PURPOSE: To share a key among optional terminals in a network by using identification information for respective terminals and secret information for the system itself without using a preliminary communication nor an open list.
CONSTITUTION: The secret information generation phase of a center for the terminals consists of an xi storage part 6 which generates and stores an integer xi depending upon a terminal (i), a yi storage part 7 which calculates and stores the multiplicative inverse element yi of xi to a modulus L, etc. Then each terminal generates a common key by using 1st and 2nd pieces of secret information, open information of the center, and identification information on an opposite terminal which are distributed. When the 2nd secret information uses the value yi depending upon its ID as yi raised to integral power yi and a value depending upon the ID of the opposite terminal is generated by using the 1st secret information, xi to integral power is canceled by yi to integral power to obtain the common key because of multiplication by xi to integral power. Consequently, neither the preliminary communication nor the open list is required and a key sharing system based upon the identification information which is tolerant to attacks by deposition is obtained.
HARADA TOSHIHARU
TATEBAYASHI MAKOTO