JPS6130829A - Key distribution device - Google Patents

Key distribution device

Info

Publication number
JPS6130829A
JPS6130829A JP15363284A JP15363284A JPS6130829A JP S6130829 A JPS6130829 A JP S6130829A JP 15363284 A JP15363284 A JP 15363284A JP 15363284 A JP15363284 A JP 15363284A JP S6130829 A JPS6130829 A JP S6130829A
Authority
JP
Japan
Prior art keywords
station
key
random number
key distribution
digital pattern
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
JP15363284A
Other languages
Japanese (ja)
Other versions
JPH0683201B2 (en
Inventor
Eiji Okamoto
栄司 岡本
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Corp
Original Assignee
NEC Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Corp filed Critical NEC Corp
Priority to JP59153632A priority Critical patent/JPH0683201B2/en
Publication of JPS6130829A publication Critical patent/JPS6130829A/en
Publication of JPH0683201B2 publication Critical patent/JPH0683201B2/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)

Abstract

PURPOSE:To attain ciphering communication with high safety by storing a predetermined digital pattern to each station specific to the own station and executing ciphering communication and obtaining a key depending on an output of a random number generating means. CONSTITUTION:The 1st digital pattern determined to each of stations executing ciphering communication and the 2nd digital pattern specific to the own station are stored in a RAM214. When a key change request is received from a terminal station 211, a microprocessor 213 generates a random number R and gives the information of the RAM214 and a random number R to a power remainder circuit 215, which converts the information in the RAM214 depending on the random number R and transmits a key distribution data converting the own station pattern to an opposite station. On the other hand, the circuit 215 converts the key distribution data transmitted from the opposite station based on the data converted from the pattern of the opposite station to obtain a key of the ciphering communication.

Description

【発明の詳細な説明】 (産業上の利用分野) 本発明は暗号通信におけるキーの配送に関する〇(従来
技術) 暗号通信に用いられるキーを配送する方式としてアイイ
ーイーイー・トランザクシ目ンズ・オン・インフォメー
シ1〜セオリー(IBEETransactions 
on InformlLtion Theory)22
巻6号、644〜654ページに記載された公開鍵配送
方式は、公開情報を配送することによシキー配送ができ
、秘密の伝達手段を要しない方式としてよく知られてい
る0具体的に示すならば次のようになる。[Detailed Description of the Invention] (Industrial Field of Application) The present invention relates to the delivery of keys in encrypted communications. Infomesh 1 ~ Theory (IBEETransactions
on Information Theory) 22
The public key distribution method described in Volume 6, pages 644-654 is well-known as a method that allows secure distribution by transmitting public information and does not require a secret transmission method. Then it becomes as follows.

通信全行なう局を局19局2.・・・2局Nとし、金量
1と局2が暗号通信を行なうに際してキーを共有しよう
としているものとする。公開情報として各局に対応する
符号パターンの表が第3図に示すように公開されている
0ここで局kに対応する符号パターンtY、とする。Y
、は前もって定められた正整数αとp、及び秘密正整数
ハから次式によシ作られたものである。Stations that perform all communications are 19 stations 2. ...Assume that there are two stations N, and that money amount 1 and station 2 are trying to share a key when performing encrypted communication. As public information, a table of code patterns corresponding to each station is made public as shown in FIG. 3. Here, it is assumed that the code pattern corresponding to station k is tY. Y
, is created from predetermined positive integers α and p and a secret positive integer C according to the following equation.

xk(1) Yk=α (mod p ) Xkは局にだけが知っている数である。xk(1) Yk=α (mod p) Xk is a number known only to the station.

このとき局1は局2の公開情報Y、からキーを次式から
作る。At this time, station 1 creates a key from the public information Y of station 2 using the following formula.

Key=Y2 (mod p )        (2
1但し、A(moda)は^をaで割りた余#)を示す
。局2は局1の公開情報からキーを次式全屈いて作る。Key=Y2 (mod p) (2
1 However, A (moda) indicates the remainder # when dividing ^ by a. Station 2 creates a key from the public information of station 1 by using the following formula.

