1. Field of the Invention
The present invention relates to a cipher processing system and is particularly applicable to a cipher processing system for encrypting or decrypting information communicated between a service station and a user side connected thereto.
2. Description of the Related Art
In recent years, a variety of broadcasting routes are provided such as ground broadcasting, satellite broadcasting, cable television (CATV), Internet broadcasting, and a bidirectional service is also available through a communication network such as Internet or the like. With increasingly spreading multimedia environments, a variety of information has been mixed in broadcast information such as audio data, video data, textual and graphical data, and code. In such a situation, for example, when information is communicated between a service station and a user through a communication line, a variety of security functions are also increasingly required, for example, for limited accesses only for contracted users, electronic authentication, electronic money, protection of privacy, and so on.
The encryption for ensuring the security has also been implemented by a variety of approaches depending on associated information. For example, relatively simple processing such as line shuffle and so on is employed for video information, while security key cryptography such as Data Encryption Standard (DES) cipher, Fast Data Encipherment Algorithm (FEAL) cipher, are employed for long sentences and long code information. Public key cryptography such as Rivest Shamir Adelman (RSA) cipher or the like, for example, may be employed for electronic authentication.
It seems that the cipher processing is being rapidly developed, and a variety of improvements and new processing formulae are being proposed and brought into practical use in attempt of providing ever stronger encryption.
Cipher processing by a DES method is typical of the above-mentioned encryption methods. As is well known, the basic structure of this cipher processing involves randomization of information realized in a structure in which an involution structure is preserved. Deeply related to the encryption strength in this structure is a function-coupling type non-linear substitution portion. In DES64, this is included in a non-linear substitution table function called "S-box," in which an output exhibits a non-linear change from 1 to 4 [bits] for a 1 [bit] change in an input, and this change ends up with a final 37 [bits] change in a multi-stage (15 stages in DES64) structure, which is highly randomly mixed to provide significantly strong cipher processing. As such, there has not been found any decryption method for this cipher, other than a one-by-one attack.
In a one-by-one decryption method, DES64 requires 2.sup.55 calculations, and it takes approximately 1000 years for a computer having a capability of processing one calculation in 1 [.mu.sec] to complete such a large number of calculations for the decryption.
However, with the recent supercomputers and parallel processing technologies, there is a fear that decryption capabilities have been enhanced so rapidly that DES64 would be decrypted in a short time in the near future. Thus, improvements have been proposed to enhancing the strength against decryption, such as an increase in bit number. It is a general tendency that a variety of encryption enhancing approaches will also be proposed and improved from now on. The security key cryptography includes a variety of unique schemes such as FEAL other than DES. The RSA cipher belonging to the public key cryptography largely differs from DES in processing form, and employs residual equations for calculations as follows: C.tbd.M.sup.e mod n for encryption and M.tbd.C.sup.d mod n for decryption, where M is an input sentence, e and n are public keys, and d is a security key.
While a fast exponential calculation method (calculations of 21 ne times) and so on are known for exponential calculation, an implementation using hardware such as digital signal processor (DSP) is essential because the load of the repetitive calculation is heavy and takes a long processing time. Conventionally, it was a general tendency to propose fixed hardware for each of schemes involving largely different processing in accordance with their differences. However, such a fixed processing scheme implies problems in that a unique encryption processor must be provided for each of a plurality of different services, and that this scheme cannot support feature up-grading.
As explained above, the encryption enhancement largely depends on the non-linear processing for function coupling. A large difference between DES and FEAL schemes lies in this function coupling portion, and the most important processing is to achieve a non-linear and reliable random substitution. For this processing, several configurations have been proposed in response to up-to-date requirements. In addition, since the cipher processing is performed in blocks (for example, in a unit of a 64-bit block comprising 56 [bits] of data and 8 [bits] of parity), the number of bits directly relates to the encryption strength, so that the selection of a number of bits, corresponding to up-to-date requirements, is important. These must be continually provided to users as up-versions to maintain the encryption strength and ensure the reliability of the cipher processing. Furthermore, other than these security key approaches principally adapted to transfer a large amount of data, public key approaches using the RAS encryption are applied to, for example, authentication and security key delivery, and methods having completely different encryption structures also exist. Conventionally, however, for up-grading the hardware for an encryption circuit in order to arbitrarily cope with a variety of unique methods and to take countermeasures to decryption of an encryption approach, there has been no effective approach other than exchanging or newly purchasing associated hardware.