JP2009271584A - Similar information retrieval system and similar information retrieval program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To efficiently retrieve similar information of retrieval information while being concealed from a manager and a third person. <P>SOLUTION: This similar information retrieval system is provided with: a secret registration information storage means CD2 for storing a polynomial point group (R); a retrieval numerical value discriminating means CD4 for discriminating whether or not retrieval numerics (b<SB>1</SB>to b<SB>m-L</SB>) included in secret retrieval information (B*) are the same values as numerical values (a<SB>1</SB>to a<SB>r</SB>) included in respective secret registration information (R<SB>1</SB>to R<SB>N</SB>); a polynomial point subset calculation means CD5 for calculating polynomial point subsets (Q<SB>1</SB>* to Q<SB>N</SB>*); a polynomial point subset element number discriminating means CD6 for discriminating whether or not the points of the polynomial point subsets (Q<SB>1</SB>* to Q<SB>N</SB>*) are equal to or more than (c-L) pieces; and a secret similar information calculation means CD7 for calculating secret similar information (R<SB>A</SB>) by calculating respective secret registration information (R<SB>1</SB>to R<SB>N</SB>) corresponding to the polynomial point subsets (Q<SB>1</SB>* to Q<SB>N</SB>*) having at least (c-L) pieces of points. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a similar information search system and a similar information search program for searching for similar information of search information from the database in a state that it is concealed from an administrator as a database outsourcer and a third party.

Conventionally, database management work has been outsourced due to technical problems such as construction of the database and economic problems such as reduction of maintenance and management costs of the database. As a database outsourcing model, for example, a Database-as-a-Service (DAS, DaaS) model is known. In the specification of the present application, it is hereinafter referred to as “DAS model”.
The DAS model registers (stores) information (data) in the database, a “registrant” as a data owner, a “searcher” who searches for the information from the database, and manages the database. "Administrator". Note that the registrant and the searcher are not necessarily the same person, and the manager is a so-called outsourcing contractor, and only the management work of the database is entrusted.

In the DAS model, for example, when the information is personal information or confidential information, a third party other than the registrant and the searcher, that is, the registrant and the searcher and the database. It is desirable that the information can be concealed from a third party on the communication path. In this case, it is desirable that the information can be concealed from the manager who is an outsourcer as well as the third party.
As techniques for concealing the information stored in the database from the third party or the like, techniques described in Non-Patent Documents 1 to 4 below are known.

Non-Patent Documents 1 to 3 describe a technique about a database in which encrypted data that is encrypted data in the DAS model is stored, that is, a so-called encrypted database. In Non-Patent Documents 1 to 3, a so-called relational database (RDB: Relational Database), in which an operation such as a query is performed using a conventionally known SQL (Structured Query Language), the encryption is performed by the SQL. Describes a technique for performing inquiries regarding digitized data.
In Non-Patent Documents 1 to 3, the encrypted data is so-called relational data to which information such as attributes is added. For this reason, the inquiry process by the SQL can be efficiently performed based on the attribute. For example, a filtering process or the like that extracts only the encrypted data having an attribute value within a predetermined range can be performed.

In Non-Patent Document 4, although there is no direct relationship with the DAS model, when there are a plurality of data providers (provider, Bob) and data searchers (querier, Alice), the data searcher makes an inquiry. A technique using a Bloom filter is described for safely inquiring whether query data, so-called query, is included in the document database of the data provider. ing. Here, the Bloom filter is the document encrypted with the data provider key (K _B ) and the query encrypted with the data searcher key (K _A ).

  In Non-Patent Document 4, the data provider first discloses the data provider's Bloom filter. Next, the data searcher sends the data searcher's Bloom filter to a trusted third party (Ted). Next, the third party converts the query encrypted with the data searcher's Bloom filter, that is, the key of the data searcher, based on the principle of group encryption, and the data provider The query encrypted with the key is output. Then, the third party collates the query encrypted with the data provider's key with the published data provider's Bloom filter, so that the query becomes the database as the document. It is determined whether it is stored in the. That is, Non-Patent Document 4 describes a technique for collating the query and the document in an encrypted state.

Hakan Hacigumus and two others, “Search on Encrypted Data”, “Advances in Information Security (Vol. 33) Secure Data Management in・ Decentralized Systems (Advances in Information Security / Secure Data Management in Decentralized Systems (Edited by T. Yu and S. Jajodia)) ”, (USA), Springer, May 11, 2007, p. . 383-426 Hakan Hacigumus and three others, “Executing SQL over Encrypted Data in the Database-Service-Provider Model”, “SMD MOD SIGMOD Conference (Edited by MJ Franklin, B. Moon and A. Ailamaki) ”, (USA), ACM, 2002, p. 216-227 Shiho Miura, Chiemi Watanabe, “Index Construction Method for Encrypted Databases That Can Keep Confidentiality for Administrators”, “online”, 2007, IEICE 18th Data Engineering Workshop / 5th Japan Database Annual Conference of the Society (DEWS2007), "Search on March 26, 2008", Internet <URL: http://www.ieice.org/iss/de/DEWS/DEWS2007/pdf/e7-8.pdf> Steven M. Bellovin and one other, “Privacy-Enhanced Searches Using Encrypted Bloom Filters” (US), AT & T, March 29, 2004 Esko Ukkonen, “Approximate string matching with q-grams and maximal matches”, Theoretical Computer Science 92 92), (USA), Elsevier, 1992, p. 191-211 Hideki Imai, “Code Theory”, The Institute of Electronics, Information and Communication Engineers, 1990, p. 47-54, 155-160, 169-174, 179-180 Ari Juels, 1 other, “A Fuzzy Vault Scheme”, “online”, 2006, Designs, Codes and Cryptography, “2008 Search April 1, 2009, Internet <URL: http://www.rsa.com/rsalabs/staff/bios/ajuels/publications/fuzzy-vault/fuzzy_vault.pdf> Onuki Yasunori and Takahashi Keisuke, “Development of Indexed Fuzzy Vault”, “online”, February 14, 2008, Tokai University, “March 7, 2008 search”, Internet <URL: http://www.cs.dm.u-tokai.ac.jp/DM2007/A1-Kikuchi2.doc> Tsujidai and two others, “GGDB: A database system for glycogenes”, “The Second Symposium of Japanese Consortium for Glycobiology and Glycotechnology” , Japan Glycoscience Consortium, 2004, p. 42-43 Rui Yang and two others, “Similarity Evaluation on Tree-structured Data”, “SIGMOD Conference”, (USA), ACM ( ACM), 2005, p. 754-765 Karin Kailing and three others, “Efficient Similarity Search for Hierarchical Data in Large Databases”, (Greece), Extending Database Technology (Extending Database Technology), 2004, p. 676-693 Apostolos N. Papadopoulos, 1 other, “Structure-Based Similarity Search with Graph Histograms”, (Greece), “DLX "DEXA Workshop", 1999, p. 174-178

(Problems of conventional technology)
In the DAS model, for example, when the information is so-called gene information such as DNA (Deoxyribonucleic acid, deoxyribonucleic acid) base sequence information (nucleic acid sequence information) and protein amino acid sequence information, the database is: The gene information database stores the gene information. The gene information database is used in so-called research institutions in the field of gene analysis.
Here, if the gene information includes information on genes that may be related to diseases, so-called candidate genes, there is a possibility of having economic, commercial, practical use and value, and confidentiality. May be treated as information. In this case, it is desirable that the genetic information can be concealed from the third party and the administrator.

FIG. 9 is an explanatory diagram when a conventionally known encryption database technique is applied to the gene information database in the DAS model.
Therefore, in order to conceal the genetic information, it is conceivable to apply the encryption database technology described in Non-Patent Documents 1 to 3, as shown in FIG.
However, in the techniques of Non-Patent Documents 1 to 3, when a conventionally known encryption algorithm is used when encrypting the encrypted data, the registrant and the searcher are connected with the encrypted relationship. A key is required to generate data and the query.

For this reason, there existed problems, such as management of the said key, according to the number of the said registrants and the said searchers. That is, since the number of keys increases in proportion to the number of registrants and searchers, there are problems such as the security (strictness) of key management and the associated management costs.
The technique of Non-Patent Document 4 is applied when there are a plurality of data providers and data searchers and a reliable third party organization. That is, the technique of Non-Patent Document 4 is a direct communication between each data provider and each data searcher via the third party organization, so-called P2P (Peer to Peer, peer-to-peer) type. It is assumed that it will be used for communication. For this reason, it is not envisaged to construct the gene information database shared by the data providers, and the DAS model cannot be applied. Further, even if the database of each data provider is assumed to be the gene information database, each of the data providers, each data searcher, and the third party organization, as in the non-patent documents 1 to 3. There is a problem of the key management with respect to the keys possessed by.

  Further, in the gene analysis, in order to determine whether the gene information obtained by the searcher is known in the industry, from the search information (inquiry information) based on the gene information to the gene information database. Of the stored gene information, a similar information search process for searching for similar information that is the gene information similar to the search information is frequently performed. For example, as shown in FIG. 9, when the gene information is character string information of a base sequence, the similarity information (“GACCGGGGTGCA”) stored in the gene information database is compared with the search information (“GGCCAGGGCACC”). The similar information search process in which “)” is output is frequently performed.

However, in Non-Patent Documents 1 to 3, the encrypted data stored in the relational database is relational data to which information such as the attribute corresponding to the inquiry processing by the SQL is added. For this reason, a similar character string search or the like as in the similar information search process is not assumed, and there is a problem in that the similar information cannot be output efficiently with the encrypted relational data. For example, there has been a problem that only search based on complete match or attribute match of the encrypted data can be performed.
Further, the technique of Non-Patent Document 4 is also assumed to be similar character search such as the similar information search process, and is encrypted to determine whether the information is the similar information. Since it is necessary to collate after decoding the Bloom filter, there is a problem that the similar information cannot be output efficiently.

  In view of the above-described circumstances, an object of the present invention is to efficiently search for similar information of search information in a state of being hidden from an administrator and a third party.

In order to solve the technical problem, the similar information search system according to the first aspect of the present invention provides:
A storage device for storing registration information which is information to be registered;
A registration device that is connected to the storage device so as to be able to transmit and receive information, and that registers the registration information to the storage device;
Information similar to the registration information that is the same as or similar to the search information that is the search target information among the stored registration information that is connected to the storage device so as to be able to transmit and receive information. A search device for searching;
A similar information retrieval system having
The natural numbers are c, d, k, L, n, m, q, and r, respectively, and d operations of insertion / deletion / replacement are performed on the operation unit information that is the unit information to be operated in the search information. The search information is converted into the similar information, and n pieces of partial information having q pieces of the operation unit information can be calculated for the registration information. m or more pieces of partial information having q pieces of the operation unit information can be calculated, c is calculated based on d, q, n, m, and c ≧ L, m ≧ L, r ≧ n Are assumed to hold,
The registration device
Based on the registration information, a polynomial computing means for computing the polynomial that is a univariate (k-1) dimension and that can restore the registration information;
Registered partial information extracting means for extracting registered partial information, which is n pieces of partial information capable of restoring the registered information, based on the registered information;
A registered set calculation means for calculating a registered set, which is a set having n registered numeric values as elements, based on the extracted n pieces of registered partial information;
A registered substitution value calculating means for calculating a registered substitution value that is a numerical value of the polynomial into which the registered numeric value is substituted;
Pseudo numerical value calculating means for calculating (rn) types of pseudo numerical values which are numerical values other than the registered numerical values;
Pseudo-substitution value calculating means for calculating a pseudo-substitution value that is a numerical value other than the numerical value of the polynomial into which the pseudo-numeric value is substituted;
A point on the polynomial having a set of the registered numerical value and the registered substitution value corresponding to the registered numerical value is a registered polynomial point, and the pseudo numerical value and the pseudo substitution value corresponding to the pseudo numerical value are a set. When a point other than the polynomial is set as a pseudo-polynomial point, a polynomial point set that is a set of r points having n registered polynomial points and (r−n) pseudo-polynomial points is calculated. A secret registration information calculation means for calculating secret registration information in which the registration information is concealed;
Secret registration information transmitting means for transmitting the calculated secret registration information to the storage device;
Have
The storage device
Confidential registration information receiving means for receiving the confidential registration information transmitted by the confidential registration information transmitting means;
Secret registration information storage means for storing the received secret registration information;
Have
The search device includes:
Search partial information extraction means for extracting search partial information which is m pieces of partial information capable of restoring the search information based on the search information;
A search set calculation means for calculating a search set that is a set having m search numerical values as elements based on the extracted m pieces of search partial information;
Search set storage means for storing the calculated search set;
By calculating a search subset that is a subset of the search set having (m−L) types of the search numerical values excluding L types of the search numerical values among the m types of search numerical values, the search Secret search information calculation means for calculating secret search information in which information is concealed;
A secret search information transmitting means for transmitting the calculated secret search information to the storage device;
Have
The storage device
Secret search information receiving means for receiving the secret search information transmitted by the secret search information transmitting means;
Search numerical value determining means for determining whether the search numerical value included in the received confidential search information is the same as the registered numerical value or the pseudo numerical value included in each stored confidential registration information;
By extracting the registered polynomial point of the registered numerical value and the pseudo-polynomial point of the pseudo-numerical value that are the same as the search numerical value, a projection set of the search numerical value in the polynomial point set, A polynomial point subset computing means for computing a polynomial point subset which is a subset;
Polynomial point subset element number determining means for determining whether or not the calculated points of the polynomial point subset are (c−L) or more;
(CL) Concealed similarity information computing means for computing concealed similarity information in which the similar information is concealed by computing each concealment registration information corresponding to the polynomial point subset having at least (c−L) points ,
A secret similarity information transmitting means for transmitting the calculated secret similarity information to the search device;
Have
The search device includes:
A concealment similarity information receiving means for receiving the concealment similarity information transmitted by the concealment similarity information transmission means;
Search numerical value determining means for determining whether or not the search numerical value included in the stored search set is the same as the registered numerical value or the pseudo numerical value included in each received secret similar information;
Numerical value extraction means for extracting the registered numerical value and the pseudo numerical value that are the same as the search numerical value;
It is determined whether or not each of the secret similar information can be restored as the similar information with respect to the search information by determining whether or not the extracted registered numerical value and the pseudo numerical value are c or more. Similar information restoration discrimination means,
Similar information restoration means for computing the polynomial and restoring the similar information based on the registered numeric value and the pseudo numeric value when the extracted registered numeric value and the pseudo numeric value are c or more,
It is characterized by having.

