FIG. 43 shows a block diagram of an encryptor performing encryption of Cipher Block Chaining Mode (hereinafter, referred to as the CBC mode).
An encryption of the CBC mode is performed as follows: first, plaintext block data M1 of 64 bits is input by block unit; the input data is encrypted by an encrypting module 51 using an encryption key K; ciphertext block data C1 and plaintext block data M1+1, subsequent to the data M1, are XORed; and the XORed result is supplied to the encrypting module 51, for encryption using the encryption key K, as a next input for encrypting process. Then, this process is repeatedly chained, and the whole plaintext data M will be encrypted into ciphertext data C.
FIG. 44 shows a block diagram of a decrypting apparatus performing decryption of the CBC mode.
The decrypting apparatus shown in FIG. 44 is an apparatus for decrypting the ciphertext data encrypted by the encrypting apparatus shown in FIG. 43. The ciphertext block data C1 is input to a decrypting module 71 for decryption using the encryption key K, XORed with an initial value IV, and decrypted into plaintext block data M1. When ciphertext block data C2 is input, the block data C2 is decrypted by the decrypting module 71 using the encryption key K, XORed with the ciphertext block data C1, which has been previously input and stored in a register 111, and decrypted into plaintext block data M2.
Here, the register 111 can be provided inside a selector 73.
The CBC mode can be represented by the following expressions where plaintext block data is M1 (i=1, 2, . . . , n), ciphertext block data C1(i=1, 2, . . . , n), the encrypting process using the encryption key K is defined as Ek, and the decrypting process using the encryption key K is defined as Dk:
C1=Ek (M1 EXR IV)
C1=Ek (M1 EXR C1−1) (i=2, 3, . . . , n)
M1=Dk (C1) EXR IV
M1=Dk (C1) EXR C1−1 (i=2, 3, . . . , n)
Here, EXR represents an XOR operation. IV represents an initial value to be used for an initial step of encrypting and decrypting processes. The same initial value IV is used both in the encryptor and the decryptor.
FIG. 45 shows an encryptor performing encryption of Output Feedback Mode (hereinafter, referred to as OFB mode).
FIG. 46 shows a decryptor performing decryption of the OFB mode.
FIG. 47 shows an encryptor performing encryption of Cipher Feedback Mode (hereinafter, referred to as CFB mode).
FIG. 48 shows a decryptor performing decryption according to the CFB mode.
Here, the register 111 can be provided inside the selector 73.
FIG. 49 is a block diagram showing a procedure for encrypting plaintext data M and plaintext data N using the encryptor of the CBC mode.
Hereinafter, a case in which the plaintext data M including plaintext block data M1, plaintext block data M2, and plaintext data M3, and the plaintext data N including only plaintext block data N1 will be explained.
When the encryption of plaintext block data M1 is started, ciphertext block data C1 is output, and the ciphertext block data C1 is also used for encrypting process of plaintext block data M2. In this way, ciphertext block data C1 is fed back to the process of encrypting plaintext block data Mi+1, which forms a chained process. Accordingly, it is not possible to encrypt the plaintext block data N1 unless encrypting process of the plaintext block data M1 through the plaintext block data M3 has been finished.
FIG. 50 shows the encrypting process of the CBC mode as well as FIG. 49.
In case of FIG. 50, it takes long to prepare each of the plaintext block data M1, the plaintext block data M2, and the plaintext block data M3. While, the encryption has been finished before the next plaintext block data M1+1 is prepared, which generates an idle time (time between T1 through T2, T3 through T4). In this way, even if the idle time is generated, the chain process has to be performed such that the ciphertext block data C1 should be fed back to the encrypting process of the plaintext data M1+1. Therefore, the process for the plaintext block data N1 cannot be performed until the encrypting process of the plaintext block data M3 is finished.
FIG. 51 shows a data confidentiality process and a data integrity ensuring process. The plaintext data M is, for example, encrypted into the ciphertext data C by the encryptor of the OFB mode. A message authentication code (MAC) P is computed by the encryptor of the CBC mode, and is appended to the last bit of the ciphertext data C. In case of receiving data which is encrypted and to which the MAC P is appended, as well as decrypting the ciphertext data C into the plaintext data M by the decryptor of the OFB mode, the MAC P is computed from the ciphertext data C by the decryptor of the CBC mode. It is possible to confirm the ciphertext data C transmitted has not tampered by comparing the obtained MAC P with the MAC P transmitted and received.
FIG. 52 shows a procedure for the confidentiality process and the MAC computing process shown in FIG. 51.
The plaintext block data M1 through the plaintext block data M3 are serially encrypted into the ciphertext block data C1 through the ciphertext block data C3. Subsequent, the MAC P is computed by serially inputting the ciphertext block data C1 through ciphertext block data C3.
The encryptor and the decryptor of each mode shown in FIGS. 42 through 48 has a problem as follows: the data obtained by encrypting and decrypting process of the previous block data should be fed back and used for encrypting and decrypting the next block data; there is a problem that once the encrypting process or the decrypting process is started, another encrypting process or another decrypting process cannot be started unless the whole steps of the encrypting process or the decrypting process are finished. Accordingly, if the encrypting/decrypting process, which is previously started, requires much time, the subsequent encrypting/decrypting process should wait for a long time.
Further, in case of performing the confidentiality process and the integrity ensuring process, the integrity ensuring process should be performed after performing the confidentiality process, which takes a long processing time.
It is an object of the preferred embodiment of the present invention to obtain an encryptor, a decryptor, an encrypting method, and a decrypting method which can perform encrypting/decrypting process of another piece of data while the encrypting/decrypting process of a certain piece of data is performed.
Further, it is another object of the preferred embodiment of the present invention to perform encryption/decryption of the data having a higher priority prior to other data.
Further, it is another object of the preferred embodiment of the present invention to perform the confidentiality process and the integrity ensuring process in parallel at a high speed.