Key based authentication and encryption methodologies are conventionally used as a secure manner of authentication and encryption, and can exist in many forms. For example, in a (Rivest Shamir Adleman) RSA based public key infrastructure (PKI), a sender encrypts a message to be sent to a recipient into ciphertext by a public key of the recipient. The recipient has previously made the public key freely available. The recipient can decrypt the ciphertext by using a private key known only by the intended recipient to obtain the message. Thereby, the sender can know with certainty that the message was only read by the intended recipient.
In detail, the public key includes a first integer n (the modulus) that is obtained by multiplying two large prime numbers p and q as shown in Equation (1):n=p*q  (1)
The public key also includes a second integer that is obtained by first calculating an integer z according to Equation (2):z=(p−1)(q−1)  (2)
The second integer e of the public key is obtained by choosing an integer that is prime relative to z. The public key includes both of these integers (n, e).
The private key also includes the modulus n and an integer d that is obtained by satisfying Equation (3):d*e mod z=1  (3)
When choosing e, d and z should have no common divisor other than 1. That is, d is the multiplicative inverse of e. The private key is then (n, d). In principle, the integer e of the private key can be obtained from the public key. However, this requires knowledge of z, which in turn requires knowledge of the prime factors of the modulus n. By assumption, determining the factors of the modulus n is computationally infeasible as long as n is sufficiently large.
The message M can then be encrypted into data, referred to as ciphertext C, according to Equation (4) for encryption:C=Me mod n  (4)
The cyphertext is transmitted over a communication medium to the recipient. The recipient can then recover the original message M by Equation (5) for decryption:M=Cd mod n  (5)
In practice, a user will be assigned the modulus n and integer e of the public key by a key generation program that may generate the integers randomly. However, a problem may occur when the generated public key is a unity key. By definition, a resultant output of an operation on a unity key will be the same as an input. Therefore, if a message is encrypted by a unity key, the ciphertext will be similar to the message itself, thereby defeating the purpose of encryption. Further, the difficulty an obtaining the prime factors of the modulus n may be reduced significantly once an individual discovers that the public key is a unity key, thereby compromising the private key of the PKI.
For example, suppose in an exemplary encryption operation a message M=2 is encrypted by a public key that includes modulus n=15 and e=5. The encryption operation will be performed according to Equation 4 in which C=25 mod 15=2. That is, because the public key (2, 5) is a unity key, the resultant ciphertext (C=2) is equal to the message (M=2).
The above problem regarding a unity key can also occur during a digital signature generation and a digital signature verification process. For example, a party may desire to verify that a particular entity from which a message is received is actually that particular entity. Therefore, before sending the message, the particular entity can sign the message with a digital signature based upon the particular entity's private key by, for example, encrypting a portion of the message with the private key. The party can then verify that the digital signature is valid by decrypting the digital signature with the public key for the particular entity. The party can then have a certain degree of confidence that the particular entity is the entity it claims to be if the message is successfully decrypted because only that particular entity will have the private key. However, if the private key is a unity key, the digital signature will be equal to the portion of the message. Further, if the public key is a unity key, the decrypted message will be equal to the ciphertext. Thus, the desired level of confidence cannot be achieved.
Therefore it would be desirable for a solution to enable rejection of encryption, decryption, digital signatures, verification, or generally any operation based upon a unity key. In addition, factors such as scalability, standards compliance, regulatory compliance, security administration and the like must also be taken into consideration.
While a general background including problems in the art are described hereinabove, with occasional reference to related art or general concepts associated with the present invention, the above description is not intended to be limiting since the primary features of the present invention will be set forth in the description which follows. Some aspects of the present invention not specifically described herein may become obvious after a review of the attendant description, or may be learned by practice of the invention. Accordingly, it is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only in nature and are not restrictive of the scope or applicability of the present invention.