1. Field of the Invention
The present invention relates to an encryption/decryption system used in a system for performing encrypted data communications, and to a database management apparatus for encrypting and managing a database.
2. Description of the Related Art
In an information system such as a computer and a network used by a large number of general users, there is a serious problem that some malicious users illegally access and amend information. Therefore, the encryption technology has been widely adopted as an effective countermeasure. A well-known encryption technology is disclosed in detail by the following document.
‘Communications of the ACM Vol. 21, No.2 (1978) P120. A Method for Obtaining Digital Signatures and Public Key Crypto systems: R. L. Rivest, A. Shamir, and L. Adleman, MIT Laboratory for Computer Science and Department of Mathematics’
The encrypting method published in this document is generally accepted as a considerably reliable method, and is referred to as an RSA (Rivest-Sharmir-Adleman) method. A system derived from this RSA method has been developed as an authentication system for a signature used in an electronic trading system, and has been put to practical use.
The RSA method is a public key (asymmetric) encryption system based on the difficulty in factorization in prime numbers, and obtains as ciphertext a remainder obtained by dividing a result of raised data by a large integer. The feature of the RSA method is that it is difficult to find two original primes (p and q) from the product of the two original primes. Even if the product of the two primes can be detected, it is very difficult to detect the p and the q, or estimate the decoding operation. The above mentioned RSA method is practical in a sense, and highly reliable when the bit length of data as an encryption key is long enough. To guarantee the reliability, it is normal to use encryption key data of 256 bits in length. However, it is not long enough in some cases, and the necessity of an encryption key of 512 or 1024 bits in data length is actually discussed. However, since the data length is practically limited by the operation precision and operation speed of a computer, it is not efficient to have a long bit.
That is, there has been the problem with the RSA method and the encrypting method derived from the RSA method that the reliability of these methods is limited by the performance of a computer. There also is the problem that the methods require a considerable change in the reliability test, etc. of the authentication system based on the change in bit length of an encryption key.
In addition, since the database management apparatus has to encrypt and store the database which is managed therein to guarantee the security of the database.
To improve the security, a more complicated encrypting process can be performed, but it also requires a long time to perform operations.
A database contains a large volume of data. In a data retrieving process, data relating to a specific item and matching given conditions is selected from the large volume of data, and a record (row data) containing an item data matching the condition is output. Therefore, in a data retrieval system for processing a large volume of data, a prolonged operation time lowers the performance of the system.
As described above, a database containing a confidential data is required to guarantee security, and an encrypting process to improve the security has the problem that the process can lower the availability of the database.
Conventionally, when a database is encrypted, it is normal that the entire target file is encrypted using a fixed encryption key generated by, for example, a password, etc.
However, as described above, since an encrypting process has been performed using a fixed encryption key according to the conventional system, the security level of each data item is averaged. In addition, when there are a plurality of items containing the same data, the same encryption results are output, thereby causing the possibility that the encryption key can be decrypted.