Memory update device, information processing system, memory update method, and program

The memory update device and method efficiently verify and update memory using a tree structure with node-specific nonces and message authentication codes, addressing inefficiencies in existing technologies by ensuring tamper detection is targeted, thus optimizing resource usage and enhancing security.

JP7878428B2Active Publication Date: 2026-06-23NEC CORP

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Patents
Current Assignee / Owner
NEC CORP
Filing Date
2022-09-13
Publication Date
2026-06-23

Smart Images

  • Figure 0007878428000001
    Figure 0007878428000001
  • Figure 0007878428000002
    Figure 0007878428000002
  • Figure 0007878428000003
    Figure 0007878428000003
Patent Text Reader

Abstract

The present invention provides a memory update device with which it is possible, when updating memory content, to efficiently perform a process for verifying nodes that constitute a tree structure. An input unit (502) accepts a tree structure and update information as inputs. An update determination unit (504) determines, using the update information, whether update content of a leaf node that contains plaintext to be updated is dependent on pre-update plaintext. A memory verification unit (506) generates a path from the leaf node to a root node in the tree structure. The memory verification unit (506) verifies the tags of nodes other than the leaf node in the path if the update content of the leaf node is not dependent on the pre-update plaintext. A plaintext update unit (508) updates the plaintext in the leaf node that is to be updated, on the basis of the update information, if the verification result indicates that no falsification was detected. A tag update unit (510) generates a post-update tag if the verification result indicates that no falsification was detected.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] The present disclosure relates to a memory update device, an information processing system, a memory update method, and program the like.

Background Art

[0002] These days, various devices are connected to a network, and memory protection technologies such as detection of tampering and concealment of stored data of devices have become important. In relation to this technology, Patent Document 1, Patent Document 2, Patent Document 3, and Patent Document 4 constitute a tree structure with a target memory as a leaf node for memory protection.

Prior Art Documents

Patent Documents

[0003]

Patent Document 1

Patent Document 2

Patent Document 3

Patent Document 4

Summary of the Invention

Problems to be Solved by the Invention

[0004] In the technique according to Patent Document 4, parallelization of processing such as hash generation in a tree structure is impossible, so there is a possibility that efficient processing cannot be performed. On the other hand, in the techniques according to Patent Document 2 and Patent Document 3, parallelization of processing of each node is possible in the update process of the memory content. On the other hand, even if parallelization of processing of each node is possible in the update process, it is desirable to perform the verification process of the node more efficiently in the update process.

[0005] The purpose of this disclosure is to solve these problems and to provide a memory update device, an information processing system, a memory update method, and a program that can efficiently perform verification processing of the nodes constituting the tree structure when updating the contents of memory in a configuration that uses a tree structure for memory protection. [Means for solving the problem]

[0006] The memory update device according to this disclosure includes: a tree structure configured to protect memory; an input means for inputting update information which is information about a node to be updated in the tree structure; an update determination means for determining whether the update content of a leaf node containing the plaintext to be updated depends on the plaintext before the update using the update information; a memory verification means for generating a path from the leaf node to the root node in the tree structure, and for each node in the path, generating a tag used for verification by inputting a nonce unique to at least each node into the message authentication code, and verifying the tag stored in each node to verify whether each node has been tampered with, and outputting the verification result; a plaintext update means for updating the plaintext to be updated in the leaf node based on the update information when the verification result indicates that no tampering has been detected; and a tag update means for generating an updated tag by inputting a nonce unique to at least each node into the message authentication code when the verification result indicates that no tampering has been detected, wherein the memory verification means verifies the tags of nodes other than the leaf node in the path when the update content of the leaf node does not depend on the plaintext before the update.

[0007] The information processing system relating to this disclosure includes: a memory structure initialization device that takes plaintext to be tampered with as input and outputs at least an initial state tree structure configured to protect the memory; a memory verification device that takes at least the storage location and tree structure of plaintext to be checked for tampering as input and verifies whether the memory corresponding to the storage location has been tampered with; and a memory update device that takes at least the storage location and update content of plaintext to be updated, and the tree structure as input and outputs the updated tree structure or an error message indicating that tampering has been detected, wherein the memory update device includes an input means for inputting the tree structure and update information which is information about the node to be updated in the tree structure; an update determination means for determining whether the update content of the leaf node containing the plaintext to be updated depends on the plaintext before the update using the update information; and in the tree structure, The system includes: a memory verification means that generates a path from a leaf node to a root node, and at each node in the path, generates a tag used for verification by inputting a nonce unique to each node into the message authentication code, and verifies the tag stored at each node to verify whether each node has been tampered with and outputs the verification result; a plaintext update means that updates the plaintext to be updated at the leaf node based on the update information when the verification result indicates that no tampering has been detected; and a tag update means that generates an updated tag by inputting a nonce unique to each node into the message authentication code when the verification result indicates that no tampering has been detected, wherein the memory verification means verifies the tags of nodes other than the leaf node in the path if the update content of the leaf node does not depend on the plaintext before the update.

[0008] The memory update method according to this disclosure inputs a tree structure configured to protect memory and update information which is information about the node to be updated in the tree structure, uses the update information to determine whether the update content of the leaf node containing the plaintext to be updated depends on the plaintext before the update, if the update content of the leaf node does not depend on the plaintext before the update, generates a path from the leaf node to the root node in the tree structure, generates a tag used for verification by inputting a nonce unique to at least each node into the message authentication code at each node in the path, and verifies whether each node has been tampered with by verifying the tag stored in nodes other than the leaf node, outputs the verification result, updates the plaintext to be updated in the leaf node based on the update information if the verification result indicates that no tampering has been detected, and generates an updated tag by inputting a nonce unique to at least each node into the message authentication code.

[0009] The program relating to this disclosure causes a computer to perform the following steps: input a tree structure configured to protect memory and update information which is information about a node to be updated in the tree structure; use the update information to determine whether the update content of the leaf node containing the plaintext to be updated depends on the plaintext before the update; if the update content of the leaf node does not depend on the plaintext before the update, generate a path from the leaf node to the root node in the tree structure, generate a tag used for verification by inputting a nonce unique to at least each node into the message authentication code at each node in the path, and verify whether each node has been tampered with by verifying the tag stored in nodes other than the leaf node, and output the verification result; if the verification result indicates that no tampering has been detected, update the plaintext to be updated at the leaf node based on the update information; and if the verification result indicates that no tampering has been detected, generate an updated tag by inputting a nonce unique to at least each node into the message authentication code. [Effects of the Invention]

[0010] According to this disclosure, in a configuration that uses a tree structure for memory protection, it is possible to provide a memory update device, an information processing system, a memory update method, and a program that can efficiently perform verification processing of the nodes constituting the tree structure when updating the contents of the memory. [Brief explanation of the drawing]

[0011] [Figure 1] This is a block diagram showing an example configuration of a memory protection system. [Figure 2] This is a block diagram showing an example configuration of a memory structure initialization device according to the first embodiment. [Figure 3] This is a block diagram showing an example configuration of a memory verification device according to the first embodiment. [Figure 4] This is a block diagram showing an example configuration of a memory update device according to the first embodiment. [Figure 5] It is a flowchart showing an example of the processing procedure of the memory structure initialization device according to the first embodiment. [Figure 6] It is a flowchart showing an example of the processing procedure of the memory verification device according to the first embodiment. [Figure 7] It is a flowchart showing an example of the processing procedure of the memory update device according to the first embodiment. [Figure 8] It is a flowchart showing an example of the processing procedure of the memory update device according to the first embodiment. [Figure 9] It is a flowchart showing an example of the processing procedure of the memory update device according to the first embodiment. [Figure 10] It is a diagram showing an example of the tree structure constituted by the memory protection system according to the first embodiment. [Figure 11] It is a diagram showing an example of the path generated by the tag verification unit in the memory verification device according to the first embodiment. [Figure 12] It is a diagram showing an example of the tree structure constituted by the memory protection system according to the second embodiment. [Figure 13] It is a diagram showing an example of the tree structure constituted by the memory protection system according to the third embodiment. [Figure 14] It is a block diagram showing a configuration example of the memory structure initialization device according to the fourth embodiment. [Figure 15] It is a block diagram showing a configuration example of the memory verification device according to the fourth embodiment. [Figure 16] It is a block diagram showing a configuration example of the memory update device according to the fourth embodiment. [Figure 17] It is a flowchart showing an example of the processing procedure of the memory structure initialization device according to the fourth embodiment. [Figure 18] It is a flowchart showing an example of the processing procedure of the memory verification device according to the fourth embodiment. [Figure 19] It is a flowchart showing an example of the processing procedure of the memory update device according to the fourth embodiment. [Figure 20] This flowchart shows an example of the processing procedure for a memory update device according to the fourth embodiment. [Figure 21] This flowchart shows an example of the processing procedure for a memory update device according to the fourth embodiment. [Figure 22] This figure shows an example of a tree structure configured by the memory protection system according to the fourth embodiment. [Figure 23] This figure shows an example of a tree structure configured in the memory protection system according to the fifth embodiment. [Figure 24] This figure shows an example of a tree structure configured in the memory protection system according to the sixth embodiment. [Figure 25] This figure shows the configuration of the memory update device according to the seventh embodiment. [Figure 26] This is a use of a memory update method performed by a memory update device according to the seventh embodiment. [Figure 27] This block diagram schematically shows examples of hardware configurations for computing processing units that can implement the devices and systems according to each embodiment. [Modes for carrying out the invention]

[0012] (Summary of the embodiments relating to this disclosure) Prior to describing the embodiments of this disclosure, an overview of the embodiments relating to this disclosure will be provided. While embodiments of this disclosure will be described below, these embodiments are not intended to limit the invention as defined in the claims. Furthermore, not all combinations of features described in the embodiments are necessarily essential to the solution of the invention. Also, the indices (letters) used in the following description are not necessarily common throughout this specification.

[0013] In today's world, where various devices such as IoT (Internet of Things) devices are connected to networks, attacks on devices can potentially escalate into larger-scale attacks by using those devices as stepping stones to spread through the network. Therefore, memory protection technologies such as detecting and concealing data stored on devices are crucial not only for the devices themselves but also for maintaining security on the networks connected to them.

[0014] Furthermore, with the increasing demand for non-volatile memory in recent years, and the growing likelihood of memory being vulnerable to attacks even when the power is off, memory protection technology has become even more crucial. On the other hand, in memory protection technology, with the recent increase in memory capacity, there is a need to efficiently detect tampering only in the accessed portion when accessing a small part of a large dataset.

[0015] Furthermore, memory protection technology assumes two areas on memory: On-chip and Off-chip. The On-chip area is a secure area. Therefore, it is impossible for an attacker to eavesdrop on or tamper with data stored on the On-chip area. On the other hand, the Off-chip area is not secure. Therefore, it is possible for an attacker to eavesdrop on or tamper with data stored off-chip. For example, the On-chip area is implemented by the memory within the CPU (Central Processing Unit), while the Off-chip area is implemented by the main memory or auxiliary memory. Here, since the implementation cost of the On-chip area is overwhelmingly higher than that of the Off-chip area, there is a challenge in wanting to detect tampering on a portion of large amounts of data with fewer On-chip areas.

[0016] Examples of memory protection technologies that solve this problem include the technologies described in Patent Documents 1, 2, and 3. As mentioned above, the technologies described in Patent Documents 1, 2, and 3 construct a tree structure with the target memory as a leaf node for memory protection. Here, the elemental technologies used in constructing the tree structure include Message Authentication Code (MAC) and Authenticated Encryption (AE).

[0017] A Message Authentication Code (MAC) is a technology that uses a secret key, shared in advance between two communicating parties, to calculate an authentication tag for tamper detection in a plaintext message. By applying MAC to the communication channel, it becomes possible to detect unauthorized tampering with plaintext messages. In memory protection technology using a tree structure, tampering with plaintext messages can be detected by storing the secret key on-chip and the plaintext message and authentication tag off-chip.

[0018] Authenticated encryption (AE) is a technology that uses a secret key shared in advance between two communicating parties to encrypt plaintext messages and calculate an authentication tag for tamper detection. By applying authenticated encryption to the communication channel, it becomes possible to conceal the content from eavesdropping and detect unauthorized tampering with the ciphertext, resulting in strong protection of the communication content. In memory protection technology using a tree structure, similar to MAC, the secret key is stored on-chip, and the ciphertext and authentication tag are stored off-chip, thereby enabling the concealment of plaintext messages and detection of tampering.

[0019] As described above, the technologies described in Patent Documents 2 and 3 enable parallel processing of each node in the update process of the memory contents (plain text). However, even though parallel processing of each node is possible in the update process, it is desirable to perform node verification processing more efficiently in the update process. In particular, the technologies described in Patent Documents 2 and 3 are configured to perform verification processing on all nodes when performing node verification processing in the update process, even if it is not necessary to perform verification processing on all nodes depending on the update content. As a result, there is a risk that node verification processing cannot be performed efficiently when updating the memory contents. In contrast, in this embodiment, as described below, it is possible to perform node verification processing efficiently when updating the memory contents.

[0020] (First Embodiment) The embodiments will be described below with reference to the drawings. For clarity of explanation, the following descriptions and drawings have been omitted and simplified as appropriate. In addition, the same elements are denoted by the same reference numerals in each drawing, and redundant explanations have been omitted where necessary. The configuration of the first embodiment corresponds to an improved version of the configuration described in Patent Document 2 above.

[0021] In the first embodiment, we describe an example where the tree structure composed of the memory protection system has 2 branches and a depth of d. That is, the number of leaf nodes in the first embodiment is 2^d. The depth of the root node is defined as 0, and the depth of the leaf nodes is defined as d. In this system, it is assumed that the number of nodes and the amount of data in each node are predetermined. Here, "node" corresponds to each element that makes up the tree structure. The "root node" is the node with the shallowest depth in the tree structure. The "leaf node" is the node with the deepest depth in the tree structure.

[0022] Figure 1 is a block diagram showing an example configuration of the memory protection system 1. The memory protection system 1 is, for example, a computer. Therefore, the memory protection system 1 functions as an information processing system. The memory protection system 1 may realize each component shown in Figure 1 by executing a software program in the central processing unit. Furthermore, each component realized in the memory protection system 1 may be realized as an individual device, a functional unit, or an electronic circuit. This is also true for other embodiments described later.

[0023] As shown in Figure 1, the memory protection system 1 (information processing system) according to the first embodiment includes a memory structure initialization device 10, a memory verification device 20, and a memory update device 30. The memory structure initialization device 10, the memory verification device 20, and the memory update device 30 may be physically integrated or separate. Furthermore, the components of each device described later using Figures 2 to 4 may be implemented in other devices. The memory protection system 1 performs memory tampering detection.

[0024] In reference to other embodiments described later, the memory structure initialization device 10 may be referred to as memory structure initialization devices 10a and 10c. Similarly, in reference to other embodiments described later, the memory verification device 20 may be referred to as memory verification devices 20a and 20c. Similarly, in reference to other embodiments described later, the memory update device 30 may be referred to as memory update devices 30a and 30c. The same applies to the components shown in Figures 2 to 4.

[0025] Figure 2 is a block diagram showing an example configuration of the memory structure initialization device 10 according to the first embodiment. Figure 3 is a block diagram showing an example configuration of the memory verification device 20 according to the first embodiment. Figure 4 is a block diagram showing an example configuration of the memory update device 30 according to the first embodiment. Figure 5 is a flowchart showing an example of the processing procedure of the memory structure initialization device 10 according to the first embodiment. Figure 6 is a flowchart showing an example of the processing procedure of the memory verification device 20 according to the first embodiment. Figures 7 to 9 are flowcharts showing example processing procedures of the memory update device 30 according to the first embodiment. Figures 2 to 9 will be described later.

[0026] In the memory protection system 1 according to the first embodiment, the memory structure initializer 10 takes plaintext (plaintext message) to be tampered with as input and outputs an initial state tree structure. Each node in the tree structure is associated with a nonce unique to that node. In other words, the nonce is a value unique to each node. Therefore, the tree structure may include a set of nonces. This is also true in the second and third embodiments described later. The memory structure initializer 10 can also function as a memory processing unit.

[0027] Furthermore, plaintext can be represented as a combination of 2^d plaintext blocks. That is, equation 1 below holds true. (Formula 1) M = M[1]||M[2]||···||M[2^d] Here, M represents plaintext, and M[k] represents the k-th plaintext block. "||" represents concatenation. A single plaintext block is defined as a Block bit.

[0028] The memory verification device 20 takes the storage location and tree structure of the plaintext (plaintext block) to be checked for tampering as input, and verifies whether the memory corresponding to that storage location has been tampered with. The memory update device 30 takes the storage location of the plaintext (plaintext block) to be updated, the content of the update, and the tree structure as input. The memory update device 30 then outputs the updated tree structure or an error message indicating that tampering has been detected.

[0029] Figure 10 shows an example of a tree structure configured by the memory protection system 1 according to the first embodiment. Figure 10 shows the tree structure when d=3. The Root, Inter, and Leaf will be described later.

[0030] Furthermore, the memory protection system 1 uses a message authentication code (MAC) as an elemental technology. The MAC function MAC_K, using a secret key K, takes a nonce N and plaintext M as input and outputs an authentication tag Tag. In other words, the memory protection system 1 performs the calculation represented by the following equation 2. (Formula 2) MAC_K(N,M)=Tag

[0031] Furthermore, the memory protection system 1 calculates MAC_K(N',M') for the nonce N', plaintext M', and authentication tag Tag' that it wants to verify, and verifies whether the calculation result matches or does not match Tag'. If they match, it is determined that the nonce N' and plaintext M' have not been tampered with; if they do not match, it is determined that they have been tampered with. In other words, the memory protection system 1 performs the calculation represented by the following equation 3. (Formula 3) MAC_K(N',M')=Tag'' The memory protection system 1 can determine that there has been no tampering if Tag''=Tag', and that there has been tampering if Tag''≠Tag'.

[0032] [Description of the memory structure initialization device configuration] Figure 2 is a block diagram showing an example configuration of the memory structure initialization device 10 according to the first embodiment. As shown in Figure 2, the memory structure initialization device 10 according to the first embodiment includes a plaintext input unit 100, a nonce assignment unit 101, and a tag generation unit 102. The memory structure initialization device 10 also includes a leaf node generation unit 103, an intermediate node generation unit 104, a root node generation unit 105, and a tree structure output unit 106.

[0033] The plaintext input unit 100 functions as a plaintext input means. The nonce assignment unit 101 functions as a nonce assignment means. The tag generation unit 102 functions as a tag generation means. The leaf node generation unit 103 functions as a leaf node generation means. The intermediate node generation unit 104 functions as an intermediate node generation means. The root node generation unit 105 functions as a root node generation means. The tree structure output unit 106 functions as a tree structure output means.

[0034] The memory structure initialization device 10 is, for example, a computer. The memory structure initialization device 10 may implement each of the components shown in Figure 2 by executing a software program in the central processing unit. Furthermore, each component implemented in the memory structure initialization device 10 may be implemented as an individual device, a functional unit, or an electronic circuit. This also applies to other embodiments described later.

[0035] The plaintext input unit 100 receives input of plaintext M to be protected. The plaintext input unit 100 outputs the received plaintext M to the tag generation unit 102. Here, the method by which the plaintext input unit 100 receives input of plaintext M is not limited to a specific method. For example, the plaintext input unit 100 may be equipped with a character input device such as a keyboard and accept user operations to input plaintext M. Alternatively, the plaintext input unit 100 may receive plaintext M from another device.

[0036] The nonce assignment unit 101 assigns node-specific nonce information to each node in the tree structure. The nonce assignment unit 101 then outputs the nonce information to the tag generation unit 102. Here, by its nature, a nonce is uniquely determined for each node. In other words, the nonce information is unique to each node. To put it another way, nonces are assigned to each node in such a way that there are no duplicates throughout the entire tree structure. That is, nonces are assigned to each node in such a way that the nonce value assigned to each node does not overlap with the nonce value assigned to other nodes. By assigning nonces in such a way that there are no duplicates throughout the entire tree structure, data swap attacks between nodes can be prevented. Also, the number of nodes and the amount of data in each node are predetermined. Therefore, it is possible to assign a nonce to each node before defining the information inside each node. In other words, since the method of assigning nonces to each node is predetermined, it is possible to assign nonces to each node in parallel.

[0037] Here, when 0 <= i <= d and 1 <= j_i <= 2^{i}, the nonce assigned to the j_i-th node at depth i is denoted by N(i, j_i). Note that "<=" means "≤". That is, a <= b means "b is greater than or equal to a (or a is less than or equal to b)". The nonce information assigned to all nodes in the tree structure is then written as the nonce set N, as shown in equation 4 below. (Formula 4) N=(N(0,1),N(1,1),N(1,2),N(2,1),N(2,2),...,N(d,2^d-1),N(d,2^d))

[0038] Here, "N(0,1)" corresponds to the nonce of the root node. Also, "N(d,1),···,N(d,2^d)" corresponds to nonces of multiple leaf nodes. The others correspond to nonces of intermediate nodes. Furthermore, the set of nonces N can be included in the tree structure.

[0039] Furthermore, when a nonce is denoted as N(a,b), a represents the depth in the tree structure of the node to which the nonce is assigned. b represents the order (ordinal number) of the node to which the nonce is assigned at depth a. The same applies to the tag notation Tag(a,b), which will be discussed later.

[0040] Furthermore, in order to assign nonces in a way that avoids duplication throughout the entire tree structure, the method of assigning nonces may be such that it satisfies condition A, for example, as follows. • The shallower the node in the tree structure, the smaller the nonce value it is assigned. • For nodes of the same depth, the earlier their rank at that depth (the smaller their ordinal number at that depth), the smaller the nonce value they are assigned. If a nonce is assigned to each node under the above condition A, then in the nonce set shown in Equation 4, N(0,1) <N(1,1)<N(1<2)<N(2<1)<N(2<2)<···<N(d<2^d-1)<N(d<2^d)となる。

[0041] The tag generation unit 102 generates a tag for tamper detection using the plaintext M output by the plaintext input unit 100, the nonce set N output by the nonce assignment unit 101, and the secret key K. The MAC function described above is used for tag generation. First, the tag generation unit 102 generates data represented by the following equation 5 as a tag to be used in the leaf node. (Formula 5) TagLeaf=((M[1],Tag(d,1)),(M[2],Tag(d,2)),···,(M[2^d],Tag(d,2^d))) Tag(d,j_d)=MAC_K(N(d,j_d),M[j_d]) However, 1 <= j_d <= 2^d

[0042] Next, the tag generation unit 102 generates data represented by the following equation 6 as tags to be used in the intermediate node. (Formula 6) TagInter=(Tag(1,1),...,Tag(d-1,2^{d-1})) Tag(i,j_i)=MAC_K((N(i,j_i),N(i+1,2j_i-1)||N(i+1,2j_i)) However, 1 <= i <= d-1, 1 <= j_i <= 2^i

[0043] Next, the tag generation unit 102 generates data represented by the following equation 7 as a tag to be used in the root node. (Formula 7) TagRoot=(Tag(0,1)) Tag(0,1)=MAC_K(N(0,1),N(1,1)||N(1,2))

[0044] From equations 5, 6, and 7, the tag corresponding to each node corresponds to the result of a MAC calculation in leaf nodes, where the plaintext block corresponding to the node is used as the plaintext, and the node's nonce and its plaintext are used as inputs. In nodes other than leaf nodes, the tag corresponding to each node corresponds to the result of a MAC calculation in which the concatenation of the nonces of multiple child nodes is used as the plaintext, and the node's nonce and its plaintext are used as inputs.

[0045] As illustrated in Figure 10, when the overall depth d of the tree structure is d=3, the tag corresponding to each node is expressed by the following equation 8. Here, i is the depth index, and j_i is the node index (order; ordinal number) at depth i. (Formula 8) For 0<=i<=3,1<=j_i<=2^i, (For 0<=i<=2) Tag(i,j_i)=MAC_K(N(i,j_i),N(i+1,2j_i-1)||N(i+1,2j_i)) (For i=3) Tag(i,j_i)=MAC_K(N(i,j_i),M[j_i])

[0046] The tag generation unit 102 then outputs the tag set TagLeaf to the leaf node generation unit 103. The tag generation unit 102 also outputs the tag set TagInter to the intermediate node generation unit 104. The tag generation unit 102 also outputs the tag set TagRoot to the root node generation unit 105.