The invention according to claim 2 is the similar information search system according to claim 1,
When c ≧ (n + k) / 2 holds for the natural numbers c, k, n,
The registration device
Based on the registration information, the polynomial is a one-variable polynomial in (k−1) dimensions, and the number of points on the polynomial necessary for restoring the registration information is {(n + k) / 2} or more. A polynomial calculation means for calculating a polynomial;
It is characterized by having.

In order to solve the technical problem, a similar information retrieval system according to claim 3 is provided.
Information to be registered is registered information,
Information that is the same as or similar to the registration information is similar information,
The natural numbers are d, k, n, q, r, respectively.
With respect to operation unit information that is information of a unit to be operated in the registration information, the registration information is converted into the similar information by performing d insertion / deletion / replacement operations, and the registration For information, it is assumed that n or more pieces of partial information having q pieces of operation unit information can be calculated, and r ≧ n holds.
The n pieces of partial information that can restore the registration information extracted based on the registration information are used as registration partial information.
A set having a registered numerical value, which is an n-type numerical value calculated based on the extracted n pieces of registered partial information, as a registered set,
A (k−1) -dimensional univariate polynomial calculated based on the registration information, and a numerical value calculated by substituting the registered numerical value for the polynomial that can restore the registration information is used as a registered substitution value. ,
A point on the polynomial having a set of the registered numerical value and the registered substitution value corresponding to the registered numerical value is a registered polynomial point,
A pseudo numerical value that is a numerical value other than the registered numerical value and a pseudo substituted value corresponding to the pseudo numerical value, and the pseudo substituted value that is a numerical value other than the numerical value of the polynomial to which the pseudo numerical value is substituted is a set. When a point other than a polynomial is a pseudo-polynomial point,
A polynomial point set, which is a set of r points each having n registration polynomial points and (r−n) pseudo-polynomial points, is stored as secret registration information in which the registration information is concealed. A secret registration information storage means;
The search target information is the search information,
Let natural numbers be c, L, m respectively.
For the search information, m or more pieces of partial information having q pieces of operation unit information can be calculated, c is calculated based on d, q, n, m, and c ≧ L, m ≧ L is established,
With respect to the operation unit information in the search information, the search information is converted into the similar information by performing d insertion / deletion / replacement operations, and the search information is extracted based on the search information. The m pieces of partial information capable of restoring the search information are set as search partial information,
A set having as elements search numerical values that are m types of numerical values calculated based on the extracted m pieces of search partial information is defined as a search set.
Of the m types of search numerical values, the search information conceals a search subset that is a subset of the search set whose elements are the (m−L) types of search numerical values excluding the L types of search numerical values. If the search information is hidden,
Search numerical value determination means for determining whether the search numerical value included in the confidential search information is the same as the registered numerical value or the pseudo numerical value included in each stored confidential registration information;
By extracting the registered polynomial point of the registered numerical value and the pseudo-polynomial point of the pseudo-numerical value that are the same as the search numerical value, a projection set of the search numerical value in the polynomial point set, A polynomial point subset computing means for computing a polynomial point subset which is a subset;
Polynomial point subset element number determining means for determining whether or not the calculated points of the polynomial point subset are (c−L) or more;
(CL) Concealed similarity information computing means for computing concealed similarity information in which the similar information is concealed by computing each concealment registration information corresponding to the polynomial point subset having at least (c−L) points ,
It is provided with.

In order to solve the technical problem, a similar information search program according to a fourth aspect of the present invention provides:
Computer
Information to be registered is registered information,
Information that is the same as or similar to the registration information is similar information,
The natural numbers are d, k, n, q, r, respectively.
With respect to operation unit information that is information of a unit to be operated in the registration information, the registration information is converted into the similar information by performing d insertion / deletion / replacement operations, and the registration For information, it is assumed that n or more pieces of partial information having q pieces of operation unit information can be calculated, and r ≧ n holds.
The n pieces of partial information that can restore the registration information extracted based on the registration information are used as registration partial information.
A set having a registered numerical value, which is an n-type numerical value calculated based on the extracted n pieces of registered partial information, as a registered set,
A (k−1) -dimensional univariate polynomial calculated based on the registration information, and a numerical value calculated by substituting the registered numerical value for the polynomial that can restore the registration information is used as a registered substitution value. ,
A point on the polynomial having a set of the registered numerical value and the registered substitution value corresponding to the registered numerical value is a registered polynomial point,
A pseudo numerical value that is a numerical value other than the registered numerical value and a pseudo substituted value corresponding to the pseudo numerical value, and the pseudo substituted value that is a numerical value other than the numerical value of the polynomial to which the pseudo numerical value is substituted is a set. When a point other than a polynomial is a pseudo-polynomial point,
A polynomial point set, which is a set of r points each having n registration polynomial points and (r−n) pseudo-polynomial points, is stored as secret registration information in which the registration information is concealed. Secret registration information storage means,
The search target information is the search information,
Let natural numbers be c, L, m respectively.
If m or more pieces of partial information having q pieces of operation unit information can be calculated for the search information, c is calculated based on d, q, n, m, and c ≧ L, m ≧ L Each holds,
With respect to the operation unit information in the search information, the search information is converted into the similar information by performing d insertion / deletion / replacement operations, and the search information is extracted based on the search information. The m pieces of partial information capable of restoring the search information are set as search partial information,
A set having as elements search numerical values that are m types of numerical values calculated based on the extracted m pieces of search partial information is defined as a search set.
Of the m types of search numerical values, the search information conceals a search subset that is a subset of the search set whose elements are the (m−L) types of search numerical values excluding the L types of search numerical values. If the search information is hidden,
Search numerical value determining means for determining whether the search numerical value included in the confidential search information is the same as the registered numerical value or the pseudo numerical value included in each stored confidential registration information;
By extracting the registered polynomial point of the registered numerical value and the pseudo-polynomial point of the pseudo-numerical value that are the same as the search numerical value, a projection set of the search numerical value in the polynomial point set, A polynomial point subset computing means for computing a polynomial point subset which is a subset;
A polynomial point subset element number discriminating means for discriminating whether or not there are (c−L) or more calculated points of the polynomial point subset;
(CL) Secret similar information calculation means for calculating secret similar information in which the similar information is concealed by calculating each secret registration information corresponding to the polynomial point subset having more than (c−L) points;
It is made to function as.

  According to the first aspect of the present invention, since each piece of information (registration information, search information, similar information) transmitted / received between the devices is concealed, a third party other than the user of each device Each information can be kept secret. According to the first aspect of the present invention, in the storage device, the registration information is concealed as the secret registration information, and the search information is concealed as the secret search information. The information can be concealed from an administrator who is a user of the storage device. As a result, a registrant who is the owner of the registration information and is a user of the registration device in a state where the information is kept secret from the third party and the administrator, and an acquaintance of the search information The DAS model can be configured to include a searcher who is a user of the search device and the manager as an outsourcer entrusted with the management operation of the storage device.

In addition, according to the first aspect of the present invention, the registration device can conceal the registration information without using a key for each registrant, and the registration device can be used for each searcher. The search information can be concealed without using a key. As a result, each information (registration information, search information, similar information) transmitted / received to / from each device can be concealed without using the key, and the key management safety in the conventionally known encryption database can be secured. It is possible to solve problems such as sex (rigidity) and management costs associated therewith.
Further, according to the invention of claim 1, when searching for the secret similar information, in order to collate the search numerical value included in the secret search information and each numerical value included in the respective secret registration information, The secret similar information can be searched more efficiently than in the case where the verification is performed after decrypting the encrypted registration information and search information.

  According to the invention described in claim 2, it is guaranteed that the polynomial can be restored if {(n + k) / 2} or more of the registered polynomial points are found, and c is d, q, n, It is calculated based on m, and c ≧ (n + k) / 2 and c ≧ L are established. For this reason, the search device may include {(n + k) / 2} or more of the registered numerical values in the c or more of the registered numerical values or the pseudo numerical values included in the received secret similar information. The similar information can be always restored from the secret similar information. As a result, when the search device restores the concealment similarity information, by determining whether or not the extracted registered numerical value and the pseudo numerical value are c or more, the respective concealment similar information is It is possible to appropriately determine whether or not the similar information with respect to the search information can be restored. Further, the storage device determines whether or not the number of extracted polynomial point subsets is (c−L) or more when searching for the secret similarity information, thereby determining the polynomial point set. However, it is possible to appropriately determine whether or not it can be restored as the similar information with respect to the search information.

According to the third aspect of the present invention, the stored secret registration information can be searched without being restored to the registration information. Further, the search can be executed in a state where the search information as a search target is kept secret as the secret search information. Accordingly, the information (registration information, search information, and similar information) can be concealed from a third party other than the searcher who is the acquirer of the search information, and also from the administrator of the similar information search system. Each information can be kept secret.
According to the invention of claim 3, the search information can be concealed without using a key for each searcher. As a result, it is possible to solve problems such as the security (strictness) of key management in the conventionally known encrypted database and the management cost associated therewith.
Further, according to the invention of claim 3, when searching for the secret similar information, in order to collate the search numerical value included in the secret search information and each numerical value included in the respective secret registration information, The secret similar information can be searched efficiently compared to the case where the verification is performed after decrypting the encrypted registration information and search information.

According to the fourth aspect of the present invention, the stored secret registration information can be searched without being restored to the registration information. Further, the search can be executed in a state where the search information as a search target is kept secret as the secret search information. Accordingly, the information (registration information, search information, and similar information) can be concealed from a third party other than the searcher who is the acquirer of the search information, and also from the administrator of the similar information search system. Each information can be kept secret.
According to the invention of claim 4, the search information can be concealed without using a key for each searcher. As a result, it is possible to solve problems such as the security (strictness) of key management in the conventionally known encrypted database and the management cost associated therewith.
According to the invention of claim 4, when searching for the secret similar information, in order to collate the search numerical value included in the secret search information and each numerical value included in the respective secret registration information, The secret similar information can be searched efficiently compared to the case where the verification is performed after decrypting the encrypted registration information and search information.

Next, specific examples of embodiments of the present invention (hereinafter referred to as examples) will be described with reference to the drawings, but the present invention is not limited to the following examples.
In the following description using the drawings, illustrations other than members necessary for the description are omitted as appropriate for easy understanding.

FIG. 1 is an overall explanatory diagram of a similar information search system according to a first embodiment of the present invention.
1, the similar information search system S according to the first embodiment of the present invention includes a database server (similar information search device) DS as an example of a storage device that stores registration information that is information (data) to be registered. Further, the similar information search system S is connected to the database server DS through the Internet 1 as an example of a communication line so that information can be transmitted and received, and causes the database server DS to register the registration information ( A registration client personal computer PCa as an example of a registration device.

Further, the similar information search system S is connected to the database server DS through the Internet 1 so as to be able to send and receive information. It has a search client personal computer PCb as an example of a search device that searches for similar information that is the registered information that is the same as or similar to the search information that is information.
The database server DS and each of the client personal computers PCa and PCb of the first embodiment are configured by a computer main body H1, a display H2, a keyboard H3 as an input device, a mouse H4, a hard disk drive (not shown), a DVD (Digital Versatile Disc) drive, and the like. Has been.

(Description of the control part of Example 1)
FIG. 2 is an explanatory diagram showing the function of each device constituting the similar information retrieval system of the first embodiment of the present invention in a block diagram (functional block diagram).
In FIG. 2, the database server DS and the computer main body H1 of each of the client personal computers PCa and PCb have an I / O (input / output interface) that performs input / output of signals to / from the outside and adjustment of input / output signal levels, etc. ROM (read-only memory, recording medium) that stores programs and data for performing startup processing, RAM (random access memory, recording medium), ROM, etc. for temporarily storing necessary data and programs It has a CPU (Central Processing Unit) that performs processing according to the stored startup program, a clock oscillator, and the like, and implements various functions by executing programs stored in the ROM, RAM, and the like. be able to.
The database server DS and the client personal computers PCa and PCb configured as described above can realize various functions by executing programs stored in the hard disk, ROM, or the like.

