1. Field of the Invention
The present invention relates to a data processing method, an apparatus, a program thereof, a linear conversion circuit and an encryption apparatus used in designing a linear conversion circuit for performing linear conversion restricted by encoding processing, etc.
2. Description of the Related Art
A variety of encryption techniques have been developed for information security.
Common key block encryption as one kind of the encryption techniques restricts, for example, a round function composed of nonlinear processing and linear processing (diffusion processing).
Nonlinear processing of the round function is composed of a unit called an S-box and realizes nonlinearity between input and output.
Also, linear processing of the round function performs linear conversion for diffusing an effect of multi-bit input data to a plurality of bits.
As a method of using linear conversion as such, there is a method of using a Maximal Distance Separable (MDS) used in the Advanced Encryption Standard (AES), etc.
The MDS is a method of effectively performing bit diffusion by using conversion on an extension field, such as GF(28).
However, the MDS has a disadvantage that the circuit configuration becomes complicated when being mounted.
There are encryption methods of Camellia and E2, etc. for eliminating the disadvantage. In the encryption methods, conversion on GF(2) is used for configuring a high speed and small scaled circuit.
The Japanese Unexamined Patent Publication No. 2002-91295 will be referred as a prior art.
However, to obtain high diffusion efficiency by conversion on GF(2), the circuit configuration for maximize the number of so-called active S-boxes is determined by performing calculating on all possible linear conversions regardless of restriction on a circuit for realizing linear conversion, and there is a disadvantage that a large amount of calculation becomes necessary.
Here, the number of active S-boxes is the minimum value of the number of zeros arisen in results of performing linear processing of the above round function on a plurality of input data.