JPH1079729A - Common key communication method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide the common key communication method in which security against various attacks to a ciphering key is enhanced in the system conducting ciphering communication between entities by using the common ciphering key. SOLUTION: In the case of conducting ciphering communication between entities i,j, by using a common ciphering key, both entities i,j, generate the common ciphering key by operating an identifier transformation algorithm and a secret personal key distributed from a center in advance on identifiers of communication partnesrs (procedure 3). Furthermore, a transmitter side generates transitory ciphering communication random number data, the random number data are ciphered by using a common ciphering key and uses the random data as a key to cipher a plain sentence and a ciphering communication text by matching the keys is generated (procedure 4). A receiver side decodes the ciphered random number data of a ciphering communication text by a common ciphering key and the decoded random number data are used for a key to decode the plain text.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to a common key communication method for performing cryptographic communication between entities on a network using a common encryption key.

[0002]

2. Description of the Related Art In recent years, when communication is performed on a network such as the Internet, a communication technique using cipher text has been desired to maintain confidentiality of communication data.

[0003] As this kind of communication technology, for example, RSA as a public key method is famous. In addition, when communication is performed between entities included in a network,
The transmitting entity encrypts the communication data (plaintext) using the encryption key and transmits it to the receiving entity, which then decrypts the original communication data using the same encryption key as the transmitting-side encryption key. A common key communication method is generally known. Here, the entity is
It refers to a device such as a terminal connected to a network, a user of the device, software of the device, or a group of them, and a subject that performs communication.

[0004] In such a communication method,
It is known that a center provided in a network distributes the common encryption key generated by the center to each entity upon communication between the entities. Or, for example, a paper "NON-PUBLIC KEY" by Rolf Blom
DISTRIBUTION / Advances in Cryptology: Proceeding
s of CRYPTO '82 / Plenum Press 1983, pp. 231-236 ",
A paper by Rolf Blom, "An Optimal Class of Sy
mmetric Key Generation Systems / Advances in Crypto
logy: EUROCRYPT '84 / Springer LNCS 209, 1985, pp.3
35-338 ", or Japanese Patent Publication No. 5-48980 or U.S. Pat. No. 5,016,276, in which a private key for generating a common encryption key is generated in advance by the center for each entity. Is distributed to each entity, and at the time of communication, each entity applies its own private key to an identifier (name, address, etc.) unique to the entity at the other end of communication, so that the entity performing communication has a common There is also known one capable of generating an encryption key.

In this case, in the latter method, a private key for each entity is generated by converting an identifier of each entity by a center algorithm common to each entity held only by the center.

More specifically, in the latter method, when the center algorithm expresses this as a function P (x, y) of variables x and y indicating any two identifiers,
P (x, y) = P (y, x) is set to have a symmetry. Then, variables x, of this function P (x, y)
y, a function P (x, i) in which the value of the variable y is the actual identifier i of each entity (hereinafter referred to as Pi
(Expressed as (x)) is distributed to each entity as a private key of each entity. Thereafter, when the entity having the identifier i communicates with another entity having the identifier j, the entity having the identifier i has its own private key P
Pi (j), which is obtained by causing the identifier j of the other party to act on i (x) (the value of the variable x is j), is generated as an encryption key. Similarly, on the entity side of the identifier j, the P obtained by applying the identifier i of the partner to the own private key Pj (x).
j (i) is generated as an encryption key. At this time, due to the symmetry, Pi (j) = Pj (i), whereby a common encryption key is obtained between the entities having the identifiers i and j.

By the way, in the above-mentioned common key communication method, in order to secure the security of the encrypted communication, it is necessary that the encryption key cannot be practically decrypted. In particular, in the method disclosed in Japanese Patent Publication No. 5-48980, etc., since all the encryption keys include information relating to the center algorithm that defines them, it is necessary to ensure the difficulty of deciphering each encryption key. Is an important issue.

However, in the conventional communication method, communication is performed by encrypting communication data (plaintext) itself using an encryption key, so that the encryption key may be decrypted due to characteristics of the communication data. Had become. In particular, in the method disclosed in Japanese Patent Publication No. 5-48980 or the like, when the encryption key is decrypted, there is a possibility that the center algorithm may be decrypted due to collusion of a plurality of entities. Had become.

[0009]

SUMMARY OF THE INVENTION In view of the foregoing, the present invention provides a common key capable of improving the security against various attacks of a cryptographic key in a system for performing cryptographic communication between entities using a common cryptographic key. It is intended to provide a communication method.

[0010] Furthermore, a secret private key for generating a common encryption key for communication is generated by applying a secret algorithm common to each entity to an identifier unique to each entity, and is distributed to each entity. It is an object of the present invention to provide a common key communication method that can enhance security against various attacks including a secret algorithm of a center.

[0011]

In order to achieve the above object, a common key communication method according to the present invention is a method for encrypting / decrypting communication data between communicating entities in a network including a plurality of entities. A common key communication method for transmitting and receiving the communication data using a common encryption key, wherein the communication data is encrypted by using random number data as a key on the transmission side of the communication data, and the random number data is transmitted to the common data. Encrypted with an encryption key, and transmits the encrypted random number data together with the encrypted communication data to a receiving side of the communication data. On the receiving side of the communication data, the encrypted data is encrypted by the common encryption key. And decrypting the encrypted communication data using the decrypted random number data as a key.

According to the present invention, the communication data is encrypted on the transmitting side by using the random number data as a key, and the random number data is encrypted with the common encryption key. Since the data is transmitted to the receiving side of the communication data together with the encrypted communication data, information of the encryption key when trying to decrypt the encryption key is not communication data encrypted by random number data, , Are included in the random number data encrypted by the encryption key. Since the random number data itself lacks characteristic information, it is extremely difficult to decrypt the encryption key from the encrypted random number data. Further, since the communication data is encrypted with the random number data, the security of the communication data is sufficiently ensured. Then, the communication data receiving side can decrypt the random number data by using a common encryption key with the transmitting side, and finally decrypts the desired communication data using the decrypted random number data as a key. The encryption communication can be performed without any trouble.

Therefore, according to the present invention, it is possible to enhance the security against various attacks of the encryption key in a system for performing cryptographic communication between entities using a common encryption key.

In the present invention, the random number data is preferably one-time random number data. That is, the one-time random number data means random number data having no reproducibility or extremely poor reproducibility, and more specifically, the appearance frequency of each bit number constituting the random number data is the same for any number, Further, there is no correlation between random number data, and such random number data can be generated based on, for example, the timing when a human inputs a certain phrase or sentence to a computer. Then, by encrypting communication data using such random number data as a key and encrypting the random number data with an encryption key, decryption of the encryption key and the communication data becomes more difficult. .

[0015] In this case, the one-time random number data is generated based on a predetermined process of an entity on the transmitting side of the communication data, and more specifically, the predetermined process is performed by a human input of each entity. The one-time random number data is determined based on the temporal timing of the input operation.

