JP2002297031A - Method/device for decoding and method/device for receiving digital broadcasting using the decoding method/ device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To efficiently conduct a decoding processing of a ciphered text. SOLUTION: In a decoding process core, registers 120 to 127 are provided for each of ciphering fundamental function blocks 110 to 117. By conducting the processes in a plurality of cycles, the processing time per cycle is made shorter and the circuits are operated at high speed Moreover, by providing a plurality of registers, since states equivalent to the number of stages of the register are held, a plurality of ciphered blocks is processed simultaneously, by inputting a plurality of ciphered sentence blocks for every cycle. From these two points, the through-put of decoding processes of a ciphered sentence is improved.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a decryption method / device for decrypting cipher text and a digital broadcast receiving method / device using the method / device.

[0002]

2. Description of the Related Art Hitherto, with the development of digital processing technology, information has been encrypted for the purpose of concealing information of communication and recording. Various encryption algorithms are standardized, and one of them is the encryption system MULTI2 registered as ISO9979 / 009 by the International Standards Organization. MULT
The I2 system has also been adopted in Japan's pay broadcasting system,
It is standardized in ARIB-STD20.

FIG. 8 shows an outline of a MULTI2 decoding algorithm. The 64-bit data key and the 256-bit system key are input to the encryption algorithm operation unit 10, and the generated 256-bit work key is generated. This process of generating a work key is called a key schedule. Using this work key, the 64-bit input data is processed by the encryption / decryption algorithm operation unit 20 to generate 64-bit output data.

FIG. 9 shows a MULTI2 encryption algorithm. In this cryptographic algorithm, 64-bit input data is divided into upper 32 bits and lower 32 bits, and basic functions π1 to π4 are formed using 256-bit work keys (keys K1 to K8) generated by a key schedule. The data is encrypted by a repetitive operation of eight encryption block stages to generate 64-bit output data.

FIG. 10 shows a decoding algorithm of MULTI2. In this decryption algorithm, similar to the encryption algorithm, the 64-bit input data is converted into the upper 32 bits,
Using a 256-bit work key (keys K1 to K8) generated by the key schedule, the data is divided into lower 32 bits and decrypted by a repetitive operation of eight cryptographic block stages composed of basic functions π1 to π4, and the 64-bit work key is decoded. Generate output data.

FIG. 11 shows an algorithm of a key schedule of MULTI2. The key schedule algorithm of MULTI2 is configured by an encryption algorithm, and divides a 64-bit data key into upper 32 bits and lower 32 bits, and divides a 256-bit system key into 32 bits.
After being divided into bit keys J1 to J8, they are input to the encryption algorithm operation unit 210, respectively. Then, the encryption algorithm operation unit 210 generates 32-bit work keys K1 to K7 using the input data key and system key, and finally generates the key K in the encryption block 211 of the function π1.
8 is generated.

Conventionally, an encryptor that realizes an encryption algorithm operation unit and a decryptor that realizes a decryption algorithm use eight (or four half) encryption block stages of the encryption and decryption algorithms shown in FIGS. 9 and 10, respectively. One cycle is constituted by repetition.

In order to make it difficult for a third party to decrypt the encrypted data, a use mode of an encryption / decryption algorithm registered as ISO / IEC10116 is used. According to Japanese digital broadcasting standards, CBC (Cipher Block Chaining) mode and
It is defined that an OFB (Output Feedback) mode is used. The CBC mode is applied when an input ciphertext block is 64 bits, and is performed by a decryption algorithm. Input ciphertext block is 6
If less than 4 bits, the OFB mode is applied and is performed by a cryptographic algorithm.

A step of generating a key by an encryption algorithm; a step of performing CBC decryption by a decryption algorithm;
The decryption process of the ciphertext, which includes the step of performing the FB decryption process, is performed by a decryption device having a configuration as shown in FIG.

In FIG. 12, in the key schedule, a data key and a system key are input to an encryptor 202, and the encryptor 202 generates a work key. In the CBC process, the ciphertext is input to the decryptor 200 by the selector 204 and processed together with the work key. The output of the decoder 200 is subjected to an exclusive OR operation by the exclusive OR circuit 206 with the ciphertext held in the register 203, and is output as plaintext. In the OFB processing, the cipher text stored in the register 203 is input to the encryptor 201, and
Processed together with the work key from 02. Encryptor 201
Is subjected to an exclusive OR operation by the exclusive OR circuit 207 with the ciphertext input by the selector 204, and is output as a plaintext.

