JP3953235B2 - Cryptographic communication method and cryptographic communication system - Google Patents

Cryptographic communication method and cryptographic communication system Download PDF

Info

Publication number
JP3953235B2
JP3953235B2 JP20390399A JP20390399A JP3953235B2 JP 3953235 B2 JP3953235 B2 JP 3953235B2 JP 20390399 A JP20390399 A JP 20390399A JP 20390399 A JP20390399 A JP 20390399A JP 3953235 B2 JP3953235 B2 JP 3953235B2
Authority
JP
Japan
Prior art keywords
entity
key
secret
unique
vector
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
JP20390399A
Other languages
Japanese (ja)
Other versions
JP2001036516A (en
Inventor
隆一 境
恭通 村上
正雄 笠原
Original Assignee
隆一 境
村田機械株式会社
正雄 笠原
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 隆一 境, 村田機械株式会社, 正雄 笠原 filed Critical 隆一 境
Priority to JP20390399A priority Critical patent/JP3953235B2/en
Publication of JP2001036516A publication Critical patent/JP2001036516A/en
Application granted granted Critical
Publication of JP3953235B2 publication Critical patent/JP3953235B2/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Description

[0001]
BACKGROUND OF THE INVENTION
  The present inventionIs darkENCRYPTION COMMUNICATION METHOD AND ENCRYPTION COMMUNICATION SYSTEMToRelated.
[0002]
[Prior art]
In a modern society called an advanced information society, important business documents and image information are transmitted, communicated and processed in the form of electronic information based on a computer network. Such electronic information has the property that it can be easily copied, and it is difficult to distinguish between a copy and the original, and the problem of information maintenance is regarded as important. In particular, the realization of a computer network that satisfies the elements of "computer resource sharing", "multi-access", and "broadening" is essential for establishing an advanced information society. Contains conflicting elements. As an effective technique for resolving such contradiction, attention has been paid to cryptographic techniques that have been used mainly in the military and diplomatic aspects of human history.
[0003]
Cryptography is the exchange of information so that the meaning of the information cannot be understood by anyone other than the parties. In cryptography, encryption is the conversion of an original sentence (plain text) that anyone can understand into a sentence (cipher text) whose meaning is unknown to a third party, and decryption is to convert the cipher text back to plain text. The entire process of encryption and decryption is collectively called an encryption system. In the encryption process and the decryption process, secret information called an encryption key and a decryption key is used, respectively. Since a secret decryption key is required at the time of decryption, only a person who knows the decryption key can decrypt the ciphertext, and the confidentiality of information can be maintained by the encryption.
[0004]
The encryption key and the decryption key may be the same or different. An encryption system in which both keys are equal is called a common key encryption system, and DES (Data Encryption Standards) adopted by the US Bureau of Commerce Standards is a typical example. In addition, as an example of an encryption system in which both keys are different, an encryption system called a public key encryption system has been proposed. In this public key cryptosystem, each user (entity) using the cryptosystem creates a pair of encryption key and decryption key, publishes the encryption key in the public key list, and keeps only the decryption key secret It is a cryptographic system that does. In the public key cryptosystem, the pair of encryption key and decryption key are different, and the decryption key cannot be calculated from the encryption key by using a one-way function.
[0005]
The public key cryptosystem is an epoch-making cryptosystem that publishes an encryption key, and conforms to the above three elements necessary for establishing an advanced information society. In order to make use of the RSA cryptosystem, the research is actively conducted, and the RSA cryptosystem is proposed as a typical public key cryptosystem. This RSA cryptosystem is realized using the difficulty of prime factorization as a one-way function. In addition, public-key encryption system that uses the difficulty of solving the discrete logarithm problem (discrete logarithm problem) have also been proposed various methods.
[0006]
In addition, an encryption system using ID (Identity) information for identifying an individual such as an address and a name of each entity has been proposed. In this encryption system, a common encryption key is generated between the sender and the receiver based on the ID information. In addition, the encryption technique based on this ID information includes (1) a method that requires preliminary communication between the sender and receiver prior to ciphertext communication, and (2) a backup between the sender and receiver prior to ciphertext communication. There are methods that do not require communication. In particular, since the method (2) does not require preliminary communication, the convenience of the entity is high, and it is considered to be the center of the future encryption system.
