1. Field of the Invention
The present invention relates to an encryption method and encryption apparatus for encrypting a plain text, and a decryption method and decryption apparatus for decrypting a cipher text.
2. Description of the Related Art
It is conventionally known that information is encrypted in order to secure privacy for the information when communicating and recording. Information is encrypted into meaningless information and transferred or recorded in a recording medium. When the encrypted information is received, it is decrypted to get the original information.
There are two main encryption/decryption methods: a private key cryptosystem and a public key cryptosystem. In the private key cryptosystem, the same key is used for encryption and decryption. The encryption side and the decryption side have the same key in private. On the other hand, the public key cryptosystem uses different keys at the encryption side and the decryption side. The key used at the encryption side is open to the public whereas the key used at the decryption side is kept in private.
Known as a private key cryptosystem is the encryption/decryption algorithm specified in a Data Encryption Standard (DES), which is a standard encryption/decryption method in the United States. In the DES system, the encryption/decryption algorithm is open to the public and the ciphering strength is maintained just by a ciphering key. The reason why the encryption/decryption algorithm is made public is that it is expected that a vast amount of calculation is required for decryption without the ciphering key even when the algorithm is known and the calculation will need more than some hundred or thousand years with the use of a high-speed calculation unit.
Encryption is basically performed by a combination of transposition, which changes the sequence of characters, and substitution, which replaces a character with another character according to a specified rule. An encryption/decryption algorithm and a ciphering key indicate how the sequence of characters are changed and which character is replaced with which character.
Various encryption/decryption systems superior in security and speed have been developed in addition to the DES system. For example, an encryption/decryption system (MULTI 2 system) disclosed in the U.S. Pat. No. 4,982,429 and No. 5,103,479 and the Japanese Unexamined Patent Publication No. 1-276189 is known.
The International Standardization Organization (ISO) also specifies an encryption system in ISO 9979/0009 and an encryption-use mode in ISO/IEC 10116.
In the MULTI 2 encryption system, an input data is 64 bits long and an output data is also 64 bits long. A 256-bit work key used for encryption is generated by a 256-bit system key and a 64-bit data key. The number of encryption stages is a positive integer.
FIG. 12 shows an outlined configuration of the encryption algorithm in the MULTI 2 system. As shown in FIG. 12, a 256-bit work key Kw is generated in the encryption algorithm with the use of a 64-bit data key Ks and a 256-bit system key J. This operation is called a key schedule processing and is conducted by an encryption-algorithm executing means C. The generated work key Kw is supplied to an encryption-algorithm executing means F to encrypt an input 64-bit-blocked plain text. The same encryption algorithm can be conducted by the encryption-algorithm executing means C and the encryption-algorithm executing means F.
The basic encryption algorithm of the MULTI 2 system has been described above. The original plain text may be found by calculating the distribution of frequencies of characters or words that appear in statistical processing in advance and by computing a matching condition of the frequency distribution and that of character-string patterns in the obtained ciphered text.
There is a mode of operation in which a cipher text is generated by calculating logical exclusive OR between a 64-bit encrypted block and a 64-bit data block to be input next. This encryption mode is called a cipher block chaining (CBC) mode. The encryption-algorithm executing means F performs a CBC-mode encryption/decryption algorithm.
In a communication system in which a data unit used for communication is determined in advance, such as a packet communication, when a block encryption system employing a block having 64 bits is used and a data unit which cannot be divided by the number of bits in one block is input, there appears a fractional data having less than the number of bits in one block. This fractional data is handled in an output feedback (OFB) mode.
Fractional data, if any, is supplied to an encryption-algorithm executing means G and encrypted with the use of random numbers generated by using the work key Kw in the OFB mode. With this configuration, when one block has 64 bits, data having less than one block""s worth of bits is encrypted and a cipher text is obtained. The CBC mode and OFB mode are called encryption-use modes.
FIG. 13 shows an outlined configuration of the decryption algorithm in the MULTI 2 system. As shown in FIG. 13, a 256-bit work key Kw is generated in an encryption algorithm with the use of a 64-bit data key Ks and a 256-bit system key J. The work-key generation is performed in a key schedule processing in which the same encryption algorithm as that used in the encryption side is used. The encryption algorithm is conducted by an encryption-algorithm executing means c. The generated work key Kw is supplied to a decryption-algorithm executing means f to decrypt an input 64-bit cipher text.
In this decryption algorithm, transposition and substitution in the encryption algorithm performed in the encryption-algorithm executing means F is conducted in the reverse order.
