JPH0625910B2 - Key delivery device - Google Patents

Description

The present invention relates to encoding for cryptographic key distribution. Usually, a key manager is required for key distribution, but from the idea that it is advantageous to distribute key management for safety, the key distribution management method is the 19th Alerton Conference (Alle
rton Conference) Proceedings 421 to 429, proposed in 1981. However, with this method,
The drawback was that the keys had to be changed frequently.

The object of the present invention is to eliminate the abovementioned drawbacks. The above object can be achieved by a key distribution device having the following configuration. That is, according to the first aspect of the present invention, in an apparatus for secretly sharing a key between two terminals, random pattern generating means for generating a random pattern, and the random
A first code conversion for converting each of the output of the pattern generating means and the digital pattern for key distribution sent from the partner terminal
And a second code converting means connected to the first code converting means for converting the output of the first code converting means depending on a predetermined key pattern. Pattern generating means connected to the second code converting means for generating a key delivery digital pattern to be sent to the other terminal depending on the output of the second code converting means. The key distribution device is characterized in that a part of the output of the conversion means is used as a key to be shared.

Further, according to the second invention, in the device for secretly sharing the key between the two terminals, the random pattern generating means for generating a random pattern, the random pattern generating means and the later-described pattern detecting means are provided. The output of each means is connected to the first code converting means, which is connected and performs a predetermined code conversion on the output of each means, and the first code converting means and the pattern detecting means described later, and the output of each means is predetermined. Second code conversion means for code conversion depending on the key pattern, the random pattern generation means and the second code conversion means are connected to the other side to which an identification pattern is added to the output of each means. Pattern adding means for outputting the key delivery digital pattern to be sent to the terminal, and receiving the key delivery digital pattern sent from the other terminal , Composed of a pattern detecting means according to the identification pattern which is added to said digital pattern and sends the digital pattern to one of said first code converting means or said second code conversion means,
A part of the output of the second code converting means is used as a key to be shared, which is configured as a key distribution device.

Hereinafter, the operation principle of the present invention will be described in detail with reference to the drawings showing the embodiments of the present invention.

First, a diagram showing an example will be described.

FIG. 1 is a block diagram showing an embodiment of the first present invention. FIG. 2 shows an example of the format of the digital pattern for key distribution.

Hereinafter, this format is assumed.

The random pattern generator 101 generates a pattern of the format shown in FIG. 2 in which the pattern identification information "ID0" is added to one random pattern, and then the pattern identification information "ID1" is added to the random pattern. A pattern of the format shown in FIG. 2 is generated. Code converter 102
The pattern identification information is "ID" for the key delivery digital pattern from the partner terminal input from the output or input terminal 105 of the random pattern generator 101.
Only the data part of the digital pattern which is 1 "is code-converted by the one-way function described later, and the others are passed through without any change. The encryption device 103 outputs the pattern identification information of the code converter 102 as" Input the data section only when ID1 "," ID2
The pattern from 6 is used as a key for encryption by the later-described encryption conversion, and at other times, it is passed without changing anything. The output digital pattern when the pattern identification information is "ID2" is output to the output terminal 107, and the output digital pattern in other cases is sent to the pattern adder 104 described later. The pattern adder 104 changes the output pattern identification information from the encryptor 103 to “ID1” for “ID0” and “ID2” for “ID1” and outputs it to the output terminal 108.

First, the cryptographic conversion of the encryptor 103 will be described.

When the key pattern from the input terminal 106 is MK and the output of the code converter 102 is x, and the cryptographic conversion is expressed as E _MK (x) (1), the cryptographic conversion is an arbitrary digital pattern MK1, MK2, x. For E _MK1 (E _MK2 (x)) = E _MK2 (E _MK1 (x)) (2), and when MK1, MK2, x are regarded as integers, E _MK (x) = It is composed of a power-residue circuit that outputs x ^MK (mod p) (3). Where x ^MK (m
od p) is the remainder of x ^MK divided by p. Next code converter 1
Explain 02. The code conversion of the code converter 102 is a conversion that is difficult to reverse (a conversion that requires an order of years for the calculation of the reverse conversion, such a conversion is called a one-way function),
It is composed of a power-residue circuit that outputs a ^y (mod p) for input y.

