JPH1138875A - Ciphering apparatus and deciphering apparatus based on quadratic expression on finite ring - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an ciphering apparatus and deciphering apparatus based on the quadratic expression on a finite ring having a sufficiently small calculation time and sufficient cipher intensity. SOLUTION: The ciphering apparatus having a deciphering means for encrypting plaintext by the encryption expression on the finite ring has a signal receiving means which receives the public keys [n, R, a1 , a2 , a3 , a4 , b1 , b2 , b3 , b4 ] of signal receivers from a public file apparatus, a memory means which stores the public keys received by this signal receiving means, an arithmetic means which encrypts the plaintext to ciphertext by using the quadratic expression relating to the plaintext (x1 , x2 , x3 , x4 ; y1 , y2 , y3 , y4 ) with the a1 , a2 , a3 , a4 , b1 , b2 , b3 , b4 stored in this memory means on the finite ring as coef. with n<2> as normal and a signal transmitting means which transmits the ciphertext calculated by this arithmetic means to signal receivers.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method for transmitting a digitized document by an encryption device and a decryption device based on a quadratic expression on a finite ring. The present invention relates to an encryption device for encrypting and a decryption device for decrypting a ciphertext transmitted by the encryption device into plaintext.

[0002]

2. Description of the Related Art Public key cryptography is known as a method for encrypting communication data so that the communication data is not eavesdropped by a third party. Also, RSA is used as public key encryption.
Encryption and Rabin encryption are known. These ciphers convert a plaintext M into a ciphertext C by performing an operation modulo n, where n is a public key.

[0003] For RSA encryption and Rabin encryption,
There are detailed explanations in Tsujii and Kasahara's "Cryptography and Information Security" and Okamoto's "Introduction to Cryptography".

[0004] The RSA encryption and the Rabin encryption use, when encrypting or decrypting, a power-up operation number 1 modulo n.
Needs to be executed.

[0005]

(Equation 1)

At this time, the magnitude of the exponent e is log ₂ n
In most cases it will be on the order of. Therefore,
The number of remainder multiplications is on the order of 2 × log ₂ n, and n
Is about 4000 times when is an integer of 600 decimal digits, and the operation time for encryption and decryption in the case of RSA encryption and the operation time for decryption in the case of Rabin encryption are long.

For example, in the case of the RSA encryption, when 3 or 5 is selected as the exponent for the encryption operation, the time required for the encryption is reduced, but the number of the decryption operations is about 4000, and the operation time is reduced. It gets bigger.

[0008]

SUMMARY OF THE INVENTION The present invention solves the above-mentioned conventional problems, and provides an "encryption apparatus and decryption based on a quadratic expression on a finite ring" which has a sufficiently short operation time and a sufficiently large encryption strength. The purpose of the present invention is to provide a “chemical device”.

[0009]

In order to achieve the above object, an encryption apparatus according to the present invention comprises a receiving means for receiving a recipient's public key from a public file device, and a public key received by the receiving means. storage means for, on a finite ring and ^{n 2} _{modulo, a 1, a 2, a} 3, a 4, b 1, b 2, b 3, b 4
, And plain text (x ₁ , x ₂ , x ₃ , x ₄ ; y ₁ ,
a calculating means for encrypting the ciphertext plaintext, and transmission means for transmitting to the recipient the calculated ciphertext calculating means with _{y 2, y 3, y 4} ) relates to a quadratic equation.

Further, the decryption device of the present invention provides a prime number generating means for generating two prime numbers having sufficiently large values and substantially equal sizes, and a public key and a public key from two prime numbers generated by the prime number generating means. Key generation means for generating a secret key, transmission means for transmitting the public key generated by the key generation means, storage means for storing the secret key generated from the key generation means, and transmission from the encryption device of the sender Receiving means for receiving the ciphertext to be received, and from the secret key stored in the storage means and the ciphertext received by the receiving means, perform a reciprocal operation, a remainder multiplication operation, a square root operation on a real number, and four arithmetic multiplications, and (X ₁ , x ₂ , x ₃ ,
and a plaintext calculation means for calculating the _{y 1, y 2, y 3} , y 4); x 4.

[0011]

According to the encryption device of the present invention, n ²
The cryptographic strength is made sufficient by employing a plaintext quadratic equation on a finite ring modulo. Generally n ²
It can be said that finding the square root on a finite ring modulo is as difficult as the factorization of n from the viewpoint of computational complexity.