Cipher text encrypted in the OFB mode is supplied to an encryption-algorithm executing means g and decrypted with the use of random numbers generated by using the work key Kw. With this configuration, a 64-bit one-block cipher text is decrypted and the original 64-bit one-block plain text is obtained. The decryption-algorithm executing means f performs a CBC-mode decryption algorithm.
Encryption-use modes will be described below by referring to FIGS. 14A and 14B. FIG. 14A shows an outlined configuration of encryption and decryption in the CBC mode and FIG. 14B illustrates an outlined configuration of encryption and decryption in the OFB mode.
In the CBC mode, as shown in FIG. 14A, the i-th plain-text block M(i) is input to a logical exclusive OR circuit 101 and is exclusive-ORed with the one-block-before cipher-text block C(ixe2x88x921) which is delayed and fed back by a register (REG) 103. The exclusive ORed data is encrypted by an encryption-algorithm executing means 102 with the use of the work key generated according to the data key Ks. The encrypted i-th cipher block C(i) is expressed as follows:
C(i)=EKs(M(i).EOR. C(ixe2x88x921))
where EKs(m) indicates that m is encrypted with Ks and EOR indicates logical exclusive OR operation.
The cipher-text block C(i) is transmitted and received by the receiving side. The received cipher-text block C(i) is decrypted by a decryption-algorithm executing means 111 with the use of the work key generated according to the data key Ks, and is supplied to a logical exclusive OR circuit 113. The one-block-before cipher-text block C(ixe2x88x921) which is delayed by a register (REG) 112 is input to the logical exclusive OR circuit 113 and logical exclusive OR between the two inputs is calculated. In this case, the same data key Ks is used both in the transmitting side and receiving side. The i-th plain-text block M(i) is obtained from the logical exclusive OR circuit 113. The i-th plain-text block M(i) is expressed as follows:
M(i)=DKs(C(i).EOR.C(ixe2x88x921))
where DKs(c) indicates that c is decrypted with Ks.
In the OFB mode, the i-th plain-text block M(i) is input to a logical exclusive OR circuit 105. The output of an encryption-algorithm executing means 104, which is converted to random numbers with the use of the work key generated according to the data key Ks, is also input to the logical exclusive OR circuit 105. The output of the encryption-algorithm executing means 104 is delayed one block by a register 103 and fed back to the encryption-algorithm executing means 104. A cipher-text block C(i) encrypted with the use of random numbers is output from the logical exclusive OR circuit 105.
The cipher-text block C(i) is transmitted and received by the receiving side. The received cipher-text block C(i) is supplied to a logical exclusive OR circuit 114. The output of an encryption-algorithm executing means 115, which is converted to random numbers with the use of the work key generated according to the data key Ks, is also supplied. The output of the encryption-algorithm executing means 115 is delayed one block by a register (REG) 112 and fed back to the encryption-algorithm executing means 115. In this case, the random numbers supplied to the logical exclusive OR circuit 114 is the same as the random numbers supplied to the logical exclusive OR circuit 105. The decrypted i-th plain-text block M(i) is obtained from the logical exclusive OR circuit 114.
FIG. 15 shows an outlined configuration of an encryption/decryption system having the encryption-use modes described above. In FIG. 15, the transmitting side is provided with a scrambler 100 for encrypting data. Input data is scrambled, namely encrypted, by the scrambler 100 and transmitted. The scrambled transmission data is transferred via a transfer path such as in free space and received by the receiving side. The receiving side is provided with a descrambler 110. The scrambled transmission data is descrambled, namely decrypted, by the descrambler 110 to obtain the original data and is output.
The scrambler 100 has a CBC-mode encryption section including an encryptor 102 serving as an encryption-algorithm executing means for encrypting an input data (plain text), a register 103, and a logical exclusive OR (EX-OR) circuit 101, and an OFB-mode encryption section including an encryptor 104 serving as an encryption-algorithm executing means and a logical exclusive OR (EX-OR) circuit 105. The scrambler 100 is also provided with an encryptor 106 for generating a work key from a data key and a system key. The generated work key is supplied to the encryptors 102 and 104.
Since the encryptors 102, 104, and 106 can use the same encryption algorithm, one encryptor can be substituted for three encryptors. Since the operations of the CBC-mode and OFB-mode encryption sections have already been described, the descriptions thereof are omitted.
