JPH05191402A - Generating system for asymmetrical ciphering key - Google Patents

Abstract

PURPOSE:To facilitate the management and operation by generating an open key from information specific to a computer so as to register only the specific information and the open key to a center thereby reducing a verification time of the open key by the center. CONSTITUTION:An open key of an asymmetrical ciphering key is generated from open identification information specific to a computer possessing a key or a person possessing a key. Thus, since the identification information specific to the possessor of the key or the computer possessing the key is verified from an open key of the asymmetrical ciphering key, it is not required to verify the open key with the center. Thus, the data to be verified by the center is the open key and the specific information of the key possessor or the computer possessing the key and the open key is eliminated from the data to be verified by the center.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention uses public unique information as a public key of an asymmetric encryption key, and relates to a method of generating an asymmetric encryption key.

[0002]

2. Description of the Related Art The age of business communication in which meetings and various transactions are electronically performed via a communication network has started, and the need for information security is increasing. Asymmetric cryptographic key cryptosystems such as RSA cryptosystem and RABIN cryptosystem, which are one of the cryptographic techniques for ensuring information security, are considered to be useful cryptosystems because they have not only data protection but also the function of partner authentication. Has been. (Example of ID-based key generation function: Kohnfelder's method Source: Published by Shoshodou, Shigeo Tsujii, edited by Masao Kasahara,
"Cryptography and Information Security" pp94-) First, a basic procedure for generating an RSA encryption key and a decryption key will be described.

Step 1: Randomly select sufficiently large prime numbers p and q. Keep p and q secret.

Step 2: Let n be the product of p and q.

Step 3: f = 1 cm (p-1, q-
1), gcd (d, f) = 1 is obtained, and an integer d relatively prime to f is randomly extracted.

Here, 1 cm (x, y) is the least common multiple of x and y, and gcd (x, y) is the greatest common divisor of x and y.

Step 4: modulo f, e · d≡1
The reciprocal e of d, which is (mod f), is determined.

The encryption key (e, n) and the decryption key (d, n) are generated by the above procedure.

In encryption, plaintext M is converted into an integer C between 0 and (n-1), and in decryption ciphertext C is converted into plaintext M.
Convert to.

Encryption

[0011]

[Equation 1]

Decryption

[0013]

[Equation 2]

This is an algorithm depending on the periodicity that the product is restored when the product is repeated many times in (mod n). In the RSA cryptosystem, the encryption key and the decryption key form a pair, and the one encrypted with (e, n) can be decrypted only with (d, n), and the value of n Has a length of about 500 bits, it is very difficult to obtain (e) from (d, n) unless the prime factor of n is known.

When secret communication is performed using the RSA cryptosystem, the encryption key is disclosed and the decryption key is secretly managed. On the other hand, when a digital signature is applied, the encryption key is kept secret and the decryption key is made public.

Now, the public identification information (ID) such as name and address itself is the public encryption key (public key).
Key management becomes very easy because the owner of the key can be authenticated from the public key. This idea has been proposed since around 1978. However, as mentioned above, using the public identification information as it is as the public key of the asymmetric cryptographic key cryptosystem,
This cannot be realized because the public identification information does not always satisfy the relationship with the private key. Therefore, an asymmetric cryptographic key certification delivery method using an ID as shown in the conventional example has been proposed. This is shown below.

(1) First, as shown in FIG.
Is the public information (ID _A ) of user A and his public key (d _A ,
n _A ) is registered in the center which is the key management organization.

(2) The center has a secret key (Sc) of the center.
Certified with (verified by the center)
The public key of the user A is passed to the user A.

User A's endorsed public key: RSA _Sc
(ID _A , d _A , n _A ) (3) Next, as shown in FIG. 10, user B, who wants to perform encrypted communication with user A, receives the public key of user A with approval from user A, and Decrypt with the public key (Pc).

RSA _Pc (RSA _Sc (ID _A , d _A , n _A )) (4) As a result of decryption, if it can be confirmed that the user A's ID _A is correct public information, the public key (d _A , n _A ) is also correct, and hereinafter, the message is encrypted with the public key (d _A , n _A ) and encrypted communication with the user A is performed.

In this way, since the public key is not generated from the public identification information, the other party cannot be authenticated from the public key, but the relationship between the public identification information and the public key is authenticated (guaranteeed) by the center. ) Has been done.