(Description of control unit of registration client personal computer PCa)
The hard disk drive of the registration client personal computer PCa includes a basic software (operating system) OS that controls the basic operation of the registration client personal computer PCa, a secret registration information transmission program AP1 as an application program, and other software (not shown). It is remembered.

(Secret registration information transmission program AP1)
The secret registration information transmission program AP1 has the following functional means (program modules).

FIG. 3 is an explanatory diagram of a registered image according to the first embodiment.
CA1: Registered image display means The registered image display means CA1 displays a registered image 2 shown in FIG. 3 for registering the registration information in the database server DS on the display H2. The registration image 2 according to the first embodiment includes a registration information input unit 2a for inputting the registration information, and a registration button 2b for registering the input registration information in the database server DS. In Example 1, as shown in FIG. 3, the registration information input unit 2a includes the registration information s (for example, “AGCCCGGAAGGGCC” which is character string information of a base sequence) configured by character string information. Entered.

CA2: Registration Discriminating Unit The registration discriminating unit CA2 discriminates whether or not to register the registration information s in the database server DS. The registration determination unit CA2 according to the first embodiment determines whether the registration information s is input to the registration information input unit 2a and the registration button 2b is input, so that the registration information s is stored in the database server. It is determined whether or not to register with the DS.
Here, in the similar information search system S according to the first embodiment, the q-gram technique, which is a similar character string search method, and the fuzzy vault (Fuzzy vault, which is an ambiguous collation method used for biometric authentication, password restoration, etc.) By combining with the technology of Vault and Fuzzy Vault Scheme, each process such as registration and search is executed in a state where the registration information s is kept secret.

(About similar character string search method using q-gram)
Here, the similar character string search method refers to a character string in which the edit distance, which is the number of character insertion / deletion / replacement operations, is less than or equal to a predetermined value for a character string. This is a detection method. That is, it refers to a method of searching for the similar character string from all the character strings in the database based on the edit distance that is the minimum value of the editing operations necessary to make two character strings the same.
Further, q-gram refers to a partial character string having the length q of the original character string, where q is a natural number excluding 0. For example, when the original character string is “ABCDEFG” and q = 4, the q-gram is four of “ABCD”, “BCDE”, “CDEF”, and “DEFG”.

The natural numbers excluding 0 are d, n, and m, respectively, and the edit distance between the first character string of length n and the second character string of length m is d, and the natural numbers n, m When any one of the values is max (n, m), the first character string and the second character string are at least {max (n, m) − (d−1) q −1} pieces of the q-gram are guaranteed in common (for example, see Non-Patent Document 10).
Therefore, in the similar character string search method using q-gram, first, when the character string is set to s _qg , based on the values of the natural numbers n, m, q, and d set in advance, The minimum value (max (n, m) − (d−1) q−1) of the shared number of gram is calculated, and each shared number between the character string s _qg and each character string in the database is calculated. Thus, a so-called filtering process is performed in which each character string having the number of shares less than or equal to the minimum value is excluded from the similar character string candidates. Then, by actually calculating the edit distance between the character string s _qg and each character string that is a candidate for the similar character string, the similar character string that is the final solution is calculated. Execute the refinement process.

As a result, the similar character string search method using q-gram can speed up processing compared to the brute force similar character string search method. That is, for the calculation of the edit distance between the first character string of length n and the second character string of length m, Landau symbols (Landau notation, O-notation) for evaluating the amount of calculation are used. When used, in the brute force similar character string search method, the calculation amount is O (nm) time. That is, when n = m, since the time is O (n ² ), the amount of calculation increases as a square function of n. On the other hand, in the similar character string search method using the q-gram, the calculation amount is O (n + m) time. For this reason, the filtering process can be speeded up. That is, when n = m, since it is O (2n) time, the calculation amount increases in a linear function of n, and the calculation amount can be reduced.

(About fuzzy vault)
The fuzzy vault is a technique for executing ambiguous collation between concealed information using an error correction code. Here, the error correction code is a code as a set of information to which redundancy is added, and the redundancy is used for correcting an error included in the information. Therefore, with the error correction code, for example, even when noise is mixed during transmission, the information from which the noise has been removed can be received based on the redundancy.
In the fuzzy vault, a locking process for locking the secret information and an unlocking process for unlocking the locked secret information are executed.

First, let k, t, p, r be natural numbers excluding 0, F be a finite field with the natural number p being the order, and F ^k be a k-th order extension of the finite field F; The t-order extension field of the finite field F is F ^t , the r-order extension field of the finite field F is F ^r, and the secret information as a subfield of the ^k-th extension field F ^k is s _fv (s _fv ∈ F ^k ), the first set as a sub-field of the t-order extension field F ^t is A (A∈F ^t ), and the set as a sub-body of the r-order extension field F ^r , the so-called vault When R is R (RεF ^r ) and r> t, the locking process for calculating the vault R is executed based on the secret information s _fv and the first set A.
If the second set as a sub-field of the t-th order extension field F ^t is B (B∈F ^t ), and the first set A and the second set B are sufficiently close, Calculating the secret information s _fv based on the vault R and the second set B when the value of each element is equal to 80% or more for each element of each set A, B Execute unlocking process.

A field is a set in which four arithmetic operations of addition, subtraction, multiplication, and division are defined, and the four arithmetic operations of elements that are elements of the set are closed in the set (the operation result is a set based on the original). In the case of the above). A finite field is a field in which the original number (order) of the set is a finite number, and the finite field is also called a Galois field. In some cases, it is also called a prime field. An extension field is a field including the field as a subset. For example, a real number field (a set of all real numbers) is an extension field of a rational number field (a set of all rational numbers). Further, a k-th order extension field of a finite field is a set (polynomial set) in which four arithmetic operations of addition, subtraction, multiplication, and division are defined, and an element of the finite field is a coefficient (k-1) or lower polynomial. That means. Furthermore, a partial body is a subset of the body, and refers to the subset in which the four arithmetic operations defined in the body are established.
In addition, about a body, a finite field, an expansion body, a partial body, etc., it describes in the nonpatent literature 6, for example, Since it is well-known, detailed description is abbreviate | omitted.

(About fuzzy vault using RS code)
In the fuzzy vault, an RS code (Reed-Solomon code, Reed-Solomon code), which has high error correction capability, is used as the error correction code in order to execute the locking process and the unlocking process. May be. Here, the RS code is a code in which the information is expressed by being divided into bit blocks, and error correction can be performed in units of blocks. Note that the block is specifically a point on the polynomial that is an element of the k-th order extension field (F ^k ) of the finite field (F). That is, in the RS code, a set whose elements are a predetermined number of points on the polynomial is expressed by bits as a so-called code word. When a set of n points on the polynomial is expressed as the code word, the RS code is particularly referred to as an (n, k) code ((n, k) RS code).
Note that the RS code and the like are described in, for example, Non-Patent Document 6 and the like and are well known, and thus detailed description thereof is omitted.

In the fuzzy vault using the RS code, in the locking process, first, when n = t, r> n, the secret information s _fv (s _fv εF ^k ) including ^k elements and n Based on the first set A (AεF ⁿ ) composed of elements, the (n, k) code composed of n points on the polynomial is calculated. Next, a chaff that is a set of random (rn) points other than the points on the polynomial is added to the (n, k) code. A set of r points formed by the (n, k) code and the chaff is output as the vault R (RεF ^r ).
In the fuzzy vault using the RS code, in the unlocking process, the second set B (BεF ^t ) having n elements or less of the first set A and r points The secret information s _fv is calculated by restoring the polynomial based on the vault R consisting of

In the RS code, it is guaranteed that errors of (n−k) / 2 or less points in the (n, k) code can be corrected (for example, see Non-Patent Documents 6 and 7). That is, it is known that if the {n + k) / 2} or more points in the (n, k) code are found, the polynomial can be successfully restored (n − {(n−k) / 2}). = (N + k) / 2). As a result, in the fuzzy vault using the RS code, for each element of the sets A and B, when {(n + k) / 2} or more elements are the same, the polynomial can be restored, It is guaranteed that the secret information s _fv can be calculated.
Therefore, in the fuzzy vault using the RS code, the problem of specifying the (n, k) code from the vault R including the chaff, and the problem of restoring the polynomial from the (n, k) code, so-called, Due to the difficulty with the polynomial restoration problem, the security of the confidential information s _fv is secured.
Note that the fuzzy vault using the RS code is described in, for example, Non-Patent Documents 7 and 8, and is well known, and thus detailed description thereof is omitted.

CA3: Polynomial calculation means The polynomial calculation means CA3 is a (k−1) -dimensional univariate polynomial based on the registration information s, and is a point on the polynomial necessary to restore the registration information s. The polynomial is calculated such that becomes {(n + k) / 2} or more. The polynomial calculation means CA3 according to the first embodiment uses the following equation (1), where x is a variable of the polynomial, s ₀ to s _k-1 are _k coefficients of the polynomial, and f (x) is the polynomial. When calculating the coefficient f (x), the coefficients s _{0 to} s _k−1 are calculated.
f (x) = s ₀ + s ₁ x + s ₂ x ² +... + s _k−2 x ^k−2 + s _k−1 x ^k−1 (1)
That is, the polynomial calculation unit CA3 according to the first embodiment regards the registration information s as the secret information s _fv (s = s _fv ), and uses the RS code based on the registration information s. The coefficients s _{0 to} s _k−1 of the polynomial f (x) are calculated.

Specifically, the registration information s of the first embodiment is as follows. First, the registration information s is regarded as the character string s _qg (s = s _fv = s _qg ), and (k−1) partial characters. Extract columns. Here, it is known that (文字 s‖−q + 1) q-grams are extracted when the length (number of characters) of the registration information s is ‖s‖ (for example, Non-Patent Document 6). Etc.). That is, when n q-grams are extracted from the registration information s, q = ‖s‖-n + 1 holds. Thus, if the partial string was _{s k (1) ~s k (} k-1), the substring _{s k (1)} of the length (‖s‖- (k-1) +1 ) ~s _{k (k-1)} is extracted. Then, the partial character strings s _{k (1) to} s _{k ( k−1)} are converted into the coefficients s _{0 to} s _k−1 (s ₀ , s ₁ ,..., S _k− as the elements of the finite field F. ₂ , s _k−1 εF), the polynomial f (x) is calculated. For example, s _k-1 = 1 and the partial character strings s _{k (1) to} s _{k (k−1)} are converted into the finite field F by a reversible function as an example of a preset bidirectional function. Are converted into the coefficients s _{0 to} s _{k−2 that} are the basis of the above.

Here, the reversible function, the substring _{s k (1) ~s k (} k-1) from the convertible to the coefficient _s 0 _{~s k-1,} and the coefficient _s 0 _{~s k-1} To the partial character string s _{k (1) to} s _{k ( k−1)} . For example, the registration information s is “AGCCCGGAAGGGCC”, k = 10, the partial character string s _{k (1)} of length 4 (12− (10−1) + 1 = 4 ₎ is “AGCC”, and s ₀ = 5, the reversible function is a correspondence relationship that establishes “AGCC” → 5, that is, a so-called map. In this case, the reversible function is T, the inverse function of the reversible function T is T- ^1, and the output value of the reversible function T to which the partial character string s _{k (1)} is input is T (s _{k ( 1)),} and the output value of the inverse function ^{T -1} input the coefficient _{s 0} in case of a ^{_{T -1 (s 0), T}} (s k (1)) = s 0 = 5, T - ¹ (s ₀ ) = T ⁻¹ (5) = s _{k (1)} is established.

In Example 1, the value of the natural number q is set in advance in order to extract the q-gram of the registration information s. Therefore, when the registration information s is input to the registration information input unit 2a, the value of the natural number n is set as n = ‖s‖−q + 1. In the first embodiment, the maximum value for the edit distance d between the registration information s and the search information is preset as d _max (d ≦ d _max ). Furthermore, in the first embodiment, the value of the natural number (dimension number) k is set by the equation (2) ′ obtained by solving the following equation (2) for the natural number k.
(N + k) / 2 = n− (d _max −1) q−1 (2)
k = n−2 (d _max −1) q−2 (2) ′

CA4: Registered partial information extracting means The registered partial information extracting means CA4 extracts registered partial information which is n pieces of partial information capable of restoring the registered information s based on the registered information s. The registered part information extraction unit CA4 according to the first embodiment regards the registration information s as the character string s _qg (s = s _fv = s _qg ), and uses n q-grams as the registered part information. Extract. The registered part information extracting unit CA4 according to the first embodiment has n (n = ‖s‖−q + 1) parts as in the polynomial calculating unit CA3 when the registered part information is s _q1 to s _qn. The registered partial information s _{q1 to} s _qn that are character strings are extracted. For example, when q = 4, the registration partial information s _{q1 to} s _qn of the registration information s (“AGCCCGGAAGGGCC”) is s _q1 (“AGCC”), s _q2 “GCCG”,..., S _qn = s _q9 There are nine “GGCC” (n = 12−4 + 1 = 9).
CA5: Registered set calculation means The registered set calculation means CA5 is a set having n registered numeric values as elements based on the n pieces of registered partial information extracted by the registered partial information extracting means CA4. Compute the registered set. That is, the registered set calculation means CA5 according to the first embodiment calculates the registered set A as an example of the first set A in the fuzzy vault using the RS code (AεF ⁿ ).

