JP2000165372A - Encryption communication method, encryption method and encryption communication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an encryption communication method by an ID-NIKS offering high security where a key is shared in common with probability. SOLUTION: A center 1 generates 4 private keys (vectors S11,i, S12,i, S21,i, S22,i) by using a plurality of public keys specific to each entity on the basis of ID information of each entity and a plurality of random numbers specific to each entity, gives them to each entity, and each entity uses the 4 private keys specific to each entity and a plurality of the public keys for the entities of communication objects open to public so as to generate a common key between two entities used in the case of encrypting a plain text into an encrypted text or of decoding the encrypted text into a plain text.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a cryptographic communication method, a cryptographic communication method, and a cryptographic communication system with high security for encrypting and communicating information so that the contents of the information cannot be understood by anyone other than the parties.

[0002]

2. Description of the Related Art In a modern society called an advanced information society, important documents and image information in business are transmitted, communicated, and processed in the form of electronic information based on a computer network. Such electronic information has a property that it can be easily copied and it is difficult to distinguish a copy from an original, and thus the importance of information security is emphasized. In particular, "sharing of computer resources",
The realization of a computer network that satisfies each element of "multi-access" and "wide area" is indispensable for the establishment of an advanced information society, but this includes elements inconsistent with the problem of information security between parties. As an effective method for resolving such inconsistency, cryptographic technology that has been used mainly in military and diplomatic aspects in the past history of humankind has attracted attention.

[0003] Encryption means exchanging information so that the meaning of the information cannot be understood by anyone other than the parties. In encryption, it is encryption to convert an original sentence (plaintext) that anyone can understand into a sentence (ciphertext) whose meaning is unknown to a third party, and decryption is to return the ciphertext to plaintext. The entire process of encryption and decryption is collectively called an encryption system. In the encryption process and the decryption process, secret information called an encryption key and a decryption key are used, respectively. Since a secret decryption key is required at the time of decryption, only a person who knows the decryption key can decrypt the ciphertext, and the encryption can maintain the confidentiality of the information.

[0004] The encryption key and the decryption key may be the same or different. A cryptosystem in which both keys are equal,
It is called a common key cryptosystem and is adopted by the U.S. Department of Commerce
ES (Data Encryption Standards) is a typical example. As an example of an encryption system in which both keys are different, an encryption system called a public key encryption system has been proposed. In this public key cryptosystem, each user (entity) using the cryptosystem creates a pair of an encryption key and a decryption key, publishes the encryption key in a public key list, and keeps only the decryption key secret. It is an encryption system that does. In the public key cryptosystem, the pair of the encryption key and the decryption key are different, and a characteristic is that the decryption key cannot be determined from the encryption key by using the one-way function.

The public key cryptosystem is an epoch-making cryptosystem that discloses an encryption key, and conforms to the above three elements necessary for establishing an advanced information society. The research has been actively conducted in order to use the RSA encryption system in the field and the like, and an RSA encryption system has been proposed as a typical public key encryption system. This RSA encryption system is realized by utilizing the difficulty of factorization as a one-way function. In addition, various methods have been proposed for a public key cryptosystem utilizing the difficulty of solving the discrete logarithm problem (discrete logarithm problem).

[0006] Further, an encryption system using ID (Identity) information for specifying an individual such as an address and a name of each entity has been proposed. In this encryption system, a common encryption key is generated between the transmitting and receiving parties based on the ID information. The encryption technique based on the ID information includes (1) a method that requires preliminary communication between the transmitter and the receiver before ciphertext communication, and (2) a method that requires a preliminary communication between the transmitter and receiver before the ciphertext communication. Some systems do not require communication. In particular, since the method (2) does not require a preliminary communication, the convenience of the entity is high, and it is considered that it will be the center of the future cryptosystem.

The encryption system according to the method (2) uses an ID-
NIKS (ID-based non-interactive key sharing sch
eme), and employs a method of sharing an encryption key without performing preliminary communication using ID information of a communication partner. The ID-NIKS is a method in which there is no need to exchange a public key and a secret key between a sender and a receiver, and does not require a key list or a service by a third party, and secure communication can be performed between arbitrary entities.

FIG. 3 is a diagram showing the principle of the ID-NIKS system. Assuming the existence of a reliable center, a shared key generation system is configured around this center. In FIG. 3, ID information such as the name, address, and telephone number of the entity X, which is the specific information of the entity X, is represented by h (ID _X ) using a hash function h (·). The center calculates secret information S _Xi for an arbitrary entity X based on center public information {PC _i }, center secret information {SC _i }, and ID information h (ID _X ) of entity X as follows. And secretly entity X
Distribute to S _Xi = F _i ({SC _i }, {PC _i }, h (ID _X ))

Entity X is any other entity
Shared key K for encryption and decryption with Y_XYTo
Titi X's own secret information $ S_Xi｝, Center public information
｛PC _iＩＤ and the ID information h of the partner entity Y
(ID_Y) Is generated as follows. K_XY= F (｛S_Xi｛, ｛PC_i｝, H (ID_Y)) Similarly, entity Y also exchanges a key for entity X.
Shared key K_YXGenerate If always K_XY= K_YXRelationship
If you stand, this key K_XY, K_YXBetween entities X and Y
It can be used as an encryption key and a decryption key.

In the above-mentioned public key cryptosystem, for example, RSA
In the case of an encryption system, the length of the public key is ten and several times the current telephone number, which is extremely complicated. On the other hand, ID-
In NIKS, if each ID information is registered in the form of a list, a shared key can be generated with an arbitrary entity by referring to the list. Therefore, if the ID-NIKS system as shown in FIG. 3 is realized safely, a convenient encryption system can be constructed on a computer network to which many entities subscribe. For these reasons, ID-NIKS is expected to become the center of future cryptosystems.

[0011]

In an ID-NIKS in which a shared key serving as an encryption key and a decryption key is shared with each other without performing preliminary communication using ID information of a communication partner, a plurality of entities are required. It is desired to be sufficiently secure against attacks such as collusion. However, in the above-mentioned ID-NIKS, attack methods have been studied,
This involves the problem that the secret parameters of the center are exposed if an appropriate number of entities collude. Whether it is possible to construct a cryptographically secure ID-NIKS is an important issue for a highly information-oriented society, and a search for a more ideal encryption system is being pursued.

Therefore, the present inventors have proposed a novel secure communication method using ID-NIKS, in which the secret key generation function and the key sharing function cannot be separated, the key can be shared stochastically, and the security is high. An encryption communication system has been proposed (Japanese Patent Application No. 10-262035). The ID-NIKS proposed in Japanese Patent Application No. 10-262035 (hereinafter referred to as a prior example) calculates one key pair by an operation on two finite fields, and converts both key pairs into an integer ring. By adding above, the random number part is deleted. Hereinafter, the prior art will be briefly described.

[Preparation processing at the center] The center prepares the following public key and secret key, and publishes the public key. Public key P, Q Large prime number of k bits Private key A n × n symmetric matrix composed of random numbers belonging to GF (P) B n × n symmetric matrix composed of random numbers belonging to GF (Q) Vector γ _i l bits A personal random number vector composed of random numbers;
A one-way function vector h (•) for generating an n-dimensional public key vector composed of m-bit positive integers from D is also made public. However, the inner product of the random number vector γ _i and the public key vector v _j of an arbitrary entity is set so as not to exceed P and Q. Here, for the sake of simplicity of discussion, a case where parameter b is set as in the following equation (1) and b> 0 is considered. b = k− (l + m + log ₂ n) (1)

[0014] The center was asked to register with the entity i [entity registration process], the public key vector v _i of the prepared key and the entity i (= vector h (I
Accordance D _i)) and the expression (2) below using the equation (3), determine the secret key vector s _i and a secret key vector t _i of entity i, determined vectors s _i and vector t
a _i to the entity i send it in secret, to complete the registration. Here, mod is a binary operator mod. That is, amod P represents an operation for obtaining a remainder obtained by dividing a by P.

[0015]

(Equation 7)

[Generation Process of Shared Key Between Entities] The entity i performs the following calculation to obtain the entity j
To obtain a shared key K _ij . First, A _ij ′ and B _ij ′ are obtained according to the equations (4) and (5) by the modulo P and the modulo Q, respectively.
_{Get ij} .

[0017]

(Equation 8)

In this prior example, if b is sufficiently large, it is possible to share a key with an extremely high probability of about (1-1 / 2 ^b ) ⁴ .

The present invention has been made in view of such circumstances, and is an improvement of the prior art, and provides an encrypted communication method and encryption method using ID-NIKS and an encrypted communication system that can enhance security. The purpose is to provide.

[0020]

A cryptographic communication method according to claim 1, wherein a center sends a private key unique to each entity from the center to each entity, and one entity sends a private key unique to the entity sent from the center. And encrypt the plaintext into ciphertext using the shared key obtained from the public key of the other entity and transmit it to the other entity, and transmit the ciphertext transmitted by the other entity,
By decrypting the original plaintext using the same shared key as the shared key, obtained from the private key unique to the entity sent from the center and the public key of the one entity disclosed, In the cryptographic communication method of performing information communication between the plurality of entities, the private key unique to each entity is modulo a plurality of numbers using a plurality of public keys of each entity and a plurality of random numbers unique to each entity. Each entity generates the shared key using the plurality of secret keys and the plurality of public keys of the partner entity.

According to a second aspect of the present invention, there is provided an encrypted communication method.
Wherein, when generating the shared key, the plurality of random numbers are deleted by addition on an integer ring.

According to a third aspect of the present invention, there is provided an encrypted communication method according to the first aspect.
In the second or third aspect, the plurality of random numbers are a plurality of dimension random number vectors.

According to a fourth aspect of the present invention, there is provided an encrypted communication method.
In any one of (1) to (3), the arithmetic expression for generating the four secret keys in the center is the following expression (A), and the arithmetic expression for generating the shared key in each entity is the following expression (B) It is characterized by.

[0024]

(Equation 9)

Where vector s _{11, i} is the first secret key of entity i _, vector s _22, i is the second secret key of entity i _, vector s _21, i is the third secret key of entity i, vector s _{12 , i} : fourth private key of entity i vector v _{1, i} : first public key of entity i vector v _{2, i} : _second public key of entity i P ₁ , P ₂ , P ₃ : public A ₁ , A ₂ : Symmetric matrix composed of center secret random numbers A ₃ : Matrix composed of center secret random numbers Vector γ _{1, i} : First personal random number vector composed of random numbers Vector γ _{2, i} : Consists of random numbers Second personal random number vector

[0026]

(Equation 10)

Here, K _ij : a shared key vector v _{1, j} generated by one entity i for the other entity _j : a first public key vector v _{2, j of the} entity j: a _second public key of the entity j Public keys A _{11, ij} ', A _{22, ij} ', A _{21, ij} ', A _{12, ij} ': intermediate values for generating shared key K _ij

According to a fifth aspect of the present invention, there is provided an encrypted communication method according to the first aspect.
In any one of (1) to (3), the public key of each entity is d, and the arithmetic expression for generating the d ² secret keys in the center is the following expression (C), and the shared key is generated in each entity. The following equation (D) is used in the calculation.

[0029]

[Equation 11]

Where A _yz (y, z = 1, 2,..., D): n × n symmetric matrix A
The row direction, n _1, n ₂ in the column direction both, ..., n _d every separated by small matrix _{(where, n = n 1 + n 2} + ... + n d) vector s _{yz, i:} the entity i d ² amino secret key vector v _{z, i:} n ₁ a column vector v _i of the public key of the entity i, n _2, ..., vector vector γ _yz was divided in the column direction in the size of n _{d, i:} personal random number of the entity i n _1, n ₂ column vectors gamma _z, the _i of, ..., n _d of the split in the column direction by the magnitude vector P _yz: published prime

[0031]

(Equation 12)

Where K _ij : a shared key vector v _{y, j} generated by one entity i for the other entity _j : row vectors v _j of the public key of the entity _j are denoted by n ₁ , n ₂ ,. Vector A _{yz, ij} ′ divided in the row direction by the size of _d : d ² intermediate values for generating shared key K _ij

[0033] According to a sixth aspect of the present invention, there is provided an encryption communication method.
The invention is characterized in that a plurality of sets each having d public keys of each entity and d ² secret keys of each entity are used.

According to a seventh aspect of the present invention, there is provided an encrypted communication method according to the first aspect.
In any one of (1) to (3), the arithmetic expression for generating the 2d secret keys in the center is the following expression (E), and the arithmetic expression for generating the shared key in each entity is the following expression (F) It is characterized by.

[0035]

(Equation 13)

Where, vector s _{r, i} : d secret keys of entity i vector t _{r, i} : d secret keys of entity i A _r : matrix composed of center secret random numbers B _r = ^t _Ar vector v _{r, i} : d public key vectors of entity i γ _{r, i} : d personal random number vectors consisting of random numbers _Pr : public prime numbers

[0037]

[Equation 14]

[0038] However, K _ij: common key vector v _r where one entity i generates for other entities _{j, j:} an entity j of d pieces of public key _{A r, ij ', B r} , ij': Intermediate value for generating shared key K _ij

According to the eighth aspect of the present invention, there is provided an encrypted communication method according to the first aspect.
In any one of the first to seventh aspects, the plurality of public keys of each entity are obtained by calculating specific information of each entity using a hash function.

In the encryption method according to the ninth aspect, the center sends a private key unique to each entity to each entity, and the entity uses the private key unique to the entity sent from the center to convert the plaintext into a ciphertext. In the encryption method, the private key unique to each entity is obtained by modulating each of the plurality of numbers by using a plurality of public keys unique to each entity and a plurality of random numbers of secrets unique to each entity. Encrypting a plaintext into a ciphertext using a shared key generated using the plurality of secret keys and the plurality of public keys of the entity at the other end of the ciphertext. It is characterized by.

The cryptographic communication system according to claim 10 performs a process of encrypting a plaintext, which is information to be transmitted, into a ciphertext and a process of decrypting the transmitted ciphertext into the original plaintext between a plurality of entities. In a cryptographic communication system that performs mutual communication, a plurality of secret keys modulo a plurality of each are generated using a plurality of public keys unique to each entity and a plurality of secret random numbers unique to each entity. Using a center to send to each entity and a plurality of private keys sent from the center and a plurality of public keys unique to the entity to be communicated, a shared key for performing the encryption and decryption processing is obtained. And a plurality of entities to be generated.

In the present invention, a plurality of public keys of each entity are used, and random numbers are erased by combining the plurality of public keys. Safety can be improved.
Further, since the random numbers are divided, the carry-over problem of the digits can be further reduced.

[0043]

FIG. 1 is a schematic diagram showing a configuration of a cryptographic communication system according to the present invention. A center 1 that can trust information concealment is set, and this center 1 can be, for example, a public organization of society. The center 1 and a plurality of entities a, b,..., Z as users who use this cryptosystem are connected with secret communication paths 2a, 2b,
, 2z, and this secret communication path 2a,
The secret key information is transmitted from the center 1 to the entities a, b,..., Z via 2b,. Also, the communication path 3ab between the two entities,
3az, 3bz,... Are provided, and the communication paths 3ab, 3b
An encrypted text obtained by encrypting the communication information via az, 3bz,... is transmitted between the entities.

(First Embodiment) An ID of the present invention will be described below.
A first embodiment of NIKS (a method in which each entity uses two public keys) will be described.

[Preparation Processing in Center 1] The center 1 prepares the following public key and private key, and publishes the public key. Public key P ₁ , P ₂ , P ₃ A large prime number of k bits Private key A n × n symmetric matrix composed of random numbers belonging to A ₁ GF (P ₁ ) n × n composed of random numbers belonging to A ₂ GF (P ₂ ) An n × n matrix composed of random numbers belonging to A ₃ GF (P ₃ ), and a personal random number vector composed of random bits of vector γ _{1, i} , vector γ _{2, i} l bits I
Two one-way function vectors h that generate an n-dimensional public key vector consisting of m-bit positive integers from D
₁ (•) and h ₂ (•) are also released at the same time. Here, the parameter b is set as in the following equation, and the case where b> 0 is considered. b = k- (l + m + log ₂ n)

[Entity Registration Processing] The center 1 requested to register the entity i registers the prepared key and the public key vector v _{1, i} (= vector h ₁ (I
D _i )) and the public key vector v _{2, i} (= vector h
₂ (ID _i )) and according to the following equations (7) to (10), the secret key vector s _{11, i} , the secret key vector s _{12, i} , the secret key vector s _{21, i} , of the entity i The secret key vector s _{22, i} is obtained, and each of the obtained vectors is secretly sent to the entity i, thereby completing the registration. Note that m
od is a binary operator mod. That is, a mod P is assumed to represent an operation for obtaining a remainder obtained by dividing a by P.

[0047]

(Equation 15)

[Process of Generating Shared Key Between Entities] The entity i performs the following calculation to obtain the entity j
To obtain a shared key K _ij . First, in accordance with equation (11) and (12) in modulo P ₁ and law P _2, obtains the A _{11, ij} 'and A _{22, ij',} respectively, then the law P ₃ Equation (13) and ( According to 14), A _{21, ij} ′ respectively
And A _{12, ij} ′, and then K _ij is obtained by the calculation of the equation (15) on the integer ring.

[0049]

(Equation 16)

Here, as in the previous example, when b is sufficiently large, K _ij = K _ji is established with an overwhelmingly high probability.

Next, communication of information between entities in the above-described cryptographic system will be described. FIG.
It is a schematic diagram which shows the communication state of information between human entities a and b. The example of FIG. 2 is a case where the entity a encrypts a plaintext (message) M into a ciphertext C and transmits it to the entity b, and the entity b decrypts the ciphertext C into the original plaintext (message) M. Is shown.

[0052] entity a side inputs the personal identification information ID _b entity b, or vector v _{1, b} and v _{2, b} public key generator 11 to obtain a (public key) by using a hash function, Secret vector s _{11, a} , sent from center 1
A shared key with entity b obtained by entity a based on s _{22, a} , s _{21, a} and s _{12, a} and the vectors v _{1, b} and v _{2, b} which are public keys from public key generator 11 A shared key generator 12 for generating _Kab, and an encryptor 13 for encrypting a plaintext (message) M into a ciphertext C using the shared key _Kab and outputting the same to the communication path 30 are provided.

The entity b has an entity
ID of personal identification information_aAnd enter the hash function
Vector v_{1, a}And v_{2, a}Public to get (public key)
Key generator 21 and secret vector s sent from center 1
_{11, b}, S_{22, b}, S_{21, b}And s _{12, b}And from public key generator 21
Vector v which is the public key of_{1, a}And v_{2, a}And based on
Shared key K with entity a required by entity b_ba
A shared key generator 22 for generating the_baCommunication using
The ciphertext C input from the path 30 is restored to the plaintext (message) M.
And a decoder 23 for decoding and outputting.

Next, the operation will be described. If you from the entity a intends to transmit information to an entity b, first, the personal identification information ID _b is input to the public key generator 11 vectors v _{1, b} and v _{2, b} (public key) is obtained entity b The obtained vectors v _{1, b} and v _{2, b} are sent to the shared key generator 12. Also, vectors s _{11, a} , s obtained from the center 1 according to the equations (7) to (10)
_{22, a} , s21 _{, a} and s12 _{, a} are input to the shared key generator 12. Then, the shared key _Kab is obtained according to the equations (11) to (15), and sent to the encryptor 13. In the encryptor 13,
The plaintext (message) M is encrypted into the ciphertext C using the shared key _Kab , and the ciphertext C is transmitted via the communication path 30.

The ciphertext C transmitted through the communication path 30 is input to the decoder 23 of the entity b. Personal identification information ID _a of the entity a is input to the public key generator 21 vectors v _{1, a} and v _{2, a} (public key) is obtained, resulting vectors v _{1, a} and v _{2, a} is Sent to shared key generator 22. Further, the vectors s _{11, b} , s _{22, b} , s _{21, b} and s _{12, b} obtained from the center 1 according to the equations (7) to (10) are input to the shared key generator 22. Then, the shared key K _ba is calculated according to the equations (11) to (15) and sent to the decryptor 23. Decoder
At 23, the ciphertext C is decrypted into a plaintext (message) M using the shared key _Kba .

Next, the formal expression of this encryption method will be described. In order to facilitate understanding of the encryption method in the first embodiment, it is defined that each of the above equations (7) to (10) is expressed in correspondence with each small matrix as follows. The product operation of a matrix and a vector in this formal expression is slightly different from a normal matrix product operation in that addition is not performed beyond a break between small matrices. Also,
The numbers in parentheses indicate the law.

[0057]

[Equation 17]

The above equations (11) to (14) are expressed as follows.

[0059]

(Equation 18)

For the matrix A, if the operation for obtaining the sum of all the small matrices of A is represented by 共有 A, the shared key K _ij can be expressed as follows.

[0061]

[Equation 19]

According to this formal expression, the first embodiment is considered to be a system using a symmetric matrix when including the modulus, and is similar to the conventional product-sum NIKS except for the random number term. I understand. Therefore, if a symmetric matrix including the modulus is used, the NIKS of the preceding example can be generally described.

(Second Embodiment) The ID of the present invention will be described below.
A second embodiment of NIKS (generalized scheme in which each entity uses d public keys) will be described. Second
In the embodiment, d public keys having a size of n ₁ , n ₂ ,..., N _d are used. providing a symmetric matrix A of n × n, n _1, respectively in a row direction and a column direction, n _2, ..., a small matrix A _yz separated for each _{n d (y, z = 1,2} , ..., d) Expressed by
However, the _{n = n 1 + n 2 +} ... + n d.

Since A is a symmetric matrix, (y,
z)-For the minor matrix, A_yz=^tA _zyHolds. Ma
In each submatrix, the modulus is the same, and P
_yz= P _zyShall be satisfied. In addition, random terms are shared
Since the key must be deleted when the key is generated, the vector o is set to zero.
It is assumed that the following expression (16) is satisfied as a vector.
In this case, the secret key of entity i is d^TwoThe number of expressions
Is expressed as

[0065]

(Equation 20)

[Preparation Processing in Center 1] The center 1 prepares the following public key and secret key, and publishes the public key. Public key P _yz k consists large prime numbers secret key A _yz GF random number belonging to the (P _yz) of the bit n _y × n _z matrix vector γ _{z, i} l n-dimensional consisting random bit personal random vector (y , Z = 1, 2,..., D) In addition, a one-way function vector h (·) for generating an n-dimensional public key vector composed of an m-bit positive integer from the entity ID is also disclosed. However, the parameter b _r
(R = 1, 2,..., D) are set as in the following equation, and b _r
Consider the case of> 0. b _r = k− (l + m + log ₂ n _r )

[0067] center 1 was asked to register on the entity i [registration processing of entity], the public key vector v _i of the prepared key and the entity i (= vector h (I
D _i )) and d ² secret key vectors s _{yz, i} of entity i according to the following equation (17), and each of these obtained vectors is secretly sent to entity i for registration. Complete. However, the vector v _{z, i} and vector gamma _{yz, i} are each column vectors v _i and vector gamma
_{z, i} and n _1, n _2, ..., represent the vector divided in the column direction in the size of n _d. Also, mod is the binary operator mo
d.

[0068]

(Equation 21)

[Generation of Shared Key Between Entities] The entity i performs the following calculation to obtain the entity j
To obtain a shared key K _ij . First, A _{yz, ij} ′ is obtained for each modulus P _yz according to equation (18), and then K _ij is obtained by calculating equation (19) on an integer ring.

[0070]

(Equation 22)

The key sharing (K _ij = K) in the second embodiment
_ji holds). Equation (17) to Equation (18)
Substituting into, the following equations (20) and (21) are obtained.
When all the _br are sufficiently large, the first expression of the expression (21) is established with a high probability. In this case, when equation (19) is calculated, the random number term is eliminated from equation (16), so that K _ij = K _ji is established with high probability.

[0072]

(Equation 23)

The operation of communicating information between entities is the same as in the first embodiment, and a description thereof will be omitted.

When the formal expression described above is used for the second embodiment, the d ² secret keys of the entity i can be collectively expressed as follows.

[0075]

(Equation 24)

The shared key K _ij can be expressed as follows.

[0077]

(Equation 25)

(Third Embodiment) Hereinafter, the ID of the present invention will be described.
A description will be given of a third embodiment of NIKS (a generalized method using a plurality of sets of public keys in the second embodiment). The third embodiment is a generalization method in which a plurality of sets (c sets) of public keys according to the second embodiment are prepared, and the random numbers are deleted only by taking the sum of all the c sets. In the following examples, and _{c = 2, n 1, n} 2, ..., and d pieces public key size of _{n d, n 1 ", n} 2", ..., e number of size of n _e " The case where the public key is used will be described.

[Preparation Processing in Center 1] The center 1 prepares the following public key and private key, and publishes the public key. Public key P _yz, consisting belongs random numbers Q _yz k bits large prime number private key A _yz GF consisting belongs random numbers _{(P yz) n y × n} z of the matrix _{B yz GF (Q yz) n} y × n z Vector γ _{z, i} n-dimensional personal random number vector composed of l-bit random numbers Vector δ _{z, i} n-dimensional personal random number vector composed of l-bit random numbers

[Entity Registration Processing] The center 1 requested to register the entity i registers the prepared key and the public key vector v _i (= vector h (I
D _i )) and d ² secret key vectors s _{yz, i} and e ² secret key vectors t _{yz, i} of entity i according to the following equations (22) and (23). Each of these vectors is secretly sent to the entity i to complete the registration. Where the vector v _{z, i} and the vector γ _{yz, i}
Is the column vector v _i and the vector γ _{z, i} respectively
_1, n _2, ..., represent the vector divided in the column direction in the size of n _d, the vector v _{z, i} "and the vector [delta] _{yz, i} are each column vectors v _i and vector [delta] _z, and _i n ₁ ″,
represents a vector divided in the column direction with a size of n ₂ ″,..., _ne ″, and mod is a binary operator mod. Here, the vector v _i, a method of dividing differ by the formula (22), using both the same vector (23).

[0081]

(Equation 26)

The random number term is set so as to satisfy the following equation (24) so that the random number term is erased only by using these two sets of keys.

[0083]

[Equation 27]

[Generation of Shared Key Between Entities]
Entity i calculates the entity j
Shared key K with_ijAsk for. First, each law P_yz, Q
_yzAccording to equations (25) and (26), A _{yz, ij}′,
B_{yz, ij}', And then, on the integer ring, calculate equation (27)
More K_ijGet.

[0085]

[Equation 28]

According to the equation (24), if the sum of all the terms is taken, the random number term is eliminated. Therefore, as in the second embodiment, when all the _br are sufficiently large, K _ij has a high probability. = K
_ji holds.

Note that the preceding example corresponds to the case where c = 2 and d = e = 1 in the third embodiment.

The operation of communicating information between entities is the same as in the first embodiment, and a description thereof will not be repeated.

(Fourth Embodiment) The ID of the present invention will be described below.
A fourth embodiment of -NIKS (a method in which the use of secret keys is limited to 2d) will be described. In the second embodiment, it is necessary to have d (d + 1) / 2 many private keys,
In the third embodiment, it is necessary to have a secret key approximately c times as large as that of the second embodiment, and it is not practical to use those methods as they are. Therefore, as a fourth embodiment, a practical method in which the number of secret keys used is suppressed to 2d will be described.

[Preparation Processing in Center 1] The center 1 prepares the following public key and private key, and publishes the public key. Public key _Pr k large prime number Private key A n × n matrix composed of random numbers belonging to A _r GF (P _r ) Vector γ _r, a personal random number vector composed of 1-bit random numbers Also m bits from the entity ID D n-dimensional public key vectors v _{r, i} = vector h _r
(ID _i ) (r = 1, 2,..., D) generating d one-way function vectors h ₁ (•), h ₂ (•),.
_d (・) will also be released at the same time. Here, the parameter b is set as in the following equation, and the case where b> 0 is considered. b = k- (l + m + log ₂ n)

[Entity Registration Processing] The center 1 requested to register the entity i registers the prepared key and d public key vectors v _{1, i} , v _{2, i} ,.
Using v _{d, i} and the following equations (28) and (29),
D private key vectors s _{r, i} and t for each entity i
_{r, i} are obtained, and these obtained vectors are secretly sent to the entity i to complete the registration. However, _Br = ^t
_Ar , and if the subscript is d + 1, it is converted to 1 and handled.

[0092]

(Equation 29)

[Process of Generating Shared Key Between Entities] The entity i performs the following calculation to obtain the entity j
To obtain a shared key K _ij . First, the law P _r formula (3
0) and according to equation (31) _{, Ar, ij} 'and _{Br, ij} ' are obtained.
Next, K _ij is obtained by calculation of Expression (32) on the integer ring.

[0094]

[Equation 30]

The operation of communicating information between entities is the same as in the first embodiment, and a description thereof will not be repeated.

The formal expression in the fourth embodiment is shown below. [When d = 2 (corresponding to the third embodiment)]

[0097]

(Equation 31)

[When d ≧ 3 (corresponding to the second embodiment)]

[0099]

(Equation 32)

[0100]

As described above in detail, in the present invention, after performing an operation on a finite field modulo a large prime number, the random numbers are deleted by addition over an integer ring, which is practically sufficient. A key can be shared with a high probability. Further, since the prior example is improved and the size of the public key vector is made larger by using a plurality of public keys, the security can be further increased as compared with the preceding example.

[Brief description of the drawings]

FIG. 1 is a schematic diagram showing a configuration of a cryptographic communication system of the present invention.

FIG. 2 is a schematic diagram illustrating a communication state of information between two entities.

FIG. 3 is a diagram illustrating the principle configuration of an ID-NIKS system;

[Explanation of symbols]

 1 Center 11, 21 Public Key Generator 12, 22 Shared Key Generator 13 Encryptor 23 Decryptor 30 Communication Path

 ────────────────────────────────────────────────── ─── Continued on the front page F term (reference) 5J104 AA16 EA19 EA21 EA25 EA26 EA31 JA26 MA06 NA02 NA12 PA07

Claims (10)

[Claims] 1. A center sends a private key unique to each entity to each entity, and one entity obtains a secret key unique to the entity sent from the center and a public key of the other entity published from the center. The shared text is used to encrypt the plaintext into ciphertext and transmit it to the other entity, and the other entity transmits the transmitted ciphertext as the private key unique to the entity sent from the center and the public key. A cryptographic communication method for communicating information between entities by decrypting the original plaintext using the same shared key as the shared key, obtained from the public key of one entity, The secret key is obtained by using a plurality of public keys of each entity and a plurality of random numbers peculiar to each entity, and modulating each of the plurality of numbers. A plurality of secret keys, wherein each entity generates the shared key using the plurality of secret keys and the plurality of public keys of the partner entity. 2. The cryptographic communication method according to claim 1, wherein when generating the shared key, the plurality of random numbers are deleted by addition on an integer ring. 3. The cryptographic communication method according to claim 1, wherein the plurality of random numbers are a multidimensional random number vector. 4. An arithmetic expression for generating the four secret keys in the center is the following expression (A), and an arithmetic expression for generating the shared key in each entity is the following expression (B). 4. The encrypted communication method according to any one of claims 1 to 3. (Equation 1) Where, vector s _{11, i} : the first secret key of entity i vector s _{22, i} : the second secret key of entity i vector s _{21, i} : third secret key of entity i vector s _{12, i} : The fourth secret key of the entity i, vector v _{1, i} : the first public key of the entity i, the vector v _{2, i} : the second public key of the entity i, P ₁ , P ₂ , P ₃ : a public prime A ₁ , A ₂ : symmetric matrix composed of center secret random numbers A ₃ : matrix composed of center secret random numbers Vector γ _{1, i} : first personal random number vector composed of random numbers Vector γ _{2, i} : second composed of random numbers Personal random number vector Where K _ij : a shared key generated by one entity i for the other entity j vector v _{1, j} : first public key of entity j vector v _{2, j} : second public key of entity j A _{11, ij ', a 22,} ij', a 21, ij ', a 12, ij': intermediate value for generating a shared key K _ij 5. The public key of each entity is d,
The arithmetic expression for generating the d ² secret keys in the center is the following expression (C), and the arithmetic expression for generating the shared key in each entity is the following expression (D).
4. The encrypted communication method according to any one of claims 1 to 3. (Equation 3) Where A _yz (y, z = 1, 2,..., D): n × n symmetric matrix A
The row direction, n _1, n ₂ in the column direction both, ..., n _d every separated by small matrix _{(where, n = n 1 + n 2} + ... + n d) vector s _{yz, i:} the entity i d ² amino secret key vector v _{z, i:} n ₁ a column vector v _i of the public key of the entity i, n _2, ..., vector vector γ _yz was divided in the column direction in the size of n _{d, i:} personal random number of the entity i A vector P _yz obtained by dividing the column vector γ _{z, i} in the column direction by the size of n ₁ , n ₂ ,..., N _d : a public prime number However, K _ij: common key vector v _y which one entity i generates for other entities _j, j: n ₁ row vector v _j of the public key of the entity j, n _2, ..., a n _d size of the vector a _yz divided in the row _{direction, ij} ': shared key K _ij d ² pieces of intermediate values to produce a 6. An encryption communication method according to claim 5, wherein a plurality of sets each including d public keys of each entity and d ² secret keys of each entity are used. 7. An arithmetic expression for generating 2d secret keys in the center is the following expression (E), and an arithmetic expression for generating the shared key in each entity is the following expression (F).
The cryptographic communication method according to claim 1, wherein (Equation 5) However, the vector s _{r, i:} entity d number of secret key vector t _r of _i, i: entity i of d number of secret key A _r: made from the center secret of random matrix B _r = ^t A _r vector v _{r, i} : d public key vectors of entity i γ _{r, i} : d personal random number vectors composed of random numbers _Pr : public prime numbers Where K _ij : a shared key vector generated by one entity i with respect to the other entity j v _{r, j} : d public keys of the entity j _{Ar, ij} ′, _{Br, ij} ′: shared key K Intermediate value for generating _ij 8. The cryptographic communication method according to claim 1, wherein the plurality of public keys of each entity are obtained by calculating specific information of each entity using a hash function. 9. An encryption method in which a secret key unique to each entity is sent from a center to each entity, and the entity uses the private key unique to the entity sent from the center to encrypt plaintext into ciphertext. The secret key unique to each entity is a plurality of secret keys modulo a plurality of each using a plurality of public keys unique to each entity and a plurality of secret random numbers unique to each entity, An encryption method characterized by encrypting a plaintext into a ciphertext using a shared key generated using the plurality of secret keys and a plurality of public keys of an entity at the other end of the ciphertext. 10. A cryptographic communication system in which a plurality of entities mutually perform a process of encrypting a plaintext, which is information to be transmitted, into a ciphertext, and a process of decrypting the transmitted ciphertext into the original plaintext. Using a plurality of public keys unique to each entity and a plurality of secret random numbers unique to each entity, a center for generating a plurality of secret keys modulo each of the numbers and sending them to each entity; A plurality of entities that generate a shared key for performing the encryption process and the decryption process by using a plurality of own secret keys sent from the center and a plurality of public keys unique to an entity to be communicated; An encryption communication system characterized by the above-mentioned.