JP2015188148A - encryption key generation device and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an encryption key generation device and a program, capable of suitably suppressing leakage of an encryption key without requiring a catalyst having tamper resistance.SOLUTION: Using a numerical value P and a numerical value Q obtained by digitizing a first biological information D1 and a second biological information D2 read out by a biological information reading part 20 as a starting point, an encryption key generation device 100 searches prime numbers p, q required for calculating a numerical value D constituting an encryption key matching with a public key.

Description

  The present invention relates to a technique for generating an encryption key.

  Conventionally, a cryptographic communication technique using a public key infrastructure (PKI) such as RSA cryptography is known. For example, Patent Literature 1 discloses a technique for performing cryptographic communication using public key cryptography using a public key and a secret key generated based on biometric information. In addition, Patent Documents 2 and 3 disclose methods for calculating a prime number used for an encryption key.

JP 2006-246360 A Japanese Patent No. 4668796 Japanese Patent No. 4668795

Okamoto Tatsuaki and Ota Kazuo, “Cryptography, Zero Knowledge Proof, Number Theory”, Kyoritsu Publishing, 1995

  In a public key authentication infrastructure, in order to prevent a secret key from leaking to a third party other than the subject, when a tamper-resistant medium such as an IC card is used as a secret key storage medium, an IC card issuance or IC Installation of a card reader / writer is required, resulting in high costs. In the technology described in Patent Document 1, when generating a secret key based on biometric information, it is necessary to generate a random number and store the random number in a tamper-resistant medium such as an IC card. Accordingly, it is a main object of the present invention to provide an encryption key generation device and a program that can appropriately suppress leakage of a secret key without requiring a tamper-resistant medium.

  In one aspect of the present invention, an encryption key generation device includes a reading unit that reads a user's biological information, a digitizing unit that generates a numerical value of a predetermined bit by digitizing the biological information, A prime number search means for searching for a prime number starting from a numerical value; and a key generation means for generating a secret key used for public key cryptography based on the prime number searched by the prime number search means.

  The encryption key generation apparatus includes a reading unit, a digitizing unit, a prime number searching unit, and a key generating unit. The reading means reads the biological information of the user. The digitizing means digitizes the biological information read by the reading means to generate a numerical value of a predetermined bit. The prime number searching means searches for a prime number starting from the numerical value of the predetermined bit generated by the digitizing means. The key generation means generates a secret key used for public key encryption based on the prime number searched by the prime number search means. In this aspect, the encryption key generation apparatus digitizes the biometric information read from the user into predetermined bits, and searches for a prime number necessary for generating the secret key based on the numerical value. As a result, the encryption key generation device suitably generates the secret key based on the physical characteristics of the user without requiring a tamper-resistant medium and without causing the leakage of the secret key. Communication using public key cryptography can be performed.

  In one aspect of the encryption key generation device, the encryption key generation device includes a storage unit that stores a public key generated based on the biometric information of the user, and a prime number searched by the prime number search unit is consistent with the public key. Determination means for determining whether or not there is a key, and the key generation means generates the secret key based on a prime number determined to be consistent with the public key. According to this aspect, the encryption key generation device can suitably generate a secret key corresponding to a public key that has already been stored.

  In another aspect of the encryption key generation device, the prime number search means starts with a numerical value of the predetermined number of bits, and performs a search for the prime number in a direction in which the numerical value increases, and the predetermined bits A second search process is performed in which the prime number is searched in the direction in which the numerical value becomes smaller, starting from the numerical value of the number. According to this aspect, the encryption key generation device can preferably search for a prime number necessary for generating the secret key.

  In another aspect of the encryption key generation device, the prime number search means performs parallel processing of the first search processing and the second search processing. Thereby, the encryption key generation device can search for a prime number necessary for generating the secret key at high speed.

  In another aspect of the encryption key generation apparatus, the reading unit reads two pieces of biological information of different users, and the prime number searching unit calculates a numerical value of the predetermined bit corresponding to each of the pieces of biological information. Two different prime numbers are searched for as a reference, and the key generation means generates a secret key used for RSA encryption based on the prime numbers searched by the prime number search means. According to this aspect, the encryption key generation apparatus can suitably generate the RSA encryption secret key without requiring a tamper-resistant medium.

