JPS6130828A - Key distribution device - Google Patents
Key distribution deviceInfo
- Publication number
- JPS6130828A JPS6130828A JP15363184A JP15363184A JPS6130828A JP S6130828 A JPS6130828 A JP S6130828A JP 15363184 A JP15363184 A JP 15363184A JP 15363184 A JP15363184 A JP 15363184A JP S6130828 A JPS6130828 A JP S6130828A
- Authority
- JP
- Japan
- Prior art keywords
- station
- key
- random number
- microprocessor
- circuit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
Abstract
Description
【発明の詳細な説明】
(産業上の利用分野)
本発明は暗号通信におけるキーの配送に関する〇(従来
技術)
暗号通信に用いられるキーを配送する方式としてアイイ
ーイーイー・トランザクションズ・オン・インフォメー
ション・セオ9−(IBEETransactions
on Inforrnition Theory )
22巻6号、644〜654ページに記載された公開鍵
配送方式は、公開情報を配送することによりキー配送が
でき、秘密の伝達手段を要しない方式としてよく知られ
ている。具体的に示すならば、次のようになる〇
通信を行なう局を局12局2.・・・9局Nとし、全局
1と局2が暗号通信を行なうに際してキーを共有しよう
としているものとする。公開情報として各局に対応する
符号パターンの表が第3図に示すように公開されている
。ここで局kに対応する符号パターンヲY、とする。Y
、は前もって定められた正整数αとp、及び秘密正整数
X、から次式により作られたものである0
X、は局にだけが知っている数である。[Detailed Description of the Invention] (Industrial Application Field) The present invention relates to the delivery of keys in encrypted communications. (Prior art) IEE Transactions on Information is a method for delivering keys used in encrypted communications.・Theo9-(IBEETransactions
on Information Theory)
The public key distribution method described in Vol. 22, No. 6, pages 644-654 is well known as a method that allows key distribution by distributing public information and does not require a secret transmission means. To be more specific, it is as follows: 〇 Stations that perform communication are station 12, station 2. ... It is assumed that there are nine stations N, and all stations 1 and 2 are trying to share a key when performing encrypted communication. As public information, a table of code patterns corresponding to each station is made public as shown in FIG. Here, the code pattern corresponding to station k is assumed to be Y. Y
, is created from predetermined positive integers α and p and a secret positive integer X according to the following equation.X is a number known only to the station.
このとき局1は局2の公開情報Y、からキーを次式から
作る。At this time, station 1 creates a key from the public information Y of station 2 using the following formula.
Key=Yt (mad p ) (
2)但し、A(moda)はAをaで割った余9を示す
。局2は局1の公開情報からキーを次式を用いて作る。Key=Yt (mad p) (
2) However, A (moda) indicates the remainder 9 when A is divided by a. Station 2 creates a key from the public information of station 1 using the following formula.
Key =Y+ ” (mod p )
(3+式(2)と式(3)は、式(1)より同−数字
になる。ここでp t 200桁程度の大きな素数、α
を原始光にすれば第3者はαv pt yk(k=1
.2t・・・tr’i)含知りてもキーを知るには多く
の計算と時間を要し、実用上キーを知るととはできない
ことが前記文献に述べられている。Key=Y+” (mod p)
(3+ Equation (2) and Equation (3) are the same - number from Equation (1). Here, p t is a large prime number of about 200 digits, α
If we make primordial light, the third party can express αv pt yk (k=1
.. 2t...tr'i) It is stated in the above document that even if the key is known, it requires a lot of calculation and time, and it is impossible to know the key in practice.
(従来技術の問題点)
暗号のキーは常に同じものを用いると、1度解読される
と以後秘密を保てなくなるので時々変更した方が安全性
が高い。ところが前記の公開鍵配送技術では公開情報を
変えない@)局1と局2の間のキーは常に同じキーとな
シ、一度キーを解読されると局l2局2間の通信は秘密
が保てなくなるという欠点がある。また、公開情報を時
々変更することにすると、各局から公開情報を集めなけ
ればならず、それが正しい情報か否かの1認が必要とな
るという欠点が生じる。(Problems with the Prior Art) If the same encryption key is always used, once the encryption key is decrypted, it will no longer be possible to keep it secret, so it is safer to change it from time to time. However, with the public key distribution technology described above, the public information does not change. The key between station 1 and station 2 is always the same key, and once the key is decrypted, the communication between station 1 and station 2 is kept secret. The disadvantage is that it disappears. Furthermore, if the public information is changed from time to time, the public information must be collected from each station, and there is a drawback that it is necessary to verify whether the information is correct or not.
