JPH11298468A - Encryption conversion device, decryption conversion device, and encryption communication method - Google Patents

Abstract

(57) [Summary] [PROBLEMS] Without reducing the processing speed of cryptographic conversion,
Minimize the possibility of a third party decryption attack. SOLUTION: Input plaintext data A has upper bits R
And the lower-order bit L, and the substitution transposition means 13 ₁ ,
13 _2, ......, 13 _N are supplied in sequence the substitution transposition mixed conversion process for each respective to the ciphertext and upper bit string R obtained from the substitution transposition conversion means 13 _N of the last stage and a lower bit string L synthesized and Let it be data B. Each substitution transposing means 13 _i (i
= 1, 2,..., N), the 1-bit signal G [i] generated from the intermediate key K [i] generated from the data key K by the key generation unit 12 and the algorithm number G by the algorithm determination unit 11 Thus, a substitution process for changing the bit arrangement of one of the upper bit string R and the lower bit string L to change the information content and a transposition processing for changing the arrangement order of the upper bit string R and the lower bit string L are performed. It is.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an apparatus and a method for encrypting and decrypting digital data transmitted between a computer and an information home appliance.

[0002]

2. Description of the Related Art In digital information home appliances expected to develop in the future, an encryption technique for preventing unauthorized copying of digital data is indispensable. For example, digital video data received by a digital broadcast receiver is converted to D-VHS
When digitally recording on a digital recording device such as a (Digital-VHS) type VTR, if the digital video data is copyrighted, a function for protecting the copyright is required for each device. In order to realize such a copyright protection system, use of encryption technology such as setting of digital data copy restrictions, authentication between devices, and real-time encryption of digital data, to prevent data tampering and unauthorized copying. Is required.

As a conventional encryption technique, there is a common key encryption method represented by DES (for example, Japanese Patent Laid-Open Publication No. Sho 51-108701). Many of the common key cryptosystems are characterized in that a complicated cryptographic conversion is configured by repeatedly performing a simple conversion. Various attempts have been made in the past to make these ciphers more secure. For example, by increasing the number of simple conversion iterations, the statistical characteristics of the ciphertext can be further disturbed, and decryption can be made difficult.

[0004]

However, if the number of repetitions of the conversion is increased, the processing time required for the encryption conversion is increased. Such security enhancement measures are not suitable for real-time encryption processing in the copyright protection system as described above.

SUMMARY OF THE INVENTION An object of the present invention is to solve the above-mentioned problem by making it possible to update a cryptographic conversion algorithm, thereby reducing the possibility of a third-party cryptanalysis attack without lowering the processing speed of the cryptographic conversion. It is an object of the present invention to provide a cryptographic conversion device, a decryption conversion device, and a cryptographic communication method in which the number of errors is significantly reduced.

[0006]

In order to achieve the above object, the present invention comprises at least one transposition transposition means for performing transposition mixed conversion, and uses a first key to convert each of the plaintext data into plain text data. The ciphertext data is output by causing the transposition transposition means to operate, and two or more different bit string conversion means included in each of the transposition transposition means are connected to a plaintext-independent second character string conversion means. Determining means for determining one of all bit string converting means included in each of the substitution transposing means based on one data or data obtained by converting the first data;

[0007]

Embodiments of the present invention will be described below with reference to the drawings.

FIG. 1 is a block diagram showing an embodiment of a cryptographic conversion device and a decryption conversion device according to the present invention, wherein 1 is a cryptographic conversion device, 2a and 2b are cryptographic conversion means, 3 is an algorithm determination means, Is a selector, 5 is a decoding conversion means, 6
a and 6b are decoding conversion means, 7 is algorithm determination means,
8 is a selector.

In FIG. 1, plaintext data A, data key K, and algorithm number G are input to cipher conversion device 1, and plaintext data A is encrypted and ciphertext data B is output. The encryption conversion device 1 includes encryption conversion means 2a, 2
b, a selector 4 and an algorithm determining means 3.