[0022]

The asymmetric cryptographic key proof distribution method of Kohnfelder is considered to be effective from the viewpoint of security as well. However, the data that needs to be encrypted with the secret key of the center are ID _i , d _i , and n _i for each user, and three-block encryption processing is required. Assuming that the scale of the system that performs encrypted communication is m terminals, the center needs to perform (3 × m) block encryption processing using the center's private key. Therefore, it is effective to shorten the data length that needs to be encrypted and reduce the number of blocks for encryption processing.

[0023]

In order to solve the above problems, the present invention uses the following means.

(1) The public key (d) of the asymmetric encryption key is generated from the public identification information unique to the individual who owns the key or the computer who owns the key.

(2) Only the public key (n) of the asymmetric encryption key that cannot be generated from the public identification information is encrypted with the secret key of the center for authentication. As described above, the RSA cryptosystem depends on the computational complexity of the factorization of n. Therefore, if the public key (n) is generated from the public identification information, the factorization of n is difficult. Is not guaranteed. Therefore, the public key (n) cannot be generated from the public identification information.

[0026]

By the above means, the following actions occur.

From the public key (d) of the asymmetric encryption key, the identification information unique to the owner of the key or the computer that owns the key can be authenticated, so it is necessary to authenticate the public key (d) by the center. There is no. Therefore, the data to be authenticated by the center is the public key (n) and the owner of the key, or the unique information of the computer that owns the key, and the public key (d) can be removed from the data to be authenticated by the center. ..

[0028]

1 to 8 show an embodiment of this system.

<First Embodiment> FIG. 2 is a diagram showing the system configuration of the present embodiment.

A host computer 209, which is a center, and user computers (terminals) 201 and 205 are connected via a communication network 200. The center acts as a key management organization. The user computer 201 has an encryption mechanism 202 inside, and the center public key 204 is stored in the FD 203. Similarly, the user computer 205 has an encryption mechanism 206 inside, and the center public key 204 is stored in the FD 207. Host computer 20
9 has an encryption mechanism 210 inside, and the user's public key 212, 2
13 is stored in the key file 211. Center secret key 214
Can be referenced only by the host computer of the center.

The user A of the computer (terminal) 201 registers the public key in the center 209, and the users A and 20 of the computer (terminal) 201
The process up to the user B of 5 performing encrypted communication is shown below.

FIG. 4 is a diagram showing the hardware configuration of the computer of the user of this embodiment.

The computer 201 comprises a display 402 and a keyboard 403. The cryptographic unit 202 on the computer 201 is a memory 4
The asymmetric encryption key generation program 405, which is composed of 04 and the CPU 406 and is stored in the memory 404, uses the unique information 4 of the user A
Generate an asymmetric encryption key from 09. The unique information 409 is unique information such as a name, an address, a communication address, etc., and can be referred to by anyone. The generated asymmetric encryption key is a public key and a private key, and the private key is the IC card R / W40.
It is stored in the IC card 408 through the memory 7 and is not stored in the memory 404 as it is. The public key is temporarily stored in the memory 404, registered in the center 209, and distributed online in a form authenticated by the center, or an IC card different from the IC card for storing the private key, or the F.D. D. Etc., and distribute it.

The asymmetric encryption key generation process (RSA encryption key generation process) performed on the computer 201 will be described below with reference to FIG.

Step 501: Start.

Step 502: Generate a prime number p.

Step 503: Generate a prime number q.

Step 504: A public key d is generated from the unique information 409.

Step 505: Generate keys e, n from p, q, d so as to satisfy the following conditions.

N = p.qf = 1cm (p-1, q-1) e.d.ident.1 (mod f) Step 506: The center authenticates the unique information 409 and the public key (n).

Step 507: End.

In this procedure, the process F for generating the public key d
(Step 504) is shown in FIG.

Step 601: Start.

Step 602: Generate an odd random number.

Step 603: Connect the unique information 409 to the upper bits and the odd random numbers to the lower bits. However, d '<n.

D ′ = unique information || Odd random number step 604: It is determined whether d ′ is a prime number.
If it is a prime number, the process proceeds to step 606. If it is not a prime number,
Go to step 605.

Step 605: Add 2 to the odd random number. Go to step 603.

Step 606: Output d'as d.

Step 607: End.

The form of the output public key d is shown in FIG.
The result of the process F is always constant for each unique information.

FIG. 7 shows a process (step 506) of registering the public key n in the center by this procedure.

Step 701, Step 701 ': Beginning.

Step 702: Public key (n _A ) of computer 201
And the unique information (ID _A ) 409 are sent to the host computer 209 at the center (by hand delivery or separately encrypted and sent).

