CRYPTOGRAPHIC PROCESSING APPARATUS, CRYPTOGRAPHIC PROCESSING METHOD, AND STORAGE MEDIUM STORING CRYPTOGRAPHIC PROCESSING PROGRAM FOR REALIZING HIGH-SPEED CRYPTOGRAPHIC PROCESSING WITHOUT IMPAIRING SECURITY
First Claim
1. An encryption or decryption apparatus including data conversion means for performing a data conversion on input data using a plurality of sets of substitution data to generate output data,wherein the encryption or decryption apparatus uses a cipher that corresponds to a conventional cipher which uses a F function, the data conversion means corresponds to a device for performing the F function of the conventional cipher, and the device for performing the F function of the conventional cipher (a) stores (2{circumflex over ( )}N)×
- M sets of substitution data that are each (N×
M) bits long, (b) acquires input data of (N×
M) bits that is subjected to a data conversion, (c) generates M sets of N-bit subdata from the input data of (N×
M) bits, (d) receives the M sets of N-bit subdata, specifies M sets of (N×
M)-bit substitution data from the (2{circumflex over ( )}N)×
M sets of substitution data, and outputs the M sets of (N×
M)-bit substitution data, and (e) generates output data of (N×
M) bits based on the M sets of (N×
M)-bit substitution data, where N is an integer no less than 2 and M is an integer no less than 2, the data conversion means comprising;
storing means for storing (2{circumflex over ( )}M) sets of substitution data that each have a predetermined number of bits, the predetermined number being equal to or less than (N×
M), wherein the total size of substitution data stored in the storing means is no greater than 1/M the total size of substitution data stored in the device for performing the F function of the conventional cipher;
acquiring means for acquiring input data that is subjected to a data conversion, the input data being (N×
M) bits long;
subdata generating means for generating at least one set of N-bit subdata from the input data acquired by the acquiring means;
substituting means for receiving the at least one set of subdata generated by the subdata generating means, specifying one of the (2{circumflex over ( )}N) sets of substitution data in the storing means for each of the at least one set of subdata, and outputting at least one set of substitution data specified respectively for the at least one set of subdata;
fixed conversion performing means for performing a plurality of different fixed conversions on the at least one set of substitution data outputted from the substituting means, to generate M sets of converted data that each have the predetermined number of bits; and
output data generating means for generating output data that is (N×
M) bits long, based on the M sets of converted data generated by the fixed conversion performing means.
1 Assignment
0 Petitions
Accused Products
Abstract
To provide a cryptographic processing apparatus that cryptographically processes input data using substitution table data to generate output data. A storing unit stores (2{circumflex over ( )}N) sets of substitution data that each have a predetermined number of bits, where N is an integer no less than 2. A dividing unit divides the input data which is (N×M) bits long into M sets of N-bit subdata, where M is an integer no less than 2. A substituting unit receives an input that is any of: the M sets of N-bit subdata; and at least one set of N-bit input merged data generated by performing a merge process on the M sets of N-bit subdata, specifies one of the (2{circumflex over ( )}N) sets of substitution data in the storing unit for each N bits of the input, and outputs the set of substitution data specified for each N bits of the input. A fixed conversion performing unit performs a plurality of different fixed conversions on at least one set of substitution data outputted from the substituting unit, to generate M sets of converted data that each have the predetermined number of bits. An output data generating unit generates the output data that is (N×M) bits long, based on the M sets of converted data generated by the fixed conversion performing means.
