US 20030026430 A1 Abstract An encrypting conversion apparatus, a decrypting conversion apparatus, a cryptographic communication system and an electronic toll collection apparatus are provided which are capable of changing algorithms of cryptographic conversion to hide the algorithm in use from a third party so that the apparatuses and system are resistant against a cryptographic attack from the third party and can operate at high speed. In the cryptographic communication system.
Claims(17) 1. An encrypting conversion apparatus for inputting at least one cipher key, at least one algorithm parameter, and plain text data and outputting cipher text data, said encrypting apparatus comprising:
a plurality stage of encrypting conversion means for executing each of an exclusive logical sum operation, a cyclic shift operation and an addition operation at least once, wherein:
said encrypting conversion means includes at least one of each of first to third operation means, said first operation means executes either an exclusive logical sum operation or an addition operation of input data and a portion of data generated from data of the cipher key, said second operation means executes either an exclusive logical sum operation or an addition operation of input data and a portion of data determined by the algorithm parameter, and said third operation means cyclically shifts input data by the number of bits determined by the algorithm parameter; and
conversions which use combinations of a plurality stage of consecutive encrypting conversion means optionally selected from all of said encrypting conversion means and use the same input data and the same algorithm parameter, are all different.
2. A decrypting conversion apparatus for inputting at least one cipher key, at least one algorithm parameter, and cipher text data and outputting plain text data, the apparatus comprising:
a plurality stage of decrypting conversion means for executing each of an exclusive logical sum operation, a cyclic shift operation and an addition operation at least once, wherein:
said decrypting conversion means includes at least one of each of first to third operation means, said first operation means executes either an exclusive logical sum operation or an addition operation of input data and a portion of data generated from data of the cipher key, said second operation means executes either an exclusive logical sum operation or an addition operation of input data and a portion of data determined by the algorithm parameter, and said third operation means cyclically shifts input data by the number of bits determined by the algorithm parameter; and
conversions which use combinations of a plurality stage of consecutive decrypting conversion means optionally selected from all of said decrypting conversion means and use the same input data and the same algorithm parameter, are all different.
3. A cryptographic communication system with a common key algorithm for communication between a transmitter apparatus and a receiver apparatus having a same cipher key, the transmitter apparatus encrypting a plain text by using the cipher key to acquire and transmit a cipher text, and the receiving apparatus decrypting the received cipher text by using the cipher key to recover the plain text, wherein:
said transmitter apparatus includes encrypting conversion means and first algorithm key storing means; said receiver apparatus includes decrypting conversion means and second algorithm key storing mean; a conversion algorithm to be executed by said encrypting conversion means of said transmitter apparatus is determined by a first parameter stored in said first algorithm key storing means of said transmitter apparatus; a conversion algorithm to be executed by said decrypting conversion means of said receiver apparatus is determined by a second parameter stored in said second algorithm key storing means of said receiver apparatus; and the cipher text encrypted by said transmitter apparatus by using the cipher key can be correctly decrypted by said receiver apparatus by using the cipher key, only if the cipher key as well as the first and second parameters used by said transmitter and receiver apparatuses is same. 4. A cryptographic communication system according to 5. A cryptographic communication system with a common key algorithm for communication between a transmitter apparatus and a receiver apparatus having a same cipher key, the transmitter apparatus encrypting a plain text by using the cipher key to acquire and transmit a cipher text, and the receiving apparatus decrypting the received cipher text by using the cipher key to recover the plain text, wherein:
said transmitter apparatus includes key length storing means for storing a key length data, first key sharing means for sharing a key data, and encrypting conversion means for encrypting; said receiver apparatus includes second key sharing means for sharing a key data and decrypting conversion means for decrypting; and prior to starting cryptographic communication, said transmitter and receiver apparatuses share the cipher key having a length designated by key length data stored in said key length storing means of said transmitter apparatus, by using said first key sharing means of said transmitter apparatus and said second key sharing means of said receiver apparatus. 6. A cryptographic communication system according to 7. A cryptographic communication system according to said encrypting conversion means includes a plurality stage of a first substitution/permutation conversion means for performing substitution/permutation conversion and outputs the cipher text by processing the plain text at each of said first substitution/permutation conversion means by using the cipher key or data converted from the cipher key; and each of said first substitution/permutation conversion means for data conversion includes bit train converters which include a plurality stage of cyclic shift operation means and a plurality stage of addition operation units. 8. A cryptographic communication system according to 9. A cryptographic communication system according to 10. A cryptographic communication system according to said decrypting conversion means includes a plurality stage of second substitution/permutation conversion means for performing substitution/permutation conversion and outputs the plain text by processing the cipher text at each of said second substitution/permutation conversion means by using the cipher key or data converted from the cipher key; and each of said second substitution/permutation conversion means for data conversion includes bit train converters which include a plurality stage of cyclic shift operation means and a plurality stage of addition operation means. 11. An IC card to be used for an electronic toll collection system capable of collecting a toll from the IC card inserted into an on-board apparatus of a car running on a toll road, while the car passes by a road side equipment on the toll road, without stopping the car, said on-board apparatus including encrypting/decrypting conversion means for encrypting and decrypting a data and first algorithm key storing means for storing an algorithm key, and a conversion algorithm to be performed by the encrypting/decrypting conversion means of the on-board apparatus being determined by a first parameter stored in the first algorithm key storing means, wherein:
the IC card comprises said encrypting/decrypting conversion means and second algorithm key storing means for storing an algorithm key; a conversion algorithm to be performed by said encrypting/decrypting conversion means of the IC card is determined by a second parameter stored in the second algorithm key storing means of the IC card; and the IC card can cryptographically communicate with the on-board apparatus only if the second parameter is same as the first parameter. 12. An on-board apparatus to be used for an electronic toll collection system capable of collecting a toll from an IC card inserted into the on-board apparatus of a car running on a toll road, while the car passes by a road side equipment on the toll road, without stopping the car, the on-board apparatus including encrypting/decrypting conversion means and first algorithm key storing means, and a conversion algorithm to be executed by the encrypting/decrypting conversion means of the on-board apparatus being determined by a first parameter stored in the first algorithm key storing means, wherein:
the on-board apparatus comprises said encrypting/decrypting conversion means and second algorithm key storing means; a conversion algorithm to be executed by said encrypting/decrypting conversion means of the on-board apparatus is determined by a second parameter stored in the second algorithm key storing means of the on-board apparatus; and the on-board apparatus can cryptographically communicate with the road side apparatus only if the second parameter is same as the first parameter. 13. A road side apparatus to be used for an electronic toll collection system capable of collecting a toll from an IC card inserted into an on-board apparatus of a car running on a toll road, while the car passes by the road side equipment on the toll road, without stopping the car, the on-board apparatus including encrypting/decrypting conversion means and first algorithm key storing means, and a conversion algorithm to be executed by the encrypting/decrypting conversion means of the on-board apparatus being determined by a first parameter stored in the first algorithm key storing means, wherein:
the road side apparatus comprises said encrypting/decrypting conversion means and second algorithm key storing means; a conversion algorithm to be executed by said encrypting/decrypting conversion means of the road side apparatus is determined by a second parameter stored in the second algorithm key storing means of the road side apparatus; and the road side apparatus can cryptographically communicate with the on-board apparatus only if the second parameter is same as the first parameter. 14. An encrypting conversion apparatus for inputting at least one cipher key and plain text data and outputting cipher text data, the encrypting conversion apparatus comprising:
a plurality stage of encrypting conversion means for performing a substitution conversion for substituting data for different data and a permutation conversion for rearranging bits of data, wherein said encrypting conversion means executes either an exclusive logical sum operation or an addition operation of input data and first data generated from the cipher key, thereafter executes the substitution and permutation conversions, thereafter executes either an exclusive logical sum operation or an addition operation of the input data and second data generated from the cipher key, and thereafter executes the substitution conversion. 15. A decrypting conversion apparatus for inputting at least one cipher key and cipher text data and outputting plain text data, the decrypting conversion apparatus comprising:
a plurality stage of decrypting conversion means for performing a substitution conversion for substituting data for different data and a permutation conversion for rearranging bits of data, wherein said decrypting conversion means executes either an exclusive logical sum operation or an addition operation of input data and first data generated from the cipher key, thereafter executes the substitution and permutation conversions, thereafter executes either an exclusive logical sum operation or an addition operation of the input data and second data generated from the cipher key, and thereafter executes the substitution conversion. 16. An encrypting method for inputting at least one cipher key, at least one algorithm parameter, and plain text data and outputting cipher text data, said encrypting method comprising the steps of:
performing a plurality stage of encryptions each by executing each of an exclusive logical sum operation, a cyclic shift operation and an addition operation at least once, said encrypting step including at least one of each of first to third operation sub-steps, said first operation sub-step, executing either an exclusive logical sum operation or an addition operation of input data and a portion of data generated from data of the cipher key, said second operation sub-step executing either an exclusive logical sum operation or an addition operation of input data and a portion of data determined by the algorithm parameter, and said third operation sub-step cyclically shifting input data by the number of bits determined by the algorithm parameter; and combining a plurality stage of consecutive encrypting steps optionally selected from all of said encrypting steps with use of the same input data and the same algorithm parameter such that the encryption results are all different. 17. A decrypting method for inputting at least one cipher key, at least one algorithm parameter, and cipher text data and outputting plain text data, said method comprising the steps of:
performing a plurality stage of decryptions each by executing each of an exclusive logical sum operation, a cyclic shift operation and an addition operation at least once, said decrypting step including at least one of each of first to third operation sub-steps, said first operation sub-step executing either an exclusive logical sum operation or an addition operation of input data and a portion of data generated from data of the cipher key, said second operation sub-step executing either an exclusive logical sum operation or an addition operation of input data and a portion of data determined by the algorithm parameter, and said third operation sub-step cyclically shifting input data by the number of bits determined by the algorithm parameter; and combining a plurality stage of consecutive decrypting steps optionally selected from all of said decrypting steps with use of the same input data and the same algorithm parameter such that the decryption results are all different. Description [0001] This application relates to an application U.S. Ser. No. 09/130,529 filed on Aug. 4, 1998 by Makoto Aikawa et al entitled “DATA ENCRYPTING/DECRYPTING CONVERSION METHODS AND APPARATUSES AND DATA COMMUNICATION SYSTEM ADOPTING THE SAME” and assigned to the present assignee. The disclosure of that application is hereby incorporated by reference into the disclosure of this application. [0002] 1. Field of the Invention [0003] The present invention relates to techniques for encrypting/decrypting digital data transferred among computers, household information processing appliances, and electronic toll collection apparatuses. [0004] 2. Description of the Related Art [0005] Enciphering techniques for preventing an illegal copy of digital data are essential for digital household information processing appliances. For example, if digital visual data received by a digital broadcasting receiver is digitally recorded in a digital video recorder and the digital visual data has a copyright, both the receiver and digital video recorder are required to have a function of protecting the copyright. In order to realize such a copyright protection system, it is necessary to prevent alteration and illegal copying of digital data by means of setting a limitation to digital data copying, device authentication, and cryptographic techniques such as real time cryptograph of digital data. [0006] An example of conventional cryptographic techniques may be a symmetric key or common key algorithm, typically DES cryptograph disclosed in U.S. Pat. No. 3,962,539. Most of common key algorithms are characterized in a complicated cryptogram formed by repeating a simple