JPS612445A - Signature document communication system - Google Patents

Abstract

PURPOSE:To inspect a signed document by forming a signature to be added to a document from secret information and the document on the basis of exponential congruity function operation, sending the signature together with the document, and on the receiving side, inspecting a responsible person for the formation of the received document as to the received document and signature on the basis of the information registered in an open note. CONSTITUTION:On the transmission side 4, random numbers q(1<=q<=n-1) are generated from a random number generator 2 and values S, T based upon the formulas I, II through exponential congruity operators 43, 44, a congruity multiplier 45 and an exponential congruity operator 46 on the basis of documents (m), ID1, A1, (n) stored in memories 40, 41 as the ones to be signed and sent to the receiving side together with the documents (m), ID1. On the receiving side, a document ID1.T<m> is formed by an exponential congruity operator 52 and a congruity multiplier 53 and a document S is formed by an exponential congruity operator 54 on the basis of the open information (e), (n) stored in an open note 51 and information (m), S, T, ID1 received from the transmission side 4 and whether the relation of the formula III is formed or not is inspected by a comparator 55. If said relation is formed, it is confirmed that the former of (m) has the identification number ID1.

Description

[Detailed Description of the Invention] [Industrial Application Field] The present invention provides a system for transmitting and receiving a document as digital information, in which the document is signed so that the person responsible for creating the document can be verified by the recipient and a third party. This invention relates to a communication method that adds and communicates.

[Prior art]

Conventional signature document communication methods include methods using open-book encryption represented by the R8A method (R, L, Rlvest,
el=, aL: ”A Method
for ObshiainiBDigital Sign
atures and Publjc -Key Cr
Communicati
ons on ACM, vol. 2.

No. 2, Tl p, 120-126
, 1978) is said to be the most promising method. However, with this method, it is necessary to register public information in a public register for signature creators, and if there are many signature creators (senders) in the system, maintaining and managing the public register requires a significant cost. The disadvantage is that it requires Furthermore, in a distributed processing system where all devices within the document communication system can locally verify all signed documents, it is necessary for each device to maintain and manage the public information of all senders. It is difficult to apply it to such distributed processing systems.

[Purpose of the invention]

SUMMARY OF THE INVENTION An object of the present invention is to provide a signed document communication system that enables verification of a signed document using public information that is uniquely common to all signature creators.

[Embodiments of the invention]

In the present invention, the above-mentioned R8A open book cryptographic division method and exponential congruence function calculation are used.

First, information to be set before signature creation/verification will be explained with reference to FIG. First, the system management unit 3 (for example, a device that operates with a specially protected program), which is the only one in the system, has P+ due to the following relationship.
q+ n+ e+ d+ A+ (!=1+2+...)
secretly generated. In the following, all variables are assumed to be positive integers unless otherwise specified.

rn, q: Prime number (1). -p
-q (2) e-d =
' 1 (modL) (3) However, 2. L=LCM ((p-1), ((1-1))(
LCM Cx,y:l is the least common multiple of X+'V)l
≦C≦L-1, 1≦d 5L-1 AHE I Dl” (modn)
(4):,: where ID is the identification number of signature creator i.

In the above, e and d are public registers of the R8A public register cryptography method,
Corresponds to a private key. In addition, the generation algorithm of p'q,
Regarding the calculation algorithms for equations (3) and (4), see the above-mentioned paper by Rivesj et al., E.

Kr+uth's book “The Art of
Computer P rgra+ut++1nfX,
vol. 2” (Addison-Weslcy,
1969).

The three system management units that generated each of the above information (p
, q, d) and keep A, secret for each signature creator, l, 2. ... and registers (e, n) as public information in the public tube 51 of the receiving side (signature verifier) 5. : Here, the information on the public tube may be held by a unit other than the receiving side.

Next, signature creation/verification according to the present invention will be explained according to FIG. 1.5 First, the sender 4 (corresponding to the signature creator l)
Consider the document m to be signed as an integer expressed in binary, and set m to m, 1(J −' 1 +
2+...).