-
Citations
15 Claims
-
1. An encryption or decryption apparatus including data conversion means for performing a data conversion on input data using a plurality of sets of substitution data to generate output data,
wherein the encryption or decryption apparatus uses a cipher that corresponds to a conventional cipher which uses a F function, the data conversion means corresponds to a device for performing the F function of the conventional cipher, and the device for performing the F function of the conventional cipher (a) stores (2{circumflex over ( )}N)× - M sets of substitution data that are each (N×
M) bits long, (b) acquires input data of (N×
M) bits that is subjected to a data conversion, (c) generates M sets of N-bit subdata from the input data of (N×
M) bits, (d) receives the M sets of N-bit subdata, specifies M sets of (N×
M)-bit substitution data from the (2{circumflex over ( )}N)×
M sets of substitution data, and outputs the M sets of (N×
M)-bit substitution data, and (e) generates output data of (N×
M) bits based on the M sets of (N×
M)-bit substitution data, where N is an integer no less than 2 and M is an integer no less than 2,the data conversion means comprising;
storing means for storing (2{circumflex over ( )}M) sets of substitution data that each have a predetermined number of bits, the predetermined number being equal to or less than (N×
M), wherein the total size of substitution data stored in the storing means is no greater than 1/M the total size of substitution data stored in the device for performing the F function of the conventional cipher;
acquiring means for acquiring input data that is subjected to a data conversion, the input data being (N×
M) bits long;
subdata generating means for generating at least one set of N-bit subdata from the input data acquired by the acquiring means;
substituting means for receiving the at least one set of subdata generated by the subdata generating means, specifying one of the (2{circumflex over ( )}N) sets of substitution data in the storing means for each of the at least one set of subdata, and outputting at least one set of substitution data specified respectively for the at least one set of subdata;
fixed conversion performing means for performing a plurality of different fixed conversions on the at least one set of substitution data outputted from the substituting means, to generate M sets of converted data that each have the predetermined number of bits; and
output data generating means for generating output data that is (N×
M) bits long, based on the M sets of converted data generated by the fixed conversion performing means.- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
key acquiring means for acquiring a set of key data; and
,rotation determining means for determining a bit shift length of a rotation to be performed by the fixed conversion performing means as each of the plurality of different fixed conversions, based on the set of key data acquired by the key acquiring means.
- M sets of substitution data that are each (N×
-
4. The encryption or decryption apparatus of claim 1,
wherein the predetermined number is (N× - M),
wherein the subdata generating means includes dividing means for dividing the (N×
M)-bit input data into M sets of N-bit subdata,wherein the substituting means specifies M sets of (N×
M)-bit substitution data, among the (2{circumflex over ( )}N) sets of substitution data in the storing means, respectively, for the M sets of subdata generated by the dividing means, and outputs the specified M sets of substitution data,wherein the fixed conversion performing means performs M different fixed conversions respectively on the M sets of substitution data outputted from the substituting means, to generate the M sets of (N×
M)-bit converted data, and,wherein the output data generating means performs a merge process on the M sets of converted data generated by the fixed conversion performing means, to generate the (N×
M)-bit output data.
- M),
-
5. The encryption or decryption apparatus of claim 4,
wherein the merge process by the output data generating means is made up of at least one operation out of: - arithmetic add operations; and
exclusive-OR operations for corresponding bits.
- arithmetic add operations; and
-
6. The encryption or decryption apparatus of claim 1,
wherein the predetermined number is N, wherein the subdata generating means includes: -
dividing means for dividing the (N×
M)-bit input data into M sets of N-bit partial data; and
input merging means for performing a global merge process on the M sets of partial data to generate a set of N-bit subdata, wherein the substituting means specifies one of the (2{circumflex over ( )}N) sets of N-bit substitution data in the storing means for the set of subdata generated by the input merging means, and outputs the specified set of substitution data, wherein the fixed conversion performing means performs M different fixed conversions separately on the set of substitution data outputted from the substituting means, to generate the M sets of N-bit converted data, and wherein the output data generating means includes;
output merging means for performing an individual merge process on each of the M sets of partial data and a different one of the M sets of converted data that corresponds to the set of partial data, to generate M sets of N-bit output merged data; and
,combining means for combining the. M sets of output merged data generated by the output merging means, to generate the (N×
M)-bit output data.
-
-
7. The encryption or decryption apparatus of claim 6,
wherein the global merge process by the input merging means is made up of at least one operation out of: - arithmetic add operations; and
exclusive-OR operations for corresponding bits.
- arithmetic add operations; and
-
8. The encryption or decryption apparatus of claim 6,
wherein the global merge process by the input merging means is to perform, after a plurality of different fixed conversions are performed on the M sets of subdata generated by the dividing means, at least one operation out of: - arithmetic add operations; and
exclusive-OR operations for corresponding bits.
