INCREMENTAL MAC TAG GENERATION DEVICE, METHOD, AND PROGRAM, AND MESSAGE AUTHENTICATION DEVICE
First Claim
1. An incremental MAC tag generation device comprising:
- a padding unit configured to input a final block of a plaintext (M) that has been divided into a plurality of blocks, and carry out padding on the final block of the plaintext (M) when a length of the final block of the plaintext (M) is less than a predetermined number of bits;
a cache reference parallel encryption unit configured to input blocks of the plaintext (M) other than the final block, a cached plaintext (M′
), and an intermediate variable (S′
) obtained by encrypting the plaintext (M′
), and calculate an intermediate variable (S);
a scrambled hash unit configured to carry out scrambling processing on the intermediate variable (S), and calculate a hash value (V) by performing exclusive OR (XOR) on respective blocks of the scrambled intermediate variable (S) and the final block of the plaintext (M) output from the padding unit; and
a tag generation unit configured to calculate a tag by encrypting the hash value (V) by using a parameter to indicate the presence or absence of the padding by the padding unit,wherein the cache reference parallel encryption unit compares the blocks of the plaintext (M) other than the final block with respective blocks of the plaintext (M′
),when there exists a block of the plaintext (M′
) matched with a block of the plaintext (M), the cache reference parallel encryption unit uses a block of the intermediate variable (S′
) corresponding to the block of the plaintext (M′
) in the intermediate variable (S), andwhen there exists no block of the plaintext (M′
) matched with a block of the plaintext (M), the cache reference parallel encryption unit encrypts the block of the plaintext (M) and uses the encrypted block of the plaintext (M) in the intermediate variable (S).
1 Assignment
0 Petitions
Accused Products
Abstract
Provided is an incremental MAC tag generation device that enables incremental tag calculations that can support the editing of all block units, without losing the efficiency of normal tag calculations. A padding unit (11) carries out padding on a final block of a plaintext (M) that has been divided into a plurality of blocks. A cache reference parallel encryption unit (12) inputs blocks of the plaintext (M) other than the final block, a cached plaintext (M′), and an intermediate variable (S′) obtained by encrypting the plaintext (M′), and calculates an intermediate variable (S). A scrambled hash unit (13) carries out scrambling processing and calculates a hash value V. A tag generation unit (14) encrypts the hash value V and calculates a tag.
20 Citations
10 Claims
-
1. An incremental MAC tag generation device comprising:
-
a padding unit configured to input a final block of a plaintext (M) that has been divided into a plurality of blocks, and carry out padding on the final block of the plaintext (M) when a length of the final block of the plaintext (M) is less than a predetermined number of bits; a cache reference parallel encryption unit configured to input blocks of the plaintext (M) other than the final block, a cached plaintext (M′
), and an intermediate variable (S′
) obtained by encrypting the plaintext (M′
), and calculate an intermediate variable (S);a scrambled hash unit configured to carry out scrambling processing on the intermediate variable (S), and calculate a hash value (V) by performing exclusive OR (XOR) on respective blocks of the scrambled intermediate variable (S) and the final block of the plaintext (M) output from the padding unit; and a tag generation unit configured to calculate a tag by encrypting the hash value (V) by using a parameter to indicate the presence or absence of the padding by the padding unit, wherein the cache reference parallel encryption unit compares the blocks of the plaintext (M) other than the final block with respective blocks of the plaintext (M′
),when there exists a block of the plaintext (M′
) matched with a block of the plaintext (M), the cache reference parallel encryption unit uses a block of the intermediate variable (S′
) corresponding to the block of the plaintext (M′
) in the intermediate variable (S), andwhen there exists no block of the plaintext (M′
) matched with a block of the plaintext (M), the cache reference parallel encryption unit encrypts the block of the plaintext (M) and uses the encrypted block of the plaintext (M) in the intermediate variable (S). - View Dependent Claims (2, 3, 4, 5, 8, 9, 10)
-
-
6. An incremental MAC tag generation method comprising:
-
inputting a final block of a plaintext (M) that has been divided into a plurality of blocks, and carrying out padding on the final block of the plaintext (M) when a length of the final block of the plaintext (M) is less than a predetermined number of bits; inputting blocks of the plaintext (M) other than the final block, a cached plaintext (M′
), and an intermediate variable (S) obtained by encrypting the plaintext (M′
);comparing the blocks of the plaintext (M) other than the final block with respective blocks of the plaintext (M′
);when there exists a block of the plaintext (M′
) matched with a block of the plaintext (M), using a block of the intermediate variable (S′
) corresponding to the block of the plaintext (M′
) in the intermediate variable (S);when there exists no block of the plaintext (M′
) matched with a block of the plaintext (M), calculating the intermediate variable (S) by encrypting the block of the plaintext (M);performing scrambling processing on the intermediate variable (S), and calculating a hash value (V) by performing exclusive OR (XOR) on respective blocks of the scrambled intermediate variable (S) and the final block of the plaintext (M); and calculating a tag by encrypting the hash value (V) by using a parameter to indicate the presence or absence of padding.
-
-
7. A non-transitory computer readable information recording medium storing an incremental MAC tag generation program that, when executed by a processor, performs a method for:
-
inputting a final block of a plaintext (M) that has been divided into a plurality of blocks, and carrying out padding on the final block of the plaintext (M) when a length of the final block of the plaintext (M) is less than a predetermined number of bits; inputting blocks of the plaintext (M) other than the final block, a cached plaintext (M′
), and an intermediate variable (S′
) obtained by encrypting the plaintext (M′
);comparing the blocks of the plaintext (M) other than the final block with respective blocks of the plaintext (M′
);when there exists a block of the cached plaintext (M′
) matched with a block of the plaintext (M), using a block of the intermediate variable (S′
) corresponding to the block of the cached plaintext (M) in the intermediate variable (S);when there exists no block of the plaintext (M′
) matched with a block of the plaintext (M), calculating the intermediate variable (S) by encrypting the block of the plaintext (M);performing scrambling processing on the intermediate variable (S), and calculating a hash value (V) by performing exclusive OR (XOR) on respective blocks of the scrambled intermediate variable (S) and the final block of the plaintext (M); and calculating a tag by encrypting the hash value (V) by using a parameter to indicate the presence or absence of padding.
-
Specification