[0007]
The encryption system using the method (2) is called ID-NIKS (ID-based non-interactive key sharing scheme), and the encryption key is shared without performing preliminary communication using the ID information of the communication partner. The method to do is adopted. ID-NIKS is a method that does not require the exchange of a public key and a secret key between senders and receivers, and does not require a list of keys or a service by a third party, and allows secure communication between arbitrary entities.
[0008]
FIG. 4 is a diagram showing the principle of the ID-NIKS system. Assuming the existence of a reliable center, the shared key generation system is configured around this center. In FIG. 4, ID information such as the name, address, and telephone number of the entity X, which is the specific information of the entity X, is represented by h (ID) using a hash function h (•).X). The center makes center public information {PC for any entity Xi}, Center secret information {SCi} And ID information h (ID of entity XX) Based on the secret information SXiAnd secretly distribute to entity X.
SXi= Fi({SCi}, {PCi}, H (IDX))
[0009]
Entity X is shared with any other entity Y for shared key K for encryption and decryptionXY, Secret information of entity X itself {SXi}, Center disclosure information {PCi} And ID information h (ID of the entity Y of the other partyY) To generate as follows.
KXY= F ({SXi}, {PCi}, H (IDY))
Similarly, entity Y is also entity XAgainstShared key KYXIs generated. If always KXY= KYXIf this relationship is established, this key KXY, KYXCan be used as an encryption key and a decryption key between entities X and Y.
[0010]
In the above-described public-key cryptosystem, for example, the length of the public key for RSA cryptosystem becomes ten times the current phone number is extremely complicated. On the other hand, in ID-NIKS, if each ID information is registered in the form of a name list, a shared key can be generated with an arbitrary entity by referring to the name list. Therefore, if the ID-NIKS system as shown in FIG. 4 is implemented safely, a convenient cryptosystem can be constructed on a computer network to which many entities join. For these reasons, ID-NIKS is expected to become the center of future cryptographic systems.
[0011]
[Problems to be solved by the invention]
ID-NIKS that shares the encryption key and the shared key that is the decryption key without performing preliminary communication using the ID information of the communication partner is sufficient against attacks such as collusion of multiple entities. It is desirable to be safe. However, in the ID-NIKS as described above, an attack method is studied, and if an appropriate number of entities collide, the secret parameter of the center is exposed. Whether or not a cryptographically secure ID-NIKS can be constructed is an important issue in the advanced information society, and the search for more ideal cryptosystems is underway.
[0012]
In order to increase the security against the collusion attack as described above, a random number component is added in advance to the secret key distributed from the center to each entity, and this random component is removed by a non-linear operation at the time of key sharing. A method in which a shared key is obtained (hereinafter referred to as preceding example 1), a set of a plurality of secret keys including a random number component for each entity is generated by operations on two finite fields, and at the time of key sharing A method in which a random key component is removed by adding these secret keys on an integer ring to obtain a shared key (Japanese Patent Application No. 10-262035, Japanese Patent Application No. 10-338190, etc. Have been devised by the present inventors.
[0013]
Both of the preceding example 1 and the preceding example 2 are characterized in that the secret key generation function and the key sharing function cannot be separated, and the key sharing succeeds with a sufficiently high probability. Compared to collusion attacks. However, when the dimension of the ID vector is relatively small, the application of the LLL (Lenstra-Lenstra-Lovasz) algorithm can be used not only to forge a third-party secret key but also to attack the center secret matrix. It was clarified that there was a possibility.
[0014]
  The present invention has been made in view of such circumstances, and is highly safe against attacks based on the LLL algorithm.DarkNo. communication methodas well asCryptographic communication systemTheThe purpose is to provide.
[0015]
[Means for Solving the Problems]
  In the cryptographic communication method according to claim 1, a secret key unique to each entity is sent from the center apparatus to each entity apparatus, and one entity apparatus is disclosed with the secret key unique to the entity sent from the center apparatus. The plaintext is encrypted into ciphertext using the shared key obtained from the public key of the entity and transmitted to the other entity device, and the ciphertext transmitted by the other entity device is sent from the center device. By decrypting the original plaintext using the same shared key as the shared key, which is obtained from the private key unique to the entity and the public key of the one entity that has been made public,In a method that does not require preliminary communication between entity devices prior to ciphertext communication,In an encryption communication method for communicating information between entity devices,The center device isSet a unique law for each entity,Set for each entityGenerating a secret key unique to each entity according to a specific law;The one and other entity devices are set for each entity.A common method is obtained based on a unique method, and the shared key is generated by the obtained common method.
