The present invention relates to a key sharing method for sharing a common key between both entities without a preliminary communication, a secret key generating method and device for generating a secret key of each entity in a center, a common key generating method and device for generating a common key necessary for an encrypting process and a decrypting process on each entity side, a cryptographic communication method and system for carrying out a communication by using a ciphertext such that people other than a concerned participant cannot know the contents of information, and a memory product/data signal embodied in carrier wave for recording/transmitting operation programs for these methods.
In the modern society, called a highly information-oriented society, based on a computer network, important business documents and image information are transmitted and communicated in a form of electronic information. Such electronic information cab be easily copied, so that it tends to be difficult to discriminate its copy and original from each other, thus bringing about an important issue of data integrity. In particular, it is indispensable for establishment of a highly information oriented society to implement such a computer network that meets the factors of “sharing of computer resources,” “multi-accessing,” and “globalization,” which however includes various factors contradicting the problem of data integrity among the parties concerned. In an attempt to eliminate those contradictions, encrypting technologies which have been mainly used in the past military and diplomatic fields in the human history are attracting world attention as an effective method for that purpose.
A cipher is defined as exchanging information in such a manner that no one other than the participants can understand the meaning of the information. In the field of ciphers, encryption is defined as converting an original text (plaintext) that can be understood by anyone into a text (ciphertext) that cannot be understood by the third party and decryption is defined as restoring a ciphertext into a plaintext, and cryptosystem is defined as the overall processes covering both encryption and decryption. The encrypting and decrypting processes use secret information called an encryption key and a decryption key, respectively. Since the secret decryption key is necessary in decryption, only those knowing this decryption key can decrypt ciphertexts, thus maintaining data security.
The encryption key and the decryption key may be either the same or different from each other. A cryptosystem using the same key is called a common-key cryptosystem, and DES (Data Encryption Standards) employed by the Standard Agency of the USA Commerce Ministry is a typical example. As an example of the cryptosystem using the keys different from each other, a cryptosystem called a public-key cryptosystem has been proposed. In the public-key cryptosystem, each user (entity) utilizing this cryptosystem generates a pair of encryption and decryption keys and publicizes the encryption key in a public key list, thereby keeping only the decryption key in secret. In this public-key cryptosystem, the paired encryption and decryption keys are different from each other, so that the public-key cryptosystem has a feature that the decryption key cannot be known from the encryption key with a one-way function.
The public-key cryptosystem is a breakthrough in cryptosystem which publicizes the encryption key and meets the above-mentioned three factors required for establishing highly information-oriented society, so that it has been studied actively for its application in the field of information communication technologies, thus leading RSA cryptosystem being proposed as a typical public-key cryptosystem. This RSA cryptosystem has been implemented by utilizing the difficulty of factorization into prime factors as the one-way function. Also, a variety of other public-key cryptosystems have been proposed that utilize the difficulty of solving discrete logarithm problems.
Besides, a cryptosystem has been proposed that utilizes ID (identity) information identifying individuals, such as post address, name and electronic mail address of each entity. This cryptosystem generates an encryption/decryption key common to a sender and a receiver based on ID information. Besides, the following ID-information based cryptosystems are provided: (1) a technique which needs a preliminary communication between the sender and the receiver prior to a ciphertext communication and (2) a technique which does not need a preliminary communication between the sender and the receiver prior to a ciphertext communication. The technique (2), in particular, does not need a preliminary communication, so that its entities are very convenient in use, thus considered as a nucleus for the future cryptosystems.
A cryptosystem according to this technique (2) is called ID-NIKS (ID-based non-interactive key sharing scheme), whereby sharing an encryption key without a preliminary communication is enabled by employing ID information of a communication partner. The ID-NIKS needs not exchange a public key or a secret key between a sender and a receiver nor receive a key list or services from third parties, thus securing safe communications between any given entities.
FIG. 1 shows principles for this ID-NIKS system. This system assumes the presence of a reliable center, around which a common-key generation system is configured. In FIG. 1, the information specific to an entity X, i.e. its ID information of a name, a post address, a telephone number, an e-mail address, etc. is represented by h(IDx) using a hash function h(·). For an any given entity X, the center calculates secret information Sxi as follows on the basis of center public information {PCi} center secret information {SCi} and ID information h (IDx) of the entity X, and sends it to the entity X secretly:Sxi=Fi({SCi}, {PCi}, h(IDx)
The entity X generates, for communications between itself and another arbitrary entity Y, a common key KXY for encryption and decryption with its own secret {Sxi}, center public information {PCi} and entity Y's ID information h(IDY) of the partner entity Y as follows:KXY=f({Sxi}, {PCi}, h(IDY))
The entity Y also generates a common key KYX for the entity X similarly. If a relationship of KXY=KYX holds true always, these keys KXY and KYX can be used as the encryption and decryption keys between the entities X and Y.
In the above-mentioned public-key cryptosystem, for example, an RSA cryptosystem, its public key measures 10-fold and more as long as the presently used telephone number, thus being very troublesome. To guard against this, in the ID-NIKS, each ID information can be registered in a form of name list to thereby be referenced in generating a common key used between any given entities. Therefore, by safely implementing such an ID-NIKS system as shown in FIG. 1, a convenient cryptosystem can be installed over a computer network to which a lot of entities are subscribed. For these reasons, the ID-NIKS is expected to constitute a core of the future cryptosystem.
In an ID-NIKS sharing a common key to act as an encryption key and a decryption key each other without performing a preliminary communication using the ID information of a communication partner, particularly, it is desirable that sufficient safety should be maintained against a collusion attack in which a plurality of entities collude. Whether a cryptological safe ID-NIKS can be constructed or not is an important problem for an advanced computerization society and an ideal crypto scheme has been researched.