CN108616349B - Communication device and cryptographic processing system - Google Patents

Communication device and cryptographic processing system Download PDF

Info

Publication number
CN108616349B
CN108616349B CN201711320791.6A CN201711320791A CN108616349B CN 108616349 B CN108616349 B CN 108616349B CN 201711320791 A CN201711320791 A CN 201711320791A CN 108616349 B CN108616349 B CN 108616349B
Authority
CN
China
Prior art keywords
signal
private key
communication device
unit configured
generate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711320791.6A
Other languages
Chinese (zh)
Other versions
CN108616349A (en
Inventor
森山大辅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Renesas Electronics Corp
Original Assignee
Renesas Electronics Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Renesas Electronics Corp filed Critical Renesas Electronics Corp
Publication of CN108616349A publication Critical patent/CN108616349A/en
Application granted granted Critical
Publication of CN108616349B publication Critical patent/CN108616349B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Abstract

The present invention relates to a communication device and a cryptographic processing system. A cryptographic communication method using a dynamically generated private key is provided. The signal generating unit outputs a second signal obtained by giving an error within a predetermined range to a signal obtained based on the first signal. The error correction generation unit outputs a third signal obtained based on the second signal and auxiliary information for correcting an error included in the second signal. The private key generation unit generates a first private key based on the third signal. The encryption calculation unit outputs an encrypted signal obtained by encrypting the fourth signal based on the first private key.