[0017]
  The encryption communication method according to claim 2 is the method of claim 1,The center device isFind each entity's secret vector using each entity's public key,For each entitySecret vector and each entity specificPersonal secret random vectorAndSet for each entityBy its own lawGenerate a secret key unique to each entityIt is characterized by that.
  The cryptographic communication method according to claim 3 is the method according to claim 1 or 2,The center device isPublic key of each entityThe, Based on the specific information of each entity.
  ClaimItem 4The cryptographic communication system according to the present invention includes a process for encrypting plaintext, which is information to be transmitted, into ciphertext, and a process for decrypting the transmitted ciphertext into the original plaintext,In a method that does not require preliminary communication between multiple entity devices prior to ciphertext communication,In a cryptographic communication system that mutually performs between a plurality of entity devices, means for setting a unique method for each entity, means for generating a secret key unique to each entity by the set method, and the generated secret key for each entity A center device comprising means for sending to the device;Set for each entitySeeking common law based on specific lawMeans, andAccording to the obtained common law, the own private key sent from the center device and the communication target entityNoUsing the public keyDoProcessing and decryptionDoGenerate a shared key for processingWith meansAnd a plurality of entity devices.
[0018]
In the present invention, a method unique to each entity is set for each entity, and a secret key unique to each entity is generated by the set method. Therefore, unlike the conventional ID-NIKS including the preceding examples 1 and 2, since a common method is not used for all entities when generating a secret key, it is powerful against attacks using the LLL algorithm. Become.
[0019]
DETAILED DESCRIPTION OF THE INVENTION
Hereinafter, embodiments of the present invention will be specifically described.
FIG. 1 is a schematic diagram showing a configuration of a cryptographic communication system according to the present invention. One central center 1 and d that can trust the concealment of informationgOne division center 10 is set. These central center 1 and division center 10 can correspond to, for example, public organizations of society. The central center 1 and a plurality of entities a, b,..., Z as users who use this cryptographic system are connected by secret communication paths 2a, 2b,. , 2b,..., 2z, secret key information is transmitted from the center 1 to the entities a, b,. Further, communication paths 3ab, 3az, 3bz,... Are provided between the two entities, and ciphertexts obtained by encrypting communication information via the communication paths 3ab, 3az, 3bz,. Are transmitted between each other.
[0020]
The present invention can be applied to both the method based on the method of the first example and the method based on the method of the second example. However, in the following example, the method is based on the method of the first example. A case where the present invention is applied will be described.
[0021]
(Preparation process at the general center 1)
(1) First ID vector (dfDimension, each component is LfA one-way function f (•) for generating (bit) is disclosed.
(2) Second ID vector (dgA one-way function g (•) for generating dimensions, each component is an element of GF (2) is disclosed.
(3) Unique random vector r of entity ii(DrDimension, each component is LrBit).
[0022]
However, the first ID vector and the second ID vector of the entity i are represented by the following (1) and (2), respectively, and the second ID vector wiA set of indices whose components are 1 for Wi= {J | wij= 1}.
[0023]
[Expression 1]
[0024]
(Jth (j = 1, 2,..., Dg) Preparatory processing at division center 10)
▲ 1 ▼ Prime number P(j)Generate and publish this.
(2) Secret symmetric matrix T(j)Is generated.
[0025]
(Entity registration process)
The central center 1 and each division center 10 requested to register with the entity i perform the following processing.
(1) The control center 1 has j∈WiThe secret vector x for entity iiRequest the calculation.
(2) The j-th division center 10 is a vector vi, The secret vector x for entity ii (j)Is calculated according to the following (3), and is sent to the general center 1.
Vector xi (j)≡T(j)Vector vi(Mod P(j)(3)
(3) The headquarters center 1 determines the law P specific to the entity i.iIs obtained according to (4) below, and the secret vector x is calculated using the Chinese remainder theorem.iIs calculated according to the following (5). Where secret vector xiIs PiIs uniquely determined by the law.
