JP2003124919A - Cipher communicating apparatus - Google Patents

Abstract

PROBLEM TO BE SOLVED: To mount common and public key systems to a cellular phone at low costs. SOLUTION: A cellular phone comprises a storage section 1300 that stores a fixed point on an elliptic curve, a random number generator 1200 that calculates a private key based on a first random number value, a coordinates- integrating section 1500 that calculates the coordinates point of a first random- value multiple of the fixed point as a first public key by an operation on the elliptic curve, a communication section that gives the first public key to other cellular phones and acquires a second public key from other cellular phones, a switching section 1100 that controls the coordinates-integrating section 1500 so that the coordinates point of the private-key multiple of a point on the elliptic curve for indicating the second public key is calculated and controls the random number generator 1200 so that a second random number value is outputted, and a hash function processing section 1800 that calculates a common key based on the second random number value and the coordinates point of a private-key multiple of the point for indicating the second public key.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a communication technology between information communication devices including computers, and more particularly to a cryptographic communication device for communicating encrypted information.

[0002]

2. Description of the Related Art With the development of networks such as the Internet, data communication by a system in which computer and communication are integrated has become widespread in society. These data include highly confidential information (for example, personal information regarding credit cards). It is necessary to establish security against eavesdropping and data tampering with highly confidential information.

As a technique for establishing security, there is a technique for encrypting data to be communicated. From the viewpoint of who holds the encryption key and the decryption key, the encryption method can be roughly classified into a common key method (or called a secret key method) and a public key method. In the common key method, the same key (common key) is secretly shared by the sender and the receiver of information. In the public key method, the encryption key and the decryption key are different, and the encryption key is disclosed. However, the decryption key is kept secret by either the receiver or the sender of the information.
It has become impossible to deduce a secretly held decryption key based on this published encryption key. The common key method and the secret key method will be described in more detail.

In the common key system, for example, when a user wants to send a mail (plain text) to another user, a user creates a ciphertext in which the contents of the mail are encrypted by using the common key and Send to users. When the other user receives the encrypted mail, the same user uses the same key as the common key used for encryption to decrypt the encrypted mail and obtain a plaintext. This common key is not disclosed to third parties other than the sender and receiver of the information. Such a common key method has the advantage that the speed of encryption processing is fast, but on the other hand, a common key is required for each combination of sender and receiver of information, so a key for communicating information by a large number of people. However, it has a disadvantage that the common key must be distributed before transmitting and receiving information.

In the public key system, for example, a sender or a receiver holds a private key as its own private data and publishes the public key on the Internet or the like. Just as the ciphertext encrypted with this public key can be decrypted only with the private key corresponding to that public key, the ciphertext encrypted with this private key can only be decrypted with the public key corresponding to that private key. As possible, the public key and the private key are given to each user from the key management company.

For example, when a user wants to send a mail (plain text) to another user, one user creates a ciphertext by encrypting the contents of the mail by using the public key of the other user, and Send to user. When the other users receive the encrypted mail, they use the private key held by themselves to decrypt the encrypted mail and obtain the mail (plain text). An email encrypted using another user's public key can only be decrypted by another user who holds the private key corresponding to the other user's public key in secret.
Can read email (plain text). For example, a case where another user is a recipient of personal information of a credit card can be assumed as such a usage form.

On the other hand, when a user wants to send an e-mail (plain text) to another user, the user uses his or her own secret key to create an encrypted text of the e-mail, and then the other user Send to. Upon receiving the encrypted mail, the other users use the public key of a certain user to decrypt the encrypted mail and obtain the mail (plain text). Since only one user can use the private key of the user to encrypt the mail, a third party cannot impersonate the user and send the mail to other users. For example, as such a usage form, it can be assumed to be used for a digital signature that identifies the sender of information.

[0008] Such a public key system has the disadvantage that the encryption processing speed is slow, but has the advantage that the number of keys can be small even when a large number of people communicate information.
It has the advantage that the common key does not have to be distributed before sending and receiving information.

As described above, the encryption methods include the common key method and the public key method, and the use of these methods is distinguished according to the contents of information, and a certain user uses one computer or mobile phone. The common key method and public key method are used.

[0010]

However, the computer or mobile phone used by the user is compatible with only one of the two encryption systems, or is compatible with both systems. There is only hardware or software that implements the encryption method of. That is, even if both types are supported, an arithmetic unit is mounted for each encryption method or a program code is stored in a memory. In particular, when it is difficult to load the program code afterwards, such as in a mobile phone, an arithmetic unit that implements each encryption method is mounted at the time of manufacturing. As the arithmetic unit, the arithmetic unit used in the common key system and the arithmetic unit used in the public key system are mounted, which causes an increase in cost and a mounting area of the mobile phone.

The present invention has been made to solve the above problems, and provides an encryption communication device capable of suppressing a cost increase and a hardware mounting area in realizing a common key system and a public key system. It is to be.

[0012]

A cryptographic communication device according to a first aspect of the present invention is a cryptographic communication device for communicating encrypted information with a communication device of a communication partner. This cryptographic communication device is connected to a storage means for storing a fixed point on a predetermined elliptic curve as a base point, a random number generating means for outputting a random number value, and a random number generating means, and is connected to the random number generating means. A secret key calculating means for calculating a secret key based on the output first random number value; a secret key storing means for storing the calculated secret key, which is connected to the secret key calculating means; Public key calculation means for calculating a first public key based on the base point and the first random number value stored in the storage means by an operation on an elliptic curve connected to the means and the random number generation means. And a public key providing unit for connecting the calculated first public key to the communication device of the communication partner and the second public key from the communication device of the communication partner Public key acquisition means , The public key storage means for storing the acquired second public key, the private key storage means and the public key storage means, and the private key by the operation on the elliptic curve. A common key calculating unit for calculating a common key based on the second public key and a common key storing unit connected to the common key calculating unit for storing the calculated common key.