K、ey=Y1 (mod p )         
(31式(2)と式(3)は、式(1)より同一数字に
なる0ここでpi200桁程度の大きな素数、αを原始
元にすれば第3者はα、p、Yk(k=1,2.・・・
+N)を知ってもKeyを知るには多くの計算と時間を
要し、実用上Keyを知ることはできないことが前記文
献に示されている。K, ey=Y1 (mod p)
(31 Equation (2) and Equation (3) are the same number from Equation (1) 0 Here, if pi is a large prime number of about 200 digits and α is a primitive element, the third party will be α, p, Yk (k =1,2...
+N), it takes a lot of calculation and time to know the Key, and the above literature shows that it is practically impossible to know the Key.

(従来技術の問題点) 暗号のキーは常に同じものを用いると、1度解読される
と以後秘密を保てなくなるので時々変更した方が安全性
が高い。ところが前記の公開鍵配送技術では公開情報を
変えない限り局1と局2の間のキーは常に同じキーとな
るという欠点がある0また、公開情報を時々変更するこ
とにすると、各局から公開情報を集めなけれはならず、
それが正しい情報か否かの確認が必要となる欠点がある
(Problems with the Prior Art) If the same encryption key is always used, once the encryption key is decrypted, it will no longer be possible to keep it secret, so it is safer to change it from time to time. However, the above-mentioned public key distribution technology has the disadvantage that the key between station 1 and station 2 will always be the same unless the public information is changed.In addition, if the public information is changed from time to time, the public information from each station will always be the same. must be collected,
There is a drawback that it is necessary to confirm whether or not the information is correct.

(発明の目的) 本発明は上記欠点會堰p除いたキー配送装置を提供する
ことにある。(Object of the Invention) An object of the present invention is to provide a key distribution device that eliminates the above-mentioned drawbacks.

(発明の構成) 本発明によれば、暗号通信を行なう局の各々に対して定
められた第1のディジタルパターンと自局に固有の第2
のディジタルパターンを記憶する手段と、乱数を発生す
る乱数発生手段と、前記第2のディジタルパターンを前
記乱数発生手段出力し相手局に対応する前記第1のディ
ジタルパターンと前記乱数発生手段出力と前記自局に固
有の第2のディジタルパターンとから相手局との暗号通
信のキーを得る手段とを備えたことを特徴とするキー配
送装置が得られる。(Structure of the Invention) According to the present invention, a first digital pattern determined for each station that performs encrypted communication and a second digital pattern unique to the own station are used.
means for storing a digital pattern, a random number generating means for generating a random number, and outputting the second digital pattern to the random number generating means to output the first digital pattern corresponding to the other station, the output of the random number generating means, and the output of the random number generating means. There is obtained a key distribution device characterized by comprising means for obtaining a key for encrypted communication with a partner station from a second digital pattern unique to the own station.

(本発明の作用・原理) 対象となる通信ネットワークはN局から成るものとする
0各局は第3図に示す公開情報の他に自局に対応する秘
密正整数を持つ。局kに対応する秘密正整数は式(1)
におけるXkである。 今、暗号通信を行なう局が局1
2局2であるとする。(Operation/Principle of the Present Invention) It is assumed that the target communication network consists of N stations.Each station has a secret positive integer corresponding to its own station in addition to the public information shown in FIG. The secret positive integer corresponding to station k is expressed by formula (1)
is Xk at Currently, the station conducting encrypted communication is station 1.
Assume that it is 2nd station 2.

第1図は本発明の作用・原理を示すだめの図である。図
において、局1は公開情報Y、と乱数R1と素数pから Zl ” Y、’(rnod p )        
 (31を計初−して局2に送る。局2も同様に公開情
報Y、と乱数R8と素数pから ’bl =Y2  (mod p )        
 (4)を計算して局1に送る。局工は局2から送られ
たZ2 を公開情報Y2と前記乱数几、と秘密正整数X
FIG. 1 is a diagram showing the operation and principle of the present invention. In the figure, station 1 obtains public information Y, random number R1, and prime number p from Zl ”Y,'(rnod p )
(31 as the starting point and sends it to station 2. Station 2 similarly calculates 'bl = Y2 (mod p) from public information Y, random number R8, and prime number p.
(4) is calculated and sent to station 1. The station engineer converts Z2 sent from station 2 into the public information Y2, the random number 几, and the secret positive integer X.
.

