JP2003289295A - Method and system for ciphering and deciphering - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To easily guarantee that a period of confidentiality is kept. <P>SOLUTION: This method is provided with a step of ciphering data to be kept confidential with a corresponding secret key; transferring and storing the data in a storage device, and repeating processing of ciphering the secret key with public keys generated by first and second deciphering devices, only by the times in which a time required for deciphering becomes equal to a time corresponding to the period of confidentiality; transmitting the ciphered secret key to one of the first and second deciphering devices, and a step of deciphering the ciphered secret key which is received with the secret key, corresponding to the public key generated its own deciphering device; transmitting the result of deciphering to another deciphering device; allowing the other deciphering device to decipher with the secret key corresponding to the public key generated by the other deciphering device and repeating processing of deciphering the secret key again with the secret key corresponding to the public key generated its own deciphering device, only by the times corresponding to the preset times; and transmitting the secret key obtained by the repeated processing, in the first and second deciphering devices. <P>COPYRIGHT: (C)2004,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to encryption / decryption for holding data received and encrypted at a first time in a secret state until it reaches a second time after an arbitrary set time has elapsed. A method and system.

[0002]

2. Description of the Related Art Conventionally, there is a technique disclosed in Japanese Patent Application Laid-Open No. 11-296076 as a technique for making it impossible to decrypt data to be kept secret until the secret keeping period expires. In the encryption / decryption method disclosed in this publication, the encryption time key EK (t) at the time t and the decryption time key D at the time t are set every unit time (for example, in units of one day).
When a time key management server that generates K (t) and publishes EK (t) is prepared, and the client A wants to keep the confidential data to be secret until time t, the client A sends EK ( Obtain t) and encrypt the confidential data. Time key management server is D until time t
Save K (t) and publish DK (t) at time t. Therefore, the client A obtains DK (t) from the time key management server and decrypts the encrypted data. In this way, it is impossible to decrypt the data to be kept confidential until a certain time has passed.

[0003]

However, the above-mentioned prior art has the following problems. (1) It is necessary to guarantee that the secret retention period until the decryption time key DK (t) is made public is correctly protected.
In order to achieve this, the troublesome monitoring work that the auditor always guarantees the time is required. (2) Since it is necessary to prepare a time encryption key and a decryption key for each unit time, many keys are required, and key management becomes complicated. (3) The administrator steals the time key from the time key management server, or someone steals the time key by physically analyzing the data recording medium, and the data to be kept secret before the decryption time. There is a risk of being decrypted.

A first object of the present invention is to provide an encryption / decryption method and system in which it is possible to easily guarantee that a confidentiality period is kept and to easily manage keys. A second object of the present invention is, in addition to the first object, an encryption / decryption method and system capable of reducing the risk of decrypting confidential data until the confidentiality period expires. To provide.

[0005]

In order to achieve the above first object, the encryption / decryption method according to the present invention is arranged at a position physically separated from a reception device that receives data to be kept confidential. An encryption / decryption method, comprising: a first and a second decryption device, for holding data received by the reception device in a secret state until a preset secret retention period expires. The secret-retention target data received in step 1 is encrypted with the secret-key corresponding to the secret-retention target data, transferred to a storage device and stored, and the secret key is decrypted at a time corresponding to the secret-retention period. Repeating the process of encrypting with the public key generated by the first and second decryption devices for a certain number of times, and transmitting the encrypted private key to one of the first and second decryption devices. In the first and second decryption devices, the encrypted private key received from the reception device is decrypted by the private key corresponding to the public key generated by the self decryption device, and the decryption result is transferred to the other decryption device. The above-mentioned process of transmitting, decrypting with the private key corresponding to the public key generated by the other decrypting device, receiving the decryption result, and decrypting again with the private key corresponding to the public key generated by the own decrypting device Repeating a number of times corresponding to time, and releasing a secret key for decrypting the secret-holding target data obtained by the iterative process. In addition, the first and second decoding devices are arranged in an artificial satellite in outer space, and a time during which a communication radio wave makes one round trip between the first and second decoding devices is used as a calculation unit of the confidentiality holding period. It is characterized by using.

