JPH10210026A - System for transmitting secret key - Google Patents

Abstract

PROBLEM TO BE SOLVED: To make it difficult for a third person to estimate a secret key by attack, and to continue cipher communication even when the secret key is decoded by transmitting a cryptographic sentence and the secret key generated by first and second enciphering means to a receiving device. SOLUTION: A secret key selecting part 104 of a communication equipment 100 selects and reads one secret key Ks from among secret keys K1-K3 stored in a secret key storing part 103. An enciphering device 102 enciphers block data Data of a digital workpiece 101 by using the secret key Ks, generates a cryptographic sentence Cd, and transmits it to a transmitting part 110. A message generating part 106 generates a message M. An enciphering device 105 enciphers the message M by using the secret key Ks as a cryptographic key, transmits an obtained cryptographic sentence Ca to a transmitting part 111. An enciphering device 107 enciphers the message M by using the message M itself as the cryptographic key, and transmits an obtained cryptographic sentence Cm to a transmitting part 112. At least, the transmitting parts 110-112 transmit those three cryptographic sentences Cd, Ca, and Cm to a receiving device 200.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a secret key transmission method in cryptographic communication using a secret key, and more particularly, to one secret key used for secret key encryption from a plurality of secret keys distributed in advance. It relates to the technology of transmitting keys.

[0002]

2. Description of the Related Art Conventionally, digitized documents, voices,
In a secret key cryptographic communication system in which data such as images and programs are encrypted with a secret key and communicated via a transmission medium, and recorded / reproduced via a recording medium, each of a transmitting device and a receiving device includes a device in advance. The encryption and decryption are performed using one common secret key determined between them.

[0003] In other words, even when each of the transmitting device and the receiving device has a plurality of secret keys, one secret key is specified and used immediately before performing communication. . This is to ensure that the cipher text sent from the transmitting device is securely decrypted in the receiving device.

[0004]

However, in such a conventional cryptographic communication system, if the secret key is stolen or decrypted by an unauthorized third party (it is known to a person who does not want to be known). In such a case, all communication devices that have used the secret key must update the secret key used in subsequent communications with a new one. This results in a huge amount of troublesome work, especially when the secret key is fixedly stored in a component such as the ROM of the communication device or used in many communication devices. Becomes

Accordingly, the present invention has been made in view of the above-described problems, and makes it difficult to estimate a secret key by an attack by a third party, and to obtain a new secret even if the secret key is decrypted. An object of the present invention is to provide a secret key transmission system for secret key cryptographic communication that can continue cryptographic communication without updating to a key.

[0006]

A secret key transmission system that achieves the above object is a transmission device that selects one of a plurality of secret keys distributed in advance and transmits one secret key Ks, and a transmission device that transmits the secret key. In a communication system including a receiving device for receiving,
The transmitting device includes a secret key storage unit that stores a plurality of secret keys K1 to Kn, a secret key selection unit that selects and reads one secret key Ks therefrom, and a carrier that transmits the secret key Ks. Message generating means for generating a certain message M; first encrypting means for encrypting the generated message M using a secret key Ks to generate a ciphertext Ca; A second encrypting means for encrypting the ciphertext as an encryption key to generate a ciphertext Cm, a transmitting means for transmitting the ciphertexts Ca and Cm as a transmission of a secret key Ks to a receiving device, and the like. First decryption means for decrypting the ciphertext Ca using any one of the keys K1 to Kn to generate the decrypted text Mi, and decrypting the ciphertext Cm with the decrypted text Mi as the decryption key to generate the decrypted text Mii; Second decoding means Determining means for determining whether or not the decrypted texts Mi and Mii match;
When any one of the secret keys Ki matches, the secret key Ki is recognized as the secret key transmitted from the transmitting device.

Here, before transmitting the ciphertexts Ca and Cm to the receiving device, the ciphertexts Ca and Cm are suitable for specifying one secret key Ks without error by the receiving device. You can also verify whether or not.
Specifically, the transmitting device further decrypts the ciphertext Ca by sequentially using each of the secret keys Kj not selected by the secret key selecting means as a decryption key, one by one, to decrypt the decryption text Ma. A first decryption unit for generating the decrypted text Ma, using the decrypted text Ma itself as an encryption key;
A second encryption control means for generating a ciphertext Cmm by encrypting by the encryption means, and the two ciphertexts Ca only when the ciphertext Cmm and the ciphertext Cm do not match for all the secret keys Kj. And gate means for permitting the transmission of Cm and Cm.

[0008] The transmitting apparatus may further include one for each secret key Kj not selected by the secret key selecting means.
First decryption means for generating a decrypted text Ma by sequentially decrypting the encrypted text Ca by using the decrypted text Ma as a decryption key, and decrypting the encrypted text Cm using the decrypted text Ma as a decryption key; , A comparing means and a gate means for permitting the transmission of the two ciphertexts Ca and Cm only when the decrypted texts Ma and Mm do not match for all the secret keys Kj. Can also be provided.

[0009]

BEST MODE FOR CARRYING OUT THE INVENTION

(Embodiment 1) Hereinafter, Embodiment 1 of the present invention will be described in detail with reference to the drawings. Embodiment 1 is a secret key encryption communication system using a secret key transmission method according to the present invention. In this specification, in “secret key transmission”, in addition to transmitting the secret key itself, a plurality of secret keys are distributed in advance, and information specifying one of them is transmitted. It is also included. [Configuration of Cryptographic Communication System] FIG. 1 is a block diagram showing a configuration of a cryptographic communication system according to the first embodiment.

The present system comprises a transmitting device 100, a receiving device 200, and three transmission lines 120-1 connecting them.
22. In this system, three different secret keys K1, K2, and K3 are distributed to the transmitting device 100 and the receiving device 200 in advance, and the transmitting device 100 uses one secret key arbitrarily selected from the three. Then, the digital work is encrypted and transmitted to the receiving device 200.

The transmission device 100 is a personal computer or a magnetic disk drive device having a communication function, and includes a digital work 101, a secret key storage unit 103, a secret key selection unit 104, and three encryptors 102, 105, 10 and 10.
7, the message generator 106 and the three transmitters 110
112. The ultimate purpose of the transmitting apparatus 100 is to encrypt a digital work owned by itself and transfer the encrypted digital work to the receiving apparatus 200. For this purpose, in addition to the encrypted digital work Cd, two types of encryption are used. A sentence, namely, a ciphertext Ca for implicitly transmitting one secret key used for encrypting the digital work, and a ciphertext for transmitting a certain regularity serving as a criterion for specifying the secret key. The ciphertext Cm is transmitted to the receiving device 200 together with the ciphertext Cm.

The digital work 101 is a hard disk or the like which stores in advance data such as digitized documents, sounds, images, and programs. Secret key storage unit 10
Reference numeral 3 denotes a semiconductor memory or the like which stores the above-described three secret keys K1, K2, and K3 in advance. The secret key selection unit 104 stores the three secret keys K1, K2, and K stored in the secret key storage unit 103.
1 out of 3 used for encryption of digital work 101
The secret keys Ks are arbitrarily selected and read, and are sent to the encryptors 102 and 105.