[0010] The cipher conversion means 2a performs a substitution transposition mixed conversion on the plaintext data A using the input data key K.
Here, the transposition mixed conversion is a combination of a transposition process for replacing a certain character with another character and a transposition process for rearranging the order of characters in a character string. Similarly, the cipher conversion unit 2b also uses the data key K to perform the substitution / transposition mixed conversion process on the plaintext, but the conversion result in this case is different from that of the encryption conversion unit 2a.

The plaintext data A is subjected to conversion processing by each of the cipher conversion means 2a and 2b, and the conversion result is selected by the selector 4 and output as ciphertext data B. Here, the selection of these conversion results by the selector 4 is determined by the 1-bit signal G ′ input to the selector 4 as a control signal. This 1-bit signal G ′ is
It is generated by converting the algorithm number G by the algorithm determining means 3. In the conversion of the algorithm number G by the algorithm determining means 3, for example, the length of the algorithm number G is set to M bits, and the sum of exclusive ORs from the first bit to the M-th bit is converted to a one-bit signal G ′. It is conceivable that

The ciphertext data B, the data key K, and the algorithm number G are input to the decryption / conversion device 5, and the ciphertext data B is decrypted to output plaintext data A. The decryption / conversion device 5 includes, in addition to the selector 8 and the algorithm determination unit 7 similar to the encryption conversion device 1, decryption / conversion units 6a and 6
b.

The decryption / conversion means 6a performs a ciphertext permutation transposition mixed conversion process using the input data key K, in the opposite manner to the cryptographic conversion means 2a in the cryptographic conversion device 1, and performs conversion.
Similarly, the decryption conversion means 6b performs the reverse conversion of the encryption conversion means 2b in the encryption conversion device 1.

In the decryption / conversion device 5, the input ciphertext data B is converted by the decryption / conversion means 6a and 6b, respectively, and the conversion results are selected by the selector 8 and output as plaintext data A. Here, the selection of these conversion results by the selector 8 is determined by the 1-bit output value G ′ from the algorithm determination means 7, similarly to the encryption conversion device 1.

The decryption / conversion device 5 includes the encryption / conversion device 1
By sharing the same data key K and algorithm number G between the ciphertext data B and the ciphertext data B generated by the cipher conversion device 1, it is possible to decrypt the ciphertext data B.

The number of encryption conversion means and decryption conversion means that can be switched by the algorithm number G may be further increased.

As described above, in the first embodiment,
By switching the algorithm number G, the conversion algorithm of the ciphertext data B flowing on the communication path is changed, and it becomes possible to make the decryption attack of the ciphertext data B more difficult.

FIG. 2 is a block diagram showing a second embodiment of a cryptographic conversion device according to the present invention, wherein 9 is a cryptographic conversion device, 10 is a cryptographic conversion device, 11 is an algorithm determination device, 12 is a key generation device, 13 ₁ , 13 ₂ ,..., 13 _N are substitution transposing means.

In FIG. 1, a cryptographic conversion device 9 comprises a cryptographic conversion means 10 and an algorithm determination means 11, and includes 64-bit plaintext data A, a 40-64-bit data key K, and an N-bit algorithm number. G is input and 64-bit ciphertext data B is output. Also,
The encryption conversion means 10 is composed of a key generation means 12 and N character transposition conversion means 13 ₁ , 13 ₂ ,..., 13 _N (where N is an integer of 1 or more).

The key generation means 12 receives the input data key K
Is subjected to linear or non-linear conversion to generate and output N intermediate keys K [i] (i = 1 to N) consisting of 64 bits. Similarly, the algorithm determining means 11 performs a linear or non-linear conversion on the input algorithm number G, generates and outputs N 1-bit signals G [i].

Next, the encryption conversion procedure of the encryption conversion device 9 will be described.