[0047] The leaf node generation unit 103 generates leaf nodes in a tree structure using the tag set TagLeaf output by the tag generation unit 102. Here, since the depth i=d in a leaf node, 1 <= j_d <= 2^d. The j_d-th leaf node is then generated as shown in equation 9 below. (Formula 9) (N(d,j_d),M[j_d],Tag(d,j_d))

[0048] Furthermore, all leaf nodes are described as shown in Equation 10 below. (Formula 10) Leaf=((N(d,1),M[1],Tag(d,1)),((N(d,2),M[2],Tag(d,2)),...,(N(d,2^d),M[2^d],Tag(d,2^d)))

[0049] As shown in Figure 10, when the total depth of the tree structure is d=3, each leaf node is represented by the following equation 11. (Formula 11) Leaf=((N(3,1),M[1],Tag(3,1)),(N(3,2),M[2],Tag(3,2)),...,(N(3,8),M[8],Tag(3,8)))

[0050] Leaf is data representing a set of leaf nodes. The leaf node generation unit 103 outputs the generated set of leaf nodes, Leaf, to the tree structure output unit 106.

[0051] The intermediate node generation unit 104 generates intermediate nodes in the tree structure using the tag set TagInter output by the tag generation unit 102. Here, in the intermediate nodes, 1 <= i <= d-1 and 1 <= j_i <= 2^i. The j_i-th intermediate node at depth i is generated as shown in equation 12 below. (Formula 12) (N(i,j_i),Tag(i,j_i))

[0052] Furthermore, all intermediate nodes are described as shown in Equation 13 below. (Formula 13) Inter=((N(1,1),Tag(1,1)),(N(1,2),Tag(1,2)),...,(N(d-1,2^{d-1}),Tag(d-1,2^{d-1})))

[0053] As shown in Figure 10, when the total depth of the tree structure is d=3, each intermediate node is represented by the following equation 14. (Formula 14) Inter=((N(1,1),Tag(1,1)),(N(1,2),Tag(1,2)),...,(N(2,4),Tag(2,4)))

[0054] Inter is data representing a set of intermediate nodes. The intermediate node generation unit 104 outputs the generated set of intermediate nodes Inter to the tree structure output unit 106.

[0055] The root node generation unit 105 generates a root node in the tree structure using the tag TagRoot output by the tag generation unit 102. The root node Root is generated as shown in equation 15 below. The root node generation unit 105 outputs the generated root node Root to the tree structure output unit 106. (Formula 15) Root=(N(0,1),Tag(0,1))

[0056] The tree structure output unit 106 concatenates the leaf node set Leaf output by the leaf node generation unit 103, the intermediate node set Inter output by the intermediate node generation unit 104, and the root node Root output by the root node generation unit 105. The tree structure output unit 106 then outputs the concatenated data sequence as data representing the tree structure (tree structure Tree) to a computer display, printer, or the like. As mentioned above, the data representing the tree structure includes data representing the nonce set N.

[0057] [Description of the memory verification device configuration] Figure 3 is a block diagram showing an example configuration of the memory verification device 20 according to the first embodiment. As shown in Figure 3, the memory verification device 20 according to the first embodiment includes a tree structure input unit 200, a verification location input unit 202, a tag verification unit 203, and a verification result output unit 204.

[0058] The tree structure input unit 200 functions as a tree structure input means. The verification location input unit 202 functions as a verification location input means. The tag verification unit 203 functions as a tag verification means. The verification result output unit 204 functions as a verification result output means.

[0059] The memory verification device 20 is, for example, a computer. The memory verification device 20 may implement each of the components shown in Figure 3 by executing a software program in its central processing unit. Furthermore, each component implemented in the memory verification device 20 may be implemented as an individual device, a functional unit, or an electronic circuit. This also applies to other embodiments described later.

[0060] The tree structure input unit 200 accepts a tree structure input for protecting the memory to be verified. The tree structure input unit 200 then outputs the tree structure to the tag verification unit 203. Here, the tree structure consists of a set of leaf nodes, an intermediate node set, and a root node. The tree structure may also be a data sequence output by the tree structure output unit 106, in which the set of leaf nodes, the intermediate node set, and the root node are concatenated. As mentioned above, the information of the nonce set N is included in the tree structure.

[0061] The verification location input unit 202 accepts the input of a CheckNode for the verification location in memory. The verification location input unit 202 then outputs the CheckNode to the tag verification unit 203. CheckNode is data that indicates the node corresponding to the verification location in memory. Specifically, CheckNode is a number between 1 and 2^d, and indicates that the verification location is the CheckNode-th position of the leaf node. In other words, CheckNode indicates the position (order; ordinal number) of the leaf node corresponding to the verification location.

[0062] The tag verification unit 203 uses the tree structure Tree, the verification location CheckNode, and the secret key K to verify whether the memory specified by CheckNode has been tampered with. The tag verification unit 203 then outputs the verification result to the verification result output unit 204. First, the tag verification unit 203 generates a path Path from the CheckNode-th leaf node to the root node. Here, the path Path is data that indicates the path between nodes from the leaf node to the root node. The path Path is represented by the following equation 16. (Formula 16) Path=((d,p_d),(d-1,p_{d-1}),(d-2,p_{d-2}),···,(1,p_1),(0,p_0))

[0063] Here, when 0 <= i <= d and 1 <= j_i <= 2^{i}, each element (i, j_i) of the Path represents the j_i-th node at depth i. In other words, j_i indicates the ordinal number of the node at depth i. Note that p_d = CheckNode, and when 0 <= i <= d-1, p_i is defined by the following equation 17. (Formula 17) p_i=ceiling(p_{i+1} / 2) However, `ceiling(·)` represents the ceiling function. Also, the value of p_0 is always 1.

[0064] Figure 11 shows an example of a path generated by the tag verification unit 203 in the memory verification device 20 according to the first embodiment. For example, when d=4 and CheckNode=10, the path will be as follows, as shown in Figure 11. Path=((4,10),(3,5),(2,3),(1,2),(0,1))

[0065] Next, the tag verification unit 203 calculates the following equation 18 using the tree structure Tree, which is the output of the tree structure input unit 200, and the secret key K. (Formula 18) PathTag'=(Tag'(d,p_d),Tag'(d-1,p_{d-1}),···,Tag'(0,p_0)) Tag'(d,p_d)=MAC_K(N(d,p_d),M[p_d]) Tag'(i,p_i)=MAC_K(N(i,p_i),N(i+1,2p_i-1)||N(i+1,2p_i)) However, 0 <= i <= d - 1

[0066] Here, MAC_K is substantially the same as the method used in the tag generation unit 102 of the memory structure initialization device 10 in the first embodiment, so its explanation is omitted. Furthermore, Tag'(i,p_i) is obtained by inputting the nonce of the node in question into the nonce portion of the MAC function's input, and concatenating two nonces of the child nodes of that node into the plaintext portion of the MAC function's input.

[0067] Next, the tag verification unit 203 obtains a value represented by the following equation 19 from the tree structure Tree, which is the output of the tree structure input unit 200. (Formula 19) PathTag=(Tag(d,p_d),Tag(d-1,p_{d-1}),···,Tag(0,p_0))

[0068] Then, the tag verification unit 203 checks whether the PathTag' it calculated is equal to the PathTag obtained from the Tree. When 0 <= i <= d, for all i, Tag'(i,p_i)=Tag(i,p_i) If this condition is met, the tag verification unit 203 sets the verification result to ACK. Here, ACK indicates that the information of the nodes involved in the path has not been tampered with. The verification result is denoted as B, and the verification result being ACK is denoted as B=ACK.

[0069] On the other hand, when 0 <= i <= d, for some i, Tag'(i,p_i)≠Tag(i,p_i) If this condition is met, the tag verification unit 203 sets the verification result to NCK. Here, NCK indicates that the information of the node involved in the path has been tampered with. The verification result being NCK is denoted as B=NCK.

[0070] The tag verification unit 203 outputs verification result B to the verification result output unit 204. The verification result output unit 204 outputs the verification result B output by the tag verification unit 203 to a computer display, printer, or the like.

[0071] [Description of the memory update device configuration] Figure 4 is a block diagram showing an example configuration of the memory update device 30 according to the first embodiment. As shown in Figure 4, the memory update device 30 according to the first embodiment includes a tree structure input unit 300, an update location input unit 302, a memory verification unit 303, a nonce update unit 304, a tag update unit 305, and an update result output unit 306. The memory update device 30 according to the first embodiment also includes an update determination unit 310 and a plaintext update unit 312.

[0072] The tree structure input unit 300 functions as a tree structure input means. The update location input unit 302 functions as an update location input means. The memory verification unit 303 functions as a memory verification means. The nonce update unit 304 functions as a nonce update means. The tag update unit 305 functions as a tag update means. The update result output unit 306 functions as an update result output means. The update determination unit 310 functions as an update determination means. The plaintext update unit 312 functions as a plaintext update means.

[0073] The memory update device 30 is, for example, a computer. The memory update device 30 may implement each of the components shown in Figure 4 by executing a software program in the central processing unit. Furthermore, each component implemented in the memory update device 30 may be implemented as an individual device, a functional unit, or an electronic circuit. This also applies to other embodiments described later.

[0074] The tree structure input unit 300 receives a tree structure input to protect the memory to be updated. The tree structure input unit 300 then outputs the tree structure to the memory verification unit 303 and the nonce update unit 304, as shown by the dashed line in Figure 4. The tree structure input unit 300 may also output the tree structure to the plaintext update unit 312. Here, as described above, the tree structure consists of a set of leaf nodes, an intermediate node set, and a root node. Note that the function of the tree structure input unit 300 is substantially the same as the function of the tree structure input unit 200 in the memory verification device 20 according to the first embodiment, so a description is omitted.

[0075] The update location input unit 302 accepts the memory update information UpdateNode as input. Then, as shown by the dotted line in Figure 4, the update location input unit 302 outputs the memory update information UpdateNode to the update determination unit 310, the plaintext update unit 312, the memory verification unit 303, and the tag update unit 305. Here, the memory update information UpdateNode is information about the node to be updated in the tree structure. UpdateNode includes data indicating the node to be updated (the node's location) and data indicating the update content of the plaintext related to the node to be updated. In other words, UpdateNode includes data indicating the node to be updated (the update location) and data indicating the update content of the leaf node containing the plaintext to be updated.

[0076] Here, we define UpdateNode = (UpdateIndex, UpdateInfo). UpdateIndex is data that indicates the leaf node corresponding to the update location. For example, the UpdateIndex of an update location is a number between 1 and 2^d, and it indicates that the update location is at the UpdateIndex position of the leaf node. In other words, UpdateIndex indicates the order (ordinal number) of the leaf node corresponding to the update location at depth d.

[0077] UpdateInfo is data that indicates the update content. UpdateInfo represents the information in the Block bits for updating the plaintext block M[UpdateIndex], which is information contained in the UpdateIndex-th leaf node. The plaintext block M[UpdateIndex] can be updated according to the update content UpdateInfo.

[0078] The update determination unit 310 uses the update information UpdateNode to determine whether the update content of the leaf node containing the plaintext to be updated depends on the plaintext before the update. Specifically, the update determination unit 310 determines the update content of the plaintext block M[UpdateIndex] contained in the leaf node indicated by the update location UpdateIndex based on the update content UpdateInfo. The update determination unit 310 then determines whether the update content UpdateInfo indicates that the plaintext (plaintext block) is updated using the plaintext (plaintext block) before the update. If the update content UpdateInfo indicates that the plaintext (plaintext block) is updated using the plaintext before the update, the update determination unit 310 determines that the update content of the leaf node containing the plaintext (plaintext block) to be updated depends on the plaintext before the update. On the other hand, if the update content UpdateInfo indicates that the plaintext (plaintext block) is updated without using the plaintext before the update, the update determination unit 310 determines that the update content of the leaf node containing the plaintext (plaintext block) to be updated does not depend on the plaintext before the update.

[0079] Here, let x be the value of the plaintext block before the update, and let x' be the value of the plaintext block after the update. In this case, if x' depends on x, the update determination unit 310 determines that the update content of the leaf node containing the plaintext to be updated depends on the plaintext before the update. For example, if the update content UpdateInfo indicates x'=x+1, then x' depends on x. Also, for example, if the update content UpdateInfo indicates x'=2*x, then x' depends on x. In these cases, the plaintext block is updated using the plaintext block before the update. Therefore, in this case, the update determination unit 310 determines that the update content of the leaf node containing the plaintext to be updated depends on the plaintext before the update.

[0080] Furthermore, let x1 be the value of the plaintext block before the update of the j1_d-th leaf node j1_d, and x2 be the value of the plaintext block before the update of the j2_d-th leaf node j2_d. Then, let x1' be the value of the plaintext block after the update of the leaf node j1_d. In this case, if the update content UpdateInfo indicates x1'=x1+x2, then x1' depends on the plaintext before the update. That is, the plaintext is updated using the plaintext before the update. Therefore, in this case, the update determination unit 310 determines that the update content of the leaf node containing the plaintext to be updated depends on the plaintext before the update.

[0081] On the other hand, if c is a fixed value and the update content indicates x'=c, then x' does not depend on the plaintext (plaintext block) before the update. In other words, the fixed value c used for the update is independent of the plaintext before the update. In this case, the plaintext block is updated without using the plaintext block before the update. Therefore, in this case, the update determination unit 310 determines that the update content of the leaf node containing the plaintext to be updated does not depend on the plaintext before the update. That is, when the update determination unit 310 determines whether the update content of the leaf node containing the plaintext to be updated depends on the plaintext before the update, it may also determine whether the plaintext to be updated is replaced with a fixed value independent of that plaintext. Note that the fixed value c may correspond to the value of a plaintext block that has been updated at a previous timing for a leaf node different from the leaf node to be updated. However, if the plaintext block x before the update is represented by x=x1+x2, and the update content indicates x'=c+x2, then only a part of the plaintext block (x1) is replaced with the fixed value, so the update content depends on the plaintext before the update (x2, which is a part of the plaintext block). Therefore, in this case, the update determination unit 310 determines that the update content of the leaf node containing the plaintext to be updated depends on the plaintext before the update.

[0082] Furthermore, the fixed values ​​used for the update may be included in the update content UpdateInfo. In other words, the fixed values ​​used for the update may be included in the update information UpdateNode. Also, the fixed values ​​in the update information UpdateNode may be specified by the user. This allows the user to easily specify the update content of the plaintext (plaintext block). In addition, the update determination unit 310 may determine that the update content of the leaf node containing the plaintext (plaintext block) to be updated does not depend on the plaintext before the update if the fixed values ​​used for the update are included in the update information UpdateNode.

[0083] Alternatively, the fixed values ​​used for the update do not have to be included in the UpdateInfo update content. For example, the fixed values ​​used for the update may be pre-stored in the memory storage device 30. In this case, the UpdateInfo update content may indicate the location (address) of the storage device where the fixed values ​​are stored. In this case, the fixed values ​​used for the update may also be stored in an on-chip area (secure area) of the memory.

[0084] The memory verification unit 303 uses the tree structure Tree, the memory update information UpdateNode, and the secret key K to verify whether the memory specified by UpdateNode has been tampered with. In other words, the memory verification unit 303 verifies whether the node corresponding to the path related to the leaf node specified by UpdateNode has been tampered with. The processing performed by the memory verification unit 303 is substantially the same as the processing performed by the tag verification unit 203 in the memory verification device 20 of the first embodiment, but the output results are different. The tag verification unit 203 in the memory verification device 20 of the first embodiment outputs verification result B, but the memory verification unit 303 outputs the path Path from the node to the root node along with verification result B.

[0085] The memory verification unit 303 outputs verification result B to the nonce update unit 304, the tag update unit 305, and the update result output unit 306, as shown by the thick dashed line in Figure 4. The memory verification unit 303 may also output verification result B to the plaintext update unit 312. The memory verification unit 303 also outputs the path Path to the nonce update unit 304 and the tag update unit 305, as shown by the thick solid line in Figure 4.

[0086] The path is represented by equation 20 below. (Formula 20) Path=((d,p_d),(d-1,p_{d-1}),(d-2,p_{d-2}),···,(1,p_1),(0,p_0)) From the operations performed by the memory verification unit 303, it can be seen that p_d = UpdateIndex.

[0087] In other words, the memory verification unit 303 generates a path Path from the leaf node to the root node in the tree structure. The memory verification unit 303 also generates (calculates) a tag used for verification by inputting a nonce unique to each node into the message authentication code (MAC) at least at each node, and verifies the tag stored in each node. In other words, the memory verification unit 303 generates a tag Tag' for each node in the path Path by calculating the above-mentioned equation 18. For each node, the memory verification unit 303 compares the generated tag Tag' with the stored tag Tag (a tag related to the Tree) and determines whether the two match. In this way, the memory verification unit 303 verifies whether each node has been tampered with. In other words, the memory verification unit 303 performs integrity verification for each node. Then, the memory verification unit 303 outputs verification result B.

[0088] In this case, the memory verification unit 303 according to the first embodiment may not verify the tags of leaf nodes depending on the determination result of the update determination unit 310. Specifically, if the update content of a leaf node does not depend on the plaintext before the update, the memory verification unit 303 verifies the tags of nodes other than leaf nodes in the path Path. On the other hand, if the update content of a leaf node depends on the plaintext before the update, the memory verification unit 303 verifies the tags of all nodes in the path Path, including leaf nodes.

[0089] If the verification result B indicates that no tampering has been detected, the plaintext update unit 312 updates the plaintext to be updated in the leaf node based on the update information UpdateNode. Specifically, the plaintext update unit 312 updates the plaintext block M[UpdateIndex] according to the update content UpdateInfo. For example, if the update content UpdateInfo includes a fixed value used for the update, the plaintext update unit 312 updates the plaintext block M[UpdateIndex] by replacing its value with that fixed value. Also, if the update content UpdateInfo indicates the above-mentioned x'=x+1, the plaintext update unit 312 updates the plaintext block M[UpdateIndex] from the value x before the update to x'=x+1. The plaintext update unit 312 outputs information (UpdateNode) about the updated plaintext (plaintext block) to the tag update unit 305.

[0090] The nonce update unit 304 updates the nonce for each node related to Path each time an update process is performed on a leaf node (plaintext block) related to Path. This prevents replay attacks. The nonce update unit 304 updates the nonce of the node specified by Path using the tree structure Tree, the verification result B, and the path Path. Specifically, if B=ACK, the nonce update unit 304 updates the nonce of the node specified by Path. The nonce update unit 304 then outputs the updated tree structure 'NewTree' to the tag update unit 305. On the other hand, if B=NCK, the nonce update unit 304 does not perform any processing and outputs nothing.

[0091] Here, the method for updating the nonce assigned to each node is predetermined. For example, if a nonce is assigned to each node as in condition A above, the nonce value N(0,1) of the root node may be updated by adding 1 to N(d,2^d), which is the largest nonce value before the update. Then, the nonce value for each node in the Path may be updated to satisfy condition A above. This makes it possible to update the nonce of each node even if the update process of the plaintext block contained in the root node of the Path is not yet complete, so it is possible to update the nonce for each node in parallel.

[0092] The tag update unit 305 updates the tag of the node specified by Path using the updated tree structure NewTree', the nonce set N, the memory update information UpdateNode, the verification result B and path Path, and the secret key K. If B=ACK, the tag update unit 305 performs the calculation of the following equation 21 for 0<=i<=d-1. (Formula 21) Tag(d,p_d)←MAC_K(N(d,p_d),UpdateInfo) Tag(i,p_i)←MAC_K(N(i,p_i),N(i+1,2p_i-1)||N(i+1,2p_i))

[0093] (d, p_d) indicates the leaf node to be updated, and p_d indicates the order (ordinal number) of the leaf node to be updated at depth d. "UpdateInfo" indicates the updated plaintext block in the leaf node to be updated. MAC_K is the same method used in the tag generation unit 102 of the memory structure initialization device 10 and the tag verification unit 203 of the memory verification device 20 in the first embodiment. Tag(i, p_i) is obtained by inputting the updated nonce of the node into the nonce part of the MAC function's input, and concatenating two updated nonces of the child nodes of the node into the plaintext part of the MAC function's input.

[0094] The tag update unit 305 then outputs the updated tree structure NewTree to the update result output unit 306. The new tree structure NewTree consists of the updated leaf node set Leaf, the updated intermediate node set Inter, and the updated root node Root. As shown in Equation 11, the updated plaintext information is included in the updated leaf node set Leaf. On the other hand, if B=NCK, the tag update unit 305 does not perform any processing and outputs nothing.

[0095] The update result output unit 306 outputs the update result using the verification result B output by the memory verification unit 303 and the tree structure NewTree output by the tag update unit 305. If B=ACK, the update result output unit 306 outputs NewTree to a computer display or printer. The update result output unit 306 may also output UpdateNode separately from NewTree. On the other hand, if B=NCK, the update result output unit 306 outputs the verification result B=NCK to a computer display or printer.

[0096] [Explanation of operation] Figure 5 is a flowchart showing the operation of the memory structure initialization device 10 (memory structure initialization method). In step S101, the plaintext input unit 100 receives the input of plaintext M to be protected. In step S102, the nonce assignment unit 101 assigns a nonce to each node of the tree structure and generates a nonce set N. In step S103, the tag generation unit 102 uses the plaintext M and the nonce set N to generate a tag set (TagLeaf, TagInter, TagRoot) for tamper detection.

[0097] In step S104, the leaf node generation unit 103 generates a tree structure of leaf nodes, Leaf, using the tag set TagLeaf output by the tag generation unit 102. In step S105, the intermediate node generation unit 104 generates a tree structure of intermediate nodes, Inter, using the tag set TagInter output by the tag generation unit 102. In step S106, the root node generation unit 105 generates a tree structure of root nodes, Root, using the tag TagRoot output by the tag generation unit 102.

[0098] In step S107, the tree structure output unit 106 connects the leaf node set Leaf, the intermediate node set Inter, and the root node Root, and outputs a concatenated data sequence representing the tree structure to a computer display or printer. After step S107, the memory structure initialization device 10 completes the process shown in Figure 5.

[0099] Figure 6 is a flowchart showing the operation (memory verification method) of the memory verification device 20. In step S201, the tree structure input unit 200 receives input of a tree structure Tree for protecting the memory to be verified. As described above, the tree structure Tree consists of a set of leaf nodes Leaf, a set of intermediate nodes Inter, and a root node Root. Also, as described above, the tree structure Tree includes a set of nonce N assigned to the tree structure for protecting the memory to be verified. Furthermore, the verification location input unit 202 receives input of a memory verification location CheckNode.

[0100] In step S202, the tag verification unit 203 uses the tree structure and the verification location CheckNode to verify the tags of each node. This allows the tag verification unit 203 to verify whether the memory specified by CheckNode has been tampered with. Furthermore, the tag verification unit 203 determines whether to accept (ACK) or reject (NCK) and outputs verification result B. In step S203, the verification result output unit 204 outputs verification result B to a computer display, printer, or the like. After step S203, the memory verification device 20 completes the process shown in Figure 6.

[0101] Figures 7 to 9 are flowcharts illustrating the operation (memory update method) of the memory update device 30. In step S300, the tree structure input unit 300 receives input of a tree structure Tree to protect the memory to be updated. As described above, the tree structure Tree consists of a set of leaf nodes Leaf, a set of intermediate nodes Inter, and a root node Root. The tree structure Tree also includes a set of nonce N. In step S300, the update location input unit 302 receives input of memory update information UpdateNode. As described above, the update information UpdateNode is defined as UpdateNode=(UpdateIndex,UpdateInfo).

[0102] In step S301, the update determination unit 310 determines whether the update content UpdateInfo of the update information UpdateNode replaces the plain text block corresponding to the update location UpdateIndex with a fixed value. At this time, the update determination unit 310 may also determine whether the update content UpdateInfo of the update information UpdateNode contains a fixed value. If the update content UpdateInfo of the update information UpdateNode replaces the plain text block with a fixed value (if the determination result of S301 is YES), the process proceeds to step S302. On the other hand, if the update content UpdateInfo of the update information UpdateNode does not replace the plain text block with a fixed value (if the determination result of S301 is NO), the process proceeds to step S312.

[0103] As shown in Figure 8, in step S302, the memory verification unit 303 uses the tree structure Tree and the memory update information UpdateNode to verify the tags of nodes other than leaf nodes. This allows the memory verification unit 303 to verify whether each node has been tampered with. Furthermore, the memory verification unit 303 determines whether to accept (ACK) or reject (NCK) and outputs the verification result B. The memory verification unit 303 then outputs the verification result B and the path Path used for memory verification. If B=ACK, i.e., no memory tampering is detected (S302:B=ACK (accepted)), the process proceeds to step S304. On the other hand, if B=NCK, i.e., memory tampering is detected (S302:B=NCK (rejected)), the process proceeds to step S303.

[0104] In step S303, the update result output unit 306 outputs the verification result B output by the memory verification unit 303 to a computer display, printer, or the like. After step S303, the memory update device 30 terminates processing.

