As information-oriented societies progress, the demand for information security technologies to safely protect the information used continues to increase. One configuration element of information security technologies is encryption technology, and these encryption technologies are currently used in various products and systems.
There are many different encryption processing algorithms, and one basic example of such a technology is what is known as a shared key block cipher. There are two shared keys with the shared key block cipher, an encryption key and a decryption key. During encryption and decryption processing, multiple keys are generated from the shared keys and data transformation processing is repeatedly executed in units of block data sizes such as 64-bit, 128-bit, and 256-bit block units, for example.
The most common of these shared key block cipher algorithms known are the Data Encryption Standard (DES), which was the previous US standard, and the Advanced Encryption Standard (AES), which is the current US standard. Many other shared key block ciphers exist or have been proposed, including the CLEFIA shared key block cipher proposed by Sony Corporation in 2007.
This kind of shared key block cipher algorithm is mainly configured with an encryption processing part including a round function executing unit for repeatedly executing input data transformations and a key scheduling part for generating round keys applied to each round of the round function unit. The key scheduling part generates an expanded key with increased bit counts based on a master secret key (main key), and then generates round keys (secondary keys) applied for each round function unit of encryption processing part based on the generated expanded key.
A commonly known specific structure for executing this kind of algorithm repeatedly executes a round function that includes a linear conversion unit and a non-linear conversion unit. The most common of this kind of structure is the Feistel structure and the generalized Feistel structure, for example. The Feistel structure and the generalized Feistel structure converts plaintext into ciphertext by a simple repetition of a round function that includes an F function functioning as a data transformation function. The F function executes linear conversion processing and non-linear conversion processing. Further details disclosing encryption processing applying the Feistel structure may be found in NPL 1 and NPL 2, for example.
The non-linear conversion processing executed in the F function is performed, for example, applying a non-linear conversion function called an S-box. This S-box is a configuration element of block ciphers and hash functions, and is an extremely important function in determining security and implementation performance.
This S-box is required for a high level of security. However, there is a problem in which the circuit scale becomes significant in order to ensure a high level of security.