JP2001134175A - Ciphering method, cipher communication method and cipher text preparing device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a ciphering method by the addition type of a public key cipher system capable of securing the safety by the free selection of public keys and also capable of performing a high speed processing. SOLUTION: Public keys which are respectively composed of two public keys and in which random number items are incorporated are previously prepared in a database 10 for each divided flat text and a ciphered text C is prepared by dividing a flat text X into plural divided flat texts being respectively a bit and selecting a piece of a public key from the database 10 for every each divided flat text in accordance with bit data of itself of the flat text and adding selected public keys. The safety is secured based on that the desired combination of public keys can be freely selected.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an encryption method of a public key cryptosystem for converting a plaintext into a ciphertext by using a public key, an encryption communication method using the encryption method, and a method for preparing the ciphertext. And a ciphertext creating device.

[0002]

2. Description of the Related Art In a modern society called an advanced information society, important documents and image information in business are transmitted, communicated, and processed in the form of electronic information based on a computer network. Such electronic information has a property that it can be easily copied and it is difficult to distinguish a copy from an original, and thus the importance of information security is emphasized. In particular, "sharing of computer resources",
The realization of a computer network that satisfies the elements of “multi-access” and “wide area” is indispensable for the establishment of an advanced information society, but this includes elements inconsistent with the problem of information security between the parties. As an effective method for resolving such inconsistency, cryptographic technology that has been used mainly in military and diplomatic aspects in the past history of humankind has attracted attention.

[0003] Encryption means exchanging information so that the meaning of the information cannot be understood by anyone other than the parties. In encryption, it is encryption to convert an original sentence (plaintext) that anyone can understand into a sentence (ciphertext) whose meaning is unknown to a third party, and decryption is to return the ciphertext to plaintext. The entire process of encryption and decryption is collectively called an encryption system. In the encryption process and the decryption process, secret information called an encryption key and a decryption key are used, respectively. Since a secret decryption key is required at the time of decryption, only a person who knows the decryption key can decrypt the ciphertext, and the encryption can maintain the confidentiality of the information.

[0004] Encryption methods can be broadly classified into two types: a common key encryption system and a public key encryption system. In the common key cryptosystem, the encryption key and the decryption key are equal, and the sender and the receiver have the same common key to perform encrypted communication. The sender encrypts the plaintext based on the secret common key and sends it to the receiver, and the receiver uses the common key to decrypt the plaintext based on the ciphertext.

In the public key cryptosystem, on the other hand, the encryption key and the decryption key are different, the sender encrypts the plaintext with the public key of the public receiver, and the receiver uses his / her own private key. Performs encrypted communication by decrypting the ciphertext.
The public key is a key for encryption, the secret key is a key for decrypting a ciphertext converted by the public key, and the ciphertext converted by the public key can be decrypted only by the private key.

[0006]

A product-sum type cryptosystem is known as one of the public key cryptosystems. this is,
The plaintext vector m = (m ₁ , m ₂ ,..., M _K ) obtained by dividing the plain text on the one entity side as the sender and the radix vector c = (c ₁ , c ₂ ,.・ 、
c _K ) and ciphertext C = m ₁ c ₁ + m ₂ c ₂ + ·
.. + M _K c _K is generated, and the ciphertext C is converted to a plaintext vector m on the other entity side using the secret key.
To obtain the original plaintext.

[0007] New products and attack methods have been proposed one after another for product-sum type cryptography using such operations on integer rings. In particular, high-speed decryption is performed so that a large amount of information can be processed in a short time. It is desired to develop a possible encryption / decryption method. Therefore, the present inventors have proposed an encryption method and a decryption method in a multiply-accumulate type cryptography that enables high-speed decryption processing by expressing a plaintext using a multi-digit system (Japanese Patent Application No. Hei. 10-262036, Japanese Patent Application No. 10-262037).

[0008] The encryption method and the decryption method proposed in Japanese Patent Application No. 10-262036 will be described below. Prepare a private key and a public key as follows. - secret _{key: {b i}, {v} i}, P, w · Public Key: multiplied by {c _i} base product b ₁ b ₂ ... b _i in the random number section v _i, base B _i
Is given as in the following (1). B _i = v _i b ₁ b ₂ ... B _i (1) Here, v _i is set so that each B _i shown in Expression (1) has substantially the same size. However, gcd (v _i, b
_{i + 1} ) = 1.

Using the random number w, a public key {c _i } is obtained as shown in the following (2). _{c i ≡wB i (mod P)} ... (2) message plaintext and K divided {m _i} and a public key {c _i}
As a result, the ciphertext C is obtained as shown in the following (3). C = m ₁ c ₁ + m ₂ c ₂ +... + M _K c _K (3)

[0010] The decoding process is performed as follows.
An intermediate decrypted text M is obtained for the cipher text C as shown in (4) below. M≡w ⁻¹ C (mod P) (4) Since the intermediate decrypted text M is specifically given as Expression (5), it can be decrypted by the following sequential decoding algorithm. _{M = m 1 b 1 v 1} + m 2 b 1 b 2 v 2 + ··· + m K b 1 b 2 ... b K v K ... (5)

[Successive decoding algorithm] Step 1 M ₁ = M / b ₁ m ₁ ≡M ₁ v ₁ ⁻¹ (mod b ₂ ) Step i (i = 2 to K−1) M _i = (M _{i−1 -m i-1 v i-1} ) / b i m i ≡M i v i -1 (mod b i + 1) step _{K M K = (M K-} 1 -m K-1 v K-1) / _{b K m K = M K /} v K

Originally, the security of such a public key cryptosystem is based on the difficulty of factorization and the difficulty of solving the discrete logarithm problem, and various attacks against it have been made. Proposed.

Further, the present inventors have proposed a new type of public key cryptosystem based on security in that a public key set can be freely selected from an overwhelming number of public key combinations. An encryption method is proposed (Japanese Patent Application No. 11-269407).
This method is an improved method of the method proposed in Japanese Patent Application No. 10-262036 described above, and a plurality of public keys composed of a product of an integer and a random number term are prepared in advance for each divided plaintext obtained by dividing the plaintext. An arbitrary public key is selected for each divided plaintext from the plurality of prepared public keys, and a ciphertext is created using the selected public key. Hereinafter, the encryption method and the decryption method proposed in Japanese Patent Application No. 11-269407 will be described.

The intermediate decryption text M at the time of the first transmission of the encryption method proposed in Japanese Patent Application No. 11-269407 based on the method proposed in Japanese Patent Application No. 10-262036 is given by the following (6). _{M = m 1 'b 1 v} 1 + m 2' b 1 b 2 v 2 + ··· + m K 'b 1 b 2 ... b K v K ... (6)

Where m _i ′ is the message (split plaintext) m
By adding log ₂ J bits of redundancy to _i , a given j is encoded modulo J to satisfy the following (7), and a plurality of publicly described Information about which of the keys was selected is conveyed. m _i ′ ≡j (mod J) (7)

FIG. 4 is a view showing a public key list indicating a plurality of public keys prepared in advance for each divided plain text. In FIG. 4, K represents the number of divided plaintexts (the number of classes). Set multiplied by the random number term to the base product _{{b 1 b 2 ... b i} v i (j)}
As shown in FIG. 4, J public keys are prepared for each of the divided plaintexts (for each class).

The receiving entity converts the product of the radix product and the random number term by a random number w and publishes it. That is, the product of the radix product and the random number term shown in FIG. 4 is converted as shown in the following (8), and the set {c _ij } is made public. _{b 1 b 2 ... b i v} i (j) w≡c ij (mod P) ... (8) of the sending entity denoted a set of public keys randomly selected and (9) below. In this case, there is a possibility that the transmitting entity may select J ^K (公開 1) kinds of public keys.

[0018]

(Equation 1)

Based on the selected public key set shown in the above (9), the entity on the transmitting side performs the processing of m _i ′ ≡j _i (mod
J), ciphertext C to the receiving entity is generated as shown in (10) below.

[0020]

(Equation 2)

In order to decrypt the ciphertext C generated in this manner, the receiving entity previously determines the random number term v _i ^(j) in FIG. 4 as shown in the following (11). However, w _{b, i} and r _i ^(j) are all random numbers. v _i ^(j) = w _{b, i} + r _i ^(j) b _{i + 1} (11) Further, the receiving entity satisfies the following (12)
_{b, i} ^-1 is held as a secret key. w _{b, i} · w _{b, i} ^-1 ≡1 (mod b _{i + 1} )… (12)

The decoding process at the receiving entity is performed as follows. The intermediate decrypted text M ₀ is given as in the following (13).

[0023]

(Equation 3)

Thus, decoding can be performed by the sequential decoding algorithm shown in the following (14). In the following, b _{K + 1}
Is a random number satisfying m _K ′ <b _{K + 1} , but is not used as a radix. Generally, the random number term for j _i in step i is represented as (15) below.

[0025]

(Equation 4)

In the encryption method proposed in Japanese Patent Application No. 11-269407, a public key is arbitrarily selected, that is, a ciphertext is created by freely selecting a public key on the entity side as a sender. Therefore, the attack becomes difficult because the public key selection pattern is unknown to the attacker. The present inventors are further studying a practical encryption method.

The present invention has been made in view of such circumstances, and secures security by free selection of a public key, and can perform high-speed processing using an addition-type encryption of a public key cryptosystem. It is an object of the present invention to provide a method, an encrypted communication method using the encryption method, and a ciphertext creating device for creating the ciphertext.

[0028]

An encryption method according to claim 1
The method comprises dividing a plaintext to be encrypted into divided plaintexts,
Public key selected from multiple public keys prepared for each plaintext
In the encryption method that creates a ciphertext based on
A plaintext to be divided into a plurality of s bits (s: natural number)
The random number term divided into plaintexts and prepared for each divided plaintext is
2 incorporated ^sOne public key from each public key
Select according to its own bit data for each plaintext, select
Cipher text is created using the public key
You.

According to a second aspect of the present invention, a ciphertext is created based on a public key and a divided plaintext obtained by dividing a plaintext on one entity side, and transmitted to the other entity side. Is decrypted into the original plaintext on the other entity side, so that the plaintext to be encrypted is divided into a plurality of s-bit (s: natural number) divided plaintexts in an encryption communication method for communicating information between entities. , 2 ^{s with} random number terms, prepared for each segmented plaintext
One public key is selected from each public key according to its own bit data for each divided plaintext, a ciphertext is created using the selected public key, and the created ciphertext is transmitted. Features.

According to a third aspect of the present invention, there is provided a ciphertext creating apparatus for creating a ciphertext based on a divided plaintext obtained by dividing a plaintext to be encrypted and a public key, wherein each of the ^2s (s: Means for storing in advance (natural numbers) public keys for each divided plaintext; means for dividing a plaintext to be encrypted into a plurality of s-bit divided plaintexts; means for selecting each one public key from the 2 ^s pieces public keys according to the bit data, characterized in that it comprises a means for creating a ciphertext using the public key selected.

[0031] In the present invention, the public key of each 2 ^s or the random term is incorporated in advance to prepare in advance in each divided plaintext, divides the plaintext to be encrypted into a plurality of divided plaintext each s bits,
One public key is selected from the 2 ^s public keys prepared for each divided plaintext according to the bit data of each divided plaintext itself, and a ciphertext is created using the selected public key. . For example, when s = 1, two public keys (upper and lower public key lists) each containing a random number term are prepared for each divided plaintext, and bit data ("") of each divided plaintext is prepared.
0 ”,“ 1 ”), one of the public keys is selected,
A ciphertext is created by adding all selected public keys. At this time, as an example, when the divided plaintext is “0”, the upper public key is selected, and when the divided plaintext is “1”, the lower public key is selected. In the present invention, a ciphertext is simply created by adding a public key in which a random number term is incorporated, which is selected according to bit data, and processing at the time of encryption and decryption is extremely fast. The bit data of each of the divided plaintexts as a criterion for the public key selection is unknown to the attacker, and the selection pattern of the public key is not known, so that the security is high.

[0032]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Embodiments of the present invention will be specifically described below. FIG. 1 is a schematic diagram showing a state in which the encryption system according to the present invention is used for information communication between entities A and B. In the example of FIG. 1, one entity A
Side encrypts the plaintext X into a ciphertext C, transmits the ciphertext C to the other entity B via the communication path 1, and decrypts the ciphertext C into the original plaintext X on the entity B side Is shown.

The entity A, which is the transmitting side, sends a plain text X
Into a plurality of divided plaintexts, a public key selector 3 for selecting a public key for each divided plaintext from a database 10 storing a public key list, and a ciphertext C using the selected public key. And an encryptor 4 to be created. The entity B on the receiving side is provided with a decryptor 5 for decrypting the transmitted ciphertext C into the original plaintext X. In this example, the issuer of the public key list is the receiving entity B, and the user of the public key list is the transmitting entity A.

Next, a specific method will be described. FIG. 2 is a view showing a public key list in the database 10 in which a plurality of public keys are stored in advance for each of the divided plaintexts. FIG. 2 shows a public key list when it is considered that the public key for each of the divided plain texts is configured by modular transformation using (w ₁ , P ₁ ). In FIG. 2, K represents the number of divisions (the number of classes) of the plaintext X, and two (upper and lower) incorporating a random number term
Public keys are prepared for each of the K divided plaintexts (for each class). Incidentally, the random number v _i ⁽⁰⁾ and the random number v _i ⁽¹⁾ in FIG. 2, respectively, satisfy the following (16) and (17). ^{_{v i (0) ≡0 (mod}} 2) ... (16) v i (1) ≡1 (mod 2) ... (17)

The entity A divides the plaintext X into K divided plaintexts each having 1 bit, and then selects a public key according to the bit data of each divided plaintext. In other words, when the divided plaintext is m _i = 0, the upper public key, that is, the radix product 2 ⁱ⁻¹
v Select _i ^(0), divided plain text in the case of m _i = 1 to select the lower of the public key i.e. base product ^{_{2 i-1 v i (1}} ), is sequentially added to those selected Thereby, the ciphertext C to the entity B is created as shown in (18) below. C = v ₁ ^(t1) w ₁ + 2v ₂ ^(t2) w ₁ +... +2 ^K-1 v _K ^(tK) w ₁ (18) (t1, t2,..., TK = 0 or 1)

For example, if the divided plain text is (m ₁ , m ₂ , m ₃ ,
When (m ₄ , m ₅ ) = (0, 1, 0, 1, 0), the ciphertext C to the entity B is created as shown in (19) below. ^{_{C = v 1 (0) w}} 1 + 2v 2 (1) w 1 +2 2 v 3 (0) w 1 +2 3 v 4 (1) w 1 +2 4 v 5 (0) w 1 ... (19)

The ciphertext C created in this way is transmitted from the entity A to the entity B via the communication channel 1. Then, on the entity B side, the ciphertext C is decrypted into the original plaintext X.

The decoding process in the decoder 5 in the entity B is performed as follows. An intermediate decrypted text M ₁ obtained as follows (20). M ₁ ≡C · w ₁ ^-1 (mod P ₁ ) ... (20)

Here, the intermediate decrypted text M ₁ can be clearly expressed as shown in the following (21). However, here, the following (22) is satisfied.

[0040]

(Equation 5)

Thus, decoding can be performed by the decoding algorithm shown in the following (23). It can be seen that this decoding algorithm has been greatly simplified.

[0042]

(Equation 6)

FIG. 3 is a diagram showing the configuration of an embodiment of the recording medium of the present invention. The program exemplified here includes a process of selecting a public key from a plurality of public keys stored in advance in the database 10 for each divided plaintext according to its own bit data, and a process of selecting a ciphertext using the selected public key. Or a process of decrypting the encrypted text created in accordance with the above-described decryption algorithm, and is recorded on a recording medium described below. Note that the computer 20 is provided on each entity side.

In FIG. 3, a recording medium 21 that is connected online to the computer 20 is, for example, a WWW (World Wide Web) server computer that is installed separately from a place where the computer 20 is installed. The program 21a is recorded as follows. By controlling the computer 20 by the program 21a read from the recording medium 21, the computer 20 creates the ciphertext C or decrypts the ciphertext C into the original plaintext X.

The recording medium 22 provided inside the computer 20 uses, for example, a hard disk drive or a ROM installed therein, and the recording medium 22 stores the program 22a as described above. By controlling the computer 20 by the program 22a read from the recording medium 22, the computer 20 creates the ciphertext C,
Alternatively, the ciphertext C is decrypted into the original plaintext X.

The recording medium 23 used by being loaded into the disk drive 20a provided in the computer 20 is a transportable medium such as a magneto-optical disk, a CD-ROM or a flexible disk. The program 23a is recorded as follows. By controlling the computer 20 by the program 23a read from the recording medium 23, the computer 20 creates the ciphertext C,
Alternatively, the ciphertext C is decrypted into the original plaintext X.

Hereinafter, the features of the encryption system of the present invention will be described focusing on comparison with a similar 0,1 knapsack encryption. The conventional 0,1 knapsack cipher, that it does not become a form of .SIGMA.m _i c _i, the difference should be noted that that is an addition-type rather than a product-sum type are present.

In the method of the present invention, the weight ratio = 1/2 in the connected plaintext, and in this sense, it is considered that the weight is increased against the connected attack. The scheme of the present invention has the following remarkable features as compared with the conventional 0.1 knapsack encryption.

In the method of the present invention, a ciphertext C shown in the following (24) based on a public key (c ₁ , c ₂ ,..., C _K ) corresponding to the upper part of FIG. corresponding public key _{(c 1 ', c 2'} , ···, c K ') as the sum of the following (25) ciphertext C shown in based on', as the ciphertext C ^S is the following (26) Given to.

[0050]

(Equation 7)

For example, if the divided plain text is (m ₁ , m ₂ , m ₃ ,
When (m ₄ , m ₅ ) = (0, 1, 1, 0, 1), the cipher text C and the cipher text C ′ are as shown in the following (27) and (28), respectively.

[0052]

(Equation 8)

[0053] ciphertext C, C 'with is a multi-stage encrypted, the ciphertext C each, C' is different random {v _i}, {v
It is devised in a safe direction by _i ′｝. Is given as the sum of ciphertext ciphertext C ^S are two apparently different knapsack encryption method of the present invention, it is believed that one breakthrough is given to 0,1 knapsack encryption In this sense. Regarding LLL (Lenstra-Lenstra-Lovasz) attack, (input plaintext length) / (ciphertext)
$ 2, which is considered to be quite difficult.

Hereinafter, an application example of the present invention for improving safety will be described. (Application of multi-stage encryption)
This is an application of the encryption method proposed in No. 173338 (the concept of multi-stage encryption) to the above-described encryption method. Create ciphertext. A plurality of sets (w, P) of random numbers w and prime numbers P are set (S sets) with respect to the radix product of FIG. 2, and the final result is disclosed by multiplying the random numbers over S stages. Use it as a key. As described above, by applying the multi-stage encryption method to the basic encryption method of the present invention, a method with higher security can be constructed.

(Application of product-sum-product encryption) This applies the encryption method (the concept of product-sum-product encryption) proposed by the present inventors in Japanese Patent Application No. 11-205381 to the above-described encryption method. A plurality of addition terms obtained by adding a plurality of selected public keys are set, and the plurality of addition terms are combined in a product and / or sum form to create a ciphertext. Using a plurality of public keys selected in accordance with the bit data of each divided plain text, a plurality of sets of addition terms as shown in (18) are created, and the created sets of addition terms are further multiplied and / or Or, add to create a ciphertext. As described above, by applying the product-sum-product encryption method to the basic encryption method of the present invention, a method with higher security can be constructed.

In the above-described example, the case where each divided plaintext is 1 bit and the number of public keys to be selected for each divided plaintext is 2 (s = 1) has been described. by using a random number as shown in (30), b _i
= 2 ^s (s: a natural number of 2 or more). For example, if s = 2, four public keys are prepared for each divided plaintext, and the plaintext is
The ciphertext is divided into bit plaintexts, one public key is selected from the four public keys according to the bit data for each divided plaintext, and a ciphertext is created by adding all the selected public keys. .

[0057]

(Equation 9)

In the above-described example, the case of the cryptographic communication system has been described. However, in the case where the plaintext is encrypted to create a ciphertext and the created ciphertext is simply recorded, the encryption of the present invention is also possible. Of course, the method can be applied.

[0059]

As described in detail above, in the present invention, the public key of each 2 ^s or the random term is incorporated in advance to prepare in advance in each divided plaintext, the plaintext to be encrypted for each s bit divided into a plurality of divided plaintext, selected according to its own bit data one public key for each divided plaintext from 2 ^s pieces public keys that had been prepared for each divided plaintext public selected Since the ciphertext is created using the key, high-speed encryption and
The present invention can greatly contribute to the development and practical application of the public key cryptosystem because the decryption process becomes possible.

(Supplementary Note) The following items are further disclosed with respect to the above description. (1) The encryption method according to claim 1, wherein a ciphertext is created in a form in which a plurality of selected public keys are added. (2) The encryption method according to claim 1, wherein a ciphertext is created in a form in which a plurality of addition terms obtained by adding a plurality of selected public keys are further multiplied and / or added. (3) The encryption method according to claim 1, wherein a ciphertext is created by using a calculation result obtained by multiplying a plurality of random numbers with a selected public key and performing a multi-stage calculation. (4) In a cryptographic communication system for performing information communication using a ciphertext between a plurality of entities, a plaintext is obtained by using the encryption method according to any one of claims 1 or (1), (2), and (3). , A communication path for transmitting the created ciphertext from one entity to the other entity, and a decryptor for decoding the original plaintext from the transmitted ciphertext . (5) An encryptor that creates a ciphertext from a plaintext using the encryption method according to any one of claims 1 or (1), (2), and (3), and records the created ciphertext. An encryption / recording device including a recording device. (6) Plaintext to be encrypted on a computer-readable recording medium storing a program for causing a computer to create a ciphertext based on a divided plaintext obtained by dividing a plaintext to be encrypted and a public key. For each s
Program code means for causing a computer to perform division into a plurality of divided plaintexts of bits (s: natural number);
2 prepared with a random number term prepared for each divided plaintext
program code means for causing a computer to select one public key from ^s public keys for each divided plaintext according to its own bit data, and a ciphertext using the selected public key. And a program code means for causing a computer to execute the program. (7) From a public key of 2 ^s (s: natural number) in which a random number term is prepared and prepared for each of a plurality of s-bit divided plaintexts obtained by dividing a plaintext into a computer, for each divided plaintext, A computer-readable recording medium in which a program for decrypting a ciphertext created using a plurality of public keys selected one by one according to its own bit data is recorded. A storage medium storing a program including program code means for causing a computer to sequentially decrypt the divided plaintext while identifying the obtained public key.

[Brief description of the drawings]

FIG. 1 is a schematic diagram showing an encrypted communication state of information between two entities.

FIG. 2 is a diagram showing a public key list in a database.

FIG. 3 is a diagram illustrating a configuration of an embodiment of a recording medium.

FIG. 4 is a diagram showing a public key list in the encryption method proposed in Japanese Patent Application No. 11-269407.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 Communication channel 2 Plaintext splitter 3 Public key selector 4 Encryptor 5 Decryptor 10 Database 20 Computer 21, 22, 23 Recording medium A, B entity

Claims (3)

[Claims] An encryption method for creating a ciphertext based on a divided plaintext obtained by dividing a plaintext to be encrypted and a public key selected from a plurality of public keys prepared for each of the divided plaintexts, plaintext each s bit: divided into a plurality of divided plaintext (s is a natural number), are prepared for each divided plaintext, each one public key from 2 ^s pieces public keys are random term incorporated the An encryption method characterized in that each plaintext is selected according to its own bit data, and a ciphertext is created using the selected public key. 2. A ciphertext is created based on a divided plaintext obtained by dividing a plaintext on one entity side and a public key and transmitted to the other entity side, and the transmitted ciphertext is transmitted to the other entity side on the basis of the original entity. In an encrypted communication method for communicating information between entities by decrypting the
The plaintext to be encrypted each s bit: divided into a plurality of divided plaintext (s is a natural number), are prepared for each divided plaintext, each one of the public from 2 ^s pieces public keys are random term incorporated A cryptographic communication method comprising selecting a key for each divided plaintext according to its own bit data, generating a ciphertext using the selected public key, and transmitting the generated ciphertext. 3. An apparatus for generating a ciphertext based on a public key and a divided plaintext obtained by dividing a plaintext to be encrypted, wherein 2 ^s (s: natural number) public keys each including a random number term are assigned to each public key. means for storing in advance for each of the divided plain text, means for dividing the plaintext to be encrypted into a plurality of divided plaintext each s bit, the 2 ^s number in accordance with the divided its bit data for each divided plaintext was A means for selecting one public key from each of the public keys and means for creating a ciphertext using the selected public key.