The registered set calculation means CA5 according to the first embodiment calculates the registered set A using a preset one-way function, a so-called hash function. Specifically, the registered set calculation means CA5 sets the hash function as H, and outputs the registered partial information s _{q1 to} s _qn by the hash function H as H (s _q1 ) to H (s _qn ). , when the registration numerical values and _{a 1 ~a n (a 1,} a 2, ..., a n ∈F), H (s q1) = a 1, H (s q2) = a 2, ..., H _(s qn) = by calculating the _{a n,} computing the registration set _{a (a = (a 1,} a 2, ..., a n)).

CA6: Registration assignment value calculating means registration assignment value calculating means CA6 calculates numerical a registered assignment value of the registration numerical value a ₁ ~a _n is imputed the polynomial f (x). The registration assignment value calculating means CA6 of Example 1, the formula for _{(1), x = a 1} , x = a 2, ..., is the value of the polynomial f (x) in the case of the x = _{a n} The registered substitution values f (a ₁ ), f (a ₂ ),..., F (a _n ) are calculated.
CA7: Pseudo math unit pseudo math unit CA7 calculates a is a number other than the registration numerical _{a 1 ~a n (r-n} ) types of pseudo-values. Said pseudo math unit CA7 of Example 1, the pseudo number in case of the _{a n} + 1 ~a _r, of the p elements of the finite field F (original), other than the registered numerical _a 1 ~a _n The pseudo numerical values a _{n + 1 to} a _r are calculated by extracting (r−n) elements of (a _{n + 1} , a _{n + 2} ,..., A _r εF).

CA8: Pseudo-assignment value calculation means The pseudo-assignment value calculation means CA8 calculates a pseudo-assignment value that is a numerical value other than the numerical value of the polynomial f (x) to which the pseudo-numeric value is assigned. The pseudo-assignment value calculation means CA8 according to the first embodiment sets i, j as variables that take values from 1 to r, and sets the pseudo-assignment values corresponding to the pseudo-values a _{n + 1 to} a _r to f ′ (a _{n + 1} ) ˜ When f ′ (a _r ), f ′ (a _i ) ≠ f (a _i ) and f ′ (a _i ) ≠ f (a _j ) and f ′ (a _i ) ≠ f ′ (a _j ) F ′ (a _{n + 1} ) to f ′ (a _r ) are calculated from the pseudo-assigned values.

CA9: confidential registration information calculating means confidential registration information calculating means CA9, the registration numerical _a 1 ~a _n and the registration numerical value _a 1 ~a corresponding to _n the registered value substituted into _{f (a 1), f (} a 2) , ..., f _{(a n)} of a point registration polynomial point on the polynomial to a set, the pseudo numerical _{a n} + 1 ~a _r and the pseudo numerical _{a n} + 1 ~a corresponding to _r the pseudo assignment value f ' When the points other than the polynomial having a set of (a _{n + 1} ) to f ′ (a _r ) are pseudo-polynomial points, n registered polynomial points and (r−n) pseudo-polynomial points The secret registration information in which the registration information is concealed is calculated by calculating a polynomial point set, which is a set of r points including: That is, the secret registration information calculation unit CA9 according to the first embodiment includes the registration polynomial point as an example of the (n, k) code in the fuzzy vault using the RS code and the pseudo polynomial as an example of the chaff. The polynomial point set R (secret registration information R) as an example of the vault R having points is calculated.

The secret registration information calculation means CA9 according to the first embodiment sets the registration polynomial points as (a ₁ , f (a ₁ )) to (a _n , f (a _n )), and sets the pseudo polynomial points as (a _{n + 1} , When it is assumed that f ′ (a _{n + 1} )) to (a _r , f ′ (a _r )), the polynomial point set R shown in the following equation (3) is calculated.
R = ((a ₁ , f (a ₁ )),
_{(A 2, f (a 2} )), ...,
_{(A n, f (a n} )),
(A _{n + 1} , f ′ (a _{n + 1} )),
(A _{n + 2} , f ′ (a _{n + 2} )),...
( _Ar , f '( _ar ))) (3)
In the secret registration information calculation unit CA9 according to the first embodiment, the secret registration information R is rearranged in ascending order with respect to the numerical values a _{1 to} a _r of the polynomial point set R shown in the formula (3). It is output (calculated) in the state.

CA10: Secret registration information transmission means Secret registration information transmission means CA10 transmits the secret registration information R calculated by the secret registration information calculation means CA9 to the database server DS.
CA11: End determination means The end determination means CA11 determines whether or not an input for ending the secret registration information transmission program AP1 has been made.

(Description of control unit of search client personal computer PCb)
The hard disk drive of the search client personal computer PCb includes a basic software (operating system) OS for controlling the basic operation of the search client personal computer PCb, a secret search information transmission program AP2 as an application program, and a secret similar information restoration program AP3. Other software (not shown) is stored.

(Secret search information transmission program AP2)
The secret search information transmission program AP2 includes the following functional means (program modules).

FIG. 4 is an explanatory diagram of a registered image according to the first embodiment.
CB1: Search image display means The search image display means CB1 displays a search image 3 shown in FIG. 4 for causing the database server DS to search for the similar information that is the same as or similar to the search information. The registered image 3 according to the first embodiment includes a search information input unit 3a for inputting the search information t (for example, “GGCCAGGGCACC”) when the search information is t and the similar information is t ′. A search start button 3b for starting the so-called secret similar information search process, which is a process for causing the database server DS to search the similar information t ′ of the input search information t in a concealed state, and a search result And a similar information output unit 3c for displaying the similar information t ′ (for example, “GGCCGGGGTGCA” or the like).

CB2: Search Discriminating Unit The search discriminating unit CB2 discriminates whether or not the database server DS starts the similar information search process. The search discriminating means CB2 according to the first embodiment determines whether the search information input unit 3a has input the search information t and the search start button 3b, thereby determining whether the database server DS has the secret. It is determined whether or not to start the similar information search process.
CB3: Search Partial Information Extraction Unit The search partial information extraction unit CB3 extracts search partial information which is m pieces of partial information capable of restoring the search information t based on the search information t. The search part information extraction unit CB3 of Example 1 extracts m pieces of the q-grams as the search part information by regarding the search information t as the character string s _qg (t = s _qg ). Similar to the registered part information extraction unit CA4, the search part information extraction unit CB3 of Embodiment 1 sets the search part information to t _q1 to t _qm, and sets the length (number of characters) of the search information t to ‖t‖. In this case, the search partial information t _{q1 to} t _qm which are m (m = ‖t‖−q + 1) partial character strings are extracted. For example, when q = 4, the search partial information t _{q1 to} g _qm of the search information t (“GGCCAGGGCACC”) is t _q1 (“GGCC”), t _q2 (“GCCA”),..., T _qm = There are nine _tq9 (“CACC”) (m = 12−4 + 1 = 9).

CB4: Search set calculation means The search set calculation means CB4 uses m pieces of search numerical values as elements based on the m pieces of search partial information t _{q1 to} t _qm extracted by the search partial information extraction means CB3. A search set that is a set is calculated. That is, the search set calculation means CB4 of the first embodiment calculates the search set B as an example of the second set B in the fuzzy vault using the RS code (BεF ^m ).
The search set calculation means CB4 according to the first embodiment calculates the search set B using the hash function H. Specifically, the search set calculation means CB4 uses H (t _q1 ) to H (t _qm ) as output values of the search partial information t _{q1 to} t _qm by the hash function H, and sets the search numerical value to b _1. ˜b _m (b ₁ , b ₂ ,..., B _m εF), H (t _q1 ) = b ₁ , H (t _q2 ) = b ₂ ,..., H (t _qm ) = b _m To calculate the search set B (B = (b ₁ , b ₂ ,..., B _m )). In the search set calculation means CB4 of the first embodiment, the search set B is output (calculated) in a state in which the search numerical values b _{1 to} b _m are rearranged in ascending order.

CB5: Search Set Storage Unit The search set storage unit CB5 stores the search set B (B = (b ₁ , b ₂ ,..., B _m )) calculated by the search set calculation unit CB4.
CB6: Secret search information calculation means The secret search information calculation means CB6, when natural number is L and L <m is established, among the m kinds of search numerical values b _{1 to} b _m , the L types of search numerical values. The search information t is concealed by calculating a search subset that is a subset of the search set B having (m−L) types of search numerical values (b _{1 to} b _m ) as elements. Secret search information is calculated. The secret search information calculation means CB6 according to the first embodiment is configured such that when the search subset is B ^* , L types of search numerical values are removed from the search numerical values b _{1 to} b _{m of the} search set B (m -L) The search subset (secret search information) B ^* having the search numerical values (b _{1 to} b _m ) of the types as elements is calculated. For example, when L = 2, the variable i is a numerical value other than 1 to 3 and m, and two types of numerical values b ₂ and b _i out of the search numerical values b _{1 to} b _m are removed, (b _{1 , 0, b 3, ...,} b i-1, 0, b i + 1, ..., b m) → (b 1, b 3, ..., b i-1, b i + 1, ..., a b m) = ^{B *} Calculate.

CB7: Secret Search Information Transmission Unit The secret search information transmission unit CB7 transmits the secret search information B ^* calculated by the secret search information calculation unit CB6 to the database server DS.
CB8: End determination means The end determination means CB8 determines whether or not an input to end the confidential search information transmission program AP2 has been made.

(Secret similarity information restoration program AP3)
The secret similar information restoration program AP3 includes the following functional means (program modules).

CB9: Secret Similarity Information Receiving Unit The secret similar information receiving unit CB9 receives the secret similar information in which the similar information t ′ transmitted by the secret similar information transmitting unit CD8 described later is concealed. In the secret similar information receiving unit CB9 according to the first embodiment, M candidate polynomial point sets R _{A1 to} R _AM as an example of the plurality of polynomial point sets R registered in the database server DS as the secret similar information. _A candidate solution set R _A (R _A = (R _A1 , R _A2 ,..., R _AM )) is received as the secret similar information. The candidate polynomial point sets R _{A1 to} R _AM and the solution candidate set R _A will be described later.

CB10: Candidate Polynomial Point Set Calculation Means Candidate polynomial point set calculation means CB10 has search numerical value determination means CB10A and numerical value extraction means CB10B, and is a candidate as a candidate polynomial point set capable of calculating the similarity information t ′. Compute a set of polynomial points. The candidate polynomial point set computing means CB10 of the first embodiment uses the search set when the candidate polynomial point subsets that are subsets of the candidate polynomial point sets R _{A1 to} R _AM are Q _{1 to} Q _M. Search numerical values b _{1 to} b _m included in the search set B stored in the storage unit CB5, and candidate polynomial points included in the secret similar information (solution candidate set _RA ) received by the secret similar information receiving unit CB9 The candidate polynomial point subsets Q _{1 to} Q _M are calculated based on the sets R _{A1 to} R _AM .

CB10A: Search numerical determination means searches numerical discriminating means CB10A, the search numerical _b 1 ~b _m is registered numerical included to the each candidate polynomial point set _R A1 _{~R AM a} 1 ~a _n or the pseudo numeric _{a n + 1} it is determined whether or not the ~a _r and equivalent. The search numerical value discriminating means CB10A according to the first embodiment determines whether the m search numerical values b _{1 to} b _m are equal to the numerical values a _{1 to} a _r or not. All of the sets R _{A1 to} R _AM are determined. In the search numerical value determining means CB10A, the m search numerical values b _{1 to} b _m and the r numerical values a _{1 to} a _r are arranged in ascending order, for example, b ₁ = a _{When 3} is established, the search numerical value b ₂ is compared with the numerical values after the numerical value a ₄ , thereby speeding up the processing.
CB10B: Numerical extractor numerical extracting means CB10B by extracting the registration numerical _a 1 ~a _n and the pseudo numerical _{a n} + 1 ~a _r serving as the search numerical _b 1 ~b _m and equivalence, each becomes equivalent Polynomial points (a ₁ , f (a ₁ )) to (a _n , f (a _n )), (a _{n + 1} , f ′ (a _{n + 1} )) to (a _r , f corresponding to the numerical values a _{1 to} a _r ′ ( _Ar )) is extracted.

