JPS6095475A - Key generation system for cryptographer - Google Patents
Key generation system for cryptographerInfo
- Publication number
- JPS6095475A JPS6095475A JP58202297A JP20229783A JPS6095475A JP S6095475 A JPS6095475 A JP S6095475A JP 58202297 A JP58202297 A JP 58202297A JP 20229783 A JP20229783 A JP 20229783A JP S6095475 A JPS6095475 A JP S6095475A
- Authority
- JP
- Japan
- Prior art keywords
- key
- public key
- public
- keys
- stored
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
(57)【要約】本公報は電子出願前の出願データであるた
め要約のデータは記録されません。(57) [Summary] This bulletin contains application data before electronic filing, so abstract data is not recorded.
Description
【発明の詳細な説明】
(a)発明の技術分野
本発明は通信路の各終端に設置されるデータ回線終端装
置と該データ回線終端装置に接続されてデータ伝送を行
うデータ端末装置との間に設けられ、公開鍵配送方式(
Pui+1ic Key DistributionS
ystem) (PKDS)を用いて前記データ端末装
置の送出する信号を暗号化する暗号装置に係り、特に高
価な専用演算回路を使用することなく公開鍵配送に必要
な通信路の占有時間を短縮する暗号装置の鍵生成方式に
関する。Detailed Description of the Invention (a) Technical Field of the Invention The present invention relates to a data line terminating device installed at each end of a communication path and a data terminal device connected to the data line terminating device for data transmission. A public key distribution method (
Pui+1ic Key DistributionS
The present invention relates to an encryption device that encrypts signals sent from the data terminal device using PKDS (PKDS), which shortens the time occupied by a communication channel necessary for public key distribution without using particularly expensive dedicated arithmetic circuits. This invention relates to a key generation method for a cryptographic device.
(b)従来技術と問題点
計算機システム相互間で通信路を用いて相互にデータ伝
送を行う場合や計算機システムに通信路を介して端末装
置を接続しデータ伝送を行う場合、伝送する情報を暗号
化してデータ伝送することがある。この場合情報を暗号
化/復号化するのに必要とする鍵があり、両端局に設置
される暗号装置相互で前記鍵の交換を行う必要がある。(b) Prior art and problems When transmitting data between computer systems using a communication channel, or when transmitting data by connecting a terminal device to a computer system via a communication channel, the information to be transmitted is encrypted. may be used to transmit data. In this case, there is a key required to encrypt/decrypt information, and it is necessary to exchange the key between the encryption devices installed at both terminal stations.
この鍵交換方法の一つに公開鍵配送方式がある。従来の
公開鍵配送方式にて鍵配送を実施する暗号装置の鍵生成
方式を第1図を用いて説明する。One of these key exchange methods is a public key distribution method. A key generation method for a cryptographic device that performs key distribution using a conventional public key distribution method will be described with reference to FIG.
第1図は公開鍵配送方式による鍵生成方式を説明する図
である。データ端末装置1から送出されたデータは暗号
装置2で111号化されデータ回線終端装置3で通信路
で伝送するに適した(ri ’77に変換されて送出さ
れる。データ回線終端装置1TIL4に到達した前記信
号は元の暗号化されたデータに変換されて暗号装置5に
入り、復号化されてデータ端末装置6に送出される。デ
ータ端末装;ηGから送出されるデータは上記同様にし
て伝送される。ここで暗号装置2は公開鍵配送1け示を
l−’Jガとして秘密鍵αを発生する。そして公開1t
! Xの演算を行う。FIG. 1 is a diagram illustrating a key generation method using a public key distribution method. The data sent from the data terminal device 1 is encrypted with 111 by the encryption device 2, converted into ri '77 suitable for transmission over the communication path by the data line termination device 3, and sent out. The signal that has arrived is converted into the original encrypted data, enters the encryption device 5, is decrypted, and is sent to the data terminal device 6.The data sent from the data terminal device; ηG is processed in the same manner as above. The encryption device 2 generates a private key α using the public key distribution 1 as l-'J.
! Perform the calculation of X.