Description

Communication device and cryptographic processing system
Technical Field
The present invention relates to a communication device and a cryptographic processing system.
Background
Currently, various cryptographic methods are used to ensure the security of data communications. Among these methods, a method using a physically unclonable function is considered as a high security method.
A problem that arises when using a physically unclonable function is that the device cannot be replicated for the physically unclonable function. Thus, in order for two devices to have a public key, one device stores in advance the output value of the physical unclonable function and the other device uses the value dynamically generated by the physical unclonable function. However, the physical unclonable function does not always output a fixed value, but outputs a value that includes a change. Therefore, error correction needs to be performed. Thus, for example, there has been proposed a form of embodiment in which a first device temporarily observes the output of a physical unclonable function and a second device performs decryption of error correction after executing the physical unclonable function, so that the second device holds the same value as the output value of the physical unclonable function held by the first device (Pim tunes and Lejla Batina, "RFID-Tags for Anti-counter", CT-RSA, 2006).
Further, another cryptographic method using a physically unclonable function has been proposed (japanese unexamined patent application publication No. 2013-31151). In the cryptographic method, in order for two devices to have a public key, a first device generates the public key through a physically unclonable function and a second device executes an encryption algorithm according to a public key cryptographic method using the public key and thereby outputs ciphertext. The second device may recover the public key by performing a decryption algorithm according to a public key cryptography method.
Further, another cryptographic method using a physically unclonable function has been proposed (Japanese unexamined patent application publication No. 2016-7033). The cryptographic method does not use a mechanism to share a public key with another device. Instead, a value obtained by encrypting the error correction is stored in the server. Then, when necessary, the value obtained by encryption is received from the server and each user can restore the key having a fixed value by correcting an error of the value derived from the physically unclonable function.
Disclosure of Invention
However, the present invention has found the following problems. Although all of the above cryptographic methods generate a private key by using a physically unclonable function, the generated private key has a fixed value. Thus, if a quantum computer or a computer having a high computational power equivalent to that of the quantum computer is developed, it is possible that a private key composed of a fixed value can be analyzed. Therefore, it is conceivable that the security of communication by the public key cryptography method is not necessarily ensured.
Other objects and novel features will become apparent from the following description of the specification and drawings.
According to one embodiment, a communication device includes: a signal generating unit configured to output a second signal obtained by imparting an error within a predetermined range to a signal obtained based on the first signal; an error correction generating unit configured to output a third signal obtained based on the second signal and auxiliary information for correcting an error included in the second signal; a private key generation unit configured to generate a first private key based on the third signal; and an encryption calculation unit configured to output an encrypted signal obtained by encrypting the fourth signal based on the first private key.
According to another embodiment, a communication device includes: an error correction decryption unit configured to correct an error in a seventh signal obtained by giving an error within a predetermined range to a signal obtained based on the first signal, based on auxiliary information for correcting an error in a second signal, which is generated in advance by giving an error within a predetermined range to a signal obtained based on the first signal, and thereby generate an eighth signal; a private key generation unit configured to generate a fourth private key based on the eighth signal; and a decryption calculation unit configured to decrypt the encrypted signal based on the fourth private key and thereby generate a decrypted signal, the encrypted signal being generated by encrypting the fourth signal with the first private key generated based on the second signal.
According to another embodiment, a cryptographic processing system comprises a first communication device configured to encrypt a signal and a second communication device configured to decrypt the signal, wherein the first communication device comprises: a signal generating unit configured to output a second signal obtained by imparting an error within a predetermined range to a signal obtained based on the first signal; an error correction generating unit configured to output a third signal obtained based on the second signal and auxiliary information for correcting an error included in the second signal; a first private key generation unit configured to generate a first private key based on the third signal; and an encryption calculation unit configured to output an encrypted signal obtained by encrypting the fourth signal based on the first private key, and the second communication device includes: an error correction decryption unit configured to correct an error in a seventh signal, which is generated in advance by supplying the first signal to the signal generation unit, based on the auxiliary information and thereby generate an eighth signal; and a second private key generation unit configured to generate a fourth private key based on the eighth signal; and a decryption calculation unit configured to decrypt the encrypted signal based on the fourth private key and thereby generate a decrypted signal.
According to an embodiment, a cryptographic communication method using a dynamically generated private key may be provided.
Drawings
The above and other aspects, advantages and features will become more apparent from the following description of certain embodiments when taken in conjunction with the accompanying drawings in which:
fig. 1 schematically shows a configuration of a cryptographic processing system according to a first embodiment;
fig. 2 schematically shows a configuration example of a cryptographic processing system according to the first embodiment;
fig. 3 is a sequence diagram showing the exchange of signals in the cryptographic processing system according to the first embodiment;
fig. 4 schematically shows a configuration of a cryptographic processing apparatus according to a first embodiment;
fig. 5 schematically shows a configuration of a cryptographic processing apparatus according to the first embodiment;
fig. 6 schematically shows a configuration of a cryptographic processing apparatus according to the first embodiment;
fig. 7 shows a signal flow in initialization of the cryptographic processing system according to the first embodiment;
fig. 8 schematically shows a configuration of a cryptographic processing system according to a second embodiment;
fig. 9 is a sequence diagram showing the exchange of signals in the cryptographic processing system according to the second embodiment;
fig. 10 schematically shows a configuration of a cryptographic processing apparatus according to a second embodiment;
Fig. 11 schematically shows a configuration of a cryptographic processing apparatus according to a second embodiment;
fig. 12 schematically shows a configuration of a cryptographic processing system according to a third embodiment;
fig. 13 schematically shows a configuration of a cryptographic processing apparatus according to a third embodiment;
fig. 14 schematically shows a configuration of a cryptographic processing apparatus according to a third embodiment;
fig. 15 schematically shows a configuration of a cryptographic processing system according to a fourth embodiment;
fig. 16 shows a signal exchange in a cryptographic processing system according to a fourth embodiment;
fig. 17 schematically shows a configuration of a cryptographic processing system according to a fifth embodiment;
fig. 18 shows a signal exchange in a cryptographic processing system according to a fifth embodiment;
fig. 19 schematically shows a configuration of a cryptographic processing system according to a sixth embodiment;
fig. 20 shows a signal exchange in a cryptographic processing system according to a sixth embodiment;
fig. 21 schematically shows a configuration of a cryptographic processing apparatus according to a sixth embodiment;
fig. 22 schematically shows a configuration of a cryptographic processing apparatus according to a sixth embodiment;
fig. 23 schematically shows a configuration of an information acquisition system according to a seventh embodiment;
Fig. 24 schematically shows a configuration of a plant management system according to an eighth embodiment;
fig. 25 schematically shows a configuration of an information management system according to the ninth embodiment.
Detailed Description
Embodiments according to the present disclosure are described hereinafter with reference to the drawings. Throughout the drawings, the same reference numerals are assigned to the same components/structures and duplicate descriptions are omitted as appropriate.
First embodiment
A cryptographic processing system 100 according to a first embodiment is illustrated. Fig. 1 schematically shows a configuration of a cryptographic processing system 100 according to a first embodiment. The cryptographic processing system 100 includes a communication device S1 and a communication device R1. The communication device S1 includes a cryptographic processing device S10 and the communication device R1 includes a cryptographic processing device R10.
In this embodiment, first, the cryptographic processing device S10 of the communication device S1 transmits a signal X (also referred to as a first signal) to the communication device R1 through, for example, the communication network T.
In the communication device R1, when the cryptographic processing device R10 receives the signal X, the cryptographic processing device R10 outputs an encrypted signal B generated by encrypting a signal RZ (also referred to as a fourth signal) to be transmitted to the communication device S1 based on an output signal obtained by imparting an error within a predetermined range to a signal obtained based on the signal X and the random number Y. Further, the cryptographic processing apparatus R10 outputs the auxiliary information a for the decryption process performed in the cryptographic processing apparatus S10 to the communication apparatus S1.
Then, the cryptographic processing device S10 of the communication device S1 can obtain the signal SZ by decrypting the encrypted signal B based on the signal SA (also referred to as a seventh signal), the signal X, and the auxiliary information a stored in advance in the cryptographic processing device S10.
Fig. 2 schematically shows a configuration example of the cryptographic processing system 100 according to the first embodiment. In fig. 2, the communication device R1 includes a data output unit 1 and a random number generator 2 in addition to the cryptographic processing device R10. The data output unit 1 generates a signal RZ and outputs the generated signal RZ to the cryptographic processing apparatus R10. The random number generator 2 generates a random number Y and outputs the generated random number Y to the cryptographic processing apparatus R10. The communication device S1 includes a storage unit 3 (also referred to as a second storage unit) in addition to the cryptographic processing device S10. The above-described signal SA and signal X are stored in the storage unit 3 in advance. A method for storing the signal SA and the signal X in the storage unit 3 will be described later.
The configuration and operation of each part of the cryptographic processing system 100 are explained below with reference to fig. 3 to 5. Fig. 3 is a sequence diagram showing the exchange of signals in the cryptographic processing system 100 according to the first embodiment.
The cryptographic processing apparatus R10 is described with reference to fig. 3 and 4. Fig. 4 schematically shows the configuration of the cryptographic processing apparatus R10 according to the first embodiment. The cryptographic processing apparatus R10 includes a signal generation unit R11, an error correction generation unit R12, a random number extraction unit SR1, a data separation unit SR2, and an encryption calculation unit R13.
The signal generating unit R11 outputs a signal that is based on an arbitrary input signal and includes an error that varies within a predetermined range. For example, a circuit implemented in hardware may be used for the signal generating unit R11. The signal generating unit R11 may be formed, for example, as a physically unclonable function whose output signal includes a predetermined error. Alternatively, an error may be given to the output signal of the signal generating unit by using a noise source provided in the signal generating unit. As for other components included in the communication device R1, it may be implemented by a hardware implementation technique or a software implementation technique. Further, for each component included in the communication device S1 described later, it may be implemented by a hardware implementation technique or a software implementation technique.
In this embodiment, the signal generating unit R11 is implemented as a physically unclonable function unit that is a cryptographic function, and the signal generating unit R11 generates an output signal that can be generated from any input signal only by the specific electronic device (i.e., the specific physically unclonable function unit) by using a variation caused when manufacturing the device. The physical unclonable function included in the signal generation unit R11 is implemented with a circuit implemented in hardware. Fig. 5 shows a cryptographic processing device R10 in which the signal generating unit R11 is formed as a physically unclonable function. In this embodiment, the method for forming the physically unclonable function is not limited to any particular method, and various forming methods may be used, such as methods for an arbiter PUF (physically unclonable function), a ring oscillator PUF, and an SRAM (static random access memory) PUF.
In this embodiment, the signal generation unit R11 outputs a signal RA (also referred to as a second signal) based on the input signal X. The signal generating unit R11 does not always output the same output signal for the same input signal. That is, the output signal of the signal generating unit R11 includes a variation in a range where the hamming distance is equal to or smaller than a fixed value. It is assumed that the value of the signal RA, which is the output signal of the signal generating unit R11, has a sufficient length and includes a sufficient information content.
The error correction generating unit R12 receives the signal RA from the signal generating unit R11 and generates auxiliary information a for correcting an error generated due to a change in the signal RA for the same signal X. It is assumed that the error correction generating unit R12 is capable of performing at least one of error correction codes, majority calculation, high noise bit removal, and the like to generate the auxiliary information a. Further, the error correction generating unit R12 may use a combination of these algorithms. The error correction generating unit R12 outputs the auxiliary information a and the signal RB (also referred to as a third signal) for correcting errors. The error correction generation unit R12 may receive the common random number Y from the outside in addition to the signal RA from the signal generation unit R11. Note that the signals RB and RA may have the same value according to the specification of the error correction generation unit R12.
It is to be noted that, if appropriate parameters corresponding to the output characteristics of the signal generating unit R11 can be selected, various configurations of various configuration techniques for implementing error correction, such as a code shift technique using an error correction code or a syndrome technique, a blur extractor of a technique such as a cryptographic method using decryption infeasibility of a lattice vector problem, and a modification technique thereof can be used as the error correction generating unit R12.
The random number extraction unit SR1 and the data separation unit SR2 constitute a secret key generation unit SR10 (first secret key generation unit). The private key generation unit SR10 generates a private key based on the signal RB.
