JPH11224048A - Encryption conversion device, decryption conversion device, and encryption communication method - Google Patents

Abstract

(57) [Problem] To provide a cryptographic conversion device, a decryption conversion device, and a cryptographic communication method, which are extremely resistant to cryptanalysis attacks while using a cyclic shift. A cipher conversion method for inputting a first key and plaintext data and outputting a ciphertext, comprising two or more first conversion means for performing substitution transposition mixed conversion, wherein the plaintext data includes:
By operating each of the first conversion means, ciphertext data corresponding to the plaintext data is output, and a second transposition mixed conversion including a cyclic shift operation for cyclically shifting the bit string left or right is performed. Is provided in each of the first conversion means, and the number of cyclic shifts of the cyclic shift operation used in all of the second conversion means is independent of the conversion data. 1st data or 1st
And a first determination unit that determines by referring to data obtained by converting the data of (1).

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to encryption of digital data transmitted between computers, information home appliances, and the like.
The present invention relates to a decoding technique.

[0002]

2. Description of the Related Art In digital information home appliances expected to develop in the future, an encryption technique for preventing unauthorized copying of digital data is indispensable. For example, digital video data received by a digital broadcast receiver is converted to D-VH
When digitally recording on a digital recording device such as S (Digital-VHS), if the digital video data is copyrighted,
You need to protect it. In order to protect copyrights, each device must have a function to prevent data tampering and unauthorized copying by using encryption technology such as authentication between devices and encryption conversion of data by setting restrictions on digital copying. . For example, RL Rivest,
"The RC5 encryption algorithm", FAST SOFTWARE ENC
RYPTION, 2nd International Workshop, Springer-Verl
Ag, 1995. There is a common key block cipher that performs cryptographic conversion of data of a fixed length into encrypted data of a fixed length using key data and performs decryption conversion using the same key. The major features of this encryption method are that the length of the key data is variable according to the user, and the structure is such that the number of bit shifts of the cyclic shift operation used in the encryption conversion is dynamically changed. .

[0003]

However, this encryption method has an algorithm structure that depends on conversion data as means for dynamically changing the number of bit shifts in a cyclic shift operation, and is described in Lar R. Knudsen, Willi Meier , "Improved
Differential Cryptanalysis on RC5 ", Advances in C
As described in ryptology -CRYPTO'96, Springer-Verlag, 1996., it has not been sufficiently considered against selective plaintext attacks, one of the cryptanalysis methods.

An object of the present invention is to provide a cryptographic conversion device, a decryption conversion device, and a cryptographic communication method, which are extremely resistant to cryptanalysis attacks.

Another object of the present invention is to provide a method for preventing unauthorized copying of digital data between devices and performing a secure transfer, a system for realizing the method, and individual devices required for the system. It is to provide a device.

[0006]

In order to achieve the above object, according to the present invention, in a cipher conversion apparatus and a decryption conversion apparatus using a cyclic shift, means for controlling and updating the cyclic shift from data independent of converted data. I got

Further, according to the present invention, there is provided the above cipher conversion device,
Provided are a method and means for sharing converted data-independent data among digital data transmitting and receiving apparatuses for controlling and updating the cyclic shift in a decoding and converting apparatus, and a transmitting apparatus and a receiving apparatus using the same. I do.

More specifically, according to the present invention, a method of transmitting the digital data between the transmitting and receiving apparatuses, and holding common information for validating the transferred data. A third means and a medium for distributing the common information from the third means to the transmitting and receiving devices are provided.

[0009]

Embodiments of the present invention will be described below with reference to the drawings.

FIG. 1 is a block diagram showing an embodiment of a cryptographic conversion device according to the present invention. In FIG. 1, a 64-bit plaintext 101, a 40- to 64-bit data key 102, and an N-bit algorithm number 103 are input to a cryptographic conversion device 106, and a 64-bit encrypted text 104 is output. Cryptographic converter 1
06 includes a key generation unit 203 and an algorithm determination unit 202
And N encryption conversion units 201a to 201d. Here, the encryption conversion units 201a to 201d have the same internal configuration.

The data key 102 is converted by the key generation means 203 into a 32-bit key K1 and a 32-bit key K2. The key generation means 203 converts the lower 32 bits of the data key 102 into K1,
Let K2 be the 32-bit addition of the upper 32 bits of 02 and K1. Here, the 32-bit addition is a remainder obtained by dividing a normal addition result by 2 to the 32nd power.