The encryptor 102 is an IC or the like that performs encryption based on the secret encryption algorithm E 1, reads out digital data Data from the digital work 101 in block units, and receives the data from the secret key selecting unit 104. Ciphertext Cd (= E1 (D
ata, Ks)) to the transmitting unit 110 is repeated for all the digital works 101.

Here, the symbol E (M, K) means an encrypted text obtained by encrypting the plaintext M using the encryption key K based on the encryption algorithm E. Similarly, the symbol D
(C, K) means a decrypted text obtained by decrypting the encrypted text C using the decryption key K based on the decryption algorithm D. The message generation unit 106 is a random number generator or the like that generates one random number and holds it as a message M. The message M is dummy data used as a carrier for implicitly transmitting the secret key Ks selected by the secret key selecting unit 104 to the receiving device 200, and the content itself is not important.

The encryptor 105 is an IC or the like that performs encryption based on the secret encryption algorithm E 2, reads out the message M held in the message generation unit 106, and receives the message M from the secret key selection unit 104. Secret key K
s is used as an encryption key, and the resulting ciphertext Ca (= E2
(M, Ks)) to the transmitting unit 111. Encryptor 107
Is an IC or the like that performs encryption based on a secret encryption algorithm E3, reads out the message M stored in the message generation unit 106, encrypts the message M using the message M as an encryption key, and obtains The cipher text Cm (= E3 (M, M)) is sent to the transmitting unit 112.

The ciphertexts Ca and Cm are stored in the secret key selecting unit 1.
The secret key Ks selected in 04 is three secret keys K1, K2,
This is a ciphertext for indirectly transmitting to the receiving device 200 which of K3 is. Transmission units 110, 111, 11
2 includes a parallel-to-serial converter, an amplifier, and the like, and transmits the above three types of ciphertexts Cd, Ca, and Cm to the receiving device 200 via transmission lines 120, 121, and 122, respectively.

The transmission paths 120 to 122 are communication cables, recording media, and the like. On the other hand, the receiving device 200 includes seven decoders 201, 221, 222, 231, 232, and 24.
1, 232, three secret key storage units 220, 230, 24
0, three determining units 223, 233, 243, a comprehensive determining unit 203, a secret key selecting unit 202, and three receiving units 210-2.
12 is comprised.

The ultimate purpose of the receiving apparatus 200 is to decrypt and use the encrypted digital work Cd sent from the transmitting apparatus 100, and to use a secret key Ks to be used for the decryption, ie, The secret key Ks selected by the secret key selection unit 104 in the transmitting device 100 is specified from the two types of ciphertexts Ca and Cm received together with the encrypted digital work Cd.

The receiving units 210, 211, 212 are connected in series to
It consists of parallel converters and the like,
The three types of ciphertexts Cd, Ca, Cm via
To receive. The decryptor 201 is an IC or the like that performs decryption based on a secret decryption algorithm D1, which is an inverse conversion of the encryption algorithm E1 of the encryptor 102 provided in the transmission device 100, and receives the secret key Ks from the secret key selection unit 202. In this case, the cipher text Cd sent from the receiving unit 210
Is decrypted using the secret key Ks to obtain the block data Data (= D1) of the original digital work.
(Cd, Ks)).

It should be noted that this decoder 201
As long as the encrypted digital work Cd is repeatedly sent from 0, the decryption is repeated. Also, the secret key selection unit 2
02, the secret key Ks is not given, it is recognized that the identification of the secret key has failed, and the encrypted digital work C
Do not decrypt d. A first group of circuits including the secret key storage unit 220, the decryption unit 221, the decryption unit 222, and the determination unit 223 is for determining whether or not the secret key Ks used in the transmission device 100 is K1. And the secret key storage unit 230, the decryption unit 231, the decryption unit 232, and the determination unit 2
The second group of circuits 33 includes a secret key storage unit 240, a decoder 241 and a decoder 24 for the purpose of determining whether or not the secret key used in the transmitting device 100 is K2.
The third set of circuit groups including the second and determination units 243 is for determining whether or not the secret key used in the transmission device 100 is K3. These three circuit groups are stored in the secret key storage units 220, 230, and 240, respectively.
The basic configuration and function are the same except that the secret keys are different. Therefore, only the first group of circuit groups will be described in detail.

The secret key storage unit 220 is a semiconductor memory or the like that stores the secret key K1 in advance. The decryptor 221 is configured to use the encryption algorithm E of the
An IC or the like that performs decryption based on a secret decryption algorithm D2, which is an inverse transform of 2, using the secret key K1 read from the secret key storage unit 220 for the ciphertext Ca sent from the reception unit 211. The decrypted text M1 (=
D2 (Ca, K1)) to the determination unit 223 and the decoder 222.

The decryptor 222 is an IC or the like that performs decryption based on a secret decryption algorithm D3 which is an inverse conversion of the encryption algorithm E3 of the encryptor 107 provided in the transmission device 100. The text Cm is decrypted using the decrypted text M1 sent from the decryptor 221 as a decryption key, and the obtained decrypted text M11 (= D3 (Cm, M
1)) is sent to the determination unit 223.

The determination section 223 comprises a comparator or the like, and determines whether or not the decrypted text M1 sent from the decoder 221 matches the decrypted text M11 sent from the decoder 222. In this case, “1” is output to the overall determination unit 203 if they do not match, and “0” is output. Here, the case where they match (M1 = M11) corresponds to the case where the secret key Ks selected by the secret key selection unit 104 of the transmitting device 100 is K1. The reason is as follows.

Now, it is assumed that secret key selecting section 104 of transmitting apparatus 100 has selected secret key K1. That is, Ks = K1−Equation 1. Then, the following holds. Ca = E2 (M, Ks) = E2 (M, K1) -Equation 2 Cm = E3 (M, M) -Equation 3 Therefore, the decoded text M1 output from the decoder 221 of the receiving apparatus 200 uses the equation 2. As a result, the following is achieved.

M 1 = D 2 (Ca, K 1) = D 2 (E 2 (M, K 1), K 1) = M−Equation 4 On the other hand, the decrypted text M 11 output by the decoder 222 of the receiving apparatus 200 is represented by Equations 3 and 4. Is obtained as follows.

M 11 = D 3 (C m, M 1) = D 3 (E 3 (M, M), M) = M−Equation 5 From Equations 4 and 5, the following holds. M1 = M11-Equation 6 Similarly, the determination unit 233 of the second group of circuit groups
The decrypted text M2 sent from the decoder 231 and the decryptor 23
It is determined whether or not the decrypted text M22 sent from 2 matches, and if it matches, “1” is output if it does not match, and “0” is output to the overall determination unit 203. The determination unit 243 of the set of circuit groups determines whether or not the decrypted text M3 sent from the decoder 241 matches the decrypted text M33 sent from the decoder 242. 1 "
If they do not match, “0” is output to the overall determination unit 203.

