JPH0918469A - Equipment and system for cipher communication and ciphering device - Google Patents

Abstract

PURPOSE: To set the proper ciphering system by a transmitter and a receiver in a ciphering communication network. CONSTITUTION: A terminal 10 for communication is provided with ciphering devices 11 performing ciphering and decoding which are different in ciphering systems, a selection means 14 selecting one of the ciphering devices 11 and a key generation/selector 13 generating the ciphering key according to the selection. The ciphering system which is suitable for the communication is discussed, determined and selected with the terminal 10 for communication on an opposite side. Therefore, the ciphering system having the ciphering intensity according to the secrecy required for information to be communicated is set.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a cryptographic communication device, a system, and a cryptographic device used for encrypting the data to keep the data secret.

[0002]

2. Description of the Related Art In recent years, with the development of optical fiber networks in trunk communication networks, the spread of cable television systems, the practical use of sanitary communication, and the spread of local air networks, various information is exchanged using such communication networks. Is about to be realized. In addition, it is considered to transmit multimedia information such as moving image data, still image data, audio data, computer data, etc. as the information. In such a communication network, it is important to transmit information safely, and various ciphers are known as means for that purpose. These ciphers are roughly classified into two cryptosystems, a common key cryptosystem and a public key cryptosystem, and various systems are considered for each classification.

FIG. 14 shows a common key cryptographic communication network, and FIG. 15 shows a public key cryptographic communication network. FIG. 16 shows a common key / public key cryptographic network, which is configured by adding the public key cryptographic communication network of FIG. 15 to the common key cryptographic communication network of FIG.

First, cryptographic communication using the common key cryptosystem will be described. In the common key cryptographic communication network, FIG.
As shown in, a unique and secret key is shared in advance among network subscribers. A, B, C, ..., M are subscribers of the network, K _AB , K _AC , ... are keys shared by subscribers A and B, and keys shared by subscribers A and C, respectively. , ... are shown. Further, each subscriber has a communication terminal equipped with an encryption device for performing encryption (and decryption) according to an algorithm determined by the network as shown in FIG. The conventional common key cryptographic communication from the subscribers A to B is performed by the following procedure.

[0005] 1. A uses the secret key K _AB shared with the destination B in advance as the key of the encryption device of this communication to encrypt the communication text by the encryption device, and sends the encrypted text to B. 2. B is a secret key K shared with sender A in advance
_{Using AB} as the key of the encryption device for this communication, the encryption device decrypts the received text from A to obtain the communication text.

Next, cryptographic communication using the public key cryptosystem will be described. As shown in FIG. 15, on the electronic bulletin board of the public key encryption communication network, the public key of each subscriber is posted in a form that can be associated with the subscriber's ID (name, etc.).
In FIG. 15, the public keys of the subscribers A, B, ...
^{, p} _A , K ^p _B , ..., K ^p _M. Each subscriber secretly holds a private key corresponding to his public key. In FIG. 15, the subscriber A, B, ..., a secret key of M K ^s
_A , K ^s _B , ... , K ^s _M. Furthermore, each subscriber encrypts (and decrypts) according to an algorithm determined by the network as shown in FIG.
It has a communication terminal equipped with a cryptographic device for performing. Conventional public key cryptographic communication from subscribers A to B is performed in the following procedure.

Publication of conventional subscribers A to B 1. A uses the public key K ^p _B of the destination B as the key of the encryption device of this communication, encrypts the communication text by the encryption device, and sends the encrypted one to B. 2. B uses its own secret key K ^p _B as the key of the encryption device of this communication to decrypt the received text from A by the encryption device,
Get correspondence. Cryptographic communication is performed by these procedures.

As described above, with regard to the cryptographic technique necessary for realizing reliable communication, various schemes are considered even if it is limited to the representative cryptographic schemes known at present. . In addition, various usage modes are considered even with the same encryption method, and various measures are considered to further increase the strength against decryption.

Here, the DES encryption will be briefly described as a conventional encryption method. In the DES encryption, encryption and decryption are performed in units of 64-bit data blocks, and the key length is 56 bits (64 bits when 8 parity bits are added). Cryptographic algorithms are basically transposed and substituting. By repeating 16 steps of a process combining these transpositions and substituting appropriately, the plaintext bit patterns are mixed and converted into ciphertexts that do not make sense. . When decrypting, the original plaintext is restored by stirring in reverse.

The parameter of this stirring method is designated by a 56-bit key. The number of key candidates is 2 56 (about 10
(17 to the 17th power), and when performing a brute force decryption, that is, a decryption in which the obtained ciphertext and plaintext pair is checked by changing the key once, 500ns per check
In this case (processing speed of 128 Mbps), it takes about 1000 years as a whole.

In the DES encryption process, transposition (initial transposition IP) is first performed on 64-bit plain text. This initial transposition is fixed. The output of this transposition process is subjected to a transposition (final transposition IP ⁻¹ ) at the end after a complicated 16-stage encryption process on the way. This final transposition is also fixed.

The initially transposed 64-bit data is divided into left and right by 32 bits, and the left half is L ₀ and the right half is R ₀ . The process shown in FIG. 18 is performed over 16 stages from L ₀ and R ₀ to L ₁₆ and R ₁₆ . That is, assuming that the left and right 32 bits at the end of the processing of the n-th stage are L _n and R _n , respectively, L _n and R _n are expressed by the following equation.

L _n = R _n-1 R _n = L _n-1 #f (R _n-1 , K _n )

Here, # is exclusive of mod2 for each bit.
Means disjunction, K_nIs the 48 bits input to the nth stage
The key of L_n-1And R_n-1Is the output of the (n-1) th stage, f
Is R _n-1And K_nTo output 32-bit data
Function.