(発明の目的)
本発明は上記欠点を取り除いたキー配送装置を提供する
ことにある。(Object of the invention) The object of the present invention is to provide a key distribution device that eliminates the above-mentioned drawbacks.
(本発明の構成)
本発明によれば、暗号通信を行う局にキーを配送するキ
ー配送装置であって、前記間のアドレスに対応するディ
ジタルパターンを記憶する記憶手段と、前記間よりキー
要求信号を受信する要求信号受信手段と、乱数を発生ず
る乱数発生手段と、前記徴求信号受信手段よりキー要求
信号が受信された旨の信号が供給され前記間のアドレス
に対応するディジタルパターンを前記乱数に依存して変
換する変換手段と、前記変換手段出力を前記間へ送信す
る手段とを少なくとも備えたことを特徴とするキー配送
装置が得られる0
(本発明の作用・原理)
通信網において共通情報全保持しキー配送1一括して行
なう所をセンターと称し、他の局を局1゜局2.・・・
2局Nとする。図示すれば第4図のよりになる。キーを
配送すべき局を局1と局2とする。(Structure of the Present Invention) According to the present invention, there is provided a key delivery device for delivering a key to a station that performs encrypted communication, which comprises a storage means for storing a digital pattern corresponding to an address between the above, and a key request from the above station. request signal receiving means for receiving a signal; random number generating means for generating a random number; and a signal indicating that a key request signal has been received is supplied from the request signal receiving means, and a digital pattern corresponding to an address in between is supplied to the random number. A key distribution device is obtained, which is characterized in that it includes at least a conversion means for converting depending on the conversion means, and a means for transmitting the output of the conversion means to the communication network. The place that holds all the information and distributes the keys all at once is called the center, and the other stations are called station 1, station 2, etc. ...
Let there be 2 stations N. The diagram is as shown in FIG. Assume that the stations to which keys are to be delivered are station 1 and station 2.
第1図は本発明の作用・原理説明するだめの図である。FIG. 1 is a diagram for explaining the operation and principle of the present invention.
図において、センターは第3図に示した共通情報をもち
、局には秘密情報x、tもつ。共通情報と秘密情報は従
来技術のそれらと同一である0局1が局2と暗号通信を
行なうときには、まず局1はセンターにキーを要求する
0するとセンターは乱数Rを用いて
Zl=Y2 (mod p ) (4
)Zt =Ys (mod p )
(5)を計算し、各々管周19局2に送る0局1はKe
y=Z1 (mod p )
(6)を計算し、局2は
Key=Z2 (mod p )
(7)を計算する0式(6)9式(7)は両者とも(
IRX’ ” (madp)となる。このときRは乱数
で毎回変更されるXlX2
のでα (mop p )は毎日異なる。従って従来
技術の欠点を取り除いている。なお、p”を原始多項式
、αを原始根とし、整数の四則演算を多項式の四則演算
とすることもできる。次下では、説明が煩雑になること
を避けるため整数の場合に限って説明する。In the figure, the center has the common information shown in FIG. 3, and the stations have secret information x and t. The common information and secret information are the same as those in the prior art.0 When station 1 performs encrypted communication with station 2, station 1 first requests a key from the center. mod p ) (4
)Zt=Ys (mod p)
Calculate (5) and send to each tube circumference 19 station 2 0 station 1 is Ke
y=Z1 (mod p)
(6), and station 2 calculates Key=Z2 (mod p)
Equation 0 (6) and Equation 9 (7) to calculate (7) are both (
IRX''' (madp).At this time, R is a random number and is changed every time as It can also be used as a primitive root, and the four arithmetic operations on integers can be used as the four arithmetic operations on polynomials. In the following, we will explain only the case of integers to avoid complicating the explanation.
(実施例)
第2図は本発明の実施例を示すブロック図である。第2
図の説明をする前に通信網上ので−タのフォーマット例
を説明する◎該フォーマット例金第5図(act (b
it (clに示す。−膜形を第5図(a)に示す0送
信先アドレス、発信局アドレス、コントロール情報及び
データから成る。コントロール情報は該データの種別を
示す。即ち第1図に示すキー要求データかその返答とし
ての公開鍵配送データかそれ以外のデータかを区別する
0第5図(blはキー要求データのフォーマツ)1示す
。一般形のデータ部にキー要求している局(1次局とい
う)のアドレスと暗号通信を行なう相手局(2次局とい
う)のアドレスがはいる0第5図(c)は公開鍵配送デ
ータのフォーマットを示す。一般形のデータ部に暗号通
信を行なう相手局のアドレスと配送先アドレスをkとし
て
zk:Ys、 (mod p ) (
81がはいる。1次局を局1,2次局を局2とする。(Embodiment) FIG. 2 is a block diagram showing an embodiment of the present invention. Second
Before explaining the diagram, we will explain an example of the format of data on a communication network.
