Key recovery method and system

US 6,236,729 B1
Filed: 06/05/1998
Issued: 05/22/2001
Est. Priority Date: 06/06/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A key recovery method in which data obtained by converting a public key and used as a parameter at the time of generation of ciphertext is recovered without using a secret key paired with the public key, said method comprising:

generating, at a transmitting side, a data value satisfying a relational expression by which data obtained by converting a first public key and used as a parameter at the time of generation of ciphertext can be determined, if at least one subset is predetermined for a set formed of a plurality of second public keys, and data obtained by converting at least one second public key belonging to said at least one subset is determinable between said data obtained by converting said first public key and said data obtained by converting said plurality of second public keys;

adding, at said transmitting side, said data value to said ciphertext;

determining, at a receiving side which possesses a secret key paired with said second public key, said data obtained by converting said plurality of second public keys, based from said secret key paired with said second public key; and

determining, at said receiving side, said data obtained by converting said first public key and used as said parameter at the time of generation of said ciphertext by introducing said data value added to said ciphertext and data determined, into said relational expression used.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A key recovery method and system capable of key recovery without informing a third party of one'"'"'s own secret key are disclosed. For realization of the method, a transmitting information processor generates a data value satisfying a relational expression by which if one of data obtained by converting a first public key and used as a cipher text generating parameter and data obtained by converting at least one second public key is decided, the other can be determined. The transmitting processor transmits a cipher text applied with the generated data value to a first receiving information processor which has a secret key paired with the first public key and at least one second receiving information processor which has a secret key paired with the second public key. The first receiving processor, even in the case of loss of the secret key paired with the first public key, can determine the data obtained by converting the first public key in such a manner that data obtained from the second receiving processor by converting the second public key and determined from the secret key paired with the second public key and the data value applied to the cipher text sent from the transmitting processor are introduced into the above relational relationship. Thereby, the cipher text can be deciphered into the original message.

27 Citations

19 Claims

1. A key recovery method in which data obtained by converting a public key and used as a parameter at the time of generation of ciphertext is recovered without using a secret key paired with the public key, said method comprising:
- generating, at a transmitting side, a data value satisfying a relational expression by which data obtained by converting a first public key and used as a parameter at the time of generation of ciphertext can be determined, if at least one subset is predetermined for a set formed of a plurality of second public keys, and data obtained by converting at least one second public key belonging to said at least one subset is determinable between said data obtained by converting said first public key and said data obtained by converting said plurality of second public keys;
  
  adding, at said transmitting side, said data value to said ciphertext;
  
  determining, at a receiving side which possesses a secret key paired with said second public key, said data obtained by converting said plurality of second public keys, based from said secret key paired with said second public key; and
  
  determining, at said receiving side, said data obtained by converting said first public key and used as said parameter at the time of generation of said ciphertext by introducing said data value added to said ciphertext and data determined, into said relational expression used.
- View Dependent Claims (2)
- - 2. A key recovery method according to claim 1, wherein said data obtained by converting either said first or second public key is data obtained by operating a random number and the corresponding public key.

3. A key recovery system in which data obtained by converting a public key and used as a parameter at the time of generation of ciphertext in a data ciphering device is generated in a data deciphering device without using a secret key paired with the public key,wherein said data ciphering device comprises:
- first generating means for generating a data value satisfying a relational expression by which data obtained by converting a first public key and used as the parameter at the time of generation of ciphertext can be determined, if at least one subset is predetermined for a set formed of a plurality of second public keys, and data obtained by converting at least one second public key belonging to said at least one subset is determinable between said data obtained by converting said first public key and said data obtained by converting said plurality of second public keys; and
  
  applying means for applying said data value to said ciphertext, and wherein said data deciphering device comprises;
  
  acquiring means for acquiring said data obtained by converting said plurality of second public keys; and
  
  second generating means for determining said data obtained by converting said first public key and used as the parameter at the time of generation of said ciphertext by introducing, said data value applied to said ciphertext by said applying means and data acquired by said acquiring means, into said relational expression used in said first generating means.
- View Dependent Claims (4, 5, 6)
- - 4. A key recovery system according to claim 3, wherein said data obtained by converting said second public key is acquired by said acquiring means from at least one information processor which possesses a secret key paired with said second public key, and said data obtained by converting said second public key is determined by said information processor from a secret key paired with said second public key and provided by said information processor.
  - 5. A key recovery system according to claim 3, wherein said data obtained by converting said second public key is acquired by said acquiring means from a secret key paired with said second public key and provided by said acquiring means.
  - 6. A key recovery system according to claim 3, wherein said secret key paired with said second public key is held by a plurality of information processors in a plurality of parts resortable through a predetermined operation, and at least one of said plurality of information processors being provided with means for restoring said secret key by performing said predetermined operation for different parts of said secret key provided by said plurality of information processors and means for determining from a restored secret key said data obtained by converting said second public key, and said acquiring means acquiring said data obtained by converting said second public key and determined by said at least one information processor.