In order to achieve the second object,
As the secret holding period, a value obtained by adding a time required from the encryption start time of the secret key corresponding to the secret holding target data to the transmission start time to one of the first and second decryption devices is set. Characterize.

The encryption / decryption system according to the present invention comprises a reception device for receiving the data to be kept confidential, and first and second decryption devices arranged at physically separated positions. An encryption / decryption system for holding the received data in a secret state until the preset secret holding period expires, wherein the accepting device converts the received secret holding target data into the secret holding target data. The private key is encrypted with a corresponding private key, transferred to a storage device and stored therein, and the private key is generated by the first and second decryption devices as many times as the time required for decrypting the private key reaches a time corresponding to the secret holding period. And a means for transmitting the encrypted private key to one of the first and second decryption devices, the first and second decryption devices comprising:
Decrypting device decrypts the encrypted private key received from the accepting device with the private key corresponding to the public key generated by the self decrypting device, transmits the decryption result to the other decrypting device, and the other decrypting device Repeat the process of decrypting with the private key corresponding to the public key generated by the decryption device, receiving the decryption result, and decrypting again with the private key corresponding to the public key generated by the own decryption device, the number of times corresponding to the set time. And a means for disclosing a secret key for decrypting the secret-holding target data obtained by the iterative process. Also, the first and second decoding devices are arranged in an artificial satellite in outer space, and the time during which a communication radio wave makes one round trip between these first and second decoding devices is the unit of calculation of the confidentiality period. It is characterized by using as. Further, the secret holding period is set by adding a time required from the encryption start time of the secret key corresponding to the secret holding target data to the transmission start time of one of the first and second decryption devices. It is characterized by

[0008]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described below in detail with reference to the drawings. (Embodiment 1) FIG. 1 is a system configuration diagram showing an embodiment of an electronic bidding system to which the present invention is applied. First, the outline of the principle of the present invention will be described. In the present invention, the two computers A and B having the decryption keys DK _A and DK _B are arranged at distant places so that a communication delay of t seconds occurs between the two computers. The communication delay referred to here means the time required to travel the distance between two computers at the speed of light, for example. Then, the encryption operation is performed n times on the data that should be kept secret until a certain time. At this time, 1
The result of the encryption operation is encrypted so that it can be decrypted by using the decryption keys DK _A and DK _B in this order. In this way, in order to decrypt the data encrypted n times,
It is necessary to alternately perform the decoding operation n times between the two computers A and B. At this time, the data must be reciprocated n times between the two computers. K is the time required for one decoding operation
In seconds, the time required to decrypt the data is 2n × (t
+ K) seconds. Since the decryption operation time k changes depending on the amount and content of data, it is difficult to control the decryption time of data that has been encrypted n times by k. Therefore, if the distance between the two computers is increased so that t >> k, the time required for decoding becomes 2n × t seconds. Since the speed of light is invariant, t does not change. Furthermore, since it is not possible to move faster than the speed of light, it is not possible for something to make a round trip between A and B faster than light and to decode data faster than 2n × t seconds. Therefore, by adjusting the number of encryption operations n, it is possible to obtain encrypted data that cannot be decrypted until an arbitrary time elapses.

According to the present invention, if the delay t between the two computers and the decoding operation time k are t >> k once at the time of system startup as described above, the present invention is like an existing technique. There is no need to manage the time properly. Further, in the present invention, the decryption keys DK _A and DK _B are stored in the computers A and B in the artificial satellites arranged in outer space. This makes it difficult to steal the decryption key and prevents the encrypted data from being decrypted before the decryption time.

The embodiment shown in FIG. 1 will be described below.
First, the symbols used in the following description are defined as follows. N: Number of bidders M: Maximum number of bidders, server A10 as described below
2. Determined by the processing capacity of the server B105. Mi: bid amount of bidder i X: time from bid deadline to bid result announcement date (confidentiality retention period) L: distance between servers A and B c: speed of light, 3 × 10 ⁸ (m / s) is there. Si: Private key generated by the bid client i109. The encryption method used here is a common key encryption method. As long as the algorithm is secure, the type of encryption method does not matter. SSi: Private key Si is encrypted. The encryption method will be described later. T: An integer used for encryption of the private key Si and decryption of SSi.
Equivalent to X × c / 2L (decimal fractions are rounded down). PKj: A public key generated by a certain subject (server A, B) j. The public key system used here is not particularly limited as long as it is highly secure. SKj: A secret key paired with a public key PKj generated by a certain subject (server A, B) j. {D} S: Indicates a state in which certain data D is encrypted by the key S. {D} SP: Indicates a state in which certain data D is encrypted in the order of keys S and P. Next, the system configuration will be described.

In the system of FIG. 1, the bid manager owns the bid management server 107 and automates the bid operation. The bid management server 107 owns a bid data table 108 for storing bid data. The bid applicants are bid clients i109 (i = 1 to 1).
N) owns and automates the bidding process. The bid client i109 owns the private key Si110. The public key server 111 publishes the public keys PK _A 112 and PK _B 113 via the Internet. This public key PK _A
112 and PK _B 113 are satellites A101 and B104.
It is generated by the servers A102 and B105 installed in the server and distributed to the public key server 111.

The bid management server 107, bid client i109, and public key server 111 exist on the earth 114 and are connected to the Internet. Of these, the bid management server 107 is capable of satellite communication using a special communication protocol. Artificial satellite A101 and artificial satellite B10 in a circular orbit at an altitude R (= 170,000 km) from the earth.
4 is orbiting while maintaining a constant distance L (300,000 km). FIG. 2 shows the positional relationship between the artificial satellite and the earth for L = 300,000 km and R = 170,000 km. As shown in Figure 2,
The artificial satellites A and B orbit the earth at an angle of 120 degrees.

The artificial satellites A and B each have a server A (decryption device A) 10 for decrypting the encrypted secret key SSi.
2. The server B (decoding device B) 105 is installed. Also, the server A 102 and the server B 105 have a function of performing inter-satellite communication. Server A102, server B105
Owns private keys SK _A 103 and SK _B 106, respectively. The server A 102 and the server B 105 are high-performance computers capable of performing decryption calculation described later at high speed. The artificial satellites A and B have a function of measuring the mutual distance, and are controlled so that the distance L is maintained at a preset distance.

As described above, it is necessary that "delay time of communication >> single decryption processing time in the server A 102 and the server B 105". The communication delay time is L / c = 1 second in this example. Therefore, if the decryption calculation time in the server A 102 and the server B 105 is guaranteed to be within 10 milliseconds, the time can be guaranteed with an error of 1%. If there are many bidders, server A 102, server B 105
Since the amount of data to be processed increases, the decoding processing time becomes long. Therefore, in the present embodiment, the number of bidders is limited so that the decryption processing time can be guaranteed within 10 milliseconds. However, if a high-performance computer is used as the server A102,
By using it as the server B105, the biddable number M can correspond to a larger number of bidders.

SK _A , SK _B , PK _A , and PK _B are the servers A 102, after launching the artificial satellites A 101, B 104.
The server B 105 automatically generates and sends PK _A and PK _B to the public key server 111. Artificial satellites A101 and B10
If it is generated before launching 4, the server A102, server B105 to SK, because it is on the earth before launching
_{This is because A} and SK _B may be stolen.

Next, the procedure for encrypting / decrypting the bid price for electronic bidding will be described with reference to FIG. In FIG. 3, the vertical axis represents the flow of time, and the horizontal axis represents the data transferred at each step. First, in step 301, the bid management server 107 starts accepting bids, and the bid information including the bid item, the bid deadline date, and the bid announcement date, and the time X from the bid deadline date to the bid announcement date X.
(Confidentiality retention period) is published and notified to each bid client i109 (i = 1 to N). Step 302
In, the bidder submits the bid information and X to the bid management server 10
If it is obtained from No. 7, the bid amount Mi is determined and input to the bid client i109. In step 303, the bid client i109 encrypts the bid amount Mi with the private key Si110 of its own client, {Mi} Si
To generate. Details of this processing will be described later with reference to FIG.

In step 304, bid client i109 calculates T based on the value of X. The bid client i109 encrypts the secret key Si110 T times, and
Generates Si. Details of this processing will be described later with reference to FIG. After that, {Mi} Si and SSi are transmitted to the bid management server 107. At the time of this transmission processing, a known electronic signature technique is used to prevent spoofing and data alteration.

In step 305, the bid management server 107 sends the bid clients i 109 to {Mi} S.
i, SSi is received. Then, {Mi} Si and SSi are stored in the bid data table 108.

The bid data table 108 has the format shown in FIG. 4, and stores the bidder name 402, SSi 403, and {Mi} Si 404 corresponding to the bidder number 401. The bidder number 401 is assigned in the order in which the data is received. When the bid deadline is reached, the SSi 403 stored in the bid data table 108 is transmitted to one of the servers B.

After receiving the data from the bid client i109, the bid management server 107 sends the receipt certification data to the bid client i109. When sending the receipt proof data, attach an electronic signature to the receipt proof data,
Falsification of receipt certificate and proof of sender. The proof of receipt is performed by sending the return value in which the received data is assigned to the hash function. A hash function is a function that cannot reproduce the input from the output. The side receiving the receipt certificate can confirm that the data has been received by the bid management server 107 by collating the output of inputting the data it has into the hash function with the receipt certificate.

The data format for transmitting data from the bid management server 107 to the server B is, as shown in FIG. 5, the address 501 of the bid management server 107, the number of bid data 502, the value of T 503, and D _{1 to} D _{1. N} 504 and error correction code 505, and D _{1 to} D _N 504 have S
Si (i = 1 to N) is stored in order. Error correction code 5
Reference numeral 05 is used for error correction of communication between the artificial satellites A101 and B104, and redundancy is added so that the error can be corrected according to the reliability of inter-satellite communication. An example of the error correction code is Reed-Solomon code.

In step 306, the server B 105
Receives SSi and cooperates with server A101 to perform SSi
To decrypt. This decoding operation requires time X. Details of the decoding process will be described later with reference to FIG. 7. When the bid result announcement date comes (when the confidentiality holding period expires), the decryption work ends, and the server A sends Si (i = 1 to N) to the bid management server 107.

In step 307, the bid management server 107 decodes {Mi} Si stored in the bid data table 108 based on Si received from the server A,
Obtain Mi (i = 1 to N). In step 308,
The bid management server 107 calculates a bid result based on the size of Mi and announces the bid result. The encryption process of the secret key Si in step 304 will be described in detail with reference to FIG.

The processing of FIG. 6 is performed inside the bid client i109. Here, the variable for storing the input data is Ci. The private key Si is stored in Ci and is input as the input data 601. Then, in process 602, Ci
Is encrypted with the public key PK _A , and the result is stored again in Ci.
Subsequently, in process 603, Ci is further encrypted with another public key PK _B , and the result is stored again in Ci. Processing 602 and 60
Repeat 3 times T times. This gives Ci = S to the output 604.
Si is stored and output.

Next, the SSi decoding process of step 306 will be described in detail with reference to FIG. The data Di processed in this step is stored in the item 504 of FIG. First, Di = SSi is transmitted as the input data 701 by the process of step 305 of the bid management server 107. Therefore, in process 702, the server B1
05 decrypts the input data Di using its own secret key SK _B , and stores the result back in Di. At this time, the value 503 of T is reduced by "1". After that, use Di as server A101
Send to.

In process 703, the server A 101 decrypts Di using its own secret key SK _A , and stores the result back in Di. Then, the value 503 of T is reduced by "1". After that, Di is transmitted to the server B105. This process 70
By repeating the processing of 2 and 703 T times, the value of T is 5
03 becomes "0". The fact that the T value 503 becomes “0” means that the bid result announcement date has been reached.
The server A 101 outputs Di = Si as the output 704 and sends the Si to the bid management server 107. Since the time required for these processes is T × (round-trip time between servers A and B) = T × 2L / c = X, it takes S to take time X.
Si will be decrypted into Si.

The bid amount Mi is encrypted like {Mi} Si, and Si is not known until the bid result announcement date. Therefore, {Mi} Si cannot be decrypted before the bid result announcement date. Therefore, Mi cannot be known to anyone other than the bidder himself before the bid result announcement date.

As described above, according to the present embodiment, the secret key Si required to decrypt the bid amount {Mi} Si is
SSi is decrypted after time X and published as Si. At this time, SSi is server A 102, server B 105.
The speed of light guarantees that the time X has elapsed while being processed. In addition, the number of keys is server A 102, server B
Since there is one key every 105, there is also an effect that key management becomes easy. As the bid amount Mi may be known before the time X, SK _A and SK _B are stolen, and FIG.
By the processing of SSi, SSi is decrypted, Si is found, and {M
i} Si may be decrypted, but SK _A , S
K _B is in servers A and B in the satellite,
Since the method of accessing these servers A and B is limited to satellite communication, there is an effect that it is easy to ensure security so that SK _A and SK _B cannot be stolen. That is, it is possible to easily guarantee that the confidentiality retention period is kept, to easily manage the key, and to easily secure the security so that SK _A and SK _B are not stolen.

(Embodiment 2) In Embodiment 1 described above, after the bid management server 107 receives {Mi} Si and SSi, it stores the SSi until the bid deadline. However, if the SSi is stolen from the bid management server 107 and sent to the server B before the bid deadline, the SSi may be decrypted before the bid announcement date. Therefore, step 304 and step 305 in FIG. 3 are improved as follows.

In step 304, the time from the Si encryption start time to the bid deadline date is X '. Then, as X, X = X ′ + X is used to calculate the value of T,
Si is encrypted to generate SSi. The details of this processing are as described in FIG. Then {Mi} Si and SS
i is transmitted to the bid management server 107. At the time of this transmission processing, a known electronic signature technique is used to prevent spoofing and data alteration. In step 305, the bid management server 107 receives {Mi} Si, SSi, saves {Mi} Si, SSi in the data table 108, and sends a receipt certificate to the bid client i109. The method of sending the receipt is as described above. Then, SSi is immediately sent to the server B. When transmitting SSi, N is set to "1".

In this way, the processing of step 306 requires time X + X '. That is, Si returns to the bid management server 107 on the bid result announcement date. The point that Si returns to the bid management server 107 on the bid result announcement day is the same as in the first embodiment, but the bid management server 107 sends SSi immediately after receiving the data from the bid client i109. Management server 107 to SS
Even if i is stolen, SSi will not be decrypted before the bid result announcement date. Therefore, the safety is improved as compared with the first embodiment. In addition, in the case of the second embodiment, it is necessary to set the upper limit of the number of bidders during the decryption processing in the servers A101 and B105 so that the processing can not wait. According to the second embodiment, in addition to the effect obtained in the first embodiment, there is an effect that it is possible to reduce the risk of decryption of the secret-holding target data until the secret-holding period expires.

(Third Embodiment) As another application example of the present invention, it can be used to store a document, such as an official document, which is made public after a certain period of time. The embodiment will be briefly described. A server i encrypts a document Mi with a secret key Si and then publishes {Mi} Si. Then, the server i calculates T based on the time X from the current time to the publication time, encrypts Si by the same process as in FIG. 6,
Obtain SSi. When this SSi is passed to the input of the process of FIG. 7, it is possible to obtain the secret key Si as the output after the time X is required. Therefore, at the public time, the secret key Si is identified. If the server i publishes this secret key Si, anyone can decrypt the document {Mi} Si encrypted at the publication time.

Besides, the present invention can be applied to amusement such as a prize quiz system. In the prize quiz, the respondent i sends the answer Qi of the quiz to the quiz by the deadline for the quiz given by the quiz, and when the result announcement date comes, the quiz determines the correct answer based on Qi. It is a game that announces and gives the correct answer some kind of privilege. This is the first embodiment
This can be realized by replacing the bid price Mi of the above with the answer Qi.

[0034]

As described above, according to the present invention, it is possible to easily guarantee that the confidentiality retention period is kept and to easily manage the key. In addition, it is possible to reduce the risk of decrypting the confidential data until the confidentiality period expires.

[Brief description of drawings]

FIG. 1 is a system configuration diagram showing an embodiment of an electronic bidding system to which the present invention is applied.

FIG. 2 is a diagram showing a positional relationship between an artificial satellite equipped with a server that performs a decoding process and the earth.