The random number extraction unit SR1 is a device that receives a signal RB, which is a bit string including an offset, and outputs a signal RC (also referred to as a fifth signal) having a value that is obtained by compressing information content and cannot be distinguished from a true random number. The random number extraction unit SR1 generates the signal RC by using a suitable key encryption, message authentication code, a general one-way hash function, etc.
The data separation unit SR2 separates the input signal RC into several values according to the determined specification. In this embodiment, the data separation unit SR2 separates the signal RD (also referred to as a first private key) from the signal RC, which is a private key for encrypting the signal RZ to be transmitted; and outputs the separated signal RD to the encryption calculation unit R13. It is assumed that when a part of the output needs to be a value other than the bit string, the data separation unit SR2 performs an appropriate process and outputs a value within a defined range. For example, when a part of the output needs to be smaller than the prime number p, the data separation unit SR2 may perform a calculation such as a remainder calculation using the prime number p.
The encryption calculation unit R13 encrypts the signal RZ, which is a signal to be transmitted, by using the signal RD output from the data separation unit SR2 and outputs the encrypted signal to the communication device S1 as the encrypted signal B.
Next, the cryptographic processing apparatus S10 is explained with reference to fig. 3 and 6. Fig. 6 schematically shows the configuration of the cryptographic processing apparatus S10 according to the first embodiment. The cryptographic processing apparatus S10 includes an error correction decryption unit S12, a random number extraction unit SR1, a data separation unit SR2, and a decryption calculation unit S13.
The error correction decryption unit S12 corrects errors in the input value by using the auxiliary information a and outputs a signal SB (also referred to as an eighth signal). In this example, when the error correction decryption unit S12 receives the signal SA, that is, the signal RA and the auxiliary information a of the signal generation unit R11 stored in advance, the error correction decryption unit S12 performs an error correction process by using them and outputs an error-corrected signal SB. It is assumed that in the error correction decryption unit S12, each value in the internal algorithm required for error correction is determined based on the amount of noise caused by the signal generation unit R11, the correction failure rate, the information content of the data to be processed, and the like.
It is to be noted that the error correction generating unit R12 and the error correction decrypting unit S12 described above may include various processes in addition to the error correction code, such as a majority method, and a portion that includes much noise.
It is to be noted that, if appropriate parameters corresponding to the output characteristics of the signal generation unit R11 can be selected, various configurations for implementing error correction techniques, such as those using a code offset technique of an error correction code or a syndrome technique, a fuzzy extractor of a technique such as a cryptographic method of decryption infeasibility using a lattice vector problem, and a modification technique thereof can be used as the error correction decryption unit S12.
The random number extraction unit SR1 and the data separation unit SR2 constitute a secret key generation unit SR20 (second secret key generation unit). The private key generation unit SR20 generates a private key based on the signal SB. The random number extraction unit SR1 and the data separation unit SR2 are similar to those of the cryptographic processing apparatus R10.
In the cryptographic processing apparatus S10, the random number extraction unit SR1 outputs a signal SC having a value that is obtained by compressing the information content of the signal SB and that cannot be distinguished from a true random number. The data separation unit SR2 separates the signal SC into several values according to the determined specification. In this embodiment, the data separation unit SR2 separates a signal SD (also referred to as a fourth private key) from the signal SC, which is a private key required for a process for decrypting the encrypted signal B, and outputs the separated signal SD to the decryption calculation unit S13. The decryption calculation unit S13 decrypts the received encrypted signal B by using the signal SD of the data separation unit SR2 and outputs the decrypted signal as the signal SZ.
The length of each of the above signals is then checked. In order to ensure the security of cryptographic communication between communication devices, restrictions described below are given to the lengths of bit strings of the respective signals.
[ Signal RA ]
For the length of the bit string of the signal RA, it is assumed that the value obtained by subtracting the leakage of the partial information content caused by the auxiliary information a from the information content of the signal RA is much larger than the length of the signal RB.
[ Signal RB ]
For the length of the bit string of the signal RB, it is assumed that the information content of the signal RB is much larger than the length of the bit string of the signal RC. Further, it is assumed that when the signals RC generated by executing the cryptographic processing apparatus R10 a plurality of times are compared with each other, the signals RB include a variation evaluated as an independent random number.
[ Signal RD and Signal SD ]
It is assumed that the length of the bit string of the signal RD input to the encryption calculation unit R13 and the signal SD input to the decryption calculation unit S13 is longer than the bit string of the signal RZ as the signal to be transmitted.
[ Signal X ]
It is assumed that the length of the bit string for the signal X is given a length sufficient to obtain the signal RA output from the signal generating unit R11.
[ prime number p ]
It is assumed that the length of the bit string of prime number p is given based on criteria that ensure the security and integrity of the data. For example, the length of prime number p is preferably 256 bits or more.
Then, the security of the cryptographic communication in this configuration is checked. When the cryptographic communication between the communication apparatuses R1 and S1 has been correctly performed and the noise in the signal RA output from the signal generation unit R11 has been correctly corrected by the error correction decryption unit S12, the signal SA having a fixed value stored in the communication apparatus S1 is correctly corrected to the signal RA.
In this case, the signal SD in the communication device S1 becomes the same as the signal RD in the communication device R1. Thus, the signal SZ in the communication device S1 becomes the same as the signal RZ in the communication device R1.
Whenever the signal X is input, a value including noise is output as the signal RA from the signal generating unit R11 of the communication device R1. Therefore, when the bit string of the signal RA is sufficiently long, the signal RA generated at a defined point in time is different from the signal RA generated earlier than that point in time. Further, assuming that the signal RA output at each point in time includes sufficient entropy, the signal RC output from the random number extraction unit SR1 of the communication device R1 becomes a cryptographically secure random number. Thus, the signal RD can be used as a one-time unpredictable private key.
As explained so far, in this configuration, a physically unclonable function is used as a technique of dynamically generating a private key for encryption and decryption. Typically, a physically unclonable function is used for deriving a private key with a fixed value. In contrast, in this configuration, it is assumed that the output signal of the signal generating unit formed as a physically unclonable function includes different noises every time the signal X is input as a fixed input value. By outputting independent random numbers using noise sources in this way, different private keys are generated. Accordingly, in this configuration, since a private key that is not a fixed value can be used because of an erroneous change included in the signal RA, highly secure data transmission can be performed as compared with data transmission using a fixed key.
Currently, quantum computers are actively studied and many research institutions are proposing new proposals. Further, quantum computers capable of specific computation have been marketed. Meanwhile, it has been demonstrated that key ciphers such as existing AES and public key ciphers can be easily broken based on the difficulty of prime factorization or discrete logarithm problem if a quantum computer is present. Therefore, development of cryptographic techniques suitable for quantum computers is considered to be essential for ensuring future semiconductor industries.
As for public key cryptography, various achievements have been published in recent years. However, there are also many problems concerning the calculation time and implementation scale, and therefore, it is expected that it is difficult to install it in a semiconductor device in view of cost in many cases. In contrast, the key cryptography method using a physically unclonable function according to the configuration can sufficiently reduce the calculation time and implementation cost.
Further, when using conventional cryptographic techniques, it is necessary to securely retain the private key. However, it is possible to pick out the private key using a technique of physically copying information stored in the nonvolatile memory by using a reverse engineering technique or the like. In contrast, in this configuration, since a physically unclonable function is used, it is not necessary to store secret information in a nonvolatile memory within the device, specifically within the communication device R1. It will thus be appreciated that this configuration has a high security attribute, since the risk that the private key may be stolen can be avoided. Further, since the secret information is not stored in the communication device that transmits the encrypted signal, even when the communication device that transmits the encrypted signal is identified, the secret information can be prevented from being leaked.
The initialization method for the signal SA and the signal X stored in the storage unit 3 of the communication device S1 will be described hereinafter. Fig. 7 shows a signal flow in initialization of the cryptographic processing system 100 according to the first embodiment. This initialization is performed in an environment where no outsiders are monitoring the process.
First, the communication device S1 generates a random number by, for example, a random number generator (not shown) and outputs the generated random number as a signal X to the communication device S1. Further, the communication device S1 outputs an arbitrary prime number p to the communication device R1. The communication device R1 stores the prime number p in a storage unit (not shown). The prime number p is used as needed in the process performed by the communication devices R1 and S1. Note that the figure referred to in this description omits illustration of the prime number p.
The communication device R1 supplies the signal X to the signal generation unit R11 and outputs a signal RA, which is an output of the signal generation unit R11, to the communication device S1. The communication device S1 replaces the signal SA with the received signal RA. Then, the communication device S1 stores the updated signal SA, signal X, and prime number p in the storage unit 3.
As explained above, the signal SA and the signal X are defined by initialization. After the initialization is completed, the above-described secure data communication may be performed.
Second embodiment
A cryptographic processing system 200 according to a second embodiment is illustrated. Fig. 8 schematically shows a configuration of a cryptographic processing system 200 according to the second embodiment. The cryptographic processing system 200 according to the second embodiment has a configuration obtained by replacing the communication devices R1 and S1 of the cryptographic processing system 100 according to the first embodiment with the communication devices R2 and S2, respectively. The communication device R2 has a configuration obtained by replacing the cryptographic processing device R10 of the communication device R1 with the cryptographic processing device R20. The communication device S2 has a configuration obtained by replacing the cryptographic processing device S10 of the communication device S1 with the cryptographic processing device S20.
The configuration and operation of each part of the cryptographic processing system 200 are explained below with reference to fig. 9 to 11. Fig. 9 is a sequence diagram showing the exchange of signals in the cryptographic processing system 200 according to the second embodiment.
The cryptographic processing apparatus R20 is described with reference to fig. 9 and 10. Fig. 10 schematically shows the configuration of the cryptographic processing apparatus R20 according to the second embodiment. The cryptographic processing apparatus R20 has a configuration obtained by adding the multiplier SR3 and the adder SR4 in the cryptographic processing apparatus R10.
The multiplier SR3 and the adder SR4 constitute an authentication information generation unit SR30. The authentication information generation unit SR30 generates authentication information C based on the encrypted signal B (signal RG) and a private key different from the signal RD.
In this embodiment, the data separation unit SR2 of the cryptographic processing apparatus R20 separates the input signal RC into the signal RD, the signal RE (also referred to as the second private key), and the signal RF (also referred to as the third private key). Signals RD, RE, and RF are output to the encryption calculation unit R13, the multiplier SR3, and the adder SR4, respectively.
The multiplier SR3 multiplies the signal RG (i.e., the encrypted signal B) output from the encryption calculation unit R13 by the signal RE supplied by the data separation unit SR2 and outputs a value obtained from the multiplication result to the adder SR4 as a signal RH (also referred to as a sixth signal). Note that in this embodiment, it is assumed that the multiplier SR3 divides the multiplication result of the signals RG and RE by the prime number p and outputs the remainder of the division as the signal RH.
The adder SR4 adds the signal RH output from the multiplier SR3 to the signal RF supplied by the data separation unit SR2 and outputs a value obtained from the addition result to the cryptographic processing device S20 of the communication device S2 as authentication information C. Note that, in this embodiment, it is assumed that the adder SR4 divides the addition result of the signals RH and RF by the prime number p and outputs the remainder of the division as authentication information C.
Next, the cryptographic processing apparatus S20 is explained with reference to fig. 9 and 11. Fig. 11 schematically shows the configuration of the cryptographic processing apparatus S20 according to the second embodiment. The cryptographic processing apparatus S20 has a configuration obtained by adding the multiplier SR3, the adder SR4, and the comparison unit S14 in the cryptographic processing apparatus S10.
The multiplier SR3 and the adder SR4 constitute a comparison signal generating unit SR40. The comparison signal generation unit SR40 generates the comparison signal SI based on the encrypted signal B and a private key different from the signal SD. Note that the multiplier SR3 and the adder SR4 have similar configurations to those of the cryptographic processing apparatus R20.
In this embodiment, the data separation unit SR2 of the cryptographic processing apparatus S20 separates the input signal SC (also referred to as a ninth signal) into a signal SD, a signal SE (also referred to as a fifth private key), and a signal SF (also referred to as a sixth private key), which are all private keys. Signals SD, SE, and SF are output to the decryption calculation unit S13, the multiplier SR3, and the adder SR4, respectively.
The multiplier SR3 of the cryptographic processing apparatus S20 multiplies the encrypted signal B output from the cryptographic processing apparatus R20 by the signal SE supplied by the data separation unit SR2 and outputs a value obtained from the multiplication result to the adder SR4 as a signal SH (also referred to as a tenth signal). Note that, in this embodiment, it is assumed that the multiplier SR3 divides the multiplication result of the encrypted signal B and the signal SE by the prime number p and outputs the remainder of the division as the signal SH. That is, the signal SH becomes the same signal as the signal RH in the cryptographic processing apparatus R20.
