JP2006511114A - Key synchronization in visual cryptosystems - Google Patents

Abstract

The visualization encryption system includes a server (1) that encrypts a series of images using a key set, a terminal (2) that displays the encrypted image, and the encrypted image from the server (1) to the terminal (2). A transmission medium (4) for transmission and a decryption device (3) for decrypting the encrypted image displayed on the terminal (2). Key identification information is generated by the server (1) and displayed by the terminal (2). The decryption device (3) detects the key identification information and selects a corresponding key from the key set.

Description

Detailed Description of the Invention

The present invention relates to key synchronization in a cryptographic system. More specifically, the present invention relates to a method and system for synchronizing a first key set in an encryption device and a second key set in a decryption device. Here, the encryption device is a device that can encrypt an image, and the decryption device is a device that can decrypt an image.

It is well known that using a set of keys (key set) in a cryptographic system, subsequent messages are encrypted using different keys in the key set. Using different keys for different messages makes it very difficult for an eavesdropper to decrypt the message. Even if one key is known, one message can be decrypted, but the secret of other messages is maintained.

  Of course, it is necessary to synchronize the keys. That is, to encrypt or decrypt the same message, the encryption device and the decryption device must use the same key in the key set. Without this synchronization, the message cannot be decoded correctly.

  It is also known to encrypt an image so that an unauthorized person cannot recognize the image or read its contents. One method for encrypting an image is disclosed, for example, in European Patent Application EP0260815. This method is also known as visual encryption and utilizes two patterns. Each of the two patterns is not individually recognizable and is overlaid to create a recognizable image. Thus, the original image is converted into two random parts or patterns, neither of which contains perceptible image information. One of these patterns is printed on a transparency, or at least partially displayed on a transparent display, acting as a decryption key. When overlaying the above patterns, the patterns are combined and appear to the viewer's eyes as “decoded”.

  When viewing a large number of individually encrypted images, a transparent sheet is cumbersome, and it has been proposed to use a decryption (decryption) device. Two types of decoding devices can be distinguished. Transmission type and non-transmission type.

  The transmissive decryption apparatus essentially displays a pattern (share) of an encrypted image, imitating a transparent sheet used in the prior art. Since the decoding device is at least partially transparent, another pattern of the image can be seen through the device. The viewer's eyes see the two image patterns combined. The advantage of using a transmissive device rather than a transparent sheet is that the device can display multiple image portions instead of a single image portion. In this way, different keys can be used for subsequent images. The transmissive decryption device advantageously uses an LCD (liquid crystal display) to superimpose the two screens in order to “decrypt” the encrypted image and reconstruct the original image. A suitable example of a transmissive device using an LCD screen is described in European Patent Application No. 00205527.8 [PHNL020121]. In the device described in the above European patent application, the polar rotation effect of the liquid crystal cell of the liquid crystal display is used. This device makes it very convenient to encrypt and decrypt black and white images. European Patent Application No. 02078660.4 [PHNL020804] describes a transmissive decoding device that can also decode color images.

  The non-transparent decryption apparatus can detect, decrypt, and display an encrypted image. Decryption is performed by the device itself, with the display showing a fully decrypted image, while the encrypted image is masked by the device. An example of such a device is described in European Patent Application No. 02079579.5 [PHNL021058]. The decoding device uses a key to decode the image.

  An image decryption device generally requires at least one key to decrypt an image. However, to encrypt and decrypt multiple images in a cryptographically secure manner, it is necessary to use a set of keys (key sets) to decrypt subsequent images using different keys. is there. However, when a set of keys (key set) is used, a problem of key synchronization occurs. Even if a fixed key sequence is determined, the encryption device and the decryption device may change the key at different moments. Alternatively, one device may not change the key at all. Then key synchronization is lost. In other words, the decryption device cannot decrypt the encrypted image.

  Accordingly, one object of the present invention is to provide a method and apparatus for establishing synchronization between an encryption device and a decryption device in a simple but effective manner.

Another object of the present invention is to provide a method and system for establishing synchronization between an image encryption device and an image decryption device.

