CN108616349A - Communication equipment and encryption processing system - Google Patents

Communication equipment and encryption processing system Download PDF

Info

Publication number
CN108616349A
CN108616349A CN201711320791.6A CN201711320791A CN108616349A CN 108616349 A CN108616349 A CN 108616349A CN 201711320791 A CN201711320791 A CN 201711320791A CN 108616349 A CN108616349 A CN 108616349A
Authority
CN
China
Prior art keywords
signal
private key
communication device
generation unit
unit configured
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711320791.6A
Other languages
Chinese (zh)
Other versions
CN108616349B (en
Inventor
森山大辅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Renesas Electronics Corp
Original Assignee
Renesas Electronics Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Renesas Electronics Corp filed Critical Renesas Electronics Corp
Publication of CN108616349A publication Critical patent/CN108616349A/en
Application granted granted Critical
Publication of CN108616349B publication Critical patent/CN108616349B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention relates to communication equipments and encryption processing system.Provide a kind of cipher communication method of the private key using dynamic generation.The second signal that the output of signal generation unit is obtained by the signal for being obtained the mistake imparting in preset range based on the first signal.The third signal and include the wrong auxiliary information in the second signal for correcting that the output of error correction generation unit is obtained based on the second signal.Private key generation unit is based on the third signal and generates the first private key.Computations unit exports the coded signal by fourth signal being encrypted based on first private key acquisition.