The general judgment section 203 comprises an OR circuit, a selector and the like, and has three judgment sections 223, 233 and 243.
, An instruction to specify the decryption key Ks to be used for decryption of the encrypted digital work Cd received by the receiving unit 210 or an appropriate decryption key is not found. An instruction “0” to the effect is sent to the secret key selection unit 202.

More specifically, when the judgment unit 223 outputs "1" to the effect that they match, an instruction "1" indicating that the secret key K1 is to be selected regardless of the output of the other judgment units 233 and 243. When the determination unit 223 outputs “0” indicating that they do not match, and when the determination unit 233 outputs “1” indicating that they match, an instruction “2” for selecting the secret key K2 is sent to the determination unit 2
23 and the determination unit 233 output “0” indicating that they do not match,
When the judgment unit 243 outputs "1" indicating that the match is made, the instruction "3" for selecting the secret key K3 is changed to "0" indicating that none of the three judgment units 223, 233, and 243 match.
Are output to the secret key selection unit 202, respectively, indicating that no decryption key is found.

The secret key selecting unit 202 is composed of a selector or the like, and each of the decryption units 20 based on one of the four types of instructions “0/1/2/3” from the comprehensive determining unit 203.
No. 1 does not output the secret key / outputs the secret key K1 / outputs the secret key K2 / outputs the secret key K3. The secret key selection unit 202 sends the encrypted digital work C
While d is repeatedly transmitted, output is continued.

The determining units 223, 233, and 243 output "0" when the two decrypted texts do not match, and as a result, the comprehensive determining unit 203 determines that the secret keys K1, K2 , K3 are not the secret key selected in the transmitting apparatus 100, but the above processing is performed by utilizing the following properties of the encryption (decryption) algorithm normally employed in the present system. I have.

In other words, the decrypted text obtained when a secret key different from the originally used secret key is used as the decryption key is different from the original plain text. [Operation of Cryptographic Communication System] Next, the operation of the present cryptographic communication system configured as described above will be described.

FIG. 2 is a flowchart showing an operation procedure of the transmitting apparatus 100. First, the secret key selection unit 104
The three secret keys K1, K stored in the secret key storage unit 103
2. One secret key Ks is selected and read from K3, and is sent to the encryptors 102 and 105 (step S1).
0). Next, the encryptor 102 generates a ciphertext Cd by encrypting the block data Data of the digital work 101 using the secret key Ks, and sends the ciphertext Cd to the transmitting unit 110 (step S11).

Subsequently, the message generator 106 generates one message M (step S12). Then, the encryptor 105 encrypts the message M using the secret key Ks sent from the secret key selecting unit 104 as an encryption key, sends the obtained ciphertext Ca to the transmitting unit 111, and Encrypts the message M using the message M itself as an encryption key, and sends the obtained encrypted text Cm to the transmission unit 112 (step S13).

Finally, the transmitting units 110, 111, 112
Transmits the three ciphertexts Cd, Ca, and Cm to the receiving device 200 (step S14). The remaining block data of the digital work 101 is
Only the transmission of the ciphertext Cd is repeated, and another ciphertext Ca is transmitted.
And Cm are not transmitted. FIG. 3 is a flowchart illustrating an operation procedure of the reception device 200.

First, the receiving units 210, 211, 212
Transmission lines 120, 121,
122, the three ciphertexts Cd, Ca, and C sent through
m, the decoder 201, the decoders 221, 231, 2
41, send to the decoders 222, 232, 242 (step S20). Next, as the first stage of decoding, the receiving unit 21
2 from the decryptor 221 for the ciphertext Ca sent from
Generates a decrypted text M1 by decrypting using the secret key K1 read from the secret key storage unit 220,
3 and the decryption unit 222, the decryption unit 231 decrypts using the secret key K2 read from the secret key storage unit 230 to generate a decrypted text M2, and sends it to the determination unit 233 and the decryption unit 232 to perform decryption. 241 is a secret key storage unit 2
The decryption is performed using the secret key K3 read from the decryption unit 40 to generate a decrypted text M3.
2 (step S21).

Subsequently, as a second stage of decryption, the ciphertext Cm sent from the receiving unit 212 is
22 generates a decrypted text M11 by decrypting the decrypted text M1 sent from the decoder 221 as a decryption key and sends it to the determination unit 223.
Is decrypted using the decryption text M2 sent from the decryption key as a decryption key, and the decryption text M22 is generated and sent to the determination unit 233.
Is decrypted as a decryption key to generate a decrypted text M33 and send it to the determination unit 243 (step S22).

The determining unit 223 determines whether or not the decrypted text M1 sent from the decoder 221 matches the decrypted text M11 sent from the decoder 222. Is output to the overall determination unit 203 if they do not match (step S23), and the determination unit 233 simultaneously decodes the decrypted text M2 sent from the decoder 231 and the decryption sent from the decoder 232. It is determined whether or not the sentence M22 matches, and if they match, “1” is output to the general determining unit 203 if they do not match (step S24). It is determined whether or not the decrypted text M3 sent from the H.241 and the decrypted text M33 sent from the decoder 242 match. If they match, “1” is set. If they do not match, “0” is set. To the comprehensive judgment unit 20
3 (step S25).

When the general judgment section 203 receives the notification "1" indicating the coincidence from the judgment section 223, it gives priority to the notification from the other judgment sections 233 and 243, and gives the secret key selection section 202 To the secret key K1. Therefore, the decoder 201 includes:
Secret key selection unit 20 for ciphertext Cd sent from
The original digital work Data is decrypted using the secret key K1 sent from Step 2 (Step S26).

Further, the overall judgment section 203 is provided with a judgment section 223.
And the judgment unit 2
When receiving the notification “1” indicating that they match from each other, an instruction “2” for selecting the secret key K2 is sent to the secret key selecting unit 202. Therefore, the decoder 201 includes the receiving unit 21
0 for the secret key selection unit 2 for the ciphertext Cd sent from
Using the secret key K2 sent from the H.02, the original digital work Data is decrypted (step S27).

Further, the overall judgment section 203
3 and the determination unit 233 receive the notification “0” indicating that they do not match and the determination unit 243 receives the notification “1” indicating that they do not match.
Send instruction "3" to select "3". Therefore, the decoder 2
01 decrypts the ciphertext Cd sent from the receiving unit 210 into the original digital work Data using the secret key K3 sent from the secret key selecting unit 202 (step S28).

Further, when receiving a notification “0” indicating that there is no match from any of the determination units 223, 233, and 243, the comprehensive determination unit 203 notifies the secret key selection unit 202 of the notification. Send "0". Therefore, the decoder 201
Does not decrypt the ciphertext Cd sent from the receiving unit 210 (step S25). As described above, according to the present embodiment, the transmitting device 100 and the receiving device 2
00, three common secret keys are distributed in advance, and the transmitting apparatus 100 uses the one secret key Ks arbitrarily selected from the three secret keys to transmit the digital work 10
1 is encrypted and transmitted to the receiving device 200, and the receiving device 20
0 can decrypt the encrypted digital work 101 despite not being explicitly notified as to which of the three private keys Ks is one of the three private keys. did it. In other words, it can be said that one secret key Ks arbitrarily selected by the transmitting device 100 has been implicitly transmitted to the receiving device 200 using two types of ciphertexts Ca and Cm.