The numerical value extraction means CB10B according to the first embodiment includes i = 1, 2,..., M, j = 1, 2,..., M, variables x _i and y _i, and variables x _i and y _i. When the determined point is (x _i , y _i ), first, the i-th search numerical value b _i included in the search information B is converted into numerical values a ₁ to n included in the j-th candidate polynomial point set R _Aj. If it is either the same value of a _r is a polynomial point corresponding to the equivalence of numbers _{a 1 ~a r (a 1,} f (a 1)) ~ (a n, f (a n)), (a _{n + 1} , f ′ (a _{n + 1} )) to ( _ar , f ′ ( _ar )) are set (assigned) to the point (x _i , y _i ). For example, when b _i = a ₁ , a polynomial point (a ₁ , f (a ₁ )) is set at the point (x _i , y _i ). If the i-th search numerical value b _i is not the same as the numerical values a _{1 to} a _{r of} the j-th candidate polynomial point set R _Aj , nothing is set at the point (x _i , y _i ). For example, when b _i ≠ a ₁ , a ₂ ,..., A _r , the point (o, o) is set to the point (x _i , y _i ) ((x _i , y _i ) = (o , O) = φ).

That is, as shown in the following equation (4), the projection of the i-th search numerical value b _{i for} the j-th candidate polynomial point set R _Aj is calculated.
(B _i , o)
(X _i , y _i ) ← −−−−− R _Aj (4)
Then, the point (x _i , y _i ) that is the projection is an element of the j-th candidate polynomial point subset Q _j (Q _j ← Q _j ∪ (x _i , y _i )).
Therefore, the candidate polynomial point set computing means CB10 of the first embodiment repeats the above processing for all values of the variables i and j, and sets the candidate polynomial point subsets of all candidate polynomial point sets R _{A1 to} R _AM. to calculate the Q ₁ ~Q _M.

CB11: solution set calculation means The solution set calculation means CB11 is a set having similar information restoration discriminating means CB11A and having only candidate polynomial point subsets Q _{1 to} Q _M that can restore the similar information t ′ as elements. Compute a set of solutions. The solution set calculation means CB11 of the first embodiment uses c as a natural number excluding 0, and the number of elements of each of the candidate polynomial point subsets Q _{1 to} Q _M , that is, extracted polynomial points (a ₁ , f ( a ₁ )) to (a _n , f (a _n )), (a _{n + 1} , f ′ (a _{n + 1} )) to (a _r , f ′ (a _r )) are respectively expressed as ‖Q ₁ ‖ to ‖Q and _M ‖, the solution set in case of the R _B, the number of elements ‖Q ₁ ‖~‖Q _M ‖ is only discriminated each candidate polynomials point subset Q ₁ to Q _M is c or more The solution set R _B is computed with the element as the element.

CB11A: Similar information restoring determination means similar information restoring determination means CB11A is a natural number excluding 0 when is c, the registration numerical values extracted by said numerical extracting means CB10A a ₁ ~a _n and the pseudo numerical a _{n + 1} It is determined whether or not each secret similar information can be restored as the similar information t ′ with respect to the search information b _{1 to} b _m by determining whether or not ~ _ar is c or more. . The similar information restoration discriminating means CB11A according to the _first embodiment discriminates whether or not the number of elements ‖Q ₁ ‖ to 以上 Q _M ‖ is c or more, thereby extracting the extracted numerical values a _{1 to} a _r. Whether or not is greater than or equal to c. In the similar information restoration determination means CB12 of the first embodiment, the value of the natural number c is set by the following equation (5).
c = max (n, m) − (d−1) q−1 (5)

CB12: Similar information restoring means similar information restoring means CB12 is based on the registration numerical _a 1 ~a _n and the pseudo numerical _{a n} + 1 ~a _r included in computed by the solution set operation means CB11 the solution set _{R B} Then, the similarity information t ′ is restored by calculating the polynomial f (x). In the similar information restoring means CB12 Example 1, the solution set _R each candidate polynomials point subset _(Q 1 to Q _M) in the registration numerical value _a 1 ~a corresponding registers polynomial point to _n included in _B When (a ₁ , f (a ₁ )) to (a _n , f (a _n )) are known to be {(n + k) / 2} or more, based on a conventionally known error correction code decoding algorithm Thus, the polynomial f (x) can be restored from the solution set R _B. That, k-number of the coefficients _s 0 _{~s k-1} is calculated for each candidate polynomials point subset of the solution set _{R B (Q 1 ~Q M)} . Therefore, in the similarity information restoring means CB12, firstly, on the basis of the decoding algorithm, the candidate polynomial point subset of the solution set R _B a _(Q 1 _{~Q M)} to said sequentially polynomial f (x) Restore (calculate coefficients s _{0 to} s _k-1 ). Then, when the polynomial f (x) can be restored, the partial characters s _{k (1) to} s are calculated by the inverse function T ^{−1 for} the calculated coefficients s _{0 to} s _{k−1. The} similarity information t ′ (t ′ = s) based on the partial character strings s _{k (1) to} s _{k (k−1} ) is calculated by performing inverse conversion to _{k (k−1)} .

In this case, for example, j-th when the candidate polynomial point subset Q _j can not restore the polynomial f (x), said a candidate polynomial point subset _{Q j {(n + k)} / 2} pieces of the registration It is assumed that the polynomial points (a ₁ , f (a ₁ )) to (a _n , f (a _n )) do not exist, and the restoration process of the next j + 1-th candidate polynomial point subset Q _{j + 1} is executed. To do. That is, since it cannot be determined whether there are {(n + k) / 2} registered polynomial points (a ₁ , f (a ₁ )) to (a _n , f (a _n )), the polynomial The similar information t ′ is restored only when f (x) can be restored. Therefore, for example, when the candidate set of polynomial points Q _j that can restore the polynomial f (x) is not included in the solution set R _B , the similarity information t ′ is not restored. It may be terminated.

In the similar information restoring means CB12 of the first embodiment, the BM algorithm (Berlekamp-Massey algorithm, Balecamp Massy method, BM method) as an example of the decoding algorithm that is easy to implement and efficient can be used. The polynomial f (x) is calculated. Note that the BM algorithm is described in, for example, Non-Patent Documents 6 and 7, and is well known, and thus detailed description thereof is omitted.
CB13: Edit distance calculation means The edit distance calculation means CB13 is the edit distance d between the search information t input to the search information input unit 3a and the similarity information t 'restored by the similarity information restoration means CB12. Is calculated. The edit distance calculation means CB13 of Example 1, all said search information t, the respective edit distance d between each similarity information t 'corresponding to each candidate polynomial point subset of the restored the solution set R _B operation To do.

CB14: Similar information display means The similar information display means CB14 has an edit distance discrimination means CB14A, and the search information t input to the search information input unit 3a and the similar information restored by the similar information restoration means CB12. When the edit distance d with respect to the information t ′ is equal to or less than the preset maximum value d _max (d ≦ d _max ), the similar information t ′ is displayed on the similar information output unit 3c (FIG. 4). reference). The similar information display means CB14 of the first embodiment displays a list of each piece of similar information t ′ corresponding to each candidate polynomial point subset of the solution set R _{B in which} the edit distance d is equal to or less than the maximum value d _max. .
CB14A: Edit distance discriminating means edit distance discriminating means CB14A, said the search information t, the edit distance d between each similarity information t 'corresponding to each candidate polynomial point subset of the solution set R _B is, the maximum value It is determined whether or not d _max or less.

(Description of the control unit of the database server DS)
In the hard disk drive of the database server DS, a basic software (operating system) OS for controlling basic operations of the database server DS, a secret similar information search program (similar information search program) AP4 as an application program, and the like are not shown. Software is stored.

(Secret similarity information search program AP4)
The secret similar information search program AP4 has the following functional means (program modules).

CD1: Secret registration information receiving means Secret registration information receiving means CD1 receives the secret registration information R transmitted by the secret registration information transmitting means CA10.
CD2: Secret registration information storage means Secret registration information storage means CD2 stores the secret registration information R received by the secret registration information receiving means CD1. The secret registration information storage means CD2 of the first embodiment sets the natural number excluding 0 as N, and the received secret registration information R as the secret registration information stored Nth, and stores the secret registration information (vault , a set polynomial point) _{R 1,} R 2, ..., _{R N,} when ... and storing the confidential registration information R received as _{R N.}

CD3: Secret search information receiving means Secret search information receiving means CD3 is the secret search information B ^* (for example, B ^* = (b ₁ , b ₃ ,..., B _i−) transmitted by the secret search information transmitting means CB7. ₁ , b _{i + 1} ,..., B _m ), L = 2).
CD4: Search numerical value determining means The search numerical value determining means CD4 is the (m−L) types of search numerical values (b ₁ , b ₃ ,...) Included in the confidential search information B ^* received by the confidential registration information receiving means CD1. , B _i−1 , b _{i + 1} ,..., B _m ) are registered numerical values a ₁ included in the respective secret registration information (each set of polynomial points) R _{1 to} R _N stored in the secret registration information storage means CD2. ~a _n or determining whether said is a pseudo numerical _{a n} + 1 ~a _r and equivalent. The search numerical determination unit CD4 of Example 1, similar to the search numerical determination means CB10A, the search numerical _{(b 1, b 3, ...} , b i-1, b i + 1, ..., b m) is the It is determined for each of the _N polynomial point sets R _{1 to} R _N whether or not they are the same as the numerical values a _{1 to} a _r included in the polynomial point sets R _{1 to} R _N.

CD5: Polynomial point subset computing means Polynomial point subset computing means CD5 includes (m−L) types of search numerical values (b ₁ , b ₃ ,..., B _i−1 , b _{i + 1} ,..., B _m ). the pseudo polynomial of the registration numerical value _a 1 the registration polynomial point _{~a n (a 1, f (} a 1)) ~ (a n, f (a n)) and the pseudo numerical _{a n} + 1 ~a _r to be equivalent By extracting the points (a _{n + 1} , f ′ (a _{n + 1} )) to ( _ar , f ′ ( _ar )), the search numerical values (b ₁ , b) in the polynomial point set (R _{1 to} R _N ) are extracted. ₃ ,..., B _i−1 , b _{i + 1} ,..., B _m ), and a polynomial point subset that is a subset of the polynomial point sets R _{1 to} R _N is calculated. The polynomial point subset computing means CD5 of the first embodiment uses the polynomial point subsets when the polynomial point subsets corresponding to the polynomial point sets R _{1 to} R _N are Q ₁ ^{* to} Q _N ^*. From the sets R _{1 to} R _N , numerical values a _{1 to} a _r that have the same values as the (m−L) types of search numerical values (b ₁ , b ₃ ,..., B _i−1 , b _{i + 1} ,..., B _m ). Polynomial points (a ₁ , f (a ₁ )) to (a _n , f (a _n )), (a _{n + 1} , f ′ (a _{n + 1} )) to (a _r , f ′ (a _r )) The polynomial point subsets Q ₁ ^{* to} Q _N ^* are extracted.

Specifically, the polynomial point subset calculation means CD5 sets i = 1, 2,... (M−L), j = 1, 2,..., N, similarly to the numerical value extraction means CB10B. When (m−L) types of search numerical values are b _{1 to} b _m−L , first, the i-th search numerical value b _i included in the search information B is changed to the j-th polynomial point set R _j . If the same value as either a numerical value _a 1 ~a _r included are polynomial point corresponding to the equivalence of numbers _{a 1 ~a r (a 1,} f (a 1)) ~ (a n, f (a _{n)), (a n +} 1, f '(a n + 1)) ~ (a r, f' (a r)) the point _(x i, (substituted set to _{y i)).} For example, when b _i = a ₁ , a polynomial point (a ₁ , f (a ₁ )) is set at the point (x _i , y _i ). If the i-th search numerical value b _i is not equivalent to the numerical values a _{1 to} a _{r of} the j-th polynomial point set R _j , nothing is set at the point (x _i , y _i ). For example, when b _i ≠ a ₁ , a ₂ ,..., A _r , the point (o, o) is set to the point (x _i , y _i ) ((x _i , y _i ) = (o , O) = φ).

That is, as shown in the following equation (4) ′, the projection of the i-th search numerical value b _{i for} the j-th polynomial point set R _j is calculated.
(B _i , o)
(X _i , y _i ) ← −−−−− R _j (4) ′
Then, the point (x _i , y _i ) that is the projection is an element of the j-th polynomial point subset Q _j ^* (Q _j ^* ← Q _j ^* _ｊ (x _i , y _i )).
Therefore, the polynomial point subset computing means CD5 of the first embodiment repeats the above processing for all values of the variables i and j, and the polynomial point subset Q _{1 of} all the polynomial point sets R _{1 to} R _N. ^* ~ Q _N ^* is calculated.

CD6: Polynomial point subset element number discriminating means Polynomial point subset element number discriminating means CD6 has the points of the polynomial point subsets Q ₁ ^{* to} Q _N ^* calculated by the polynomial point subset arithmetic means CD5 ( c-L) It is determined whether or not the number is greater than or equal to. The polynomial point subset element number discriminating means CD6 of the first embodiment is similar to the similar information restoration discriminating means CB11A in that the polynomial points (a ₁ , f (a) of the respective polynomial point subsets Q ₁ ^{* to} Q _N ^* are used. _{1)) ~ (a n,} f (a n)), (a n + 1, f '(a n + 1)) ~ (a r, f' (a r) the total number of) each ‖Q ₁ ^* ‖~‖Q in case of the _N ^* ‖, the number of elements ‖Q ₁ ^* ‖~‖Q _N ^* ‖ it is determined whether or not (c-L) or more.