- arithmetic add operations; and
-
9. The encryption or decryption apparatus of claim 6,
wherein each individual merge process performed by the output merging means is any of an arithmetic add operation and an exclusive-OR operation for corresponding bits.
-
10. An encryption or decryption method including a data conversion method that, in an encryption or decryption apparatus equipped with a storing device storing (2{circumflex over ( )}N) sets of substitution data which each have a predetermined number of bits, performs a data conversion on input data using the (2{circumflex over ( )}N) sets of substitution data to generate output data, the predetermined number being equal to or less than (N×
- M), N being an integer no less than 2, and M being an integer no less than 2,
wherein the encryption or decryption apparatus uses a cipher that corresponds to a conventional cipher which uses a F function, the data conversion method performs the F function of the conventional cipher, and a device for performing the F function of the conventional cipher (a) stores (2{circumflex over ( )}N)×
M sets of substitution data that are each (N×
M) bits long, (b) acquires input data of (N×
M) bits that is subjected to a data conversion, (c) generates M sets of N-bit subdata from the input data of (N×
M) bits, (d) receives the M sets of N-bit subdata, specifies M sets of (N×
M)-bit substitution data from the (2{circumflex over ( )}N)×
M sets of substitution data, and outputs the M sets of (N×
M)-bit substitution data, and (e) generates output data of (N×
M) bits based on the M sets of (N×
M)-bit substitution data, where N is an integer no less than 2 and M is an integer no less than 2, the data conversion method comprising;
a storing step for storing (2{circumflex over ( )}N) sets of substitution data that each have a predetermined number of bits, the predetermined number being equal to or less than (N×
M), wherein the total size of substitution data stored in the storing means is no greater than 1/M the total size of substitution data stored in the device for performing the F function of the conventional cipher;
an acquiring step for acquiring the input data that is subjected to the data conversion, the input data being (N×
M) bits long;
a subdata generating step for generating at least one set of N-bit subdata from the input data acquired in the acquiring step;
a substituting step for receiving the at least one set of subdata generated in the subdata generating step, specifying one of the (2{circumflex over ( )}N) sets of substitution data in the storing device for each of the at least one set of subdata, and outputting at least one set of substitution data specified respectively for the at least one set of subdata;
a fixed conversion performing step for performing a plurality of different fixed conversions on the at least one of substitution data outputted in the substituting step, to generate M sets of converted data that each have the predetermined number of bits; and
an output data generating step for generating the output data that is (N×
M) bits long, based on the M sets of converted data generated by the fixed conversion performing step.- View Dependent Claims (11, 12)
wherein the predetermined number is (N× - M),
wherein the subdata generating step includes a dividing substep for dividing the (N×
M)-bit input data into M sets of N-bit subdata,wherein the substituting step specifies M sets of (N×
M)-bit substitution data, among the (2{circumflex over ( )}N) sets of substitution data in the storing device, respectively for the M sets of subdata generated in the dividing substep, and outputs the specified M sets of substitution data,wherein the fixed conversion performing step performs M different fixed conversions respectively on the M sets of substitution data outputted by the substituting step, to generate the M sets of (N×
M)-bit converted data, andwherein the output data generating step performs a merge process on the M sets of converted data generated in the fixed conversion performing step, to generate the (N×
M)-bit output data.
- M), N being an integer no less than 2, and M being an integer no less than 2,
-
12. The encryption or decryption method of claim 10,
wherein the predetermined number is N, wherein the subdata generating step includes: -
a dividing step for dividing the (N×
M)-bit input data into M sets of N-bit partial data; and
wherein the substituting step specifies one of the (2{circumflex over ( )}N) sets of N-bit substitution data in the storing device for the set of subdata generated in the input merging substep, and outputs the specified set of substitution data, wherein the fixed conversion performing step performs M different fixed conversions separately on the set of substitution data outputted by the substituting step, to generate the M sets of N-bit converted data, and, wherein the output data generating step includes;
an output merging substep for performing an individual merge process on each of the M sets of partial data and a different one of the M sets of converted data that corresponds to the set of partial data, to generate M sets of N-bit output merged data; and
,a combining substep for combining the M sets of output merged data generated by the output merging substep, to generate the (N×
M)-bit output data.
