JPH10285154A - Key generation system constituting perfect secrecy cipher system, key shared protocol with authentication, 'one-time stream cipher', 'one-time password' and key management algorithm - Google Patents

Abstract

PROBLEM TO BE SOLVED: To give informational logical security to an open network. SOLUTION: In a key generation system which provides both terminals that perform communication in a client/server network, etc., with a register which operates with 2u (u>4) adic number, and is provided with a mapping algorithm part that executes map of an integer space of the register (Is → Is) to its own and generates an 'integer orbit' and a compressing and converting part which compresses and converts the 'integer orbit' and creates a binary 'key stream', when inverse map that traces back a map algorithm to the past is attempted, not only 'n-bits entropy' occurs, but also 'informational logical security map algorithm' to which 'entropy' that accompanies compressive conversion is also added is mounted to n-times inverse map and is 'intentionally' embedded in the algorithm of cipher and decoding.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION The present invention relates to a method for computing the conventional network security to a computational security.
Security ”, while open networked information-theoretic security“ Unconditional Securit ”
Y ""

Information-theoretic secure key generation system Information-theoretic secure authentication technology Information-theoretic secure key distribution technology Information-theoretic secure key storage technology Information-theoretic secure message encryption technology Information theory To secure digital signature technology.

[0003]

2. Description of the Related Art Whether it is the Internet or an intranet, the security required there covers the above six fields. There are two types of encryption technologies to achieve security: symmetric encryption and asymmetric encryption. Currently, a hybrid method that combines these two methods is used for network and network.
It looks like they have achieved security. In the symmetric encryption method, the encryption key and the decryption key are the same symmetric key. This symmetric key must be kept secret in order to maintain the confidentiality of the message, and is called a "secret key".

Diffie-Hellma has historically solved how to share this secret key on a network.
n key distribution method. It is well known that the RSA was devised from this, and the asymmetric encryption itself was established.

At present, the above-mentioned six technical fields are covered by a hybrid system in which symmetric cryptography is applied to message encryption, and the other fields are applied with asymmetric cryptographic application technology. Among these, as for the personal authentication technology, a technology that is practically simpler is spreading.

For example, each time the client accesses the server by applying the method of “challenge & Response”, the server sends out a plain text of “challenge number” every time, and the client receiving this sends “passwo
Return the encrypted text "rd" to the server. This is the Response. It goes without saying that symmetric encryption software such as DES is already installed on both the client and the server.

Since plaintext and ciphertext are sent out on the network each time, breaking this security is easy for a national organization. On the other hand, the private sector seems to have achieved sufficient security. One of the more reliable authentication technologies is One-Time password (O
TP; referred to as OTP in the RFC). The drawback is that it is not suitable for commerce because of its limited use. RSA
Is the current mainstream authentication technology. But keep in mind that this relies on computational security.

[0008]

Conventionally known cryptography is a technology which claims to be "computationally secure"; this is called "Computational Security". This type of technology is now the standard for open networks. For example, DES and RSA are famous.

It is a cipher that is guaranteed to be secure as long as it is to be broken on a computer that loves routine work. But when it comes to RSA, what will happen in the future if new mathematics about the distribution of prime numbers is born (Riemann conjecture)? The prime factorization of integers will be easy to do, at which time the electronic money flying around the world will be no longer electronic money. “Computationally secure” is relative security in this sense, but not secure in the future.

Another difficulty is that conventional cryptography is linked to national security. Therefore,
It goes without saying that there are various restrictions on the conversion of these cryptographic technologies to private use.

Therefore, the emergence of a new encryption technology that can be used in an open network is desired. What kind of conditions must a cryptographic technology that can achieve standard security in this world withstand; the technology is made public, evaluated, and made available to everyone? First you have to accept.

[0012] The secrecy, as in the past, that only some people share technology, that is, maintaining security by making the technology itself private, does not apply to open networks. Therefore, it can be seen that simply complicating the encryption system does not solve the problem.

[0013] Gilbert Vernum One-Time Pad that was announced in 1917 by the will, simply to win is known to be the first practical technology to provide a "complete secrecy" Note ^1. However, this technology has serious problems that cannot be applied to open networks, even though it has conditions that can withstand the above-mentioned standards. The apolia is related to "key distribution and key management"; it is an aporia that requires a secure communication path in addition to the communication path to distribute a key.

[0014] Therefore, it is possible to handle the information privately, and it is used only for military or diplomatic communication in which a key is distributed by a special person. The concept of perfect confidentiality is said to have been given by CEShannon (1) 30 years after the commercialization of this cipher. This significance is especially significant in the era of open networks today. Because the encryption technology in the conventional open network is "Computational Se
He presented the theoretical existence and security of cryptosystems that only allow "probabilistic answers" while relying on the relative security of "curity". To put it plainly, the security of cryptography is that only the probability theory is "breakable" even if all the cryptographic technologies are disclosed, without any back and forth, and even if all technological advances are taken into account, the cryptography is "broken". It is to clarify the nature. Such cryptosystems are "informatively secure" or "Unconditional Securi
ty ". If the profane terms, hackers, do not put out only expected to shake the dice, such as dice there is also 2 ^256, as well as a computer program made a plain text by analyzing the ciphertext, all plaintext etc. Since it appears in the probability, it also results in rolling dice.

[0015] In conclusion, a security technology that can become a standard in an open network should rely on such an “Unconditionally Secure” encryption system.

However, if this kind of secure encryption system, for example, “One-Time Pad cipher” is applied to a network (Note 3), “key distribution and key management” will be replaced by another encryption system or another key system. As we come across the serious problem of having to rely on secure channels, how to get rid of this aporia, here is a test of new cryptography and its implementation, and the present invention breakthrough It is also a point.

[0017]

SUMMARY OF THE INVENTION The basis of cryptography lies in a key generation system, in other words, the basis of cryptography depends on an algorithm for generating random numbers. Even though the conventional random number generation algorithm is “Computationally Secure”, it is not an “Unconditionally Secure” random number generation method.
Or, there is no evidence of research on information-theoretic security.

One of the “Unconditionally Secure” random number generation theories has been discovered in “the fractal structure itself that causes chaos”. The discovery that Cantor sets are "information-theoretically secure" algorithms. It does not simply mean creating chaotic phenomena and extracting a random number sequence from them. In other words, even if someone says that they generated a chaotic random number on a computer and generated a random number sequence, that would not be an assertion that it was an "information-theoretically secure" random number generator, It does not claim that it uses secure random numbers. Furthermore, the argument that random numbers created by chaos theory are safe, or conversely they are not secure because they use simple nonlinear functions, has nothing to do with this "Unconditional Security" argument. This must be emphasized.

1) Information-theoretically secure one-way transformability of chaos mapping; Regardless of the nonlinear curve used, the chaotic orbit generated by the mathematical chaos mapping forming the Cantor set is (Chaos Orbit) While it is uniquely determined for the future, going to the past (attempting to reverse map n times) results in 2 ⁿ uncertainties (traversing the Cantor set in reverse). Consider the "Entropy" of this inverse mapping n times.

