JP2886517B2 - Common key communication system - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to a common key communication system for performing cryptographic communication between entities on a network using a common encryption key.

[0002]

2. Description of the Related Art In recent years, when communication is performed on a network such as the Internet, a communication technique using cipher text has been desired to maintain confidentiality of communication data.

[0003] As this kind of communication technology, for example, RSA as a public key method is famous. In addition, when communication is performed between entities included in a network,
The transmitting entity encrypts the communication data (plaintext) using the encryption key and transmits it to the receiving entity, which then decrypts the original communication data using the same encryption key as the transmitting-side encryption key. A common key communication method is generally known. Here, the entity is
It refers to a device such as a terminal connected to a network, a user of the device, software of the device, or a group of them, and a subject that performs communication.

[0004] In such a communication method,
It is known that a center provided in a network distributes the common encryption key generated by the center to each entity upon communication between the entities. Or, for example, a paper "NON-PUBLIC KEY" by Rolf Blom
DISTRIBUTION / Advances in Cryptology: Proceeding
s of CRYPTO '82 / Plenum Press 1983, pp. 231-236 ",
A paper by Rolf Blom, "An Optimal Class of Sy
mmetric Key Generation Systems / Advances in Crypto
logy: EUROCRYPT '84 / Springer LNCS 209, 1985, pp.3
35-338 ", or Japanese Patent Publication No. 5-48980 or U.S. Pat. No. 5,016,276, in which a private key for generating a common encryption key is generated in advance by the center for each entity. Is distributed to each entity, and at the time of communication, each entity applies its own private key to an identifier (name, address, etc.) unique to the entity at the other end of communication, so that the entity performing communication has a common There is also known one capable of generating an encryption key.

In this case, in the latter method, a private key for each entity is generated by converting an identifier of each entity by a center algorithm common to each entity held only by the center.

More specifically, in the latter method, when the center algorithm expresses this as a function P (x, y) of variables x and y indicating any two identifiers,
P (x, y) = P (y, x) is set to have a symmetry. Then, variables x, of this function P (x, y)
y, a function P (x, i) in which the value of the variable y is the actual identifier i of each entity (hereinafter referred to as Pi
(Expressed as (x)) is distributed to each entity as a private key of each entity. Thereafter, when the entity having the identifier i communicates with another entity having the identifier j, the entity having the identifier i has its own private key P
Pi (j), which is obtained by causing the identifier j of the other party to act on i (x) (the value of the variable x is j), is generated as an encryption key. Similarly, on the entity side of the identifier j, the P obtained by applying the identifier i of the partner to the own private key Pj (x).
j (i) is generated as an encryption key. At this time, due to the symmetry, Pi (j) = Pj (i), whereby a common encryption key is obtained between the entities having the identifiers i and j.

By the way, in the above-mentioned common key communication method, in order to secure the security of the encrypted communication, it is necessary that the encryption key cannot be practically decrypted. In particular, in the method disclosed in Japanese Patent Publication No. 5-48980, etc., since all the encryption keys include information relating to the center algorithm that defines them, it is necessary to ensure the difficulty of deciphering each encryption key. Is an important issue.

However, in the conventional communication method, communication is performed by encrypting communication data (plaintext) itself using an encryption key, so that the encryption key may be decrypted due to characteristics of the communication data. Had become. In particular, in the method disclosed in Japanese Patent Publication No. 5-48980 or the like, when the encryption key is decrypted, there is a possibility that the center algorithm may be decrypted due to collusion of a plurality of entities. Had become.

[0009]

SUMMARY OF THE INVENTION In view of the foregoing, the present invention provides a common key capable of improving the security against various attacks of a cryptographic key in a system for performing cryptographic communication between entities using a common cryptographic key. It is an object to provide a communication system .

[0010] Furthermore, a secret private key for generating a common encryption key for communication is generated by applying a secret algorithm common to each entity to an identifier unique to each entity, and is distributed to each entity. The common key communication system that can enhance the security against various attacks including the secret algorithm of the center
The purpose is to provide a system.

[0011]

A common key communication system according to the present invention is provided.
In order to achieve the above object, a first aspect of the communication system performs communication data communication between entity terminal devices in a network including terminal devices of a plurality of entities and a center. Terminal equipment
Encrypts the communication data using the random number data as a key, encrypts the random number data with a common encryption key with the communication data receiving side, and encrypts the encrypted random number data with the encrypted data. of reception side and a communication data the communication data
To the terminal device , and the terminal device on the receiving side of the communication data
, Said the common encryption key to decrypt the encrypted random-number data, a common key communication system for decrypting the encrypted communication data to the random number data the decoded as a key, the center is the The center algorithm including the integral transform algorithm with the weight function common to the entities is kept secret and is unique to each entity and
One of the openness of the identifier change by the Center algorithm
To generate a private key unique to each entity,
Each painting and human key and integral transformation algorithm with the weight function
Distributed to the terminal device of the
Each entity of the terminal device, when communicating the communication data, the self to the identifier of the communication partner entity
The entities each other by Rukoto reacted with distributed the weighting function with the integral transformation algorithm was with said private key
And generating a common encryption key .

According to the first aspect of the present invention, the communication data is encrypted on the transmitting side by using the random number data as a key, and the random number data is encrypted with the common encryption key. Since the encrypted random number data is transmitted to the receiving side of the communication data together with the encrypted communication data, information of the encryption key when trying to decrypt the encryption key is encrypted by the random number data. It is included in the random number data encrypted by the encryption key instead of the communication data. Since the random number data itself lacks characteristic information, it is extremely difficult to decrypt the encryption key from the encrypted random number data. Further, since the communication data is encrypted with the random number data, the security of the communication data is sufficiently ensured. And
On the receiving side of the communication data, the random number data can be decrypted by using a common encryption key with the transmitting side, and finally the desired communication data can be decrypted using the decrypted random number data as a key. And encrypted communication can be performed without any trouble.

Therefore, according to the present invention, it is possible to enhance the security against various attacks of the encryption key in a system for performing cryptographic communication between entities using a common encryption key.

[0014] In this case, in the first aspect of the present invention, the common encryption key is a terminal device of each of the entities, wherein the center has the integral conversion algorithm with the weight function previously distributed to each entity and the private key. preparative Ru generated by the action of the communication partner identifier. The private key is generated by the center by converting an identifier unique to each entity by a center algorithm including the integral conversion algorithm with the weight function.

That is, the identifier is fixedly used for each entity such as a mail address on the network, a domain name, or a combination thereof, in addition to the name and address of each entity, and at least communicates with each other. Anything that is open to the other party may be used. In this case, if a name is used as an identifier of each entity, for example, the dispersibility of the identifier is generally poor (the distribution of identifier values tends to be biased). For this reason,
If the identifier is converted only by the algorithm having the above-mentioned symmetry to generate a private key of each entity, a large number of similar private keys are likely to appear in the generated private key. There is a possibility that a private key of another person or the above algorithm may be decrypted.

However, in the present invention, a center algorithm including an integral conversion algorithm (specifically, an integral conversion algorithm with a weighting function, but the significance of the weighting function will be described later) using the private key of each entity as an identifier of each entity. , The dispersibility of the data obtained by the integration conversion algorithm acting on the identifier is enhanced, and the dispersibility of the private key is enhanced. This makes it difficult to decipher the private key or the center algorithm by a differential attack or the like, and can increase the security of the entire cryptographic communication system. In this case, since the private key includes a component based on the integral conversion algorithm, the identifier of the entity on the communication partner side includes:
By acting not only the private key but also the integral transformation algorithm distributed in advance to each entity together with the private key, an algorithm part other than the integral transformation algorithm of the center algorithm (this part has the aforementioned symmetry) It is possible to generate an encryption key between the entities.

