WO2005098796A1 - 暗号方式の安全性を保証するパディング適用方法 - Google Patents
暗号方式の安全性を保証するパディング適用方法 Download PDFInfo
- Publication number
- WO2005098796A1 WO2005098796A1 PCT/JP2005/005287 JP2005005287W WO2005098796A1 WO 2005098796 A1 WO2005098796 A1 WO 2005098796A1 JP 2005005287 W JP2005005287 W JP 2005005287W WO 2005098796 A1 WO2005098796 A1 WO 2005098796A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- bit string
- encryption
- padding
- ciphertext
- random number
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3093—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving Lattices or polynomial equations, e.g. NTRU scheme
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/20—Manipulating the length of blocks of bits, e.g. padding or block truncation
Definitions
- the present invention relates to an information encryption / decryption system, and more particularly to a padding application method and an encryption / decryption device that guarantee security against a selected ciphertext attack.
- Non-Patent Document 1 NTRU: A Ring-Based Public Key Cryptosystem
- the NTRU cryptosystem is the following public key cryptosystem.
- L (a, b) is an element of R, and among the coefficients of each degree of u, a set of a is 1 and b is -1 and the others are 0. (Subset).
- the element m of the subset L of R is encrypted.
- Non-Patent Document 2 the NTRU encryption method Is known for many decoding methods!
- OAEP + proposed in Victor Shoup's document "OAEP Reconsidered” journal of Cryptology 15 (4) (Non-Patent Document 3) is known! / RU OAEP + padding is the following padding method.
- the parameters k, k, and k are selected as follows: k, k, and k are positive integers and k + k ⁇ k ⁇
- G is a hash function that maps an n-bit bit sequence to a k-bit bit sequence
- H ′ is a hash function that associates a k-bit bit string with an n + k-bit bit string
- H is a hash function that associates a bit string of k bits with a bit string of n + k bits.
- the padding device receives an n-bit plaintext M and randomly selects a k-bit bit string R.
- the receiver decrypts the received ciphertext e to obtain w.
- t s
- Restore R more.
- Restore M by calculating the bitwise exclusive OR of G (R) and s
- this OAEP + padding is a padding scheme that has been proposed to adapt to the encryption scheme without using random numbers when calculating the encryption function. For this reason, there is a problem that security is not necessarily guaranteed when applied to an encryption method using random numbers such as NTRU described above.
- OAEP + padding is applied to an encryption method that uses random numbers such as NTRU, the adaptation method is not unique, and various methods can be considered. However, there is a problem that what kind of padding application is safe is not immediately effective.
- the OAEP + padding method can guarantee security only for the encryption method that does not use random numbers.
- the OAEP + padding method or a similar padding method is applied to the NTRU encryption method that uses random numbers.
- Non-Patent Document 4 NTRU Cryptosystems, 1998
- Non-Patent Document 5 References Optimizations for NTRU "by Jeffrey Hoffstein and Joseph H. Silverman" Public-key Cryptography and Computational Number Theory (Non-Patent Document 5)
- Non-Patent Document 6 Protecting NTRU Against Chosen Ciphertext and Reaction Attacs technical Report, NTRU Cryptosystems, 2000, Report # 16 version 1 by Jeffrey Hoffstein and Joseph H. Silverman (Non-Patent Document 6)
- Non-Patent Document 8 Decrypted in the algorithm proposed in
- Non-Patent Document 9 the NTRU encryption scheme with padding described in Non-Patent Documents 5 and 6 is decrypted by the algorithm proposed in Non-Patent Document 7, and the padding according to Non-Patent Document 7 The method was deciphered by John A. Proos, Imperfect Decryption and an Attack on the NTRU Encryption Scheme "(Non-Patent Document 9).
- a scheme has been proposed that uses a padding scheme other than the OAEP + padding scheme to ensure the security of an encryption scheme using random numbers such as the NTRU encryption scheme, but the padding scheme has different weaknesses for each scheme. It is still meaningful to use OAEP + padding to ensure the security of the encryption scheme.