Since chaotic orbits do not intersect with each other, that is, they do not pass through the same mathematical point, "all points on the chaotic orbit appear with equal probability" within a finite time.
It can be said. Looking at the nature of the chaotic mapping from the viewpoint of information theory, it can be seen that "Entropy of n-time inverse mapping is n bits" (because it appears with equal probability). Note that the mathematical chaotic trajectory does not match the packaging chaotic trajectory; since the packaging chaotic trajectory is a finite-precision integer trajectory, simply program the chaotic theory. Does not become chaos. Therefore, if we limit the discussion to mathematical chaos, "Past chaotic orbital values take on an uncertainty of n bits more than the current orbital values, that is, n
It bears the amount of information of bits. " (This information-theoretic structure is not always found only in chaotic maps, but since chaos theory has already been established, it can be used with confidence. Looking at this information-theoretic structure, we find the idea that the chaotic orbital value at any given moment can be used as an "information-theoretic secure secret key". Because the act of breaking the cipher is to identify the cause of the "Originator" side "going back" from the current data on the "Recipient" side, "Entrop" of the inverse mapping n times
"y" has n bits, which means "an information-theoretically secure key."
Algorithm. On the other hand, this secret key can function as a “decryption key: unique-decipherbility” because its chaotic orbit is “uniquely determined for the future”. This is a cryptographically true attribute. Here again, we use the chaos orbit value at any instant on the chaotic orbit, which functions as the "decryption key", as an "information-theoretic extended secret key: Secret Key-Enhansed"
And a past chaotic orbit value having an extra uncertainty of n bits when viewed from the extended secret key is defined as a “secret key”. These chaotic orbit values may be referred to as “chaos keys” in the idea. (Details will be described in FIG. 2). As described above, the mathematical chaos map is CE
A reconsideration from Shannon.'S Information Theory Note 1 shows that chaotic orbitals "have an information-theoretic safe one-way conversion property." From this information-theoretic discovery, we have established a basic theory for a completely confidential cryptosystem "Perfect SecrecyCryptosystem". The chaos mapping itself has already been presented and described as a "hidden OS" in Japanese Patent Application No. 2-226500, "Wireless Telephone Secret System and Secret Communication LSI" in 1990.

This time, the viewpoint was shifted to the study of .Shanno, and the algorithm forming the Cantor set was adopted as a basic theory for realizing information-theoretic security.

The chaotic mapping on the mounting technology is expressed as "chaotic mapping" Note ² . When simply referred to as chaotic mapping, it means mathematically "one-way conversion that is safe in terms of information theory", and when the chaotic mapping is implemented on a computer with finite precision, it is referred to as "chaotic mapping". Therefore, a "chaotic map" is an implementation that can be expected to require "n bits" of information when it goes to the future, and "n bits" when it goes to the past. It is a technical algorithm. Although the algorithm in the implementation technology is not always a chaotic mapping, a key generated from the chaotic mapping algorithm is referred to as a “chaotic key; ch.
aotic key ".

As shown in the embodiment, in the mounting technique, the fact that the amount of information toward the future of the chaotic mapping is “zero bit” is used as the basis for “performing accurately” encryption / decryption, and authentication is performed. On a basis to "execute exactly" by a "proxy key" and therefore a basis for "sharing" a proxy key and a basis for "exactly synchronous updating" so that a private key can be used only once. On the other hand, the fact that chaotic mapping requires "n bits" of information in the past is the basis for generating "information theoretically secure secret keys". All of these depend on the nature of the chaotic key.

The serious key management problem that occurs when applying "One-Time Pad Cipher" to a network has been all solved by applying the property of a secret key that is secure in information theory. In other words, the mapping algorithm for the future applies the property of uniquely determining an extended secret key, and implements a key generation system on a general protocol such as TCP / IP to achieve "information-theoretically secure synchronization control." And a breakthrough was performed. Here, the synchronous control has two meanings: the key stream is selected independently of the plaintext, and the protocol controls the chaotic mapping executed on both the client and server in synchronization with the protocol. .

This synchronization control on the communication protocol is referred to as “Secure Synchronous Protocol: S”.
SP ", which allows you to use" authenticated key agreement: A
uthenticated Key Agreement ”will be possible on open networks. According to this unique key sharing mechanism, "One-Time Pad Cipher" states that "in order to exchange keys, a separate secure communication channel must be provided."
Can solve the key distribution problem unique to.

2) Key generation system: Can keys be created with equal probability on a finite-precision personal computer? The mother that produces Cantor sets is a "continuous quantity". Some cryptographers may take the key generation lightly because it is a simple curve like a logistic curve, but because it overlooks the `` continuous quantity and fractal structure '' that underlies chaos generation. It is. Conversely, without paying attention to the structure that produces this Cantor set, it is clear that chaos cannot be created simply by programming the chaotic map; the difference between the continuous quantity and the finite precision of the computer is There is more difference than comparing size and garbage. Therefore, a key cannot be created with equal probability on a finite precision personal computer.

However, in addition to the conventional fractal structure, we have devised to introduce a “fractal operation structure that handles the infinite number of additions” (Note 2) into the computer world.

Many algorithms based on this fractal operation theory can be considered. However, no matter what algorithm is used, there must be a contrivance / invention based on the basis that "keys appear with equal probability". (Japanese Patent Application No. 8-108058, "A device for generating a chaotic random number sequence considering periodicity")
―169869 “Random number generation device, random number generation system and cryptographic communication method” (Note 2)
On the other hand, the random number generation method described in Japanese Patent Application No. 8-338584 “Method of generating random number sequence” relates to aperiodic orbit.

Each of these algorithms uses a multi-operation algorithm as a program technique, but it depends on the theoretical basis for generating the "Chaotic Orbit". In other words, it inherits and conforms to the "fractal arithmetic structure that handles the infinite number of additions").

We also welcome other innovations that can be expected to "equally appear in the key." To summarize, “Unco
The "nditionally secure" key generation means includes means for generating a secret key and a work key, and generates them with equal probability, and the process has one-way conversion that is information-theoretically secure. Evidence that a key appears with equal probability includes no autocorrelation in “keystream”, no bias of 0/1 bit (true random number), and “Lorentz plot” appears in the operation register (Example These are important factors that must be considered in providing “Perfect Secrecy”.

The following four items are also mentioned. 3) Key stream; dynamic work key; In the above key generation system, an integer orbit value is usually represented by a decimal number. On the other hand, a work bit used for actual encryption is a binary bit string obtained by compressing and converting an integer orbit. use.

The secret key is expressed in decimal notation, and the dynamic work key is expressed as 2
When used in hexadecimal notation, even if an attempt is made to specify a chaotic trajectory (parent) from this binary bit string (child), in other words, if an eavesdropper intends to obtain internal information of a chaotic mapping, it is accompanied by compression conversion Since the uncertainty of 22n and the uncertainty of 2 ⁱ that goes back to the chaotic mapping in the past are both effective by multiplication,
It cannot be obtained by calculating the information, and it is more information-theoretic; its uncertainty is “2 ²ⁿ * 2 ⁱ ”.

