JP2000089669A - Encryption method, decryption method, encryption and decryption method and cipher communication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To permit high-speed decryption processing of sum-of-product type chiphers by setting a radix vector at a specific value with an encryption method for obtaining ciphertext by using a plaintext vector and the radix vector. SOLUTION: One entity (a) enciphers plaintext (x) to the ciphertext C=m0 D0+m1D1+...mK-1DK-1 by using the plaintext vector m=(m0, m1,..., mK-1) formed by dividing the plaintext (x) by K by an encryption device 1 and the radix vector D=(D0, D1,..., DK-1). Di (0<=i<=K-1) is set at Di=d0/d1 (where d= d0d1...dK-1) (arbitrary two numbers di, dj are primes)). The formed ciphertext C is sent via a communication path 3 from the entity (a) to another entity (b). The entity (b) deciphers this ciphertext C to the original plaintext (x) by a decryption device 2.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to an encryption method for converting a plaintext into a ciphertext and a decryption method for converting a ciphertext into an original plaintext, and more particularly to a product-sum encryption.

[0002]

2. Description of the Related Art In a modern society called an advanced information society, important documents and image information in business are transmitted, communicated, and processed in the form of electronic information based on a computer network. Such electronic information has a property that it can be easily copied and it is difficult to distinguish a copy from an original, and thus the importance of information security is emphasized. In particular, "sharing of computer resources",
The realization of a computer network that satisfies each element of "multi-access" and "wide area" is indispensable for the establishment of an advanced information society, but this includes elements inconsistent with the problem of information security between parties. As an effective method for resolving such inconsistency, cryptographic technology that has been used mainly in military and diplomatic aspects in the past history of humankind has attracted attention.

[0003] Encryption means exchanging information so that the meaning of the information cannot be understood by anyone other than the parties. In encryption, it is encryption to convert an original sentence (plaintext) that anyone can understand into a sentence (ciphertext) whose meaning is unknown to a third party, and decryption is to return the ciphertext to plaintext. The entire process of encryption and decryption is collectively called an encryption system. In the encryption process and the decryption process, secret information called an encryption key and a decryption key are used, respectively. Since a secret decryption key is required at the time of decryption, only a person who knows the decryption key can decrypt the ciphertext, and the encryption can maintain the confidentiality of the information.

[0004] Encryption methods can be broadly classified into two types: a common key encryption system and a public key encryption system. In the common key cryptosystem, the encryption key and the decryption key are equal, and the sender and the receiver have the same key to perform encrypted communication. The sender encrypts the plaintext based on the secret common key and sends it to the recipient,
The recipient uses the common key to decrypt the ciphertext into plaintext.

In the public key cryptosystem, on the other hand, the encryption key and the decryption key are different, the sender encrypts the plaintext with the public key of the public receiver, and the receiver uses his / her own private key. Performs encrypted communication by decrypting the ciphertext.
The public key is a key for encryption, the secret key is a key for decrypting a ciphertext converted by the public key, and the ciphertext converted by the public key can be decrypted only by the private key.

[0006]

With respect to the multiply-accumulate cryptosystem, which is one of the public key cryptosystems, new systems and attack methods have been proposed one after another, but in particular, a large amount of information can be processed in a short time. Thus, development of an encryption / decryption technique capable of high-speed decryption is desired.

The present invention has been made in view of such circumstances, and has as its object to provide a new encryption method and a new decryption method for multiply-accumulate encryption, which can perform high-speed decryption processing.

[0008]

An encryption method according to claim 1.
The method is a plaintext vector m = (m₀,
m ₁, ..., m_K-1) And the radix vector D = (D₀, D₁,
…, D_K-1) And ciphertext C = m₀D₀+ M₁D₁
+ ... + m_K-1D_K-1In the encryption method to get
Note D_i(0 ≦ i ≦ K−1)_i= D / d_i(However, d
= D₀d₁... d_K-1(Arbitrary two numbers d_i, D_jAre each other
)).

