公开(公告)号：EP2693684A4

公开(公告)日：2015-03-25

申请号：EP12765375

申请日：2012-02-20

申请人： SONY CORP

发明人： SHIBUTANI KYOJI ,  MITSUDA ATSUSHI ,  AKISHITA TORU ,  ISOBE TAKANORI ,  SHIRAI TAIZO ,  HIWATARI HARUNAGA

IPC分类号： H04L9/06 ,  G09C1/00 ,  H04L9/00

CPC分类号： H04L9/0894 ,  G09C1/00 ,  H04L9/002 ,  H04L9/0625 ,  H04L2209/24

摘要： An encryption processing device with a high level of security is achieved by a supply control of round keys. Included are an encryption processing part configured to divide configuration bits of data to be data processed into a plurality of lines, and to input, and to repeatedly execute data conversion processing applying a round function to each line of data as a round calculation; and a key scheduling part configured to output round keys to a round calculation executing unit in the encryption processing part; wherein the key scheduling part is a replacement type key scheduling part configured to generate a plurality of round keys or round key configuration data by dividing a secret key stored beforehand into a plurality of parts; and wherein the plurality of round keys are output to a round calculation executing unit sequentially executing in the encryption processing part such that a constant sequence is not repeated. According to the present configuration, an encryption processing configuration with a high level of security is achieved that has a high level of resistance to repeated key attacks or other attacks, for example.

公开(公告)号：EP2328136A4

公开(公告)日：2015-11-25

申请号：EP09809898

申请日：2009-08-25

申请人： SONY CORP

发明人： SHIRAI TAIZO ,  SHIBUTANI KYOJI ,  MORIAI SHIHO ,  AKISHITA TORU ,  IWATA TETSU

IPC分类号： H04L9/06

CPC分类号： H04L9/0643 ,  H04L2209/12 ,  H04L2209/20 ,  H04L2209/30 ,  H04L2209/38

摘要： There is realized a data conversion device that performs generation of a hash value with improved analysis resistance and a high degree of safety. There are provided a stirring processing section performing a data stirring process on input data; and a compression processing section performing a data compression process on input data including data segments which are divisions of message data, the message data being a target of a data conversion. Part of multi-stage compression subsections is configured to perform a data compression process based on both of output of the stirring processing section and the data segments in the message data. There is provided such a configuration that the stirring process is executed at least on fixed timing of a compression processing round of plural rounds and thus, there is realized a data conversion device that performs generation of a hash value with improved analysis resistance and a high degree of safety.

公开(公告)号：EP3125221A4

公开(公告)日：2018-04-04

申请号：EP15768190

申请日：2015-02-24

申请人： SONY CORP

发明人： SHIBUTANI KYOJI ,  ISOBE TAKANORI

IPC分类号： G09C1/00 ,  H04L9/06

CPC分类号： H04L9/0861 ,  G06F17/16 ,  G09C1/00 ,  H04L9/0625 ,  H04L9/0631 ,  H04L9/0822 ,  H04L9/14 ,  H04L2209/12 ,  H04L2209/24

摘要： An encryption process excellent in security and highly resistant to various attacks is realized. An encryption processing device includes an encryption processing section configured to repeat a round operation on input data and generate output data, and a key scheduling section configured to output a round key to be applied in the round operation by the encryption processing section to the encryption processing section. The encryption processing section has an involution property in which a data conversion function E and an inverse function E -1 of the data conversion function E are executed sequentially, and executes the round operation in which a constant is applied once or more in only one of the function E and the inverse function E -1 . The constant is configured as a state that satisfies a condition that all of constituent elements of a state which is a result of a matrix operation with the linear conversion matrix which is applied in the linear conversion processing section at a position adjacent to the exclusive-OR section to which the constant is input are nonzero.