First, the plaintext data A to be input is
It is separated into a 2-bit value R [0] and a lower 32-bit value L [0]. These are supplied to respective substitution transposition converting means 13 _1, substitution transposition mixing conversion processing for the first time by using the intermediate key K [1] and 1-bit signal G [1] and is carried out, 32-bit values R [1] And a 32-bit value L [1].
Subsequently, the 32-bit values R [1] and L [1] are supplied to the substitution transposing means 132, and the _second substitution transposition is performed using the intermediate key K [2] and the 1-bit signal G [2]. A mixed conversion process is performed to convert into a 32-bit value R [2] and a 32-bit value L [2]. The above-described permutation transposition / mixing conversion is sequentially repeated N times, and the 32-bit value R [N] and the 32-bit value L [N] output from the final permutation transposition means 13 _N are combined into 64. Bit ciphertext data B is obtained. The total number of repetitions N of the substitution transposing means is referred to as the number of rounds.

FIG. 3 is a block diagram showing the substitution transposition converting means 13 _i to perform i-th substitution transposition mixing conversion in FIG. 2, 14a is the bit string conversion unit (F1 [i]), 14b
Is a bit string converter (F2 [i]), 15 is a selector, 1
Reference numeral 6 denotes an exclusive OR operation unit.

Referring to FIG.
_i is composed of bit string conversion units 14a and 14b, a selector 15, and an exclusive OR operation unit 16. The bit string conversion unit 14a uses the intermediate key K [i] to
Performs a transposition mixed bit string conversion of the 2-bit value R [i-1]. For example, substitution conversion is performed by performing an exclusive OR operation on the bit string of the 32-bit value R [i-1] using the intermediate key K [i], and transposition conversion is performed by performing a cyclic shift operation on this bit string. Similarly, bit string converter 1
4b also uses the intermediate key K [i] to generate a 32-bit value R [i
-1] is subjected to the transposition mixed bit sequence conversion, but the conversion result is different from that of the bit sequence conversion unit 14a.

Next, the conversion procedure of the substitution transposing means 13 _i will be described.

First, one input bit value R [i-
1] is supplied to the bit string converters 14a and 14b and subjected to the substitution transposition mixed conversion processing for each of them. One of the conversion results is selected by the selector 15 and the bit value Y
[I]. Here, the selection of these conversion results by the selector 15 is determined by the 1-bit signal G [i] supplied to the selector 15 as a control signal.

Next, the other input bit value L [i-
1] is subjected to an exclusive OR operation with the bit value Y [i] in the exclusive OR operation unit 16, and the operation result is output to one output value R
[I], and the above-mentioned bit value R [i-1] input to the substitution transposition mixing conversion means 13 _i is set as an output value L [i]. This output value R [i] is supplied to the next-stage substitution transposition / mixing / conversion means 13 _{(i + 1)} as an upper bit value.
[I] is supplied as a lower-order bit value to the substitution transposition mixing conversion means 13 _{(i + 1)} .

In the above conversion procedure, the 1-bit signal G
By changing [i], the substitution transposing means 13 _i
Can be changed. Therefore, the encryption conversion algorithm of the encryption conversion means 10 can be switched from the algorithm number G. When the total number of rounds of the cryptographic conversion means 10 is N, 2 ^N types of algorithms can be created by the N-bit algorithm number G.

FIG. 4 is a block diagram showing a second embodiment of a decryption / conversion device according to the present invention, in which 17 is a decryption / conversion device, 18 is a decryption / conversion means, 19 is an algorithm determination means, 20 is a key generation means, 21 ₁ , 21 ₂ ,..., 21 _N are substitution transposing means.

In this embodiment, the ciphertext data B is decrypted into the original plaintext data A by the cipher conversion device 9 shown in FIG.

In FIG. 4, the decoding conversion device 17
In addition to the algorithm deciding means 19 similar to the cipher conversion device 9 of the above, a decryption / conversion means 211 is provided.
A bit algorithm number G is input and 64-bit plaintext data A is output.