The algorithm number 103 is converted by an algorithm determining means 202 into a 1-bit signal sequence G [i] (i = 1 to N). The algorithm determining means 202 generates G [i] using the value of the i-th lower bit of the N-bit algorithm number 103.

The plaintext 101 is first separated into an upper 32-bit value R [0] and a lower 32-bit value L [0], input to the encryption conversion means 201a, and used K1, K2 and G [1]. The first encryption conversion is performed, and a 32-bit value R [1] and a 32-bit value L [1] are output. Subsequently, R [1] and L [1] are input to the encryption conversion means 201b, and a second encryption conversion using K1, K2 and G [2] is performed, and a 32-bit value R [2] is obtained. A 32-bit value L [2] is output.
The above cipher conversion is repeated N times, and the 32-bit value R [N], which is the final output value, and the 32-bit value L [N] are combined to obtain a 64-bit ciphertext 104. Here, the i-th time (1 ≦ i
≤ N) is referred to as cryptographic conversion [i]. Also, the total number N of cryptographic conversions is called the number of rounds.

FIG. 2 shows a cryptographic conversion means 2 for performing cryptographic conversion [i].
The block diagram of 01c is shown. In FIG. 2, the cryptographic conversion means 201c includes bit string calculation means 301 to 306 and a cyclic shift number determination means 300. The input values L [i-1] and R [i-1] are calculated by the bit string calculating means 301 to 306.
Output values are converted to L [i] and R [i]. The cyclic shift number determination means 300 calculates the bit shift number S1 of the cyclic shift operation performed by the bit string operation means 302 and the bit string operation means 30 from G [i].
The number of bit shifts S2 of the cyclic shift operation performed in step 3 and the number of bit shifts S of the cyclic shift operation performed in the bit string operation unit 305
Determine the value of 3. Here, 1 ≦ S1, S2, and S3 ≦ 31.

Hereinafter, the encryption conversion processing of the encryption conversion means 201c will be described step by step.

(1) The exclusive OR of L [i-1] and K1 is calculated.
X1. This is a process performed by the bit string calculation unit 301 in FIG.

(2) Output value S of cyclic shift number determining means 300
X1 is shifted left by S1 bit using X1 and X1
And 32-bit addition of 1 and X2. This is a process performed by the bit string operation unit 302 in FIG. Here, the operation notation ROT (A, B) in the bit string operation means 302
This indicates that the bit is cyclically shifted, and is used in the same meaning hereinafter.

(3) Output value S of cyclic shift number determining means 300
2, X2 is shifted left by S2 bits cyclically, and X2
And take 32-bit addition to obtain X3. This is a process performed by the bit string operation unit 303 in FIG.

(4) A 32-bit addition of X3 and K2 is performed to obtain X4. This is a process performed by the bit string operation unit 304 in FIG.

(5) Output value S of cyclic shift number determining means 300
3 using X3 left cyclically shifted S3 bits and X4
And take 32-bit addition to obtain X5. This is a process performed by the bit string operation unit 305 in FIG.

(6) The result of 32-bit addition of X5 and R [i-1] is defined as L [i]. This corresponds to the bit string operation means 30 of FIG.
6 is the processing to be performed.

(7) Let L [i-1] be R [i].

The arithmetic means and processing means of the cipher conversion means 201c described above can be constituted by hardware. Further, the microcomputer can perform the processing by software.

Next, a method of determining the cyclic shift numbers S1, S2, S3 by the cyclic shift number determining means 300 in the encryption conversion [i] will be described. Number of cyclic shifts S in cryptographic conversion [i]
1, S2 and S3 are output values G from the algorithm determining means 202
[i] is determined using the conversion table 401 in FIG. For example, in the encryption conversion [2], when G [2] = 0, S
1 = 23, S2 = 6, S3 = 11, and when G [2] = 1, S1 = 24, S2 =
7, S3 = 12. The numerical values in the conversion table 401 shown in FIG. 3 are examples, and other numerical values can be used as long as high encryption strength can be maintained. However, the numerical values in the conversion table 401 need to be kept secret so as not to leak outside.

In the above description, since G [i] is 1 bit, each of the cryptographic conversion means 201 has at least
What is necessary is just to hold the value defined for the encryption conversion [i] in the conversion table 401 corresponding to [i]. It is not limited to this,
Each of the encryption conversion units 201 may have the same configuration by holding the entire conversion table 401, and the algorithm determination unit may specify both i and G [i].

