JP2013097161A - Algorithm variable mac generation device, algorithm variable hash function generation device, algorithm variable mac generation method, algorithm variable hash function generation method and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an algorithm variable MAC generation device, an algorithm variable hash function generation device, an algorithm variable MAC generation method, an algorithm variable hash function generation method and a program which can change algorithm by bit information of a key while ensuring security.SOLUTION: An algorithm variable MAC generation device 1 comprises a round function processing part 100 which executes prescribed processing once or more to each of a plurality of data groups in which inputted data is delimited by a prescribed bit, and a termination processing part 200 which executes exclusive OR operation to the plurality of data groups to which processing is executed in the round function processing part 100 and generates MAC with a prescribed length. The round function processing part 100 is composed of a part in which algorithm changes corresponding to bit information of an inputted key and a part in which algorithm is always fixed.

Description

  The present invention relates to an algorithm variable MAC generation device, an algorithm variable hash function generation device, an algorithm variable MAC generation method, an algorithm variable hash function generation method, and a program that change an algorithm while ensuring safety.

  In recent years, various services using computers have been provided due to the remarkable spread of the Internet. Many of the services provided in this way use a MAC (Message Authentication Code) algorithm and a hash function that can detect whether or not data has been tampered with in order to realize mutual authentication between a sender and a receiver. ing.

  By the way, in recent years, the encryption algorithm is kept safe by keeping the key secret even if the algorithm is disclosed, and since the reliability can be improved by releasing the algorithm, the public algorithm is generally used. Is. For example, in the MAC algorithm, the AES-CMAC algorithm is disclosed (for example, see Non-Patent Document 1), and the SHA-224 algorithm is disclosed in a hash function (for example, see Non-Patent Document 2). On the other hand, among encryption algorithms, there is also a secret type algorithm that conceals the algorithm in order to ensure safety.

JH. Song, R.A. Poovendran, J. et al. Lee, T .; Iwata, The AES-CMAC Algorithm, Request for Comments: 4493, http: // tools. ietf. org / html / rfc4493 [searched October 28, 2011] R. Houseley, A 224-bit One-way Hash Function: SHA-224, Request for Comments: 3874, http: // tools. ietf. org / html / rfc3874 [retrieved on October 28, 2011]

  However, in the case of a secret type algorithm, there is a problem that once the algorithm is broken, it cannot be used again. Therefore, in the case of a secret type algorithm, there has been a demand for variable algorithm encryption that changes the algorithm without considering the algorithm in consideration of reverse engineering. However, in the MAC algorithm and the hash function, even if only a part of the circuit is changed, it is extremely difficult to change the algorithm because detailed verification by an expert is required to ensure safety. There was a problem that.

  Therefore, the present invention has been made in view of the above-described problems, and an algorithm variable MAC generation device and algorithm variable hash function generation capable of changing an algorithm according to key bit information while ensuring safety. An object is to provide an apparatus, an algorithm variable MAC generation method, an algorithm variable hash function generation method, and a program.

  The present invention proposes the following matters in order to solve the above problems. In addition, in order to make an understanding easy, although the code | symbol corresponding to embodiment of this invention is attached | subjected and demonstrated, it is not limited to this.

  (1) The present invention is a round function processing means for executing predetermined processing at least once for each of a plurality of data groups obtained by dividing input data into predetermined bits (for example, equivalent to the round function processing unit 100 in FIG. 1). And a termination processing unit (for example, the termination processing unit 200 in FIG. 1) that performs an exclusive OR operation on a plurality of data groups processed by the round function processing unit and generates a predetermined length MAC. And the round function processing means is composed of a part where the algorithm is variable according to bit information of the input key and a part where the algorithm is always fixed. A MAC generator is proposed.

  According to the present invention, the round function processing means includes a part in which the algorithm is variable according to the bit information of the input key and a part in which the algorithm is always fixed, and a plurality of pieces of input data divided into predetermined bits. A predetermined process is executed at least once for each data group. The termination processing unit performs an exclusive OR operation on the plurality of data groups processed by the round function processing unit to generate a MAC having a predetermined length. Therefore, safety can be ensured by the round function processing means comprising the part where the algorithm is changed by the bit information of the key and the fixed part where the algorithm is not always changed. In addition, by providing the termination processing means, it is possible to ensure unidirectionality that is a characteristic of the MAC.

  (2) In the algorithm variable MAC generation device according to (1), the present invention provides a cyclic shift of bits determined by the round function processing unit according to bit information of the key for each of the plurality of divided data groups. Cyclic shift means (for example, equivalent to the cyclic shift units 110a to 110d in FIG. 1) and one end of a plurality of data groups connected to the cyclic shift means and subjected to cyclic shift by the cyclic shift means. In order from the data group to the other end data group, an exclusive OR operation is performed on the adjacent data group, and when the other end data group is reached, the other end data group starts from the other end data group. Exclusive OR operation means (for example, exclusive OR operation units 120a to 120 in FIG. 1) that performs an exclusive OR operation on a data group located adjacent to one end data group. 1), an operation determining means (for example, corresponding to the switch units 130a to 130f in FIG. 1) for determining whether or not the exclusive OR operation means is executed according to the bit information of the key, and the exclusive And agitation means (for example, equivalent to the agitation units 140a to 140d in FIG. 1) that performs nonlinear replacement and linear transformation on each of a plurality of data groups output from the logical OR operation means, and the cyclic shift means, the exclusive An algorithm variable MAC generating apparatus is proposed in which the processes of the logical OR operation means, the operation determination means, and the stirring means are executed a predetermined number of times.