[0015]

However, in the conventional cipher communication, which cipher system and use mode are used on the sending side and the receiving side, and what kind of measures are taken for deciphering are used. No consideration was given to the adjustment as to whether or not to carry out encrypted communication. Therefore, when the sender and the receiver have an encryption device that can execute multiple encryption methods, or when multiple usage modes can be executed, how to perform the communication between the sender and the receiver to perform the encrypted communication. However, it is not possible to detect the common encryption method of both parties and perform the encrypted communication by the encryption method.

Furthermore, no consideration has been given to adjustments such as negotiating encryption methods on the transmitting side and the receiving side according to the type of information to be exchanged. In particular, no consideration was given to adjusting the encryption strength according to the type of information to be exchanged. For example, if the information to be exchanged is highly confidential, the method of taking measures against the decryption as described in the conventional technique is used to perform highly secure encrypted communication, and the information to be exchanged is confidential. If the information is not high, it is impossible to reduce the load on the encryption device by using the normal encryption method. The conventional cryptographic communication has the above problems.

The present invention has been made to solve the above problems, and an encryption communication device capable of selecting an encryption method,
The purpose is to obtain a system and a cryptographic device.

[0018]

According to a first aspect of the present invention, a plurality of communication means for respectively encrypting transmission data and decrypting reception encryption data and communicating with each other are provided, and the communication means is provided. And a selection means for selecting one of the plurality of encryption methods.

According to the invention of claim 7, an encryption means for encrypting information by selectively using a plurality of encryption methods,
A mode designating unit that designates an operation mode is provided, and the encryption unit selects an encryption method according to the designated mode.

According to the invention of claim 8, an encryption means for encrypting information by selectively using a plurality of encryption methods,
The encryption means selects an encryption method according to the specified security rank.

According to a ninth aspect of the present invention, there is provided an encrypted communication system in which encrypted data is communicated between a plurality of terminals on a network, and an encryption method can be selected. When the encryption method specified by is changed by another terminal device, it is necessary to obtain consent from the predetermined terminal device side.

[0022]

According to the present invention, the encryption method can be arbitrarily set by providing the communication means used by the sender / receiver who performs the encrypted communication with the selection means capable of selecting the encryption method.
By sharing the set encryption method between the sender and the receiver prior to the transmission of the ciphertext, it is possible to select an encryption method that has not been considered in the past and enable encrypted communication with a high degree of freedom. It also allows the selection of encryption strength.

[0023]

EXAMPLES Examples 1 to 8 will be shown below, and each example is based on the following viewpoints. [Example 1] An encryption method is set from a plurality of encryption methods. Second Embodiment An encryption method is set from common key encryption and public key encryption. Third Embodiment An encryption method is set from among a plurality of block ciphers. [Fourth Embodiment] A plurality of f-functions are prepared for the DES type encryption, and the encryption method is set by selecting them.

[Embodiment 5] For the block cipher, an encryption method is set from the usage modes. [Sixth Embodiment] "Perform encryption while updating key" An encryption method is set from a plurality of encryption methods. [Embodiment 7] For the block cipher, an encryption method is set from an encryption method "encrypt using a fixed key" and an encryption method "encrypt while updating the key". [Embodiment 8] The internal variables of the key generation / selection device of the encryption method "encrypting while updating the key" of Embodiment 7 are made readable.

However, the essence of the present invention is to have means for selecting from among a plurality of cryptosystems so that a specific cryptosystem can be executed. Also, it is possible to select the encryption strength. Therefore, the plurality of selected encryption methods are not limited to the encryption methods shown in the embodiments. As described in the related art, since there are many cryptosystems currently proposed, it is difficult to show all the cryptosystems in the embodiments.
Further, an encryption method in which a plurality of encryption methods are combined is also included as an encryption method selected by the present invention.

[Embodiment 1] In the present embodiment, as shown in FIG. 1, a plurality of encryption devices 11 for performing encryption (and decryption).
, Communication interface 12, and key generation / selection device 13
And cryptographic communication is performed using the communication terminal 10 including the selection unit 14 that selects one of the outputs of the plurality of encryption devices 11.

Each encryption device 11 realizes a different encryption method process. In the present embodiment, the encryption methods are: encryption method 1 encryption method 2 ... Encryption method t, and t types of encryption methods are used for each encryption device 11 of encryption device 1, encryption device 2 ,. It is assumed that the processing is realized. Further, which encryption device 11 to use can be set by the encryption method setting signal. In the following description, the encryption device 11 will be referred to as the encryption device 1 ...
Shall be called.

The selecting means 14 is controlled by the encryption method setting signal and can select one from the outputs of the plurality of encryption devices 11. For example, when encryption processing of encryption method 1 is desired, the selection means 14 may be set to select the output from the encryption device 1 by the encryption method setting signal. Similarly, when encryption processing of encryption method 2 is desired, the selection means 14 is operated by the encryption device 2 by the encryption method setting signal.
It should be set so that the output from is selected.

The communication interface 12 transmits the information indicating the encryption method and the transmission text encrypted by the encryption device 11 to the transmission line, and the information indicating the encryption method from the communication partner and the encryption device 11 encrypts the information. It is a communication interface for receiving the transmitted message and the transmitted message from the transmission line.

Further, since the key length is generally different for each encryption method, there is a key generation / selection device 13 as means for generating or selecting a key corresponding to the encryption method selected by the encryption method setting signal. , Key generation / selection device 13
Then, a key corresponding to the encryption method selected from one key having a certain length is generated. Alternatively, the keys corresponding to the number of encryption methods that can be realized by the encryption device are prepared in advance, and the key corresponding to the selected encryption method is selected.

