KR100388059B1 - Data encryption system and its method using asymmetric key encryption algorithm - Google Patents

Abstract

The present invention relates to efficient data encryption using an asymmetric cryptographic algorithm, and in particular can be used as a key element of information protection services, including data confidentiality, data integrity, digital signature, and the like.

It is an object of the present invention to encrypt / decrypt a large amount of data in a secure, easy-to-implement, and fast manner by using existing well-known hash functions and asymmetric key cryptographic algorithms, and also provide data integrity together. The present invention uses an asymmetric key cryptography algorithm and a hash function that are used as key elements of information protection services, and uses an all-or-noting transform portion and an asymmetric key cryptographic algorithm to scramble input data using a hash function. It is characterized by consisting of a portion to encrypt.

Description

Data encryption system using asymmetric key encryption algorithm and method thereof {Data encryption system and its method using asymmetric key encryption algorithm}

The present invention relates to a data encryption and decryption method using an asymmetric key, and more particularly, to an efficient data encryption system using an asymmetric key cryptographic algorithm that can be used as a key element of information protection services including data confidentiality, digital signature, integrity, and the like. It is about a method.

Conventional data encryption techniques mostly use symmetric key encryption algorithms such as block ciphers and stream ciphers, and are rarely asymmetric like RSA (Rivest, Shamir, Adleman). Asymmetric Key Encryption Algorithm is used.

Data encryption techniques applicable to information protection technology must be cryptographically secure and operate at high speed. Measures to consider in terms of the security of data encryption techniques include sufficiently long key lengths, randomness of output, presence of structural vulnerabilities, and safety against known known attack techniques.

In most applications, data encryption uses block ciphers, such as the Data Encryption Standard (DES), or stream ciphers, such as Ron's Code 4 (RC4). In order to encrypt data using this symmetric key cryptography, the two parties sending and receiving data must always share the secret key securely. Other than the two parties who shared the secret key, the other users do not know the secret key and therefore cannot know the contents of the encrypted data. Since symmetric key cryptography is very fast, most information protection applications use symmetric key cryptography to encrypt data. However, when symmetric key cryptography is used, there is a problem of always sharing and managing keys securely. In addition, the number of keys to be managed is increased by the square of the number of parties to communicate with.

In case of encrypting data using an asymmetric key cryptography such as RSA, the problem of key sharing and increase in the number of keys in the symmetric key cryptography is solved. A user always has two pairs of keys, a public key and a private key. Public keys are published in public directories, and private keys are kept secret from other users. When user A wants to encrypt data and deliver it to user B, user A encrypts the data using user B's public key and transmits the data. When user B receives the encrypted data, the user B can decrypt the data using his private key. Other users do not know the private key of user A, and therefore cannot know the contents of the encrypted data. However, asymmetric key cryptography is rarely used in applications that encrypt a large amount of data because the processing speed is 1000 times slower than symmetric key cryptography.

As a pros and cons of the above symmetric and asymmetric key cryptography, most applications currently use a hybrid scheme that combines these two techniques. First, user A and user B share a secret key to be applied to symmetric key cryptography using asymmetric key cryptography. That is, user A generates one secret key, applies it to asymmetric key cryptography using user B's public key, and encrypts it to user B. User B decrypts the received cipher text with its private key to obtain a shared secret key with user A. After sharing the secret key used, this key is applied to the symmetric key cipher to transmit the data encrypted. However, the hybrid scheme must always exchange shared secret keys before sending or receiving data. In addition, the implementation must implement both symmetric key cryptography and asymmetric key cryptography.

A brief look at these prior arts includes:

First, as a technology related to the symmetric key block encryption algorithm, the applicant is' Teleman Co., Ltd., and the prior art that the name of the invention is' data encryption method using the Feistel network '(public number: 10-2000-21130).

