This application is based on application No. 10-036029 filed in Japan, the content of which is hereby incorporated by reference.
1. Field of the Invention
The present invention relates to cryptography techniques, especially a correctness verification technique for decrypted data, that are used in secret communication.
2. Description of the Related Art
Cryptographic techniques are used as one way to transmit important information securely without the information reaching third parties. Such techniques are used, for example, by e-mail (electronic mail) encryption systems that have broadcast functions, in which e-mail messages are encrypted and sent to a plurality of recipients.
The following describes, with reference to FIG. 1, the operation of an example e-mail encryption system that has a broadcast function,
Mail sender 1501 encrypts message 1531 written in a plaintext form using public key 1521 to generate a ciphertext. The generated ciphertext is sent to mail recipients 1502-1505 in mail recipient group 1541. Mail recipients 1502-1505 then decrypt the received ciphertext using secret key 1523 to obtain the message in the plaintext form.
Mail sender 1501 also encrypts another message 1532 using another public key 1522 to generate another ciphertext. The generated ciphertext is sent to mail recipients 1505-1507 in another mail recipient group 1542. Mail recipients 1505-1507 then decrypt the received ciphertext using another secret key 1524 to obtain the message in the plaintext form.
Encrypted communication is generally achieved thorough the following steps: (a) encryption of a plaintext, (b) transmission of a ciphertext and other data, (c) decryption of the ciphertext, and (d) verification of a decrypted plaintext.
In the above e-mail encryption system, a message addressed to a plurality of recipients is encrypted once to generate a single ciphertext that is broadcast to the recipients. However, should mail recipient 1505 mistakenly use secret key 1524, instead of secret key 1523, to decrypt a message that has been encrypted with public key 1521, the encrypted message will not be correctly decrypted. In other cases, errors during transmission can result in a partial loss of the ciphertext or in mistransmission of its content. Here also, the encrypted message will not be correctly decrypted. In this way, a mail recipient having two or more secret keys can""t know, whether a failure to correctly decrypt a ciphertext is due to the use of the wrong secret key or an error during transmission.
In view of the above problem, the present invention aims to provide an encryption device, a decryption device, an encryption method, a decryption method, a cryptography system, a computer-readable recording medium that stores an encryption program, and a computer-readable recording medium that stores a decryption program, wherein verification data is generated with which it can be verified, when a ciphertext is not correctly decrypted, whether encrypted communication has been performed without errors up to the step of xe2x80x9c(b) transmission of a ciphertext and other dataxe2x80x9d in the steps (a)-(d) for encrypted communication that are described above.
The encryption device encrypts a plaintext to generate a ciphertext and outputs the ciphertext to a decryption device, the encryption device including: a plaintext storage unit for storing a plaintext; a first generating unit for generating first verification data by performing a first message digest algorithm for the plaintext, the plaintext having been read from the plaintext storage unit; an encryption unit for encrypting the plaintext using a predetermined encryption algorithm to generate a ciphertext, the plaintext having been read from the plaintext storage unit; a second generating unit for generating second verification data by performing a second message digest algorithm for a combination of the first verification data and the ciphertext; and a data outputting unit for outputting the ciphertext, the first verification data, and the second verification data to the decryption device.
With the construction of this encryption device, the first verification data is generated by performing the first message digest algorithm for the plaintext, and the second verification data is generated by performing the second message digest algorithm for the combination of the first verification data and the ciphertext. As a result, the encryption device can send to the decryption device information with which it can be verified, when the ciphertext is not correctly decrypted by the decryption device, whether encrypted communication has been performed without errors up to the step of xe2x80x9c(b) transmission of a ciphertext and other dataxe2x80x9d in the steps (a)-(d) for encrypted communication.
Here, the first generating Unit may include a digital signature generation algorithm in addition to the first message digest algorithm and generate first verification data by performing the first message digest algorithm for the plaintext to produce a message digest and then performing the digital signature generation algorithm for the message digest.
With the construction of the above encryption device, the first verification data is generated by performing the digital signature generation for the message digest generated by performing the first message digest algorithm, and the second verification data is generated by performing the second message digest algorithm for the combination of the first verification data and the ciphertext. As a result, this encryption device has an advantage of being able to send to the decryption device information that the decryption device can use to confirm the sender of a message, in addition to the advantage, which was described earlier, of being able to send verification information
Here, the second generating unit may have a digital signature generation algorithm in addition to the second message digest algorithm and generate second verification data by performing the second message digest algorithm for the combination of the first verification data and the ciphertext to produce a message digest and then performing the digital signature generation algorithm for the message digest.
With the construction of this encryption device, the first verification data is generated by performing the first message digest algorithm, and the second verification data is generated by performing the digital signature generation for the message digest generated by performing the second message digest algorithm for the combination of the first verification data and the ciphertext. As a result, this encryption device has an advantage of being able to send information that the decryption device can use to confirm the sender of a message, in addition to the advantage, which was described earlier, of being able to send verification information.
The encryption device encrypts a plaintext to generate a ciphertext and outputs the ciphertext to a decryption device, the encryption device including: a plaintext storage unit for storing a plaintext; a first generating unit for generating first verification data by performing a first message digest algorithm for the plaintext, the plaintext having been read from the plaintext storage unit; an encryption unit for encrypting the plaintext using a predetermined encryption algorithm to generate a ciphertext, the plaintext having been read from the plaintext storage unit; a second generating unit for generating second verification data by performing a second message digest algorithm for the ciphertext; and a data outputting unit for outputting the ciphertext, the first verification data, and the second verification data to the decryption device.
For the construction of this encryption device, the first verification data is generated by performing the first message digest algorithm for the plaintext, and the second verification data is generated by performing the second message digest algorithm for the ciphertext. Since data sizes of the first verification data and the second verification data are much smaller than the ciphertext and so the first verification data and the second verification data can be assumed to include no errors, the encryption device can send to the decryption device information showing that the wrong secret key was used for decryption when the verification of the first verification unit fails whereas that of the second verification unit succeeds, or that an error has occurred for the ciphertext when the verifications of both first verification unit and second verification unit fail.
Here, the second generating unit may have a digital signature generation algorithm in addition to the second message digest algorithm and generate second verification data by performing the second message digest algorithm for the ciphertext to produce a message digest and then performing the digital signature generation algorithm for the message digest.
With the construction of this encryption device, the first verification data is generated by performing the first message digest algorithm for the plaintext, and the second verification data is generated by performing the second message digest algorithm for the ciphertext to generate the message digest and then performing a digital signature generation for the generate message digest to generate the second verification data. As a result, this encryption device has an advantage of being able to send information that the decryption device can use to confirm the sender of a message in addition to information showing that the wrong secret key was used for decryption when the verification of the first verification unit fails whereas that of the second verification unit succeeds, or that an error has occurred for the ciphertext when the verifications of both first verification unit and the second verification unit fail, since data sizes of the first verification data and the second verification data are much smaller than the ciphertext and so the first verification data and the second verification data can be assumed to include no error.
The above object may be also achieved by the device decrypting a ciphertext outputted from an encryption device, the decryption device including: a data receiving unit for receiving the ciphertext, first verification data, and second verification data that have been outputted from the encryption device, wherein the ciphertext is generated by encrypting a plaintext using a predetermined encryption algorithm, wherein the first verification data is generated by performing a first message digest algorithm for the plaintext, and wherein the second verification data is generated by performing a second message digest algorithm for a combination of the first verification data and the ciphertext; a decryption unit for decrypting the received ciphertext using a decryption algorithm that decrypts ciphertexts encrypted by the predetermined encryption algorithm to generate a decrypted plaintext; a first generating unit for generating third verification data by performing an algorithm corresponding to the first message digest algorithm for the decrypted plaintext; a first verification unit for verifying the received first verification data using the third verification data; a second generating unit for generating fourth verification data by performing an algorithm corresponding to the second message digest algorithm for a combination of the received first verification data and the received ciphertext; a second verification unit for verifying the received second verification data using the fourth verification data; and an outputting unit for outputting results of the first verification unit and the second verification unit.
With the construction of this decryption device, it can be verified, when the ciphertext is not decrypted correctly, whether encrypted communication has been performed without errors up to the step of xe2x80x9c(b) transmission of a ciphertext and other dataxe2x80x9d in the steps (a)-(d) to encrypted communication, using the first verification data and the second verification data outputted from the encryption device,
Here, the first verification unit may verify the received first verification data using the third verification data according to a digital signature verification algorithm that verifies a signature made by a digital signature generation algorithm, wherein the first verification data may be generated by performing the first message digest algorithm for the plaintext to produce a message digest and then performing the digital signature generation algorithm for the message digest.
For the construction of this decryption device, the user is able to confirm the sender of a message as well as know, when the ciphertext is not correctly decrypted, whether encrypted communication has been performed without errors up to the step of xe2x80x9c(b) transmission of a ciphertext and other dataxe2x80x9d in the steps (a)-(d) for encrypted communication, using the first verification data and the second verification data outputted from the encryption device.
Here, the second verification unit may verify the received second verification data using the fourth verification data according to a digital signature verification algorithm that verifies a signature made by a digital signature generation algorithm and wherein the second verification data is generated by performing the second message digest algorithm for the combination of the first verification data and the ciphertext to produce a message digest and then performing the digital signature generation algorithm for the message digest.
For the construction of this decryption device, the user is able to confirm the sender of a message as well as to know, when the ciphertext is not correctly decrypted, whether encrypted communication has been performed without errors up to the step of xe2x80x9c(b) transmission of a ciphertext and other dataxe2x80x9d in the steps (a)-(d) for encrypted communication, using the first verification data and the second verification data outputted from the encryption device.
The above object may be also achieved by the decryption device decrypting a ciphertext outputted from an encryption device, the decryption device including: a data receiving unit for receiving the ciphertext, first verification data, and second verification data that have been outputted from the encryption device, wherein the ciphertext is generated by encrypting a plaintext using a predetermined encryption algorithm, wherein the first verification data is generated by performing a first message digest algorithm for the plaintext, and wherein the second verification data is generated by performing a second message digest algorithm for the ciphertext; a decryption unit for decrypting the received ciphertext using a decryption algorithm that decrypts ciphertexts encrypted by the predetermined encryption algorithm to generate a decrypted plaintext; a first generating unit for generating third verification data by performing an algorithm corresponding to the first message digest algorithm for the decrypted plaintext; a first verification unit for verifying the received first verification data using the third verification data; a second generating unit for generating fourth verification data by performing an algorithm corresponding to the second message digest algorithm for the received ciphertext; a second verification unit for verifying the received second verification data using the fourth verification data; and an outputting unit for outputting results of the first verification unit and the second verification unit.
With the construction of this decryption device, when the ciphertext is not decrypted correctly, the user can know that the wrong secret key was used for decryption when the verification of the first verification unit fails whereas that of the second verification unit succeeds, or that an error has occurred for the ciphertext when the verifications of both first verification unit and second verification unit fail. This is because data sizes of the first verification data and the second verification data are much smaller than the ciphertext, and so the first verification data and the second verification data can be assumed to include no error.
The above object may be also achieved by the decryption device decrypting a ciphertext outputted from an encryption device, the decryption device including: a data receiving unit for receiving the ciphertext, first verification data, and second verification data that have been outputted from the encryption device, wherein the ciphertext is generated by encrypting a plaintext using a predetermined encryption algorithm, wherein the first verification data is generated by performing a first message digest algorithm for the plaintext, and wherein the second verification data is generated by performing a second message digest algorithm for the ciphertext to produce a message digest and then performing a digital signature generation algorithm for the message digest; a decryption unit for decrypting the received ciphertext using a decryption algorithm that decrypts ciphertexts encrypted by the predetermined encryption algorithm to generate a decrypted plaintext; a first generating unit for generating third verification data by performing an algorithm corresponding to the first message digest algorithm for the decrypted plaintext; a first verification unit for verifying the received first verification data using the third verification data; a second generating unit for generating fourth verification data by performing an algorithm corresponding to the second message digest algorithm for the received ciphertext; a second verification unit for verifying the received second verification data using the fourth verification data according to a digital signature verification algorithm that verifies a signature made by the digital signature generation algorithm; and an outputting unit for outputting results of the first verification unit and the second verification unit.
With the construction of this decryption device, the user is able to confirm the sender of a message as well as know that the wrong secret key was used for decryption when the verification of the first verification unit fails whereas that of the second verification unit succeeds, or that an error has occurred for the ciphertext when the verifications of both first verification unit and second verification unit fail. This is because data sizes of the first verification data and the second verification data are much smaller than the ciphertext, and so the first verification data and the second verification data can be assumed to include no error.