The reason why such secret key transmission is possible is that the receiving apparatus has a regularity in the ciphertext Cm, that is, the ciphertext Cm is obtained by encrypting the plaintext M with the same encryption key M as the plaintext M. This is because the property that the message M is used as a criterion for specifying one secret key Ks and the message M used in the transmitting device. According to the secret key transmission scheme according to this embodiment, (i) the transmission paths 121, 1
22 that ciphertext is transmitted instead of plaintext,
(ii) A time-varying random number (message M) is used for the transmission, and (iii) the random number (message M) itself is encrypted using the random number (message M) as an encryption key. Since the transmission is performed, there is no fixed relationship between the secret key Ks selected by the transmission device 100 and the ciphertexts Ca and Cm transmitted to the reception device 200. The security against eavesdropping by an unauthorized third party is high. (Embodiment 2) Next, Embodiment 2 of the present invention will be described with reference to the drawings.

The second embodiment is a secret key encryption communication system for transmitting a digital work and a secret key using three types of ciphertexts Cd, Ca, and Cm, as in the first embodiment. The third embodiment differs from the first embodiment in that a function for ensuring that the secret key Ks is specified is added to the transmission device. [Configuration of Transmitting Apparatus] FIG. 4 is a block diagram showing the configuration of transmitting apparatus 300 in the cryptographic communication system according to the second embodiment. The receiving device according to the present embodiment is the same as the receiving device 200 according to the first embodiment shown in FIG.

The transmitting device 300 includes the components 101 to 107, 110 to 11 included in the transmitting device 100 of the first embodiment.
2, a decoder 320, a gate unit 321, and a comparison unit 3
22, a distributor 323, and two selectors 324 and 325. Note that the secret key selecting unit 10 of the transmitting device 300
4 are the three secret keys K stored in the secret key storage unit 103
Embodiment 1 is the same as Embodiment 1 in that one secret key Ks used for encrypting the digital work 101 is arbitrarily selected and read out of 1, K2, and K3, and is sent to the encryptors 102 and 105. Further read out the two unselected secret keys Kj (j = 1, 2) sequentially and
It has the function of sending to 0.

The decryptor 320 is the same as the decryptor 221 in the first embodiment, that is, the secret decryption algorithm D2 which is the inverse transform of the encryption algorithm E2 of the encryptor 105.
And the like for decrypting based on the secret key.
4 each time the secret key Kj is sent, the ciphertext Ca generated by the encryptor 105 is decrypted using the secret key Kj as a decryption key, and the resulting decrypted text Ma (= D2 (Ca, Kj)) is selected by the selector 32.
4, sent to 325.

The gate section 321 is composed of a latch circuit and the like, and the ciphertext Ca generated by the encryptor 105 and the encryptor 107
Holds the ciphertexts Cm (ciphertexts Cm that have passed through the distributor 323), and discards them based on the notification from the comparison unit 322, and transmits the transmission units 111 and 11
2 output. The selectors 324 and 325 are two-input and one-output multiplexer circuits. The selectors 324 and 325 first pass the message M from the message generator 106 and then pass the decoded text Ma from the decoder 320.

The distributor 323 includes selectors 324 and 325
When the selectors 324 and 325 select the message M, the ciphertext Cm output from the encryptor 107 is transmitted to the gate unit 32.
1 and the first input port of the comparison unit 322, and when the selectors 324 and 325 select the decrypted text Ma, the encrypted text Cmm output from the encryptor 107 is output to the comparison unit 322.
To the second input pouch.

The comparing section 322 holds the ciphertext Cm input to the first input port, and determines whether or not it matches the ciphertext Cmm subsequently input to the second input port. As a result, when they match, the message generation unit 106 and the gate unit 321 are notified of the fact, so that the message generation unit 106 generates the message M again and the two messages held in the gate unit 321 are retained. The ciphertexts Ca and Cm are discarded, and new ciphertexts Ca and Cm are retained.

On the other hand, if all the ciphertexts Cmm input to the second input port do not match, the fact is notified to the gate unit 321 so that the two ciphertexts Ca held in the gate unit 321 are held. And Cm to the transmission unit 111,
112. As a result, the erroneous determination that occurs with a small probability in the three determination units 223 to 243 of the reception device 200, that is, the secret key selection unit 1 of the transmission device 300
The two decrypted texts Mj input to the determination units 223 to 243 relating to the secret key Kj different from the secret key Ks selected at step 04.
(= D2 (Ca, Kj)) and Mjj (= D3 (Cm, Mj))
Is prevented from being erroneously decoded due to the fact that.

Specifically, for example, the transmitting device 300
Although the digital work 101 and the message M are encrypted using the secret key K2 and transmitted to the receiving apparatus 200, the receiving apparatus 200 decrypts the decrypted text M1 generated by the decryptor 221 and the decrypted text generated by the decryptor 222. The occurrence of a problem that the sentence M11 matches can be prevented. The above-mentioned inconvenience can occur with a small probability in the secret key transmission method of the first embodiment for the following reasons.

That is, in the first embodiment, for example, if the transmitting apparatus 100 now selects the secret key K2, generates three ciphertexts Cd, Ca, and Cm using the secret key K2 and transmits them to the receiving apparatus 200, In the device 200, the decoder 22
1 and the decrypted text M11 generated by the decryptor 222 are generated using a secret key K1 different from the original secret key K2.
Are not matched with the original message M.

However, it is not guaranteed that these decrypted texts M1 and M11 are different from each other. That is, although these decrypted texts M1 and M11 do not match the original message M (M1 ≠ M and M11 ≠ M), they may match each other (M1 = M11). This will be described from another angle as follows.

Now, two encryptors 1 for secret key transmission
05 and 107 assume that the input plaintext has L bits, the encryption key has L bits, and the generated ciphertext has L bits. Then, with respect to the encryptor 105, when the encryption key L bits are fixed to one (for example, K2), the plaintext-to-ciphertext has a perfect one-to-one mapping relationship of L bits to L bits, Therefore, it is possible to completely decrypt all the L bits of the cipher text.

However, the encryption device 107 has a special usage. That is, the plaintext has L bits and the ciphertext has L bits, but when the plaintext L bits are changed, the encryption key L bits are changed at the same time.
Therefore, for this encryptor 107, it is not guaranteed that the plaintext-to-ciphertext has a perfect one-to-one mapping relationship of L bits to Lbits. Complete decryption is not guaranteed.

This means that the number of ciphertexts generated for 2 L-th power plaintexts is less than 2 L-th power, that is, there are two or more plaintexts that generate the same ciphertext. It means that there is a possibility. Therefore, in the receiving apparatus 200 of the first embodiment, the decrypted text Mj obtained by decrypting the encrypted text Ca and the decrypted text Mjj obtained by decrypting the encrypted text Cm match, but these decrypted texts Mj and Mj
A problem may occur that j does not match the original message M.