The decryption / conversion means 18 is provided with _N substitution transposition means 21 ₁ , 21 ₂ ,..., 21 _N in addition to the key generation means 20 similar to the encryption conversion means 10 of FIG. First, the ciphertext data B to be input has an upper 32-bit value R
[N] and separated into low-order 32-bit value L [N] is supplied to the substitution transposition converting means 21 _1, the key generation means from the data key K 2
0, a 1-bit signal G generated by the algorithm determining means 19 from the intermediate key K [N] and the algorithm number G
[N] is used to perform the first transposition mixed conversion, and 3
Two-bit values R [N-1] and L [N-1] are output. These 32-bit values R [N-1], L [N-1] is supplied to the next substitution transposition conversion unit 21 _2, an intermediate key K [N-1] 1-bit signal G [N-1] and Are used to perform the second transposition mixed conversion, and the 32-bit values R [N-1] and L [N-2] are used.
Is output.

The above-described permutation / mixing conversion process is repeated N times, and the 32-bit values R [0] and L [0] output from the last-stage permutation / transformation means 21 _N are combined to obtain 64 bits. Bit plaintext data A is obtained. Here, the total number of repetitions N of the substitution transposing means is referred to as the number of rounds as in the case of the cryptographic conversion.

FIG. 5 shows a substitution transposing means 21 for performing the (N + 1-i) th substitution transposition mixed transformation in FIG.
_{(N + 1-i)} (This is also the last stage of the transposition transposition means 2
1N is a block diagram showing a specific example of the i-th substitution transposing means viewed from the viewpoint of _N , wherein 22a is a bit string conversion unit (F1 [i]), and 22b is a bit string conversion unit (F2
[I]), 23 is a selector, and 24 is an exclusive OR operation unit.

Referring to FIG.
_{(N + 1-i),} as well as the substitution transposition converting means 13 _i as shown in Fig. 3, and is configured bit string converter 22a, and 22b and the selector 23 from the exclusive-OR operation unit 24, the substitution transposition conversion means 13 performs inverse transformations to _i.

That is, the input 32-bit value L [i] is subjected to a substitution transposition mixed conversion process in each of a bit string conversion unit (F1 [i]) 22a and a bit string conversion unit (F2 [i]) 22b, and the conversion is performed. One of the results is selected by the selector 23 to be a 32-bit value Y [i]. The selection of these conversion results by the selector 15, similarly to the substitution transposition converting means 13 _i in Fig. 3, is determined by 1-bit signal G [i] supplied as a control signal to the selector 23. The other input 32-bit value R [i] is
The exclusive OR operation unit 16 performs an exclusive OR operation on the 32-bit value Y [i] and outputs the operation result as a lower 32-bit value L [i−1]. The input 32-bit value L [i] is also output as the upper bit value R [i-1]. These 32-bit values R [i-1], L
[I-1] is input to the next-stage substitution transposing means 21 _{(N + 2-i)} .

As described above, the decryption conversion device 17 of this specific example shares the same data key K and algorithm number G with the encryption conversion device 9 shown in FIG.
The data encrypted by the encryption conversion device 9 can be decrypted.

FIG. 6 is a block diagram showing an embodiment of a cryptographic communication method according to the present invention using a cryptographic conversion device and a decryption conversion device according to the present invention, wherein 25 is a transmitting device, 26 is a cryptographic conversion device, and 27 is Data processing means, 28 is confidential information holding means, 29 is authentication processing means, 30 is a communication channel, 31 is a receiving device, 32 is a decryption conversion device, 33 is data processing means, 34 is confidential information holding means, and 35 is authentication processing. Means, 3
6 is a key management organization, 37 is secret information management means, and 38 and 39
Is an IC card.

