The present invention relates to a cipher system used in transmission or storage of digital data for preserving secrecy on the transmission path or the storage media.
Examples of prior art cipher system are shown in proceedings of the 3rd Symposium on Information Theory and its Application, Nov. 1980, pp 371-377 "Some Consideration on a Simple Self-Synchronizing Encryption System" (this publication will be hereinafter referred to as Literature 1), and Cryptography: A New Dimension in Computer Data Security, by Stephen M. Matyas, published by John Wiley & Sons, New York, U.S.A., pp. 88-100 (this publication will be hereinafter referred to as Literature 2).
FIG. 9 is a block diagram showing an encryption system described in the Literature 2. In this system, 64-bit block cipher is used in a 1 bit CFB (Cipher Feed Back) mode. The left hand side of the figure is an encipherment section including an input terminal 901, a modulo-2 adder 902, a shift register 903, a 64 bit block encipherment unit 904, and a register 905. The right hand side of the figure is a decipherment section including a shift register 907, a 64-bit block encipherment unit 908, a register 909, a modulo-2 adder 910, and an output terminal 911. The encipherment section and the decipherment section are connected by a transmission path 906.
A bit series of plaintext is input through the input terminal 901 of the encipherment section, and is added at the adder 902 to the 1 bit at the left end of the register 905, to be enciphered. The enciphered bit series (ciphertext) is transmitted through the transmission path 906 to the decipherment section. The enciphered bit series is also fed back to the shift register 903, and stored in it for a predetermined time, or for a predetermined number of operation cycles, being shifted through the shift register 903. The 64-bit contents of the shift register 903 are input in parallel to the 64-bit block-encipherment unit 904 and converted into 64-bit data. The data output from the block-encipherment unit 904 are stored in a 64 bit register. Only the leftmost bit of the register 905 is applied to the modulo-2 adder 902 for encipherment.
The above operations are repeated, and the plaintext input through the input terminal 901 is enciphered bit by bit and transmitted through the transmission path to the decipherment section.
The ciphertext received at the decipherment section is stored in a shift register 907 for a predetermined time and is also sent to a modulo-2 adder 910, at which the ciphertext and the leftmost bit of the register 909 is added, by which decipherment is performed. The deciphered text is output through an output terminal 911. The shift register 907, the 64-bit block-encipherment unit 908, and the register 909 perform operations similar to those of the shift register 903, the 64-bit block-encipherment unit 904 and the register 905. Only if the encipherment key set in the 64-bit block-encipherment unit 904 and the decipherment key set in the 64-bit block-encipherment unit 908 are identical the contents of the registers in the encipherment section and the decipherment section coincide with each other. The information identical to the information input through the input terminal 901 is output through the output terminal 911.
FIG. 10 is a block diagram showing a cipher system disclosed in the Literature 1. In the illustrated system, instead of the 64-bit block-encipherment units, code converters (such as ROM) 924 and 928 storing code patterns corresponding to the respective encipherment keys are used. The system further include an input terminal 921, a modulo-2 adders 922 and 926, shift registers 923 and 927, a transmission path 925, and an output terminal 929.
The two systems described above have advantages that the correlation between the plaintext and the ciphertext can be made small, synchronization is automatically restored upon expiration of time proportional to the length of the shift register even after occurrence of a transmission path error or after synchronization being lost.
However, the 64-bit block-encipherment unit, e.g., DES used in the system of FIG. 9 is originally designed for encipherment of 64 bit data, i.e., conversion from 64 bits into another 64 bits. Only one bit of the result of the conversion is utilized. The 64-bit block-encipherment unit is complicated, and expensive if implemented by hardware, and slow (having low throughput) if implemented by software.
In the system of FIG. 10, the code converter having code patterns corresponding to the respective encipherment keys is required. When the number of the keys is increased or when the length of the shift register is increased, the system is not feasible. For instance, if the length of the shift register is 64, and the number of bits of the encipherment key is also 64, the required storage capacity is 2.sup.64 .times.2.sup.64 =3.4.times.10.sup.38.