As described above, by generating random number data based on the temporal timing of a human input operation (for example, an operation of inputting a certain sentence or phrase) of each entity,
The random number data has no reproducibility or is extremely poor in reproducibility, and the one-time individual random number data can be generated accurately.

Further, in the present invention, each of the entities converts a unique identifier of each entity into a center provided in advance in the network by a center algorithm which is common to each entity and held only by the center. A personal key unique to each generated entity is distributed, and the common encryption key is used as an identifier unique to the entity on the communication partner side when performing the communication of the communication data. Is generated by operating the private key.

In this way, a private key unique to each entity generated by converting an identifier unique to each entity by a center algorithm common to each entity and held only by the center is distributed to each entity from the center. In addition, in communication, a system that generates a common encryption key between entities only by applying the identifier of the entity of the communication partner to its own private key at the time of communication, as described above, decrypts the encryption key and communication data. Since it becomes difficult, it becomes difficult to decrypt the private key and the center algorithm. Therefore, the overall security of the cryptographic communication system can be ensured.

The identifier is fixedly used for each entity, such as a mail address on the network, a domain name, or a combination thereof, in addition to the name, address, etc. of each entity. Anything that is open to the other party may be used.

In this case, if, for example, a name is used as an identifier of each entity, the dispersibility of the identifier is generally poor (the distribution of identifier values tends to be biased).
Many similar keys are likely to appear in the personal key generated by converting the identifier by the center algorithm.
For this reason, there is a possibility that the private key of another person or the center algorithm may be decrypted by a so-called differential attack.

Therefore, in the present invention, the center algorithm includes an integral conversion algorithm for performing integral conversion of the identifier of each entity, and each entity is provided with the private key and the integral conversion algorithm in advance from the center. The common encryption key is generated by applying the integral conversion algorithm and the private key of the entity held by each entity to the identifier of the entity on the communication partner side. In this way, by generating the private key of each entity by applying the center algorithm including the integral transformation algorithm to the identifier of each entity, the dispersibility of data obtained by the integral transformation algorithm acting on the identifier is increased, and as a result, The dispersibility of the private key is increased. This makes it difficult to decipher the personal key or the center algorithm by a differential attack or the like,
The security of the entire cryptographic communication system can be improved.
In this case, since the private key includes a component based on the integral conversion algorithm, the private key is distributed to each entity together with the private key in addition to the private key in the identifier of the communication partner entity. Also, by causing the integral transformation algorithm to operate, an encryption key between the entities can be generated by an algorithm part other than the integral transformation algorithm of the center algorithm (this part has the above-mentioned symmetry). it can.

As described above, in the present invention in which the center algorithm includes an integral transform algorithm, the integral transform algorithm includes Fourier transform (including fast Fourier transform), Laplace transform, Miller transform, Hilbert transform, and the like. Although any of these integral transforms can be used, these integral transforms are defined on an analytically infinite interval. On the other hand, since the identifier to be subjected to the integral conversion algorithm in the present invention is represented on a finite interval (for example, a coset on a finite ring), when the identifier data is subjected to integral conversion using a computer or the like, In addition, abnormal dispersion (asialing) of the conversion result is likely to occur.

Therefore, in the present invention, preferably, the integral conversion algorithm uses an integral conversion algorithm with a weight function. As described above, when performing the integral conversion on the identifier, by adding the weight function, it is possible to prevent the abnormal dispersion described above. Further, since the weight function can be arbitrarily set as long as it can prevent abnormal dispersion, the personal key obtained by converting an identifier by a center algorithm including an integral conversion algorithm to which the weight function is added is included in the personal key. , An unknown component based on the weight function is added. As a result, the decryption of the private key and the secret algorithm becomes more difficult, and the security of the cryptographic communication system to which the present invention is applied can be further improved.

When a weight function is added in this manner, the weight function is basically provided at the end of the data section of the identifier.
The value is set so as to approach “0”. In this case, in the first aspect of the present invention, the weight function is further determined to be an unpredictable pattern by the random number data generated in the center. More preferably, one-time random number data is used as the random number data. Here, the determination of the weight function based on the random number data is performed by determining the degree of change in the value of the weight function in the section of the identifier data (a form approaching “0” at the end of the section) based on the random number data. .

By determining the weight function in an unpredictable pattern based on the random number data, it becomes difficult for an attacker to predict the weight function, and the security of the cryptographic communication system to which the present invention is applied. Can be increased. In particular, when the weighting function is determined by one-time random number data, the reproducibility of the random number data is excluded.
Further, the security of the system is increased.

As described above, various types of integral conversion algorithms can be applied. In particular, in the present invention, it is preferable to use a Fourier transform algorithm as the integral conversion algorithm. That is, the Fourier transform is
It is an integral transformation that can be performed quickly and easily using a computer, and generally, the transformation result is likely to be dispersed. Therefore, by using such a Fourier transform algorithm as an integral transform algorithm, the private key can be quickly and easily generated from an identifier, and at the same time, the dispersibility of the private key is effectively increased, and The security of the communication system can be significantly improved.

Further, as described above, in the present invention in which the center algorithm includes an integral conversion algorithm, more preferably, the center converts the identifier of each entity by the center algorithm, and further converts each identifier into each entity. An identifier conversion algorithm including an algorithm for canceling a component of the randomization transformation included in the private key and a randomizing transformation by using a unique one-time individual random number data and the integral transformation algorithm; Is distributed to each entity together with the private key, and the common encryption key is generated by applying the identifier conversion algorithm and the private key of the entity held by each entity to the identifier of the communication partner entity.

Here, the randomization conversion is performed by changing the value of each bit of a data string representing the identifier converted by the center algorithm using the individual random number data, or by arranging and converting the data string, or , And a combination thereof.

According to this, in addition to the center algorithm, the private key includes a component by the randomizing transformation. Then, at this time, the randomizing conversion is performed by one-time individual random data (random data having no reproducibility or extremely poor reproducibility) unique to each entity and unknown to each entity. , For each private key of each entity,
Each different incidental component will be included. as a result,
Security against various attacks of the cryptographic communication system can be further strengthened.

In this case, at the time of communication, the private key that acts on the identifier of the entity on the other end includes a component obtained by the random transformation for each entity. For this reason, an identifier conversion algorithm including an algorithm for canceling this and the integral conversion algorithm is distributed to each entity together with the private key, and upon communication, the identifier conversion algorithm and the private By using the key, a common encryption key can be generated between the communicating entities.

When performing the randomization conversion as described above,
The randomization conversion can be performed by, for example, performing a layout conversion of a data string representing a result of conversion of the identifier of each entity by the center algorithm using the one-time individual random number data.

[0032] More preferably, a data string representing a result of conversion of the identifier of each entity by the center algorithm includes a plurality of unnecessary bits, and the randomizing conversion is performed by converting the value of the unnecessary bits to the one-time individual random number. This is performed by randomizing the data, and further rearranging the entire data string including the unnecessary bits.