In the figure, a transmitting device 25 and a receiving device 3
1 is connected via a communication path 30. The transmission device 25 includes the encryption conversion device 26, the data processing unit 27, the secret information holding unit 28, and the authentication processing unit 29 shown in FIG. In addition, the receiving device 31
The data processing means 33 and the secret information holding means 3 similar to the decoding / conversion apparatus 32, the transmitting apparatus 25 shown in FIG.
4 and an authentication processing means 35.

Here, the transmitting device 25 is, for example, a digital broadcast receiving device, and the receiving device 31 is, for example, a digital recording device. Further, the data processing means 27 is adapted to transmit the MPEG data transmitted by the digital broadcasting service.
2-Receives digital program data such as TS (Transport Stream) format, and performs processing such as demultiplexing, decompression, and storage.

The transmission device 25 and the reception device 31 are connected to the communication path 3
When the connection is made via the device 0, inter-device authentication is first performed between these devices. Here, in order to perform the inter-device authentication, the transmitting device 25 and the receiving device 31 securely acquire the master key MK managed in advance by the secret information managing means 37 from the key management organization 36 in advance. . The above-described inter-device authentication is performed between the authentication processing unit 29 of the transmission device 25 and the authentication processing unit 35 of the reception device 31 using the master key MK. This inter-device authentication will be described later in detail.

As a method in which the transmitting device 25 and the receiving device 31 obtain the master key MK from the key management organization 36, here, IC cards 38 and 39 are used. For this purpose, the key management organization 36 embeds the master key MK in the IC cards 38 and 39, and distributes the IC card 38 to the transmitting device 25 and the IC card 39 to the receiving device 31, respectively. In the transmitting device 25, when the IC card 38 is attached, the master key MK embedded therein is read and held in the secret information holding means 28. Also, in the receiving device 31, similarly, by mounting the IC card 39,
The master key MK embedded therein is read and held in the secret information holding means 34.

However, information embedded in the IC cards 38 and 39 cannot be taken out unless a proper method is used. Also, the secret information holding unit 2 of the transmitting device 25
8 may be configured to be included in the IC card 38. Similarly, the secret information holding means 34 of the receiving device 31
The configuration included in the C card 39 may be used.

As another method in which the transmitting device 25 and the receiving device 31 obtain the master key MK from the key management institution 36, the transmitting device 25 and the receiving device 31 transmit the master key MK from the key management institution 36 via a secure communication path. The key MK may be obtained. Alternatively, when the transmitting device 25 and the receiving device 31 are manufactured, the master key MK is stored in the secret information holding unit 2.
8 may be embedded.

When the inter-device authentication is successful, the transmitting device 25 and the receiving device 31 share the data key K and the algorithm number G. The data key K and the algorithm number G are generated by the authentication processing units 29 and 35 as described later. When the data key K and the algorithm number G are shared, in the transmitting device 25, the cipher conversion device 26 uses the data key K and the algorithm number G to transmit the plaintext data output from the data processing unit 27 as described above. A is sequentially converted to generate ciphertext data B, which is sent to the receiving device 31 via the communication path 30. In the receiving device 31, the decryption conversion device 32 converts the received ciphertext data B into the authentication processing unit 3.
Using the data key K from 5 and the algorithm number G,
As described above, the original plaintext data A is decrypted and supplied to the data processing unit 33.

FIG. 7 is a block diagram showing a specific example of the algorithm number G generated by the authentication processing means 29 and 35.

In the figure, an algorithm number G is composed of a generation number GN and a version number VN. The generation number GN indicates the generation of the algorithm, and the version number VN is a number for identifying an algorithm belonging to each generation. If the length of the algorithm number G is N bits, the bit length M of the generation number GN satisfies 0 <M <N, and
The bit length of the version number VN is (N−M) bits. Like the master key MK, the generation number GN is managed by the key management organization 36 using the secret information management means 37.
The transmitting device 25 transmits the generation number GN from the key management organization 36 in advance.
Received in the secret information holding means 28. The generation number GN held by the transmitting device 25 is shared with the receiving device 31 after authentication between devices. Version number VN
Is generated by the authentication processing unit 29 after the device authentication.