The decoding apparatus of the present invention uses a square root operation on a real number as an inverse operation of a square operation on a finite ring modulo n ^2, thereby reducing the amount of calculation sufficiently. Made it possible. In the decryption by the RSA encryption or the Rabin encryption, when n is an integer of 600 decimal digits, as a reverse operation of the exponentiation operation performed in the encryption, generally about 4000 times of remainder multiplication are performed. I have. Compared with these methods, the amount of calculation for decoding according to the present invention is about 70 operations regardless of the bit length of plaintext.

[0013]

Embodiments of the present invention will be described below in detail with reference to the drawings.

First, the encryption device of the present invention will be described. The encryption device uses a public key [n, R, a ₁ , a ₂ , a ₃ ,
a ₄ , b ₁ , b ₂ , b ₃ , b ₄ ] using the plain text (x ₁ ,
x ₂ , x ₃ , x ₄ ; y ₁ , y ₂ , y ₃ , y ₄ ) are encrypted into a ciphertext w and transmitted to the decryption device.

FIG. 1 shows a configuration example of an encryption device according to an embodiment of the present invention. The encryption device 100 shown in the figure includes a public key [n, R, a ₁ , a ₂ , a ₃ , a ₄ , b ₁ , b ₂ ,
b ₃ , b ₄ ], a storage unit 102 for storing the received public key, an encryption calculator 103 for calculating the cipher text w, and a transmitter 104 for transmitting the cipher text w to the decryption device. Be composed.

The operation of each component of the encryption device 100 will be described below.

(1) The receiver 101 sends the recipient's public key [n, R, a ₁ , a ₂ , a ₃ ,
a ₄ , b ₁ , b ₂ , b ₃ , b ₄ ] are received.

(2) The storage unit 102 stores the receiver 1 in (1)
01 receives the public key [n, R,
a ₁ , a ₂ , a ₃ , a ₄ , b ₁ , b ₂ , b ₃ , b ₄ ] are stored.

(3) The ciphertext calculator 103 calculates the public key and plaintext (x ₁ , x ₂ , x ₃ , x ₄ ; y ₁ ,
y ₂ , y ₃ , y ₄ ) and the ciphertext w
Is calculated.

[0020]

(Equation 2)

(4) The transmitter 104 transmits the ciphertext w obtained by the ciphertext calculator 103 in (3) to the receiver.

Next, the decoding apparatus of the present invention will be described. FIG. 2 shows a configuration example of a decoding device according to an embodiment of the present invention. The decryption device 200 shown in FIG. 1 includes a prime number generator 201 for generating two prime numbers p and q having sufficiently large values and substantially equal sizes, and a key generator 2 for generating a public key and a secret key.
02, a transmitter 203 for transmitting a public key to a public file,
A storage unit 204 for storing a secret key generated from the key generator 202, a receiver 205 for receiving a ciphertext transmitted from the encryption device of the sender, a secret key stored in the storage unit 204, and a received cipher. From the statement, reciprocal operation, remainder multiplication operation,
The square root operation and the four arithmetic operations on the real number are executed, and the plaintext (x ₁ , x
₂ , x ₃ , x ₄ ; y ₁ , y ₂ , y ₃ , y ₄ ).

The operation of each component of the decoding device 200 will be described below.

(1) The prime number generator 201 generates two prime numbers p and q having sufficiently large values and substantially equal sizes.

(2) The key generator 202 is the prime number generator 20
From two prime numbers p and q generated from the public key [n,
R, a ₁ , a ₂ , a ₃ , a ₄ , b ₁ , b ₂ , b ₃ ,
b ₄ ] and secret keys [p, q, g ₁ , g ₂ , h ₁ , h ₂ ,
k; Dx ₁₁ , Dx ₁₂ , Dx ₁₃ , Dx ₁₄ , Dx
_{21, Dx 22, Dx 23,} Dx 24, Dx 31, Dx
_{32, Dx 33, Dx 34,} Dx 41, Dx 42, Dx
_{43, Dx 44; Dy 11,} Dy 12, Dy 13, Dy
_{14, Dy 21, Dy 22,} Dy 23, Dy 24, Dy
_{31, Dy 32, Dy 33,} Dy34, Dy41, Dy
42, Dy43, Dx44].

(3) The transmitter 203 sends the public key [n, R, a ₁ , a ₂ , a ₃ , a ₄ ,
b ₁ , b ₂ , b ₃ , b ₄ ] to the public file.