The adder SR4 of the cryptographic processing apparatus S20 adds the signal SH output from the multiplier SR3 of the cryptographic processing apparatus S20 to the signal SF supplied by the data separation unit SR2 and outputs a value obtained from the addition result to the comparison unit S14 as the comparison signal SI. Note that, in this embodiment, it is assumed that the adder SR4 divides the addition result of the signals SH and SF by the prime number p and outputs the remainder of the division as the comparison signal SI.
The comparing unit S14 compares the authentication information C output from the cryptographic processing apparatus R20 with the comparison signal SI and outputs the comparison result to the decryption computing unit S13 as a signal SJ.
Based on the signal SJ, when the authentication information C matches the comparison signal SI, the decryption calculation unit S13 decrypts the encrypted signal B into the signal SZ by using the signal SD. When the authentication information C is different from the comparison signal SI, the decryption calculation unit S13 stops decrypting the encrypted signal B by using the signal SD. In this way, after having confirmed that the encrypted signal B has not been tampered with using the authentication information C, the communication device S2 can perform a decryption process.
The security of the cryptographic communication in this configuration is checked. When the cryptographic communication between the communication devices R2 and S2 has been correctly performed and the noise in the signal RA output from the signal generation unit R11 has been correctly corrected by the error correction decryption unit S12, the signal SA having a fixed value stored in the communication device S2 is correctly corrected to the signal RA.
In this case, signals SD, SE, and SF in communication device S2 are the same as signals RD, RE, and RF in communication device R2, respectively. Therefore, the signal SZ in the communication device S2 is the same as the signal RZ in the communication device R2.
The length of each of the above signals is then checked. In order to ensure the security of cryptographic communication between communication devices, the following restrictions other than those described in the first embodiment are applied to the lengths of bit strings of the respective signals.
[ Signal RE and Signal SE ]
Assume that signals RE and SE input to multiplier SR3 have values smaller than prime number p. This is because when the data separating unit SR2 separates the signals RC and SC supplied thereto into three signals, it can operate division by performing remainder calculation using the prime number p.
[ Signal RF and Signal SF ]
It is assumed that the signals RF and SF input to the adder SR4 have values smaller than the prime number p. This is because when the data separating unit SR2 separates the signals RC and SC supplied thereto into three signals, it can operate division by performing remainder calculation using the prime number p.
[ encryption Signal B and Signal RG ]
It is assumed that the encrypted signal B and the signal RG input to the multiplier SR3 have values smaller than the prime number p. This is because when the length of the bit string of the signal RZ is 1 bit shorter than the prime number p and the signal RG is equal to or greater than the prime number p, it can be operated by inverting the most significant bit of the signal RG. Alternatively, it may operate by regenerating the signal RA output from the signal generating unit R11 until the signal RG becomes smaller than the prime number p, or by regenerating the signal RD by a separation method which tries to be performed by the data separating unit SR 2.
As described so far, in this configuration, authentication information C is used to determine the authenticity of the received data. In this way, it can be determined whether the received encrypted signal B is transmitted from a legitimate transmission source. Such authentication methods have been considered as cryptographic techniques that are secure from the information theory. However, there is a limitation in that the private key to be used can be used only once to ensure security. Therefore, when a private key having a fixed value is used and data authentication using authentication information is used, security in terms of information theory cannot be ensured.
In contrast, in this configuration, the signals SD, SE and SF can be operated as one-time unpredictable private keys by using variations in the output of the physically unclonable function. That is, a different private key may be used each time encryption is performed. Thus, the above-described limitations related to data authentication can be overcome and cryptographic techniques with security ensured from the theory of information can be applied.
Third embodiment
A cryptographic processing system 300 according to a third embodiment is illustrated. Fig. 12 schematically shows a configuration of a cryptographic processing system 300 according to the third embodiment. The cryptographic processing system 300 according to the third embodiment has a configuration obtained by replacing the communication devices R1 and S1 of the cryptographic processing system 100 according to the first embodiment with the communication devices R3 and S3, respectively. The communication device R3 has a configuration obtained by replacing the cryptographic processing device R10 of the communication device R1 with the cryptographic processing device R30. The communication device S3 has a configuration obtained by replacing the cryptographic processing device S10 of the communication device S1 with the cryptographic processing device S30.
The cryptographic processing apparatus R30 is illustrated. Fig. 13 schematically shows a configuration of a cryptographic processing apparatus R30 according to the third embodiment. The cryptographic processing apparatus R30 uses an exclusive or (XOR) calculation unit as the encryption calculation unit R13. The remaining configuration of the cryptographic processing apparatus R30 is similar to that of the cryptographic processing apparatus R10, and thus a description thereof is omitted.
The encryption calculation unit R13 formed by the XOR calculation unit outputs the XOR of the signal RD output from the data separation unit SR2 and the signal RZ as the signal to be transmitted to the communication device S3 as the encrypted signal B (i.e., as the signal RG).
The cryptographic processing apparatus S30 is illustrated. Fig. 14 schematically shows the configuration of a cryptographic processing apparatus S30 according to the third embodiment. The cryptographic processing apparatus S30 uses an exclusive or (XOR) calculation unit as the decryption calculation unit S13. The remaining configuration of the cryptographic processing apparatus S30 is similar to that of the cryptographic processing apparatus S10, and therefore the description thereof is omitted.
The decryption calculation unit S13 formed by the XOR calculation unit decrypts the encrypted signal B by calculating the XOR of the signal SD output from the data separation unit SR2 and the encrypted signal B, and outputs the decrypted signal as the signal SZ.
In this embodiment, the encryption calculation unit R13 of the cryptographic processing apparatus R30 and the decryption calculation unit S13 of the cryptographic processing apparatus S30 may be formed by using XOR calculation units having the same configuration.
As explained so far, in this configuration, the exclusive or calculation is performed when the data is encrypted. The generation of passwords by exclusive or calculation has been regarded as an encryption technique that is secure from the theory of information. However, there is a limitation in that the private key to be used can be used only once to ensure security. Therefore, when a private key having a fixed value is used and exclusive-or calculation is used, security in terms of information theory cannot be ensured.
In contrast, in this configuration, the signals SD, SE and SF can be treated as one-time unpredictable private keys by using the variations in the output of the physically unclonable function. That is, a different private key may be used each time encryption is performed. Thus, the limitation concerning the password generation using exclusive-or calculation can be overcome and a password technique with security ensured from the information theory can be applied.
Fourth embodiment
A cryptographic processing system 400 according to a fourth embodiment is illustrated. Fig. 15 schematically shows a configuration of a cryptographic processing system 400 according to the fourth embodiment. The cryptographic processing system 400 according to the fourth embodiment has a configuration obtained by replacing the communication device R2 of the cryptographic processing system 200 with the communication device R4.
Fig. 16 shows the exchange of signals in a cryptographic processing system 400 according to a fourth embodiment. In the cryptographic processing system 200, a signal X is transmitted from the communication device S2 to the communication device R2. In contrast, the cryptographic processing system 400 has a configuration different from that of the cryptographic processing system 200, except that the signal X is not transmitted from the communication device S2 to the communication device R4. In contrast, the communication device R4 stores the signal X in advance.
Communication device R4 is illustrated. The communication device R4 has a configuration obtained by adding a storage unit 4 (also referred to as a first storage unit) in the communication device R2. The signal X is stored in the storage unit 4 in advance. The signal X is supplied to the signal generating unit R11 of the cryptographic processing apparatus R20 as needed. In this way, the communication device R4 can perform operations similar to those of the communication device R2.
According to this configuration, the communication device R4 can continue the process required for the cryptographic communication at any time without waiting for the transmission of the signal X from the communication device S1. Therefore, for communication between communication apparatuses in which a communication delay occurs, it is preferable to use the communication apparatus R4 according to the embodiment than to use the communication apparatus R2 according to the second embodiment.
Fifth embodiment
A cryptographic processing system 500 according to a fifth embodiment is illustrated. Fig. 17 schematically shows a configuration of a cryptographic processing system 500 according to the fifth embodiment. The cryptographic processing system 500 according to the fifth embodiment has a configuration obtained by replacing the communication device S2 of the cryptographic processing system 200 with the communication device S5. The communication device S5 has a configuration obtained by adding the random number generator 5 in the communication device S2.
Fig. 18 shows the exchange of signals in a cryptographic processing system 500 according to a fifth embodiment. In the cryptographic processing system 500, the communication device S5 outputs the signal X to the communication device R2 similarly to the communication device S2. Further, the communication device S5 outputs the random number generated by the random number generator 5 to the communication device R2 as a signal RZ.
In this embodiment, the signal RZ is input to the multiplier SR3 bypassing (i.e., not passing through) the encryption calculation unit R13. Since the signal RZ is not input to the encryption calculation unit R13, the communication device R2 does not output the encrypted signal B. However, similar to the second embodiment, the communication device R2 outputs the assistance information a and the authentication information C to the communication device S5.
In this embodiment, the signal RZ is supplied from the random number generator 5 to the multiplier SR3 of the communication device S5. The comparing unit S14 compares the comparison signal SI generated based on the signal RZ with the authentication information C and outputs the comparison result as a signal SJ.
According to this configuration, when the authentication information C matches with the comparison signal SI generated based on the signal RZ, it can be ensured that the communication device R2, which has generated the authentication information C, is legitimate as an entity with which the communication device S5 performs cryptographic communication.
That is, when the noise of the physical unclonable function is sufficiently small and properly eliminated by the error correction decryption unit S12, and the communication between the communication devices is not tampered, the communication device S5 can properly authenticate the communication device R2. It is to be noted that it is understood that the probability of authentication success in the cases other than the aforementioned case is exponentially decreased according to the lengths of the auxiliary information a and the authentication information C.
Sixth embodiment
A cryptographic processing system 600 according to a sixth embodiment is illustrated. Fig. 19 schematically shows a configuration of a cryptographic processing system 600 according to the sixth embodiment. The cryptographic processing system 600 is a modified example of the cryptographic processing system 400 and has a configuration obtained by replacing the communication devices S2 and R4 of the cryptographic processing system 400 with the communication devices S6 and R6, respectively.
The communication device R6 has a configuration obtained by replacing the cryptographic processing device R20 of the communication device R4 with the cryptographic processing device R60 and adding the storage unit 4 storing the signal X as in the case of the cryptographic processing system 400 according to the fourth embodiment. In this way, in the cryptographic processing system 600, similarly to the cryptographic processing system 400, the signal X is not transmitted from the communication device S6 to the communication device R6, but is stored in advance in the storage unit 4 in the communication device R6. Thus, the signal X is supplied from the storage unit 4 to the cryptographic processing apparatus R60. The memory unit 4 is similar to the memory unit in the cryptographic processing system 400.
The communication device S6 has a configuration obtained by replacing the cryptographic processing device S20 of the communication device S2 with the cryptographic processing device S60. Further, unlike the first to fifth embodiments, the signal SA is not stored in the communication device S6.
The configuration and operation of each portion of the cryptographic processing system 600 is described below. Fig. 20 shows a signal exchange in a cryptographic processing system 600 according to a sixth embodiment. Fig. 21 schematically shows a configuration of a cryptographic processing apparatus R60 according to the sixth embodiment. Unlike the cryptographic processing device R20, the cryptographic processing device R60 has a configuration in which the signal generating unit is not formed as a Physically Unclonable Function (PUF) unit but includes a noise generating unit.
The signal generation unit R61 of the cryptographic processing apparatus R60 includes a noise generation unit R62 and an XOR circuit R63. The noise generation unit R62 generates noise RN varying within a predetermined range and supplies the generated noise RN to the XOR circuit R63. As described above, the signal X is stored in the memory unit 4 in advance and supplied from the memory unit 4 to the XOR circuit R63.
The XOR circuit R63 outputs an exclusive or of the input signal X and the noise RN as a signal RA, which is an output signal. Note that in the signal generating unit R61, the same output signal is not always output for the same input signal. That is, the noise RN is generated by the noise generation unit R62 so that the output signal changes within a range where the hamming distance is equal to or smaller than a fixed value. In this way, the signal generating unit R61 can realize a similar behavior to that of the signal generating unit using the physical unclonable function as in the case of the first to fifth embodiments and can output a signal RA similar to that output by the signal generating unit using the physical unclonable function.
Preferably, the noise generation unit R62 is configured such that a physical unclonable function is generated and usedNoise (error) corresponding to the generated noise. For example, at signal SA 2 256 In the case of noise generation at such a level of variation in possibility, when the probability of occurrence of noise is 1%, the necessary length of the signal X is 3,300 bits. Further, when the probability of occurrence of noise is 10%, the necessary length of the signal X is 560 bits. If the generated noise is unpredictable, the noise generation unit R62 may be formed by using any noise source that can be implemented by hardware or software, such as a noise generation unit using thermal noise and TRNG (true random number generator).