[0105] In step S304, the nonce update unit 304 updates the nonce of the node specified by Path, using the tree structure Tree output by the tree structure input unit 300 and the path Path output by the memory verification unit 303. The nonce update unit 304 then outputs the new tree structure NewTree' as a result of the update.

[0106] In step S305, the plaintext of the leaf nodes and the tags corresponding to the path Path are updated using the tree structure 'NewTree', the path Path, and the memory update information UpdateNode. Specifically, the plaintext update unit 312 updates the plaintext (plaintext block) of the leaf nodes indicated by the update information UpdateNode. The tag update unit 305 updates the tags of the nodes indicated by Path. The tag update unit 305 then outputs the new tree structure NewTree as a result of the update.

[0107] In step S306, the update result output unit 306 outputs the tree structure NewTree output by the tag update unit 305. After step S306, the memory update device 30 terminates processing.

[0108] On the other hand, as shown in Figure 9, in step S312, the memory verification unit 303 uses the tree structure Tree and the memory update information UpdateNode to verify the tags of all nodes in the path relating to the leaf node specified by UpdateNode. This allows the memory verification unit 303 to verify whether each node has been tampered with. Furthermore, the memory verification unit 303 determines whether to accept (ACK) or reject (NCK) and outputs the verification result B. The memory verification unit 303 then outputs the verification result B and the path Path used for memory verification. If B=ACK, i.e., no memory tampering is detected (S312: B=ACK (accepted)), the process proceeds to step S314. On the other hand, if B=NCK, i.e., memory tampering is detected (S312: B=NCK (rejected)), the process proceeds to step S313.

[0109] In the same manner as in step S303, in step S313, the update result output unit 306 outputs the verification result B output by the memory verification unit 303 to a computer display, printer, or the like. After step S313, the memory update device 30 terminates processing.

[0110] In step S314, similar to step S304, the nonce update unit 304 updates the nonce of the node specified by Path, using the Tree output by the tree structure input unit 300 and the Path output by the memory verification unit 303. The nonce update unit 304 then outputs the new tree structure 'NewTree' as a result of the update.

[0111] In step S315, similar to step S305, the plaintext of the leaf nodes and the tags corresponding to the path Path are updated using the tree structure 'NewTree', the path Path, and the memory update information UpdateNode. Specifically, the plaintext update unit 312 updates the plaintext (plaintext block) of the leaf nodes indicated by the update information UpdateNode. The tag update unit 305 updates the tags of the nodes indicated by Path. The tag update unit 305 then outputs the new tree structure NewTree as a result of the update.

[0112] In the same manner as in S306, in step S316, the update result output unit 306 outputs the tree structure NewTree output by the tag update unit 305. After step S316, the memory update device 30 terminates processing.

[0113] [Explanation of effects] In the first embodiment, when updating plaintext corresponding to a leaf node, the memory update device 30 uses the update information to determine whether the update content of the leaf node containing the plaintext to be updated depends on the plaintext before the update. Then, if the update content of the leaf node does not depend on the plaintext before the update, the memory update device 30 verifies the tags of nodes other than the leaf node in the path from the leaf node to the root node. In the technology described in Patent Document 2, verification is performed on all nodes in the path regardless of the update content. Therefore, with the above configuration, it is possible to reduce the amount of computation required for verification compared to the technology described in Patent Document 2. Thus, it is possible to efficiently perform node verification processing when updating the contents of memory.

[0114] Here, when updating the contents of memory, there is a possibility that the tree structure may be tampered with. Therefore, when updating memory, the plaintext contained in the leaf node before the update may be tampered with. Consequently, if the update content of a leaf node depends on the plaintext before the update, the plaintext may be updated using the tampered plaintext before the update, which may compromise memory security. Therefore, it is necessary to validate the tags of all nodes, including leaf nodes, in the path Path. On the other hand, if the update content of a leaf node does not depend on the plaintext before the update, such as when the plaintext to be updated is replaced with a fixed value, even if the plaintext contained in the leaf node before the update is tampered with, that plaintext will be updated with data that does not use the tampered plaintext. Therefore, memory security is not compromised.

[0115] Furthermore, the tags of leaf nodes are generated based on the plaintext and nonce of that leaf node, as shown in Equation 5. Therefore, the tags of leaf nodes are generated correctly if the plaintext and nonce of that leaf node are valid. As for the plaintext, as mentioned above, it is valid if the updated content of the leaf node does not depend on the plaintext before the update.

[0116] Regarding nonce, even if the nonce is tampered with, the tampering can be detected through verification at the node above it (parent node, etc.). Here, let's assume that an attacker performs a replay attack in the tree structure shown in Figure 10. Suppose the attacker tampered with the nonce value N(3,1) of the leaf node (N(3,1),M[1],Tag(3,1)) to a different value N(3,1)'. In this case, the attacker also needs to tamper with Tag(2,1) and N(2,1) of the parent node to Tag(2,1)' and N(2,1)'. Otherwise, due to the security of MAC, the tampering will be detected during the MAC integrity verification at node (N(2,1),Tag(2,1)). Note that Tag(2,1)' = MAC_K(N(2,1)',N(3,1)'||N(3,2)).

[0117] Here, assume that the attacker knows Tag(2,1)' and N(2,1)' in advance. That is, assume that N(3,1)' < N(3,1) and N(2,1)' < N(2,1), and that MAC_K(N(2,1)', N(3,1)'||N(3,2)) is known to the attacker in advance. In this case, the attacker can correctly forge Tag(2,1)' and N(2,1)' through rollback. Such forgery cannot be detected by the integrity verification using MAC. And the attacker can similarly forge the tag and nonce of node (N(1,1), Tag(1,1)), which is the parent node of node (N(2,1), Tag(2,1)), into Tag(1,1)' and N(1,1)' respectively. Such forgery cannot be detected by the integrity verification using MAC.

[0118] On the other hand, since the attacker has forged N(1,1) into N(1,1)', accordingly, the attacker also needs to forge Tag(0,1) and N(0,1) of the root node (N(0,1), Tag(0,1)). Otherwise, due to the security of MAC, the forgery will be detected during the integrity verification of MAC at the root node. Therefore, the attacker needs to forge Tag(0,1) and N(0,1) into Tag(0,1)' and N(0,1)'. Note that it should be noted that Tag(0,1)' = MAC_K(N(0,1)', N(1,1)'||N(1,2)). However, N(0,1) is stored in the secure On-chip area. Therefore, it is impossible to forge N(0,1). Therefore, even if the forgery is not detected at node (N(1,1), Tag(1,1)), the forgery will definitely be detected at the root node. Therefore, when the updated content of the leaf node does not depend on the plaintext before update, even if the nonce of the leaf node is forged, the forgery will be detected by the verification at the upper-level node. Therefore, when the updated content of the leaf node does not depend on the plaintext before update, even if the verification of the tag for the leaf node is not required, the security is not compromised.

[0119] Furthermore, assuming that the computational complexity required for verification is the same for all nodes, in the case of a tree structure with depth d, the computational complexity of the memory verification process in the memory update device 30 according to this embodiment is (d-1) / d times that of the technique described in Patent Document 2. If the cost of the verification process for a leaf node is greater than the cost of the verification process for other nodes, the computational complexity reduction effect of the method according to this embodiment becomes even greater. Also, the depth d is usually around one integer digit, which is relatively small. Here, (d-1) / d becomes smaller as d becomes smaller. Therefore, the computational complexity reduction effect of the method according to this embodiment is relatively large.

[0120] (Second embodiment) Next, a second embodiment will be described. For clarity of explanation, the following descriptions and drawings have been omitted and simplified as appropriate. In addition, the same elements are denoted by the same reference numerals in each drawing, and redundant explanations have been omitted where necessary. Therefore, the following description will mainly focus on the differences from the first embodiment described above. The configuration of the second embodiment corresponds to an improved version of the configuration described in Patent Document 2. In the second embodiment, the number of branches in the tree structure is different compared to the first embodiment. In the second embodiment, an example will be described in which the number of branches in the tree structure constituting the memory protection system is b and the depth is d. In other words, the number of leaf nodes in the second embodiment is b^d.

[0121] Figure 12 shows an example of a tree structure configured by the memory protection system 1 according to the second embodiment. Figure 12 shows a tree structure when the number of branches b=3 and the depth d=3. The Root, Inter, and Leaf are substantially the same as in the first embodiment described above. In the second embodiment, the number of branches b can be any integer greater than or equal to 3.

[0122] The memory protection system 1 according to the second embodiment comprises a memory structure initialization device 10a, a memory verification device 20a, and a memory update device 30a. The memory structure initialization device 10a according to the second embodiment takes plaintext (plaintext message) to be tampered with as input and outputs an initial state tree structure.

[0123] In the second embodiment, the plaintext is represented by a combination of b^d plaintext blocks. That is, the following equation 22 holds. (Formula 22) M = M[1]||M[2]||···||M[b^d] Furthermore, a single plaintext block is defined as a Block bit.

[0124] The memory verification device 20a takes the storage location and tree structure of the plaintext block to be checked for tampering as input and verifies whether the memory corresponding to that storage location has been tampered with. The memory update device 30a takes the storage location of the plaintext block to be updated, the content of the update, and the tree structure as input. The memory update device 30a outputs the updated tree structure or an error message indicating that tampering has been detected.

[0125] [Description of the memory structure initialization device configuration] The memory structure initialization device 10a according to the second embodiment includes a plaintext input unit 100, a nonce assignment unit 101a, and a tag generation unit 102a. Furthermore, the memory structure initialization device 10a according to the second embodiment includes a leaf node generation unit 103a, an intermediate node generation unit 104a, a root node generation unit 105, and a tree structure output unit 106. Note that the plaintext input unit 100 is substantially the same as the plaintext input unit 100 in the memory structure initialization device 10 of the first embodiment, so its description is omitted.

[0126] The nonce assignment unit 101a assigns node-specific nonce information to each node in the tree structure, similar to the nonce assignment unit 101. Here, when 0 <= i <= d and 1 <= j_i <= b^{i}, the nonce assigned to the j_i-th node at depth i is represented by N(i, j_i). The nonce information assigned to all nodes in the tree structure is then described as the nonce set N, as shown in equation 23 below. (Formula 23) N=(N(0,1),N(1,1),N(1,2),...,N(1,b),N(2,1),N(2,2),...,N(d,b^d-1),N(d,b^d))

[0127] The tag generation unit 102a, like the tag generation unit 102, generates a tag for tamper detection using the plaintext M output by the plaintext input unit 100, the nonce set N output by the nonce assignment unit 101a, and the secret key K. First, the tag generation unit 102a generates data represented by the following equation 24 as a tag to be used in the leaf node. (Formula 24) TagLeaf=((M[1],Tag(d,1)),(M[2],Tag(d,2)),...,(M[b^d],Tag(d,b^d))) Tag(d,j_d)=MAC_K(N(d,j_d),M[j_d]) However, 1 <= j_d <= b^d

[0128] Next, the tag generation unit 102a generates data represented by the following equation 25 as a tag to be used in the intermediate node. (Formula 25) TagInter=(Tag(1,1),...,Tag(d-1,b^{d-1})) Tag(i,j_i)=MAC_K((N(i,j_i),N(i+1,b·j_i-(b-1))||···||N(i+1,b·j_i)) However, 1 <= i <= d-1, 1 <= j_i <= b^i Furthermore, "N(i+1,b·j_i-(b-1))||···||N(i+1,b·j_i)" is a concatenation of nonces of the b child nodes of node (i,j_i).

[0129] Next, the tag generation unit 102a generates data represented by the following equation 26 as a tag to be used in the root node. (Formula 26) TagRoot=(Tag(0,1)) Tag(0,1)=MAC_K(N(0,1),N(1,1)||...||N(1,b)) Note that "N(1,1)||···||N(1,b)" represents the concatenation of nonces of the b child nodes of the root node (0,1).

[0130] From equations 24, 25, and 26, the tag corresponding to each node corresponds to the result of a MAC calculation in leaf nodes, where the plaintext block corresponding to the node is used as the plaintext, and the node's nonce and its plaintext are used as inputs. In nodes other than leaf nodes, the tag corresponding to each node corresponds to the result of a MAC calculation in which the concatenation of nonces of multiple child nodes is used as the plaintext, and the node's nonce and its plaintext are used as inputs.

[0131] As illustrated in Figure 12, when the overall depth d of the tree structure is d=3 and the number of branches b is b=3, the tag corresponding to each node is expressed by the following equation 27. Here, i is the depth index. Also, j_i is the node index (order; ordinal number) at depth i. (Formula 27) For 0<=i<=3,1<=j_i<=3^i, (For 0<=i<=2) Tag(i,j_i)=MAC_K(N(i,j_i),N(i+1,3j_i-2)||N(i+1,3j_i-1)||N(i+1,3j_i)) (For i=3) Tag(i,j_i)=MAC_K(N(i,j_i),M[j_i])

[0132] The tag generation unit 102a then outputs the tag set TagLeaf to the leaf node generation unit 103a. The tag generation unit 102a also outputs the tag set TagInter to the intermediate node generation unit 104a. The tag generation unit 102a also outputs the tag set TagRoot to the root node generation unit 105.

[0133] The leaf node generation unit 103a generates leaf nodes in a tree structure using the tag set TagLeaf output by the tag generation unit 102a, similar to the leaf node generation unit 103. Here, since the depth i=d in a leaf node, 1 <= j_d <= b^d. The j_d-th leaf node is then generated as shown in equation 28 below. (Formula 28) (N(d,j_d),M[j_d],Tag(d,j_d))

[0134] Furthermore, all leaf nodes are described as shown in Equation 29 below. (Formula 29) Leaf=((N(d,1),M[1],Tag(d,1)),((N(d,2),M[2],Tag(d,2)),...,(N(d,b^d),M[b^d],Tag(d,b^d)))

[0135] As shown in Figure 12, when the total depth of the tree structure is d=3, each leaf node is represented by the following equation 30. (Formula 30) Leaf=((N(3,1),M[1],Tag(3,1)),(N(3,2),M[2],Tag(3,2)),...,(N(3,27),M

[27] ,Tag(3,27))) Furthermore, the leaf node generation unit 103a outputs the generated set of leaf nodes, Leaf, to the tree structure output unit 106.

[0136] The intermediate node generation unit 104a generates intermediate nodes in the tree structure using the tag set TagInter output by the tag generation unit 102a, similar to the intermediate node generation unit 104. Here, in the intermediate nodes, 1 <= i <= d-1 and 1 <= j_i <= b^i. The j_i-th intermediate node at depth i is generated as shown in equation 31 below. (Formula 31) (N(i,j_i),Tag(i,j_i))

[0137] Furthermore, all intermediate nodes are described as shown in Equation 32 below. (Formula 32) Inter=((N(1,1),Tag(1,1)),(N(1,2),Tag(1,2)),...,(N(d-1,b^{d-1}),Tag(d-1,b^{d-1})))

[0138] As shown in Figure 12, when the total depth of the tree structure is d=3, each intermediate node is represented by the following equation 33. (Formula 33) Inter=((N(1,1),Tag(1,1)),(N(1,2),Tag(1,2)),...,(N(2,9),Tag(2,9))) Furthermore, the intermediate node generation unit 104a outputs the generated set of intermediate nodes Inter to the tree structure output unit 106.

[0139] The root node generation unit 105 is substantially the same as the root node generation unit 105 in the memory structure initialization device 10 of the first embodiment, so its description is omitted. The tree structure output unit 106 is substantially the same as the tree structure output unit 106 in the memory structure initialization device 10 of the first embodiment, so its description is omitted.

[0140] [Description of the memory verification device configuration] The memory verification device 20a according to the second embodiment includes a tree structure input unit 200, a verification location input unit 202a, a tag verification unit 203a, and a verification result output unit 204. The tree structure input unit 200 is substantially the same as the tree structure input unit 200 in the memory verification device 20 of the first embodiment, so its description is omitted. The tree structure Tree input to the tree structure input unit 200 includes a nonce set N as shown in the above-described equation 23.

[0141] The verification location input unit 202a accepts a memory verification location CheckNode input, similar to the verification location input unit 202. The verification location input unit 202a then outputs the verification location CheckNode to the tag verification unit 203a. In this second embodiment, CheckNode is a number between 1 and b^d, and represents that the verification location is the CheckNode-th position of the leaf node.

[0142] The tag verification unit 203a, like the tag verification unit 203, uses the tree structure Tree, the verification location CheckNode, and the secret key K to verify whether the memory specified by CheckNode has not been tampered with. The tag verification unit 203 then outputs the verification result to the verification result output unit 204. First, the tag verification unit 203 generates a path Path from the CheckNode-th leaf node to the root node. The path Path is represented by the following equation 34. (Formula 34) Path=((d,p_d),(d-1,p_{d-1}),(d-2,p_{d-2}),···,(1,p_1),(0,p_0))

[0143] Here, when 0 <= i <= d and 1 <= j_i <= b^{i}, each element (i, j_i) of the Path represents the j_i-th node at depth i. In other words, j_i indicates the ordinal number of the node at depth i. Note that p_d = CheckNode, and when 0 <= i <= d-1, p_i is defined by the following equation 35. (Formula 35) p_i=ceiling(p_{i+1} / b) However, ceiling(·) represents the ceiling function. Also, the value of p_0 is always 1.

[0144] Next, the tag verification unit 203a calculates the following equation 36 using the tree structure Tree, which is the output of the tree structure input unit 200, and the secret key K. (Formula 36) PathTag'=(Tag'(d,p_d),Tag'(d-1,p_{d-1}),···,Tag'(0,p_0)) Tag'(d,p_d)=MAC_K(N(d,p_d),M[p_d]) Tag'(i,p_i)=MAC_K(N(i,p_i),N(i+1,b·p_i-(b-1))||···||N(i+1,b·p_i-1)||N(i+1,b·p_i)) However, 0 <= i <= d - 1

[0145] Here, MAC_K is substantially the same as the method used in the tag generation unit 102a of the memory structure initializer 10a in the second embodiment, so its explanation is omitted. Tag'(i,p_i) is obtained by inputting the nonce of the node in question into the nonce portion of the MAC function's input, and concatenating b nonces of the node's child nodes into the plaintext portion of the MAC function's input.

[0146] Next, the tag verification unit 203a obtains a value represented by the following equation 37 from the tree structure Tree, which is the output of the tree structure input unit 200. (Formula 37) PathTag=(Tag(d,p_d),Tag(d-1,p_{d-1}),···,Tag(0,p_0))

[0147] Then, the tag verification unit 203a checks whether the PathTag' it calculated is equal to the PathTag obtained from the Tree. When 0 <= i <= d, for all i, Tag'(i,p_i)=Tag(i,p_i) If this condition is met, the tag verification unit 203a sets the verification result to ACK. Here, ACK indicates that the information of the nodes involved in the path has not been tampered with. The verification result is denoted as B, and the verification result being ACK is denoted as B=ACK.

[0148] On the other hand, when 0 <= i <= d, for some i, Tag'(i,p_i)≠Tag(i,p_i) If this condition is met, the tag verification unit 203a sets the verification result to NCK. Here, NCK indicates that the information of the node involved in the path has been tampered with. The verification result being NCK is denoted as B=NCK.

[0149] The tag verification unit 203a outputs verification result B to the verification result output unit 204. The verification result output unit 204 is substantially the same as the verification result output unit 204 in the memory verification device 20 of the first embodiment, so its description is omitted.

[0150] [Description of the memory update device configuration] The memory update device 30a according to the second embodiment includes a tree structure input unit 300, an update location input unit 302a, a memory verification unit 303a, a nonce update unit 304, a tag update unit 305a, an update result output unit 306, an update determination unit 310, and a plaintext update unit 312. The tree structure input unit 300 is substantially the same as the tree structure input unit 300 in the memory update device 30 of the first embodiment, so its description is omitted. The tree structure Tree input to the tree structure input unit 300 includes a nonce set N as shown in the above-described equation 23.

[0151] The update location input unit 302a accepts the memory update information UpdateNode input, similar to the update location input unit 302. The update location input unit 302a then outputs the memory update information UpdateNode to the update determination unit 310, the plaintext update unit 312, the memory verification unit 303a, and the tag update unit 305a.

[0152] Here, we define UpdateNode = (UpdateIndex, UpdateInfo). UpdateIndex is data that indicates the leaf node corresponding to the update location. For example, UpdateIndex is a number between 1 and b^d, and it indicates that the update location is at the UpdateIndex position of the leaf node. In other words, UpdateIndex indicates the order (ordinal number) of the leaf node corresponding to the update location at depth d.

[0153] UpdateInfo is data that indicates the update content. UpdateInfo represents the information in the Block bits for updating the plaintext block M[UpdateIndex], which is information contained in the UpdateIndex-th leaf node. The plaintext block M[UpdateIndex] can be updated according to the update content UpdateInfo.

[0154] The update determination unit 310 is substantially the same as the update determination unit 310 in the memory update device 30 of the first embodiment, so its description will be omitted.

[0155] The memory verification unit 303a, like the memory verification unit 303, uses the tree structure Tree, the memory update information UpdateNode, and the secret key K to verify whether the memory specified by UpdateNode has not been tampered with. In other words, the memory verification unit 303a verifies whether the node corresponding to the path related to the leaf node specified by UpdateNode has not been tampered with. The verification process performed by the memory verification unit 303a is substantially the same as that of the tag verification unit 203a in the memory verification device 20a of the second embodiment, but the output results are different. The tag verification unit 203a in the memory verification device 20a of the second embodiment outputs verification result B, but the memory verification unit 303a outputs the path Path from the node to the root node along with verification result B. The memory verification unit 303a outputs verification result B to the nonce update unit 304, the plaintext update unit 312, the tag update unit 305a, and the update result output unit 306. Furthermore, the memory verification unit 303a outputs the path to the nonce update unit 304 and the tag update unit 305a.

[0156] The path is represented as shown in equation 38 below. (Formula 38) Path=((d,p_d),(d-1,p_{d-1}),(d-2,p_{d-2}),···,(1,p_1),(0,p_0)) From the operations performed by the memory verification unit 303a, it can be seen that p_d = UpdateIndex.

[0157] Furthermore, the other functions of the memory verification unit 303a are substantially the same as those of the memory verification unit 303 in the first embodiment, so their explanation will be omitted. In other words, the memory verification unit 303a, like the memory verification unit 303, may not verify the leaf node's tag depending on the determination result of the update determination unit 310.

[0158] The plaintext update unit 312 is substantially the same as the plaintext update unit 312 in the memory update device 30 of the first embodiment, so its description is omitted. Similarly, the nonce update unit 304 is substantially the same as the nonce update unit 304 in the memory update device 30 of the first embodiment, so its description is omitted.

[0159] The tag update unit 305a updates the tag of the node specified by Path using the updated tree structure NewTree', the nonce set N, the memory update information UpdateNode, the verification result B and path Path, and the secret key K. If B=ACK, the tag update unit 305 performs the calculation of equation 39 below for 0<=i<=d-1. (Formula 39) Tag(d,p_d)←MAC_K(N(d,p_d),UpdateInfo) Tag(i,p_i)←MAC_K(N(i,p_i),N(i+1,b·p_i-(b-1))||···||N(i+1,b·p_i))

[0160] Note that MAC_K is substantially the same as the method used in the tag generation unit 102a of the memory structure initialization device 10a and the tag verification unit 203a of the memory verification device 20a in the second embodiment, so its explanation is omitted. Tag(i,p_i) is obtained by inputting the nonce of the node in question into the nonce part of the MAC function's input, and inputting b nonces of the child nodes of the node in question concatenated into the plaintext part of the MAC function's input. The tag update unit 305a then outputs the updated tree structure NewTree to the update result output unit 306. On the other hand, if B=NCK, the tag update unit 305a does not perform any processing and outputs nothing.

[0161] The update result output unit 306 is substantially the same as the update result output unit 306 in the memory update device 30 of the first embodiment, so its description will be omitted.

[0162] [Explanation of effects] The effects achieved by the second embodiment are substantially the same as those achieved by the first embodiment. However, while the first embodiment assumed a binary tree structure, the second embodiment allows for an arbitrary number of branches in the tree structure. Therefore, the effects achieved by the first embodiment can also be realized for tree structures with an arbitrary number of branches.

[0163] (Third embodiment) Next, a third embodiment will be described. For clarity of explanation, the following descriptions and drawings have been omitted and simplified as appropriate. Also, in each drawing, the same elements are denoted by the same reference numerals, and redundant explanations have been omitted as necessary. The third embodiment is a modification of the first embodiment. Therefore, the following description will mainly focus on the differences from the first embodiment described above. The configuration of the third embodiment corresponds to an improved version of the configuration of Patent Document 2 described above. In the third embodiment, in addition to memory verification, an example of a memory protection system that encrypts and conceals the input plaintext will be described. However, the tree structure of the memory protection system 1 according to the third embodiment is defined as having 2 branches and a depth of d, similar to the first embodiment.

[0164] Figure 13 shows an example of a tree structure configured by the memory protection system 1 according to the third embodiment. Figure 13 shows the tree structure when the number of branches b=2 and the depth d=3. The Root, Inter, and Leaf are substantially the same as in the first embodiment described above.

[0165] The memory protection system 1 according to the third embodiment comprises a memory structure initialization device 10c, a memory verification device 20c, and a memory update device 30c. The memory protection system 1 performs memory tampering detection and concealment. The memory structure initialization device 10c according to the third embodiment takes plaintext to be tampered with and concealed as input and outputs an initial state tree structure.

[0166] The memory verification device 20c takes the storage location and tree structure of the ciphertext block to be checked for tampering as input and verifies whether the memory corresponding to that storage location has been tampered with. The memory update device 30c takes the storage location of the ciphertext block to be updated, the content of the update, and the tree structure as input. The memory update device 30c outputs the updated tree structure or an error message indicating that tampering has been detected.

[0167] The memory protection system 1 according to the third embodiment uses authenticated cryptography (AE) as an elemental technology, in addition to the MAC used in the memory protection system 1 of the first embodiment. The AE using the secret key K is defined by two functions: the encryption function AE.Enc_K and the decryption function AE.Dec_K which is paired with the encryption function AE.Enc_K. AE.Enc_K takes a nonce N and plaintext M as input and outputs ciphertext C and an authentication tag Tag. The encryption function is expressed as shown in Equation 40 below. (Formula 40) AE.Enc_K(N,M)=(C,T)

[0168] AE.Dec_K takes three inputs: nonce N, ciphertext C, and authentication tag T. If no tampering is detected, it outputs the decrypted plaintext M. If tampering is detected, it outputs an error message ⊥. This can be written as equation 41 below. (Formula 41) AE.Dec_K(N,C,T)=M(if no tampering is detected) AE.Dec_K(N,C,T)=⊥(If tampering is detected)

[0169] [Description of the memory structure initialization device configuration] The memory structure initialization device 10c according to the third embodiment includes a plaintext input unit 100, a nonce assignment unit 101, and a tag generation unit 102c. The memory structure initialization device 10c according to the third embodiment also includes a leaf node generation unit 103c, an intermediate node generation unit 104, a root node generation unit 105, and a tree structure output unit 106.

[0170] The plaintext input unit 100 is substantially the same as the plaintext input unit 100 in the memory structure initialization device of the first embodiment, so its description is omitted. The nonce allocation unit 101 is substantially the same as the nonce allocation unit 101 in the memory structure initialization device of the first embodiment, so its description is omitted.

[0171] The tag generation unit 102c generates tamper-detection tags and ciphertext using the plaintext M output by the plaintext input unit 100, the nonce set N output by the nonce assignment unit 101, and the secret keys K_1 and K_2. MAC is used for tag generation for intermediate nodes and root nodes, and authenticated cryptography (AE) is used for encryption of plaintext (leaf nodes) and tag generation. Examples of AE algorithms include OCB (Offset CodeBook).

[0172] First, the tag generation unit 102c generates data represented by the following equation 42 as the ciphertext and tag to be used in the leaf node. (Formula 42) TagLeaf=((C[1],Tag(d,1)),(C[2],Tag(d,2)),···,(C[2^d],Tag(d,2^d))) (C[j_d],Tag(d,j_d))=AE.Enc_{K_1}(N(d,j_d),M[j_d]) However, 1 <= j_d <= 2^d

[0173] Note that AE.Enc_{K_1}(·,·) represents the encryption function of AE. Also, C[j_d] indicates the j_d-th ciphertext block.

[0174] Next, the tag generation unit 102c generates data represented by the following equation 43 as a tag to be used in the intermediate node. (Formula 43) TagInter=(Tag(1,1),...,Tag(d-1,2^{d-1})) Tag(i,j_i)=MAC_{K_2}((N(i,j_i),N(i+1,2j_i-1)||N(i+1,2j_i)) However, 1 <= i <= d-1, 1 <= j_i <= 2^i

[0175] Next, the tag generation unit 102c generates data represented by the following equation 44 as a tag to be used in the root node. (Formula 44) TagRoot=(Tag(0,1)) Tag(0,1)=MAC_{K_2}(N(0,1),N(1,1)||N(1,2))

[0176] From equations 42, 43, and 44, the tag corresponding to each node corresponds to the result of an AE calculation in leaf nodes, using the plaintext block corresponding to the node itself as the plaintext, and the node's nonce and its plaintext as input. The ciphertext block is output as a result of this calculation. In addition, the tag corresponding to each node in nodes other than leaf nodes corresponds to the result of a MAC calculation in which the concatenation of nonces of multiple child nodes is used as the plaintext, and the node's nonce and its plaintext as input.

[0177] As illustrated in Figure 13, when the total depth d of the tree structure is d=3, equations 42, 43, and 44 can be expressed as equation 45 below. Here, i is the depth index. Also, j_i is the index (order; ordinal number) of the node at depth i. (Formula 45) For 0<=i<=3,1<=j_i<=2^i, (For 0<=i<=2) Tag(i,j_i)=MAC_{K_2}(N(i,j_i),N(i+1,2j_i-1)||N(i+1,2j_i)) (For i=3) (C[j_i],Tag(i,j_i))=AE.Enc_{K_1}(N(i,j_i),M[j_i])

[0178] The tag generation unit 102c then outputs the tag set TagLeaf to the leaf node generation unit 103c. The tag generation unit 102c also outputs the tag set TagInter to the intermediate node generation unit 104. The tag generation unit 102c also outputs the tag set TagRoot to the root node generation unit 105.

[0179] The leaf node generation unit 103c generates leaf nodes in a tree structure using the ciphertext and tag set TagLeaf output by the tag generation unit 102c. Here, since the depth i=d in a leaf node, 1 <= j_d <= 2^d. The j_d-th leaf node is generated as shown in equation 46 below. (Formula 46) (N(d,j_d),C[j_d],Tag(d,j_d))

[0180] Furthermore, all leaf nodes are described as shown in Equation 47 below. (Formula 47) Leaf=((N(d,1),C[1],Tag(d,1)),((N(d,2),C[2],Tag(d,2)),...,(N(d,2^d),C[2^d],Tag(d,2^d)))

[0181] As shown in Figure 13, when the total depth of the tree structure is d=3, each leaf node is represented by the following equation 48. (Formula 48) Leaf=((N(3,1),C[1],Tag(3,1)),(N(3,2),C[2],Tag(3,2)),...,(N(3,8),C[8],Tag(3,8))) The leaf node generation unit 103c outputs the generated set of leaf nodes, Leaf, to the tree structure output unit 106.

[0182] The intermediate node generation unit 104 is substantially the same as the intermediate node generation unit 104 in the memory structure initialization device 10 of the first embodiment, so its description is omitted. The root node generation unit 105 is substantially the same as the root node generation unit 105 in the memory structure initialization device 10 of the first embodiment, so its description is omitted. The tree structure output unit 106 is substantially the same as the tree structure output unit 106 in the memory structure initialization device 10 of the first embodiment, so its description is omitted.

[0183] [Description of the memory verification device configuration] The memory verification device 20c according to the third embodiment includes a tree structure input unit 200, a verification location input unit 202, a tag verification unit 203c, and a verification result output unit 204. The tree structure input unit 200 is substantially the same as the tree structure input unit 200 in the memory verification device 20 of the first embodiment, so its description is omitted. The verification location input unit 202 is substantially the same as the verification location input unit 202 in the memory verification device 20 of the first embodiment, so its description is omitted.

[0184] The tag verification unit 203c uses the tree structure Tree, the verification location CheckNode, and the secret keys K_1 and K_2 to verify whether the memory specified by CheckNode has been tampered with. The tag verification unit 203c then outputs the verification result to the verification result output unit 204. First, the tag verification unit 203c generates a path Path from the CheckNode-th leaf node to the root node. Here, the path Path represents the path between nodes from the leaf node to the root node and is expressed in the following equation 49. (Formula 49) Path=((d,p_d),(d-1,p_{d-1}),(d-2,p_{d-2}),···,(1,p_1),(0,p_0))

[0185] Here, when 0 <= i <= d and 1 <= j_i <= 2^{i}, each element (i, j_i) of the Path represents the j_i-th node at depth i. In other words, j_i indicates the ordinal number of the node at depth i. Note that p_d = CheckNode, and when 0 <= i <= d-1, p_i is defined by the following equation 50. (Formula 50) p_i=ceiling(p_{i+1} / 2) However, `ceiling(·)` represents the ceiling function. Also, the value of p_0 is always 1.

[0186] Next, the tag verification unit 203c calculates the following equation 51 using the tree structure Tree, which is the output of the tree structure input unit 200, and the secret keys K_1 and K_2. (Formula 51) AE.Dec_{K_1}(N(d,p_d),C[p_d],Tag(d,p_d))

[0187] If the above calculation result is an error message ⊥, the tag verification unit 203c defines the verification result B as B=NCK, outputs B, and terminates processing. Note that AE.Dec_{K_1}(·,·,·) is a decoding function corresponding to the method AE.Enc_{K_1} used in the tag generation unit 102c of the memory structure initialization device 10c in the third embodiment. NCK indicates that the information of the node related to the path has been tampered with.

[0188] On the other hand, if the above calculation result is the plaintext M[p_d], that is, if it indicates that the ciphertext C[p_d] has been correctly decrypted, the tag verification unit 203c then calculates the following equation 52. (Formula 52) PathTag'=(Tag'(d-1,p_{d-1}),...,Tag'(0,p_0)) Tag'(i,p_i)=MAC_{K_2}(N(i,p_i),N(i+1,2p_i-1)||N(i+1,2p_i)) However, 0 <= i <= d - 1

[0189] Here, MAC_{K_2}(·) is substantially the same as the MAC method used in the tag generation unit 102c of the memory structure initializer 10c in the third embodiment, so its explanation is omitted. Also, similar to the first embodiment, Tag'(i,p_i) is obtained by inputting the nonce of the node in question into the nonce portion of the MAC function's input, and concatenating two nonces of the child nodes of that node into the plaintext portion of the MAC function's input.

[0190] Next, the tag verification unit 203c obtains a value represented by the following equation 53 from the tree structure Tree, which is the output of the tree structure input unit 200. (Formula 53) PathTag=(Tag(d-1,p_{d-1}),...,Tag(0,p_0))

[0191] Then, the tag verification unit 203c checks whether the PathTag' it calculated is equal to the PathTag obtained from the Tree. When 0 <= i <= d-1, for all i, Tag'(i,p_i)=Tag(i,p_i) If this condition is met, the tag verification unit 203c sets the verification result to ACK. Here, ACK indicates that the information of the nodes involved in the path has not been tampered with. The verification result is denoted as B, and the verification result being ACK is denoted as B=ACK.

[0192] On the other hand, when 0 <= i <= d-1, for some i, Tag'(i,p_i)≠Tag(i,p_i) If the condition is met, the tag verification unit 203c sets the verification result to NCK.

[0193] The tag verification unit 203c outputs verification result B. The verification result output unit 204 is substantially the same as the verification result output unit 204 in the memory verification device 20 of the first embodiment, so its description is omitted.

[0194] [Description of the memory update device configuration] The memory update device 30c according to the third embodiment includes a tree structure input unit 300, an update location input unit 302, a memory verification unit 303c, a nonce update unit 304, a tag update unit 305c, an update result output unit 306, an update determination unit 310, and a plaintext update unit 312. The tree structure input unit 300 is substantially the same as the tree structure input unit 300 in the memory update device 30 of the first embodiment, so its description is omitted. The update location input unit 302 is substantially the same as the update location input unit 302 in the memory update device 30 of the first embodiment, so its description is omitted. The update determination unit 310 is substantially the same as the update determination unit 310 in the memory update device 30 of the first embodiment, so its description is omitted.

[0195] The memory verification unit 303c uses the tree structure Tree, the memory update information UpdateNode, and the secret keys K_1 and K_2 to verify whether the memory specified by UpdateNode has not been tampered with. In other words, the memory verification unit 303c verifies whether the node corresponding to the path related to the leaf node specified by UpdateNode has not been tampered with. The verification process performed by the memory verification unit 303c is substantially the same as that of the tag verification unit 203c in the memory verification device 20c of the third embodiment, but the output results are different. The tag verification unit 203c in the memory verification device 20c of the third embodiment outputs verification result B, but the memory verification unit 303c outputs the path Path from the node to the root node along with verification result B. The memory verification unit 303c outputs verification result B to the plaintext update unit 312, the nonce update unit 304, the tag update unit 305c, and the update result output unit 306. Furthermore, the memory verification unit 303c outputs the path to the nonce update unit 304 and the tag update unit 305c.

[0196] Furthermore, the other functions of the memory verification unit 303c are substantially the same as those of the memory verification unit 303 in the first embodiment, so their explanation will be omitted. In other words, the memory verification unit 303c, like the memory verification unit 303, may not verify the leaf node's tag depending on the determination result of the update determination unit 310.

[0197] The plaintext update unit 312 is substantially the same as the plaintext update unit 312 in the memory update device 30 of the first embodiment, so its description is omitted. Similarly, the nonce update unit 304 is substantially the same as the nonce update unit 304 in the memory update device 30 of the first embodiment, so its description is omitted.

[0198] The tag update unit 305c updates the tag of the node specified by Path using the updated tree structure NewTree', the nonce set N, the memory update information UpdateNode, the verification result B and path Path, and the secret keys K_1 and K_2. If B=ACK, the tag update unit 305c performs the calculation of equation 54 below for 0<=i<=d-1. (Formula 54) (C[p_d],Tag(d,p_d))←AE.Enc_{K_1}(N(d,p_d),UpdateInfo) Tag(i,p_i)←MAC_{K_2}(N(i,p_i),N(i+1,2p_i-1)||N(i+1,2p_i))

[0199] Note that AE.Enc_{K_1}(·,·) and MAC_{K_2}(·) are substantially the same as the methods used in the tag generation unit 102c of the memory structure initialization device 10c and the tag verification unit 203c of the memory verification device 20c in the third embodiment. The tag update unit 305c then outputs the updated tree structure NewTree. On the other hand, if B=NCK, the tag update unit 305c does not perform any processing and outputs nothing.

[0200] The update result output unit 306 is substantially the same as the update result output unit 306 in the memory update device 30 of the first embodiment, so its description will be omitted.

[0201] [Explanation of effects] The third embodiment offers the advantage of memory concealment in addition to the advantages of the first embodiment. In the first embodiment, MAC was used to detect tampering with plaintext messages. In contrast, in the third embodiment, by applying AE processing to plaintext messages, it becomes possible to conceal plaintext messages in addition to detecting tampering. Furthermore, generally, the computational complexity of AE is greater than that of MAC. Therefore, by making it possible to eliminate the need for integrity verification of leaf nodes during update processing, as in this embodiment, the computational complexity of AE can be reduced, thereby further reducing the computational complexity required for verification. Consequently, it becomes possible to perform node verification processing more efficiently when updating the contents of memory.

[0202] Furthermore, the AE used can be a rate 1 method like OCB, that is, a method that can achieve plaintext encryption and authentication tag generation at the cost of encryption only, and can be adopted such that the data size of the plaintext and ciphertext are the same. In this case, the total data size of the tree structure and the computational load required by each device remain almost unchanged compared to the first embodiment. In other words, the third embodiment enables both tamper detection and concealment with the same data size and computational load as the first embodiment. Also, while the tree structure of the third embodiment assumed a binary tree, it is naturally possible to use a tree structure with an increased number of branches, as in the second embodiment.

[0203] (Fourth embodiment) Next, a fourth embodiment will be described. For clarity of explanation, the following descriptions and drawings have been omitted and simplified as appropriate. In addition, the same elements are denoted by the same reference numerals in each drawing, and redundant explanations have been omitted where necessary. The configuration of the fourth embodiment corresponds to an improved version of the configuration described in Patent Document 3 above.

[0204] In the fourth embodiment, we describe an example where the tree structure comprising the memory protection system has 2 branches and a depth of d. That is, the number of leaf nodes in the fourth embodiment is 2^d. The depth of the root node is defined as 0, and the depth of the leaf nodes is defined as d.

[0205] The memory protection system 1 (information processing system) according to the fourth embodiment comprises a memory structure initialization device 12, a memory verification device 22, and a memory update device 32. The memory protection system 1 of the fourth embodiment corresponds to replacing the memory structure initialization device 10, memory verification device 20, and memory update device 30 of Figure 1 with the memory structure initialization device 12, memory verification device 22, and memory update device 32, respectively. The memory structure initialization device 12, memory verification device 22, and memory update device 32 may be physically integrated or separate. Furthermore, the components of each device described later using Figures 14 to 16 may be implemented by other devices.

[0206] When referring to other embodiments described later, the memory structure initialization device 12 may be denoted as the memory structure initialization devices 12a and 12c. Similarly, when referring to other embodiments described later, the memory verification device 22 may be denoted as the memory verification devices 22a and 22c. Similarly, when referring to other embodiments described later, the memory update device 32 may be denoted as the memory update devices 32a and 32c. The same applies to the components shown in FIGS. 14 to 16.

[0207] FIG. 14 is a block diagram showing a configuration example of the memory structure initialization device 12 according to the fourth embodiment. FIG. 15 is a block diagram showing a configuration example of the memory verification device 22 according to the fourth embodiment. FIG. 16 is a block diagram showing a configuration example of the memory update device 32 according to the fourth embodiment. FIG. 17 is a flowchart showing an example of the processing procedure of the memory structure initialization device 12 according to the fourth embodiment. FIG. 18 is a flowchart showing an example of the processing procedure of the memory verification device 22 according to the fourth embodiment. FIGS. 19 to 21 are flowcharts showing examples of the processing procedures of the memory update device 32 according to the fourth embodiment. FIGS. 14 to 21 will be described later.

[0208] In the memory protection system 1 according to the fourth embodiment, the memory structure initialization device 12 takes as input a plaintext (plaintext message) for which forgery detection is to be performed, and outputs an initial state tree structure and a set of memory addresses of each node in the tree structure. However, the plaintext is represented as a concatenation of 2^d plaintext blocks. That is, the following equation (55) holds. (Equation 55) M = M[1] || M[2] || ··· || M[2^d] Also, one plaintext block is defined as a Block bit.

[0209] The memory verification device 22 verifies whether the memory corresponding to the storage location is tampered with, taking as input the storage location of the plaintext (plaintext block) for which tampering is to be checked, the tree structure, and the memory addresses of each node in the tree structure. The memory update device 32 takes as input the storage location of the plaintext (plaintext block) to be updated, the update content thereof, the tree structure, and the memory addresses of each node in the tree structure. Then, the memory update device 32 outputs the updated tree structure or an error message indicating that tampering has been detected.

[0210] FIG. 22 is a diagram showing an example of a tree structure configured by the memory protection system 1 according to the fourth embodiment. In FIG. 22, a tree structure for the case of d = 3 is shown. Note that Root, Inter, and Leaf will be described later.

[0211] [Explanation of the Configuration of the Memory Structure Initialization Device] FIG. 14 is a block diagram showing a configuration example of the memory structure initialization device 12 according to the fourth embodiment. As shown in FIG. 14, the memory structure initialization device 12 according to the fourth embodiment includes a plaintext input unit 120, a memory address assignment unit 121, and a tag generation unit 122. Further, the memory structure initialization device 12 includes a leaf node generation unit 123, an intermediate node generation unit 124, a root node generation unit 125, a tree structure output unit 126, and a memory address output unit 127.

[0212] The plaintext input unit 120 has a function as plaintext input means. The memory address assignment unit 121 has a function as memory address assignment means. The tag generation unit 122 has a function as tag generation means. The leaf node generation unit 123 has a function as leaf node generation means. The intermediate node generation unit 124 has a function as intermediate node generation means. The root node generation unit 125 has a function as root node generation means. The tree structure output unit 126 has a function as tree structure output means. The memory address output unit 127 has a function as memory address output means.

[0213] The memory structure initialization device 12 is, for example, a computer. The memory structure initialization device 12 may implement each of the components shown in Figure 14 by executing a software program in the central processing unit. Furthermore, each component implemented in the memory structure initialization device 12 may be implemented as an individual device, a functional unit, or an electronic circuit. This also applies to other embodiments described later.

[0214] The plaintext input unit 120 receives input of plaintext M to be protected. The plaintext input unit 120 outputs the received plaintext M to the tag generation unit 122. Here, the method by which the plaintext input unit 120 receives input of plaintext M is not limited to a specific method. For example, the plaintext input unit 120 may be equipped with a character input device such as a keyboard and accept user operations to input plaintext M. Alternatively, the plaintext input unit 120 may receive plaintext M from another device.

[0215] The memory address allocation unit 121 assigns node-specific memory address information to each node in the tree structure. The memory address allocation unit 121 then outputs the memory address information to the tag generation unit 122 and the memory address output unit 127. Here, since the number of nodes and the amount of data in each node are predetermined, it is possible to allocate memory addresses before defining the information inside each node. Furthermore, by its nature, the memory address information is uniquely determined for each node. In other words, the memory address information is unique to each node. This prevents data swap attacks between nodes.

[0216] Here, when 0 <= i <= d and 1 <= j_i <= 2^{i}, the memory address to be assigned to the j_i-th node at depth i is represented by add(i, j_i). Then, the memory address information assigned to all nodes in the tree structure is written as the memory address set Add, as shown in equation 56 below. (Formula 56) Add=(add(0,1),add(1,1),add(1,2),add(2,1),add(2,2),...,add(d,2^d-1),add(d,2^d))

[0217] Here, "add(0,1)" corresponds to the memory address of the root node. Also, "add(d,1),...,add(d,2^d)" corresponds to the memory addresses of multiple leaf nodes. The others correspond to the memory addresses of intermediate nodes.

[0218] Furthermore, when a memory address is written as add(a,b), a represents the depth in the tree structure of the node to which that memory address is assigned. b represents the order (ordinal number) of the node to which that memory address is assigned at depth a. The same applies to the tag notation Tag(a,b), which will be discussed later.

[0219] The tag generation unit 122 generates a tag for tamper detection using the plaintext M output by the plaintext input unit 120, the memory address set Add output by the memory address allocation unit 121, and the secret key K. The MAC function described above is used for tag generation. First, the tag generation unit 122 generates data represented by the following equation 57 as a tag to be used in the leaf node. (Formula 57) TagLeaf=((M[1],Tag(d,1)),(M[2],Tag(d,2)),···,(M[2^d],Tag(d,2^d))) Tag(d,j_d)=MAC_K(add(d,j_d)||ctr(d,j_d),M[j_d]) However, 1 <= j_d <= 2^d

[0220] Note that ctr(d,j_d) represents the counter value of the j_d-th leaf node at depth d, and is incremented by 1 each time the node is updated. Here, we define ctr(d,j_d) = 0^{CTR-1}||1 for all j_d. Also, CTR is the bit length of the local counter value stored in each node, and "0^{CTR-1}" represents a bit sequence of CTR-1 zeros concatenated together. We assume that the value of CTR is predetermined.

[0221] Next, the tag generation unit 122 generates data represented by the following equation 58 as tags to be used in the intermediate node. (Formula 58) TagInter=(Tag(1,1),...,Tag(d-1,2^{d-1})) Tag(i,j_i)=MAC_K(add(i,j_i)||ctr(i,j_i),ctr(i+1,2j_i-1)||ctr(i+1,2j_i)) However, 1 <= i <= d-1, 1 <= j_i <= 2^i

[0222] Next, the tag generation unit 122 generates data represented by the following equation 59 as a tag to be used in the root node. (Formula 59) TagRoot=(Tag(0,1)) Tag(0,1)=MAC_K(add(0,1)||ctr(0,1),ctr(1,1)||ctr(1,2))

[0223] From equations 57, 58, and 59, the tags corresponding to each node are as follows: In leaf nodes, the tag corresponds to the result of a MAC calculation using the nonce and plaintext block corresponding to the node as input, with the nonce being the concatenation of the node's memory address and local counter value, and the plaintext being the plaintext. In nodes other than leaf nodes, the tag corresponds to the result of a MAC calculation using the nonce and plaintext as input, with the nonce being the concatenation of the node's memory address and local counter value, and the plaintext being the concatenation of the local counter values ​​of multiple child nodes.

[0224] As illustrated in FIG. 22, when the depth d of the entire tree structure is d = 3, the tag corresponding to each node is represented by the following Equation 60. Here, i is the index of the depth. Also, j_i is the index (order; ordinal number) of the node at depth i. (Equation 60) For 0 <= i <= 3, 1 <= j_i <= 2^i, (For 0 <= i <= 2) Tag(i,j_i)=MAC_K(add(i,j_i)||ctr(i,j_i),ctr(i + 1,2j_i - 1)||ctr(i + 1,2j_i)) (For i = 3) Tag(i,j_i)=MAC_K(add(i,j_i)||ctr(i,j_i),M[j_i])

[0225] Then, the tag generation unit 122 outputs the tag set TagLeaf to the leaf node generation unit 123. Also, the tag generation unit 122 outputs the tag set TagInter to the intermediate node generation unit 124. Also, the tag generation unit 122 outputs the tag set TagRoot to the root node generation unit 125.

[0226] The leaf node generation unit 123 generates the leaf nodes of the tree structure using the tag set TagLeaf output by the tag generation unit 122. Here, in the leaf node, since the depth i = d, 1 <= j_d <= 2^d. And the j_d-th leaf node is generated as shown in the following Equation 61. (Equation 61) (ctr(d,j_d),M[j_d],Tag(d,j_d))

[0227] Also, all the leaf nodes are described as in the following Equation 62. (Equation 62) Leaf = ((ctr(d,1),M[1],Tag(d,1)),((ctr(d,2),M[2],Tag(d,2)),···,(ctr(d,2^d),M[2^d],Tag(d,2^d))) Furthermore, the leaf node generation unit 123 outputs the generated set of leaf nodes, Leaf, to the tree structure output unit 126.

[0228] The intermediate node generation unit 124 generates intermediate nodes in the tree structure using the tag set TagInter output by the tag generation unit 122. Here, in the intermediate nodes, 1 <= i <= d-1 and 1 <= j_i <= 2^i. The j_i-th intermediate node at depth i is generated as shown in equation 63 below. (Formula 63) (ctr(i,j_i),Tag(i,j_i)) However, we define ctr(i,j_i)=0^{CTR-1}||1 for all i,j_i.

[0229] Furthermore, all intermediate nodes are described as shown in Equation 64 below. (Formula 64) Inter=((ctr(1,1),Tag(1,1)),(ctr(1,2),Tag(1,2)),...,(ctr(d-1,2^{d-1}),Tag(d-1,2^{d-1})))

[0230] As shown in Figure 22, when the total depth of the tree structure is d=3, each intermediate node is represented by the following equation 65. (Formula 65) Inter=((ctr(1,1),Tag(1,1)),(ctr(1,2),Tag(1,2)),...,(ctr(2,4),Tag(2,4))) Furthermore, the intermediate node generation unit 124 outputs the generated set of intermediate nodes Inter to the tree structure output unit 126.

[0231] The root node generation unit 125 generates the root node of the tree structure using the tag TagRoot output by the tag generation unit 122. The root node is generated as shown in equation 66 below, where ctr(0,1) = 0^{CTR-1}||1. (Formula 66) Root=(ctr(0,1),Tag(0,1)) Furthermore, the root node generation unit 125 outputs the generated root node Root to the tree structure output unit 126.

[0232] The tree structure output unit 126 concatenates the leaf node set Leaf output by the leaf node generation unit 123, the intermediate node set Inter output by the intermediate node generation unit 124, and the root node Root output by the root node generation unit 125. The tree structure output unit 126 then outputs the concatenated data sequence as data representing the tree structure (tree structure Tree) to a computer display, printer, etc. The memory address output unit 127 outputs the memory address Add output by the memory address allocation unit 121 to a computer display, printer, etc.

[0233] [Description of the memory verification device configuration] Figure 15 is a block diagram showing an example configuration of a memory verification device 22 according to the fourth embodiment. As shown in Figure 15, the memory verification device 22 according to the fourth embodiment includes a tree structure input unit 220, a memory address input unit 221, a verification location input unit 222, a tag verification unit 223, and a verification result output unit 224.

[0234] The tree structure input unit 220 functions as a tree structure input means. The memory address input unit 221 functions as a memory address input means. The verification location input unit 222 functions as a verification location input means. The tag verification unit 223 functions as a tag verification means. The verification result output unit 224 functions as a verification result output means.

[0235] The memory verification device 22 is, for example, a computer. The memory verification device 22 may implement each of the components shown in Figure 15 by executing a software program in its central processing unit. Furthermore, each component implemented in the memory verification device 22 may be implemented as an individual device, a functional unit, or an electronic circuit. This also applies to other embodiments described later.

[0236] The tree structure input unit 220 accepts a tree structure input for protecting the memory to be verified. The tree structure input unit 220 then outputs the tree structure to the tag verification unit 223. Here, the tree structure consists of a set of leaf nodes, an intermediate node set, and a root node. The tree structure may also be a data sequence output by the tree structure output unit 126, in which the set of leaf nodes, the intermediate node set, and the root node are concatenated.

[0237] The memory address input unit 221 accepts the memory address set Add, which is assigned to a tree structure for protecting the memory to be verified, as input. The memory address input unit 221 then outputs the memory address set Add to the tag verification unit 223. Add is written as shown in equation 67 below. (Formula 67) Add=(add(0,1),add(1,1),add(1,2),add(2,1),add(2,2),...,add(d,2^d-1),add(d,2^d)) However, when 0 <= i <= d and 1 <= j_i <= 2^{i}, the memory address of the j_i-th node at depth i is represented by add(i, j_i).

[0238] The verification location input unit 222 accepts the input of a CheckNode for the verification location in memory. The verification location input unit 222 then outputs the CheckNode to the tag verification unit 223. CheckNode is data that indicates the node corresponding to the verification location in memory. Specifically, CheckNode is a number between 1 and 2^d, and indicates that the verification location is the CheckNode-th position of the leaf node. In other words, CheckNode indicates the position (order; ordinal number) of the leaf node corresponding to the verification location.

[0239] The tag verification unit 223 uses the tree structure Tree, the memory address set Add, the verification location CheckNode, and the secret key K to verify whether the memory specified by CheckNode has been tampered with. The tag verification unit 223 then outputs the verification result to the verification result output unit 224. First, the tag verification unit 223 generates a path Path from the CheckNode-th leaf node to the root node. Here, the path Path is data that indicates the path between nodes from the leaf node to the root node. The path Path is represented by the following equation 68. (Formula 68) Path=((d,p_d),(d-1,p_{d-1}),(d-2,p_{d-2}),···,(1,p_1),(0,p_0))

[0240] Here, when 0 <= i <= d and 1 <= j_i <= 2^{i}, each element (i, j_i) of the Path represents the j_i-th node at depth i. In other words, j_i indicates the ordinal number of the node at depth i. Note that p_d = CheckNode, and when 0 <= i <= d-1, p_i is defined by the following equation 69. (Formula 69) p_i=ceiling(p_{i+1} / 2) However, ceiling(·) represents the ceiling function. Also, the value of p_0 is always 1.

[0241] Next, the tag verification unit 223 calculates the following equation 70 using Add, which is the output of the memory address input unit 221, the tree structure Tree, which is the output of the tree structure input unit 220, and the secret key K. (Formula 70) PathTag'=(Tag'(d,p_d),Tag'(d-1,p_{d-1}),···,Tag'(0,p_0)) Tag'(d,p_d)=MAC_K(add(d,p_d)||ctr(d,p_d),M[p_d]) Tag'(i,p_i)=MAC_K(add(i,p_i)||ctr(i,p_i),ctr(i+1,2p_i-1)||ctr(i+1,2p_i)) However, 0 <= i <= d - 1

[0242] Here, MAC_K is substantially the same as the method used in the tag generation unit 122 of the memory structure initializer 12 in the fourth embodiment, so its explanation is omitted. Furthermore, Tag'(i,p_i) is obtained by inputting the concatenation of the node's address and local counter into the nonce portion of the MAC function's input, and concatenating two local counters of the node's child nodes into the plaintext portion of the MAC function's input.

[0243] Next, the tag verification unit 223 obtains a value represented by the following equation 71 from the tree structure Tree, which is the output of the tree structure input unit 220. (Formula 71) PathTag=(Tag(d,p_d),Tag(d-1,p_{d-1}),···,Tag(0,p_0))

[0244] Then, the tag verification unit 223 checks whether the PathTag' it calculated is equal to the PathTag obtained from the Tree. When 0 <= i <= d, for all i, Tag'(i,p_i)=Tag(i,p_i) If the condition is met, the tag verification unit 223 sets the verification result to ACK. The verification result is denoted as B, and the fact that the verification result is ACK is denoted as B=ACK.

[0245] On the other hand, when 0 <= i <= d, for some i, Tag'(i,p_i)≠Tag(i,p_i) If the condition is met, the tag verification unit 223 sets the verification result to NCK. The verification result being NCK is also denoted as B=NCK.

[0246] The tag verification unit 223 outputs verification result B to the verification result output unit 224. The verification result output unit 224 outputs the verification result B output by the tag verification unit 223 to a computer display, printer, or the like.

[0247] [Description of the memory update device configuration] Figure 16 is a block diagram showing an example configuration of a memory update device 32 according to the fourth embodiment. As shown in Figure 16, the memory update device 32 according to the fourth embodiment includes a tree structure input unit 320, a memory address input unit 321, an update location input unit 322, a memory verification unit 323, a counter update unit 324, a tag update unit 325, and an update result output unit 326. The memory update device 32 according to the fourth embodiment also includes an update determination unit 330 and a plaintext update unit 332.

[0248] The tree structure input unit 320 functions as a tree structure input means. The memory address input unit 321 functions as a memory address input means. The update location input unit 322 functions as an update location input means. The memory verification unit 323 functions as a memory verification means. The counter update unit 324 functions as a counter update means. The tag update unit 325 functions as a tag update means. The update result output unit 326 functions as an update result output means. The update determination unit 330 functions as an update determination means. The plaintext update unit 332 functions as a plaintext update means.

[0249] The memory update device 32 is, for example, a computer. The memory update device 32 may implement each of the components shown in Figure 16 by executing a software program in the central processing unit. Furthermore, each component implemented in the memory update device 32 may be implemented as an individual device, a functional unit, or an electronic circuit. This also applies to other embodiments described later.

[0250] The tree structure input unit 320 accepts a tree structure input to protect the memory to be updated. The tree structure input unit 320 then outputs the tree structure to the memory verification unit 323 and the counter update unit 324, as shown by the dashed line in Figure 16. The tree structure input unit 320 may also output the tree structure to the plaintext update unit 332. As described above, the tree structure consists of a set of leaf nodes, an intermediate node set, and a root node. Note that the function of the tree structure input unit 320 is substantially the same as the function of the tree structure input unit 220 in the memory verification device 22 according to the fourth embodiment, so a description is omitted.

[0251] The memory address input unit 321 receives input of a memory address set Add, which is assigned to a tree structure for protecting the memory to be verified. The memory address input unit 321 then outputs the memory address set Add to the memory verification unit 323 and the tag update unit 325, as shown by the solid line in Figure 16. Note that the function of the memory address input unit 321 is substantially the same as the function of the memory address input unit 221 in the memory verification device 22 according to the fourth embodiment, so a description is omitted.

[0252] The update location input unit 322 receives the memory update information UpdateNode as input. Then, as shown by the dotted line in Figure 16, the update location input unit 322 outputs the memory update information UpdateNode to the update determination unit 330, the plaintext update unit 332, the memory verification unit 323, and the tag update unit 325. Here, as described above, the memory update information UpdateNode is information about the node to be updated in the tree structure. Since UpdateNode is substantially the same as that of the first embodiment described above, its explanation is omitted.

[0253] The update determination unit 330 uses the update information UpdateNode to determine whether the update content of the leaf node containing the plaintext to be updated depends on the plaintext before the update. The function of the update determination unit 330 is substantially the same as that of the update determination unit 310 in the first embodiment, so a description is omitted.

[0254] The memory verification unit 323 uses the tree structure Tree, the memory address set Add, the memory update information UpdateNode, and the secret key K to verify whether the memory specified by UpdateNode has been tampered with. In other words, the memory verification unit 323 verifies whether the node corresponding to the path related to the leaf node specified by UpdateNode has been tampered with. The processing performed by the memory verification unit 323 is substantially the same as the processing performed by the tag verification unit 223 in the memory verification device 22 of the fourth embodiment, but the output results are different. The tag verification unit 223 in the memory verification device 22 of the fourth embodiment outputs verification result B, but the memory verification unit 323 outputs the path Path from the node to the root node along with verification result B. As shown by the thick dashed line in Figure 16, the memory verification unit 323 outputs verification result B to the counter update unit 324, the tag update unit 325, and the update result output unit 326. Alternatively, the memory verification unit 323 may output verification result B to the plaintext update unit 332. Furthermore, the memory verification unit 323 outputs the path to the counter update unit 324 and the tag update unit 325, as shown by the thick solid line in Figure 16.

[0255] The path is represented as shown in equation 72 below. (Formula 72) Path=((d,p_d),(d-1,p_{d-1}),(d-2,p_{d-2}),···,(1,p_1),(0,p_0)) From the operations performed by the memory verification unit 323, it can be seen that p_d = UpdateIndex.

[0256] In other words, the memory verification unit 323 generates a path Path from the leaf node to the root node in the tree structure. The memory verification unit 323 also generates a tag used for verification by inputting a nonce to the MAC, which is the concatenation of at least the unique memory address of each node and the local counter stored in each node. The memory verification unit 323 then verifies the tag stored in each node. In other words, the memory verification unit 323 generates a tag Tag' for each node in the path Path by calculating the equation 70 described above. The memory verification unit 323 compares the generated tag Tag' with the stored tag Tag (the tag related to the Tree) for each node to determine whether they match. In this way, the memory verification unit 323 verifies that each node has not been tampered with. In other words, the memory verification unit 323 performs integrity verification for each node. The memory verification unit 323 then outputs verification result B.

[0257] Here, the memory verification unit 323 according to the fourth embodiment, similar to the memory verification unit 303 according to the first embodiment, may not verify the tags of leaf nodes depending on the determination result of the update determination unit 330. Specifically, if the update content of a leaf node does not depend on the plaintext before the update, the memory verification unit 323 verifies the tags of nodes other than leaf nodes in the path Path. On the other hand, if the update content of a leaf node depends on the plaintext before the update, the memory verification unit 323 verifies the tags of all nodes, including leaf nodes, in the path Path.

[0258] The plaintext update unit 332 updates the plaintext to be updated at the leaf node based on the update information UpdateNode when the verification result B indicates that no tampering has been detected. The function of the plaintext update unit 332 is substantially the same as that of the plaintext update unit 312 in the first embodiment, so a description is omitted.

[0259] The counter update unit 324 updates the information of the node specified by Path using the tree structure Tree, the verification result B, and the path Path. If B = ACK, the following process is performed. First, the counter update unit 324 updates the counter value by adding 1 to the counter value of the node specified by Path. That is, for 0 <= i <= d, the counter update unit 324 performs the calculation of equation 73 below. (Formula 73) ctr(i,p_i)←ctr(i,p_i)+1 However, a←b represents updating a with b. The counter update unit 324 then outputs the updated tree structure 'NewTree' to the tag update unit 325. On the other hand, if B=NCK, the counter update unit 324 does not perform any processing and outputs nothing.

[0260] The tag update unit 325 updates the tag of the node specified by Path using the updated tree structure 'NewTree', the memory address set Add, the memory update information UpdateNode, the verification result B and path Path, and the secret key K. If B=ACK, the tag update unit 325 performs the calculation of equation 74 below for 0<=i<=d-1. (Formula 74) Tag(d,p_d)←MAC_K(add(d,p_d)||ctr(d,p_d),UpdateInfo) Tag(i,p_i)←MAC_K(add(i,p_i)||ctr(i,p_i),ctr(i+1,2p_i-1)||ctr(i+1,2p_i))

[0261] Furthermore, MAC_K is the same method used in the tag generation unit 122 of the memory structure initialization device 12 and the tag verification unit 223 of the memory verification device 22 in the fourth embodiment. Tag(i,p_i) is obtained by inputting the concatenation of the node's address and local counter into the nonce portion of the MAC function's input, and concatenating two local counters of the node's child nodes into the plaintext portion of the MAC function's input.

[0262] The tag update unit 325 then outputs the updated tree structure NewTree to the update result output unit 326. The new tree structure NewTree consists of the updated leaf node set Leaf, the updated intermediate node set Inter, and the updated root node Root. As shown in equation 62, the updated plaintext information is included in the updated leaf node set Leaf. On the other hand, if B=NCK, the tag update unit 325 does not perform any processing and outputs nothing.

[0263] The update result output unit 326 outputs the update result using the verification result B output by the memory verification unit 323 and the tree structure NewTree output by the tag update unit 325. If B=ACK, the update result output unit 326 outputs NewTree to a computer display or printer. The update result output unit 326 may also output UpdateNode separately from NewTree. On the other hand, if B=NCK, the update result output unit 326 outputs the verification result B=NCK to a computer display or printer.

[0264] [Explanation of operation] Figure 17 is a flowchart showing the operation (memory structure initialization method) of the memory structure initialization device 12. In step S121, the plaintext input unit 120 receives the input of plaintext M to be protected. In step S122, the memory address allocation unit 121 allocates memory addresses to each node of the tree structure and generates a memory address set Add. In step S123, the tag generation unit 122 uses the plaintext M and the memory address set Add to generate a tag set (TagLeaf, TagInter, TagRoot) for tamper detection.

[0265] In step S124, the leaf node generation unit 123 generates a tree structure of leaf nodes, Leaf, using the tag set TagLeaf output by the tag generation unit 122. In step S125, the intermediate node generation unit 124 generates a tree structure of intermediate nodes, Inter, using the tag set TagInter output by the tag generation unit 122. In step S126, the root node generation unit 125 generates a tree structure of root nodes, Root, using the tag TagRoot output by the tag generation unit 122.

[0266] In step S127, the tree structure output unit 126 connects the leaf node set Leaf, the intermediate node set Inter, and the root node Root, and outputs a concatenated data sequence representing the tree structure to a computer display or printer. The memory address output unit 127 also outputs the memory address Add, output by the memory address allocation unit 121, to a computer display or printer. After step S127, the memory structure initialization device 12 completes the process shown in Figure 17.

[0267] Figure 18 is a flowchart showing the operation (memory verification method) of the memory verification device 22. In step S221, the tree structure input unit 220 receives input of a tree structure Tree to protect the memory to be verified. As described above, the tree structure Tree consists of a set of leaf nodes Leaf, a set of intermediate nodes Inter, and a root node Root. The memory address input unit 221 receives input of a set of memory addresses Add assigned to the tree structure to protect the memory to be verified. Furthermore, the verification location input unit 222 receives input of a memory verification location CheckNode.

[0268] In step S222, the tag verification unit 223 verifies the tags of each node using the tree structure Tree, the memory address set Add, and the verification location CheckNode. This allows the tag verification unit 223 to verify whether the memory specified by CheckNode has been tampered with. Furthermore, the tag verification unit 223 determines whether to accept (ACK) or reject (NCK) and outputs verification result B. In step S223, the verification result output unit 224 outputs verification result B to a computer display, printer, or the like. After step S223, the memory verification device 22 completes the process shown in Figure 18.

[0269] Figures 19 to 21 are flowcharts showing the operation (memory update method) of the memory update device 32. In step S320, the tree structure input unit 320 receives input of a tree structure Tree to protect the memory to be updated. As described above, the tree structure Tree consists of a set of leaf nodes Leaf, a set of intermediate nodes Inter, and a root node Root. Also in step S320, the memory address input unit 321 receives input of a set of memory addresses Add assigned to the tree structure to protect the memory to be verified. Furthermore, in step S320, the update location input unit 322 receives input of memory update information UpdateNode. As described above, the update information UpdateNode is defined as UpdateNode=(UpdateIndex,UpdateInfo).

[0270] In step S321, the update determination unit 330 determines whether the update content UpdateInfo of the update information UpdateNode replaces the plain text block corresponding to the update location UpdateIndex with a fixed value. Specifically, the update determination unit 330 may determine whether the update content UpdateInfo of the update information UpdateNode contains a fixed value. If the update content UpdateInfo of the update information UpdateNode replaces the plain text block with a fixed value (if the determination result in S321 is YES), the process proceeds to step S322. On the other hand, if the update content UpdateInfo of the update information UpdateNode does not replace the plain text block with a fixed value (if the determination result in S321 is NO), the process proceeds to step S332.

[0271] As shown in Figure 20, in step S322, the memory verification unit 323 uses the tree structure Tree, the memory address set Add, and the memory update information UpdateNode to verify the tags of nodes other than leaf nodes. This allows the memory verification unit 323 to verify whether each node has been tampered with. Furthermore, the memory verification unit 323 determines whether to accept (ACK) or reject (NCK) and outputs the verification result B. The memory verification unit 323 then outputs the verification result B and the path Path used for memory verification. If B=ACK, i.e., no memory tampering is detected (S322: B=ACK (accepted)), the process proceeds to step S324. On the other hand, if B=NCK, i.e., memory tampering is detected (S322: B=NCK (rejected)), the process proceeds to step S323.

[0272] In step S323, the update result output unit 326 outputs the verification result B output by the memory verification unit 323 to a computer display, printer, or the like. After step S323, the memory update device 32 terminates the process.

[0273] In step S324, the counter update unit 324 updates the counter of the node specified by Path, using the tree structure Tree output by the tree structure input unit 320 and the path Path output by the memory verification unit 323. The counter update unit 324 then outputs a new tree structure NewTree' as a result of the update.

[0274] In step S325, the plaintext of the leaf nodes and the tags corresponding to the path Path are updated using the tree structure 'NewTree', the path Path, and the memory update information UpdateNode. Specifically, the plaintext update unit 332 updates the plaintext (plaintext block) of the leaf nodes indicated by the update information UpdateNode. The tag update unit 325 updates the tags of the nodes indicated by Path. The tag update unit 325 then outputs the new tree structure NewTree as a result of the update.

[0275] In step S326, the update result output unit 326 outputs the tree structure NewTree output by the tag update unit 325. After step S326, the memory update device 32 terminates processing.

[0276] On the other hand, as shown in Figure 21, in step S332, the memory verification unit 323 verifies the tags of all nodes in the path. Specifically, the memory verification unit 323 uses the tree structure Tree, the memory address set Add, and the memory update information UpdateNode to verify the tags of all nodes in the path related to the leaf nodes specified by UpdateNode. This allows the memory verification unit 323 to verify whether each node has been tampered with. Furthermore, the memory verification unit 323 determines whether to accept (ACK) or reject (NCK) and outputs the verification result B. The memory verification unit 323 then outputs the verification result B and the path Path used for memory verification. If B=ACK, i.e., no memory tampering is detected (S332: B=ACK (accepted)), the process proceeds to step S334. On the other hand, if B=NCK, i.e., memory tampering is detected (S332: B=NCK (rejected)), the process proceeds to step S333.

[0277] In the same manner as in step S323, in step S333, the update result output unit 326 outputs the verification result B output by the memory verification unit 323 to a computer display, printer, or the like. After step S333, the memory update device 32 terminates the process.

[0278] In step S334, similar to step S324, the counter update unit 324 updates the counter of the node specified by Path, using the tree structure Tree output by the tree structure input unit 320 and the path Path output by the memory verification unit 323. The counter update unit 324 then outputs a new tree structure NewTree' as a result of the update.

[0279] In step S335, similar to step S325, the plaintext of the leaf nodes and the tags corresponding to the path Path are updated using the tree structure 'NewTree', the path Path, and the memory update information UpdateNode. Specifically, the plaintext update unit 332 updates the plaintext (plaintext block) of the leaf nodes indicated by the update information UpdateNode. The tag update unit 325 updates the tags of the nodes indicated by Path. The tag update unit 325 then outputs the new tree structure NewTree as a result of the update.

[0280] In the same manner as in S326, in step S336, the update result output unit 326 outputs the tree structure NewTree output by the tag update unit 325. After step S336, the memory update device 32 terminates processing.

[0281] [Explanation of effects] In the fourth embodiment, when updating plaintext corresponding to a leaf node, the memory update device 32 uses the update information to determine whether the update content of the leaf node containing the plaintext to be updated depends on the plaintext before the update. Then, if the update content of the leaf node does not depend on the plaintext before the update, the memory update device 32 verifies the tags of nodes other than the leaf node in the path from the leaf node to the root node. In the technology described in Patent Document 3, verification is performed on all nodes in the path regardless of the update content. Therefore, with the above configuration, it is possible to reduce the amount of computation required for verification compared to the technology described in Patent Document 3. Thus, as in the first embodiment, it is possible to efficiently perform node verification processing when updating the contents of memory.