Here, a is a predetermined positive integer.

FIG. 3 is a block diagram showing an embodiment of the second invention. Random number generator 301 generates a random pattern.
When the pattern detector 305 has pattern identification information “ID1” in the key delivery digital pattern sent from the partner terminal input from the input terminal 306, the code converter 302 described later outputs “ID1” from the digital pattern. The removed pattern is sent, and if there is "ID2", the "ID2" is removed from the key distribution digital pattern and sent to the encryptor 303 described later. Code converter 302
Is the output of the random number generator 301 or the pattern detector 3
For each of the 05 outputs, encode with the one-way function above. The encryption device 303 receives the output of the code converter 302 as an input terminal.
The pattern from 307 is used as a key to be encrypted by the above-mentioned encryption conversion and sent to the pattern adder 304 described later, and the output of the pattern detector 305 is encrypted by the encryption conversion using the pattern from the input terminal 307 as the key and output terminal 308. Output to.
The pattern adder 304 outputs the random number from the random number generator 301.
The pattern identification information “ID1” is added to the pattern, and the output of the encryption device 303 is output to the output terminal 309 to which “ID2” is added.

Next, the operating principle of the present invention will be described with reference to FIGS. It is assumed that the terminals T ₁ and T ₂ obtain the secret shared key, and that the key distribution is certainly possible even if the device of the present invention is installed in T ₁ and T ₂ . Terminal T ₁ shall take the initiative of key delivery.

The key patterns input to the input terminals 106 and 307 at the terminals T ₁ and T ₂ are MK1 and MK2, respectively.

First, the operating principle of the present invention will be described with reference to FIG. Assuming that the random pattern generated by the random pattern generator 101 is RN, “ID0, RN” with pattern identification information “ID1” added is sent to the code converter 102, and then “ID1”.
"ID1, RN" with "" added is sent. “ID0, RN” is sent to the pattern adder 104 without any change, and the pattern adder 104 changes “ID0” to “ID1” and outputs it to the output terminal 108. The output is sent to T ₂ . On the other hand, “ID1, RN” is converted by the code converter 102. The result is "ID1, ▲ ▼"
far. The result is returned to the ID 103, “ID1, E _MK1 (▲
▼) ", and the pattern adder 104 displays" ID2, E
_It is changed to " _MK1 (▲ ▼)" and output to the output terminal 108. T ₂
Sent to. On the other hand, the terminal T ₂ first receives “ID1, RN”. It is converted to “ID1, ▲ ▼” by the code converter 102, then converted to “ID1, E _MK2 (▲ ▼)” by the encryption device 103, and further, “ID2, E _MK2 (▲ ▼) is converted by the pattern adder 104. ) "
Converted to and sent back to T ₁ . In addition, T ₂ is “ID2, E _MK1 (▲
▼) ”is also received by the encryption device 103 by E _MK2 (E
_{The data} is encrypted by _MK1 (▲ ▼) and output to the output terminal 107. At terminal T ₁ , "ID2, E _MK2 (▲ ▼)" sent from T ₂
Received, and the encryption device 103 _sends it to E _MK1 (E _MK2 (▲ ▼))
And output to the output terminal 107. As a result terminal
Since T _1, a digital pattern that represents the output terminal 107 in T ₂ are equal to the equation (2), the secret key of the terminal T ₁ and T _2.