According to the first invention, the secret key of the public key system is calculated based on the first random number value. The public key of the public key system (first public key) is calculated as a coordinate point that is a multiple of the first random number value of the base point, based on the base point and the first random number value, by calculation on the elliptic curve. It is calculated. The common key is calculated based on the secret key and the second public key, for example, by calculating a coordinate point that is a multiple of the secret key of the point representing the second public key on the elliptic curve, and calculating the X coordinate of the coordinate point. It is calculated by mathematically processing the integer value and the second random number value with a hash function. The first public key is provided to the communication device of the communication partner, for example, published on the Internet or transmitted by mail. The common key is kept secret in the encryption communication device. As a result, the public key in the public key system and the common key in the common key system are both calculated by a computing unit or a computing algorithm that performs computation on the elliptic curve. As a result, the arithmetic circuit or the arithmetic algorithm can be made common, and in realizing the common key method and the public key method, the cost increase and the hardware mounting area can be suppressed.

In the cryptographic communication device according to the second invention, in addition to the configuration of the first invention, the public key calculating means calculates a coordinate point that is a multiple of the first random number value of the base point by calculation on an elliptic curve. A coordinate integrating means for calculating is included. The first public key is represented by a coordinate point that is a first random number times the base point. The common key calculation means outputs a second random number value and a means for controlling the coordinate integration means so as to calculate a coordinate point that is a multiple of the secret key times the point representing the second public key on the elliptic curve. As described above, the common key is determined based on the means for controlling the random number generation means, the second random number value output from the random number generation means, and the coordinate point that is the secret key times the point representing the second public key. And means for calculating. The encryption operation device further includes a random number value providing unit that is connected to the random number generation unit and provides the output second random number value to the communication device of the communication partner.

According to the second invention, the public key of the public key system (first public key) is calculated as a coordinate point which is a first random number times the base point by an operation on an elliptic curve. In the cryptographic communication device on the information transmission side, the common key is a secret key at a point representing the second public key on the elliptic curve (the public key obtained from the communication device of the communication partner) Key) times the coordinate point, and the X-coordinate integer value of the coordinate point and the second random number value (random value output by itself) are mathematically processed by a hash function. It As a result, on the information transmission side, both the public key in the public key system and the common key in the common key system are calculated by the computing unit or the computing algorithm that performs the computation on the elliptic curve.

In the encrypted communication device according to the third invention, in addition to the configuration of the first invention, the public key calculation means calculates a coordinate point that is a multiple of the first random number value of the base point by calculation on an elliptic curve. A coordinate integrating means for calculating is included. The first public key is represented by a coordinate point that is a first random number times the base point. The encryption operation device further includes a random number value acquisition unit for acquiring the second random number value from the communication device of the communication partner. The common key calculating means is a means for controlling the coordinate integrating means so as to calculate a coordinate point that is a multiple of the secret key times the point representing the second public key on the elliptic curve, and the first value obtained by the random value obtaining means. And a means for calculating a common key based on a random number of 2 and a coordinate point that is a multiple of the secret key of the point representing the second public key.

According to the third aspect of the invention, the public key of the public key system (first public key) is calculated as a coordinate point that is the first random number times the base point by calculation on the elliptic curve. In the cryptographic communication device on the side of receiving information, the common key is a secret key at a point representing the second public key on the elliptic curve (the public key acquired from the communication device of the communication partner) Key) times, and the X-coordinate integer value of the coordinate point and the second random number value (random number value obtained from the communication device of the communication partner) are mathematically processed by a hash function. Calculated. As a result, on the information receiving side, the public key in the public key system and the common key in the common key system are both calculated by an arithmetic unit or an algorithm that performs an operation on an elliptic curve.

A cryptographic communication device according to a fourth aspect of the present invention is the first to the first aspects.
In addition to the configuration of any one of the third aspect, an encryption unit for converting plaintext into ciphertext by using a common key is further included.

According to the fourth invention, plaintext can be converted into ciphertext by the calculated common key. The converted ciphertext is
It is transmitted to the communication device of the communication partner.

In addition to the configuration of the fourth aspect of the invention, the encrypted communication device according to the fifth aspect of the invention is connected to an authentication information encryption means for encrypting the authentication information with a secret key, and an authentication information encryption means. Authentication information providing means for providing the encrypted and encrypted authentication information to the communication device of the communication partner.

According to the fifth aspect of the invention, the digital signature can be converted into a ciphertext by using the secret key which is kept secret by itself. The converted digital signature is provided to the communication device of the communication partner. In the communication device of the communication partner, the converted digital signature can be decrypted with the sender's public key to confirm the digital signature. Since the person who can encrypt the digital signature is limited to the person who holds the private key secretly,
The digital signature can prevent a third party from impersonating the sender.

A cryptographic communication device according to a sixth aspect of the present invention is a first to a first aspect.
In addition to the configuration of any one of the third aspect, a decryption unit for converting a ciphertext into a plaintext by using a common key is further included.

According to the sixth aspect of the present invention, the ciphertext transmitted from the communication device of the communication partner can be converted into plaintext by the calculated common key.

In addition to the configuration of the sixth invention, the encrypted communication device according to the seventh invention further comprises an authentication information acquisition unit for acquiring encrypted authentication information from the communication device of the communication partner.
It further includes an authentication information decryption unit connected to the authentication information acquisition unit and decrypting the encrypted authentication information with the second public key.