G [i] is generated from the algorithm number 103 by the algorithm determination means 202, and the number of cyclic shifts in the cyclic shift operation in the encryption conversion means changes according to G [i]. Therefore, the algorithm of encryption conversion can be changed by the algorithm number 103. The total number of rounds
If N, N of 2 by N-bit algorithm number 103
It is possible to make an algorithm of the square.

FIG. 4 is a block diagram showing an embodiment of the decoding / conversion apparatus according to the present invention. This decryption device decrypts a cipher text that has been subjected to cryptographic conversion using the above-described cryptographic conversion device 106 in FIG. 1 into original data. In FIG.
The decryption conversion device 606 has a 64-bit ciphertext 104 and 40 to 64
Bit data key 102 and N-bit algorithm number 10
3 is input and 64-bit plaintext 101 is output. The decryption conversion device 606 includes a key generation unit 203 and an algorithm determination unit 202 similar to the encryption conversion device device 106 in FIG.
It comprises N decoding conversion means 601 from 601a to 601d.
Here, it is assumed that the decryption conversion units 601a to 601d have the same internal configuration.

First, the ciphertext 104 has an upper 32 bit value R [N].
And the lower 32-bit value L [N],
, And the first decoding conversion is performed using K1, K2, and G [N], and a 32-bit value R [N-1] and a 32-bit value L [N-1] are output. Subsequently, R [N-1] and L [N-1] are used for decoding / conversion means 20.
1b, a second decoding conversion is performed using K1, K2 and G [N-1], and a 32-bit value R [N-2] and a 32-bit value L [N-
2] is output. The decoding conversion as described above is repeated N times, and the final output value, a 32-bit value R [0] and a 32-bit value
By combining L [0], a 64-bit plaintext 104 is obtained. Here, the (N + 1-i) -th (N ≧ i ≧ 1) decoding conversion is performed
Call it [i]. Further, the total number of repetitions N of decryption conversion is referred to as the number of rounds as in the case of encryption conversion.

FIG. 5 shows a decoding conversion means 6 for performing decoding conversion [i].
The block diagram of 01c is shown. In FIG. 5, the decoding / conversion means 601c includes bit string calculation means 701 to 706 and a cyclic shift number determination means 700. The input values L [i] and R [i] are converted into output values L [i-1] and R [i-1] by the bit string calculation means 301 to 306. The cyclic shift number determining means 700 calculates the bit shift number S1 of the cyclic shift operation performed by the bit string calculating means 702 and the bit string calculating means 70 from G [i].
The number of bit shifts S2 of the cyclic shift operation performed in step 3 and the number of bit shifts S of the cyclic shift operation performed in the bit string operation unit 705
Determine the value of 3. Here, 1 ≦ S1, S2, and S3 ≦ 31.

Hereinafter, the decoding conversion process of the decoding conversion means 601c will be described step by step.

(1) The exclusive OR of R [i] and K1 is calculated, and X1
And This is a process performed by the bit string operation unit 701 in FIG.

(2) Output value S of cyclic shift number determining means 700
X1 is shifted left by S1 bit using X1 and X1
And 32-bit addition of 1 and X2. This is a process performed by the bit string operation unit 702 in FIG.

(3) Output value S of cyclic shift number determining means 700
2, X2 is shifted left by S2 bits cyclically, and X2
And take 32-bit addition to obtain X3. This is a process performed by the bit string operation unit 703 in FIG.

(4) A 32-bit addition of X3 and K1 is performed to obtain X4. This is a process performed by the bit string operation unit 704 in FIG.

(5) Output value S of cyclic shift number determining means 700
3 using X3 left cyclically shifted S3 bits and X4
And take 32-bit addition to obtain X5. This is a process performed by the bit string operation unit 705 in FIG.

(6) R [i-1] is obtained by subtracting 32 bits from X5 and L [i]. This corresponds to the bit string operation means 70 of FIG.
6 is the processing to be performed. Here, the 32-bit subtraction is a remainder obtained by dividing a normal subtraction result by 2 to the 32nd power.

(7) Let R [i] be L [i-1].

Each of the arithmetic means and processing means of the decoding conversion means 601c described above can be constituted by hardware. Further, the microcomputer can perform the processing by software.