Step 703: In the host computer, the public key (n _A ) and the unique information (ID _A ) are stored in the center secret key (Sc) 214.
The encrypted information is encrypted by the encryption mechanism 210 using the RSA encryption method, and the information C authenticated by the center is generated.

C = RSA _Sc (ID _A , n _A ) Step 704: The public key (n _A ) and unique information (ID _A ) are stored in the area 212 of the key file 211.

Step 705: The information C authenticated by the center is distributed to the user A of the computer 201. Step 70
6: The computer 201 stores the information C authenticated by the center in the memory 404. Step 707, Step 707 ': End.

However, the generation of the information (C) authenticated by the center is represented by C = RSA _Sc (ID _A , d _A , n _A )
As a result, even if the encryption is performed by the center by three blocks, the unique information (ID _A ) can be authenticated from the public key (d _A ).

Next, user A (computer 201) and user B
FIG. 8 shows a process in which the (computer 205) performs encrypted communication.

Step 801, Step 801 ': Beginning.

Step 802: The information (C) authenticated by the center and the public key (d _A ) are delivered to the computer 205.

Step 803: The information C is decrypted by the encryption mechanism 206 using the public key (Pc) 204 of the center in the FD 207.

ID _A , n _A = RSA _Pc (C) Step 804: If the unique information (ID _A ) of the decoding result is correct, go to Step 805. If not, proceed to step 806.

Step 805: Using (d _A , n _A ), encrypted communication is performed by the computer 201 and the computer 205.

Step 806, Step 806 ': End.

<Embodiment 2> In the same procedure as in Embodiment 1, RA
Generates a BIN encryption key.

For the RABIN encryption key, two large prime numbers p and q are selected and their product is calculated. Next, b that satisfies 0 ≦ b <n is determined. At this time, the public key is (n, b) and the secret key is (p, q).

Step 501 ': Start.

Step 502 ': Generate a prime number p.

Step 503 ': Generate a prime number q.

Step 504 ': The unique information 409 is used as the key b.

Step 505 ': The key n is generated from p and q.

N = p · q steps 506 ′: end.

<Modification 1> FIG. 3 shows another example of the form of the public key (d) generated by the processing of FIG. Public key (d)
Consists of unique information, a result h (n) obtained by processing the public key (n) with a one-way function h (hash function), and an adjustment bit for making d a prime number. It becomes possible to confirm the combination of public keys (d) and (n).

<Modification 2> RSA encryption secret key S of the center
If c = (e _C , n _C ), then n _C > n must be satisfied in order to authenticate the user's public key (n) at the center.

Therefore, the user's public key (n) is n ', which is obtained by removing the least significant bit, and is authenticated by the RSA encryption secret key of the center. That is, the center authenticates (d, n ').
Actually, when performing encrypted communication using the user's public key (d, n), the public key (d,
1 is added to the lowest of n'of n '), and encrypted communication is performed as (d, n). This is an odd number because n is the product of two prime numbers. Therefore, it is obvious that the least significant bit is 1.

As a result, if n _C > n and n _C and n have the same bit length, authentication by the center becomes possible.

<Modification 3> A relatively short prime number preset according to the value of the predetermined number of bits of the public key (d) generated in the first embodiment is used as the public key (d).

<Modification 4> The above is premised on the processing by the program on the computer, but it is also possible to realize some or all of the operations of FIGS. 5 to 8 by using dedicated hardware.

<Fifth Modification> Information unique to a computer means that the data input by the user using the terminal at the time of installing the computer is a secret function (time data or the like is used as a parameter, so that the value cannot be intentionally generated). A unique code converted and generated by such a function, a unique serial number assigned in advance at the time of computer manufacturing, a communication address, or the like is used.
It is also written in the ROM in the communication terminal at the manufacturing stage. By being written in the ROM at the manufacturing stage, the user cannot intentionally rewrite.

[0080]

According to the present invention, the following effects can be obtained. (1) The data to be authenticated by the center can be the public key (n) and the unique information of the owner of the key or the computer that owns the key, and the public key (d) is the data to be authenticated by the center. The data to be authenticated for each user can be reduced from 3 blocks to 2 blocks or less. Therefore, assuming that the scale of the system that performs encrypted communication is m terminals, the center can reduce the encryption process using the secret key of the center from (3 × m) blocks to (2 × m) blocks. (2) Unique information of a computer or an individual can be authenticated from the public key (d) of the asymmetric encryption key. (3) The combination of the public key (d) and the public key (n) can be authenticated by incorporating the compressed data of the public key (n) into a part of the public key (d). (4) The center's RSA encryption key (n _C ) and the user's public key (n) are verified by authenticating n ′ from which the least significant bit of the user's public key (n) is removed with the center's RSA encryption secret key. Even if n _C > n, if n _C and n have the same bit length, authentication by the center becomes possible.