According to the seventh invention, in the communication device of the communication partner, the digital signature is converted into a ciphertext by the secret key. When the converted digital signature is received, the digital signature can be confirmed by decrypting it with the second public key (public key obtained from the communication device of the communication partner). Since the person who can encrypt the digital signature is limited to the person who holds the private key in secret, the digital signature can prevent a third party from impersonating the sender.

An encryption communication device according to an eighth aspect of the invention is
In addition to the configuration of any one of the seventh aspect, a communication unit for communicating information with another encryption communication device is further included.

According to the eighth invention, the ciphertext converted by the common key, the first public key and the second random number value can be transmitted to the communication device of the communication partner.

[0028]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described below with reference to the drawings. In the following description, the same parts are designated by the same reference numerals. Their names and functions are also the same. Therefore, detailed description thereof will not be repeated. In the following, a mobile phone having a function of transmitting and receiving message data will be described as an example of the encrypted communication device of the present invention, but the invention is not limited to this. The encryption communication device of the present invention is a computer, a mobile phone, a PHS (Personal) having a communication function and a control function.
Handy-phone System) and PDA (Personal Digit)
al Assistant), etc.

Referring to FIG. 1, an encrypted communication system using a mobile phone 100 is a mobile phone 100 for transmitting message data, a mobile phone 200 for receiving message data, and mobile phones 100, 200. Cell phone base station 300, and a mail server 400 that controls transmission and reception of message data between the cell phones 100 and 200. The mobile phone base station 300 and the mail server 400 are connected by a network 500 such as the Internet.

Referring to FIG. 2, mobile phone 10 shown in FIG.
The control block of 0 will be described. As shown in FIG. 2, the mobile phone 100 has a control unit 102 for controlling the entire mobile phone 100, a communication unit 104 for communicating with other telephone devices, a secret key used for encryption processing, and a public key. Key and common key, program executed in control unit 102, intermediate data of the program, and communication unit 1
It includes a storage unit 106 for storing message data received via 04, an input / output unit 110 that is an interface with the user, and a processing unit 120 that performs encryption processing. Note that the mobile phone 100 of the user A that transmits the message data and the mobile phone 200 of the user B that receives the message data from the user A have the same structure. The mobile phone 100 will be described below, and reference numerals corresponding to the mobile phone 200 are shown in parentheses in FIG.

The input / output section 110 can be
A user of the mobile phone 100 inputs an email address of another user or a request to send message data, and a display unit including an LCD (Liquid Crystal Display) for displaying received message data. 114, a voice input unit 116 including a microphone for inputting voice, and a voice output unit 118 including a speaker for outputting voice.

The processing unit 120 encrypts the digital signature or the message data of the mail with its own private key, and the received message data (ciphertext) with the public key of the sender. Decryption processing unit 124 and an arithmetic processing unit that calculates a secret key, a public key, and a common key, encrypts message data (plaintext) with the common key, and decrypts message data (ciphertext) with the common key 1000 and.

In the mobile phone 100 according to the present embodiment, the function of encryption processing will be described as being realized by the hardware of the mobile phone 100, but the present invention is not limited to this. Arithmetic processing unit 100 described in detail below
0 may be realized by software. Realization of the encryption function by software will be described later.

The arithmetic processing unit 1000 will be described with reference to FIG. The arithmetic processing unit 1000 shown below implements arithmetic processing by hardware. Arithmetic processing unit 100
0 is a switching unit 1100 that switches the operation of a plurality of input selectors and output selectors, which will be described later, in response to a command C from the control unit 102, an input selector Sin (1) 1110 and an input selector Sin (2 that are connected to the switching unit 1100. ) 11
20, input selector Sin (3) 1130, input selector Sin (4) 1140, input selector Sin (5) 115
0, output selector Sout (1) 1160, output selector Sout (2) 1170, and output selector Sout (3) 1
180, a random number generator 1200, a base point storage unit 1300, a coordinate remainder calculation unit 1400, a coordinate integration unit 1500, a coordinate addition unit 1600, and an integer value calculation unit 17
00, a hash function processing unit 1800, and a logical operation unit 1
900 and.

When the command C is 0, the switching unit 1100 calculates the secret key U and the public key V of the public key system from the arithmetic processing unit 1.
Each selector is controlled so that 000 is output.

When the command C is 1, the switching unit 1100 determines that the secret key UA of the user A transmitting the message data.
Each selector is controlled so that the arithmetic processing unit 1000 outputs the common key K and the session parameter s based on the public key VB of the user B which receives the message data from the user A.

When the command C is 2, the switching unit 1100 has the secret key UB of the user B who receives the message data.
Based on the public key VA of the user A that sends message data to the user A and the session parameter s, each selector is controlled so that the arithmetic processing unit 1000 outputs the common key K.

In the switching unit 1100, when the command C is 3, the arithmetic processing unit 1000 outputs message data (ciphertext) encrypted based on the message data (plaintext) transmitted by the user A and the common key K. Or each selector is controlled so that the arithmetic processing unit 1000 outputs the decrypted message data (plaintext) based on the message data (ciphertext) received by the user B and the common key K. .

The random number generator 1200 has an input selector Sin.
(1) 1110 and the input selector Sin (5) 1150 are connected to each other, and a random number value R is generated in synchronization with the activation signal, and the generated random number value R is input to the input selector Sin (1) 1110 and the input selector Sin ( 5) Output to 1150.