Description

Communication device and cryptographic processing system
Technical Field
The present invention relates to a communication apparatus and a cryptographic processing system.
Background
Currently, various cryptographic methods are used to ensure the security of data communication. Among these methods, the method using a physically unclonable function is considered as a high security method.
A problem that arises when using a physically unclonable function is that a device may not be copied for the physically unclonable function. Thus, in order for two devices to have a common key, one of the devices stores the output value of the physically unclonable function in advance and the other device uses a value dynamically generated by the physically unclonable function. However, a physically unclonable function does not always output a fixed value, but outputs a value that includes a change. Therefore, error correction needs to be performed. Thus, for example, a form of implementation has been proposed in which a first device temporarily observes the output of a physically unclonable function and a second device performs decryption of error correction after execution of the physically unclonable function, so that the second device saves the same value as the output value of the physically unclonable function saved by the first device (Pim tubs and lejta, "RFID-Tags for Anti-ti-couterfeiting," CT-RSA, 2006).
Further, another cryptographic method using a physical unclonable function has been proposed (japanese unexamined patent application publication No. 2013-31151). In the cryptographic method, in order for two devices to have a common key, a first device generates the common key by a physical unclonable function and a second device performs an encryption algorithm according to a public key cryptographic method using a public key and thereby outputs a ciphertext. The second device may recover the public key by performing a decryption algorithm according to a public key cryptographic method.
Further, another cryptographic method using a physical unclonable function has been proposed (Japanese unexamined patent application publication No. 2016-. The cryptographic method does not use a mechanism for sharing a public key with another device. Instead, a value obtained by encrypting the error correction is stored in the server. Then, when necessary, the value obtained by encryption is received from the server and each user can recover the key having the fixed value by correcting an error of the value derived from the physically unclonable function.
Disclosure of Invention
However, the present invention has found the following problems. Although all of the above cryptographic methods generate the private key by using a physically unclonable function, the generated private key has a fixed value. Therefore, if a quantum computer or a computer having high computational power comparable to the quantum computer is developed, it is possible to analyze a private key composed of a fixed value. Therefore, it is conceivable that security of communication by the public key cryptography method may not necessarily be ensured.
Other objects and novel features will become more apparent from the following description taken in conjunction with the accompanying drawings.
According to one embodiment, a communication device includes: a signal generation unit configured to output a second signal obtained by giving an error within a predetermined range to a signal obtained based on the first signal; an error correction generation unit configured to output a third signal obtained based on the second signal and side information for correcting an error included in the second signal; a private key generation unit configured to generate a first private key based on the third signal; and an encryption calculation unit configured to output an encrypted signal obtained by encrypting the fourth signal based on the first private key.
According to another embodiment, a communication device includes: an error correction decryption unit configured to correct an error in a seventh signal based on side information for correcting the error in a second signal obtained by giving an error in a predetermined range to a signal obtained based on the first signal and thereby generate an eighth signal, the seventh signal being generated in advance by giving an error in a predetermined range to the signal obtained based on the first signal; a private key generation unit configured to generate a fourth private key based on the eighth signal; and a decryption calculation unit configured to decrypt the encrypted signal based on the fourth private key and thereby generate a decrypted signal, the encrypted signal being generated by encrypting the fourth signal with the first private key generated based on the second signal.
According to another embodiment, a cryptographic processing system includes a first communication device configured to encrypt a signal and a second communication device configured to decrypt the signal, wherein the first communication device includes: a signal generation unit configured to output a second signal obtained by giving an error within a predetermined range to a signal obtained based on the first signal; an error correction generation unit configured to output a third signal obtained based on the second signal and side information for correcting an error included in the second signal; a first private key generation unit configured to generate a first private key based on the third signal; and an encryption calculation unit configured to output an encrypted signal obtained by encrypting the fourth signal based on the first private key, and the second communication device includes: an error correction decryption unit configured to correct an error in a seventh signal based on the auxiliary information and thereby generate an eighth signal, the seventh signal being generated in advance by supplying the first signal to the signal generation unit; and a second private key generation unit configured to generate a fourth private key based on the eighth signal; and a decryption calculation unit configured to decrypt the encrypted signal based on the fourth private key and thereby generate a decrypted signal.
According to an embodiment, a cryptographic communication method using a dynamically generated private key may be provided.
Drawings
The above and other aspects, advantages and features will become more apparent from the following description of certain embodiments, taken in conjunction with the accompanying drawings, in which:
fig. 1 schematically shows a configuration of a cryptographic processing system according to a first embodiment;
fig. 2 schematically shows a configuration example of a cryptographic processing system according to the first embodiment;
fig. 3 is a sequence diagram showing the exchange of signals in the cryptographic processing system according to the first embodiment;
fig. 4 schematically shows a configuration of a cryptographic processing device according to a first embodiment;
fig. 5 schematically shows a configuration of a cryptographic processing device according to the first embodiment;
fig. 6 schematically shows a configuration of a cryptographic processing device according to the first embodiment;
fig. 7 shows a signal flow in initialization of the cryptographic processing system according to the first embodiment;
fig. 8 schematically shows the configuration of a cryptographic processing system according to a second embodiment;
fig. 9 is a sequence diagram showing the exchange of signals in the cryptographic processing system according to the second embodiment;
fig. 10 schematically shows a configuration of a cryptographic processing device according to a second embodiment;
fig. 11 schematically shows a configuration of a cryptographic processing device according to a second embodiment;
fig. 12 schematically shows a configuration of a cryptographic processing system according to a third embodiment;
fig. 13 schematically shows a configuration of a cryptographic processing device according to a third embodiment;
fig. 14 schematically shows a configuration of a cryptographic processing device according to a third embodiment;
fig. 15 schematically shows a configuration of a cryptographic processing system according to a fourth embodiment;
fig. 16 shows handshake in a cryptographic processing system according to a fourth embodiment;
fig. 17 schematically shows a configuration of a cryptographic processing system according to a fifth embodiment;
fig. 18 shows handshake in a cryptographic processing system according to a fifth embodiment;
fig. 19 schematically shows the configuration of a cryptographic processing system according to a sixth embodiment;
fig. 20 shows handshake in a cryptographic processing system according to a sixth embodiment;
fig. 21 schematically shows a configuration of a cryptographic processing device according to a sixth embodiment;
fig. 22 schematically shows a configuration of a cryptographic processing device according to a sixth embodiment;
fig. 23 schematically shows the configuration of an information collection system according to a seventh embodiment;
fig. 24 schematically shows the configuration of a plant management system according to an eighth embodiment;
fig. 25 schematically shows the configuration of an information management system according to a ninth embodiment.
Detailed Description
Embodiments according to the present disclosure are explained below with reference to the drawings. Throughout the drawings, the same symbols are assigned to the same components/structures and duplicate descriptions are omitted as appropriate.
First embodiment
A cryptographic processing system 100 according to a first embodiment is illustrated. Fig. 1 schematically shows the configuration of a cryptographic processing system 100 according to a first embodiment. The cryptographic processing system 100 includes a communication device S1 and a communication device R1. The communication device S1 includes a cryptographic processing device S10 and the communication device R1 includes a cryptographic processing device R10.
In this embodiment, first, the cryptographic processing device S10 of the communication device S1 transmits a signal X (also referred to as a first signal) to the communication device R1 through, for example, the communication network T.
In the communication device R1, when the cryptographic processing device R10 receives the signal X, the cryptographic processing device R10 outputs an encrypted signal B generated by encrypting a signal RZ (also referred to as a fourth signal) to be transmitted to the communication device S1 based on an output signal obtained by giving an error within a predetermined range to a signal obtained based on the signal X and the random number Y. Further, the cryptographic processing device R10 outputs the auxiliary information a for the decryption process performed in the cryptographic processing device S10 to the communication device S1.
Then, the cryptographic processing device S10 of the communication device S1 may obtain the signal SZ by decrypting the encrypted signal B based on the signal SA (also referred to as a seventh signal) stored in advance in the cryptographic processing device S10, the signal X, and the auxiliary information a.
Fig. 2 schematically shows a configuration example of the cryptographic processing system 100 according to the first embodiment. In fig. 2, the communication device R1 includes a data output unit 1 and a random number generator 2 in addition to the cryptographic processing device R10. The data output unit 1 generates a signal RZ and outputs the generated signal RZ to the cryptographic processing device R10. The random number generator 2 generates a random number Y and outputs the generated random number Y to the cryptographic processing device R10. The communication device S1 includes a storage unit 3 (also referred to as a second storage unit) in addition to the cryptographic processing device S10. The above-described signal SA and signal X are stored in the storage unit 3 in advance. A method for storing the signal SA and the signal X in the storage unit 3 will be described later.
The configuration and operation of each part of the cryptographic processing system 100 are explained below with reference to fig. 3 to 5. Fig. 3 is a sequence diagram showing the exchange of signals in the cryptographic processing system 100 according to the first embodiment.
The cryptographic processing device R10 is explained with reference to fig. 3 and 4. Fig. 4 schematically shows the configuration of a cryptographic processing device R10 according to the first embodiment. The cryptographic processing apparatus R10 includes a signal generating unit R11, an error correction generating unit R12, a random number extracting unit SR1, a data separating unit SR2, and an encryption calculating unit R13.
The signal generation unit R11 outputs a signal that is based on an arbitrary input signal and includes an error having a variation within a predetermined range. For example, a circuit implemented in hardware may be used for the signal generation unit R11. The signal generating unit R11 may be formed, for example, as a physically unclonable function whose output signal comprises a predetermined error. Alternatively, an error may be given to the output signal of the signal generation unit by using a noise source provided in the signal generation unit. As for the other components included in the communication device R1, it may be implemented by hardware implementation techniques or software implementation techniques. Further, for each component included in the communication device S1 described later, it may be implemented by a hardware implementation technique or a software implementation technique.
In this embodiment, the signal generating unit R11 is implemented as a physically unclonable function unit that is a cryptographic function, and the signal generating unit R11 generates an output signal that can be generated from an arbitrary input signal only by the specific electronic device (i.e., the specific physically unclonable function unit) by using a variation caused at the time of manufacturing the device. The physical unclonable function included in the signal generation unit R11 is implemented with a circuit implemented in hardware. Fig. 5 shows a cryptographic processing device R10 in which the signal generation unit R11 is formed as a physically unclonable function. In this embodiment, the method for forming the physically unclonable function is not limited to any particular method, and various forming methods may be used, such as methods for an arbiter PUF (physically unclonable function), a ring oscillator PUF, and an SRAM (static random access memory) PUF.
In this embodiment, the signal generation unit R11 outputs a signal RA (also referred to as a second signal) based on the input signal X. The signal generating unit R11 does not always output the same output signal for the same input signal. That is, the output signal of the signal generating unit R11 includes variations within a range in which the hamming distance is equal to or less than a fixed value. It is assumed that the value of the signal RA as the output signal of the signal generation unit R11 has a sufficient length and comprises a sufficient information content.
The error correction generation unit R12 receives the signal RA from the signal generation unit R11 and generates the auxiliary information a for correcting errors due to variations in the signal RA for the same signal X. It is assumed that the error correction generation unit R12 is capable of performing at least one of an error correction code, majority calculation, high noise bit removal, and the like to generate the side information a. Further, the error correction generation unit R12 may use a combination of these algorithms. The error correction generation unit R12 outputs side information a for correcting errors and a signal RB (also referred to as a third signal). In addition to receiving the signal RA from the signal generating unit R11, the error correction generating unit R12 may receive the common random number Y from the outside. It is to be noted that the signals RB and RA may have the same value according to the specification of the error correction generation unit R12.
It is to be noted that, if appropriate parameters corresponding to the output characteristics of the signal generating unit R11 can be selected, various configurations of various configuration techniques for implementing error correction, such techniques as a code shift technique or a syndrome technique using an error correction code, a blur extractor such as a technique of a cryptographic method that is not feasible for decryption using a lattice vector problem, and a modification technique thereof can be used as the error correction generating unit R12.
The random number extraction unit SR1 and the data separation unit SR2 constitute a private key generation unit SR10 (first private key generation unit). The private key generation unit SR10 generates a private key based on the signal RB.