[0282] Furthermore, as mentioned above, there is a possibility that the tree structure may be tampered with when updating the contents of memory. On the other hand, as in the first embodiment, in the fourth embodiment as well, if the updated contents of a leaf node do not depend on the plaintext before the update, even if the plaintext contained in the leaf node before the update is tampered with, that plaintext will be updated with data that does not depend on the tampered plaintext. Therefore, the security of the memory is not compromised. Also, in the case of tampering with the local counter, the tampering with the local counter will be detected in the same way as when the nonce is tampered with in the first embodiment described above. Therefore, if the updated contents of a leaf node do not depend on the plaintext before the update, security is not compromised even if tag verification for the leaf node is not required.

[0283] Furthermore, assuming that the computational complexity required for verification is the same for all nodes, in the case of a tree structure with depth d, the computational complexity of the memory verification process in the memory update device 32 according to this embodiment is (d-1) / d times that of the technique described in Patent Document 2. If the cost of the verification process for a leaf node is greater than the cost of the verification process for other nodes, the computational complexity reduction effect of the method according to this embodiment becomes even greater. Also, the depth d is usually around one integer digit, which is relatively small. Here, (d-1) / d becomes smaller as d becomes smaller. Therefore, the computational complexity reduction effect of the method according to this embodiment is relatively large.

[0284] (Fifth embodiment) Next, a fifth embodiment will be described. For clarity of explanation, the following descriptions and drawings have been omitted and simplified as appropriate. Also, in each drawing, the same elements are denoted by the same reference numerals, and redundant explanations have been omitted where necessary. The fifth embodiment is a modification of the fourth embodiment. Therefore, the following description will mainly focus on the differences from the fourth embodiment described above. The configuration of the fifth embodiment corresponds to an improved version of the configuration described in Patent Document 3. Furthermore, in the fifth embodiment, the number of branches in the tree structure is different compared to the fourth embodiment. In the fifth embodiment, an example will be described in which the number of branches in the tree structure constituting the memory protection system is b and the depth is d. In other words, the number of leaf nodes in the fifth embodiment is b^d.

[0285] Figure 23 shows an example of a tree structure configured in the memory protection system according to the fifth embodiment. Figure 23 shows the tree structure when the number of branches b=3 and the depth d=3. The Root, Inter, and Leaf are substantially the same as in the fourth embodiment described above.

[0286] The memory protection system 1 according to the fifth embodiment comprises a memory structure initialization device 12a, a memory verification device 22a, and a memory update device 32a. The memory structure initialization device 12a according to the fifth embodiment takes plaintext to be tampered with as input and outputs an initial state tree structure and a set of memory addresses for each node in the tree structure.

[0287] In the fifth embodiment, the plaintext is represented by a combination of b^d plaintext blocks. That is, the following equation 75 holds. (Formula 75) M = M[1]||M[2]||···||M[b^d] Furthermore, a single plaintext block is defined as a Block bit.

[0288] The memory verification device 22a takes the storage location and tree structure of the plaintext block to be checked for tampering, as well as the memory addresses of each node in the tree structure, as input, and verifies whether the memory corresponding to that storage location has been tampered with. The memory update device 32a takes the storage location and update content of the plaintext block to be updated, its tree structure, and the memory addresses of each node in the tree structure as input. The memory update device 32a outputs the updated tree structure or an error message indicating that tampering has been detected.

[0289] [Description of the memory structure initialization device configuration] The memory structure initialization device 12a according to the fifth embodiment includes a plaintext input unit 120, a memory address allocation unit 121a, and a tag generation unit 122a. The memory structure initialization device 12a according to the fifth embodiment also includes a leaf node generation unit 123a, an intermediate node generation unit 124a, a root node generation unit 125, a tree structure output unit 126, and a memory address output unit 127. Note that the plaintext input unit 120 is substantially the same as the plaintext input unit 120 in the memory structure initialization device 12 of the fourth embodiment, so its description is omitted.

[0290] The memory address allocation unit 121a allocates memory address information to each node in the tree structure. Here, when 0 <= i <= d and 1 <= j_i <= b^{i}, the memory address to be allocated to the j_i-th node at depth i is represented by add(i, j_i). The memory address information allocated to all nodes in the tree structure is then described as the memory address set Add, as shown in equation 76 below. (Formula 76) Add=(add(0,1),add(1,1),add(1,2),...,add(1,b),add(2,1),add(2,2),...,add(d,b^d-1),add(d,b^d))

[0291] The tag generation unit 122a, like the tag generation unit 122, generates a tag for tamper detection using the plaintext M output by the plaintext input unit 120, the memory address set Add output by the memory address allocation unit 121a, and the secret key K. First, the tag generation unit 122a generates data represented by the following equation 77 as a tag to be used in the leaf node. (Formula 77) TagLeaf=((M[1],Tag(d,1)),(M[2],Tag(d,2)),...,(M[b^d],Tag(d,b^d))) Tag(d,j_d)=MAC_K(add(d,j_d)||ctr(d,j_d)),M[i]) 1 <= j_d <= b^d

[0292] Note that ctr(d,j_d) represents the counter value of the j_d-th leaf node at depth d, and is incremented by 1 each time the node is updated. Here, we define ctr(d,j_d) = 0^{CTR-1}||1 for all j_d. Also, CTR is the bit length of the local counter value stored in each node, and "0^{CTR-1}" represents a bit sequence of CTR-1 zeros concatenated together. We assume that the value of CTR is predetermined.

[0293] Next, the tag generation unit 122a generates data represented by the following equation 78 as a tag to be used in the intermediate node. (Formula 78) TagInter=(Tag(1,1),...,Tag(d-1,b^{d-1})) Tag(i,j_i)=MAC_K((add(i,j_i)||ctr(i,j_i),ctr(i+1,b·j_i-(b-1))||···||ctr(i+1,b·j_i)) However, 1 <= i <= d-1, 1 <= j_i <= b^i Furthermore, "ctr(i+1,b·j_i-(b-1))||···||ctr(i+1,b·j_i)" is the concatenation of the local counter values ​​of the b child nodes of node (i,j_i).

[0294] Next, the tag generation unit 122a generates data represented by the following equation 79 as a tag to be used in the root node. (Formula 79) TagRoot=(Tag(0,1)) Tag(0,1)=MAC_K(add(0,1)||ctr(0,1),ctr(1,1)||···||ctr(1,b)) Note that "ctr(1,1)||···||ctr(1,b)" represents the concatenation of the local counter values ​​of the b child nodes of the root node (0,1).

[0295] From equations 77, 78, and 79, the tags corresponding to each node are as follows: In leaf nodes, the tag corresponds to the result of a MAC calculation using the nonce and plaintext block corresponding to the node as input, with the nonce being the concatenation of the node's memory address and local counter value, and the plaintext being the plaintext. In nodes other than leaf nodes, the tag corresponds to the result of a MAC calculation using the nonce and plaintext as input, with the nonce being the concatenation of the node's memory address and local counter value, and the plaintext being the concatenation of the local counter values ​​of multiple child nodes.

[0296] As illustrated in Figure 23, when the overall depth d of the tree structure is d=3 and the number of branches b is b=3, the tag corresponding to each node is expressed by the following equation 80. Here, i is the depth index. Also, j_i is the node index (order; ordinal number) at depth i. (Formula 80) For 0<=i<=3,1<=j_i<=3^i, (For 0<=i<=2) Tag(i,j_i)=MAC_K(add(i,j_i)||ctr(i,j_i),ctr(i+1,3j_i-2)||ctr(i+1,3j_i-1)||ctr(i+1,3j_i)) (For i=3) Tag(i,j_i)=MAC_K(add(i,j_i)||ctr(i,j_i),M[j_i])

[0297] The tag generation unit 122a then outputs the tag set TagLeaf to the leaf node generation unit 123a. The tag generation unit 122a also outputs the tag set TagInter to the intermediate node generation unit 124a. The tag generation unit 122a also outputs the tag set TagRoot to the root node generation unit 125.

[0298] The leaf node generation unit 123a generates leaf nodes in a tree structure using the tag set TagLeaf output by the tag generation unit 122a, similar to the leaf node generation unit 123. Here, since the depth i=d in a leaf node, 1 <= j_d <= b^d. The j_d-th leaf node is then generated as shown in equation 28 below. (Formula 81) (ctr(d,j_d),M[j_d],Tag(d,j_d))

[0299] Furthermore, all leaf nodes are described as shown in Equation 82 below. (Formula 82) Leaf=((ctr(d,1),M[1],Tag(d,1)),(ctr(d,2),M[2],Tag(d,2)),...,(ctr(d,b^d),M[b^d],Tag(d,b^d))) Furthermore, the leaf node generation unit 123a outputs the generated set of leaf nodes, Leaf, to the tree structure output unit 126.

[0300] The intermediate node generation unit 124a generates intermediate nodes in the tree structure using the tag set TagInter output by the tag generation unit 122a, similar to the intermediate node generation unit 124. Here, in the intermediate nodes, 1 <= i <= d-1 and 1 <= j_i <= b^i. The j_i-th intermediate node at depth i is generated as shown in equation 83 below. (Formula 83) (ctr(i,j_i),Tag(i,j_i)) However, we define ctr(i,j_i)=0^{CTR-1}||1 for all i,j_i.

[0301] Furthermore, all intermediate nodes are described as shown in Equation 84 below. (Formula 84) Inter=((ctr(1,1),Tag(1,1)),(ctr(1,2),Tag(1,2)),...,(ctr(d-1,b^{d-1}),Tag(d-1,b^{d-1})))

[0302] As shown in Figure 12, when the total depth of the tree structure is d=3, each intermediate node is represented by the following equation 85. (Formula 85) Inter=((ctr(1,1),Tag(1,1)),(ctr(1,2),Tag(1,2)),...,(ctr(2,9),Tag(2,9))) Furthermore, the intermediate node generation unit 124a outputs the generated set of intermediate nodes Inter to the tree structure output unit 126.

[0303] The root node generation unit 125 is substantially the same as the root node generation unit 125 in the memory structure initialization device 12 of the fourth embodiment, so its description is omitted. The tree structure output unit 126 is substantially the same as the tree structure output unit 126 in the memory structure initialization device 12 of the fourth embodiment, so its description is omitted. The memory address output unit 127 is substantially the same as the memory address output unit 127 in the memory structure initialization device 12 of the fourth embodiment, so its description is omitted.

[0304] [Description of the memory verification device configuration] The memory verification device 22a according to the fifth embodiment includes a tree structure input unit 220, a memory address input unit 221a, a verification location input unit 222a, a tag verification unit 223a, and a verification result output unit 224. The tree structure input unit 220 is substantially the same as the tree structure input unit 220 in the memory verification device 22 of the fourth embodiment, so its description is omitted.

[0305] The memory address input unit 221a accepts the memory address set Add, which is assigned to a tree structure for protecting the memory to be verified, as input. The memory address input unit 221a then outputs the memory address set Add to the tag verification unit 223a. Add is written as shown in equation 86 below. (Formula 86) Add=(add(0,1),add(1,1),add(1,2),...,add(1,b),add(2,1),add(2,2),...,add(d,b^d-1),add(d,b^d)) However, when 0 <= i <= d and 1 <= j_i <= b^{i}, the memory address of the j_i-th node at depth i is represented by add(i, j_i).

[0306] The verification location input unit 222a accepts a memory verification location CheckNode input, similar to the verification location input unit 222. The verification location input unit 222a then outputs the verification location CheckNode to the tag verification unit 223a. In this fifth embodiment, CheckNode is a number between 1 and b^d, and represents that the verification location is the CheckNode-th position of the leaf node.

[0307] The tag verification unit 223a, like the tag verification unit 223, uses the tree structure Tree, the memory address set Add, the verification location CheckNode, and the secret key K to verify whether the memory specified by CheckNode has been tampered with. The tag verification unit 223a then outputs the verification result to the verification result output unit 224. First, the tag verification unit 223a generates a path Path from the CheckNode-th leaf node to the root node. The path Path is represented by the following equation 87. (Formula 87) Path=((d,p_d),(d-1,p_{d-1}),(d-2,p_{d-2}),···,(1,p_1),(0,p_0))

[0308] Here, when 0 <= i <= d and 1 <= j_i <= b^{i}, each element (i, j_i) of the Path represents the j_i-th node at depth i. In other words, j_i indicates the ordinal number of the node at depth i. Note that p_d = CheckNode, and when 0 <= i <= d-1, p_i is defined by the following equation 88. (Formula 88) p_i=ceiling(p_{i+1} / b) However, ceiling(·) represents the ceiling function. Also, the value of p_0 is always 1.

[0309] Next, the tag verification unit 223a calculates the following equation 89 using Add, which is the output of the memory address input unit 221a, Tree, which is the output of the tree structure input unit 220, and the secret key K. (Formula 89) PathTag'=(Tag'(d,p_d),Tag'(d-1,p_{d-1}),···,Tag'(0,p_0)) Tag'(d,p_d)=MAC_K(add(d,p_d)||ctr(d,p_d),M[p_d]) Tag'(i,p_i)=MAC_K(add(i,p_i)||ctr(i,p_i),ctr(i+1,b·p_i-(b-1))||···||ctr(i+1,b·p_i-1)||ctr(i+1,b·p_i)) However, 0 <= i <= d - 1

[0310] Here, MAC_K is substantially the same as the method used in the tag generation unit 122a of the memory structure initializer 12a in the fifth embodiment, so its explanation is omitted. Tag'(i,p_i) is obtained by inputting a concatenation of the node's address and local counter into the nonce portion of the MAC function's input, and concatenating b local counters of the node's child nodes into the plaintext portion of the MAC function's input.

[0311] Next, the tag verification unit 223a obtains a value represented by the following equation 90 from the tree structure Tree, which is the output of the tree structure input unit 220. (Formula 90) PathTag=(Tag(d,p_d),Tag(d-1,p_{d-1}),···,Tag(0,p_0))

[0312] Then, the tag verification unit 223a checks whether the PathTag' it calculated is equal to the PathTag obtained from the Tree. When 0 <= i <= d, for all i, Tag'(i,p_i)=Tag(i,p_i) If the condition is met, the tag verification unit 223a sets the verification result to ACK. The verification result is denoted as B, and the fact that the verification result is ACK is denoted as B=ACK.

[0313] On the other hand, when 0 <= i <= d, for some i, Tag'(i,p_i)≠Tag(i,p_i) If the condition is met, the tag verification unit 223a sets the verification result to NCK. The verification result being NCK is also denoted as B=NCK.

[0314] The tag verification unit 223a outputs verification result B to the verification result output unit 224. The verification result output unit 224 is substantially the same as the verification result output unit 224 in the memory verification device 22 of the fourth embodiment, so its description is omitted.

[0315] [Description of the memory update device configuration] The memory update device 32a according to the fifth embodiment includes a tree structure input unit 320, a memory address input unit 321a, an update location input unit 322a, a memory verification unit 323a, a counter update unit 324, a tag update unit 325a, and an update result output unit 326. The memory update device 32 according to the fifth embodiment also includes an update determination unit 330 and a plaintext update unit 332. The tree structure input unit 320 is substantially the same as the tree structure input unit 320 in the memory update device 32 of the fourth embodiment, so its description is omitted.

[0316] The memory address input unit 321a receives input of a memory address set Add, which is assigned to a tree structure for protecting the memory to be verified. The memory address input unit 321a then outputs the memory address set Add to the memory verification unit 323a and the tag update unit 325a. The function of the memory address input unit 321a is substantially the same as that of the memory address input unit 221a in the memory verification device 22a of the fifth embodiment, so a description is omitted.

[0317] The update location input unit 322a receives the memory update information UpdateNode as input. The update location input unit 322a then outputs the memory update information UpdateNode to the update determination unit 330, the plaintext update unit 332, the memory verification unit 323a, and the tag update unit 325a. As described above, the memory update information UpdateNode is information about the node to be updated in the tree structure. Since UpdateNode is substantially the same as that of the second embodiment described above, its explanation is omitted.

[0318] The update determination unit 330 is substantially the same as the update determination unit 330 in the memory update device 32 of the fourth embodiment, so its description will be omitted.

[0319] The memory verification unit 323a, like the memory verification unit 323, uses the tree structure Tree, the memory address set Add, the memory update information UpdateNode, and the secret key K to verify whether the memory specified by UpdateNode has been tampered with. In other words, the memory verification unit 323a verifies whether the node corresponding to the path related to the leaf node specified by UpdateNode has been tampered with. The verification process performed by the memory verification unit 323a is substantially the same as that of the tag verification unit 223a in the memory verification device 22a of the fifth embodiment, but the output results are different. The tag verification unit 223a in the memory verification device 22a of the fifth embodiment outputs verification result B, but the memory verification unit 323a outputs the path Path from the node to the root node along with verification result B. The memory verification unit 323a outputs verification result B to the counter update unit 324, the plaintext update unit 332, the tag update unit 325a, and the update result output unit 326. Furthermore, the memory verification unit 323a outputs the path to the counter update unit 324 and the tag update unit 325a.

[0320] The path is represented as shown in equation 91 below. (Formula 91) Path=((d,p_d),(d-1,p_{d-1}),(d-2,p_{d-2}),···,(1,p_1),(0,p_0)) From the operations performed by the memory verification unit 323a, it can be seen that p_d = UpdateIndex.

[0321] Furthermore, the other functions of the memory verification unit 323a are substantially the same as those of the memory verification unit 323 in the fourth embodiment, so their explanation will be omitted. In other words, the memory verification unit 323a, like the memory verification unit 323, may not verify the leaf node's tag depending on the determination result of the update determination unit 330.

[0322] The plaintext update unit 332 is substantially the same as the plaintext update unit 332 in the memory update device 32 of the fourth embodiment, so its description is omitted. The counter update unit 324 is substantially the same as the counter update unit 324 in the memory update device 32 of the fourth embodiment, so its description is omitted.

[0323] The tag update unit 325a updates the tag of the node specified by Path using the updated tree structure NewTree', the memory address set Add, the memory update information UpdateNode, the verification result B and path Path, and the secret key K. If B=ACK, the tag update unit 325a performs the calculation of equation 92 below for 0<=i<=d-1. (Formula 92) Tag(d,p_d)←MAC_K(add(d,p_d)||ctr(d,p_d),UpdateInfo) Tag(i,p_i)←MAC_K(add(i,p_i)||ctr(i,p_i),ctr(i+1,b·p_i-(b-1))||···||ctr(i+1,b·p_i))

[0324] Note that MAC_K is substantially the same as the method used in the tag generation unit 122a of the memory structure initialization device 12a and the tag verification unit 223a of the memory verification device 22a in the fifth embodiment, so its explanation will be omitted. Tag(i,p_i) is obtained by inputting the concatenation of the node's address and local counter into the nonce part of the MAC function's input, and inputting the local counters of the node's child nodes concatenated into the plaintext part of the MAC function's input. The tag update unit 325a then outputs the updated tree structure NewTree to the update result output unit 326. On the other hand, if B=NCK, the tag update unit 325a does not perform any processing and outputs nothing.

[0325] The update result output unit 326 is substantially the same as the update result output unit 326 in the memory update device 32 of the fourth embodiment, so its description will be omitted.

[0326] [Explanation of effects] The effects achieved by the fifth embodiment are substantially the same as those achieved by the fourth embodiment. However, while the fourth embodiment assumed a binary tree structure, the fifth embodiment allows for an arbitrary number of branches in the tree structure. Therefore, the effects achieved by the fourth embodiment can also be realized for tree structures with an arbitrary number of branches.

[0327] (Sixth embodiment) Next, the sixth embodiment will be described. For clarity of explanation, the following descriptions and drawings have been omitted and simplified as appropriate. Also, in each drawing, the same elements are denoted by the same reference numerals, and redundant explanations have been omitted where necessary. The sixth embodiment is a modification of the fourth embodiment. Therefore, the following description will mainly focus on the differences from the fourth embodiment described above. In the sixth embodiment, in addition to memory verification, an example of a memory protection system that encrypts and conceals the input plaintext will be described. However, the tree structure of the memory protection system 1 according to the sixth embodiment is defined as having 2 branches and a depth of d, similar to the fourth embodiment.

[0328] Figure 24 shows an example of the tree structure configured by the memory protection system 1 according to the sixth embodiment. Figure 24 shows the tree structure when the number of branches b=2 and the depth d=3. The Root, Inter, and Leaf are substantially the same as in the fourth embodiment described above.

[0329] The memory protection system 1 according to the sixth embodiment comprises a memory structure initialization device 12c, a memory verification device 22c, and a memory update device 32c. The memory protection system 1 performs memory tampering detection and concealment. The memory structure initialization device 12c according to the sixth embodiment takes plaintext to be tampered with and concealed as input and outputs an initial tree structure and a set of memory addresses for each node in the tree structure.

[0330] The memory verification device 22c takes the storage location and tree structure of the ciphertext block to be checked for tampering, as well as the memory addresses of each node in the tree structure, as input and verifies whether that memory has been tampered with. The memory update device 32c takes the storage location and update content of the ciphertext block to be updated, its tree structure, and the memory addresses of each node in the tree structure as input. The memory update device 32c outputs the updated tree structure or an error message indicating that tampering has been detected.

[0331] The memory protection system 1 according to the sixth embodiment uses authenticated cryptography (AE) as an elemental technology, similar to the third embodiment, in addition to the MAC used in the memory protection system 1 in the fourth embodiment. The AE using the secret key K is defined by two functions: the encryption function AE.Enc_K and the decryption function AE.Dec_K which is the counterpart to the encryption function AE.Enc_K. AE.Enc_K takes a nonce N and plaintext M as input and outputs ciphertext C and an authentication tag Tag. The encryption function can be described by the following equation 93. (Formula 93) AE.Enc_K(N,M)=(C,T)

[0332] AE.Dec_K takes three inputs: a nonce N, ciphertext C, and an authentication tag. If no tampering is detected, it outputs the decrypted plaintext M; if tampering is detected, it outputs an error message ⊥. This can be written as equation 94 below. (Formula 94) AE.Dec_K(N,C,T)=M(if no tampering is detected) AE.Dec_K(N,C,T)=⊥(If tampering is detected)

[0333] [Description of the memory structure initialization device configuration] The memory structure initialization device 12c according to the sixth embodiment includes a plaintext input unit 120, a memory address allocation unit 121, and a tag generation unit 122c. The memory structure initialization device 12c according to the sixth embodiment also includes a leaf node generation unit 123c, an intermediate node generation unit 124, a root node generation unit 125, a tree structure output unit 126, and a memory address output unit 127.

[0334] The plaintext input unit 120 is substantially the same as the plaintext input unit 120 in the memory structure initialization device of the fourth embodiment, so its description is omitted. The memory address allocation unit 121 is substantially the same as the memory address allocation unit 121 in the memory structure initialization device of the fourth embodiment, so its description is omitted.

[0335] The tag generation unit 122c generates tags and ciphertext for tamper detection using the plaintext M output by the plaintext input unit 120, the memory address set Add output by the memory address allocation unit 121, and the secret keys K_1 and K_2. MAC is used for tag generation for intermediate nodes and root nodes, and authenticated encryption (AE) is used for encryption of plaintext (leaf nodes) and tag generation.

[0336] First, the tag generation unit 122c generates data represented by the following equation 95 as the ciphertext and tag to be used in the leaf node. (Formula 95) TagLeaf=((C[1],Tag(d,1)),(C[2],Tag(d,2)),···,(C[2^d],Tag(d,2^d))) (C[j_d],Tag(d,j_d))=AE.Enc_{K_1}(add(d,j_d)||ctr(d,j_d),M[j_d]) However, 1 <= j_d <= 2^d

[0337] Note that AE.Enc_{K_1}(·,·) represents the encryption function of AE. Also, C[j_d] indicates the j_d-th ciphertext block.

[0338] Next, the tag generation unit 122c generates data represented by the following equation 96 as a tag to be used in the intermediate node. (Formula 96) TagInter=(Tag(1,1),...,Tag(d-1,2^{d-1})) Tag(i,j_i)=MAC_{K_2}((add(i,j_i)||ctr(i,j_i),ctr(i+1,2j_i-1)||ctr(i+1,2j_i)) However, 1 <= i <= d-1, 1 <= j_i <= 2^i

[0339] Next, the tag generation unit 122c generates data represented by the following equation 97 as a tag to be used in the root node. (Formula 97) TagRoot=(Tag(0,1)) Tag(0,1)=MAC_{K_2}(add(0,1)||ctr(0,1),ctr(1,1)||ctr(1,2))

[0340] From equations 95, 96, and 97, the tags corresponding to each node are as follows: In leaf nodes, the tag corresponds to the result of an AE calculation using the nonce and plaintext block corresponding to the node as input, with the nonce being the concatenation of the node's memory address and local counter value, and the plaintext being the plaintext. The ciphertext block is output as a result of this calculation. In nodes other than leaf nodes, the tag corresponds to the result of a MAC calculation using the nonce and plaintext, with the nonce being the concatenation of the node's memory address and local counter value, and the plaintext being the concatenation of the local counter values ​​of multiple child nodes as input.