conversion. Various approaches have been tried in order to improve security of cryptograms. For example, a cryptographic attack can be made difficult by increasing the number of repetitions of simple conversions to further disturb statistical characteristics of cipher texts. [0007] However, if the number of conversion repetitions is increased, the processing time required for cryptographic conversion becomes long. Therefore, a security reinforcing countermeasure through an increase in the number of repetitions of simple conversions is not suitable for real time cryptograph in the copyright protection system. [0008] In an electronic toll collection system (ETC) of a toll speed-way which has lately attracted attention, a real-time cryptographic processing is required, so that the problem as mentioned above arises. [0009] The electronic toll collection system represents a system which is capable of collecting a toll based on an electronic transaction through a wireless communication between an antenna provided at a toll collecting station and an on-board equipment mounted on a car when the car passes through the toll collecting station, the details of which are described in for example, a Japanese magazine “Card Wave” published by C-Media, March, 1999, pp42-45. In the referred-to system, a real-time cryptographic processing is indispensable in order to send and receive exchange data at real time and protect the exchange data from bugging and unauthorized alteration. [0010] It is an object of the present invention to provide an encrypting conversion apparatus, a decrypting conversion apparatus, a cryptographic communication system and an electronic toll collection apparatus capable of changing algorithms of cryptographic conversion to hide the algorithm in use from a third party so that the apparatuses and system are resistant against a cryptographic attack and can operate at high speed. [0011] According to one aspect of the present invention, there is provided an encrypting conversion apparatus for inputting at least one cipher key, at least one algorithm parameter, and plain text data and outputting cipher text data, the apparatus comprising: a plurality stage of encrypting conversion means for executing each of an exclusive logical sum operation, a cyclic shift operation and an addition operation at least once, wherein: the encrypting conversion means includes at least one of each of first to third operation means, the first operation means executes either an exclusive logical sum operation or an addition operation of input data and a portion of data generated from data of the cipher key, the second operation means executes either an exclusive logical sum operation or an addition operation of input data and a portion of data determined by the algorithm parameter, and the third operation means cyclically shifts input data by the number of bits determined by the algorithm parameter; and conversions which use combinations of a plurality stage of consecutive encrypting conversion means optionally selected from all of the encrypting conversion means and use the same input data and the same algorithm parameter, are all different. [0012] According to another aspect of the present invention, there is provided a decrypting conversion apparatus for inputting at least one cipher key, at least one algorithm parameter, and cipher text data and outputting plain text data, the apparatus comprising: a plurality stage of decrypting conversion means for executing each of an exclusive logical sum operation, a cyclic shift operation and an addition operation at least once, wherein: the decrypting conversion means includes at least one of each of first to third operation means, the first operation means executes either an exclusive logical sum operation or an addition operation of input data and a portion of data generated from data of the cipher key, the second operation means executes either an exclusive logical sum operation or an addition operation of input data and a portion of data determined by the algorithm parameter, and the third operation means cyclically shifts input data by the number of bits determined by the algorithm parameter; and conversions which use combinations of a plurality stage of consecutive decrypting conversion means optionally selected from all of the encrypting conversion means and use the same input data and the same algorithm parameter, are all different. [0013] According to another aspect of the present invention, there is provided a cryptographic communication system with a common key algorithm for communication between a transmitter apparatus and a receiver apparatus having a same cipher key, the transmitter apparatus encrypting a plain text by using the cipher key to acquire and transmit a cipher text, and the receiving apparatus decrypting the received cipher text by using the cipher key to recover the plain text, wherein: the transmitter apparatus includes encrypting conversion means and first algorithm key storing means; the receiver apparatus includes decrypting conversion means and second algorithm key storing mean; a conversion algorithm to be executed by the encrypting conversion means of the transmitter apparatus is determined by a first parameter stored