The random number extraction unit SR1 is a device that receives a signal RB, which is a bit string including an offset, and outputs a signal RC (also referred to as a fifth signal) having a value that is obtained by compressing information content and that cannot be distinguished from a true random number. The random number extraction unit SR1 generates the signal RC by using appropriate key encryption, message authentication code, a universal one-way hash function, etc.
The data separation unit SR2 separates the input signal RC into several values according to the determined specification. In this embodiment, the data separation unit SR2 separates a signal RD (also referred to as a first private key), which is a private key used to encrypt the signal RZ to be transmitted, from the signal RC; and outputs the separated signal RD to the encryption calculation unit R13. It is assumed that, when it is necessary that a part of the output is not a value of a bit string, the data separation unit SR2 performs an appropriate process and outputs a value within a limited range. For example, when a part of the output needs to be smaller than prime p, the data separation unit SR2 may perform calculations such as remainder calculations using the prime p.
The encryption calculation unit R13 encrypts the signal RZ, which is a signal to be transmitted, by using the signal RD output from the data separation unit SR2 and outputs the encrypted signal to the communication device S1 as an encrypted signal B.
Next, the cryptographic processing device S10 is explained with reference to fig. 3 and 6. Fig. 6 schematically shows the configuration of the cryptographic processing device S10 according to the first embodiment. The cryptographic processing device S10 includes an error correction decryption unit S12, a random number extraction unit SR1, a data separation unit SR2, and a decryption calculation unit S13.
The error correction decryption unit S12 corrects errors in the input value by using the auxiliary information a and outputs a signal SB (also referred to as an eighth signal). In this example, when the error correction decryption unit S12 receives the signal SA, i.e., the signal RA and the auxiliary information a of the signal generation unit R11 stored in advance, the error correction decryption unit S12 performs an error correction process by using them and outputs an error-corrected signal SB. It is assumed that in the error correction decryption unit S12, respective numerical values in the internal algorithm necessary for error correction are determined based on the amount of noise caused by the signal generation unit R11, the rate of failure of correction, the information content of the data to be processed, and the like.
It is to be noted that the above-described error correction generation unit R12 and error correction decryption unit S12 may include various processes, such as a majority method, and elimination of a portion including much noise, in addition to the error correction code.
It is to be noted that, if appropriate parameters corresponding to the output characteristics of the signal generating unit R11 can be selected, various configurations for implementing error correction techniques, such as those using a code shift technique or syndrome technique of an error correction code, a blur extractor such as a technique of a cryptographic method that is not feasible for decryption using a lattice vector problem, and a modification technique thereof can be used as the error correction decryption unit S12.
The random number extraction unit SR1 and the data separation unit SR2 constitute a private key generation unit SR20 (second private key generation unit). The private key generation unit SR20 generates a private key based on the signal SB. The random number extraction unit SR1 and the data separation unit SR2 are similar to those of the cryptographic processing device R10.
In the cryptographic processing device S10, the random number extraction unit SR1 outputs a signal SC having a value that is obtained by compressing the information content of the signal SB and that cannot be distinguished from true random numbers. The data separation unit SR2 separates the signal SC into several values according to the determined specification. In this embodiment, the data separation unit SR2 separates a signal SD (also referred to as a fourth private key), which is a private key required for a process for decrypting the encrypted signal B, from the signal SC and outputs the separated signal SD to the encryption calculation unit S13. The decryption calculation unit S13 decrypts the received encrypted signal B by using the signal SD of the data separation unit SR2 and outputs the decrypted signal as the signal SZ.
Then, the length of each of the above signals is checked. In order to ensure security of cryptographic communication between communication devices, restrictions described below are given to the length of the bit string of the corresponding signal.
[ Signal RA ]
For the length of the bit string of the signal RA, it is assumed that the value obtained by subtracting the leakage of part of the information content caused by the side information a from the information content of the signal RA is much larger than the length of the signal RB.
[ Signal RB ]
For the length of the bit string of the signal RB, it is assumed that the information content of the signal RB is much larger than the length of the bit string of the signal RC. Further, it is assumed that the signal RB includes variations evaluated as independent random numbers when the signals RC generated by executing the cryptographic processing device R10 a plurality of times are compared with each other.
[ Signal RD and Signal SD ]
It is assumed that the length of the bit string of the signal RD input to the encryption calculation unit R13 and the signal SD input to the decryption calculation unit S13 is longer than the bit string of the signal RZ which is a signal to be transmitted.
[ Signal X ]
It is assumed that a length sufficient to obtain the signal RA output from the signal generation unit R11 is given for the length of the bit string of the signal X.
[ prime number p ]
It is assumed that the length of the bit string of prime p is given based on a criterion that ensures the security and integrity of the data. For example, the length of the prime number p is preferably 256 bits or more.
The security of the cryptographic communication in this configuration is then checked. When the cryptographic communication between the communication devices R1 and S1 has been correctly performed and the noise in the signal RA output from the signal generating unit R11 has been correctly corrected by the error correction decrypting unit S12, the signal SA having a fixed value stored in the communication device S1 is correctly corrected as the signal RA.
In this case, the signal SD in the communication device S1 becomes the same as the signal RD in the communication device R1. Therefore, the signal SZ in the communication device S1 becomes the same as the signal RZ in the communication device R1.
Whenever the signal X is input, a value including noise is output as the signal RA from the signal generation unit R11 of the communication device R1. Therefore, when the bit string of the signal RA is sufficiently long, the signal RA generated at a defined point in time is different from the signal RA generated earlier than that point in time. Further, assuming that the signal RA output at each point in time includes sufficient entropy, the signal RC output from the random number extraction unit SR1 of the communication device R1 becomes a random number that is cryptographically secure. The signal RD can thus be used as a one-time unpredictable private key.
As explained so far, in this configuration, a physically unclonable function is used as a technique for dynamically generating a private key for encryption and decryption. Typically, a physically unclonable function is used for deriving a private key having a fixed value. In contrast, in this configuration, assuming that the signal X as a fixed input value is input each time, the output signal of the signal generating unit formed as a physically unclonable function includes different noise. By outputting independent random numbers using a noise source in this manner, different private keys are generated. Therefore, in this configuration, since a private key that is not a fixed value can be used because of an erroneous change included in the signal RA, highly secure data transmission can be performed compared to data transmission using a fixed key.
Currently, quantum computers are actively studied and many research institutes are proposing new suggestions. Further, quantum computers capable of performing specific calculations have been marketed. Meanwhile, it has been proved that, if a quantum computer is present, a key cipher such as the existing AES and public key cipher can be easily broken based on the difficulty of prime factorization or discrete logarithm problem. Therefore, it is considered that development of cryptographic technology suitable for quantum computers is essential to secure future semiconductor industries.
As for public key cryptography, various achievements have been published in recent years. However, there are many problems with respect to the calculation time and the implementation scale, and therefore it is expected to be difficult to mount it in a semiconductor device in view of cost in many cases. In contrast, the key cryptographic method using the physically unclonable function according to the configuration can substantially reduce the calculation time and implementation cost.
Further, when using conventional cryptographic techniques, it is necessary to securely retain the private key. However, it is possible that the private key may be sorted out using a technique of physically copying information stored in the nonvolatile memory by using a reverse engineering technique or the like. In contrast, in this configuration, since a physically unclonable function is used, there is no need to store secret information in a non-volatile memory within the device, specifically within the communication device R1. It will therefore be appreciated that this configuration has high security properties, as the risk that the private key may be stolen can be avoided. Further, since secret information is not stored in the communication apparatus that transmits the encrypted signal, it is possible to prevent secret information from leaking even when the communication apparatus that transmits the encrypted signal is identified.
The initialization method for the signal SA and the signal X stored in the storage unit 3 of the communication device S1 will be described below. Fig. 7 shows a signal flow in initialization of the cryptographic processing system 100 according to the first embodiment. This initialization is performed in an environment where no outsiders are monitoring the process.
First, the communication device S1 generates a random number by, for example, a random number generator (not shown) and outputs the generated random number as a signal X to the communication device S1. Further, the communication device S1 outputs an arbitrary prime number p to the communication device R1. The communication device R1 stores the prime number p in a storage unit (not shown). The prime number p is used as needed in the process performed by the communication devices R1 and S1. Note that the illustration of the prime p is omitted in the drawings referred to in this description.
The communication device R1 supplies the signal X to the signal generation unit R11 and outputs a signal RA, which is an output of the signal generation unit R11, to the communication device S1. The communication device S1 replaces the signal SA with the received signal RA. Then, the communication device S1 stores the updated signal SA, signal X, and prime number p in the storage unit 3.
As explained above, the signal SA and the signal X are defined by initialization. After the initialization is completed, the above-described secure data communication may be performed.
Second embodiment
A cryptographic processing system 200 according to a second embodiment is illustrated. Fig. 8 schematically shows the configuration of a cryptographic processing system 200 according to the second embodiment. The cryptographic processing system 200 according to the second embodiment has a configuration obtained by replacing the communication devices R1 and S1 of the cryptographic processing system 100 according to the first embodiment with the communication devices R2 and S2, respectively. The communication device R2 has a configuration obtained by replacing the cryptographic processing device R10 of the communication device R1 with the cryptographic processing device R20. The communication device S2 has a configuration obtained by replacing the cryptographic processing device S10 of the communication device S1 with the cryptographic processing device S20.
The configuration and operation of each part of the cryptographic processing system 200 are explained below with reference to fig. 9 to 11. Fig. 9 is a sequence diagram showing the exchange of signals in the cryptographic processing system 200 according to the second embodiment.
The cryptographic processing device R20 is explained with reference to fig. 9 and 10. Fig. 10 schematically shows the configuration of a cryptographic processing device R20 according to the second embodiment. The cryptographic processing device R20 has a configuration obtained by adding a multiplier SR3 and an adder SR4 in the cryptographic processing device R10.
The multiplier SR3 and the adder SR4 constitute an authentication information generation unit SR 30. Authentication information generation section SR30 generates authentication information C based on encrypted signal B (signal RG) and a private key different from signal RD.
In this embodiment, the data separation unit SR2 of the cryptographic processing device R20 separates the input signal RC into a signal RD, a signal RE (also referred to as a second private key), and a signal RF (also referred to as a third private key). The signals RD, RE, and RF are output to the encryption calculation unit R13, the multiplier SR3, and the adder SR4, respectively.
The multiplier SR3 multiplies the signal RG (i.e., the encrypted signal B) output from the encryption calculation unit R13 by the signal RE supplied from the data separation unit SR2 and outputs a value obtained from the multiplication result to the adder SR4 as a signal RH (also referred to as a sixth signal). Note that, in this embodiment, it is assumed that multiplier SR3 divides the multiplication result of signals RG and RE by prime p and outputs the remainder of the division as signal RH.
The adder SR4 adds the signal RH output from the multiplier SR3 and the signal RF supplied by the data separation unit SR2 and outputs a value obtained from the addition result to the cryptographic processing device S20 of the communication device S2 as authentication information C. Note that, in this embodiment, it is assumed that adder SR4 divides the addition result of signals RH and RF by prime p and outputs the remainder of the division as authentication information C.
Next, the cryptographic processing apparatus S20 is explained with reference to fig. 9 and 11. Fig. 11 schematically shows the configuration of the cryptographic processing device S20 according to the second embodiment. The cryptographic processing device S20 has a configuration obtained by adding the multiplier SR3, the adder SR4, and the comparison unit S14 in the cryptographic processing device S10.
The multiplier SR3 and the adder SR4 constitute a comparison signal generation unit SR 40. The comparison signal generation unit SR40 generates the comparison signal SI based on the encrypted signal B and a private key different from the signal SD. Note that the multiplier SR3 and the adder SR4 have configurations similar to those of the cryptographic processing device R20.
In this embodiment, the data separation unit SR2 of the cryptographic processing device S20 separates the input signal SC (also referred to as a ninth signal) into the signal SD, the signal SE (also referred to as a fifth private key), and the signal SF (also referred to as a sixth private key), which are all private keys. The signals SD, SE, and SF are output to the encryption calculation unit R13, the multiplier SR3, and the adder SR4, respectively.
The multiplier SR3 of the cryptographic processing apparatus S20 multiplies the encrypted signal B output from the cryptographic processing apparatus R20 by the signal SE supplied by the data separation unit SR2 and outputs a value obtained from the multiplication result to the adder SR4 as a signal SH (also referred to as a tenth signal). Note that, in this embodiment, it is assumed that the multiplier SR3 divides the multiplication result of the encrypted signal B and the signal SE by a prime number p and outputs the remainder of the division as a signal RH. That is, the signal SH becomes the same signal as the signal RH in the cryptographic processing device R20.
The adder SR4 of the cryptographic processing apparatus S20 adds the signal SH output from the multiplier SR3 of the cryptographic processing apparatus S20 to the signal SF supplied by the data separation unit SR2 and outputs a value obtained from the addition result to the comparison unit S14 as a comparison signal SI. Note that, in this embodiment, it is assumed that the adder SR4 divides the addition result of the signals SH and SF by a prime number p and outputs the remainder of the division as the comparison signal SI.
The comparing unit S14 compares the authentication information C output from the cryptographic processing apparatus R20 with the comparison signal SI and outputs the comparison result to the decryption calculation unit S13 as a signal SJ.
Based on the signal SJ, when the authentication information C matches the comparison signal SI, the decryption calculation unit S13 decrypts the encrypted signal B into the signal SZ by using the signal SD. When the authentication information C is different from the comparison signal SI, the decryption calculation unit S13 stops the decryption of the encrypted signal B by using the signal SD. In this way, the communication device S2 can perform the decryption process after having confirmed that the encrypted signal B has not been tampered with using the authentication information C.
The security of the cryptographic communication in this configuration is checked. When the cryptographic communication between the communication devices R2 and S2 has been correctly performed and the noise in the signal RA output from the signal generating unit R11 has been correctly corrected by the error correction decrypting unit S12, the signal SA having a fixed value stored in the communication device S1 is correctly corrected as the signal RA.
In this case, the signals SD, SE, and SF in the communication device S2 are the same as the signals RD, RE, and RF in the communication device R2, respectively. Therefore, the signal SZ in the communication device S2 is the same as the signal RZ in the communication device R2.
Then, the length of each of the above signals is checked. In order to ensure the security of cryptographic communication between communication devices, the following restrictions, in addition to those explained in the first embodiment, are applied to the length of the bit string of the corresponding signal.
[ signals RE and SE ]
It is assumed that the signals RE and SE input to the multiplier SR3 have values smaller than the prime number p. This is because when the data separation unit SR2 separates the signals RC and SC supplied thereto into three signals, it can operate division by performing remainder calculation using the prime number p.
[ Signal RF and Signal SF ]
It is assumed that the signals RF and SF input to the adder SR4 have values smaller than the prime number p. This is because when the data separation unit SR2 separates the signals RC and SC supplied thereto into three signals, it can operate division by performing remainder calculation using the prime number p.
[ encrypted Signal B and Signal RG ]
It is assumed that encrypted signal B and signal RG input to multiplier SR3 have values smaller than prime number p. This is because, when the length of the bit string of the signal RZ is shorter than 1 bit than the prime number p and the signal RG is equal to or larger than the prime number p, it can operate by inverting the most significant bit of the signal RG. Alternatively, it may operate by regenerating the signal RA output from the signal generating unit R11 until the signal RG becomes smaller than the prime number p, or by attempting to do so by a separation method performed by the data separation unit SR2 to regenerate the signal RD.
As described so far, in this configuration, the authentication information C is used to determine the authenticity of the received data. In this way, it can be determined whether the received encrypted signal B is transmitted from a legitimate transmission source. This authentication method has been considered as a cryptographic technique that is secure from information theory. However, there is a limitation that the private key to be used can be used only once to ensure security. Therefore, when a private key having a fixed value is used and data authentication using authentication information is used, security from the viewpoint of information theory cannot be ensured.
In contrast, in this configuration, the signals SD, SE, and SF can be operated as one-time unpredictable private keys by using the variation in the output of the physically unclonable function. That is, a different private key may be used each time encryption is performed. Thus, the above-mentioned limitations relating to data authentication can be overcome and cryptographic techniques can be applied with security ensured from the information theory point of view.
Third embodiment
A cryptographic processing system 300 according to a third embodiment is illustrated. Fig. 12 schematically shows the configuration of a cryptographic processing system 300 according to a third embodiment. The cryptographic processing system 300 according to the third embodiment has a configuration obtained by replacing the communication devices R1 and S1 of the cryptographic processing system 100 according to the first embodiment with the communication devices R3 and S3, respectively. The communication device R3 has a configuration obtained by replacing the cryptographic processing device R10 of the communication device R1 with the cryptographic processing device R30. The communication device S3 has a configuration obtained by replacing the cryptographic processing device S10 of the communication device S1 with the cryptographic processing device S30.
A cryptographic processing device R30 is illustrated. Fig. 13 schematically shows the configuration of a cryptographic processing device R30 according to the third embodiment. The cryptographic processing device R30 uses an exclusive or (XOR) calculation unit as the encryption calculation unit R13. The remaining configuration of the cryptographic processing device R30 is similar to that of the cryptographic processing device R10, and therefore, a description thereof is omitted.
The encryption calculation unit R13 formed of an XOR calculation unit outputs an exclusive or of the signal RD output from the data separation unit SR2 and the signal RZ which is a signal to be transmitted, to the communication device S1 as an encrypted signal B (i.e., as a signal RG).
The cryptographic processing apparatus S30 is illustrated. Fig. 14 schematically shows the configuration of the cryptographic processing device S30 according to the third embodiment. The cryptographic processing device S30 uses an exclusive or (XOR) calculation unit as the decryption calculation unit S13. The remaining configuration of the cryptographic processing apparatus S30 is similar to that of the cryptographic processing apparatus S10, and thus the description thereof is omitted.
The decryption calculation unit S13 formed by the XOR calculation unit decrypts the encrypted signal B by calculating the exclusive or of the signal SD output from the data separation unit SR2 and the encrypted signal B, and outputs the decrypted signal as the signal SZ.
In this embodiment, the encryption calculation unit R13 of the cryptographic processing device R30 and the decryption calculation unit S13 of the cryptographic processing device S30 may be formed by using XOR calculation units having the same configuration.
As explained so far, in this configuration, the exclusive or calculation is performed when encrypting data. Generating a password by an exclusive or calculation has been considered as an encryption technique that is secure from information theory. However, there is a limitation that the private key to be used can be used only once to ensure security. Therefore, when a private key having a fixed value is used and exclusive or calculation is used, security from the viewpoint of information theory cannot be ensured.
In contrast, in this configuration, the signals SD, SE, and SF can be treated as one-time unpredictable private keys by using the variation in the output of the physically unclonable function. That is, a different private key may be used each time encryption is performed. Accordingly, the restriction related to the password generation using the exclusive or calculation can be overcome and the password technique in which the security is ensured from the viewpoint of information theory can be applied.
Fourth embodiment
A cryptographic processing system 400 according to a fourth embodiment is illustrated. Fig. 15 schematically shows the configuration of a cryptographic processing system 400 according to a fourth embodiment. The cryptographic processing system 400 according to the fourth embodiment has a configuration obtained by replacing the communication device R2 of the cryptographic processing system 200 with the communication device R4.
Fig. 16 shows the handshake in the cryptographic processing system 400 according to the fourth embodiment. In the cryptographic processing system 200, the signal X is transmitted from the communication device S2 to the communication device R2. In contrast, the cryptographic processing system 400 has a configuration different from that of the cryptographic processing system 200 in that the signal X is not transmitted from the communication device S2 to the communication device R4. In contrast, the communication device R4 stores the signal X in advance.
A communication device R4 is illustrated. The communication device R4 has a configuration obtained by adding the storage unit 4 (also referred to as a first storage unit) in the communication device R2. The signal X is stored in the storage unit 4 in advance. The signal X is supplied to the signal generating unit R11 of the cryptographic processing device R20 as needed. In this way, the communication device R4 can perform operations similar to those of the communication device R2.
According to this configuration, the communication device R4 can continue the process required for cryptographic communication at any time without waiting for transmission of the signal X from the communication device S1. Therefore, it is more preferable to use the communication device R4 according to the embodiment than to use the communication device R2 according to the second embodiment for communication between communication devices between which communication delay occurs.
Fifth embodiment
A cryptographic processing system 500 according to a fifth embodiment is illustrated. Fig. 17 schematically shows the configuration of a cryptographic processing system 500 according to a fifth embodiment. The cryptographic processing system 500 according to the fifth embodiment has a configuration obtained by replacing the communication device S2 of the cryptographic processing system 200 with the communication device S5. The communication device S5 has a configuration obtained by adding the random number generator 5 in the communication device S2.
Fig. 18 shows handshake in a cryptographic processing system 500 according to a fifth embodiment. In the cryptographic processing system 500, the communication device S5 outputs the signal X to the communication device R2, similarly to the communication device S2. Further, the communication device S5 outputs the random number generated by the random number generator 5 to the communication device R2 as a signal RZ.
In this embodiment, the signal RZ is input to the multiplier SR3 bypassing (i.e., not passing through) the encryption calculation unit R13. Since the signal RZ is not input to the encryption calculation unit R13, the communication device R2 does not output the encrypted signal B. However, similarly to the second embodiment, the communication device R2 outputs the assistance information a and the authentication information C to the communication device S5.
In this embodiment, the signal RZ is supplied from the random number generator 5 to the multiplier SR3 of the communication device S5. The comparison unit S14 compares the comparison signal SI generated based on the signal RZ with the authentication information C and outputs the comparison result as a signal SJ.
According to this configuration, when the authentication information C matches the comparison signal SI generated based on the signal RZ, it can be ensured that the communication device R2 with which the authentication information C has been generated is legitimate as an entity with which the communication device S5 performs cryptographic communication.
That is, when the noise of the physical unclonable function is sufficiently small and correctly eliminated by the error correction decryption unit S12, and the communication between the communication devices is not tampered with, the communication device S5 can correctly authenticate the communication device R2. It is to be noted that it is understood that the probability of authentication success in the cases other than the aforementioned case decreases exponentially according to the lengths of the side information a and the authentication information C.
Sixth embodiment
A cryptographic processing system 600 according to a sixth embodiment is illustrated. Fig. 19 schematically shows the configuration of a cryptographic processing system 600 according to a sixth embodiment. The cryptographic processing system 600 is a modified example of the cryptographic processing system 400 and has a configuration obtained by replacing the communication devices S2 and R4 of the cryptographic processing system 400 with the communication devices S6 and R6, respectively.
The communication device R6 has a configuration obtained by replacing the cryptographic processing device R20 of the communication device R4 with the cryptographic processing device R60 and adding the storage unit 4 storing the signal X as in the case of the cryptographic processing system 400 according to the fourth embodiment. In this way, in the cryptographic processing system 600, similarly to the cryptographic processing system 400, the signal X is not transmitted from the communication device S6 to the communication device R6, but is stored in advance in the storage unit 4 in the communication device S6. Thus, the signal X is supplied from the storage unit 4 to the cryptographic processing device R60. The storage unit 4 is similar to the storage unit in the cryptographic processing system 400.
The communication device S6 has a configuration obtained by replacing the cryptographic processing device S20 of the communication device S2 with the cryptographic processing device S60. Further, unlike the first to fifth embodiments, the signal SA is not stored in the communication device S6.
The configuration and operation of each part of the cryptographic processing system 600 is explained below. Fig. 20 shows the handshake in the cryptographic processing system 600 according to the sixth embodiment. Fig. 21 schematically shows the configuration of a cryptographic processing device R60 according to the sixth embodiment. Unlike the cryptographic processing device R20, the cryptographic processing device R60 has a configuration in which the signal generation unit is not formed as a Physical Unclonable Function (PUF) unit but includes a noise generation unit.
The signal generating unit R61 of the cryptographic processing device R60 includes a noise generating unit R62 and an XOR circuit R63. The noise generation unit R62 generates noise RN varying within a predetermined range and supplies the generated noise RN to the XOR circuit R63. As described above, the signal X is stored in the memory unit 4 in advance and supplied from the memory unit 4 to the XOR circuit R63.
The XOR circuit R63 outputs an exclusive or of the input signal X and the noise RN as a signal RA, which is an output signal. Note that, in the signal generating unit R61, the same output signal is not always output for the same input signal. That is, the noise RN is generated by the noise generation unit R62 such that the output signal varies within a range in which the hamming distance is equal to or less than a fixed value. In this way, the signal generating unit R61 can realize a behavior similar to that of a signal generating unit using a physically unclonable function as in the case of the first to fifth embodiments and can output a signal RA similar to that output by a signal generating unit using a physically unclonable function.
Preferably, the noise generation unit R62 is configured so that noise (error) comparable to that generated when a physically unclonable function is used is generated. For example, at signal SA 2256In the case where noise is generated at this level of possible variation, when the probability of occurrence of noise is 1%, the necessary length of the signal X is 3,300 bits. Further, when the probability of occurrence of noise is 10%, the necessary length of the signal X is 560 bits. The noise generation unit R62 may be formed by using any noise source that can be implemented by hardware or software, such as a noise generation unit using thermal noise and TRNG (true random number generator), if the generated noise is unpredictable.
The signal RA, which is the exclusive or of the signal X and the noise RN, is input to the error correction generation unit R12. Similar to the above-described embodiment, the error correction generation unit R12 generates the side information a for correcting errors due to variations in the signal RA for the same signal X and outputs the generated side information a and the signal RB (also referred to as a third signal). In addition to receiving the signal RA from the signal generating unit R61, the error correction generating unit R12 may receive the common random number Y from the outside. It is to be noted that the signals RB and RA may have the same value according to the specification of the error correction generation unit R12.
The remaining configuration and operation of the cryptographic processing device R60 are similar to those of the cryptographic processing device R10, and therefore, the description thereof is omitted.
Next, the cryptographic processing apparatus S60 is explained. Fig. 22 schematically shows the configuration of a cryptographic processing device S60 according to the sixth embodiment. In the cryptographic processing apparatus S60, unlike the first to fifth embodiments, the signal X is supplied from the storage unit 3 to the error correction decryption unit S12 instead of the signal SA. The error correction decryption unit S12 may recover the signal RA, which is an exclusive or of the signal X and the noise RN, by using the signal X and the side information a. Then, the signal SB may be output based on the recovered signal RA. It is to be noted that, similarly to the above-described embodiment, when the signal RA is correctly recovered, the signal SB becomes the same signal as the signal RB. The remaining configuration and operation of the cryptographic processing device S60 are similar to those of the cryptographic processing device S10, and thus a description thereof is omitted.
According to this configuration, the communication device R6 can continue the process necessary for cryptographic communication at any time without waiting for transmission of the signal X from the communication device S6. Therefore, the cryptographic processing system 600 according to this embodiment is preferably used for communication between communication devices during which communication delay occurs. Further, a comparable cryptographic processing system can be formed even when it is very difficult to implement a physically unclonable function unit.
Seventh embodiment
An information acquisition system 700 according to a seventh embodiment is explained. The information collection system 700 is an example of a system to which the cryptographic processing system 200 according to the second embodiment described above is applied and which is formed as a system for securely collecting information from various sensors. Fig. 23 schematically shows the configuration of an information acquisition system 700 according to a seventh embodiment. The information acquisition system 700 includes a server 701, a temperature sensor 702, and a seismic intensity sensor 703.
The server 701 has a configuration similar to that of the communication device S2 of the cryptographic processing system 200. The server 701 may be, for example, a server managed by a user who owns the server 701.
Each of the temperature sensor 702 and the seismic intensity sensor 703 has a configuration similar to that of the communication device R2 of the cryptographic processing system 200. The temperature sensor 702 and the seismic intensity sensor 703 may be installed in equipment owned by a user and may be incorporated in a semiconductor device.
In this embodiment, the server 701 outputs a signal X1 to the temperature sensor 702. The temperature sensor 702 receives the signal X1 and the random number Y1, generates a private key based on the signal X1, encrypts a signal RZ1 indicating temperature information, and outputs auxiliary information a1, an encrypted signal B1, and authentication information C1 to the server 701. The server 701 performs a decryption process based on the auxiliary information a1, the encrypted signal B1, and the authentication information C1, and by doing so can obtain the same signal SZ1 as the signal RZ1 indicating the temperature information.
Further, in this embodiment, the server 701 outputs a signal X2 to the seismic intensity sensor 703. The seismic intensity sensor 703 receives the signal X2 and the random number Y2, generates a private key based on the signal X2, encrypts a signal RZ2 indicating seismic intensity information, and outputs auxiliary information a2, an encrypted signal B2, and authentication information C2 to the server 701. The server 701 performs a decryption process based on the auxiliary information a2, the encrypted signal B2, and the authentication information C2, and by doing so, can obtain the same signal SZ2 as the signal RZ2 indicating the seismic-intensity information.
As described above, according to this configuration, a system capable of securely transmitting data acquired by each sensor can be constructed. This is particularly advantageous for security, for example, when the temperature sensor 702 and the seismic intensity sensor 703 are installed in internet of things (IoT) devices. Further, the server 701 can provide an arbitrary cloud service using data collected from each sensor. As for the interface through the external input/output device, any communication method may be applied, such as wired LAN, WiFi (registered trademark), Bluetooth (registered trademark), and ZigBee (registered trademark).
Eighth embodiment
A plant management system 800 according to an eighth embodiment is explained. The factory management system 800 is an example to which the cryptographic processing system 400 according to the fourth embodiment described above is applied. Fig. 24 schematically shows the configuration of a plant management system 800 according to an eighth embodiment. The factory management system 800 includes a centralized management apparatus 801 and a semiconductor device 802.
The centralized management device 801 has a configuration similar to that of the communication device R4 of the cryptographic processing system 400. The semiconductor apparatus 802 has a configuration similar to that of the communication device S2 of the cryptographic processing system 400. The semiconductor apparatus 802 is a terminal that receives an instruction command from the centralized management device 801 and executes an arbitrary function. The centralized management apparatus 801 may be a centralized management apparatus managed by a user and the semiconductor device 802 may be a semiconductor device installed in an apparatus in a user factory.
In this embodiment, when the centralized management apparatus 801 causes the semiconductor device 802 to execute a certain function, it generates a private key based on the signal X and the random number Y, encrypts the signal RZ indicating the temperature information, and outputs the auxiliary information a, the encrypted message B, and the authentication information C to the semiconductor device 802. Note that, similar to the communication device R4, the centralized management device 801 can automatically (or autonomously) transmit data at fixed intervals without waiting for a response from another device.
The semiconductor device 802 performs a decryption process based on the auxiliary information a, the encrypted message B, and the authentication information C, and by doing so can obtain the same signal SZ as the signal RZ indicating the instruction command. In the semiconductor device 802, for example, the signal SZ is input to a control unit (not shown) and it executes a function indicated by the signal SZ. Note that the semiconductor device 802 performs authentication by using the authentication information C. Then, when the authentication fails, the semiconductor device 802 does not perform the decryption process. Therefore, when the transferred data has been changed and the semiconductor device 802 has received an unintended instruction command, the instruction command is not executed.
In this embodiment, since the authenticity of the received command can be determined by authentication, the level of requirement for the security of the communication path between the centralized management apparatus 801 and the semiconductor device 802 can be relaxed. Thus, for example, transmission of the encryption instruction command from the centralized management apparatus 801 to the semiconductor device 802 can be performed through, for example, the internet.
Ninth embodiment
An information management system 900 according to a ninth embodiment is explained. The information management system 900 is an example to which the cryptographic processing system 500 according to the fifth embodiment described above is applied. Fig. 25 schematically shows the configuration of an information management system 900 according to a ninth embodiment. The information management system 900 includes a database server 901 and a communication device 902.
In this example, it is assumed that the communication device 902 is any communication device, i.e., an RFID tag, for example, attached to an item. The communication device 902 has a configuration similar to that of the communication device R2 of the cryptographic processing system 500. The database server 901 is configured, for example, to manage each item to which the communication device 902 is attached. The database server 901 has a configuration similar to that of the communication device S5 of the cryptographic processing system 500.
The database server 901 transmits the signal X and the signal RZ to the communication device 902 at any time through, for example, the internet.
The communication device 902 generates a private key based on the signal X and the random number Y, encrypts the received signal RZ1, and sends the auxiliary information a and the authentication information C back to the database server 901. The database server 901 performs authentication of the communication device 902 by using the authentication information C and can determine whether the communication device 902 is a legitimate device to be managed.
According to this configuration, even if an outsider other than the user of the information management system 900 attaches a copy of an illegal communication device, i.e., the communication device 902, to another article, the output signal of the physically unclonable function unit in the communication device is different because the physically unclonable function unit cannot be copied first. Therefore, an illegal communication device is never authenticated as a legitimate communication device. Further, even if the data transferred between the database server 901 and the communication device 902 is analyzed, the output from the data separation unit cannot be presumed with a meaningful probability because, as explained in the above-described embodiment, a password that is secure from information theory is used. Thus, according to this embodiment, a secure method/management can be implemented that is capable of determining the authenticity of a communication device incorporating an IoT device or the like.
OTHER EMBODIMENTS
It is to be noted that the present disclosure is not limited to the above-described embodiments, and the embodiments may be modified as necessary without departing from the spirit and scope of the present disclosure. For example, similar to the cryptographic processing system 400 according to the fourth embodiment, each of the cryptographic processing systems according to the first to third embodiments and the fifth embodiment may be modified so that the communication device R1 includes a storage unit that stores the signal X, and the communication device R1 can perform cryptographic processing without receiving the signal X from the communication device S1.
The above-described embodiment is explained on the assumption that the communication device (for example, the communication device S1) that performs the encryption process is separated from the communication device (for example, the communication device R1) that performs the decryption process. However, they may be configured such that one communication device performs both the encryption process and the decryption process.
For example, the cryptographic processing device R10 of the communication device R1 may additionally include the error correction decryption unit S12 and the decryption calculation unit S13 of the cryptographic processing device S10 of the communication device S1. In this case, the random number extraction unit SR1 and the data separation unit SR2 may be used for both the encryption process and the decryption process.
Further, for example, the cryptographic processing device R20 of the communication device R2 may additionally include an error correction decryption unit S12, a decryption calculation unit S13, and a comparison unit S14 of the cryptographic processing device S20 of the communication device S2. In this case, the random number extraction unit SR1, the data separation unit SR2, the multiplier SR3, and the adder SR4 may be used for both the encryption process and the decryption process.
In the third embodiment, it is assumed that the signal RZ to be transmitted is represented by a bit string and the encryption process and the decryption process are performed by using an XOR circuit. However, when the signal RZ can be handled as an integer value equal to or smaller than the prime number p, the encryption calculation unit R13 and the decryption calculation unit S13 may be replaced with an adder and a subtractor, respectively. In this case, the encrypted signal B becomes the addition result of the signals RZ and RD, and the signal SZ becomes a value obtained by subtracting the signal SD from the encrypted signal B. It is assumed that each of these adders and subtractors outputs a remainder of dividing the calculation result by a prime number p. Further, it is assumed that each of the signals RD and SD is an integer value equal to or smaller than the prime number p.
In the above-described embodiment, it is necessary to invert the most significant bit depending on whether the encrypted signal B is smaller than the integer p. However, by using the above configuration, all calculations can be handled as calculations of integers equal to or smaller than prime number p.
Similar to the cryptographic processing system 600 according to the sixth embodiment, in the cryptographic processing systems according to the first to third embodiments and the fifth embodiment, it is self-evident that the cryptographic processing system can be constructed without forming the signal generation unit as a physically unclonable function unit and without using the signal SA by replacing the signal generation unit R11 with the signal generation unit R61 and adding the storage unit 4 that stores the signal X.
In the seventh embodiment, a temperature sensor and a seismic intensity sensor are explained. However, the server may perform cryptographic communication with one device, or with three or more devices. Although an example using one semiconductor device is described in the eighth embodiment, the number of semiconductor devices may be larger than 1. Although an example using one RFID tag is described in the seventh embodiment, the number of communication devices such as RFID tags may be more than 1. Further, it is needless to say that even in the cryptographic processing systems according to the fourth to ninth embodiments, an XOR circuit may be used for the encryption calculation unit and the decryption calculation unit.
The present disclosure made by the inventors of the present application has been described above in a specific manner based on various embodiments. However, the present disclosure is not limited to the above-described embodiments, and it is needless to say that various modifications may be made without departing from the spirit and scope of the present disclosure.
The above-described cryptographic processing system, communication device, and cryptographic processing method performed thereby, which are explained in the respective embodiments, can be described as follows.
(supplementary notes 1)
A communication apparatus, comprising: a signal generation unit configured to output a second signal obtained by giving an error within a predetermined range to a signal obtained based on the first signal; an error correction generation unit configured to output a third signal obtained based on the second signal and side information for correcting an error included in the second signal; a private key generation unit configured to generate a first private key based on the third signal; and an encryption calculation unit configured to output an encrypted signal obtained by encrypting the fourth signal based on the first private key.
(supplementary notes 2)
The communication device described in supplementary note 1, wherein the private key generation unit includes: a random number extraction unit configured to generate a fifth signal from the third signal, the fifth signal having a value indistinguishable from a true random number; and a data separation unit configured to separate the first private key from the fifth signal and output a separated first private key.
(supplementary notes 3)
The communication device described in supplementary note 2, the communication device further comprising an authentication information generation unit configured to generate authentication information based on a private key different from the first private key and the encrypted signal and output the generated authentication information, wherein the data separation unit separates the private key used by the authentication information generation unit from the fifth signal and outputs a separated private key.
(supplementary notes 4)
The communication device described in supplementary note 3, wherein the data separation unit separates the second and third private keys from the fifth signal and outputs the separated second and third private keys, and the authentication information generation unit includes: a multiplier configured to generate a sixth signal by dividing the encrypted signal by the second private key; and an adder configured to generate authentication information by adding the third private key to the sixth signal.
(supplementary notes 5)
The communication device described in supplementary note 1, wherein the encryption calculation unit outputs an exclusive or of the fourth signal and the first private key as the encryption signal.
(supplementary notes 6)
The communication device described in supplementary note 1, wherein the first signal is input to the signal generating unit from outside the communication device.
(supplementary notes 7)
The communication device described in supplementary note 1, the communication device further comprising a storage unit that stores the first signal, wherein the first signal is input from the storage unit to the signal generation unit.
(supplementary notes 8)
The communication device described in supplementary note 4, wherein, when the fourth signal is input to the multiplier, the multiplier generates a sixth signal by dividing the fourth signal by the second private key, and the adder generates the authentication information by adding the third private key to the sixth signal.
(supplementary notes 9)
The communication device described in supplementary note 4, the communication device further comprising: an error correction decryption unit configured to: generating, upon receiving the ancillary information and the encrypted signal from another communication apparatus having the same configuration as the communication apparatus, an eighth signal by correcting an error in a seventh signal, which is generated in advance by supplying the first signal to a signal generation unit of the another communication apparatus, based on the ancillary information received from the another communication apparatus; and a decryption calculation unit configured to generate a decrypted signal by decrypting the encrypted signal received from the other communication apparatus, wherein the private key generation unit generates a fourth private key based on the eighth signal, and the decryption calculation unit generates the decrypted signal by decrypting the encrypted signal received from the other communication apparatus based on the fourth private key.
(supplementary notes 10)
The communication device described in supplementary note 9, wherein the random number extraction unit generates a ninth signal having a value indistinguishable from a true random number from the eighth signal, and the data separation unit separates the fourth private key from the ninth signal and outputs the separated fourth private key.
(supplementary notes 11)
The communication device described in supplementary note 10, wherein the data separation unit separates the fifth and sixth private keys from the ninth signal and outputs the separated fifth and sixth private keys, the multiplier generates a tenth signal by dividing the encrypted signal received from the other communication device by the fifth private key, and the adder generates the comparison signal by adding the sixth private key to the tenth signal.
(supplementary notes 12)
The communication device described in supplementary note 11, the communication device further comprising a comparison unit configured to compare authentication information received from the other communication device with a comparison signal, wherein the decryption calculation unit generates the decryption signal when the comparison signal matches the authentication information received from the other communication device in the comparison unit.
(supplementary notes 13)
The communication device described in supplementary note 9, wherein the decryption calculation unit outputs an exclusive or of the encrypted signal received from the other communication device and the fourth private key as the decrypted signal.
(supplementary notes 14)
The communication device described in supplementary note 9, wherein the first signal is input from another communication device.
(supplementary notes 15)
The communication device described in supplementary note 1, wherein the signal generation unit generates the second signal by supplying the first signal to the physically unclonable function and thereby giving the first signal an error within a predetermined range.
(supplementary notes 16)
The communication device described in supplementary note 1, wherein the signal generating unit includes: a noise generation unit configured to generate noise within a predetermined range; and a noise imparting unit configured to generate a second signal by imparting the noise generated by the noise generating unit to the first signal.
(supplementary notes 17)
The communication device described in supplementary note 16, wherein the noise giving unit outputs an exclusive or of the noise generated by the noise generating unit and the first signal as the second signal.
(supplementary notes 18)
A communication apparatus, comprising: an error correction decryption unit configured to correct an error in a seventh signal based on side information for correcting the error in a second signal obtained by giving an error in a predetermined range to a signal obtained based on the first signal and thereby generate an eighth signal, the seventh signal being generated in advance by giving an error in a predetermined range to the signal obtained based on the first signal; a private key generation unit configured to generate a fourth private key based on the eighth signal; and a decryption calculation unit configured to decrypt the encrypted signal based on the fourth private key and thereby generate a decrypted signal, the encrypted signal being generated by encrypting the fourth signal with the first private key generated based on the second signal.
(supplementary notes 19)
The communication device described in supplementary note 18, wherein the private key generation unit includes: a random number extraction unit configured to generate a ninth signal from the eighth signal output by the error correction decryption unit, the ninth signal having a value indistinguishable from a true random number; and a data separation unit configured to separate the fourth private key from the ninth signal and output a separated fourth private key.
(supplementary notes 20)
The communication apparatus described in supplementary note 19, further comprising: a comparison signal generation unit configured to generate a comparison signal based on a private key different from the fourth private key and the encrypted signal; and a comparison unit configured to compare authentication information, which is generated based on a private key different from the first private key and the encrypted signal, with a comparison signal, wherein the decryption calculation unit generates the decryption signal when the comparison signal matches the authentication information in the comparison unit.
(supplementary notes 21)
The communication device described in supplementary note 20, wherein the data separation unit separates the fifth and sixth private keys from the eighth signal and outputs the separated fifth and sixth private keys, and the comparison signal generation unit includes: a multiplier configured to generate a tenth signal by dividing the encrypted signal by the fifth private key; and an adder configured to generate a comparison signal by adding the sixth private key and the tenth signal.
(supplementary notes 22)
The communication device described in supplementary note 18, wherein the decryption calculation unit outputs an exclusive or of the encrypted signal and the fourth private key as the decrypted signal.
(supplementary notes 23)
A cryptographic processing system comprising a first communication device configured to encrypt a signal and a second communication device configured to decrypt the signal, wherein the first communication device comprises: a signal generation unit configured to output a second signal obtained by giving an error within a predetermined range to a signal obtained based on the first signal; an error correction generation unit configured to output a third signal obtained based on the second signal and side information for correcting an error included in the second signal; a first private key generation unit configured to generate a first private key based on the third signal; and an encryption calculation unit configured to output an encrypted signal obtained by encrypting the fourth signal based on the first private key, and the second communication device includes: an error correction decryption unit configured to correct an error in a seventh signal based on the auxiliary information and thereby generate an eighth signal, the seventh signal being generated in advance by supplying the first signal to the signal generation unit; a second private key generation unit configured to generate a fourth private key based on the eighth signal; and a decryption calculation unit configured to decrypt the encrypted signal based on the fourth private key and thereby generate a decrypted signal.
(supplementary notes 24)
The cryptographic processing system described in supplementary note 23, wherein the first private key generating unit includes: a first random number extraction unit configured to generate a fifth signal from the third signal, the fifth signal having a value indistinguishable from true random numbers; and a first data separating unit configured to separate the first private key from the fifth signal and output a separated first private key, and the second private key generating unit includes: a second random number extraction unit configured to generate a ninth signal from the eighth signal, the ninth signal having a value indistinguishable from true random numbers; and a second data separation unit configured to separate the fourth private key from the ninth signal and output a separated fourth private key.
(supplementary notes 25)
The cryptographic processing system described in supplementary note 23, wherein the first communication device further includes an authentication information generation unit configured to generate authentication information based on a private key different from the first private key and an encrypted signal and output the generated authentication information, the second communication device further includes a comparison signal generation unit configured to generate a comparison signal based on a private key different from the fourth private key and an encrypted signal and a comparison unit configured to compare the authentication information with the comparison signal, the decryption calculation unit generates a decryption signal when the comparison signal matches the authentication information in the comparison unit, the first data separation unit separates the private key used by the authentication information generation unit from the fifth signal and outputs a separated private key, and the second data separation unit separates the private key used by the comparison signal generation unit from the ninth signal and outputs a separated private key A private key.
(supplementary notes 26)
The cryptographic processing system described in supplementary note 25, wherein the first data separation unit separates the second and third private keys from the fifth signal and outputs the separated second and third private keys, the authentication information generation unit includes a first multiplier configured to generate a sixth signal by dividing the encrypted signal by the second private key and a first adder configured to generate the authentication information by adding the third private key to the sixth signal, the second data separation unit separates the fifth and sixth private keys from the ninth signal and outputs the separated fifth and sixth private keys, and the comparison signal generation unit includes a second multiplier configured to generate a tenth signal by dividing the encrypted signal by the fifth private key and a second adder configured to generate the comparison signal by adding the sixth private key to the tenth signal.
(supplementary notes 27)
The cryptographic processing system described in supplementary note 23, wherein the encryption calculation unit outputs an exclusive or of the fourth signal and the first private key as the encryption signal, and the decryption calculation unit outputs an exclusive or of the encryption signal and the fourth private key as the decryption signal.
(supplementary notes 28)
The cryptographic processing system described in supplementary note 23, wherein the first communication device includes a first storage unit that stores the first signal, and the first signal is input from the first storage unit to the signal generating unit.
(supplementary notes 29)
The cryptographic processing system described in supplementary note 23, wherein the second communication device includes a second storage unit that stores the first signal, and the first signal is input from the second storage unit to the signal generating unit.
(supplementary notes 30)
The cryptographic processing system described in supplementary note 26, wherein the second communication device further includes a signal generation unit configured to generate a fourth signal, the fourth signal being input to the first multiplier of the first communication device, in the first communication device, the first multiplier generates a sixth signal by dividing the fourth signal by the second private key, the first adder generates the authentication information by adding the third private key to the sixth signal, in the second communication device, the second multiplier generates a sixth signal by dividing the fourth signal by the fifth private key, the second adder generates the comparison signal by adding the sixth private key to the sixth signal, and the comparison unit compares the comparison signal with the authentication information and outputs the comparison result.
(supplementary notes 31)
The cryptographic processing system described in supplementary note 23, wherein the signal generation unit generates the second signal by supplying the first signal to the physically unclonable function and thereby giving the first signal an error within a predetermined range.
(supplementary notes 32)
The cryptographic processing system described in supplementary note 23, wherein the signal generating unit includes: a noise generation unit configured to generate noise within a predetermined range; and a noise imparting unit configured to generate a second signal by imparting the noise generated by the noise generating unit to the first signal.
(supplementary notes 33)
The cryptographic processing system described in supplementary note 32, wherein the noise giving unit outputs an exclusive or of the noise generated by the noise generating unit and the first signal as the second signal.
(supplementary notes 34)
A cryptographic processing method, comprising: in the first communication device, supplying a first signal to a signal generation unit; outputting a second signal obtained by giving an error within a predetermined range to the first signal; outputting a third signal obtained based on the second signal and authentication information for correcting an error included in the second signal; generating a first private key based on the third signal; outputting an encrypted signal obtained by encrypting the fourth signal based on the first private key; in the second communication device, correcting an error in a seventh signal, which is obtained in advance by supplying the first signal to the signal generating unit, based on the auxiliary information and thereby generating an eighth signal; generating a fourth private key based on the eighth signal; and decrypting the encrypted signal based on the fourth private key and thereby generating a decrypted signal.
While the invention has been described in terms of various embodiments, those skilled in the art will recognize that the invention can be practiced with modification within the spirit and scope of the appended claims and that the invention is not limited to the examples described above.
Further, the scope of the claims is not limited by the above-described embodiments.
Further, it is noted that, Applicant's intent is to encompass equivalents of all claim elements, even if amended later during prosecution.

Claims (20)

1. A communication device, the communication device comprising:
a signal generation unit configured to output a second signal obtained by giving an error within a predetermined range to a signal obtained based on the first signal;
an error correction generation unit configured to output a third signal obtained based on the second signal and side information for correcting an error included in the second signal;
a private key generation unit configured to generate a first private key based on the third signal; and
an encryption calculation unit configured to output an encrypted signal obtained by encrypting a fourth signal based on the first private key.
2. The communication device according to claim 1, wherein the private key generation unit includes:
a random number extraction unit configured to generate a fifth signal from the third signal, the fifth signal having a value indistinguishable from a true random number; and
a data separation unit configured to separate the first private key from the fifth signal and output the separated first private key.
3. The communication device of claim 2, the communication device further comprising:
an authentication information generation unit configured to generate authentication information based on a private key different from the first private key and the encrypted signal, and output the generated authentication information,
wherein,
the data separation unit separates the private key used by the authentication information generation unit from the fifth signal, and outputs the separated private key.
4. The communication device of claim 3,
the data separation unit separates the second and third private keys from the fifth signal and outputs the separated second and third private keys, an
The authentication information generating unit includes:
a multiplier configured to generate a sixth signal by dividing the encrypted signal by the second private key; and
an adder configured to generate the authentication information by adding the third private key to the sixth signal.
5. The communication device of claim 1,
the encryption calculation unit outputs an exclusive or of the fourth signal and the first private key as the encrypted signal.
6. The communication device of claim 1,
the first signal is input to the signal generation unit from outside the communication device.
7. The communication apparatus of claim 1, further comprising:
a storage unit that stores the first signal,
wherein,
the first signal is input from the storage unit to the signal generation unit.
8. The communication device of claim 4,
when the fourth signal is input to the multiplier,
the multiplier generates the sixth signal by dividing the fourth signal by the second private key, an
The adder generates the authentication information by adding the third private key to the sixth signal.
9. The communication device of claim 4,
when the communication device of claim 4 is a first communication device,
the first communication device further comprises:
an error correction decryption unit configured to: generating an eighth signal by correcting an error in a seventh signal, which is generated in advance by supplying the first signal to a signal generating unit of a second communication apparatus, based on the side information received from the second communication apparatus, when the side information and an encrypted signal are received from the second communication apparatus having the same configuration as the communication apparatus according to claim 4; and
a decryption calculation unit configured to: generating a decrypted signal by decrypting the encrypted signal received from the second communication device,
the private key generating unit generates a fourth private key based on the eighth signal, an
The decryption calculation unit generates the decrypted signal by decrypting the encrypted signal received from the second communication device based on the fourth private key.
10. The communication device of claim 1,
the signal generation unit generates the second signal by supplying the first signal to a physically unclonable function and thereby giving the error within the predetermined range to the first signal.
11. The communication device of claim 1, wherein the signal generation unit comprises:
a noise generation unit configured to generate noise within a predetermined range; and
a noise imparting unit configured to generate the second signal by imparting the noise generated by the noise generating unit to the first signal.
12. The communication device of claim 11,
the noise giving unit outputs an exclusive or of the noise generated by the noise generating unit and the first signal as the second signal.
13. A communication device, the communication device comprising:
an error correction decryption unit configured to correct an error in a seventh signal based on side information for correcting the error in a second signal obtained by giving an error in a predetermined range to a signal obtained based on a first signal and thereby generate an eighth signal, the seventh signal being generated in advance by giving an error in a predetermined range to the signal obtained based on the first signal;
a private key generation unit configured to generate a fourth private key based on the eighth signal; and
a decryption calculation unit configured to decrypt an encrypted signal based on the fourth private key and thereby generate a decrypted signal, the encrypted signal being generated by encrypting a fourth signal by a first private key generated based on the second signal.
14. The communication device of claim 13, wherein the private key generation unit comprises:
a random number extraction unit configured to generate a ninth signal from the eighth signal output from the error correction decryption unit, the ninth signal having a value that is indistinguishable from a true random number; and
a data separation unit configured to separate the fourth private key from the ninth signal and output the separated fourth private key.
15. The communication device of claim 14, the communication device further comprising:
a comparison signal generation unit configured to generate a comparison signal based on a private key different from the fourth private key and the encrypted signal; and
a comparison unit configured to compare authentication information with the comparison signal, the authentication information being generated based on the private key different from the first private key and the encrypted signal,
wherein,
the decryption calculation unit generates the decryption signal when the comparison signal matches the authentication information in the comparison unit.
16. The communication device of claim 15,
the data separating unit separates the fifth and sixth private keys from the eighth signal and outputs the separated fifth and sixth private keys, an
The comparison signal generation unit includes:
a multiplier configured to generate a tenth signal by dividing the encrypted signal by the fifth private key; and
an adder configured to generate the comparison signal by adding the sixth private key to the tenth signal.
17. The communication device of claim 13,
the decryption calculation unit outputs an exclusive or of the encrypted signal and the fourth private key as the decrypted signal.
18. A cryptographic processing system comprising a first communication device configured to encrypt a signal and a second communication device configured to decrypt a signal, wherein,
the first communication device includes:
a signal generation unit configured to output a second signal obtained by giving an error within a predetermined range to a signal obtained based on the first signal;
an error correction generation unit configured to output a third signal obtained based on the second signal and side information for correcting an error included in the second signal;
a first private key generation unit configured to generate a first private key based on the third signal; and
an encryption calculation unit configured to output an encrypted signal obtained by encrypting a fourth signal based on the first private key, an
The second communication device includes:
an error correction decryption unit configured to correct an error in a seventh signal based on the auxiliary information and thereby generate an eighth signal, the seventh signal being generated in advance by supplying the first signal to the signal generation unit;
a second private key generation unit configured to generate a fourth private key based on the eighth signal; and
a decryption calculation unit configured to decrypt the encrypted signal based on the fourth private key and thereby generate a decrypted signal.
19. The cryptographic processing system of claim 18,
the first private key generation unit includes:
a first random number extraction unit configured to generate a fifth signal from the third signal, the fifth signal having a value indistinguishable from a true random number; and
a first data separation unit configured to separate the first private key from the fifth signal and output the separated first private key, an
The second private key generation unit includes:
a second random number extraction unit configured to generate a ninth signal from the eighth signal, the ninth signal having a value indistinguishable from true random numbers; and
a second data separation unit configured to separate the fourth private key from the ninth signal and output the separated fourth private key.
20. The cryptographic processing system of claim 19,
the first communication device further includes an authentication information generation unit configured to generate authentication information based on a private key different from the first private key and the encrypted signal, and output the generated authentication information,
the second communication device further includes a comparison signal generation unit configured to generate a comparison signal based on a private key different from the fourth private key and the encrypted signal, and a comparison unit configured to compare the authentication information with the comparison signal,
the decryption calculation unit generates the decryption signal when the comparison signal matches the authentication information in the comparison unit,
the first data separating unit separates the private key used by the authentication information generating unit from the fifth signal and outputs the separated private key, an
The second data separation unit separates the private key used by the comparison signal generation unit from the ninth signal, and outputs the separated private key.
CN201711320791.6A 2016-12-13 2017-12-12 Communication device and cryptographic processing system Active CN108616349B (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
JP2016-241274 2016-12-13
JP2016241274 2016-12-13
JP2017103589A JP2018098757A (en) 2016-12-13 2017-05-25 Communication apparatus and cryptographic processing system
JP2017-103589 2017-05-25

Publications (2)

Publication Number Publication Date
CN108616349A true CN108616349A (en) 2018-10-02
CN108616349B CN108616349B (en) 2023-06-09

Family

ID=62632429

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711320791.6A Active CN108616349B (en) 2016-12-13 2017-12-12 Communication device and cryptographic processing system

Country Status (3)

Country Link
JP (1) JP2018098757A (en)
CN (1) CN108616349B (en)
TW (1) TW201830916A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109783059A (en) * 2018-12-28 2019-05-21 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) A kind of quantum random number production method and device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101036340A (en) * 2004-10-04 2007-09-12 皇家飞利浦电子股份有限公司 Two-way error correction for physical tokens
US20120072737A1 (en) * 2009-03-06 2012-03-22 Geert Jan Schrijen System for establishing a cryptographic key depending on a physical system
CN102393890A (en) * 2011-10-09 2012-03-28 广州大学 Crypto chip system for resisting physical invasion and side-channel attack and implementation method thereof
US20130051552A1 (en) * 2010-01-20 2013-02-28 Héléna Handschuh Device and method for obtaining a cryptographic key
US20140328481A1 (en) * 2011-12-13 2014-11-06 Nec Corporation Identification information generation device and identification information generation method
WO2016058793A1 (en) * 2014-10-13 2016-04-21 Intrinsic Id B.V. Cryptographic device comprising a physical unclonable function

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101036340A (en) * 2004-10-04 2007-09-12 皇家飞利浦电子股份有限公司 Two-way error correction for physical tokens
US20120072737A1 (en) * 2009-03-06 2012-03-22 Geert Jan Schrijen System for establishing a cryptographic key depending on a physical system
US20130051552A1 (en) * 2010-01-20 2013-02-28 Héléna Handschuh Device and method for obtaining a cryptographic key
CN102393890A (en) * 2011-10-09 2012-03-28 广州大学 Crypto chip system for resisting physical invasion and side-channel attack and implementation method thereof
US20140328481A1 (en) * 2011-12-13 2014-11-06 Nec Corporation Identification information generation device and identification information generation method
WO2016058793A1 (en) * 2014-10-13 2016-04-21 Intrinsic Id B.V. Cryptographic device comprising a physical unclonable function

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
B.SKORI´C ET AL.: ""Robust Key Extraction from Physical Uncloneable Functions"", 《INTERNATIONAL CONFERENCE ON APPLIED CRYPTOGRAPHY AND NETWORK SECURITY》 *
HELENA HANDSCHUH ET AL.: ""Key-Recovery Attacks on Universal Hash Function Based MAC Algorithms"", 《ANNUAL INTERNATIONAL CRYPTOLOGY CONFERENCE》 *
刘伟强;崔益军;王成华;: "一种低成本物理不可克隆函数结构的设计实现及其RFID应用" *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109783059A (en) * 2018-12-28 2019-05-21 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) A kind of quantum random number production method and device

Also Published As

Publication number Publication date
CN108616349B (en) 2023-06-09
TW201830916A (en) 2018-08-16
JP2018098757A (en) 2018-06-21

Similar Documents

Publication Publication Date Title
EP2680485B1 (en) Key information generation device and key information generation method
US9037623B2 (en) Proxy calculation system, proxy calculation method, proxy calculation requesting apparatus, and proxy calculation program and recording medium therefor
CN105009507A (en) Generating a key derived from a cryptographic key using a physically unclonable function
US11012230B2 (en) Communication apparatus and cryptographic processing system
CN112115461B (en) Equipment authentication method and device, computer equipment and storage medium
KR102282788B1 (en) Blockchain system for supporting change of plain text data included in transaction
TWI597960B (en) Key splitting
JP6059347B2 (en) Decoding device, decoding capability providing device, method and program thereof
CN113098675B (en) Binary data encryption system and method based on polynomial complete homomorphism
CN110351297B (en) Verification method and device applied to block chain
CN113890731B (en) Key management method, device, electronic equipment and storage medium
EP3698262B1 (en) Protecting modular inversion operation from external monitoring attacks
KR100546375B1 (en) Interdependent parallel processing hardware cryptographic engine providing for enhanced self fault-detecting and hardware encryption processing method thereof
EP3641219A1 (en) Puf based securing of device update
CN111066077A (en) Encryption device, encryption method, decryption device, and decryption method
CN113158200A (en) Integrated circuit for performing authentication using challenge-response protocol and method for using the same
CN108616349B (en) Communication device and cryptographic processing system
US20160148002A1 (en) Key storage apparatus, key storage method and program therefor
US20170180392A1 (en) Method and device for transmitting software
JP5945525B2 (en) KEY EXCHANGE SYSTEM, KEY EXCHANGE DEVICE, ITS METHOD, AND PROGRAM
CN113261038A (en) Secure computing device and client device
JP2019200382A (en) Encryption system, encryption device, decryption device, encryption method, decryption method, and program
US11595201B2 (en) System and method for generation of a disposable software module for cryptographic material protection
Heinl et al. AntiPatterns regarding the application of cryptographic primitives by the example of ransomware
CN111064753B (en) One-Time Pad-based password manager implementation method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant