Cryptographic techniques for enciphering computer messages or the like include a unit for generating a cipher program for enciphering message data or plaintext by using a plurality of kinds of basic involution processing programs and desired key data, and a unit for enciphering the message data into ciphertext by executing the generated cipher program for the message data. A part of the involution processing program includes a substitution transformation portion and a permutation transformation portion. In accordance with the bit pattern of the above key data, a sequence for executing each of the involution processing programs and a sequence for executing the substitution transformation portion and the permutation transformation portion are determined. The above plurality of transformation processes include an operation of circular shifting to the right or left by X bits and an operation of circular shifting to the right or left by Y bits, with the X and Y being mutually different numbers. An indication of detailed numerical values of the X and Y and the right or left direction for a circular shift is given by key data. According to the above structure, a part of the functions for structuring the encipherment algorithms and the sequence for executing the functions are changed by key data. With the above arrangement, a large amount of algorithm transformation patterns are generated by the product of a number of changes of a part of the functions and a sum of combinations of permutation in the sequence of executing the functions, thus making it extremely difficult to crack the algorithms.

There are provided an encipher method of enciphering message data made by a microcomputer or the like at a high speed by using encipher keys which have previously been stored in a smart card or the like and a decipher method of deciphering the ciphertext made by the encipher method at a high speed by using the encipher keys. The encipher method and the decipher method are suitable for, particularly, a 32-bit microcomputer and include a process expressed by the function Rot.sub.2 i(x) (i=2, 3, 4) in each process. Rot.sub.2 i(x) is the process to circular shift a data train x of 32 bits to the left or right by 2.sup.i bits (i=2, 3, 4).

A method and apparatus for carrying out limited encipherment broadcast by generating a cipher key obtained from destination information added to service information are provided. An information service station transmits to each receiving station a random number, destination information for designating a destination station, and enciphered data obtained by enciphering service information by a common key generating by using the random number and destination information. An IC card at each receiving station which is provided in advance with a key generating function from the information service station, generates the common key by using the received random number and destination information only when it is confirmed from the destination information that the receiving station has a data reception right, and deciphers the enciphered data by using the common key to obtain the original service information. The processing time required for generating the common key can be reduced because of a small amount of data to be used.

PID information and TSC information are extracted from a header of received data inputted to a terminal 1 and are supplied to an IDT (16). The IDT (16) receives these information and searches a data key from a DPMEM (17) by an indirect retrieving method and reads the data key. Plural data keys updated every predetermined period are non-synchronously written to the DPMEM (17). This writing operation is inhibited when the writing and reading operations of the DPMEM (17) are performed in the same timing and the same address. Thus, memory control of the DPMEM (17) can be easily performed. Accordingly, all decryption processings can be completed in real time on a reception side.

A host interface comprising a reassembler for reassembling and decrypting data that has been encrypted in accordance with a pre-defined key and segmented into a plurality of asynchronous transfer mode (ATM) cells. Each cell comprises a virtual channel identifier (VCI), a multiplexing identifier (MID) if the data is transmitted using the CCITT specified Class 4 connectionless transfer ATM adaptation layer (AAL), and a cell body. The reassembler comprises a cell manager for separating each cell body from that cell body's corresponding VCI and MID (if present), a linked list manager for managing and storing linked list data indicative of addresses at which the cell bodies are to be stored, a content addressable memory (CAM) for managing and storing the VCIs (and MIDs for connectionless data) and providing pointers into the linked list data, a lookup controller for writing the VCIs to the CAM, a reassembly buffer for storing the cell bodies, and a decryption device for decrypting the data and writing the decrypted data to the reassembly buffer. The major subsections operate concurrently to form an ATM cell-processing pipeline. The interface may also comprise a segmenter for encrypting data received from a host computer and segmenting the encrypted data into a plurality of ATM cells.