As described above, the value of the unnecessary bit of the data sequence representing the identifier of each entity converted by the center algorithm is randomized by the one-time individual random number data, and the value of the data sequence including the unnecessary bit is further randomized. By rearranging the entire data, the attacker (the reader of the cryptographic communication system) cannot determine where in the acquired data the unnecessary bits are located and where the required data is located. Increases system security.

The one-time individual random number data for performing the randomizing transformation is generated based on a predetermined process of each entity. More specifically, the predetermined process is performed by a human being of each entity. , And the one-time individual random number data is generated based on the temporal timing of the input operation.

As described above, by generating random number data based on the temporal timing of an input operation by a human of each entity (for example, an operation of inputting a certain sentence or phrase),
The random number data has no reproducibility or is extremely poor in reproducibility, and the one-time individual random number data can be generated accurately.

According to the present invention, as another mode in which the integral conversion algorithm is used as described above, a center provided in advance in the network has an identifier unique to each entity in each entity. A private key unique to each entity, generated by subjecting a common algorithm converted by a center algorithm held only by the center to randomizing transformation using unique random data unique to each entity, and a private key unique to each entity; An identifier conversion algorithm including an algorithm for canceling the component of the randomization conversion included in is distributed in advance from the center, and the common encryption key is an identifier of a communication partner entity,
It is generated by acting on its own identifier conversion algorithm and private key held by each entity.

According to the present invention, the private key of each entity is obtained by converting the identifier of each entity in the center by the center algorithm (which includes the above-mentioned symmetric part), Each entity is generated by performing a randomizing transformation based on individual random data (unreproducible or extremely poorly reproducible) that is unique to each entity and is unknown once. Each key will contain a separate, accidental component.
As a result, it becomes difficult to decipher the private key and the center algorithm, and the security of the entire cryptographic communication system against various attacks can be improved. In this case, similarly to the case described above, since the private key of each entity includes a component by the randomization transformation for each entity, an algorithm for canceling the component is included. The identifier conversion algorithm is distributed to each entity together with the private key,
At the time of communication, by applying the identifier conversion algorithm and the private key to the identifier of the entity on the other end, a common encryption key can be generated between the entities.

In the present invention, similar to the above case,
The randomizing transformation can be performed by rearranging and converting a data string representing an identifier of each entity converted by the center algorithm using the one-time individual random number data. And, more preferably, a data string representing a result of conversion of the identifier of each entity by the center algorithm includes a plurality of unnecessary bits, and the randomizing conversion is performed by changing the value of the unnecessary bits to the one-time individual random number data. , And by rearranging the entire data sequence including the unnecessary bits. Thereby, the security of the cryptographic communication system to which the present invention is applied can be further improved.

The one-time individual random number data is generated based on a predetermined process of each of the entities. More specifically, the predetermined process is a human input operation of each of the entities. The one-time individual random number data is generated based on the temporal timing of the input operation. Thereby, the one-time individual random number data can be accurately generated.

[0040]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS One embodiment of the present invention will be described with reference to FIGS. First, an outline of a cryptographic communication system to which the common key communication method of the present embodiment is applied will be described with reference to FIGS.

Referring to FIG. 1, in the present embodiment, a center 1 which is a basic construction body of a cryptographic communication system and a plurality of entities 2 which join the cryptographic communication system and mutually perform cryptographic communication are provided by the Internet. Can communicate with each other via a network 3 such as a personal computer communication network. Although not shown, the center 1 and each entity 2 include a computer machine such as a personal computer for performing actual communication and data processing, and a user of the computer machine.

In this system constructed on such a network 3, as shown in FIG. 2, each entity 2 that has joined the center 1 (in FIG. 2, each entity 2 is indicated by reference numerals i, j,...). ) Are the unique identifiers yi, yj,...
Having. In this case, if i ≠ j, yi ≠ yj. Each entity 2 (i, j,...) Has a unique identifier generated by the center 1 based on the respective identifiers yi, yj,. Private keys Xi, Xj, ...
(Details will be described later. Hereinafter, collectively referred to as a personal key Xn as necessary). Further, when cryptographic communication is performed between arbitrary entities i and j, a common cryptographic key Kij for performing encryption (transmission side) and decryption (reception side) of the communication data includes the respective entities i and j. For each j, a private encryption key K is generated using the private keys Xi and Xj of the entities i and j, respectively.
Using ij, cryptographic communication is performed between the entities i and j.

Before describing the system of this embodiment in more detail, the identifier yn will be described. In the present embodiment, the identifier yn of each entity 2 is unique to each entity 2, such as the name, address, mail address, domain name, or a combination thereof, of each entity 2. Use something. Incidentally, in the actual handling of the identifier yn in the computer machine of the center 1 and each entity 2, each identifier yn is treated as vector data obtained by encoding the identifier yn with, for example, a coset on a finite ring.

The system of the present embodiment for performing the above-described cryptographic communication will be described in detail below with reference to FIGS.

Referring to FIG. 3, in the system according to the present embodiment, the individual entities i, j are processed after the center 1 has undergone advance preparation processing such as generation and distribution of the private key Xn and the like.
Communication between the devices is performed.

In the preparatory processing by the center 1,
When the center 1 is established or when the system is updated, the center 1 first generates a basic center algorithm for generating the private key Xn of each entity 2 (procedure 1).

In this embodiment, the center algorithm comprises a center matrix, a weight function, and an integral conversion algorithm.

Here, the integral conversion algorithm is an algorithm for performing an integral conversion on the data of the identifier yn of each entity 2. In the present embodiment, a Fourier transform (more specifically, a fast Fourier transform) is used as the integral transform algorithm. I do. As this type of Fourier transform, a plurality of types are known, and one of them is selected by the center 1 to generate a Fourier transform algorithm used in the present embodiment. Note that the Fourier transform algorithm is actually expressed as a matrix acting on the data of the identifier yn.

The weighting function is for preventing anomalous dispersion (asialing) when performing the Fourier transform on the identifier yn, which is data in a finite section, and the value of the weight function at the end point of the section of the data of the identifier yn This is a function that approaches “0”. Further, the center matrix is a symmetric matrix, more specifically, a nonsingular symmetric matrix.

In this case, the weight function and the center matrix are generated using one-time random number data. That is,
Referring to FIG. 4, when generating the weight function and the center matrix, the center 1 first generates random number data based on an artificial operation of an operator in the computer machine of the center 1 (procedure 1-1). Specifically, for example, the operator inputs appropriate words and phrases, sentences, and the like to the computer machine of the center 1, and the input timing at this time (for example, the input time of each word and the time interval of input of each word)
Is sequentially measured by a computer machine. Then, random number data is generated in time series based on the measured input timing. Since the random number data generated in this way is generated based on the timing of an artificial input operation having an ambiguity, it is practically unreproducible and accidental, and thus a one-time random number is generated. Data is generated.

