The present invention relates to an encrypting apparatus for encrypting data to be recorded or data to be transferred and for keeping the security of information, a decoding apparatus, an encryption communication system, an encrypting method, a decoding method, and an encryption communication system in an information management system or an information communication system. Particularly, the invention relates to a system which is optimum to encrypt by using an RSA algorithm.
In general, in the information system, a method whereby data is encrypted to protect the security of data which is stored into a file or data which flows on a transmission path is one of the effective methods.
Hitherto, for instance, a data encrypting system such as an RSA algorithm or the like which was published by R. L. Rivest, A. Shamir, and L. Adleman of the Massachusetts Institute of Technology has been described in detail in Shin Hitotsumatsu, "Study of Data Protection and Encrypting", published by Nihon Keizai Shimbun Inc., pages 52 to 61, 1983.
FIG. 1 shows a circuit diagram of the foregoing conventional system for encrypting data by using a block encryptor of 64 bits. FIG. 2 shows a circuit diagram of the above conventional system for decoding the data of the cryptogram in FIG. 1.
In FIG. 1, a block encryptor 101 is an apparatus for converting arbitrary data (data of one block) having a length of 64 bits into a ciphertext also having a length of 64 bits by using an encrypting key (code) 104. An exclusive OR device 102 is an apparatus for operating the exclusive OR at the corresponding bit positions for two arbitrary data each having the length of 64 bits and for outputting the resultant data of 64 bits. Reference numeral 103 denotes a delay buffer to delay an output of the block encryptor 101 by the time of one block. In the system, the following processes are executed in the case of encrypting data M. (In the following description, symbols C, M, X, Y, and the like denote both of the cases where data is indicated and where numerical values of data are indicated.)
(1) The data M is divided into blocks M.sub.1, M.sub.2, . . . each having the unit length of 64 bits.
(2) The first block M.sub.1 passes through the exclusive OR device 102 and is encrypted by the block encryptor 101 by the following equation. EQU C.sub.1 =enc(M.sub.1)
Data C.sub.1 of 64 bits is output as the first ciphertext block.
(3) The exclusive OR of the second block M.sub.2 and the ciphertext block C.sub.1 is get by the exclusive OR device 102. EQU X.sub.2 =M.sub.2 .sym.C.sub.1
where, .sym. denotes the exclusive OR. X.sub.2 is encrypted by the block encryptor. EQU C.sub.2 =enc(X.sub.2)
Data C.sub.2 of 64 bits is output as the second ciphertext block.
(4) In a manner similar to the above, the blocks M.sub.3, . . . of the third and subsequent blocks are also sequentially converted into the ciphertext blocks C.sub.3, . . . and are outputted by the following equations. EQU X.sub.3 =M.sub.3 .sym.C.sub.2, C.sub.3 =enc(X.sub.3), . . .
After the ciphertext blocks C.sub.1, C.sub.2, . . . which had been converted as mentioned above were stored into files or transmitted to others, they can be decoded by the decoding system of FIG. 2. In FIG. 2, reference numeral 201 denotes a block decoder; 202 an exclusive OR device; 203 a delay buffer to delay data by the time of one block length; and 205 a decoding key.
(1) A ciphertext C is divided into blocks C.sub.1, C.sub.2, . . . each having the unit length of 64 bits.
(2) The first block C.sub.1 is decoded by the block decoder 201. EQU M.sub.1 =dec(C.sub.1)
The data M.sub.1 of 64 bits passes through the exclusive OR device 202 and is outputted as the first plaintext block.
(3) The second block C.sub.2 is decoded by the block decoder. EQU X.sub.2 =dec(C.sub.2)
The exclusive OR of X.sub.2 and the ciphertext block C.sub.1 is get by the exclusive OR device 202. EQU M.sub.2 =X.sub.2 .sym.C.sub.1
The data M.sub.2 of 64 bits is outputted as the second plaintext block.
(4) In a manner similar to the above, the third and subsequent blocks C.sub.3, . . . are also sequentially converted into the plaintext blocks M.sub.3, . . . and are outputted.
The encrypting system as shown in FIGS. 1 and 2 is called a Cipher Block Chaining (CBC) system. Such a system is an excellent system in which the input signal of the encryptor corresponds to the exclusive OR of the data input and the output of the encryptor which is preceding by one block, it is extremely difficult to decrypt the ciphertext by a third person. Moreover, since the logic of the exclusive OR can be easily constructed by hardware and its inverse logic is also the exclusive OR, there is an advantage such that the common logic hardware can be used for the encrypting section and decoding section.
However, in the CBC system, the following problems occur in the case of using the block encryptor according to the system such as the foregoing RSA algorithm which uses a condition as a prerequisite in which only the data of the number smaller than a predetermined numerical value N can be encrypted.
That is, there occurs a problem such that in FIGS. 1 and 2, at the stage of operating the exclusive OR in the item (3) mentioned above, even when the input data of the exclusive OR device is smaller than a predetermined integer value N, its output (result) exceeds the numerical value N, so that the input data cannot be correctly encrypted nor decoded.