it (shown in cl. - The membrane shape is shown in FIG. 5(a). It consists of a destination address, a source station address, control information, and data. The control information indicates the type of data. That is, as shown in FIG. 1. Distinguish whether it is key request data, public key distribution data as a response, or other data Figure 5 (bl is the format of key request data) Figure 5 (c) shows the format of the public key distribution data.The address of the other station (referred to as the "secondary station") with which the encrypted communication is to be carried out is entered. Let k be the address of the partner station and the delivery address, and zk:Ys, (mod p) (
81 enters. The primary station is station 1, and the secondary station is station 2.
第2図において、インターフェース204はキー要求デ
ータをマイクロプロセッサ201に渡す。メモリ202
は第3図の公開情報を記憶している。マイクロプロセッ
サ201は乱数Rf:発生して巾乗剰余回路203へ渡
し、メモリ202に記憶されているy、とYtt巾乗剰
余回路203に渡す。巾乗剰余回路203はRとytl
y、から式(4)2式(5)で示されるZ、とZy
を計算し−rイクロプロセッサ201に渡す。マイクロ
プロセッサ201は2.及びZ、から第5図(e)に示
した7オーマツトの公開鍵配送データを2つ作りインタ
ーフェース204に渡すOインターフェース204は該
データを通信網に送り出すO今まで述べてマイクロプロ
セッサ201の動作をフローチャートにして第6図に示
すO
メモリ202はROMあるいは不揮発性RAMで構成す
る口巾乗剰余回路203は例えば昭和56年電子通信学
会情報・システム部門全国大会322「暗号処理用の高
速乗除算法」に示されている回路で構成することができ
る0インターフエース204は通信網とのインターフェ
ースなとるもので、通信網が特定されれば定まる◇例え
ば通信網がイーサネットならばインターフェースはコン
トローラとトランシーバから成る(日経エレクトロニク
ス1983年11月21日号頁139〜166参照)0
本発明の実施例では整数演算をもとに説明してきたが前
述したように多項式演算をもとにすることもできる。ま
た第2図ではマイクロプロセッサ201が乱数を発生し
ているが、別に専用の乱数発生器を利用することもでき
る0乱数は自然乱数でも擬似乱数でもよい。また1次局
と2次局が中−を計算した後、該キーが一致しているか
否かt。In FIG. 2, interface 204 passes key request data to microprocessor 201. In FIG. Memory 202
stores the public information shown in FIG. The microprocessor 201 generates a random number Rf and passes it to the exponentiation remainder circuit 203, and passes it to the exponentiation remainder circuit 203 and y stored in the memory 202. The exponentiation remainder circuit 203 is R and ytl
y, from equation (4), Z shown by equation (5), and Zy
is calculated and passed to the -r microprocessor 201. The microprocessor 201 is 2. and Z, create two sets of 7-ormat public key distribution data shown in FIG. A flowchart is shown in FIG. 6. The memory 202 is a ROM or a non-volatile RAM, and the remainder circuit 203 is constructed by, for example, the 1981 IEICE Information and Systems Division National Conference 322 "High-speed multiplication/division method for cryptographic processing". The interface 204, which can be configured with the circuit shown in , is an interface with a communication network, and is determined once the communication network is specified. For example, if the communication network is Ethernet, the interface consists of a controller and a transceiver. (Refer to Nikkei Electronics November 21, 1983 issue, pages 139-166) 0
Although the embodiments of the present invention have been explained based on integer operations, they may also be based on polynomial operations as described above. Furthermore, although the microprocessor 201 generates random numbers in FIG. 2, the 0 random number may be a natural random number or a pseudorandom number, for which a dedicated random number generator may be used. Also, after the primary station and the secondary station calculate the key, t is determined whether the keys match.
日本電信電話公社技術参考資料r DCNACN側御レ
ベルプロトコルメツセージ転送フロトコルー−DCNA
P4O10−1983−J頁145〜146と同じよ
うに確認する機能を追加することもできる。Nippon Telegraph and Telephone Public Corporation technical reference material DCNACN side control level protocol message transfer floor code - DCNA
It is also possible to add a confirmation function similar to P4O10-1983-J pages 145-146.
これらの変更は全て本発明の範囲に含まれるものである
。All these modifications are included within the scope of the present invention.