The cyclic shift number determining means 700 determines the cyclic shift numbers S1, S2, and S3 in the same manner as the cyclic shift number determining means 300 of FIG. Here, the cyclic shift number determining means 700 uses the conversion table 801 in FIG. In the conversion table 801, the values of the cyclic shift numbers S 1, S 2, and S 3 in the decryption conversion [i] are used by the cyclic shift number determination unit 300. Set to be equal to the values of S2 and S3. Therefore, when changing the numerical value in the conversion table 401 or 801, the numerical value in the other conversion table is
It is necessary to change to satisfy the above conditions. Also,
Like the numerical values in the conversion table 401, the numerical values in the conversion table 801 need to be kept secret so as not to leak outside.

In the above description, since G [i] is 1 bit, each of the decoding / conversion means 601 outputs at least the input G
What is necessary is just to hold the value defined for the decoding conversion [i] in the conversion table 801 corresponding to [i]. It is not limited to this,
The decoding conversion means 601 may hold the entire conversion table 801 and have the same configuration, and the algorithm determination means may specify both i and G [i].

The decryption / conversion device 606 described above can decrypt the data encrypted by the encryption / conversion device 106 by sharing the same data key and algorithm number with the encryption / conversion device 106. Further, the cryptographic conversion device 106
The decryption / conversion device 606 is realized by repeatedly operating the decryption / conversion means having the same configuration. Therefore, when these are implemented by hardware or software, the same module can be used repeatedly, so that the scale can be reduced.

The algorithm determining means, encryption conversion means, decryption conversion means, and key generation means in the above description can be constituted by hardware, but can also be processed by a microcomputer by software. At this time, the software of the microcomputer and the conversion tables 401 and 801 are stored in a storage device such as a ROM.

Next, an embodiment of the encryption communication method according to the present invention will be described. In FIG. 7, a transmitting device 901 and a receiving device 902 are connected via a communication path 920. The transmitting device 901 includes an authentication processing unit 903, a data processing unit 904, and a secret information holding unit 90 in addition to the cipher conversion device 106 described above.
And 5. The receiving device 902 is provided with the decoding conversion device 60
6 as well as the transmitting device 901, the authentication processing means 903
, A data processing unit 904, and a secret information holding unit 905. Here, the transmitting device 901 may be, for example, a digital broadcast receiving device. The receiving device 902 may be, for example, a digital recording device. Further, the data processing means 904 transmits the MPE transmitted by the digital broadcast service.
It performs reception, demultiplexing, decompression, storage, and the like of digital program data in the G2-TS (Transport Stream) format.

When the transmitting device 901 and the receiving device 902 are connected via the communication path 920, first, device authentication is performed between the devices. Here, in order to perform inter-device authentication, the transmitting device 901
And the receiving device 902, in advance, the master key 91
Get 1 safely. Here, the key management organization 910 is an organization that manages the master key 911 using the secret information management means 913. The device authentication is performed using the master key 911 between the authentication processing unit 903 of the transmission device 901 and the authentication processing unit 903 of the reception device 902. Details of the authentication between devices will be described later.

The transmitting device 901 and the receiving device 902 are key management organizations.
A method of obtaining a master key from the 910 uses an IC card. In FIG. 7, the key management organization 910 communicates with the IC card 920.
Embedding master key in 921 and sending IC card 920
901 and the IC card 921 to the receiving device 902. In each device, the master key 911 is held in the secret information holding means 905 by inserting an IC card into the device. Here, the information embedded in the IC card is
It cannot be taken out unless a legitimate method is used. The secret information holding means 905 of the transmitting device 901
The configuration included in 0 may be included. Similarly, the secret information holding means 905 of the receiving device 902 may be configured to be included in the IC card 921. The transmitting device 901 and the receiving device 902 are key management organizations.
Other ways to obtain a master key from the 910 include wireless,
The transmitting device 901 and the receiving device 902 may obtain the master key 911 from the key management organization 910 via a secure communication path of any of wired. Alternatively, the master key 911 is stored in the ROM in the secret information holding unit 905 when the transmitting device 901 and the receiving device 902 are manufactured.
It may be recorded in such as.

After the inter-device authentication has succeeded, the transmitting device 901 and the receiving device 902 share the data key 102 and the algorithm number 103. The data key 102 and the algorithm number 103 are generated by the authentication processing unit 903. Details will be described later.
When the data key 102 and the algorithm number 103 are shared, the transmitting device 901 uses the data key 102 and the algorithm number 103 to sequentially encrypt the data output from the data The encrypted data is sent to the road 920. The receiving device 902 sequentially receives the encrypted data from the communication path 920, decrypts the data using the data key 102 and the algorithm number 103 with the decryption / conversion device, obtains the original data, and inputs the data to the data processing unit 904.