In the decryption processing according to the above configuration, a work key is generated according to a key schedule using an encryptor, and the ciphertext block is subjected to CBC processing using the decryptor. Finally, when a ciphertext block of less than 64 bits remains, OFB processing is performed using an encryptor. That is, the decryption process is realized by switching the circuit in the order of the encryptor, the decryptor, and the encryptor.

[0012]

However, in the decryption apparatus according to the above-described conventional decryption method, the time required for one cycle of decryption processing operation is long, and only one cipher block can be processed at a time. for,
It was difficult to speed up. In the decryption procedure, a key schedule using an encryptor and a C
Since the BC process and the OFB process using the encryptor are performed in order, it is necessary to switch the circuit twice from the encryptor to the decryptor to the encryptor, and there is a problem that it takes time and effort.

On the other hand, in digital broadcasting that is being put into practical use, encryption technology for paying is being developed, but with this, the scale of decryption processing on the receiving side has been reduced, and efficiency has been reduced. It is required to be able to decrypt.

SUMMARY OF THE INVENTION The present invention has been made to solve the above-mentioned problem, and can improve the processing speed in the decryption processing of a data string encrypted by a block encryption method. Decryption that can efficiently perform a ciphertext decryption process including a step of generating a key by an algorithm, a step of performing CBC decryption by a decryption algorithm, and a step of performing OFB decryption by an encryption algorithm It is an object to provide a method and a decoding device.

Further, a digital broadcast receiving method and a digital broadcast receiving apparatus capable of efficiently decoding an encrypted digital broadcast received data sequence by using the decrypting method and the decrypting apparatus which achieve the above object are provided. The purpose is to do.

[0016]

In order to achieve the above object, a decryption method according to the present invention provides a data sequence encrypted by a block encryption method for performing an encryption operation in units of blocks of a predetermined length. In the method of performing input and decryption processing,
The operation of the decoding process is divided into an operation of an arbitrary unit, and a decoding process of an input data string is performed for each operation unit.

A corresponding decryption device according to the present invention is a device for inputting and decrypting a data string encrypted by a block encryption method for performing a plurality of stages of encryption operation in units of a predetermined length. A multi-stage decryption operation unit corresponding to each of the multi-stage encryption operations, provided at an arbitrary position between the input and output of each of the multi-stage decryption operation units, to keep the operation result of the preceding-stage decryption operation unit constant. A plurality of processing stages are configured by using, as a core, a decoding processing circuit including a storage unit that holds a period and passes the data sequence to a decoding operation unit in a subsequent stage, and the decoding process of the data string is performed using the processing stages as a processing unit. Features.

According to the decoding method / apparatus having the above-described configuration, the operation of the decoding process is divided into operations of an arbitrary unit, and the decoding process of the input data sequence is performed for each operation unit. , And a plurality of input blocks can be processed at the same time, so that the throughput of the decoding process can be improved.

Further, as another decryption method according to the present invention, CBC (Cipher B) among the use modes of the encryption / decryption algorithm registered in ISO / IEC10116.
lock Chaining mode or OFB (Output Feedba)
ck) In the case of inputting a data string that has been subjected to block encryption in the mode, decryption processing is performed by switching processing in the order of key schedule processing using an encryption algorithm, OFB processing using an encryption algorithm, and CBC processing using a decryption algorithm. Is performed.

As a corresponding decryption device according to the present invention, CBC (Cipher) among the use modes of the encryption / decryption algorithm registered in ISO / IEC10116.
Block Chaining mode or OFB (Output Feed)
back) mode, when a data sequence that has been subjected to block encryption is input and decryption is performed, OF data is input to the input data sequence.
O to detect the presence of data encrypted in B mode
FB mode detection means, algorithm switching means for switching between an encryption algorithm and a decryption algorithm as an algorithm to be used for decryption processing, and an encryption algorithm when the OFB mode detection means detects that there is an OFB mode data input. , A switching control means for controlling the switching of the algorithm switching means in the order of the key schedule processing, the OFB processing by the encryption algorithm, and the CBC processing by the decryption algorithm.

