The present invention relates to encryption/decryption techniques for encrypting/decrypting digital data transferred among computers, home-use-destined electric/electronic equipment and the like.
In the digital home-use-destined electric/electronic equipment promising further development in the future, the encryption/decryption technology is indispensably required for preventing or disenabling unauthorized or illegal copying of digital data.
As the encryption technology known heretofore there has already been proposed what is known as the RC5 encryption algorithm in which data-dependent cyclic shift operation (also called end-around, circular or ring shift operation) is adopted, as is disclosed in R. L. Rivest: xe2x80x9cThe RC5 Encryption Algorithmxe2x80x9d, FAST SOFTWARE ENCRYPTION, 2nd International Workshop, Springer-Verlag, (1995). The RC5 encryption algorithm is designed such that processed data length (i.e., the length of data to be processed) of w bits, secret key length of b bytes and processing round number r are variable. For having better understanding of the concept underlying the present invention, the RC5 encryption algorithm will be explained below in some detail.
For the text data which has not undergone any encrypting conversion processing (hereinafter referred to simply as the plain-text data) and which is given by xe2x80x9cL[0] and R[0]xe2x80x9d, where L[0] represents more significant w/2 bits of the processed data length of w bits, and R[0] represents least significant w/2 bits thereof, there can be obtained through the RC5 encryption algorithm an encrypted text xe2x80x9cL[2r+1], R[2r+1]xe2x80x9d which can be derived through the procedure defined by the following expressions:
L[1]=L[0]+S[0],
R[1]=R[0]+S[0],
L[N+1]=R[N],
where 1xe2x89xa6Nxe2x89xa62r, and
R[N+1]=((L[N] EOR R[N]) less than  less than  less than R[N])+S[N+1],
where 1xe2x89xa6Nxe2x89xa62r.
In the above expressions, the repetition represented by xe2x80x9c1xe2x89xa6Nxe2x89xa62rxe2x80x9d is illustrated for xe2x80x9cNxe2x80x9d in FIG. 23 of the accompanying drawings. In conjunction with the above definition, arithmetic expression xe2x80x9cA +Bxe2x80x9d in general represents a remainder resulting from division of a sum of xe2x80x9cAxe2x80x9d and xe2x80x9cBxe2x80x9d by the x-th power of xe2x80x9c2xe2x80x9d, and operation symbol xe2x80x9cEORxe2x80x9d represents an exclusive-OR on a bit-by-bit basis. Further, expression xe2x80x9cx less than  less than  less than yxe2x80x9d in general represents arithmetic operation of shifting repetitionally xe2x80x9cxxe2x80x9d to the left (leftward shift) by least significant log(w) bits of xe2x80x9cyxe2x80x9d. According to the RC5 encryption algorithm, twice repetition of the arithmetic operation shown in FIG. 23 is referred to as one stage operation. The encrypted text can be generated by repeating the one-stage operation r times.
Major features of the RC5 encrypting algorithm can be seen in that the length of the secret key is variable on a user-by-user basis and the cyclic shift can be varied or changed dynamically. However, because such algorithm structure is adopted that the dynamic change of the cyclic shift depends on the data for encryption the RC5 encryption algorithm suffers a drawback of not being sufficiently hard against the selective plain-text attack, one of the cryptanalysis methods. For more particulars in this respect, reference should be made to Lar R. Knudsen, Willi Meier: xe2x80x9cIMPROVED DIFFERENTIAL CRYPTANALYSIS ON RC5xe2x80x9d, Advances in Cryptology-CRYPTO""96, Springer-Verlag, 1996.
In the light of the state of the art described above, it is an object of the present invention to provide encrypting conversion method and apparatus which are capable of controlling dynamically the cyclic shift independent of data for conversion and additionally capable of realizing the encrypting conversion with highly enhanced randomness with a simplified system configuration.
Another object of the present invention is to provide method and system for decrypting the encrypted text.