Such a work key that is theoretically secure is called “Dynamic Work-key” or “secure ke”.
ystream ”.

The Entropy of the secret key of the key generation system is “2n + i bits”. This uncertainty is exactly 2
Equivalent to rolling a dice with ^{2n + i} "eyes". As an example, assuming n = 64 and i = 128, there are 2 ²⁵⁶ dice. To find the secret key,
Equivalent to rolling this huge dice.

4) "One-Time Stream Cipher": The above-mentioned information-theoretically secure key generation system is incorporated in a stream cipher which is a symmetric cipher, and once a key of any hierarchy is used, it is discarded. Introduce rules, or protocols. This encryption system is temporarily called "One-Time Stream Ci.
pher ”.

In general, in a stream cipher, a work key is generated as a bit stream having the same length as a plaintext, and the work key and the plaintext are subjected to exclusive OR (XOR) to form a ciphertext.

Now, when analyzing the key by prominently examining one terminal of the “One-Time Stream Cipher”, any secret key or dynamic work key is discarded when all keys are used once.
Should be limited to “One-Time Use”. At this time,
As described in 1), the key generation system incorporated in the communication protocol calculates all the secret keys with equal probability, and uses the communication protocol with equal probability (discards if used). Then, the encryption system is "Perfect S
ecrecy ”can be expected (Note 3).

In fact, the “One-Time Stream Ciphe” of the present invention
In “r”, while the generated private key is limited to “One-Time use”, stable communication is also realized. As described in section 1), both terminals have information theory. Using a secure secret key, "Secure Synchronization Protocol: Secure
Synchro-Protocol "is shared, and the dynamism of updating the secret key with the extended secret key is realized. The above items 1) to 4) are outlines of the basic theory of a cryptographic system for realizing “Perfect Secrecy”.

The present application relates to this mounting technology:

[Table 1]

The means of realization is as follows: Client / server network (C /
S network), 2u
(U> 4) provided with a register operating in base, mapping the integer space Is of the register to itself (Is → Is)
And a compression conversion unit that compresses and converts the 2u-ary integer trajectory to generate a binary key stream. Implement a generation system,

In the key generation system, if a reverse mapping is attempted for the mapping algorithm going back in the past, not only “n-bit Entropy” is generated for n reverse mappings but also “n-bit entropy” associated with the compression conversion is performed. Entropy ”is also implemented with an“ information-theoretically secure mapping algorithm ”, which is added to the cryptographic algorithm for the purpose of pursuing“ information-theoretic security of the key ”. An information-theoretically secure symmetric cryptosystem characterized by being "intentionally" embedded in a decryption algorithm.

2. The symmetric encryption system uses an arbitrary orbit value “ck0” of an integer orbit by the image algorithm as a “secret key”.
And at the same time, the above “key stream” is used as the work key to be actually encrypted / decrypted, while the secret key <ck
0> is input to either of the key generation systems, the mapping algorithm is executed a specified number of times (i times) in order to make the secret key an information-theoretically secure secret key,
Chaotic orbits of the secret key <ck0> (ck1, ck2, c
k3,... cki) and the convention of “storing” the chaotic trajectory values in the terminal;

Further, a new chaotic trajectory (cki, cki + 1,..., C) having the stored i-th chaotic trajectory value <cki>, that is, the “extended secret key” as an initial value, is set.
ki + j), and a contract that uses a “key stream” obtained by compressing and converting the latter integer orbit as a work key, and a “Secure Synchronous Protocol: SSP composed of these two contracts”. "

By sharing the "secure synchronization protocol" among the terminals, the security of the common key of the symmetric cryptosystem is not the security of computational complexity "Computational Security" but the security of information theory "Unconditional Security". A symmetric cryptosystem characterized by the problem ".

3. 3. The symmetric encryption system according to the above paragraphs 1 and 2, which shares a secret key <ck0>, uses a secret key <ck0> shared as a means (ID) for confirming each other.
As a means of authentication, it is not exchanged on the network, but is retained, and another integer orbital value is generated on the server of the symmetric cryptosystem based on another accidental event as an initial value.
Under the secure synchronization protocol (SSP) in section 1, the server encrypts with the client's secret key <ck0.serv> held by the server, and writes the “secret key <s
ki.serv>"and deliver it to the other client,

The client receiving this encrypted data also uses the secret key <ck0.clin held by the client.
> Implements the protocol “synchronous key delivery protocol” that also decrypts the encrypted data under “SSP” and receives “proxy key” <ski.clin>

Further, the server sets the proxy key <skn.serv
Generate a chaotic trajectory with> as an initial value and hold the extended proxy key group;

[0048]

｛Sk (n + 1) .serv, sk (n + 2) .ser
v, sk (n + 3) .serv,,｝,

On the other hand, the client also has a proxy key <skn.clin
>, Generate an integer trajectory using the initial value as the initial value and hold the extended proxy key group;

[0050]

６sk (n + 1) .clin, sk (n + 2) .cli
n, sk (n + 3) .clin ,,｝,

Each of these extended proxy key groups is input to the compression conversion unit of the key generation system, and a corresponding extended work key sequence is generated and held;

[0052]

｛, Wk1.serv, wk2.serv, wk3.ser
v ,,,｝｝, wk1.clin, wk2.clin, wk3.cli
n ,,,｝

Implement the protocol “Key Synchronization Authentication Protocol” for exchanging these information-theoretically secure extended work keys to the network; that is, (1) the newest “extended work key” from the client to the server <wk3.clin>.

(2) The following comparison is made on the server.

Client work key <wk3.clin
>: Work key on server <wk3.serv> (3) On the other hand, a relatively new "extended work key" is delivered from the server to the client. This key contains <wk1.ser
v> or <wk2.serv> may be used. (4) On the client, the following comparison is made using the key of (3).

Work key of server <wk1.serv>: Work key of client <wk1.clin> (5) If no match is found, disconnect the communication at the initiative of the terminal.

(6) When a match is found,

[0058]

## EQU00008 ## Matching of corresponding extended work keys: <wk3.serv> = <wk3.clin> = <skn.serv> = <skn.clin>: Sharing proxy key = <cki.serv> = <cki .clin>: Shared extended secret key = <ck0.serv> = <ck0.clin>: Shared secret key = Authentication completed

A “key synchronous authentication protocol” that satisfies, for example, is provided, and at the same time, shares <= skn>; that is, = completes information-theoretically secure delivery of a proxy key. "Authentication key sharing protocol: Au", which is composed of both "Key synchronous delivery protocol" and "Key synchronous authentication protocol".
3. The symmetric cryptosystem according to the above paragraphs 1 and 2, which implements sharing of a secret key by implementing a "thenticated Key Agreement Protocol".