The signal RA, which is an exclusive or of the signal X and the noise RN, is input to the error correction generating unit R12. Similar to the above-described embodiment, the error correction generation unit R12 generates the auxiliary information a for correcting an error generated due to a change in the signal RA for the same signal X and outputs the generated auxiliary information a and signal RB (also referred to as a third signal). The error correction generation unit R12 may receive the common random number Y from the outside in addition to the signal RA from the signal generation unit R61. Note that the signals RB and RA may have the same value according to the specification of the error correction generation unit R12.
The remaining configuration and operation of the cryptographic processing apparatus R60 are similar to those of the cryptographic processing apparatus R10, and thus a description thereof is omitted.
Next, the cryptographic processing apparatus S60 is explained. Fig. 22 schematically shows the configuration of a cryptographic processing apparatus S60 according to the sixth embodiment. In the cryptographic processing apparatus S60, unlike the first to fifth embodiments, the signal X is supplied from the storage unit 3 to the error correction decryption unit S12 instead of the signal SA. The error correction decryption unit S12 may restore the signal RA, which is an exclusive or of the signal X and the noise RN, by using the signal X and the auxiliary information a. Then, the signal SB may be output based on the restored signal RA. Note that, similarly to the above-described embodiment, when the signal RA is correctly restored, the signal SB becomes the same signal as the signal RB. The remaining configuration and operation of the cryptographic processing apparatus S60 are similar to those of the cryptographic processing apparatus S10, and thus a description thereof is omitted.
According to this configuration, the communication device R6 can continue the process necessary for the cryptographic communication at any time without waiting for the transmission of the signal X from the communication device S6. Therefore, the cryptographic processing system 600 according to this embodiment is preferably used for communication between communication devices between which a communication delay occurs. Further, even when it is very difficult to implement a physically unclonable function unit, a comparable cryptographic processing system can be formed.
Seventh embodiment
An information acquisition system 700 according to a seventh embodiment is described. The information acquisition system 700 is an example of a system to which the cryptographic processing system 200 according to the above-described second embodiment is applied and which is formed as a system for securely acquiring information from the respective sensors. Fig. 23 schematically shows a configuration of an information acquisition system 700 according to a seventh embodiment. The information acquisition system 700 includes a server 701, a temperature sensor 702, and a seismic intensity sensor 703.
The server 701 has a configuration similar to that of the communication device S2 of the cryptographic processing system 200. The server 701 may be, for example, a server managed by a user who owns the server 701.
Each of the temperature sensor 702 and the seismic intensity sensor 703 has a configuration similar to that of the communication device R2 of the cryptographic processing system 200. The temperature sensor 702 and the seismic intensity sensor 703 may be installed in equipment owned by the user and may be incorporated into a semiconductor device.
In this embodiment, the server 701 outputs a signal X1 to the temperature sensor 702. The temperature sensor 702 receives the signal X1 and the random number Y1, generates a private key based on the signal X1, encrypts the signal RZ1 indicating temperature information, and outputs the auxiliary information A1, the encrypted signal B1, and the authentication information C1 to the server 701. The server 701 performs a decryption process based on the auxiliary information A1, the encrypted signal B1, and the authentication information C1, and by doing so, can obtain the same signal SZ1 as the signal RZ1 indicating the temperature information.
Further, in this embodiment, the server 701 outputs a signal X2 to the seismic intensity sensor 703. The seismic intensity sensor 703 receives the signal X2 and the random number Y2, generates a private key based on the signal X2, encrypts the signal RZ2 indicating the seismic intensity information, and outputs the auxiliary information A2, the encrypted signal B2, and the authentication information C2 to the server 701. The server 701 performs a decryption process based on the auxiliary information A2, the encrypted signal B2, and the authentication information C2, and by doing so, can obtain the same signal SZ2 as the signal RZ2 indicating the seismic intensity information.
As described above, according to this configuration, a system capable of securely transmitting data acquired by each sensor can be constructed. This is particularly advantageous for security, for example, when the temperature sensor 702 and the seismic intensity sensor 703 are installed in an internet of things (IoT) device. Further, the server 701 can provide any cloud service using data collected from each sensor. Regarding the interface through the external input/output device, any communication method such as wired LAN, wiFi (registered trademark), bluetooth (registered trademark), and ZigBee (registered trademark) may be applied.
Eighth embodiment
A plant management system 800 according to an eighth embodiment is described. The factory management system 800 is an example to which the cryptographic processing system 400 according to the fourth embodiment described above is applied. Fig. 24 schematically shows a configuration of a plant management system 800 according to an eighth embodiment. The factory management system 800 includes a centralized management equipment 801 and a semiconductor device 802.
The centralized management device 801 has a configuration similar to that of the communication device R4 of the cryptographic processing system 400. The semiconductor apparatus 802 has a configuration similar to that of the communication device S2 of the cryptographic processing system 400. The semiconductor device 802 is a terminal that receives instruction commands from the centralized management apparatus 801 and executes arbitrary functions. The centralized management apparatus 801 may be a centralized management apparatus managed by a user and the semiconductor device 802 may be a semiconductor device installed in an apparatus in a user factory.
In this embodiment, when the centralized management apparatus 801 causes the semiconductor device 802 to execute a certain function, it generates a private key based on the signal X and the random number Y, encrypts the signal RZ indicating the instruction command, and outputs the auxiliary information a, the encrypted message B, and the authentication information C to the semiconductor device 802. Note that, like the communication device R4, the centralized management device 801 can automatically (or autonomously) transmit data at fixed intervals without waiting for a response from other devices.
The semiconductor device 802 performs a decryption process based on the auxiliary information a, the encrypted message B, and the authentication information C, and by doing so can obtain the same signal SZ as the signal RZ indicating the instruction command. In the semiconductor device 802, for example, a signal SZ is input to a control unit (not shown) and it performs a function indicated by the signal SZ. Note that the semiconductor device 802 performs authentication by using the authentication information C. Then, when authentication fails, the semiconductor device 802 does not perform a decryption process. Therefore, when the transferred data has been changed and the semiconductor device 802 has received an unintended instruction command, the instruction command is not executed.
In this embodiment, since the authenticity of the received command can be determined by authentication, the level of requirement for the security of the communication path between the centralized management apparatus 801 and the semiconductor device 802 can be relaxed. Thus, for example, transmission of an encryption instruction command from the centralized management apparatus 801 to the semiconductor device 802 may be performed through, for example, the internet.
Ninth embodiment
An information management system 900 according to a ninth embodiment is explained. The information management system 900 is an example to which the cryptographic processing system 500 according to the fifth embodiment described above is applied. Fig. 25 schematically shows a configuration of an information management system 900 according to the ninth embodiment. The information management system 900 includes a database server 901 and a communication device 902.
In this example, assume that communication device 902 is any communication device attached to an item, i.e., an RFID tag, for example. The communication device 902 has a configuration similar to that of the communication device R2 of the cryptographic processing system 500. The database server 901 is configured to manage each item to which the communication device 902 is attached, for example. The database server 901 has a configuration similar to that of the communication device S5 of the cryptographic processing system 500.
The database server 901 transmits the signal X and the signal RZ to the communication device 902 at any time through, for example, the internet.
The communication device 902 generates a private key based on the signal X and the random number Y, encrypts the received signal RZ1, and sends the auxiliary information a and the authentication information C back to the database server 901. The database server 901 performs authentication of the communication device 902 by using the authentication information C and can determine whether the communication device 902 is a legitimate device to be managed.
According to this configuration, even if a foreign person other than the user of the information management system 900 attaches an illegal communication device, that is, a replica of the communication device 902, to another article, the output signals of the physically unclonable function units in the communication device are different because the physically unclonable function units cannot be copied first. Thus, an illegitimate communication device is never authenticated as a legitimate communication device. Further, even if the data transferred between the database server 901 and the communication device 902 is analyzed, the output from the data separation unit cannot be estimated with a meaningful probability because, as explained in the above-described embodiment, a password that is secure from the information theory is used. Thus, according to this embodiment, a secure method/management capable of determining the authenticity of a communication device incorporating an IoT device or the like can be implemented.
OTHER EMBODIMENTS
It is to be noted that the present disclosure is not limited to the above-described embodiments, and that these embodiments may be modified as necessary without departing from the spirit and scope of the present disclosure. For example, similar to the cryptographic processing system 400 according to the fourth embodiment, each of the cryptographic processing systems according to the first to third embodiments and the fifth embodiment may be modified such that the communication device R1 includes a storage unit storing the signal X, and the communication device R1 is capable of performing cryptographic processing without receiving the signal X from the communication device S1.
The above-described embodiments are described on the assumption that a communication device (e.g., communication device R1) that performs an encryption process is separated from a communication device (e.g., communication device S1) that performs a decryption process. However, they may be configured so that one communication device performs both the encryption process and the decryption process.
For example, the cryptographic processing device R10 of the communication device R1 may additionally include an error correction decryption unit S12 and a decryption calculation unit S13 of the cryptographic processing device S10 of the communication device S1. In this case, the random number extraction unit SR1 and the data separation unit SR2 may be used for both the encryption process and the decryption process.
Further, for example, the cryptographic processing device R20 of the communication device R2 may additionally include an error correction decryption unit S12, a decryption calculation unit S13, and a comparison unit S14 of the cryptographic processing device S20 of the communication device S2. In this case, the random number extraction unit SR1, the data separation unit SR2, the multiplier SR3, and the adder SR4 may be used for both the encryption process and the decryption process.
In the third embodiment, it is assumed that the signal RZ to be transmitted is represented by a bit string and the encryption process and the decryption process are performed by using an XOR circuit. However, when the signal RZ can be handled as an integer value equal to or smaller than the prime number p, the encryption calculation unit R13 and the decryption calculation unit S13 may be replaced with an adder and a subtractor, respectively. In this case, the encrypted signal B becomes the addition result of the signals RZ and RD, and the signal SZ becomes a value obtained by subtracting the signal SD from the encrypted signal B. It is assumed that each of these adders and subtractors outputs a remainder of dividing the calculation result by the prime number p. Further, it is assumed that each of the signals RD and SD is an integer value equal to or smaller than the prime number p.
In the above-described embodiment, it is necessary to invert the most significant bit according to whether the encrypted signal B is smaller than the integer p. However, by using the above configuration, all the calculations can be handled as the calculation of an integer equal to or smaller than the prime number p.
Similar to the cryptographic processing system 600 according to the sixth embodiment, in the cryptographic processing systems according to the first to third embodiments and the fifth embodiment, it is needless to say that the cryptographic processing system may be constructed without forming the signal generating unit as a physically unclonable function unit and without using the signal SA by replacing the signal generating unit R11 with the signal generating unit R61 and adding the storage unit 4 storing the signal X.
In the seventh embodiment, a temperature sensor and a seismic intensity sensor are described. However, the server may perform cryptographic communication with one device, or with three or more devices. Although an example using one semiconductor device is described in the eighth embodiment, the number of semiconductor devices may be greater than 1. Although an example using one RFID tag is described in the ninth embodiment, the number of communication devices such as RFID tags may be greater than 1. Further, it is needless to say that even in the cryptographic processing systems according to the fourth to ninth embodiments, XOR circuits may be used for the encryption calculation unit and the decryption calculation unit.
The present disclosure made by the inventors of the present application has been described above in a specific manner based on the respective embodiments. However, the present disclosure is not limited to the above-described embodiments, and it is needless to say that various modifications may be made without departing from the spirit and scope of the present disclosure.
The above-described cryptographic processing system, communication device, and cryptographic processing method performed by the same described in the respective embodiments may be described as follows.
(supplementary notes 1)
A communication apparatus, comprising: a signal generating unit configured to output a second signal obtained by imparting an error within a predetermined range to a signal obtained based on the first signal; an error correction generating unit configured to output a third signal obtained based on the second signal and auxiliary information for correcting an error included in the second signal; a private key generation unit configured to generate a first private key based on the third signal; and an encryption calculation unit configured to output an encrypted signal obtained by encrypting the fourth signal based on the first private key.
(supplementary notes 2)
The communication device described in supplementary note 1, wherein the private key generation unit includes: a random number extraction unit configured to generate a fifth signal from the third signal, the fifth signal having a value indistinguishable from a true random number; and a data separation unit configured to separate the first private key from the fifth signal and output the separated first private key.