CD7: Concealed similarity information computing means Concealed similarity information computing means CD7 is configured to provide each of the secret registration information (Q ₁ ^{* to} Q _N ^* ) corresponding to each of the polynomial point subsets (Q ₁ ^{* to} Q _N ^* ) having (c−L) or more points. By calculating R _{1 to} R _N ), secret similar information in which the similar information is concealed is calculated. In the secret similar information calculation means of the first embodiment, each of the polynomial point subsets (Q ₁ ^{* to} Q _N ) has a natural number excluding 0, M, M ≦ N, and (c−L) or more points. ^* ) M pieces of the secret registration information (R _{1 to} R _N ) corresponding to the candidate polynomial point sets R _{A1 to} R _AM which are candidate polynomial point sets for which the similar information t ′ may be concealed. And the candidate candidate point set R _{A1 to} R _AM as a set of solution candidates, where R _A is (R _A = (R _A1 , R _A2 ,..., R _AM )), the secret similarity The solution candidate set _RA which is information is calculated.
CD8: Secret similar information transmitting means Secret similar information transmitting means CD8 transmits the secret similar information (solution candidate set R _A ) calculated by the secret similar information calculating means CD7 to the search client personal computer PCb. .

(Description of Flowchart of Example 1)
Next, the processing flow of each of the programs AP1 to AP4 according to the first embodiment will be described using a flowchart.

(Explanation of Flowchart of Secret Registration Information Transmission Processing of Secret Registration Information Transmission Program AP1 of Embodiment 1)
FIG. 5 is a flowchart of the secret registration information transmission process of the secret registration information transmission program according to the first embodiment.
The processing of each ST (step) in the flowchart of FIG. 5 is performed according to a program stored in the ROM or the like of the control unit of the registration client personal computer PCa. This process is executed in a multitasking manner in parallel with other various processes of the control unit.

The flowchart shown in FIG. 5 is started when the secret registration information transmission program AP1 is activated.
In ST101 of FIG. 5, the registered image 2 (see FIG. 3) is displayed. Then, the process proceeds to ST102.
In ST102, it is determined whether or not registration information s has been input to registration information input unit 2a. If yes (Y), the process proceeds to ST103, and, if no (N), the process proceeds to ST104.
In ST103, the registered image 2 is updated according to the input of the registration information s. Then, the process returns to ST102.
In ST104, it is determined whether or not the registration button 2b has been input. If no (N), the process moves to ST105, and if yes (Y), the process moves to ST106.
In ST105, it is determined whether or not an input to end the secret registration information transmission program AP1 has been made. If no (N), the process returns to ST102, and if yes (Y), the secret registration information transmission process is terminated.

In ST106, it is determined whether or not registration information s is displayed in registration information input unit 2a. If yes (Y), the process proceeds to ST107, and, if no (N), the process returns to ST102.
In ST107, the coefficients s _{0 to} s _k-1 (see Expression (1)) of the (k-1) -dimensional one-variable polynomial f are calculated from the registration information s. That is, s _k−1 = 1 and partial character strings s _{k (1) to} sk _(k−1) extracted from the registration information s by a reversible function T set in advance are used as coefficients s ₀ to Convert to s _k-2 . Then, the process proceeds to ST108.
In ST 108, it extracts the registration component information _s q1 _{~s qn} from the registration information s. Then, the process proceeds to ST109.
In ST 109, the registration component information _s q1 _{~s qn,} by the hash function H, calculates the registration set _{A (A = (a 1,} a 2, ..., a n), H (s q1) = a 1, H (s _q2 ) = a ₂ ,..., H (s _qn ) = a _n ). Then, the process proceeds to ST110.

In ST110, when the set having the value of variable x _i as an element is X, the following processes (1) to (3) are executed, and the process proceeds to ST111.
(1) Set 1, 0, 0 to variables i, x _i , y _i (i = 1, x _i = 0, y _i = 0).
(2) Set φ to the set X. That is, the set X is an empty set (X ← φ).
(3) Set φ to the polynomial point set R. That is, the polynomial point set R is an empty set (R ← φ).
In ST111, the following processes (1) to (3) are executed, and the process proceeds to ST112.
(1) A registration polynomial point (a _i , f (a _i )) having a set of the registration substitution value f (a _i ) corresponding to the i-th registration value a _i and the registration value a _i is calculated, _(x i, _{y i)} is set to _{((x i, y i)} ← (a i, f (a i))).
(2) Variable (value of x coordinate of point (x _i , y _i )) x _i is an element of set X (X ← X （{xi}).
(3) Let the point (x _i , y _i ) be an element of the polynomial point set R (R ← R∪ (x _i , y _i ))

In ST112, +1 is added to the variable i (i = i + 1). Then, the process proceeds to ST113.
In ST113, it is determined whether or not the variable i is larger than n, which is the number of registered polynomial points (a _i , f (a _i )). If yes (Y), the process proceeds to ST114, and, if no (N), the process returns to ST111.
In ST114, the following processes (1) and (2) are executed, and the process moves to ST115.
(1) A pseudo-polynomial point (a _i , f ′ (a _i )) having a set of pseudo-assignment values f ′ (a _i ) corresponding to the i-th pseudo-value a _i and the pseudo-value a _i is calculated. , point _(x i, _{y i)} is set to _{((x i, y i)} ← (a i, f '(a i)), x i ∈F-X, y i ∈F- {f (x i )}).
(2) The point (x _i , y _i ) is an element of the polynomial point set R (R ← R∪ (x _i , y _i )))

In ST115, it is determined whether or not the variable i has reached r which is the number of points included in the polynomial point set R. If no (N), the process moves to ST116, and if yes (Y), the process moves to ST117.
In ST116, +1 is added to the variable i (i = i + 1). Then, the process returns to ST114.
In ST117, the elements (x _i , y _i ) of the polynomial point set R are rearranged in ascending order of the variables x _i (i = 1, 2,..., R).
In ST118, the polynomial point set R which is confidential registration information is transmitted to the database server DS. Then, the process returns to ST102.

(Explanation of Flowchart of Secret Search Information Transmission Process of Secret Search Information Transmission Program AP2 of Embodiment 1)
FIG. 6 is a flowchart of the confidential search information transmission process of the confidential search information transmission program according to the first embodiment.
The processing of each ST (step) in the flowchart of FIG. 6 is performed according to a program stored in the ROM or the like of the control unit of the search client personal computer PCb. This process is executed in a multitasking manner in parallel with other various processes of the control unit.

The flowchart shown in FIG. 6 is started when the secret search information transmission program AP2 is activated.
In ST201 of FIG. 6, the search image 3 (see FIG. 4) is displayed. Then, the process proceeds to ST202.
In ST202, it is determined whether or not search information input unit 3a has input search information t. If yes (Y), the process proceeds to ST203, and, if no (N), the process proceeds to ST204.
In ST203, the search image 3 is updated according to the input of the search information t. Then, the process returns to ST202.
In ST204, it is determined whether or not the search start button 3b has been input. If no (N), the process moves on to ST205, and if yes (Y), the process moves on to ST206.

In ST205, it is determined whether or not an input for terminating the confidential search information transmission program AP2 has been made. If no (N), the process returns to ST202, and if yes (Y), the confidential search information transmission process is terminated.
In ST206, it is determined whether or not the search information t is displayed in the search information input unit 3a. If yes (Y), the process proceeds to ST207, and, if no (N), the process returns to ST202.
In ST207, and it extracts a search portion information _t q1 _{~t qm} from the search information t. Then, the process proceeds to ST208.
In ST208, the search part information _t q1 _{~t qm,} by the hash function H, and calculates and stores the retrieval data set _{B (B = (b 1,} b 2, ..., b m), H (t q1) = b ₁ , H (t _q2 ) = b ₂ ,..., H (t _qn ) = b _m ). Then, the process proceeds to ST209.

In ST209, except for L types of search figures in the search numerical _b 1 ~b _m search set B, (m-L) types of search numerical _b 1 _{~b m-L} and the element searching the subset B ^* Is calculated (B ^* = (b ₁ , b ₂ ,..., B _m−L )). Then, the process proceeds to ST210.
In ST210, search subset B ^* which is confidential search information is transmitted to database server DS. Then, the process proceeds to ST211.
In ST211, the secret similarity that restores the corresponding similar information t ′ from each secret similar information (solution candidate set R _A , R _A = (R _A1 , R _A2 ,..., R _AM )) transmitted from the database server DS. Information restoration processing (see the flowchart of FIG. 8 described later) is executed. Then, the process returns to ST202.

(Explanation of Flowchart of Secret Similarity Information Retrieval Process of Secret Similarity Information Search Program AP4 of Example 1)
FIG. 7 is a flowchart of the secret similar information search process of the secret similar information search program according to the first embodiment.
The processing of each ST (step) in the flowchart of FIG. 7 is performed according to a program stored in the ROM or the like of the control unit of the database server DS. This process is executed in a multitasking manner in parallel with other various processes of the control unit.

The flowchart shown in FIG. 7 is started when the secret similar information search program AP4 is activated.
In ST301 of FIG. 7, it is determined whether or not a polynomial point set R that is confidential registration information has been received. If yes (Y), the process proceeds to ST302, and, if no (N), the process proceeds to ST303.
In ST 302, it stores the polynomial point set R received as confidential registration information _{R N.} Then, the process returns to ST301.
In ST303, it is determined whether or not search subset B ^* , which is confidential search information, has been received. If yes (Y), the process proceeds to ST304, and, if no (N), the process returns to ST301.

In ST304, the following processes (1) to (3) are executed, and the process proceeds to ST305.
(1) Set 1, 1, 0, 0 to variables i, j, x _i , y _i (i = 1, j = 1, x _i = 0, y _i = 0).
(2) Set φ to each polynomial point subset Q ₁ ^{* to} Q _N ^* . That is, each polynomial point subset Q ₁ ^{* to} Q _N ^* is an empty set (Q ₁ ^* ← φ, Q ₂ ^* ← φ,..., Q _N ^* ← φ).
(3) Set φ to the solution candidate set _RA . That is, the solution candidate set R _A is an empty set (R _A ← φ).

In ST305, the following processes (1) and (2) are executed, and the process proceeds to ST306.
(1) The projection of the i-th search numerical value b _i is calculated for the j-th secret registration information R _j (see Expression (4) ′). That is, when the i-th search numerical value b _i included in the confidential search information B ^* is the same value as the numerical values a _{1 to} a _r included in the j-th confidential registration information R _j , the point (x _i , y _i ), polynomial points (a ₁ , f (a ₁ )) to (a _n , f (a _n )), (a _{n + 1} , f ′ (a _{n + 1} )) corresponding to the same number a _{1 to} a _r ˜ ( _ar , f ′ ( _ar )) are set, and when b _i ≠ a ₁ , a ₂ ,..., A _r , the point (x _i , y _i ) is changed to the point (o, o ) Is set ((x _i , y _i ) = (o, o) = φ).
(2) Let the point (x _i , y _i ) be an element of the j-th polynomial point subset Q _j ^* (Q _j ^* ← Q _j ^* ∪ (x _i , y _i )).

In ST306, it is determined whether or not the variable i has reached (m−L), which is the number of points included in the confidential search information B ^* . If no (N), the process proceeds to ST307, and if yes (Y), the process proceeds to ST308.
In ST307, +1 is added to the variable i (i = i + 1). Then, the process returns to ST305.
In ST308, it is determined whether or not there are (c−L) or more points in the j-th polynomial point subset Q _j ^* (‖Q _j ^* ‖ ≧ c−L). If yes (Y), the process proceeds to ST309, and, if no (N), the process proceeds to ST310.
In ST309, the j-th secret registration information R _j is set as an element of the solution candidate set _RA (R _A ← R _A ∪R _j ). Then, the process proceeds to ST310.

In ST 310, the variable j is determined whether it is N is the number of confidential registration information _R 1 to R _N. If no (N), the process moves on to ST311, and if yes (Y), the process moves on to ST312.
In ST311, the following processes (1) and (2) are executed, and the process returns to ST305.
(1) Set 1 to variable i (i = 1).
(2) Add +1 to the variable j (j = j + 1).
In ST312, the solution candidate set R _A (R _A = (R _A1 , R _A2 ,..., R _AM ), M ≦ N), which is confidential similar information, is transmitted to the search client personal computer PCb. Then, the process returns to ST301.

(Explanation of Flowchart of Secret Similarity Information Restoration Process of Secret Similarity Information Restoration Program AP3 of Embodiment 1)
FIG. 8 is a flowchart of the secret similar information restoration process of the secret similar information restoration program according to the first embodiment, and is an explanatory diagram of the subroutine of ST211 in FIG.

In ST401 of FIG. 8, it is determined whether or not a solution candidate set _RA that is confidential similar information is received. If yes (Y), the process transfers to ST402, and, if no (N), ST401 is repeated.
In ST402, the following processes (1) to (3) are executed, and the process proceeds to ST403.
(1) Set 1, 1, 0, 0 to variables i, j, x _i , y _i (i = 1, j = 1, x _i = 0, y _i = 0).
(2) Set φ to each candidate polynomial point subset Q _{1 to} Q _M. That is, each candidate polynomial point subset Q _{1 to} Q _M is an empty set (Q ₁ ← φ, Q ₂ ← φ,..., Q _M ← φ).
(3) sets φ to disassembly _{R B.} That is, the solution set R _B is an empty set (R _B ← φ).

