JPH0687187B2 - Data diffusion circuit - Google Patents

Description

The present invention relates to a data diffusion circuit which is the core of an encryption device.

[Conventional technology]

For the conventional data encryption method, see FEAL (Shimizu, Miyaguchi: “High-speed data encryption algorithm FEAL” (IEICE Transactions D, Vol.J70-D, No.7, pp.1413-1423 (1987)). , FEAL changed the specifications from the 4-step data processing described in this paper to the 8-step data processing in October 1987.)
It has been known.

Figure 4 shows the structure of FEAL. In the figure, 1 is a key scheduling unit, 2 is a data processing unit, P is 64-bit plaintext data, K is a 64-bit secret key, C is a 64-bit ciphertext, and Ki (i = 0 to 15) is 16 each. Bits, an intermediate key of 256 bits in total, f and fk are exclusive ORs for each of the data processing unit 2 and the processing unit for performing diffusion processing of 32-bit data in the key scheduling unit 1.

The operation of the FEAL shown in FIG. 4 will be briefly described. FEAL is 64
This is an encryption method that processes 64-bit plaintext using a bit secret key to generate 64-bit ciphertext, and is an encryption method suitable for processing by software.

First, the key schedule unit 1 will be described. The input 64-bit secret key is divided into left and right data in units of 32 bits. The left data has the right data as parameter data and is spread by the 32-bit data spreading processing unit fk,
It is a 32-bit intermediate key and the right data of the next stage. Also,
The right data serves as the parameter of the data diffusion processing unit fk as described above, and also serves as the left data of the next stage. Hereafter, processing is performed using a total of eight stages of this data diffusion processing unit fk, but from the second stage onward, the input left data to the data diffusion processing unit fk one stage before is excluded from the parameter data of the data diffusion processing unit fk. It is added by logical disjunction. In this way, the key schedule unit 1
Generates a 256-bit intermediate key Ki from the 64-bit secret key K.

Next, the data processing unit 2 will be described. Entered 64
In the plaintext of bits, first, an intermediate key of 64 bits is added by exclusive OR of each bit, and divided into data of 32 bits each on the left and right. Then, the bitwise exclusive OR of the right data and the left data is taken to obtain new right data. The right data is used as the left data of the next stage, the right data is spread by the data spreading processing unit f using the 16-bit intermediate key, and further, the exclusive OR of the left data and each bit is taken to obtain the next data. Use the right data of the column.

Hereafter, a total of 8 stages are processed using the data diffusion processing section f, but in the final stage, the right and left data are not exchanged, and the exclusive OR for each bit of the right data and the left data is newly obtained. As the right data, the 64-bit intermediate key is finally added by bitwise exclusive OR to obtain the final output.

Next, the data diffusion processing section f will be described. Fifth
The structure of the data diffusion processing unit f is shown in the figure. In FIG. 5, A is 32-bit input data, B is 32-bit output data, A1 to A4 are each 8 bits obtained by dividing A into four, Kf is a 16-bit intermediate key, and is exclusive for each bit. OR, ADD
Is addition (here, carry from the top is ignored),
ROL is 1-bit circular processing to the left, +1 → and ← +
1 indicates addition of 1.

The data diffusion processing unit f operates as follows. First, the input 32-bit data is 4 bits of 8 bits for each of A1 to A4.
It is divided into data. The intermediate key Kf is added to A2 and A3 by bitwise exclusive OR. Further, A1 is added to A2 and A4 is added to A3 by exclusive OR.

Next, after adding A2 and A3, and further adding 1, bit circulation processing of 2 bits to the left is performed to obtain new data of A2. For A3, A3 and A2 are added together, and 2-bit bit rotation processing is performed leftward to obtain new A3 data.

As for A1, A1 and A2 are added together, and 2-bit bit circulation processing is performed to the left to obtain new A1 data. As for A4, after adding A4 and A3, and further adding 1, bit circulation processing of 2 bits to the left is performed to obtain new A4 data. 32-bit output data B is obtained by performing the above series of processing.

The above-mentioned FEAL data diffusion processing unit f is a processing unit that most affects FEAL data randomization performance and speed performance. The FEAL using the data diffusion processing unit f has excellent data randomization performance, and the data processing unit 2 has three
The data is almost completely randomized at the stage where the processing of the first stage is completed.

[Problems to be Solved by the Invention]

Consider the speed performance when the data diffusion processing unit f is integrated into an LSI. In order to improve the data diffusion efficiency, the data diffusion processing unit f of FEAL newly uses the processing result of the data diffusion processing of one of the four divided data for the data diffusion processing of other data. For this reason, the places where parallel processing is possible are limited, which hinders the improvement of the processing speed in hardware. That is, as shown by the dotted line in FIG.
When the data diffusion processing unit f is configured by hardware, 2
It is configured by exclusive OR processing of stages, addition of three stages, and bit circulation processing.