  According to this invention, the cyclic shift means performs a cyclic shift of bits determined according to the bit information of the key for each of the plurality of divided data groups. The exclusive OR operation means is connected to the cyclic shift means and is located next to each other in order from the data group at one end to the data group at the other end of the plurality of data groups subjected to the cyclic shift by the cyclic shift means. When an exclusive OR operation is performed on a data group and the data group at the other end is reached, exclusive logic is performed on the data group located next to the data group at the other end from the data group at the other end. Perform a sum operation. The operation determining means determines whether or not the operation by the exclusive OR operation means is executed according to the bit information of the key. The agitation unit performs non-linear replacement and linear conversion on each of the plurality of data groups output from the exclusive OR operation unit. Then, the round function processing unit executes the processes of the cyclic shift unit, the exclusive OR calculation unit, the calculation determination unit, and the stirring unit a predetermined number of times. Therefore, by configuring the variable part of the algorithm with a cyclic shift means that does not affect safety and performance, an exclusive OR operation means, and an operation determination means, even if the algorithm is varied according to the bit information of the key, Safety and performance can be ensured.

  (3) The present invention relates to the algorithm variable MAC generation device according to (2), wherein the round function processing unit outputs a plurality of outputs from the exclusive OR operation unit before executing the processing of the stirring unit. An algorithm variable type MAC generating apparatus characterized by cyclically shifting data groups in units of data groups has been proposed.

  According to this invention, the round function processing means cyclically shifts a plurality of data groups output from the exclusive OR operation means in units of data groups before executing the processing of the agitation means. Therefore, it is possible to ensure higher safety by cyclically shifting a plurality of data groups in units of data groups, that is, by changing the order of the data groups.

  (4) The present invention relates to the algorithm variable MAC generation device according to (2) or (3), wherein the calculation determining means uses the bit information at a predetermined position of the key that is “1” or “0”. An algorithm variable MAC generating device is proposed that determines whether or not to execute an operation in a logical OR operation means.

  According to this invention, the operation determining means determines the execution of the operation in the exclusive OR operation means based on the bit information at a predetermined position of the key that is “1” or “0”. Therefore, the presence / absence of the operation in the exclusive OR operation means can be determined by the bit information at the predetermined position of the key.

  (5) The present invention provides the variable algorithm according to (2) to (4), wherein the agitation means performs non-linear replacement and linear conversion using an AES round function. Type MAC generator is proposed.

  According to the present invention, the agitation means performs nonlinear replacement and linear transformation using the AES round function. Therefore, by using an AES round function that ensures a certain level of security, higher security can be ensured in the algorithm variable MAC generation device.

  (6) The present invention is a round function processing means (for example, equivalent to the round function processing unit 100 in FIG. 1) that executes predetermined processing at least once for each of a plurality of data groups obtained by dividing input data into predetermined bits. And a termination processing unit (for example, termination processing unit 200 in FIG. 1) that performs an exclusive OR operation on the plurality of data groups processed by the round function processing unit to generate a hash function having a predetermined length. And the round function processing means is composed of a part in which the algorithm is variable according to bit information of an arbitrary fixed value input, and a part in which the algorithm is always fixed. We propose an algorithm variable hash function generator.

  According to the present invention, the round function processing means is composed of a portion where the algorithm is variable in accordance with bit information of an arbitrary fixed value inputted and a portion where the algorithm is always fixed, and the input data is inputted every predetermined bit. A predetermined process is executed once or more for each of the plurality of divided data groups. The termination processing unit performs an exclusive OR operation on the plurality of data groups processed by the round function processing unit to generate a hash function having a predetermined length. Therefore, safety can be ensured by the round function processing means comprising a part where the algorithm is changed by bit information of an arbitrary fixed value and a fixed part where the algorithm is not always changed. Further, by providing the termination processing means, it is possible to ensure the unidirectionality that is the characteristic of the hash function.

  (7) The present invention executes a predetermined process one or more times, and includes a round function processing means comprising a cyclic shift means, an exclusive OR operation means connected to the cyclic shift means, an operation determination means, and a stirring means, And an algorithm variable MAC generation method in an algorithm variable MAC generation apparatus configured by termination processing means, wherein the cyclic shift means is input to each of a plurality of data groups obtained by dividing input data into predetermined bits. A first step (for example, step S1 in FIG. 4) for performing a cyclic shift of the bit determined according to the bit information of the key, and whether or not the operation determination unit performs the operation by the exclusive OR operation unit A second step (for example, step S2 in FIG. 4) determined according to the bit information of the key, and the exclusive OR operation means include the first step In order from the data group at one end to the data group at the other end of the plurality of data groups subjected to the cyclic shift in the first step, based on whether or not the operation determined in the step is performed. When the exclusive OR operation is performed on the data group located and the data group at the other end is reached, the data located next to the data group at the other end in order from the data group at the other end A third step of performing an exclusive OR operation on the group (for example, step S3 in FIG. 4), and the agitation means performs non-linear replacement on each of the plurality of data groups output from the third step. A fourth step (for example, step S4 in FIG. 4) for performing linear transformation, and the round function processing means uses the plurality of data groups output from the fourth step as the input data, and the first step. A fifth step (for example, step S5 in FIG. 4) for executing the processing from the step to the fourth step a predetermined number of times, and the termination processing means from the fourth step after the fifth step A sixth variable (for example, step S6 in FIG. 4) that performs an exclusive OR operation on the plurality of output data groups to generate a MAC having a predetermined length. A type MAC generation method is proposed.