The prior art relates to a method of encrypting data, which allows strong protection against third-party attacks in the transmission and reception of data over public communication lines, and uses less memory with independent generation of round keys. In order to keep confidentiality stable when storing data, in the symmetric key block encryption algorithm of the Feistel structure, an exclusive logical sum is obtained using the plaintext X for encryption and the round key K _r generated through a predetermined operation as input values. And a round function F in which a multiplication operation using (2n + 1) as a law, an addition operation using 2n as a law, and a substitution function are arranged in a predetermined state.

Accordingly, the present invention is to solve the problems of the prior art as described above, the object of the present invention using a conventional hash function and asymmetric key cryptographic algorithm is safe and easy to implement and without a separate shared secret key exchange step Is to provide an encryption system and method for providing both data confidentiality and data integrity by encrypting a message at a high speed.

1 is a schematic block diagram of a data encryption system using an asymmetric key encryption algorithm according to an embodiment of the present invention,

FIG. 2 is a block diagram illustrating an algorithm occurring in the all-or-nothing converter 105 (AONT) shown in FIG.

3 is a block diagram illustrating an algorithm occurring in an optimal asymmetric encryption unit (OAE) shown in FIG. 1,

FIG. 4 is a block diagram illustrating an application algorithm of the G function 303 illustrated in FIG. 3.

※ Explanation of code about main part of drawing ※

101: s n-bit input message block 102: random n-bit random number

103: password hash function 104: output of the hash function

105: all-or-nothing conversion unit 106: pseudo message

107: public key of sender

108: concatenate two strings

109: Bitwise xor operation 110: Last pseudo message block

111: Optimal Asymmetric Encryption (OAE)

112: recipient's public key 113: 111 encrypted result

201: (i-1) th n-bit pseudo message block

N-bit value calculated at 202: 104

203: (i-1) th n-bit input message block

204: I th n bit input message block

205: I th n-bit pseudo message block

301: (s + 1) th n-bit pseudo message block

302: '0' of t bits

303: Random number at G function 304: 102

305: asymmetric key encryption algorithm 306: encrypted result of 301

The encryption system according to the present invention for achieving the above object, after dividing the input message X into an arbitrary number, and calculates the intermediate product K value of the divided X and N, which is an n-bit random number, by using a hash function First means for making; Second means for calculating a pseudo message from the intermediate product K value by using an all-or-nothing method and calculating a value of n bits as a final pseudo message block using the sender's public key and the pseudo message; And asymmetric encryption means for encrypting through an asymmetric key cryptographic algorithm using a value of n bits, which is the last pseudo message block output from the second means, and the random number and the public key of the receiver. The decryption system comprises: means for receiving the encrypted data (C) and decrypting the received encrypted data with a secret key R _s to calculate the last block LB and random number N 'of the pseudo message (Y); Means for dividing the pseudo message (Y) into a plurality (s) of n bit blocks; Receiving the divided pseudo message, the last block LB of the pseudo message, and a random number N ', dividing the sender's public key K _p by n bits, and performing an exclusive OR operation to calculate an intermediate value K; Way; And means for receiving the intermediate generated value K and performing an all-or-nothing inverse transformation to recover the original message X. [0024] The encryption method according to the present invention further includes the number of input messages X in any number. After dividing, a first step of calculating an intermediate product K value of the divided X and N, which is an n-bit random number, by using a hash function; A second step of calculating a pseudo message from the intermediate product K value of the first step using an All-or-nothing method; A third step of calculating a value of n bits which is the last pseudo message block by using the sender's public key and the pseudo message calculated in the second step; And a fourth step of encrypting through an asymmetric key cryptographic algorithm using the value of n bits, which is the last pseudo message block calculated in the third step, and the random number and the public key of the receiver. The decryption method may include: a first step of receiving encrypted data C and decrypting the received encrypted data with a secret key R _s to calculate a last block LB and a random number N 'of a pseudo message (Y); Dividing the pseudo message (Y) into a plurality (s) of n bit blocks; Receiving the divided pseudo message, the last block LB of the pseudo message, and a random number N ', dividing the sender's public key K _p by n bits, and performing an exclusive OR operation to calculate an intermediate value K; Third step; And a fourth step of receiving the intermediate generated value K and performing an all-or-nothing inverse transformation to restore the original message X. In addition, the present invention provides a computer with an input for encrypting an input message. Splitting the message X into any number and then calculating the intermediate product K value of the divided X and n, which is an n-bit random number, using a hash function; A second step of calculating a pseudo message from the intermediate product K value of the first step by using an all-or-nothing method; and a final pseudo message block using the sender's public key and the pseudo message calculated in the second step. calculating a value of n bits; And a program for executing a fourth step of encrypting through an asymmetric key cryptographic algorithm using the value of n bits, the last pseudo message block calculated in the third step, and the random number and the public key of the receiver. In order to decrypt the encrypted data in the computer and the computer, the encrypted data C is input, the secret key R _s is used to decrypt the inputted encrypted data with the last block LB and random of the pseudo message Y. Calculating a number N '; Dividing the pseudo message (Y) into a plurality (s) of n bit blocks; Receiving the divided pseudo message, the last block LB of the pseudo message, and a random number N ', dividing the sender's public key K _p by n bits, and performing an exclusive OR operation to calculate an intermediate value K; Third step; And a computer-readable recording medium having recorded thereon a program for executing the fourth step of receiving the intermediate generated value K and performing an all-or-nothing inverse transformation to recover the original message X.

