JP2831685B2 - Encryption communication method - Google Patents
Encryption communication methodInfo
- Publication number
- JP2831685B2 JP2831685B2 JP1069557A JP6955789A JP2831685B2 JP 2831685 B2 JP2831685 B2 JP 2831685B2 JP 1069557 A JP1069557 A JP 1069557A JP 6955789 A JP6955789 A JP 6955789A JP 2831685 B2 JP2831685 B2 JP 2831685B2
- Authority
- JP
- Japan
- Prior art keywords
- station
- information
- center
- public
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Description
【発明の詳細な説明】 〔産業上の利用分野〕 この発明は,通信局間で秘密鍵を共有して秘密通信を
行う際の暗号通信方式に関するものである。Description: BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an encryption communication system for performing secret communication by sharing a secret key between communication stations.
第2図は例えばDH方式((W.Diffie and M.E.Hellma
n.“New Directions in Cryptography,"IEEE Trans.Inf
orm.Therory.vol.IT−22,No.6,pp.644−654,Nov.(197
6))と呼ばれる従来の暗号通信方式を示す図であり,
図において,(101)は通信局A,(102)は通信局B,(10
3)は上記通信局A(101)内の秘密情報格納メモリ,
(104)は上記通信局B(102)内の秘密情報格納メモ
リ,(105)は通信路である。FIG. 2 shows, for example, the DH method ((W. Diffie and MEHellma
n. “New Directions in Cryptography,” IEEE Trans.Inf
orm.Therory.vol.IT-22, No.6, pp.644-654, Nov. (197
6) is a diagram showing a conventional cryptographic communication system called
In the figure, (101) is communication station A, (102) is communication station B, (10
3) is a secret information storage memory in the communication station A (101),
(104) is a secret information storage memory in the communication station B (102), and (105) is a communication path.
次に動作について説明する。 Next, the operation will be described.
秘密通信を行うネツトワークあるいはシステムの構築
時に,素数pとGF(p)の原始元gを公開しておく。局
A(101)と局B(102)との間で共通の鍵を持ちたい場
合,まず局A(101)は〔0,p−1〕の間の整数XAをラン
ダムに選び,局内の秘密情報格納メモリ(103)に秘密
に保持しておく。局B(102)も〔0,p−1〕の間の整数
XBをランダムに選び,局内の秘密情報格納メモリ(10
4)に秘密に保持しておく。When constructing a network or system for performing secret communication, the prime number p and the primitive element g of GF (p) are made public. If you want to have a common key between a station A (101) and a station B (102), first station A (101) is chosen at random integer X A between [0, p-1], station of It is kept secret in the secret information storage memory (103). Station B (102) is also an integer between [0, p-1]
The X B selected at random, secret information stored in the memory (10 of station
4) Keep it secret.
そして,局A(101)は秘密情報格納メモリ(103)の
情報より を計算し,通信路(105)を介して局B(102)へ送る。
同様に,局B(102)も秘密情報格納メモリ(104)の情
報により を計算し,通信路(105)を介して局A(101)へ送る。
このようにYAとYBを交換してから,局A(101)は鍵 を次のように計算する。Then, the station A (101) obtains information from the secret information storage memory (103). Is calculated and sent to the station B (102) via the communication path (105).
Similarly, the station B (102) also uses the information in the secret information storage memory (104). Is calculated and sent to the station A (101) via the communication path (105).
After exchanging Y A and Y B in this way, station A (101) Is calculated as follows.
局B(102)も鍵 を次のように計算する。 Station B (102) is also a key Is calculated as follows.
以上の方法で局A(101)と局B(102)は鍵 を秘密に共有でき,この鍵で暗号化/復合化を行うこと
ができる。 Station A (101) and station B (102) are key Can be secretly shared, and encryption / decryption can be performed with this key.
従来の暗号通信方式は以上のように構成されているの
で,秘密通信を行う時の鍵を共有する場合相手局との通
信が必要で,また,第三の局がなりすまして不正に鍵を
共有できてしまうなどの問題点があつた。Since the conventional cryptographic communication system is configured as described above, it is necessary to communicate with the partner station when sharing the key for performing secret communication, and the third station impersonates and shares the key illegally. There were problems such as being able to do it.