in the first algorithm key storing means of the transmitter apparatus; a conversion algorithm to be executed by the decrypting conversion means of the receiver apparatus is determined by a second parameter stored in the second algorithm key storing means of the receiver apparatus; and the cipher text encrypted by the transmitter apparatus by using the cipher key can be correctly decrypted by the receiver apparatus by using the cipher key, only if the cipher key as well as the first and second parameters used by the transmitter and receiver apparatuses is same. [0014]FIG. 1 is a block diagram showing a cryptographic communication system having a transmitter and a receiver according to an embodiment of the invention. [0015]FIG. 2 is a block diagram of an encrypting conversion unit shown in FIG. 1. [0016]FIG. 3 is a block diagram of a key conversion means shown in FIG. 2. [0017]FIG. 4 is a block diagram of a substitution/permutation conversion means shown in FIG. 2. [0018]FIG. 5 is a block diagram of a bit train conversion unit shown in FIG. 4. [0019]FIG. 6 is a block diagram of a decrypting conversion unit shown in FIG. 1. [0020]FIG. 7 is a block diagram of a substitution/permutation conversion means shown in FIG. 6 according to another embodiment of the invention. [0021]FIG. 8 is a block diagram of a key conversion means according to another embodiment of the invention. [0022]FIG. 9 is a block diagram of a substitution/permutation means according to another embodiment of the invention. [0023]FIG. 10 is a block diagram of a bit train conversion unit according to another embodiment of the invention. [0024]FIG. 11 is a block diagram showing an electronic toll collecting system as another embodiment of cryptographic communication of the invention. [0025]FIG. 12 is a chart illustrating communication flows of the electronic toll collecting system. [0026]FIG. 13 is a chart illustrating cryptographic communication of the electronic toll collecting system. [0027] Embodiments of the invention will be described with reference to the accompanying drawings. [0028]FIG. 1 is a block diagram showing the configuration of a cryptographic communication system in which a data transmitter equipped with an encrypting conversion apparatus of the invention cryptographically communicates with a data receiver equipped with a decrypting conversion apparatus of the invention. Referring to FIG. 1, the data transmitter [0029] The data transmitter [0030] After the cipher key is shared, the data processing unit [0031] The communication processing unit [0032] As described above, the data transmitter [0033] Furthermore, since the data transmitter [0034]FIG. 2 is a detailed block diagram showing an example of the encrypting conversion unit [0035] A plain text is separated into upper 32 bits R [0036] Consider now the case wherein the cipher key is fixed and the same data is input to an optional combination of two or more consecutive substitution/permutation conversion means selected from all the substitution/permutation conversion means. In this case, the conversion result is determined by the algorithm keys Gn. In the encrypting conversion apparatus of this invention, it is assumed that only algorithm keys which provide different conversion results for all combinations are used. Namely, a periodicity does not appear on encrypting conversion which uses a plurality of substitution/permutation conversion means. In this way, secrecy of encrypting conversion can be improved. [0037]FIG. 3 is a block diagram showing an example of the key conversion means [0038]FIG. 4 is a block diagram of the substitution/permutation conversion means [0039] where the function F [0040] where A [0041] Next, R
[0042]FIG. 5 is a block diagram showing an example of the bit train conversion unit [0043] The exclusive logical sum unit [0044] where V is an output value of the bit train converter [0045] The cyclic shift unit [0046] where W is an output value of the bit train converter [0047] The cyclic shift unit [0048] where W is an output value of the bit train converter [0049] The addition operation unit [0050] where Y is an output value of the bit train converter [0051] The cyclic shift unit [0052] where Z is an output value of the bit train converter [0053] As described above, the five bit train converters [0054]FIG. 6 is a block diagram showing the details of the decrypting conversion unit [0055] A cipher text is separated into upper 32 bits R [0056] Consider now the case wherein the cipher key is fixed and the same data is input to an optional combination of two or more consecutive substitution/permutation conversion means selected from all the substitution/permutation conversion means. In this case, the conversion result is determined by the algorithm keys Gn. In the encrypting conversion apparatus of this invention, it is assumed that only algorithm keys which provide different conversion results for all combinations are used. Namely, a periodicity does not appear on decrypting conversion which repetitively uses substitution/permutation conversion means. [0057]FIG. 7 is a block diagram of the substitution/permutation conversion means