(4) The storage unit 204 stores the secret key [p, q,
_{g 1, g 2, h 1} , h 2, k; Dx 11, Dx 12, D
_{x 13, Dx 14, Dx 21} , Dx 22, Dx 23, D
_{x 24, Dx 31, Dx 32} , Dx 33, Dx 34, D
x ₄₁ , Dx ₄₂ , Dx ₄₃ , Dx ₄₄ ; Dy ₁₁ , D
_{y 12, Dy 13, Dy 14} , Dy 21, Dy 22, D
_{y 23, Dy 24, Dy 31} , Dy 32, Dy 33, D
_{y 34, Dy 41, Dy 42} , Dy 43, stores the _{Dx 44].}

(5) The receiver 205 receives the cipher text transmitted from the sender's encryption device.

(6) The plaintext operation unit 206 is a storage unit 20
4 [p, q, g ₁ , g ₂ ,
_{h 1, h 2, k;} Dx 11, Dx 12, Dx 13, Dx
_{14, Dx 21, Dx 22,} Dx 23, Dx 24, Dx
_{31, Dx 32, Dx 33,} Dx 34, Dx 41, Dx
_{42, Dx 43, Dx 44;} Dy 11, Dy 12, Dy
_{13, Dy 14, Dy 21,} Dy 22, Dy 23, Dy
_{24, Dy 31, Dy 32,} Dy 33, Dy 34, Dy
₄₁ , Dy ₄₂ , Dy ₄₃ , Dx ₄₄ ] and the received ciphertext w, the reciprocal operation, the remainder multiplication operation, the square root operation on the real number and the four arithmetic operations 3 are executed, and the plaintext (x ₁ , x ₂ , x _{3) is obtained.} , X
₄ ; y ₁ , y ₂ , y ₃ , y ₄ ) are calculated.

[0030]

(Equation 3)

FIG. 3 shows an example of a system configuration according to an embodiment of the present invention. The system shown in FIG.
0, a decryption device 200 and a public file device 300. The public file device 300 manages a user name and a public key for each user. These keys are obtained from a key generator in the decryption device 200 via a receiver.
When the encryption device 100 performs encryption, the public file device 300 sends out these keys via the transmitter.

In such a configuration, the public file device 300 is provided on the center side, the encryption device 100 is provided on the transmission side, and the decryption device is provided on the reception side. further,
These devices are respectively connected by communication paths.

The operation of the configuration shown in FIG. 3 will be described below.

(1) The receiving side uses a key generator in the decryption device to generate its own public key [n, R, a ₁ , a ₂ , a ₃ , a _3
4 , b ₁ , b ₂ , b ₃ , b ₄ ] and a secret key [p, q,
_{g 1, g 2, h 1} , h 2, k; Dx 11, Dx 12, D
_{x 13, Dx 14, Dx 21} , Dx 22, Dx 23, D
_{x 24, Dx 31, Dx 32} , Dx 33, Dx 34, D
x ₄₁ , Dx ₄₂ , Dx ₄₃ , Dx ₄₄ ; Dy ₁₁ , D
_{y 12, Dy 13, Dy 14} , Dy 21, Dy 22, D
_{y 23, Dy 24, Dy 31} , Dy 32, Dy 33, D
y ₃₄ , Dy ₄₁ , Dy ₄₂ , Dy ₄₃ , Dx ₄₄ ] are determined, the public key is transmitted to the center, and the public file device 3 is determined.
Register at 00. Further, it outputs the secret key to the storage unit in decryption device 200.

(2) The transmitting side uses the encryption device 100 to transmit plaintext (x ₁ , x ₂ , x ₃ , x ₄ ; y ₁ , y ₂ ,
y ₃ , y ₄ ) is encrypted, and the ciphertext w is transmitted to the receiving side.

(3) The receiving side uses the decryption device 200 to convert the ciphertext w to the plaintext (x ₁ , x ₂ , x ₃ , x ₄ ;
y ₁ , y ₂ , y ₃ , y ₄ ) are obtained.

[0037]

As described above, according to the present invention, it is possible to sufficiently reduce the amount of calculation required for encryption and decryption while maintaining sufficient encryption strength.

[Brief description of the drawings]

FIG. 1 is a diagram illustrating a configuration example of an encryption device according to an embodiment of the present invention.

FIG. 2 is a diagram illustrating a configuration example of a decoding device according to an embodiment of the present invention.