According to a second aspect of the present invention, in the encryption method, the plaintext is divided into K minutes.
The plaintext vector m = (m₀, M ₁, ..., m_K-1)When
Radix vector D = (D₀, D₁, ..., D_K-1) And
And ciphertext C = m₀D₀+ M₁D₁+ ... + m_K-1D
_K-1In the encryption method for obtaining_i(0 ≦ i ≦ K
-1) to D_i= (D / d_i) ・ V_i(However, d = d₀d
₁... d_K-1(Arbitrary two numbers d_i, D_jAre relatively prime),
v_i: Random number).

According to a third aspect of the present invention, in the encryption method according to the first aspect, the random number vector v = (v ₀ , v ₁ ,..., V _{K -1} ).
, The ciphertext C = m ₀ v ₀ D ₀ + m ₁ v ₁ D ₁ +...
+ M _K-1 v _K-1 D _K-1 is obtained.

The decoding method according to claim 4 is the method according to claims 1 and 2.
Or a decoding method for decoding the ciphertext C encrypted by one of 3, the following plaintext vector by formula (a) of _{m = (m 0, m 1} , ..., m K-1) to obtain the It is characterized by. m _i ≡CD _i ^-1 (mod d _i ) (a)

[0012] encryption method according to claim 5, in claim 1 or 2, and wherein a set of K d _i prepare plural sets so as to obtain a ciphertext to each each set I do.

According to a sixth aspect of the present invention, there is provided an encryption / decryption method comprising the steps of:
Plaintext vector m = (m ₀, M₁, ..., m
_K-1) And the radix vector D = (D₀, D₁, ..., D_K-1)
And converts the plaintext into ciphertext, and uses the ciphertext as the original
In the encryption / decryption method for converting into plaintext of_i
(0 ≦ i ≦ K−1) is an integer d_iUsing d / d_i(However
And d = d₀d ₁... d_K-1(Arbitrary two numbers d_i, D_j
Are mutually prime)) and w <P (P: prime)
Is selected, and w is the public key vector according to equation (b).
C = (c₀, C₁, ..., c_K-1Steps to ask for
And c_i≡wD_i (Mod P) (b) By the inner product of the plaintext vector m and the public key vector c, the expression
(C) creating a ciphertext C, and C = m₀c₀+ M₁c₁+ ... + m_K-1c_K-1 .. (C) With respect to the ciphertext C, the intermediate decrypted text M
And M ス テ ッ プ w^-1C (mod P) (d) This intermediate decrypted text M is decrypted by the following equation (e) to obtain a plain text.
Vector m = (m₀, M₁, ..., m_K-1) Seeking Steward
And m_i≡MD_i ^-1 (Mod d_i) (E).

According to a seventh aspect of the present invention, there is provided an encryption / decryption method comprising:
Plaintext vector m = (m ₀, M₁, ..., m
_K-1) And the radix vector D = (D₀, D₁, ..., D_K-1)
The ciphertext is converted to ciphertext using
In the encryption / decryption method for converting into plaintext of_i(0 ≦ i ≦ K−1) is set by equation (f).
Tep and D_i= (D / d_i) ・ V_i ... (f) where v_i: Random number d_i: Integer d = d₀d₁... d_K-1 (Arbitrary two integers d_i, D_jAre mutually prime) Select w that satisfies w <P (P: prime number), and
Public key vector c = (c₀, C₁, ..., c_K-1)
And c_i≡wD_i (Mod P) (g) The inner product of the plaintext vector m and the public key vector c gives
(H) creating a ciphertext C; C = m₀c₀+ M₁c₁+ ... + m_K-1c_K-1 ... (h) For the ciphertext C, the intermediate decryption text M is expressed as
And M ス テ ッ プ w^-1C (mod P) (i) This intermediate decrypted text M is decrypted by the following equation (j) to obtain a plain text.
Vector m = (m₀, M₁, ..., m_K-1) Seeking Steward
And m_i≡MD_i ^-1 (Mod d_i) (J).

