Key recovery method and system
First Claim
1. A key recovery method in which data obtained by converting a public key and used as a parameter at the time of generation of ciphertext is recovered without using a secret key paired with the public key, said method comprising:
- generating, at a transmitting side, a data value satisfying a relational expression by which data obtained by converting a first public key and used as a parameter at the time of generation of ciphertext can be determined, if at least one subset is predetermined for a set formed of a plurality of second public keys, and data obtained by converting at least one second public key belonging to said at least one subset is determinable between said data obtained by converting said first public key and said data obtained by converting said plurality of second public keys;
adding, at said transmitting side, said data value to said ciphertext;
determining, at a receiving side which possesses a secret key paired with said second public key, said data obtained by converting said plurality of second public keys, based from said secret key paired with said second public key; and
determining, at said receiving side, said data obtained by converting said first public key and used as said parameter at the time of generation of said ciphertext by introducing said data value added to said ciphertext and data determined, into said relational expression used.
1 Assignment
0 Petitions
Accused Products
Abstract
A key recovery method and system capable of key recovery without informing a third party of one'"'"'s own secret key are disclosed. For realization of the method, a transmitting information processor generates a data value satisfying a relational expression by which if one of data obtained by converting a first public key and used as a cipher text generating parameter and data obtained by converting at least one second public key is decided, the other can be determined. The transmitting processor transmits a cipher text applied with the generated data value to a first receiving information processor which has a secret key paired with the first public key and at least one second receiving information processor which has a secret key paired with the second public key. The first receiving processor, even in the case of loss of the secret key paired with the first public key, can determine the data obtained by converting the first public key in such a manner that data obtained from the second receiving processor by converting the second public key and determined from the secret key paired with the second public key and the data value applied to the cipher text sent from the transmitting processor are introduced into the above relational relationship. Thereby, the cipher text can be deciphered into the original message.
27 Citations
19 Claims
-
1. A key recovery method in which data obtained by converting a public key and used as a parameter at the time of generation of ciphertext is recovered without using a secret key paired with the public key, said method comprising:
-
generating, at a transmitting side, a data value satisfying a relational expression by which data obtained by converting a first public key and used as a parameter at the time of generation of ciphertext can be determined, if at least one subset is predetermined for a set formed of a plurality of second public keys, and data obtained by converting at least one second public key belonging to said at least one subset is determinable between said data obtained by converting said first public key and said data obtained by converting said plurality of second public keys;
adding, at said transmitting side, said data value to said ciphertext;
determining, at a receiving side which possesses a secret key paired with said second public key, said data obtained by converting said plurality of second public keys, based from said secret key paired with said second public key; and
determining, at said receiving side, said data obtained by converting said first public key and used as said parameter at the time of generation of said ciphertext by introducing said data value added to said ciphertext and data determined, into said relational expression used. - View Dependent Claims (2)
-
-
3. A key recovery system in which data obtained by converting a public key and used as a parameter at the time of generation of ciphertext in a data ciphering device is generated in a data deciphering device without using a secret key paired with the public key,
wherein said data ciphering device comprises: -
first generating means for generating a data value satisfying a relational expression by which data obtained by converting a first public key and used as the parameter at the time of generation of ciphertext can be determined, if at least one subset is predetermined for a set formed of a plurality of second public keys, and data obtained by converting at least one second public key belonging to said at least one subset is determinable between said data obtained by converting said first public key and said data obtained by converting said plurality of second public keys; and
applying means for applying said data value to said ciphertext, and wherein said data deciphering device comprises;
acquiring means for acquiring said data obtained by converting said plurality of second public keys; and
second generating means for determining said data obtained by converting said first public key and used as the parameter at the time of generation of said ciphertext by introducing, said data value applied to said ciphertext by said applying means and data acquired by said acquiring means, into said relational expression used in said first generating means. - View Dependent Claims (4, 5, 6)
-
-
7. An information processor, comprising:
-
means for generating ciphertext using data obtained by converting a first public key; and
means for generating a data value satisfying a relational expression by which said data obtained by converting said first public key and used as a parameter for generating said ciphertext can be determined, if at least one subset is predetermined for a set formed of a plurality of second public keys, and data obtained by converting at least one second public key belonging to said at least one subset is determinable between said data obtained by converting said first public key and said data obtained by converting said plurality of second public keys. - View Dependent Claims (8)
acquiring means for acquiring said data obtained by converting said plurality of second public keys; and
determining means for determining said data obtained by converting said first public key on the basis of said data value and said data acquired by said acquiring means.
-
-
9. A computer readable recording medium having a program for generation of ciphertext that, when executed by an information processor, causes said information processor to perform:
-
generating ciphertext using data obtained by converting a first public key;
generating a data value satisfying a relational expression by which said data obtained by converting said first public key can be determined, if at least one subset is predetermined for a set formed of a plurality of second public keys, and data obtained by converting at least one second public key belonging to said at least one subset is determinable between said data obtained by converting said first public key and said data obtained by converting said plurality of second public keys; and
applying said data value to said ciphertext for transmission, via a network. - View Dependent Claims (10)
determining data obtained by converting said second public key based on a secret key paired with said second public key;
determining data obtained by converting said first public key and used as a parameter at the time of generation of said ciphertext by introducing, said data value applied to said ciphertext and said data determined and obtained by converting said second public key, into said relational expression used for generation of said data value; and
deciphering said ciphertext using said data determined and obtained by converting said first public key.
-
-
11. A key recovery method of recovering data used as a parameter for generating ciphertext, said method comprising:
-
generating, at a transmitting side, data to be used as a parameter to generate said ciphertext, on the basis of data obtained by converting at least one first public key and data obtained by converting at least one second public key;
generating, at said transmitting side, said ciphertext using data generated as said parameter, generating, at said transmitting side, a data value satisfying a relational expression by which if at least one subset is predetermined for a set formed of a plurality of second public keys, and one of said data obtained by converting said at least one first public key and said data obtained by converting said at least one second public key belonging to said at least one subset is determinable, the other data thereof can be determined therefrom directly or indirectly; and
applying, at said transmitting side, said data value to said ciphertext;
determining, at a receiving side which possesses a secret key paired with said second public key, data obtained by converting said at least one second public based on said secret key paired with said second public key;
determining, at said receiving side, data obtained by converting said at least one first public key, by introducing said data value applied to said ciphertext and said data determined and obtained by converting said at least one second public key, into said relational expression used; and
determining data used as said parameter to generate said ciphertext, on the basis of said data determined and obtained by converting said at least one first public key and said data determined and obtained by converting said at least one second public key. - View Dependent Claims (12)
-
-
13. A key recovery system in which data used as a parameter at the time of generation of ciphertext by a data ciphering device is recovered by a data deciphering device,
wherein said data ciphering device comprises: -
first generating means for generating data to be used as a parameter at the time of generation of ciphertext on the basis of data obtained by converting at least one first public key and data obtained by converting at least one second public key;
ciphering means for generating said ciphertext using as a parameter said data generated by said first generating means;
second generating means for generating a data value satisfying a relational expression by which, if at least one subset is predetermined for a set formed of a plurality of second public keys, one of said data obtained by converting said at least one first public key and said data obtained by converting said at least one second public key belonging to said at least one subset is determinable, the other data thereof can be determined therefrom directly or indirectly; and
applying means for applying said data value generated by said second generating means to said ciphertext generated in said ciphering means, and wherein said data deciphering means comprises;
first determining means for determining said data obtained by converting said at least one second public key based on a secret key paired with said second public key;
second determining means for determining said data obtained by converting said at least one first public key by introducing, said data value applied by said applying means to said ciphertext generated by said ciphering means and said data determined by said first determining means, into said relational expression used in said second generating means;
third determining means for determining data generated by said second generating means and used as a parameter at the time of generation of ciphertext, on the basis of data obtained by converting said at least one first public key and determined by said second determining means and data obtained by converting said at least one second public key and determined by said first determining means; and
deciphering means for deciphering said ciphertext using as a parameter said data determined by said third determining means.
-
-
14. An information processor for generating ciphertext, comprising:
-
first generating means for generating data to be used as a parameter at the time of generation of ciphertext on the basis of data obtained by converting at least one first public key and data obtained by converting at least one second public key;
ciphering means for generating said ciphertext using as a parameter said data generated by said first generating means;
second generating means for generating a data value satisfying a relational expression by which, if at least one subset is predetermined for a set formed of a plurality of second public keys, one of said data obtained by converting said at least one first public key and said data obtained by converting said at least one second public key belonging to said at least one subset is determinable, the other data thereof can be determined therefrom directly or indirectly; and
applying means for applying said data value to said ciphertext. - View Dependent Claims (15)
first determining means for determining said data obtained by converting said at least one second public key, based on a secret key paired with said second public key;
second determining means for determining said data obtained by converting said at least one first public key, by introducing, said data value applied to said ciphertext and said data determined by said first determining means, into said relational expression used in said second generating means;
third determining means for determining data generated by said second generating means and used as a parameter at the time of generation of ciphertext by said ciphering means, on the basis of said data obtained by converting said at least one first public key and determined by said second determining means and said data obtained by converting said at least one second public key and determined by said first determining means; and
deciphering means for using as a parameter said data determined by said third determining means to decipher said ciphertext generated by said ciphering means.
-
-
16. A computer readable recording medium having a program for generation of ciphertext that, when executed by an information processor, causes said information processor to perform:
-
generating key data to be used as a parameter at the time of generation of ciphertext on the basis of data obtained by converting at least one first public key and data obtained by converting at least one second public key;
generating said ciphertext using said key data;
generating a data value satisfying a relational expression by which, if at least one subset is predetermined for a set formed of a plurality of public keys, one of said data obtained by converting said at least one first public key and said data obtained by converting said at least one second public key belonging to said at least one subset is determinable, the other data thereof can be determined therefrom directly or indirectly; and
applying, said data value to said ciphertext. - View Dependent Claims (17)
determining said data obtained by converting said at least one second public key, based on a secret key paired with said second public key;
determining said data obtained by converting said at least one first public key, by introducing, said data value applied to said ciphertext and said data determined and obtained by converting said at least one second public key, into said relational expression used for generation of said data value, determining key data used as a parameter at the time of generation of ciphertext on the basis of said data determined and obtained by converting said at least one first public key and said data determined and obtained by converting said at least one second public key; and
deciphering said ciphertext using said key data determined.
-
-
18. A computer readable recording medium for storing a program to perform key recovery with which data obtained by converting a public key and used as a parameter at the time of generation of ciphertext is generated, which when executed by a computer without a secret key paired with said public key at a receiving side, causes said computer to perform:
-
receiving, at a transmitting side, ciphertext applied with a data value generated to satisfy a relational expression by which data obtained by converting a first public key and used as a parameter at the time of generation of ciphertext can be determined, if at least one subset is predetermined for a set formed of a plurality of second public keys, and data obtained by converting at least one second public key belonging to said at least one subset is determinable between said data obtained by converting said first public key and said data obtained by converting said plurality of second public keys;
receiving, at a receiving side, and determining, said data obtained by converting said plurality of second public keys from a secret key paired with said second public key; and
determining said data obtained by converting said first public key and used as the parameter at the time of generation of said ciphertext, by introducing said data value applied to received ciphertext and data determined into said relational expression.
-
-
19. A computer readable recording medium for storing a program to perform key recovery with which data obtained by converting a public key and used as a parameter at the time of generation of ciphertext is generated, which, when executed by a computer at a receiving side without a secret key paired with said public key, causes said computer to perform:
-
receiving from the transmitting side ciphertext having a data structure in which said ciphertext generated using, as a ciphertext generating parameter, data generated on the basis of data obtained by converting at least one first public key and data obtained by converting at least one second public key equal in number to said at least one first public key is applied with a data value generated to satisfy a relational expression by which if one of said data obtained by converting said at least one first public key and said data obtained by converting said at least one second public key is decided, the other data thereof can be determined directly or indirectly;
determining said data obtained by converting said at least one second public key, based on said secret key paired with said second public key and possessed at the receiving side;
determining said data obtained by converting said at least one first public key, by introducing, said data value applied to said ciphertext and said data determined from said secret key paired with said second public key, into said relational expression; and
determining data used as said ciphertext generating parameter at the time of generation of said ciphertext, on the basis of said data obtained by converting said at least one first public key and said data obtained by converting said at least one second public key.
-
Specification