即ちX−症’(modn)の演算で、これはMをα乗し
てnで割るという演算である。これ(,1一方向性関数
でXからαをめることが非常に時間がかかり困難である
ため、例えこのXが漏洩して1)暗号を解くことが非常
に困ゲ1[であるのでx4−公開鍵という。そしてこの
Xをjm信l18を経て1lfi冒装fFi! 5に配
送する。暗号装置5はこのXを受信すると秘密鍵βを発
生し公開鍵Yの演W Y = Mp(llIoiI n
)を行い、公開鍵Yを暗号装置2に配送する。lli
、’J装置2はこのYを受信すると共通鍵にの演算を
実施する。即ちK = Y” (mod n ) =
M”(mod n >となる。暗号装置2は公開鍵Yを
受信すると肯定応答を暗号装置5に送り、暗号装置5で
も共通鍵にの演算を行う。即ちに=Xβ(nod n
) = M”(mod n)となる。この共通鍵Kを用
いて暗号化/復号化を行う方式が公開鍵配送方式である
。ここで公開131!X及びYをめるM″(mod n
)及びMp(mod n)の演算に要する時間はM、α
、nが100ピッ1−程度の場合にマイクロプロセッサ
で実施した場合数秒〜10秒程変色なる。従って一度の
公開鍵配送に必要な時間が10〜20秒程度と変色通信
路占有時間が非常に大きく実用的ではない。そこで公開
fM!演算速度を速くするため専用のLSIを使用した
り、汎用高速プロセッサと演算方法の工夫とを組合せた
りしている。しかし専用LSIや高速プロセッサは高価
であり、しかも使用頻度が低く経済的ではないという欠
点がある。That is, it is an operation of X-symptom' (modn), which is an operation in which M is raised to the α power and divided by n. Since it is very time consuming and difficult to calculate α from X with this (,1 one-way function), even if this It is called x4-public key. And this X goes through JM faith l18 and becomes 1lfi adventure fFi! Delivered on 5th. When the cryptographic device 5 receives this X, it generates a private key β and performs the function of the public key Y as W Y = Mp(llIoiI n
) and delivers the public key Y to the cryptographic device 2. lli
, 'J When the device 2 receives this Y, it performs an operation on the common key. That is, K = Y” (mod n) =
M”(mod n >. When the cryptographic device 2 receives the public key Y, it sends an acknowledgment to the cryptographic device 5, and the cryptographic device 5 also performs an operation on the common key. That is, =Xβ(nod n
) = M" (mod n). The method of encrypting/decrypting using this common key K is the public key distribution method. Here, public 131!
) and Mp (mod n) are calculated using M, α
, when n is about 100 pips, the color changes for several seconds to 10 seconds when carried out using a microprocessor. Therefore, the time required for one-time public key distribution is about 10 to 20 seconds, which is very long and the time required to occupy the color change channel, which is not practical. So public fM! In order to increase the calculation speed, dedicated LSIs are used, or general-purpose high-speed processors are combined with innovative calculation methods. However, dedicated LSIs and high-speed processors are expensive and have the disadvantage that they are not used often and are not economical.
(C)発明の目的
本発明の目的は上記欠点を除くため、高価な専用演算回
路を使用することなく、且つ公開鍵配送に必要な通信路
の占有時間を短くする暗号装置の鍵生成方式を提供する
ことにある。(C) Object of the Invention In order to eliminate the above-mentioned drawbacks, the object of the present invention is to provide a key generation method for a cryptographic device that does not require the use of an expensive dedicated arithmetic circuit and shortens the time required to occupy a communication channel necessary for public key distribution. It is about providing.
(d)発明の構成
本発明の構成は通信路を介して伝送する情報を公開鍵配
送方式を用いて暗号化/ fit 9化する暗号装置に
おいて、複数の秘密鍵を発生し、該複数の秘密鍵に対応
する複数の公開鍵を演算して格納したテーブルを設しり
、予め定めた指示に従い前記テーブルから公開鍵を前記
暗号装置相圧間で配送し、該配送された公開鍵と該公開
鍵に基づく共i+11 tiH!の演算結果とを前記テ
ーブルの秘密鍵にえ1応して該テーブルに格納するよう
に制御すると共に前記公開鍵と共通鍵の演算をプロセッ
サの動作の空き時間に前記テーブルを参照して行うよう
に制御するものである。(d) Structure of the Invention The structure of the present invention is to generate a plurality of secret keys in an encryption device that uses a public key distribution method to encrypt/fit9 information transmitted via a communication path. A table is set up in which a plurality of public keys corresponding to each key are computed and stored, and the public key is distributed between the cryptographic devices from the table according to predetermined instructions, and the distributed public key and the public key are Share based on i+11 tiH! control to store the calculation result in the table corresponding to the private key of the table, and perform the calculation of the public key and the common key by referring to the table during the processor's idle time. It is intended to be controlled.
