Author

# 建司 大熊

Bio: 建司 大熊 is an academic researcher. The author has contributed to research in topics: Algebraic torus & Key schedule. The author has an hindex of 3, co-authored 7 publications receiving 12 citations.

##### Papers

More filters

•

12 Jul 2000

TL;DR: In this paper, the extended key is used in reverse order at the time of ciphering and deciphering, respectively, two round functions f1 and fn+1 are set to be inverse functions to each other having the same number of stages from the first stage as that from the last stage.

Abstract: PROBLEM TO BE SOLVED: To provide a ciphering device capable of avoiding the occurrence of a delay time for generating an extended key, and also generating On-the-fly key. SOLUTION: In an extended key generating part 3 of a ciphering device using a common key block ciphering system in which the extended key is used in reverse order at the time of ciphering and deciphering, respectively, two round functions f1 and fn+1 are set to be inverse functions to each other having the same number of stages from the first stage as that from the last stage, respectively. Thus, it is possible to sequentially generate the extended key immediately and also in order of use by using the extended key as an input at the time of both ciphering and deciphering. Moreover, the extended key generation at the time of ciphering is fundamentally the same as that at the time of deciphering.

4 citations

•

11 Jul 2000

TL;DR: In this article, a small SPN structure is recursively buried in an S-box part of an ordinary SPN, and a large spreading over a block width is operated by a spread module, followed by small and local spreading by the nonlinear converter modules.

Abstract: PROBLEM TO BE SOLVED: To provide an ciphering device permitting highly uniform dispersion with a calculation cost suppressed. SOLUTION: Small local spreading is operated by each of non-linear converter modules 2 which are plurally arranged in parallel in each stage; following this, a large spreading over a block width is operated by a spread module 3; small and local spreading is operated by the non-linear converter modules 2 again; and this operation is repeated by the prescribed number of stages. Further, the non-linear converter modules 2 are configured of an alternate arrangement of the non-linear converter modules 4 and the spreading modules 5. Namely, a small SPN structure is recursively buried in an S-box part of an ordinary SPN structure into this nesting SPN structure.

3 citations

•

13 Jul 2000

TL;DR: In this article, a method for determining an MDS matrix given the optimal complexity in the combination with the S-box, and a ciphering device adopting the MDS matrices obtained by the method are provided.

Abstract: PROBLEM TO BE SOLVED: To solve the problem that an S-box and an MDS matrices comprised in a ciphering device as the system components offset their effects against each other in spite of the X-box and the MDS intended to realize optimal complexity according to the design policies independent of each other, therefore, the ciphering device has had a probability of being rather unsafe. SOLUTION: By evaluating complexity of a result of multiplication of each candidate of MDS matrix elements by the matrix elements of a given S-box; evaluating, based on a evaluation result of this complexity, the complexity of the combinations of the matrix element candidates composing the MDS matrix; further, evaluating similar complexity also of an inverse matrix to this MDS matrix; and based on the evaluation results of the complexity of these matrices, a method for determining an MDS matrix giving the optimal complexity in the combination with the S-box, and a ciphering device adopting the MDS matrix obtained by the method are provided.

3 citations

•

18 Sep 2009

TL;DR: In this article, the safety of arithmetic process using secret information can be improved by using a multiplier factor of k that is an element including no zero element of a finite field F(p^m)^3 ×.

Abstract: The safety of arithmetic process using secret information can be efficiently improved. A transformation map, which outputs a projection representation obtained by multiplying a projection representation, which is outputted by a reference map, by a multiplier factor of k that is an element of F(p^m)^3, is defined and utilized. A calculated number generating unit defines a multiplier factor of k, which is an element including no zero element of a finite field F(p^m)^3 ×, and outputs a projection representation (kα, kβ) obtained by multiplying a projection representation (α, β), which is outputted by the reference map, by k. In a case where a side channel attack determines only some one bit, a multiplier factor of k, for which a subcomponent is selected from the elements of a finite field F(p^m) × or a finite field Fp × and the remaining subcomponents are zero elements, may be used to obtain (kα, kβ), thereby taking effective measures against the side channel attack. Causing the subcomponents constituting the finite field F(p^m)^3 to include zero elements and further causing arithmetic related to the zero elements to be omitted, thereby reducing the calculation cost related to the measures against the side channel attacks.

1 citations

•

29 Aug 2008

TL;DR: In this paper, a key scheduling apparatus for arithmetic key schedule operation securely for fault-utilized analysis, while avoiding increase in computational complexity for computing additional information or the like, is proposed.