この発明は上記のような問題点を解消するためになさ
れたもので,通信局間の相互通信を必要とせず,第三の
局がなりすまして不正に鍵を共有できない暗号通し方式
を得ることを目的とする。SUMMARY OF THE INVENTION The present invention has been made to solve the above-mentioned problems, and it is an object of the present invention to obtain a cryptographic communication method which does not require mutual communication between communication stations and in which a third station can impersonate and share a key illegally. Aim.
この発明に係る暗号通信方式は、第1の公開情報nと
第2の公開情報gと第1の秘密情報uと第2の秘密情報
xとを有し各局を統括するセンタを設け、各局がセンタ
に自己のID情報Iを登録し、センタは上記センタの第1
の秘密情報uと上記センタの第1の公開情報nとから第
1の中間値rを計算し、この第1の中間値rと上記各局
のID情報Iと上記センタの第2の秘密情報xと上記セン
タの第1の公開情報nとから第2の中間値sを計算し、
この第2の中間値sと上記第1の中間値rと上記センタ
の第2の秘密情報xと上記センタの第1の公開情報nと
から所定の格納値αを計算し、この格納値αを各局の秘
密情報格納メモリに送出するとともに、上記第2の中間
値sと上記センタの第1の公開情報nと第2の公開情報
gと上記センタの第1の秘密情報uと第2の秘密情報x
とから各局の公開値Gを計算し、この公開値Gと上記ID
情報Iとを各局に公開し、各局は、相手局の公開値Gと
相手局のID情報Iと上記センタの第1の公開情報nとか
ら上記公開値Gが正当であることを確認してから、上記
公開された相手局の公開値Gと上記公開された相手局の
ID情報Iと自局の秘密情報格納メモリに格納された格納
値αと上記センタの第1の公開情報nとから互いに共通
の鍵Kを生成することを特徴とするものである。The cryptographic communication system according to the present invention includes a center that has first public information n, second public information g, first secret information u, and second secret information x and controls each station. The center registers its own ID information I, and the center
The first intermediate value r is calculated from the secret information u of the center and the first public information n of the center, the first intermediate value r, the ID information I of each station, and the second secret information x of the center. And a second intermediate value s is calculated from the first public information n of the center and
A predetermined stored value α is calculated from the second intermediate value s, the first intermediate value r, the second secret information x of the center, and the first public information n of the center, and the stored value α Is transmitted to the secret information storage memory of each station, and the second intermediate value s, the first public information n and the second public information g of the center, the first secret information u of the center and the second Secret information x
And the public value G of each station is calculated from the public value G and the above ID.
The information I is disclosed to each station, and each station confirms that the public value G is valid from the public value G of the partner station, the ID information I of the partner station, and the first public information n of the center. From the published value G of the disclosed partner station and the disclosed value of the partner station disclosed above.
A common key K is generated from the ID information I, the stored value α stored in the secret information storage memory of the own station, and the first public information n of the center.
各局はセンタ(1)に自局のID情報を登録すると,セ
ンタ(1)はこのID情報から一つの公開値を計算し,上
記ID情報と共に各局に公開する。When each station registers its own ID information in the center (1), the center (1) calculates one public value from this ID information and discloses it to each station together with the ID information.
またセンタ(1)は上記ID情報から一つの格納値を計
算し,局内の秘密情報格納メモリ(3),(6)に送出
する。The center (1) calculates one stored value from the ID information and sends it to the secret information storage memories (3) and (6) in the office.
各局で通信を行う場合,各局は、相手局の公開された
一つの公開値の正当性を確認してから、その公開値及び
ID情報と,自局の秘密情報格納メモリに格納された格納
値とを演算して互いに共通の鍵を生成する。When communicating at each station, each station confirms the validity of one published value of the partner station, and then confirms the published value and
The common key is generated by calculating the ID information and the stored value stored in the secret information storage memory of the own station.