After generating the one-time random number data, the center 1 determines the weight function and the center matrix based on the generated one-time random number data (step 1-2). ). In this case, the weight function is determined by determining the degree of change of the value of the weight function in the section of the data of the identifier yn (a form approaching “0” at the end of the section) based on the one-time random number data. Is performed, whereby the weight function is determined to be an unpredictable pattern. Note that the weight function is actually expressed as a diagonal matrix. The determination of the center matrix is performed by determining the values of the components of the matrix using the one-time random number data while ensuring the symmetry and non-singularity.

The center algorithm composed of the center matrix, the weight function, and the integral transform algorithm generated as described above is stored secretly in the center 1. In particular, the center matrix and the weight function are stored in a center other than the specific person of the center 1. It is stored strictly so that a third party (including each entity 2 etc.) cannot refer to it. Note that these center algorithms are common to each entity 2.

Returning to FIG. 3, next, when each entity 2 (i, j...) Joins the system, the center 1 determines the center algorithm and the identifier of each entity 2 generated and stored as described above. Using yn and the like, a private key Xn unique to each entity 2 and an identifier conversion algorithm for generating a common encryption key Kij as described later are generated and distributed to each entity 2 (procedure 2). ).

More specifically, referring to FIG. 5, in this procedure 2, the center 1 determines the identifier yn of the entity 2
The weighted fast Fourier transform is performed on the identifier yn by applying the Fourier transform algorithm and the matrix of the weight function to the data (vector data) (step 2-
1). Further, the vector data obtained by the procedure 2-1 is multiplied by the center matrix (procedure 2-2).
In this case, by adding redundancy to the data of the identifier yn, the weight data, the integral conversion algorithm, and the center matrix are added to the vector data obtained in the step 2-2 by the bit string meaningful as the data of the identifier yn. Appear and a plurality of other unnecessary bits appear.

On the other hand, the center 1 communicates with the entity 2 (for example, communication at the time of the joining procedure of the entity 2), so that the center 1 has a one-time individual Generate random number data (procedure 2-3). Specifically, as in the case of generating the random number data of one time when determining the weighting function and the like as described above, the user is allowed to input a certain phrase or sentence on the computer machine of the entity 2, The computer 1 of the center 1 measures the timing of the artificial input operation of the entity 2 by successively receiving it on the center 1 side. Then, the individual random number data is generated based on the measured timing of the input operation. By generating the individual random number data in this manner, the individual random number data becomes accidental with no reproducibility, similar to the random number data at the time of generation of the weight function, and is unique to the entity 2. Thus, one-time individual random number data is obtained. Note that the entity 2 does not know what kind of input operation timing and what kind of random number data is generated, and it is not possible to accurately control the artificial input operation timing. Random number data to entity 2
Can not know.

Next, the center 1 randomizes each bit value of the unnecessary bits in the vector data obtained in the step 2-2 using the one-time individual random number data obtained in the step 2-3. (Procedure 2-4). Furthermore, the vector data obtained by combining the randomized unnecessary bits and the useful bits is randomly rearranged and converted by the one-time individual random number data (the arrangement of the components of the vector data is changed. Procedure 2-5). Thus, the vector data (identifier yn converted by the center algorithm) obtained in step 2-2 is subjected to randomization conversion.
Then, the vector data obtained by the randomizing transformation is generated as the private key Xn of the entity 2.
Note that the randomizing transformation is actually represented by a matrix (not necessarily a symmetric matrix), and more specifically, a matrix such that the transposed matrix and the inverse matrix of the matrix are equal.

The center 1 generates the identifier conversion algorithm from the one-time individual random number data, the Fourier transform algorithm, and the weight function (step 2-6). The identifier conversion algorithm includes an algorithm for canceling the components of the randomization transformation reflected in the private key Xn (this is represented by an inverse matrix of a matrix representing the randomization transformation), the Fourier transformation algorithm, and a weighting function. Are synthesized (multiplied by matrices representing each of them).

The private key Xn and the identifier conversion algorithm corresponding to each entity 2 generated by the center 1 in this way are distributed to each entity 2 in advance by communication or the like (see procedure 2 in FIG. 3). The contents described above are details of the advance preparation process in the center 1.
After generating the private key Xn and the identifier conversion algorithm of each entity 2 as described above, the center 1 stores the one-time individual random number data corresponding to the entity 2 and the matrix representing the randomization conversion. Without deleting. In addition, each entity 2 receiving its own private key Xn and the identifier conversion algorithm stores them secretly in an appropriate storage device of its own computer machine.

Referring back to FIG. 3, after the above-described preparatory processing is performed, cryptographic communication is performed between arbitrary entities 2 as follows. Here, each entity 2
Among them, it is assumed that encrypted communication is performed between the entities i and j (i ≠ j), with the entity i as the transmitting side and the entity j as the receiving side.

In this cipher communication, the transmitting entity i first obtains a common encryption key Kij with the entity j from the private key Xi and the identifier conversion algorithm held by the transmitting entity i and the identifier yj of the receiving entity j. Generate (Procedure 3).

More specifically, referring to FIG.
The identifier yj of the receiving entity j is applied to the identifier conversion algorithm of the transmitting entity i on the computer machine of the entity i (the vector data of the identifier yj is multiplied by the matrix of the identifier conversion algorithm. Procedure 3-1). . Next, a common encryption key Kij with the entity j is generated by calculating an inner product of the vector data obtained by the procedure 3-1 and the private key Xi (vector data) of the transmitting entity i (procedure 3).
2).

Similarly, the receiving entity j is
As shown in FIG. 7, its own identifier conversion algorithm is applied to the identifier yi of the transmitting entity i on its own computer machine (step 3-1), and the resulting vector data and the private key of the entity j are obtained. Xj
(Step 3-2) to generate a common encryption key Kji with the entity i.

At this time, the common encryption key Kij uniquely generated by the transmitting entity i is the same as the common encryption key Kji uniquely generated by the receiving entity j.

That is, the private keys Xi and Xj held by the transmitting and receiving entities i and j, respectively.
Are the identifiers yi, y of the entities i, j, respectively.
j is vector data obtained by applying the above-described Fourier transform algorithm with a weight function, a center matrix, and a randomizing transform, and each entity i, j
Generates common encryption keys Kij and Kji, respectively.
The identifier conversion algorithm applied to the identifiers yj, yi of the entities j, i on the other side is a Fourier transform algorithm with a weighting function, and a randomization transform for each entity i, j reflected in each private key Xi, Xj. And an algorithm that cancels out the component.

For this reason, in the inner product operation performed in the procedure 3-2, the influence of the randomizing transformation for each entity i, j is eliminated, and the common encryption keys Kij, Kji obtained as a result of the inner product operation are Identifier y of entity i, j
i and yj, which have been subjected to a Fourier transform algorithm with a weighting function, and further subjected to a center matrix (vector data);
This is equivalent to the result obtained by calculating the inner product of the identifiers yj and yi of i to which the Fourier transform algorithm with weight function has been applied (vector data). That is, the identifiers yi, yj
Are subjected to a Fourier transform algorithm with a weighting function to yi ', yj' (where yi ', y
j 'is a vertical vector) and the center matrix is C
^{When, Kij = (yj ') T} · C · yi', Kji = (y
i ') ^T・ C ・ yj' (however, the subscript T in the formula means transposition).