Hereinafter, a data encryption system using asymmetric key cryptographic algorithm and its method will be described in detail with reference to the accompanying drawings.

The present invention proposes a method of encrypting and transmitting a large amount of data using an asymmetric key cryptographic algorithm without a key exchange process for a session key. The proposed technique converts the input message into a pseudo message by using an all-or-nothing transformation using a hash function, and then encrypts only a part of the converted pseudo message using an asymmetric key encryption algorithm. The proposed scheme uses only hash function and asymmetric key encryption algorithm and can provide message confidentiality and message integrity with little overhead. The operation of the specific algorithm is as follows.

1 is a schematic block diagram of a data encryption system using an asymmetric key cryptographic algorithm according to an embodiment of the present invention, and FIG. 2 is an algorithm occurring in the all-or-nothing converter 105 (AONT) shown in FIG. 3 is a block diagram showing an algorithm occurring in an optimal asymmetric encryption unit (OAE) shown in FIG. 1, and FIG. 4 is a block diagram showing an application algorithm of the G function 303 shown in FIG. As it will be described in detail as follows.

First, look at the encryption operation of the transmission side, after dividing the input message X into s n-bit blocks (X ₁ , X ₂ , ... X _s ), X _1Λs (101) and n-bit nonce (random) Numerical value N (102) is substituted into the hash function h _IV (103, which is a predetermined hash function) to obtain the intermediate product K value 104 as shown in Equation 1 below. On the other hand, n is the number of output bits of the hash function, (1 Λ s) means an integer from 1 to s.

Subsequently, the pseudo message Y _1Λs 106 is calculated from Equation 2 below from the intermediate product K value input through the all-or-nothing conversion unit 105. This is illustrated in FIG. 2.

i = 1, 2, ..., s

Subsequently, K _p (107), which is the sender's public key, and the pseudo message Y _1Λs (106) are input to _calculate Y _{ns + 1} (110) of n bits, which is the last pseudo message block, using Equation 3 below. do. For example, in the case of using a 1024-bit public key, after dividing into n bits, they perform an exclusive OR operation.

,

Subsequently, in the optimal asymmetric encryption unit (OAE) 111 using the Y _{s + 1} 110, the random number N 102, and the public key R _p of the receiver, Equation 4 below is used. Finally, C 113 is encrypted. This is illustrated in FIG. 3.

Where AE is an asymmetric key cryptographic algorithm such as RSA, t is (l-2n), and l is the bit length of the public key.

On the other hand, the function G is a one-way function that maps n bits into (l-n) bits. As illustrated in FIG. 4, the function G is configured as shown in Equation 5 below.