- Non-patent Document 1 Document "NTRU: A Ring-Based Public Key Cryptosystem” by Jeffrey Hoffstein, Jill Pipher and Joseph Silver Silverman
- Non-special reference literature 2 "Lattice Attacks on NTRU”, Eurocrypt'97 Springer Lecture Notes in Computer Sciences, 1997
- Non-Patent Document 3 "OAEP Reconsidered, Journal of Cryptology 15 (4)
- Non-Patent Document 4 "Plaintext Awareness and the NTRU PKCS" Technical Report # 7 version 2, NTRU Cryptosystems, 1998
- Non-special reference PM 6 "Protecting NTRU Against Chosen and lphertext and Reaction Attacks"
- Non-special reference PM 7 "Analysis and Improvements of NTRU Encryption Paddings" Crypto
- Non-Patent Document 8 "A Chosen-Ciphertext Attack against NTRU, Crypto 2000 Springer Lecture Notes in Computer Sciences, 2000
- Non-special reference 9 'Imperfect Decryption and an Attack on the NTRU Encryption Scheme' by John A. Proos
- the conventional NTRU encryption method with padding cannot perform secure encrypted communication.
- An object of the present invention is to provide appropriate padding for a scheme such as the NTRU encryption scheme.
- the present invention provides a padding application method and an encryption / decryption device that achieve secure and secure encrypted communication.
- the present inventor has focused on the fact that random numbers used for encryption can be restored in the NTRU encryption method, and invented a new padding application method that can guarantee the security of encrypted communication.
- Typical examples of the encryption method using random numbers include the ElGamal encryption method and the Payerian encryption method.
- the plaintext and the random numbers must be treated as completely different types of data.
- the encryption function is a stochastic function
- the domain of the encryption function is the entire space of the plaintext M
- the range is the cryptography. This is the space for the whole sentence.
- the decryption function is a function that does not use probability.
- the domain is the space of the entire ciphertext
- the range is the space of the entire plaintext.
- the cipher function is a function that does not use random numbers, and its domain is the space of the entire concatenation of the plaintext M and the random number R, and the range is the space of the entire ciphertext.
- the decryption function is also a function that does not use random numbers, and its domain is the space of the entire ciphertext, and its range is the space of the entire concatenation of the plaintext M and the random number R.
- the padding application method according to the present invention is applicable to an encryption method E3 ⁇ 4n) in which the ciphertext receiver can recover the value of the random number used by the ciphertext creator to create the ciphertext, and such a cryptographic method is used. Therefore, when the present invention is applied, safety is guaranteed.
- the input information is converted into a bit string of a predetermined length or less by the padding method, and the bit string is converted into a first bit string and a second bit string by a predetermined conversion rule.
- the first bit string is used as a data input
- the second bit string is supplied as a random number input to an encryption function
- the conversion rule is that the bit string having the predetermined length or less is a set of the first bit string and a set of the second bit string.
- mapping corresponding to the element of the direct product of, and the mapping is injective, that the mapping and its inverse can be calculated in polynomial time, and that the direct product is a domain
- the cipher The function is one-way function, meet, characterized in that.
- the conversion rule is a rule that divides the bit string into two so that the first half of the bit string is the first bit string and the second half is the second bit string.
- the padding scheme is OAEP + padding
- the encryption scheme using random numbers is the NTRU encryption scheme.
- FIG. 1 (A) is a conceptual block diagram of an encryption device using a padding application method according to the present invention
- the padding application method according to the present invention will be described with reference to FIG. 1A, as follows.
- n k-k-k, where G corresponds to an n-bit bit string to a k-bit bit string.
- a hash function that maps H 'to a bit string of k bits with a bit string of n + k bits
- H be a hash function that maps a bit string of k bits to a bit string of n + k bits.