0≦m,≦n −1 (5) Hereinafter, this divided m will be simply referred to as m.

Next, the sending side 4 generates a random number q(l≦+1
≦n-1) and stored in memory 40.41
rt, ID+, A+, n and q of the random number generator 40, the exponential congruence operator 43, 114° congruence multiplier 45,
and fF having a linear relationship using the exponential congruence calculator 46
It generates jS and T, and sends m, ID1 and 1tL to the receiving side.

S = A, ・A,,”” (mod n)
(6) T=I D ,' (mod
n) (7) On the receiving side 5, from the public information c, n held in the public cylinder (memory) 51 and the received information m, S, D', ID from the transmitting side 4, an exponent congruence calculator is used. 52 and a congruence multiplier 53 to generate TD, a T-5 exponent congruence calculator 54 to generate S, and a comparator 55 to generate TD.

S = ID, ・T (+nodn)
Verify whether the relationship (8) holds. If this relationship holds true, the one that created 1m has the identification number -18ID1
Authenticate that you are the person with the .

In addition, in the above equations (4L (7), (8),
h(ID, ) may be used instead of ID1. Here, h is an arbitrary one-way function, and is a function in which it is difficult to obtain X from h and (x). For a concrete example of a one-way function, see the paper by W, Diffie et al.
w Direction in Crypt, o
Hraphy” (I EEE Trans,
Inform, Theory, IT-22+
6.644-654, 1976).

Also, in the procedure described above, equations (4) and (6).

Instead of (7) and (8), use the following equations (9) and (10)
, (11) may also be used.

A, mid-ID, (modL)
(9) S E m” (mod n)
(10) Se=m''' (modn)
(11): In the case of:, the sender (signature creator)
There is no need to generate the random number 9, and there is no need to generate or transfer T. In this case, A needs to be recorded on a recording medium such as a card that cannot be read by the signature creator.

In the method explained up to this point, information S and T (or S) of the same size are added to document m, so if the information length of the signed document is three times the information length of the original document (if It becomes double) and then it goes on. Therefore, it is necessary to shorten the amount of information in the signed document, and the method described in Japanese Patent Application No. 59-52696 "Signed Document Communication Method 2" by Okamoto et al., pages 9-10, may be used.

According to the above-mentioned paper by Rivcst et al., in the R8A cryptography, if p and rr are made sufficiently large.

From rl+e, it is shown that it is virtually impossible to obtain Qv t, +d. Similarly, in the present invention, the secret information p is more important than the public information and the transfer information.

To generate tl, L, d, At, and a value that satisfies equation (8) or (11) for signature verification (
m, S, T.

It is virtually impossible to generate a TDI combination (m, S + I D + ). In addition, in order to guarantee safety, T
It is considered sufficient if the number of digits of I and Q is 10t100 digits or more.

〔Effect of the invention〕

As explained above, according to the present invention, the signature verification unit that verifies the signed documents of a large number of signature creators only needs to hold only one public information (e, n). This is effective for large-scale document communication systems that have signature creators. It is also effective in a distributed processing system in which any device within the text communication system can locally verify all signed documents.

BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a diagram for explaining signature creation/verification according to the present invention, and FIG. 2 is a diagram for explaining information to be set according to the present invention. 3...System management units 1~, 4...Sending side. 5... Receiving side, 42... Random number generator, 43.4
4. /1G, 52.54... exponential congruence operator, 45.
53...Congruent multiplier, 51...Public list, 55.
...Comparator.

Claims (1)

[Claims] (1) In a system that transmits and receives documents as digital information, the system management unit, which is the only system in the system, uses information that only it holds secretly and the identification number of each signature creator to determine the signature secret of each signature creator. In addition to secretly generating information and distributing it to each signature creator, public information that is commonly used when verifying each signature is generated and registered in a public register, and when sending a document, the sender can For a document to be sent, a signature is created to be added to the document based on the secret information and the document using an exponential congruence function calculation, and the signature is sent together with the document.
A signed document communication method characterized in that a person in charge of creating a received document is verified using information registered in the public list.