advantage of performing the encryption process using a character code system different from the plain text character code system is as follows.

  Character data is obtained by encoding characters according to a specific character code system. For example, in Shift JIS, which is a Japanese character code system, one kana or kanji character is encoded with 16 bits. Here, in many character code systems, there is a character code area to which no character is assigned. For example, in a character code system such as Shift JIS, 2 16 (= 65536) character codes can be prepared, but not all of them are actually assigned characters. Therefore, when a character code to which no character is assigned appears in the character data, the character data cannot be handled as normal character data.

  By the way, if the character code is encrypted using an encryption algorithm such as DES or AES, the encryption result is distributed over the entire range that can be expressed with a predetermined bit length, so the character code is encrypted in the character code area to which the character is assigned. The range of cryptographic results cannot be limited. Therefore, if the cipher result is stored in the database as it is, this ciphertext cannot be processed normally if the program for managing the database can handle only character data.

  Therefore, by performing the conversion / inverse conversion of the character code before and after the encryption process, the encryption result can be limited to a specific range in the entire range that can be expressed with a predetermined bit length. Specifically, the encryption process may be performed using a character code system having a bit length smaller than that of the plain text character code system. For example, since Japanese characters can be expressed in 13 bits, a 16-bit character code system may be converted to a 13-bit character code system, and encryption processing may be performed every 13 bits.

  FIG. 16 is a block diagram illustrating an example of functions of a server according to the third embodiment. The server 100c in FIG. 16 corresponds to the server 100 in the first embodiment shown in FIG. The functions of the database management unit 120, the initial value storage unit 131, the common key storage unit 132, and the dummy position storage unit 133 are the same as those in the first embodiment.

  The conversion table storage unit 134 stores a conversion table for performing conversion / inverse conversion between the first character code system and the second character code system. In the conversion table, the correspondence between the character code of the first character code system and the character code of the second character code system is set. That is, a set of character codes representing the same character is stored.

  The encryption unit 140c performs character code conversion / inverse conversion before and after the encryption process. The decoding unit 150c performs character code conversion / inverse conversion before and after the decoding process. Other functions are the same as those of the encryption unit 140 and the decryption unit 150 in the first embodiment.

  FIG. 17 is a diagram illustrating an exemplary data structure of the conversion table. The conversion table 134a is stored in the conversion table storage unit 134. In the conversion table 134a, indexes are created in the order of the character codes in the second character code system, and character codes of the first character code system corresponding to the respective indexes are stored. For example, when expressed in hexadecimal, “0” and “82A0” (A), “1” and “82A2” (I), “2” and “82A4” (U), “3” and “82A6” ( D) “4” and “82A8” (O) are associated with each other. The arrangement order of the character codes may be any order as long as the two character codes correspond one-to-one.

  FIG. 18 is a block diagram illustrating an example of functions of the encryption unit according to the third embodiment. The encryption unit 140c corresponds to the encryption unit 140 of the first embodiment shown in FIG. 5, and uses the CFB mode. The functional blocks with the same reference numerals as those of the encryption unit 140 have the same functions and will not be described.

  When the character code conversion unit 148 obtains a new plaintext from the order conversion unit 141, the character code conversion unit 148 refers to the conversion table 134a stored in the conversion table storage unit 134 and generates a new code encoded with the first character code system. Each character code in plain text is converted into a corresponding character code in the second character code system. Then, the character code conversion unit 148 inputs a new plain text encoded with the second character code system to the dummy character selection unit 146.

  The exclusive OR operation unit 145 performs an exclusive OR operation on the character codes of the second character code system. That is, the encryption unit is the bit length of the second character code system. Each encrypted value to be output is the same value as any one character code of the second character code system.

  When the character code reverse conversion unit 149 acquires the ciphertext composed of the character codes of the second character code system from the ciphertext output unit 148, the character code reverse conversion unit 149 refers to the conversion table 134a stored in the conversion table storage unit 134, Each character code of the acquired ciphertext is converted into a corresponding character code of the first character code system. And the ciphertext 32c comprised by the character code of a 1st character code system is output.

  FIG. 19 is a block diagram illustrating a functional example of the decoding unit according to the third embodiment. The decoding unit 150c corresponds to the decoding unit 150 of the first embodiment illustrated in FIG. 10, and uses the CFB mode. The functional blocks with the same reference numerals as those of the decoding unit 150 have the same functions and will not be described.

  When the character code conversion unit 158 obtains the ciphertext 33c encrypted by the encryption unit 140c, the character code conversion unit 158 refers to the conversion table 134a stored in the conversion table storage unit 134 and uses the character code of the first character code system. Each cipher value of the composed ciphertext 33c is converted into a corresponding character code of the second character code system. Then, the character code conversion unit 158 inputs the ciphertext composed of the character codes of the second character code system to the dummy cipher selection unit 155.

  The exclusive OR operation unit 154 performs an exclusive OR operation on the character codes of the second character code system. That is, the encryption unit is the bit length of the second character code system. Each character to be output is encoded by the second character code system.

  When the character code reverse conversion unit 159 acquires the character string encoded by the second character code system from the plaintext output unit 156, the character code reverse conversion unit 159 refers to the conversion table 134a stored in the conversion table storage unit 134 and acquires the acquired character. Each character code of the column is converted into a corresponding character code of the first character code system. Then, the sequence reproduction unit 157 is notified of the character string encoded by the first character code system.

  In the third embodiment, the encryption process and the decryption process in the case of using the CFB mode have been described. However, as shown in the first embodiment, an encryption having another chain function such as the OFB mode. A usage mode may be used.

  By using a server that performs such encryption processing and decryption processing, the same effect as that of the server of the first embodiment can be obtained. Furthermore, by using the server of the third embodiment, it is possible to limit each cipher value of the output ciphertext within a predetermined range without deteriorating the security of the cipher. Can handle ciphertext. Further, the data length of the ciphertext can be made the same as the data length of the plaintext.

  The above processing functions can be realized by a computer. In that case, a program describing the processing contents of the functions that the server should have is provided. By executing the program on a computer, the above processing functions are realized on the computer. The program describing the processing contents can be recorded on a computer-readable recording medium. Examples of the computer-readable recording medium include a magnetic recording device, an optical disk, a magneto-optical recording medium, and a semiconductor memory. Examples of the magnetic recording device include a hard disk device (HDD), a flexible disk (FD), and a magnetic tape. Optical discs include DVD (Digital Versatile Disc), DVD-RAM, CD-ROM (Compact Disc-Read Only Memory), CD-R (Recordable) / RW (ReWritable), and the like. Magneto-optical recording media include MO (Magneto-Optical disk).

  When distributing the program, for example, portable recording media such as a DVD and a CD-ROM on which the program is recorded are sold. It is also possible to store the program in a storage device of a server computer and transfer the program from the server computer to another computer via a network.

  The computer that executes the program stores, for example, the program recorded on the portable recording medium or the program transferred from the server computer in its own storage device. Then, the computer reads the program from its own storage device and executes processing according to the program. The computer can also read the program directly from the portable recording medium and execute processing according to the program. In addition, each time the program is transferred from the server computer, the computer can sequentially execute processing according to the received program.

The present invention is not limited to the above-described embodiment, and various modifications can be made without departing from the gist of the present invention.
The main technical features of the embodiment described above are as follows.

(Supplementary Note 1) In a cryptographic processing program that performs cryptographic processing using a cryptographic usage mode having a chain function,
Computer
The register having an initial vector as a register value in advance, and obtaining the encryption source data, the register using the value obtained by character encryption and encryption processing using the register value according to the predetermined encryption usage mode Encryption means for generating encrypted data having a dependency relationship between encryption units by repeatedly updating the value;
When plaintext is input, one or more characters at a predetermined position in the plaintext are selected as dummy characters, the dummy characters are input as encryption source data to the encryption means, and the obtained encrypted data is Dummy character selection means to be discarded,
When the register value of the encryption unit is updated by encryption of the dummy character, the plaintext is then input to the encryption unit as encryption source data, and the obtained encrypted data is output as ciphertext Ciphertext output means,
A cryptographic processing program characterized by functioning as