FIG. 2 shows a key generation / selection device 13 according to the present invention.
An example is shown below. The key generation / selection device 13 generates a key according to the following algorithm. One key having a certain length which is input to the key generation / selection device 13 is used as an initial value (x ₀ ) in the following algorithm. x _{i + 1} = f (x _i ) (i = 0,1, ...) (1) b _{i + 1} = g (x _{i + 1} ) (i = 0,1, ...) 2)

As shown in FIG. 2, the key generation / selection device 13 has a processing circuit 13 for performing the feedback calculation of the equation (1).
a, a processing circuit 13b for performing the calculation of the formula (2), and a processing circuit 13b for performing the calculation of the formula (2) for the output of the length required for the key corresponding to the encryption method selected by the encryption method setting signal. And a calculator 13c for converting it into a key when it is output from

In the arithmetic unit 13c, b ₁ , b ₂ , ..., B _i output from the processing circuit 13b for performing the calculation of the equation (2) have a length corresponding to the encryption method selected by the encryption method setting signal. Convert to a key. The key is the selected cipher system bit string length of which is determined by algorithm, generates the arithmetic unit 13c, for example, by b _1, b _2, ..., by arranging as the b _i, or by rearranging their order To be done.

Therefore, the operation of the key generation / selection device 13 is as follows.
It looks like below. 1. X as initial value₀To the key generation / selection device 13
I do. 2. From equation (1), x₁, X_Two, ..., x_iGenerate
You. 3. The generated x₁, X_Two, ..., x_iFor equation (2)
And obtained b ₁, B_Two, ..., b_iIs output. 4. B by the computing unit 13c₁, B_Two, ..., b_iThe encryption method
Output as a key corresponding to the encryption method selected by the formula setting signal.
Power.

The key generation / selection device 13 determines how many times the formulas (1) and (2) are calculated according to the encryption method setting signal, and how long the key is output from the calculator 13c. , Are controlled to generate a key having a length corresponding to the encryption method selected by the encryption method setting signal.

The key generation / selection device 13 can also be configured as shown in FIG. The key generation / selection device 13 of FIG. 3 is composed of t keys (k ₁ , k ₂ , ..., K _t ) and key selection means 13d. The keys k ₁ , k ₂ , ..., K _t are input to the key selection means 13d, and one of them is selected by the encryption method setting signal. As a result, a key having a length corresponding to the encryption method selected by the encryption method setting signal is selected.

As the encrypted communication network for performing encrypted communication using the communication terminal 10, the one shown in FIG. 14 is used. Key sharing can be realized by setting a key in advance by a network administrator or the like. Or,
Reference "Cryptography and Information Security" (Tsujii, Kasahara, 19
Published in 1990, Shokosha Co., Ltd., 72-73, 97-10
It can also be realized by a publicly known key agreement system as shown in (4).

The cryptographic communication from the subscribers A to B according to the present invention is performed in the following procedure. In the following description, it is assumed that the key generation / selection device 13 is the one shown in FIG. 2, and as described above, a key corresponding to the encryption method selected from one key having a certain length is generated.

[Pre-procedure 1 of encrypted communication according to the present invention] 1. The sender A sends information indicating the encryption method to the recipient B via the communication interface 12. 2. The recipient B receives the information indicating the encryption method sent from the sender A via the information communication interface 12, and the encryption device 11 in the communication terminal 10 used by the recipient B uses the encryption method. After confirming that the encrypted communication can be processed, the sender A is notified via the communication interface 12 that the encrypted communication has been started. If it is difficult to process with the encryption method, the communication interface 12 is selected as a possible encryption method.
To sender A via. 3. The above procedure is repeated until the sender and the sender agree on the encryption method.

In the above-mentioned Pre-procedure 1, the information indicating the encryption method is shown from the sender side, but it is also possible to show the information from the receiver side as follows. [Pre-procedure 2 for encrypted communication according to the present invention] The receiver B sends a request for providing information and information indicating an encryption method for encrypting the information to the communication interface 12
To sender A via. 2. The sender A receives the request for providing the information sent from the receiver B and the information indicating the encryption method via the information communication interface 12, and is on the communication terminal 10 used by the sender A. After confirming that the cryptographic device can process with the cryptosystem, the recipient B is notified via the communication interface 12 that the cryptographic communication has been started. When it is difficult to process with the encryption method, the possible encryption method is transmitted to the recipient B via the communication interface 12. 3. The above procedure is repeated until the sender and the sender agree on the encryption method.

The above procedure is effective when the sender does not know the encryption method that can be set on the receiving side or when the receiver does not know the encryption method that can be set on the transmitting side. If the sender knows the encryption method that can be set on the receiving side,
Alternatively, if the receiver knows the encryption method that can be set on the transmitting side, it is possible to start the next encrypted communication by performing only the above procedure 1.

Further, in a cryptographic communication network in which a cryptographic key is exchanged between senders and receivers prior to cryptographic communication, in the key sharing protocol, the cryptographic method together with the information for key sharing is used. Information can be shared. In such a case, it is possible to start the encrypted communication by omitting the above procedure.

According to the above procedures 1 and 2, the encryption method can be adjusted between the sender and the receiver. Further, the pre-procedures 1 and 2 do not have to be performed every time communication is performed. For example, it is not necessary when the sender and the sender have already agreed upon the encryption method and the encrypted communication is performed by the encryption method.

Below, the following procedure is continued between the sender A and the recipient B. [Data encryption communication procedure according to the present invention (related to sender A)] The selection means 14 is set so that the output from the encryption method determined in the previous steps 1 and 2 is selected by the encryption method setting signal. 2. A secret key K _AB shared in advance with the recipient B is set as an initial value in the key generation / selection device 13 in the communication terminal 10, and a key corresponding to the encryption method selected by the encryption method setting signal is generated. To do. The generated key is set in the encryption device 11. 3. The data is encrypted by the encryption device 11, and the selection unit 1
In step 4, the ciphertext output from the encryption device 11 determined in the previous procedure is selected and transmitted to B via the communication interface 12.

[Data encryption communication procedure according to the present invention (related to recipient B)] The selection means 14 is set so that the output from the encryption method determined in the previous steps 1 and 2 is selected by the encryption method setting signal. 2. A secret key K _AB shared in advance with the sender A is set as an initial value in the key generation / selection device 14 in the communication terminal 10, and a key corresponding to the encryption method selected by the encryption method setting signal is generated. To do. The generated key is set in the encryption device 11. 3. The encrypted data is received from the transmission path via the communication interface 12, the encrypted data sent from A is decrypted by the cryptographic device 11, and the plaintext output from the cryptographic device 11 determined in the previous procedure is selected by the selection means 14. Select.