Since the center matrix C is a symmetric matrix as described above, Kij = Kji. Therefore, the common encryption keys Kij and Kji generated separately by the respective entities i and j are the same, so that the entities i and j can share a common encryption key.

On the other hand, the transmitting-side entity i, which has generated the common encryption key Kij with the receiving-side entity j in the procedure 3 of FIG. An encrypted communication message is generated from a document, a program, etc. (procedure 4). In this case, when generating the encrypted communication message, the common encryption key Kij
In addition, one-time random data is used.

More specifically, referring to FIG. 6, when generating the encrypted communication message, the transmitting entity i uses its own computer machine to execute the word and phrase processing in the same manner as in the preparatory processing in the center 1 described above. One-time random number data (hereinafter referred to as “encryption communication random number data”) is generated based on the temporal timing of an input operation of text and text (step 4-1), and the one-time encryption communication random number data is generated. Is encrypted using the common encryption key Kij as an original key (procedure 4-2). In this case, the encryption is, for example, 3
This is performed according to the DES (Data Encryption Standard) having a stage configuration.

The plaintext is encrypted using the one-time random number data for encryption communication (before encryption) generated in step 4-1 as a key (step 4-3). This encryption is performed by, for example, a three-stage DES, as in the procedure 4-2.

Then, by combining the encrypted random number data obtained in step 4-2 with the ciphertext obtained in step 4-3 (to form one set), the receiving entity j
Is generated. The encrypted communication message generated in this manner is transmitted from the computer machine of the entity i to the computer machine of the entity j.

It is preferable that the cryptographic communication random number data is generated and updated every time cryptographic communication is performed. However, the cryptographic communication random number data is updated every time cryptographic communication is performed several times. The same cryptographic communication random number data may be used in the batch cryptographic communication).

On the other hand, the receiving entity j that has received the encrypted communication message is the entity i generated as described above.
The encrypted communication message is decrypted by using the common encryption key Kji (= Kij) with the above, and finally the plaintext is obtained (procedure 5).

That is, referring to FIG. 7, first, by using a common encryption key Kji (= Kij) with entity i as an original key, an encrypted random number in an encrypted communication message received from entity i is obtained. The data is decrypted into random number data for encrypted communication (procedure 5-1). Next, by using the decrypted random number data for encrypted communication as a key, the encrypted text of the encrypted communication message is decrypted into plain text (procedure 5-
2). Thereby, the receiving entity j finally knows the contents of the desired plaintext from the entity i, and the cryptographic communication between the entities i and j is completed.

The computer machine of each entity 2 that performs the above-described processing for cryptographic communication is configured as shown in the block diagram of FIG. 8, for example.

That is, the computer machine of each entity 2 includes a keyboard 4, a CPU (not shown) and a RA (not shown).
M and a main unit 5 composed of a ROM and the like, and a database 6 composed of a hard disk or the like for storing the personal key Xn and an identifier conversion algorithm, a plain text such as a text and a program, and a cryptographic communication telegram. . The main unit 5 includes, as its functional components, a common key generation unit 7 that generates a common encryption key, an encryption / decryption processing unit 8 that performs encryption / decryption processing of communication data, and random number data for encryption communication. And a data storage memory 10 for storing data such as a common encryption key generated by the common key generation unit 7 during encryption communication and random number data for encryption communication generated by the random number generation unit 9. Provided.

The computer machine of each entity 2 having such a configuration operates as follows.
The process for the encrypted communication as described above is performed.

That is, when generating a common encryption key (procedure 3) in each of the transmitting and receiving computer machines, first, the personal key Xn and the identifier conversion algorithm to be used are transmitted from the keyboard 4 to the main body. The specified private key Xn and the identifier conversion algorithm are fetched from the database 6 into the common key generation unit 7 of the main unit 5. Further, the identifier yn of the communication partner is input to the main unit 5 by the keyboard 4. Then, the common key generation unit 7 of the main unit 5 generates a common encryption key by applying the identifier conversion algorithm and the private key Xn to the input data of the identifier yn as described above (step 3-1). 3-2), the generated common encryption key is stored in the data storage memory 10.

On the transmitting computer machine,
Data (input operation data such as words and sentences) for generating the random number data for encryption communication is input to the main body unit 5 by the keyboard 4. Then, the random number generation unit 9 of the main body unit 5 generates the one-time random number data for encryption communication as described above based on the input data (see the above-described procedure 4-
1) The generated random number data for encrypted communication is stored in the data storage memory 10.

Further, in the transmitting computer machine, the plain text to be transmitted in the database 6 is
, And the designated plaintext is fetched from the database 6 into the encryption / decryption processing unit 8.
Then, the encryption / decryption processing unit 8 includes the data storage memory 10
Is encrypted using the common encryption key also stored in the data storage memory 10 (the above-described procedure 4-2), and the plaintext is encrypted using the encrypted random number data as a key. Encrypt (the above procedure 4-3).
The encrypted communication random number data and the plaintext encrypted by the encryption / decryption processing unit 8 in this way are stored in the database 6 as an encrypted communication message composed of them, and then separately sent to the computer machine of the communication partner. Sent.

On the other hand, in the receiving computer machine which has received the above-mentioned encrypted communication message, the encrypted communication message is stored in the database 6 and is taken into the encryption / decryption processing section 8. Then, the encryption / decryption processing unit 8 uses the common encryption key stored in the data storage memory 10 to decode the encrypted random number data in the encrypted communication message into random number data for encrypted communication (the above-described procedure 5-1), Further, using the decrypted random number data for encrypted communication as a key, the encrypted plaintext in the encrypted communication message is decrypted to the original plaintext (the above-described procedure 5-2). The plaintext encrypted by the encryption / decryption processing unit 8 in this manner is held in the database 6.

In the system of this embodiment constructed as described above, when the center 1 generates the private key Xn of each entity 2 (preparation processing), the identifier yn such as the name of each entity 2 is used. To apply the algorithm of the Fourier transform as an integral transform to
Even if n itself has many similar ones, the dispersibility of data obtained by performing a Fourier transform on the data is improved, and the dispersibility of the private key Xn obtained by applying a center matrix or the like to the data can be improved. As a result, it is possible to make it difficult to decode a center algorithm such as a center matrix of the center 1 by a so-called differential attack.

In this case, in addition to Fourier transform, Laplace transform, Miller transform, Hilbert transform and the like can be used as the above-mentioned integral transform. In the present embodiment, Fourier transform (more specifically, fast Fourier transform) is used. Is used, it is possible to remarkably improve the dispersibility as described above, and at the same time, it is possible to perform the arithmetic processing for performing the Fourier transform on the identifier yn at a high speed by using a computer machine.

