Cryptographic key (x1) knowledge split and dual control - Let’s rethink IT back in the 1970s.

 

The chieftain of the bandits cast a spell and the door of the cave opened.... Once the 40 bandits entered the cave, the rock door automatically closed. The cave door knew what it was supposed to do when it heard the incantation. Ali Baba, who had been watching the whole thing from his hiding place, waited until the bandits had gone before entering the cave himself.

​

This is the story of Ali Baba and the 40 Thieves. Today's ICT follows the same situation. However, the "Door of ICT" requires the presentation of id data as well as spells. Spell and id, this pair constitutes an account ( request/id, usage history/id). When users set up an account with a service, they have rights and obligations to each other. In addition, a legal system for personal information is in place. This is where the soil for a password culture is nurtured.

​

If you really want to achieve Passwordless ICT, it can be done with a simple logic: don't have accounts on the service side. In other words, if the service side has an account, then the user side should also have an account. This simple conclusion is the inspiration for the "decentralized account" demonstration. Are today's products claiming to be Passwordless really Passwordless? If you would like to hear what others have to say before you consider implementing it, the FIDO Alliance provides a comfortable community for those who are hesitant to make a decision because they have not reached a conclusion after more than 10 years of implementation.

​

The courageous one would draw conclusions and then tackle the derived problems. However, until now IT did not know "alternative information to spell", and in the 1970s, when DES became the standard, it was plagued by a similar dilemma: the "key delivery dilemma". In the summer of 1975, when everyone thought there was no solution to this dilemma, Diffie announced the concept of asymmetric keys. In April 1977, Rivest was puzzled: "Can an asymmetric key actually be created? Is there or will there ever be found a one-way function with such a back door that can be opened only when the receiver Bob has special information? Rivest's train of thought started with the receiver and considered a one-way function with a backdoor (called a trapdoor). The solution was found when the problem was faced. Today's RSA ciphers are just that.

​

What information can replace the spell? We first noted that RSA is a "commutative algorithm": it succeeds in decrypting whether K1 or K2 is the encryption key: formally expressed as K1*K2=K2*K1. This is the commutative algorithm. RSA is a one - way function of the commutative algorithm that solves the "key distribution dilemma”.

 

Then there must also be a one-way function of the non-commutative algorithm: K1*K2≠K2*K1, which is the non-commutative algorithm. This one-way function was easy to find. This is the question, "What information can replace the spell?" This is the answer to the question, "What information can replace spells? This is the process shown in Fig. 1 at the beginning of this article. A server with a noncommutative algorithm creates an account P/id on the user side and an account Q/id on the service side, and both sides store the "agreement process". This mechanism is information. Note the difference between information and data.

​

The actual invention process began with the discovery of a one-way function. This one-way function was complete and sound. The basis for this was a non-commutative algorithm (K1*K2≠K2*K1). 

​

- Usages and concepts of implementation -

​

​（日本語で読む）