- OAEP + padding is performed. That is, a bit string R of k bits is randomly selected, and the exclusive OR s ° of each bit of G (R) and M is calculated,
- A is a mapping m r that maps elements of L X L to bit strings of k bits or less.
- X represents the range that (m, r) can take
- L represents the space of the entire ciphertext.
- bit string w may be equally divided into the first half bit string and the second half bit string, and may be respectively set to m and r.
- e E f (m) is calculated and encrypted, and e is transmitted to the ciphertext receiver.
- r. After decrypting w, restore M in the same way as OAEP + padding. Specifically, first, w is w s
- t s
- Restore R by taking exclusive OR, and calculate bitwise exclusive OR of G (R) and s
- Fig. 1 (B) in the scheme proposed in Non-Patent Document 417 mentioned above, only m is constructed from plaintext M using OAEP + (or other) padding scheme, and r is any value. Is made using another means.
- These schemes are encryption schemes such as the El Gamal encryption scheme or the Payer-One encryption scheme that can only recover plain text and cannot recover random numbers on the receiving side. Since it is an ad-hoc method that can be used, security cannot be guaranteed, and complete decoding is possible especially in the case of NTRU.
- the scheme according to the present invention is a padding scheme applied to an encryption scheme such as NTRU that allows a recipient of a ciphertext to recover both plaintext and random numbers.
- an encryption scheme such as NTRU that allows a recipient of a ciphertext to recover both plaintext and random numbers.
- both m and r are created from plaintext M using the OAEP + padding method and a predetermined conversion rule (function A).
- function A a predetermined conversion rule
- security can be assured when applied to an encryption method such as NTRU, which enables a receiver of encrypted text to recover both plaintext and random numbers.
- secure encryption communication can be performed using the NTRU encryption method, which requires a small amount of memory and uses a high-speed encryption / decryption calculation algorithm.
- FIG. 2 is a block diagram showing an example of an encryption communication system in which the encryption Z decryption device according to the present invention is mounted. Here, encrypted communication is performed between communication terminals through a network.
- the communication terminal on the transmission side has a program control processor 10, a random number generator 11, a program memory 12, a memory 13, and a transmission / reception unit 14, and as described later, an OAEP + conversion stored in the program memory 12.
- a program control processor 10 By executing necessary programs such as conversion by the conversion function A and NTRU encryption, the plaintext is encrypted, and the encrypted text is transmitted from the transmission / reception unit 14 to the destination receiving terminal through the network.
- the memory 13 stores information necessary for encryption such as public information and a secret key.
- the receiving terminal also has a program control processor 20, a random number generator 21, a program memory 22, a memory 23, and a transmitting / receiving unit 24.
- the receiving terminal includes the program memory 22, the memory 13, and the transmitting / receiving unit 14.
- necessary programs such as NTRU decryption, random number restoration, inverse conversion, and OAEP + inverse conversion stored in the program memory 22
- the ciphertext received by the transmission / reception unit 24 is converted into plaintext.
- Decrypt The memory 23 stores information necessary for decryption such as public information and a secret key.
- FIG. 3 is a block diagram showing a functional configuration of the encryption Z decryption device according to the first embodiment of the present invention. It is a lock figure.
- the encryption Z decryption device according to the present embodiment includes an encryption device 100 for encrypting plaintext and a decryption device 200 for decrypting ciphertext into plaintext, and further includes a key generation device. It has a public information storage device 301 for storing public information necessary for decryption generated by 300 and a secret key storage device 302 for storing secret key information required for decryption.
- the plaintext is provided to the encryption device 100 by the plaintext input device 101, and the encryption device 100 implements processes such as an OAEP + conversion unit 102, a conversion unit 103 using the conversion function A, and an NTRU encryption unit 104. Have been.
- the cipher text generated by the encryption device 100 is output to, for example, a receiving terminal through the cipher text output device 105.
- the ciphertext is provided to the decryption device 200 by the ciphertext input device 201, and the decryption device 200 provides the NTRU decryption unit 202, the random number recovery unit 203, the inverse conversion unit 204 of the conversion function A, the OAEP + Processes such as the inverse transform unit 205 are realized.
