Key agreement system, shared-key generation apparatus, and shared-key recovery apparatus
First Claim
1. A key agreement system comprising a shared-key generation apparatus and a shared-key recovery apparatus, each apparatus establishing therein a same shared key in secrecy, wherein the shared-key generation apparatus includes:
- a seed-value generating unit operable to generate a seed value;
a first shared-key generating unit operable to generate a verification value and a shared key, from the seed value;
a first encryption unit operable to encrypt the verification value to generate first encryption information;
a second encryption unit operable to encrypt the seed value based on the verification value, to generate second encryption information; and
a transmitting unit operable to transmit the first encryption information and the second encryption information, and the shared-key recovery apparatus includes;
a receiving unit operable to receive the first encryption information and the second encryption information;
a first decryption unit operable to decrypt the first encryption information, to generate a first decryption verification value;
a second decryption unit operable to decrypt the second encryption information based on the first decryption verification value, to generate a decryption seed value;
a second shared-key generating unit operable to generate a second decryption verification value and a decryption shared key, from the decryption seed value and according to a same method as used in the first shared-key generating unit;
a judging unit operable to judge, based on the first decryption verification value and the second decryption verification value, whether the decryption shared key should be outputted; and
an outputting unit operable, when the judging unit has judged affirmatively, to output the decryption shared key.
7 Assignments
0 Petitions
Accused Products
Abstract
Provided is a content distribution system that prevents different keys to be derived between an encryption apparatus and a decryption apparatus. A random-number generating unit 112d, in an encryption apparatus 110d, generates a random number s, and a first function unit 113d generates a functional value G(s) of the random number s, and generates a verification value a and a shared key K from the functional value G(s). An encryption unit 114d generates a first cipher text c1 of the verification value a using a public-key polynomial h, and a second function unit 115d generates a functional value H(a,c1) of the verification value a and the first cipher text c1, and a random-number mask unit 116d generates a second cipher text c2=s xor H(a,c1). A decryption unit 123d, in a decryption apparatus 120d, decrypts the first cipher text c1 using a secret-key polynomial f, to generate a decryption verification value a′. A third function unit 124d generates a functional value H(a′,c1) of the decryption verification value a′ and the first cipher text c1, and a random-number mask removal unit 125d generates a decryption random number s′=c2 xor H(a′,c1). A fourth function unit 126d generates a hash functional value G(s′) of the decryption random number s′, and generates a verification value a″ and a shared key K′ from the functional value G(s′) A comparison unit 127d outputs the shared key K′ if the decryption verification value a′ is equal to the verification value a″.
-
Citations
51 Claims
-
1. A key agreement system comprising a shared-key generation apparatus and a shared-key recovery apparatus, each apparatus establishing therein a same shared key in secrecy, wherein
the shared-key generation apparatus includes: -
a seed-value generating unit operable to generate a seed value;
a first shared-key generating unit operable to generate a verification value and a shared key, from the seed value;
a first encryption unit operable to encrypt the verification value to generate first encryption information;
a second encryption unit operable to encrypt the seed value based on the verification value, to generate second encryption information; and
a transmitting unit operable to transmit the first encryption information and the second encryption information, and the shared-key recovery apparatus includes;
a receiving unit operable to receive the first encryption information and the second encryption information;
a first decryption unit operable to decrypt the first encryption information, to generate a first decryption verification value;
a second decryption unit operable to decrypt the second encryption information based on the first decryption verification value, to generate a decryption seed value;
a second shared-key generating unit operable to generate a second decryption verification value and a decryption shared key, from the decryption seed value and according to a same method as used in the first shared-key generating unit;
a judging unit operable to judge, based on the first decryption verification value and the second decryption verification value, whether the decryption shared key should be outputted; and
an outputting unit operable, when the judging unit has judged affirmatively, to output the decryption shared key. - View Dependent Claims (2)
-
-
3. A shared-key generation apparatus that notifies a destination apparatus about a shared key in secrecy, the shared-key generation apparatus comprising:
-
a seed-value generating unit operable to generate a seed value;
a shared-key generating unit operable to generate a verification value and a shared key, from the seed value;
a first encryption unit operable to encrypt the verification value to generate first encryption information;
a second encryption unit operable to encrypt the seed value based on the verification value, to generate second encryption information; and