As described above, in the first aspect of the present invention in which the center algorithm includes the integral conversion algorithm,
The integral transform algorithm includes Fourier transform (including fast Fourier transform), Laplace transform, Miller transform,
Hilbert transform and the like can be mentioned, and any of these integral transforms can be used. However, these integral transforms are defined on an analytical infinite interval. On the other hand, since the identifier to be subjected to the integral conversion algorithm in the present invention is represented on a finite interval (for example, a coset on a finite ring), when the identifier data is subjected to integral conversion using a computer or the like, In addition, abnormal dispersion (asialing) of the conversion result is likely to occur.

For this reason, in the first aspect of the present invention, an integral conversion algorithm with a weight function is used as an integral conversion algorithm applied to an identifier.
The above-mentioned abnormal dispersion can be prevented by adding a weight function when performing the integral conversion on the identifier. Further, since the weight function can be arbitrarily set as long as it can prevent abnormal dispersion, the personal key obtained by converting an identifier by a center algorithm including an integral conversion algorithm to which the weight function is added is included in the personal key. , An unknown component based on the weight function is added. As a result, the decryption of the private key and the center algorithm becomes more difficult, and the security of the cryptographic communication system to which the present invention is applied can be further improved.

In the first aspect of the present invention, it is preferable that the random number data used for communication between the entities is one-time random number data. That is, the one-time random number data means random number data having no reproducibility or extremely poor reproducibility, and more specifically, the appearance frequency of each bit number constituting the random number data is the same for any number, Further, there is no correlation between random number data, and such random number data can be generated based on, for example, the timing when a human inputs a certain phrase or sentence to a computer. Then, by encrypting communication data using such random number data as a key and encrypting the random number data with an encryption key, decryption of the encryption key and the communication data becomes more difficult. .

In this case, the one-time random number data is transmitted to the terminal device of the transmitting entity of the communication data.
That generated on the basis of predetermined processing, and more specifically, the predetermined processing is an input operation by a human in the terminal apparatus of each entity, the one-time random number data based on the temporal timing of the input operation To determine.

Thus, the terminal device of each entity
Definitive human by the input operation (e.g., operation of inputting a certain sentence or phrase) by generating a random number data based on the temporal timing of the random number data is not reproducible, or becomes extremely poor reproducibility, the One-time individual random number data can be generated accurately.

In the first aspect of the present invention, the weight function added to the integral conversion algorithm as described above is:
Basically, the value is “0” at the end of the identifier data section.
In this case, in the present invention, the weighting function is further determined to be an unpredictable pattern based on the random number data generated in the center, and more preferably, the weighting function is set to one as the random number data. Circular random data is used. Here, the determination of the weight function based on the random number data is performed by determining the degree of change in the value of the weight function in the section of the identifier data (a form approaching “0” at the end of the section) based on the random number data. .

By determining the weight function in an unpredictable pattern based on the random number data, it becomes difficult for an attacker to predict the weight function, and the security of the cryptographic communication system to which the present invention is applied. Can be increased. In particular, when the weighting function is determined by one-time random number data, the reproducibility of the random number data is excluded.
Further, the security of the system is increased.

As mentioned above, various types of integral conversion algorithms can be applied. In particular, in the present invention, it is preferable to use a Fourier transform algorithm as the integral conversion algorithm. That is, the Fourier transform is
It is an integral transformation that can be performed quickly and easily using a computer, and generally, the transformation result is likely to be dispersed. Therefore, by using such a Fourier transform algorithm as an integral transform algorithm, the private key can be quickly and easily generated from an identifier, and at the same time, the dispersibility of the private key is effectively increased, and The security of the communication system can be significantly improved.

In the first aspect of the present invention, more preferably, the center converts the identifier of each of the entities by the center algorithm,
Furthermore, an algorithm for performing the randomizing transformation with the unique random data having a single characteristic unique to each entity to generate the private key, and canceling out the randomizing transformation component contained in the private key, and the integral transformation with the weight function An identifier conversion algorithm comprising an algorithm and a terminal key of each entity in advance together with the private key.
Leave distributed to location, the terminal device of each entity,
Activating the identifier conversion algorithm distributed to itself on the identifier of the communication partner entity and the private key.
Thus, the common encryption key is generated.

Here, in the randomizing conversion, the value of each bit of a data string representing the identifier converted by the center algorithm is changed by the individual random number data, or the data string is rearranged and converted. , And a combination thereof.

According to this, in addition to the center algorithm, the private key includes a component obtained by the randomization transformation. Then, at this time, the randomizing conversion is performed by one-time individual random data (random data having no reproducibility or extremely poor reproducibility) unique to each entity and unknown to each entity. , For each private key of each entity,
Each different incidental component will be included. as a result,
Security against various attacks of the cryptographic communication system can be further strengthened.

In this case, at the time of communication, the private key that acts on the identifier of the entity on the other end includes a component obtained by the randomization transformation for each entity. For this reason, an identifier conversion algorithm consisting of an algorithm for canceling this and the above-mentioned integral conversion algorithm with a weight function is distributed to each entity together with the private key, and each entity is used for communication.
By applying the identifier conversion algorithm and the private key to the identifier of the other party, the common terminal can be generated by the communicating terminals.

When the randomizing conversion is performed as described above,
The randomization conversion can be performed by, for example, performing a layout conversion of a data string representing a result of conversion of the identifier of each entity by the center algorithm using the one-time individual random number data.

[0030] More preferably, the data sequence representing the identifier of each of the entities converted by the center algorithm includes a plurality of unnecessary bits, and the randomizing transforms the value of the unnecessary bits to the one-time individual random number. Randomizing the data, and further converting the entire data string including the unnecessary bits into the single random data.
This is performed by changing the arrangement.

As described above, the value of the unnecessary bit of the data string representing the identifier of each entity converted by the center algorithm is randomized by the one-time individual random number data, and the value of the data string containing the unnecessary bit is further randomized. By rearranging and converting the entire data with the single random data , the attacker (decryptor of the cryptographic communication system) finds where in the acquired data there is a portion corresponding to the unnecessary bits, and where in the acquired data, The security of the cryptographic communication system is enhanced.

Further, the one-time individual random number data for performing the randomizing transformation is obtained by
It is generated based on a predetermined process in the terminal device , and more specifically, the predetermined process is performed by the terminal device of each entity.
This is an input operation by a human at the device, and the one-time individual random number data is generated based on the temporal timing of the input operation.

As described above, the terminal device of each entity
Definitive human by the input operation (e.g., operation of inputting a certain sentence or phrase) by generating a random number data based on the temporal timing of the random number data is not reproducible, or becomes extremely poor reproducibility, the One-time individual random number data can be generated accurately.