(supplementary notes 3)
The communication device described in supplementary note 2, further comprising an authentication information generation unit configured to generate authentication information based on a private key different from the first private key and an encrypted signal and output the generated authentication information, wherein the data separation unit separates the private key used by the authentication information generation unit from the fifth signal and outputs the separated private key.
(supplementary notes 4)
The communication device described in supplementary note 3, wherein the data separation unit separates the second and third private keys from the fifth signal and outputs the separated second and third private keys, and the authentication information generation unit includes: a multiplier configured to generate a sixth signal by multiplying the encrypted signal by the second private key; and an adder configured to generate authentication information by adding the third private key to the sixth signal.
(supplementary notes 5)
The communication apparatus described in supplementary note 1, wherein the encryption calculation unit outputs an exclusive or of the fourth signal and the first private key as the encryption signal.
(supplementary notes 6)
The communication device described in supplementary note 1, wherein the first signal is input to the signal generating unit from outside the communication device.
(supplementary notes 7)
The communication device described in supplementary note 1, the communication device further includes a storage unit that stores the first signal, wherein the first signal is input from the storage unit to the signal generating unit.
(supplementary notes 8)
The communication device described in supplementary note 4, wherein when the fourth signal is input to the multiplier, the multiplier generates a sixth signal by multiplying the fourth signal by the second private key, and the adder generates authentication information by adding the third private key to the sixth signal.
(supplementary notes 9)
The communication device described in supplementary note 4, the communication device further comprising: an error correction decryption unit configured to: upon receiving the auxiliary information and the encrypted signal from another communication device having the same configuration as the communication device, generating an eighth signal by correcting an error in a seventh signal generated in advance by supplying the first signal to a signal generating unit of the other communication device based on the auxiliary information received from the other communication device; and a decryption calculation unit configured to generate a decrypted signal by decrypting the encrypted signal received from the other communication device, wherein the private key generation unit generates a fourth private key based on the eighth signal, and the decryption calculation unit generates the decrypted signal by decrypting the encrypted signal received from the other communication device based on the fourth private key.
(supplementary notes 10)
The communication apparatus described in supplementary note 9, wherein the random number extraction unit generates a ninth signal having a value indistinguishable from a true random number from an eighth signal, and the data separation unit separates the fourth private key from the ninth signal and outputs the separated fourth private key.
(supplementary notes 11)
The communication device described in supplementary note 10, wherein the data separation unit separates fifth and sixth private keys from the ninth signal and outputs the separated fifth and sixth private keys, the multiplier generates a tenth signal by multiplying an encrypted signal received from another communication device by the fifth private key, and the adder generates a comparison signal by adding the sixth private key to the tenth signal.
(supplementary notes 12)
The communication device described in supplementary note 11, the communication device further comprising a comparing unit configured to compare authentication information received from the other communication device with a comparison signal, wherein the decryption computing unit generates a decryption signal when the comparison signal matches the authentication information received from the other communication device in the comparing unit.
(supplementary notes 13)
The communication apparatus described in supplementary note 9, wherein the decryption calculation unit outputs an exclusive or of the encrypted signal received from the other communication apparatus and the fourth private key as the decryption signal.
(supplementary notes 14)
The communication device described in supplementary note 9, wherein the first signal is input from another communication device.
(supplementary notes 15)
The communication apparatus described in supplementary note 1, wherein the signal generating unit generates the second signal by supplying the first signal to the physically unclonable function and thereby giving an error within a predetermined range to the first signal.
(supplementary notes 16)
The communication device described in supplementary note 1, wherein the signal generating unit includes: a noise generation unit configured to generate noise within a predetermined range; and a noise imparting unit configured to generate the second signal by imparting the noise generated by the noise generating unit to the first signal.
(supplementary notes 17)
The communication apparatus described in supplementary note 16, wherein the noise imparting unit outputs, as the second signal, an exclusive or of the noise generated by the noise generating unit and the first signal.
(supplementary notes 18)
A communication apparatus, comprising: an error correction decryption unit configured to correct an error in a seventh signal obtained by giving an error within a predetermined range to a signal obtained based on the first signal, based on auxiliary information for correcting an error in a second signal, which is generated in advance by giving an error within a predetermined range to a signal obtained based on the first signal, and thereby generate an eighth signal; a private key generation unit configured to generate a fourth private key based on the eighth signal; and a decryption calculation unit configured to decrypt the encrypted signal based on the fourth private key and thereby generate a decrypted signal, the encrypted signal being generated by encrypting the fourth signal with the first private key generated based on the second signal.
(supplementary notes 19)
The communication device described in supplementary note 18, wherein the private key generation unit includes: a random number extraction unit configured to generate a ninth signal from the eighth signal output from the error correction decryption unit, the ninth signal having a value indistinguishable from the true random number; and a data separation unit configured to separate the fourth private key from the ninth signal and output the separated fourth private key.
(supplementary notes 20)
The communication apparatus described in supplementary note 19, further comprising: a comparison signal generation unit configured to generate a comparison signal based on a secret key different from the fourth secret key and the encrypted signal; and a comparing unit configured to compare authentication information with a comparison signal, the authentication information being generated based on a private key different from the first private key and the encrypted signal, wherein the decryption calculating unit generates a decrypted signal when the comparison signal matches the authentication information in the comparing unit.
(supplementary notes 21)
The communication device described in supplementary note 20, wherein the data separation unit separates fifth and sixth private keys from the ninth signal and outputs the separated fifth and sixth private keys, and the comparison signal generation unit includes: a multiplier configured to generate a tenth signal by multiplying the encrypted signal by a fifth private key; and an adder configured to generate a comparison signal by adding the sixth private key to the tenth signal.
(supplement description 22)
The communication apparatus described in supplementary note 18, wherein the decryption calculation unit outputs an exclusive or of the encrypted signal and the fourth private key as the decryption signal.
(supplementary notes 23)
A cryptographic processing system comprising a first communication device configured to encrypt a signal and a second communication device configured to decrypt the signal, wherein the first communication device comprises: a signal generating unit configured to output a second signal obtained by imparting an error within a predetermined range to a signal obtained based on the first signal; an error correction generating unit configured to output a third signal obtained based on the second signal and auxiliary information for correcting an error included in the second signal; a first private key generation unit configured to generate a first private key based on the third signal; and an encryption calculation unit configured to output an encrypted signal obtained by encrypting the fourth signal based on the first private key, and the second communication device includes: an error correction decryption unit configured to correct an error in a seventh signal, which is generated in advance by supplying the first signal to the signal generation unit, based on the auxiliary information and thereby generate an eighth signal; a second private key generation unit configured to generate a fourth private key based on the eighth signal; and a decryption calculation unit configured to decrypt the encrypted signal based on the fourth private key and thereby generate a decrypted signal.
(supplementary notes 24)
The cryptographic processing system described in supplementary note 23, wherein the first private key generating unit includes: a first random number extraction unit configured to generate a fifth signal from the third signal, the fifth signal having a value indistinguishable from a true random number; and a first data separation unit configured to separate the first private key from the fifth signal and output the separated first private key, and a second private key generation unit includes: a second random number extraction unit configured to generate a ninth signal from the eighth signal, the ninth signal having a value indistinguishable from the true random number; and a second data separation unit configured to separate the fourth private key from the ninth signal and output the separated fourth private key.
(supplementary notes 25)
The cryptographic processing system described in supplementary note 23, wherein the first communication device further includes an authentication information generating unit configured to generate authentication information based on a private key different from the first private key and an encrypted signal and output the generated authentication information, the second communication device further includes a comparison signal generating unit configured to generate a comparison signal based on a private key different from the fourth private key and an encrypted signal and a comparing unit configured to compare the authentication information with the comparison signal, the decryption calculating unit generates a decryption signal when the comparison signal matches the authentication information in the comparing unit, the first data separating unit separates the private key used by the authentication information generating unit from the fifth signal and outputs the separated private key, and the second data separating unit separates the private key used by the comparison signal generating unit from the ninth signal and outputs the separated private key.
(supplementary notes 26)
The cryptographic processing system described in supplementary note 25, wherein the first data separation unit separates the second and third private keys from the fifth signal and outputs the separated second and third private keys, the authentication information generation unit includes a first multiplier configured to generate a sixth signal by multiplying the encrypted signal by the second private key and a first adder configured to generate authentication information by adding the third private key to the sixth signal, the second data separation unit separates the fifth and sixth private keys from the ninth signal and outputs the separated fifth and sixth private keys, and the comparison signal generation unit includes a second multiplier configured to generate a tenth signal by multiplying the encrypted signal by the fifth private key and a second adder configured to generate a comparison signal by adding the sixth private key to the tenth signal.
(supplementary notes 27)
The cryptographic processing system described in supplementary note 23, wherein the encryption calculation unit outputs an exclusive or of the fourth signal and the first private key as the encryption signal, and the decryption calculation unit outputs an exclusive or of the encryption signal and the fourth private key as the decryption signal.
(supplementary notes 28)
The cryptographic processing system described in supplementary note 23, wherein the first communication device includes a first storage unit that stores the first signal, and the first signal is input from the first storage unit to the signal generating unit.
(supplementary notes 29)
The cryptographic processing system described in supplementary note 23, wherein the second communication device includes a second storage unit that stores the first signal, and the first signal is input from the second storage unit to the signal generating unit.
(supplementary notes 30)
The cryptographic processing system described in supplementary note 26, wherein the second communication device further includes a signal generating unit configured to generate a fourth signal, the fourth signal being input to a first multiplier of the first communication device, in the first communication device, the first multiplier generates a sixth signal by multiplying the fourth signal by a second private key, the first adder generates authentication information by adding the third private key to the sixth signal, in the second communication device, the second multiplier generates a sixth signal by multiplying the fourth signal by a fifth private key, the second adder generates a comparison signal by adding the sixth private key to the sixth signal, and the comparing unit compares the comparison signal with the authentication information and outputs a comparison result.
(supplementary notes 31)
The cryptographic processing system described in supplementary note 23, wherein the signal generating unit generates the second signal by supplying the first signal to a physically unclonable function and thereby giving an error within a predetermined range to the first signal.
(supplementary notes 32)
The cryptographic processing system described in supplementary note 23, wherein the signal generating unit includes: a noise generation unit configured to generate noise within a predetermined range; and a noise imparting unit configured to generate the second signal by imparting the noise generated by the noise generating unit to the first signal.
(supplementary notes 33)
The cryptographic processing system described in the supplementary note 32, wherein the noise imparting unit outputs, as the second signal, an exclusive or of the noise generated by the noise generating unit and the first signal.
(supplementary notes 34)
A cryptographic processing method, comprising: in a first communication device, supplying a first signal to a signal generating unit; outputting a second signal obtained by giving an error within a predetermined range to the first signal; outputting a third signal obtained based on the second signal and authentication information for correcting an error included in the second signal; generating a first private key based on the third signal; outputting an encrypted signal obtained by encrypting the fourth signal based on the first private key; in the second communication device, correcting an error in a seventh signal obtained in advance by supplying the first signal to the signal generating unit based on the auxiliary information and thereby generating an eighth signal; generating a fourth private key based on the eighth signal; and decrypting the encrypted signal based on the fourth private key and thereby generating a decrypted signal.
While the invention has been described in terms of various embodiments, those skilled in the art will recognize that the invention can be practiced with modification within the spirit and scope of the appended claims and is not limited to the examples described above.
Further, the scope of the claims is not limited by the above embodiments.
Furthermore, it is noted that the applicant's intent is to encompass equivalents of all claim elements, even if amended later during prosecution.

Claims (20)

1. A communication device, the communication device comprising:
a signal generating unit configured to output a second signal obtained by imparting an error within a predetermined range to a signal obtained based on the first signal;
an error correction generation unit configured to output a third signal obtained based on the second signal and auxiliary information for correcting an error included in the second signal;
a private key generation unit configured to generate a first private key based on the third signal;
an encryption calculation unit configured to output an encrypted signal obtained by encrypting a fourth signal based on the first private key; and
A decryption computing unit configured to decrypt the encrypted signal based on a fourth private key and thereby generate a decrypted signal.
2. The communication device according to claim 1, wherein the private key generation unit includes:
a random number extraction unit configured to generate a fifth signal from the third signal, the fifth signal having a value indistinguishable from a true random number; and
a data separation unit configured to separate the first private key from the fifth signal and output the separated first private key.
3. The communication device of claim 2, the communication device further comprising:
an authentication information generation unit configured to generate authentication information based on a private key different from the first private key and the encrypted signal, and output the generated authentication information,
wherein, the liquid crystal display device comprises a liquid crystal display device,
the data separation unit separates the private key used by the authentication information generation unit from the fifth signal, and outputs the separated private key.
4. The communication device of claim 3, wherein,
The data separation unit separates the second and third private keys from the fifth signal and outputs the separated second and third private keys, and
the authentication information generation unit includes:
a multiplier configured to generate a sixth signal by multiplying the encrypted signal by the second private key; and
an adder configured to generate the authentication information by adding the third private key to the sixth signal.
5. The communication device of claim 1, wherein,
the encryption calculation unit outputs an exclusive OR of the fourth signal and the first private key as the encrypted signal.
6. The communication device of claim 1, wherein,
the first signal is input to the signal generating unit from outside the communication device.
7. The communication apparatus of claim 1, further comprising:
a memory unit storing the first signal,
wherein, the liquid crystal display device comprises a liquid crystal display device,
the first signal is input from the storage unit to the signal generation unit.
8. The communication device of claim 4, wherein,
when the fourth signal is input to the multiplier,
The multiplier generates the sixth signal by multiplying the fourth signal by the second private key, and
the adder generates the authentication information by adding the third private key to the sixth signal.
9. The communication device of claim 4, wherein,
when the communication device according to claim 4 is a first communication device, the first communication device further comprises an error correction decryption unit configured to: upon receiving auxiliary information and an encrypted signal from a second communication device having the same configuration as the communication device according to claim 4, generating an eighth signal by correcting an error in a seventh signal based on the auxiliary information received from the second communication device, the seventh signal being generated in advance by supplying the first signal to a signal generating unit of the second communication device;
the private key generation unit generates a fourth private key based on the eighth signal, and
the decryption calculation unit generates the decrypted signal by decrypting the encrypted signal received from the second communication device based on the fourth private key.
10. The communication device of claim 1, wherein,
the signal generating unit generates the second signal by supplying the first signal to a physically unclonable function and thereby imparting the error within the predetermined range to the first signal.
11. The communication device according to claim 1, wherein the signal generating unit includes:
a noise generation unit configured to generate noise within a predetermined range; and
a noise imparting unit configured to generate the second signal by imparting the noise generated by the noise generating unit to the first signal.
12. The communication device of claim 11, wherein,
the noise imparting unit outputs an exclusive or of the noise generated by the noise generating unit and the first signal as the second signal.
13. A communication device, the communication device comprising:
an error correction decryption unit configured to correct an error in a seventh signal obtained by giving an error within a predetermined range to a signal obtained based on the first signal based on auxiliary information for correcting an error in a second signal, which is generated in advance by giving an error within a predetermined range to a signal obtained based on the first signal, and thereby generate an eighth signal;
A private key generation unit configured to generate a fourth private key based on the eighth signal; and
a decryption calculation unit configured to decrypt an encrypted signal generated by encrypting a fourth signal by a first private key generated based on the second signal based on the fourth private key and thereby generate a decrypted signal.
14. The communication device of claim 13, wherein the private key generation unit comprises:
a random number extraction unit configured to generate a ninth signal from the eighth signal output from the error correction decryption unit, the ninth signal having a value indistinguishable from a true random number; and
a data separation unit configured to separate the fourth private key from the ninth signal and output the separated fourth private key.
15. The communication device of claim 14, the communication device further comprising:
a comparison signal generation unit configured to generate a comparison signal based on a private key different from the fourth private key and the encrypted signal; and
A comparison unit configured to compare authentication information with the comparison signal, the authentication information being generated based on a private key different from the first private key and the encrypted signal,
wherein, the liquid crystal display device comprises a liquid crystal display device,
the decryption calculation unit generates the decryption signal when the comparison signal matches the authentication information in the comparison unit.
16. The communication device of claim 15, wherein,
the data separation unit separates fifth and sixth private keys from the eighth signal and outputs the separated fifth and sixth private keys, and
the comparison signal generation unit includes:
a multiplier configured to generate a tenth signal by multiplying the encrypted signal by the fifth private key; and
an adder configured to generate the comparison signal by adding the sixth private key to the tenth signal.
17. The communication device of claim 13, wherein,
the decryption calculation unit outputs an exclusive or of the encrypted signal and the fourth private key as the decrypted signal.
18. A cryptographic processing system comprising a first communication device configured to encrypt a signal and a second communication device configured to decrypt the signal, wherein,
The first communication device includes:
a signal generating unit configured to output a second signal obtained by imparting an error within a predetermined range to a signal obtained based on the first signal;
an error correction generation unit configured to output a third signal obtained based on the second signal and auxiliary information for correcting an error included in the second signal;
a first private key generation unit configured to generate a first private key based on the third signal; and
an encryption calculation unit configured to output an encrypted signal obtained by encrypting a fourth signal based on the first private key, and
the second communication device includes:
an error correction decryption unit configured to correct an error in a seventh signal, which is generated in advance by supplying the first signal to the signal generation unit, based on the auxiliary information and thereby generate an eighth signal;
a second private key generation unit configured to generate a fourth private key based on the eighth signal; and
A decryption computing unit configured to decrypt the encrypted signal based on the fourth private key and thereby generate a decrypted signal.
19. The cryptographic processing system of claim 18, wherein,
the first private key generation unit includes:
a first random number extraction unit configured to generate a fifth signal from the third signal, the fifth signal having a value indistinguishable from a true random number; and
a first data separation unit configured to separate the first private key from the fifth signal and output the separated first private key, and
the second private key generation unit includes:
a second random number extraction unit configured to generate a ninth signal from the eighth signal, the ninth signal having a value indistinguishable from a true random number; and
and a second data separation unit configured to separate the fourth private key from the ninth signal and output the separated fourth private key.
20. The cryptographic processing system of claim 19, wherein,
The first communication device further includes an authentication information generation unit configured to generate authentication information based on a private key different from the first private key and the encrypted signal, and output the generated authentication information,
the second communication device further comprises a comparison signal generating unit configured to generate a comparison signal based on a private key different from the fourth private key and the encrypted signal, and a comparing unit configured to compare the authentication information with the comparison signal,
when the comparison signal matches the authentication information in the comparison unit, the decryption calculation unit generates the decryption signal,
the first data separation unit separates the private key used by the authentication information generation unit from the fifth signal and outputs the separated private key, and
the second data separation unit separates the private key used by the comparison signal generation unit from the ninth signal, and outputs the separated private key.
CN201711320791.6A 2016-12-13 2017-12-12 Communication device and cryptographic processing system Active CN108616349B (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
JP2016241274 2016-12-13
JP2016-241274 2016-12-13
JP2017-103589 2017-05-25
JP2017103589A JP2018098757A (en) 2016-12-13 2017-05-25 Communication apparatus and cryptographic processing system