公开(公告)号：EP2058783A4

公开(公告)日：2017-04-19

申请号：EP07806209

申请日：2007-08-29

申请人： SONY CORP

发明人： SHIBUTANI KYOJI ,  SHIRAI TAIZO ,  AKISHITA TORU ,  MORIAI SHIHO

IPC分类号： G09C1/00 ,  H04L9/00 ,  H04L9/06

CPC分类号： H04L9/0631 ,  G09C1/00 ,  H04L9/002 ,  H04L9/0625

摘要： A non-linear transformation processing structure having a high implementation efficiency and a high security is realized. Data transformation is performed using a first non-linear transformation part performing non-linear transformation using a plurality of small S-boxes; a linear transformation part receiving all the outputs from the first non-linear transformation part and performing data transformation using a matrix for performing optimal diffusion mappings; and a second non-linear transformation part including a plurality of small non-linear transformation parts that perform non-linear transformation on individual data units into which output data from the linear transformation part is divided. With this structure, appropriate data diffusion can be achieved without excessively increasing a critical path, and a structure with a high implementation efficiency and a high security can be achieved.

摘要翻译： 实现了具有高实现效率和高安全性的非线性变换处理结构。 使用使用多个小S盒执行非线性变换的第一非线性变换部分执行数据变换; 线性变换部分接收来自第一非线性变换部分的所有输出，并且使用用于执行最佳扩散映射的矩阵执行数据变换; 以及包括多个小的非线性变换部分的第二非线性变换部分，其对来自线性变换部分的输出数据进行分割的各个数据单元执行非线性变换。 利用这种结构，可以在不过度增加关键路径的情况下实现适当的数据扩散，并且可以实现具有高实现效率和高安全性的结构。

公开(公告)号：EP2234090A4

公开(公告)日：2017-07-12

申请号：EP09704169

申请日：2009-01-21

申请人： SONY CORP

发明人： IWATA TETSU ,  SHIRAI TAIZO ,  SHIBUTANI KYOJI ,  MORIAI SHIHO ,  AKISHITA TORU

IPC分类号： G09C1/00 ,  H04L9/06

CPC分类号： H04L9/28 ,  G09C1/00 ,  H04L9/0625 ,  H04L9/0631 ,  H04L2209/122

公开(公告)号：EP2058781A4

公开(公告)日：2017-05-17

申请号：EP07806207

申请日：2007-08-29

申请人： SONY CORP

发明人： SHIRAI TAIZO ,  SHIBUTANI KYOJI ,  AKISHITA TORU ,  MORIAI SHIHO

IPC分类号： G09C1/00 ,  H04L9/06

CPC分类号： H04L9/0625 ,  G09C1/00 ,  H04L9/002 ,  H04L9/0631 ,  H04L2209/122 ,  H04L2209/125

摘要： A common-key blockcipher processing configuration with enhanced immunity against attacks such as saturation attacks and algebraic attacks (XSL attacks) is realized. In an encryption processing apparatus that performs common-key blockcipher processing, S-boxes serving as non-linear transformation processing parts set in round-function executing parts are configured using at least two different types of S-boxes. With this configuration, the immunity against saturation attacks can be enhanced. Also, types of S-boxes present a mixture of different types. With this configuration, the immunity against algebraic attacks (XSL attacks) can be enhanced, thereby realizing a highly secure encryption processing apparatus.

摘要翻译： 实现了针对诸如饱和攻击和代数攻击（XSL攻击）等攻击的增强免疫性的共用密钥块密码处理配置。 在执行共用密钥块密码处理的加密处理装置中，用作在循环函数执行部件中设置的非线性变换处理部件的S盒是使用至少两种不同类型的S盒来配置的。 通过这种配置，可以提高抗饱和攻击的能力。 而且，S盒的类型呈现出不同类型的混合。 利用这种配置，可以增强抵抗代数攻击（XSL攻击）的能力，从而实现高度安全的加密处理装置。