The descrambler 110 has a CBC-mode decryption section including a decryptor 111 serving as a decryption-algorithm executing means for decrypting an input, received data (cipher text), a register 112, and a logical exclusive OR (EX-OR) circuit 113, and an OFB-mode decryption section including an encryptor 115 serving as an encryption-algorithm executing means and a logical exclusive OR (EX-OR) circuit 114. The descrambler 110 is also provided with an encryptor 116 for generating a work key from a data key and a system key. The generated work key is supplied to the decryptor 111 and the encryptor 115.
Since the encryptors 115 and 116 can use the same encryption algorithm, one encryptor can be substituted for two encryptors. Since the operations of the CBC-mode and OFB-mode decryption sections have already been described, the descriptions thereof are omitted.
In the encryption/decryption system shown in FIG. 15, while the encryption side just executes the encryption algorithm, the decryption side has to execute the decryption algorithm and the encryption algorithm for generating the work key required for decryption. In other words, the decryption side needs to be provided with hardware sections for executing the decryption algorithm and encryption algorithm. Therefore, the decryption side has to have a larger-scale hardware section than the encryption side.
When the encryption/decryption system is used for a broadcasting system such as a satellite broadcasting system, the cost of receiving facilities increases compared with transmission facilities. Then, a broadcasting system is prevented from wide-spreading.
Accordingly, it is an object of the present invention to provide an encryption/decryption system and encryption/decryption apparatus in which a cipher text encrypted with a specified encryption algorithm is decrypted by the receiving side having simple configuration.
The foregoing object is achieved in one aspect of the present invention through the provision of an encryption method including a work-key generation step for generating a work key by executing a decryption algorithm and an encryption step for generating a cipher text by encrypting a plain text according to the specified encryption algorithm with the use of the work key generated in the work-key generation step.
The foregoing object is achieved in another aspect of the present invention through the provision of a decryption method including a work-key generation step for generating the work key used for encryption by executing a decryption algorithm and a decryption step for obtaining the original plain text by decrypting a cipher text according to the decryption algorithm with the use of the work key generated in the work-key generation step.
The foregoing object is achieved in yet another aspect of the present invention through the provision of an encryption/decryption method including an encryption work-key generation step for generating a work key by executing a decryption algorithm, the step being implemented in the encryption side; an encryption step for generating a cipher text by encrypting a plain text according to the specified encryption algorithm with the use of the work key generated in the work-key generation step, the step being implemented in the encryption side; a decryption work-key generation step for generating the work key used for encryption by executing the decryption algorithm, the step being implemented in the decryption side; and a decryption step for obtaining the plain text by decrypting the cipher text according to the decryption algorithm with the use of the work key generated in the work-key generation step, the step being implemented in the decryption side.
The foregoing object is achieved in still another aspect of the present invention through the provision of an encryption apparatus including key schedule means for generating a work key by executing a decryption algorithm with the use of key information and encryption means for generating a cipher text by encrypting a plain text according to the specified encryption algorithm with the use of the work key generated by said key-schedule means.
The foregoing object is achieved in a further aspect of the present invention through the provision of a decryption apparatus including key schedule means for generating the work key used for encryption by executing a decryption algorithm and decryption means for obtaining the original plain text by decrypting a cipher text according to the decryption algorithm with the use of the work key generated by the key schedule means.
The foregoing object is achieved in a yet further aspect of the present invention through the provision of an encryption/decryption apparatus including the encryption side provided with encryption key-schedule means for generating a work key by executing a decryption algorithm, and encryption means for generating a cipher text by encrypting a plain text according to the specified encryption algorithm with the use of the work key generated by the encryption key-schedule means; and the decryption side provided with decryption key-schedule means for generating the work key used by the encryption means, by executing the decryption algorithm, and decryption means for obtaining the plain text by decrypting the cipher text according to the decryption algorithm with the use of the work key generated by the decryption key-schedule means.
According to an encryption method and a decryption method of the present invention, the work key required for decryption can be generated by executing the decryption algorithm. Therefore, means for executing the decryption algorithm which generates the work key and means for executing the decryption algorithm which decrypts a cipher -text can be implemented by one unit, and the configuration of the decryption side can be simplified.
In addition, when a plain text is encrypted with the use of random numbers generated by executing a decryption algorithm in the OFB mode, since the text encrypted in the OFB mode can be decrypted with the use of random numbers generated by executing the decryption algorithm, the unit described above can also serve as means for executing the decryption algorithm for generating random numbers in the OFB mode. Therefore, the configuration of the decryption side can be further simplified.
When the present invention is applied to a broadcasting system, the cost of the system can be reduced by simplifying the configuration of receiving facilities. Wide spread of the broadcasting system is promoted.