[0026]
[Expression 2]
[0027]
(4) The general center 1 further determines the personal secret random number vector riEntity i's private key siIs secretly sent to entity i in accordance with (6) below.
[0028]
[Equation 3]
[0029]
(Common key generation process between entities)
The entity i uses the following calculation procedure to share the shared key K with the entity m to be communicated.imAsk for.
(1) Common law P between entity i and entity mimIs obtained according to the following (7).
[0030]
[Expression 4]
[0031]
(2) K according to (8) belowim′ Is calculated.
[0032]
[Equation 5]
[0033]
(3) Shared key K according to (9) belowimCalculate However, D is a natural number publicly disclosed by the general center 1 and satisfies the following condition (10).
[0034]
[Formula 6]
[0035]
Next, communication of information between entities in the above-described encryption system will be described. FIG. 2 is a schematic diagram showing a communication state of information between two entities i and m. In the example of FIG. 2, entity i encrypts plaintext (message) M into ciphertext C and transmits it to entity m, and entity m decrypts ciphertext C into original plaintext (message) M. Show.
[0036]
On the entity i side, the personal identification information ID of the entity mmAnd using the function h (•), the vector vmA public key generator 11 for obtaining (public key) and a secret key vector s sent from the central center 1iAnd the vector v which is the public key from the public key generator 11mAnd the shared key K with the entity m that the entity i obtains based on the published natural number DimA shared key generator 12 for generating a shared key KimAnd an encryptor 13 that encrypts plaintext (message) M into ciphertext C and outputs it to the communication path 30.
[0037]
Further, on the entity m side, the personal identification information ID of the entity iiAnd using the function h (•), the vector viA public key generator 21 for obtaining (public key) and a secret vector s sent from the central center 1mAnd the vector v which is the public key from the public key generator 21iAnd the shared key K with the entity i that the entity m obtains based on the published natural number DmiA shared key generator 22 for generating a shared key and a shared key KmiAnd a decryptor 23 that decrypts the ciphertext C input from the communication path 30 into a plaintext (message) M and outputs it.
[0038]
Next, the operation will be described. When transmitting information from entity i to entity m, first, the personal identification information ID of entity mmIs input to the public key generator 11 and the vector vm(Public key) is obtained, and the obtained vector vmIs sent to the shared key generator 12. Further, the vector s obtained in accordance with the above (3) to (6) at the general center 1 and the division center 10.iIs input to the shared key generator 12. And the shared key K according to the above formulas (7) to (9)imIs sent to the encryptor 13. In the encryptor 13, the shared key KimIs used to encrypt the plaintext (message) M into the ciphertext C, and the ciphertext C is transmitted via the communication path 30.
[0039]
The ciphertext C transmitted through the communication path 30 is input to the decryptor 23 of the entity m. Personal identification information ID of entity iiIs input to the public key generator 21 and the vector vi(Public key) is obtained, and the obtained vector viIs sent to the shared key generator 22. Further, the vector s obtained in accordance with the above (3) to (6) at the general center 1 and the division center 10.mIs input to the shared key generator 22. And the shared key K according to the above formulas (7) to (9)miIs sent to the decoder 23. In the decryptor 23, this shared key KmiIs used to decrypt the ciphertext C into plaintext (message) M.
[0040]
In addition, although the case where this invention was applied to the system based on the method of the prior example 1 was demonstrated, this invention is applicable also to the system based on the method of the prior example 2. FIG. In this case, for example, in addition to the above (6), a secret key vector s as shown in (11) below.iIt is sufficient to perform key sharing using ′. However, QiIs a law specific to entity i. In this case, the private secret random vector r at the key sharing stagei, The vector riIt is possible to set a large component.
[0041]
[Expression 7]
[0042]
Hereinafter, various conditions necessary for key sharing between entities in the method of the present invention will be described.
[0043]
(Number of bits for each element)
In order to succeed in key sharing with a sufficiently high probability, a secret random vector r unique to entity iiThe size L of each component ofrLog2(Pim), D must be set sufficiently smaller than D. That is, the following (12) may be set, and the following (13) may be set. In order to make it safer against collusion attacks by the LLL method,rSet. Note that e is a margin for carry and k is a design value.
[0044]
[Equation 8]
[0045]
(Function g)
