1. Field of the Invention
This invention relates to a secret key generation method for generating secret keys peculiar to entities, to an encryption method for encrypting information so that it will be unintelligible to any but an authorized party, and to a cryptographic communications method which performs communications with ciphertext.
2. Description of the Related Art
In today's world, characterized by sophisticated information utilization, important business documents and image information are transmitted and processed in the form of electronic information over an infrastructure of computer networks. By its very nature, electronic information can be easily copied, making it extremely difficult to distinguish between the copy and the original, and information security has become a very serious problem. The realization of computer networks which support “shared computer resources,” “multi-access,” and “broad-area implementation” is particularly indispensable to the establishment of a high-level information society. However, that very realization involves aspects which are inconsistent with the security of information exchanged between authorized parties. An effective technique for eliminating that inconsistency is encryption technology, which up until now, in the course of human history, has been primarily used in the fields of military operations and foreign diplomacy.
Cryptography is the process of exchanging information so that its meaning cannot be understood by anyone other than the authorized parties. In cryptographic operations, the conversion of the original text (plaintext) that anyone can understand to text (ciphertext) the meaning of which cannot be understood by a third party is called encryption, and the restoration of the ciphertext to plaintext is called decryption. The overall system wherein this encryption and decryption are performed is called a cryptosystem. In the processes of encryption and decryption, respectively, secret information called encryption keys and decryption keys are employed. A secret decryption key is necessary at the time of decryption, wherefore only a party knowledgeable of that decryption key can decrypt the ciphertext. Accordingly, the confidentiality of the information is maintained by the encryption.
The encryption key and decryption key may be the same or they may be different. A cryptosystem wherein both keys are the same is called a common key cryptosystem, and the DES (Data Encryption Standards) adopted by the Bureau of Standards of the U.S. Department of Commerce is a typical example thereof. Conventional examples of such common key encryption schemes can be divided into the following three types.
(1) Type 1
Methods wherewith all common keys to be shared with possible parties in cryptographic communications are held in secret.
(2) Type 2
Methods wherewith keys are mutually shared by a preparatory communication each time cryptographic communications are conducted (including Diffie-Hellman-based key sharing scheme, key distribution scheme based on public key schemes, etc.).
(3) Type 3
Methods wherewith disclosed identification information (ID information)) that specifies an individual, such as user (entity) name and address, etc., is used, and both the sending entity and receiving entity independently generate the same common key without preparatory communications (including KPS (key predistribution systems), ID-NIKS (ID-based non-interactive key sharing schemes), etc.).
Such conventional methods as seen in these three types of schemes are subject to the problems described below. With method 1, since all of the common keys are stored, this scheme is unsuitable for a network society wherein an unspecified large number of users become entities and conduct cryptographic communications. With method 2, there is a problem in that preparatory communications are required for key sharing.
Method 3 is a convenient method because it requires no preparatory communications, and a common key with any opposite party can be generated using the disclosed ID information of the opposite party together with characteristic secret parameters distributed beforehand from a center. Nevertheless, this scheme is subject to the following two problems. Firstly, the center must become a “big brother” (creating a key escrow system wherein the center holds the secrets of all of the entities). Secondly, there is a possibility that some number of entities could collude to compute the center secrets. In the face of this collusion problem, many innovative techniques have been devised to circumvent the problem by way of computation volume, but a complete solution is very difficult.
The difficulties of resolving this collusion problem arise from the fact that the secret parameters based on the ID information form dual structures comprising center secrets and personal secrets. With method 3, a cryptosystem is configured using the disclosed parameters of the center, the disclosed ID information of the individual entities, and the two types of secret parameters for the center and entities. Not only so, but it is necessary also to configure such that center secrets will not be revealed even if the entities compare the personal secrets distributed to each. Accordingly, there are many problems that must be resolved before this cryptosystem can be actually realized.