The base point storage unit 1300 stores the coordinates of a fixed point G (base point) on a predetermined elliptic function. The base point storage unit 1300 is connected to the coordinate remainder calculation unit 1400, the input selector Sin (3) 1130, and the coordinate addition unit 1600, and outputs the stored coordinates of the fixed point G. The order of the subgroup of the fixed point G is a sufficiently large prime number. Further, the base point storage unit 1300 may be a storage unit that stores the coordinates of the elliptic curve as a table, or may be a calculation unit that calculates a fixed point G by calculation.

The coordinate remainder calculation unit 1400 is connected to the input selector Sin (1) 1110, the base point storage unit 1300, and the input selector Sin (2) 1120, and receives the common key K or the fixed point G and the random value R. The remainder is calculated with respect to the order o (G) of the subgroup of the fixed point G on the elliptic curve, and the calculated remainder (output parameter k) is output to the input selector Sin (2) 1120.

The coordinate accumulator 1500 has an input selector Sin.
(2) Connected to the input selector Sin (3) 1130 and the output selector Sout (1) 1160, and is an integral multiple of the input coordinate based on the input coordinate on the elliptic curve and the integer value. The coordinates of the point on the elliptic curve (output parameter P) are output to the output selector Sout (1) 1160.

The coordinate addition unit 1600 is connected to the base point storage unit 1300, the input selector Sin (4) 1140 and the output selector Sout (1) 1160, and on the elliptic curve output from the output selector Sout (1) 1160. The fixed point G stored in the base point storage unit 1300 is added to the coordinates of the point (output parameter P), and the added coordinates (output parameter Pi) are input selector Sin (4).
Output to 1140. The output parameter Pi is also input to the coordinate addition unit 1160 itself.

The integer value calculation unit 1700 has an input selector S
in (4) 1140 and output selector Sout (2) 1170
And an integer value of the X coordinate of the coordinates (X, Y) of the point on the elliptic curve output from the input selector Sin (4) 1140 is calculated, and the calculated integer value (output parameter z) is calculated. Output to the output selector Sout (2) 1170.

The hash function processing section 1800 includes an output selector Sout (2) 1170 and an output selector Sout (3) 1.
NIST (National Institute)
f Standards and Technology) hash function SHA-
1 (Secure Hash Algorithm 1) is executed and the execution result is output as the common key K.

The logical operation unit 1900 has an output selector Sou.
Output selector Sout (2) connected to t (2) 1170
1170 and the integer value output from 1170
The exclusive OR with the plaintext or ciphertext input to 0 is operated to perform encryption or decryption processing, and the ciphertext or plaintext is output.

The input selector Sin (1) 1110 outputs one of the common key K input to the arithmetic processing unit 1000 and the random number value R output from the random number generator 1200 to the coordinate remainder calculation unit 1400. . The input selector Sin (1) 1110, when the command C is 0, the random number value R output from the random number generator 1200, and when the command C is 3, the common key K input to the arithmetic processing unit 1000, It is output to the coordinate remainder calculation unit 1400.

The input selector Sin (2) 1120 outputs either the secret key U input to the arithmetic processing unit 1000 or the output parameter k output from the coordinate remainder calculation unit 1400 to the coordinate integration unit 1500. . In the input selector Sin (2) 1120, the commands C are 0 and 3
In the case of, the output parameter k output from the coordinate remainder calculation unit 1400 is used. When the commands C are 1 and 2, the secret key U input to the arithmetic processing unit 1000 is used as the coordinate integration unit 15
Output to 00.

The input selector Sin (3) 1130 outputs either the public key V input to the arithmetic processing unit 1000 or the fixed point G output from the base point storage unit 1300 to the coordinate integration unit 1500. Input selector S
in (3) 1130 is the case where command C is 0 and 3,
Fixed point G output from the base point storage unit 1300
When the command C is 1 and 2, the arithmetic processing unit 100
The public key V input to 0 is output to the coordinate integration unit 1500.

The input selector Sin (4) 1140 receives an integer value calculation unit 170 for one of the output parameter P output from the output selector Sout (1) 1160 and the output parameter Pi output from the coordinate addition unit 1600.
Output to 0. The input selector Sin (4) 1140 uses the output parameter P output from the coordinate integration unit 1500 when the command C is 1 and 2 and the output parameter Pi output from the coordinate addition unit 1600 when the command C is 3. , And outputs it to the integer value calculation unit 1700.

The input selector Sin (5) 1150 outputs to the output selector Sout (3) 1180 one of the session parameter s input to the arithmetic processing unit 1000 and the random number value R output from the random number generator 1200. Output. The input selector Sin (5) 1150 uses the random number value R output from the random number generator 1200 when the command C is 0 and 1, and the session parameter s input to the arithmetic processing unit 1000 when the command C is 2. , To the output selector Sout (3) 1180.

The output selector Sout (1) 1160 uses the output parameter P output from the coordinate integrating section 1500 as
Outside the arithmetic processing unit 1000, the input selector Sin
(4) Output to either one of 1140 and coordinate adder 1600. The output selector Sout (1) 1160 is
When the command C is 0, the output parameter P is used as the public key V and the command C is set to 1 outside the arithmetic processing unit 1000.
And 2, the output parameter P is set to the integer value calculation unit 17
Input selector Sin (4) as an input parameter to 00
If the command C is 3 in 1140, the output parameter P
To the coordinate adder 1600.

The output selector Sout (2) 1170 outputs the output parameter z output from the integer value calculation unit 1700.
To the hash function processing unit 1800 and the logical operation unit 19
Output to either one of 00. Output selector Sout
(2) 1170 outputs the output parameter z to the hash function processing unit 1800 when the command C is 1 and 2, and outputs the output parameter z to the logical operation unit 19 when the command C is 3.
To 00.