Accordingly, the present invention provides a method for synchronizing a first key set of an encryption device and a second key set of a decryption device. This method
The encryption device using the key of the first key set to generate an encrypted image and associated key identification information;
The encryption device transmitting the encrypted image and its associated key identification information to a display device;
The display device displaying the encrypted image and its associated key identification information;
The decryption device detecting the key identification information;
The decryption device decrypting the encrypted image using a key of the second key set corresponding to the detected key identification information;
The decoding apparatus includes a step of displaying the decoded image.
That is, the encryption device encrypts the image using the key of the key set, and generates key identification information of the key used for image encryption. Both the encrypted image and the key identification information are transmitted to the display device, and the display device causes the decryption device to detect the key identification information. The decryption device identifies the key in the key set using the key identification information, and decrypts the encrypted image using the identified key. Preferably, the encryption apparatus is of a type having both detection means for detecting (encrypted) images and display means for displaying (encrypted) images.

  By transmitting the key identification information together with the encrypted image, key synchronization can always be maintained. Although it is possible to send the key identification information together with all the encrypted images, it is not necessary to do so. Instead, the key identification information may be transmitted periodically, for example, after a certain number of encrypted images are transmitted, or after a certain time has elapsed. Alternatively, the key identification information may be transmitted when requested. Of course, if it is not necessary to transmit, the step of generating the key identification information can be omitted.

  The key identification information may be the same as the key itself. However, in this case, since the key identification information may be intercepted during transmission, the encryption is not secure. For this reason, the key identification information is preferably a code related to the key, such as a key number. More preferably, the key identification information is a code derived from the key. Thereby, a certain amount of falsification can be prevented.

  In a preferred embodiment, the key identification information is a hash value. The hash value is a value derived from a source value such as an encryption key using a hash function. A hash function is a kind of function and is well known in the technical field of cryptography. In general, the hash function is a one-way function, that is, a function for which an inverse function cannot be obtained. As a result, the hash value of the key can be easily obtained, but it is impossible to derive a key from the hash value. Thus, even if the key identification information is intercepted, the key itself cannot be known. Further, if the key is changed (illegally), the hash value is different, and illegal decryption of the encrypted image can be prevented.

In a particularly advantageous embodiment, the step of the decryption device detecting the key identification information comprises:
The decryption device detects the hash value and stores it as a detected hash value;
The decrypting device calculating the hash value of the second key set and comparing each calculated hash value until it matches the detected hash value.
By matching the hash value of the key set of the decryption device with the detected hash value, the correct key can be easily found.

  Of course, the hash value of the second key set can be calculated in advance and stored in the decryption device. However, this requires a fairly large memory space. Since the hash value can be calculated quickly, it is preferable to store the hash value.

  The key identification information can be transmitted separately, but it is preferable that the key identification information is part of the encrypted image. Thereby, the transmission of the key identification information is simplified, and the decryption device can be easily detected. The key identification information can form a sub-image of the encrypted image. This sub-image may be a symbol, code, or the like. The sub-image may be encrypted using another key. The other key is preferably the same key that encrypts the sequence of images.

  In a preferred embodiment, the key identification information is displayed on the display device as a bar code. The barcode can be easily recognized and read by the decoding device. However, other types of codes may be used. Specifically, a time multiplexed code in which partial portions of the code are sequentially displayed may be used. This portion may or may not be constituted by a bar code.

  The image used for synchronization according to the present invention may be a black and white image or a color image. Various methods can be used to render color images in visualization cryptography and similar applications, but the liquid crystal display method described in European Patent Application No. 02078660.4 [PHNL020804EPP] is particularly suitable.

The present invention further provides a system for synchronizing a first key set of an encryption device and a second key set of a decryption device. This system
An encryption device that generates an encrypted image and related key identification information using a key of the first key set, and transmits the encrypted image and the related key identification information to a display device;
A display device for displaying the encrypted image and its associated key identification information;
A decryption device that detects the key identification information, decrypts the encrypted image using a key of the second key set corresponding to the detected key identification information, and displays the decrypted image; Have.
With this type of system, key set synchronization can be easily achieved.

The present invention also provides an encryption device used in the above system. This device
Detecting means for detecting the encrypted image and the key identification information;
Key selection means for selecting a key based on the detected key identification information;
Decryption means for decrypting an encrypted image detected using the selected key;
Display means for displaying the decoded image.

Advantageously, the sensing means is part of an LED (Issuing Diode) circuit, preferably part of an OLED (Induced Emitting Diode) circuit.

The invention will be further described with reference to the embodiments shown in the accompanying drawings.