The algorithm number 103 generated by the authentication processing means 903 is composed of a generation number 912 and a version number 931 as shown in FIG. The generation number 912 indicates the generation of the algorithm. The version number 931 is a number for identifying an algorithm belonging to each generation. Assuming that the length of the algorithm number 103 is N bits, the bit length M of the generation number 912 satisfies 0 <M <N. Also, version number 931
Has a length of (NM) bits. The generation number 912 is, as with the master key 911, the key
It is managed using 3. The transmitting device 901 receives the generation number 912 from the key management organization 910 in advance, and
Keep at 5. Generation number held by transmitting device 901
912 is shared with the receiving device 902 after device authentication. The version number 931 is generated by the authentication processing unit 903 after device authentication.

The transmission device 901 obtains the generation number 912 from the key management organization 910 by using an IC card as in the case of the master key 913 described above. In FIG. 7, a key management organization 910 embeds a generation number 912 in an IC card 920,
The C card 920 is distributed to the transmitting device 901. When the IC card 920 is inserted into the transmission device 901, the generation number 912 is held in the secret information holding unit 905. As another method for the transmission device 901 to obtain the generation number 912 from the key management organization 910,
A transmission device via a wireless or wired secure communication path
The 901 may obtain the generation number 912 from the key management organization 910. Alternatively, the generation number 912 may be recorded in a ROM or the like in the secret information holding unit 905 when the transmission device 901 is manufactured.

The master key 913 and the generation number 912 may be recorded on the same or different IC cards 920, or may be distributed separately in combination with the method of distributing via a secure communication path described above. .

FIG. 9 shows a flow of inter-device authentication and sharing of the data key 102 and the algorithm number 103 performed between the authentication processing means 903 of the transmitting device 901 and the authentication processing means 903 of the receiving device 902. . Hereinafter, each process will be described in order. Here, the inter-device authentication method used in FIG. 9 is a mechanism defined as an international standard in ISO / IEC 9798-2.

(1) The receiving device 902 generates random number data Nb and sends it to the transmitting device 901. This corresponds to the process number 1101 in FIG.

(2) The transmitting device 901 generates random number data Na. This corresponds to the process number 1102 in FIG.

(3) The transmitting device 901 transmits the master key 911 (Km)
The random number data Na and Nb are encrypted by an arbitrary common key cryptosystem as a response Rab using the random number data Na
At the same time, it is sent to the receiving device 902. This is the process number 1103 in FIG.
Corresponding to Response Rab is calculated as follows.

Rab = E (Km, Na || Nb) Here, the operation A || B indicates that the bit sequence A and the bit sequence B are combined. The function E (K, X) is an arbitrary common key encryption function, and indicates that data X is encrypted using the key K.

(4) The receiving device 902 receives the master key 911 (Km)
To confirm that the response Rab received from the transmitting device 901 can be correctly decoded. If decoding is successful, the receiving device 902 authenticates the transmitting device 901. This is the figure
This corresponds to the processing number 1104 of No. 9.

(5) The receiving device 902 sends the master key 911 (Km)
Is transmitted to the transmitting apparatus 901 as a response Rba obtained by encrypting the random number data Na and Nb by an arbitrary common key encryption method. This corresponds to the process number 1105 in FIG. Response Rba is calculated as follows.

Rba = E (Km, Nb || Na) (6) The transmitting device 901 confirms that the response Rba received from the receiving device 902 can be correctly decrypted using the master key 911 (Km). If decoding is successful, the transmitting device 901 authenticates the receiving device 902. This is the processing number 1 in FIG.
Corresponds to 106.

(7) The transmitting device 901 randomly generates a shared key Kab, and sends a value X encrypted by an arbitrary common key cryptosystem using the master key 911 (Km) to the receiving device 902. This corresponds to the process number 1107 in FIG.

(8) The receiving device 902 sets X to the master key 911
(Km) to obtain a common key Kab. This corresponds to the process number 1108 in FIG. Here, the Kab values are kept secret until the communication between the transmitting device 901 and the receiving device 902 ends.