[Brief description of drawings]

FIG. 1 is an explanatory diagram showing an example of a form of a public key (d) generated.

FIG. 2 is a block diagram showing a system configuration of an embodiment of the present invention.

3 is an explanatory diagram showing another example of the form of a public key (d) generated in the system configuration of FIG.

FIG. 4 is an explanatory diagram showing a hardware configuration of a user's computer.

5 is generated in the hardware configuration of FIG. 4,
6 is a flowchart showing generation of an asymmetric encryption key.

6 is generated in the hardware configuration of FIG. 4,
The flowchart which shows the production | generation of the public key (d) of an asymmetric encryption key.

FIG. 7 is a flowchart showing registration of an asymmetric encryption key.

FIG. 8 is a flowchart showing preprocessing for performing cryptographic communication using an asymmetric cryptographic key.

FIG. 9 is an explanatory diagram showing a conventional example.

FIG. 10 is an explanatory diagram showing a conventional example.

[Explanation of symbols]

200 ... communication network, 201 ... computer, 205 ... computer, 2
09 ... Host.

─────────────────────────────────────────────────── ─── Continuation of the front page (51) Int.Cl. ⁵ Identification number Reference number within the agency FI Technical indication location H04L 9/14 (72) Inventor Shuichi Hirano 216 Totsuka-cho, Totsuka-ku, Yokohama-shi, Kanagawa Hitachi Ltd. Information & Communication Business Department

Claims (9)

[Claims] 1. A first public key d and a secret key e are e · d.
There is a relation of ≡1 (mod f), and the value of f is f = lcm (p) for two prime numbers p and q satisfying n = p · q, where n is the second public key. -1, q-1) (where lcm means the least common multiple), the first public key d
Information specific to the owner of the key or to the computing device possessing the key is applied to the high-order bits of gcd (d, p-
1, q-1) = 1 (where gcd means the greatest common denominator), the lower bit of the public key d is adjusted, and an asymmetric cryptographic key generation method is characterized. 2. The first public key d according to claim 1.
The information unique to the key owner or the computing device that owns the key and the result of converting the information of the second public key n by hash processing are combined and applied to the upper bits of
A method of generating an asymmetric cryptographic key that adjusts the lower bits of the public key d so that the above-mentioned relationship between the secret key e and the prime numbers p and q is satisfied. 3. The relatively small prime number set in advance according to the value of a predetermined number of bits among the values generated as the upper bits of the first public key d according to claim 1 or 2. A method of generating an asymmetric cryptographic key determined as the first public key d. 4. The second public key n according to claim 1, 2 or 3, wherein the generated second public key n is n ′ having a length of n−1 bits obtained by removing the lower one bit of n. As
A method of generating an asymmetric encryption key that is encrypted by the center's private key by the center that is set in advance in the system. 5. The first public key n and two prime numbers p and q satisfying n = p · q are set as secret keys (p, q), and the second public key b is 0 ≦ b <n. In the method of generating an asymmetric cryptographic key that satisfies the relationship, the second public key b is characterized by applying information unique to a key holder or a computing device that owns the key. Asymmetric cryptographic key generation method. 6. The second public key b according to claim 5.
In addition, the information unique to the owner of the key or the information unique to the computing device that owns the key and the information obtained by converting the information of the first public key n by the hash process are combined and applied, and A method of generating an asymmetric cryptographic key that generates the second public key d so as to satisfy the relationship with the key n. 7. The information according to claim 1, 2, 3, 4, 5 or 6, wherein the unique information is identification information for each user or a unique serial number or communication address preset in a computer. Asymmetric encryption key generation method. 8. The computer according to claim 1, 2, 3, 4, 5, 6 or 7, wherein the information unique to each computer and the identification information of the owner of the key are written in a computer built-in ROM at the time of computer production and re-written. Asymmetric encryption key generation method, which is a computer that cannot be set. 9. The asymmetric cryptographic key generation section and the storage means according to claim 1, 2, 3, 4, 5, 6 or 7.
A method for generating an asymmetric encryption key, which is configured by a circuit device that can be attached to and detached from the computer.