1. Field of the Invention
The present invention relates to data generating and data verifying techniques, and more particularly to a technique which enables checking the integrity or identity of data in a simple procedure between parties exchanging the data which is encrypted and decrypted for being verified.
2. Description of the Prior Art
In one of known cryptological methods for ensuring the integrity of a message, data for checking the integrity is appended to the body of the message. The data to be appended for this purpose is called a message authentication code (MAC) or a seal (hereinafter referred to as MAC).
An integrity checking method using a MAC will be described below.
(1) The originator and the intended receiver of a message share a secret key k and an algorithm H( ) for use in generating a MAC.
(2) The originator of the message generates a MAC, σ=H(m, k) from the message m, and appends σ to m, which is then sent to the intended receiver.
(3) The receiver, having received the message m to which MAC σ is appended, checks whether or not H(m, k) is equal to σ and, if it is, will be convinced of the integrity of the message.
Such a method is disclosed, for instance, in Warwick Ford, Computer Communication Security, Prentice Hall, 1994, PP. 75–80.
According to the prior art, the need to append a MAC entails an increase in the volume of data over the message itself. Usually such a cryptological hash algorithm as MD5 (message digest 5) or SHA-1 (secure hash algorithm) is used as H( ), and a MAC generated thereby has 16 bytes by MD5 or 20 bytes by SHA-1.
This much increase poses no significant problem if the message is sent in a high speed communication environment or the size of message is big compared with the size of MAC. But in the case where a small volume of data is to be sent in a low speed communication environment, the increase cannot be ignored.