The present invention relates to an encryption apparatus, and more particularly to an encryption apparatus suitable for high speed encryption when encryption is introduced into a computer system.
A DES (data encryption standard) system established by the U.S. Department of Commerce, Standard Office in 1977 has been known. Prior art encryption processing is described in "Information Processing" Vol. 25, No. 6 (1984) pages 561-565.
In the DES system, 64-bit (8-byte) plain text block data is encypted by 64-bit (8-byte) key data. Thus, the DES system is block encryption which processes data to be encrypted as 64-bit (8-byte) block.
In order to implement the DES system by a hardware, it is necessary to select one of encryption utilization modes in accordance with a purpose of use. Usually, a plain text includes many repetitions of the same bit pattern. If it is encrypted by one algorithm and one key data, the encrypted sentence includes repetitive patterns. There is a risk of decryption if the encrypted text is statistically analyzed and hence it is not desirable from security standpoint.
A CBC (cipher block chaining) mode is known as a high security mode because it generates different encrypted texts even if the same plain text and key data are repeatedly used for encryption.
An outline of the operation of the CBC mode is explained with reference to FIG. 11. In a step 1, an 8-byte plain text block loaded in an input data register 1 and an 8-byte initial vector loaded in an initial vector register 2 are supplied to a logic circuit 3 to exclusively-OR them, and resulting data is encrypted by an encryption circuit 4 to produce an encrypted text block, which is loaded to an output data register 5. In a step 2, the encrypted text block is fed back to an input and supplied to the logic circuit 3 where it is exclusively ORed with the next 8-byte plain text block of the input data register 1, and the resulting data is encrypted by the encryption circuit 4 and the output of the encrypted text block is loaded to the output data register 5. Similar encryption process is repeated until a step N so that the plain text block data sequence consisting of N 8-byte blocks is encrypted.
In FIG. 11, key data is omitted. While circuits for the steps 2, . . . - N are separately shown for easiness of explanation, the circuit used in the step 1 is actually used for the steps 2, . . . - N. In the decoding process, a circuit used in the decryption process (enclosed by broken lines in FIG. 11) is used as it is. In the decoding process, the encrypted text blocks are sequentially loaded to the input data register and the plain text blocks are sequentially outputted. Other operations are identical to those of the decryption process.