The method by which the transmitting device 25 acquires the generation number GN from the key management organization 36 uses the IC cards 38 and 39 as in the case of the master key MK described above. That is, in FIG. 6, the key management organization 36 embeds the generation number GN in the IC card 38 and inserts the IC card 38 into the transmitting device 25.
Distribute to In the transmitting device 25, the generation number GN is held in the secret information holding unit 28 by mounting the IC card 38. The transmitting device 25 is a key management organization
As another method for obtaining the generation number GN from the transmission device 25, the transmission device 25 may obtain the generation number GN from the key management organization 36 via a secure communication path. Alternatively, the generation number GN is stored in the secret information holding unit 2 when the transmission device 25 is manufactured.
8 may be embedded.

FIG. 8 is a flow chart showing an operation for authentication between devices performed between the authentication processing means 29 in the transmitting device 25 and the authentication processing means 35 in the receiving device 31, and an operation for sharing the data key K and the algorithm number G. It is.

The inter-device authentication method used here is a mechanism defined as an international standard in ISO / IEC 9798-2.

In FIG. 8, (1) First, the receiving device 31 generates random number data Nb and sends it to the transmitting device 25. Step 101 (2) The transmitting device 25 generates random number data Na. Step 102 (3) The transmitting device 25 transmits the random number data Na and Nb, which are obtained by encrypting the random number data Na and Nb using a common key encryption method using the master key MK, as a response Rab, and sends the response Rab together with the random number data Na to the receiving device 31. send. ... Step 103 The response Rab is calculated as follows. Rab = E (MK, Na || Nb) Here, the operation A || B represents combining the bit strings A and B, and the function E (K, X) is an arbitrary common key encryption function. , The data X is encrypted using the data key K. (4) The receiving device 31 confirms that the response Rab received from the transmitting device 25 can be correctly decrypted using the master key MK. If decoding is successful, the receiving device 31 authenticates the transmitting device 25. Step 104 (5) The receiving device 31 uses the master key MK to encrypt the random number data Na and Nb using an arbitrary common key encryption method as a response Rba, and sends the response Rba to the transmitting device 25. ... Step 105 The response Rba is calculated as follows. Rba = E (MK, Nb || Na) (6) The transmitting device 25 confirms that the response Rba received from the receiving device 31 can be correctly decrypted using the master key MK. If the decryption is successful, the transmitting device 25 authenticates the receiving device 31. Step 106 (7) The transmitting device 25 randomly generates the shared key Kab, and transmits the value X encrypted by the arbitrary common key cryptosystem using the master key MK to the receiving device 31. Step 107 (8) The receiving device 31 decrypts the encrypted value X using the master key MK to obtain a common key Kab. Step 108 Here, each of the values of the common key Kab is kept secret until the communication between the transmitting device 25 and the receiving device 31 ends. (9) The transmitting device 25 sends the generation number GN to the receiving device 31. In this case, the generation number GN may be encrypted using the common key Kab and transmitted by an arbitrary common key encryption method. Step 109 (10) The receiving device 31 receives the generation number GN, and if this is encrypted, decrypts it using the shared key Kab. Step 110 (11) The transmitting device 25 generates random number data Seed for generating the data key K and the algorithm number G, and sends it to the receiving device 31. Step 111 (12) The transmitting device 25 and the receiving device 31 generate the data key K (Kd) using the shared key Kab and the random number data Seed. ... Step 112 This data key Kd is calculated as follows. Kd = H (Kab || Seed) Here, the function H (X) is a hash function. A hash function is an irreversible function that compresses arbitrary-length data into fixed-length data, and is widely used for purposes such as digital signatures and authentication. (13) The transmitting device 25 and the receiving device 31 generate an algorithm number G. ... Step 113.

