To prevent different keys from being drawn out between an encrypting apparatus and an decrypting apparatus.
A random number generating section 112d generates a random number (s). A first function section 113d generates a function value G(s) of the random number (s), and generates a verifying value (a) and a shared key K from the function value G(s). An encrypting section 114d generates a first encrypted message c1 of the verifying value (a) by using a public polynominal (h). A second function section 115d generates a function value H(a, c1) of the verifying value (a) and the first encrypted message c1. A random number masking section 116d generates a second encrypted message c2=s xor H(a, c1). A decrypting section 123d decrypts the first encrypted message c1 by using a secret key polynominal f to generate a decryption verifying value (a'). A third function section 124d generates a function value H(a', c1) of the verifying value a' and the first encrypted message c1. A random number mask removing section 125d generates decrypted random number s'=c2 xor H(a', c1). A fourth function section 126d generates a hash function value G(s') of the decrypted random number (s'), and generates a verifying value (a") and a shared key K' from the function value G(s'). If the decrypted verifying value (a') is equal to the verifying value (a"), a comparing section 127d outputs the shared key K'.
COPYRIGHT: (C)2004,JPO&NCIPI
Yuichi Fuda
Motoji Omori
Makoto Tatebayashi
| JP2000516733A | ||||
| JP2002252611A |