4. Both terminals of the symmetric cryptosystem are "login"
Later, after performing “authenticated key sharing” described in the preceding paragraph 3 under the secure synchronization protocol (SSP) described in the preceding paragraph 2, the key group in the symmetric cryptosystem is

[0061]

[Expression 9] Matching of extended work key = Sharing of extended secret key = <cki.serv> = <cki.clin>; i = 1 to arbitrary = <ck0.serv> = <ck0.clin>; = <ck0 >; Share secret key,

Is a key group that unconditionally satisfies
gin "occurs, each terminal both" updates "the secret key used once with an unused extended secret key in the key group, "One-Time Stream" that satisfies the configuration requirements described in paragraphs 2, 3
"One-Time Password", which also satisfies the configuration requirements described in the above items 1, 2, and 3.

5. In order to secure the key box with information-theoretically secure security, a server equipped with a file “key box” of a large number of clients' private keys is required under the secure synchronization protocol (SSP) described in the preceding paragraph 2. After performing “authenticated key sharing” in item 3, the key server replaces any secret key <ck0> in the “key box” with the “key stream” of the secret key <ck0> described in item 2 above. The key <ck0> itself is encrypted by <wk-ck0>,

The “key box” is stored in an encrypted file CRYPTO (ck
n: n = 0,1,2,3 ,,), while 1 to 4
In order for the symmetric encryption system described in the paragraph to decrypt the key stream, only the key stream <wk-ck0.clin> generated from the key <ck0.clin> held by the client has a decryption means. Therefore, the symmetric encryption system described in 1 to 4 delivers the key stream of the client to the server at the next “login”, and the encryption file is stored on the server.
While the CRYPTO (ckn: n = 0) is decrypted and a “key management protocol” is implemented in which the secret key <ck0.serv> of the client is given to the server, the symmetric encryption system uses the secret key After obtaining <ck0.serv>, follow the rules described in the previous section, “Authenticated Key Sharing Protocol”
A key management algorithm and a key server, characterized in that the key management algorithm and the key server are executed.

6. 2. The key generation system according to claim 1, wherein the number of registers is 10 ⁿ (n> = 1) or 2 ⁿ (n>
This is a uniform register formed from the digits of 1), and one digit thereof is also formed of 10 ^m or 2 ^m digits (10 ⁿ ≤
10 ^m ) The register is a uniform register, and is characterized by a "self-similar register" having a "container structure". On the other hand, the mapping algorithm of the key generation system sets the uniform register to 10 m. is the mapping F to its own ^n-ary number or 2 ^n-ary number integer space is the regarded該整number space; (F: is → is) .

Note 1) CEShannon. “Comunication theor
y of secrecy systems ”Bell Systems Technical Journal
al, 28 (1949), 656-715. Note 2) Japanese Patent Application No. 8-108058, "Generator for chaotic random number sequence considering periodicity" and Japanese Patent Application No. 8-169869, "Random number generation device and random number generation system, Cryptographic communication method] [18] /// [0024] Japanese Patent Application No. 8-338583 "Method of generating random number sequence" Note 3) Douglas R. Stinson "CRYPTOGRAPHY: Theory an
d Practice ”Theorem 2.4 Note 4) Masaya Yamaguchi“ Chaos and Fractals ”Bluebacks

[0067]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS A symmetric encryption system according to the first, second, third, fourth, fifth, and sixth aspects provides perfect confidentiality.
y Cryptosystem ”. This cryptosystem is called“ One-Time Stream Cipher ”.
Test implemented on the Internet. The embodiment will be described.

I. From the standpoint of implementing perfect confidentiality in an open network, first, a general stream cipher system will be reviewed.

In FIG. 1, the stream encryption system is
The plaintext X is converted into the ciphertext Y by the work key which is a bit stream.

[0070]

## EQU10 ## Bit stream length of plain text X = bit stream length of cipher text Y = bit stream length of work key wk Bit-length (X) = Bit-length (Y) = Bit- length (wk) Eq. 1 Ciphertext Y = XOR (plaintext X + work key wk) Eq. 2 To return this to the original plaintext, use the same work key wk,

[0071]

[Equation 11] Plaintext X = XOR (ciphertext Y + work key wk) Eq. Three

It should be noted here that the function relational expression Eq. 1 & Eq. 2 has a work key wk
Eq. This is an obvious relationship that the decoding of No. 3 is established. From the viewpoint of information theory, generally, the plaintext X and the ciphertext Y have a relationship that they are not independent events. It must be remembered that this is a trivial and indispensable relationship to achieve encryption / decryption in the first place.
While this implies the disadvantages of symmetric cryptosystems, it is also the reason that the security of cryptosystems had to be brought into the security of computational complexity in the first place.

On the other hand, perfect confidentiality in pursuit of information-theoretic security is defined as “when ciphertext Y is given, plaintext X
Is equal to the a priori probability that the plaintext X itself is generated. " This security means that when ciphertext Y is given, estimating plaintext X is just rolling the dice with "the number of stars", and anyone can get the dice. Attempts to enter would be the same, as saying that no one would predict which "eyes" would come next.

This perfect confidentiality is obtained by the following Eq. 4 and Eq. 5 are equivalent, and the probability equation holds when "plaintext X and ciphertext Y are independent variables":

[0075]

[Expression 12] Prob. P (plaintext X | ciphertext Y) = Prob. P (plaintext X) Eq. 4 Prob. C (ciphertext Y | plaintext X) = Prob. C (Ciphertext Y) Eq. Five

Therefore, the above condition “the plaintext X and the ciphertext Y are independent variables” is a general function relational expression Eq.1 | 2
It is an assertion that denies | 3 itself.

However, at this time, the work key is selected independently of the plaintext X, and the information-theoretic property of the work key is “Eq.2 is used for any plaintext X and any ciphertext Y. If there is only one key to be established and at the same time all keys are used with equal probability, the plaintext X and the ciphertext Y satisfy the claim of complete confidentiality, Eq.4 & Eq.5. " Yes: For detailed conditions, refer to Note 1 & Note 3.

How the this theorem is implemented in a general stream encryption system (Eq. 1 to Eq. 3) will be described in order below.

II. First, the configuration requirements of the stream cipher system are shown in FIG. 1; in the figure, 2u (u> 4) is provided to both terminals communicating on a client / server network (hereinafter C / S network) or the like. A) a mapping algorithm that includes a register operating in base notation and executes a mapping (Is → Is) of the register to itself in an integer space Is to generate an integer trajectory; and a compression conversion of the 2u base chaotic trajectory. While implementing a key generation system including a compression conversion unit that generates a “key stream” of a binary bit string, the two terminals both convert an arbitrary orbit value <ck0> of the integer orbit sequence into a “secret key”. At the same time, the binary bit string obtained by further compressing and converting the trajectory of the integer generated with the secret key as the initial value is made equal to the plaintext / ciphertext and used as the <work key> . In the figure, the secret key <
Since ck0> is shared, the work key wk created from the secret key is also exactly equal (The Entropy = “0” Bit
Shown). These constitute a stream encryption system (corresponding to claims 2 and 3 of the Japanese Patent Application 2) (Note 2). In the framework of the stream cipher system, the secret key is converted into an information-theoretically secure extended secret key “Secret Key-Enhan.
Fig. 2 shows the protocol for setting "sed".

