Traditionally, in order to avoid information leakage and manipulation, encryption algorisms are used to encrypt information.
The encryption algorism is that includes a plurality of stirring steps of accepting unstirred text, stirring the unstirred text with an extended key calculated from a user key and outputting it as stirred text, in which plaintext is encrypted step by step to output ciphertext.
The usefulness of the encryption algorism is a high degree of the difficulty of decryption, which can be evaluated from costs that ciphertext is actually decrypted to measure the number of plaintext and the complexity required for decryption.
More specifically, decryption is performed in which partial extended keys are determined individually and the remaining extended keys are determined based on unstirred text calculated with the determined extended keys.
However, the inventor found that particularly in the case where the calculation of extended keys based on a user key is simple, the extended key relates to the user key or a plurality of the extended keys relates to each other, and then these relationships are used to allow decryption at lower costs.
In this case, the traditional decryption method of calculating keys individually is inadequate to evaluate degrees of the difficulty of decryption.
Then, the relationship held between segment bit patterns of each key is utilized to allow a cipher strength evaluation apparatus capable of evaluating degrees of the difficulty of decryption properly also in the case where the relationship like this is held.
Furthermore, the cipher strength evaluation apparatus like this outputs the costs required for calculating keys to allow verification whether a key condition is true or not, the key condition is formed of segment bit patterns relating to a plurality of keys and is estimated to facilitate decryption by utilizing the segment bit patterns. Moreover, a weak key detector different from the cipher strength evaluation apparatus detects inadequate keys and avoids them to be used based on a weak key condition that is the key condition to lower the difficulty of decryption. Thus, a higher degree of the difficulty of decryption can be obtained as the same encryption algorism is used.