摘要 |
PROBLEM TO BE SOLVED: To provide a message authenticator generating method in which the number of calling the compressibility function exceeding m/b times does not depend on m while securing high safety. SOLUTION: The message authenticator generating device includes: a padding part; a message dividing part; a first checksum calculation part; an intermediate variable calculation part; a second checksum calculation part; and a post-processor. The first checksum calculation part regards an exclusive OR of data m<SB>1</SB>, ..., m<SB>N</SB>as a first checksum S<SB>1</SB>. The intermediate variable calculation part determines a first intermediate variable v<SB>0</SB>of c bits, and repeats calculation for finding an intermediate variable v<SB>n</SB>from an intermediate variable v<SB>n-1</SB>using a bit stringΔ<SB>n</SB>N times so as to find an intermediate variable v<SB>N</SB>. The second checksum calculation part regards an exclusive OR of the intermediate variable v<SB>1</SB>, ..., v<SB>N</SB>as a second checksum S<SB>2</SB>. The post-processor finds a message authenticatorτusing the bit stringΔ'<SB>j</SB>from the first checksum S<SB>1</SB>, the intermediate variable v<SB>N</SB>and the second checksum S<SB>2</SB>. COPYRIGHT: (C)2009,JPO&INPIT
|