JP2004147270A - Information processing system and information processing method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent a key file to be used for encrypting and decrypting plain text data from being known by a third person. <P>SOLUTION: A reception side or reproduction side device 3 has a file hf, a file of generated therefrom and a generation matrix C (irregular matrix). A transmitting source or recording side device 2 has a file bf, generates a key file kf which has a data length equal to or longer than a length of plain text data M from the files bf and of, and generates a file lf from bf and C. Cipher sentence data B created using kf are transmitted or recorded together with lf. In the reception side or reproduction side device 2, when N and lf are received or reproduced, a key file kf' is generated from lf and hf, and N is decrypted using the key file. <P>COPYRIGHT: (C)2004,JPO

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention relates to a technique for transmitting confidential information by encryption or a technique for recording / reproducing.
[0002]
[Prior art]
In order to transmit confidential data only to a specific party, a form in which a password is set in the file and transmitted to the party who knows the password, or a mode in which the file encrypted with the mutual key is transmitted to the party, are known. Have been. In the public key cryptosystem, data encrypted with the other party's public key can be transmitted, and the receiving party can decrypt the data with its own private key.
[0003]
By the way, when the data length (the number of bits) of the password or the key length of the encryption key is short, the number of combinations is small (the key space is narrow), so that the decryption is easy and the cryptographic attack is weak.
[0004]
Therefore, a method is known in which disposable long-text data (One-Time Pad) is confidential to each other, and encryption and decryption are performed using the data.
[0005]
[Problems to be solved by the invention]
However, the method using disposable long-text data has a problem in that it is not easy to distribute a key file including the data (that is, if key distribution can be performed safely, it is sufficient to transmit information in the same manner. ). Another problem is that processing time is consumed for key file generation and the like.
[0006]
Therefore, an object of the present invention is to prevent a key file used for encryption and decryption from being known to a third party and to speed up key file generation processing.
[0007]
[Means for Solving the Problems]
The present invention is provided with the following items in order to solve the above problems.
[0008]
A first information processing device that encrypts and transmits or records plaintext data; and a second information processing device that decrypts original plaintext data from ciphertext data.
[0009]
The second information processing apparatus has a first file, a second file generated by a product operation of a matrix having data of the first file as an element, and a predetermined irregular matrix.
[0010]
The first information processing apparatus has a third file, and generates a key file by a product operation of a matrix having data of the third file as an element and a matrix having data of the second file as an element; File generating means for generating a fourth file by a product operation of a matrix having data of a third file as an element and the above-mentioned irregular matrix.
[0011]
The first information processing apparatus has encryption processing means for performing encryption processing on plaintext data using a key file, and transmits or records a file containing ciphertext data by the encryption processing means.
[0012]
When the second information processing device receives or reproduces a file containing ciphertext data, the key is obtained by multiplying a matrix having data of the fourth file as an element and a matrix having data of the first file as an element. Key file generation means for generating a file and decryption processing means for decrypting ciphertext data using the key file.
[0013]
Therefore, according to the present invention, in order to generate a key file having the same content as the key file used at the time of the encryption process in the second information processing apparatus, the first file is required, but the first file is No delivery is performed between the first information processing device and the second information processing device. In other words, by keeping the first file confidential so as not to be known to a third party, the key file can be safely delivered, and confidentiality of ciphertext data using the key file is guaranteed. Further, the third file used for generating the key file in the first information processing apparatus is not known to the user of the second information processing apparatus or a third party. Then, the key file can be generated at high speed by a matrix product operation.
[0014]
BEST MODE FOR CARRYING OUT THE INVENTION
The present invention relates to an information processing system that encrypts and transmits plaintext data and decrypts the encrypted plaintext data into the original plaintext data. For example, it is suitable for application to a network system using an information processing device such as a computer. However, the present invention is not limited to such an information transmission system. The present invention can be applied to various information processing systems such as concealing image data.
[0015]
FIG. 1 is a functional block diagram showing a basic configuration of a system according to the present invention, and is assumed to be applied to an information transmission system.
[0016]
The information processing system 1 includes a first information processing device 2 and a second information processing device 3. In this example, the first information processing device 2 is an information transmitting device that encrypts and transmits plaintext data M, and the second information processing device 3 is an information receiving device that decrypts plaintext data M from ciphertext data N. It is. Note that, for each device, for example, a computer device having an electric communication unit is used. The form of information transmission may be wire transmission or wireless transmission.
