In methods for encrypting plaintext data, block encryption in which plaintext is enciphered block by block, one block being, for example, 64 bits, is known. This block encryption can be classified into four modes, depending on how a block and key are used: ECB, CBC, OFB, and CFB.
The CBC mode entails block chaining encryption. FIG. 5 shows a block encryption circuit in CBC mode, focusing on the data flow.
A first block 1A of plaintext data and an initial value (initialization vector) IV are supplied to an exclusive-OR circuit 2A. An output therefrom is supplied to an encryption circuit 3A and is then encrypted into a first block 4A of ciphertext data using a secret key. A second block 1B of plaintext data and the first block 4A of ciphertext data are supplied to an exclusive-OR circuit 2B. An output therefrom is supplied to an encryption circuit 3B and is then encrypted into a second block 4B of ciphertext data using the secret key. A third block 1C of plaintext data and the second block 4B of ciphertext data are supplied to an exclusive-OR circuit 2C. An output therefrom is supplied to an encryption circuit 3C and is then encrypted into a third block 4C of ciphertext data using the secret key.
Likewise, an nth block of plaintext data is XORed with an (n−1)th block of ciphertext data, which is the previous block's ciphertext result. An XORed output is encrypted into an nth block of ciphertext data using the secret key. (See, for example, Japanese Unexamined Patent Application Publication No. 2000-338866.)
In this way, according to the block encryption circuit shown in FIG. 5, plaintext data can be encrypted in CBC mode. If the signal flow shown in FIG. 5 is reversed and the circuits 3A, 3B, 3C, . . . are used for decryption, ciphertext data can be decrypted into plaintext data, as shown in FIG. 6.
FIG. 5 focuses on the data flow. In practice, in the block encryption circuit, the exclusive-OR circuits 2A, 2B, 2C, . . . are realized by software processing in a host computer using this block encryption circuit, and the encryption circuits 3A, 3B, 3C, . . . consist of hardware. Only one circuit is provided in actuality and is shared for the blocks 1A, 1B, 1C, . . . of plaintext data and the blocks 4A, 4B, 4C, . . . of ciphertext data.
Changing processing of the exclusive-OR circuits 2A, 2B, 2C, . . . or the like achieves block encryption in ECB mode or the like, and therefore, the processing of the exclusive-OR circuits 2A, 2B, 2C, . . . or the like is also called mode processing.
For commercial disks on which digital audio data including musical data is recorded, it has been suggested that the digital audio data be encrypted before being recorded on disks in order to prevent unauthorized duplication. In this case, the block encryption described with reference to FIG. 5 can be applied.
Since the block encryption circuit shown in FIG. 5 performs mode processing including exclusive-OR processing in blocks of, for example, 64 bits, a large amount of plaintext data (digital audio data) places a heavy load on a computer. For instance, 2K-byte plaintext data requires a computer to perform mode processing 256 times. (=2K bytes/64 bits). This results in a significant burden being placed on the computer.
Therefore, a player for playing back a disk whose data is subjected to block encryption needs another microcomputer for decryption, in addition to a microcomputer for system control, or needs a high-performance microcomputer that can perform both system control and encryption.
In light of the foregoing, the present invention provides a block encryption circuit with a simple structure that can handle any length of plaintext data without placing a heavy burden on a computer.