以下,この発明の実施例を図について説明する。第1
図(a),(b)は本発明の一実施例による暗号通信方
式を示す図であり,図において,(1)はセンタ,
(2)は通信局A,(3)はこの通信局A(2)内の秘密
情報格納メモリ,(4)は公開リスト,(5)は通信局
B,(6)はこの通信局B(5)内の秘密情報格納メモ
リ,(7)は通信路である。Hereinafter, an embodiment of the present invention will be described with reference to the drawings. First
FIGS. 1A and 1B are diagrams showing an encryption communication method according to an embodiment of the present invention. In FIG.
(2) is a communication station A, (3) is a secret information storage memory in the communication station A (2), (4) is a public list, and (5) is a communication station.
B and (6) are secret information storage memories in the communication station B (5), and (7) is a communication path.
次に動作について説明する。 Next, the operation will be described.
秘密通信を行うネツトワークあるいはシステムの構築
時に,2つの大きな素数p,qを選び,それらの積をn=p
・q,nのオイラー関数(nと互いに素なる数の個数をオ
イラー関数と呼びφ(n)で表す)をφ(n)=(p−
1)・(q−1)とする。次にX{modφ(φ
(n))}≠0を満たす任意の整数Xおよびu{modφ
(n)}≠0を満たす整数uを選ぶ。さらに,GF(p)
およびGF(q)の原始元をgとする。ここで,n,gをセン
タ(1)の公開情報,p,q,x,uをセンタ(1)の秘密情報
とする。When constructing a network or system that performs secret communication, two large prime numbers p and q are selected, and their product is expressed as n = p
The Euler function of q, n (the number of numbers which are mutually prime to n is called an Euler function and is represented by φ (n)) is represented by φ (n) = (p−
1) · (q-1). Next, X {modφ (φ
(N)) Any integer X and u {modφ satisfying} ≠ 0
(N) Choose an integer u that satisfies} ≠ 0. Furthermore, GF (p)
And the primitive element of GF (q) is g. Here, n and g are the public information of the center (1), and p, q, x, and u are the secret information of the center (1).
さて,局A(2)がこのネツトワークあるいはシステ
ムに加入する際,局A(2)はID情報IDAをセンタ
(1)へ送る。センタ(1)は, を計算し,αAを格納値として局A(2)内の秘密情報
格納メモリ(3)へ送り,GAを公開値として公開リスト
(4)にID情報IDAとともに載せる。局B(5)も加入
する際に,ID情報IDBをセンタ(1)へ送り,局B(5)
内の秘密情報格納メモリ(6)に格納値αBを送つても
らい,公開リスト(4)にはID情報IDBとともに公開値G
Bを載せてもらう。以下同様に,加入するすべての局に
対して以上のような処理をする。ここで、秘密情報格納
メモリ(3)、(6)は、物理的に保護され、自局でさ
えも外へ読み出すことはできないとする。Now, when the station A (2) joins this network or system, the station A (2) sends the ID information ID A to the center (1). Center (1) Was calculated, alpha A sends to station as stored value A (2) the secret information storage memory (3) in, put together with the ID information ID A public list G A as a public value (4). When the station B (5) also joins, the ID information ID B is sent to the center (1), and the station B (5)
The stored value α B is sent to the secret information storage memory (6) in the server, and the public value G is stored in the public list (4) together with the ID information ID B.
Have B put on. In the same manner, the above processing is performed for all the stations to which the subscriber joins. Here, it is assumed that the secret information storage memories (3) and (6) are physically protected and cannot be read out even by the own station.
局A(2)と局B(5)が鍵を共有したい場合を考え
る。局A(2)は共通鍵を生成したい相手局B(5)の
ID情報IDBと公開された公開値GBを用いて, となつていることを確認してから を計算し,秘密情報格納メモリ(3)内に格納されてい
る局A(2)自身の秘密情報である格納値αAを用い
て, を生成する。ここで局B(5)が局A(2)と同様の計
算をすると, が得られるから,秘密情報格納メモリ(6)内に格納さ
れている局B(5)自身の秘密情報である格納値αBを
用いて, を生成する。Let us consider a case where the station A (2) and the station B (5) want to share a key. The station A (2) has the other station B (5) who wants to generate a common key.