(9) The transmitting device 901 sends the generation number 912 to the receiving device 901. The generation number 912 uses the shared key Kab,
The message may be transmitted after being encrypted by an arbitrary common key cryptosystem. This corresponds to the process number 1109 in FIG.

(10) The receiving device 902 receives the generation number 913. If the generation number is encrypted, the shared key Kab
And decrypt it. This corresponds to the process number 1110 in FIG.

(11) The transmitting device 901 generates random number data Seed for generating the data key 102 and the algorithm number 103, and sends it to the receiving device 902. This corresponds to the process number 1111 in FIG.

(12) The transmitting device 901 and the receiving device 902 generate the data key 102 (Kd) using the shared key Kab and the random number data Seed. This corresponds to the process number 1112 in FIG. Kd is calculated as follows.

Kd = H (Kab || Seed) Here, the function H (X) is a hash function. The hash function is an irreversible function for compressing arbitrary-length data into fixed-length data, and is widely used for purposes such as digital signatures and authentication.

(13) The transmitting device 901 and the receiving device 902 generate the algorithm number 103. This is the process number 1113 in FIG.
Corresponding to As shown in FIG. 10, the algorithm number 103 sets the lower (NM) bit of the data key 102 to the version number 93.
Generated by setting it to 1 and combining it with the generation number 912. Alternatively, as shown in FIG. 11, the lower-order (NM) bits of the random number data Seed may be set to the version number 931 and combined with the generation number 912.

The cryptographic communication method according to the present invention uses the data key 10
2 and the algorithm number 103 are updated periodically during the encryption communication, so that the security can be improved. this is,
This is realized by re-executing the process numbers 1111 to 1113 in FIG. In the transfer of digital data, which is one application example of the present invention, the frequency of the re-execution is not limited, and the re-execution may be performed for each content, or the re-execution may be performed in one content. You may.
Here, the random number data Seed uses a different value every time. At this time, the algorithm number 103 is updated by changing the version number 931 (generation number 912).
Does not change). As a result, the data key 102 and the algorithm used for converting the encrypted data flowing through the communication path are sequentially changed, which makes it very difficult for a third party to attack a ciphertext.

In the encryption communication method according to the present invention, the key management agency 910 updates the generation number 912 and
1 can also update the cryptographic communication system by obtaining the updated generation number 912 from the management organization 910. After the transmitting device 901 updates the generation number 912, an algorithm number 103 different from the previous one is generated between the transmitting device 901 and the receiving device 902, and the encrypted communication is performed using the new algorithm. Become. Therefore, even if the details of the previously used algorithm have been leaked to the outside, the leaked algorithm can be prevented from being used by updating the generation number 912.
As a method of updating the generation number 912, the distribution method of the generation number 912 as described above can be used. For example,
IC in which key management organization 910 embeds updated generation number
The card may be redistributed to the transmitting device 901. Alternatively, the transmission device 901 may acquire the updated generation number 912 from the key management organization 910 via a secure communication channel.
Alternatively, the updated generation number may be embedded when a new transmission device is manufactured.

The secure communication path in the above description may be an encrypted wired communication path or an encrypted wireless communication path.

[0069]

According to the present invention, it is possible to realize a cryptographic conversion device, a decryption conversion device, and a cryptographic communication method that are extremely resistant to a third-party cryptanalysis attack by updating a cryptographic conversion algorithm. it can.

[Brief description of the drawings]

FIG. 1 is a block diagram showing an embodiment of a cryptographic conversion device according to the present invention.

FIG. 2 is a block diagram of a cipher conversion unit in FIG.

FIG. 3 is a conversion table used in a cyclic shift number determination unit in FIG. 2;

FIG. 4 is a block diagram showing an embodiment of a decoding conversion apparatus according to the present invention.

FIG. 5 is a block diagram of a decoding conversion unit in FIG. 4;

FIG. 6 is a conversion table used by a cyclic shift number determination unit in FIG. 5;

FIG. 7 is a block diagram showing an embodiment of an encryption communication method according to the present invention.

FIG. 8 is a configuration diagram of an algorithm number.

FIG. 9 is a flowchart of authentication between devices and sharing of a data key and an algorithm number.

FIG. 10 is a conceptual diagram (part 1) illustrating a method of generating an algorithm number.

FIG. 11 is a conceptual diagram (part 2) illustrating a method of generating an algorithm number.