  The system illustrated by the non-limiting example of FIG. 1 has a server 1, a terminal 2, a decryptor (or decryptor) 3, and a communication network 4. The server 1 creates an image and encrypts it. The image is transmitted to the terminal 2 via the communication network 4. The communication network 4 is configured by a dedicated network such as a LAN, a telephone network (POTS), the Internet, a simple cable or wire, and the like. Both the server 1 and the terminal 2 may be dedicated devices or may be constituted by general-purpose computers. At least the terminal 2 has a display screen 21. The decryptor 3 is an encryption device, which will be described in more detail later. Both the server 1 and the decryptor 3 are provided with at least a key set, and this set of keys (key set) includes a plurality of encryption keys. These keys are used in a suitable cryptographic process such as DES. Here, it is not important which cryptographic process is used.

  As shown in the embodiment of FIG. 2, the decoder 3 is a decryption device, and a sensor 31 that detects a displayed image, and a processor 32 that has an associated memory that performs a cryptographic operation on the detected image, And a display element 33 forming a display screen (34 in FIG. 1) for displaying the decoded image. A conductor or optical fiber connects the sensor 31, the processor 32, and the display element 33. A set of encryption keys is stored in the processor memory. Therefore, the decoder 3 can detect and decrypt the encrypted image and display the decrypted image. The terminal 2 is a non-trusted device, but the decoder 3 is a trusted device and is preferably stored in a safe place when owned by the user and not in use. Thus, the key stored in the decryptor has not been tampered with.

  In the system of FIG. 1, key synchronization is achieved as follows. A server (encryption device) 1 encrypts an image using one key in the key set. This image is transmitted to the terminal (display device) 2, and the terminal 2 displays the image. Since the terminal 2 does not have a key, the encrypted image cannot be decrypted. The displayed encrypted image does not contain any perceptible information and looks like a random image (“snow”).

  The user positions the decoder (decoding device) 3 so that the decoder can detect the image. The encrypted image schematically shown in FIG. 3 has two image parts. The first image portion 5 includes an encrypted image, and the second image portion 6 includes key identification information. The decoder 3 is preferably arranged to detect both images simultaneously and preferably determine which part of the image displayed on the display screen 21 is the second image part 6. In a preferred embodiment, a section of the screen 21 is assigned to the second (key identification information) image part 6 and therefore this image part is recognized based on its position.

  In the illustrated embodiment, the second image portion 6 includes a barcode. The decoder 3 can “scan” the display 21 and detect the barcode using a well-known electronic image scanning method. In that case, it is not necessary to assign a specific position to the second image portion. Codes and symbols (combinations) other than bar codes may be used. It is also possible to cause the decoder 3 to recognize such a code or the like using a pattern recognition technique. It is not always necessary to display the entire code at the same time, and so-called time-multiplexed codes may be used to display the code portions in order. That is, the code portions may be displayed at different moments. This can be realized by temporarily brightening (flashing) the display element. The code portion itself may be represented by a bar code or other suitable code.

  It is also possible to time-multiplex actual image and key identification information. That is, the first image 5 and the second image 6 can be displayed alternately, for example, instead of simultaneously.

  In the illustrated embodiment, the decoder 3 recognizes and decodes the barcode contained in the second image portion 6 to obtain key identification information or a code representing it. In the preferred embodiment, the (bar) code contained in the second image portion 6 is a hash value of the key.

  The decryptor 3 calculates the hash value of one key of the stored key set, and checks whether or not it matches the detected hash value. Try to match the hash value with one of the keys in the stored key set. If there is no match, an error has occurred. If there is a match, the decoder uses the key for decoding the first image portion 5 and displays the resulting decoded image. The decryptor may insert a masking area (for example, a blank area) in the second image portion 6 in order to mask the key identification information. Since a small read or transmission error can occur, it may be determined that a “match” has occurred if the detected hash value and the calculated value are not substantially identical but substantially similar. This determination can be made, for example, by determining a suitable maximum allowable “distance” between the detected value and the calculated value using the well-known Hamming distance metric. However, in a preferred embodiment, this distance is zero and may require that the values be equal.

  In order to provide protection against transmission errors that cause key identification errors, the actual key identification information is optionally added with a CRC (Cyclic Redundancy Check) value or similar check value that enables error detection. Also good.

The key sets stored on the server and the decryptor are virtually identical. That is, when used in the server's encryption process, each key in the server's key set produces an image that is decrypted using the associated key in the key set in the decryption process of the decoder. it can. In most embodiments, the server key set and the decryptor key set are the same, but not necessarily. The relationship between keys can be expressed as follows:
K => KID => K '
Here, K is the key of the first key set, KID is the corresponding key identification information, and K ′ is the key of the second key set specified by the key identification information. Based on the first key K, key identification information KID is generated, and the decoder uses the identification information KID to identify the corresponding key K ′. In most cryptographic systems, K and K ′ are identical.