The stream encryption system inputs the shared secret key <ck0> to the key generation system without directly using the secret key <ck0>, and uses the secret key <ck0> as an initial value to execute the mapping algorithm a specified number of times (i times). And execute the chaotic orbits (ck1, ck2, ck) of the secret key <ck0>.
3, make cki). After "storing" this trajectory in the cryptosystem, this ith chaotic trajectory value <
The mapping algorithm with kki> as an initial value is further executed (j times), and a new chaotic trajectory (cki, ck
i + 1,... cki + j) and a work key wk equivalent to the plaintext or ciphertext (the value of j is determined to be equal to the plaintext / ciphertext). In Figure-2, secret key <ck
From the perspective of i>, the entropy leading to the work key wk is exactly "0" bits, while the entropy leading to the secret key <ck0> is exactly "i" bits. Therefore, the secret key <
ck0>, the secret key <cki> is called an “extended secret key”, while the work key wk indicates the secret key <c
The entropy up to k0> further increases, and exactly "i
+ J ”bits. Since the work key becomes a more secure work key, the work key wk is referred to as a“ dynamic work key: Dynamic wk ”.
(Cki + j) "or" secure keystream ". These keys are collectively referred to as chaotic keys "chaotic k
While this is sometimes referred to as "eys", its generation system is shown in Figure-3.

FIG. 3 / S7 shows the following Eq. Corresponding to 6;

[0082]

(13) Extended secret key = Fi (secret key) <cki> = Fi (<ck0>) Eq. 6

Fi: The mapping algorithm calculates all keys ck1, ck2, and ck2 in the integer space (Is) created by the registers.
In addition to generating ck3, ..., cki, ..., ckn with equal probability, the dynamic work key (bit stream) has no bias (0.01% or less) and the dynamic work key has no autocorrelation (0.01 % Or less). "I" is an important control parameter.

FIG. 3 / S2 / S2 / S5 / S6 shows the following Eq. Corresponding to 7;

[0085]

## EQU14 ## Dynamic wk (Cki + j) = One-way Compr. Fi + j (<ck0>) Eq. 7 One-way Compr: One-way compression conversion from 2u base to binary

The dynamic work key wk (Cki + j) may be used on the network or used in such a way as to be disclosed, and thus may be eavesdropped. Security is "safe in information theory." When implemented as i = 128, the entropy is "128 + j" bits. This degree of uncertainty is the same as rolling a dice with a number of “2 ¹²⁸ or more”.

Among the components shown in FIG. 1 / FIG. 2 / FIG. 3, Eq. 6 E
q. 7 as "Secure Synchronization Protocol: Secur
e Synchro-Protocol ". In a symmetric encryption system that implements the secure synchronization protocol, the security of the common key is the same as the conventional problem of security of computational complexity.
curity ", but leads to an information-theoretic or stochastically secure problem" Unconditional Security ".

The secure synchronization protocol “Secure Sy
An implementation technology called "nchro-Protocol: SSP" is shared by the terminals, controls the chaotic keys "chaotic keys" of both terminals, and uses the secret key <ck0> as an information-theoretically secure extended secret key <kki> Into a dynamic work key wk
This is because (Cki + j) “secure keystream” is generated.

III. This Secure Synchronization Protocol (SSP)
Is a paradigm, and how to use private keys as “One-Ti
The premise is to show how to distribute keys over the network and how to perform both client / server authentication for that purpose. Figure 4 and “Initial Authentication Sequence / Pass”, “Secure Synchronous Delivery Protocol for Proxy Keys and Secure Synchronous Authentication Protocol Using Proxy Keys”
FIG. 6 shows the mechanism. SS
The P paradigm is characterized in that authentication and key distribution proceed simultaneously, and reach a different purpose with the same content.

As shown in FIG. 2, the stream encryption system has a secret key <ck0> that is shared with the C / S.
ck0> is replaced with ID =
They do not exchange private keys on the network, but both keep them.

Instead, as shown in FIGS. 4 and 5, the stream cipher system generates another chaotic trajectory value <skn.serv> from the initial value triggered by another accidental event on the server. The secure synchronization protocol described in the above item 2 and the secret key <ck0.serv are generated as a “proxy key” of the secret key <ck0.serv> held by the server.
> And deliver it to the client. The occurrence of this accidental event may be by any means known so far; the "proxy key", once used, is instantly discarded each time.

FIG. 6 shows the state of delivery, 1-secret key DB
To 7-encrypted "skn". 1—How to find the user's secret key <ck0.serv> from the secret key DB is referred to as “initial authentication,” which uses a password named “Passnet”. “Passnet” is stored in the media (shown in FIG. 6-9) carried by the user, and the user's secret key <ck0.
serv> is stored as random data.

The “Passet” refers to what kind of password will be described later (note that the mechanism of “securely storing” in the media carried by the user is excluded because it is a derivative technology). The client (indicated as an initial authentication response in FIG. 6) also uses the secret key <ck0.clin> held by the terminal and the “secure synchronization protocol (SSP)” to claim the encrypted data. Decrypt and receive the proxy key <skn.clin>.

However, at this stage, the “secret key of the client held by the server” and the “secret key held by the client” are not always equal.
0.serv> is distinguished by the symbol <ck0.clin> (in FIG. 4, it is expressed as <Sk?>).

Originally, the secret key is a pair of shared IDs.
Although it is a dual-purpose encryption key, if it is assigned only with a password on the network, it will become a "One-Time Passwor" described later.
Even if it is d ", it cannot be guaranteed that both secret keys are the same.

Therefore, at this time, the distinction between the secret key and the proxy key, both of which belonged to the client or to the server, is symbolized; in FIG. 6, <skn.serv> As a 7-encrypted proxy key, while <skn.clin> as a 12-decrypted proxy key.

In such constituent elements, it is understood that the proxy keys are equal if the secret keys are the same, and conversely, the secret keys are also equal if the proxy keys are equal. Therefore, instead of a secret key, a proxy key is examined for authentication. If it can be safely confirmed that the encrypted proxy key is equal to the decrypted proxy key,

[0098]

<Skn.serv> = <skn.clin> = <skn>: Eq. 8

In the end, since the key is shared, the stream cipher system is provided with the "key synchronous delivery protocol" that completes the information theoretically secure delivery of the key "simultaneously with the authentication". .

IV. The Eq. 8 is referred to as a “key synchronous authentication protocol” and is described in FIGS. 7 and 4 below. Exchanging the proxy key directly on the network is "insecure". Instead, the chaotic trajectory 16 with the proxy key 15 <skn.serv> on the server as the initial value in FIG.