Also, when generating the private key Xn, a weight function is added as a center algorithm, so that it is possible to prevent abnormal dispersion of data obtained by Fourier transforming data of the identifier yn on a finite section. At the same time, for an attacker trying to decipher the center algorithm, in addition to the center matrix and Fourier transform algorithm,
Because the number of unknown algorithm elements called weight functions increases,
Decoding the center algorithm can be made more difficult. In particular, since the weight function is generated in an unpredictable shape based on the one-time random number data, it is possible to more reliably secure the above-described difficulty in decoding.

Further, in generating the private key Xn, in addition to the center algorithm, a randomizing transformation based on single random data unique to each entity 2 is added, so that the private key Xn of each entity 2 is added. Contains components based on a randomizing transform that are individual for each entity 2 and that are not correlated with each other. For this reason, for example, even if a plurality of entities 2 collude and attempt to decrypt the center algorithm or the like from the private key Xn held by each, it is extremely difficult to decrypt the center algorithm. In this case, in particular, in the randomizing transformation, of the data obtained by applying the Fourier transformation, the weighting function and the center matrix to the identifier yn, the value of the unnecessary bit is randomized by one-time individual random number data.
Since the arrangement conversion is performed by combining the unnecessary bits and the useful bits, the private key Xn obtained by the randomization conversion is obtained.
It is not known which part of the data contains the data corresponding to the unnecessary bit, and the above-mentioned decoding becomes more difficult. For the reader, in order to completely break the system of the present embodiment, as many as four types of algorithms of a center matrix, a weight function, a Fourier transform (integral transform), and a randomize transform are used from data such as the private key Xn. Must be decrypted, and such decryption is virtually impossible.

In the system of this embodiment, in order to generate a common encryption key at the time of cryptographic communication, the identifier conversion including an algorithm for canceling the randomized conversion component reflected in the private key Xn is performed. The algorithm needs to be distributed to each entity 2 together with the private key Xn. However, the identifier conversion algorithm is
Since the algorithm for canceling the component by the randomization transformation, the Fourier transformation algorithm, and the weighting function are combined, the randomization transformation algorithm, the weighting function, and the Fourier transformation algorithm which constitute the center algorithm of the center 1 from the identifier transformation algorithm are used. It is also very difficult to decipher individually.

Therefore, according to the system of the present embodiment,
In terms of security of the system, it is practically impossible to decipher the center algorithm of the most important center 1 from the private key Xn of each entity 2.

When performing encrypted communication between arbitrary entities i and j, instead of encrypting the plaintext itself using the common encryption key Kij, the plaintext does not have a biased characteristic. Since the random number data for reciprocal encryption communication is encrypted as a key, and the random number data for encryption communication as a key for decrypting the encrypted plaintext is encrypted using the common encryption key Kij, the encryption is performed. Even if a third party intercepts the communication data, it is difficult to decrypt the common encryption key Kij from the communication data. Then, the common encryption key Kij
Since it is difficult to decrypt the private key Xn, information on the private key Xn of each entity 2 included in the common encryption key Kij and information on the center algorithm included in the private key Xn may be obtained by a third party. Have difficulty. Further, since the plaintext is encrypted using the random number data for encrypted communication as a key, the confidentiality of the plaintext is also ensured.

Therefore, according to the present embodiment, a cryptographic communication system with high security against various attacks can be provided.
At the time of cryptographic communication between any of the entities i and j, each of the entities i and j has its own private key Xi, X
j and the identifier conversion algorithm,
, Yi, the common encryption key Kij can be generated and shared without involvement of the center 1 or prior notification between the entities i, j, etc., so that not only security is high, but also A simple and highly versatile cryptographic communication system can be provided. Note that the identifier yn plays an important role in generating the common encryption key Kij as described above.
A. Shamir's paper `` Identity-Based Cryptosystems a
nd Signature Schemes / Advances in Cryptology: Proce
eding of CRYPTO '84 / Springer LNCS 196,1985, pp.47
-53 ".

Next, a more theoretical effectiveness of the system of this embodiment will be described.

In the present system, the calculation of the private key of each entity 2 and the calculation of the common encryption key are performed based on a linear transformation, and the linear transformation will be described below.

First, let Xif be a private key of entity i necessary for generating a common encryption key between f entities 2. At this time, the general idea for constructing the above linear transformation is to arbitrarily select an f-input symmetric transformation g (a function of f variables having symmetry) and obtain a private key Xif of the entity i. Xif (ξ ₁ ,..., Ξ _{f -1} ) = g (yi, ξ ₁ ,..., に 対 し て) for the identifier yi of the entity i.
_f-1 ) is determined as an f-1 input conversion that satisfies _f-1 ). Here, ξ with a subscript is a variable indicating an arbitrary identifier. In this case, the linear transformation can be found such that the kernel of the f-input symmetric transformation g follows a multiple linear mapping (f-fold linear mapping), which is basically defined in a linear space over a finite field. And generalized to the coset on the ring.

The present system is for the case where f = 2, and the above-mentioned linear transformation is defined as follows.

Here, in the following description, the center 1
Is a set of entities belonging to E, a set of identifiers is I,
Let K be a set of common encryption keys (see FIG. 1). Further, Q is a commutative ring having a unit element, J is a coset of order m on Q, K is a coset of order h on Q, and the elements of J and K are m−
A vertical vector, h-vertical vector. If Q is a body, J and K are linear spaces of dimensions m and h, respectively. The order m is equal to the total number of identifiers.

Further, R is a linear transformation constituting a mapping from I to J, and is hereinafter referred to as identity transformation. This identity transformation basically corresponds to a transformation for performing a Fourier transformation (integration transformation) with a weighting function on the data of the identifier when corresponding to the system of the above-described embodiment.
Further, as will be described later, the conversion is extended to a conversion including the randomizing conversion.

Assuming the above, first, J ₂ (J
Symmetric Q-order multiple linear mapping (a two-input symmetric transformation) from a set of two elements of
J ₂ → K is arbitrarily selected and determined. This g corresponds to a conversion for generating a common encryption key corresponding to these two identifiers from those obtained by performing identity conversion of two arbitrary identifiers.

Further, a given identifier yi (∈I)
, The matrix xi of h rows and m columns on Q becomes xi · η = g
(R (yi), η). Here, η is an arbitrary m-longitudinal vector on Q and is an element of J (the same applies hereinafter).

Further, for a given yi (∈I), one input is made so that Xi (ξ) = xi · R (ξ) (where ξ is an arbitrary element of I; the same applies hereinafter). Conversion Xi
Constitution of (ξ).

This Xi (ξ) is a private key for the entity i, and the private key Xi (ξ) is a one-input conversion V
When i is defined as Vi (η) = xi · η using the matrix xi, it is expressed by the following equation.

Xi (ξ) = Vi (R (ξ)) When there are a plurality of centers, Vi (η) = xi ·
The "xi" part in η is replaced by the sum of the matrices xi determined as described above for each center.

When the private key Xi is defined in this manner, Xa (yb) = Xb (ya) for an arbitrary entity a, b∈E, as can be easily understood from the above description. That is, if the entities a and b input the identifiers yb and ya of the other party to the respective private keys Xa and Xb,
A common encryption key Xa (yb) = Xb (ya) is obtained.