Yet another object of the present invention is to provide a data communication system in which the encrypting/decrypting conversion techniques taught by the invention are adopted.
In view of the above and other objects which will become apparent as the description proceeds, there is provided an encryption system or apparatus for generating a encrypted text data of a predetermined length as an encrypted block from a plain-text data and key or keys as inputted, which apparatus includes:
(1) at least two fixed cyclic shift processing modules for cyclically shifting data leftward or rightward,
(2) a cyclic shift processing selecting module for selecting the fixed cyclic shift processing means, and
(3) a cyclic shift processing sequence determining module for determining an order or sequence for the selection of the cyclic shift processing selecting module on the basis of data for determining the shift number selecting sequence.
Thus, there is provided according to an aspect of the present invention an encrypting conversion apparatus which receives as inputs thereto at least one key and plain-text data to thereby output encrypted text data, which apparatus can be implemented in hardware fashion or software fashion and includes a cyclic shift processing module for determining a shift number on the basis of data for determining a shift number selecting sequence, a module for dividing inputted plain-text data into first data and second data and setting the first data as data L[1] while setting the second data as data R[1], at least one stage of an encrypting conversion processing module for receiving as inputs thereto data L[N] and R[N] to thereby output data L[N+1] and data R[N+1], wherein the encrypting conversion processing module is so arranged as to perform at least once for the data L[N] a conversion processing by using the key and a cyclic shift processing by means of the cyclic shift processing module, respectively, to thereby generate data X and wherein a value derived from arithmetic operation of the data R[N] and the data X is set as the data L[N+1] while the data L[N] being set as the data R[N+1], and a module for outputting a combination of two output data from a final stage of the encrypting conversion processing module as an encrypted text.
In a mode for carrying out the invention, the cyclic shift processing module may be so arranged as to include at least two different fixed cyclic shift processing modules each for performing cyclic shift by a fixed number of bits leftward or alternatively rightward, a cyclic shift processing selecting module for selecting the fixed cyclic shift processing module, and a cyclic shift processing sequence determining module for determining a selecting sequence for the cyclic shift processing selecting modules on the basis of data for determining the shift number selecting sequence.
In another mode for carrying out the invention, the data for determining the shift number selecting sequence may be generated on the basis of the aforementioned key.
Further, according to another aspect of the present invention, there is provided a decrypting conversion apparatus which receives as inputs thereto at least one key and encrypted text data to thereby output plain-text data, which apparatus can be implemented hardware-wise or softwarewise and includes a cyclic shift processing module for determining a shift number on the basis of data for determining a shift number selecting sequence, a module for dividing inputted encrypted text data into first data and second data and setting the first data as data L[1] while setting the second data as data R[1], at least one stage of a decrypting conversion module for receiving as inputs thereto data L[N] and R[N] to thereby output data L[N+1] and data R[N+1], wherein the decrypting conversion module is so arranged as to perform at least once for the data R[N] a conversion processing by using the key and a cyclic shift processing by means of the cyclic shift processing module, respectively, to thereby generate data X and wherein a value derived from arithmetic operation of the data L[N] and the data X is set as the data R[N+1] while the data R[N] being set as the data L[N+1], and a module for outputting a combination of two output data from final stage of the encrypting conversion module as a plain-text.
In a mode for carrying out the invention, the cyclic shift processing module may be so arranged as to include at least two different fixed cyclic shift processing modules each for performing cyclic shift by a fixed number of bits leftward or alternatively rightward, a cyclic shift processing selecting module for selecting the fixed cyclic shift processing module, and a cyclic shift processing sequence determining module for determining a selecting sequence for the cyclic shift processing selecting modules on the basis of data for determining the shift number selecting sequence.
In a further mode for carrying out the invention, the data for determining the shift number selecting sequence may be generated on the basis of the aforementioned key.
By virtue of the arrangements described above, the cyclic shift can be dynamically controlled independent of the data for conversion, and the encrypting conversion as well as the decrypting conversion can be realized with highly enhanced randomness with a simple system configuration.