According to the decryption method / apparatus having the above configuration, the decryption processing is performed in the order of key generation, OFB processing, and CBC processing.
Since the switching of the decoding algorithm can be performed only once, the decoding process can be performed efficiently.

Further, the digital broadcast receiving method / apparatus according to the present invention uses the above-described decryption method / apparatus to perform encryption by a block encryption method for performing an encryption operation in units of blocks of a predetermined length. It is characterized by decoding a received data sequence of digital broadcasting.

According to this configuration, the encrypted digital broadcast reception data sequence can be efficiently decrypted.

That is, according to the present invention, in a decryption process of a data string encrypted by the block encryption method, the decryption processing operation device is divided into arbitrary processing units, and a plurality of ciphertext blocks are simultaneously processed for each processing unit. Thus, the speed of the decoding process is increased. Conventionally, in the decryption method of performing the key schedule and OFB processing by the encryption algorithm and performing the CBC processing by the decryption algorithm, it was necessary to switch the circuit twice from the encryptor to the decryptor to the encryptor. , By changing the order of processing, only one switch from the encryptor to the decryptor is required.

[0025]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS An embodiment of the present invention will be described below in detail with reference to FIGS.

FIG. 1 shows a configuration in which the present invention is applied to a decryption processing core conforming to the MULTI2 encryption system standardized as ISO9979 / 009. The circuits constituting the decryption processing core include the cryptographic basic function blocks 110 to 117 and the 32-bit register 12.
0 to 127, selectors 130 to 138, data input terminals 140 and 141, data output terminals 150,
151, key input terminals 160 to 167, and key output terminal 1
70 to 177. By switching the selectors 130 to 138, the processing order of the input data can be changed, and the MULTI2 encryptor of FIG. 2 and the MULTI encryptor of FIG.
It operates as an I2 decoder or the MULTI2 key schedule circuit of FIG.

FIG. 5 shows a ciphertext decryption apparatus using the decryption processing core of FIG. 1. The decryption processing core 100, the register 101, the work key register 102, the system key register 103, the selectors 104 to 106, An exclusive OR circuit 107 is provided. The selectors 104 to 106 are switch-controlled by an input mode determination control circuit (not shown).

The input mode determination control circuit includes an OFB mode detecting means for detecting that there is data encrypted in the OFB mode in the input data string, and an encryption algorithm and a decryption algorithm as algorithms used for decryption processing. Algorithm switching means for switching between
When the FB mode detection unit detects that there is an OFB mode data input, the switching control of the algorithm switching unit is performed in the order of the key schedule process by the encryption algorithm, the OFB process by the encryption algorithm, and the CBC process by the decryption algorithm.

In FIG. 5, when performing a key schedule, a data key is given as input data. The data key is input to the decryption processing core 100 by the selectors 104 and 105, where a work key is generated.
The generated work key is held in the work key register 102.

In the CBC process, a 64-bit ciphertext block is provided as input data. This ciphertext block is transmitted to the decryption core 100 by the selectors 104 and 105.
And processed with the work key. The output of the decoding processing core 100 is returned to the input of the decoding processing core 100 by the selector 105 a desired number of times, and is repeatedly processed. The processing result is processed by the exclusive OR circuit 107 with the ciphertext block or the initial value held in the register 101 in advance, and is output as a plaintext.

In the OFB processing, a 64-bit ciphertext block or an initial value previously held in the register 101 is input to the decryption processing core 100 and processed together with the work key. The output of the decoding processing core 100 is returned to the input of the decoding processing core 100 by the selector 105 a desired number of times, and is repeatedly processed. The exclusive OR circuit 107 combines the ciphertext block of less than 64 bits newly given as input data with the output of the decryption processing core 100.
To perform an exclusive OR operation. This operation result is output as plain text.

FIG. 2 shows the circuit of FIG. 1 functioning as a MULTI2 encryptor. Terminal 140 is supplied with the upper 32 bits of the input data, and terminal 141 is supplied with the lower 32 bits of the input data. Terminals 160 to 167
Work keys K1 to K8 are input, respectively.