The present invention has been made in view of the above circumstances, and it is an object of the present invention to solve the above-mentioned problems of the conventional data diffusion processing unit and to perform high-speed processing by hardware while maintaining the data diffusion efficiency. To provide a simple data diffusion circuit.

[Means for Solving the Problems]

The above object of the present invention is to divide input data into a plurality of data in a data diffusion circuit that obtains output data by subjecting input data to diffusion processing, and divide each divided data into one or more specific positions of each data. And a means for circulating the number of bits in the leftward or rightward direction according to the state of the bits, and a means for fusing the circulated data corresponding to each other in a bit-wise manner. .

[Action]

The data diffusion circuit according to the present invention is characterized mainly in that bit circulation data of input data that changes according to input data is generated, and the bit circulation data is fused in parallel to obtain output data. is there. Since such parallel processing is enabled, the cryptographic LSI incorporating the data diffusion circuit of the present invention has an effect of enabling higher speed processing than the conventional one.

Furthermore, as described above, the point that the bit circulation number of the data is changed according to the input data creates a unidirectional property, that is, a property that cannot be reverted, and produces an effect of increasing the strength of encryption.

〔Example〕

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

FIG. 1 is a block diagram of a data diffusion circuit showing an embodiment of the present invention. In the figure, A is 32-bit input data and B is
Is 32-bit output data, A1 to A4 are 8 divided A into 4
Bit, Kf is a 16-bit intermediate key, and is an exclusive OR for each bit. Further, RL1 indicates a process of bit-circulating the input data to the left in accordance with the value of "0" to "3" represented by the lower 2 bits of the input data.

FIG. 2 shows an example of the structure of RL1. RL1 shown in Fig. 2
Uses two stages of selectors 3 using the lower 2 bits of the input 1 byte as a parameter, thereby realizing the bit rotation processing according to the value of the lower 2 bits. The selector 3 selects the left input when the parameter value is “0”, and selects the right input when the parameter value is “1”.

The RL2 shown in FIG. 1 bit-cycles the input data to the left in accordance with the value of "0" to "3" represented by the 2nd bit of the 4th and 3rd bits from the lower order of the input data. The process is shown. FIG. 3 shows an example of the structure of RL2.

RR1 shown in FIG. 1 indicates a process of bit-circulating the input data to the right according to the value of "0" to "3" represented by the lower 2 bits of the input data. RR2 indicates a process of right-circulating the input data in accordance with the value of "0" to "3" represented by the 4th bit and the 3rd bit from the lower order of the input data. RR1 and RR2 are RL1
This can be achieved by changing the bit circulation direction of RL2 and RL2 from left to right.

The operation of the data diffusion circuit of this embodiment shown in FIG. 1 is as follows.

First, the input 32-bit data is divided into four 8-bit data of A1 to A4. The intermediate key Kf is added to A1 and A4 by bitwise exclusive OR. In addition, A1 to A2
However, A4 is added to A3 by exclusive OR.

Next, A1 is bit-cycled by RL2 and A3 is R
The data bit-circulated by R1 is added to obtain new A1 data. Similarly, the data in which A2 is bit-circulated by RR1 and the data in which A3 is bit-circulated by RL2 are added to obtain new data of A2. Similarly, data in which A3 is bit-circulated by RR2 and data in which A2 is bit-circulated by RL1 are added to obtain new data of A3.
Similarly, A4 bit-cycled data by RL1 and A2
Add the data bit-circulated by RR2
The data is 4.

Performs the above four processes in parallel and outputs 32-bit output data B
To get When the device that performs this processing is realized by hardware, the processing indicated by the dotted line in FIG. 1 can be parallelized. That is, it has a configuration of three-stage exclusive OR processing and one-stage bit circulation processing.

Here, assuming that the addition processing is 3 to 4 times as much as the exclusive OR processing and the bit circulation (determination of the bit circulation number) processing has a processing time substantially equal to that of the exclusive OR processing, the data shown in the above embodiment is obtained. The processing time of the diffusion circuit is the same as that described above (shown in FIG. 5).
Compared with the conventional data diffusion circuit that consists of two stages of exclusive OR processing, three stages of addition and data circulation processing,
It turns out that it will be 3 (4/11).

Conventionally, the above-mentioned FEAL has an encryption speed performance of about 80 Mbps.
It is realized as an LSI. When the data diffusion circuit shown in the above embodiment is applied, it is about 3 times, that is, 200M.
It will be possible to realize an LSI with performance reaching bps.

In order to investigate the data diffusion performance of the data diffusion circuit shown in the above embodiment, an experiment was conducted in which the data diffusion performance was statistically compared with the data diffusion processing f of the FEAL. According to this, the FEAL incorporating the data diffusion circuit shown in the above embodiment becomes a substantially complete random number in the processing of the third to fourth stages, and the data randomization capability equivalent to the data diffusion processing f of the FEAL. You can think of it.