Even if a multivariable polynomial is selected instead of the multiple linear mapping g, it is included in the applicable range of the linear transformation of the present system. The reason for this is that any polynomial can be rewritten into a linear polynomial by a suitable transformation of the set of unknowns, and that such a transformation can be absorbed into the identity transformation R. Furthermore, some transforms can be viewed as a combination of a linear transform and an operation such as an exponential function.

Next, the performance of the linear conversion of the present system and the role of the identity conversion R will be described.

For any transformation A, Cd (A), Ce
Let (A) be the complexity of the description of the transformation A and the complexity of the evaluation of the transformation A, respectively. At this time, the conversions Xi, R,
The following relational expression holds for Vi.

Cd (Xi) = Cd (R) + Cd (Vi) Ce (Xi) ≦ Ce (R) + Ce (Vi) In this case, the input (identifier) of the conversion Xi indicating the private key is w.
If it is described in [bit], Cd (Vi) = hmw [bit] holds for the complexity Cd (Vi) of the description of the conversion Vi. In addition, the complexity Ce (Vi
), Ce (Vi) = O (hm) [Q-operation] holds. Here, O (hm) [Q-operation] means the order of hm on the commutative ring Q, and this value is approximately O (w ² ) [bit conversion], that is, w ² Can be evaluated by order. Then, when a small commutative ring Q (for example, Galois field GF [2]) is selected, Ce (Vi) becomes low.

Therefore, the complexity Cd (X
i) and the evaluation complexity Ce (Xi) are the description complexity Cd (R) of the identity transformation R and the evaluation complexity C
e (R) is greatly affected.

Here, consider a case where one or a plurality of entities j trying to break the system use respective private keys Xj.

Obviously, a perfect defeat of this system is to determine the aforementioned multiple linear mapping g: J ₂ → K. In this case, in order to completely break the system, the centers either cooperate or have the same number as the order of the multiple linear mapping g (which is roughly equal to the total number m of identifiers (= order of J)). It requires the cooperation of the entities and is practically impossible.

[0108] Further, consider the possibility that some entity j can determine the private key Xi of another entity i. In this problem, the identity conversion R plays an important role as described below.

First, "all the entities j of the subset B of the set E of the whole entities cooperate, and these entities j∈B become the whole {Xj
Even if | j {B} is used, information such as useful for determining the private key Xi of any entity i in the set EB cannot be obtained. "
For each entity i in B, the identity transformation R (yi) is the sum of the respective identity transformations R (yj) of entity j in B, {R (yj) |
is linearly independent of j {B} ". Therefore, the information-theoretic security of the linear transformation of the present system is reduced to the fact that any subset U of the set {R (yi) | i {E} is linearly independent. Therefore, there is a strong relationship between the linear transformation and the linear algebraic permutation combination. In evaluating the security of the linear transformation, in particular, m rows and n columns (where n = # E = entity of entity E) Parity check matrix H = (R
(Y1), ......, R ( yn)) linear code LR that is defined by ^{= {z∈Q n | H · z} = 0}, i.e., variable, such as the product of the parity check matrix H becomes zero vector It is important to consider the set of codewords z represented by n-vertical vectors on the permutation Q. The so-called Hamming
) The existence of a code word z (∈LR) having a weight s, and the fact that the private key Xi of a specific entity i can be derived by cooperation of s-1 entities j. Is easily guided.

On the other hand, by individualizing the identity conversion R (identification conversion R is unique to each entity) as described below, it becomes difficult to break the system even if a large number of entities collude. That is, for the set {R (yj) | j {B} of the identity transformation R (yj) of each entity j (j∈B) that is going to break the system, the identity transformation R (yi) of the other entity i is Linearly dependent, R
If (yi) = ΣCj · R (yj) (where Cj is an appropriate coefficient), as is clear from the definition of the private key described above, the private key Xi and the entity j (j∈B) of the entity i Xi = ΣCj · Xj for the private key Xj of
Holds. Therefore, the set B of each entity j trying to break the system can easily know the private key Xi of another entity i. However, when the identity conversion R is individualized, the conversion R
Is unique to each entity, it is not easy to find, for a given set B of entities j, an entity i having an identifier yi that can decrypt another private key Xi. In other words, set B
Cannot know which entity i's private key Xi can be decrypted from information such as the private key Xj possessed by them. Conversely, for the entity i having the given identifier yi, the private key X
It is also not easy to find the set B containing the identifier yj that can decode i. In other words, even if the entity i having the private key Xi to be decrypted is specified, it is not possible to know which entity should collude to decrypt the private key Xi. in this way,
Individualizing the identity transformation R is of essential importance in increasing the theoretical security of the system.

When individualizing the identity conversion R in this way, various linear conversions can be selected, but they are basically classified into two categories.

One is the use of an identity transform R such that the corresponding linear code LR is a well-known algebraic or algebraic geometric code, and the other is the identity transform R Is randomized individually for each entity.

In this case, in the former method, if the total number m of identifiers is increased for security, the required data amount tends to be large. For example, a primitive element is α and Q = GF (q): a Galois field, and h = 1,
Let β be the power of α (log β = ξ · log α), further, let R (ξ) = [1, β, β ² ,..., β ^m-1 ] ^T, and I be {0, 1, 2,. Suppose that it was encoded as n-1}. Since this identity conversion R has no one-way property,
Although not a strict linear transformation, R. Blom's paper, An O
ptimal Class of Symmetric Key Generation Systems ''
The linear code LR corresponds to a so-called Reed-Solomon code. In this method, the total number n of entities in the network needs to be smaller than q in the Galois field Q = GF (q). For example, when n = 10 ¹² , the minimum Q becomes GF (2 ⁴⁰ ), which requires an extremely large data amount.

On the other hand, the latter method of randomizing the identity conversion R individually for each entity is as follows:
This is a technique realized by the randomizing transformation in the above-described embodiment. According to this technique, the total number m of identifiers is m.
Even if the value (which is equal to the total number n of the entities in the present system) is large, there are a large number of identity conversions R that can perform high-speed processing and require a small amount of data.

On the other hand, the following relational expression corresponding to the known asymptotic Varshamov-Gilbert's limit equation is obtained by the same method as that for deriving the known limit equation.

M / n + r ≦ Φ (b / n) where r = m · log _q (q−1) where Φ is Φ (u) = u · log _q (q−1) −u · log _q u-
(1-u) log _q is a function defined by (1-u). Also, b in the above inequality is the total number (= # B) of entities j trying to break the system.

The above inequality defines the limit of the total number b of entities j required to break the system, and means that the system cannot be broken with the number of entities b for which this inequality does not hold.

Then, based on this inequality, any m
For b and b, it is derived that there is an identity conversion R such that even if at most b entities j collude, the private key Xi of another entity i cannot be decrypted. It can also be seen that individual randomization of the identity transform R often results in a good linearly independent structure while satisfying the above conditions.