In ST403, the following processes (1) and (2) are executed, and the process proceeds to ST404.
(1) For the j-th candidate polynomial point set R _Aj , the projection of the i-th search numerical value b _i is calculated (see Expression (4)). That is, when the i-th search numerical value b _i included in the search information B is the same value as the numerical values a _{1 to} a _r included in the j-th candidate polynomial point set R _Aj , the point (x _i , y _i ), Polynomial points (a ₁ , f (a ₁ )) to (a _n , f (a _n )), (a _{n + 1} , f ′ (a _{n + 1} )) corresponding to the numerical values a _{1 to} a _r of the same value If ( _ar , f ′ ( _ar )) is set and b _i ≠ a ₁ , a ₂ ,..., A _r , then the point (x _i , y _i ) is changed to the point (o, o) Is set ((x _i , y _i ) = (o, o) = φ).
(2) The point (x _i , y _i ) is set as an element of the j-th candidate polynomial point subset Q _j (Q _j ← Q _j ∪ (x _i , y _i )).

In ST404, it is determined whether or not the variable i has reached m which is the number of points included in the search information B. If no (N), the process moves to ST405, and if yes (Y), the process moves to ST406.
In ST405, +1 is added to the variable i (i = i + 1). Then, the process returns to ST403.
In ST406, it is determined whether or not there are c or more points in the j-th candidate polynomial point subset Q _j (‖Q _j ‖ ≧ c). If yes (Y), the process proceeds to ST407, and, if no (N), the process proceeds to ST408.
In ST407, j-th candidate polynomial point subset Q _j is set as an element of solution set R _B (R _B ← R _B ∪R _Aj ). Then, the process proceeds to ST408.

In ST408, it is determined whether or not the variable j has reached _N , which is the number of the secret registration information R _{1 to} R _N. If no (N), the process moves to ST409, and if yes (Y), the process moves to ST410.
In ST409, the following processes (1) and (2) are executed, and the process returns to ST403.
(1) Set 1 to variable i (i = 1).
(2) Add +1 to the variable j (j = j + 1).
In ST410, the respective polynomials f (x) are restored by the BM algorithm from the respective candidate polynomial point subsets Q _j (‖Qj‖ ≧ c) included in the solution set R _B (coefficients s _{0 to} s _k−1). And the similar information t ′ (t ′ = s) is restored by the inverse function T ⁻¹ . Then, the process proceeds to ST411.
In ST411, the similar information t ′ whose restoration is successful and the editing distance d is equal to or less than the maximum value d _max is displayed in a list on the similar information output unit 3b (see FIG. 4).

(Operation of Example 1)
In the similar information search system S according to the first embodiment having the above-described configuration, the registration information input unit 2a of the registration image 2 has the input of the registration information s and the registration button in the registration client personal computer PCa. When 2b is input, the secret registration information transmission process is performed in which the secret registration information (polynomial point set R) in which the registration information s is concealed is calculated and transmitted to the database server DS ( (Refer to ST101 to ST118 in FIGS. 3 and 5).
In the similar information search system S according to the first embodiment, the search client personal computer PCb includes the search information input unit 3a of the search image 3 and the search start button 3b. When the search information t is input, the secret search information transmission process is executed in which the secret search information (search subset B ^* ) in which the search information t is concealed is calculated and transmitted to the database server DS (see FIG. 4, see ST201 to ST210 in FIG.

In the similar information search system S of the first embodiment, when the secret registration information (polynomial point set R) is received by the database server DS, the secret registration information R _N (N = 1, 2, ... (See ST301 and ST302 in FIG. 7). Further, when the secret search information (search subset B ^* ) is received, the secret similar information search process for searching the search information t and the similar information t ′ in a concealed state is executed (FIG. 7 ST303 to ST312).
In the similar information search system S of the first embodiment, the search client personal computer PCb receives the secret similar information (solution candidate set R _A ) as a search search result, and restores the similar information t ′. Then, the secret similar information restoration process displayed on the similar information output unit 3b is executed (see ST211 in FIG. 6 and ST401 to ST411 in FIG. 8).

Therefore, in the similar information retrieval system S of the first embodiment, the information R, B ^* , R _A transmitted / received between the client personal computers PCa, PCb and the database server DS via the Internet 1. Is information in which the registration information s, the search information t, and the similar information t ′ are concealed. Therefore, the information s, t, t ′ can be kept secret from third parties other than the users of the client personal computers PCa, PCb and the database server DS.
Further, the secret similar information search process is executed in a concealed state without restoring the registration information s, the search information t, and the similar information t ′. That is, the in concealment similar information retrieval processing, a retrieval numerical b ₁ ~b _m-L included in the received secure search information (search subset B ^*), the each confidential registration information R ₁ to R _N stored In order to determine whether or not the contained numerical values a _{1 to} a _r are the same value (see ST305 in FIG. 7), the restored information s, t, and t ′ cannot be specified.

On the database server DS, the stored secret registration information (polynomial point set R _{1 to} R _N ) and the received secret search information (search subset B ^* ) are stored in the registration information s, The search information t cannot be restored. In other words, the polynomial point set R includes the pseudo-polynomial points (a _{n + 1} , f ′ (a _{n + 1} )) to (a _r , f ′ (a _r )) as an example of the chaff. For this reason, unless the registration set A is known, the registration polynomial points (a ₁ , f (a ₁ )) to (a _n , f (a _n )) as an example of the (n, k) code are completely set. It can not be identified. When the search set B sufficiently close to the registration set A is acquired (B≈A), the registration polynomial points (a ₁ , f (a ₁ )) to (a _n , f (a _n ) ) Can be specified, and {(n + k) / 2} or more points can be specified, the registration information s can be restored from the polynomial point set R. Therefore, unless the search set B is known, the registration information s cannot be restored from the polynomial point set R. The search subset B ^* is obtained by removing L types of search numerical values from the search set B. For example, B = (b ₁ , b ₂ ,..., B _m ), B ^* = (b ₁ , b ₂ ,..., b _m−L ), L types of search numerical values b _{m−L + 1 to} b _m are excluded (see ST209 in FIG. 6). Therefore, unless the search set B is known, the search numerical values b _{m−L + 1 to} b _m cannot be specified, and the search information t cannot be restored from the search subset B ^* .

Therefore, in the similar information search system S of the first embodiment, the information s, t, and t ′ can be kept secret from an administrator who is a user of the database server DS.
As a result, the similar information search system S according to the first embodiment is the owner of the registration information s in a state where the information s, t, and t ′ are concealed from the third party and the administrator. The DAS model having a registrant, a searcher who is an acquirer of the search information t, and the manager as an outsourcer entrusted with management work of the database server DS can be configured. That is, the DAS model can be configured by the registrant who is the user of the registration client personal computer PCa, the searcher who is the user of the search client personal computer PCb, and the administrator.

In the similar information search system S according to the first embodiment having the above-described configuration, when the registration information s is concealed and registered, first, the partial characters are extracted from the registration information s by q-gram extraction processing. The columns s _{k (1) to} s _{k ( k−1)} and the registered partial information s _{q1 to} s _qn are extracted (see ST107 and ST108 in FIG. 5). Next, by the reversible function T and the hash function H, the coefficients s _{0 to} s _{k−1 of the} polynomial f (x) and the registered set (first set) A (A = (a ₁ , a ₂ , _{..., a} n)) is calculated (see ST 107, ST 109 in FIG. 5). Then, similarly to the locking process in the fuzzy vault, the registered polynomial points (a ₁ , f (a ₁ )) to (a _n , f (a _n )) as an example of the (n, k) code, The polynomial point set R having the pseudo-polynomial points (a _{n + 1} , f ′ (a _{n + 1} )) to (a _r , f ′ (a _r )) as an example of the chaff is calculated (ST110 in FIG. 5). ~ ST117). Therefore, by combining the extraction process, the functions T and H, and the locking process, the registration information s can be concealed without using a key for each registrant.

When searching for the search information t, first, similarly to the registered set A, the search set (second set) B () is obtained by the extraction process, the hash function H, and the locking process. B = (b ₁ , b ₂ ,..., B _m )) is calculated (see ST207 and ST208 in FIG. 6). Then, m type L type from the search numerical _b 1 ~b _m of search numerical _{b m-L} + 1 wherein ~b _m is removed searched subset ^{B *} are calculated (see ST209 of FIG. 6). Therefore, by combining the extraction process, the hash function H, and the locking process, the search information t can be concealed without using a key for each searcher.
As a result, in the similar information retrieval system S of the first embodiment, all information R, B ^* , R _A (R _A = (R _A1 , R _A2 ,...) Transmitted and received by the database server DS via the Internet 1. , R _AM )) can be calculated without using the key. The candidate polynomial point sets R _{A1 to} R _AM are all or part of the polynomial point sets R _{1 to} R _N storing the received polynomial point set R. Accordingly, the information s, t, t ′ is concealed from the third party and the administrator without setting a key used in a conventionally known encryption algorithm for each user (registrant, searcher). it can. Therefore, it is possible to solve problems such as security (strictness) of key management in the encrypted database (see FIG. 9) and management costs associated therewith.

(Restoration from each candidate polynomial point subset Q _{1 to} Q _M to each similar information t ′)
Here, whether or not the similarity information t ′ can be reliably restored from the solution candidate set _RA searched by the search subset B ^* from which L types of search numerical values b _{m−L + 1 to} b _m are removed. It becomes a problem. That is, whether the similar information t ′ corresponding to each candidate polynomial point subset Q _{1 to} Q _M calculated from each candidate polynomial point set R _{A1 to} R _{AM of the} solution candidate set R _A can be calculated. It becomes.

Here, in the similar character string search method using the q-gram, a character string having a length (number of characters) n and a character string having a length m are at least {max (n, m) − (d−1). ) It is guaranteed to have q-1} q-grams in common. For this reason, a character string (registration information s) having a length (number of characters) ‖s‖ and a character string (search information t) having a length ‖t‖ are at least {max (‖s‖, ‖t‖) − (D-1) Since q-1} q-grams are commonly used, the following equation (6) is established.
max (‖s‖, ‖t‖)-(d-1) q-1
= Max (n + q-1, m + q-1)-(d-1) q-1.
≧ max (n, m) − (d−1) q−1 (6)
In other words, said registration partial information _s q1 the registration numerical values associated with _{~s qn a} 1 ~a _n as q-gram of the registration information by the hash function H, wherein as q-gram of the retrieval information It is clear that the number of shares with the search numerical values b _{1 to} b _m associated with the search partial information t _{q1 to} t _qm is {max (n, m) − (d−1) q−1} or more. It is.

Also, in the fuzzy vault unlocking process using the RS code, it is guaranteed that the polynomial can be restored if the (n, k) code {(n + k) / 2} or more points are found from the vault R. Has been.
Therefore, with respect to the natural number c which is the lower limit value of the number of polynomial points for determining whether or not each similar information t ′ can be restored from each of the candidate polynomial point subsets Q _{1 to} Q _M , the following equation (7 ) Always holds, the coefficients s _{0 to} s _k-1 of the polynomial f (x) can always be calculated from {(n + k) / 2} or more points of the (n, k) code (see FIG. 8 ST410).
c ≧ (n + k) / 2 (7)

Here, for the natural numbers c and k, when it is assumed that the expressions (2) ′ and (5) are satisfied and n ≧ m is satisfied, the following expression (8) is satisfied.
‖Q _j ‖ ≧ c (j = 1, 2,..., M)
≧ (n + k) / 2
= Max (n, m)-(d-1) q-1
= N- (d-1) q-1
≧ n− (d _max −1) q−1
= (N + k) / 2 (8)

Further, when it is assumed that the expressions (2) ′ and (5) are satisfied for the natural numbers c and k and n <m is satisfied, the following expression (8) ′ is satisfied.
‖Q _j ‖ ≧ c
= Max (n, m)-(d-1) q-1
= M- (d-1) q-1
> N- (d-1) q-1
≧ n− (d _max −1) q−1
= (N + k) / 2 (8) '

Therefore, in the similar information search system S of the first embodiment, the natural numbers c, n, m, d are set based on the preset values of the natural numbers q, n, m, d and the equations (2) ′, (5). When the value of k is set, the equation (7) is always established. Therefore, if each of the candidate polynomial point subsets Q _{1 to} Q _M having c or more polynomial points includes {(n + k) / 2} or more points of the (n, k) code. The coefficients s _{0 to} s _k-1 can always be calculated by the unlocking process. That is, the similar information search system S according to the first embodiment determines whether or not the similar information t ′ can be restored if the natural numbers c and k are set based on the equations (2) ′ and (5). The filtering process to discriminate (see ST308 in FIG. 7 and ST406 in FIG. 8) can be appropriately executed. Therefore, it can be restored whenever the similarity information t ′ completely matches the search information t, and the similarity information t ′ can be restored as the similarity with the search information t is higher (the edit distance d is smaller). The possibility increases and the possibility that the similar information t ′ can be restored as the similarity with the search information t is lower (the edit distance d is larger) and is more likely to be excluded by the filtering process. Become.