The input data is processed by the function π1 (110) in the first cycle, and is stored in the register 120. In the next cycle, it is processed together with the work key K1 by the function π2 (111) and is stored in the register 121.
In the third cycle, the work key K is calculated using the function π3 (112).
2, and are processed together with K3 and held in the register 122. Subsequently, in the fourth cycle, the function π4 (11
3) is processed together with the work key K4 in the register 123
Is held. In the subsequent cycles, the functions π1 to
π4 (114 to 117) is processed together with the work keys K5 to K8 and held in the registers 124 to 127, respectively. The input data is supplied to the terminal 1 after a cycle (here, 8 cycles) corresponding to the number of stages of the register provided in the encryptor.
50 and 151. The above process is repeated a desired number of times by the decoding device in FIG. 5 to perform the actual processing.

FIG. 3 shows the circuit of FIG. 1 functioning as a MULTI2 decoder. The terminal 32 receives the upper 32 bits of the input data, and the terminal 141 receives the lower 32 bits of the input data. Terminals 160 to 167
Work keys K1 to K8 are input, respectively.

The input data is processed together with the work key K8 by the function π4 (117) in the first cycle, and is stored in the register 127. In the next cycle, the function π3
At (116), the processing is performed together with the work keys K 6 and K 7, and is held in the register 126. In the third cycle, processing is performed with the work key K5 using the function π2 (115), and the result is held in the register 125. Subsequently, in the fourth cycle, processing is performed using the function π1 (114), and the result is stored in the register 124. In the subsequent cycles, the functions π4 to π
1 (113 to 110) are processed together with the work keys K4 to K1, and held in the registers 123 to 120, respectively. The input data is supplied to the terminal 1 after the number of cycles (here, eight cycles) of the register provided in the encryptor.
50 and 151. The above processing is repeated a desired number of times by the decoding processing circuit of FIG. 5 to perform the actual processing.

FIG. 4 shows the circuit of FIG. 1 functioning as a MULTI2 key schedule circuit. The terminal 32 receives the upper 32 bits of the data key, and the terminal 141 receives the lower 32 bits of the data key. Terminals 160-16
7 input the 32-bit system keys J1 to J8.

When a data key is input, it is processed by each function every cycle, as in the case of the encryptor, and is temporarily stored in a register. Work key K1 in the second cycle, work key K2 in the third cycle, work key K3 in the fourth cycle, work key K4 in the fifth cycle, work key K5 in the sixth cycle,
The work key K6 is output in the seventh cycle, and the work key K7 is output in the eighth cycle.

The outputs of the terminals 150 and 151 of FIG. 1 are returned to the terminals 140 and 141 by the selector 105 of FIG.
Processing is performed by the function π1 (110), and the work key K8 is output. The output work keys K1 to K8 are held in the work key register 102.

As described above, in the MULTI2 decryption processing core, a plurality of registers are provided for each encryption basic function block, and processing is performed in a plurality of cycles, whereby the processing time of one cycle is shortened, and the circuit is operated at high speed. Can work. Further, since a plurality of registers are provided, a state corresponding to the number of stages of the registers can be held. Therefore, by inputting a ciphertext block every cycle, a plurality of cipher blocks can be processed simultaneously. From these two points, it is possible to improve the throughput of the ciphertext decryption processing.

In FIG. 1, the basic function blocks 110 to 110 are shown.
Although eight stages 117 are subdivided into eight sets of registers, the number of registers to be installed is arbitrary. Further, the number of stages of the basic function may be set to four and repeated.

The embodiment in which the present invention is applied to the MULTI2 decryption apparatus has been described above.
ta Encryption Standard).

In the digital broadcasting standards of Japan and the United States, CBC (Cipher Block
(Chaining) mode and OFB mode are specified. In the case of the decryption processing using the CBC / OFB mode, for a 64-bit ciphertext block,
The CBC mode is used, and the OFB mode is used for blocks less than 64 bits. When a ciphertext data string is decrypted, CBC processing is performed for each 64-bit block in order from the beginning of the ciphertext data, and OFB processing is performed when an encrypted block of less than 64 bits finally remains. .