By function g, the second ID vector wiIs determined, but the vector wiIs the secret key vector xiLaw PiAnd method P used for key sharingimUsed for setting. Therefore, the law PiAnd law PimThe vector w so that is larger than a certain sizeiThe number of components of 1 (vector wiWeight = # Wi) And # {Wi∩Wm} Needs to be given an appropriate size.
[0046]
#WiAnd # {Wi∩Wm} Is a vector w that must be greater than a certain sizei, Vector wmFor example, data obtained by passing ID information through a certain one-way function h (•) may be encoded by a constant weight code such as an M-sequence code. When a constant-weight codeword having a code length of n bits and a weight of 2d is used as the second ID vector, the position of 1 of two different codewords always matches at d locations. Therefore, by using the code word of this constant weight 2d, the modulus PimIt is possible to make the size of a larger than a certain size.
[0047]
For example, for a 3-bit information symbol, the code length n = 2Three-1 = 7, weight 2d = 2k-1Consider a constant weight code such that = 4. In this case, there are seven kinds of information symbols because they can be expressed by 3 bits except for (0, 0, 0). The second ID vector of entity i is a code word (1, 1, 1, 0, 0, 1, 0), and the second ID vector of entity m is a code word (1, 0, 0, 1, 0, 1, 1). P, if givenim= P(1)P(6)It becomes.
[0048]
(Generation of second ID vector by constant weight code)
As will be described later, the higher the proportion of the zero component of the second ID vector, the higher the security against collusion attacks using the LLL method. However, if the proportion of the zero component is increased, # {Wi∩Wm} Is not easy to keep above a certain value. In order to realize this, the following constant weight codes are applied hierarchically.
[0049]
(1) Using h (•) as a one-way function, the value generated from the entity ID information is b = 2.kExpressed in -1 decimal number. That is, it is defined as (15) below.
[0050]
[Equation 9]
[0051]
▲ 2 ▼ wij′ Is encoded and this code word is expressed as cijAnd However, encoding is performed using an M sequence (eg, (1001011) when k = 3).ijThis is done by performing a left cyclic shift by 'bits.
(3) ci0The 0 position is replaced with b bit 0, and the 1 position is replaced with the b bit code word shown in the following (16) from the left. Thereby, the code length b2, Weight (2k-1)2Can be expanded to
[0052]
[Expression 10]
[0053]
(4) By repeating the above processing hierarchically t times, the code length bt, Weight (2k-1)tCan be expanded to Note that the number of 1s when the bit AND of different second ID vectors is taken, that is, #WimIs always (2k-2)tThat's it.
[0054]
The above (1) to (4) will be described with a simple example. k = 3, b = 2kWhen −1 = 7 and t = 2, it is as follows.
h (IDA) = 14761 = 6 + 3 ・ 7 + 0 ・ 72+ 1 · 7Three+2.7Four
Vector wA′ = (6, 3, 0, 1, 2)
Vector wA′ Encoding:
(6, 3, 0, 1, 2) → (1100101, 1011100, 1001011, 0010111, 0101110) In this case, g (IDA) Is given by (17) below.
[0055]
## EQU11 ##
[0056]
Next, an attack technique using the LLL algorithm for ID-NIKS of the present invention will be considered.
[0057]
(Third-party secret vector forgery attacks)
The secret key vector s of the victim entity v using the LLL algorithmvA method for obtaining an approximate value of is considered. The secret key vector s of the victim entity vvTo obtain an approximate value of the same method P as the sacrificial entity vvOr, the secret key vector of the collusion entity generated by the method including it as a factor is necessary. In other words, a collusion entity having a second ID vector whose second ID vector is the same as or including that of the victim entity v is necessary, and this attack method is made impossible by devising the configuration of the second ID vector. be able to.
[0058]
Also, the law P of the sacrificial entity vvAn attack method with a collusion entity having a method that partially includes the factors of(j)If you try to attack with the law iniThe component of P(j)It is bigger than it can be attacked. In the method based on the method of the preceding example 2, the vector riThis attack method becomes more difficult. Furthermore, it is necessary to apply the Chinese remainder theorem at the final stage of the attack, and at that time, a small random number term unique to each collusion entity is multiplied by a large value, so the probability that such an attack technique will also succeed is sufficiently low .
[0059]
(Collusion attack method for finding the center secret matrix)
Consider an attack that directly applies the secret symmetric matrix T of the center by applying the LLL algorithm. Where tp, jIs a component of the pth row and jth column of the symmetric matrix T, and the symmetric matrix T is expressed as T≡T(j)(Mod P(j)) (J = 1, 2,..., DgIs satisfied.
[0060]
Secret key vector s of collusion entity iiThe first component can be expressed by the following (18). Ri1Solving for, it becomes (19) below. The known term in the equation (19) is the following (20), and the unknown term is the following (21).
[0061]
[Expression 12]
[0062]
Here, the matrix equation of the following (22) is formed from the known term and the unknown term in the above equation (19) of n collusion entities (i = 1, 2,..., N).
[0063]
[Formula 13]
[0064]