It is also possible to use the one shown in FIG. 3 as the key generation / selection device 13. In that case, FIG.
The key shown in means a combination of a plurality of keys.
That is, the key K _AB between the subscribers A and B is the key K _AB1 when the encryption method 1 is used, the key K _AB2 when the encryption method 2 is used, ...
It consists of the key K _ABt when using the encryption method t. In this case, the encrypted communication from the subscribers A to B according to the present invention is performed by the following procedure. However, since the pre-procedures 1 and 2 are the same as the above, the description is omitted.

[Data encryption communication procedure according to the present invention (related to sender A)] The selection unit 14 is set so that the output from the encryption method determined in the previous procedure is selected by the encryption method setting signal. 2. Secret key K shared with recipient B in advance
_AB (consisting of K _AB1 , K _AB2 , ..., K _ABt ) is set in the key generation / selection device 13 in the communication terminal 10, and a plurality of keys K _AB1 , K _AB2 , ... , K
Select the key corresponding to the selected encryption method from _ABt .
The selected key is set in the encryption device 11. 3. The data is encrypted by the encryption device 11, and the selection unit 1
In step 4, the ciphertext output from the encryption device 11 determined in the previous procedure is selected and transmitted to B via the communication interface 12.

[Data encryption communication procedure according to the present invention (related to recipient B)] The selection unit 14 is set so that the output from the encryption method determined in the previous procedure is selected by the encryption method setting signal. 2. Secret key K shared with sender A in advance
_AB (consisting of K _AB1 , K _AB2 , ..., K _ABt ) is set in the key generation / selection device 13 in the communication terminal 10, and a plurality of keys K _AB1 , K _AB2 , ... , K
Select the key corresponding to the selected encryption method from _ABt .
The selected key is set in the encryption device 11. 3. The encrypted data is received from the transmission path via the communication interface 12, the encrypted data sent from A is decrypted by the cryptographic device 11, and the plaintext output from the cryptographic device 11 determined in the previous procedure is selected by the selection means 14. Select.

Each subscriber of the cryptographic communication network has a portable storage device 30 as shown in FIG. 4 for storing secret information such as a key of each user necessary for cryptographic communication. May be. Portable storage device 3
0 stores secret information of each user necessary for encrypted communication, and in consideration of security, a configuration is made such that each user has a portable storage device 30 separately from the communication terminal 10. ing. The portable storage device 30 may be a part of the communication terminal 10 as long as a physically safe area can be secured for each user, but in that case, the communication terminal 10 that can be used for encrypted communication for each user. Will be limited. By separating the communication terminal 10 and the portable storage device 30 so that the confidential information of each user is not stored in the communication terminal 10, the user can use his or her own portable storage device 30 at any communication terminal 10. This is convenient because the secret information of the user can be exchanged via the Internet and used for encrypted communication.

The portable storage device 30 can exchange information with the communication terminal via a secure communication path, and has a physically secure area as a holding means 30a. Only the legitimate owner can operate the portable storage device 30 normally, and it is determined whether or not the legitimate owner by the authentication procedure such as the password. Further, among the shared keys, the one related to the owner of the portable storage device 30 is held in the holding means 30a. The portable storage device 30 can be realized by an IC card or the like. In all of Examples 2 to 8 described below, the case of using the portable storage device 30 is also within the scope of the present invention.

[Embodiment 2] In this embodiment, a plurality of encryption devices 15 for performing encryption (and decryption), as shown in FIG.
Cryptographic communication using a communication terminal 10 provided with 16, a communication interface 12, a key generation / selection device 13, and a selection means 14 for selecting one of the outputs of a plurality of encryption devices 15 and 16. I do.

In this embodiment, the encryption method is 1. DES encryption method (or FEAL encryption method) as a representative of the common key encryption method. As a representative of public key cryptosystems, there are two types of cryptosystems such as RSA cryptosystem (or ElGamal cryptosystem),
DES encryption device (or FEAL encryption device) 1
5 and the RSA encryption device (or ElGamal encryption device) 16 realize the processing. However, DES encryption, FEAL encryption, RS
The A-cipher and the ElGamal cipher are only listed as typical examples of the common key cipher or the public key cipher, and the present invention is not limited to these and can be applied to other cipher algorithms.

When the communication terminal 10 of FIG. 5 is used in the DES encryption system, the selecting means 14 causes the DES encryption device 1 to operate.
The output from 5 should be selected. When the communication terminal 10 of FIG. 5 is used in the RSA encryption method, the selection means 14 may select the output from the RSA encryption device 16.

The key generation / selection device 13, the communication interface 12, and the selection means 14 are the same as those in the first embodiment. However, the key generation / selection device 13 uses the one shown in FIG. 3, and selects the key corresponding to the encryption method selected by the encryption method setting signal. That is, when the DES encryption method is selected, the key distributed in advance for the DES encryption is selected, and when the RSA encryption method is selected, the RS
Select a public key published for A encryption.

In this embodiment, the encryption communication network shown in FIG. 16 is used. The common key / public key cryptographic communication network of FIG. 16 is configured by adding the public key cryptographic communication network of FIG. 15 to the common key cryptographic communication network of FIG.