-
-
13. A computer-readable storage medium storing an encryption or decryption program including a data conversion program that, in an encryption or decryption apparatus equipped with a storing device storing (2{circumflex over ( )}N) sets of substitution data which each have a predetermined number of bits, performs a data conversion on input data using the (2{circumflex over ( )}N) sets of substitution data to generate output data, the predetermined number being equal to or less than (N×
- M), N being an integer no less than 2, and M being an integer no less than 2,
wherein the encryption or decryption apparatus uses a cipher that corresponds to a conventional cipher which uses a F function, the data conversion means corresponds to a device for performing the F function of the conventional cipher, and the device for performing the F function of the conventional cipher (a) stores (2{circumflex over ( )}N)×
M sets of substitution data that are each (N×
M) bits long, (b) acquires input data of (N×
M) bits that is subjected to a data conversion, (c) generates M sets of N-bit subdata from the input data of (N×
M) bits, (d) receives the M sets of N-bit subdata, specifies M sets of (N×
M)-bit substitution data from the (2{circumflex over ( )}N)×
M sets of substitution data, and outputs the M sets of (N×
M)-bit substitution data, and (e) generates output data of (N×
M) bits based on the M sets of (N×
M)-bit substitution data, where N is an integer no less than 2 and M is an integer no less than 2, the data conversion program comprising;
a storing step for storing (2{circumflex over ( )}N) sets of substitution data that each have a predetermined number of bits, the predetermined number being equal to or less than (N×
M), wherein the total size of substitution data stored in the storing means is no greater than 1/M the total size of substitution data stored in the device for performing the F function of the conventional cipher;
an acquiring step for acquiring the input data that is subjected to the data conversion, the input data being (N×
M) bits long;
a subdata generating step for generating at least one set of N bit subdata from the input data acquired in the acquiring step;
a substituting step for receiving the at least one set of subdata generated in the subdata generating step, specifying one of the (2{circumflex over ( )}N) sets of substitution data in the storing device for each of the at least one set of subdata, and outputting at least one set of substitution data specified respectively for the at least one set of subdata;
a fixed conversion performing step for performing a plurality of different fixed conversions on the at least one set of substitution data outputted in the substituting step, to generate M sets of converted data that each have the predetermined number of bits; and
an output data generating step for generating the output data that is (N×
M) bits long, based on the M sets of converted data generated by the fixed conversion performing step.- View Dependent Claims (14, 15)
wherein the predetermined number is (N× - M),
wherein the subdata generating step includes a dividing substep for dividing the (N×
M)-bit input data into M sets of N-bit subdata,wherein the substituting step specifies M sets of (N×
M)-bit substitution data, among the (2{circumflex over ( )}N) sets of substitution data in the storing device, respectively for the M sets of subdata generated in the dividing substep, and outputs the specified M sets of substitution data,wherein the fixed conversion performing step performs M different fixed conversions respectively on the M sets of substitution data outputted by the substituting step, to generate the M sets of (N×
M)-bit converted data, andwherein the output data generating step performs a merge process on the M sets of converted data generated in the fixed conversion performing step to, generate the (N×
M)-bit output data.
- M), N being an integer no less than 2, and M being an integer no less than 2,
-
15. The storage medium of claim 13,
wherein the predetermined number is N, wherein the subdata generating step includes: -
a dividing substep for dividing the (N×
M)-bit input data into M sets of N-bit partial data; and
an input merging substep for performing a global merge process on the M sets of partial data to generate a set of N-bit subdata, wherein the substituting step specifies one of the (2{circumflex over ( )}N) sets of N-bit substitution data in the storing device for the set of subdata generated in the input merging substep, and outputs the specified set of substitution data, wherein the fixed conversion performing step performs M different fixed conversions separately on the set of substitution data outputted by the substituting step, to generate the M sets of N-bit converted data, and wherein the output data generating step includes;
an output merging substep for performing an individual merge process on each of the M sets of partial data and a different one of the M sets of converted data that corresponds to the set of partial data, to generate M sets of N-bit output merged data; and
a combining substep for combining the M sets of output merged data generated by the output merging substep, to generate the (N×
M)-bit output data.
-
Specification