A device as shown in FIG. 4 as an encrypting and decrypting device is considered. An encryption and decryption processing unit 50 is shown as a part exclusive of interfaces, a CPU, and the like of the encrypting and decrypting device integrated into an IC (Integrated Circuit). The encryption and decryption processing unit 50 includes an encryption and decryption arithmetic part 51, a hardware key generating part 53, a key storing part 55, and a key selecting part 57. The key selecting part 57 is externally supplied with an input command. The encryption and decryption arithmetic part 51 is externally supplied with input data. The encryption and decryption arithmetic part 51 outputs output data to the outside.
The hardware key generating part 53 within the encryption and decryption processing unit 50 subjects secret key data serving as a fundamental basis written in a ROM to an operation, for example. The hardware key generating part 53 thereby generates a hardware key as primitive secret key data and then inputs the generated hardware key to the key selecting part 57.
By inputting an input command, the key selecting part 57 first selects the hardware key from the hardware key generating part 53. The encryption and decryption arithmetic part 51 subjects the hardware key to an operation with input data to calculate a process key in a first stage. The process key in the first stage is written through an output line 59 to the key storing part 55.
Next, the process key in the first stage read from the key storing part 55 is selected by the key selecting part 57 and subjected to an operation with input data by the encryption and decryption arithmetic part 51. Thereby a process key in a second stage is calculated and then written to the key storing part 55 in place of the process key in the first stage.
The encryption and decryption arithmetic part 51 similarly calculates subsequent process keys in a third stage and following stages. The encryption and decryption arithmetic part 51 finally calculates a content key as secret key data for decrypting or encrypting data. The content key is written to the key storing part 55.
In this state, when a command for specifying a decryption mode is inputted as an input command, and encrypted data is inputted as input data, the content key read from the key storing part 55 is selected by the key selecting part 57 and subjected to an operation with the encrypted data by the encryption and decryption arithmetic part 51, whereby the encrypted data is decrypted. The plaintext data is outputted to the output line 59.
Similarly, when a command for specifying an encryption mode is inputted as an input command, and plaintext data is inputted as input data, the plaintext data is encrypted, and the encrypted data is outputted to the output line 59.
However, the above-described encrypting and decrypting device outputs the process keys and the content key to the output line 59, that is, to the outside of the encrypting and decrypting device from the encryption and decryption arithmetic part 51 in the process of decryption or encryption. These keys can be seen from the outside of the encrypting and decrypting device. Thus, secrecy of the secret key data, especially the hardware key whose secrecy is to be ensured is not ensured. In addition, it is possible that a person illegally attacking the device can have the content key calculated by inputting a combination of various commands and illegally decrypt data. Thus a sufficient level of security is not provided.
It is accordingly an object of the present invention to realize an arithmetic unit and an arithmetic method that ensure security of data as a result of arithmetic processing.