  In yet another aspect of the present invention, a program causes a computer to function as any one of the encryption key generation apparatuses described above. By installing this program in a computer and causing it to function, the encryption key generating apparatus according to the present invention can be configured. “Computer” is a general term for machines (including circuits) that perform operations according to a program, and may be a portable terminal such as a wearable device.

  According to the encryption key generation device of the present invention, it is possible to suitably perform the secret based on the physical characteristics of the user without the need for a tamper-resistant medium and without the leakage of the secret key. A key can be generated.

2 shows a configuration example of an encryption key generation apparatus. It is a flowchart which shows the outline | summary of a secret key production | generation process. It is a flowchart which shows a 1st prime number determination process. It is a flowchart of an incremental search in the first prime number determination process. It is a flowchart of a decremental search in the first prime number determination process. It is a flowchart which shows a 2nd prime number determination process. It is a flowchart of an incremental search in the second prime number determination process. It is a flowchart of a decremental search in the second prime number determination process.

  Hereinafter, preferred embodiments for carrying out the present invention will be described with reference to the drawings. In the following, an encryption key generation device that generates a secret key that matches a public key based on biometric information without using a tamper-resistant medium in a public key authentication infrastructure will be described. In the following, as a representative example, a case where RSA encryption is used will be described, and a set of numerical values serving as public keys in RSA encryption will be referred to as (E, N), and a set of numerical values serving as secret keys will be referred to as (D, N). .

[Configuration of encryption key generator]
FIG. 1 shows a configuration example of an encryption key generation apparatus 100 according to the present embodiment. The encryption key generation apparatus 100 includes a display unit 11 such as a display, an input unit 12, a storage unit 13, a communication unit 14 that performs data communication, and a control unit 15. Each of these elements is connected to each other via a bus line 10.

  The input unit 12 includes a biological information reading unit 20. The biological information reading unit 20 reads the biological information of the user based on the control of the control unit 15 and outputs the read biological information to the control unit 15. The biometric information is information indicating physical characteristics unique to the user, for example, information indicating a fingerprint, a retina, an iris, a finger vein, a palm vein, and the like. In the present embodiment, the biometric information reading unit 20 performs biometric information corresponding to each of the two prime numbers “p” and “q” (N = p × q) necessary for generating the numerical value D constituting the secret key (respectively, "First biological information D1" and "second biological information D2") are generated. In this case, the biological information reading unit 20 reads, for example, biological information (for example, fingerprint data of the left hand) representing the physical characteristics of the left half of the user as the first biological information D1, and represents the biological characteristics of the right half of the user. Information (for example, fingerprint data of the right hand) may be read as the second biological information D2. The input unit 12 may include an input device such as a keyboard and a mouse in addition to the biological information reading unit 20.

  The storage unit 13 is configured by a hard disk or a memory such as a ROM or a RAM. The storage unit 13 stores a program executed by the control unit 15. The storage unit 13 also stores a public key certificate 21 for using RSA encryption. The public key certificate 21 includes public keys (N, E) used in RSA encryption. Based on the control of the control unit 15, the communication unit 14 communicates with a server sharing a public key (N, E) by RSA encryption.

  The control unit 15 includes a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), and the like (not shown). The control unit 15 includes a multi-core processor having a first core 22A and a second core 22B, which are processor cores, and is configured to be capable of parallel processing.

  And the control part 15 performs various control with respect to each component in the encryption key generation apparatus 100. FIG. For example, the control unit 15 reads the first biological information D1 and the second biological information D2 from the user by the biological information reading unit 20. Then, the control unit 15 calculates numerical values “P” and “Q” obtained by digitizing the read first biological information D1 and second biological information D2 into predetermined bits (for example, 1024 bits) using a predetermined algorithm. The prime numbers p and q are searched for starting from the numerical values P and Q, respectively. An arbitrary method can be used as a predetermined algorithm for extracting a numerical value digitized into predetermined bits from the biological information. For example, fingerprint image data is acquired as biometric information, and black and white conversion is performed by setting a threshold value for the density value of the image data. Since the fingerprint image can be binarized (1, 0) by converting it into black and white, a method of extracting a numerical value for a predetermined bit from the binarized image data can be used. In this way, the control unit 15 calculates the numerical value D constituting the secret key based on the searched prime numbers p and q. The control unit 15 is an example of a “reading unit”, “numericalizing unit”, “prime number searching unit”, “key generation unit”, “determination unit”, and a computer that executes a program in the present invention.