The output selector Sout (3) 1180 uses either the session parameter s output from the input selector Sin (5) 1150 or the random number value R output from the random number generator 1200 as the hash function processing unit 18
00 and the outside of the arithmetic processing unit 1000.
In the output selector Sout (3) 1180, the command C is 1
In the case of, the hash function processing unit 18 uses the random number value R output from the random number generator 1200 as the session parameter s.
00 and the outside of the arithmetic processing unit 1000, when the command C is 2, the session parameter s output from the input selector Sin (5) 1150 is output to the hash function processing unit 1800.

In this way, the switching unit 1100 makes the input selector Sin (1) 1110 based on the value of the command C.
~ Input selector Sin (5) 1150 and output selector Sout (1) 1160 to output selector Sout (3) 118
By controlling 0, the arithmetic processing unit 1000 performs a predetermined operation.

The case where the command C is 0 will be described with reference to FIG. In this case, the private key U and the public key V of the public key system
Each selector is controlled so that the arithmetic processing unit 1000 outputs and. When the command C is 0, this arithmetic processing unit 1
There are no input parameters for 000. The random number value R output from the random number generator 1200 is the secret key U,
It is output to the outside of the arithmetic processing unit 1000. Although not shown in FIG. 4, command C described later is 3 (FIG. 7: plaintext is encrypted with common key K, or ciphertext is also decrypted with common key K), which is consistent with control. for,
Actually, as shown in FIG. 3, the random number value R output from the random number generator 1200 is remainder calculated by the coordinate remainder calculating unit 1400, and the value is input to the coordinate integrating unit 1500. The coordinate integrating unit 1500 calculates a random value R multiple point for the fixed point G on the elliptic curve, and outputs this as the public key V to the outside of the arithmetic processing unit 1000.

The case where the command C is 1 will be described with reference to FIG. In this case, each selector is controlled so that the arithmetic processing unit 1000 outputs the common key K and the session parameter s. Arithmetic processing unit 100 with command C set to 1
0 is operated by the user A who sends the message data. In this case, the input parameters to the arithmetic processing unit 1000 are the secret key UA of the user A and the public key VB of the transmission partner (user B). The secret key UA of the user A and the public key VB of the user B are used as the coordinate integration unit 15
00, the coordinate integration unit 1500 calculates the coordinates of the point UA times the point VB on the elliptic curve, and outputs it to the integer value calculation unit 1700. The integer value calculation unit 1700 calculates the integer value of the X coordinate of the point and outputs the calculated output parameter z to the hash function processing unit 1800. The hash function processing unit 1800 performs an operation based on the random number value R output from the random number generator 1200 and the output parameter z output from the integer value calculating unit 1700, and the common key K
Is calculated and the common key K is output to the outside of the arithmetic processing unit 1000. The random number value R input to the hash function processing unit 1800 is set as the session parameter s.
It is output to the outside of the arithmetic processing unit 1000.

The case where the command C is 2 will be described with reference to FIG. In this case, each selector is controlled so that the arithmetic processing unit 1000 outputs the common key K. It is the user B, who receives the message data, to operate the arithmetic processing unit 1000 by setting the command C to 2. in this case,
The input parameters to the arithmetic processing unit 1000 are the secret key UB of the user B and the public key VA of the transmission source (user A).
And. User B's private key UB and user A's public key V
A and A are input to the coordinate integration unit 1500, and the coordinate integration unit 1
500 calculates the coordinates of the point UB times the point VA on the elliptic curve, and outputs it to the integer value calculation unit 1700. The integer value calculation unit 1700 calculates the integer value of the X coordinate of the point and outputs the calculated output parameter z to the hash function processing unit 1.
Output to 800. The hash function processing unit 1800 calculates based on the session parameter s input to the calculation processing unit 1000 and the output parameter z output from the integer value calculation unit 1700 to calculate the common key K,
The common key K is output to the outside of the arithmetic processing unit 1000.

The case where the command C is 3 will be described with reference to FIG. In this case, based on the message data (plaintext) that the user A sends to the user B and the common key K, the arithmetic processing unit 10 converts the encrypted message data (ciphertext).
00, or the arithmetic processing unit 1000 outputs the decrypted message data (plaintext) based on the message data (ciphertext) received by the user B from the user A and the common key K. , Each selector is controlled. The arithmetic processing unit 1000 is operated with the command C set to 3 because the user A who sends the message data.
And the user B who receives the message data. Input parameters for the arithmetic processing unit 1000 are a common key and message data (plain text) when the user A operates, and a common key and message data (cipher text) when the user B operates.

The common key K is input to the coordinate remainder calculation unit 1400. The coordinate remainder calculation unit 1400 calculates the output parameter k, and outputs the calculated output parameter k to the coordinate integration unit 1500. The coordinate integration unit 1500 calculates the output parameter P based on the output parameter k input from the coordinate remainder calculation unit 1400 and the constant G output from the base point storage unit 1300, and the calculated output parameter P is calculated. It is output to the coordinate addition unit 1600. The coordinate addition unit 1600 calculates the output parameter Pi using the constant G output from the base point storage unit 1300 with the output parameter P output from the coordinate integration unit 1500 as an initial value, and the calculated output parameter Pi is output to the coordinate addition unit 1600 itself and the integer value calculation unit 1700.