[0015] In the encryption / decryption method according to claim 8, the plaintext
Plaintext vector m = (m ₀, M₁, ..., m
_K-1) And the radix vector D = (D₀, D₁, ..., D_K-1)
The ciphertext is converted to ciphertext using
In the encryption / decryption method for converting into plaintext of
Setting Q and the radix vector D_Pi(0 ≦ i ≦
K-1) is an integer d_PiWith D_Pi= D_P/ D_Pi(However,
d_P= D_P0d_P1... d_PK-1(Arbitrary two numbers d_Pi, D_PjIs
Radix vector D_Qi
(0 ≦ i ≦ K−1) is an integer d_QiWith D_Qi= D_Q/ D
_Qi(However, d_Q= D_Q0d_Q1... d_QK-1(Arbitrary two numbers d
_Qi, D_QjAre disjoint)) set the steps and the Chinese
Using the remainder theorem of
D_Pi, D_QiThe smallest integer D such that_iSteps to guide
And w that satisfies w <N (N = PQ) are selected, and equation (k)
The public key vector c = (c₀, C₁, ..., c_K-1)
C._i≡wD_i (Mod N) ... (k) The inner product of the plaintext vector m and the public key vector c gives
(C) creating a ciphertext C shown in (l);₀c₀+ M₁c₁+ ... + m_K-1c_K-1 ... (l) For ciphertext C, in law P and law Q, respectively
Decrypted text M_P, M_QIs calculated as in Equations (m) and (n).
And M_P≡w^-1C (mod P) ... (m) M_Q≡w^-1C (mod Q) ... (n) This intermediate decrypted text M_P, M_QBy the following equations (o) and (p)
And the remaining pair (m_i ^(P), M_i ^(Q))
And m_i ^(P)≡M_PD_Pi ^-1 (Mod d_Pi)… (O) m_i ^(Q)≡M_QD_Qi ^-1 (Mod d_Qi)… (P) The obtained m_i ^(P), M_i ^(Q)Applying the Chinese remainder theorem to
And the plaintext vector m = (m₀, M₁, ..., m_K-1)
And the step of determining

A ninth aspect of the present invention is the encryption / decryption method according to the eighth aspect, wherein the ciphertext C is transmitted modulo N.

According to a tenth aspect of the present invention, there is provided an encryption communication system for performing information communication using a ciphertext between a plurality of entities, using the encryption method according to any one of the first, second, third, and fifth aspects. And a communication path for transmitting the generated ciphertext from one entity to the other entity, and a decryptor for decoding the transmitted ciphertext into the original plaintext. It is characterized by.

The concept of the encryption / decryption method of the present invention will be described below. Consider a set {d _i } with K integers as elements. Note that any two elements of this set are disjoint. Then, as shown in equation (1), the product of these K number of elements is d, that defines the base D _i as in Equation (2). _{d = d 0 d 1 ... d} K-1 ... (1) D i = d / d i ... (2)

Then, the message m = (m₀, M₁,
…, M_K-1) With the radix D = (D₀, D ₁, ..., D_K-1)
And expressed as shown in the following equation (3). M = m₀D₀+ M₁D₁+ ... + m_K-1D_K-1 ... (3) where each element m of the message vector m_iIs m_i<D_i
Set to satisfy.

In the present invention, a ciphertext is created in this manner, that is, by using equations (1) to (3).

If the radix is given by equation (2), the message m =
(M ₀ , m ₁ ,..., M _{K -1} ) can be decoded.
This decoding algorithm is called a parallel decoding algorithm.

[0022] [parallel decoding algorithm] unit _i (m i ^{_{decoding) m i ≡MD i -1 (mod}} d i)

An encryption method based on such a concept and a decryption method for it are features of the present invention. The specific method will be described later.