[-R on the right side of (22) above11, -R12, ..., -r1n] Is a small vector, and when this is regarded as the minimum basis vector of the lattice and the LLL algorithm is applied, an unknown term shown in (23) below may be obtained.
[0065]
[Expression 14]
[0066]
The unknown terms shown in (24) below are uniquely determined based on the method shown in (25) below, and the number of digits is almost equal to the number of digits shown in (26) below.
[0067]
[Expression 15]
[0068]
On the other hand, the secret component possessed by entity i isiAnd the unknown term tp, jAnd the secret component of the collusion entity i, the ratio of the number of digits is the dimension number d of the function g (·)gAnd the ratio of the number of components to 1 is almost equal. When this ratio is R, in order for such a collusion attack to succeed, at least dfR collusion entities are required.
[0069]
Therefore, this ratio R may be increased in order to make the system safer against collusion attacks. For example, when g (·) is configured using the above-described M-sequence constant weight code hierarchically, when each parameter is set to k = 3, t = 4, the dimension dgIs 7Four= 2401, whereas its weight is 4Four= 256, and the ratio R is about 9.38. In this case, the method P used for key sharingiw#W that defines the size ofimIs 2Four= 16. Furthermore, P(j)Log is a prime number of about 20 bits, log2(Pim) Is about 320, and the size of the common law used for collusion attacks is as follows (27).
[0070]
[Expression 16]
[0071]
In this case, in the collusion attack for the method of the present invention, the number of collusion entities is set to 9d.fAs described above, calculation in the case of an attack using the LLL algorithm is an operation of about 48,020 bits and requires a huge amount of calculation.
[0072]
  As described above, the method of the present invention is a safer method against collusion attacks using the LLL algorithm than the preceding examples 1 and 2 with respect to the collusion threshold value and the amount of calculation of each multiplication and division. ing.Further, in the above-described cryptographic communication system, one central center and a plurality of division centers are provided, and each division center obtains the secret vector of the entity, so that one center holds the secret of all the entities. There is nothing, Big brother The problem has been solved.
[0073]
FIG. 3 is a diagram showing the configuration of the embodiment of the recording medium of the present invention. Processes for obtaining a method specific to each entity shown in the above (4) and processes for calculating a secret key specific to each entity shown in the above (5) and (6). The computer 40 on which the program to be loaded is loaded is provided on the management center 1 side. In addition, it is recorded on the recording medium described below, and a process for obtaining a common method between entities shown in (7) above and a shared key between entities shown in (8) and (9) above are calculated. A computer 40 loaded with a program including processing is provided on each entity side.
[0074]
In FIG. 3, the recording medium 41 connected online with the computer 40 is a WWW (World Wide Web) server computer installed at a distance from the installation location of the computer 40. The recording medium 41 includes the above-described program. 41a is recorded. The program 41a read from the recording medium 41 controls the computer 40, thereby generating a secret key unique to each entity in the overall center 1, and generating a shared key for the entity to be communicated in each entity.
[0075]
The recording medium 42 provided in the computer 40 is a built-in hard disk drive or ROM, for example, and the recording medium 42 stores the program 42a as described above. The program 42a read from the recording medium 42 controls the computer 40, thereby generating a secret key unique to each entity in the overall center 1, and generating a shared key for the entity to be communicated in each entity.
[0076]
The recording medium 43 loaded and used in a disk drive 40a provided in the computer 40 is a portable medium such as a magneto-optical disk, a CD-ROM, or a flexible disk. 43a is recorded. The program 43a read from the recording medium 43 controls the computer 40, thereby generating a secret key unique to each entity in the overall center 1, and generating a shared key for the entity to be communicated in each entity.
[0077]
【The invention's effect】
As described above in detail, in the present invention, a method unique to each entity is set for each entity, and a secret key unique to each entity is generated by the set method. It becomes possible to increase safety.
[Brief description of the drawings]
FIG. 1 is a schematic diagram showing a configuration of a cryptographic communication system according to the present invention.
FIG. 2 is a schematic diagram showing a communication state of information between two entities.
FIG. 3 is a diagram illustrating a configuration of an embodiment of a recording medium.
FIG. 4 is a principle configuration diagram of an ID-NIKS system.
[Explanation of symbols]
1 Control Center
10 split center
11, 21 public key generator
12, 22 Shared key generator
13 Encryptor
23 Decoder
30 communication path
40 computers
41, 42, 43 Recording media