Next, the operating principle of the present invention will be described with reference to FIG. The random pattern generated by the random number generator 301 is RN. RN is sent is added to "ID1" by pattern adding unit 304 to the terminal T _2. On the other hand, the RN is code-converted by the code converter 302. The result is indicated as ▲ ▼. ▲ ▼
Is converted into E _MK (▲ ▼) by the encryptor 303, the pattern identification information “ID2” is added by the pattern adder 304, and the result is sent to T ₂ . The terminal T ₂ receives the RN to which “ID1” is added and sends it to the transcoder 302. The code converter 302 code-converts the RN into ▲ ▼, and the encryptor 303 converts it into E _MK2 (▲
)), And the pattern adder 304 adds “ID2” to it and sends it back to T ₁ . The terminal T ₂ also receives the E _MK1 (▲ ▼) to which “ID2” is added from T ₁ . The pattern detector 305 sends it to the cipher 303, and the cipher 303 sends E _MK1 (E _MK1 (▲
))) And outputs it to the output terminal 308. Terminal T ₁
Is the E _MK2 (▲ with the “ID2” added back from T ₂
▼) and the pattern detector 305 sends it to the cipher 303
Send to. The encryption device 303 converts it into E _MK1 (E _MK2 (▲ ▼)) and outputs it to the output terminal 308. As a result, E _MK1 (E _MK2 (▲ ▼)) and E _MK2 (E _MK1 (▲ ▼)) _{appearing on} terminals T ₁ and T ₂
Are equal to each other according to equation (2), so they are common secret keys.

In the present invention, since there is the code converter 102 or 302, each terminal has a key input to the input terminal 106 or 307.
Does not require frequent pattern changes.

The reason for this is the literature published by some of the inventors in May 1982,
The Institute of Electronics and Communication Engineers "Automan and Language" Study Volume 82, 23
No. 51 to 60, "Verification of security of key distribution system using commutative encryption function" is omitted here.

FIG. 4 is a block diagram showing one embodiment of the code converter 302 shown in FIG. Selector 401 is input terminal 403 or 40
Select one of 4 that has been input with a digital pattern. Digital patterns never arrive at input terminals 403 and 404 at the same time. The power-residue circuit 402 is a circuit for calculating and outputting a ^x (mod q) when the input from the selector is x, a is a predetermined integer, and g is a predetermined prime number. There are many documents on the power-residue circuit. For example, "Multiplication and Division Method for Cryptographic Processing" in the Proceedings of National Conference on Information and Systems Division, IEICE, 1981 1-3
It's on page 22.

FIG. 5 is a block diagram showing one embodiment of the encryptor 303 in FIG. Selector 501 is input terminal 504 or
Of 505, the one to which the digital pattern is input is selected. Digital patterns never arrive at input terminals 504 and 505 at the same time. The exponentiation remainder circuit 502 is x ^MK (mod p) for the input x from the selector 501, the key pattern MK from the input terminal 307, and a predetermined prime number p.
Is output. The power-residue circuit is described in the above document. The switch 503 outputs to the output terminal 308 only when the output of the power-residue circuit 502 is the output corresponding to the input from the input terminal 505, and outputs the other to the output terminal 508. The output of the code converter 302 of FIG. 3 is input to the input terminal 504, and the output of the pattern detector 305 of FIG. 3 is input to the input terminal 505.

FIG. 6 is a block diagram showing an embodiment of the pattern adder 304 shown in FIG. The pattern identification information "ID1" and "ID2" are written in a part of the registers 601 and 602, respectively, and the data input from the input terminals 604 and 605 are written in the remaining parts. Selector 603 has registers 601 and 60
Of the two, the register whose data has arrived from the input terminals 604 and 605 is selected, and the content of the register is output to the output terminal 309. The output of the random number generator 301 of FIG. The output from the encryptor 303 shown in FIG. 3 is input to the terminal 605.