In the present embodiment, the decryption unit 320, the comparison unit 322, the gate unit 321 and the like provided in the transmission device 300 determine the inappropriate combination of the ciphertexts Ca and Cm that cause such a problem. It is prevented from being transmitted to. [Operation of Transmitting Apparatus] FIG. 5 is a flowchart showing an operation procedure of transmitting apparatus 300 in the cryptographic communication system of the second embodiment.

In the figure, steps S30 to S33,
Step S39 is performed in the case of the first embodiment (FIG. 2).
Are the same as Steps S10 to S13 and Step S14 of FIG. However, in step S33, the ciphertext Ca generated from the encryptor 105 is held in the gate unit 321. On the other hand, the ciphertext Cm generated from the encryptor 107 passes through the distributor 323 and the gate unit 321 and the comparison unit 322. Is held.

When the transmission device 300 finishes selecting the secret key Ks and generating three ciphertexts Cd, Ca, and Cm (steps S30 to S33), the transmitting apparatus 300 transmits the ciphertexts Cd, Ca, and Cm before transmitting them. Certain loop processing (steps S34 to S34)
38) is performed. This loop processing determines whether the currently generated ciphertexts Ca and Cm are appropriate ciphertexts for transmitting the secret key Ks.
This is a process for newly generating a and Cm.

Specifically, first, secret key selecting section 104
Is the one secret key Ks selected in step S30.
The following processes (steps S35 to S37) are repeated (steps S34 to S38) by sequentially reading out the secret keys Kj except for from the secret key storage unit 103 one by one and sending them to the decryptor 320. First, the decryptor 320 decrypts the ciphertext Ca generated in step S33 using the secret key Kj sent from the secret key selection unit 104 as a decryption key, and outputs the decrypted text Ma obtained to the selectors 324 and 325. Send (step S35).

The selectors 324 and 325 determine the decrypted text M
Select a and let it pass. As a result, the encryptor 107
The decrypted text Ma is encrypted using the decrypted text Ma as an encryption key, and the obtained encrypted text Cmm (= E2 (Ma, Ma)) is distributed to the distributor 32.
3 and the distributor 323 passes the ciphertext Cmm and sends it to the second input port of the comparison unit 322 (step S3).
36).

The comparing unit 322 outputs the ciphertext Cm already input to the first input port in step S33 and already held.
Then, it is determined whether or not the ciphertext Cmm currently input to the second input port matches (step S37). as a result,
If they do not match, the same processing is repeated for the other secret keys Kj (steps S35 to S37).

As a result, all the secret keys except the secret key Ks selected in step S30 are compared by the comparison unit 32.
If the determination results in step 2 do not match, step S
Since the two ciphertexts Ca and Cm generated at 33 correspond to the case where it is determined that they are appropriate ciphertexts, the above-described loop processing is terminated, and the transmission units 110, 111, and 112 respectively perform Generated by the ciphertext Cd, the gate unit 32
Receiving the ciphertexts Ca and Cm held in the receiving device 200
(Step S39).

On the other hand, if there is a match in the judgment at step S37, it means that the two ciphertexts Ca and Cm generated at step S33 are determined to be inappropriate ciphertexts. Is interrupted, and the procedure starting from generation of the message M is repeated again (steps S32 to S36). That is, the comparison unit 322 performs the two ciphertexts Ca and Cm held in the gate unit 321.
Is discarded, and the message generating unit 106 generates a new message M (step S32). Then, new ciphertexts Ca and Cm are generated by encryption using the message M (step S33), and it is determined whether or not these are appropriate ciphertexts (step S34).
~ S37).

As described above, according to the transmitting apparatus 300, the receiving apparatus 200 that has received the ciphertexts Ca and Cm from the transmitting apparatus 300 has a secret key Kj different from the secret key Ks used in the transmitting apparatus 300. Despite the use of, the problem that the decrypted text Mj obtained by decrypting the encrypted text Ca and the decrypted text Mjj obtained by decrypting the encrypted text Cm are prevented from matching. (Embodiment 3) Next, Embodiment 3 of the present invention will be described with reference to the drawings.

In the third embodiment, three types of ciphertexts Cd, Ca,
Common to the first embodiment in that it is a secret key cryptographic communication system for transmitting a digital work and a secret key using Cm, and a function of preventing inappropriate ciphertexts Ca and Cm from being transmitted to a receiving device. Embodiment 2 in that
However, the method of realizing this is different from that of the second embodiment. [Configuration of Transmitting Apparatus] FIG. 6 is a block diagram showing a configuration of transmitting apparatus 400 in the cryptographic communication system according to the third embodiment. The receiving device according to the present embodiment is the same as the receiving device 200 according to the first embodiment shown in FIG.

The transmitting apparatus 400 includes the components 101 to 107, 110 to 11 included in the transmitting apparatus 100 of the first embodiment.
2, two decoders 420 and 423, and a gate unit 4
21 and a comparing unit 422. The decoder 420 and the gate unit 421 have the same functions as the decoder 320 and the gate unit 321 of the transmitting apparatus 300 according to the second embodiment illustrated in FIG. 4, respectively. In addition, the decoder 420, the decoder 423, and the comparison unit 422 have the same functions as the decoder 221, the decoder 222, and the determination unit 223 of the reception device 200 of the first embodiment illustrated in FIG.

That is, the decryptor 420 is an IC or the like that performs decryption based on a secret decryption algorithm D2 which is an inverse transform of the encryption algorithm E2 of the encryptor 105, and performs decryption on the ciphertext Ca generated by the encryptor 105. Secret key selector 10
Then, the decrypted message Ma (= D2 (Ca, Kj)) is decrypted by using the secret key Kj sequentially transmitted from No. 4 and transmitted to the first input port of the comparing unit 422 and the decryptor 423.

The decryptor 423 has a secret decryption algorithm D3 which is the inverse transform of the encryption algorithm E3 of the encryptor 107.
An IC or the like that performs decryption based on the decryption text Cm generated by the encryptor 107 by using the decrypted text Ma sent from the decryptor 420 and obtaining the decrypted text Mm (=
D3 (Cm, Ma)) is sent to the second input port of the comparing section 422.

The comparing unit 422 is composed of a comparator and the like. Each time the secret key selecting unit 104 sends one secret key Kj to the decrypting unit 420, the decrypted text Ma sent from the decrypting unit 420 and the decrypting unit 423 are output. It is determined whether or not the decrypted text Mm sent from the server matches. As a result, if they match, the message generation unit 106 and the gate unit 421 are notified of the fact, so that the message generation unit 106 generates the message M again and the two messages held in the gate unit 321 are retained. The ciphertexts Ca and Cm are discarded, and new ciphertexts Ca and Cm are retained.

On the other hand, the secret key selecting unit 104
0 for all the secret keys sent to
If the decrypted text Mm and the decrypted text Mm do not match, the fact is notified to the gate unit 421, and the two encrypted texts Ca and Cm held in the gate unit 421 are transmitted to the transmitting units 111, 1
12 is transmitted. The gate unit 421 includes a latch circuit and the like, and the ciphertext Ca generated by the encryptor 105 and the encryptor 1
07 holds each of the ciphertexts Cm generated by the
On the basis of the notification from the server 22, they are discarded or output to the transmission units 111 and 112. [Operation of Transmission Apparatus] FIG. 7 is a flowchart showing an operation procedure of transmission apparatus 400 in the cryptographic communication system of the third embodiment.