[0341] As illustrated in Figure 24, when the total depth d of the tree structure is d=3, equations 95, 96, and 97 can be expressed as equation 98 below. Here, i is the depth index. Also, j_i is the index (order; ordinal number) of the node at depth i. (Formula 98) For 0<=i<=3,1<=j_i<=2^i, (For 0<=i<=2) Tag(i,j_i)=MAC_{K_2}(add(i,j_i)||ctr(i,j_i),ctr(i+1,2j_i-1)||ctr(i+1,2j_i)) (For i=3) (C[j_i],Tag(i,j_i))=AE.Enc_{K_1}(add(i,j_i)||ctr(i,j_i),M[j_i])

[0342] The leaf node generation unit 123c generates leaf nodes in a tree structure using the ciphertext and tag set TagLeaf output by the tag generation unit 122c. Here, since the depth i=d in a leaf node, 1 <= j_d <= 2^d. The j_d-th leaf node is generated as shown in equation 99 below. (Formula 99) (ctr(d,j_d),C[j_d],Tag(d,j_d))

[0343] Furthermore, all leaf nodes are described as shown in equation 100 below. (Formula 100) Leaf=((ctr(d,1),C[1],Tag(d,1)),...,(ctr(d,2^d),C[2^d],Tag(d,2^d)))

[0344] As shown in Figure 24, when the total depth of the tree structure is d=3, each leaf node is represented by the following equation 101. (Formula 101) Leaf=((ctr(3,1),C[1],Tag(3,1)),(ctr(3,2),C[2],Tag(3,2)),...,(ctr(3,8),C[8],Tag(3,8))) The leaf node generation unit 123c outputs the generated set of leaf nodes, Leaf, to the tree structure output unit 126.

[0345] The intermediate node generation unit 124 is substantially the same as the intermediate node generation unit 124 in the memory structure initialization device 12 of the fourth embodiment, so its description is omitted. The root node generation unit 125 is substantially the same as the root node generation unit 125 in the memory structure initialization device 12 of the fourth embodiment, so its description is omitted. The tree structure output unit 126 is substantially the same as the tree structure output unit 126 in the memory structure initialization device 12 of the fourth embodiment, so its description is omitted. The memory address output unit 127 is substantially the same as the memory address output unit 127 in the memory structure initialization device 12 of the fourth embodiment, so its description is omitted.

[0346] [Description of the memory verification device configuration] The memory verification device 22c according to the sixth embodiment includes a tree structure input unit 220, a memory address input unit 221, a verification location input unit 222, a tag verification unit 223c, and a verification result output unit 224. The tree structure input unit 220 is substantially the same as the tree structure input unit 220 in the memory verification device 22 of the fourth embodiment, so its description is omitted. The memory address input unit 221 is substantially the same as the memory address input unit 221 in the memory verification device 22 of the fourth embodiment, so its description is omitted. The verification location input unit 222 is substantially the same as the verification location input unit 222 in the memory verification device 22 of the fourth embodiment, so its description is omitted.

[0347] The tag verification unit 223c uses the tree structure Tree, the memory address set Add, the verification location CheckNode, and the secret keys K_1 and K_2 to verify whether the memory specified by CheckNode has not been tampered with. The tag verification unit 223c then outputs the verification result to the verification result output unit 224. First, the tag verification unit 223c generates a path Path from the CheckNode-th leaf node to the root node. Here, the path Path represents the path between nodes from the leaf node to the root node and is expressed in the following equation 102. (Formula 102) Path=((d,p_d),(d-1,p_{d-1}),(d-2,p_{d-2}),···,(1,p_1),(0,p_0))

[0348] Here, when 0 <= i <= d and 1 <= j_i <= 2^{i}, each element (i, j_i) of the Path represents the j_i-th node at depth i. In other words, j_i indicates the ordinal number of the node at depth i. Note that p_d = CheckNode, and when 0 <= i <= d-1, p_i is defined by the following equation 103. (Formula 103) p_i=ceiling(p_{i+1} / 2) However, `ceiling(·)` represents the ceiling function. Also, the value of p_0 is always 1.

[0349] Next, the tag verification unit 223c calculates the following equation 104 using Add, which is the output of the memory address input unit 221, Tree, which is the output of the tree structure input unit 220, and the secret keys K_1 and K_2. (Formula 104) AE.Dec_{K_1}(add(d,p_d)||ctr(d,p_d),C[p_d],Tag(d,p_d))

[0350] If the above calculation result is an error message ⊥, the tag verification unit 223c defines the verification result B as B=NCK, outputs B, and terminates processing. Note that AE.Dec_{K_1}(·,·,·) is the decoding function of the method AE.Enc_{K_1} used in the tag generation unit 122c of the memory structure initialization device 12c in the sixth embodiment. NCK indicates that the information of the node related to the path has been tampered with.

[0351] On the other hand, if the above calculation result is the plaintext M[p_d], that is, if it indicates that the ciphertext C[p_d] has been correctly decrypted, the tag verification unit 223c then calculates the following equation 105. (Formula 105) PathTag'=(Tag'(d-1,p_{d-1}),...,Tag'(0,p_0)) Tag'(i,p_i)=MAC_{K_2}(add(i,p_i)||ctr(i,p_i),ctr(i+1,2p_i-1)||ctr(i+1,2p_i)) However, 0 <= i <= d - 1

[0352] Here, MAC_{K_2}(·) is substantially the same as the MAC method used in the tag generation unit 122c of the memory structure initializer 12c in the sixth embodiment, so its explanation is omitted. Furthermore, Tag'(i,p_i) is obtained by inputting the concatenation of the node's address and local counter into the nonce portion of the MAC function's input, and concatenating two local counters of the node's child nodes into the plaintext portion of the MAC function's input.

[0353] Furthermore, the tag verification unit 223c obtains a value represented by the following equation 106 from the tree structure Tree, which is the output of the tree structure input unit 220. (Formula 106) PathTag=(Tag(d-1,p_{d-1}),...,Tag(0,p_0))

[0354] Then, the tag verification unit 223c checks whether the PathTag' it calculated is equal to the PathTag obtained from the Tree. When 0 <= i <= d-1, for all i, Tag'(i,p_i)=Tag(i,p_i) If the condition is met, the tag verification unit 223c sets the verification result to ACK. The verification result is denoted as B, and the fact that the verification result is ACK is denoted as B=ACK.

[0355] On the other hand, when 0 <= i <= d-1, for some i, Tag'(i,p_i)≠Tag(i,p_i) If the condition is met, the tag verification unit 223 sets the verification result to NCK.

[0356] The tag verification unit 223 outputs verification result B. The verification result output unit 224 is substantially the same as the verification result output unit 224 in the memory verification device 22 of the fourth embodiment, so its description is omitted.

[0357] [Description of the memory update device configuration] The memory update device 32c according to the sixth embodiment includes a tree structure input unit 320, a memory address input unit 321, an update location input unit 322, a memory verification unit 323c, a counter update unit 324, a tag update unit 325c, and an update result output unit 326. The memory update device 32c according to the sixth embodiment also includes an update determination unit 330 and a plaintext update unit 332. The tree structure input unit 320 is substantially the same as the tree structure input unit 320 in the memory update device 32 of the fourth embodiment, so its description is omitted. The memory address input unit 321 is substantially the same as the memory address input unit 321 in the memory update device 32 of the fourth embodiment, so its description is omitted. The update location input unit 322 is substantially the same as the update location input unit 322 in the memory update device 32 of the fourth embodiment, so its description is omitted. The update determination unit 330 is substantially the same as the update determination unit 330 in the memory update device 32 of the fourth embodiment, so its description will be omitted.

[0358] The memory verification unit 323c uses the tree structure Tree, the memory address set Add, the memory update information UpdateNode, and the secret keys K_1 and K_2 to verify whether the memory specified by UpdateNode has not been tampered with. In other words, the memory verification unit 323c verifies whether the node corresponding to the path related to the leaf node specified by UpdateNode has not been tampered with. The verification process performed by the memory verification unit 323c is substantially the same as that of the tag verification unit 223c in the memory verification device 22c of the sixth embodiment, but the output results are different. The tag verification unit 223c in the memory verification device 22c of the sixth embodiment outputs verification result B, but the memory verification unit 323c outputs the path Path from the node to the root node along with verification result B. The memory verification unit 323c outputs verification result B to the plaintext update unit 332, the counter update unit 324, the tag update unit 325c, and the update result output unit 326. Furthermore, the memory verification unit 323c outputs the path to the counter update unit 324 and the tag update unit 325c.

[0359] Furthermore, the other functions of the memory verification unit 323c are substantially the same as those of the memory verification unit 323 in the fourth embodiment, so their explanation will be omitted. In other words, the memory verification unit 323c, like the memory verification unit 323, may not verify the leaf node's tag depending on the determination result of the update determination unit 330.

[0360] The plaintext update unit 332 is substantially the same as the plaintext update unit 332 in the memory update device 32 of the fourth embodiment, so its description is omitted. Similarly, the counter update unit 324 is substantially the same as the counter update unit 324 in the memory update device 32 of the fourth embodiment, so its description is omitted.

[0361] The tag update unit 325c updates the tag of the node specified by Path using the updated tree structure 'NewTree', the memory address set 'Add', the memory update information 'UpdateNode', the verification result B and path 'Path', and the secret keys K_1 and K_2. If B=ACK, the tag update unit 325c performs the calculation of equation 107 below for 0<=i<=d-1. (Formula 107) (C[p_d],Tag(d,p_d))←AE.Enc_{K_1}(add(d,p_d)||ctr(d,p_d),UpdateInfo) Tag(i,p_i)←MAC_{K_2}(add(i,p_i)||ctr(i,p_i),ctr(i+1,2p_i-1)||ctr(i+1,2p_i))

[0362] Note that AE.Enc_{K_1}(·,·), MAC_{K_2}(·), and IncMAC_{K_2} are substantially the same as the methods used in the tag generation unit 122c of the memory structure initialization device 12c and the tag verification unit 223c of the memory verification device 22c in the sixth embodiment. The tag update unit 325c then outputs the updated tree structure NewTree. On the other hand, if B=NCK, the tag update unit 325c does not perform any processing and outputs nothing.

[0363] The update result output unit 326 is substantially the same as the update result output unit 326 in the memory update device 32 of the fourth embodiment, so its description will be omitted.

[0364] [Explanation of effects] The effect of the sixth embodiment is that, in addition to the effect of the fourth embodiment, memory confidentiality is possible. In the fourth embodiment, MAC was used to detect tampering with plaintext messages. In contrast, in the sixth embodiment, by applying AE processing to plaintext messages, confidentiality of plaintext messages becomes possible in addition to tampering detection. Furthermore, generally, the computational complexity of AE is greater than that of MAC. Therefore, by making it possible to eliminate the need for integrity verification of leaf nodes during update processing, as in this embodiment, the computational complexity of AE can be reduced, thereby further reducing the computational complexity required for verification. Consequently, it becomes possible to perform node verification processing more efficiently when updating the contents of memory.

[0365] Furthermore, the AE used can be a rate 1 method like OCB, that is, a method that can achieve plaintext encryption and authentication tag generation at the cost of encryption only, and can be adopted such that the data size of the plaintext and ciphertext are the same. In this case, compared to the fourth embodiment, the total data size of the tree structure and the computational cost required for each device remain almost unchanged. In other words, the sixth embodiment can perform both tamper detection and concealment with the same data size and computational cost as the fourth embodiment. Also, although the tree structure of the sixth embodiment assumed a binary tree, it is of course possible to use a tree structure with an increased number of branches, as in the fifth embodiment.

[0366] (Seventh Embodiment) Next, a seventh embodiment will be described. Figure 25 shows the configuration of the memory update device 500 according to the seventh embodiment. The memory update device 500 according to the seventh embodiment corresponds to the memory update device 30 and memory update device 32 described above. The memory update device 500 has an input unit 502, an update determination unit 504, a memory verification unit 506, a plaintext update unit 508, and a tag update unit 510. The input unit 502 functions as an input means. The update determination unit 504 functions as an update determination means. The memory verification unit 506 functions as a memory verification means. The plaintext update unit 508 functions as a plaintext update means. The tag update unit 510 functions as a tag update means.

[0367] The input unit 502 can be implemented with substantially the same functionality as the tree structure input unit 300, tree structure input unit 320, update location input unit 302, and update location input unit 322 described above. The update determination unit 504 can be implemented with substantially the same functionality as the update determination unit 310 and update determination unit 330 described above. The memory verification unit 506 can be implemented with substantially the same functionality as the memory verification unit 303 and memory verification unit 323 described above. The plaintext update unit 508 can be implemented with substantially the same functionality as the plaintext update unit 312 and plaintext update unit 332 described above. The tag update unit 510 can be implemented with substantially the same functionality as the tag update unit 305 and tag update unit 325 described above.

[0368] The input unit 502 receives a tree structure configured to protect memory and update information, which is information about the node to be updated in the tree structure. The update determination unit 504 uses the update information to determine whether the update content of the leaf node containing the plaintext to be updated depends on the plaintext before the update.

[0369] The memory verification unit 506 generates a path from the leaf node to the root node in the tree structure. The memory verification unit 506 also generates a tag used for verification by inputting a nonce unique to each node into the message authentication code at each node in the path, and verifies the tag stored in each node. The memory verification unit 506 then verifies whether each node has been tampered with and outputs the verification result.

[0370] The plaintext update unit 508 updates the plaintext to be updated at the leaf node based on the update information if the verification result indicates that no tampering has been detected. The tag update unit 510 generates the updated tag by inputting a nonce unique to at least each node into the message authentication code if the verification result indicates that no tampering has been detected. Here, the memory verification unit 506 verifies the tags of nodes other than the leaf node in the path if the update content of the leaf node does not depend on the plaintext before the update.

[0371] Here, as described above, the update determination unit 504 may determine that the update content of a leaf node does not depend on the plaintext before the update if the update content of the leaf node replaces the plaintext to be updated with a fixed value independent of the plaintext. In this case, the plaintext update unit 508 may update the plaintext by replacing the plaintext to be updated in the leaf node with a fixed value. The update determination unit 504 may also determine that the update content of a leaf node does not depend on the plaintext before the update if the update information includes a fixed value independent of the plaintext to be updated. The fixed value may also be specified by the user.

[0372] Furthermore, if the memory update device 500 according to the seventh embodiment described above corresponds to the memory update device 30 according to the first or second embodiment, the memory update device 500 may be configured as follows. The memory verification unit 506 may generate a tag used for verification by inputting a nonce and plaintext unique to each node, or a nonce and a concatenation of the nonces at multiple child nodes of each node, into the message authentication code at each node in the above path. The memory update device 500 may also have a component corresponding to the nonce update unit 304 (nonce update unit; nonce update means). In this case, the nonce update unit may update the nonce value at each node in the path when the verification result indicates that no tampering has been detected. In this case, the tag update unit 510 may generate an updated tag by inputting the updated nonce and updated plaintext at each node, or a concatenation of the updated nonce and the updated nonces at multiple child nodes of each node, into the message authentication code.

[0373] Furthermore, if the memory update device 500 according to the seventh embodiment described above corresponds to the memory update device 30 according to the third embodiment, the memory update device 500 may be configured as follows. The memory verification unit 506 may generate a path in the tree structure from the leaf node containing the ciphertext to be updated to the root node. The memory verification unit 506 may also generate a tag used for verification by inputting the nonce and the concatenation of the nonces in multiple child nodes of each node into the message authentication code at each node in the path. The memory verification unit 506 may also verify whether the ciphertext has not been tampered with by inputting the nonce, the ciphertext and the tag used for verification into the authentication cipher and verifying whether the plaintext has not been tampered with, and output the verification result. The tag update unit 510 may also generate an updated ciphertext and an updated tag by inputting the updated nonce and the concatenation of the updated nonces in multiple child nodes of each node into the message authentication code and inputting the updated nonce and the updated plaintext into the authentication cipher.

[0374] Furthermore, if the memory update device 500 according to the seventh embodiment described above corresponds to the memory update device 32 according to the fourth or fifth embodiment, the memory update device 500 may be configured as follows. The input unit 502 may be input to a memory address assigned to a tree structure. The memory verification unit 506 may use as a nonce the concatenation of the memory address unique to each node and the local counter stored in each node at each node in the path. The memory verification unit 506 may then generate a tag used for verification by inputting the nonce and plaintext, or the concatenation of the nonce and the local counters in multiple child nodes of each node, into the message authentication code. The memory update device 500 may also further have a component corresponding to the counter update unit 324 (counter update unit; counter update means). In this case, the counter update unit may update the value of the local counter at each node in the path when the verification result indicates that no tampering has been detected. In this case, the tag update unit 510 may use as a nonce the concatenation of the memory address unique to each node and the updated local counter at each node. The tag update unit 510 may generate the updated tag by inputting the nonce and the updated plaintext, or the nonce and the concatenation of the updated local counters in multiple child nodes of each node, into the message authentication code.

[0375] Furthermore, if the memory update device 500 according to the seventh embodiment described above corresponds to the memory update device 32 according to the sixth embodiment, the memory update device 500 may be configured as follows. The memory verification unit 506 may generate a path in the tree structure from the leaf node containing the ciphertext to be updated to the root node. The memory verification unit 506 may also use a nonce at each node in the path, which is a concatenation of a memory address unique to each node and a local counter stored at each node. The memory verification unit 506 may also generate a tag used for verification by inputting the nonce and the concatenation of local counters at multiple child nodes of each node into a message authentication code. Furthermore, the memory verification unit 506 may input the nonce, the ciphertext, and the tag used for verification into an authentication cipher to verify whether the plaintext has been tampered with, thereby verifying whether the ciphertext has been tampered with, and output the verification result. The tag update unit 510 may also use a nonce, which is a concatenation of a memory address unique to each node and the local counter after the update at each node. Alternatively, the tag update unit 510 may input the nonce and the concatenation of the updated local counters in multiple child nodes of each node into the message authentication code, and input the nonce and the updated plaintext into the authentication cipher to generate the updated ciphertext and the updated tag.

[0376] Figure 26 is a flowchart illustrating a memory update method performed by a memory update device 500 according to the seventh embodiment. The input unit 502 receives a tree structure and update information as input (step S503). The update determination unit 504 uses the update information to determine whether the update content of the leaf node containing the plaintext to be updated depends on the plaintext before the update (step S504). If the determination result in S504 is NO, that is, if the update content of the leaf node containing the plaintext to be updated does not depend on the plaintext before the update, the process proceeds to S506. On the other hand, if the determination result in S504 is YES, that is, if the update content of the leaf node containing the plaintext to be updated depends on the plaintext before the update, the process proceeds to S508.

[0377] If the update content of a leaf node does not depend on the plaintext before the update (NO in S504), the memory verification unit 506 verifies the tags of nodes other than the leaf node in the path from the leaf node to the root node (step S506). Specifically, the memory verification unit 506 generates a path from the leaf node to the root node in the tree structure. The memory verification unit 506 also generates tags used for verification by inputting a nonce unique to each node into the message authentication code at least at each node in the path, and verifies the tags stored in each node other than the leaf node. The memory verification unit 506 then outputs the verification result. If the verification result indicates that no tampering has been detected, the processes in S510 and S512 are executed.

[0378] On the other hand, if the update content of a leaf node depends on the plaintext before the update (YES in S504), the memory verification unit 506 verifies the tags of all nodes in the path from the leaf node to the root node (step S508). Specifically, the memory verification unit 506 generates a path from the leaf node to the root node in the tree structure. The memory verification unit 506 also generates tags used for verification by inputting a nonce unique to each node into the message authentication code at least at each node in the path, and verifies the tags stored in all nodes, including the leaf node. The memory verification unit 506 then outputs the verification result. If the verification result indicates that no tampering has been detected, the processes in S510 and S512 are executed.

[0379] The plaintext update unit 508 updates the plaintext to be updated at the leaf node based on the update information if the verification result indicates that no tampering has been detected (step S510). The tag update unit 510 generates the updated tag by inputting a nonce unique to at least each node into the message authentication code if the verification result indicates that no tampering has been detected (step S512).

[0380] The memory update device 500 according to the seventh embodiment, like the embodiments described above, can reduce the computational amount required for verification compared to the technologies described in Patent Documents 2 and 3. Therefore, it is possible to efficiently perform node verification processing when updating the contents of memory. In cases where processing parallelization is not possible, as described in Patent Document 4, it may be possible to omit verification of tags related to leaf nodes when verifying tags at nodes. However, the tree structure is completely different between cases where processing parallelization is not possible, as in Patent Document 4, and cases where processing parallelization is possible, as in this embodiment. Therefore, even if it is possible to omit verification of tags related to leaf nodes, simply making it unnecessary to verify tags related to leaf nodes in a tree structure that enables processing parallelization using the technology of Patent Document 4 may compromise safety. Therefore, simply combining the technology of Patent Document 4 with the technology of Patent Document 2 or Patent Document 3 to make it possible to omit verification of tags related to leaf nodes is not easy from a safety standpoint.

[0381] (Example hardware configuration) The following describes an example of hardware resource configurations for implementing the devices and systems according to each of the above embodiments using a single computing device (information processing device, computer). However, each device according to the embodiment (memory structure initialization device, memory verification device, and memory update device) may be implemented using at least two computing devices, either physically or functionally. Furthermore, each device according to the embodiment may be implemented as a dedicated device or as a general-purpose information processing device.

[0382] Figure 27 is a schematic block diagram showing an example of the hardware configuration of a computing device that can realize the device and system according to each embodiment. The computing device 1000 is a computer. The computing device 1000 has a CPU 1001, a volatile storage device 1002, a disk 1003, a non-volatile recording medium 1004, and a communication IF 1007 (IF: Interface). Therefore, it can be said that the device according to each embodiment has a CPU 1001, a volatile storage device 1002, a disk 1003, a non-volatile recording medium 1004, and a communication IF 1007. The computing device 1000 may be connectable to an input device 1005 and an output device 1006. The computing device 1000 may also be equipped with an input device 1005 and an output device 1006. Furthermore, the computing device 1000 can send and receive information with other computing devices and communication devices via the communication IF 1007.

[0383] The non-volatile recording medium 1004 is a computer-readable medium, such as a Compact Disc or a Digital Versatile Disc. Alternatively, the non-volatile recording medium 1004 may be a USB (Universal Serial Bus) memory, a Solid State Drive, or the like. The non-volatile recording medium 1004 can hold the program without power supply, making it portable. Note that the non-volatile recording medium 1004 is not limited to the media described above. Furthermore, instead of the non-volatile recording medium 1004, the program may be supplied via the communication interface 1007 and a communication network.

[0384] The volatile memory device 1002 is computer-readable and can temporarily store data. The volatile memory device 1002 is a type of memory such as DRAM (dynamic random access memory) or SRAM (static random access memory).

[0385] In other words, when the CPU 1001 executes a software program (computer program; hereinafter simply referred to as "program") stored on disk 1003, it copies it to the volatile storage device 1002 and performs arithmetic processing. The CPU 1001 reads the data necessary for program execution from the volatile storage device 1002. If display is required, the CPU 1001 displays the output result on the output device 1006. When a program is input from an external source, the CPU 1001 obtains the program from the input device 1005. The CPU 1001 interprets and executes the program corresponding to the function (processing) of each component shown in Figures 2 to 4, 14 to 16, and 25 described above. The CPU 1001 executes the processing described in each embodiment described above. In other words, the functions of each component shown in Figures 2 to 4, 14 to 16, and 25 described above can be realized by the CPU 1001 executing a program stored on disk 1003 or the volatile storage device 1002.

[0386] In other words, each embodiment can be considered to be achievable by the program described above. Furthermore, each embodiment can also be considered to be achievable by a computer-readable non-volatile recording medium on which the program described above is recorded.

[0387] (modified version) It should be noted that the present invention is not limited to the embodiments described above, and can be modified as appropriate without departing from the spirit of the invention. For example, in the flowchart described above, the order of each process (step) can be changed as appropriate. Also, one or more of the multiple processes (steps) may be omitted.

[0388] Furthermore, while the embodiments described above improve upon the technologies described in Patent Documents 2 and 3 as techniques that enable parallel processing of each node in the memory content update process, this disclosure is not limited to such configurations. The technologies described in this disclosure are also applicable to technologies other than those described in Patent Documents 2 and 3 that enable parallel processing of nodes.

[0389] In the examples described above, the program includes a set of instructions (or software code) that, when loaded into a computer, cause the computer to perform one or more of the functions described in the embodiments. The program may be stored on a non-temporary computer-readable medium or a physical storage medium. Examples, but not limited to, include random-access memory (RAM), read-only memory (ROM), flash memory, solid-state drive (SSD) or other memory technologies, CD-ROM, digital versatile disk (DVD), Blu-ray® disc or other optical disc storage, magnetic cassette, magnetic tape, magnetic disk storage or other magnetic storage devices. The program may be transmitted over a temporary computer-readable medium or a communication medium. Examples, but not limited to, include temporary computer-readable medium or a communication medium that includes electrically, optically, acoustically or otherwise propagating signals.