  According to this invention, the algorithm variable MAC generation device executes predetermined processing one or more times, and includes a cyclic shift unit, an exclusive OR operation unit connected to the cyclic shift unit, an operation determination unit, and an agitation unit. Round function processing means and termination processing means. First, in a first step, the cyclic shift means performs a cyclic shift of bits determined according to bit information of an input key for each of a plurality of data groups obtained by dividing input data into predetermined bits. Next, in the second step, the operation determining means determines whether or not the exclusive OR operation means is to be executed according to the bit information of the key. Next, in the third step, the exclusive OR operation means determines whether or not the plurality of data groups subjected to the cyclic shift in the first step based on the execution of the operation determined in the second step. In order from one end data group to the other end data group, an exclusive OR operation is performed on the adjacent data group, and when the other end data group is reached, the other end data group To the data group at one end in order, an exclusive OR operation is performed on the adjacent data group. Next, in the fourth step, the agitation means performs nonlinear replacement and linear transformation on each of the plurality of data groups output from the third step. Next, in the fifth step, the round function processing means executes the processing from the first step to the fourth step a predetermined number of times using the plurality of data groups output from the fourth step as input data. Next, in the sixth step, the termination processing means performs an exclusive OR operation on the plurality of data groups output from the fourth step after the fifth step, and obtains a MAC having a predetermined length. Generate. Therefore, safety can be ensured by the round function processing means comprising the part where the algorithm is changed by the bit information of the key and the fixed part where the algorithm is not always changed. In addition, by providing the termination processing means, it is possible to ensure unidirectionality that is a characteristic of the MAC.

  (8) The present invention executes a predetermined process one or more times, and includes a round function processing means comprising a cyclic shift means, an exclusive OR operation means connected to the cyclic shift means, an operation determination means, and a stirring means, And an algorithm variable hash function generation method in an algorithm variable hash function generation device configured by termination processing means, wherein the cyclic shift means inputs each of a plurality of data groups obtained by dividing input data into predetermined bits. A first step (for example, step S1 in FIG. 4) for performing a cyclic shift of the bit determined according to the bit information of an arbitrary fixed value to be performed, and the operation determining means performs an operation by the exclusive OR operation means A second step (for example, step S2 in FIG. 4) for determining whether or not to execute according to the bit information of the fixed value, and the exclusive The logical sum operation means, based on whether or not the operation determined in the second step is executed, from the data group at one end of the plurality of data groups subjected to the cyclic shift in the first step to the other The exclusive OR operation is performed on the adjacent data group in order up to the data group at the end, and when the data group at the other end is reached, the data at the one end from the data group at the other end A third step (for example, step S3 in FIG. 4) for performing an exclusive OR operation on the adjacent data group in order up to the group, and the stirring means are output from the third step. A fourth step (for example, step S4 in FIG. 4) for performing non-linear replacement and linear transformation on each of the plurality of data groups, and the round function processing means outputs the plurality of data groups output from the fourth step input As data, a fifth step (for example, step S5 in FIG. 4) for executing the processing from the first step to the fourth step a predetermined number of times, and the termination processing means after the fifth step A sixth step (for example, step S6 in FIG. 4) that performs an exclusive OR operation on the plurality of data groups output from the fourth step to generate a hash function of a predetermined length, This paper proposes an algorithm variable hash function generation method characterized in that

  According to this invention, the algorithm variable hash function generation device executes predetermined processing one or more times, and performs cyclic shift means, exclusive OR operation means connected to the cyclic shift means, operation determination means, and agitation means. The round function processing means and the termination processing means. First, in the first step, the cyclic shift means performs cyclic shift of bits determined according to bit information of an arbitrary fixed value inputted to each of a plurality of data groups obtained by dividing input data into predetermined bits. . Next, in the second step, the operation determining means determines whether or not the operation by the exclusive OR operation means is performed according to the fixed bit information. Next, in the third step, the exclusive OR operation means determines whether or not the plurality of data groups subjected to the cyclic shift in the first step based on the execution of the operation determined in the second step. In order from one end data group to the other end data group, an exclusive OR operation is performed on the adjacent data group, and when the other end data group is reached, the other end data group To the data group at one end in order, an exclusive OR operation is performed on the adjacent data group. Next, in the fourth step, the agitation means performs nonlinear replacement and linear transformation on each of the plurality of data groups output from the third step. Next, in the fifth step, the round function processing means executes the processing from the first step to the fourth step a predetermined number of times using the plurality of data groups output from the fourth step as input data. Next, in a sixth step, the termination processing means performs an exclusive OR operation on the plurality of data groups output from the fourth step after the fifth step, and a hash function having a predetermined length Is generated. Therefore, safety can be ensured by the round function processing means comprising a part where the algorithm is changed by bit information of an arbitrary fixed value and a fixed part where the algorithm is not always changed. Further, by providing the termination processing means, it is possible to ensure the unidirectionality that is the characteristic of the hash function.