[0101]

１６ sk (n + 1) .serv, sk (n + 2) .s
erv, sk (n + 3) .serv,.

Generate the proxy key 1 on the client
7 <skn.clin>, the chaotic orbital sequence 18-

[0103]

１７sk (n + 1) .clin, sk (n + 2) .cl
in, sk (n + 3) .clin ,,｝

The chaotic trajectory sequences are returned to the random number generation system and input to the compression conversion unit, where they are converted into corresponding work key sequences.

[0105]

(18) (, wk1.clin, wk2.clin, wk3.c
Figure-7-22 / 23/24

And

[Equation 19] (, wk1.serv, wk2.serv, wk3.s
erv ,,,); Fig. 7-19 / 20/21

These work key sequences are an “information theoretically secure extended work key group”. Therefore, instead of exchanging the proxy key directly on the network, the extended work key can be sent to the network and exchanged. When the extended work key is used for the initial authentication, "Passne
t ”and distinguished from normal“ Password. ”The exchange protocol is a relatively new“ extended work key ”<wk3.c
lin> is used first (the reason has already been described).

(1) Deliver the newest “extended work key” <wk3.clin> from the client to the server-25.

(2) On the server 26-Compare the following and, if they match, perform "client authentication": client work key <wk3.clin>: server work key <wk3.serv> server It is obvious that when the client performs the authentication of the client, it is “insecure” to use a normal TCP / IP protocol to communicate the confirmation signature to the client by any means. Therefore, (3) the “extended work key” is also delivered from the server to the client. If this key is an extended work key, <wk1.s
erv> or <wk2.serv>.

In FIG. 5/2, <wk1.serv> is used-21.

(4) On the client, a comparison of -26 is made to confirm the following: The client confirms that the client has been authenticated on the server; the client authenticates the server; (5) If no match is found, the communication is disconnected at the initiative of the terminal-27.

In this key synchronous authentication protocol,

[0113]

[Equation 20] Matching of extended work keys: <wk3.serv> = <wk3.clin> = <skn.serv> = <skn.clin>: Shared proxy key = <cki.serv> = <cki.clin >; Sharing of extended secret key = <ck0.serv> = <ck0.clin>; Sharing of secret key = Authentication completed (shown in Fig. 4) Eq. 9

At the same time, the aforementioned Eq. 8 holds;

[0115]

= Information-theoretically secure delivery of proxy keys = skn: share proxy keys; Eq. 8

Therefore, it can be seen that the “synchronous key delivery protocol” and the “synchronous key authentication protocol” are two different applications based on the same procedure. This provides a new scheme of key agreement based on secure synchronization control of chaotic maps, or based on secure synchronization protocol (SSP). "Key Synchronous Delivery Protocol" and "Key Synchronous Authentication Protocol"
Together, this scheme is referred to as "Authenticated Key Agreement Protocol (A
KAP) "; that is,

[0117]

[Equation 22] AKAP = SSTP + SSAP SSTP: Secure Synchro-Transfer Protocol SSAP: Secure Synchro-Authentication Protocol

The authenticated key sharing protocol can be applied to various purposes. Considering this from the server's point of view, "key server: key server" with unprecedented superior features
Give the function of.

V. “One-Time Password”; According to the Secure Synchronous Control (SSP) on the proxy key and its work key,

[0120]

[Equation 23] 8 / Eq. 9 = share other extended work keys, Eq. 10

Is also realized at the same time. The "other extended work key"-Eq. Paying attention to the fact that 11 is also a common key,
The next time the client discovers that it can be used as a password for “login” to the server, and the extended work key is not only an information-theoretically secure “public key” that substitutes for a proxy key, To the server “lo
Recalling that every time it gin was an integer trajectory value generated from other accidental events on the server, it is clear that the extended work key is "One-Time".
The procedure for setting the extended work key to “One-Time Password” is performed by updating wk2 “Passnet; FIG. 7-28 / 29
Shown in

The “Passne” shown on the disk in FIG.
t is the first <wk0> used for “login”; this is shown in FIG. 7-28 / 29, where the new extended work key <wk0
Replace with 2>:

[0123]

<Wk0> ← <wk2> Eq. 11

The work key <wk2> is used next time in “Pa
ssnet.

With such a simple protocol, “One-Time Pas
"Sword" is established thanks to the above-mentioned authenticated key agreement protocol: The system shown in Fig. 8 / Verification-1 is actually open to the key server because "login" is performed on the Internet. "One-Time" verification can be performed;
-Passnet of Time is verified; (http: //www.met
eora.amadagp.co.jp/).

VI. "One-Time" Session Key Sequence; Proxy Key Shared Here Enables Various Applications; Eq. From 8

[0127]

<Skn.serv> = <skn.clin> = s
kn: n = 0 to i

Since this is an extended common key group, the proxy key can be used as evidence that the client and the server have a cryptographic session. This is data worthy of preservation that proves the fact of a commercial transaction: “Non-re
pudiality in Electric Commerce.

Both the client and the server share “One-Time” session keys “equally probable”, “continuously”, and “almost innumerably” via a secure synchronization protocol (SSP). FIG. 5 shows how a large number of the extended common key groups are shared. As an application of the “One-Time” session key, for example, there is an application that has an ID function for providing specific content and value data only to a specific client. (Note that Figure-
9 / Verification-2 system can be verified on the Internet: (see http://www.meteora.amadagp.co.jp/). Third, a common session key can be securely given to the client (A) and the other client (B) participating in the server (key server). Once set,
Client (A)-without going through the key server
(B) shares the “One-Time” session key sequence “almost innumerably”. This application uses the traditional “Ke
rberos ”to give users the convenience not found.

The key server, the session key, “Passnet” or the like created from the session key constitute a “One-Time” digital signature technology.

Since the introduction of these specific application examples is a derivative technology of AKAP with authentication, it has been omitted and excluded from the claims.

VII. "One-Time Stream Cipher"; After performing "authenticated key sharing" based on the secure synchronization protocol (SSP), the extended secret key in the stream cipher system is

[0133]

(26) Matching of extended secret key = <cki.serv> = <cki.clin>; i = 1 to arbitrary = <ck0.serv> = <ck0.clin>; = <ck0>; share secret key Eq. 9

Is unconditionally satisfied. This is because "TCP
Through the use of authenticated key agreement, even through common protocols such as IP / IP, "safe synchronization control of the mapping algorithm" can be accurately and remotely implemented, and the system is "fail-safe". Means that it can be designed.

Thus, a means is provided for updating the secret key accurately and reliably with the extended secret key every time "login" is performed. One of the extended secret keys <ck1> (shown in FIG. 2) is an information-theoretically secure key next to the original secret key <ck0> because its entropy is “i−1” bits. It is. Therefore, the process of updating the secret key is extremely simple:

[0136]

<Ck0> ← <ck1> Eq. 12

The timing of the update is described in FIG.
/ 29 is the same as the “Passnet update process.” The symmetric encryption system can be made “One-Time” by applying such a simple protocol because the encryption system is established by a key sharing protocol with authentication. Because there is.