Where t ₁ is And the number of applications of h is applied (l-n) / n times.

next, ( ) Is sent to the receiver, thereby ending the encryption operation.

On the other hand, when the receiver receives the (Y || C), it can be decrypted to the original message by the following procedure.

First, when the receiver receives (Y || C), the final block LB and nonce N 'of the pseudo message are obtained by decrypting C with its secret key R _{s according} to Equation 6 below.

If b ≠ 0 ^t , reject.

Where P is in Equation 4 Means. In addition, Q is represented by Equation 4 B means 0 ^t .

Then, after dividing the message Y into s n-bit blocks (Y ₁ , Y ₂ ,... Y _s ), the intermediate product K value is restored by Equation 7 below.

,

Then, the original message X = (X ₁ , X ₂ , ... X _s ) is recovered by Equation 8 below.

,

Subsequently, by confirming whether the recovered original message X is correct by Equation 9 below, the decoding process is terminated.

Check if it is.

The proposed invention is constructed using the well-known hash function and asymmetric key cryptographic algorithm such as RSA. The input message is first converted into a pseudo message through the all-or-nothing conversion unit using a hash function, and only the last one block of the converted pseudo message is encrypted using an asymmetric key encryption algorithm. At this time, since the all-or-nothing transformation itself is a public transformation having no secret key element, there is no need for a secret session key exchange process between the sender and receiver.

Considering the safety of the proposed technique, the attacker must know K to know the original plaintext. To do this, the attacker first attempts to decrypt C in the message (Y`` || C ''). In this case, the attacker can't decrypt C because he doesn't know the recipient's private key. If you don't decode C, you don't know Y _{s + 1} , and eventually you don't know K. Therefore, the proposed scheme for this attack depends on the security of the asymmetric key cryptographic algorithm used.

To know the plaintext without decrypting C, an attacker who doesn't know K must compute Equation 10 below.

In order to solve Equation 10, the attacker Guess the value or guess the K value. In this case, since K is the hash value of the plain text and the original plain text is not known, the attacker can only guess K. If you use a hash function that satisfies the pseudorandom number property, the probability of a successful attack is 2 ^-n . If you use a hash function with a 160-bit output, the probability of a successful attack is 2 ^-160 , which provides sufficient security.

In addition, nonce N is used to calculate K, which is an application of public key cryptography. The operation is a form of Optimal Asymmetric Encryption (OAE) proposed by Bellare et al.

The OAE technique is shown in Equation 11 below.

Where f is a trap door replacement (e.g., RSA) that maps k bits to k bits, length n of message x is (k-k ₀ -k ₁ ) bits, and G is k ₀ bits (n + k) Is a one-way function that maps to bits, H maps (n + k ₁ ) bits to k ₀ bits, and r is a k ₀ bit random number.

The OAE satisfies Semantic Security and implies Non-Malleability and Chosen-Ciphertext Security. Therefore, the proposed technique implies Semantic Security, Chosen-Ciphertext Security, and Non-Malleability based on the safety analysis of OAE technique.

In general, frequent key changes are required to increase the security of the security mechanism. In other words, by setting a new secret key for each session (or for each message) without using the same key over and over again, safety is increased. Considering this, the proposed scheme uses a hash key of plaintext as a secret key, so the key is used only once per message. Therefore, the attacker must repeat the task of guessing K every time a new message is delivered. This saves considerable communication overhead compared to exchanging a secret key to be used by the sender and receiver for each message exchange.

Also, although the normal symmetric key cryptographic algorithm does not provide the integrity of the message, the proposed scheme checks the integrity of the received message.

The proposed method is simulated in Pentium III 750MHz, 256M RAM, Visual C ++ 6.0 environment. Seems. In the case of message encryption using RC5 block encryption algorithm, the performance is about 87.15Mbits / sec, and in case of encryption using RSA public key encryption algorithm, the performance is about 0.396Mbits / sec. This result, considering that one of the characteristics of the hash function used as a scramble function has a fast performance, it can be seen that the proposed method has an advantage compared to the existing methods in terms of performance. Furthermore, considering that a block cipher algorithm requires an additional session key exchange procedure using an asymmetric key cipher algorithm, and in case of frequent session key update to increase safety, there is an additional performance degradation to deal with this. It can be seen that the proposed scheme has advantages in terms of performance.