As shown in FIG. 9, the algorithm number G is generated by setting the lower (NM) bits of the data key K as the version number VN and combining this with the generation number GN. Alternatively, as shown in FIG. 10, the lower (NM) bits of the random number data Seed may be used as the version number VN, and the version number VN may be combined with the generation number GN.

In the embodiment shown in FIG. 6, the data key K and the algorithm number G are sequentially updated during the encryption communication in order to enhance security. This is realized by re-executing the processing of steps 111 to 113 in FIG. Here, a different value is used every time as the random number data Seed. At this time, the algorithm number G is updated by changing the version number VN (however, the generation number GN does not change). Thereby, the ciphertext data B transmitted via the communication path 30
Since the data key K and the algorithm G used for the conversion change sequentially, it becomes very difficult for a third party to attack a ciphertext.

In the embodiment shown in FIG. 6, the key management organization 36 updates the generation number GN, and the transmitting device 25 obtains the updated generation number GN from the key management organization 36. It becomes possible to update.
After the transmitting device 25 updates the generation number GN, an algorithm number G different from the previous one is generated between the transmitting device 25 and the receiving device 31, and encryption communication is performed using the new algorithm G. become. For this reason,
Even if the details of the algorithm G used before are leaked outside, the generation number GN is updated.
It is possible not to use the leaked algorithm G. As a method of updating the generation number GN, the key management organization 36 may redistribute the IC card 38 in which the updated generation number GN is embedded to the transmission device 25. Or,
The transmission device 25 is connected to the key management authority 36 via a secure communication path.
, The updated generation number GN may be obtained. Alternatively, the updated generation number GN may be embedded when the transmission device is manufactured.

[0055]

As described above, according to the present invention,
Updating the algorithm of the cryptographic conversion makes it possible to greatly reduce the possibility of a successful third-party cryptanalysis attack, thereby improving the confidentiality of information.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a first embodiment of an encryption conversion device and a decryption conversion device according to the present invention.

FIG. 2 is a block diagram showing a second embodiment of the cryptographic conversion device according to the present invention.

FIG. 3 is a block diagram illustrating a specific example of a substitution transposition conversion unit in FIG. 2;

FIG. 4 is a block diagram showing a second embodiment of the decoding / conversion device according to the present invention.

FIG. 5 is a block diagram showing a specific example of a substitution transposing means in FIG. 4;

FIG. 6 is a block diagram showing an embodiment of an encryption communication method according to the present invention.

FIG. 7 is a diagram showing a specific example of a configuration of an algorithm number used in the embodiment shown in FIG. 6;

FIG. 8 is a flowchart showing an operation for authentication between devices and sharing of a data key and an algorithm number in the embodiment shown in FIG. 6;

FIG. 9 is a conceptual diagram showing a specific example of a method of generating an algorithm number in the embodiment shown in FIG.

FIG. 10 is a conceptual diagram showing a specific example of a method of generating an algorithm number in the embodiment shown in FIG.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 Cryptographic conversion device 2a, 2b Cryptographic conversion means 3 Algorithm determination means 4 Selector 5 Decryption conversion means 6a, 6b Decryption conversion means 7 Algorithm determination means 8 Selector 9 Cryptography conversion device 10 Cryptography conversion means 11 Algorithm determination means 12 Key generation means 13 _{1 to} 13 _N Substitution transposing means 14 a, 14 b Bit string conversion unit 15 Selector 16 Exclusive OR operation unit 17 Decoding conversion device 18 Decoding conversion means 19 Algorithm determining means 20 Key generation means 21 _{1 to} 21 _N Substitution transposing conversion means 22 a , 22b Bit string converter 23 Selector 24 Exclusive OR operation unit 25 Transmitter 26 Cryptographic converter 27 Data processing means 28 Secret information holding means 29 Authentication processing means 30 Communication channel 31 Receiving device 32 Decryption conversion device 33 Data processing means 34 Secret Information holding means 3 5 Authentication processing means 36 Key management organization 37 Secret information management means 38, 39 IC card A Plaintext data K Data key G Algorithm number B Ciphertext data

 ──────────────────────────────────────────────────続 き Continuing on the front page (72) Inventor Sada Kuwahara 292 Yoshida-cho, Totsuka-ku, Yokohama-shi, Kanagawa Prefecture Inside the Multimedia Systems Development Division of Hitachi, Ltd. 292 Hitachi Multimedia System Development Division, Hitachi Ltd. (72) Inventor Keiji Noguchi 292 Yoshida-cho, Totsuka-ku, Yokohama-shi, Kanagawa Prefecture Multimedia System Development Division, Hitachi, Ltd.

Claims (9)

[Claims] 1. A cryptographic conversion device for inputting a key and a plaintext and obtaining said plaintext, comprising: two or more different cryptographic conversion means for performing a cryptographic conversion; Determination means for determining one of all the encryption conversion means on the basis of the data obtained by converting the data or the data obtained by converting the data, and performing encryption using the encryption conversion means determined by the determination means. An encryption conversion device for performing conversion. 2. A decryption conversion method for inputting a key and a ciphertext and obtaining a plaintext from the ciphertext, comprising: two or more different decryption conversion means for performing a decryption conversion; Determining means for determining one of all the decoding and converting means based on the dependent data or data obtained by converting the data, and using the decoding and converting means determined by the determining means. A decoding conversion device for performing decoding conversion. 3. A method according to claim 1, further comprising: providing one or more transposition transposition means for performing transposition transposition mixed conversion, and using the first key to cause each of the transposition transposition means to operate on the plaintext to output a ciphertext. In the cipher conversion device, two or more different bit string conversion units included in each of the substitution transposition units, and first data independent of the plaintext or data obtained by converting the first data Deciding means for deciding one of all the bit string transforming means included in each of the transposing and translating means on the basis of A cryptographic conversion device, wherein the bit string conversion means is used to perform a substitution transposition mixed conversion. 4. A method according to claim 1, further comprising at least one transposition / transformation means for performing transposition / transformation / transformation, and using said first key to cause each of said transposition / transformation means to operate on the ciphertext to output a plaintext. And at least two different bit string converting means included in each of the substitution transposing means, and second data independent of the ciphertext or obtained by converting the second data. Determination means for determining one of all the bit string conversion means included in each of the substitution transposition means on the basis of the data, wherein each of the substitution transposition means is determined by the determination means. A decoding and conversion apparatus for performing a substitution transposition mixed conversion using said bit string conversion means. 5. The transmitting device encrypts the third data and transmits the resulting ciphertext data, and the receiving device receives and decrypts the encrypted data to obtain the original third data. A cryptographic communication method for obtaining the data of (1), wherein the transmitting device sets the first key on the basis of the first secret information and the second secret information on the basis of the first secret information. First setting means for setting the first data in the first data; first obtaining means for obtaining the first secret information and the second secret information from a management organization which manages the secret information; A first secret information holding the first secret information and the second secret information;
The receiving device sets the second key based on the first secret information, and sets the second key based on the first secret information.
Second setting means for setting the second data based on the secret information, second obtaining means for obtaining the first secret information from a management organization managing the secret information, An encryption communication method, comprising: third acquisition means for acquiring information from the transmitting device; and the first holding means. 6. The function according to claim 5, wherein the first and second setting means perform an inter-device authentication process and then sequentially update the first and second keys with the same value. And a function of sequentially updating the first and second data with the same value. 7. The second setting unit according to claim 5, wherein the first setting unit generates the first data from the second secret information and a part of the first key. Generating the second data from the second secret information and a part of the second key. 8. The method according to claim 5, wherein the first setting unit is configured to calculate the first data from the second secret information and a part of random number data used to generate the first key. Wherein the second setting means generates the second data from the second secret information and a part of random number data used to generate the second key. Encryption communication method. 9. The encryption communication method according to claim 5, wherein the first and second acquisition units are performed using an IC card.