VIII. Key management and key servers; open networks generally involve third parties
d authority: TA) or certificate author
ity: CA). Prove the identity of the user or send the user's key. Managing keys is more than just this application. This TA and CA, which generate and manage keys, is the key to "giving value to data".

In other words, if we look at the core of the signature technology and its application, we need to make TA and CA “third party trusted systems” instead of expecting them to be third party “trusted people”. I understand. Just imagine a situation in which a banknote or check is printed on a gully version by hand.

The invention of claim 5 relates to a mechanism in which no person other than the client / server is involved in the operation management of the key, and the key is protected by information-theoretically secure security. The server has a file "key box" of private keys of a number of clients; FIG. 6, the private key DB. The management of the secret key DB is performed as follows; the server uses the “authenticated key sharing” described in the preceding section under the secure synchronization protocol (SSP) described in the preceding paragraphs 1 and 2.
After that, an arbitrary secret key <ck0> in the key box is encrypted by the “key stream” <wk-ck0> of the secret key <ck0> described in the above item 1 or 2. Become Therefore, the “key box” is an encrypted file CRYPTO (c
kn: n = 0,1,2,3 ,,), while the server "loses the means of decryption".

Only the client has the decryption means. That is, only the “key stream” and <wk-ck0.clin> described in 1 and 2 above, which are generated from the key <ck0.clin> held by the client, have decryption means left in the system. Absent. Therefore, at the time of the next “login”, the symmetric encryption system of the above items 1 to 4 delivers the key stream <wk-ckclin> of the client to the server, and the encrypted file CRYPTO (ck
n: n = 0) and decrypts the client's private key <
ck0.serv> is provided to the server to implement the “key management algorithm”: (1) At the time of initial authentication (Fig. 6-1 and 9 → 1),
“Along with sending passnet, the above key stream <wk-ck
0.clin>. (2) The server obtains the secret key <ck0.serv>.

Note that <ck0> before encryption is not always equal to the secret key <ck0.serv> after decryption.

From here on, the above-mentioned secure synchronous delivery protocol of III-proxy key and secure synchronous authentication protocol using IV-proxy key are implemented. In other words, the symmetric encryption system described in the above items 1 to 4 is established by implementing the rule [authenticated key sharing] described in the preceding three items.

As described above, it is possible to realize the key operation management and the key server without using any person other than the client / server, with an extremely simple algorithm.

IX. Fractal Operation Structure The key generation system according to claims 1 and 6 has a new fractal operation structure introduced into a computer of finite precision, in addition to the conventional fractal structure that produces Cantor sets. . The results are shown in FIG. 10 and FIG. In this case, a logistic curve is used for the nonlinear function. Specification of the self-similar type registers: the number of digits of the uniform resistor; 1000: 10 ^3, digits of putting basket registers; 1000: 10 ^3, operations on uniform register is 10 ³ to "method" and I do.

With the self-similar register, the line segment [0, 1], which is a continuous quantity, is divided into 1000 discrete sections, which are further divided into 1000 small sections. As a result, [infinite number of additions], which is one of the attributes of the continuous quantity, can be handled by a "discrete self-similar algorithm". The fractal dimension at this time is the conventional "0.63"
From "0.63 + 1.0" (the theory is given to another, here, the situation is shown in the embodiment, FIG. 10 and FIG. 11). The plot in FIG. 10 represents the value of the leading digit of the uniform register as a result of about 1500 mapping operations; it is clear that this means a logistic curve. At the same time, FIG. 11 is a plot showing the numerical value of the digit following the first digit. Numerical values in the subsequent digits also show the appearance as shown in the plot of FIG. 11 (omitted). The meaning of this messy plot -11 in the previous orderly plot -10, plot of messy you are equivalent to the "Lorentz plot" Note ^4. The relationship between the seemingly random phenomenon (Fig. 11) and the fact that the boiling state of hot water appears as such a "Lorentz plot", and that there is an orderly law behind the phenomenon,
In this case, plots 11 and 10 show the relationship that a logistics curve (FIG. 10) exists; a seemingly random phenomenon (FIG. 11) and the law behind it (FIG. 11). This is a simulation with FIG. 10).

The proof that the fractal arithmetic structure and the chaotic mapping algorithm according to claim 6 form a chaotic trajectory includes, besides FIG. 10 and FIG. / 0 bit bias
It appears in the data of 0.01% or less.

[0148]

According to the embodiment of the present invention, "One-Time
Stream Cipher ”was introduced as an open network perfect confidential encryption system“ Perfect Secrecy Cryptosystem ”.

Conventionally, “one-time pad cipher” cannot be applied to an open network even though it is a completely confidential encryption system. “One-Time Stream Cipher”
Solved that difficulty. One of the invented problem solving methods is an information-theoretically secure key generation system "Secure
Key Stream ”and information-theoretically secure synchronization protocol“ S ”
ecure Synchro-Protocol. Another invention built on it is the authenticated key agreement protocol "authenticated key agreement protocol." In fact, "One-Time Pad Cipher" needed ""Another secure channel" is what this key agreement protocol provides. For example, the realization of “One-Time Pad cipher on the Internet is
This means that it must also have "authentication technology" that is as secure as ne-Time Padcipher.
However, RSA cannot be used here; this security is computational security "Computational Security".

Accordingly, the present invention is equivalent to the assertion that the present invention has invented an information-theoretically secure authentication technology that can be used on the Internet; it is implemented in a stream cipher system, and "One-Ti
me Stream cipher ”.

From this point of view, a server that implements the authenticated key agreement protocol is an “information-theoretically secure key server”. What happens if the key server is implemented in a conventional proxy server; the key server services “One-TimePassword” which is used unlimitedly. Similarly, if implemented on a www server, the www server has an authentication function “One-Time Password”,
The DB of the intranet is changed to a cryptographic DB, and the functions of encryption and decryption are provided, and a new open network that seamlessly integrates the Internet and the intranet is provided.

Furthermore, what happens if an application for financial securities is placed under the key server? Naturally, since the financial institution manages the key server, the system enables trading and settlement on an open network while maintaining the basic system of the conventional financial institution. In the future, a cryptosystem applicable to the financial system will be a completely confidential cryptosystem including such a key server.

[Brief description of the drawings]

FIG. 1 is an explanatory diagram illustrating generation of a stream cipher.

FIG. 2 is an explanatory diagram illustrating an extended secret key and a stream cipher system that is secure in information theory.

FIG. 3 is a flowchart illustrating generation / update of a chaotic key and a key stream.

FIG. 4 is an explanatory diagram illustrating a secure synchronous delivery protocol of a proxy key and a secure synchronous authentication protocol using a proxy key.

FIG. 5 is an explanatory diagram illustrating a one-time session key group.

FIG. 6 is an explanatory diagram illustrating an initial authentication sequence.

