1. Field of the Invention
The present invention relates to a method of sharing a cryptokey for cryptographic communications between entities on a computer network.
2. Description of the Prior Art
Recent years have seen a pressing need for ciphertext communication technology to keep communication data secret from third parties for communications on a network such as the Internet.
One well known type of such ciphertext communication technology is a form of public key cryptography known as RSA. Another form of ciphertext communication technology which is generally known in the art is a process of sharing a cryptokey used for communications between entities on a network. According to such a process of sharing a cryptokey, a transmitting entity encrypts communication data of a plaintext using a cryptokey and then transmits the cryptographic communication data to a receiving entity. Then, the receiving entity decrypts the received cryptographic communication data back into the original communication data, using the same cryptokey as the cryptokey used by the transmitting entity. The term "entity" used above signifies any existing body for carrying out communications, e.g., a device such as a terminal connected to the network, a user of the device, a program for operating the device, a combination thereof, or the like.
Conventional attempts to realize the process of sharing a cryptokey are disclosed in "NON-PUBLIC KEY DISTRIBUTION/Advances in Cryptography: Proceedings of CRYPTO '82/Plenum Press, 1983, pp. 231-236" by Rolf Blom, "An Optimal Class of Symmetric Key Generation Systems/Advances in Cryptology: EUROCRYPT '84/Springer LNCS 209, 1985, pp. 335-338" by Rolf Blom, Japanese patent publication No. 5-48980, and U.S. Pat. No. 5,016,276, for example.
According to the above disclosed proposals, a center or central facility established on the network generates a secret private key for each of the entities for generating a common cryptokey and distributes the generated secret private key to each of the entities. When the entities communicate with each other, each of the entities applies its own secret private key to the other entity's identifier (name, address, or the like), generating a common cryptokey shared by the entities.
In the above process, the secret private key for each of entities is generated by transforming the identifier of each entity according to a center algorithm which is held by the center only and common to the entities.
More specifically, if the center algorithm is expressed as a function P(x, y) of variables x, y representing two arbitrary identifiers, respectively, then the center algorithm is established so that it has a symmetry represented by P(x, y)=P(y, x). A function P(x, i) (hereinafter expressed as "Pi(x)") which is generated when the actual identifier i of each of the entities is substituted in the value of the variable y, for example, of the variables x, y of the function P(x, y) is distributed as a secret private key to each entity. When the entity having the identifier i subsequently communicates with the entity having the identifier j, the entity having the identifier i applies the identifier j of the other entity to its own secret private key Pi(x), i.e., sets the variable x to "j", thus generating a cryptokey Pi(j). Similarly, the entity having the identifier j applies the identifier i of the other entity to its own secret private key Pj(x), thus generating a cryptokey Pj(i). Since the center algorithm has the above symmetry, the cryptokey Pi(j) is equal to the cryptokey (Pi(j)=Pj(i)). Therefore, the entities having the respective identifiers i, j have obtained a common cryptokey.
With the above process of sharing a cryptokey, each entity can obtain a cryptokey common to itself without any other arbitrary entity involving the center simply by applying the identifier of the arbitrary entity to its own secret private key. Consequently, the above process of sharing a cryptokey is effective to simplify a cryptosystem on a computer network.
According to the above process of sharing a cryptokey, it is important that the center algorithm should not easily be analyzed in order to keep ciphertexts secret.
While the above process of sharing a cryptokey offers the advantages described above, the secret private keys of respective entities, a cryptokey generated from the secret private keys, and communication data encrypted by the cryptokey thus generated all contain information regarding the center algorithm. Because the center algorithm is common to the entities, it is generally open to attack by a plurality of collaborating entities as described in "Performance of Linear Schemes for the Keypredistribution System/IEICE Technical Report on Information Security, May 20, 1988, pp. 29-32" by Matsumoto.
If entity names are used as identifiers, then since many similar names tend to occur, the identifiers are not well dispersed, i.e., the distribution of the identifiers is liable to be localized. Many of the secret private keys of the entities which are produced by applying the center algorithm to those identifiers tend to be analogous to each other. As a result, cryptographic communication data are subject to so-called differential attack.
Consequently, there has been a demand for increased security against various forms of attack against the above process of sharing a cryptokey.