Output parameters Pi (i = 1, 2, ..., N) for the number n of characters of the message data input to the arithmetic processing unit 1000 are input to the integer value calculation unit 1700 from the coordinate addition unit 1600. It Integer value calculation unit 1700
Is the output parameter P for the number of characters n of the message data.
Based on i (i = 1, 2, ..., N), the output parameter zi (i = 1, 2, ..., N) is calculated, and the logical operation unit 1 is calculated.
Output to 900.

The logical operation unit 1900 includes an integer value calculation unit 17
Output parameter zi (i = 1, 2,
, N) and the exclusive OR (XOR) of the message data (plaintext or ciphertext) are logically operated to perform encryption processing or decryption processing, and the result is output to the outside of the arithmetic processing unit 1000. To do.

The case where the arithmetic processing unit 1000 is configured by hardware has been described above, but the processing in the arithmetic processing unit 1000 can be realized by software. Random number generator 1200, coordinate remainder calculation unit 1
400, the coordinate integration unit 1500, the coordinate addition unit 1600, the integer value calculation unit 1700, the hash function processing unit 1800, and the logical operation unit 1900 are realized as a subroutine in software executed by the control unit 102. In the software executed by the control unit 102, based on the value of the command C, the input selector Sin
(1) 1110, input selector Sin (2) 1120, input selector Sin (3) 1130, input selector Sin
(4) 1140, input selector Sin (5) 1150, output selector Sout (1) 1160, output selector Sout
(2) 1170 and output selector Sout (3) 11
A branch determination process corresponding to each 80 is executed, and a predetermined subroutine is executed from each branch determination process. The secret key U, the public key V, the common key K, the session parameter s, based on the calculation result in each subroutine.
The arithmetic processing unit 1000 outputs the encrypted message data and the decrypted message data. In this way, the arithmetic processing unit 100 is implemented by software.
0 can be realized.

Referring to FIG. 8, the program executed by mobile phone 100 on the side of transmitting message data has the following control structure. This mobile phone 100
It is a mobile phone used by user A.

Step (hereinafter, step is abbreviated as S)
At 100, control unit 102 instructs operation processing unit 1000 to perform an operation with command C set to 0. This processing is executed, for example, immediately after the user A purchases the mobile phone 100 and then turns on the power for the first time. In S 102, control unit 102 stores the public key VA and the secret key UA of user A output from arithmetic processing unit 1000 in storage unit 106. In S104, control unit 102 discloses the public key VA of user A on the Internet to the Internet access provider via communication unit 104 (for example, public key VA on the home page of user A).
To upload).

At S106, control unit 102 determines whether or not the public key VB of user B published on the Internet has been acquired. At this time, the user A acquires the public key VB of the user B on the Internet, and it is determined whether or not the user A has input the public key VB from the operation unit 112 of the mobile phone 100. When the public key VB of the user B published on the Internet is acquired (Y in S106
ES), and the process proceeds to S108. If not (NO in S106), the process returns to S106 and waits until the public key VB of user B is acquired.

At S 108, control unit 102 stores the public key VB of user B, which is determined to be acquired, in storage unit 106. In S110, control unit 102 determines whether or not to send message data to user B. This determination is made when the user A inputs a specific key on the operation unit 112. If message data is to be transmitted to user B (YES in S110), the process proceeds to S112. If not (NO in S110), the process returns to S110 and waits until the message data is transmitted to user B.

At S112, control unit 102 requests input of data for digital signature. At this time, the control unit 1
02 causes the display unit 114 to display a screen requesting input of data for digital signature. In S114, control unit 102 stores data M1 for digital signature input by user A from operation unit 112 in storage unit 106. S1
At 16, the control unit 102 instructs the encryption processing unit 122 to operate, and stores the digital signature data M2 obtained by encrypting the digital signature data M1 with the secret key UA of the user A in the storage unit 106.

At S118, control unit 102 requests the input of message data. At this time, the control unit 102
Causes the display unit 114 to display a screen requesting input of message data. In S120, the control unit 102
The message data MD1 input by the user A from the operation unit 112 is stored in the storage unit 106. In S122, control unit 102 instructs operation processing unit 1000 to perform an operation with command C set to 1. In S124, control unit 102 stores common key K and session parameter s output from operation processing unit 1000 in storage unit 106.

At S126, control unit 102 instructs operation processing unit 1000 to perform an operation with command C set to 3, and stores encrypted data MD2 obtained by encrypting message data MD1 with common key K in storage unit 106. To do. In S128,
The control unit 102 transmits the digital signature data M2, the encrypted data MD2, and the session parameter s to the mobile phone 200 of the user B.

Referring to FIG. 9, the program executed by mobile phone 200 on the side of receiving the message data has the following control structure. This mobile phone 200
This is a mobile phone used by user B.

At S200, control unit 202 instructs arithmetic processing unit 1000 to operate with command C set to 0. This process is executed, for example, immediately after the user B purchases the mobile phone 200 and then turns on the power for the first time. S2
At 02, the control unit 202 stores the public key VB and the secret key UB of the user B output from the arithmetic processing unit 1000 in the storage unit 206. In S204, the control unit 202
The public key VB of the user B on the Internet is sent to the Internet access provider via the communication unit 204.
To publish (for example, upload public key VB on user B's home page).

At S206, control unit 202 determines whether or not the public key VA of user A published on the Internet has been acquired. At this time, the user B acquires the public key VA of the user A on the Internet, and it is determined whether or not the user B has input the public key VA from the operation unit 212 of the mobile phone 200. When the public key VA of the user A published on the Internet is acquired (Y in S206
ES), and the process proceeds to S208. If not (NO in S206), the process returns to S206 and waits until the public key VA of user A is acquired.