FIG. 3 is a diagram illustrating an example of a system configuration according to an embodiment of the present invention.

[Explanation of symbols]

 REFERENCE SIGNS LIST 100 encryption device 101 receiver 102 storage unit 103 encryption operation unit 104 transmitter 200 decryption device 201 prime number generator 202 key generator 203 transmitter 204 storage unit 205 receiver 206 plaintext operation unit 300 public file device

## EQU1 ## C = M ^e (mod n)

W = (a ₁ x ₁ + a ₂ x ₂ + a ₃ x ₃ + a ₄ x
^{_{4) 2 + b 1 y 1}} + b 2 y 2 + b 3 y 3 + b 4 y 4 (m
od n ² ) R / 2 ≦ x _i <R (i = 1,..., 4) 0 ≦ y _i <R (i = 1,..., 4) 0 ≦ w <n ²

Equation 3] _{^{w1 = wk -1 (mod p 2}} ) w 2 = wk -1 (mod q 2) s 1 = [(w 1) 1/2]: [m] the largest integer that does not exceed m Represent. ^{_{s 3 = [(w 2)}} 1/2] t 1 = w 1 -s 1 2 t 3 = w 2 -s 3 2 s 2 = s 1 g 1 (mod p) s 4 = s 3 g 2 (mod q) t ₂ = t ₁ h ₁ (mod p) t ₄ = t ₃ h ₂ (mod q) m ₁ = (s ₁ g ₁ -s ₂ ) / pm ₂ = (s ₃ g ₂ -s ₄ ) _{/ q n 1 = (t 1} h 1 -t 2) / p n 2 = (t 3 h 2 -t 4) / q x 1 = s 1 Dx 11 -m 1 Dx 12 + s 3 Dx 13 -m
_{2 Dx 14 x 2 = -s 1} Dx 21 + m 1 Dx 22 -s 3 Dx 23 +
_{m 2 Dx 24 x 3 = s} 1 Dx 31 - m 1 Dx 32 + s 3 Dx 33 -m
^{_{2 Dx 34 x 4 = - S}} 1 Dx 41 + m 1 Dx 42 -s 3 Dx 43 +
_{m 2 Dx 44 y 1 = t} 1 Dy 11 -n 1 Dy 12 + t 3 Dy 13 -n
_{2 Dy 14 y 2 = -t 1} Dy 21 + n 1 Dy 22 -t 3 Dy 23 +
_{n 2 Dy 24 y 3 = t} 1 Dy 31 -n 1 Dy 32 + t 3 Dy 33 -n
₂ Dy ₃₄ y ₄ = −t ₁ Dy ₄₁ + n ₁ Dy ₄₂ −t ₃ Dy ₄₃ +
n ₂ Dy44

Claims (2)

[Claims] 1. An encryption device having an encryption means for encrypting a plaintext by an encryption formula on a finite ring, wherein a public key [n, R, a ₁ ,
a ₂ , a ₃ , a ₄ , b ₁ , b ₂ , b ₃ , b ₄ ], a storage unit for storing the public key received by the receiving unit, and a finite number modulo n ^2. On the ring, plain text (x ₁ , x ₂ , x ₃ ) using a ₁ , a ₂ , a ₃ , a ₄ , b ₁ , b ₂ , b ₃ , b ₄ stored in the storage means as coefficients. , X ₄ ; y ₁ , y
₍₂ , y ₃ , y ₄ ) using a quadratic expression to encrypt the plaintext into ciphertext, and transmitting means for transmitting the ciphertext calculated by the calculating means to the receiver. Encryption device on a finite ring. 2. A decryption apparatus having decryption means for decrypting a ciphertext by a decryption formula on a finite ring, comprising: prime number generation means for generating prime numbers p and q; and prime number generated by said prime number generation means. key generating means for generating a public key and a secret key from p and q; transmitting means for transmitting the public key generated by the key generating means to a public file; and storing the secret key generated by the key generating means. Storage means; receiving means for receiving a cipher text transmitted from the sender's encryption device; reciprocal operation and remainder multiplication operation from the secret key stored in the storage means and the cipher text received by the receiving means , Perform the square root operation and the four arithmetic operations on the real numbers, and execute the plaintext (x ₁ , x ₂ ,
_{x 3, x 4; y 1} , y 2, y 3, the decoding apparatus characterized by having a plaintext calculation means for calculating a _{y 4).}