  (9) The present invention executes a predetermined process one or more times, and a round function processing means comprising a cyclic shift means, an exclusive OR operation means connected to the cyclic shift means, an operation determination means, and a stirring means, In addition, a program for causing a computer to execute an algorithm variable MAC generation method in an algorithm variable MAC generation apparatus configured by termination processing means, wherein the cyclic shift means includes a plurality of data groups in which input data is divided into predetermined bits A first step (for example, step S1 in FIG. 4) for performing a cyclic shift of a bit determined according to the bit information of the input key, and the operation determination means are performed by the exclusive OR operation means. A second step (for example, step S2 in FIG. 4) for determining whether or not to perform an operation according to the bit information of the key; A data group at one end of the plurality of data groups on which the cyclic shift is performed in the first step based on whether or not the exclusive OR operation means performs the operation determined in the second step To the other end data group, the exclusive OR operation is performed on the adjacent data group, and when the other end data group is reached, the other end data group starts to the one end data group. A third step (for example, step S3 in FIG. 4) for performing an exclusive OR operation on the adjacent data group in order up to the end data group, and the stirring means from the third step A fourth step (for example, step S4 in FIG. 4) for performing non-linear replacement and linear transformation on each of the plurality of output data groups, and the round function processing means, a plurality of data output from the fourth step group As the input data, a fifth step (for example, step S5 in FIG. 4) for executing the processing from the first step to the fourth step a predetermined number of times, and the termination processing means, After the step, a sixth step (for example, step S6 in FIG. 4) that performs an exclusive OR operation on the plurality of data groups output from the fourth step to generate a predetermined length MAC; A program for causing a computer to execute is proposed.

  According to this invention, the algorithm variable MAC generation device executes predetermined processing one or more times, and includes a cyclic shift unit, an exclusive OR operation unit connected to the cyclic shift unit, an operation determination unit, and an agitation unit. Round function processing means and termination processing means. First, in a first step, the cyclic shift means performs a cyclic shift of bits determined according to bit information of an input key for each of a plurality of data groups obtained by dividing input data into predetermined bits. Next, in the second step, the operation determining means determines whether or not the exclusive OR operation means is to be executed according to the bit information of the key. Next, in the third step, the exclusive OR operation means determines whether or not the plurality of data groups subjected to the cyclic shift in the first step based on the execution of the operation determined in the second step. In order from one end data group to the other end data group, an exclusive OR operation is performed on the adjacent data group, and when the other end data group is reached, the other end data group To the data group at one end in order, an exclusive OR operation is performed on the adjacent data group. Next, in the fourth step, the agitation means performs nonlinear replacement and linear transformation on each of the plurality of data groups output from the third step. Next, in the fifth step, the round function processing means executes the processing from the first step to the fourth step a predetermined number of times using the plurality of data groups output from the fourth step as input data. Next, in the sixth step, the termination processing means performs an exclusive OR operation on the plurality of data groups output from the fourth step after the fifth step, and obtains a MAC having a predetermined length. Generate. Therefore, safety can be ensured by the round function processing means comprising the part where the algorithm is changed by the bit information of the key and the fixed part where the algorithm is not always changed. In addition, by providing the termination processing means, it is possible to ensure unidirectionality that is a characteristic of the MAC.

  (10) The present invention executes a predetermined process one or more times, and includes a round function processing means comprising a cyclic shift means, an exclusive OR operation means connected to the cyclic shift means, an operation determination means, and a stirring means, In addition, a program that causes a computer to execute an algorithm variable hash function generation method in an algorithm variable hash function generation device configured by termination processing means, wherein the cyclic shift means includes a plurality of input data divided into predetermined bits. A first step (for example, step S1 in FIG. 4) for performing a cyclic shift of bits determined according to bit information of an arbitrary fixed value input to each data group; A second step of determining whether or not to execute an operation by an OR operation means according to the bit information of the fixed value (example) For example, step S2) of FIG. 4 and the exclusive OR operation means is a plurality of the cyclic shifts performed in the first step based on whether or not the operation determined in the second step is executed. In order from the data group at one end of the data group to the data group at the other end, an exclusive OR operation is performed on the adjacent data group, and when the data group at the other end is reached, A third step (for example, step S3 in FIG. 4) for performing an exclusive OR operation on the adjacent data group in order from the other end data group to the one end data group; A fourth step (eg, step S4 in FIG. 4) in which the agitation unit performs nonlinear replacement and linear transformation on each of the plurality of data groups output from the third step, and the round function processing unit includes the first step. 4 steps A fifth step (for example, step S5 in FIG. 4) for executing the processing from the first step to the fourth step a predetermined number of times using the plurality of data groups output from the input data, and the termination A sixth step (6) in which the processing means performs an exclusive OR operation on the plurality of data groups output from the fourth step after the fifth step to generate a hash function having a predetermined length. For example, a program for causing a computer to execute step S6) of FIG. 4 is proposed.

  According to this invention, the algorithm variable hash function generation device executes predetermined processing one or more times, and performs cyclic shift means, exclusive OR operation means connected to the cyclic shift means, operation determination means, and agitation means. The round function processing means and the termination processing means. First, in the first step, the cyclic shift means performs cyclic shift of bits determined according to bit information of an arbitrary fixed value inputted to each of a plurality of data groups obtained by dividing input data into predetermined bits. . Next, in the second step, the operation determining means determines whether or not the operation by the exclusive OR operation means is performed according to the fixed bit information. Next, in the third step, the exclusive OR operation means determines whether or not the plurality of data groups subjected to the cyclic shift in the first step based on the execution of the operation determined in the second step. In order from one end data group to the other end data group, an exclusive OR operation is performed on the adjacent data group, and when the other end data group is reached, the other end data group To the data group at one end in order, an exclusive OR operation is performed on the adjacent data group. Next, in the fourth step, the agitation means performs nonlinear replacement and linear transformation on each of the plurality of data groups output from the third step. Next, in the fifth step, the round function processing means executes the processing from the first step to the fourth step a predetermined number of times using the plurality of data groups output from the fourth step as input data. Next, in a sixth step, the termination processing means performs an exclusive OR operation on the plurality of data groups output from the fourth step after the fifth step, and a hash function having a predetermined length Is generated. Therefore, safety can be ensured by the round function processing means comprising a part where the algorithm is changed by bit information of an arbitrary fixed value and a fixed part where the algorithm is not always changed. Further, by providing the termination processing means, it is possible to ensure the unidirectionality that is the characteristic of the hash function.

  According to the present invention, it is possible to make an algorithm variable by using bit information of a key or bit information of an arbitrary fixed value while ensuring safety.

It is a figure which shows the function structure of the algorithm variable type MAC production | generation apparatus which concerns on this embodiment. It is a table | surface which shows a response | compatibility with the key bit information of the MAC key which concerns on this embodiment, cyclic shift part N1-N4, and switch part S1-S6. It is a figure which shows the process of the termination | terminus process part which concerns on this embodiment. It is a flowchart of the algorithm variable type MAC production | generation process of the algorithm variable type MAC production | generation apparatus which concerns on this embodiment.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. Note that the constituent elements in the present embodiment can be appropriately replaced with existing constituent elements and the like, and various variations including combinations with other existing constituent elements are possible. Therefore, the description of the present embodiment does not limit the contents of the invention described in the claims.

<Functional configuration of algorithm variable MAC generation device>
A functional configuration of the algorithm variable MAC generation device 1 according to the present invention will be described with reference to FIG.

  The algorithm variable MAC generation device 1 according to the present embodiment includes a round function processing unit 100 and a termination processing unit 200, as shown in FIG.

  The round function processing unit 100 is composed of a part where the algorithm is variable and a part where the algorithm is always fixed according to the bit information of the input key, and the input authentication target data (hereinafter simply referred to as data) is predetermined. Predetermined processing is executed once or more for each of a plurality of data groups (hereinafter referred to as blocks) divided for each bit. One process is counted as one round.

  In this embodiment, bit information of a MAC (Message Authentication Code) key is used as bit information of an input key, and the structure of the algorithm of the variable part is determined by the bit information of the MAC key. Specifically, 14 bits of the MAC key are used for one round, and when performing multiple rounds, 14 bits are used in order from the top of the MAC key. When the key length of the MAC key is not a multiple of 14, 0 is padded so as to be a multiple of 14.

  By using bit information of an arbitrary fixed value for the input bit information of the key, the algorithm variable MAC generation device 1 can be made an algorithm variable hash function generation device.

  As shown in FIG. 1, the round function processing unit 100 includes cyclic shift units (N1, N2, N3, and N4) 110a, 110b, 110c, and 110d, and exclusive OR operation units 120a, 120b, 120c, 120d, and 120e. 120f, switch sections (S1, S2, S3, S4, S5, S6) 130a, 130b, 130c, 130d, 130e, 130f, and stirring sections 140a, 140b, 140c, 140d. The cyclic shift units N1 to N4, the exclusive OR operation units 120a to 120f, and the switch units S1 to S6 are portions where the algorithm varies according to the bit information of the input MAC key, and the mixing units 140a to 140a 140d is a part where the algorithm is always fixed.

  In FIG. 1, an algorithm variable MAC generation device 1 that generates a MAC from 512-bit data will be described as an example. In the case of data less than 512 bits and more than 512 bits, this configuration can be used by applying a 512-bit output hash function (such as SHA-512) in advance.

  Cyclic shift units N1 to N4 perform cyclic shift of bits determined according to the bit information of the MAC key on each block obtained by dividing input data into predetermined bits. In the present embodiment, since the data is 512 bits, the cyclic shift units N1 to N4 perform a cyclic shift on each of the four blocks divided every 128 bits. The cyclic shift is shifted to the left by a multiple of 32 bits, and there are four cyclic shift patterns: no cyclic shift, 32-bit cyclic shift, 64-bit cyclic shift, and 96-bit cyclic shift.

  As described above, the structure of the algorithm in which 14 bits of the MAC key are variable is determined. Specifically, 14 bits of the MAC key are cyclic shift units N1 to N4 and switch units S1 to S6 described later. From each bit information, the shift pattern is determined for cyclic shift units N1 to N4, and the switch opening and closing is determined for switch units S1 to S6.

  FIG. 2 shows the correspondence between each 14 bits of the MAC key and the cyclic shift units N1 to N4 and the switch units S1 to S6. As shown in FIG. 2, in the cyclic shift units N1 to N4, the shift pattern is determined by 2 bits from 0 to the 7th bit. For example, the cyclic shift unit N1 has no cyclic shift if the 0th and first bits assigned to N1 are “00”, the 32-bit cyclic shift if “01”, and the 64-bit cyclic if “10”. If the shift is “11”, it is determined as a 96-bit cyclic shift. The switch units S1 to S6 will be described later.

  Returning to FIG. 1, the switch units S1 to S6 open and close the switches in accordance with the bit information of the MAC key, thereby calculating in the exclusive OR operation units 120a to 120f connected to the cyclic shift units N1 to N4. Determine whether to execute. Specifically, as shown in FIG. 2, each bit from the 8th to 13th bits of the MAC key is allocated to the switch units S1 to S6, and the switch units S1 to S6 are opened and closed according to the value of each 1 bit. To decide. For example, when the value of 1 bit is “0”, the switch is opened and the exclusive OR operation unit is not executed, and when it is “1”, the switch is closed and the exclusive OR operation unit. To perform the operation.

  The exclusive OR operation units 120a to 120f execute an exclusive OR operation on the two input blocks. As described above, whether or not to execute the exclusive OR operation in the exclusive OR operation units 120a to 120e is determined by each of the switch units S1 to S6. When the switch is open, the exclusive OR operation unit outputs the input block as it is. On the other hand, when the switch is closed, the exclusive OR operation unit performs the exclusive OR operation on the two input blocks, and outputs the operation result block. Below, each exclusive OR operation part is demonstrated in detail.

  When the switch unit S1 is open, the exclusive OR operation unit 120a does not execute the exclusive OR operation and outputs the block input from the cyclic shift unit N2 as it is. On the other hand, when the switch unit S1 is closed, the exclusive OR operation unit 120a performs an exclusive OR operation between the block input from the cyclic shift unit N1 and the block input from the cyclic shift unit N2. Then, the operation result block is output.

  Similarly, the exclusive OR operation unit 120b outputs the block input from the cyclic shift unit N3 as it is when the switch unit S2 is open, and exclusive when the switch unit S2 is closed. An exclusive OR operation of the block of the operation result of the OR operation unit 120a and the block input from the cyclic shift unit N3 is executed, and a new block is output as the operation result. The exclusive OR operation unit 120c outputs the block input from the cyclic shift unit N4 as it is when the switch unit S3 is open, and the exclusive logical unit when the switch unit S3 is closed. An exclusive OR operation is performed on the operation result block of the sum operation unit 120b and the block input from the cyclic shift unit N4, and a new block is output as the operation result.

  When the switch unit S4 is open, the exclusive OR operation unit 120d does not execute the exclusive OR operation and outputs the block of the operation result of the exclusive OR operation unit 120b as it is. On the other hand, when the switch unit S4 is closed, the exclusive OR operation unit 120d excludes the operation result block of the exclusive OR operation unit 120c from the operation result block of the exclusive OR operation unit 120b. A logical OR operation is executed, and a new block is output as the operation result.

  Similarly, the exclusive OR operation unit 120e outputs the operation result block of the exclusive OR operation unit 120a as it is when the switch unit S5 is open, and when the switch unit S5 is closed. Then, an exclusive OR operation is performed on the operation result block of the exclusive OR operation unit 120d and the operation result block of the exclusive OR operation unit 120a, and a new block is output as the operation result. The exclusive OR operation unit 120f outputs the block input from the cyclic shift unit N1 as it is when the switch unit S6 is open, and the exclusive logical unit when the switch unit S6 is closed. The exclusive OR operation of the block of the operation result of the sum operation unit 120e and the block input from the cyclic shift unit N1 is executed, and a new block is output as the operation result.

  The agitation units 140a to 140d perform agitation processing on the blocks output from the exclusive OR operation units 120c to 120f by an agitation function. As the stirring function, any function can be used as long as it is a function composed of nonlinear replacement and linear transformation. In addition, when the AES round function is used as the stirring function, high safety can be ensured. Further, as described above, the algorithm of the agitation units 140a to 140d is fixed and does not depend on the bit information of the MAC key.

  In the present embodiment, as shown in FIG. 1, the round function processing unit 100 sets the blocks output from the exclusive OR operation units 120 c to 120 f to 1 on the right in block units before the stirring units 140 a to 140 d. You may make a block cyclic shift. Thereby, safety can be improved more.

  The termination processing unit 200 performs an exclusive OR operation on the blocks output from the agitation units 140a to 140d, and generates a predetermined length MAC. In the present embodiment, a 256-bit MAC is generated and described with reference to FIG. The data output from the stirring unit 140a is referred to as an output block 1, and similarly, the data output from the stirring units 140b to 140e are referred to as an output block 2, an output block 3, and an output block 4, respectively.

  The termination processing unit 200 performs an exclusive OR operation between the output block 1 and the output block 2 and outputs a 128-bit block. In addition, the termination processing unit 200 performs an exclusive OR operation between the output block 3 and the output block 4, and outputs a 128-bit block. Then, the termination processing unit 200 includes a block output from the exclusive OR operation of the output block 1 and the output block 2 and a block output from the exclusive OR operation of the output block 3 and the output block 4. Concatenate to generate a 256-bit MAC.

  In this way, by performing an exclusive OR operation on the blocks output from the stirring units 140a to 140d, it is possible to ensure the unidirectionality that is a feature of the MAC. Similarly, when a hash function is generated using an arbitrary fixed value instead of the MAC key, the one-way characteristic that is a feature of the hash function can be ensured.

<Algorithm variable MAC generation processing>
FIG. 4 is a diagram illustrating a flow of algorithm variable MAC generation processing in the algorithm variable MAC generation device 1 according to the present embodiment. When a plurality of blocks obtained by dividing input data into predetermined bits, in this embodiment, four 128-bit blocks are input to the round function processing unit 100, the processing starts.