This figure is almost the same as the flow chart of the second embodiment (FIG. 5), but differs in the judgment object when judging whether the ciphertexts Ca and Cm are appropriate ciphertexts. That is, in the second embodiment, the decrypted text Ma obtained by the decryptor 320 is encrypted as a plaintext and an encryption key (step S36 in FIG. 5), and the two encrypted texts Cm and Cmm are compared (step S37 in FIG. 5). ), In the present embodiment, the decoder 420
Is decrypted using the decrypted text Ma obtained in (1) as a decryption key (step S46 in FIG. 7), and the two decrypted texts Ma and Mm.
(Step S47 in FIG. 7).

As a result, similarly to the second embodiment, in the receiving device 200 that has received the ciphertexts Ca and Cm from the transmitting device 400 of the present embodiment, a secret key Kj different from the secret key Ks used in the transmitting device 400 is used. Despite the use of, the problem that the decrypted text Mj obtained by decrypting the encrypted text Ca and the decrypted text Mjj obtained by decrypting the encrypted text Cm are prevented from matching.

The transmitting apparatus 400 according to the present embodiment includes the selectors 324 and 324 required for the transmitting apparatus 300 according to the second embodiment.
25, it can be said that the distributor 323 is replaced with one decoder 423. As described above, the secret key transmission system of the present invention has been described based on the first to third embodiments. However, it is needless to say that the present invention is not limited to these embodiments. That is, (1) The transmission medium in the secret key transmission method according to the first to third embodiments is the wired transmission paths 120 to 122,
A recording medium such as D (Digital Video / Versatile Disc) may be used. In that case, the transmitting devices 100, 300,
Reference numeral 400 denotes a DVD recording drive, and the receiving device 200
Corresponds to a DVD playback drive.

This is because the secret key transmission method includes a case where the secret key is transmitted not only in real time via a transmission path but also by offline distribution via a recording medium. (2) In the first to third embodiments, the message M generated by the message generation unit 106 is a random number and is used only as a carrier for transmitting the secret key Ks. Not limited
For example, the message may have a meaning that the transmitting device wants to transmit to the receiving device.

This is because the present invention is a technique in which both the message M and the secret key Ks are transmitted from the transmitting device to the receiving device in a concealed state. (3) In the first to third embodiments, three different encryption algorithms are used, but they may be the same. Further, a plurality of secret key storage units and a plurality of encryptors / decryptors may be realized by a circuit formed in one semiconductor IC.

For example, the three circuit groups of the receiving apparatus 200 shown in FIG. 1 can be combined into one circuit group.
That is, one repetition control circuit that sequentially reads out the three secret keys K1, K2, and K3 and repeats the following decryption and match determination for each secret key, and decrypts one read secret key Ki. The ciphertext Ca is decrypted as a key based on the decryption algorithm D2, and the decrypted text Mi (= D2 (Ca, K
i)) and a second decryption that decrypts the ciphertext Cm using the decryption text Mi as a decryption key based on the decryption algorithm D3 to generate a decryption text Mii (= D3 (Cm, Mi)). And one determination unit that determines whether or not the two decrypted texts Mi and Mii match. (4) In the first to third embodiments, the cryptographic communication system is configured by one transmitting device and one receiving device, but is configured by one transmitting device and two or more receiving devices. You may. (5) In the first to third embodiments, the secret key selecting unit 1
04 selects a secret key arbitrarily, but the present invention is not limited to such a selection method. For example, a secret key is selected in accordance with a predetermined priority, and if the secret key is decrypted, another secret key is selected. It may be selected. (6) Further, in the first to third embodiments, three secret keys are distributed to each of the transmitting device and the receiving device, and only one selected from them is used for encryption. It is not limited to. For example, ten secret keys are distributed to both devices, and a combination of two secret keys selected from them (for example, an exclusive OR for each bit) is assigned to the secret key of the above embodiment. Ks and a combination of two secret keys different from the combination may be used as the secret key Kj in the above embodiment.

[0077]

As is apparent from the above description, the secret key transmission system according to the present invention transmits one secret key Ks by selecting from a plurality of secret keys distributed in advance in common. In a communication system including a device and a receiving device that receives the device, the transmitting device includes a secret key storage unit that stores a plurality of secret keys K1 to Kn, and a secret key selection unit that selects and reads one secret key Ks therefrom. Means, a message generating means for generating a message M which is a carrier for transmitting the secret key Ks, and a first cipher for encrypting the generated message M using the secret key Ks to generate a ciphertext Ca Encrypting means, a second encrypting means for encrypting the message M using the message M itself as an encryption key to generate a ciphertext Cm, and transmitting the ciphertexts Ca and Cm to the receiving device as transmission of the secret key Ks. A receiving device, comprising: a first decryption unit configured to decrypt the ciphertext Ca by sequentially using any one of the plurality of secret keys K1 to Kn to generate a decryption text Mi; A second decryption unit that decrypts the decrypted text Mi as a decryption key to generate a decrypted text Mii, a determination unit that determines whether the decrypted texts Mi and Mii match, and a case where any one of the secret keys Ki matches. Then, the secret key Ki is recognized as the secret key transmitted from the transmitting device.

That is, the receiving apparatus uses as a criterion the fact that the ciphertext Cm has regularity, that is, the property that the ciphertext Cm is obtained by encrypting the plaintext M using the same encryption key M as the plaintext M. And 1 used in the transmitting device
Private keys Ks and the message M can be specified. Thereby, one secret key Ks arbitrarily selected by the transmitting device from the plurality of secret keys K1 to Kn is transmitted from the transmitting device to the receiving device in a state of being hidden rather than being explicit. Since the receiving device can specify the single secret key Ks, a secret key transmission method in which it is difficult to estimate the secret key by an unauthorized third party attack is realized.

Further, even if one secret key Ks is decrypted, the transmitting apparatus can select and transmit another secret key from a plurality of secret keys, so that a new secret key can be transmitted. A secret key transmission scheme for secret key cryptographic communication capable of continuing cryptographic communication without updating to a key is realized. Here, before transmitting the ciphertexts Ca and Cm to the receiving device, it is determined whether or not the ciphertexts Ca and Cm are suitable for specifying one secret key Ks without error by the receiving device. You can also verify it.

More specifically, the transmitting device further decrypts the ciphertext Ca by sequentially using the secret keys Kj not selected by the secret key selecting means one by one as a decryption key. A first decryption unit for generating a sentence Ma, and a second encryption for generating a ciphertext Cmm by encrypting the decrypted text Ma by the second encryption unit using the decrypted text Ma itself as an encryption key. It is also possible to provide a control means, a comparison means and a gate means for permitting the transmission of the two ciphertexts Ca and Cm only when the ciphertext Cmm and the ciphertext Cm do not match for all the secret keys Kj.