At S208, control unit 202 stores the public key VA of user A, which is determined to be acquired, in storage unit 206. In S210, control unit 202 determines whether or not data has been received from mobile phone 100 of user A.
At this time, from the mobile phone 100 of the user A to the mobile phone base station 300, the network 500 and the mail server 4.
The data is received by the mobile phone 200 of the user B via 00. When data is received from mobile phone 100 of user A (YES in S210), the process proceeds to S212. If not (NO in S210), the process returns to S210 and waits until data is received from mobile phone 100 of user A.

At S212, control unit 202 determines that user A
Digital signature data M received from the mobile phone 100 of
2, encrypted data MD2 and session parameter s
Is stored in the storage unit 206. In S214, the control unit 20
2 instructs the decryption processing unit 224 to operate, and stores the digital signature data M1 obtained by decrypting the digital signature data M2 with the public key VA of the user A in the storage unit 206.

At S216, control unit 202 causes storage unit 2
The digital signature data M1 stored in 06 is displayed on the display unit 214. In S218, control unit 202 determines whether user A has been identified. This determination is made by the user B, who has viewed the digital signature data M1 displayed on the display unit 214, inputs a predetermined key on the operation unit 212. If user A can be identified (YES in S216), the process proceeds to S220. If not (NO in S216), the process is
The process returns to S210 and waits for the reception of data from the true user A.

At S220, control unit 202 instructs operation processing unit 1000 to operate with command C set to 2. S
At 222, the control unit 202 stores the common key K output from the arithmetic processing unit 1000 in the storage unit 206. S22
At 4, the control unit 202 instructs the arithmetic processing unit 1000 to operate with the command C set to 3, and stores the message data MD1 obtained by decrypting the encrypted data MD2 with the common key K in the storage unit 206. In S226, control unit 202 displays message data MD1 stored in storage unit 206 on display unit 214.

The operation of mobile phone 100 and mobile phone 200 based on the above-described structure and flowchart will be described.

When the user A purchases the mobile phone 100 and turns on the power of the mobile phone 100 for the first time, the arithmetic processing unit 1
000 operates with command C set to 0 (S100),
The public key V of the user A output from the arithmetic processing unit 1000
A and the secret key UA are stored in the storage unit 106 (S
102). The public key VA of the user A is instructed to be published on the Internet, the public key VA is posted on the home page of the user A on the Internet, the user B recognizes the public key VA, and the user A is stored in the storage unit 206. Public key VA is stored (YES in S206, S20
8).

When the user B purchases the mobile phone 200 and turns on the power of the mobile phone 200 for the first time, the arithmetic processing unit 1
000 operates with command C set to 0 (S200),
User B's public key V output from arithmetic processing unit 1000
B and the secret key UB are stored in the storage unit 206 (S
202). The public key VB of the user B is instructed to be published on the Internet, the public key VB is posted on the home page of the user B on the Internet, the user A recognizes the public key VB, and the user B is stored in the storage unit 106. Public key VB is stored (YES in S106, S10
8).

When user A transmits data to user B (YES in S110), user A inputs data M1 for digital signature, and the input data M1 for digital signature is stored in storage unit 106. (S114).
Data M for digital signature is generated by the encryption processing unit 122.
1 is encrypted with the private key UA of the user A, and the digital signature data M2 output from the encryption processing unit 122 is stored in the storage unit 106 (S116).

The user A inputs the message data MD1 and the input message data MD1 is stored in the storage unit 10.
6 is stored (S120). The arithmetic processing unit 1000 operates with the command C set to 1 (S122), and the arithmetic processing unit 1000 informs the arithmetic processing unit 1000 of the secret key UA of the user A and the public key V of the user B.
B is input, and the common key K and the session parameter s output from the arithmetic processing unit 1000 are stored in the storage unit 106 (S124).

The arithmetic processing unit 1000 operates with the command C set to 3 (S126), the message data MD1 is encrypted with the common key K by the arithmetic processing unit 1000, and the encrypted data MD2 output from the arithmetic processing unit 1000. Is stored in the storage unit 106. Mobile phone 100 of user A
Through the communication unit 104, the mobile phone 200 of the user B.
Then, the digital signature data M2, the encrypted data MD2, and the session parameter s are transmitted (S128).

When user B's mobile phone 200 receives digital signature data M2, encrypted data MD2 and session parameter s from user A's mobile phone 100 (YES in S210), the received data is stored in storage unit 2
It is stored in 06 (S212). The decryption processing unit 224 determines that the digital signature data M2 is the public key VA of the user A.
The data M1 for digital signature, which is decrypted by and is output from the decryption processing unit 224, is stored in the storage unit 206 (S214).

Data M1 for digital signature is displayed on the display unit 21.
4 and user B can identify user A (S
218: YES), the arithmetic processing unit 1000 causes the command C
Is operated as 2 (S220), and the arithmetic processing unit 1000 is operated.
The secret key UB of the user B, the public key VA of the user A, and the session parameter s are input to the operation processing unit 100.
The common key K output from 0 is stored in the storage unit 206 (S222).

The operation processing unit 1000 operates with the command C set to 3 (S224), the operation processing unit 1000 decrypts the encrypted data MD2 with the common key K, and the message data MD1 output from the operation processing unit 1000. Is stored in the storage unit 206 (S224). The message data MD1 is displayed on the display unit 214 (S226), and the user B can read the message data transmitted from the true user A.