FIG. 3 is a diagram showing an encryption / decryption processing procedure of a bid amount relating to an electronic bid.

FIG. 4 is a diagram showing a data table for storing bid data.

FIG. 5 is a diagram showing a data structure used for communication between servers A and B.

FIG. 6 is a diagram showing an encryption processing method of a secret key Si for encrypting a bid amount.

FIG. 7 is a diagram showing a method of decrypting the encrypted private key SSi.

[Explanation of symbols]

101 ... Artificial satellite A, 102 ... Server A, 103 ... Private key, 104 ... Artificial satellite B, 105 ... Server B, 106 ...
Private key 107, bid management server 108, bid data table 109, bid client i, 110 ... private key, 111 public key server, 112, 113 public key.

Continued front page    (72) Inventor Yoshiki Samejima             6-81 Onoe-cho, Naka-ku, Yokohama-shi, Kanagawa             Hitachi Software Engineering Stock Association             In-house F term (reference) 5J104 AA16 AA41 EA19 MA05 PA14

Claims (6)

[Claims] 1. A reception device for receiving data to be confidentially held, and first and second physically arranged positions.
An encryption / decryption method for holding the data received by the accepting device in a secret state until the preset confidentiality holding period expires, the secret holding being accepted by the accepting device. The target data is encrypted with a secret key corresponding to the secret-holding target data, transferred to a storage device and stored, and the secret key is decrypted for a number of times equal to the secret-holding period. Repeating the process of encrypting with the public key generated by the first and second decryption devices and transmitting the encrypted private key to one of the first and second decryption devices; In the decrypting device, the decrypted encrypted private key received from the accepting device is decrypted by the private key corresponding to the public key generated by the self decrypting device, and the decrypted result is transferred to the other decrypting device. The process of receiving the decryption result, decrypting with the secret key corresponding to the public key generated by the other decryption device, receiving the decryption result, and decrypting again with the secret key corresponding to the public key generated by the self-decryption device And a step of exposing a secret key for decrypting the secret-holding target data obtained by the repeated processing for a number of times corresponding to time, the encryption / decryption method. 2. The first and second decoding devices are arranged in an artificial satellite in outer space, and the time required for a communication radio wave to make one round trip between the first and second decoding devices is defined as the secret holding period. The encryption / decryption method according to claim 1, wherein the encryption / decryption method is used as a unit of calculation. 3. The secret retention period is the first from the encryption start time of the secret key corresponding to the secret retention target data.
The encryption / decryption method according to claim 1 or 2, wherein a value obtained by adding a time required to start transmission to one of the second decryption device and the second decryption device is set. 4. A receiving device that receives data to be confidentially held, and first and second physically arranged positions.
An encryption / decryption system for holding the data received by the accepting device in a secret state until the preset confidentiality retention period expires, wherein the accepting device receives the secret The data to be held is encrypted with a secret key corresponding to the data to be held secretly, transferred to a storage device and stored therein, and the secret key is stored as many times as the number of times required to decrypt the secret key corresponds to the secret holding period. The process of encrypting with the public key generated by the first and second decryption devices is repeated, and the encrypted secret key is converted into the first and second secret keys.
Means for transmitting the encrypted secret key received from the accepting device with the secret key corresponding to the public key generated by the self-decrypting device. Then
The decryption result is transmitted to the other decryption device, decrypted by the secret key corresponding to the public key generated by the other decryption device, and the decryption result is received and the secret corresponding to the public key generated by the self decryption device. An encryption / decryption characterized by comprising means for repeating the process of re-decrypting with a key a number of times corresponding to the set time, and disclosing the secret key for decrypting the secret-holding target data obtained by the iterative process. system. 5. The secret holding period is defined as a time period in which the first and second decoding devices are arranged in an artificial satellite in outer space and a communication radio wave makes one round trip between the first and second decoding devices. The encryption / decryption system according to claim 1, wherein the encryption / decryption system is used as a unit of calculation. 6. The secret holding period is the first from the encryption start time of the secret key corresponding to the secret holding target data.
The encryption / decryption system according to claim 4 or 5, wherein a value obtained by adding a time required to start transmission to one of the second decryption device and the second decryption device is set.