FIG. 7 is a block diagram showing one embodiment of the pattern detector 305 of FIG. The register 701 receives the key delivery digital pattern sent from the other terminal input to the input terminal 306, and the switch 702 receives the digital pattern.
If the pattern identification information of the pattern is "ID1", the data part of the digital pattern is output to the output terminal 703, and if "ID2", it is output to 704. The output terminal 703 is the code converter of FIG.
302, the output terminal 704 is connected to the encryptor 303 of FIG. Random number generator 301 may be anything that generates a random digital pattern.

FIG. 8 is a block diagram showing one embodiment of the random pattern generator 101 of FIG. The pattern generated by the random number generator 804 is written in the data part of the register 805. The register 805 is divided into a pattern identification information part and a data part. On the other hand, the pattern identification information “ID1” and “ID0” are written in the memories 801 and 802, respectively.
3 first selects the memory 801 and writes the contents in the pattern identification information part of the register, and the parallel content of the register 805 is output to the output terminal 806. Next, the selector 803 selects the memory 802, writes the content in the pattern identification information section of the register, and the content of the register 805 is output to the output terminal 806.

FIG. 9 is a block diagram showing one embodiment of the code converter 102 of FIG. Selector 901 has input terminals 905 and 105
The one of the digital patterns that arrives is selected and the digital pattern is sent to the register 902. Input terminal 9
Digital patterns never arrive at 05 and 105 at the same time.

The register 902 stores the output from the selector 901. The switch 903 sends the data portion of the digital pattern to the power residue circuit 904 only when the pattern identification information of the digital pattern in the register 902 is “ID1”. The power-residue circuit 904 calculates a ^x (mod q) for the data x from the switch 903 by using the above a and q, and writes the result in the data section of the register 902. Then, the content of the register 902 is output to the output terminal 906. The output of the random pattern generator 101 of FIG. 1 is input to the input terminal 905.
The input terminal 105 is the same as the input terminal 105 of FIG.

FIG. 10 is a diagram showing one embodiment of the encryptor 103 in FIG. The register 1001 stores the input from the input terminal 1005. When the pattern identification information of the content of the register 1001 is other than “ID0”, the switch 1003 sends the data part of the content to the power remainder circuit 1004.

The power-residue circuit 1004 writes x ^MK (mod p) in the data section of the register 1001 with the output of the switch 1003 as x using the key pattern MK from the input terminal 1006 and the p. After that, if the pattern identification information of the contents of the register 1001 is "ID2", the switch 1002 outputs the contents to the output terminal 107, "I".
If it is D0 "or" ID1 ", it is output to 1007. The output to the output terminal 1007 is sent to the pattern adder 104 in FIG.

FIG. 11 is a diagram showing one embodiment of the pattern adder 104 of FIG. The register 1101 stores the digital pattern from the input terminal 1103, and the pattern converter 1102 converts it into "ID1" if the pattern identification information of the digital pattern is "ID0" and into "ID2" if it is "ID1". .

In the above embodiment, the pattern identification information is set to "ID0",
Although "ID1" and "ID2" are used, different ones may be used as long as they can be distinguished. Also, the cryptographic conversion was a power-residue of an integer,
Any transformation that satisfies (2) may be used. For example, the power residue of a polynomial is another example. Furthermore, as a one-way function used in the code converters 102 and 302, a power residue of an integer is used.
It is good if the inverse transformation is difficult. For example, the method of transforming the input x into f (x) (mod q) using the polynomial f (x) and the prime number q is another example, and the power residue of the polynomial is It can also be used. Although the embodiment of each component in FIG. 1 includes a register, all or some of these registers can be common registers. The registers of the pattern adder 304 and the pattern detector 305 of FIG. 3 can also be common registers. All of these changes are included in the scope of the present invention.

As described in detail above, if the present invention is used, each terminal does not frequently change the key pattern from the input terminal 307 of FIG. 3 or the input terminal 106 of FIG. The key can be obtained, and its effect is extremely large when applied to an encryption system.

[Brief description of drawings]

FIG. 1 is a block diagram showing an embodiment of the first invention, FIG. 2 is a diagram showing a format of a digital pattern for key distribution, and FIG. 3 is a block diagram showing an embodiment of the invention of FIG. 4 is a block diagram showing an embodiment of the code converter 302 in FIG. 3, FIG. 5 is a block diagram showing an embodiment of the encryptor 303 in FIG. 3, and FIG. 6 is a pattern in FIG. Adder 30
4 is a block diagram showing an embodiment of FIG. 4, FIG. 7 is a block diagram showing an embodiment of the pattern detector 305 in FIG. 3, and FIG. 3 is a block diagram of an embodiment of the random pattern generator 101 in FIG. FIG. 9 is a block diagram of an embodiment of the code converter 102 in FIG. 1, FIG. 10 is a block diagram of an embodiment of the encryption device 103 in FIG. 1, and FIG. 11 is a view of FIG. Pattern adder 10
FIG. 6 is a block diagram showing a fourth example. In the figure, 301 and 804 are random number generators, 102 and 302 are code converters, 103 and 303 are encryptors, 104 and 304 are pattern adders, and 305.
Is a pattern detector, 101 is a random pattern generator, 4
01,501,603,803,901 are selectors, 402,502,904,1004 are power remainder circuits, 503,702,903,1002,1003 are switches, 60
1, 602, 701, 805, 902, 1001, 1101 are registers, 801, 802 are memories, and 1102 are pattern converters.

 ─────────────────────────────────────────────────── ─── Continuation of the front page (71) Applicant 999999999 NEC Corporation 5-7-1 Shiba, Minato-ku, Tokyo (72) Inventor Toru Fujiwara 4-82-2 Ishibashi, Ikeda-shi, Osaka Seiunkaku (72) ) Inventor Atsushi Kitai 2-37-6 Harumidai, Sakai-shi, Osaka (72) Inventor Tadao Kasu 4-26 Ohata-cho, Nishinomiya-shi, Hyogo (72) Inventor Saburo Yamamura 1-5, Incheon-kita, Takarazuka-shi, Hyogo No. 4-203 (72) Inventor Eiji Okamoto 5-33-1 Shiba, Minato-ku, Tokyo NEC Corporation

Claims (2)

[Claims] 1. A random pattern generator for generating a random pattern in an apparatus for secretly sharing a key between two terminals and generating two types of patterns by adding different pattern identification information to the random pattern. Means and an output of the random pattern generating means or a digital pattern for key delivery sent from the other party's terminal as an input, and depending on the pattern identification information contained in the input, a predetermined one First code conversion means for performing code conversion by a directional function, and connected to the first code conversion means, depending on a predetermined key pattern for the output of the first code conversion means Second code conversion means for performing reversible code conversion, and a key connected to the second code conversion means and for transmitting to a partner terminal depending on the output of the second code conversion means And a pattern generating means for adding a digital pattern for transmission, wherein a part of the output of the second code converting means or a portion of the output corresponding to a predetermined key length is used as a key to be shared. Key delivery device to do. 2. A device for secretly sharing a key between two terminals, which is connected to a random pattern generating means for generating a random pattern, the random pattern generating means and a pattern detecting means described later, and each means. Is connected to the first code conversion means for performing code conversion by a predetermined one-way function to the output of the above, the first code conversion means and the pattern detection means described later, and the output of each means is determined by a predetermined key Second code conversion means for performing reversible code conversion depending on the pattern, connected to the random pattern generation means and the second code conversion means, and added a unique identification pattern to the output of each means , A pattern adding means for outputting a key delivery digital pattern to be sent to the partner terminal, and a key delivery digital pattern sent from the partner terminal Receiving, the following identification pattern which is added to the digital pattern the digital pattern of the first code conversion means or the second
And a pattern detecting means for sending to any one of the code converting means, and a part of the output of the second code converting means is used as a key to be shared.