(e)発明の実施例
本発明は公開鍵配送で多くの時間を必要とするべき乗演
算M”(mod n)及びMp(modn)を公開鍵配
送指示により実施するのではなく、暗号装置に設けられ
ているマイクロプロセッサの動作の空き時間を利用して
実行して不揮発性メモリにVliえておき適宜配送する
ことで通信路の占有時間を短縮する。又一度の配送で複
数の公開鍵を送ることにより複数の秘密鍵に対する複数
の共通鍵を生成し得るようにするものである。(e) Embodiments of the Invention The present invention does not perform the exponentiation operations M'' (mod n) and Mp (mod n), which require a lot of time in public key distribution, by providing them in the cryptographic device using a public key distribution instruction. By executing the public key using the idle time of the microprocessor currently in use, storing Vli in non-volatile memory and transmitting it as appropriate, the time occupied by the communication channel is shortened.Also, it is possible to send multiple public keys in one transmission. This allows multiple common keys to be generated for multiple private keys.
第2図は本発明の制御方法を説明する図で、第3図は本
発明の一実施例のテーブルを説明する図である。第2図
、第3図を用いて説明する。データ端末装置1.6とデ
ータ回線終端装置3.4の動作は第1図と同様である。FIG. 2 is a diagram for explaining the control method of the present invention, and FIG. 3 is a diagram for explaining a table according to an embodiment of the present invention. This will be explained using FIGS. 2 and 3. The operations of the data terminal equipment 1.6 and the data line termination equipment 3.4 are similar to those shown in FIG.
暗号装置7は内蔵するマイクロプロセッサ又は乱数発生
回路により発生した乱数を使用した秘密鍵α1.α2.
・・・αnを不揮発性メモリで構成されるテーブルAの
秘密鍵の領域に第3図に示す如く格納する。又暗号装置
8は内蔵するマイクロプロセッサ又は乱数発生回路によ
り発生した乱数を使用した秘密鍵β1゜β2.・・・β
nを不揮発性メモリで構成されるテーブルBの秘密鍵の
領域に第3図に示す如く格納する。前記乱数即ち秘密鍵
α1〜αnに基づき暗号装置7のマイクロプロセッサは
動作していない空き時間を利用して公開鍵xl、x2.
・・・Xnを演算してテーブルAの公開鍵の領域に秘密
&)I!α1゜α2.・・・αnに対応して格納する。The cryptographic device 7 generates a secret key α1 using a random number generated by a built-in microprocessor or random number generation circuit. α2.
. . . αn is stored in the secret key area of table A configured in non-volatile memory as shown in FIG. Further, the encryption device 8 generates private keys β1, β2, . ...β
n is stored in the secret key area of table B configured in non-volatile memory as shown in FIG. Based on the random numbers, that is, the private keys α1 to αn, the microprocessor of the cryptographic device 7 generates the public keys xl, x2, .
...Xn is calculated and the public key area of table A is secret &) I! α1゜α2. ...Stored corresponding to αn.
又1lff号装置lY+′8のマイクロプロセッサは前
記乱数1111 ”5秘密鍵ρ1〜βnに基づき動作し
ていない空き時間に公開鍵Y、、Y2.・・・Ynを演
算してテーブルI3の公開鍵の領域に秘密鍵β1.β2
.・・・βnに対応して格納する。予め定めた手順によ
り例えば11η号装置7が公開鍵配送指示を受&Jると
テーブル八より公開鍵XI、X2、−Xnを読出してl
ll’9 号装置f8に配送する。暗号装置8は配送さ
れた公開鍵X1゜X2.・・・XnをテーブルBの相手
公開鍵の領域に秘密鍵β1.β2.・・・βnにえ1応
して格納する。In addition, the microprocessor of device No. 1lff lY+'8 calculates the public keys Y,, Y2,...Yn based on the random numbers 1111''5 private keys ρ1 to βn during idle time, and calculates the public keys of table I3. private keys β1, β2 in the area of
.. ...Stored corresponding to βn. According to a predetermined procedure, for example, when device 7 receives a public key distribution instruction, it reads out public keys XI, X2, -Xn from table 8, and
ll'9 Delivered to device f8. The encryption device 8 receives the delivered public keys X1, X2. ...Xn in the other party's public key area of table B as the private key β1. β2. ...Stored in accordance with βn.