- the plaintext generated by the decryption device 200 is output through the plaintext output device 206.
- FIG. 4 is a flowchart showing a key generation procedure in the first embodiment.
- the key generation device 1 selects the parameters k, k, and ko as follows: k, k, and k are positive integers and k + k ⁇ k ⁇ Meet L. Where L is
- G is a hash function that maps an n-bit bit sequence to a k-bit bit sequence
- H ′ is a hash function that associates a k-bit bit string with an n + k-bit bit string
- H is a hash function that associates a bit string of k bits with a bit string of n + k bits (step
- the key generation device 1 determines the conversion function A (Step S13).
- the conversion function A has k bits If the LXL element is mapped to the bit string below
- the key generation device 1 performs key generation in the same manner as in the NTRU. That is, L force is also 3 ⁇ 4, L
- f and g be private keys and h be a public key (step S14).
- the key generation device 1 keeps f and g secret in the secret key storage device 302 (step S15), and uses the public key of the NTRU, the hash function and the conversion function (p, q, N, L, L, L, L, L, L,
- step S f g r m k, k, k, G, ⁇ ′, H, A, h
- FIG. 5 is a flowchart showing an encryption procedure in the first embodiment.
- the encryption device 100 first receives the n-bit plaintext M from the plaintext input device 101 (step S21), and the public information p, q, N, L, L, L, L, k, k from the public information storage device 301. , k, G, ⁇ ', H, A,
- bit string R of k bits is randomly selected (step S23), and the OAEP + conversion section 102
- w is equally divided and the first half bit sequence is set to m and the second half bit sequence.
- FIG. 6 is a flowchart showing a decoding procedure in the first embodiment.
- the decryption device 200 receives the ciphertext e from the ciphertext input device 201 (step S31), and subsequently transfers the secret key corresponding to the ciphertext from the secret key storage device 302 to the secret key from the public information storage device 301. Receive the corresponding public information (step S32).
- t s
- step S35 the OAEP + inverse transformer 205 restores R by taking an exclusive OR for each bit of H (s) and t, and restores G (R) and s
- step S36 M is restored by calculating exclusive OR for each bit of 0 (step S36).
- FIG. 7 is a block diagram showing a functional configuration of the encrypted Z-decryption device according to the second embodiment of the present invention.
- the encryption Z decryption device according to the present embodiment includes an encryption device 400 for encrypting plaintext and a decryption device 500 for decrypting ciphertext into plaintext, and further includes a key generation device. It has a public information storage device 301 for storing public information necessary for decryption generated by 300 and a secret key storage device 302 for storing secret key information required for decryption.
- the plaintext is provided to the encryption device 400 by the plaintext input device 101, and the encryption device 400 receives the plaintext from the random number generation unit 401, the secret key encryption unit 402, the OAEP + conversion unit 403, and the conversion function A.
- the processes such as the conversion unit 404 and the NTRU encryption unit 405 are realized!
- the ciphertext generated by the encryption device 400 is output to, for example, a receiving terminal through the ciphertext output device 105.
- the ciphertext is provided to the decryption device 500 by the ciphertext input device 201, and the decryption device 500 provides the NTRU decryption unit 501, the random number recovery unit 502, the inverse conversion unit 503 of the conversion function A, the OAEP + inverse Processes such as the conversion unit 504 and the secret key encryption / decryption unit 505 are realized.
- the plaintext generated by the decryption device 500 is output through the plaintext output device 206.
- FIG. 8 is a flowchart showing a key generation procedure in the second embodiment.
- the key generation device 1 selects the parameters k, k, and ko as follows: k, k, and k are positive integers and k + k ⁇ k ⁇ Meet L. Where L is
- G is a hash function that maps an n-bit bit sequence to a k-bit bit sequence
- H ′ is a hash function that associates a k-bit bit string with an n + k-bit bit string
- H is a hash function that associates a bit string of k bits with a bit string of n + k bits (step
- the key generation device 1 determines a conversion function A (step S43).
