The present invention relates to a cipher processing apparatus, in particular, to a small-sized cipher processing apparatus installed in an IC (Integrated Circuit) card and so on.
For a conventional related art of the invention, DES (Data Encryption Standard) of U.S. commercially used cipher, which is a block cipher of secret key (common key) cryptosystem, will be explained.
A detail of DES processing is described in Hans Eberl xe2x80x9cA High-speed DES implementation for Network Applicationsxe2x80x9d, Advances in Cryptologyxe2x80x94CRYPTO ""92, Lecture Notes in computer Science 740, Springer-Verlag.
FIG. 18 is a flowchart showing DES encryption algorithm.
In FIG. 18, reference numerals 1001-1004 show operations using function F for data transformation. Reference numerals 1011-1014 show XOR operations bit by bit. In the figure, an initial permutation and a final permutation are omitted.
An operation will be explained.
An input data 1050 having 2xc3x97n bits (in case of DES, 2xc3x9732 bits) is divided into two n-bit data 1051 and 1052. The n-bit data 1051 is output as n-bit data 1053 without any transformation. The data 1051 is also input to the function F 1001 to be transformed. The data transformed by the function F 1001 is XORed with the other n-bit data 1052 bit by bit by the XOR operation 1011 and the XORed result is output as n-bit data 1054.
Hereinafter, operations are repeated by the functions F 1002, 1003, and 1004, the XOR operations 1012, 1013, and 1014 and output data 1055 and 1056 are output. The two n-bit data are united and output as 2n-bit data 1057.
FIG. 19 shows an example of cipher processing apparatuses performing data transformation similar to the DES encryption as shown in the flowchart of FIG. 18.
In FIG. 19, reference numerals 1101 and 1102 show registers A and B for holding data. Reference numerals 1103 and 1104 are selectors A and B for selecting one of data. 1105 denotes a function F operating circuit for calculating the function F as data transformation. 1106 denotes an XOR circuit. 1201 and 1202 respectively show n-bit input data A and B. 1203 and 1204 respectively show n-bit output data A and B.
An operation will be explained.
An input data having 2xc3x97n bits (in case of DES, 2xc3x9732 bits) is divided into two n-bit input data A1201 and B1202. The two input data are respectively selected by the selectors A1103 and B1104 and held in the registers A1101 and B1102. The data held in the register A1101 is fed back to the selectors A1103 and B1104 and input to the function F operating circuit 1105 at the same time. After transformed by the function F operating circuit 1105, the data is XORed by the XOR circuit 1106 with the data held in the register B1102. The XORed result is fed back to the selectors A1103 and B1104.
Next, the selector A1103 selects the XORed result of the XOR circuit 1106, the selector B selects data held in the register A1101, and the registers A1101 and B1102 are respectively updated by these selected data to hold therein. Then, similarly, the operation, corresponding to the operation through the functions F 1002, 1003, 1004 and the XOR circuits 1012, 1013, 1014 shown in FIG. 18, is repeated (looped) a necessary number of times, and the output data A1203 and B1204 are finally output. In case of DES, the operation will be repeated 16 times.
In a cipher processing apparatus by the above method, when the apparatus is constructed by a plurality of the functions F having similar configuration for processing, it is possible to efficiently construct a processing circuit repeatedly. This enables to reduce the circuit scale and also save electric power. However, there is a problem that when the function F includes a smaller circuit having repeating process, the conventional configuration of the cipher processing apparatus does not efficiently reduce the circuit scale or save electric power.
The present invention is provided to solve the above-mentioned problem. An objective of the invention is to provide a cipher processing apparatus, which can be constructed efficiently to reduce a circuit scale and save electric power even if the apparatus has a configuration of repeatedly processing the function F including an internal smaller circuit configured by repeating process.
According to the present invention, in a cipher processing apparatus performing a first data transformation process on an input data a plurality of times by a first operating circuit,
the first operating circuit comprises a loop processing circuit for performing a second data transformation process a plurality of times;
the loop processing circuit comprises a second operating circuit, a data holding circuit, and a selecting circuit to form a processing loop;
the second operating circuit performs the second data transformation process;
the data holding circuit tentatively holds the data on which the second data transformation process was performed; and
the selecting circuit selects one of to terminate and to continue the second data transformation process by the loop processing circuit.
The second operating circuit comprises:
a data dividing circuit dividing data input to the second operating circuit into a first divided data and a second divided data;
a third operating circuit transforming the first divided data;
an XOR circuit XORing an output data from the third operating circuit with the second divided data bit by bit; and
a data uniting circuit uniting an output data from the XOR circuit and the second divided data.
The selecting circuit inputs a data for the first data transformation process by the first operating circuit and a data held in the data holding circuit, and the selecting circuit selects the data held in the data holding circuit when a process by the loop processing circuit is to be continued.
The selecting circuit selects the data for the first data transformation process by the first operating circuit when a process by the processing loop circuit starts.
The cipher processing apparatus further comprises:
a register A and a register B alternately holding the data for the first data transformation by the first operating circuit;
two XOR circuits XORing bit by bit the data on which the first data transformation was performed by the first operating circuit with the data held in the register A and with the data held in the register B, respectively;
a selector A and a selector B selecting one of the data on which the first data transformation was performed by a first operating unit and an XORed data by the XOR circuit to hold in the register A and the register B, respectively; and
the selecting circuit alternately selects the register A and the register B to start the process of the loop processing circuit.
The first operating circuit further performs a data transformation different from the second data transformation process for the data on which the second data transformation was performed by a processing loop unit to output a transformed data.
The second operating circuit comprises:
m (mxe2x89xa71) number of function operating circuits inputting identical data from the selecting circuit; and
a selector with m inputs and one output for inputting data operated by the m number of function operating circuits and selecting one of the input data.
The cipher processing apparatus further comprises:
a function operating unit transforming data output from the selecting circuit; and
a selector inputting data operated by the function operating unit and the data output from the selecting circuit, and outputting one of the data.
According to the present invention, in a cipher processing method performing a first data transformation for an input data a plurality of times by a first operating step,
the first operating step comprises a loop processing step performing a second data transformation at a plurality of times;
the loop processing step comprises:
a second operating step performing the second data transformation;
a data holding step temporarily holding data on which the second data transformation was performed; and
a selecting step for selecting either of to terminate and to continue the second data transformation by the loop processing step.
The second operating step comprises:
a data dividing step dividing data input to the second operating step into a first divided data and a second divided data;
a third operating step transforming the first divided data;
an XOR step XORing an output data from the third operating step with the second divided data bit by bit; and
a data uniting step uniting an output data from the XOR step and the second divided data.
According to the present invention, an IC (integrated circuit) card communicating data with a reader/writer comprises:
a data receiving circuit receiving the data from the reader/writer;
a data transmitting circuit transmitting the data to the reader/writer; and
the cipher processing apparatus of the invention encrypting/decrypting the data.
According to the present invention, an IC card communicating data with a reader/writer comprises:
a data receiving circuit receiving the data from the reader/writer;
a data transmitting circuit transmitting the data to the reader/writer; and
the cipher processing apparatus of the invention encrypting/decrypting the data.