While the invention has been described above based on the preferred embodiments thereof, these embodiments are intended to illustrate rather than limit the invention. It will be apparent to those skilled in the art that various changes, modifications, or adjustments to the above embodiments can be made without departing from the spirit of the invention. Therefore, the protection scope of the present invention will be limited only by the appended claims, and should be construed as including all such changes, modifications or adjustments.

As described above, according to the present invention, it is safe and easy to implement using the existing proposed hash function and asymmetric key encryption algorithm, and encrypts a large amount of messages at high speed without a separate shared secret key exchange step, thereby ensuring the confidentiality of the message. This has the effect of providing integrity together.

In addition, the present invention can be efficiently applied to a large amount of message encryption using asymmetric key cryptography, and can be efficiently used for encryption and digital signature using smart cards with low computational power.

Claims (26)

delete First means for dividing an input message X into any number and then calculating an intermediate product K value of the divided X and n, which is an n-bit random number, using a hash function; Second means for calculating a pseudo message from the intermediate product K value by using an all-or-nothing method and calculating a value of n bits as a final pseudo message block using the sender's public key and the pseudo message; And And asymmetric encryption means for encrypting by means of an asymmetric key cryptographic algorithm using a value of n bits, the last pseudo-message block that is the output of the second means, and the random number and the public key of the receiver. The method of claim 2, First means for calculating the intermediate product K value, After dividing the input message X into s n-bit blocks (X ₁ , X ₂ , ... X _s ), the divided X _1Λs and n, which is a random number N, are substituted into the hash function h _IV . An encryption system characterized by obtaining an intermediate product K value such as [Equation 1]. [Equation 1] Here, n is the number of output bits of the hash function, (1 Λ s) means an integer from 1 to s. The method of claim 2 or 3, The second means, From the intermediate product K value, pseudo message Y _1Λs is calculated by Equation 2 below, and then n bits which are the last pseudo message block by Equation 3 below using the sender's public key K _p and the pseudo message. The encryption system, characterized in that to calculate the Y _{S +1} . [Equation 2] i = 1, 2, ..., s [Equation 3] , delete delete The method of claim 4, wherein The asymmetric encryption means, And a final encrypted C is generated by using Equation 4 below using the last pseudo message block, n bits of Y _{s + 1} , a random number N, and the recipient's public key R _p . [Equation 4] Where AE is an asymmetric key cryptographic algorithm such as RSA, t is (l-2n), l is the bit length of the public key, and function G is a one-way function that maps n bits to (l-n) bits. way Function). delete Means for receiving an encrypted data (C) and decrypting the received encrypted data with a secret key R _s to calculate a last block LB and a random number N 'of a pseudo message (Y); Means for dividing the pseudo message (Y) into a plurality (s) of n bit blocks; Receiving the divided pseudo message, the last block LB of the pseudo message, and a random number N ', dividing the sender's public key K _p by n bits, and performing an exclusive OR operation to calculate an intermediate value K; Way; And Means for receiving the intermediate value K and performing an all-or-nothing inverse transformation to recover the original message (X); Decryption system comprising a. The method of claim 9, Means for calculating the last block LB and random number N 'of the pseudo message (Y), Decoding system, characterized in that for calculating each value according to the following [Equation 6]. [Equation 6] If b ≠ 0 ^t , we reject, where P is Where G is a one-way function that maps n bits into (l-n) bits, h is a predetermined hash function, AE is an asymmetric key cryptographic algorithm such as RSA, and Q is B means 0 ^t . The method of claim 9, The means for calculating the intermediate generation value K, The intermediate system calculates the intermediate value according to Equation 7 below. [Equation 7] , The method of claim 9, Means for recovering the original message (X), Decoding system, characterized in that to calculate the original message by the following equation (8). [Equation 