Cryptography – Key management – Key escrow or recovery
Reexamination Certificate
1999-02-09
2002-11-05
Darrow, Justin T. (Department: 2132)
Cryptography
Key management
Key escrow or recovery
C380S030000, C380S283000
Reexamination Certificate
active
06477254
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention relates to a security technology on a computer network.
In an operation to keep secret information such as a secret key used in a public key cryptosystem, there exit a fear of losing and/or destroying the secret information as well as a fear that the secret information is stolen. Such loss and destruction of the secret information can be coped with by producing several copies of the information. However, when many copies are produced, the fear of stealing of the information is increased.
To solve these problems, there have been introduced secret sharing methods including a (k,n) threshold secret sharing method. In relation thereto, Shamir's will be described.
Assume that a polynomial f(x) of degree of k−1 has secret information s as a constant term thereof
f
(
x
)=
s+a
1
x+a
2
x
2
+. . . +a
k−1
x
k−1
(mod r)
where, r is a prime number.
Under this condition, a distributor delivers shared information wi=f(i) to each secret sharing bearer i(i=1, 2, . . . , n). For details, reference is to be made to “How to Share a Secret” written by A. Shamir in pages 612 to 613 of Commun. of ACM, Vol. 22, No. 11, 1979.
On the other hand, the public key cryptosystems includes elliptic curve cryptosystems. Details about elliptic curve cryptosystems and operation on elliptic curves have been described in Chapter 6 of “Algebraic Aspects of Cryptography” written by Neal Koblitz in ACM, Vol. 3, 1998 and published from Springer.
However, when conducting encryption and decryption of information by use of the Shamir's (k,n) threshold secret sharing method of the prior art, there arise two problems as follows.
(1) The secret information is known to the distributor.
(2) There is required a distributor organization to produce secret sharing information.
SUMMARY OF THE INVENTION
It is therefore an object of the present invention to provide a highly reliable and safe secret sharing method, a data management system using the same, constituent apparatuses to implement the system, and a program to be executed therein.
In accordance with the present invention, there is provided a data encryption/decryption method comprising an encryption step and a decryption step. The encryption step includes the following steps of preparing n pairs of secret keys and public keys in a public-key cryptographic scheme, where n is a positive integer, generating a new key in accordance with at least one of the public keys, encrypting data in a common-key cryptographic scheme by use of the new key, preparing a (k,n) threshold logic (k is an positive integer equal to or less than n) having terms associated with the new key and the n public keys, conducting a calculation of the threshold logic by use of the new key and the n public keys, and storing encrypted data and a result of the calculation of the threshold logic. The decryption step includes the following steps of restoring the new key from k secret keys selected from the n secret keys and the stored result of the threshold logic calculation in accordance with a threshold reverse logic corresponding to the threshold logic and decrypting by the restored key the encrypted and stored data in the common-key cryptographic scheme.
As a result of this method, after the information is encrypted, it is not necessary to again distribute secret information to the bearers and hence the distributor organization becomes unnecessary. Moreover, the absence of the distributor accordingly removes the fear that the secret information is known to the distributor.
Additionally, by adopting an elliptic curve cryptosystem as the public key cryptosystem, the processing speed can be increased.
REFERENCES:
patent: 5764772 (1998-06-01), Kaufman et al.
patent: 6141421 (2000-10-01), Takaragi
patent: 6236729 (2001-05-01), Takaragi et al.
SecureWay Key Recovery Technology,http://www~4.ibm.com/software/security/keyworks/library/whitepapers/keyrec.html, Jan. 27, 1997.
IBM SecureWat Key Recovery Technology,http://www~4.ibm.com/software/security/keyworks/library/whitepapers/keyrec2.html, Jan. 27, 1997.
BIT, Lecture, Feb. 1996, vol. 28, No. 2.
“Fair Cryptosystems” by S. Micali, Aug. 11, 1994.
ISO/IEC 10118-2, “Information Technology-Security Techniques-Hash Functions: Part 2: Hash-Functions using an N-Bit Block Cipher Algorithm” (1994).
“The MD5 Message Digest Algorithm” by R. Rivest, IETF RFC 1321 (1992).
Koyama et al, Elliptical Curve Cryptosystems and Their Applications, IEICE Trans. INF & System, E75-D, pp. 50-57, Jan. 1992.
B. Schneier, Applied Crytography, 2e, John Wiley pp. 70-73, Oct. 1995.
IBM SecureWay Key Recovery Technology,http://www.ibm-com/security/html/prkeyrec.html,Jan. 27, 1997.
IBM Comparison to Alternatives,http://www~4.ibm.com/software/security/keywords/library/whitepapers/keyrec3.html,Jan. 27, 1997.
A.Shamir, “How to Share a Secret”, In Communications of the ACM, vol. 22, No. 11, pp. 616-613, 1979.
T.P. Pedersen, “Distributed Provers with Applications to Undeniable Signatures”, In Proc. of Eurocrypt '91, Lecture Notes in Computer Science, LNCS 547, Springer Verlag, pp. 221-238, 1991.
T.P.Pedersen, “A Threshold Cryptosystem without a Trusted Party”, in Proc. of Eurocrypt '91, Lecture Notes in Computer Science, LNCS 547, Springer Verlag, pp. 522-526, 1991.
R. Gennaro, S. Jarecki, H. Krawczyk and T.Rabin, “Robust Threshold DSS Signatures”, In Proc. of Eurocrypt '96, Lecture Notes in Computer Science, LNCS 1070, Springer Verlag, pp. 354-371, 1996.
C.Park and K.Kurosawa, “New ElGamal Type Threshold Digital Signature Scheme”, IEICE Trans. Fundamentals, E79-A(1) :86-93, Jan. 1996.
K.Koblitz, “Algebraic Aspects of Cryptography”, Algorithms and Computation in Mathematics vol. 3, ACM 3, 1998.
Miyazaki Seiji
Takaragi Kazuo
Antonelli, Terry, Stou & Kraus, LLP
Darrow Justin T.
LandOfFree
Network system using a threshold secret sharing method does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Network system using a threshold secret sharing method, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Network system using a threshold secret sharing method will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2970673