から ”l     X+ KEY =(Y! Zl )  (mod p )  
   (5)を計算し、キーとする0同様に局2も局1
から送られた2、と公開情報Y、と前記乱数R52と秘
密正整数X2から R2X2 KEY”’(Y+ Z+ )  (mod p )  
  (6)を計算し、キーとする。式(5)9式(6)
のいずれの結果も、式(1)の条件下では KEY =α(R+”z)x+xt(mOdp)(7゜
に等しい0乱数R’l + R2が含まれているのでK
EYは毎回異なる。From “l X+ KEY = (Y! Zl) (mod p)
Calculate (5) and use the key 0 as well as station 2 and station 1.
2 sent from the public information Y, the random number R52, and the secret positive integer X2, R2X2 KEY'''(Y+ Z+) (mod p)
Calculate (6) and use it as a key. Equation (5) 9 Equation (6)
Both results include KEY = α (R + "z) x + xt (mOdp) (0 random number R'l + R2 equal to 7° under the condition of equation (1), so K
EY is different every time.

(実施例) 第2図は本発明の一実施例を示すブロック図である。第
2図の説明をする前に、通信網上を流れるデータのフォ
ーマットについて説明しておく0第4図はフォーマット
例を示す図である。図において(,1はデータの一般形
で送信先アドレス、発信局アドレス、コントロール情報
及びデータから成る0コントロール情報は該データがキ
ー配送用か否か、キー配送用の場合ならばイニシャティ
ブをとる局が発したキー配送用データか否かの区別を与
える(イニシャティブをとる局を1次局、相手局を2次
局という)。同図(b)はそのキー配送用データを示し
、データ部KZ、がはいる。但し発信局が局1の場合で
ある。発信局が局2ならばz2がはいる。(Embodiment) FIG. 2 is a block diagram showing an embodiment of the present invention. Before explaining FIG. 2, the format of data flowing on a communication network will be explained. FIG. 4 is a diagram showing an example of the format. In the figure (, 1 is the general form of data, and 0 is composed of a destination address, a source station address, control information, and data. 0 Control information indicates whether the data is for key distribution or not, and if it is for key distribution, the station that takes the initiative (The station that takes the initiative is called the primary station, and the partner station is called the secondary station.) Figure 2(b) shows the key distribution data, and the data part KZ , is entered.However, this applies when the originating station is station 1.If the originating station is station 2, z2 is entered.

第2図において、R,AM 214は第4図に示す公開
情報と秘密情報を保持する。通信相手局を局2、自局を
局1とおき、局1が1次局とする。マイクロプロセッサ
213は端末211からキー変更要求を受けると、乱数
R,t−発生し、該R8とR,AM 214の公開情報
y、 、 y、 を巾乗剰余回路215に渡し、該巾乗
剰余回路215は式(3)に示すzlとY:’(mod
p)を計算して出力する。マイクロプロセッサ213は
該Z8をインターフェース216に渡し、Yz (mo
d p ) t RAM 214に記憶しておく。該イ
ンターフェース216はz、ft局2に送る。一方該イ
ンター7エース216は局2から送られた式(4)で示
されるZz ’!i’受取ってマイクロプロセッサ21
3に渡す。マイクロプロセッサ213は該Z、KRAM
214に記憶していた前記y、 (mod p )1 
p @法として乗算し7、乗算結果Aと秘密正整数X、
を巾乗剰余回路215に送る。該巾乗剰余回路215は
A  (modp)ft計算して出力する。マイクロプ
ロセッサは該出力をキーとして暗号/復号器212にセ
ットする。以後、再びキーが変更されるまで該キーが暗
号通信に用いられる。In FIG. 2, R, AM 214 holds public information and private information shown in FIG. The communication partner station is station 2, the own station is station 1, and station 1 is the primary station. When the microprocessor 213 receives a key change request from the terminal 211, it generates a random number R,t-, passes the public information y, , y, of R8 and R,AM 214 to the exponentiation remainder circuit 215, and calculates the exponentiation remainder. The circuit 215 calculates zl and Y:'(mod
p) is calculated and output. Microprocessor 213 passes the Z8 to interface 216 and Yz (mo
d p ) t Stored in RAM 214 . The interface 216 sends to the z, ft station 2. On the other hand, the Inter-7 Ace 216 receives Zz'! shown by equation (4) sent from the station 2. i' receive microprocessor 21
Pass it to 3. The microprocessor 213 has Z, KRAM
y stored in 214, (mod p)1
Multiply as p @ modulus 7, multiplication result A and secret positive integer X,
is sent to the exponentiation remainder circuit 215. The power remainder circuit 215 calculates and outputs A (modp)ft. The microprocessor sets the output as a key in the encoder/decoder 212. Thereafter, the key is used for encrypted communication until the key is changed again.

巾乗剰余回路215は例えば昭和56年度電子通信学会
情報・システム部門全国大会322「暗号処理用の高速
乗除算法」に示されている回路で構成することができる
。インターフェース216は通信網とのインターフェー
スをとるもので、通信網が特定されれば定まる。例えば
通信網がイーサネットならばインターフェースはコント
ローラとトランシーバから成る(日経エレクトロニクス
1983年11月21日号頁139〜166参照)。暗
号/復号器は市販されている暗号チップを用いる0マイ
クロプロセツサ213の動作を第5図にフローチャート
で示す。(a)は局1が1次局の場合のzlを送信する
までの動作、(b)はキー配送用データを受けてからキ
ーを暗号/復号器212にセットするまでの動作1示し
ている。実際のプログラムはROM217に格納される
The exponentiation remainder circuit 215 can be constituted, for example, by a circuit shown in 1988 IEICE Information and Systems Division National Conference 322 ``High-speed multiplication and division method for cryptographic processing''. The interface 216 interfaces with a communication network, and is determined once the communication network is specified. For example, if the communication network is Ethernet, the interface consists of a controller and a transceiver (see Nikkei Electronics, November 21, 1983 issue, pages 139-166). The operation of the encoder/decoder uses a commercially available cryptographic chip, and the operation of the microprocessor 213 is shown in a flowchart in FIG. (a) shows the operation until transmitting zl when station 1 is the primary station, and (b) shows the operation 1 from receiving the key distribution data to setting the key in the encoder/decoder 212. . The actual program is stored in ROM217.

以上の説明において、話を簡単にするためすべて整数上
の演算を用いて説明してきたが、素数を法とする多項式
上の演算でも成立する口すなわち、pを原始多項式Mc
x)tαを原始元とし、多項式はログロセッサが行なっ
ていたが、外部で発生し九を、日本電信電話公社技術参
照資料r DCNA機能制御レベルしベトコルメツセー
ジ転送フロトコル〜DCNA PSO40−1983−
J頁145〜146に記載されたものと同じように確認
する機能を追加することができる0これらの変更は全て
本発明の範囲に含まれるものである。In the above explanation, all operations on integers have been used to simplify the discussion, but it also holds true for operations on polynomials modulo a prime number, that is, p is a primitive polynomial Mc
x) With tα as the primitive element, the polynomial was performed by a log processor, but the 9 generated externally was converted into Nippon Telegraph and Telephone Public Corporation technical reference material r DCNA function control level and message transfer protocol ~DCNA PSO40-1983-
Verification functionality similar to that described in J pages 145-146 may be added; all such modifications are within the scope of the present invention.

(発明の効果) 以上詳細に説明したように、本発明を用いれば乱数R3
とR7によシ毎回異なるキー全暗号/復号器にセットで
き、安全性が高い暗号通信が行なえるのでその効果は極
めて大きい〇(Effect of the invention) As explained in detail above, if the present invention is used, the random number R3
With R7, you can set a different key to the entire encryptor/decryptor each time, allowing highly secure encrypted communication, which is extremely effective.

【図面の簡単な説明】[Brief explanation of drawings]

第1図は本発明の作用・原理を示す区、第2図は本発明
の実施例を示す同、第3図は公開情報金示す図、第4図
(act (b)は通信網上を流れるデータのフォーマ
ット例を示す図、第5図+all fbatよマイクロ
プロセッサ213の動作を示すンローテヤートである。 図において、211i、J:端末、212は暗号/復号
器、213はマイクロプロセッサ、214はRAM、 
215は巾乗剰余回路、216はインターンエース、2
17ハ爾3図 第4図 (a) (、b)Fig. 1 shows the operation and principle of the present invention, Fig. 2 shows an embodiment of the invention, Fig. 3 shows public information, and Fig. 4 (act (b)) shows the information on the communication network. Figure 5 is a diagram showing an example of the format of flowing data, and a diagram showing the operation of the microprocessor 213. ,
215 is a power remainder circuit, 216 is an intern ace, 2
Figure 4 (a) (, b)

Claims (1)

【特許請求の範囲】[Claims] 暗号通信を行なう局の各々に対して定められた第1のデ
ィジタルパターンと自局に固有の第2のディジタルパタ
ーンを記憶する記憶手段と、乱数を発生する乱数発生手
段と、前記第2のディジタルパターンを前記乱数発生手
段出力に依存してキー配送用データとして相手局に送信
する手段と、相手局よりキー配送用データと受信し相手
局に対応する前記第1のディジタルパターンと前記乱数
発生手段出力と前記自局に固有の第2のディジタルパタ
ーンとから相手局との暗号通信のキーを得る手段とを備
えたことを特徴とするキー配送装置。a storage means for storing a first digital pattern determined for each station performing encrypted communication and a second digital pattern unique to the own station; a random number generating means for generating a random number; and a random number generating means for generating a random number; means for transmitting a pattern as key distribution data to a partner station depending on the output of the random number generating means; and the first digital pattern and the random number generating means that receive the key distribution data from the partner station and correspond to the partner station. A key distribution device comprising means for obtaining a key for encrypted communication with a partner station from the output and the second digital pattern unique to the own station.
JP59153632A 1984-07-24 1984-07-24 Key delivery device Expired - Lifetime JPH0683201B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP59153632A JPH0683201B2 (en) 1984-07-24 1984-07-24 Key delivery device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP59153632A JPH0683201B2 (en) 1984-07-24 1984-07-24 Key delivery device

Publications (2)

Publication Number Publication Date
JPS6130829A true JPS6130829A (en) 1986-02-13
JPH0683201B2 JPH0683201B2 (en) 1994-10-19

Family

ID=15566746

Family Applications (1)

Application Number Title Priority Date Filing Date
JP59153632A Expired - Lifetime JPH0683201B2 (en) 1984-07-24 1984-07-24 Key delivery device

Country Status (1)

Country Link
JP (1) JPH0683201B2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0257585A2 (en) * 1986-08-22 1988-03-02 Nec Corporation Key distribution method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0257585A2 (en) * 1986-08-22 1988-03-02 Nec Corporation Key distribution method

Also Published As

Publication number Publication date
JPH0683201B2 (en) 1994-10-19

Similar Documents

Publication Publication Date Title
JP2606419B2 (en) Cryptographic communication system and cryptographic communication method
US5889865A (en) Key agreement and transport protocol with implicit signatures
US8578165B2 (en) Key agreement and transport protocol
US6064741A (en) Method for the computer-aided exchange of cryptographic keys between a user computer unit U and a network computer unit N
KR101492644B1 (en) Method for elliptic curve public key cryptographic validation
EP0393806A2 (en) Cryptographic method and apparatus for public key exchange with authentication
EP1488569B1 (en) Authenticated key exchange
CA2525894A1 (en) Key agreement and transport protocol
CN101568110A (en) Wireless data transmission method and system
JPH04347949A (en) Cipher communicating method and cipher communicating system
US6337910B1 (en) Method and apparatus for generating one time pads simultaneously in separate encryption/decryption systems
CN114697001B (en) Information encryption transmission method, equipment and medium based on blockchain
JPS6130829A (en) Key distribution device
JP3074164B2 (en) Exclusive key agreement
JP3694242B2 (en) Signed cryptographic communication method and apparatus
JP2003263107A (en) Encryption method for message in call to be processed by communication device
JPS6130827A (en) Key distribution system
EP1768300B1 (en) Key agreement and transport protocol with implicit signatures
JPS6130828A (en) Key distribution device
JPS62190943A (en) Certification system for distribution of cryptographic key
JPH0918468A (en) Cipher communication equipment and ciphering device
JP3240723B2 (en) Communication method, secret communication method and signature communication method
JPH0897813A (en) Method and equipment for communication
KR0173054B1 (en) Data transferring method
JPS60114047A (en) Approval key/session key arranging system