そしてテーブルBより公開鍵Y1.Y2.・・・Ynを
読出して暗号装置7に配送する。暗号装置7は配送され
た公開鍵YI+Y2+ ・・・YnをテーブルAの相手
公開鍵の領域に秘密鍵α1.α2.・・・αnに対応し
て格納する。暗号装置7番:1公開鍵Yl。Then, from table B, public key Y1. Y2. ...Reads Yn and delivers it to the encryption device 7. The encryption device 7 stores the delivered public keys YI+Y2+...Yn in the other party's public key area of table A as the private key α1. α2. ...Stored corresponding to αn. Encryption device number 7: 1 public key Yl.
Y2.・・・Ynを受信すると肯定応答を暗号装置8に
送出して、公開鍵配送動作を完了する。従って通信路の
占有は公開鍵複数を相互に送出する時間で良いため非常
に少なくて済む。暗号装置7のマイクロプロセッサは空
き時間を利用してテーブルAより相手公開63!Y+
、 Y2 、・・・Ynと秘密鍵α1、α2.・・・α
nを順次読出して共通鍵に、、に2、・・・Knを演算
し、テーブルへの共通鍵の領域に秘密鍵αI、α2.・
・・αnに対応して格納する。Y2. ...When Yn is received, an acknowledgment is sent to the cryptographic device 8, and the public key distribution operation is completed. Therefore, the occupation of the communication path can be extremely small since the time required to mutually send out a plurality of public keys is sufficient. The microprocessor of the cryptographic device 7 uses the free time to publish the other party from table A 63! Y+
, Y2 , . . . Yn and secret keys α1, α2 . ...α
n is sequentially read out and 2, .・
...Stored corresponding to αn.
又11flJ置80マイクロプロセツサは空き時間を利
用してテーブルBより相手公開鍵Xl、X2゜・・・X
nと秘密鍵β1.β2、・・・βnを順次読出して共通
鍵に、、に2.・・・Knを演算し、テーブルBの共通
鍵の領域に秘密鍵β1.β2.・・・βnに対応して格
納する。この共通鍵Kl、に2+ ・・・Knが演算さ
れてテーブルA及びBに夫々格納される迄はそれ迄使用
している共通鍵を暗号化/復号化の鍵として使用する。Also, the 80 microprocessor in 11flJ uses the free time to retrieve the other party's public keys Xl, X2゜...X from table B.
n and private key β1. β2, . . . βn are read out sequentially and used as a common key, 2. . . . Kn is calculated, and the secret key β1 . β2. ...Stored corresponding to βn. Until 2+ .
又この共通鍵Kl、に2゜・・・Knの切替えは暗号装
置7又は8からの指示で行うことが出来る。Further, switching between the common keys Kl, 2°, . . . Kn can be performed by an instruction from the encryption device 7 or 8.
(f)発明の詳細
な説明した如く、本発明は高価な専用演算回路を使用す
る必要がなく、且つ通信路の占有時間も短くてすむ公開
鍵配送が可能で、更に一度の公開鍵配送で複数の公開鍵
を配送することが出来る。(f) As described in detail, the present invention does not require the use of expensive dedicated arithmetic circuits, and is capable of public key distribution that requires only a short time for occupying a communication channel. Multiple public keys can be distributed.