[0024]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Embodiments of the present invention will be specifically described below. FIG. 1 is a schematic diagram showing a state where the encryption / decryption method according to the present invention is used for information communication between entities a and b. In the example of FIG. 1, one entity a encrypts a plaintext x into a ciphertext C by the encryptor 1 and transmits the ciphertext C to the other entity b via the communication path 3. , The decryptor 2 decrypts the ciphertext C into the original plaintext x.

(First Embodiment) A secret key and a public key are prepared as follows. • Secret key: {d _i }, P, w • Public key: {c _i } A radix is given as in the above equation (2). In this case, the radix vector {D _i } is not a super-incremental sequence but LLL (Lenatr
a-Lenatra-Lovasz) Resistant to law attacks. In addition, an integer w that satisfies w <P (P is a large prime number) is randomly selected. Also,
Each element m _i of the message vector m is set to satisfy the m _i <d _i. The public key vector c is derived from the components of D using the integer w as shown in equations (4) and (5). c _i ≡wD _i (mod P) (4) c = (c ₀ , c ₁ ,..., c _K-1 ) (5)

Μ <min (d ₀ , d ₁ ,..., D
_K-1 ) is released to each entity. On the entity a side, based on the disclosed μ, K-dimensional μ
The plaintext x is divided into message vectors having the following sizes. On the entity a side, the inner product of the message vector m and the public key vector c is obtained as in Expression (6), and the plaintext x is encrypted to obtain a ciphertext C. The created ciphertext C is transmitted from the entity a to the entity b via the communication path 3. C = m ₀ c ₀ + m ₁ c ₁ +... + M _K-1 c _K-1 (6)

On the entity b side, decoding processing is performed as follows. First, an intermediate decrypted text M is derived for the cipher text C as shown in Expression (7). M≡w ^-1 C (mod P) (7)

Since the intermediate decrypted text M is specifically given by the equation (3), it can be decrypted by the above-described parallel decryption algorithm. If K-fold parallel processing is possible, the ciphertext C can be decrypted at high speed in the time required to execute the multiplication / division processing twice. Further, in the present invention, it is not necessary to decode each element of the message vector in order from the most significant digit (or in order from the least significant digit), and a message element of an arbitrary digit can be freely decoded in parallel. Communication becomes possible.

By the way, a pair of two d _i and d _j (d _i , d _j
Assuming _dj ) brute force, P will be exposed. Thus, practically d _i must be chosen to about 2 ^32.

Here, a specific example of the first embodiment will be described.・ Secret key d = (11,17,29) D = (17.29,29.11,11.17) = (493,319,187) P = 59659 w = 25252 w ^-1 ≡48633 (mod P) (D ₁ , D ₂ , and D ₃ are not super-incremental sequences) Public key c {wD} (40164, 1423, 9063) (mod P) Encrypted message is m = (4, 6, 8). C = cm = 241698 Decryption Obtain the intermediate decrypted text M and decrypt it using a parallel decryption algorithm. M≡w ⁻¹ C≡5382 (mod 59659) m ₀ ≡5382 · 493 ⁻¹ ≡4 (mod 11) m ₁ = 5382 · 319 ⁻¹ ≡6 (mod 17) m ₂ = 5382 · 187 ⁻¹ ≡8 (Mod 29) As described above, the message m = (4, 6, 8) is obtained.

(Second Embodiment) A second embodiment in which random numbers are added to the first embodiment will be described. In the first embodiment, when the total product of the products of w and D _i is obtained,
Since a multiplication product of w and d is obtained as in the following equation (8), there is no possibility that w and d can be obtained. Therefore, in the second embodiment, security is enhanced by using the radix vector multiplied by the random number in the first embodiment as a radix vector.