FIG. 7 is an explanatory diagram illustrating an update sequence.

FIG. 8 is an explanatory diagram illustrating verification 1.

FIG. 9 is an explanatory diagram illustrating verification 2.

FIG. 10 is an explanatory diagram of a logistic curve.

FIG. 11 is an explanatory diagram illustrating a calculation result according to the present invention.

[Explanation of symbols]

 Sko session key Wk work key

 ──────────────────────────────────────────────────続 き Continuation of front page (54) [Title of the Invention] A key generation system constituting a completely confidential encryption system, a key sharing protocol with authentication, “One-Time Stream Cipher”, “One-Time passed” and key management Algorithm

Claims (6)

[Claims] 1. Both terminals communicating with a client / server network (hereinafter referred to as a C / S network) or the like are provided with registers for calculating in 2u (u> 4) base numbers,
The mapping of the integer space Is of the register to itself (Is
→ Is) to execute a mapping algorithm unit for generating an “integral orbit” and a compression converting unit for compressing and converting the 2u-ary “integer orbit” to generate a binary “key stream”. A key generation system equipped with a key generation system. When the key generation system attempts to perform a reverse mapping of the mapping algorithm in the past, not only “n-bit Entropy” is generated for n reverse mappings, but also In addition to "Entropy" accompanying the above compression conversion, an "information-theoretically secure mapping algorithm" is implemented, and the information-theoretically secure mapping algorithm pursues "the information-theoretic security of the key". An information-theoretically secure symmetric cryptosystem characterized by being "intentionally" embedded in encryption and decryption algorithms for the purpose. 2. The symmetric cryptosystem includes an arbitrary orbital value “c” of an integer orbit according to the mapping algorithm.
While sharing "k0" as a "secret key" and using the "key stream" as a work key to actually encrypt / decrypt, while the secret key <ck0> is input to either of the key generation systems, In order to make the secret key an information-theoretically secure secret key, the mapping algorithm is executed a specified number of times (i times), and an integer trajectory (ck
1, ck2, ck3,..., Cki) and the "save" of the integer orbit value in the terminal, and furthermore, the stored i-th integer orbit value <ck
new integer orbits (cki, cki +
1, cki + j), and a contract that uses a “key stream” obtained by compressing and converting the latter integer trajectory for a work key, and a “secure synchronization protocol: Secure” composed of these two contracts. By implementing the "Synchronous Protocol: SSP" and sharing the "secure synchronization protocol", the security of the symmetric cryptosystem common key can be reduced.
A symmetric cryptosystem characterized by information-theoretic security, that is, "Unconditional Security" instead of "nal Security". 3. The symmetric encryption system according to claim 1 or 2, wherein the secret key <ck0> shares a secret key <ck0>, which is shared as means (ID) capable of confirming each other.
As a means of authentication, it is not exchanged on the network but is retained, and another integer trajectory value is generated on the server of the symmetric cryptosystem with another accidental event as an initial value, and is generated by the secure synchronization protocol ( Under the SSP), the server encrypts the data with the client's secret key <ck0.serv> held by the server, and writes the “secret key <ski.ser” of the secret key <ck0.serv>.
v>", the client receiving this encrypted data also decrypts the encrypted data under the" SSP "using the secret key <ck0.clin> held by the client. Implements the protocol "synchronous key delivery protocol" that receives the "proxy key"<ski.clin>, and the server generates an integer trajectory with the proxy key <skn.serv> as the initial value to generate the extended proxy. Holds the key group; {square root} sk (n + 1) .serv, sk (n + 2) .ser
v, sk (n + 3) .serv,｝, On the other hand, the client also has a proxy key <skn.clin>
An integer trajectory is generated by using the initial value as an initial value, and the extended proxy key group is held; ｛sk (n + 1) .clin, sk (n + 2) .cli
n, sk (n + 3) .clin,..., and these extended proxy key groups are respectively input to the compression conversion unit of the key generation system, and corresponding extended work key sequences are respectively generated and held; ｛, Wk1.serv, wk2.serv, wk3.ser
v ,,,｝｝, wk1.clin, wk2.clin, wk3.cli
n,,｝ Implement the “Key Synchronization Authentication Protocol”, which is a protocol for exchanging these information-theoretically secure extended work keys to the network and exchanging them, and the “Key Synchronization Delivery Protocol” and “Key Synchronization Authentication”. 1 and 2 that implement the sharing of a secret key by implementing an “Authenticated Key Agreement Protocol” composed of both
Symmetric encryption system described in section. 4. After both terminals of the symmetric cryptosystem have “login”,
After performing “authenticated key sharing” according to the above item 3 under the secure synchronization protocol (SSP) according to the above items 1 and 2, the key group in the symmetric encryption system is an extended work key. Match = sharing the extended secret key, ## EQU4 ## = <cki.serv> = <cki.clin>; i = 1 to arbitrary = <ck0.serv> = <ck0.clin>; = <ck0>; A shared key group that unconditionally satisfies is shared with the secret key. Therefore, every time “login” occurs, both terminals use the secret key that has been used once in the unused extended secret A symmetric encryption system characterized by "update" with a key or "One-Time Strea" which satisfies the configuration requirements described in the above items 1, 2, and 3
m Cipher ”, which also satisfies the constituent requirements described in the above items 1, 2, and 3.“ One-Time Password ”. 5. The secure synchronization protocol (SSP) according to claim 2, wherein a server having a file “key box” of a plurality of clients' private keys is used to protect the key box with information-theoretically secure security. ), After performing the “authenticated key sharing” of the item 3 above, the server replaces any secret key <ck0> of the “key box” with the secret key <ck0> of the item 1. "Key Stream"
The key <ck0> itself is encrypted by <wk-ck0>, and the “key box” is stored in the encrypted file CRYPTO (ckn: n = 0,
1, 2, 3), while the symmetric encryption system according to the above 1 to 4 decrypts the key, the key held by the client itself <ck0.clin
3. The key stream <wk described in the above items 1 and 2 generated from
-ck0.clin>, the symmetric encryption system according to any one of the above items 1 to 4, delivers the key stream of the client to the server at the next “login”, and On the encrypted file CRYPTO (ckn: n = 0
) Is decrypted and the client's private key <ck0.ser
"Key management algorithm" that gives v> to the server
A key management algorithm and a key server, characterized in that the server starts executing the protocol “authenticated key sharing protocol” described in the above item 3 after obtaining the secret key <ck0.serv>. . 6. The register of the key generation system according to claim 1, wherein the register is a uniform register consisting of 10 ⁿ (n> = 1) or 2 ⁿ (n> 1) digits. Another one
0 ^m or 2 ^m digits (10 ⁿ <= 10
^m ) It is a uniform register, and is characterized in that it is a "self-similar register" forming a "container structure", while the mapping algorithm of the key generation system stores the uniform register in 10 ⁿ Is a mapping operation F of the integer space to itself, which is considered to be a binary or 2 ⁿ -ary integer space Is; (F:
Is → Is).