Further, the transmitting device further performs 1 for all secret keys Kj not selected by the secret key selecting means.
First decryption means for generating a decrypted text Ma by sequentially decrypting the encrypted text Ca by using the decrypted text Ma as a decryption key, and decrypting the encrypted text Cm using the decrypted text Ma as a decryption key; , A comparing means and a gate means for permitting the transmission of the two ciphertexts Ca and Cm only when the decrypted texts Ma and Mm do not match for all the secret keys Kj. Can also be provided.

As a result, a problem based on the fact that the plaintext M and the encryption key M input to the second encrypting means are the same, that is, the receiving apparatus sets the secret key Ks selected by the transmitting apparatus.
This prevents a problem that another secret key Kj different from the above is erroneously recognized as being transmitted.

[Brief description of the drawings]

FIG. 1 is a block diagram illustrating a configuration of a cryptographic communication system according to a first embodiment of the present invention.

FIG. 2 is a flowchart showing an operation procedure of a transmission device 100 of the same system.

FIG. 3 is a flowchart showing an operation procedure of the receiving device 200 of the same system.

FIG. 4 is a block diagram illustrating a configuration of a transmission device 300 in the cryptographic communication system according to the second embodiment of the present invention.

FIG. 5 is a flowchart showing an operation procedure of the transmitting apparatus 300.

FIG. 6 is a block diagram illustrating a configuration of a transmitting device 400 in the cryptographic communication system according to the third embodiment of the present invention.

FIG. 7 is a flowchart showing an operation procedure of the transmitting apparatus 400.

[Explanation of symbols]

 REFERENCE SIGNS LIST 100 transmitting device 101 digital work 102 encryptor E1 103 secret key storage unit 104 secret key selecting unit 105 encryptor E2 106 message generating unit 107 encryptor E3 110-112 transmitting unit 120-122 transmission path 200 receiving device 201 decoder D1 202 Secret key selection unit 203 Total judgment unit 210-212 Receiver 220 Secret key (K1) storage unit 221, 231, 241 Decoder D2 222, 232, 242 Decoder D3 223, 233, 243 Judgment unit 230 Secret key (K2 ) Storage unit 240 Secret key (K3) storage unit 300 Transmission device 320 Decoder D2 321 Gate unit 322 Comparison unit 323 Distributor 324, 325 Selector 400 Transmission device 420 Decoder D2 421 Gate unit 422 Comparison unit 423 Decoder D3

 ──────────────────────────────────────────────────続 き Continuing on the front page (72) Inventor Takehisa Kato 70, Yanagicho, Yukicho, Kawasaki-shi, Kanagawa Prefecture Inside the Toshiba Yanagicho Plant (72) Inventor Naoki Endo 70, Yanagicho, Yukicho, Kawasaki-shi, Kanagawa Prefecture In-plant (72) Inventor Koichi Hirayama 70, Yanagicho, Yuki-ku, Kawasaki-shi, Kanagawa Pref.

Claims (14)