- the transformation function A is a mapping that maps the elements of L X L to bit strings of k bits or less, and
- the key generation device 1 determines a common key encryption method E to be used (step S45),
- NTRU public key, hash function and transformation function (p, q, N, L, L, L, L, k, k, k, f g r m 0 1
- G, ⁇ ', H, A, h are stored in the public information storage device 301 and made public (step S46).
- FIG. 9 is a flowchart showing an encryption procedure according to the second embodiment.
- the encryption device 400 receives the n-bit plaintext X from the plaintext input device 101 (step S51), and the public information p, q, N, L, L, L, L, k, k from the public information storage device 301. , k, G, ⁇ ', H, A, and fgrm 0 1
- E (X) is obtained by encrypting plaintext X using M as a key in accordance with the common key cryptosystem E.
- bit string R of k bits is randomly selected (step S55), and the OAEP + conversion unit 403
- w is divided into two, and the first half bit string is m and the second half bit string 3 ⁇ 4 ⁇ .
- FIG. 10 is a flowchart showing a decryption procedure in the second embodiment.
- the encrypting device 500 receives the ciphertext e from the ciphertext input device 201 (step S61), and subsequently converts the secret key corresponding to the ciphertext from the secret key storage device 302 and the secret key from the public information storage device 301. Receive public information (step S62).
- NTRU decryption unit 501 decrypts cipher text e using public information and a secret key in the same manner as in the NTRU encryption method.
- t s
- the OAEP + inverse conversion unit 504 restores R by taking the exclusive OR of H (s) and t for each bit, and obtains the exclusive OR of G (R) and s for each bit. Restore M by calculating (
- the ciphertext is decrypted by using the key M of the secret key, and the plaintext X is output (step S68). If it is not valid, the ciphertext e outputs ⁇ as an invalid ciphertext (step S69).
- FIG. 1 (A) is a conceptual block diagram of an encryption padding apparatus using a padding application method according to the present invention, and (B) is a conventional encryption padding method using an OAEP-based padding method. It is a conceptual block diagram of a device.
- FIG. 2 is a block diagram showing an example of a cryptographic communication system equipped with an encryption Z decryption device according to the present invention.
- FIG. 3 is a block diagram showing a functional configuration of an encryption / decryption device according to the first embodiment of the present invention.
- FIG. 4 is a flowchart showing a key generation procedure in the first embodiment.
- FIG. 5 is a flowchart showing an encryption procedure in the first embodiment.
- FIG. 6 is a flowchart showing a decoding procedure in the first embodiment.
- FIG. 7 is a block diagram showing a functional configuration of an encryption / decryption device according to a second embodiment of the present invention.
- [8] is a flowchart showing a key generation procedure in the second embodiment.
- FIG. 9 is a flowchart showing an encryption procedure in the second embodiment.
Landscapes
- Engineering & Computer Science (AREA)
- Pure & Applied Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Physics & Mathematics (AREA)
- Algebra (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP05721337.3A EP1734493B1 (en) | 2004-03-31 | 2005-03-23 | Padding application method to ensure the security of the ntru encryption |
US10/561,216 US7321658B2 (en) | 2004-03-31 | 2005-03-23 | Padding application method ensuring security of cryptosystem and encryptor/decryptor |
JP2006511999A JP4715748B2 (ja) | 2004-03-31 | 2005-03-23 | 暗号方式の安全性を保証するパディング適用方法 |
AU2005230066A AU2005230066A1 (en) | 2004-03-31 | 2005-03-23 | Padding application method guaranteeing safety of encryption method |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2004102399 | 2004-03-31 | ||
JP2004-102399 | 2004-03-31 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2005098796A1 true WO2005098796A1 (ja) | 2005-10-20 |
Family
ID=35125301
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2005/005287 WO2005098796A1 (ja) | 2004-03-31 | 2005-03-23 | 暗号方式の安全性を保証するパディング適用方法 |
Country Status (5)
Country | Link |
---|---|
US (1) | US7321658B2 (ja) |
EP (1) | EP1734493B1 (ja) |
JP (1) | JP4715748B2 (ja) |
AU (1) | AU2005230066A1 (ja) |
WO (1) | WO2005098796A1 (ja) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4664850B2 (ja) * | 2006-03-30 | 2011-04-06 | 株式会社東芝 | 鍵生成装置、プログラム及び方法 |
US8484485B2 (en) * | 2008-06-04 | 2013-07-09 | Panasonic Corporation | Encryption device and encryption system |
CN103780382B (zh) * | 2014-01-13 | 2017-01-18 | 华南理工大学 | 一种基于超球面的多变量公钥加密/解密系统及方法 |
WO2020229436A1 (en) * | 2019-05-13 | 2020-11-19 | Pii Guard Aps | A computer-implemented method of performing feistel-network-based block-cipher encryption of plaintext |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000516733A (ja) * | 1996-08-19 | 2000-12-12 | エヌティーアールユー クリプトシステムズ,インコーポレーテッド | 公開鍵暗号システム方法および装置 |
EP1249963A2 (en) | 2001-04-11 | 2002-10-16 | Hitachi, Ltd. | Method of a public key encryption and a cypher communication both secure against a chosen-ciphertext attack |
EP1304829A2 (en) | 2001-10-19 | 2003-04-23 | Matsushita Electric Industrial Co., Ltd. | A numerical array output device, a numerical array output method, an encryption device, and a decryption device |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2871690B2 (ja) * | 1988-04-28 | 1999-03-17 | 日本電気株式会社 | 符号化装置及び復号化装置 |
US5345507A (en) * | 1993-09-08 | 1994-09-06 | International Business Machines Corporation | Secure message authentication for binary additive stream cipher systems |
GB0013349D0 (en) * | 2000-06-01 | 2000-07-26 | Tao Group Ltd | Pseudo-random number generator |
US7020776B2 (en) * | 2000-06-22 | 2006-03-28 | Microsoft Corporation | Cryptosystem based on a Jacobian of a curve |
US20020199001A1 (en) * | 2001-02-25 | 2002-12-26 | Storymail, Inc. | System and method for conducting a secure response communication session |
IL154651A0 (en) * | 2000-08-29 | 2003-09-17 | Ntru Cryptosystems Inc | Speed enhanced cryptographic method and apparatus |
JP2002252611A (ja) * | 2000-12-19 | 2002-09-06 | Matsushita Electric Ind Co Ltd | 暗号通信システム、送信装置及び受信装置 |
JP4208230B2 (ja) * | 2001-10-19 | 2009-01-14 | パナソニック株式会社 | 配列出力装置、配列出力方法、暗号化装置、および復号化装置 |
US20040151307A1 (en) * | 2003-02-03 | 2004-08-05 | Lih-Chung Wang | Tractable rational map public-key system |
-
2005
- 2005-03-23 JP JP2006511999A patent/JP4715748B2/ja not_active Expired - Fee Related
- 2005-03-23 WO PCT/JP2005/005287 patent/WO2005098796A1/ja not_active Application Discontinuation
- 2005-03-23 EP EP05721337.3A patent/EP1734493B1/en not_active Expired - Fee Related
- 2005-03-23 US US10/561,216 patent/US7321658B2/en active Active
- 2005-03-23 AU AU2005230066A patent/AU2005230066A1/en not_active Abandoned
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000516733A (ja) * | 1996-08-19 | 2000-12-12 | エヌティーアールユー クリプトシステムズ,インコーポレーテッド | 公開鍵暗号システム方法および装置 |
EP1249963A2 (en) | 2001-04-11 | 2002-10-16 | Hitachi, Ltd. | Method of a public key encryption and a cypher communication both secure against a chosen-ciphertext attack |
EP1304829A2 (en) | 2001-10-19 | 2003-04-23 | Matsushita Electric Industrial Co., Ltd. | A numerical array output device, a numerical array output method, an encryption device, and a decryption device |
Non-Patent Citations (3)
Title |
---|
NGUYEN P.Q. AND POINTCHEVAL D. ET AL: "Analysis and Improvements of NTRU Encryption Paddings.", LNCS., vol. 2442, 2002, pages 210 - 225, XP002989876 * |
See also references of EP1734493A4 * |
SHOUP V. ET AL: "OAEP Reconsidered (Entended Abstract)", LNCS., vol. 2139, 2001, pages 239 - 259, XP000988705 * |
Also Published As
Publication number | Publication date |
---|---|
US7321658B2 (en) | 2008-01-22 |
EP1734493A4 (en) | 2010-03-10 |
EP1734493A1 (en) | 2006-12-20 |
JP4715748B2 (ja) | 2011-07-06 |
US20060171531A1 (en) | 2006-08-03 |
JPWO2005098796A1 (ja) | 2008-02-28 |
AU2005230066A1 (en) | 2005-10-20 |
EP1734493B1 (en) | 2013-11-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Perlner et al. | Quantum resistant public key cryptography: a survey | |
US9172529B2 (en) | Hybrid encryption schemes | |
US7443980B2 (en) | Hierarchical identity-based encryption and signature schemes | |
Coron | What is cryptography? | |
CN110011995B (zh) | 多播通信中的加密和解密方法及装置 | |
KR20050087815A (ko) | 키공유 시스템, 공유키 생성장치 및 공유키 복원장치 | |
CN110784314A (zh) | 无证书的加密信息处理方法 | |
US20050240762A1 (en) | Cryptographic method and apparatus | |
JP4715748B2 (ja) | 暗号方式の安全性を保証するパディング適用方法 | |
KR100396740B1 (ko) | 계산적 디피-헬만 가정에 기반하는 안전성 증명 가능한공개키 암호화 방법 | |
JP3517663B2 (ja) | 暗号通信方法及び暗号通信システム | |
Gobi et al. | A comparative study on the performance and the security of RSA and ECC algorithm | |
CN112733176B (zh) | 基于全域哈希的标识密码加密方法 | |
JP2004201124A (ja) | 公開鍵暗号方法,署名方法,暗号通信システム及びコンピュータプログラム | |
JP2005176144A (ja) | 端末装置、通信システム及び通信方法 | |
KR100388059B1 (ko) | 비대칭키 암호 알고리즘을 이용한 데이터 암호화 시스템및 그 방법 | |
Elkamchouchi et al. | A new proxy identity-based signcryption scheme for partial delegation of signing rights | |
JP2002023626A (ja) | 公開鍵暗号方法および公開鍵暗号を用いた通信システム | |
JP4612027B2 (ja) | 署名システム | |
CN116781243B (zh) | 一种基于同态加密的不经意传输方法、介质及电子设备 | |
AlDerai et al. | A Study of Image Encryption/Decryption by Using Elliptic Curve Cryptography ECC | |
JP4284867B2 (ja) | 標準モデル上で適応的選択暗号文攻撃に対して安全な公開鍵暗号方法 | |
Karki | A comparative analysis of public key cryptography | |
WO2000045548A1 (fr) | Chiffreur a cle non protegee et procede de partage de cle | |
Tomar et al. | Implementation of elliptic–curve cryptography |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2005721337 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2005230066 Country of ref document: AU |
|
ENP | Entry into the national phase |
Ref document number: 2005230066 Country of ref document: AU Date of ref document: 20050323 Kind code of ref document: A Ref document number: 2006171531 Country of ref document: US Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10561216 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 2005230066 Country of ref document: AU |
|
WWP | Wipo information: published in national office |
Ref document number: 10561216 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2006511999 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
WWP | Wipo information: published in national office |
Ref document number: 2005721337 Country of ref document: EP |