第1図は公開鍵配送方式による鍵生成方式を説明する図
、第2図は本発明の制御方法を説明する図、第3図は本
発明の一実施例のテーブルを説明する図である。
1.6はデータ端末装置、2.5.7.8は暗号装置、
3.4はデータ回線終端装置である。
第 3
テープ’/L、4
千−ブ)LBFIG. 1 is a diagram for explaining a key generation method using a public key distribution method, FIG. 2 is a diagram for explaining a control method of the present invention, and FIG. 3 is a diagram for explaining a table according to an embodiment of the present invention. 1.6 is a data terminal device, 2.5.7.8 is an encryption device,
3.4 is a data line termination device. 3rd Tape'/L, 4,000-B) LB
Claims (1)
暗号化/復号化する11η号装置において、複数の秘密
鍵を発生し、該複数の秘密鍵に対応する複数の公開鍵を
演算して格納したテーブルを設け、予め定めた指示に従
い前記テーブルから公開鍵を前記暗号装置相互間で配送
し、該配送された公開鍵と該公開鍵に基づく共通鍵の演
算結果とを前記テーブルの秘密鍵に対応して該テーブル
に格納するように制御すると共に前記公開鍵と共通鍵の
演算をプロセッサの動作の空き時間に前記テーブルを参
照して行うように制御することを特徴とする暗号装置の
鍵生成方式。A 11η device that encrypts/decrypts information transmitted via a communication channel using a public key distribution method generates a plurality of private keys and calculates a plurality of public keys corresponding to the plurality of private keys. A table is provided in which public keys are stored, and a public key is distributed between the encryption devices from the table according to predetermined instructions, and the distributed public key and the calculation result of a common key based on the public key are stored in the secret of the table. A cryptographic device, characterized in that it is controlled to be stored in the table in accordance with the key, and the calculation of the public key and the common key is performed by referring to the table during idle time of processor operation. Key generation method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP58202297A JPS6095475A (en) | 1983-10-28 | 1983-10-28 | Key generation system for cryptographer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP58202297A JPS6095475A (en) | 1983-10-28 | 1983-10-28 | Key generation system for cryptographer |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| JPS6095475A true JPS6095475A (en) | 1985-05-28 |
| JPH0362333B2 JPH0362333B2 (en) | 1991-09-25 |
Family
ID=16455208
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP58202297A Granted JPS6095475A (en) | 1983-10-28 | 1983-10-28 | Key generation system for cryptographer |
Country Status (1)
| Country | Link |
|---|---|
| JP (1) | JPS6095475A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1998032113A1 (en) * | 1997-01-17 | 1998-07-23 | Ntt Data Corporation | Method and system for controlling key for electronic signature |
| US20090154695A1 (en) * | 2003-02-10 | 2009-06-18 | Mauricio Sanchez | Managing a plurality of cached keys |
-
1983
- 1983-10-28 JP JP58202297A patent/JPS6095475A/en active Granted
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1998032113A1 (en) * | 1997-01-17 | 1998-07-23 | Ntt Data Corporation | Method and system for controlling key for electronic signature |
| US6377692B1 (en) | 1997-01-17 | 2002-04-23 | Ntt Data Corporation | Method and system for controlling key for electronic signature |
| US20090154695A1 (en) * | 2003-02-10 | 2009-06-18 | Mauricio Sanchez | Managing a plurality of cached keys |
| US8290153B2 (en) * | 2003-02-10 | 2012-10-16 | Hewlett-Packard Development Company, L.P. | Managing a plurality of cached keys |
Also Published As
| Publication number | Publication date |
|---|---|
| JPH0362333B2 (en) | 1991-09-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6393564B1 (en) | Decrypting device | |
| EP0002389B1 (en) | Multiple domain data communication | |
| US6975730B1 (en) | Method and apparatus for contents information | |
| US4322576A (en) | Message format for secure communication over data links | |
| USRE40694E1 (en) | Apparatus and method for re-encrypting data without unsecured exposure of its non-encrypted format | |
| JP3080382B2 (en) | Cryptographic communication system | |
| EP0800293A2 (en) | Circuit and method for generating cryptographic keys | |
| WO1997039552A9 (en) | An apparatus and method for re-encrypting data | |
| JPS6122316B2 (en) | ||
| JP2725478B2 (en) | Encryption key distribution method | |
| JPH0934356A (en) | High-bandwidth cryptographic system with low-bandwidth cryptographic module | |
| US20010014156A1 (en) | Common key generating method, common key generator, cryptographic communication method and cryptographic communication system | |
| JP2024512110A (en) | Data transmission methods, devices, electronic devices and storage media | |
| JPS6095475A (en) | Key generation system for cryptographer | |
| GB2124808A (en) | Security system | |
| JP2001111539A (en) | Cryptographic key generator and cryptographic key transmitting method | |
| US8156328B1 (en) | Encryption method and device | |
| US7607023B2 (en) | Data transfer method, data transfer apparatus, data transmission device, and data reception device | |
| JP2869165B2 (en) | Method of transferring confidential data using IC card | |
| JPH0777933A (en) | Network data ciphering device | |
| JP4117095B2 (en) | Encryption method | |
| JPS61163746A (en) | Cipher key distributing system | |
| JPH0719124B2 (en) | Cryptographic device | |
| JPH0439935B2 (en) | ||
| JPS6172436A (en) | Digital signature system |