The cryptographic communication from the subscribers A to B according to the present invention is performed in the following procedure. However, the pre-procedures 1 and 2 are the same as those in the first embodiment. [Data encryption communication procedure according to the present invention (related to sender A)] The selection unit 14 is set so that the output from the encryption method determined in the previous procedure is selected by the encryption method setting signal. 2. Depending on the encryption method setting signal, the common key K _AB and the public key K ^p
Select the key corresponding to the encryption method selected from _B and.
The selected key is set in the encryption devices 15 and 16. 3. Data is encrypted by the encryption devices 15 and 16, the ciphertext output from the encryption device determined in the previous procedure is selected by the selection means 14, and the B is transmitted via the communication interface 12.
Send to

[Data encryption communication procedure according to the present invention (recipient B)] The selection unit 14 is set so that the output from the encryption method determined in the previous procedure is selected by the encryption method setting signal. 2. Depending on the encryption method setting signal, the common key K _AB and the public key K ^s
Select the key corresponding to the encryption method selected from _B and.
The selected key is set in the encryption devices 15 and 16. 3. The encrypted data is received from the transmission line via the communication interface 12, the encrypted data transmitted from A is decrypted by the cryptographic device, and the plaintext output from the cryptographic device determined in the previous procedure is selected by the selection means 14. To do.

By this procedure, the encryption method can be adjusted between the sender and the receiver, and the security of the encrypted communication can be selected. That is, the encryption method can be selected according to the confidentiality of the data to be transmitted. For example, in the case of particularly confidential data, the public key cryptosystem is selected, and if not, the common key cryptosystem is selected to simplify the process. You can do such things.

[Embodiment 3] In this embodiment, a plurality of encryption devices 1 for performing encryption (and decryption) as shown in FIG.
A communication terminal 10 comprising: 7, 18; a communication interface 12; a key generation / selection device 13; and a selection means 14 for selecting one of the outputs of a plurality of encryption devices 17, 18.
To perform encrypted communication.

In this embodiment, the encryption method is 1. DES encryption 2. It is assumed that there are two types of block ciphers of FEAL cipher, and the processing is realized by the DES cipher device 17 and the FEAL cipher device 18, respectively. However, the DES encryption illustrated here, F
The EAL encryption is just a representative example of the common key encryption,
The present invention is not limited to these, and other encryption algorithms can be applied.

When the DES encryption processing is desired to be performed using the communication terminal 10 shown in FIG. 6, the selection means 14 may always select the output from the DES encryption device 17. If the FEAL encryption process is desired, the selection means 14
Then, the output from the FEAL encryption device 18 may always be selected.

The same key generation / selection device 13, communication interface 12, and selection means 14 as those used in the first embodiment are used. Further, as the encrypted communication network for performing encrypted communication using the communication terminal 10, the one shown in FIG. 14 is used.
Then, the encrypted communication from the subscribers A to B according to the present embodiment is performed in the same procedure as in the first embodiment.

[Embodiment 4] In the present embodiment, as shown in FIG. 7, communication provided with an encryption device 19 for performing encryption (and decryption), a communication interface 12, and a key generation / selection device 13. Cryptographic communication is performed using the mobile terminal 10. The selecting means 14 used in the first to third embodiments is included in the encryption device 19 in this embodiment.

In this embodiment, DES type (involution type) encryption is used as the encryption method. By preparing a plurality of f-functions that are the constituents and selecting a certain f-function from among them, a plurality of encryption methods can be set. DE
Since the S-type encryption is an algorithm that repeats the same processing as described above, it is possible to repeat the processing in the same circuit. For example, if a circuit is formed as one processing unit for one stage of the DES encryption shown in FIG. 18, the encryption processing can be realized by repeatedly using the circuit.

The encryption device 19 in this case is configured as shown in FIG. The encryption device 19 of FIG.
9b, an exclusive OR circuit 19c, and a plurality of f-functions (f
₁ , f ₂ , ..., F _t ) and selection means 19d for selecting one from the outputs of a plurality of f-functions. The selection unit 19d is controlled by the encryption method setting signal.

The configuration of a plurality of f-functions can be realized, for example, by preparing as many sets of Sboxes as there are f-functions. In this case, S ₁₁ , S for the f-function f _1
12, ..., using Sbox of S _18, S _21, S ₂₂ for f function f _2, ..., using Sbox of S _28, ..., it may be so called. Also, for f-function f ₁ , DES
It can also be realized by using a cryptographic f-function, using an FEAL cryptographic f-function for the f-function f ₂ , and ...

Using the encryption device 19 as described above, it is possible to perform encrypted communication by the same procedure as in the first embodiment. The same key generation / selection device 13 and communication interface 12 as those in the first embodiment are used. Also in this embodiment, the encryption communication network shown in FIG. 14 is used. According to the present embodiment, the encryption method can be adjusted between the sender and the receiver.

[Embodiment 5] In this embodiment, encrypted communication is performed using a communication terminal having the same configuration as the communication terminal 10 shown in FIG. However, instead of the encryption device 19 of FIG. 7, an encryption device 20 as shown in FIG. 9 is used. The selecting means is also included in the encryption device 20 in this embodiment. Further, in this embodiment, the bit length of the key does not change depending on the encryption method, so the key generation / selection device 13 is not always necessary.

In this embodiment, a block cipher is considered as an encryption method. In addition, the block cipher ECB (Electric Codebook) mode 1. CBC (Cipher Block Chaini
ng) mode, it can be set by the encryption method setting signal.

The CBC mode will be described later, but here
But let me briefly explain. Plaintext is M _i, The ciphertext is C_i,
The initial value is IV and the encryption using the encryption key K is E_K, Return
Issue D_KThen, the CBC mode is expressed by the following equation. C₁= E_K(M₁+ IV) ……… (3) C_i= E_K(M_i+ C_i-1) (I = 2, 3, ...) (4) M₁= D_K(C₁) + IV ………… (5) M_i= D_K(C_i) + C_i-1(I = 2, 3, ...) (6)

The encryption device 20 in this case is configured as shown in FIG. The encryption device 20 of FIG.
a and a selection means 20b for selecting one from two inputs
And an exclusive OR circuit 20c that performs an exclusive OR operation for each bit. The selection means 20b is controlled by the encryption method setting signal.