a transmitting unit operable to transmit the first encryption information and the second encryption information. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A shared-key recovery apparatus that receives a shared key from a shared-key generation apparatus in secrecy, the shared-key generation apparatus generating a seed value, generating a verification value and a shared key from the seed value, encrypting the verification value to generate first encryption information, encrypting the seed value based on the verification value to generate second encryption information, and transmitting the first encryption information and the second encryption information, the shared-key recovery apparatus comprising:
-
a receiving unit operable to receive the first encryption information and the second encryption information;
a first decryption unit operable to decrypt the first encryption information, to generate a first decryption verification value;
a second decryption unit operable to decrypt the second encryption information based on the first decryption verification value, to generate a decryption seed value;
a shared-key generating unit operable to generate a second decryption verification value and a decryption shared key, from the decryption seed value and according to a same method as used in the shared-key generation apparatus;
a judging unit operable to judge, based on the first decryption verification value and the second decryption verification value, whether the decryption shared key should be outputted; and
an outputting unit operable, when the judging unit has judged affirmatively, to output the decryption shared key. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
-
-
46. A shared-key generating method used in a shared-key generation apparatus that notifies a destination apparatus about a shared key, in secrecy, the shared-key generating method comprising:
-
a seed-value generating step of generating a seed value;
a shared-key generating step of generating a verification value and a shared key, from the seed value;
a first encryption step of encrypting the verification value to generate first encryption information;
a second encryption step of encrypting the seed value based on the verification value, to generate second encryption information; and
a transmitting step of transmitting the first encryption information and the second encryption information.
-
-
47. A shared-key generating program used in a shared-key generation apparatus that notifies a destination apparatus about a shared key, in secrecy, the shared-key generating program comprising:
-
a seed-value generating step of generating a seed value;
a shared-key generating step of generating a verification value and a shared key, from the seed value;
a first encryption step of encrypting the verification value to generate first encryption information;
a second encryption step of encrypting the seed value based on the verification value, to generate second encryption information; and
a transmitting step of transmitting the first encryption information and the second encryption information. - View Dependent Claims (48)
-
-
49. A shared-key recovery method used in a shared-key recovery apparatus that receives a shared key from a shared-key generation apparatus in secrecy, the shared-key generation apparatus generating a seed value, generating a verification value and a shared key from the seed value, encrypting the verification value to generate first encryption information, encrypting the seed value based on the verification value to generate second encryption information, and transmitting the first encryption information and the second encryption information, the shared-key recovery method comprising:
-
a receiving-step of receiving the first encryption information and the second encryption information;
a first decryption step of decrypting the first encryption information, to generate a first decryption verification value;
a second decryption step of decrypting the second encryption information based on the first decryption verification value, to generate a decryption seed value;
a shared-key generating step of generating a second decryption verification value and a decryption shared key, from the decryption seed value and according to a same method as used in the shared-key generation apparatus;
a judging step of judging, based on the first decryption verification value and the second decryption verification value, whether the decryption shared key should be outputted; and
an outputting step, when the judging unit has judged affirmatively, of outputting the decryption shared key.
-
-
50. A shared-key recovery program used in a shared-key recovery apparatus that receives a shared key from a shared-key generation apparatus in secrecy, the shared-key generation apparatus generating a seed value, generating a verification value and a shared key from the seed value, encrypting the verification value to generate first encryption information, encrypting the seed value based on the verification value to generate second encryption information, and transmitting the first encryption information and the second encryption information, the shared-key recovery program comprising:
-
a receiving step of receiving the first encryption information and the second encryption information;
a first decryption step of decrypting the first encryption information, to generate a first decryption verification value;
a second decryption step of decrypting the second encryption information based on the first decryption verification value, to generate a decryption seed value;
a shared-key generating step of generating a second decryption verification value and a decryption shared key, from the decryption seed value and according to a same method as used in the shared-key generation apparatus;
a judging step of judging, based on the first decryption verification value and the second decryption verification value, whether the decryption shared key should be outputted; and
an outputting step, when the judging unit has judged affirmatively, of outputting the decryption shared key. - View Dependent Claims (51)
-
Specification