[0390] Although the present invention has been described above with reference to embodiments, the present invention is not limited thereto. Various modifications to the structure and details of the present invention can be made that are understandable to those skilled in the art within the scope of the invention.

[0391] Some or all of the above embodiments may also be described as follows, but are not limited to the following: (Note 1) An input means for inputting a tree structure configured to protect memory and update information which is information about the nodes to be updated in the tree structure, An update determination means that uses the update information to determine whether the update content of the leaf node containing the plaintext to be updated depends on the plaintext before the update, A memory verification means that generates a path from the leaf node to the root node in the aforementioned tree structure, generates a tag used for verification by inputting a nonce unique to at least each node into the message authentication code at each node in the path, verifies the tag stored at each node to verify whether each node has been tampered with, and outputs the verification result, If the verification result indicates that no tampering has been detected, a plaintext update means updates the plaintext to be updated at the leaf node based on the update information, If the verification results indicate that no tampering has been detected, a tag update means generates an updated tag by inputting a unique nonce into the message authentication code at least at each node, It has, The memory verification means verifies the tags of nodes other than the leaf node in the path if the updated content of the leaf node does not depend on the plaintext before the update. Memory update device. (Note 2) The memory verification means verifies the tags of all nodes in the path, including the leaf node, if the updated content of the leaf node depends on the plaintext before the update. The memory update device described in Appendix 1. (Note 3) The update determination means determines that the update content of the leaf node does not depend on the plaintext before the update if the update content of the leaf node replaces the plaintext to be updated with a fixed value independent of the plaintext. The plaintext update means updates the plaintext by replacing the plaintext to be updated in the leaf node with the fixed value. The memory update device described in Appendix 1. (Note 4) The update determination means determines, when the update information includes the fixed value, that the update content of the leaf node does not depend on the plaintext before the update. The memory update device described in Appendix 3. (Note 5) The update determination means determines that the update content of the leaf node does not depend on the plaintext before the update if the update information includes a fixed value independent of the plaintext to be updated. The plaintext update means updates the plaintext by replacing the plaintext to be updated in the leaf node with the fixed value. The memory update device described in Appendix 1. (Note 6) The fixed value in the update information is specified by the user. A memory update device as described in Appendix 4 or 5. (Note 7) The memory verification means generates a tag used for verification by inputting a nonce unique to each node in the path and the plaintext, or a concatenation of the nonce and the nonces of multiple child nodes of each node, into the message authentication code. The system further includes a nonce update means that updates the nonce value at each node in the path if the verification result indicates that no tampering has been detected. The tag update means generates an updated tag by inputting the updated nonce and updated plaintext at each node, or the updated nonce and the concatenation of the updated nonce at multiple child nodes of each node, into the message authentication code when the verification result indicates that no tampering has been detected. The memory update device described in Appendix 1. (Note 8) The memory verification means generates a path in the tree structure from the leaf node containing the ciphertext to be updated to the root node, generates a tag used for verification by inputting the nonce and the concatenation of the nonces in multiple child nodes of each node into the message authentication code at each node in the path, inputs the nonce, the ciphertext, and the tag used for verification into the authentication cipher to verify whether the plaintext has been tampered with, verifies whether the ciphertext has been tampered with, and outputs the verification result. The tag update means, when the verification result indicates that no tampering has been detected, inputs the updated nonce and the concatenation of the updated nonces in multiple child nodes of each node into the message authentication code, and inputs the updated nonce and the updated plaintext into the authentication cipher to generate the updated ciphertext and the updated tag. The memory update device described in Appendix 7. (Note 9) The input means inputs the memory address assigned to the tree structure, The memory verification means generates a tag used for verification by inputting the nonce and the plaintext, or the nonce and the local counters in multiple child nodes of each node, into the message authentication code. The system further includes a counter update means that updates the value of the local counter at each node in the path if the verification result indicates that no tampering has been detected. The tag update means, when the verification result indicates that no tampering has been detected, uses the concatenation of the unique memory address of each node and the updated local counter of each node as a nonce, and generates the updated tag by inputting the nonce and the updated plaintext, or the nonce and the concatenation of the updated local counters of multiple child nodes of each node, into the message authentication code. The memory update device described in Appendix 1. (Note 10) The memory verification means generates a path in the tree structure from the leaf node containing the ciphertext to be updated to the root node, uses a nonce formed by concatenating the memory address unique to each node with a local counter stored in each node, generates a tag used for verification by inputting the nonce and the concatenation of the local counters in multiple child nodes of each node into the message authentication code, inputs the nonce, the ciphertext, and the tag used for verification into the authentication cipher to verify whether the plaintext has been tampered with, verifies whether the ciphertext has been tampered with, and outputs the verification result. The tag update means, when the verification result indicates that no tampering has been detected, uses the concatenation of the unique memory address of each node and the updated local counter of each node as a nonce, inputs the concatenation of the nonce and the updated local counters of multiple child nodes of each node into the message authentication code, and inputs the nonce and the updated plaintext into the authentication cipher to generate the updated ciphertext and the updated tag. The memory update device described in Appendix 9. (Note 11) A memory structure initializer that takes plaintext to be tampered with as input and outputs a tree structure that is configured to protect memory, at least in its initial state, and A memory verification device that takes the storage location and tree structure of plaintext to be checked for tampering as input and verifies whether the memory corresponding to the storage location has been tampered with, A memory update device that takes the storage location of the plaintext to be updated, the content of the update, and the tree structure as input, and outputs the updated tree structure or an error message indicating that tampering has been detected, It has, The memory update device is An input means for inputting the aforementioned tree structure and update information which is information about the nodes to be updated in the tree structure, An update determination means that uses the update information to determine whether the update content of the leaf node containing the plaintext to be updated depends on the plaintext before the update, A memory verification means that generates a path from the leaf node to the root node in the aforementioned tree structure, generates a tag used for verification by inputting a nonce unique to at least each node into the message authentication code at each node in the path, verifies the tag stored at each node to verify whether each node has been tampered with, and outputs the verification result, If the verification result indicates that no tampering has been detected, a plaintext update means updates the plaintext to be updated at the leaf node based on the update information, If the verification results indicate that no tampering has been detected, a tag update means generates an updated tag by inputting a unique nonce into the message authentication code at least at each node, It has, The memory verification means verifies the tags of nodes other than the leaf node in the path if the updated content of the leaf node does not depend on the plaintext before the update. Information processing system. (Note 12) The input consists of a tree structure configured to protect memory and update information, which is information about the nodes being updated in the tree structure. Using the aforementioned update information, determine whether the update content of the leaf node containing the plaintext to be updated depends on the plaintext before the update. If the update content of the leaf node does not depend on the plaintext before the update, in the tree structure, a path is generated from the leaf node to the root node, and at each node in the path, a tag used for verification is generated by inputting a nonce unique to each node into the message authentication code, and the tags stored in nodes other than the leaf node are verified to verify whether each node has been tampered with, and the verification result is output. If the verification result indicates that no tampering has been detected, the plaintext to be updated at the leaf node is updated based on the update information. If the verification results indicate that no tampering has been detected, the updated tag is generated by entering a unique nonce into the message authentication code at least at each node. How to update memory. (Note 13) If the update content of the leaf node depends on the plaintext before the update, each node in the path generates a tag used for verification by inputting a nonce unique to each node into the message authentication code, and verifies whether each node has been tampered with by verifying the tags stored in all nodes, including the leaf node, in the path. The memory update method described in Appendix 12. (Note 14) If the update content of the leaf node replaces the plaintext to be updated with a fixed value independent of the plaintext, it is determined that the update content of the leaf node does not depend on the plaintext before the update. The plaintext to be updated in the leaf node is updated by replacing it with the fixed value. The memory update method described in Appendix 12. (Note 15) If the update information includes the fixed value, it is determined that the update content of the leaf node does not depend on the plaintext before the update. The memory update method is described in Appendix 14. (Note 16) If the update information includes a fixed value independent of the plaintext to be updated, it is determined that the update content of the leaf node does not depend on the plaintext before the update. The plaintext to be updated in the leaf node is updated by replacing it with the fixed value. The memory update method described in Appendix 12. (Note 17) The fixed value in the update information is specified by the user. The memory update method described in Appendix 15 or 16. (Note 18) At each node in the aforementioned path, a tag used for verification is generated by inputting a nonce unique to each node and the plaintext, or a concatenation of the nonce and the nonces of multiple child nodes of each node, into the message authentication code. If the verification results indicate that no tampering has been detected, update the nonce value at each node in the path. If the verification result indicates that no tampering has been detected, the updated tag is generated by inputting the updated nonce and updated plaintext from each node, or the updated nonce and the concatenation of the updated nonce from multiple child nodes of each node, into the message authentication code. The memory update method described in Appendix 12. (Note 19) In the aforementioned tree structure, a path is generated from the leaf node containing the ciphertext to be updated to the root node; at each node in the path, a tag used for verification is generated by inputting the nonce and the concatenation of the nonces in multiple child nodes of each node into the message authentication code; the nonce, the ciphertext, and the tag used for verification are input into the authentication cipher to verify whether the plaintext has been tampered with, thereby verifying whether the ciphertext has been tampered with, and the verification result is output. If the verification result indicates that no tampering has been detected, the updated nonce and the concatenation of the updated nonces in the multiple child nodes of each node are input into the message authentication code, and the updated nonce and updated plaintext are input into the authentication cipher to generate the updated ciphertext and updated tag. The memory update method is described in Appendix 18. (Note 20) Input the memory address assigned to the aforementioned tree structure, In each node along the aforementioned path, a nonce is formed by concatenating the memory address unique to each node with the local counter stored in each node, and a tag used for verification is generated by inputting the nonce and the plaintext, or the nonce and the concatenation of the local counters in multiple child nodes of each node, into the message authentication code. If the verification result indicates that no tampering has been detected, the value of the local counter at each node in the path is updated. If the verification result indicates that no tampering has been detected, the nonce is formed by concatenating the unique memory address of each node with the updated local counter of each node, and the updated tag is generated by inputting the nonce and the updated plaintext, or the nonce and the concatenation of the updated local counters of multiple child nodes of each node, into the message authentication code. The memory update method described in Appendix 12. (Note 21) In the tree structure, a path is generated from the leaf node containing the ciphertext to be updated to the root node; at each node in the path, a nonce is formed by concatenating the memory address unique to each node with the local counter stored in each node; a tag used for verification is generated by inputting the nonce and the concatenation of the local counters in multiple child nodes of each node into the message authentication code; the nonce, the ciphertext, and the tag used for verification are input into the authentication cipher to verify whether the plaintext has been tampered with, thereby verifying whether the ciphertext has been tampered with, and the verification result is output. If the verification result indicates that no tampering has been detected, the nonce is formed by concatenating the unique memory address of each node with the updated local counter of each node, the nonce and the concatenation of the updated local counters of the multiple child nodes of each node are input into the message authentication code, and the nonce and the updated plaintext are input into the authentication cipher to generate the updated ciphertext and updated tag. The memory update method is described in Appendix 20. (Note 22) The steps include inputting a tree structure configured to protect memory and update information, which is information about the nodes being updated in the tree structure, Using the aforementioned update information, the step of determining whether the update content of the leaf node containing the plaintext to be updated depends on the plaintext before the update, If the update content of the leaf node does not depend on the plaintext before the update, the process involves generating a path from the leaf node to the root node in the tree structure, generating a tag used for verification by inputting a unique nonce into the message authentication code at least at each node in the path, verifying whether each node has been tampered with by verifying the tags stored in nodes other than the leaf node, and outputting the verification result. If the verification result indicates that no tampering has been detected, the step of updating the plaintext to be updated at the leaf node based on the update information, If the verification results indicate that no tampering has been detected, the process involves generating an updated tag by inputting a unique nonce into the message authentication code at least at each node, A non-temporary, computer-readable medium containing a program that causes a computer to execute a program. [Explanation of symbols]

[0392] 1. Memory protection system 10. Memory structure initializer 100 Plain text input section 101 Nonce allocation section 102 Tag generation unit 103 Leaf node generation section 104 Intermediate Node Generation Unit 105 Root node generation unit 106 Tree Structure Output Section 12 Memory structure initializer 120 Plain text input section 121 Memory Address Allocation Section 122 Tag generation section 123 Leaf node generation section 124 Intermediate Node Generation Unit 125 Root node generation unit 126 Tree Structure Output Section 127 Memory Address Output Section 20 Memory Verification Device 200 Tree structure input section 202 Verification Point Input Section 203 Tag Verification Department 204 Verification Result Output Section 22 Memory Verification Device 220 Tree structure input section 221 Memory Address Input Section 222 Verification point input section 223 Tag Verification Department 224 Verification Result Output Section 30 Memory update device 300 Tree structure input section 302 Input section for updated location 303 Memory Verification Unit 304 Nance Update Department 305 Tag Update Section 306 Update Result Output Section 310 Update determination section 312 Plain text update section 32 Memory update device 320 Tree structure input section 321 Memory Address Input Section 322 Input section for updated location 323 Memory Verification Unit 324 Counter update section 325 Tag Update Section 326 Update Result Output Section 330 Update determination section 332 Plain text update section 500 Memory Update Device 502 Input section 504 Update determination section 506 Memory Verification Unit 508 Plain Text Update Section 510 Tag Update Section

Claims

1. An input means for inputting a tree structure configured to protect memory and update information which is information about the nodes to be updated in the tree structure, An update determination means that uses the update information to determine whether the update content of the leaf node containing the plaintext to be updated depends on the plaintext before the update, A memory verification means that generates a path from the leaf node to the root node in the aforementioned tree structure, generates a tag used for verification by inputting a nonce unique to at least each node into the message authentication code at each node in the path, verifies the tag stored at each node to verify whether each node has been tampered with, and outputs the verification result, If the verification result indicates that no tampering has been detected, a plaintext update means updates the plaintext to be updated at the leaf node based on the update information, If the verification results indicate that no tampering has been detected, a tag update means generates an updated tag by inputting a unique nonce into the message authentication code at least at each node, It has, The memory verification means verifies the tags of nodes other than the leaf node in the path if the updated content of the leaf node does not depend on the plaintext before the update. Memory update device.

2. The memory verification means verifies the tags of all nodes in the path, including the leaf node, if the updated content of the leaf node depends on the plaintext before the update. The memory update device according to claim 1.

3. The update determination means determines that the update content of the leaf node does not depend on the plaintext before the update if the update content of the leaf node replaces the plaintext to be updated with a fixed value independent of the plaintext. The plaintext update means updates the plaintext by replacing the plaintext to be updated in the leaf node with the fixed value. The memory update device according to claim 1.

4. The update determination means determines, when the update information includes the fixed value, that the update content of the leaf node does not depend on the plaintext before the update. The memory update device according to claim 3.

5. The update determination means determines that the update content of the leaf node does not depend on the plaintext before the update if the update information includes a fixed value independent of the plaintext to be updated. The plaintext update means updates the plaintext by replacing the plaintext to be updated in the leaf node with the fixed value. The memory update device according to claim 1.

6. The fixed value in the update information is specified by the user. The memory update device according to claim 4 or 5.

7. The memory verification means generates a tag used for verification by inputting a nonce unique to each node in the path and the plaintext, or a concatenation of the nonce and the nonces of multiple child nodes of each node, into the message authentication code. The system further includes a nonce update means that updates the nonce value at each node in the path if the verification result indicates that no tampering has been detected. The tag update means generates an updated tag by inputting the updated nonce and updated plaintext at each node, or the updated nonce and the concatenation of the updated nonce at multiple child nodes of each node, into the message authentication code when the verification result indicates that no tampering has been detected. The memory update device according to claim 1.

8. The memory verification means generates a path in the tree structure from the leaf node containing the ciphertext to be updated to the root node, generates a tag used for verification by inputting the nonce and the concatenation of the nonces in multiple child nodes of each node into the message authentication code at each node in the path, inputs the nonce, the ciphertext, and the tag used for verification into the authentication cipher to verify whether the plaintext has been tampered with, verifies whether the ciphertext has been tampered with, and outputs the verification result. The tag update means, when the verification result indicates that no tampering has been detected, inputs the updated nonce and the concatenation of the updated nonces in multiple child nodes of each node into the message authentication code, and inputs the updated nonce and the updated plaintext into the authentication cipher to generate the updated ciphertext and the updated tag. The memory update device according to claim 7.

9. The input means inputs the memory address assigned to the tree structure, The memory verification means generates a tag used for verification by inputting the nonce and the plaintext, or the nonce and the local counters in multiple child nodes of each node, into the message authentication code. The system further includes a counter update means that updates the value of the local counter at each node in the path if the verification result indicates that no tampering has been detected. The tag update means, when the verification result indicates that no tampering has been detected, uses the concatenation of the unique memory address of each node and the updated local counter of each node as a nonce, and generates the updated tag by inputting the nonce and the updated plaintext, or the nonce and the concatenation of the updated local counters of multiple child nodes of each node, into the message authentication code. The memory update device according to claim 1.

10. The memory verification means generates a path in the tree structure from the leaf node containing the ciphertext to be updated to the root node, uses a nonce formed by concatenating the memory address unique to each node with a local counter stored in each node, generates a tag used for verification by inputting the nonce and the concatenation of the local counters in multiple child nodes of each node into the message authentication code, inputs the nonce, the ciphertext, and the tag used for verification into the authentication cipher to verify whether the plaintext has been tampered with, verifies whether the ciphertext has been tampered with, and outputs the verification result. The tag update means, when the verification result indicates that no tampering has been detected, uses the concatenation of the unique memory address of each node and the updated local counter of each node as a nonce, inputs the concatenation of the nonce and the updated local counters of multiple child nodes of each node into the message authentication code, and inputs the nonce and the updated plaintext into the authentication cipher to generate the updated ciphertext and the updated tag. The memory update device according to claim 9.

11. A memory structure initializer that takes plaintext to be tampered with as input and outputs a tree structure that is configured to protect memory, at least in its initial state, and A memory verification device that takes the storage location and tree structure of plaintext to be checked for tampering as input and verifies whether the memory corresponding to the storage location has been tampered with, A memory update device that takes the storage location of the plaintext to be updated, the content of the update, and the tree structure as input, and outputs the updated tree structure or an error message indicating that tampering has been detected, It has, The memory update device is An input means for inputting the aforementioned tree structure and update information which is information about the nodes to be updated in the tree structure, An update determination means that uses the update information to determine whether the update content of the leaf node containing the plaintext to be updated depends on the plaintext before the update, A memory verification means that generates a path from the leaf node to the root node in the aforementioned tree structure, generates a tag used for verification by inputting a nonce unique to at least each node into the message authentication code at each node in the path, verifies the tag stored at each node to verify whether each node has been tampered with, and outputs the verification result, If the verification result indicates that no tampering has been detected, a plaintext update means updates the plaintext to be updated at the leaf node based on the update information, If the verification results indicate that no tampering has been detected, a tag update means generates an updated tag by inputting a unique nonce into the message authentication code at least at each node, It has, The memory verification means verifies the tags of nodes other than the leaf node in the path if the updated content of the leaf node does not depend on the plaintext before the update. Information processing system.

12. The input consists of a tree structure configured to protect memory and update information, which is information about the nodes being updated in the tree structure. Using the aforementioned update information, determine whether the update content of the leaf node containing the plaintext to be updated depends on the plaintext before the update. If the update content of the leaf node does not depend on the plaintext before the update, in the tree structure, a path is generated from the leaf node to the root node, and at each node in the path, a tag used for verification is generated by inputting a nonce unique to each node into the message authentication code, and the tags stored in nodes other than the leaf node are verified to verify whether each node has been tampered with, and the verification result is output. If the verification result indicates that no tampering has been detected, the plaintext to be updated at the leaf node is updated based on the update information. If the verification results indicate that no tampering has been detected, the updated tag is generated by entering a unique nonce into the message authentication code at least at each node. A method of updating memory performed by a computer.

13. If the update content of the leaf node depends on the plaintext before the update, each node in the path generates a tag used for verification by inputting a nonce unique to each node into the message authentication code, and verifies whether each node has been tampered with by verifying the tags stored in all nodes, including the leaf node, in the path. The memory update method according to claim 12.

14. If the update content of the leaf node replaces the plaintext to be updated with a fixed value independent of the plaintext, it is determined that the update content of the leaf node does not depend on the plaintext before the update. The plaintext to be updated in the leaf node is updated by replacing it with the fixed value. The memory update method according to claim 12.

15. If the update information includes the fixed value, it is determined that the update content of the leaf node does not depend on the plaintext before the update. The memory update method according to claim 14.

16. If the update information includes a fixed value independent of the plaintext to be updated, it is determined that the update content of the leaf node does not depend on the plaintext before the update. The plaintext to be updated in the leaf node is updated by replacing it with the fixed value. The memory update method according to claim 12.

17. The fixed value in the update information is specified by the user. The memory update method according to claim 15 or 16.

18. At each node in the aforementioned path, a tag used for verification is generated by inputting a nonce unique to each node and the plaintext, or a concatenation of the nonce and the nonces of multiple child nodes of each node, into the message authentication code. If the verification results indicate that no tampering has been detected, update the nonce value at each node in the path. If the verification result indicates that no tampering has been detected, the updated tag is generated by inputting the updated nonce and updated plaintext from each node, or the updated nonce and the concatenation of the updated nonce from multiple child nodes of each node, into the message authentication code. The memory update method according to claim 12.

19. In the aforementioned tree structure, a path is generated from the leaf node containing the ciphertext to be updated to the root node; at each node in the path, a tag used for verification is generated by inputting the nonce and the concatenation of the nonces in multiple child nodes of each node into the message authentication code; the nonce, the ciphertext, and the tag used for verification are input into the authentication cipher to verify whether the plaintext has been tampered with, thereby verifying whether the ciphertext has been tampered with, and the verification result is output. If the verification result indicates that no tampering has been detected, the updated nonce and the concatenation of the updated nonces in the multiple child nodes of each node are input into the message authentication code, and the updated nonce and updated plaintext are input into the authentication cipher to generate the updated ciphertext and updated tag. The memory update method according to claim 18.

20. Input the memory address assigned to the aforementioned tree structure, In each node along the aforementioned path, a nonce is formed by concatenating the memory address unique to each node with the local counter stored in each node, and a tag used for verification is generated by inputting the nonce and the plaintext, or the nonce and the concatenation of the local counters in multiple child nodes of each node, into the message authentication code. If the verification result indicates that no tampering has been detected, the value of the local counter at each node in the path is updated. If the verification result indicates that no tampering has been detected, the nonce is formed by concatenating the unique memory address of each node with the updated local counter of each node, and the updated tag is generated by inputting the nonce and the updated plaintext, or the nonce and the concatenation of the updated local counters of multiple child nodes of each node, into the message authentication code. The memory update method according to claim 12.

21. In the tree structure, a path is generated from the leaf node containing the ciphertext to be updated to the root node; at each node in the path, a nonce is formed by concatenating the memory address unique to each node with the local counter stored in each node; a tag used for verification is generated by inputting the nonce and the concatenation of the local counters in multiple child nodes of each node into the message authentication code; the nonce, the ciphertext, and the tag used for verification are input into the authentication cipher to verify whether the plaintext has been tampered with, thereby verifying whether the ciphertext has been tampered with, and the verification result is output. If the verification result indicates that no tampering has been detected, the nonce is formed by concatenating the unique memory address of each node with the updated local counter of each node, the nonce and the concatenation of the updated local counters of the multiple child nodes of each node are input into the message authentication code, and the nonce and the updated plaintext are input into the authentication cipher to generate the updated ciphertext and updated tag. The memory update method according to claim 20.

22. The steps include inputting a tree structure configured to protect memory and update information, which is information about the nodes being updated in the tree structure, Using the aforementioned update information, the step of determining whether the update content of the leaf node containing the plaintext to be updated depends on the plaintext before the update, If the update content of the leaf node does not depend on the plaintext before the update, the process involves generating a path from the leaf node to the root node in the tree structure, generating a tag used for verification by inputting a unique nonce into the message authentication code at least at each node in the path, verifying whether each node has been tampered with by verifying the tags stored in nodes other than the leaf node, and outputting the verification result. If the verification result indicates that no tampering has been detected, the step of updating the plaintext to be updated at the leaf node based on the update information, If the verification results indicate that no tampering has been detected, the process involves generating an updated tag by inputting a unique nonce into the message authentication code at least at each node, A program that causes a computer to execute something.