As described above, according to the cryptographic communication system according to the embodiment of the present invention, the public key and the secret key in the public key system and the common key in the common key system are calculated in the mobile phone constituting this system. A part of the circuit for encrypting plaintext with a common key and the circuit for decrypting ciphertext with a common key can be shared. As a result, the arithmetic circuit in hardware or the arithmetic algorithm in software can be made common, and in realizing the common key system and the public key system, the cost increase of the communication terminal and the hardware mounting area can be suppressed.

The embodiments disclosed this time are to be considered as illustrative in all points and not restrictive. The scope of the present invention is shown not by the above description but by the claims, and is intended to include meanings equivalent to the claims and all modifications within the scope.

[Brief description of drawings]

FIG. 1 is a diagram showing an overall configuration of a cryptographic communication system.

FIG. 2 is a control block diagram of the mobile phone shown in FIG.

FIG. 3 is a control block diagram of an arithmetic processing unit of the mobile phone shown in FIG.

FIG. 4 is a diagram (No. 1) for explaining the operation of the arithmetic processing unit.

FIG. 5 is a diagram (No. 2) for explaining the operation of the arithmetic processing unit.

FIG. 6 is a diagram (No. 3) for explaining the operation of the arithmetic processing unit.

FIG. 7 is a diagram (No. 4) for explaining the operation of the arithmetic processing unit.

FIG. 8 is a flowchart showing a control procedure of processing in the mobile phone on the transmission side.

FIG. 9 is a flowchart showing a control procedure of processing in the mobile phone on the receiving side.

[Explanation of symbols]

100, 200 mobile phone, 102, 202 control unit,
104, 204 communication unit, 106, 206 storage unit, 1
10, 210 input / output unit, 112, 222 operation unit, 1
14, 214 display unit, 116, 216 voice input unit,
118, 218 audio output section, 120, 220 processing section,
122, 222 encryption processing unit, 124, 224 decryption processing unit, 300 mobile phone base station, 400 mail server, 500 network, 1000 arithmetic processing unit,
1100 switching units 1110, 1120, 1130, 1
140, 1150 Input selector, 1160, 117
0, 1180 output selector, 1200 random number generator,
1300 base point storage unit, 1400 coordinate remainder calculation unit, 1500 coordinate integration unit, 1600 coordinate addition unit, 1700 integer value calculation unit, 1800 hash function processing unit, 1900 logical operation unit.

Claims (8)

[Claims] 1. A cryptographic communication device for communicating encrypted information with a communication device as a communication partner, wherein the cryptographic communication device stores a predetermined fixed point on an elliptic curve as a base point. Storage means for outputting a random number value, random number generating means for outputting a random number value, and for calculating a secret key based on a first random number value output from the random number generating means, which is connected to the random number generating means. Secret key calculating means, a secret key storing means connected to the secret key calculating means for storing the calculated secret key, connected to the storing means and the random number generating means, on an elliptic curve A public key calculation means for calculating a first public key based on the base point and the first random number value stored in the storage means by calculation, and connected to the public key calculation means, Before calculated A public key providing unit for providing the first public key to the communication device of the communication partner, a public key acquisition unit for acquiring a second public key from the communication device of the communication partner, A public key storage means connected to the public key acquisition means for storing the acquired second public key; connected to the private key storage means and the public key storage means; The secret key and the second
A common key calculating unit for calculating a common key on the basis of the public key and a common key storing unit for storing the calculated common key, which is connected to the common key calculating unit. Communication device. 2. The public key calculation means includes coordinate integration means for calculating a coordinate point that is the first random number times the base point by calculation on an elliptic curve, and the first public key. Is represented by a coordinate point which is the first random number times the base point, and the common key calculating means calculates a coordinate point which is the secret key times the point representing the second public key on the elliptic curve. To control the coordinate integrating means, to control the random number generating means to output a second random number value, and to control the second random number output from the random number generating means. A means for calculating a common key based on a numerical value and a coordinate point that is the secret key times the point representing the second public key, wherein the encryption operation device is connected to the random number generation means. Is
The cryptographic communication device according to claim 1, further comprising a random number providing unit for providing the output second random number value to the communication device of the communication partner. 3. The public key calculating means includes coordinate accumulating means for calculating a coordinate point of the base point multiplied by the first random number value by calculation on an elliptic curve, and the first public key. Is represented by a coordinate point that is the first random number times the base point, and the encryption operation device is a communication device from the communication partner
The common key calculating means further includes a random value obtaining means for obtaining a second random value, and the common key calculating means calculates a coordinate point that is a multiple of the secret key of a point representing a second public key on an elliptic curve. A means for controlling the coordinate accumulating means, a second random number value obtained by the random number obtaining means, and a coordinate point that is a multiple of the secret key of a point representing the second public key, The cryptographic communication device according to claim 1, further comprising means for calculating a common key. 4. The cipher communication device according to claim 1, further comprising an encryption unit for converting plaintext into ciphertext using the common key. 5. The encryption communication device, an authentication information encryption unit for encrypting authentication information with the secret key, and the authentication information encryption unit connected to the authentication information encryption unit, the encrypted authentication information, The cryptographic communication device according to claim 4, further comprising authentication information providing means for providing the communication device of the communication partner. 6. The encrypted communication device according to claim 1, further comprising a decryption unit for converting an encrypted text into a plaintext by using the common key. 7. The encrypted communication device is connected to the authentication information acquisition means for acquiring encrypted authentication information from the communication device of the communication partner, and the encrypted communication device is encrypted. The encryption communication device according to claim 6, further comprising an authentication information decryption unit for decrypting authentication information with the second public key. 8. The cipher communication device according to claim 1, further comprising a communication unit for communicating information with the other cipher communication device.