Accordingly, the present system can provide a highly secure system by individually randomizing the identity conversion R. In other words, the system uses the individual randomization of the identity transformation R to increase the complexity Cd of the description of the transformation R
(R) and the complexity of the evaluation Ce (R),
The security of the system is ensured by increasing the description complexity Cd (Xi) and the evaluation complexity Ce (Xi) of the private key Xi.

In practice, for example, Q = GF [2], m = 819
2, when h = 64, Cd (Xi) = 64 [Kby
te]. In this case, the encryption communication can be performed between any two entities on the system including up to 10120 entities by using the 160-bit common encryption key. Then, for example, the clock 200MH
When a 32-bit CPU and a 640 Kbyte memory are used in z, each personal key can be calculated within 20 ms. Furthermore, the system cannot completely break the system unless 8192 entities collude, and due to the individual randomization of each entity, if more than 256 entities collude,
No information about the private key of another entity can be obtained.

In the above embodiment, a center matrix is set as the center algorithm in addition to the weight function and the Fourier transform algorithm. However, the weight function itself can be used as the center matrix.

In the above embodiment, the Fourier transform was used as the integral transform.
Other forms of integral transform, such as Hilbert transform, may be used.

[Brief description of the drawings]

FIG. 1 is a diagram showing an entire configuration of a cryptographic communication system to which an embodiment of a common key communication method according to the present invention is applied.

FIG. 2 is a diagram for conceptually explaining the basic structure of the system in FIG. 1;

FIG. 3 is a flowchart for explaining an outline of a processing procedure in the system of FIG. 1;

FIG. 4 is a flowchart showing details of a process in procedure 1 of FIG. 3;

FIG. 5 is a flowchart showing details of a process in procedure 2 of FIG. 3;

FIG. 6 is a flowchart showing details of processing in procedures 3 and 4 of FIG. 3;

FIG. 7 is a flowchart showing details of processing in procedures 3 and 5 of FIG. 3;

FIG. 8 is a block diagram showing a configuration of a computer machine for performing the processes of FIGS. 6 and 7.

[Explanation of symbols]

1 center, 2 (i, j, etc.) entity, 3 network, Xi, Xj, etc. private key, Kij common encryption key,
yi, yj, etc. Identifiers.

Claims (20)

[Claims] In a network including a plurality of entities, a common key communication method for exchanging communication data using a common encryption key for encrypting and decrypting communication data between entities performing communication. The communication data transmission side encrypts the communication data using the random number data as a key, encrypts the random number data with the common encryption key, and encrypts the encrypted random number data. The communication data is transmitted to the receiving side of the communication data, and the receiving side of the communication data decrypts the encrypted random number data with the common encryption key and performs the encryption using the decrypted random number data as a key. A shared key communication method, characterized in that the communication data is decrypted. 2. The common key communication method according to claim 1, wherein said random number data is one-time random number data. 3. The common key communication method according to claim 1, wherein the random number data is generated based on a predetermined process of an entity on a transmitting side of the communication data. 4. The method according to claim 3, wherein the predetermined processing is an input operation by a human of each of the entities, and the one-time random number data is determined based on a temporal timing of the input operation. Common key communication method. 5. Each of the entities generated by a center provided in advance in the network by converting a unique identifier of each entity by a center algorithm common to each entity and held only by the center. A personal key unique to the entity is distributed, and the common encryption key is, when performing communication of the communication data, an identifier unique to the entity on the communication partner side, and the personal key of its own held by each entity. The common key communication method according to any one of claims 1 to 4, wherein the common key communication method is generated by operating. 6. The center algorithm includes an integral conversion algorithm for performing integral conversion of the identifier of each entity, and each entity is provided with the private key and the integral conversion algorithm in advance from the center. 6. The common key communication method according to claim 5, wherein the common encryption key is generated by causing the integral conversion algorithm and the private key of the entity held by each entity to act on the identifier of the entity on the communication partner side. . 7. The method according to claim 6, wherein said integral conversion algorithm is an integral conversion algorithm with a weight function. 8. The common key communication method according to claim 7, wherein said weight function is determined as an unpredictable pattern by random number data generated at said center. 9. The method according to claim 8, wherein said random number data is one-time random number data. 10. The method according to claim 6, wherein said integral transform algorithm is a Fourier transform algorithm.
The common key communication method according to any one of the above. 11. The center generates a personal key by subjecting an identifier of each entity to conversion by the center algorithm, and further performing randomization conversion using unique random data unique to each entity once. An identifier conversion algorithm comprising an algorithm for canceling the randomization conversion component contained in the private key and the integral conversion algorithm is distributed to each entity together with the private key, and the common encryption key is 11. The common key communication method according to claim 6, wherein the identifier is generated by applying the identifier conversion algorithm and the private key of the entity held by each entity to the identifier of the entity on the side. 12. The randomizing transformation according to claim 1, wherein the randomization transformation is performed by rearranging and converting a data sequence representing the identifier of each entity converted by the center algorithm using the one-time individual random number data. 12. The common key communication method according to item 11. 13. A data string representing a result obtained by converting the identifier of each entity by the center algorithm includes a plurality of unnecessary bits. In the randomizing conversion, the value of the unnecessary bits is converted by the one-time individual random number data. 13. The common key communication method according to claim 12, wherein the method is performed by randomizing and further performing layout conversion of the entire data string including the unnecessary bit. 14. The common key communication method according to claim 11, wherein said one-time individual random number data is generated based on predetermined processing of each of said entities. 15. The method according to claim 14, wherein the predetermined processing is an input operation by a human of each of the entities, and the one-time individual random number data is generated based on a temporal timing of the input operation. Encryption key sharing method. 16. Each of the entities includes a center provided in advance in the network, which converts an identifier unique to each entity by a center algorithm which is common to each entity and held only by the center. The private key unique to each entity generated by performing randomization conversion using unique one-time individual random number data, and an identifier conversion algorithm including an algorithm for canceling the randomization conversion component included in the private key are the center. The common encryption key is generated by applying the identifier conversion algorithm and the private key of the entity held by each entity to the identifier of the entity on the communication partner side. 15. The common key communication method according to item 15. 17. The randomizing conversion according to claim 1, wherein the randomization conversion is performed by rearranging and converting a data string representing a result of conversion of the identifier of each entity by the center algorithm using the one-time individual random number data. 16. The common key communication method according to item 16. 18. A data string representing a result obtained by converting the identifier of each entity by the center algorithm includes a plurality of unnecessary bits. In the randomizing conversion, the value of the unnecessary bits is calculated by the one-time individual random number data. 18. The common key communication method according to claim 17, wherein the method is performed by randomizing and further performing a layout conversion of the entire data string including the unnecessary bit. 19. The common key communication method according to claim 16, wherein said one-time individual random number data is generated based on predetermined processing of each of said entities. 20. The method according to claim 19, wherein the predetermined processing is an input operation by a human of each of the entities, and the one-time individual random number data is generated based on a temporal timing of the input operation. Common key communication method.