Publications (2)

Publication Number Publication Date
CN108616349A CN108616349A (en) 2018-10-02
CN108616349B true CN108616349B (en) 2023-06-09

Family

ID=62632429

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711320791.6A Active CN108616349B (en) 2016-12-13 2017-12-12 Communication device and cryptographic processing system

Country Status (3)

Country Link
JP (1) JP2018098757A (en)
CN (1) CN108616349B (en)
TW (1) TW201830916A (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109783059B (en) * 2018-12-28 2021-04-30 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) Quantum random number generation method and device

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016058793A1 (en) * 2014-10-13 2016-04-21 Intrinsic Id B.V. Cryptographic device comprising a physical unclonable function

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006038183A1 (en) * 2004-10-04 2006-04-13 Koninklijke Philips Electronics N.V. Two-way error correction for physical tokens
EP2404403B1 (en) * 2009-03-06 2019-12-04 Intrinsic ID B.V. System for establishing a cryptographic key depending on a physical system
US20130051552A1 (en) * 2010-01-20 2013-02-28 Héléna Handschuh Device and method for obtaining a cryptographic key
CN102393890B (en) * 2011-10-09 2014-07-16 广州大学 Crypto chip system for resisting physical invasion and side-channel attack and implementation method thereof
US9590804B2 (en) * 2011-12-13 2017-03-07 Nec Corporation Identification information generation device and identification information generation method

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016058793A1 (en) * 2014-10-13 2016-04-21 Intrinsic Id B.V. Cryptographic device comprising a physical unclonable function

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘伟强 ; 崔益军 ; 王成华 ; .一种低成本物理不可克隆函数结构的设计实现及其RFID应用.电子学报.2016,(第07期),全文. *

Also Published As

Publication number Publication date
JP2018098757A (en) 2018-06-21
CN108616349A (en) 2018-10-02
TW201830916A (en) 2018-08-16

Similar Documents

Publication Publication Date Title
US9037623B2 (en) Proxy calculation system, proxy calculation method, proxy calculation requesting apparatus, and proxy calculation program and recording medium therefor
US20050058294A1 (en) Method, system and device for enabling delegation of authority and access control methods based on delegated authority
CN105009507A (en) Generating a key derived from a cryptographic key using a physically unclonable function
US10985914B2 (en) Key generation device and key generation method
US11930110B2 (en) System and method for key recovery and verification in blockchain based networks
CN110351297B (en) Verification method and device applied to block chain
US9762386B1 (en) Verification of stored encryption keys in multi-tiered encryption system
US11012230B2 (en) Communication apparatus and cryptographic processing system
EP3641219A1 (en) Puf based securing of device update
CN113158200A (en) Integrated circuit for performing authentication using challenge-response protocol and method for using the same
CN114640867A (en) Video data processing method and device based on video stream authentication
JP6059347B2 (en) Decoding device, decoding capability providing device, method and program thereof
EP3214567B1 (en) Secure external update of memory content for a certain system on chip
CN108616349B (en) Communication device and cryptographic processing system
CN112115461B (en) Equipment authentication method and device, computer equipment and storage medium
US11341217B1 (en) Enhancing obfuscation of digital content through use of linear error correction codes
CN112118245B (en) Key management method, system and equipment
US20160148002A1 (en) Key storage apparatus, key storage method and program therefor
US20220216999A1 (en) Blockchain system for supporting change of plain text data included in transaction
JP5945525B2 (en) KEY EXCHANGE SYSTEM, KEY EXCHANGE DEVICE, ITS METHOD, AND PROGRAM
WO2020144758A1 (en) Secure computing device and client device
JP2016025532A (en) Communication system, communication apparatus and communication method
CN111064753B (en) One-Time Pad-based password manager implementation method
US20170222810A1 (en) User permission check system
CN112968904B (en) Block chain data protection method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant