Well-known prior art key distribution systems include the Diffie-Hellman (DH) system and the ID-based system. The former is disclosed in Diffie and Hellman, "New Direction in Cryptography" in the IEEE Transaction on Information Theory, Vol. 22, No. 6, p. 644. According to the DH system which stores public information for each communicating party, if party A is to communicate with party B in cipher, A prepares a cipher-key from B's public information Y.sub.B and its own secret information X.sub.A. This method, however, allows another party to pretend to be an authorized party by illegitimately altering public information.
For information on the latter, the ID-based key distribution system, reference may be made to the U.S. Pat. No. 4,876,716, uses public identification information such as the name of each communicating party to prepare a cipher-key. The ID-based system is immune from illegitimate alteration of public information. As it requires two-way communication, however, there is the problem of imposing large overhead on both the sending and the receiving parties if a cryptogram is to be sent by an existing mail system.
The DH key distribution system also involves the problem of letting an unauthorized receiver pretend to be an authorized user by altering public information.