JP2012235287A - Encryption device of stream cipher, decryption device of stream cipher, encryption method of stream cipher, decryption method of stream cipher, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an encryption device of stream cipher, a decryption device of stream cipher, an encryption method of stream cipher, a decryption method of stream cipher and a program that implement secure and efficient authentication.SOLUTION: An initial key and an initial vector are read in, and an initialization process is performed. A key sequence generation process is next performed to generate a key sequence, an exclusive OR operation is executed on the generated key sequence and a plaintext to generate a ciphertext, and the generated ciphertext is sequentially input into two divided message authenticator creating memories and a circulation is performed with the plaintext all at zero after the input of the plaintext. After the circulation, values of the two divided message authenticator memories are combined into a message authenticator, and the message authenticator is attached to the ciphertext to be output.

Description

  The present invention relates to a stream cipher encryption apparatus, a stream cipher decryption apparatus, a stream cipher encryption method, a stream cipher decryption method, and a program capable of realizing secure and efficient authentication.

  In recent years, various services using computers have been provided. In many services, encryption is used to conceal communication. The most common encryption method is a common key encryption method that performs encryption / decryption with a single key, but the common key encryption method is roughly divided into a block encryption method and a stream encryption method.

  The former is the method that is most commonly used, but the latter has been attracting attention in recent years because it is superior in processing speed. On the other hand, there is a method called authenticated encryption. This is an algorithm for simultaneously realizing message authentication and encryption with one algorithm (see, for example, Non-Patent Document 1).

Philip Hawkes, Cameron McDonald, Michael Paddon, Gregory G. Rose, and Miriam Wiggers de Vries, “Specification for NL Sv. 4986, 2008.

  However, until now, it has been necessary to redesign the algorithm in order to make the stream cipher an authenticated cipher. Or, it was necessary to consider incorporating an authentication function from the design stage. Furthermore, almost all of the authenticated stream cipher is broken by an attack, and there is almost no secure stream cipher with authentication.

  Therefore, the present invention has been made in view of the above-described problems, and a stream cipher encryption apparatus, a stream cipher decryption apparatus, a stream cipher encryption method, a stream, and a stream cipher capable of realizing secure and efficient authentication. It is an object of the present invention to provide an encryption decryption method and program.

  The present invention proposes the following matters in order to solve the above problems. In addition, in order to make an understanding easy, although the code | symbol corresponding to embodiment of this invention is attached | subjected and demonstrated, it is not limited to this.

  (1) The present invention is a linear feedback register (for example, equivalent to the linear feedback register 200 of FIG. 1) and a feedback function for feeding back data input to the linear feedback register (for example, equivalent to the feedback function 100 of FIG. 1). A dynamic feedback register that divides data into two (e.g., equivalent to the dynamic feedback registers 400 and 500 in FIG. 1) and a dynamic feedback that feeds back data to the final register of the two divided dynamic feedback registers A non-linear conversion means (for example, FIG. 1) that non-linearly converts a function (e.g., equivalent to the dynamic feedback register 300 of FIG. 1), input data from the two dynamic feedback registers, and input data of the linear feedback register. Nonlinear transformation And an exclusive OR calculator (for example, an exclusive OR calculator 760 in FIG. 1) that performs an exclusive OR operation between the output data of the nonlinear function and the input plaintext and outputs a ciphertext. , And a stream cipher encryption device characterized by comprising the following:

  According to the present invention, an encryption apparatus for a stream cipher includes a linear feedback register, a feedback function for feeding back data input to the linear feedback register, a dynamic feedback register divided into two, and two divided A dynamic feedback function that feeds back data to the final register of the dynamic feedback register, a nonlinear conversion means that nonlinearly converts input data from the two dynamic feedback registers and input data of the linear feedback register, and output data of the nonlinear function And an exclusive OR calculator that performs an exclusive OR operation on the input plaintext and outputs a ciphertext. In other words, with the above-described configuration, it is possible to realize high-speed encryption processing while improving safety as compared with the prior art.