8] i = 1, 2, ..., s delete Dividing an input message X into an arbitrary number and calculating an intermediate product K value of the divided X and n, which is an n-bit random number, by using a hash function; A second step of calculating a pseudo message from the intermediate product K value of the first step using an All-or-nothing method; A third step of calculating a value of n bits which is the last pseudo message block by using the sender's public key and the pseudo message calculated in the second step; And And a fourth step of encrypting by using an asymmetric key cryptographic algorithm using a value of n bits, which is the last pseudo message block calculated in the third step, and the random number and the recipient's public key. The method of claim 14, The first step, After dividing the input message X into s n-bit blocks (X ₁ , X ₂ , ... X _s ), the divided X _1Λs and n-bit random number N are substituted into the hash function h _IV . 9] to calculate the intermediate product K value. [Equation 9] Here, n is the number of output bits of the hash function, (1 Λ s) means an integer from 1 to s. The method according to claim 14 or 15, The second step, And a pseudo message Y _1Λs is calculated from Equation 10 below from the intermediate K value. [Equation 10] , delete The method of claim 16, The third step, The encryption method characterized in that it receives the input public key K _p and the pseudo message Y 1 _Λs and calculates n _s Y _{s + 1} of the last pseudo message _{block according} to Equation 11 below. [Equation 11] , The method of claim 18, The fourth step, And a final encrypted C is generated by the following [Equation 12] by using the last pseudo message block, n bits of Y _{s + 1} , a random number N, and the recipient's public key R _p . [Equation 12] Where AE is an asymmetric key cryptographic algorithm such as RSA, t is (l-2n), l is the bit length of the public key, and function G is a one-way function that maps n bits to (l-n) bits. way Function). delete A first step of receiving encrypted data (C) and decrypting the received encrypted data with a secret key R _s to calculate a last block LB and a random number N 'of a pseudo message (Y); Dividing the pseudo message (Y) into a plurality (s) of n bit blocks; Receiving the divided pseudo message, the last block LB of the pseudo message, and a random number N ', dividing the sender's public key K _p by n bits, and performing an exclusive OR operation to calculate an intermediate value K; Third step; And And a fourth step of receiving the intermediate generation value K and performing an all-or-nothing inverse transformation to recover the original message (X). The method of claim 21, In the first step, the last block LB and the random number N 'of the pseudo message (Y) is calculated by the following equation (14). [Equation 14] If b ≠ 0 ^t , we reject, where P is Where G is a one-way function that maps n bits into (l-n) bits, h is a predetermined hash function, AE is an asymmetric key cryptographic algorithm such as RSA, and Q is B means 0 ^t . delete delete On the computer, to encrypt the input message: Dividing an input message X into an arbitrary number and calculating an intermediate product K value of the divided X and n, which is an n-bit random number, by using a hash function; A second step of calculating a pseudo message from the intermediate product K value of the first step using an All-or-nothing method; A third step of calculating a value of n bits which is the last pseudo message block by using the sender's public key and the pseudo message calculated in the second step; And A computer program having recorded thereon a program for executing a fourth step of encrypting through an asymmetric key cryptographic algorithm using the random number and the recipient's public key, the value of n bits which is the last pseudo message block calculated in the third step. Recording media. To decrypt encrypted data on your computer: A first step of receiving encrypted data (C) and decrypting the received encrypted data with a secret key R _s to calculate a last block LB and a random number N 'of a pseudo message (Y); Dividing the pseudo message (Y) into a plurality (s) of n bit blocks; Receiving the divided pseudo message, the last block LB of the pseudo message, and a random number N ', dividing the sender's public key K _p by n bits, and performing an exclusive OR operation to calculate an intermediate value K; Third step; And A computer-readable recording medium having recorded thereon a program for executing the fourth step of receiving the intermediate generated value K and performing an all-or-nothing inverse transformation to recover the original message (X).