  First, in step S1, each of the cyclic shift units N1 to N4 determines a shift pattern to be cyclically shifted based on a 2-bit value from 0 to 7 bits of the MAC key, and according to the determined shift pattern, The bit value of the block is cyclically shifted. In the algorithm variable hash function generation process in the algorithm variable hash function generation device, an arbitrary fixed value is used instead of the MAC key.

  Next, in step S2, each of the switch units S1 to S6 determines opening and closing based on the value of each bit from 8 to 13 bits of the MAC key.

  Next, in step S3, the exclusive OR operation units 120a to 120f follow the opening and closing of the switch determined in step S2, from the first block to the last block of the four blocks subjected to the cyclic shift in step S1. In order, the exclusive OR operation is performed on the adjacent block, and when the last block is reached, the exclusive OR operation is performed on the adjacent block in order from the last block to the first block. Run.

  Next, in step S4, the stirring means performs nonlinear processing and linear transformation on each of the four blocks output from step S3.

  Next, in step S5, the round function processing means determines whether or not the processing from step S1 to step S4 has been repeated a predetermined number of times. If it has been repeated a predetermined number of times, the process proceeds to step S6. On the other hand, if it has not been repeated a predetermined number of times, the process returns to step S1 with the four blocks output from step S4 as input data.

  Next, in step S6, the termination processing means performs an exclusive OR operation on the four blocks output in step S4 to generate a 128-bit MAC. In the algorithm variable hash function generation process in the algorithm variable hash function generation device, a hash function is generated instead of the MAC.

  Therefore, as described above, according to the present embodiment, the round function processing unit 100 changes the algorithm based on the bit information of the MAC key (cyclic shift units N1 to N4, exclusive OR operation units 120a to 120f). , And switch portions S1 to S6) and a fixed portion (stirring portions 140a to 140d) where the algorithm is not always changed, can ensure safety. In addition, by providing the termination processing unit 200, it is possible to ensure unidirectionality that is a characteristic of the MAC. Furthermore, an algorithm variable hash function can be generated by using an arbitrary fixed value instead of the MAC key.

  Note that the algorithm variable type MAC generating apparatus of the present invention is recorded by recording the processing of the algorithm variable type MAC generating apparatus on a computer-readable recording medium, and causing the algorithm variable type MAC generating apparatus to read and execute the program recorded on the recording medium. A MAC generation device can be realized. The computer system here includes an OS and hardware such as peripheral devices.

  Further, the “computer system” includes a homepage providing environment (or display environment) if a WWW (World Wide Web) system is used. The program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.

  The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.

  The embodiments of the present invention have been described in detail with reference to the drawings. However, the specific configuration is not limited to the embodiments, and includes designs and the like that do not depart from the gist of the present invention.

1 Algorithm variable type MAC generation device 100 Round function processing units 110a to 110d Cyclic shift units N1, N2, N3, N4
120a to 120f Exclusive OR operation unit 130a to 130f Switch units S1, S2, S3, S4, S5, S6
140a-140d Stirring unit 200 Termination unit

Claims (10)