Using the public value G B published as ID information ID B, After confirming that Is calculated using the stored value α A which is the secret information of the station A (2) itself stored in the secret information storage memory (3). Generate Here, when station B (5) performs the same calculation as station A (2), Is obtained using the stored value α B , which is the secret information of the station B (5) itself, stored in the secret information storage memory (6). Generate
は一致するので,共通鍵 を通信路(7)を介さずに共有でき,この鍵で暗号化/
復号化を行うことができる。 Match, so the secret key Can be shared without passing through the communication channel (7).
Decryption can be performed.
なお,上記実施例では相互通信を必要としない鍵共有
方式を用いた暗号通信方式について説明したが,公開リ
ストの情報を各局の秘密情報とし,少量の通信を許容す
ることにより,通信相手の認証を備えたきわめて安全な
鍵共有方式,個人識別方式,デイジタル署名方式,ID情
報に基づく暗号方式なども実現できる。In the above embodiment, the encryption communication system using the key sharing system that does not require mutual communication has been described. However, the information in the public list is used as the secret information of each station, and a small amount of communication is permitted, thereby authenticating the communication partner. It is also possible to implement an extremely secure key sharing method, personal identification method, digital signature method, encryption method based on ID information, etc.
このようにこの発明によれば、第1の公開情報nと第
2の公開情報gと第1の秘密情報uと第2の秘密情報x
とを有し各局を統括するセンタを設け、各局がセンタに
自己のID情報Iを登録し、センタは上記センタの第1の
秘密情報uと上記センタの第1の公開情報nとから第1
の中間値rを計算し、この第1の中間値rと上記各局の
ID情報Iと上記センタの第2の秘密情報xと上記センタ
の第1の公開情報nとから第2の中間値sを計算し、こ
の第2の中間値sと上記第1の中間値rと上記センタの
第2の秘密情報xと上記センタの第1の公開情報nとか
ら所定の格納値αを計算し、この格納値αを各局の秘密
情報格納メモリに送出するとともに、上記第2の中間値
sと上記センタの第1の公開情報nと第2の公開情報g
と上記センタの第1の秘密情報uと第2の秘密情報xと
から各局の公開値Gを計算し、この公開値Gと上記ID情
報Iとを各局に公開し、各局は、相手局の公開値Gと相
手局のID情報Iと上記センタの第1の公開情報nとから
上記公開値Gが正当であることを確認してから、上記公
開された相手局の公開値Gと上記公開された相手局のID
情報Iと自局の秘密情報格納メモリに格納された格納値
αと上記センタの第1の公開情報nとから互いに共通の
鍵Kを生成するようにしたので、通信局間の相互通信が
不要だけでなく,不正ななりすましで第三の局が共通鍵
を得ることができない効果がある。Thus, according to the present invention, the first public information n, the second public information g, the first secret information u, and the second secret information x
Each station registers its own ID information I in the center, and the center divides the first secret information u of the center and the first public information n of the center into first information.
Is calculated, and the first intermediate value r and each of the above stations are calculated.
A second intermediate value s is calculated from the ID information I, the second secret information x of the center, and the first public information n of the center, and the second intermediate value s and the first intermediate value r are calculated. A predetermined stored value α is calculated from the second secret information x of the center and the first public information n of the center, and this stored value α is sent to the secret information storage memory of each station. S, the first public information n and the second public information g of the center.
Then, a public value G of each station is calculated from the first secret information u and the second secret information x of the center, and the public value G and the ID information I are disclosed to each station. After confirming that the public value G is valid based on the public value G, the ID information I of the partner station, and the first public information n of the center, the public value G of the partner station and the public information are disclosed. ID of partner station
Since the common key K is generated from the information I, the stored value α stored in the secret information storage memory of the own station, and the first public information n of the center, mutual communication between communication stations is unnecessary. In addition, there is an effect that the third station cannot obtain the common key due to unauthorized impersonation.
