| 摘要 |
<p><P>PROBLEM TO BE SOLVED: To provide a secure key exchange technique not assuming random oracle. <P>SOLUTION: A key exchange system includes at least key exchange devicesαandβand exchanges session keys. In the key exchange system, a user exchanging keys prepares a dummy attribute set W in addition to his or her own attribute set S to be used for basic authentication, and assigns the W to a verification key of a generated use-and-discard signature. In this event, the user adds, as an authentication condition, an access structure satisfied by a dummy attribute set W corresponding to a specific verification key, in addition to an access structure A desired satisfied by a partner, and performs key exchange. Further, when the last session key is derived, a strong random extractor and a pseudo-random function, instead of the random oracle, are used. <P>COPYRIGHT: (C)2013,JPO&INPIT</p> |