[0032]

(Equation 1)

A secret key and a public key are prepared as follows. - secret _{key: {d i}, {v} i}, P, w · public key: {c _i} comparable magnitude of the random number v _0, v _1, ..., with v _K-1, radix D _i is given as in equation (9). However, it assumed to be relatively prime and d _i and v _i. D _i = (d / d _i ) · v _i (9)

Using the integer w, the public key vector c is obtained as in the following equations (10) and (11), as in the first embodiment. c _i ≡wD _i (mod P) (10) c = (c ₀ , c ₁ ,..., c _K-1 ) (11)

Message vector m and public key vector c
The ciphertext C is obtained in the same manner as in the first embodiment (Equation (6)) by the inner product of.

The decoding process is performed as follows.
An intermediate decryption text M is obtained from the cipher text C as shown in Expression (12). M≡w ⁻¹ C (mod P) (12) Since the intermediate decryption text M is specifically given as the above equation (3), it is decrypted by the parallel decryption algorithm as in the first embodiment. You.

Here, a specific example of the second embodiment will be described.・ Private key d = (11,17,29) v = (8,7,5) D = (2465,2233,1496) P = 59659 w = 25252 w ^-1 {48633 (mod P) ・ Public key c} wD≡ (21843, 9961, 12845) (mod P)-Let the encrypted message be m = (7,8,9). C = c · m = 348194 Decryption An intermediate decrypted text M is obtained and decrypted using a parallel decryption algorithm. M≡w ^-1 C≡48583 (mod 59659) m ₀ ≡48583 · 2465 ^-1 ≡7 (mod 11) m ₁ = 48583 · 2233 ^-1 -18 (mod 17) m ₂ = 48583 · 1496 ^-1 ≡9 (Mod 29) As described above, the message m = (7, 8, 9) is obtained.

(Third Embodiment) In the second embodiment,
The random number is incorporated into the radix vector itself.
Using the same radix vector as in the embodiment, random numbers v ₀ , v ₁ ,..., V _{K -1} can be added at the stage of generating the ciphertext C. The ciphertext C in this case has the same form as in the second embodiment.

(Fourth Embodiment) A fourth embodiment in which radix vectors are multiplexed in the first embodiment will be described. The fourth embodiment is an encryption / decryption method that sets a radix vector {D _i } according to the first embodiment in each of two moduli and uses the Chinese remainder theorem.

A secret key and a public key are prepared as follows. - secret _{key: {d Pi}, {d} Qi}, P, Q, N, w · Public Key: Select {c _i} 2 two large prime numbers P, Q, to those of the product with N. Two sets of {d _i } consisting of K elements in the first embodiment are prepared, and set as {d _Pi }, {d _Qi }.
Also, the radix generated from them is {D _Pi }, {D _Qi }. Using Chinese remainder theorem leads P, each remainder by Q D _Pi, the smallest integer D _i such that D _Qi, make it a base.

As in the first embodiment, the public key vector c is obtained by using the secret random number w modulo N as in the following equations (13) and (14). c _i ≡wD _i (mod N) (13) c = (c ₀ , c ₁ ,..., c _K-1 ) (14)

Message vector m and public key vector c
The ciphertext C is obtained in the same manner as in the first embodiment (Equation (6)) by the inner product of.

The decoding process is performed as follows.
Against ciphertext C, modulo P, at law Q, intermediate decrypted text M _P, the M _Q wherein each (15), derived as equation (16). ^{_{M P ≡w -1 C (mod P}} ) ... (15) M Q ≡w -1 C (mod Q) ... (16)

Each intermediate decrypted text M_P, M_QFor the equation (1
7), Equation (18) holds. Where m _iIs given by equation (19),
It is assumed that it is one of the equations (20). M_P= M₀ ^(P)D_P0+ M₁ ^(P)D_P1+ ... + m_K-1 ^(P)D_PK-1 … (17) M_Q= M₀ ^(Q)D_Q0+ M₁ ^(Q)D_Q1+ ... + m_K-1 ^(Q)D_QK-1 … (18) m_i≡m_i ^(P) (Mod d_Pi)… (19) m_i≡m_i ^(Q) (Mod d_Qi)… (20)

By applying a parallel decoding algorithm to M _P and M _Q , the remaining pairs (m _i ^(P) , m
_i ^(Q) ) can be derived. Applying the Chinese remainder theorem to these, the message m _i <lcm
(D _Pi , d _Qi ) can be decoded.