Here, the numerical value E and the numerical value D will be supplementarily described. The numerical value E constituting the public key is the following conditional expression using the numerical value “L” (= LCM (p−1, q−1)) which is the least common multiple of “p−1” and “q−1”.
1 <E <L and GCD (E, L) = 1 (1)
It is a natural number that satisfies Here, “GCD (E, L)” indicates the greatest common divisor of the numerical values E and L. The numerical value D constituting the secret key is the following conditional expression
1 <D <L and E × D ≡ 1 (mod L) (2)
It is a natural number that satisfies As described above, the numerical value N is determined by the following equation (3) using the prime numbers p and q.
N = p × q (3)
And the public key (N, E) which the memory | storage part 13 memorize | stores based on the 1st biometric information D1 and the 2nd biometric information D2 which the biometric information reading part 20 read beforehand with respect to the valid user previously, and is mentioned later It is a set of numerical values calculated using prime numbers p and q calculated by the key generation process and equations (1) and (3).

[Secret key generation process]
Next, the secret key generation process will be described with reference to FIGS.

(1) Process Overview FIG. 2 is a flowchart showing an overview of the secret key generation process executed by the control unit 15.

  First, the control unit 15 reads the first biological information D1 from the biological information reading unit 20 to the user (step S101). And the control part 15 produces | generates the odd numerical value P of 1024 bits based on the 1st biometric information D1 read from the biometric information reading part 20 (step S102). In this case, first, the control unit 15 digitizes the first biological information D1 using a predetermined algorithm, and then extracts a numerical value of 1024 bits from the digitized first biological information D1 based on a predetermined rule. . And the control part 15 makes the said numerical value the numerical value P when the extracted numerical value is odd, and makes the numerical value P the numerical value shifted by 1 when the extracted numerical value is an even number. Next, the control unit 15 calculates a prime number p from the numerical value P by the first prime number determination process (step S103). The first prime number determination process will be described later with reference to FIGS.

  Further, the control unit 15 reads the second biological information D2 from the biological information reading unit 20 to the user (step S104). Then, the control unit 15 determines an odd numerical value Q of 1024 bits based on the second biological information D2 read by the biological information reading unit 20 (step S105). In this case, first, the control unit 15 digitizes the second biological information D2 using a predetermined algorithm, and then extracts a 1024-bit numerical value from the digitized second biological information D2 based on a predetermined rule. Then, the control unit 15 sets the numerical value Q as the numerical value Q when the extracted numerical value is an odd number, and sets the numerical value Q shifted by 1 when the extracted numerical value is an even number.

  Next, the control unit 15 determines whether or not there is consistency between the numerical value N constituting the public key and the prime numbers p and q (step S107). Specifically, it is determined whether or not the formula (3) defining the numerical value N constituting the public key is established.

  When the control unit 15 determines that the numerical value N constituting the public key and the prime numbers p and q satisfy the equation (3) and is consistent (step S107; Yes), the numerical value D constituting the secret key. Is generated (step S108). Specifically, in this case, the control unit 15 uses the numerical value E that constitutes the public key and the numerical value L that is the least common multiple of “p−1” and “q−1”, and the conditional expression (2 ) Is calculated based on a predetermined algorithm (preferably the extended Euclid algorithm in pp. 120-121 of Non-Patent Document 1). Thereafter, the control unit 15 uses the secret key (D, N) including the calculated numerical value D to decrypt the data transmitted by being encrypted with the public key from the server sharing the public key (E, N). Perform processing to do.

  On the other hand, when the control unit 15 determines that the numerical value N and the prime numbers p and q constituting the public key do not satisfy the equation (3) and is not consistent (step S107; No), the control unit 15 regenerates the prime numbers p and q. Calculation is performed (step S109). For example, the control unit 15 restarts the first prime number determination process to calculate the next prime number p different from the current prime number p, and restarts the second prime number determination process to determine the next prime number q different from the current prime number q. Is calculated. In another example, the control unit 15 determines that there is an abnormality in the reading of the first biological information D1 and the second biological information D2 by the biological information reading unit 20, and performs steps S101 to S106 again, so that the first The biometric information D1 and the second biometric information D2 are read and the prime numbers p and q are calculated again.

(2) First Prime Number Determination Process FIG. 3 is a flowchart showing a first prime number determination process executed by the control unit 15. The control unit 15 executes the process of the flowchart shown in FIG. 3 in step S103 of FIG.

  First, the control unit 15 sets the initial value of the candidate value “P1”, which is a candidate for the prime number p and is set to be equal to or greater than the value P, to the value P, and is a candidate for the prime number p and is equal to or less than the value P The initial value of the candidate value “P2” to be set is set to a numerical value P (step S201). Then, the control unit 15 performs an incremental search, which is a process of searching for the prime number p by gradually increasing the candidate value P1 using the first core 22A (step S202). In parallel with step S201, the control unit 15 performs a decremental search, which is a process of searching for the prime number p by gradually reducing the candidate value P2 by the second core 22B (step S203). As described above, the control unit 15 executes the incremental search and the decremental search based on the numerical value P in parallel by the first core 22A and the second core 22B. Thereby, the control part 15 can search the prime number p at high speed.

  FIG. 4 is a flowchart of the incremental search using the candidate value P1 executed by the first core 22A of the control unit 15. The first core 22A of the control unit 15 executes the process of the flowchart shown in FIG. 4 in step S202 of FIG.

  First, the first core 22A is a p. It is determined whether or not the candidate value P1 is a prime number using a Miller-Rabin test in 131 (step S205). When the candidate value P1 is a prime number (step S205; Yes), the first core 22A determines whether or not the greatest common divisor between the numerical value E constituting the public key and “P1-1” is 1. (Step S206). That is, when the candidate value P1 is assumed to be a prime number p, the greatest common commitment between “p−1” (= P1-1), which is a divisor of the numerical value L, and the numerical value E in order to satisfy the conditional expression (1). Since the number needs to be 1, the first core 22A performs the determination in step S206. When the greatest common divisor between the numerical value E and “P1-1” is 1 (step S206; Yes), the first core 22A regards the candidate value P1 as a prime number p (step S207). Then, the first core 22A ends the flowchart of FIG. Note that the first core 22A increases the candidate value P1 by 2 and continues the process of the flowchart in preparation for the case where the prime number p is recalculated in step S109 of FIG. May be searched.

  On the other hand, when the greatest common divisor between the numerical value E and “P1-1” is not 1 (step S206; No), the first core 22A determines that the candidate value P1 does not satisfy the condition for the prime number p, and the candidate The value P1 is increased by 2 (step S208). Then, the first core 22A performs the process of step S205 again.

  Note that the first core 22A may forcibly end the process of the flowchart of FIG. 4 when the second core 22B detects the candidate value P2 that is a prime number p by executing the flowchart of FIG. 5 described later.

  FIG. 5 is a flowchart of the decremental search using the candidate value P2 executed by the second core 22B of the control unit 15. The second core 22B of the control unit 15 executes the process of the flowchart shown in FIG. 5 in step S203 of FIG.

  First, the second core 22B is a p. Whether or not the candidate value P2 is a prime number is determined using the Miller-Rabin test at 131 (step S210). When the candidate value P2 is a prime number (step S210; Yes), the second core 22B determines whether the greatest common divisor between the numerical value E constituting the public key and “P2-1” is 1. (Step S211). That is, when the candidate value P2 is assumed to be a prime number p, the greatest common commitment between “p−1” (= P2-1), which is a divisor of the numerical value L, and the numerical value E in order to satisfy the conditional expression (1). Since the number needs to be 1, the second core 22B performs the determination in step S211. When the greatest common divisor between the numerical value E and “P2-1” is 1 (step S211; Yes), the second core 22B regards the candidate value P2 as a prime number p (step S212). Then, the second core 22B ends the flowchart of FIG. Note that the second core 22B reduces the candidate value P2 by 2 and continues the process of the flowchart to prepare for the next candidate for the prime p in preparation for the recalculation of the prime p in step S109 of FIG. You may search.

  On the other hand, when the greatest common divisor between the numerical value E and “P2-1” is not 1 (step S211; No), the second core 22B determines that the candidate value P2 does not satisfy the condition of being a prime number p, and the candidate The value P2 is decreased by 2 (step S213). Then, the second core 22B performs the process of step S210 again.

  Note that the second core 22B may forcibly end the process of the flowchart of FIG. 5 when the first core 22A detects the candidate value P1 that is a prime number p based on the flowchart of FIG.

(3) Second Prime Number Determination Process FIG. 6 is a flowchart showing a second prime number determination process executed by the control unit 15. The control unit 15 executes the process of the flowchart shown in FIG. 6 in step S106 of FIG.

  First, the control unit 15 sets the initial value of the candidate value “Q1”, which is a candidate for the prime number q and is set to be equal to or greater than the numerical value Q, to the numerical value Q, and is a candidate for the prime number q and is equal to or less than the numerical value Q. The initial value of the set candidate value “Q2” is set to a numerical value Q (step S301). Then, the control unit 15 performs an incremental search, which is a process of searching for the prime number q by gradually increasing the candidate value Q1 using the first core 22A (step S302). In parallel with step S301, the control unit 15 performs a decremental search, which is a process of searching for the prime number q by gradually reducing the candidate value Q2 by the second core 22B (step S303). As described above, the control unit 15 performs the incremental search and the decremental search based on the numerical value Q in parallel by the first core 22A and the second core 22B. Thereby, the control part 15 can search the prime number q at high speed.

  FIG. 7 is a flowchart of the incremental search using the candidate value Q1 executed by the first core 22A of the control unit 15. The first core 22A of the control unit 15 executes the process of the flowchart shown in FIG. 7 in step S302 of FIG.

  First, the first core 22A is a p. It is determined whether the candidate value Q1 is a prime number using the Miller-Rabin test at 131 (step S305). When the candidate value Q1 is a prime number (step S305; Yes), the first core 22A determines whether or not the greatest common divisor between the numerical value E constituting the public key and “Q1-1” is 1. (Step S306). That is, assuming that the candidate value Q1 is a prime number q, the greatest common commitment between the numerical value L and “q−1” (= Q1-1), which is a divisor of the numerical value L, satisfies the conditional expression (1). Since the number needs to be 1, the first core 22A performs the determination in step S306. When the greatest common divisor between the numerical value E and “Q1-1” is 1 (step S306; Yes), the first core 22A regards the candidate value Q1 as the prime number q (step S307). Then, the first core 22A ends the flowchart of FIG. Note that the first core 22A increases the candidate value Q1 by 2 and continues the process of the flowchart in preparation for the case where the prime number q is recalculated in step S109 in FIG. May be searched.

  On the other hand, when the greatest common divisor between the numerical value E and “Q1-1” is not 1 (step S306; No), the first core 22A determines that the candidate value Q1 does not satisfy the condition for the prime number q, and the candidate The value Q1 is increased by 2 (step S308). Then, the first core 22A performs the process of step S305 again.

  The first core 22A may forcibly end the process of the flowchart of FIG. 7 when the second core 22B detects the candidate value Q2 that is a prime number q by executing the flowchart of FIG. 8 described later.

  FIG. 8 is a flowchart of the decremental search using the candidate value Q2 executed by the second core 22B of the control unit 15. The second core 22B of the control unit 15 executes the process of the flowchart shown in FIG. 8 in step S303 of FIG.

  First, the second core 22B is a p. It is determined whether the candidate value Q2 is a prime number using the Miller-Rabin test at 131 (step S310). Then, when the candidate value Q2 is a prime number (step S310; Yes), the second core 22B determines whether or not the greatest common divisor between the numerical value E constituting the public key and “Q2-1” is 1. (Step S311). That is, when the candidate value Q2 is assumed to be a prime number q, in order to satisfy the conditional expression (1), the greatest common commitment between “q−1” (= Q2-1) that is a divisor of the numerical value L and the numerical value E Since the number needs to be 1, the second core 22B performs the determination in step S311. When the greatest common divisor between the numerical value E and “Q2-1” is 1 (step S311; Yes), the second core 22B regards the candidate value Q2 as a prime number q (step S312). Then, the second core 22B ends the flowchart of FIG. The second core 22B reduces the candidate value Q2 by 2 and continues the process of the flowchart in preparation for the case where the prime number q is recalculated in step S109 of FIG. You may search.