When the encryption device 20 is used in the ECB mode, the input initial value IV may be a bit string of all 0s, and the selecting means 20b may always select the initial value IV. When the encryption device 20 is used in the CBC mode, an arbitrary bit string is set as the input initial value IV, and the selecting means 20b selects the initial value IV when encrypting the initial block. The output from the encryption device 20 may be selected. The initial value IV does not need to be kept secret between correspondents.

By using the encryption device 20 as described above, it is possible to perform encrypted communication by the same procedure as in the first embodiment. However, when the CBC mode is selected in the previous procedure, a procedure for sharing the initial value IV is required. For example, before performing encrypted communication, the initial value I is changed from A to B.
A procedure for sending V is required. Since the initial value IV does not need to be kept secret between the sender and the receiver, it need not be encrypted. In addition to the secret key K _AB , the shared initial value I
V must be set in the encryption device 20 in the communication terminal 10.

The key generation / selection device 13 uses the same communication interface 12 as in the first embodiment. Also in this embodiment, the encryption communication network shown in FIG. 14 is used. According to the present embodiment, it is possible to adjust the encryption mode usage mode between the sender and the receiver.

[Embodiment 6] This embodiment is an improvement of the encryption system based on Embodiment 1. In this embodiment, similarly to the first embodiment, encrypted communication is performed using the communication terminal 10 shown in FIG.

The present embodiment is different from the first embodiment in the following points. Although a plurality of cryptographic devices 11 exist in the first embodiment, the key for each cryptographic device 11 is fixed during one cryptographic communication. That is, the key is not changed at any time during the encrypted communication, and the same key is used from the beginning to the end of the encrypted communication. On the other hand, in this embodiment, the key is changed at any time during the encrypted communication in order to improve the security against the decryption by the third party. In order to update the key at any time during the cryptographic communication, the key generation / selection device 13 also generates the key during the cryptographic communication, and every time a key having a length corresponding to the cryptosystem selected by the cryptosystem setting signal is generated. Then, the key of the encryption device 11 is updated. However, it is necessary to update the key in synchronization with the sender and the receiver of the encrypted communication.

The key generation / selection device 13 of this embodiment is also configured as shown in FIG. 2 as in the case of the first embodiment. However,
As described above, the key generation / selection device 13 of the present embodiment performs key generation during encrypted communication, and the key generation / selection device 13 performs encryption every time a key having a length corresponding to the encryption method selected by the encryption method setting signal is generated. Since the key of the device 11 is updated, the operation is different from that of the first embodiment.

Key generation / selection device 13 in the case of the first embodiment
Does not need to operate any more if a key having a length corresponding to the encryption method selected by the encryption method setting signal is generated. On the other hand, in the key generation / selection device 13 of this embodiment, it is necessary to successively generate keys having lengths corresponding to the cryptosystem selected by the cryptosystem setting signal. That is, the key generation / selection device 13 in the present embodiment repeatedly performs the operation of the key generation / selection device 13 in the first embodiment.

The key generation algorithm of the key generation / selection device 13 used in the present invention is not particularly limited,
Although it is possible to use a general one as shown in the first embodiment, in the present embodiment, when a computationally secure pseudo-random number sequence generation algorithm is used as a key generation algorithm, especially among them, The case where a square type pseudo random number sequence is used will be described.

The square type pseudo random number sequence is a pseudo random number sequence b ₁ , b ₂ , ... Generated by the following procedure. [Square type pseudo-random number sequence] p, q is p≡q≡3 (mod
4) is a prime number, N = p · q, and an initial value x
₀ (integer of 1 <x ₀ <N−1) and recursive expression x _{i + 1} = x _i ² modN (i = 0, 1, 2, ...) ... (7) b _i = lsb _j (x _i ) (I = 1, 2, ...) ... The bit sequence b ₁ , b ₂ , ... Obtained by (8) is called a square type pseudo-random number sequence. However, lsb _j (x _i ) represents the lower j bits of x _i , and when the number of N bits is n, j =
O (log ₂ n).

The square pseudo-random number sequence is a computationally secure pseudo-random number sequence under the assumption that the square residue property determination problem in the modulus N is computationally difficult. In order to make the square pseudo-random number sufficiently safe, it is desirable that the number of bits n of the modulus N of the square arithmetic expression (7) be about 512 bits.
Further, the keys (initial values of the key generation / selection devices) K _AB , K _AC , ... _That are secretly shared in advance among the subscribers are 1
<K _AB , K _AC , ... <N-1.

Key generation / selection using this squared pseudo-random number sequence
The selection device 13 is shown in FIG. Key generation / selection in Fig. 10
The device 13 is a processing unit that performs the feedback calculation of equation (7).
Calculation with the processing circuit 13f that performs the calculation of Expression (8) with the path 13e
And a device 13g. This key generation / selection device 1
The operation of No. 3 is as follows. 1. Initial value x₀Is input to the key generation / selection device 13. 2. From equation (7), x₁, X_Two,, ... is generated. 3. The generated x₁, X_Two, ... is executed for equation (8)
And obtained b₁, B _Two,, ... are output. 4. B in the calculator 13g₁, B_Two, ... is the encryption method setting
Key sequence of the key length corresponding to the encryption method selected in No.
k₁, K_Two, ...

FIG. 11 shows a diagram of encrypted communication when the key is updated at any time. Consider a block cipher as an encryption method. In FIG. 11, M _uv (u = 1, 2, ..., T; v = 1,
2, ..., S) is a plaintext block, and k _u (u = 1, 2,
, T) is the block cipher key, k _u (M _uv ) (u =
, 1, t; v = 1, 2, ..., s) represent ciphertext blocks obtained by encrypting the plaintext block M _uv with the key k _u . Here, s blocks from M _u1 to M _us are encrypted with the same key k _u . The plaintext block in FIG. 11 is encrypted by a plurality of encryption keys by sequentially using the key sequences k ₁ , k ₂ , ... That are updated by the key generation / selection device 13 as the keys of the block cipher. By thus updating the key as needed, the number of plaintext blocks encrypted with the same key becomes s, which makes it difficult to analyze the key. Also in this embodiment, the encryption communication network shown in FIG. 14 is used.