It is possible to store broadcast program content scrambled by a digital broadcast receiver in an HDD storage device or a DVD storage device and then play it back.
It is conceivable to play back encrypted content distributed by media such as VD-ROM and CD-ROM. As described above, in the case of data stored in a medium that can be randomly accessed, the size of ciphertext data can be known in advance, and an arbitrary block of ciphertext data can be referred to.

Therefore, according to the present invention, like the MULTI2 encryption method, a key is generated by an encryption algorithm, a CBC decryption process is performed by a decryption algorithm, and an OBC is performed by an encryption algorithm.
In the ciphertext decryption process including the step of performing the FB decryption process, the efficiency is improved by changing the decryption order.

Conventionally, as shown in FIG. 6A, decryption processing is performed in the order of a key schedule by an encryptor, CBC processing by a decryptor, and OFB processing by an encryptor. Therefore, it was necessary to switch the circuit twice in the order of the encryptor, the decryptor, and the encryptor. Therefore, as shown in FIG. 6B, a key schedule is performed using an encryptor, and then,
O for the last block less than 64 bits
The FB processing is performed in advance, and then the CBC processing is performed on the other encrypted blocks by the decryptor. As a result, the switching from the encryptor to the decryptor can be performed only once, so that more efficient decryption processing can be performed as compared with the conventional method.

FIG. 7 shows a comparison between the case of using the conventional method (a) and the case of using the method of the present invention (b) in the circuit of FIG. In FIG. 7, a dotted line indicates one cycle, and indicates that a rectangular area is being processed. As is clear from FIG. 7, in the conventional method, the CBC process by the decryption device must be started after the key schedule by the encryption device is completed. However, in the method using the present invention, OFD by the encryptor is performed in parallel with the key schedule by the decryptor.
B processing can be performed. Therefore, the time required for the entire decryption process is reduced by the amount of the simultaneous execution of the key schedule and the OFB process. When a plurality of encrypted blocks are simultaneously processed as shown in FIG. 1, the effect of the present invention can be said to be great.

As described above, conventionally, the encryption / decryption device is configured with eight stages (or four stages) of encryption as one cycle, so that the time required for processing of one cycle is long, and only one encryption block is processed at a time. Because of this, the speed of the decoding process could not be improved. On the other hand, in the present invention, the encryption / decryption unit that performs processing in a plurality of cycles is configured by subdividing the encryption eight stages into a plurality of stages by the register, so that the processing time of one cycle can be reduced. And the decoding device can be operated at high speed. Also, since a plurality of encrypted blocks can be processed simultaneously, the speed of the decryption process can be improved.

Conventionally, the decryption process is performed by using a key schedule,
Since the CBC process and the OFB process were performed in this order, it was necessary to switch the circuit in the order of the encryptor, the decryptor, and the encryptor. However, in the present invention, the key schedule, the OFB process, and the CB
Since the processing is performed in the order of the C processing, the switching of the circuit is performed only once, that is, the switching from the encryptor to the decryptor, and the efficiency of the decryption processing can be improved.

[0049]

As described above, according to the present invention, the processing speed can be improved in the decryption processing of a data string encrypted by the block encryption method, and a key is generated by an encryption algorithm. A decryption method and a decryption apparatus capable of efficiently performing a ciphertext decryption process including a step of performing a CBC decryption process by a decryption algorithm and a step of performing an OFB decryption process by an encryption algorithm. Can be provided.

Further, by using the above-described decryption method and decryption apparatus, it is possible to provide a digital broadcast reception method and a digital broadcast reception apparatus capable of efficiently decrypting an encrypted digital broadcast reception data sequence. .

[Brief description of the drawings]

FIG. 1 is a block diagram showing a configuration in a case where the present invention is applied to a decryption processing core conforming to the MULTI2 encryption method as an embodiment of the present invention.