Next, according to a second aspect of the present invention, when communication data is communicated between terminal devices of entities in a network including terminal devices of a plurality of entities and a center, the transmitting side of the communication data The terminal device encrypts the communication data using the random number data as a key, encrypts the random number data with a common encryption key with a receiving side of the communication data, and encrypts the encrypted random number data with the encrypted data. receiving side terminal device of the communication data and communication data
And the terminal device on the receiving side of the communication data decrypts the encrypted random number data with the common encryption key.
And, a common key communication system for decrypting the encrypted communication data to the random number data the decoded as a key,
The center is a common center address for each entity.
Keeps the algorithm secret and unique to each entity
The in and openness identifier those produced by converting by said center algorithm, the further randomized converted by specific one-time individual random number data to each entity
To generate a private key unique to each entity,
Each entity includes a human key and an identifier conversion algorithm for canceling the randomization conversion component contained in the private key.
Distributed in advance to the terminal equipment of the
Terminal device distributes itself to the identifier of the entity of the communication partner when performing the communication of the communication data.
Common encryption key between the entities by Rukoto reacted with said private key and the identifier transformation algorithm which is
And generating a.

[0035] According to the second aspect of the present invention, the private key of each entity for generating the common encryption key includes, at the center, the identifier of each entity at the center algorithm (this is the above-mentioned center algorithm). Symmetrical part).
Each entity is generated by performing a randomizing transformation based on individual random data (unreproducible or extremely poorly reproducible) that is unique to each entity and is unknown once. Each key will contain a separate, accidental component. As a result, it becomes difficult to decipher the private key and the center algorithm, and the security of the entire cryptographic communication system against various attacks can be improved. In this case, similarly to the case described in the first aspect of the present invention, since the private key of each entity includes a component by the randomization transformation for each entity, the center leave distributed to each entity the identifier transformation algorithm including an algorithm for canceling it with the private key, wherein each enteritidis
The communication device can generate a common encryption key between entities by applying the identifier conversion algorithm and the private key to the identifier of the entity on the other side during communication. When communicating between entities, the terminal device of each of the entities encrypts communication data using random number data as a key and encrypts the random number data into the common data, in exactly the same manner as in the first aspect of the present invention. Encrypted communication can be performed by encrypting with an encryption key and exchanging the encrypted data between entities.

In the second aspect of the present invention, as in the first aspect of the present invention, it is preferable that the random number data used for communication between the entities is one-time random number data. The use of such random data makes decryption of the encryption key and communication data more difficult.

In this case, the one-time random number data is stored in a terminal device of an entity on the transmitting side of the communication data.
Generated based on a predetermined process in the location, and more specifically, the predetermined processing to the terminal apparatus of each entity
The one-time random number data is determined based on the temporal timing of the input operation. Thus it is possible to accurately produce separate random number data of the one-time.

In the second aspect of the present invention, as in the case of the first aspect, the randomizing conversion is performed by converting a data string representing an identifier of each entity converted by the center algorithm. , By using the one-time individual random number data. And, more preferably, a data string representing a result of conversion of the identifier of each entity by the center algorithm includes a plurality of unnecessary bits, and the randomizing conversion is performed by changing the value of the unnecessary bits to the one-time individual random number data. And randomize the entirety of the data string including the unnecessary bits into the one-time individual random number data.
This is performed by changing the arrangement. Thereby, the security of the cryptographic communication system to which the present invention is applied can be further improved.

The one-time random number data is generated based on a predetermined process in the terminal device of each of the entities. More specifically, the predetermined process is performed by a human input in the terminal device of each of the entities. Operation
The one-time random number data is determined based on the temporal timing of the input operation. Thereby, the one-time individual random number data can be accurately generated.

[0040]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS One embodiment of the present invention will be described with reference to FIGS. First, an outline of a cryptographic communication system to which the common key communication system of the present embodiment is applied will be described with reference to FIGS.

Referring to FIG. 1, in the present embodiment, a center 1 which is a basic construction body of a cryptographic communication system and a plurality of entities 2 which join the cryptographic communication system and mutually perform cryptographic communication are provided by the Internet. Can communicate with each other via a network 3 such as a personal computer communication network. Although not shown, the center 1 and each entity 2 include a computer machine such as a personal computer for performing actual communication and data processing, and a user of the computer machine.

In this system constructed on such a network 3, as shown in FIG. 2, each entity 2 that has joined the center 1 (in FIG. 2, each entity 2 is indicated by reference numerals i, j,...). ) Is a unique identifier yi, yj,... Corresponding to each (details will be described later).
Having. In this case, if i ≠ j, yi ≠ yj. Each entity 2 (i, j,...) Has a unique identifier generated by the center 1 based on the respective identifiers yi, yj,. Private keys Xi, Xj, ...
(Details will be described later. Hereinafter, collectively referred to as a personal key Xn as necessary). Further, when cryptographic communication is performed between arbitrary entities i and j, a common cryptographic key Kij for encrypting (transmitting side) and decrypting (receiving side) the communication data is stored in each entity i, j. For each j, a private encryption key K is generated using the private keys Xi and Xj of the entities i and j, respectively.
Using ij, cryptographic communication is performed between the entities i and j.

Before describing the system of this embodiment in more detail, the identifier yn will be described. In the present embodiment, the identifier yn of each entity 2 is unique to each entity 2, such as the name, address, mail address, domain name, or a combination thereof, of each entity 2. Use something. Incidentally, in the actual handling of the identifier yn in the computer machine of the center 1 and each entity 2, each identifier yn is treated as vector data obtained by encoding the identifier yn with, for example, a coset on a finite ring.

The system of the present embodiment for performing the above-described cryptographic communication will be described in detail below with reference to FIGS.

Referring to FIG. 3, in the system according to the present embodiment, the individual entities i, j are processed after the center 1 has undergone advance preparation processing such as generation and distribution of the private key Xn and the like.
Communication between the devices is performed.

In the preparatory processing by the center 1,
When the center 1 is established or when the system is updated, the center 1 first generates a basic center algorithm for generating the private key Xn of each entity 2 (procedure 1).

In this embodiment, the center algorithm comprises a center matrix, a weight function, and an integral conversion algorithm.

Here, the integral conversion algorithm is an algorithm for performing an integral conversion on the data of the identifier yn of each entity 2. In the present embodiment, a Fourier transform (more specifically, a fast Fourier transform) is used as the integral transform algorithm. I do. As this type of Fourier transform, a plurality of types are known, and one of them is selected by the center 1 to generate a Fourier transform algorithm used in the present embodiment. Note that the Fourier transform algorithm is actually expressed as a matrix acting on the data of the identifier yn.

The weighting function is for preventing anomalous dispersion (asialing) when performing the Fourier transform on the identifier yn, which is data of a finite section, and the value of the weight function at the end point of the section of the data of the identifier yn. This is a function that approaches “0”. Further, the center matrix is a symmetric matrix, more specifically, a nonsingular symmetric matrix.

In this case, the weight function and the center matrix are generated using one-time random number data. That is,
Referring to FIG. 4, when generating the weight function and the center matrix, the center 1 first generates random number data based on an artificial operation of an operator in the computer machine of the center 1 (procedure 1-1). Specifically, for example, the operator inputs appropriate words and phrases, sentences, and the like to the computer machine of the center 1, and the input timing at this time (for example, the input time of each word and the time interval of input of each word)
Is sequentially measured by a computer machine. Then, random number data is generated in time series based on the measured input timing. Since the random number data generated in this way is generated based on the timing of an artificial input operation having an ambiguity, it is practically unreproducible and accidental, and thus a one-time random number is generated. Data is generated.