(発明の効果)
以上詳細に説明したように、本発明を用いれば毎回具な
るキーを簡単に配送することができ、暗号通信に用いて
その効果は極めて大きい。(Effects of the Invention) As described above in detail, by using the present invention, it is possible to easily deliver a specific key every time, and the effect is extremely large when used in encrypted communication.
【図面の簡単な説明】
第1図は本発明の概略を示す図、第2図は本発明の実施
例を示すブロック図、第3図は公開情報、第4図は通信
網の概略図、第5図通信網上を伝送されるデータのフォ
ーマットを示す図、第6図はマイクロプロセッサのフロ
ーチャートを示す図である。
図において、101はセンター、102. 103は局
、201ハマイクロプロセ、す、202はメモリ、20
3は巾乗剰余回路、204はインターフェースを各々示
す0
第2図
第3図
第4図
第5図
(α)
(b)
(C)
第6μ[Brief Description of the Drawings] Fig. 1 is a diagram showing an outline of the present invention, Fig. 2 is a block diagram showing an embodiment of the invention, Fig. 3 is public information, Fig. 4 is a schematic diagram of a communication network, FIG. 5 is a diagram showing the format of data transmitted over the communication network, and FIG. 6 is a diagram showing a flowchart of the microprocessor. In the figure, 101 is the center, 102. 103 is a station, 201 is a microprocessor, 202 is a memory, 20
3 indicates a power remainder circuit, and 204 indicates an interface. 0 Figure 2 Figure 3 Figure 4 Figure 5 (α) (b) (C) 6μ
Claims (1)
って、前記局のアドレスに対応するディジタルパターン
を記憶する記憶手段と、前記局よりキー要求信号を受信
し検出信号を出力する要求信号検出手段と、乱数を発生
する乱数発生手段と、前記要求信号受信手段より前記検
出信号が供給され前記局のアドレスに対応するディジタ
ルパターンを前記乱数に依存して変換する変換手段と、
前記変換手段出力を前記局へ送信する手段とを少なくと
も備えたことを特徴とするキー配送装置。A key distribution device that delivers a key to a station that performs encrypted communication, comprising a storage means that stores a digital pattern corresponding to the address of the station, and a request signal detection unit that receives a key request signal from the station and outputs a detection signal. means, random number generating means for generating random numbers, and converting means for receiving the detection signal from the request signal receiving means and converting a digital pattern corresponding to the address of the station depending on the random number;
A key distribution device comprising at least means for transmitting the output of the conversion means to the station.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP15363184A JPS6130828A (en) | 1984-07-24 | 1984-07-24 | Key distribution device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP15363184A JPS6130828A (en) | 1984-07-24 | 1984-07-24 | Key distribution device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| JPS6130828A true JPS6130828A (en) | 1986-02-13 |
Family
ID=15566721
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP15363184A Pending JPS6130828A (en) | 1984-07-24 | 1984-07-24 | Key distribution device |
Country Status (1)
| Country | Link |
|---|---|
| JP (1) | JPS6130828A (en) |
-
1984
- 1984-07-24 JP JP15363184A patent/JPS6130828A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8892890B2 (en) | Key agreement and transport protocol | |
| EP0111489B1 (en) | Encryption system key distribution method and apparatus | |
| US5889865A (en) | Key agreement and transport protocol with implicit signatures | |
| EP0739105B1 (en) | Method for signature and session key generation | |
| JP2870163B2 (en) | Key distribution method with authentication function | |
| JPH02288746A (en) | Safety key generator and safety session key generating method in code system | |
| EP1488569B1 (en) | Authenticated key exchange | |
| JP2725478B2 (en) | Encryption key distribution method | |
| CN113191862B (en) | Electronic bidding method, third party device, bidding party device and bidding party device | |
| JPS6130828A (en) | Key distribution device | |
| JP3074164B2 (en) | Exclusive key agreement | |
| JPS6130827A (en) | Key distribution system | |
| JPS6130829A (en) | Key distribution device | |
| KR100363253B1 (en) | Method for generating a secret key in communication and apparatus thereof | |
| EP1768300B1 (en) | Key agreement and transport protocol with implicit signatures | |
| JP2831685B2 (en) | Encryption communication method | |
| JP2808651B2 (en) | Encryption communication method | |
| JPH0897813A (en) | Method and equipment for communication | |
| JPH08251155A (en) | Ciphering device, deciphering device, ciphering and deciphering device and cipher system | |
| JP2565893B2 (en) | Shared key generation method | |
| JPS6354037A (en) | Key distributing device | |
| JPH0546731B2 (en) | ||
| JPS60114047A (en) | Approval key/session key arranging system | |
| JPH01248845A (en) | Cipher communicating device | |
| Varadharajan et al. | Practical secure electronic mail system with public key distribution |