From the above consideration, in the FEAL to which the data diffusion circuit shown in the above embodiment is applied, the area where the FEAL cannot be conventionally applied in terms of processing speed, for example, moving image transmission in a high-speed LAN (about 100 Mbps), high It will also be possible to implement security measures using encryption for high-definition video transmission (about 600 Mbps).

In the above embodiment, the case where the bit circulation number regulation based on 2-bit data is adopted has been described, but the same applies when the bit circulation number regulation based on 1-bit or 3-bit or more data is adopted. For example, with 1 bit, the degree of freedom is 2. Therefore, if it is “0”, the right 2 bits are rotated, “1”.
In the case of, the left two bits are circulated and so on. Further, it is free to change the bit selection position for defining the bit circulation number. Further, the data fusion means is not limited to the exclusive OR, but may be replaced by an adder.
In this case, the processing time becomes somewhat longer, but the data diffusion efficiency is improved.

〔The invention's effect〕

As described above, according to the present invention, in a data diffusion circuit that obtains output data by subjecting input data to diffusion processing, the input data is divided into a plurality of data, and each of the divided data is stored at one location of each data. Since the means for circulating leftward or rightward by the number of bits corresponding to the state of the bit at the above specific position and the means for fusing the circulated data corresponding to each other are provided, the data diffusion efficiency is maintained. However, it has a remarkable effect that a data diffusion circuit that can be processed at high speed by hardware can be realized.

[Brief description of drawings]

FIG. 1 is a block diagram of a data diffusion circuit showing an embodiment of the present invention, FIGS. 2 and 3 are diagrams showing a configuration example of a data rotation circuit which is a main part thereof, and FIG. 4 is a FEAL structure. FIG. 5 and FIG. 5 are views showing the structure of the data diffusion processing unit f. 1: Key schedule part, 2: Data processing part, 3: Selector, A:
Input data, B: output data, Kf: intermediate key, P: plaintext data, K: secret key, C: ciphertext ,: exclusive OR for each bit, RL1 to RL2, RR1 to RR2: bit circulation processing.

Claims (3)

[Claims] 1. A data diffusion circuit that obtains output data by spreading input data, divides the input data into a plurality of data, and divides each divided data into bits at one or more specific positions of each data. And a means for circulating the circulated data in the leftward or rightward direction according to the number of bits and a means for merging the circulated data corresponding to each other in a bit manner. 2. A means for dividing the input data into four data having the same data length and merging parameter data for spreading to each of these data by addition or exclusive OR, and among the four data Means for merging two data comrades of the above in a bit-wise manner by exclusive OR, and for each of the four data, leftward or rightward by the number of bits corresponding to the state of the bit at one or more specific positions of the data. Data circulated in a direction and data circulated in the left or right direction for each data different from the above four data by the number of bits corresponding to the state of the bit at one or more specific positions of the data. 3. The data diffusion circuit according to claim 1, further comprising means for adding and outputting by fusion or exclusive OR. 3. Dividing the 4-byte input data into four data of the first byte to the fourth byte, and spreading the data in a part (first and fourth bytes) or all of the four data. Means for merging the parameter data of bit-wise by exclusive OR for bit correspondence, means for merging the second byte and the first byte by exclusive-OR for bit correspondence to form the second byte, third byte and fourth byte A means for fusing the byte and the bit corresponding to each other by exclusive OR to form the third byte, and 0 to 0 obtained by the 2-bit data of a part of the first byte
The data in which the first byte is circulated to the left by the number of bits corresponding to the value of 3 and the number of bits corresponding to the value of 0 to 3 obtained by the 2-bit data of part of the third byte Means obtained by using the bitwise exclusive OR of the data circulated in the direction as the first data, and 0 to 0 obtained by the 2-bit data of a part of the second byte
The data is obtained by circulating the second byte to the right by the number of bits corresponding to the value of 3, and the third byte is moved to the left by the number of bits corresponding to the value of 0 to 3 obtained by the 2-bit data of part of the third byte. Means obtained by using the bitwise exclusive OR of the data circulated in the direction as the second data, and 0 to 0 obtained by the 2-bit data of a part of the third byte
The second byte is left by the number of bits corresponding to the value of 0 to 3 obtained by circulating the third byte to the right by the number of bits corresponding to the value of 3 and the 2-bit data of a part of the second byte. Means obtained by taking the exclusive OR of the bits corresponding to the data circulated in the direction as the third data, and 0 to 0 obtained by the 2-bit data of a part of the fourth byte
Data in which the 4th byte is circulated to the left by the number of bits corresponding to the value of 3 and the number of bits corresponding to the value of 0 to 3 obtained by 2 bit data of a part of the 2nd byte 3. A data diffusion circuit according to claim 2, further comprising means for setting an exclusive OR corresponding to a bit with the data circulated in the direction as the fourth data.