  On the other hand, when the greatest common divisor between the numerical value E and “Q2-1” is not 1 (step S311; No), the second core 22B determines that the candidate value Q2 does not satisfy the condition for the prime number q, and the candidate The value Q2 is decreased by 2 (step S313). Then, the second core 22B performs the process of step S310 again.

  The second core 22B may forcibly end the process of the flowchart of FIG. 8 when the first core 22A detects the candidate value Q1 that is a prime number q based on the flowchart of FIG.

[Operation and effect of encryption key generator]
The encryption key generation device 100 starts with a numerical value P and a numerical value Q obtained by digitizing the first biological information D1 and the second biological information D2 read by the biological information reading unit 20, and is a numerical value constituting a secret key that matches the public key. The prime numbers p and q necessary for calculating D are searched. Thereby, the encryption key generating apparatus 100 can preferably generate a secret key corresponding to the public key without using a tamper-resistant medium for storing the secret key.

[Modification]
Next, a modification of the above embodiment will be described. The following modifications may be combined and applied to the above-described embodiment.

(Modification 1)
The encryption key generation device 100 is necessary for generating an encryption key of an arbitrary public key cryptosystem used for a public key authentication infrastructure other than RSA encryption based on biometric information instead of the prime numbers p and q used for RSA encryption. One or a plurality of prime numbers may be calculated.

  Even in this case, the encryption key generation device 100 reads biometric information from the biometric information reading unit 20 by the number of primes necessary for generating the encryption key, and based on information obtained by digitizing these into predetermined bits. Create a public key in advance. At the time of encrypted communication, the encryption key generating apparatus 100 reads the biometric information of the same target as that at the time of generating the public key from the user by the biometric information reading unit 20, and converts the read biometric information into a numerical value having a predetermined number of bits. Then, the encryption key generation device 100 performs an incremental search and a decremental search using the converted numerical value as a starting point, and searches for a prime number necessary to generate a secret key that matches the already generated public key.

(Modification 2)
The control unit 15 has the multi-core processor having the first core 22A and the second core 22B, but may have a multi-processor instead. Also by this, the control part 15 can perform the parallel process of an incremental search and a decremental search suitably.

DESCRIPTION OF SYMBOLS 11 ... Display part 12 ... Input part 13 ... Memory | storage part 14 ... Communication part 15 ... Control part 100 ... Secret key generation apparatus

Claims (6)

A reading means for reading the biological information of the user;
Digitizing means for generating a numerical value of a predetermined bit by digitizing the biological information;
Prime number search means for searching for a prime number starting from a numerical value of the predetermined bit;
Key generation means for generating a secret key used for public key cryptography based on the prime number searched by the prime number search means;
An encryption key generation device comprising: Storage means for storing a public key generated based on the biometric information of the user;
Determination means for determining whether or not the prime number searched by the prime number search means is consistent with the public key;
The encryption key generation apparatus according to claim 1, wherein the key generation unit generates the secret key based on a prime number determined to be consistent with the public key.   The prime number search means starts with the numerical value of the predetermined number of bits as a starting point, a first search process for searching for the prime number in a direction in which the numerical value increases, and starts with the numerical value of the predetermined number of bits as a starting point. The encryption key generation apparatus according to claim 1, wherein a second search process for searching for the prime number in a direction is performed.   4. The encryption key generation apparatus according to claim 3, wherein the prime number search means performs parallel processing of the first search processing and the second search processing. The reading means reads two pieces of biometric information different from the user,
The prime number searching means searches for two different prime numbers based on the numerical values of the predetermined bits corresponding to each of the biological information,
5. The encryption key generation apparatus according to claim 1, wherein the key generation unit generates a secret key used for RSA encryption based on the prime number searched by the prime number search unit.   A program that causes a computer to function as the encryption key generation device according to any one of claims 1 to 5.

Images