The present invention relates to a security technology on a computer network.
In an operation to keep secret information such as a secret key used in a public key cryptosystem, there exit a fear of losing and/or destroying the secret information as well as a fear that the secret information is stolen. Such loss and destruction of the secret information can be coped with by producing several copies of the information. However, when many copies are produced, the fear of stealing of the information is increased.
To solve these problems, there have been introduced secret sharing methods including a (k,n) threshold secret sharing method. In relation thereto, Shamir""s will be described.
Assume that a polynomial f(x) of degree of kxe2x88x921 has secret information s as a constant term thereof
f(x)=s+a1x+a2x2+. . . +akxe2x88x921xkxe2x88x921(mod r)
where, r is a prime number.
Under this condition, a distributor delivers shared information wi=f(i) to each secret sharing bearer i(i=1, 2, . . . , n). For details, reference is to be made to xe2x80x9cHow to Share a Secretxe2x80x9d written by A. Shamir in pages 612 to 613 of Commun. of ACM, Vol. 22, No. 11, 1979.
On the other hand, the public key cryptosystems includes elliptic curve cryptosystems. Details about elliptic curve cryptosystems and operation on elliptic curves have been described in Chapter 6 of xe2x80x9cAlgebraic Aspects of Cryptographyxe2x80x9d written by Neal Koblitz in ACM, Vol. 3, 1998 and published from Springer.
However, when conducting encryption and decryption of information by use of the Shamir""s (k,n) threshold secret sharing method of the prior art, there arise two problems as follows.
(1) The secret information is known to the distributor.
(2) There is required a distributor organization to produce secret sharing information.
It is therefore an object of the present invention to provide a highly reliable and safe secret sharing method, a data management system using the same, constituent apparatuses to implement the system, and a program to be executed therein.
In accordance with the present invention, there is provided a data encryption/decryption method comprising an encryption step and a decryption step. The encryption step includes the following steps of preparing n pairs of secret keys and public keys in a public-key cryptographic scheme, where n is a positive integer, generating a new key in accordance with at least one of the public keys, encrypting data in a common-key cryptographic scheme by use of the new key, preparing a (k,n) threshold logic (k is an positive integer equal to or less than n) having terms associated with the new key and the n public keys, conducting a calculation of the threshold logic by use of the new key and the n public keys, and storing encrypted data and a result of the calculation of the threshold logic. The decryption step includes the following steps of restoring the new key from k secret keys selected from the n secret keys and the stored result of the threshold logic calculation in accordance with a threshold reverse logic corresponding to the threshold logic and decrypting by the restored key the encrypted and stored data in the common-key cryptographic scheme.
As a result of this method, after the information is encrypted, it is not necessary to again distribute secret information to the bearers and hence the distributor organization becomes unnecessary. Moreover, the absence of the distributor accordingly removes the fear that the secret information is known to the distributor.
Additionally, by adopting an elliptic curve cryptosystem as the public key cryptosystem, the processing speed can be increased.