The encrypted communication from the subscribers A to B is carried out by the following procedure. However, the pre-procedure is the same as in the first embodiment. [Data encryption communication procedure according to the present invention (related to sender A)] The selection unit 14 is set so that the output from the encryption method determined in the previous procedure is selected by the encryption method setting signal. 2. The secret key K _AB shared in advance with the recipient B is set as an initial value in the key generation / selection device 13 in the communication terminal 10, and the key string corresponding to the encryption method selected by the encryption method setting signal is set. To generate. 3. The key sequence output from the key generation / selection device 13 is used as a key of the encryption device 11 while being updated at any time to encrypt the data, and the selection device 14 determines the encryption device 11 in the previous procedure.
Select the ciphertext output from the communication interface 1
Send to B via 2.

[Data encryption communication procedure according to the present invention (recipient B)] The selection unit 14 is set so that the output from the encryption method determined in the previous procedure is selected by the encryption method setting signal. 2. A secret key K _AB shared in advance with the sender A is set as an initial value in the key generation / selection device 13 in the communication terminal 10, and a key string corresponding to the encryption method selected by the encryption method setting signal is set. To generate. 3. The encrypted data is received from the transmission path via the communication interface 12, and the key string output from the key generation / selection device 13 is used as the key of the encryption device 11 while being updated at any time,
The transmitted encrypted data is decrypted, and the selection means 14 selects the plaintext output from the encryption device 11 determined in the previous procedure.

Although the square pseudo random number is used as the computationally secure pseudo-random number generation algorithm, any computationally secure pseudo random number generation algorithm can be used. For example, as shown in the above-mentioned document "Cryptography and Information Security" (Tsujii, Kasahara, 1990, Shokosha, Ltd., page 86),
Those that use RSA encryption, discrete logarithm, and reciprocal encryption can also be used in the pseudo-random number generation algorithm of the present invention.
Further, the method for updating the key described in the present embodiment as needed is described based on the first embodiment, but it can be applied not only to the first embodiment but also to the third, fourth, and fifth embodiments.

[Embodiment 7] In Embodiment 1, a key selects a certain encryption method from a plurality of fixed encryption methods, and in Embodiment 6, a key is an encryption method selected from among the updated encryption methods (plurality). The method is to select the method. In this embodiment as a variation of the above two embodiments 1 and 6, the encryption method can be selected between a fixed encryption method for the key and an updated encryption method for the key. Further, in this embodiment, an encryption device 11 for performing encryption (and decryption) as shown in FIG. 12,
Cryptographic communication is performed using the communication interface 12 and the communication terminal 10 equipped with the key generation / selection device 13. Here, for simplicity of explanation, it is assumed that there is one encryption device 11.

In this embodiment, a block cipher is considered as an encryption method. Furthermore, the block cipher is Encrypt using a fixed key. 2. Encrypt while updating the key. Which method to use can be set by the encryption method setting signal.

The key generation / selection device 13 is controlled by the encryption method setting signal and "performs encryption using a fixed key".
In the case of using the encryption method, the key generation / selection device 13 stops the process if a fixed key (one key) is generated. In addition, when using an encryption method in which encryption is performed while updating the key, the key generation / selection device 13 uses a key string (multiple keys).
The process is repeated to generate. When the communication terminal 10 of FIG. 12 is used with the encryption method “encrypt using a fixed key”, the key generation / selection device 13 generates a fixed key by the encryption method setting signal, and the encryption is performed. The device 11 may use the fixed key for encryption. Further, when the communication terminal 10 of FIG. 12 is used in the encryption method of "encrypting while updating the key", the key generation / selection device 13 generates a key string by the encryption method setting signal, In the encryption device 11, encryption may be performed while sequentially updating the key with the key sequence. Key generation
The selection device 13 uses the same configuration as that of FIG. 2 and the same operation as that of the sixth embodiment. Cryptographic device 11, communication interface 12
Is the same as that of the first embodiment. Further, as the cryptographic communication network, the one shown in FIG. 14 is used.

The encrypted communication from the subscribers A to B is the first embodiment.
The procedure is similar to. However, if the encryption is selected while updating the key, the data encryption communication procedure is performed in the same manner as in the sixth embodiment.

According to this embodiment, the encryption method can be adjusted between the sender and the receiver, and the security of the encrypted communication can be selected. That is, the encryption method can be selected according to the confidentiality of the data to be transmitted. For example, in the case of particularly sensitive data, "encrypt while updating the key"
It is possible to select an encryption method, and if not, select “encrypt using a fixed key” to simplify the process. In the present embodiment, for simplicity of explanation, the number of the encryption device 11 is one, but a plurality of encryption devices 11 may be used. In that case, the selection means 14 for selecting the outputs from the plurality of encryption devices 11 is required.

[Embodiment 8] In this embodiment, the configuration of the key generation / selection device 13 used in Embodiments 6 and 7 is slightly changed. In the sixth and seventh embodiments, since the key shared between the subscribers is fixed, the key generation / selection device is used when the sender and the receiver are the same even in the encryption method of "encrypting while updating the key". There is a problem that the initial value of 13 is always the same value and the same key string is generated.

Therefore, in this embodiment, the security is improved by changing the initial value of the key generation / selection device 13 each time the sender / receiver is the same.

In equations (7) and (8), which are the procedures for key sequence generation shown in the sixth embodiment, x _{i + 1,} which is successively updated by the feedback calculation, is set as an internal variable of the key generation / selection device 13. I will call it. As shown in FIG. 13, the key generation / selection device 13 of this embodiment includes a processing circuit 13h for performing the feedback calculation of the equation (7), a processing circuit 13i for performing the calculation of the equation (8), and a calculator 13j. In addition, the internal variables updated by the calculation of the equation (7) can be read. The read internal variable is stored in the holding unit 30a of the portable storage device 30 connected to the communication terminal 10 as described in the first embodiment, for example.

