1. Common Key Encryption, Public Key Encryption and Enveloped Data
Two common types of cryptographic system are common key encryption systems and public key encryption systems. Within cryptographic systems, there are encryption keys for encrypting a plaintext and decryption keys for decrypting a ciphertext.
The common key encryption system includes common encryption and decryption keys and particularly is suitable for an application in which a file is encrypted to keep a secret.
The public key encryption system includes different encryption and decryption keys. A user produces a pair of keys including a public key and a secret key. The public key is an encryption key and the secret key is a decryption key. Particularly, the public key encryption system is suitable for an application in which a communication text is encrypted to keep a secret. A transmitting party uses a receiving party's public key to encrypt a communication text and only the receiving party which is an owner of a secret key can use the secret key to decrypt the communication text.
When the user who encrypts plaintext is different from the user who decrypts the ciphertext, the common key encryption system requires that a mechanism be provided for safely delivering the common key from the first to the second user. The public key encryption system encounter this difficulty because the public key is published. On the other hand, the public key encryption system has a disadvantage in that processing performance for encryption and decryption is inferior as compared with the common key encryption system.
Computers connected through a network are used to realize a system in which secret information is owned jointly. These systems can exploit advantages of the public key encryption system and the common key encryption system to encrypt secret information in the form of enveloped data for the purpose of maintaining secrecy of a file and a communication path.
An example in which a reference person A and a preparation person B own secret information jointly is now described. (1) Even when an illegal person obtains enveloped data, contents thereof cannot be decrypted because the illegal person cannot obtain a secret key of the reference person. (2) The efficiency of using the enveloped data format capable of decrypting a plaintext at a high speed is exhibited.
In the following description, a public key of a user A is described as Usr.sub.A pub, a secret key is described as Usr.sub.A pri, and a common key (data key) for encrypting and decrypting a plaintext m is described as S. Further, to encrypt data X by means of a key K is described as E[K](X) and to decrypt data Y by means of a key Y is described as D[K](Y).
(1) The preparation person B prepares the common key S at random.
(2) The preparation person B encrypts the plaintext m by means of the data key S.
(3) The preparation person B encrypts the data key S used in (2) by means of the public key Usr.sub.A pub of the reference person A.
(4) The preparation person B transmits data E[Usr.sub.A pub](S).vertline.E[S](m) (hereinafter referred to as enveloped data) in which the ciphertext E[S](m) obtained in (2) and the data key E[Usr.sub.A pub](S) encrypted in (3) are combined with each other.
(5) The reference person A receives the enveloped data of (4).
(6) The reference person A decrypts the data key S from E[Usr.sub.A pub](S) of the enveloped data by means of the secret key Usr.sub.A pri of the reference person A.
(7) The reference person A decrypts the ciphertext E[S](m) of the enveloped data by means of the data key S decrypted in (6) to obtain the plaintext m.
When there are a plurality of reference persons (reference persons A and C), the above steps (3) and (4) can be extended as described below. The procedure for the plurality of reference persons can be extended easily. Further, the total amount of data can be reduced as compared with the case where data E[Usr.sub.A pub](S).vertline.E[S](m) and E[Usr.sub.C pub](S').vertline.E[S'](m) are separately produced for the reference persons A and C, respectively.
(3)' The public key Usr.sub.A pub of the reference person A and the public key Usr.sub.C pub of the reference person C are used to encrypt the data key S.
(4)' The enveloped data E[Usr.sub.A pub](S).vertline.E[Usr.sub.C pub](S).vertline.E[S](m) for the encrypted data keys E[Usr.sub.A pub](S) and E[Usr.sub.C pub](S) and the ciphertext E[S](m) combined with each other is transmitted.