公开(公告)号：EP2693681A4

公开(公告)日：2014-11-05

申请号：EP12763711

申请日：2012-02-20

申请人： SONY CORP

发明人： SHIBUTANI KYOJI ,  AKISHITA TORU ,  ISOBE TAKANORI ,  SHIRAI TAIZO ,  HIWATARI HARUNAGA ,  MITSUDA ATSUSHI

IPC分类号： H04L9/06 ,  G09C1/00

CPC分类号： H04L9/28 ,  G09C1/00 ,  H04L9/0625 ,  H04L2209/24

公开(公告)号：EP2096616A4

公开(公告)日：2014-04-02

申请号：EP07832281

申请日：2007-11-21

申请人： SONY CORP

发明人： SHIRAI TAIZO ,  SHIBUTANI KYOJI ,  AKISHITA TORU ,  MORIAI SHIHO

IPC分类号： G09C1/00 ,  H04L9/00 ,  H04L9/06 ,  H04L9/08

CPC分类号： H04L9/003 ,  H04L9/0618

摘要： To realize a common-key block cipher process configuration with increased difficulty of key analysis and improved security. In a configuration for storing in a register an intermediate key generated by using a secret key transformation process and performing a transformation process on the register-stored data to generate a round key, a process of swapping (permuting) data segments constituting the register-stored data is executed to generate a round key. For example, four data segments are produced so that two sets of data segments having an equal number of bits are set, and a process of swapping the individual data segments is repeatedly executed to generate a plurality of different round keys. With this configuration, the bit array of each round key can be effectively permuted, and round keys with low relevance can be generated. A high-security cryptographic process with increased difficulty of key analysis can be realized.

公开(公告)号：EP1975908A4

公开(公告)日：2011-06-08

申请号：EP07706356

申请日：2007-01-04

申请人： SONY CORP

发明人： SHIRAI TAIZO ,  SHIBUTANI KYOJI

IPC分类号： G09C1/00 ,  H04L9/06

CPC分类号： H04L9/002 ,  H04L9/0625 ,  H04L2209/122

公开(公告)号：EP2048641A4

公开(公告)日：2017-04-19

申请号：EP07790851

申请日：2007-07-17

申请人： SONY CORP

发明人： SHIRAI TAIZO ,  SHIBUTANI KYOJI

IPC分类号： G09C1/00 ,  H04L9/06

CPC分类号： H04L9/002 ,  H04L9/0625

摘要： To realize an extended-Feistel-type common-key block-cipher process configuration for realizing a diffusion-matrix switching mechanism (DSM). In a cryptographic process configuration in which an extended Feistel structure having a number of data lines: d that is set to an integer satisfying d ‰¥ 2 is applied, a plurality of multiple different matrices are selectively applied to linear transformation processes performed in F-function sections. A plurality of different matrices satisfying a condition in which a minimum number of branches for all of the data lines is equal to or more than a predetermined value are selected as the matrices, the minimum number of branches for all of the data lines being selected from among minimum numbers of branches corresponding to the data lines, each of the minimum numbers of branches corresponding to the data lines being based on linear transformation matrices included in F-functions that are input to a corresponding data line in the extended Feistel structure. According to the present invention, common-key block cipher based on the DSM with a high resistance to linear analysis and differential analysis is realized.

摘要翻译： 实现对扩展Feistel型共用密钥块密码处理结构用于实现扩散矩阵切换机构（DSM）。 在密码处理结构，其中，以具有多个数据线扩展Feistel结构：D并在整数设置为满足D‰¥2是应用，多个不同的矩阵的多元性被选择性地施加到在F-执行的线性变换处理 功能部分。 满足条件，其中分支的所有数据线的最小数目大于被选择作为基质的预定值以上的情况下不同的矩阵中的多个，被选自分支的所有数据线的最小数目 分支对应于数据线序列中的最小，每个分支对应于所述数据的最小行数是基于包含在F函数的线性变换矩阵也被输入到扩展Feistel结构的对应数据线。 。根据本发明的基础上，DSM对线性分析，差分分析的高电阻的共用密钥块密码。