7. An information processor, comprising:
- means for generating ciphertext using data obtained by converting a first public key; and
  
  means for generating a data value satisfying a relational expression by which said data obtained by converting said first public key and used as a parameter for generating said ciphertext can be determined, if at least one subset is predetermined for a set formed of a plurality of second public keys, and data obtained by converting at least one second public key belonging to said at least one subset is determinable between said data obtained by converting said first public key and said data obtained by converting said plurality of second public keys.
- View Dependent Claims (8)
- - 8. An information processor for recovering, data obtained by converting a first public key and used as a parameter at the time of generation of ciphertext, from a data value generated by said information processor according to claim 7, comprising:

9. A computer readable recording medium having a program for generation of ciphertext that, when executed by an information processor, causes said information processor to perform:
- generating ciphertext using data obtained by converting a first public key;
  
  generating a data value satisfying a relational expression by which said data obtained by converting said first public key can be determined, if at least one subset is predetermined for a set formed of a plurality of second public keys, and data obtained by converting at least one second public key belonging to said at least one subset is determinable between said data obtained by converting said first public key and said data obtained by converting said plurality of second public keys; and
  
  applying said data value to said ciphertext for transmission, via a network.
- View Dependent Claims (10)
- - 10. A computer readable recording medium according to claim 9, wherein said program causes said information processor to further perform:

11. A key recovery method of recovering data used as a parameter for generating ciphertext, said method comprising:
- generating, at a transmitting side, data to be used as a parameter to generate said ciphertext, on the basis of data obtained by converting at least one first public key and data obtained by converting at least one second public key;
  
  generating, at said transmitting side, said ciphertext using data generated as said parameter, generating, at said transmitting side, a data value satisfying a relational expression by which if at least one subset is predetermined for a set formed of a plurality of second public keys, and one of said data obtained by converting said at least one first public key and said data obtained by converting said at least one second public key belonging to said at least one subset is determinable, the other data thereof can be determined therefrom directly or indirectly; and
  
  applying, at said transmitting side, said data value to said ciphertext;
  
  determining, at a receiving side which possesses a secret key paired with said second public key, data obtained by converting said at least one second public based on said secret key paired with said second public key;
  
  determining, at said receiving side, data obtained by converting said at least one first public key, by introducing said data value applied to said ciphertext and said data determined and obtained by converting said at least one second public key, into said relational expression used; and
  
  determining data used as said parameter to generate said ciphertext, on the basis of said data determined and obtained by converting said at least one first public key and said data determined and obtained by converting said at least one second public key.
- View Dependent Claims (12)
- - 12. A key recovery method according to claim 11, wherein said data obtained by converting either said at least one first public key or said at least one second public key corresponds to data obtained by operating a random number and a corresponding public key.

13. A key recovery system in which data used as a parameter at the time of generation of ciphertext by a data ciphering device is recovered by a data deciphering device,wherein said data ciphering device comprises:
- first generating means for generating data to be used as a parameter at the time of generation of ciphertext on the basis of data obtained by converting at least one first public key and data obtained by converting at least one second public key;
  
  ciphering means for generating said ciphertext using as a parameter said data generated by said first generating means;
  
  second generating means for generating a data value satisfying a relational expression by which, if at least one subset is predetermined for a set formed of a plurality of second public keys, one of said data obtained by converting said at least one first public key and said data obtained by converting said at least one second public key belonging to said at least one subset is determinable, the other data thereof can be determined therefrom directly or indirectly; and
  
  applying means for applying said data value generated by said second generating means to said ciphertext generated in said ciphering means, and wherein said data deciphering means comprises;
  
  first determining means for determining said data obtained by converting said at least one second public key based on a secret key paired with said second public key;
  
  second determining means for determining said data obtained by converting said at least one first public key by introducing, said data value applied by said applying means to said ciphertext generated by said ciphering means and said data determined by said first determining means, into said relational expression used in said second generating means;
  
  third determining means for determining data generated by said second generating means and used as a parameter at the time of generation of ciphertext, on the basis of data obtained by converting said at least one first public key and determined by said second determining means and data obtained by converting said at least one second public key and determined by said first determining means; and
  
  deciphering means for deciphering said ciphertext using as a parameter said data determined by said third determining means.

14. An information processor for generating ciphertext, comprising:
- first generating means for generating data to be used as a parameter at the time of generation of ciphertext on the basis of data obtained by converting at least one first public key and data obtained by converting at least one second public key;
  
  ciphering means for generating said ciphertext using as a parameter said data generated by said first generating means;
  
  second generating means for generating a data value satisfying a relational expression by which, if at least one subset is predetermined for a set formed of a plurality of second public keys, one of said data obtained by converting said at least one first public key and said data obtained by converting said at least one second public key belonging to said at least one subset is determinable, the other data thereof can be determined therefrom directly or indirectly; and
  
  applying means for applying said data value to said ciphertext.
- View Dependent Claims (15)
- - 15. An information processor according to claim 14, further comprising:

16. A computer readable recording medium having a program for generation of ciphertext that, when executed by an information processor, causes said information processor to perform:
- generating key data to be used as a parameter at the time of generation of ciphertext on the basis of data obtained by converting at least one first public key and data obtained by converting at least one second public key;
  
  generating said ciphertext using said key data;
  
  generating a data value satisfying a relational expression by which, if at least one subset is predetermined for a set formed of a plurality of public keys, one of said data obtained by converting said at least one first public key and said data obtained by converting said at least one second public key belonging to said at least one subset is determinable, the other data thereof can be determined therefrom directly or indirectly; and
  
  applying, said data value to said ciphertext.
- View Dependent Claims (17)
- - 17. A computer readable recording medium according to claim 16, wherein said program causes said information processor to further perform:

18. A computer readable recording medium for storing a program to perform key recovery with which data obtained by converting a public key and used as a parameter at the time of generation of ciphertext is generated, which when executed by a computer without a secret key paired with said public key at a receiving side, causes said computer to perform:
- receiving, at a transmitting side, ciphertext applied with a data value generated to satisfy a relational expression by which data obtained by converting a first public key and used as a parameter at the time of generation of ciphertext can be determined, if at least one subset is predetermined for a set formed of a plurality of second public keys, and data obtained by converting at least one second public key belonging to said at least one subset is determinable between said data obtained by converting said first public key and said data obtained by converting said plurality of second public keys;
  
  receiving, at a receiving side, and determining, said data obtained by converting said plurality of second public keys from a secret key paired with said second public key; and
  
  determining said data obtained by converting said first public key and used as the parameter at the time of generation of said ciphertext, by introducing said data value applied to received ciphertext and data determined into said relational expression.

19. A computer readable recording medium for storing a program to perform key recovery with which data obtained by converting a public key and used as a parameter at the time of generation of ciphertext is generated, which, when executed by a computer at a receiving side without a secret key paired with said public key, causes said computer to perform:
- receiving from the transmitting side ciphertext having a data structure in which said ciphertext generated using, as a ciphertext generating parameter, data generated on the basis of data obtained by converting at least one first public key and data obtained by converting at least one second public key equal in number to said at least one first public key is applied with a data value generated to satisfy a relational expression by which if one of said data obtained by converting said at least one first public key and said data obtained by converting said at least one second public key is decided, the other data thereof can be determined directly or indirectly;
  
  determining said data obtained by converting said at least one second public key, based on said secret key paired with said second public key and possessed at the receiving side;
  
  determining said data obtained by converting said at least one first public key, by introducing, said data value applied to said ciphertext and said data determined from said secret key paired with said second public key, into said relational expression; and
  
  determining data used as said ciphertext generating parameter at the time of generation of said ciphertext, on the basis of said data obtained by converting said at least one first public key and said data obtained by converting said at least one second public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Takaragi, Kazuo, Kurumatani, Hiroyuki
Primary Examiner(s)
Hayes, Gail
Assistant Examiner(s)
Seal, James

Application Number

US09/092,140
Time in Patent Office

1,082 Days
Field of Search

380/286
US Class Current

380/286
CPC Class Codes

H04L 9/0894 Escrow, recovery or storing...

Key recovery method and system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

27 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Key recovery method and system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links