[0058] This conversion is an inverse conversion of the substitution/permutation conversion means [0059] The embodiment of the data transmitter [0060] In order to generate a plurality of conversion keys, substitution/permutation conversion means used for encrypting conversion may be used. For example, a key conversion means for generating eight conversion key of 32 bits will be described. [0061] Referring to FIG. 8, the key conversion means [0062] By performing the conversion, outputs L [0063] The same extension keys stored in the extension key storage means may be used each time data is processed, or may be renewed by a method similar to the algorithm keys. A key sharing process may also be executed for the extension keys by a method similar to the cipher key. The key conversion means [0064] Next, the encrypting conversion apparatus and decrypting conversion apparatus according to another embodiment of the invention will be described. [0065] The block diagram of the encrypting conversion apparatus of this embodiment is the same as that shown in FIG. 2 of the first embodiment described earlier. [0066]FIG. 9 is a block diagram of a substitution/permutation conversion means [0067]FIG. 10 is a block diagram showing an example of the bit train conversion unit [0068] Next, a cryptographic communication system using the encrypting conversion apparatus and decrypting conversion apparatus according to an embodiment of the invention will be described. [0069]FIG. 11 is a block diagram showing an electronic toll collection system. The electronic toll collection system can collect, through electronic account settlement, a toll from an IC card possessed by a driver of a car running on a toll road, at a road side equipment installed on the toll road, without stopping the car. Such an electronic toll collection system is expected to alleviate traffic congestion and improve user convenience through electronic account settlement with IC cards. [0070] The electronic toll collection system shown in FIG. 11 includes a car [0071] The car [0072] The road side equipment [0073] The IC card [0074] In order to maintain security and reliability of such processes, it is necessary to verify authentication of contract information, routing information and account settlement information and to prevent illegal alteration and tapping of the information. Between the IC card and on-board equipment [0075] In order to realize the above-described processes, the on-board equipment [0076] The details of the algorithm key and encrypting and decrypting conversions set by the algorithm key have been given above. [0077] The license key is embedded in an authorized equipment as secret information and is used for reliably executing the authentication process and cipher key sharing process. Consider for example that an equipment B confirms whether or not an equipment A is an authorized equipment, in order to communicate with the equipment A. In this case, the equipment A provides the equipment B with certification that the license key of the equipment A is correct. Since the license key is secret information, the equipment A is required to provide the equipment B with certification that the license key is correct, without making open the license key. This certification can be realized by utilizing cryptographic techniques. For example, a symmetric key algorithm is described in ISO 9798-2 which is international specifications for security mechanism. As a specific example of the symmetric key algorithm, the encrypting and decrypting conversion apparatuses of the invention can be used. [0078] Elements constituting the apparatuses shown in FIG. 11 will be described. [0079] The road side equipment [0080] The on-board equipment [0081] The IC card [0082] The encrypting/decrypting process units [0083] The IC card communication units [0084] The wireless communication units [0085] The encrypting/decrypting process units [0086] The data storage units [0087]FIG. 12 is a flow chart illustrating communications to be executed by the electronic toll collection system shown in FIG. 11. [0088] In the flow chart shown in FIG. 12, a partner authentication/key sharing process [0089] Next, a partner authentication/key sharing process [0090] Next, the on-board equipment [0091] Account settlement for road toll is made between the IC card [0092] It is also necessary to prevent a third party to alter encrypted data flowing on a communication path during the cryptographic communication [0093]FIG. 13 is a detailed flow chart illustrating the cryptographic communication [0094] Next, upon reception of the encrypted data, the on-board equipment [0095] In the above manner, data not permitted to be altered or tapped, such as toll information and routing information, can be exchanged with security. [0096] With the above processes, a road toll can be charged to the IC card [0097] According to the present invention, it is possible to realize an encrypting conversion apparatus, a decrypting conversion apparatus, a cryptographic communication system and an electronic toll collection apparatus capable of changing algorithms of cryptographic conversion to hide the algorithm in use from a third party so that the apparatuses and system are resistant against a cryptographic attack and can operate at high speed. Referenced by
Classifications
Rotate |