Round function processing means for executing predetermined processing at least once for each of a plurality of data groups obtained by dividing input data into predetermined bits;
Termination processing means for performing exclusive OR operation on a plurality of data groups processed by the round function processing means to generate a MAC having a predetermined length;
With
The algorithm variable MAC generating apparatus, wherein the round function processing means is composed of a portion where the algorithm is variable according to bit information of the input key and a portion where the algorithm is always fixed. The round function processing means is
Cyclic shift means for performing a cyclic shift of bits determined according to the bit information of the key for each of the plurality of divided data groups;
Connected to the cyclic shift means and exclusive to the adjacent data group in order from one end data group to the other end data group of the plurality of data groups subjected to the cyclic shift by the cyclic shift means When the other end data group is reached, an exclusive OR operation is performed on the data group located next to the one end data group from the other end data group. An exclusive OR operation means to be executed;
Calculation determining means for determining whether or not the exclusive OR calculation means performs the operation according to the bit information of the key;
Agitation means for performing non-linear replacement and linear transformation on each of a plurality of data groups output from the exclusive OR operation means;
Consists of
2. The algorithm variable MAC generation apparatus according to claim 1, wherein the cyclic shift unit, the exclusive OR operation unit, the operation determination unit, and the agitation unit are executed a predetermined number of times. The round function processing means is
3. The algorithm-variable MAC according to claim 2, wherein the plurality of data groups output from the exclusive OR operation unit are cyclically shifted in units of data groups before executing the processing of the agitation unit. Generator.   The operation determining means determines whether or not to perform an operation in the exclusive OR operation means based on bit information at a predetermined position of the key that is "1" or "0". 4. The algorithm variable MAC generation device according to 3.   5. The algorithm variable MAC generation device according to claim 2, wherein the agitation unit performs nonlinear substitution and linear transformation using an AES round function. 6. Round function processing means for executing predetermined processing at least once for each of a plurality of data groups obtained by dividing input data into predetermined bits;
Terminal processing means for performing exclusive OR operation on a plurality of data groups processed by the round function processing means to generate a hash function of a predetermined length;
With
An algorithm variable hash function generation device, wherein the round function processing means includes a part where the algorithm is variable according to bit information of an arbitrary fixed value inputted, and a part where the algorithm is always fixed . A predetermined process is executed one or more times, and is constituted by a round function processing means including a cyclic shift means, an exclusive OR operation means connected to the cyclic shift means, an operation determination means, and a stirring means, and a termination processing means. An algorithm variable MAC generation method in an algorithm variable MAC generation apparatus,
A first step in which the cyclic shift means performs a cyclic shift of bits determined according to bit information of an input key for each of a plurality of data groups obtained by dividing input data into predetermined bits;
A second step in which the operation determining means determines whether or not to perform an operation by the exclusive OR operation means according to bit information of the key;
A data group at one end of the plurality of data groups on which the cyclic shift is performed in the first step based on whether or not the exclusive OR operation means performs the operation determined in the second step To the other end data group, the exclusive OR operation is performed on the adjacent data group, and when the other end data group is reached, the other end data group starts to the one end data group. A third step of performing an exclusive OR operation on the adjacent data group in order to the end data group;
A fourth step in which the stirring means performs non-linear replacement and linear transformation on each of the plurality of data groups output from the third step;
A fifth step in which the round function processing means executes the processing from the first step to the fourth step a predetermined number of times using the plurality of data groups output from the fourth step as the input data; ,
A sixth step in which the termination processing means performs an exclusive OR operation on the plurality of data groups output from the fourth step after the fifth step to generate a MAC having a predetermined length. When,
An algorithm variable MAC generation method comprising: A predetermined process is executed one or more times, and is constituted by a round function processing means including a cyclic shift means, an exclusive OR operation means connected to the cyclic shift means, an operation determination means, and a stirring means, and a termination processing means. An algorithm variable hash function generation method in an algorithm variable hash function generation device
A first step in which the cyclic shift means performs a cyclic shift of bits determined in accordance with bit information of an arbitrary fixed value input to each of a plurality of data groups obtained by dividing input data into predetermined bits;
A second step in which the operation determining means determines whether or not to perform an operation by the exclusive OR operation means according to bit information of the fixed value;
A data group at one end of the plurality of data groups on which the cyclic shift is performed in the first step based on whether or not the exclusive OR operation means performs the operation determined in the second step To the other end data group, the exclusive OR operation is performed on the adjacent data group, and when the other end data group is reached, the other end data group starts to the one end data group. A third step of performing an exclusive OR operation on the adjacent data group in order to the end data group;
A fourth step in which the stirring means performs non-linear replacement and linear transformation on each of the plurality of data groups output from the third step;
A fifth step in which the round function processing means executes the processing from the first step to the fourth step a predetermined number of times using the plurality of data groups output from the fourth step as the input data; ,
The termination processing means performs an exclusive OR operation on the plurality of data groups output from the fourth step after the fifth step to generate a hash function having a predetermined length. Steps,
An algorithm variable hash function generation method characterized by comprising: A predetermined process is executed one or more times, and is constituted by a round function processing means including a cyclic shift means, an exclusive OR operation means connected to the cyclic shift means, an operation determination means, and a stirring means, and a termination processing means. A program for causing a computer to execute an algorithm variable MAC generation method in an algorithm variable MAC generation apparatus,
A first step in which the cyclic shift means performs a cyclic shift of bits determined according to bit information of an input key for each of a plurality of data groups obtained by dividing input data into predetermined bits;
A second step in which the operation determining means determines whether or not to perform an operation by the exclusive OR operation means according to bit information of the key;
A data group at one end of the plurality of data groups on which the cyclic shift is performed in the first step based on whether or not the exclusive OR operation means performs the operation determined in the second step To the other end data group, the exclusive OR operation is performed on the adjacent data group, and when the other end data group is reached, the other end data group starts to the one end data group. A third step of performing an exclusive OR operation on the adjacent data group in order to the end data group;
A fourth step in which the stirring means performs non-linear replacement and linear transformation on each of the plurality of data groups output from the third step;
A fifth step in which the round function processing means executes the processing from the first step to the fourth step a predetermined number of times using the plurality of data groups output from the fourth step as the input data; ,
A sixth step in which the termination processing means performs an exclusive OR operation on the plurality of data groups output from the fourth step after the fifth step to generate a MAC having a predetermined length. When,
A program that causes a computer to execute. A predetermined process is executed one or more times, and is constituted by a round function processing means including a cyclic shift means, an exclusive OR operation means connected to the cyclic shift means, an operation determination means, and a stirring means, and a termination processing means. A program for causing a computer to execute an algorithm variable hash function generation method in an algorithm variable hash function generator,
A first step in which the cyclic shift means performs a cyclic shift of bits determined in accordance with bit information of an arbitrary fixed value input to each of a plurality of data groups obtained by dividing input data into predetermined bits;
A second step in which the operation determining means determines whether or not to perform an operation by the exclusive OR operation means according to bit information of the fixed value;
A data group at one end of the plurality of data groups on which the cyclic shift is performed in the first step based on whether or not the exclusive OR operation means performs the operation determined in the second step To the other end data group, the exclusive OR operation is performed on the adjacent data group, and when the other end data group is reached, the other end data group starts to the one end data group. A third step of performing an exclusive OR operation on the adjacent data group in order to the end data group;
A fourth step in which the stirring means performs non-linear replacement and linear transformation on each of the plurality of data groups output from the third step;
A fifth step in which the round function processing means executes the processing from the first step to the fourth step a predetermined number of times using the plurality of data groups output from the fourth step as the input data; ,
The termination processing means performs an exclusive OR operation on the plurality of data groups output from the fourth step after the fifth step to generate a hash function having a predetermined length. Steps,
A program that causes a computer to execute.

Images