  (2) According to the present invention, in the stream cipher encryption device according to (1), the non-linear conversion means stores four internal memories (for example, the internal memories L1, L2, R1, and R2 in FIG. 2) in an internal state. And a stream cipher encryption device having a connection structure through a non-linear function unit (for example, corresponding to the non-linear functions 620a, 620b, 620c, and 620d in FIG. 2) between the four internal memories. is suggesting.

  According to this invention, the non-linear conversion means has four internal memories as internal states and has a connection structure between the four internal memories via the non-linear function unit. In other words, the safety can be increased synergistically by adopting such a configuration of the nonlinear conversion means.

  (3) In the stream cipher encryption apparatus according to (1), the present invention outputs the ciphertext output by the nonlinear conversion means to the dynamic feedback function and the final register of one of the divided dynamic feedback registers. A stream cipher encryption device characterized by this is proposed.

  According to the present invention, the ciphertext output by the nonlinear conversion means is output to the dynamic feedback function and the final register of one of the divided dynamic feedback registers. That is, security can be improved by dividing the dynamic feedback register and providing a distance between the registers for inputting the ciphertext.

  (4) According to the present invention, for the stream cipher encryption device of (1), after executing the encryption process, plain text with all data set to “0” is input and the emptying process is executed a specified number of times. A stream cipher encryption device that is characterized is proposed.

  According to this invention, after executing the encryption process, plain text with all data set to “0” is input and the emptying process is executed a specified number of times. In other words, by executing this processing, a message authenticator can be created, so that a secure stream cipher with authentication can be generated.

  (5) The present invention relates to the stream cipher encryption apparatus according to (4), wherein a key sequence having a specified bit length is output as a message authenticator after the emptying process. A device is proposed.

  According to the present invention, a key sequence having a specified bit length is output as a message authenticator after the idle rotation process. In other words, a secure stream cipher with authentication can be generated by combining an output message authenticator and ciphertext to generate an output result.

  (6) The present invention is a stream cipher decrypting device that decrypts ciphertext generated by the stream cipher encrypting device of (1) to (5), and is a linear feedback register (for example, linear in FIG. 4). Feedback register 200), a feedback function that feeds back data input to the linear feedback register (eg, equivalent to the feedback function 100 of FIG. 4), and a dynamic feedback register divided into two (eg, FIG. 4). Dynamic feedback registers 400 and 500), a dynamic feedback function that feeds back data to the final register of the two divided dynamic feedback registers (for example, equivalent to the dynamic feedback register 300 of FIG. 4), From the two dynamic feedback registers Exclusive-OR of non-linear conversion means (for example, equivalent to the non-linear conversion unit 600 in FIG. 4) and non-linear function output data and input ciphertext A stream cipher decryption device characterized by comprising an exclusive OR calculator (for example, equivalent to the exclusive OR calculators 760 and 770 in FIG. 4) that performs an operation and outputs a plaintext. ing.

  According to the present invention, a decryption apparatus for a stream cipher includes a linear feedback register, a feedback function for feeding back data input to the linear feedback register, a dynamic feedback register divided into two, and two divided A dynamic feedback function that feeds back data to the final register of the dynamic feedback register, a nonlinear conversion means that nonlinearly converts input data from the two dynamic feedback registers and input data of the linear feedback register, and output data of the nonlinear function And an exclusive OR calculator that performs an exclusive OR operation on the input ciphertext and outputs a plaintext. That is, with the above-described configuration, it is possible to realize high-speed decoding processing while improving safety as compared with the prior art.

  (7) The present invention relates to the stream cipher decryption device of (6), wherein the non-linear conversion means stores four internal memories (for example, corresponding to the internal memories L1, L2, R1, and R2 in FIG. 5) in an internal state. And a stream cipher encryption device having a connection structure via a non-linear function unit (for example, corresponding to the non-linear functions 620a, 620b, 620c, and 620d in FIG. 5) between the four internal memories. is suggesting.

  According to this invention, the non-linear conversion means has four internal memories as internal states and has a connection structure between the four internal memories via the non-linear function unit. In other words, the safety can be increased synergistically by adopting such a configuration of the nonlinear conversion means.

  (8) In the stream cipher decryption device according to (6), the present invention outputs the plaintext output by the nonlinear conversion means to the dynamic feedback function and the final register of one of the divided dynamic feedback registers. Has been proposed.

  According to the present invention, the plain text output by the nonlinear conversion means is output to the dynamic feedback function and the final register of one of the divided dynamic feedback registers. In other words, the safety can be improved by dividing the dynamic feedback register and providing a distance between the registers for inputting plaintext.

  (9) According to the stream cipher decrypting device of (6), after executing the decrypting process, the ciphertext with all data set to “0” is input and the emptying process is executed a specified number of times. Has been proposed.

  According to the present invention, after executing the decryption process, plain text with all data set to “0” is input and the emptying process is executed a specified number of times. That is, by executing this process, a message authenticator can be created, so that a secure plaintext with authentication can be generated.

  (10) The present invention relates to the stream cipher decryption apparatus according to (9), wherein a key sequence having a specified bit length is output as a message authenticator after the emptying process. A device is proposed.

  According to the present invention, a key sequence having a specified bit length is output as a message authenticator after the idle rotation process. That is, by comparing the message authenticator combined with the transmitted ciphertext and the generated message authenticator, it is possible to verify whether or not they match.

  (11) In the present invention, a first step for reading an initial key and an initial vector (for example, equivalent to step S101 in FIG. 3) and a second step for performing an initialization process (for example, in step S102 in FIG. 3) Equivalent), a third step (for example, equivalent to step S103 in FIG. 3) for generating a key sequence by executing key sequence generation processing, and performing an exclusive OR operation between the generated key sequence and plaintext To generate a ciphertext, for example (corresponding to step S104 in FIG. 3), and sequentially input the generated ciphertext to the dynamic feedback function and the final register of one of the divided dynamic feedback registers. Even after the input of the plaintext is completed, the fifth step (for example, corresponding to step S105 in FIG. 3) for executing the blanking with the plaintext set to all zeros and the blanking completion. In addition, a sixth step (for example, corresponding to step S106 in FIG. 3) for generating a key sequence having a specified bit length and outputting it as a message authenticator, and outputting the message authenticator attached to the ciphertext are output. (For example, corresponding to step S107 in FIG. 3).

  According to the present invention, the initial key and the initial vector are read and the initialization process is performed. Next, a key sequence generation process is executed, a key sequence is generated, a ciphertext is generated by executing an exclusive OR operation between the generated key sequence and plaintext, and the generated ciphertext is converted into a dynamic feedback function and After the input to the final register of one of the divided dynamic feedback registers is sequentially performed and the plaintext input is completed, the plaintext is set to all zeros and the idling is executed. Then, after completion of idling, a key sequence having a specified bit length is generated and output as a message authenticator, and the message authenticator is attached to the ciphertext and output. That is, by performing the above-described processing, it is possible to realize high-speed encryption processing while improving safety as compared with the prior art. Further, by combining the message authenticator to be output and the ciphertext to generate an output result, a secure stream cipher with authentication can be generated.

  (12) The present invention is a stream cipher decryption method for decrypting ciphertext encrypted by the stream cipher encryption method of (11), and includes a first step of reading an initial key and an initial vector (for example, , Corresponding to step S201 in FIG. 6), a second step for executing initialization processing (for example, corresponding to step S202 in FIG. 6), a key sequence generation process, and a third sequence for generating a key sequence A step (for example, corresponding to step S203 in FIG. 6), a fourth step for receiving the ciphertext and the message authenticator (for example, corresponding to step S204 in FIG. 6), the generated key sequence and the received encryption A fifth step (for example, equivalent to step S205 in FIG. 6) for generating a plaintext by executing an exclusive OR operation with the sentence, and two messages obtained by dividing the generated plaintext A sixth step (for example, corresponding to step S206 in FIG. 6) of executing the idling with the ciphertext set to all zeroes after the ciphertext input is completed after being sequentially input to the memory for creating a certificate. After completing the idling, a seventh step (for example, corresponding to step S207 in FIG. 6) that combines the two divided message authenticator values to form a message authenticator, and converts the message authenticator into plaintext. A seventh step of attaching and outputting, and an eighth step of verifying whether or not the output message authenticator matches the received message authenticator (for example, corresponding to step S208 in FIG. 6) And a stream cipher decryption method characterized by comprising:

  According to the present invention, the initial key and the initial vector are read and the initialization process is performed. Next, a key sequence generation process is executed, a key sequence is generated, a plaintext is generated by executing an exclusive OR operation between the generated key sequence and ciphertext, and two message authentications obtained by dividing the generated plaintext Even after the ciphertext input is completed, the ciphertext is set to all zeros, and the ciphertext is circulated. Then, after completing the idling, the two divided values for the message authenticator memory are combined to form a message authenticator, and the message authenticator is attached to the plaintext and output. That is, by performing the above-described processing, it is possible to realize a high-speed decoding process while improving the safety as compared with the prior art. Further, by comparing the message authenticator combined with the transmitted ciphertext and the generated message authenticator, it is possible to verify whether or not they match.

  (13) In the present invention, a first step (for example, corresponding to step S101 in FIG. 3) for reading an initial key and an initial vector and a second step for performing initialization processing (for example, in step S102 in FIG. 3) Equivalent), a third step (for example, equivalent to step S103 in FIG. 3) for generating a key sequence by executing key sequence generation processing, and performing an exclusive OR operation between the generated key sequence and plaintext To generate a ciphertext, for example (corresponding to step S104 in FIG. 3), and sequentially input the generated ciphertext to the dynamic feedback function and the final register of one of the divided dynamic feedback registers. Even after the input of the plaintext is completed, the fifth step (for example, corresponding to step S105 in FIG. 3) for executing the blanking with the plaintext set to all zeros and the blanking completion. In addition, a sixth step (for example, corresponding to step S106 in FIG. 3) for generating a key sequence having a specified bit length and outputting it as a message authenticator, and outputting the message authenticator attached to the ciphertext are output. (For example, corresponding to step S107 in FIG. 3).

  According to the present invention, the initial key and the initial vector are read and the initialization process is performed. Next, a key sequence generation process is executed, a key sequence is generated, a ciphertext is generated by executing an exclusive OR operation between the generated key sequence and plaintext, and the generated ciphertext is converted into a dynamic feedback function and After the input to the final register of one of the divided dynamic feedback registers is sequentially performed and the plaintext input is completed, the plaintext is set to all zeros and the idling is executed. Then, after completion of idling, a key sequence having a specified bit length is generated and output as a message authenticator, and the message authenticator is attached to the ciphertext and output. That is, by performing the above-described processing, it is possible to realize high-speed encryption processing while improving safety as compared with the prior art. Further, by combining the message authenticator to be output and the ciphertext to generate an output result, a secure stream cipher with authentication can be generated.

  (14) The present invention is a program for decrypting a ciphertext encrypted by the program according to the thirteenth aspect, and includes a first step of reading an initial key and an initial vector (for example, in step S201 in FIG. 6). Equivalent), a second step (for example, equivalent to step S202 in FIG. 6) for executing the initialization process, and a third step (for example, in FIG. 6) for generating the key series by executing the key series generation process. 4) (equivalent to step S203), a fourth step of receiving the ciphertext and the message authenticator (for example, equivalent to step S204 of FIG. 6), and the exclusive OR of the generated key sequence and the received ciphertext. A fifth step (for example, corresponding to step S205 in FIG. 6) for generating plaintext by executing an operation, and a dynamic feedback function and one motion obtained by dividing the generated plaintext. A fifth step (for example, corresponding to step S206 in FIG. 6) of performing the idling with the ciphertext set to all zeros after the ciphertext input is completed after being sequentially input to the final register of the feedback register, and the idling After completion, a seventh step (for example, corresponding to step S207 in FIG. 6) for generating a key sequence having a specified bit length and outputting it as a message authenticator, and outputting the message authenticator attached to plaintext is output. And an eighth step (for example, corresponding to step S208 in FIG. 6) for verifying whether or not the output message authenticator matches the received message authenticator. A program for this is proposed.

  According to the present invention, the initial key and the initial vector are read and the initialization process is performed. Next, after executing key sequence generation processing, generating a key sequence, sequentially inputting the generated plaintext into the dynamic feedback function and the final register of one of the divided dynamic feedback registers, and after the ciphertext input is completed Then, the ciphertext is all-zeroed, and the idling is executed. After the idling is completed, a key sequence having a specified bit length is generated and output as the message authenticator, and the message authenticator is attached to the plaintext and output. That is, by performing the above-described processing, it is possible to realize a high-speed decoding process while improving the safety as compared with the prior art. Further, by comparing the message authenticator combined with the transmitted ciphertext and the generated message authenticator, it is possible to verify whether or not they match.

  According to the present invention, it is possible to generate a stream cipher with authentication that is safe and efficient. Also, there is an effect that safe and efficient processing can be realized in the decoding processing.

It is a figure which shows schematic structure of the encryption apparatus of the stream encryption which concerns on the 1st Embodiment of this invention. It is a figure which shows the specific structure of the encryption apparatus of the stream encryption which concerns on the 1st Embodiment of this invention. It is a figure which shows the specific process of the encryption apparatus of the stream encryption which concerns on the 1st Embodiment of this invention. It is a figure which shows schematic structure of the decoding apparatus of the stream encryption which concerns on the 2nd Embodiment of this invention. It is a figure which shows the specific structure of the decoding apparatus of the stream encryption which concerns on the 2nd Embodiment of this invention. It is a figure which shows the specific process of the decoding apparatus of the stream encryption which concerns on the 2nd Embodiment of this invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
Note that the constituent elements in the present embodiment can be appropriately replaced with existing constituent elements and the like, and various variations including combinations with other existing constituent elements are possible. Therefore, the description of the present embodiment does not limit the contents of the invention described in the claims.

  A stream cipher encryption apparatus and decryption apparatus according to the present invention will be described with reference to FIGS.

<First Embodiment>
A stream cipher encryption apparatus according to this embodiment will be described with reference to FIGS. 1 to 3.

<Schematic configuration of encryption device for stream cipher>
As shown in FIG. 1, the stream cipher encryption apparatus according to the present embodiment includes a feedback function 100, a linear feedback shift register 200, a dynamic feedback function 300, a dynamic feedback register A 400, and a dynamic feedback register. B500, the nonlinear transformation part 600, the nonlinear function (Msub) 710,720, and the exclusive OR calculators 730,740,750 are comprised.

  The linear feedback shift register 200 is a shift register that applies feedback to each cell of the register. The feedback function 100 performs arithmetic processing on the data acquired from the linear feedback shift register 200, and controls whether or not the data after the arithmetic processing is fed back to the final register of the linear feedback shift register 200 based on the operation result.

  The dynamic feedback register A 400 and the dynamic feedback register B 500 are linear feedback shift registers whose structures dynamically change according to the processing result of the dynamic feedback function 300. Therefore, encryption processing and authentication code derivation can be performed more securely. In the present embodiment, the dynamic feedback register is divided into two parts, and the ciphertext is divided into a dynamic feedback function and the final one of the divided dynamic feedback register A400 and dynamic feedback register B500. Output to register. That is, security can be improved by dividing the dynamic feedback register and providing a distance between the registers for inputting the ciphertext.

  The non-linear conversion unit 600 performs non-linear conversion processing on data input from the linear shift register 200, the dynamic feedback register A 400, and the dynamic feedback register B 500.

  The non-linear function (Msub) 710 sequentially performs AES cipher mix column processing, S-box processing, and mix column processing on the output from the dynamic feedback function 300, and outputs the processing result to the final value of the dynamic feedback register A 400. Output to register. The non-linear function (Msub) 720 uses the value of the output register of the dynamic feedback register A 400 and the ciphertext output from the non-linear conversion unit 600 in the exclusive OR calculator 730 to calculate the AES cipher Mix. Column processing, S-Box processing, and Mix Column processing are performed in order, and the processing result is output to the final register of the dynamic feedback register B500.

  The exclusive OR calculators 740 and 750 perform an exclusive OR operation on the output from the non-linear conversion unit 600 and the plaintext to generate a ciphertext. After the encryption process is completed, the plaintext value is set to all “0” and emptying is executed a specified number of times. After emptying, a key sequence having a specified bit length is output and used as a message authenticator. Further, the generated ciphertext and the message authenticator are combined to obtain a final output.

<Specific Configuration of Stream Cipher Encryption Device>
As shown in FIG. 2, the feedback function 100 includes a plurality of exclusive OR calculators. The dynamic feedback function 300 is composed of a plurality of exclusive OR calculators and adders. In the case of FIG. 2, the dynamic feedback function 300 is based on 4-bit data in the second register of the linear feedback shift register 200. In the feedback processing, it is controlled whether an adder or an exclusive OR calculator is selected. By performing such control, the safety of the entire stream encryption apparatus can be improved.

  The non-linear conversion unit 600 is exclusive of internal memories 610a, 610b, 610c, 610d, and 610e, non-linear functions (Sub) 620a, 620b, 620c, 620d, and 620e, and adders 630a, 630b, 630c, 630d, and 630e. The logical sum calculator 640a, 640b.

  The adder 630a is connected to the dynamic feedback shift register A400 and the internal memory L2, adds the value of the internal memory L2 and the output value from the dynamic feedback shift register A400, and outputs the result to the nonlinear function 620b. .

  The adder 630b is connected to the dynamic feedback shift register B500 and the internal memory R2, adds the value of the internal memory R2 and the output value from the dynamic feedback shift register B500, and outputs the result to the nonlinear function 620c. . The non-linear functions (Sub) 620a, 620b, 620c, 620d, and 620e perform S-Box processing and Mix Column processing of AES encryption in order, and processing results are stored in the internal memories 610a, 610b, 610c, 610d, and 610e. Output.

  The adder 630c is connected to the internal memory (L2) 610c and the internal memory (L1) 610a, and adds the internal memory (L2) 610c and the internal memory (L1) 610a to obtain an exclusive OR calculator. Output to 640a.

  The adder 630d is connected to the internal memory (R2) 610d and the internal memory (R1) 610b, and adds the internal memory (R2) 610d and the internal memory (R1) 610b to obtain an exclusive OR calculator. Output to 640b.

  The internal memory (L1) 610a stores the output value of the nonlinear function 620c, the internal memory (R1) 610b stores the output value of the nonlinear function 620c, and the internal memory (L2) 610c stores the output value of the nonlinear function 620a. The internal memory (R2) 610d stores the output value of the nonlinear function 620d. As described above, by providing four internal memories as internal states and connecting the four internal memories via a non-linear function unit, safety can be increased synergistically.

  The exclusive OR calculator 640a performs an exclusive OR operation on the output value of the adder 630c and the output value of the linear feedback shift register 100, and outputs the calculation result to the exclusive OR calculator 740. The exclusive OR calculator 640 b performs an exclusive OR operation on the output value of the adder 630 d and the value from the linear feedback shift register 100 and outputs the calculation result to the exclusive OR calculator 750.

<Processing of encryption device for stream cipher>
With reference to FIG. 3, the processing of the encryption device for stream encryption according to the present embodiment will be described.

  First, an initial key and an initial vector are read (step S101), and an initialization process is performed (step S102). Next, key sequence generation processing is executed to generate a key sequence (step S103). A ciphertext is generated by exclusive ORing the generated key sequence and plaintext (step S104).

  Further, the generated ciphertext is sequentially input to the dynamic feedback function and the final register of one of the divided dynamic feedback registers, and even after the plaintext input is completed, the plaintext is all-zeroed (step S105). After the idle rotation, a key sequence having a specified bit length is generated and used as a message authenticator (step S106). Then, the message authenticator is attached to the ciphertext and transmitted (step S107).

  As described above, according to the present embodiment, it is possible to realize high-speed encryption processing while improving safety as compared with the prior art. Further, by combining the message authenticator to be output and the ciphertext to generate an output result, a secure stream cipher with authentication can be generated.

<Second Embodiment>
The stream cipher decryption apparatus according to this embodiment will be described with reference to FIGS. The stream cipher decryption apparatus according to the present embodiment decrypts the data encrypted in the first embodiment.

<Schematic Configuration of Decryption Device for Stream Cipher>
As shown in FIG. 4, the stream cipher decryption apparatus according to the present embodiment includes a feedback function 100, a linear feedback shift register 200, a dynamic feedback function 300, a dynamic feedback register A 400, and a dynamic feedback register. B500, the nonlinear transformation part 600, the nonlinear function (Msub) 710,720, and the exclusive OR calculators 730,740,750 are comprised. In addition, since the component which attaches | subjects the same code | symbol as 1st Embodiment has the same function, the detailed description is abbreviate | omitted.

<Processing of Decryption Device for Stream Cipher>
With reference to FIG. 6, the processing of the stream cipher encryption apparatus according to this embodiment will be described.

  First, an initial key and an initial vector are read (step S201), and an initialization process is performed (step S202). Next, a key sequence generation process is executed to generate a key sequence (step S203), and a ciphertext and a message authenticator are received (step S204). Next, a plaintext is generated by exclusive ORing the generated key sequence and the ciphertext (step S205).

  Further, the generated plaintext is sequentially input to the dynamic feedback function and the final register of one of the divided dynamic feedback registers, and the ciphertext is all-zeroed after the ciphertext input is completed (step S206). ) After the idling, a key sequence having a specified bit length is generated and output as a message authenticator (step S207). Then, the received message authenticator is collated with the generated message authenticator (step S208).

  As described above, according to the present embodiment, it is possible to realize a high-speed decoding process while improving the safety as compared with the prior art. Further, by comparing the message authenticator combined with the transmitted ciphertext and the generated message authenticator, it is possible to verify whether or not they match.

  The processing of the stream cipher encryptor or the stream cipher decryptor is recorded on a computer-readable recording medium, and the program recorded on the recording medium is read by the stream cipher encryptor or the stream cipher decryptor. By executing this, the stream cipher encryptor or the stream cipher decryptor of the present invention can be realized. The computer system here includes an OS and hardware such as peripheral devices.

  Further, the “computer system” includes a homepage providing environment (or display environment) if a WWW (World Wide Web) system is used. The program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.

  The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.

  The embodiments of the present invention have been described in detail with reference to the drawings. However, the specific configuration is not limited to the embodiments, and includes designs and the like that do not depart from the gist of the present invention.

100; feedback function 200; linear feedback shift register 300; dynamic feedback function 400; dynamic feedback register A
500; Dynamic feedback register B
600: Non-linear conversion unit 610a; Internal memory 610b; Internal memory 610c; Internal memory 610d; Internal memory 610e; Internal memory 620a; Non-linear function (Sub)
620b; Nonlinear function (Sub)
620c; nonlinear function (Sub)
620d; nonlinear function (Sub)
620e; nonlinear function (Sub)
603a; adder 603b; adder 603c; adder 603d; adder 603e; adder 640a; exclusive OR calculator 640b; exclusive OR calculator 710; nonlinear function (Msub)
720: nonlinear function (Msub)
730; exclusive OR operator 740; exclusive OR operator 750; exclusive OR operator

Claims (14)

A linear feedback register;
A feedback function for feeding back data input to the linear feedback register;
A dynamic feedback register divided into two;
A dynamic feedback function that feeds back data to the final register of two divided dynamic feedback registers;
Nonlinear conversion means for nonlinearly converting input data from the two dynamic feedback registers and input data of the linear feedback register;
An exclusive OR calculator that performs an exclusive OR operation between the output data of the nonlinear function and the input plaintext and outputs a ciphertext;
A stream cipher encryption apparatus comprising:   2. The stream cipher encryption apparatus according to claim 1, wherein the non-linear conversion means includes four internal memories as internal states and has a connection structure between the four internal memories via a non-linear function unit. .   2. The stream cipher encryption apparatus according to claim 1, wherein the ciphertext output by the nonlinear conversion means is output to the dynamic feedback function and a final register of one of the divided dynamic feedback registers.   2. The stream cipher encryption apparatus according to claim 1, wherein after the encryption process is executed, plain text with all data set to “0” is input and the empty rotation process is executed a specified number of times.   5. The stream cipher encryption apparatus according to claim 4, wherein a key sequence having a specified bit length is output as a message authenticator after the empty rotation processing. A stream cipher decrypting device for decrypting a ciphertext generated by the stream cipher encrypting device according to claim 1,
A linear feedback register;
A feedback function for feeding back data input to the linear feedback register;
A dynamic feedback register divided into two;
A dynamic feedback function that feeds back data to the final register of two divided dynamic feedback registers;
Nonlinear conversion means for nonlinearly converting input data from the two dynamic feedback registers and input data of the linear feedback register;
An exclusive OR calculator that performs an exclusive OR operation between the output data of the nonlinear function and the input ciphertext, and outputs a plaintext;
An apparatus for decrypting a stream cipher, comprising:   7. The apparatus for decrypting a stream cipher according to claim 6, wherein the non-linear conversion means includes four internal memories as internal states and has a connection structure between the four internal memories via a non-linear function unit. .   7. The stream cipher decryption apparatus according to claim 6, wherein the plaintext output by the nonlinear conversion means is output to the dynamic feedback function and a final register of one of the divided dynamic feedback registers.   7. The stream cipher encryption apparatus according to claim 6, wherein after the decryption process is executed, a ciphertext in which all data is set to “0” is input, and the emptying process is executed a specified number of times.   10. The stream cipher decryption apparatus according to claim 9, wherein a key sequence having a specified bit length is output as a message authenticator after the empty rotation processing. A first step of reading an initial key and an initial vector;
A second step of performing an initialization process;
Executing a key sequence generation process to generate a key sequence;
A fourth step of generating a ciphertext by performing an exclusive OR operation between the generated key sequence and plaintext;
A fifth step of sequentially inputting the generated ciphertext into the two divided message authenticator creation memories, and executing emptying with the plaintext as all zeros after the input of the plaintext is completed,
A sixth step of combining the divided two message authenticator values into a message authenticator after completion of the idle rotation;
A seventh step of outputting the message authenticator attached to the ciphertext;
A stream cipher encryption method characterized by comprising: A stream cipher decryption method for decrypting ciphertext encrypted by the stream cipher encryption method according to claim 11,
A first step of reading an initial key and an initial vector;
A second step of performing an initialization process;
Executing a key sequence generation process to generate a key sequence;
A fourth step of receiving a ciphertext and a message authenticator;
A fifth step of generating plaintext by performing an exclusive OR operation between the generated key sequence and the received ciphertext;
Sixth step of sequentially inputting the generated plaintext into two divided message authenticator creation memories and executing emptying with the ciphertext set to all zeros after the input of the ciphertext is completed;
A seventh step of combining the divided two message authenticator values into a message authenticator after completion of the idle rotation;
An eighth step of outputting the message authenticator attached to plaintext;
An eighth step of verifying whether the output message authenticator and the received message authenticator match;
A method of decrypting a stream cipher, comprising: A first step of reading an initial key and an initial vector;
A second step of performing an initialization process;
Executing a key sequence generation process to generate a key sequence;
A fourth step of generating a ciphertext by performing an exclusive OR operation between the generated key sequence and plaintext;
A fifth step of sequentially inputting the generated ciphertext into the two divided message authenticator creation memories, and executing emptying with the plaintext as all zeros after the input of the plaintext is completed,
A sixth step of combining the divided two message authenticator values into a message authenticator after completion of the idle rotation;
A seventh step of outputting the message authenticator attached to the ciphertext;
A program that causes a computer to execute. A program for decrypting ciphertext encrypted by the program according to claim 13,
A first step of reading an initial key and an initial vector;
A second step of performing an initialization process;
Executing a key sequence generation process to generate a key sequence;
A fourth step of receiving a ciphertext and a message authenticator;
A fifth step of generating plaintext by performing an exclusive OR operation between the generated key sequence and the received ciphertext;
Sixth step of sequentially inputting the generated plaintext into two divided message authenticator creation memories and executing emptying with the ciphertext set to all zeros after the input of the ciphertext is completed;
A sixth step of combining the divided two message authenticator values into a message authenticator after completion of the idle rotation;
A seventh step of outputting the message authenticator attached to plaintext;
An eighth step of verifying whether the output message authenticator and the received message authenticator match;
A program that causes a computer to execute.

Images