[Claims] 1. A cryptographic communication system comprising a transmitting device and a receiving device for performing cryptographic communication using one selected from a plurality of secret keys, and transmitting the selected one secret key to the transmitting device. A secret key transmission scheme for transmitting to the receiving device from the first secret key storing device, wherein the transmitting device includes: a first secret key storing unit that stores the plurality of secret keys in advance; and a plurality of the plurality of secret keys that are stored in the first secret key storing unit. Secret key selecting means for selecting and reading one of the secret keys; message generating means for generating one message; and encrypting the one secret key selected by the secret key selecting means for the message. A first encryption unit for encrypting the message based on a first encryption algorithm to generate a first ciphertext, and encrypting the message based on a second encryption algorithm using the message as an encryption key. However,
A second ciphertext for generating a second ciphertext; and a transmitting means for transmitting the first ciphertext and the second ciphertext to the receiving device. The receiving device stores the plurality of secret keys in advance. A second secret key storing means for receiving, a receiving means for receiving the first cipher text and the second cipher text transmitted from the transmitting device, and a first secret key for the received first cipher text.
And decrypting the first key as a decryption key based on a first decryption algorithm which is an inverse transform of the first encryption algorithm.
First decryption means for generating a decrypted text, and decrypting the received second ciphertext using the first decrypted text as a decryption key based on a second decryption algorithm which is an inverse transform of the second cryptographic algorithm. A second decryption unit for generating a second decrypted text, and determining whether or not the first decrypted text and the second decrypted text match. If the first and second decrypted texts match, the second decryption unit is used by the first decryption unit. Determining means for determining that the secret key is the secret key transmitted from the transmitting device; and decrypting the plurality of secret keys sequentially stored in the second secret key storage means by the first decryption means. 2
A secret key transmission system, comprising: a repetition control unit that controls so that the decryption by the decryption unit and the determination and recognition by the determination unit are repeated. 2. The transmitting device further determines whether the first ciphertext and the second ciphertext are appropriate ciphertexts that can be certified by the receiving device without error, and if appropriate, Permitting the first ciphertext and the second ciphertext to be transmitted to the receiving device by the transmission unit, and, if inappropriate, causing the message generation unit to generate a new message; 2. The secret key transmission system according to claim 1, further comprising ciphertext eligibility checking means for repeating encryption by means and encryption by said second encryption means. 3. The ciphertext eligibility checking means, other than a single secret key selected by the secret key selecting means, among a plurality of secret keys stored in the first secret key storage means. All of the secret keys are sequentially read out one by one from the first secret key storage means to form decryption keys, and the first cipher text is decrypted based on the first decryption algorithm to generate a third decrypted text. A third decryption unit, and a first encryption control unit that controls the second encryption unit so as to encrypt the third decrypted text using the third decrypted text as an encryption key and generate a third encrypted text. And comparing the second ciphertext and the third ciphertext, and if all the secret keys except the one secret key do not match, the first ciphertext and the second ciphertext are appropriate. Is determined to be 3. The secret key transmission system according to claim 2, further comprising a comparing unit that determines that the first cipher text and the second cipher text are inappropriate cipher texts. 4. The transmission device further includes: a transfer data storage unit that stores transfer data to be transferred to the reception device; and one secret key selected by the secret key selection unit for the transfer data. A third encryption unit that encrypts the key based on a third encryption algorithm using a key as an encryption key to generate a fourth ciphertext, wherein the transmission unit includes the fourth ciphertext together with the first ciphertext and the second ciphertext. Transmitting the ciphertext to the receiving device; the receiving unit of the receiving device receives the fourth ciphertext together with the first ciphertext and the second ciphertext; and the receiving device further converts the fourth ciphertext into the fourth ciphertext. On the other hand, the secret key recognized by the determination means is used as a decryption key, and decryption is performed based on a third decryption algorithm which is an inverse transform of the third encryption algorithm, and the fourth decryption is performed to restore the original transfer data.
4. The secret key transmission system according to claim 3, further comprising a decryption unit. 5. The ciphertext eligibility checking means, other than a single secret key selected by the secret key selecting means, among a plurality of secret keys stored in the first secret key storage means. All of the secret keys are sequentially read out one by one from the first secret key storage means to form decryption keys, and the first cipher text is decrypted based on the first decryption algorithm to generate a third decrypted text. A third decryption unit, wherein the third decrypted text is used as a decryption key for the second encrypted text,
A fourth decryption unit that decrypts based on the second decryption algorithm to generate a fourth decryption text; and compares the third decryption text with the fourth decryption text, excluding the one secret key. If all of the secret keys do not match, the first ciphertext and the second ciphertext are determined to be appropriate ciphertexts. If any of the secret keys match, the first ciphertext and the second ciphertext are used. 3. The secret key transmission system according to claim 2, further comprising a comparing unit that determines that the sentence is an inappropriate ciphertext. 6. The transmission device further comprises: transfer data storage means for storing transfer data to be transferred to the reception device; and one secret key selected by the secret key selection means for the transfer data. A third encryption unit that encrypts the key based on a third encryption algorithm using the key as an encryption key to generate a third ciphertext, wherein the transmission unit includes the third ciphertext together with the first ciphertext and the second ciphertext. Transmitting the ciphertext to the receiving device; the receiving unit of the receiving device receives the third ciphertext together with the first ciphertext and the second ciphertext; and the receiving device further converts the third ciphertext into the third ciphertext. On the other hand, a secret key recognized by the determination means is used as a decryption key, and decryption is performed based on a third decryption algorithm which is an inverse transform of the third encryption algorithm, and the fifth decryption is performed to restore the original transfer data.
The secret key transmission system according to claim 5, further comprising a decryption unit. 7. In a cryptographic communication system including a transmitting device and a receiving device that perform cryptographic communication using one selected from a plurality of secret keys, the selected one secret key is transmitted to the receiving device. The transmission device for transmitting, wherein: a first secret key storage unit that stores the plurality of secret keys in advance; and a secret that selects and reads one from the plurality of secret keys stored in the first secret key storage unit. Key selection means; message generation means for generating one message; and encrypting the message based on a first encryption algorithm using one secret key selected by the secret key selection means as an encryption key; First encryption means for generating a first ciphertext, and a second cipher for generating a second ciphertext by encrypting the message using the message as an encryption key based on a second encryption algorithm. Means a transmission characterized in that it comprises a transmitting means for transmitting the first ciphertext and the second ciphertext to said receiving apparatus apparatus. 8. The transmitting device further determines whether the first ciphertext and the second ciphertext are appropriate ciphertexts that can be certified by the receiving device without error, and if appropriate, Permitting the first ciphertext and the second ciphertext to be transmitted to the receiving device by the transmission unit, and, if inappropriate, causing the message generation unit to generate a new message; 8. The transmitting apparatus according to claim 7, further comprising ciphertext eligibility checking means for repeating encryption by means and encryption by said second encryption means. 9. The ciphertext eligibility checking means, other than the one secret key selected by the secret key selecting means, among a plurality of secret keys stored in the first secret key storage means. All the secret keys are sequentially read out one by one from the first secret key storage means as decryption keys, and the first ciphertext is converted to the first ciphertext based on a first decryption algorithm which is an inverse conversion of the first encryption algorithm. Decrypt the first
A first decryption means for generating a decrypted text, and a second decryption means for controlling the second encryption means so as to encrypt the first decrypted text using the first decrypted text as an encryption key and generate a third encrypted text. (1) comparing the second ciphertext and the third ciphertext with each other, and if the two ciphertexts do not agree with each other except for the one secret key, the first ciphertext and the third ciphertext are compared. The second ciphertext is determined to be an appropriate ciphertext, and has a comparing means for determining that the first ciphertext and the second ciphertext are inappropriate ciphertexts when any one of the secret keys matches. The transmission device according to claim 8, wherein 10. The transmission device further includes: a transfer data storage unit that stores transfer data to be transferred to the reception device; and one secret key selected by the secret key selection unit for the transfer data. A third encryption unit that encrypts the key based on a third encryption algorithm using a key as an encryption key to generate a fourth ciphertext, wherein the transmission unit includes the fourth ciphertext together with the first ciphertext and the second ciphertext. The transmitting device according to claim 9, wherein cipher text is transmitted to the receiving device. 11. The ciphertext eligibility checking means, other than a single secret key selected by the secret key selecting means, among a plurality of secret keys stored in the first secret key storage means. All the secret keys are sequentially read out one by one from the first secret key storage means and used as decryption keys.
First decryption means for decrypting the cipher text based on a first decryption algorithm which is an inverse transform of the first cipher algorithm to generate a first decryption text; and The second decryption is performed by using the first decryption text as a decryption key and decrypting the second decryption text based on a second decryption algorithm which is an inverse transform of the second encryption algorithm.
Decrypting means for comparing the first decrypted text with the second decrypted text, and when all of the secret keys except the one secret key do not match, the first cipher text and the second cipher text are compared. The first ciphertext and the second ciphertext are determined to be appropriate ciphertexts, and the first ciphertext and the second ciphertext are compared with each other. The transmission device according to claim 8. 12. The transmission device further includes: a transfer data storage unit that stores transfer data to be transferred to the reception device; and one secret key selected by the secret key selection unit for the transfer data. A third encryption unit that encrypts the key based on a third encryption algorithm using the key as an encryption key to generate a third ciphertext, wherein the transmission unit includes the third ciphertext together with the first ciphertext and the second ciphertext. The transmitting device according to claim 11, wherein the ciphertext is transmitted to the receiving device. 13. A method for transmitting the selected one secret key in a cryptographic communication system including a transmitting device and a receiving device for performing cryptographic communication using one selected from a plurality of secret keys. The first ciphertext and the second ciphertext received from the transmitting device, the first secret key storing means for storing the plurality of secret keys in advance, and the first secret key storage means transmitted from the transmitting device. Receiving means for receiving a ciphertext and a second ciphertext; and one of the plurality of secret keys corresponding to the received first ciphertext.
First decryption means for decrypting the first decryption key using the first decryption key as a decryption key and generating a first decryption text based on a first decryption algorithm which is an inverse transform of the first encryption algorithm used to generate the first ciphertext; The received second ciphertext is decrypted using the first decryption text as a decryption key based on a second decryption algorithm that is an inverse conversion of the second encryption algorithm used to generate the second ciphertext, A second decryption unit for generating a second decrypted text; and determining whether the first decrypted text and the second decrypted text match. If they match, the secret used by the first decryption unit is determined. Determining means for certifying that the key is a secret key transmitted from the transmitting device; and sequentially decoding the plurality of secret keys stored in the first secret key storage means by the first decoding means.
A receiving apparatus comprising: a repetition control unit that controls so that the decoding by the decoding unit and the judgment and recognition by the judging unit are repeated. 14. The receiving means, together with the first ciphertext and the second ciphertext, selects one selected by the transmitting device.
Receiving a third ciphertext in which transfer data is encrypted based on a third cipher algorithm using the plurality of secret keys as encryption keys, and the receiving device further includes: the determination unit for the third ciphertext And a third decryption unit that decrypts the secret key certified by the above as a decryption key based on a third decryption algorithm that is an inverse transform of the third encryption algorithm and restores the original transfer data. 14. The receiving device according to claim 13, wherein