FIG. 2 is a block diagram when the circuit of FIG. 1 functions as a MULTI2 encryptor;

FIG. 3 is a block diagram when the circuit of FIG. 1 is caused to function as a MULTI2 decoder;

FIG. 4 is a block diagram when the circuit of FIG. 1 is caused to function as a MULTI2 key schedule circuit;

FIG. 5 is a block diagram showing a configuration of a ciphertext decryption apparatus using the decryption processing core of FIG. 1;

FIG. 6 is a diagram showing a flow of a decoding process according to the present invention in comparison with a conventional case.

FIG. 7 is a diagram showing a comparison of processing time between the case where the conventional method is used and the case where the method of the present invention is used.

FIG. 8 is a diagram showing an outline of a MULTI2 decoding algorithm.

FIG. 9 is a diagram showing a processing configuration of a MULTI2 encryption algorithm.

FIG. 10 is a diagram showing a processing configuration of a MULTI2 decoding algorithm.

FIG. 11 is a diagram showing a processing apparatus of an algorithm of a key schedule of MULTI2.

FIG. 12 is a block diagram showing a configuration example of a conventional decoding device.

[Explanation of symbols]

100: decryption processing core, 101: register, 102:
Work key register, 103 ... system key register, 10
4 to 106: selector, 107: exclusive OR circuit, 1
10 to 117 ... Cryptographic basic function block, 120 to 127
... 32-bit register, 130-138 ... selector, 1
40, 141: data input terminal, 150, 151: data output terminal, 160 to 167: key input terminal, 170 to 1
77 ... Key output terminal.

Claims (8)

[Claims] 1. A decryption method for inputting a data string encrypted by a block encryption method for performing an encryption operation in block units of a predetermined length and performing a decryption process, wherein the decryption operation is performed in an arbitrary unit. A decoding method, wherein the decoding is divided into operations and an input data sequence is decoded for each operation unit. 2. An encryption / decryption algorithm use mode registered in ISO / IEC10116, wherein CBC
(Cipher Block Chaining) mode or OFB (Out
A data sequence that has been subjected to block encryption in the put feedback mode is input, and decryption processing is executed by switching the processing in the order of key schedule processing using an encryption algorithm, OFB processing using an encryption algorithm, and CBC processing using a decryption algorithm. A decoding method characterized by the above-mentioned. 3. The method according to claim 1, wherein the block encryption method is MULTI2 (I
3. The decoding method according to claim 1, wherein the decoding method is an SO 9799/009) method. 4. The decoding method according to claim 1, wherein a received data sequence of a digital broadcast encrypted by a block encryption system for performing an encryption operation in blocks of a predetermined length is provided. A digital broadcast receiving method, comprising: 5. A decryption apparatus for inputting and decrypting a data string encrypted by a block encryption method for performing a plurality of stages of encryption operations in units of a predetermined length, wherein each of the plurality of stages of encryption operations is supported. A multi-stage decoding operation unit, which is provided at an arbitrary position between the input and output of each of the multi-stage decoding operation units, holds the operation result of the pre-stage decoding operation unit for a certain period, and A decoding apparatus comprising: a plurality of processing stages configured by using a decoding processing circuit including storage means to be passed to a unit as a core; and performing the decoding process of the data string by using the processing stages as a processing unit. 6. CBC of the use modes of the encryption / decryption algorithm registered in ISO / IEC10116
(Cipher Block Chaining) mode or OFB (Out
a decryption device that inputs a data sequence that has been subjected to block encryption in a put feedback mode and performs a decryption process; and an OFB mode detection unit that detects that the input data sequence includes data encrypted in the OFB mode. An algorithm switching unit for switching between an encryption algorithm and a decryption algorithm as an algorithm used for the decryption process; and a key schedule process by the encryption algorithm when the OFB mode detection unit detects that there is data input in the OFB mode. OFB with encryption algorithm
A switching control unit for performing switching control of the algorithm switching unit in the order of processing and CBC processing by a decoding algorithm. 7. The method according to claim 1, wherein the block encryption method is MULTI2 (I
The decoding apparatus according to claim 5, wherein the decoding apparatus is based on the (SO9979 / 09) method. 8. The decryption apparatus according to claim 5, wherein a received data sequence of a digital broadcast encrypted by a block encryption method for performing an encryption operation in blocks of a predetermined length is provided. A digital broadcast receiving apparatus for performing a decoding process on the digital broadcast.