(Supplementary note 2) The encryption processing program according to supplementary note 1, wherein the encryption unit encrypts a plurality of characters by parallel processing for one register value.
(Supplementary note 3)
When the plaintext is input, the plaintext is regarded as a cyclic character string in which a head and a tail are continuous, one character on the cyclic character string is designated as a new head, and a character starting from the designated new head Order conversion means for generating a new plaintext in which the order has been converted,
Function as
The dummy character selection means and the ciphertext output means regard the new plaintext as the plaintext and perform an encryption process.
The cryptographic processing program according to supplementary note 1, characterized in that:

(Additional remark 4) The said order conversion means adds the said new head designation | designated information to the said new plaintext, The encryption processing program of Additional remark 3 characterized by the above-mentioned.
(Supplementary Note 5)
Character code information storage means for storing a one-to-one correspondence between a character code of the first character code system and a character code of the second character code system;
A character code conversion means for referring to the character code information storage means and converting the plain text to the second character code system when the plain text encoded in the first character code system is input;
When the ciphertext encoded with the second character code system is generated, the character code reverse conversion unit converts the ciphertext into the first character code system with reference to the character code information storage unit ,
Function as
The encryption means encrypts encryption source data composed of character codes of the second character code system into encrypted data composed of character codes of the second character code system;
The cryptographic processing program according to supplementary note 1, characterized in that:

(Supplementary note 6)
The register value has the same initial vector as that of the encryption unit in advance, and when the encrypted data is acquired, according to the encryption usage mode same as that of the encryption unit, Decoding means for generating decoded data by repeating decoding and updating of the register value using a value obtained by decoding processing;
When the ciphertext is input, one or two or more cipher values at the predetermined position of the ciphertext are selected as a dummy cipher, and the dummy cipher is input to the decryption means as encrypted data. A dummy cipher selection means for discarding the decrypted data;
When the register value of the decryption unit is updated by decryption of the dummy cipher, the ciphertext is then input to the decryption unit as encrypted data, and the obtained decrypted data is output as the plaintext. ,
The cryptographic processing program according to supplementary note 1, wherein the cryptographic processing program is made to function as:

(Supplementary Note 7) In a cryptographic processing method for performing cryptographic processing using a cryptographic usage mode having a chain function,
When plaintext is input, one or more characters at a predetermined position of the plaintext are selected as dummy characters,
The dummy character is encrypted using an initial vector preset as a register value in accordance with the predetermined encryption usage mode, the register value is updated using a value obtained by an encryption process, and the dummy character is Discard the corresponding encrypted data,
After the register value is updated by encryption of the dummy character, according to the encryption usage mode, the encryption of the character using the register value and the update of the register value using the value obtained by the encryption process are performed. By repeating, generate encrypted data with dependency between encryption units and output as ciphertext,
And a cryptographic processing method.

(Supplementary Note 8) In a cryptographic processing apparatus that performs cryptographic processing using a cryptographic usage mode having a chain function,
The register having an initial vector as a register value in advance, and obtaining the encryption source data, the register using the value obtained by character encryption and encryption processing using the register value according to the predetermined encryption usage mode Encryption means for generating encrypted data having a dependency relationship between encryption units by repeatedly updating the value;
When plaintext is input, one or more characters at a predetermined position in the plaintext are selected as dummy characters, the dummy characters are input as encryption source data to the encryption means, and the obtained encrypted data is A dummy character selection means to be discarded;
When the register value of the encryption unit is updated by encryption of the dummy character, the plaintext is then input to the encryption unit as encryption source data, and the obtained encrypted data is output as ciphertext Ciphertext output means;
A cryptographic processing device comprising:

It is a figure which shows the outline | summary of this Embodiment. It is a figure which shows the system configuration | structure of this Embodiment. It is a figure which shows the hardware constitutions of a server. It is a block diagram which shows the function example of the server of 1st Embodiment. It is a block diagram which shows the function example of the encryption part of 1st Embodiment. It is a figure which shows the outline | summary of an order conversion process. It is a figure which shows the example of advancing of the encryption process of 1st Embodiment. It is a block diagram which shows the other function example of the encryption part of 1st Embodiment. It is a figure which shows the other example of advancing of the encryption process of 1st Embodiment. It is a block diagram which shows the function example of the decoding part of 1st Embodiment. It is a figure which shows the progress example of the decoding process of 1st Embodiment. It is a block diagram which shows the other function example of the decoding part of 1st Embodiment. It is a figure which shows the other progress example of the decoding process of 1st Embodiment. It is a block diagram which shows the function example of the encryption part of 2nd Embodiment. It is a block diagram which shows the function example of the decoding part of 2nd Embodiment. It is a block diagram which shows the function example of the server of 3rd Embodiment. It is a figure which shows the example of a data structure of a conversion table. It is a block diagram which shows the function example of the encryption part of 3rd Embodiment. It is a block diagram which shows the function example of the decoding part of 3rd Embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Encryption apparatus 1a Encryption means 1b Dummy character selection means 1c Ciphertext output means 1d Order conversion means 2 Decryption device 2a Decryption means 2b Dummy cipher selection means 2c Plaintext output means 2d Order reproduction means 3,6 Plaintext 4,5 Ciphertext

Claims (5)

In a cryptographic processing program that performs cryptographic processing using a cryptographic usage mode having a chain function,
Computer
The register having an initial vector as a register value in advance, and obtaining the encryption source data, the register using the value obtained by character encryption and encryption processing using the register value according to the predetermined encryption usage mode Encryption means for generating encrypted data having a dependency relationship between encryption units by repeatedly updating the value;
When plaintext is input, one or more characters at a predetermined position in the plaintext are selected as dummy characters, the dummy characters are input as encryption source data to the encryption means, and the obtained encrypted data is Dummy character selection means to be discarded,
When the register value of the encryption unit is updated by encryption of the dummy character, the plaintext is then input to the encryption unit as encryption source data, and the obtained encrypted data is output as ciphertext Ciphertext output means,
A cryptographic processing program characterized by functioning as Said computer further
When the plaintext is input, the plaintext is regarded as a cyclic character string in which a head and a tail are continuous, one character on the cyclic character string is designated as a new head, and a character starting from the designated new head Order conversion means for generating a new plaintext in which the order has been converted,
Function as
The dummy character selection means and the ciphertext output means regard the new plaintext as the plaintext and perform an encryption process.
The cryptographic processing program according to claim 1. Said computer further
Character code information storage means for storing a one-to-one correspondence between a character code of the first character code system and a character code of the second character code system;
A character code conversion means for referring to the character code information storage means and converting the plain text to the second character code system when the plain text encoded in the first character code system is input;
When the ciphertext encoded with the second character code system is generated, the character code reverse conversion unit converts the ciphertext into the first character code system with reference to the character code information storage unit ,
Function as
The encryption means encrypts encryption source data composed of character codes of the second character code system into encrypted data composed of character codes of the second character code system;
The cryptographic processing program according to claim 1. Said computer further
The register value has the same initial vector as that of the encryption unit in advance, and when the encrypted data is acquired, according to the encryption usage mode same as that of the encryption unit, Decoding means for generating decoded data by repeating decoding and updating of the register value using a value obtained by decoding processing;
When the ciphertext is input, one or two or more cipher values at the predetermined position of the ciphertext are selected as a dummy cipher, and the dummy cipher is input to the decryption means as encrypted data. A dummy cipher selection means for discarding the decrypted data;
When the register value of the decryption unit is updated by decryption of the dummy cipher, the ciphertext is then input to the decryption unit as encrypted data, and the obtained decrypted data is output as the plaintext. ,
The cryptographic processing program according to claim 1, wherein the cryptographic processing program is made to function as: In a cryptographic processing method for performing cryptographic processing using a cryptographic usage mode having a chain function,
When plaintext is input, one or more characters at a predetermined position of the plaintext are selected as dummy characters,
The dummy character is encrypted using an initial vector preset as a register value in accordance with the predetermined encryption usage mode, the register value is updated using a value obtained by an encryption process, and the dummy character is Discard the corresponding encrypted data,
After the register value is updated by encryption of the dummy character, according to the encryption usage mode, the encryption of the character using the register value and the update of the register value using the value obtained by the encryption process are performed. By repeating, generate encrypted data with dependency between encryption units and output as ciphertext,
And a cryptographic processing method.

Images