In recent years, there is increasing opportunity for communicating via a network between household electronic appliances, mobile telephones and the like. In order to protect copyrighted works, prevent communication content leaks and so forth with devices such as these, encrypted communication using shared keys is performed after carrying out device authentication and key sharing.
In terms of authentication/key-sharing schemes, a specification called DTCP (Digital Transmission Content Protection) stipulates a scheme employed when AV devices are connected using an IEEE 1394 bus. With DTCP, challenge-response authentication using elliptic-curve DSA signatures is employed in the authentication scheme, and elliptic-curve DH key sharing is employed in the key-sharing scheme. Disclosure relating to DTCP can be found in a White Paper on the DTCP specification, while disclosure relating to challenge-response authentication, elliptic-curve DSA signatures, and elliptic-curve DH key sharing can be found in Modern Cryptography by Tatsuaki OKAMOTO and Hirosuke YAMAMOTO (Sangyo Tosho Publishing, 1997, available in Japanese only).
However, there is uncertainty in terms of the as yet unproven security of the authentication/key-sharing scheme stipulated by DTCP. Here, proof of security refers, in public key encryption, to proving that a user not in possession of a secret key is unable to decipher ciphertext, based on the assumption that the related mathematical problems are difficult to solve, and provides a guarantee of the security of public key encryption (see, for example, Mihir BELLARE, Phillip ROGAWAY, “Minimizing the use of random oracles in authenticated encryption schemes”, 1997.