After generating the one-time random number data, the center 1 determines the weight function and the center matrix based on the generated one-time random number data (step 1-2). ). In this case, the weight function is determined by determining the degree of change of the value of the weight function in the section of the data of the identifier yn (a form approaching “0” at the end of the section) based on the one-time random number data. Is performed, whereby the weight function is determined to be an unpredictable pattern. Note that the weight function is actually expressed as a diagonal matrix. The determination of the center matrix is performed by determining the values of the components of the matrix using the one-time random number data while ensuring the symmetry and non-singularity.

The center algorithm composed of the center matrix, the weight function, and the integral transform algorithm generated as described above is stored secretly in the center 1. In particular, the center matrix and the weight function are stored in a center other than the specific person of the center 1. It is stored strictly so that a third party (including each entity 2 etc.) cannot refer to it. Note that these center algorithms are common to each entity 2.

Returning to FIG. 3, next, when each entity 2 (i, j...) Joins the system, the center 1 determines the center algorithm and the identifier of each entity 2 generated and stored as described above. Using yn and the like, a private key Xn unique to each entity 2 and an identifier conversion algorithm for generating a common encryption key Kij as described later are generated and distributed to each entity 2 (procedure 2). ).

More specifically, referring to FIG. 5, in this procedure 2, the center 1 determines the identifier yn of the entity 2
The weighted fast Fourier transform is performed on the identifier yn by applying the Fourier transform algorithm and the matrix of the weight function to the data (vector data) (step 2-
1). Further, the vector data obtained by the procedure 2-1 is multiplied by the center matrix (procedure 2-2).
In this case, by adding redundancy to the data of the identifier yn, the weight data, the integral conversion algorithm, and the center matrix are added to the vector data obtained in the step 2-2 by the bit string meaningful as the data of the identifier yn. Appear and a plurality of other unnecessary bits appear.

On the other hand, the center 1 communicates with the entity 2 (for example, communication at the time of the joining procedure of the entity 2), so that the center 1 has a one-time individual Generate random number data (procedure 2-3). Specifically, as in the case of generating the random number data of one time when determining the weighting function and the like as described above, the user is allowed to input a certain phrase or sentence on the computer machine of the entity 2, The computer 1 of the center 1 measures the timing of the artificial input operation of the entity 2 by successively receiving it on the center 1 side. Then, the individual random number data is generated based on the measured timing of the input operation. By generating the individual random number data in this manner, the individual random number data becomes accidental with no reproducibility, similar to the random number data at the time of generation of the weight function, and is unique to the entity 2. Thus, one-time individual random number data is obtained. Note that the entity 2 does not know what kind of input operation timing and what kind of random number data is generated, and it is not possible to accurately control the artificial input operation timing. Random number data to entity 2
Can not know.

Next, the center 1 randomizes each bit value of the unnecessary bits in the vector data obtained in the step 2-2 using the one-time individual random number data obtained in the step 2-3. (Procedure 2-4). Furthermore, the vector data obtained by combining the randomized unnecessary bits and the useful bits is randomly rearranged and converted by the one-time individual random number data (the arrangement of the components of the vector data is changed. Procedure 2-5). Thus, the vector data (identifier yn converted by the center algorithm) obtained in step 2-2 is subjected to randomization conversion.
Then, the vector data obtained by the randomizing transformation is generated as the private key Xn of the entity 2.
Note that the randomizing transformation is actually represented by a matrix (not necessarily a symmetric matrix), and more specifically, a matrix such that the transposed matrix and the inverse matrix of the matrix are equal.

The center 1 generates the identifier conversion algorithm from the one-time individual random number data, the Fourier transform algorithm, and the weight function (step 2-6). The identifier conversion algorithm includes an algorithm for canceling the components of the randomization transformation reflected in the private key Xn (this is represented by an inverse matrix of a matrix representing the randomization transformation), the Fourier transformation algorithm, and a weighting function. Are synthesized (multiplied by matrices representing each of them).

The private key Xn and the identifier conversion algorithm corresponding to each entity 2 generated by the center 1 in this way are distributed to each entity 2 in advance by communication or the like (see procedure 2 in FIG. 3). The contents described above are details of the advance preparation process in the center 1.
After generating the private key Xn and the identifier conversion algorithm of each entity 2 as described above, the center 1 stores the one-time individual random number data corresponding to the entity 2 and the matrix representing the randomization conversion. Without deleting. In addition, each entity 2 receiving its own private key Xn and the identifier conversion algorithm stores them secretly in an appropriate storage device of its own computer machine.

Referring back to FIG. 3, after the above-described preparatory processing is performed, cryptographic communication is performed between arbitrary entities 2 as follows. Here, each entity 2
Among them, it is assumed that encrypted communication is performed between the entities i and j (i ≠ j), with the entity i as the transmitting side and the entity j as the receiving side.

In this cipher communication, the transmitting entity i first obtains a common encryption key Kij with the entity j from the private key Xi and the identifier conversion algorithm held by the transmitting entity i and the identifier yj of the receiving entity j. Generate (Procedure 3).

More specifically, referring to FIG.
The identifier yj of the receiving entity j is applied to the identifier conversion algorithm of the transmitting entity i on the computer machine of the entity i (the vector data of the identifier yj is multiplied by the matrix of the identifier conversion algorithm. Procedure 3-1). . Next, a common encryption key Kij with the entity j is generated by calculating an inner product of the vector data obtained by the procedure 3-1 and the private key Xi (vector data) of the transmitting entity i (procedure 3).
2).

Similarly, the receiving entity j is
As shown in FIG. 7, its own identifier conversion algorithm is applied to the identifier yi of the transmitting entity i on its own computer machine (step 3-1), and the resulting vector data and the private key of the entity j are obtained. Xj
(Step 3-2) to generate a common encryption key Kji with the entity i.

At this time, the common encryption key Kij uniquely generated by the transmitting entity i is the same as the common encryption key Kji uniquely generated by the receiving entity j.

That is, the private keys Xi and Xj held by the transmitting and receiving entities i and j, respectively.
Are the identifiers yi, y of the entities i, j, respectively.
j is vector data obtained by applying the above-described Fourier transform algorithm with a weight function, a center matrix, and a randomizing transform, and each entity i, j
Generates common encryption keys Kij and Kji, respectively.
The identifier conversion algorithm applied to the identifiers yj, yi of the entities j, i on the other side is a Fourier transform algorithm with a weighting function, and a randomization transform for each entity i, j reflected in each private key Xi, Xj. And an algorithm that cancels out the component.

For this reason, in the inner product operation performed in the procedure 3-2, the influence of the randomizing transformation for each entity i, j is eliminated, and the common encryption keys Kij, Kji obtained as a result of the inner product operation are Identifier y of entity i, j
i and yj, which have been subjected to a Fourier transform algorithm with a weighting function, and further subjected to a center matrix (vector data);
This is equivalent to the result obtained by calculating the inner product of the identifiers yj and yi of i to which the Fourier transform algorithm with weight function has been applied (vector data). That is, the identifiers yi, yj
Are subjected to a Fourier transform algorithm with a weighting function to yi ', yj' (where yi ', y
j 'is a vertical vector) and the center matrix is C
^{When, Kij = (yj ') T} · C · yi', Kji = (y
i ') ^T・ C ・ yj' (however, the subscript T in the formula means transposition).

Since the center matrix C is a symmetric matrix as described above, Kij = Kji. Therefore, the common encryption keys Kij and Kji generated separately by the respective entities i and j are the same, so that the entities i and j can share a common encryption key.