Here, a specific example in the fourth embodiment will be described.・ Private key d _P = (11,17,29) d _Q = (13,19,23) D _P = (493,319,187) D _Q = (437,299,247) D = (946872238594, 409641492482, 772314923252) P = 1042183 Q = 960119 N = 1000619699777 w = 947284758293 w ^-1 {337608855274 (mod N) ・ Public key c {wD} (940952460514, 717925054865, 8707125634
37) (mod N)-The encrypted message is set to m = (45, 67, 89). C = c · m = 167937257544978 · decoding intermediate decrypted text M _P, seek M _Q, using parallel decoding algorithm. ^{_{M P ≡w -1 C≡60201 (mod 1042183}} ) M Q ≡w -1 C≡61681 (mod 9600119) m 0 (P) ≡M P · 493 -1 ≡1 (mod 11) m 1 (P) ≡ M _P・ 319 ^-1 ≡16 (mod 17) m ₂ ^(P) = M _P P187 ^-1 ≡2 (mod 29) m ₀ ^(Q) ≡M _Q Q437 ^-1 ≡6 (mod 13) m ₁ ^(Q) ≡M _Q・ 299 ^-1 ≡10 (mod 19) m ₂ ^(Q) = M _Q・ 247 ^-1 ≡20 (mod 23) (m ₀ ^(P) , m ₀ ^(Q) ) By the remainder theorem of
Find m ₀ = 45. Similarly, (m ₁ ^(P) , m ₁ ^(Q) ),
From (m ₂ ^(P) , m ₂ ^(Q) ), m ₁ = 67 and m ₂ = 89 are obtained. The message m = (45, 67, 8
9) get.

In a multiplexing system such as the fourth embodiment in which the number N of composites is used as a modulus, if it is difficult to perform factorization of N, it is considered safe to disclose N. Therefore, in such a case, the encryption efficiency is improved by transmitting the ciphertext C obtained modulo N.

(Fifth Embodiment) The fifth embodiment is an encryption system in which a random number is added to the fourth embodiment, in other words, an encryption system in which a radix vector is multiplexed in the second embodiment. Since the contents of the fifth embodiment can be easily understood by referring to the above-described first to fourth embodiments, detailed description will be omitted.

(Sixth Embodiment) In the fourth embodiment,
The multiplexing method using two prime numbers has been described.
Multiplexing may be performed by using more than the prime numbers. In the sixth embodiment, a case where L prime numbers P ₀ , P ₁ ,..., P _L−1 are used will be described. Note that P ₀ = P, P ₁ =
Q is the same as in the fourth embodiment.

A private key and a public key are prepared as follows.
You.・ Private key: $ P_j｝, ｛R_{j, i}｝, W ・ Public key: ｛c_i｝ Prime P_j(J = 0, 1,..., L−1), the fourth
D in the embodiment _P, D_QVector D similar to_PjTo
It is given as in equation (21). D_Pj  = (R_j/ R_{j, 0}, R_j/ R_{j, 1}, ..., r_j/ R_{j, j}, ..., r_j/ R_{j, K-1}…… (21) where r_j= R_{j, 0}r_{j, 1}... r_{j, K-1}

[0051] Here, by applying the Chinese remainder theorem, the smallest integer satisfying the following equation (22) as D _i, the radix. _{D i ≡D Pj, i (mod} P j) ... (22) Then, the _{N = P 0 P 1 ... P} L-1 modulo prepared similarly public key c in the first embodiment.

The sixth embodiment incorporates a so-called two-dimensional structure as compared with the first embodiment. As a result, the following effects are expected. (1) If K = L, the message is decoded only using K ² parameters. When compared with the same number of dimensions K, the system is more secure. (2) Similarly, when K = L, the circuit can be simplified by using a vector obtained by cyclically replacing D _P0 shown in Expression (23) j times as D _pj . D _P0 = (r ₀ / r _0,0 , r ₀ / r _0,1 ,..., R ₀ / r _{0, K-1} ) (23)

In the sixth embodiment, r
_{If j and i} are about 16 bits and K = L = 8, the public key size is about 8.2 kilobits and the number of secret parameters is 74.

[0054]

As it is evident from the foregoing description, in the present invention, the base D _i when encrypting D _i = d / d _i (where, d = d ₀ d ₁ ...
d _K-1 ), each element of the plaintext vector can be decoded in parallel, and high-speed decoding can be performed with a simple device configuration. As a result, the present invention can greatly contribute to paving the way for the practical use of the product-sum encryption.

[Brief description of the drawings]

FIG. 1 is a schematic diagram showing a communication state of information between two entities.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 Encryptor 2 Decryptor 3 Communication path a, b entity

Claims (10)

[Claims] 1. A plaintext vector m = (m
₀ , m ₁ ,..., _{M K− 1} ) and the radix vector D = (D ₀ , D
_{1, ..., D K-1} ) 0 ciphertext C = m by using a D ₀ + m ₁
D ₁ +... + M _{K -1 In the} encryption method for obtaining DK _-1 , the _Di (0≤i≤K-1) is calculated by _Di = d / d _i (where d = d ₀ d _1). ... d _K-1 (arbitrary two numbers d _i , d _j
Are mutually prime))). 2. A plaintext vector m = (m
₀ , m ₁ ,..., _{M K− 1} ) and the radix vector D = (D ₀ , D
_{1, ..., D K-1} ) 0 ciphertext C = m by using a D ₀ + m ₁
D ₁ +... + M _{K -1 In} an encryption method for obtaining DK _-1 , the above D _i (0 ≦ i ≦ K−1) is replaced by D _i = (d / d _i )
An encryption method characterized by setting v _i (where d = d ₀ d ₁ ... D _{K -1} (arbitrary two numbers d _i and d _j are mutually prime) and v _i : random number). 3. A random number vector v = (v ₀ , v ₁ ,..., V
Ciphertext _K-1) with a _{C = m 0 v 0 D 0} + m 1 v 1 D 1
The encryption method according to claim 1, wherein + ... + m _K-1 v _K-1 D _K-1 is obtained. 4. A decryption method for decrypting a ciphertext C encrypted according to claim 1, 2, or 3, wherein a plaintext vector m = (m ₀ , m ₁ ,..., M
_K-1 ). m _i ≡CD _i ^-1 (mod d _i ) (a) 5. A plurality of sets of the K d _i are prepared,
3. The encryption method according to claim 1, wherein a ciphertext is obtained for each set. 6. A plaintext vector m = (m
₀, M₁, ..., m_{K- 1}) And the radix vector D = (D₀, D
₁, ..., D_K-1) To convert the plaintext to ciphertext
Encryption / decryption method for converting the ciphertext into the original plaintext
In the above D_i(0 ≦ i ≦ K−1) is an integer d_iUsing d / d
_i(However, d = d₀d ₁... d_K-1(Any two numbers
d_i, D_jAre mutually prime)), and w that satisfies w <P (P: prime number) is selected.
Public key vector c = (c₀, C₁, ..., c_K-1)
And c_i≡wD_i (Mod P) (b) By the inner product of the plaintext vector m and the public key vector c, the expression
(C) creating a ciphertext C, and C = m₀c₀+ M₁c₁+ ... + m_K-1c_K-1 .. (C) With respect to the ciphertext C, the intermediate decrypted text M
And M ス テ ッ プ w^-1C (mod P) (d) This intermediate decrypted text M is decrypted by the following equation (e) to obtain a plain text.
Vector m = (m₀, M₁, ..., m_K-1) Seeking Steward
And m_i≡MD_i ^-1 (Mod d_iAn encryption / decryption method comprising: (e). 7. A plaintext vector m = (m
₀ , m ₁ ,..., _{M K− 1} ) and the radix vector D = (D ₀ , D
_1, ..., converts the plaintext into ciphertext using D _K-1) and, in the encryption and decryption method for converting the ciphertext into the original plaintext, the _{D i (0 ≦ i ≦ K} -1 ) setting a by a formula _{(f), D i = (} d / d i) · v i ... (f) where, v _i: random number d _i: integer _{d = d 0 d 1 ... d} K-1 (Arbitrary two integers d _i and d _j are relatively prime) w that satisfies w <P (P: prime number) is selected, and the public key vector c = (c ₀ , c ₁ ,. _K-1 ); and c _i ＤwD _i (mod P) (g) a step of creating a ciphertext C shown in equation (h) by an inner product of the plaintext vector m and the public key vector c; C = m ₀ c ₀ + m ₁ c ₁ +... + M _{K -1} c _{K -1} (h) A step of obtaining an intermediate decryption text M for the cipher text C as in equation (i); M≡w ^-1 C (mod P ... (i) The intermediate decrypted text M by decoding by the following formula (j) plaintext vector _{m = (m 0, m 1} , ..., m K-1) Step a m _i ≡MD _i ^-1 seeking ( mod d _i )... (j). 8. A plaintext vector m = (m
₀ , m ₁ ,..., _{M K− 1} ) and the radix vector D = (D ₀ , D
_1, ..., it converts the plaintext into ciphertext by using the D _K-1), the encryption and decryption method for converting the ciphertext into the original plaintext, setting a prime number P, Q, Radix The vector D _Pi (0 ≦ i ≦ K−1) is calculated by using the integer d _Pi as follows: D _Pi = d _P / d _Pi (where d _P = d _P0 d _P1 ... D)
_PK-1 (arbitrary two numbers d _Pi and d _Pj are relatively prime)), and radix vector D _Qi (0 ≦ i ≦ K−1) is set to D _Qi = d _Q using an integer d _Qi. / D _Qi (However, d _Q = d _Q0 d _Q1 ... d
_{Using QK-1} (arbitrary two numbers d _Qi and d _Qj are relatively prime) and using the Chinese remainder theorem so that the remainders of P and Q are D _Pi and D _Qi , respectively. Step of deriving the smallest integer D _i , and selecting w satisfying w <N (N = PQ), and calculating the public key vector c = (c ₀ , c ₁ ,..., C _K-1 ) by equation (k) C _i ≡wD _i (mod N) (k) a step of creating a ciphertext C shown in equation (1) by an inner product of the plaintext vector m and the public key vector c; C = m ₀ c ₀ + m ₁ c ₁ +... + M _{K -1} c _{K -1} (1) For the cipher text C, the intermediate decrypted texts _MP and MQ are _expressed by formulas (m), a step of obtaining as the formula ^{_{(n), M P ≡w -1}} C (mod P) ... (m) M Q ≡w -1 C (mod Q) ... (n) the intermediate decrypted text M _P, M _Q The following formula (o), formula (p)
Remainder pair decoded by determining a ^{_{(m i (P), m}} i (Q)), m i (P) ≡M P D Pi -1 (mod d Pi) ... (o) m i (Q ^{_{) ≡M Q D Qi -1 (mod}} d Qi) ... (p) obtained m _i ^(P), by applying the Chinese remainder theorem to m _i ^(Q), the plaintext vector m = (m _0, m _1, ..., encryption and decryption method characterized by a step of obtaining a m _K-1). 9. The encryption / decryption method according to claim 8, wherein said ciphertext C is transmitted modulo N. 10. A cryptographic communication system for performing information communication by cipher text between a plurality of entities, wherein
An encryptor that creates a ciphertext from a plaintext using the encryption method described in any of 2, 3, or 5, a communication path that sends the created ciphertext from one entity to the other entity, And a decryptor for decrypting the encrypted text into the original plaintext.