1. Field of the Invention
The present invention relates to an encryption strength evaluation support apparatus suited to evaluating the encryption strength of encryption device by using a statistical method and a mechanically readable recording medium recording an encryption strength evaluation support program.
2. Description of the Prior Art
Conventional techniques of evaluating the strength of encryption algorithm are roughly classified into those based on a specific decoding method and those based on statistical methods.
Examples of the encryption strength evaluation based on a specific decoding method are xe2x80x9cMethod and Apparatus for Evaluating Strength of Encryption Algorithmxe2x80x9d described in Japanese Unexamined Patent Publication No. 8-190344 and xe2x80x9cEncryption Performance Evaluation Apparatusxe2x80x9d described in Japanese Unexamined Patent Publication No. 9-160489 similar to the former patent. Either technique evaluates the strength of encryption algorithm in terms of strength against linear decoding for block encryption. That is, the former technique finds a linear approximate expression having a maximum deviation ratio obtainable from an encryption algorithm whose strength is to be evaluated. On the basis of the result of this search, the strength of encryption algorithm against linear decoding is evaluated. The latter technique attempts to improve the performance of evaluation by increasing linear correlation detection efficiency in linear decoding. Details of the linear decoding are described in Mitsuru Matsui (xe2x80x9cDES Encryption Linear Decoding method (1)xe2x80x9d, SCIS93-3C (January, 1993).
On the other hand, the conventional encryption strength evaluation based on statistical methods is described in, e.g., xe2x80x9cEncryption and Information; Securityxe2x80x9d (Mar. 29, 1990, Shokodo), xe2x80x9c2.5 Ciphertext Randomness Evaluation Indicesxe2x80x9d (pp. 49-56). That is, this technique evaluates the encryption strength by using numerical values such as the maximum value, mean value, and variance of the correlation between input land output data. This reference also describes discrimination between the strengths of a plurality of encryption algorithms by comparing these numerical values.
The encryption strength evaluation based on a specific decoding method depends upon the specific decoding method called linear decoding. Therefore, this technique cannot evaluate in principle the strength of encryption algorithm to which this decoding method is not applicable, and hence lacks versatility. In contrast, the method of evaluating encryption strength by using a statistical method is highly versatile because the method does not depend upon any specific decoding method.
Unfortunately, the conventional encryption strength evaluation technique based on a statistical method evaluates encryption strength by using numerical values such as the maximum value, mean value, and variance of the correlation between input and output data. Since these values are representative values of a large number of sample values, this technique cannot finely analyze the behavior of encryption conversion. In some instances, evaluation errors may take place.
The present invention has been made in consideration of the above situation and has as its object to provide an encryption strength evaluation support apparatus capable of evaluating encryption strength independent of any specific decoding method and finely analyzing the behavior of encryption conversion, and a mechanically readable recording medium recording an encryption strength evaluation support program.
It is another object of the present invention to provide an encryption strength evaluation support apparatus capable of easily analyzing the behavior of encryption conversion, and a mechanically readable recording medium recording an encryption strength evaluation support program.
To achieve the above objects, according to the first aspect of the present invention, there is provided an encryption strength evaluation support apparatus comprising statistical data sampling program executing means for statistically obtaining correlations between individual bits of input and output data of an encryption device to be evaluated, statistical result storage means for storing the bit correlations obtained by the statistical data sampling program executing means, and statistical result edit/output means for editing and outputting the bit correlations stored in the statistical result storage means in the form of a table or a two- or three-dimensional graph.
In this encryption strength evaluation support apparatus, the statistical data sampling program executing means statistically obtains correlations between individual bits of input and output data of an encryption device to be evaluated and stores the bit correlations in the statistical result storage means. The statistical result edit/output means edits and outputs the bit correlations stored in the statistical result storage means in the form of a table of a two- or three-dimensional graph. Accordingly, it is possible to evaluate encryption strength independently of any specific decoding method and finely and easily analyze the behavior of encryption conversion.
According to the present invention, there is provided an encryption strength evaluation support apparatus further comprising, in addition to the arrangement of the first aspect, evaluation object program forming means for forming an encryption program to be evaluated, wherein the statistical data sampling program executing means statistically obtains correlations between individual bits of input and output data of the evaluation object program formed by the evaluation object program forming means. This allows a single apparatus to design and evaluate an encryption algorithm and thereby improves the efficiency of development.
According to the present invention, there is provided an encryption strength evaluation support apparatus further comprising statistical program library means for holding, for each predetermined evaluation item, a statistical program for calculating data necessary to evaluate the evaluation item, and evaluation object data group generating means having evaluation object program forming means for forming an encryption program to be evaluated, evaluation condition setting means for setting evaluation conditions, and interface function setting means for setting an interface between the evaluation object program formed by the evaluation object program forming means and the statistical programs, the evaluation object data group generating means holding an evaluation object data group including the formed evaluation object program and the set evaluation conditions and interface, wherein the statistical data sampling program executing means comprises statistical data sampling program generating/activating (restarting) means for generating a statistical data sampling program for statistically obtaining correlations between individual bits of input and output data of the evaluation object program from the evaluation object data group and the statistical programs in the statistical program library means. This allows a single apparatus to design an encryption algorithm and evaluate the algorithm by using the statistical programs previously held in the statistical program library means, thereby improving the efficiency of developmental
According to the present invention, the statistical program library means comprises a basic function library of basic functions such as addition, subtraction, and logical operations, and statistical program library generating means for generating a statistical program to be added to a statistical program library by using the basic functions of the basic function library. This allows the user to freely form any statistical program and perform evaluation by using the program.
According to the present invention, the statistical data sampling program executing means comprises means for sequentially collecting statistical data for a plurality of evaluation items. Consequently, a plurality of evaluation items can be simultaneously evaluated.
According to the present invention, the statistical data sampling program executing means has a function of interrupting processing for an evaluation item currently being executed and processing the next evaluation item in accordance with an instruction from a user, and a function of restarting processing for the evaluation item interrupted in accordance with an instruction from the user.
The encryption strength evaluation support apparatus of the present invention achieves the following effects.
Encryption strength can be evaluated independently of any specific decoding method because statistical evaluation is performed on the basis of the correlation between input and output data of an encryption device. Therefore, even when the encryption algorithm is unknown, evaluation is possible if input and output data sequences of an encryption device are obtainable. To. evaluate strength by a known plaintext amount necessary to conventional evaluation, e.g., linear decoding, a linear approximate expression of an encryption algorithm must be obtained beforehand. However, if the encryption algorithm is unknown, evaluation is impossible. For example, the present invention can evaluate the strength of encryption device having tamper resistance, but cannot use an evaluation method that depends upon linear decoding.
The behavior of encryption conversion can be finely detected. This is because statistical data indicating the correlations between individual bits of input and output data of an encryption device to be evaluated is edited and output in the form of a table or the like, so details of the individual bit correlations can be known.
The behavior of encryption conversion can be easily detected. The reason for this is that statistical data indicating the correlations between individual bits of input and output data of an encryption device to be evaluated is edited and output in the form of a two- or three-dimensional graph, so the operator can intuitively recognize the data.
The encryption strengths of a plurality of encryption devices can be easily compared. This reason is that statistical data indicating the correlations between individual bits of input and output data of a plurality of encryption devices are edited and compared in the form of the same table or graph, so the operator can compare details of the behaviors of these encryption devices.
An encryption device can be efficiently designed for reasons explained below. That is, in the process of designing an encryption algorithm, the behaviors of the encryption algorithm before and after correction can be easily analyzed, and relative strength comparison is easy to perform. Additionally, the evaluation object program forming means can perform processes from correction to evaluation of a program as a series of operations.
The above and many other objects, features and advantages of the present invention will become manifest to those skilled in the art upon making reference to the following detailed description and accompanying drawings in which preferred embodiments incorporating the principles of the present invention are shown by. way of illustrative examples.