On the other hand, the transmitting-side entity i, which has generated the common encryption key Kij with the receiving-side entity j in the procedure 3 of FIG. An encrypted communication message is generated from a document, a program, etc. (procedure 4). In this case, when generating the encrypted communication message, the common encryption key Kij
In addition, one-time random data is used.

More specifically, referring to FIG. 6, when generating the encrypted communication message, the transmitting entity i uses its own computer machine to execute the word and phrase processing in the same manner as in the preparatory processing in the center 1 described above. One-time random number data (hereinafter referred to as “encryption communication random number data”) is generated based on the temporal timing of an input operation of text and text (step 4-1), and the one-time encryption communication random number data is generated. Is encrypted using the common encryption key Kij as an original key (procedure 4-2). In this case, the encryption is, for example, 3
This is performed according to the DES (Data Encryption Standard) having a stage configuration.

The plaintext is encrypted using the one-time random number data for encryption communication (before encryption) generated in step 4-1 as a key (step 4-3). This encryption is performed by, for example, a three-stage DES, as in the procedure 4-2.

Then, by combining the encrypted random number data obtained in step 4-2 with the ciphertext obtained in step 4-3 (to form one set), the receiving entity j
Is generated. The encrypted communication message generated in this manner is transmitted from the computer machine of the entity i to the computer machine of the entity j.

It is preferable that the cryptographic communication random number data is generated and updated every time cryptographic communication is performed. However, the cryptographic communication random number data is updated every time cryptographic communication is performed several times. The same cryptographic communication random number data may be used in the batch cryptographic communication).

On the other hand, the receiving entity j that has received the encrypted communication message is the entity i generated as described above.
The encrypted communication message is decrypted by using the common encryption key Kji (= Kij) with the above, and finally the plaintext is obtained (procedure 5).

That is, referring to FIG. 7, first, by using a common encryption key Kji (= Kij) with entity i as an original key, an encrypted random number in an encrypted communication message received from entity i is obtained. The data is decrypted into random number data for encrypted communication (procedure 5-1). Next, by using the decrypted random number data for encrypted communication as a key, the encrypted text of the encrypted communication message is decrypted into plain text (procedure 5-
2). Thereby, the receiving entity j finally knows the contents of the desired plaintext from the entity i, and the cryptographic communication between the entities i and j is completed.

The computer machine of each entity 2 that performs the above-described processing for cryptographic communication is configured as shown in the block diagram of FIG. 8, for example.

That is, the computer machine of each entity 2 includes a keyboard 4, a CPU (not shown) and a RA (not shown).
M and a main unit 5 composed of a ROM and the like, and a database 6 composed of a hard disk or the like for storing the personal key Xn and an identifier conversion algorithm, a plain text such as a text and a program, and a cryptographic communication telegram. . The main unit 5 includes, as its functional components, a common key generation unit 7 that generates a common encryption key, an encryption / decryption processing unit 8 that performs encryption / decryption processing of communication data, and random number data for encryption communication. And a data storage memory 10 for storing data such as a common encryption key generated by the common key generation unit 7 during encryption communication and random number data for encryption communication generated by the random number generation unit 9. Provided.

The computer machine of each entity 2 having such a configuration operates as follows.
The process for the encrypted communication as described above is performed.

That is, when generating a common encryption key (procedure 3) in each of the transmitting and receiving computer machines, first, the personal key Xn and the identifier conversion algorithm to be used are transmitted from the keyboard 4 to the main body. The specified private key Xn and the identifier conversion algorithm are fetched from the database 6 into the common key generation unit 7 of the main unit 5. Further, the identifier yn of the communication partner is input to the main unit 5 by the keyboard 4. Then, the common key generation unit 7 of the main unit 5 generates a common encryption key by applying the identifier conversion algorithm and the private key Xn to the input data of the identifier yn as described above (step 3-1). 3-2), the generated common encryption key is stored in the data storage memory 10.

On the transmitting computer machine,
Data (input operation data such as words and sentences) for generating the random number data for encryption communication is input to the main body unit 5 by the keyboard 4. Then, the random number generation unit 9 of the main body unit 5 generates the one-time random number data for encryption communication as described above based on the input data (see the above-described procedure 4-
1) The generated random number data for encrypted communication is stored in the data storage memory 10.

Further, in the transmitting computer machine, the plain text to be transmitted in the database 6 is
, And the designated plaintext is fetched from the database 6 into the encryption / decryption processing unit 8.
Then, the encryption / decryption processing unit 8 includes the data storage memory 10
Is encrypted using the common encryption key also stored in the data storage memory 10 (the above-described procedure 4-2), and the plaintext is encrypted using the encrypted random number data as a key. Encrypt (the above procedure 4-3).
The encrypted communication random number data and the plaintext encrypted by the encryption / decryption processing unit 8 in this way are stored in the database 6 as an encrypted communication message composed of them, and then separately sent to the computer machine of the communication partner. Sent.

On the other hand, in the receiving computer machine which has received the above-mentioned encrypted communication message, the encrypted communication message is stored in the database 6 and is taken into the encryption / decryption processing section 8. Then, the encryption / decryption processing unit 8 uses the common encryption key stored in the data storage memory 10 to decode the encrypted random number data in the encrypted communication message into random number data for encrypted communication (the above-described procedure 5-1), Further, using the decrypted random number data for encrypted communication as a key, the encrypted plaintext in the encrypted communication message is decrypted to the original plaintext (the above-described procedure 5-2). The plaintext encrypted by the encryption / decryption processing unit 8 in this manner is held in the database 6.

In the system of this embodiment constructed as described above, when the center 1 generates the private key Xn of each entity 2 (preparation processing), the identifier yn such as the name of each entity 2 is used. To apply the algorithm of the Fourier transform as an integral transform to
Even if n itself has many similar ones, the dispersibility of data obtained by performing a Fourier transform on the data is improved, and the dispersibility of the private key Xn obtained by applying a center matrix or the like to the data can be improved. As a result, it is possible to make it difficult to decode a center algorithm such as a center matrix of the center 1 by a so-called differential attack.

In this case, in addition to Fourier transform, Laplace transform, Miller transform, Hilbert transform and the like can be used as the above-mentioned integral transform. In the present embodiment, Fourier transform (more specifically, fast Fourier transform) is used. Is used, it is possible to remarkably improve the dispersibility as described above, and at the same time, it is possible to perform the arithmetic processing for performing the Fourier transform on the identifier yn at a high speed by using a computer machine.

Also, when generating the private key Xn, a weight function is added as a center algorithm, so that it is possible to prevent abnormal dispersion of data obtained by Fourier transforming data of the identifier yn on a finite section. At the same time, for an attacker trying to decipher the center algorithm, in addition to the center matrix and Fourier transform algorithm,
Because the number of unknown algorithm elements called weight functions increases,
Decoding the center algorithm can be made more difficult. In particular, since the weight function is generated in an unpredictable shape based on the one-time random number data, it is possible to more reliably secure the above-described difficulty in decoding.

Further, in generating the private key Xn, in addition to the center algorithm, a randomizing transformation based on single random data unique to each entity 2 is added, so that the private key Xn of each entity 2 is added. Contains components based on a randomizing transform that are individual for each entity 2 and that are not correlated with each other. For this reason, for example, even if a plurality of entities 2 collude and attempt to decrypt the center algorithm or the like from the private key Xn held by each, it is extremely difficult to decrypt the center algorithm. In this case, in particular, in the randomizing transformation, of the data obtained by applying the Fourier transformation, the weighting function and the center matrix to the identifier yn, the value of the unnecessary bit is randomized by one-time individual random number data.
Since the arrangement conversion is performed by combining the unnecessary bits and the useful bits, the private key Xn obtained by the randomization conversion is obtained.
It is not known which part of the data contains the data corresponding to the unnecessary bit, and the above-mentioned decoding becomes more difficult. For the reader, in order to completely break the system of the present embodiment, as many as four types of algorithms of a center matrix, a weight function, a Fourier transform (integral transform), and a randomize transform are used from data such as the private key Xn. Must be decrypted, and such decryption is virtually impossible.

In the system of this embodiment, in order to generate a common encryption key at the time of cryptographic communication, the identifier conversion including an algorithm for canceling the randomized conversion component reflected in the private key Xn is performed. The algorithm needs to be distributed to each entity 2 together with the private key Xn. However, the identifier conversion algorithm is
Since the algorithm for canceling the component by the randomization transformation, the Fourier transformation algorithm, and the weighting function are combined, the randomization transformation algorithm, the weighting function, and the Fourier transformation algorithm which constitute the center algorithm of the center 1 from the identifier transformation algorithm are used. It is also very difficult to decipher individually.

Therefore, according to the system of the present embodiment,
In terms of security of the system, it is practically impossible to decipher the center algorithm of the most important center 1 from the private key Xn of each entity 2.

When performing encrypted communication between arbitrary entities i and j, instead of encrypting the plaintext itself using the common encryption key Kij, the plaintext does not have a biased characteristic. Since the random number data for reciprocal encryption communication is encrypted as a key, and the random number data for encryption communication as a key for decrypting the encrypted plaintext is encrypted using the common encryption key Kij, the encryption is performed. Even if a third party intercepts the communication data, it is difficult to decrypt the common encryption key Kij from the communication data. Then, the common encryption key Kij
Since it is difficult to decrypt the private key Xn, information on the private key Xn of each entity 2 included in the common encryption key Kij and information on the center algorithm included in the private key Xn may be obtained by a third party. Have difficulty. Further, since the plaintext is encrypted using the random number data for encrypted communication as a key, the confidentiality of the plaintext is also ensured.

Therefore, according to the present embodiment, a cryptographic communication system with high security against various attacks can be provided.
At the time of cryptographic communication between any of the entities i and j, each of the entities i and j has its own private key Xi, X
j and the identifier conversion algorithm,
, Yi, the common encryption key Kij can be generated and shared without involvement of the center 1 or prior notification between the entities i, j, etc., so that not only security is high, but also A simple and highly versatile cryptographic communication system can be provided. Note that the identifier yn plays an important role in generating the common encryption key Kij as described above.
A. Shamir's paper `` Identity-Based Cryptosystems a
nd Signature Schemes / Advances in Cryptology: Proce
eding of CRYPTO '84 / Springer LNCS 196,1985, pp.47
-53 ".

Next, a more theoretical effectiveness of the system of this embodiment will be described.

In the present system, the calculation of the private key of each entity 2 and the calculation of the common encryption key are performed based on a linear transformation, and the linear transformation will be described below.

First, let Xif be a private key of entity i necessary for generating a common encryption key between f entities 2. At this time, the general idea for constructing the above linear transformation is to arbitrarily select an f-input symmetric transformation g (a function of f variables having symmetry) and obtain a private key Xif of the entity i. Xif (ξ ₁ ,..., Ξ _{f -1} ) = g (yi, ξ ₁ ,..., に 対 し て) for the identifier yi of the entity i.
_f-1 ) is determined as an f-1 input conversion that satisfies _f-1 ). Here, ξ with a subscript is a variable indicating an arbitrary identifier. In this case, the linear transformation can be found such that the kernel of the f-input symmetric transformation g follows a multiple linear mapping (f-fold linear mapping), which is basically defined in a linear space over a finite field. And generalized to the coset on the ring.

The present system is for the case where f = 2, and the above-mentioned linear transformation is defined as follows.

Here, in the following description, the center 1
Is a set of entities belonging to E, a set of identifiers is I,
Let K be a set of common encryption keys (see FIG. 1). Further, Q is a commutative ring having a unit element, J is a coset of order m on Q, K is a coset of order h on Q, and the elements of J and K are m−
A vertical vector, h-vertical vector. If Q is a body, J and K are linear spaces of dimensions m and h, respectively. The order m is equal to the total number of identifiers.

Further, R is a linear transformation constituting a mapping from I to J, and is hereinafter referred to as identity transformation. This identity transformation basically corresponds to a transformation for performing a Fourier transformation (integration transformation) with a weighting function on the data of the identifier when corresponding to the system of the above-described embodiment.
Further, as will be described later, the conversion is extended to a conversion including the randomizing conversion.

Assuming the above, first, J ₂ (J
Symmetric Q-order multiple linear mapping (a two-input symmetric transformation) from a set of two elements of
J ₂ → K is arbitrarily selected and determined. This g corresponds to a conversion for generating a common encryption key corresponding to these two identifiers from those obtained by performing identity conversion of two arbitrary identifiers.

Further, a given identifier yi (∈I)
, The matrix xi of h rows and m columns on Q becomes xi · η = g
(R (yi), η). Here, η is an arbitrary m-longitudinal vector on Q and is an element of J (the same applies hereinafter).

Further, for a given yi (∈I), one input is made so that Xi (ξ) = xi · R (ξ) (where ξ is an arbitrary element of I; the same applies hereinafter). Conversion Xi
Constitution of (ξ).

This Xi (ξ) is a private key for the entity i, and the private key Xi (ξ) is a one-input conversion V
When i is defined as Vi (η) = xi · η using the matrix xi, it is expressed by the following equation.

Xi (ξ) = Vi (R (ξ)) When there are a plurality of centers, Vi (η) = xi ·
The "xi" part in η is replaced by the sum of the matrices xi determined as described above for each center.

When the private key Xi is defined in this manner, Xa (yb) = Xb (ya) for an arbitrary entity a, b∈E, as can be easily understood from the above description. That is, if the entities a and b input the identifiers yb and ya of the other party to the respective private keys Xa and Xb,
A common encryption key Xa (yb) = Xb (ya) is obtained.

Even if a multivariable polynomial is selected instead of the multiple linear mapping g, it is included in the applicable range of the linear transformation of the present system. The reason for this is that any polynomial can be rewritten into a linear polynomial by a suitable transformation of the set of unknowns, and that such a transformation can be absorbed into the identity transformation R. Furthermore, some transforms can be viewed as a combination of a linear transform and an operation such as an exponential function.

Next, the performance of the linear conversion of the present system and the role of the identity conversion R will be described.

For any transformation A, Cd (A), Ce
Let (A) be the complexity of the description of the transformation A and the complexity of the evaluation of the transformation A, respectively. At this time, the conversions Xi, R,
The following relational expression holds for Vi.

Cd (Xi) = Cd (R) + Cd (Vi) Ce (Xi) ≦ Ce (R) + Ce (Vi) In this case, the input (identifier) of the conversion Xi indicating the private key is w.
If it is described in [bit], Cd (Vi) = hmw [bit] holds for the complexity Cd (Vi) of the description of the conversion Vi. In addition, the complexity Ce (Vi
), Ce (Vi) = O (hm) [Q-operation] holds. Here, O (hm) [Q-operation] means the order of hm on the commutative ring Q, and this value is approximately O (w ² ) [bit conversion], that is, w ² Can be evaluated by order. Then, when a small commutative ring Q (for example, Galois field GF [2]) is selected, Ce (Vi) becomes low.

Therefore, the complexity Cd (X
i) and the evaluation complexity Ce (Xi) are the description complexity Cd (R) of the identity transformation R and the evaluation complexity C
e (R) is greatly affected.

Here, consider a case where one or a plurality of entities j trying to break the system use respective private keys Xj.

Obviously, a perfect defeat of this system is to determine the aforementioned multiple linear mapping g: J ₂ → K. In this case, in order to completely break the system, the centers either cooperate or have the same number as the order of the multiple linear mapping g (which is roughly equal to the total number m of identifiers (= order of J)). It requires the cooperation of the entities and is practically impossible.

[0108] Further, consider the possibility that some entity j can determine the private key Xi of another entity i. In this problem, the identity conversion R plays an important role as described below.

First, "all the entities j of the subset B of the set E of the whole entity cooperate, and these entities j∈B become the whole {Xj
Even if | j {B} is used, information such as useful for determining the private key Xi of any entity i in the set EB cannot be obtained. "
For each entity i in B, the identity transformation R (yi) is the sum of the respective identity transformations R (yj) of entity j in B, {R (yj) |
is linearly independent of j {B} ". Therefore, the information-theoretic security of the linear transformation of the present system is reduced to the fact that any subset U of the set {R (yi) | i {E} is linearly independent. Therefore, there is a strong relationship between the linear transformation and the linear algebraic permutation combination. In evaluating the security of the linear transformation, in particular, m rows and n columns (where n = # E = entity of entity E) Parity check matrix H = (R
(Y1), ......, R ( yn)) linear code LR that is defined by ^{= {z∈Q n | H · z} = 0}, i.e., variable, such as the product of the parity check matrix H becomes zero vector It is important to consider the set of codewords z represented by n-vertical vectors on the permutation Q. The so-called Hamming
) The existence of a code word z (∈LR) having a weight s, and the fact that the private key Xi of a specific entity i can be derived by the cooperation of s-1 entities j. Is easily guided.

On the other hand, by individualizing the identity conversion R as follows (the identity conversion R is unique to each entity), it becomes difficult to break the system even if a large number of entities collude. That is, for the set {R (yj) | j {B} of the identity transformation R (yj) of each entity j (j∈B) that is going to break the system, the identity transformation R (yi) of the other entity i is Linearly dependent, R
If (yi) = ΣCj · R (yj) (where Cj is an appropriate coefficient), as is clear from the definition of the private key described above, the private key Xi and the entity j (j∈B) of the entity i Xi = ΣCj · Xj for the private key Xj of
Holds. Therefore, the set B of each entity j trying to break the system can easily know the private key Xi of another entity i. However, when the identity conversion R is individualized, the conversion R
Is unique to each entity, it is not easy to find, for a given set B of entities j, an entity i having an identifier yi that can decrypt another private key Xi. In other words, set B
Cannot know which entity i's private key Xi can be decrypted from information such as the private key Xj possessed by them. Conversely, for the entity i having the given identifier yi, the private key X
It is also not easy to find the set B containing the identifier yj that can decode i. In other words, even if the entity i having the private key Xi to be decrypted is specified, it is not possible to know which entity should collude to decrypt the private key Xi. in this way,
Individualizing the identity transformation R is of essential importance in increasing the theoretical security of the system.

When individualizing the identity conversion R in this way, various linear conversions can be selected, but they are basically classified into two categories.

One is the use of an identity transform R such that the corresponding linear code LR is a well-known algebraic or algebraic geometric code, and the other is the identity transform R Is randomized individually for each entity.

In this case, in the former method, if the total number m of identifiers is increased for security, the required data amount tends to be large. For example, a primitive element is α and Q = GF (q): a Galois field, and h = 1,
Let β be the power of α (log β = ξ · log α), further, let R (ξ) = [1, β, β ² ,..., β ^m-1 ] ^T, and I be {0, 1, 2,. Suppose that it was encoded as n-1}. Since this identity conversion R has no one-way property,
Although not a strict linear transformation, R. Blom's paper, An O
ptimal Class of Symmetric Key Generation Systems ''
The linear code LR corresponds to a so-called Reed-Solomon code. In this method, the total number n of entities in the network needs to be smaller than q in the Galois field Q = GF (q). For example, when n = 10 ¹² , the minimum Q becomes GF (2 ⁴⁰ ), which requires an extremely large data amount.

On the other hand, the latter method of randomizing the identity conversion R individually for each entity is as follows:
This is a technique realized by the randomizing transformation in the above-described embodiment. According to this technique, the total number m of identifiers is m.
Even if the value (which is equal to the total number n of the entities in the present system) is large, there are a large number of identity conversions R that can perform high-speed processing and require a small amount of data.

On the other hand, the following relational expression corresponding to the known asymptotic Varshamov-Gilbert's limit equation is obtained by the same method as that for deriving the known limit equation.

M / n + r ≦ Φ (b / n) where r = m · log _q (q−1) where Φ is Φ (u) = u · log _q (q−1) −u · log _q u-
(1-u) log _q is a function defined by (1-u). Also, b in the above inequality is the total number (= # B) of entities j trying to break the system.

The above inequality defines the limit of the total number b of entities j required to break the system, and means that the system cannot be broken with the number of entities b for which this inequality does not hold.

Then, based on this inequality, any m
For b and b, it is derived that there is an identity conversion R such that even if at most b entities j collude, the private key Xi of another entity i cannot be decrypted. It can also be seen that individual randomization of the identity transform R often results in a good linearly independent structure while satisfying the above conditions.

Accordingly, the present system can provide a highly secure system by individually randomizing the identity conversion R. In other words, the system uses the individual randomization of the identity transformation R to increase the complexity Cd of the description of the transformation R
(R) and the complexity of the evaluation Ce (R),
The security of the system is ensured by increasing the description complexity Cd (Xi) and the evaluation complexity Ce (Xi) of the private key Xi.

In practice, for example, Q = GF [2], m = 819
2, when h = 64, Cd (Xi) = 64 [Kby
te]. In this case, the encryption communication can be performed between any two entities on the system including up to 10120 entities by using the 160-bit common encryption key. Then, for example, the clock 200MH
When a 32-bit CPU and a 640 Kbyte memory are used in z, each personal key can be calculated within 20 ms. Furthermore, the system cannot completely break the system unless 8192 entities collude, and due to the individual randomization of each entity, if more than 256 entities collude,
No information about the private key of another entity can be obtained.

In the above embodiment, a center matrix is set as the center algorithm in addition to the weight function and the Fourier transform algorithm. However, the weight function itself can be used as the center matrix.

In the above embodiment, the Fourier transform was used as the integral transform.
Other forms of integral transform, such as Hilbert transform, may be used.

[Brief description of the drawings]

FIG. 1 is a diagram showing an overall configuration of a cryptographic communication system to which an embodiment of a common key communication system according to the present invention is applied.

FIG. 2 is a diagram for conceptually explaining the basic structure of the system in FIG. 1;

FIG. 3 is a flowchart for explaining an outline of a processing procedure in the system of FIG. 1;

FIG. 4 is a flowchart showing details of a process in procedure 1 of FIG. 3;

FIG. 5 is a flowchart showing details of a process in procedure 2 of FIG. 3;

FIG. 6 is a flowchart showing details of processing in procedures 3 and 4 of FIG. 3;

FIG. 7 is a flowchart showing details of processing in procedures 3 and 5 of FIG. 3;

FIG. 8 is a block diagram showing a configuration of a computer machine for performing the processes of FIGS. 6 and 7.

[Explanation of symbols]

1 center, 2 (i, j, etc.) entity, 3 network, Xi, Xj, etc. private key, Kij common encryption key,
yi, yj, etc. Identifiers.

Continuation of front page (56) References JP-A-7-311673 (JP, A) JP-A-7-175411 (JP, A) JP-A-63-314585 (JP, A) Tsutomu Matsumoto "No communication of encryption key Method of sharing with: KEY PREDISTRIBUTION SYSTEM ”, IEICE Transactions, Vol. J71-A, No. 11, (1988), p. 2046-2053 Shinji Miyabuchi, "Can KPS Protect Privacy?" Electronics, September 1995 (No. 496), p. 51-53 Hideki Imai, "Coding Theory," 5th Edition, The Institute of Electronics, Information and Communication Engineers, (1994). p. 158-161 Masaaki Mitani, Shigeo Tsujii, Digital Signal Processing Series, Volume 3, Digital Filter Design, Shokodo, (1987), p. 75-78 James L. Massey and Shirley Serconek, “A Fourier Transform Approach to the Linear Complexity of Nonlinearly Filtered SealedPetrosedPeaces,“ Advance CryptoSequences, ” 332 −340 (58) Field surveyed (Int.Cl. ⁶ , DB name) H04K 1/00-3/00 H04L 9/00-9/38 G09C 1/00-5/00

Claims (20)

(57) [Claims] A terminal and a center of a plurality of entities
In a network including bets, entity terminal device
When communicating communication data between location, transmitting terminal device of the communication data, the random number data with encrypting the communication data random number data as a key common with the receiving side of the communication data Encrypted with an encryption key, and transmits the encrypted random number data and the encrypted communication data to a terminal device on the receiving side of the communication data, wherein the terminal device on the receiving side of the communication data is the common terminal device. encryption key by decoding the encrypted random number data, a common key communication system for decrypting the encrypted communication data and the decoded random number data as a key, the center is common to each entity secret the center algorithm including the integral transformation algorithm with a weighting function
The center algorithm is used to generate a private key unique to each entity by converting an identifier unique to each entity and open to the public by the center algorithm.
Each and serial weighting function with integral transformation algorithm Entite
The communication device, the terminal device of each entity automatically transmits the identifier of the entity on the communication partner side when performing the communication of the communication data.
The entity by Rukoto to act himself the weighting function with the integral transformation algorithm is distributed between the said private key
A common key communication system for generating a common encryption key for each other . 2. The common key communication system according to claim 1, wherein said random number data is one-time random number data.
M 3. The common key communication system according to claim 1, wherein the random number data is generated based on a predetermined process in a terminal device of an entity on a transmitting side of the communication data. 4. The method according to claim 1, wherein the predetermined processing is performed at an end of each of the entities.
4. The common key communication according to claim 3, wherein the one-time random number data is determined based on a temporal timing of the input operation by a human in the terminal device.
System . 5. The common key communication according to claim 1, wherein said weight function is determined to be an unpredictable pattern by random number data generated at said center.
System . 6. The common key communication system according to claim 5, wherein said random number data for generating said weight function is one-time random number data. 7. The common key communication system according to claim 1, wherein said integral transform algorithm is a Fourier transform algorithm. 8. The center generates the personal key by performing randomization conversion on the identifier of each of the entities by the center algorithm and using one-time individual random number data unique to each entity. An identifier conversion algorithm including an algorithm for canceling the randomization conversion component included in the private key and the integral conversion algorithm with the weighting function is stored in advance at the end of each entity together with the private key.
Leave distributed to end devices, wherein each entity of the terminal device, the co-by Rukoto reacted with the identifier transformation algorithm which is distributed to the self to the identifier of the communication partner entity and said private key
The common key communication system according to claim 1, wherein a common encryption key is generated. Wherein said randomized conversion by the center, characterized in that by said data string representing what the identifier of each entity were transformed by the center algorithm, arranged converted by separate random number data of the one-time The common key communication system according to claim 8, wherein 10. A data string representing a result of conversion of the identifier of each entity by the center algorithm includes a plurality of unnecessary bits, and the randomization conversion by the center converts the value of the unnecessary bits into an individual Randomizing with random number data, and further processing the entirety of the data string including the unnecessary bits with the one-time individual random number data
Common key communication system according to claim 9, wherein the performing by arranging converted by. 11. The common key communication system according to claim 8, wherein said one-time individual random number data is generated based on predetermined processing in a terminal device of each of said entities.
Tem . 12. The method according to claim 1, wherein the predetermined processing is performed by each of the entities.
The common key communication system according to claim 11, wherein the one-time individual random number data is generated based on a temporal operation of the input operation by a human in the terminal device . 13. A terminal and a center for a plurality of entities.
In a network comprising a chromatography, entity of the terminal
When communicating communication data between devices, transmitting terminal device of the communication data, the random number data with encrypting the communication data random number data as a key common with the receiving side of the communication data and encrypted by the encryption key, the encrypted random number data and the said encrypted communication data transmitted to the receiving terminal device of the communication data, the receiving terminal device of the communication data, the common encryption key by decoding the encrypted random number data, a common key communication system for decrypting the encrypted communication data and the decoded random number data as a key, the center is common to each entity Center Al
Keeps the algorithm secret and unique to each entity
The in and openness identifier those produced by converting by said center algorithm, the further randomized converted by specific one-time individual random number data to each entity
To generate a private key unique to each entity,
Each entity includes a human key and an identifier conversion algorithm for canceling the randomization conversion component contained in the private key.
Advance distribution subjected to terminal devices Iti, each entity of the terminal device, when communicating the communication data, the self to the identifier of the communication partner entity
Common to each other the entity by Rukoto reacted with himself the identifier transformation algorithm which are distributed and said private key
Key communication system characterized by generating a plurality of encryption keys
M 14. The common key communication system according to claim 13, wherein said random number data is one-time random number data.
Tem . 15. The common key communication system according to claim 13, wherein the random number data is generated based on a predetermined process in a terminal device of an entity on a transmitting side of the communication data. 16. The method according to claim 16, wherein the predetermined processing is performed for each of the entities.
16. The common key communication system according to claim 15, wherein the one-time random number data is determined based on a temporal input of a human input operation on the terminal device . 17. The randomized conversion by the center, characterized in that by said data string representing what the identifier of each entity were transformed by the center algorithm, arranged converted by separate random number data of the one-time 14. The common key communication system according to claim 13,
M 18. A data string representing a result obtained by converting the identifier of each of the entities by the center algorithm includes a plurality of unnecessary bits, and the randomization conversion by the center performs the one-time individual Randomizing with random number data, and further processing the entirety of the data string including the unnecessary bits with the one-time individual random number data
Common key communication system according to claim 17, wherein the performing by arranging converted by. Individual random data 19. The one-time, the common key communication according to claim 13, wherein the generating on the basis of a predetermined processing in each entity of the terminal device Shi
Stem . 20. The method according to claim 19, wherein the predetermined processing is performed for each of the entities.
20. The common key communication system according to claim 19, wherein the one-time individual random number data is generated based on an input operation by a human in the terminal device , and based on a temporal timing of the input operation.