Claims (4)

  1. A secret key unique to each entity is sent from the center device to each entity device, and one entity device shares the entity-specific secret key sent from the center device and the public key of the other entity that has been made public The plaintext is encrypted into ciphertext using the key and transmitted to the other entity device, and the ciphertext transmitted by the other entity device is disclosed as the private key unique to the entity sent from the center device. In addition, by using the same shared key as the shared key obtained from the public key of the one entity, decryption into the original plaintext requires preliminary communication between entity devices prior to ciphertext communication. specific at non scheme, the encryption communication method for communicating information between entity device, the center device, each of said entity Set law, the generating the respective entity-specific secret key by specific laws set for each entity, the one and the other entity device, commonly based on the unique law set for each of said entity A cryptographic communication method characterized in that the shared key is generated by the common method obtained.
  2. Specific the center apparatus, which obtains a secret vector for each entity using the public key of each entity, by using the secret vector of each was determined entity and each entity unique personal secret random number vector was set for each of the respective entities The cryptographic communication method according to claim 1, wherein a secret key unique to each entity is generated by the method of (1).
  3. The encryption communication method according to claim 1 , wherein the center device obtains a public key of each entity based on specific information of each entity.
  4. Preliminary communication between multiple entity devices is required prior to ciphertext communication for the process of encrypting plaintext, which is information to be transmitted, into ciphertext and the process of decrypting the transmitted ciphertext into the original plaintext In a cryptographic communication system that mutually performs between a plurality of entity devices in a scheme that does not, and means for setting a unique method for each entity, means for generating a secret key unique to each entity by the set method, and generation a center device comprising means for sending the private key to each entity apparatus, means asking you to common law based on the unique law set for each entity, and, by a common law determined, from the center device using the the sent its own unique private key and public key Entite I to be communicated, means for generating a shared key of a process for processing and decoding said encrypted Cryptographic communication system characterized by having a plurality of entity devices having.
JP20390399A 1999-07-16 1999-07-16 Cryptographic communication method and cryptographic communication system Expired - Fee Related JP3953235B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP20390399A JP3953235B2 (en) 1999-07-16 1999-07-16 Cryptographic communication method and cryptographic communication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP20390399A JP3953235B2 (en) 1999-07-16 1999-07-16 Cryptographic communication method and cryptographic communication system