【図面の簡単な説明】 第1図(a),(b)はこの発明の一実施例による暗号
通信方式を示す図,第2図は従来の暗号通信方式を示す
図である。 (1)はセンタ,(2)は通信局A,(3)は秘密情報格
納メモリ,(4)は公開リスト,(5)は通信局B,
(6)は秘密情報格納メモリ,(7)は通信路,(10
1)は通信局A,(102)は通信局B,(103),(104)は秘
密情報格納メモリ,(105)は通信路である。 なお,図中,同一符号は同一又は相当部分を示す。BRIEF DESCRIPTION OF THE DRAWINGS FIGS. 1 (a) and 1 (b) are diagrams showing an encryption communication system according to an embodiment of the present invention, and FIG. 2 is a diagram showing a conventional encryption communication system. (1) is a center, (2) is a communication station A, (3) is a secret information storage memory, (4) is a public list, (5) is a communication station B,
(6) is a secret information storage memory, (7) is a communication path, (10)
1) is a communication station A, (102) is a communication station B, (103) and (104) are secret information storage memories, and (105) is a communication path. In the drawings, the same reference numerals indicate the same or corresponding parts.
フロントページの続き (56)参考文献 田中初一“ID情報に基づく相互通信 なしの共通鍵生成”信学技報ISEC88 −15 (58)調査した分野(Int.Cl.6,DB名) G09C 1/00 - 5/00 H04K 1/00 - 3/00 H04L 9/00 - 9/38 JICSTファイル(JOIS)Continuation of the front page (56) References Shuichi Tanaka “Generating a common key without mutual communication based on ID information” IEICE Technical Report ISEC88-15 (58) Fields studied (Int.Cl. 6 , DB name) G09C 1 / 00-5/00 H04K 1/00-3/00 H04L 9/00-9/38 JICST file (JOIS)
Claims (1)
通信を行う場合、上記秘密情報格納メモリ内に格納され
た情報から暗号化して上記通信を行うための共通の暗号
鍵を生成する暗号通信方式において、 第1の公開情報nと第2の公開情報gと第1の秘密情報
uと第2の秘密情報xとを有し各局を統括するセンタを
設け、各局がセンタに自己のID情報Iを登録し、センタ
は上記センタの第1の秘密情報uと上記センタの第1の
公開情報nとから式(1)で第1の中間値rを計算し、
この第1の中間値rと上記各局のID情報Iと上記センタ
の第2の秘密情報xと上記センタの第1の公開情報nと
から式(2)で第2の中間値sを計算し、この第2の中
間値sと上記第1の中間値rと上記センタの第2の秘密
情報xと上記センタの第1の公開情報nとから式(3)
で所定の格納値αを計算し、この格納値αを各局の秘密
情報格納メモリに送出するとともに、上記第2の中間値
sと上記センタの第1の公開情報nと第2の公開情報g
と上記センタの第1の秘密情報uと第2の秘密情報xと
から式(4)で各局の公開値Gを計算し、この公開値G
と上記ID情報Iとを各局に公開し、各局は、相手局の公
開値Gと相手局のID情報Iと上記センタの第1の公開情
報nとから式(5)で上記公開値Gが正当であることを
確認してから、上記公開された相手局の公開値Gと上記
公開された相手局のID情報Iと自局の秘密情報格納メモ
リに格納された格納値αと上記センタの第1の公開情報
nとから式(6)で互いに共通の鍵Kを生成することを
特徴とする暗号通信方式。 When each station has a secret information storage memory and communicates between stations, a common encryption key for performing the communication by encrypting the information stored in the secret information storage memory is generated. In a cryptographic communication system, a center having first public information n, second public information g, first secret information u, and second secret information x is provided, and each station has its own center. And the center calculates a first intermediate value r from the first secret information u of the center and the first public information n of the center by Expression (1),
From the first intermediate value r, the ID information I of each station, the second secret information x of the center, and the first public information n of the center, a second intermediate value s is calculated by equation (2). From the second intermediate value s, the first intermediate value r, the second secret information x of the center, and the first public information n of the center,
Calculates a predetermined stored value α, sends the stored value α to the secret information storage memory of each station, and obtains the second intermediate value s, the first public information n and the second public information g of the center.
From the first secret information u and the second secret information x of the center, the public value G of each station is calculated by equation (4).
And the above-mentioned ID information I are disclosed to each station, and each station obtains the above-mentioned public value G from equation (5) based on the public value G of the partner station, the ID information I of the partner station, and the first public information n of the center. After confirming the validity, the public value G of the disclosed partner station, the ID information I of the disclosed partner station, the stored value α stored in the secret information storage memory of the own station, and the center A cryptographic communication method characterized in that a common key K is generated from the first public information n using Expression (6).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP1069557A JP2831685B2 (en) | 1989-03-22 | 1989-03-22 | Encryption communication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP1069557A JP2831685B2 (en) | 1989-03-22 | 1989-03-22 | Encryption communication method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| JPH02248131A JPH02248131A (en) | 1990-10-03 |
| JP2831685B2 true JP2831685B2 (en) | 1998-12-02 |
Family
ID=13406167
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP1069557A Expired - Lifetime JP2831685B2 (en) | 1989-03-22 | 1989-03-22 | Encryption communication method |
Country Status (1)
| Country | Link |
|---|---|
| JP (1) | JP2831685B2 (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2581440B2 (en) * | 1994-05-11 | 1997-02-12 | 日本電気株式会社 | Scramble communication method |
| US5559889A (en) * | 1995-03-31 | 1996-09-24 | International Business Machines Corporation | System and methods for data encryption using public key cryptography |
-
1989
- 1989-03-22 JP JP1069557A patent/JP2831685B2/en not_active Expired - Lifetime
Non-Patent Citations (1)
| Title |
|---|
| 田中初一"ID情報に基づく相互通信なしの共通鍵生成"信学技報ISEC88−15 |
Also Published As
| Publication number | Publication date |
|---|---|
| JPH02248131A (en) | 1990-10-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102889883B1 (en) | Computer-implemented method and system for providing access to digital assets | |
| JP2870163B2 (en) | Key distribution method with authentication function | |
| Diffie et al. | Multiuser cryptographic techniques | |
| US5029208A (en) | Cipher-key distribution system | |
| CN109728906B (en) | Anti-quantum-computation asymmetric encryption method and system based on asymmetric key pool | |
| JP2606419B2 (en) | Cryptographic communication system and cryptographic communication method | |
| JPH0448009B2 (en) | ||
| JPH07245605A (en) | Ciphering information repeater, subscriber terminal equipment connecting thereto and ciphering communication method | |
| CN109787758B (en) | Anti-quantum computation MQV key agreement method and system based on private key pool and Elgamal | |
| EP0661845A2 (en) | System and method for message authentication in a non-malleable public-key cryptosystem | |
| JP2725478B2 (en) | Encryption key distribution method | |
| US20100054464A1 (en) | Process for establishing a common cryptographic key for n subscribers | |
| CN109729041A (en) | A kind of publication of encrypted content and acquisition methods and device | |
| CN109905229B (en) | Anti-quantum computing Elgamal encryption and decryption method and system based on group asymmetric key pool | |
| CN113613241B (en) | Wireless network node data processing method and device based on block chain | |
| CN113365264B (en) | Block chain wireless network data transmission method, device and system | |
| CN109728905B (en) | Anti-quantum computation MQV key negotiation method and system based on asymmetric key pool | |
| Newman et al. | Public key management for network security | |
| JP2948294B2 (en) | Terminal in key distribution system with authentication function | |
| WO2025196675A1 (en) | Systems and methods for blockchain-enabled end-to-end encryption | |
| JP2831685B2 (en) | Encryption communication method | |
| US7035405B1 (en) | Method for establishing a common key between a central station and a group of subscribers | |
| CN120034336A (en) | A certificateless signature encryption method in vehicle-mounted ad hoc network communication | |
| Hsu et al. | Non‐interactive integrated membership authentication and group arithmetic computation output for 5G sensor networks | |
| JP2808651B2 (en) | Encryption communication method |