(1) In order for electronic commerce and electronic applications to be conducted safe and sound, it is necessary, as stated above, to have a system in which a person who received electronic data can confirm the identity of the person who processed the data and his or her power of representation after specifying the person (in the case of corporations, it is also necessary to specify the corporation representative). Such a system is called an "electronic authentication system".
In electronic commerce and electronic applications, it is sometimes disputed whether the person who has prepared electronic data is the person listed in the electronic data and whether that person is authorized to conclude a contract or to apply. In particular, because electronic data can be easily changed without trace of changing, it would be difficult to specify the details of a change. Thus, it becomes necessary to have a system in which a person authorized to officially certify that certain electronic data were genuinely effectuated, that the contents of the data are lawful, and that the data were processed when it was time-stamped by an authorized person. A system is also necessary in which a certain entity preserve electronic data and certify the contents of the data in case the contents are disputed. Such a system is called an "electronic notarization system".
(2) The System Subcommittee researched public need for electronic authentication and electronic notarization systems and conducted studies based on the reports submitted by each committee member on the cryptosystem which would be the basic technology of this system, on concrete systems and their details, and on the necessity for some kind of legislation. The subjects of the reports are "On the notary public system" (by a committee member Mr. Oshitani) and "On the necessity of legislation on the electronic authentication (with digital signature)" (by a committee member Mr. Iwamura), "On the details of the authentication and notarization services the Ministry of Justice is to provide" (by a committee member Mr. Kawai), "On the legal concept on registration and certification in an electronic authentication system, "(by a committee member Mr. Muromachi), "On cryptosystem to be adopted in the authentication and notarization services the Ministry of Justice is to provide" (by a committee member Mr. Matsumoto), and "On the systems of authentication and notarization services the Ministry of Justice is to provide"(by a committee member Mr.Yasuda).
In determining what kind of cryptography should be used to realize the electronic authentication and notarization systems organized by the Ministry of Justice, we must specify the roles of the systems and consider what kind of cryptography should be adopted to establish safe and secure systems, taking all cryptosystems which are now used or can be used in the near future into account.
An important role the electronic authentication and notarization systems are expected to play is to certify the originator of the electronic data and the data integrity to the public. In exchanging data between the parties involved in electronic commerce or between those parties and the party who operates electronic authentication or notarization system, the contents of the data should be kept confidential. Cryptography can be used to realize such functions.
Using cryptography, two functions can be realized: confidentiality (to keep the contents of data confidential) and authentication (to identify the originator of data and to certify data integrity) .
From the standpoint of confidentiality, converting a plaintext into another data which can be read only with certain knowledge is called "encryption" and converting encrypted data into plaintext is called "decryption". The key used to encrypt data is called a "encoding key" and the key used to decrypt data is called a "decoding key". On the other hand, from the standpoint of authentication, converting a plaintext into data which is used for authentication is called "generation of a message authentication code", and converting a message authentication code to verify signer authenticity and data integrity is called "decryption". The key used to generate a message authentication code is called a "message authentication key" and the knowledge used to verify or decode a message authentication code is called "verifying/decoding key".
Now both "symmetric cryptosystems" in which encoding keys are the same as decoding keys and "asymmetric cryptosystems" in which encoding keys are different from decoding keys are available. Both of the systems can realize confidentiality and authentication, but there are some differences between them.
Because data can be processed rapidly in "symmetric cryptosystems", encryption of electronic documents is generally conducted with the systems. In the systems, the encoding/decoding key must be shared in advance to exchange electronic data. Key distribution systems using asymmetric cryptosystem or using the Key Predistribution System (in which the key is generated by the use of ID) are designed as the methods of sharing the keys.
In "asymmetric cryptosystems", a message authentication code is generated with a message authentication key (usually called a "private key") which is not published, that is, the code can be generated only by the holder of the private key. The receiver of the message can verify the code with a verifying/decoding key (usually called a "public key") which is published. As the message authentication code attached to electronic data has the same function as a manual signature, the code is called a "digital signature". The systems are often used as the systems to distribute symmetric key, rather than to converting an electronic message itself because data cannot be processed so rapidly in the systems.
Asymmetric cryptosystems are considered to be useful for realizing both authentication and confidentiality. The outline of the systems to realize both of the functions are as follows:
A (an originator of data) encrypts data with a private key. Data encrypted with A's private key can be decrypted with A's public key. So it can be verified that the data which can be decrypted with A's public key are encrypted with A's private key, that is, the data were generated by A. In the system, a certification authority certifies the holder of the key and the receiver of the data can know the originator of the data. This is the outline of the system.
A digital signature is used in the system.
In the systems, a message is sent with a digital signature generally made from A's private key and a hush result computed with a hash function and unique to each message. When the message is changed, the hush result, with which the message cannot be calculated, cannot be changed to the form corresponding to the changed message. Thus, the receiver of a message can verify whether the message is changed by confirming that the hush result obtained from the message and the data obtained through decrypting the digital signature are correspond. There should be a certification authority certifying the validity of the public key used to decrypt the digital signature.
In this case, B encrypts data with A's public key and send the data to A. The data encrypted with A's public key cannot be decrypted with A's private key, that is, no one but A can read the message. So the message is kept confidential.
We have studied on electronic authentication and notarization systems based on asymmetric cryptosystems which are now used to realize electronic authentication. Some members suggested that those systems based on symmetric cryptosystems should also be taken into consideration.