  In the above description, it is assumed that the decoder (decryption device) 3 displays all the decrypted images. For example, an embodiment in which the decoder 3 displays only a part of an image in order to enable the “visual encryption” method disclosed in the above-mentioned European Patent Application No. EP0260815 is not necessarily so. Conceivable. In the above embodiment, the decoder 3 is at least partly transparent, part of the image or “share” is displayed by the decoder and the other part or “share” is the terminal. Displayed on the display 21. One preferred embodiment of the transmissive device utilizes an LCD screen and is described in European Patent Application No. 00205527.8 [PHNL020121]. European Patent Application No. 02078660.4 [PHNL020804] describes a transmissive decoding device that can also decode color images. However, these transmissive devices must be equipped with a sensor (31 in FIG. 2) for detecting the displayed key identification information and other suitable detection means.

  The present invention is based on the insight that information identifying a key can be displayed in an encrypted image and this information can be detected by a decryption device. The present invention is also based on yet another insight that an untrusted device (ie, a display device) can use the untrusted device to provide information about the key without knowing the key itself.

  The present invention is particularly applicable to a system such as “visual encryption” that encrypts and transfers an image, but is also applicable to an encryption system that encrypts and protects data other than an image. For example, the present invention may be applied to a computer system to transfer encrypted data (file) between computers and use a computer screen for key synchronization.

  It should be noted that the terms used in this specification, claims, and drawings should not be construed as limiting the scope of the present invention. Specifically, the word “comprising” does not exclude elements not specifically described. A single (circuit) element may be replaced with a plurality of (circuit) elements or their equivalents.

It will be appreciated by persons skilled in the art that the present invention is not limited to the embodiments described above, and numerous modifications and additions may be made without departing from the scope of the invention as defined in the appended claims. can do.

1 is a schematic diagram illustrating a cryptographic system according to the present invention. It is the schematic which shows the cross section of the decryption machine used in the system of FIG. FIG. 2 is a schematic diagram illustrating an example of an image used in the system and method according to the present invention.

Claims (15)

A method of synchronizing a first key set of an encryption device and a second key set of a decryption device, comprising:
The encryption device using the key of the first key set to generate an encrypted image and associated key identification information;
The encryption device transmitting the encrypted image and its associated key identification information to a display device;
The display device displaying the encrypted image and its associated key identification information;
The decryption device detecting the key identification information;
The decryption device decrypting the encrypted image using a key of the second key set corresponding to the detected key identification information;
The decoding device comprises the step of displaying the decoded image.   2. The method of claim 1, wherein the key identification information is a code derived from the key.   The method according to claim 2, wherein the key identification information is a hash value. The method according to claim 3, wherein the decryption device detects the key identification information.
The decryption device detects the hash value and stores it as a detected hash value;
The decrypting device comprises calculating the hash value of the second key set and comparing each calculated hash value until it matches the detected hash value.   The method of claim 1, wherein the key identification information is part of the encryption information.   6. The method according to claim 5, wherein the key identification information is displayed on the display device as a bar code and / or a time multiplexed code. A system for synchronizing a first key set of an encryption device and a second key set of a decryption device,
An encryption device that generates an encrypted image and related key identification information using a key of the first key set, and transmits the encrypted image and the related key identification information to a display device;
A display device for displaying the encrypted image and its associated key identification information;
A decryption device that detects the key identification information, decrypts the encrypted image using a key of the second key set corresponding to the detected key identification information, and displays the decrypted image; A system characterized by comprising.   8. The system according to claim 7, wherein the key identification information is a code derived from the key.   9. The system according to claim 8, wherein the key identification information is a hash value. The system according to claim 9, wherein the decoding device includes:
Detecting the hash value and storing it as a detected hash value;
By calculating the hash value of the second key set and comparing each calculated hash value until it matches the detected hash value,
A system for detecting the key identification information.   The system according to claim 7, wherein the key identification information is a part of the encryption information.   8. The system according to claim 7, wherein the key identification information is displayed on the display device as a bar code and / or a time multiplexed code. An encryption device used in the system according to any one of claims 7 to 12,
Detecting means for detecting the encrypted image and the key identification information;
Key selection means for selecting a key based on the detected key identification information;
Decryption means for decrypting an encrypted image detected using the selected key;
An encryption device comprising: display means for displaying a decrypted image.   14. The decryption apparatus according to claim 13, wherein the detection means is constituted by a photodiode. 15. The encryption device according to claim 14, wherein the detection means is part of an LED circuit, preferably part of an OLED circuit.

Images