Publications (2)

Publication Number Publication Date
JP2001036516A JP2001036516A (en) 2001-02-09
JP3953235B2 true JP3953235B2 (en) 2007-08-08

Family

ID=16481624

Family Applications (1)

Application Number Title Priority Date Filing Date
JP20390399A Expired - Fee Related JP3953235B2 (en) 1999-07-16 1999-07-16 Cryptographic communication method and cryptographic communication system

Country Status (1)

Country Link
JP (1) JP3953235B2 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7213004B2 (en) * 2001-04-12 2007-05-01 Koninklijke Philips Electronics N.V. Apparatus and methods for attacking a screening algorithm based on partitioning of content

Also Published As

Publication number Publication date
JP2001036516A (en) 2001-02-09

Similar Documents

Publication Publication Date Title
Liu et al. An efficient privacy-preserving outsourced calculation toolkit with multiple keys
JP5933786B2 (en) ID-based encryption and related cryptosystem systems and methods
JP2019509648A (en) Secure multi-party loss-tolerant storage and transfer of cryptographic keys for blockchain-based systems in conjunction with wallet management systems
JP6515246B2 (en) Determination of common secrets for the secure exchange of information and hierarchical and deterministic encryption keys
JP2017063432A (en) System and method for designing secure client-server communication protocols based on certificateless public key infrastructure
KR102116877B1 (en) New cryptographic systems using pairing with errors
Han et al. Identity-based data storage in cloud computing
Kumar et al. Secure storage and access of data in cloud computing
Liu et al. Two-factor data security protection mechanism for cloud storage system
US8320559B1 (en) Identity-based-encryption system
Perlner et al. Quantum resistant public key cryptography: a survey
US8086857B2 (en) Identity-based-encryption messaging system
US6298153B1 (en) Digital signature method and information communication system and apparatus using such method
US7305548B2 (en) Using atomic messaging to increase the security of transferring data across a network
US9704159B2 (en) Purchase transaction system with encrypted transaction information
US6535980B1 (en) Keyless encryption of messages using challenge response
JP3193610B2 (en) Communications system
KR100734162B1 (en) Method and apparatus for secure distribution of public/private key pairs
JP5130318B2 (en) Certificate-based encryption and public key structure infrastructure
US7315945B2 (en) Directoryless public key cryptographic system and method
US7739501B2 (en) Cryptographic key construct
US9246674B2 (en) Generation of cryptographic keys
US6389136B1 (en) Auto-Recoverable and Auto-certifiable cryptosystems with RSA or factoring based keys
Piper Cryptography
US5907618A (en) Method and apparatus for verifiably providing key recovery information in a cryptographic system

Legal Events

Date Code Title Description
A02 Decision of refusal

Free format text: JAPANESE INTERMEDIATE CODE: A02

Effective date: 20040817

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20041015

A911 Transfer of reconsideration by examiner before appeal (zenchi)

Free format text: JAPANESE INTERMEDIATE CODE: A911

Effective date: 20041021

A912 Removal of reconsideration by examiner before appeal (zenchi)

Free format text: JAPANESE INTERMEDIATE CODE: A912

Effective date: 20050624

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20070323

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20070424

R150 Certificate of patent or registration of utility model

Free format text: JAPANESE INTERMEDIATE CODE: R150

LAPS Cancellation because of no payment of annual fees