[Explanation of symbols]

 101: plaintext, 102: data key, 103: algorithm number, 104: ciphertext, 106: cryptographic conversion device, 201a, 201b, 201c, 201d: cryptographic conversion means, 202 ... Algorithm determination means, 203 ... Key generation means.

 ──────────────────────────────────────────────────続 き Continuing on the front page (72) Inventor Sada Kuwahara 292 Yoshida-cho, Totsuka-ku, Yokohama-shi, Kanagawa Prefecture Inside the Multimedia System Development Division of Hitachi, Ltd. 292, Hitachi, Ltd. Multimedia System Development Division, Hitachi, Ltd.

Claims (13)

[Claims] 1. A cipher conversion method for inputting a first key and plaintext data and outputting a ciphertext, comprising: two or more first conversion means for performing substitution transposition mixed conversion; The first transposing means operates to output ciphertext data corresponding to the plaintext data, and includes a transposition mixed conversion including a cyclic shift operation for cyclically shifting a bit sequence left or right. Is provided in each of the first conversion means, and the number of the cyclic shifts of the cyclic shift operation used in all of the second conversion means is converted. An encryption conversion method and apparatus, comprising: first determination means for determining by referring to data-independent first data or data obtained by converting the first data. 2. A decryption conversion method for inputting a second key and ciphertext data and outputting a plaintext, comprising: two or more third conversion means for performing substitution transposition mixed conversion; By causing each of the third conversion means to act on the data, it corresponds to the ciphertext data.
A fourth conversion means for outputting plaintext data and performing a permutation transposition mixed conversion including a cyclic shift operation for cyclically shifting a bit string to the left or right is provided in each of the third conversion means by one or more identical conversion means. The number of cyclic shifts of the cyclic shift operation used in all of the fourth conversion means is referred to second data independent of converted data or data obtained by converting the second data. A decoding conversion method and apparatus, comprising: a second determination unit for determining the decoding conversion. 3. A transmitting device for encrypting third data and transmitting the encrypted data obtained as a result, and receiving and decrypting the encrypted data to obtain the original third data In the cryptographic communication method performed by the device, the transmitting device is provided with first secret information from a management organization that manages the secret information;
Acquiring second secret information; setting the first key based on the first secret information; setting first data based on the second secret information; , The third data using the first data.
The receiving device obtains the first secret information from a management organization that manages the secret information, obtains the second secret information from the transmitting device, and obtains the second secret information from the transmitting device. Setting a second key based on the secret information of
Setting the second data based on the secret information, and decrypting the encrypted third data using the second key and the second data. Method. 4. The cryptographic communication method according to claim 3, wherein said transmitting device and said receiving device each include said first key and said first data, and further said second key and said second data.
Re-executing the step of setting the first key, the first data, the second key, and the second key.
An encrypted communication method comprising: 5. The cryptographic communication method according to claim 3, wherein the transmitting device and the receiving device each include the first key and the second key, or the first data and the second data.
And the same data is set to the same value. 6. The method according to claim 1, wherein the first data is generated from the second secret information and a part of the first key, and the second data is generated from the second secret information and the second secret information. 4. The method according to claim 3, wherein the key is generated from a part of the key. 7. The method according to claim 7, wherein the first data is generated from the second secret information and a part of random number data used to generate the first key, and the second data is generated by the second data. The cryptographic communication method according to claim 3, wherein the secret information is generated from part of random number data used to generate the second secret information and the second key. 8. A means for acquiring first secret information and second secret information from the outside; a means for holding the first secret information; a means for holding the second secret information; Means for setting the first key based on secret information and setting the first data based on the second secret information; using the first key and the first data, Means for encrypting the third data and transmitting the encrypted data. 9. A means for acquiring first secret information from outside, a means for acquiring the second secret information from a transmitting device, and setting a second key based on the first secret information And the second
Setting means for setting second data based on the confidential information, a second key, and means for decrypting encrypted third data using the second data. Receiver used. 10. The transmitting device according to claim 8, wherein said first secret information and said second secret information are stored in a medium for holding first secret information and second secret information. And a means for distributing to a management device. 11. The management apparatus according to claim 10, further comprising means for distributing said first secret information via a medium to the reception apparatus according to claim 9. 12. A medium used by the management device according to claim 10 or 11, wherein at least the first secret information is distributed to the transmission device according to claim 8 or the reception device according to claim 9. A medium characterized by the above. 13. The medium according to claim 13, wherein said medium is an IC card.