Abstract: PROBLEM TO BE SOLVED: To provide a key scheduling apparatus for executing arithmetic key schedule operation securely for fault-utilized analysis, while avoiding increase in computational complexity for computing additional information or the like. SOLUTION: The key scheduling apparatus includes: a first storage unit 320 for storing a plurality of round keys corresponding to a plurality of rounds, respectively; an arithmetic unit 311 for acquiring an update target key representing either the plurality of round keys stored in the first storage unit 320 or a part of at least one of the plurality of round keys for each predetermined processing cycle and calculating the round key of a round next to the round of the acquired update target key on the basis of the acquired update target key; and an updating unit 312 for updating the update target key in the first storage unit 320 while using the calculated round key for each processing cycle. COPYRIGHT: (C)2010,JPO&INPIT

1 citations

##### Cited by

More filters

•

NEC

^{1}TL;DR: In this article, a delivery server encipher the data by using a current use cipher key to generate enciphered data and transmits a multicast packet containing the encoded data.

Abstract: In a multicast delivery system, A delivery server enciphers delivery data by using a current use cipher key to generate enciphered data and transmits a multicast packet containing the enciphered data and a current use key identifier indicative of a pair of the current use cipher key and a current use decipher key as current use keys A key management server holds as a current use key data, a set of the current use decipher key and the current use key identifier, and transmits a set of the current use decipher key and the current use key identifier as a current use decipherment key data in response to a current use key data request

60 citations

•

29 Aug 2007TL;DR: In this article, a common-key blockcipher processing configuration with enhanced immunity against attacks such as saturation attacks and algebraic attacks (XSL attacks) is realized, where S-boxes serving as non-linear transformation processing parts set in round-function executing parts are configured using at least two different types of s-boxes.

Abstract: A common-key blockcipher processing configuration with enhanced immunity against attacks such as saturation attacks and algebraic attacks (XSL attacks) is realized. In an encryption processing apparatus that performs common-key blockcipher processing, S-boxes serving as non-linear transformation processing parts set in round-function executing parts are configured using at least two different types of S-boxes. With this configuration, the immunity against saturation attacks can be enhanced. Also, types of S-boxes present a mixture of different types. With this configuration, the immunity against algebraic attacks (XSL attacks) can be enhanced, thereby realizing a highly secure encryption processing apparatus.

50 citations

•

29 Aug 2007TL;DR: In this article, the authors provided a highly secure cryptographic processing apparatus and method where an analysis difficulty is increased by increasing the minimum number (a robustness index against a differential attack in common key block encryption) of the active S box in the entire encryption function.

Abstract: There is provided a highly secure cryptographic processing apparatus and method where an analysis difficulty is increased. In a Feistel type common key block encrypting process in which an SPN type F function having a nonlinear conversion section and a linear conversion section is repeatedly executed a plurality of rounds. The linear conversion process of an F function corresponding to each of the plurality of rounds is performed as a linear conversion process which employs an MDS (Maximum Distance Separable) matrix, and a linear conversion process is carried out which employs a different MDS matrix at least at each of consecutive odd number rounds and consecutive even number rounds. This structure makes it possible to increase the minimum number (a robustness index against a differential attack in common key block encryption) of the active S box in the entire encrypting function.

49 citations

•

29 Aug 2007TL;DR: In this article, the authors proposed a high-security cryptographic processing apparatus that increases difficulty in analyzing the key of a common-key-block cipher, and a method therefor, to realize cryptographic processing whereby resistance to linear cryptanalysis attacks in the Common-Key-Block cipher is improved.

Abstract: The invention realizes a high-security cryptographic processing apparatus that increases difficulty in analyzing its key and a method therefor. In Feistel-type common-key-block cryptographic processing that repeatedly executes an SPN-type F-function having the nonlinear conversion section and the linear conversion section over a plurality of rounds, Linear conversion processing of an F-function corresponding to each of the plurality of rounds is carried out by linear conversion processing that applies square MDS (Maximum Distance Separable) matrices. The invention uses a setting that arbitrary m column vectors included in inverse matrices of square MDS matrices being set up at least in consecutive even-numbered rounds and in consecutive odd-numbered rounds, respectively, constitute a square MDS matrix. This structure realizes cryptographic processing whereby resistance to linear cryptanalysis attacks in the common-key-block cipher is improved.

34 citations

•

20 Feb 2012TL;DR: An encryption processing device including an encryption processing part configured to divide configuration bits of data to be data processed into plural lines and to input, and to repeatedly execute data conversion processing applying a round function to each line of data as a round calculation as discussed by the authors.

Abstract: An encryption processing device including an encryption processing part configured to divide configuration bits of data to be data processed into plural lines, and to input, and to repeatedly execute data conversion processing applying a round function to each line of data as a round calculation; and a key scheduling part configured to output round keys to a round calculation executing unit in the encryption processing part. The key scheduling part is a replacement type key scheduling part configured to generate plural round keys or round key configuration data by dividing a secret key stored beforehand into plural parts. The plural round keys are output to a round calculation executing unit sequentially executing in the encryption processing part such that a constant sequence is not repeated. The encryption processing configuration has a high level of security and a high level of resistance to repeated key attacks or other attacks.

24 citations