In the sixth and seventh embodiments, the key generation / selection device 13
Although the data movement is in one direction only by setting the initial value to, in the present embodiment, the internal variables of the key generation / selection device 13 can be read in the opposite direction. The read internal variable is replaced with the common key used for the current encrypted communication as the common key used for the next encrypted communication.

Further, this key generation / selection device 13 is shown in FIG.
By replacing the key generation / selection device 13 with the key generation / selection device 13, the communication terminal 10 that can be changed each time the initial value of the key generation / selection device 13 is used can be configured.

The encrypted communication from the subscribers A to B is performed in the same procedure as the procedure shown in the sixth and seventh embodiments. However,
In the case of the encryption method that "encrypts while updating the key", the sender and the receiver both ask "the value of the internal variable of the key generation / selection device when the decryption of the encrypted data is completed, A (or B) next time.
Finally, a procedure of "keeping secretly in the holding means of the portable storage device as a new initial value for cryptographic communication with" is required.

Each of the above embodiments is configured to selectively use one of the encryption methods based on the encryption method setting signal. Here, the above-mentioned encryption method setting signal may be arbitrarily selected by the sender, or any encryption method may be automatically selected according to the type of data to be transmitted. Furthermore, when the sender specifies the security rank of the transmission content, an encryption method having a strength according to the specified security rank may be automatically set. Further, the encryption method setting signal depends on the operation mode between the senders A and B, that is, the communication with the senders A and B is, for example, a mode in which a TV conference is performed or a mode in which confidential communication is performed. The encryption strength may be changed automatically. Further, the setting of the encryption method may be set preferentially by a person communicating data, or may be freely set by both senders. However, in the case of weakening the encryption strength, it is preferable to perform the communication that requires the consent of the other party and negotiates to obtain the consent. Further, the encryption method may be set according to the decryption capability of the other party.

[0099]

As described above, according to the present invention,
The encryption method can be changed by providing the communication method used by the sender / receiver who performs encrypted communication with the encryption method, and the selected encryption method can be changed between the sender and the receiver before sending the ciphertext. By sharing with, it is possible to select an encryption method that was not possible in the past, and enable encrypted communication with a high degree of freedom.

[Brief description of the drawings]

FIG. 1 is a block diagram of a communication terminal according to first and sixth embodiments of the present invention.

FIG. 2 is a block diagram of a key generation / selection device according to Embodiments 1, 6, and 7 of the present invention.

FIG. 3 is a block diagram of another key generation / selection device according to the first embodiment of the present invention.

FIG. 4 is a block diagram of a portable storage device according to Examples 1 to 8 of the present invention.

FIG. 5 is a block diagram of a communication terminal according to a second embodiment of the present invention.

FIG. 6 is a block diagram of a communication terminal according to a third embodiment of the present invention.

FIG. 7 is a block diagram of a communication terminal according to a fourth embodiment of the present invention.

FIG. 8 is a block diagram of an encryption device according to Example 4 of the present invention.

FIG. 9 is a block diagram of an encryption device according to Example 5 of the present invention.

FIG. 10 is a block diagram of a key generation / selection device using a squared pseudo random number according to a sixth embodiment of the present invention.

FIG. 11 is a configuration diagram for explaining cryptographic communication when performing a key update according to the sixth embodiment of the present invention.

FIG. 12 is a block diagram of a communication terminal according to a seventh embodiment of the present invention.

FIG. 13 is a block diagram of a key generation / selection device using a square type pseudo random number according to an eighth embodiment of the present invention.

FIG. 14 is a configuration diagram of a common key encryption communication network.

FIG. 15 is a configuration diagram of a public key cryptographic communication network.

FIG. 16 is a configuration diagram of a common key / public key cryptographic communication network.

FIG. 17 is a block diagram of a conventional communication terminal.

FIG. 18 is a block diagram showing processing for one stage of DES encryption.

[Explanation of symbols]

 10 Communication Terminals 11 to 20 Cryptographic Device 12 Communication Interface 13 Key Generation / Selection Device 14 Selection Means

Claims (9)

[Claims] 1. A plurality of communication means for respectively encrypting transmission data and decrypting reception encryption data and communicating with each other, and a selection provided in the communication means for selecting one of a plurality of encryption methods. And a cryptographic communication device including means. 2. The encrypted communication device according to claim 1, further comprising a key generation unit which is provided in the communication unit and which generates a key corresponding to the encryption method selected by the selection unit. 3. The encrypted communication device according to claim 2, further comprising update means provided in said communication means for updating the key generated by said key generation means at the time of encryption processing of said transmission data. 4. The encrypted communication device according to claim 1, further comprising: a determination unit that is provided in the communication unit and that determines an encryption method selected by the selection unit by communicating with each other. 5. The cryptographic communication device according to claim 2, wherein an algorithm for generating a pseudo-random number that is secure in terms of computational complexity is used as the algorithm used by the key generating means. 6. The cryptographic communication device according to claim 5, wherein a square-type pseudo random number generation algorithm is used as the computationally secure pseudo random number generation algorithm. 7. An encryption means for encrypting information by selectively using a plurality of encryption methods, and a mode designation means for designating an operation mode, wherein the encryption means is responsive to the designated mode. An encryption device characterized by selecting an encryption method. 8. An encryption means for encrypting information by selectively using a plurality of encryption methods, and a designation means for designating a security rank, wherein the encryption means corresponds to the designated security rank. An encryption device characterized by selecting an encryption method. 9. An encryption communication system which enables communication of encrypted data between a plurality of terminals on a network and selection of an encryption method, wherein encryption specified by a predetermined terminal device is performed. A cryptographic communication system, characterized in that when the method is changed by another terminal device, the predetermined terminal device needs to consent.