[0017]
The information processing device 3 has a first file “hf”, a second file “of” generated from hf, and a generation matrix “C” of of. Note that hf is a treasured file that should not be known to the transmission partner or a third party. of is a public file, and is assumed to be known to anyone. When C is included in of, a part obtained by removing C from of corresponds to the second file. The matrix C is an irregular matrix.
[0018]
The information processing device 2 has a third file “bf”, which is used for generating a key file “kf”. kf is used for encryption of M, and the data is used as key data, and has a length equal to or longer than the data length of M, for example. Since bf does not need to have a length equal to or longer than the data length of M, the data length of bf may be shorter than the plaintext data length. However, it is sufficient that a data string longer than the plaintext data length can be generated based on bf. (Compressed files, files containing seed data of random numbers, etc.).
[0019]
Also, it does not matter what kind or format of the data related to bf. For example, a text file or an image file can be used. A data file generated using a random number generation function, a predetermined operation (for example, addition, subtraction, averaging operation, etc.) based on a plurality of data files, a data file converted by a function, or the like may be used. good. bf is a file necessary for generating kf and for generating lf described below, but there is no possibility that the sender or third party will know the bf unless the sender intentionally or accidentally leaks bf. That is, only the transmission partner can know kf, and cannot know bf from kf. Also, by specifying or selecting a different bf for each encryption of M, bf can be used as a disposable pad (kf also changes with a change in bf).
[0020]
The information processing apparatus 2 has the matrix C in advance, and includes a file generation unit 2a that generates kf from bf and of and generates a fourth file “lf” from bf and C. The apparatus 2 has an encryption processing unit 2b for encrypting M using kf, and creates ciphertext data N from M using kf. That is, when the encryption process of M is represented by the function “F ()”, the encryption is performed by “N = F (M, kf)”.
[0021]
For example, an arbitrary operation symbol is represented by “*”, and the data length or file size of kf is longer than the data length or file size of M (this means that the element data of kf is periodically repeated. This is always guaranteed by newly adopting kf as a data obtained by adding data in accordance with a predetermined operation rule and expanding the data.), And introducing a natural number variable "i" to convert each element data constituting M When “Mi” and the individual element data constituting kf are described as “kfi”, the individual element data “Ni” constituting N may be calculated by an arithmetic expression “Ni = Mi * kfi” (“* ) Include, for example, an exclusive OR operation, subtraction, and the like.) Alternatively, a known encryption method may be used with kf data as key data.
[0022]
The file containing N and lf are transmitted to the information processing device 3 via the transmission unit 2c, and received by the reception unit 3a.
[0023]
The information processing device 3 includes a key file generation unit 3b that generates a key file “kf ′” from lf and hf when receiving a file including N and lf. If kf ′ is generated correctly, “kf ′ = kf”. However, if a partner who does not know hf generates kf ′ using a file different from hf, “kf ′ ≠ kf” is obtained. is there.
[0024]
The decryption processing means 3c decrypts N using kf ', and cannot decrypt N unless kf' having the same content as kf at the time of encryption is used. That is, when the decoding process of N is represented by the function “G (N, kf ′)”, the condition for correctly decoding as “M = G (F (M, kf), kf ′)” is “kf '= Kf'.
[0025]
As described above, of is provided from the device 3 to the device 2, and if and N are transmitted from the device 2 to the device 3. Further, hf and bf are kept secret in each device, and C and kf (= kf ') are shared between both devices. Since kf is generated using bf and of, even if bf is the same, kf differs depending on the transmission destination. That is, since there is no need to change or select bf according to the transmission destination, the sender can use one bf regularly, but of course, the bf may be changed according to the situation or need. In addition, if lf is disclosed not only in the above example, it is not necessary to transmit it together with N.
[0026]
FIG. 2 is an explanatory diagram of a transmission / reception process example, and shows data transmission from a sender A to a receiver B.
[0027]
However, the file of B is made public. The matrix C is not regular (that is, the value of the determinant is zero). In addition, “T (X)” is a matrix (group) composed of the data of the file X as an element for the file “X”, and means a matrix of the same dimension as C. “·” Indicates a matrix multiplication operation.
[0028]
The processing procedure is as follows.
[0029]
(1) B generates of using C and the secret file hf. The calculation formula is “T (of) = C · T (hf)”
(2) A generates a key file kf using bf and the partner B's of. The calculation formula is “T (kf) = T (bf) · T (of)”
(3) A encrypts the plaintext M using kf to generate N (for example, the operation “M * kf”). Then, a file If is generated from bf and C. The calculation formula is “T (lf) = T (bf) · C”
(4) A sends lf and N to partner B (or, if lf has been published, sends only N to B)
(5) B generates kf 'using lf and hf. The calculation formula is “T (kf ′) = T (lf) · T (hf)”
(6) If B is a correct partner, “T (kf ′) = T (kf)”, so N is decoded to M using kf ′ (operation “N * kf ′”).
[0030]
Information that can be obtained by a third party from the transmission path between A and B is of, if, and N, but kf cannot be generated from these. Also, bf and hf are not transmitted between A and B, so that a third party cannot know. When communication is performed among a large number of people, the same matrix C may be used for all the members, or a different matrix (a non-regular matrix) may be used for each group to which the group belongs.
[0031]
Using a non-regular matrix C is safe because hf cannot be obtained from of and bf can be obtained from if. In addition, each file can be generated at high speed by using a matrix product operation. For example, when the matrix Cij has two rows and two columns, C11 = a, C12 = b, C21 = ca, and C22 = cb using three numbers a, b, and c, and the file “X Is described as “T (X) jk”, the matrix can be calculated by “T (C · X) ik = Cij · Xjk” (where i, j, and k are natural numbers, Expressed in Einstein's convention.) According to this notation, for example, the above “T (of) = C · T (hf)” is “T (of) ik = Cij · T (hf) jk” and “T (kf) = T (bf) · T (of) ”is“ T (kf) ik = T (bf) ij · T (of) jk ”. Each file is composed of numerical values obtained by arranging matrix elements, which are the operation results, as data columns in time series. (A matrix multiplication operation requires data of the number of rows × the number of columns, and the number of data in the file is a multiple Therefore, if necessary data is insufficient, calculation may be performed by adding a predetermined value (such as zero or a dummy value).)
[0032]
In the above example, for convenience of explanation, one-way transmission from the user A of the device 2 to the user B of the device 3 is assumed. It is sufficient to use an apparatus configuration having both functions. In this case, A needs only to generate and disclose the file of 'using the treasured file "hf'" different from bf and C (the processing is the same as described above). Alternatively, bf may be used as hf '. In this case, if “Xa = T (bf)” is written, “Y1a = T (of ′) = C · Xa” is calculated, and of ′ may be disclosed. In the case where “If” is published together with “of” with “Y2a = T (lf) = Xa · C”, A calculates Y1a and Y2a and releases it. On the other hand, when writing “Xb = T (hf)” and “Y1b = T (of) = C · Xb”, B may calculate “Y2b = Xb · C” and publish this together with Y1b. If kf used for encrypting M from A to B is described as “kf1” and kf used for encrypting M from B to A is described as “kf2”, both files are generally different. That is, “kf1 = Xa · Y1b = Xa · C · Xb” and “kf2 = Xb · Y1a = Xb · C · Xa”. Therefore, two types of key files can be shared between A and B, so that each key file can be used properly according to the use or situation. For example, after one key file is shared between A and B, the other key file can be safely shared by encrypting and passing Y2a or Y2b using the key file. Therefore, even if one key file is discovered by a third party, the other key file remains (if there is only one key file, it is necessary to change hf, bf, and C).
[0033]
Alternatively, a dual key can be realized by using both key files, for example, after performing the first encryption with the first key file, and then performing the second encryption with the second key file. Since it can be performed, the strength is further increased.
[0034]
To briefly explain the signature method of the plaintext M, when A signs the plaintext M and B verifies it, the following procedure is taken. Here, assuming that Y1a has been made public, the signature file relating to M is described as “S”.
[0035]
(1) A calculates “T (S) = Xa · C · T (M)” to generate S. (2) A sends M and S to B. (3) B sends M, From C and Y1a, “Z1 = Y1a · C · T (M) = C · Xa · C · T (M)” is obtained. From C and S, “Z2 = C · T (S) = C · Xa · C” (4) B checks whether “Z1 = Z2”. (5) If “Z1 = Z2”, the signature of A is correctly verified, but “Z1 ≠ Z2”. ", There is a possibility that signatures other than A and M are falsified.
[0036]
If S is not A's signature on M, Xa is different in Z2, and if M is falsified, T (M) is different in Z1, so that in each case, "Z1 ≠ Z2". .
[0037]
By using such a signature method, the plaintext, the ciphertext, and the above-described Y2a and Y2b for generating a key file can be mutually verified. If the data length of M is long, a matrix having the hash value of M as an element may be used instead of T (M). S is created by the file generation unit 2 a of the device 2, and its verification is performed by the signature verification unit of the device 3.
[0038]
Any method may be used for encrypting M using kf. For example, a method of generating data having a predetermined key length out of kf and using this as a key data using a known common key cryptosystem, or a method of performing predetermined arithmetic processing on M (subtraction or exclusive OR) Etc.), a method of dividing M into component files (or component files) composed of a plurality of component data, and encrypting each component file using kf can be used.
[0039]
It should be noted that the information processing device 3 is configured such that, when N is received, the hf or the existing kf specified or selected by inputting a preset password is read, and N is decrypted. . This password is secure because it is not transmitted between each other's devices. It is preferable that hf be encrypted using the password.
[0040]
Further, when applied to a data recording / reproducing processing device, the information processing device 2 shown in FIG. 1 may be a recording device, and the information processing device 3 may be a reproducing device. In other words, by replacing the transmitting unit 2c with the recording unit in the information processing device 2, N or N and If can be stored in a storage medium (such as a semiconductor memory) or a recording medium (such as an optical disk medium or a magnetic tape medium). Record. Then, in the device 3, the receiving unit 3a is replaced with a reproducing unit, and N or N and If is reproduced from a storage medium or a recording medium to generate kf. Then, N is decoded by kf to obtain M. Even if the storage medium or the recording medium is acquired by a third party, N cannot be decrypted unless kf is obtained, thereby restricting unauthorized copying and the like.
[0041]
【The invention's effect】
As is apparent from the above description, according to the present invention, the key file kf can be safely delivered by keeping the first file hf secret from the third party in the receiving or reproducing apparatus so as not to be known to a third party. And confidentiality of ciphertext data using the key file is guaranteed. As a result, the concealed data can be transmitted safely. Then, a key file can be generated at high speed by a matrix multiplication operation using file data as an element.
[Brief description of the drawings]
FIG. 1 is a functional block diagram showing a basic configuration example of an information processing system according to the present invention.
FIG. 2 is an explanatory diagram of a processing example according to the present invention.
[Explanation of symbols]
DESCRIPTION OF SYMBOLS 1 ... Information processing system, 2 ... First information processing apparatus, 2a ... File generation means, 2b ... Encryption processing means, 3 ... Second information processing apparatus, 3b ... Key file generation means, 3c ... Decryption processing means

Claims (2)

In a first information processing apparatus that encrypts and transmits or records plaintext data, and an information processing system including a second information processing apparatus that decrypts original plaintext data from ciphertext data,
The second information processing apparatus has a first file and a second file generated by a product operation of a matrix having elements of data of the first file as elements and a predetermined irregular matrix,
The first information processing apparatus has a third file, and generates a key file by a product operation of a matrix having data of the third file as an element and a matrix having data of the second file as an element. Having a file generating means for generating a fourth file by a product operation of a matrix having data of a third file as an element and the non-regular matrix,
The first information processing apparatus has an encryption processing unit that performs encryption processing on the plaintext data using the key file, and transmits or records a file including the ciphertext data by the encryption processing unit. thing,
When the second information processing device receives or reproduces a file including the ciphertext data, a product of a matrix having data of the fourth file as an element and a matrix having data of the first file as an element An information processing system comprising: key file generation means for generating a key file by calculation; and decryption processing means for decrypting the ciphertext data using the key file. An information processing method for encrypting and transmitting or recording plaintext data, and decrypting received or reproduced ciphertext data to original plaintext data,
The apparatus on the receiving side or the reproducing side has a first file and a second file generated by a product operation of a matrix having elements of data of the first file as elements and a predetermined irregular matrix,
The source or recording side device has a third file, and generates a key file from a product operation of a matrix having data of the third file as an element and a matrix having data of the second file as an element, A fourth file is generated by the product operation of the matrix having the data of the third file as an element and the non-regular matrix, and the file including the ciphertext data created using the key file is transmitted or recorded to the destination. rear,
When the file containing the ciphertext data is received or reproduced by the device on the receiving side or the reproducing side, a matrix having data of the fourth file as an element and a matrix having data of the first file as an element An information processing method comprising: generating a key file by a product operation; and decrypting the ciphertext data using the key file.

Images