  As a result, in the similar information search system S of the first embodiment, the problem of information concealment that cannot be realized only by the technique of the similar character string search method using the q-gram is solved, and the RS code is changed. The problem of setting the filtering conditions for the unlocking process, which cannot be realized only by the fuzzy vault technique used, has been solved.

(About the efficiency of confidential similar information search processing)
Further, in the similar information search system S of the first embodiment having the above-described configuration, when searching for the secret similar information (solution candidate set _RA ), it is included in the secret search information (search subset B ^* ). a search numerical _b 1 _{~b m-L,} collates the numerical _a 1 ~a _r included the each confidential registration information _R 1 to R _N. For this reason, compared with the case where collation is performed after decrypting the encrypted registration information and search information, the secret similar information (solution candidate set _RA ) can be searched efficiently.
In the similar information search system S according to the first embodiment, the search numerical values b _{1 to} b _m-L and the numerical values a _{1 to} a _r are arranged in ascending order. For this reason, the calculation amount for calculating each candidate polynomial point subset Q _{1 to} Q _M by the collation is O (n + m) time using the Landau symbol. Therefore, compared with the case where the calculation amount is O (nm) by collating with the brute force, the secret similar information search process can be executed efficiently.

(About the efficiency of confidential similar information restoration processing)
Further, in the similar information search system S of the first embodiment, the unlocking process using the BM algorithm is executed for restoring the secret similar information (solution candidate set _RA ) (see ST410 in FIG. 8). . In the unlocking process using the BM algorithm, when the number of error-correctable points is z (z = (n−k) / 2), the calculation amount is O ( z ² ) is known to be time (see, for example, JP-A-2003-168983). For this reason, as compared with the unlocking process of O (z ² ) time or longer (for example, unlocking process using Peterson method in which the calculation amount is O (z ³ ) time), the concealment is efficiently performed. Similar information restoration processing can be executed.

(About the security of confidential registration information against brute force attacks)
In the similar information search system S according to the first embodiment having the above-described configuration, for example, the third party or the administrator totals the polynomial f (x) from the secret registration information (polynomial point set R). There is a possibility that the registration information s is tried to be decrypted by being restored. Here, when a sufficiently small real number of positive values is μ (μ> 0, μ≈0), and the total number of polynomials that are candidates for the polynomial f (x) is N _f , the total number N _{f of the} polynomials It is known that the following formula (9) is established with a probability of at least (1−μ) (for example, see Non-Patent Document 7).
N _f = (μ / 3) × p ^k−n × (r / n) ⁿ (9)
Therefore, for example, when r = p = 10 ⁴ , n = 22, k = 14 for the natural numbers r, p, n, and k and ^{μ≈2 −188} for the real number μ, N _f ≈2 ⁸⁶ Is established. That is, 2 ⁸⁶ kinds of polynomial, must identify the single polynomial f that corresponds to the registration information s (x).

In the similar information search system S of the first embodiment, as the value of the natural number r increases, the pseudo-polynomial points (a _{n + 1} , f ′ (a _{n + 1} )) to be included in the polynomial point set R are increased. Since the total number of (a _r , f ′ (a _r )) increases, the possibility of specifying the registered polynomial points (a ₁ , f (a ₁ )) to (a _n , f (a _n )) is low. Become. Further, if the value of the natural number r is large, the total number N _{f of the} polynomial itself is large, and the total number of polynomials that can be selected as the polynomial f (x) can be increased. In this case, the possibility that the secret registration information (polynomial point set R) is decoded is further reduced, and the safety can be increased.

Further, as the editing distance d increases, as the maximum value d _max increases, the number of candidate polynomial point sets R _{A1 to} R _AM of the solution candidate set _RA to be searched increases. That is, the possibility that the value of the natural number M becomes large increases. For this reason, the convenience as a similar information search process becomes high. However, in this case, the value of the natural number k (k = n−2 (d _max −1) q−2) is small (see Expression (2) ′). For this reason, the value of the degree (k−1) of the polynomial f (x) is reduced, the total number of polynomials that can be selected as the polynomial f (x) is also reduced, and the secret registration information (polynomial point set R) is decoded. Since the possibility of being increased, the safety is lowered.
That is, as the maximum value d _max increases, the convenience as the similar information search process is improved, but the security of the secret registration information (polynomial point set R) decreases.

Conversely, as the maximum value d _max decreases, the number of candidate polynomial point sets R _{A1 to} R _AM of the solution candidate set _RA to be searched increases (the value of the natural number M is reduced). The possibility of becoming smaller is reduced), and the convenience as a similar information search process is lowered. In this case, the value of the natural number k increases, the value of the degree (k-1) of the polynomial f (x) increases, and the total number of polynomials that can be selected as the polynomial f (x) also increases. Since the possibility that the secret registration information is decrypted is reduced, the safety is increased.
That is, as the maximum value d _max increases, the convenience as the similar information search process decreases, but the security of the secret registration information (polynomial point set R) increases.
As a result, in the similar information search system S of the first embodiment, the convenience and the safety can be adjusted based on the maximum value _dmax .

(About the security of confidential search information against brute force attacks)
In the similar information search system S according to the first embodiment having the above-described configuration, for example, the third party or the administrator estimates L types of search numerical values b _{m−L + 1 to} b _m by brute force. There is a possibility that the search set B is restored from the secret search information (search subset B ^* ) and the search information t is deciphered.

Here, as the value of the natural number L increases, the possibility that the L types of search numerical values b _{m−L + 1 to} b _m can be specified decreases. Therefore, since the possibility that the search set B is restored and the search information t is decoded is reduced, the safety is increased. However, in this case, the number of elements ‖Q _j ^* for determining whether or not the secret registration information R _{1 to} R _N stored in the database server DS is the candidate polynomial point set R _{A1 to} R _AM ^. The discriminant value (c−L) of ‖ (j = 1, 2,..., N) becomes smaller. For this reason, although the possibility that the similar information t ′ can be restored is low, there is a high possibility that the number detected as the candidate polynomial point sets R _{A1 to} R _AM is large (the value of the natural number M is large). Is likely to be). For example, when L = c, (c−L) = 0 is established, and all the secret registration information R _{1 to} R _N stored in the database server DS are the candidate polynomial point sets R _{A1 to} R _AN. Will be detected.
That is, as the value of the natural number L increases, the security of the secret search information (search subset B ^* increases), but false detection increases and the processing efficiency as the similar information search process decreases.

Conversely, as the value of the natural number L decreases, the possibility that the L types of search numerical values b _{m−L + 1 to} b _m can be specified increases, and the possibility that the search information t is decoded increases. , Safety is reduced. However, in this case, the discriminant value (c−L) is small. For this reason, the possibility that the candidate polynomial point sets R _{A1 to} R _AM that are unlikely to restore the similarity information t ′ is low is reduced. For example, when L = 0, (c−L) = c holds, and the candidate polynomial point set R _{A1 to} R A where Q _j ^* = Q _j (j = 1, 2,..., N) always holds. _AM is detected.
That is, as the value of the natural number L becomes smaller, the security of the secret search information (search subset B ^* becomes lower, but false detection is reduced and the processing efficiency as the similar information search process is improved.
As a result, in the similar information search system S of the first embodiment, the safety and the processing efficiency can be adjusted based on the value of the natural number L.

(Safety of similar information retrieval system S against attacks based on bias of registered information)
In the similar information search system S according to the first embodiment having the above-described configuration, for example, the registration information s is biased as a character string, that is, there is a bias in the appearance frequency of characters or q-grams in the character string. There is a case. In this case, the third party or the caretaker, on the basis of the deviation, or infer the coefficient _s 0 _{~s k-1,} the registration numerical _a 1 ~a _n and pseudo numerical _{a n} + 1 ~a _r There is a possibility that candidate polynomials that become the polynomial f (x) can be narrowed down by making a guess or by combining these guesses, compared to the case of restoring the polynomial f (x) in a brute force manner. .

Here, for example, the substring _{s k (1) ~s k (} k-1) be present is a bias in the coefficient _{s 0 ~s k-1 (s} 0, s 1, ..., s k _The secret registration information (polynomial point set R) may be deciphered by setting the reversible function T so that the distribution of ₋₁ ∈ F ^k ) is uniform in the k-th order extension field F ^k . Becomes lower. That is, by reducing the correlation between the partial character strings s _{k (1) to} s _{k ( k−1)} and the coefficients s _{0 to} s _k−1 , the coefficients s _{0 to} s _k−1. Is difficult to guess, and the security of the secret registration information (polynomial point set R) is increased. Further, for example, even if there is a bias to the registration component information _s q1 _{~s qn,} the registration numerical _{a 1 ~a n (a 1,} a 2, ..., a n ∈F n) distribution wherein n next by in extension field F ⁿ sets the hash function H so as to be uniform, possibly the secret registration information (polynomial point set R) are decrypted is lowered. That is, the registration partial information _s q1 _{~s qn,} by correlation with the registration numerical value _a 1 ~a _n is reduced, the registration numerical _a 1 ~a _n becomes is hardly guess the secret registration information The safety of (polynomial point set R) is increased.
As a result, the in similar information retrieval system S of Example 1, the respective function T, H is the output value _{s 0 ~s k-1, a} 1 ~a n ability to uniformly distribute the so-called, each Based on the uniform distribution of the functions T and H, the security of the secret registration information (polynomial point set R) can be increased.

In addition, for example, the third party or the administrator decodes a part of the information such as q-gram of the registration information s based on the bias, and the information is similar to the search information t. There is a possibility that information having a similarity, that is, information in which the edit distance d is equal to or less than the maximum value d _max is created and the registered information s is to be decoded.

Here, for example, the database server DS is stored in a glycan gene database (GGDB: GlycoGene DataBase) in which glycan synthesis-related genes such as glycosyltransferases and glycan modification enzymes, so-called glycan genes are stored as the registration information s. ), The number of types of sugar chain genes is about 300, and if the average sequence length of the sugar chain genes is limited to about 1,200 base pairs (bp: base pair), it is known. . That is, when the database server DS is the sugar chain gene database, it is known that N = 300 and n = 1200. The sugar chain gene database is known, for example, as described in Non-Patent Document 9 and the like.
Therefore, when it is assumed that there is no bias, the size of the average character string space per gene, that is, the number of character string representations of the one gene is expressed by the following equation (10). It becomes more than the value.

(10)

The value (4) at the bottom of the numerator in the formula (10) is the number of base types (“A”, “T”, “G”, “C”), and the second term (Σ operation) of the denominator. The term with a child) is the number of character strings (upper limit value of similar character strings) at which the edit distance d is less than or equal to the maximum value _dmax .
Therefore, for example, when d _max = 100, the value represented by the equation (10) is about 2 ¹⁷⁰⁰ (2 ¹⁷⁰⁰ ≈2 ^{2400/2 700} ), and the secret registration information (polynomial point set R) It can be seen that the security of the key corresponds to the security of a key of about 1700 bits or more. As a result, even if the bias exists, it is possible to ensure the security of a key having a maximum of about 1700 bits or more and sufficiently secure the security registration information (polynomial point set R).
Therefore, in the similar information search system S of the first embodiment, the security of the secret registration information (polynomial point set R) can be adjusted based on the values of the natural numbers n and N and the maximum value d _max . it can.

(Example of change)
As mentioned above, although the Example of this invention was explained in full detail, this invention is not limited to the said Example, A various change is performed within the range of the summary of this invention described in the claim. It is possible. Modification examples (H01) to (H011) of the present invention are exemplified below.
(H01) In the similar information search system S of the embodiment, the client personal computers PCa and PCb and the database server DS are separately configured. However, the present invention is not limited to this. , PCb can be integrated, or the client personal computers PCa, PCb and the database server DS can be integrated.

(H02) In the embodiment, the client personal computers PCa and PCb and the database server DS are connected via the Internet 1 so as to be able to transmit and receive information. However, the present invention is not limited to this. For example, It is also possible to connect via a dedicated line, a wired / wireless LAN (Local Area Network) environment, and other communication lines such as an encryption communication network. When the dedicated line, the encryption communication network, or the like is used as the communication line, there is a possibility that the third party or the administrator has difficulty in deciphering the information s, t, t ′. is there. That is, there is a possibility that the protection against internal analysis (reverse engineering) and modification, so-called tamper resistance, is increased.
(H03) In the above embodiment, the confidential similarity information (solution candidate set _{R A)} the confidential similarity information restoration process of restoring the (see ST401～ST411 ST 211, in Figure 8 of FIG. 5), the search for a client PC PCb The similar information t ′ is not obtained by the third party or the administrator, but is not limited to this. For example, the dedicated line or the encryption communication network is used as a communication line. When the tamper resistance becomes high, the secret similar information restoration process is executed by the database server DS, and the restored similar information t ′ is transmitted to the search client personal computer PCb. It is also possible.

(H04) In the embodiment, each numerical value set is arbitrary according to conditions (specifications, designs, etc.) such as safety (strictness, confidentiality, confidentiality), processing efficiency, convenience, etc. Can be changed to For example, as in the _first embodiment, the secret registration information including the chaff (pseudo polynomial points (a _{n + 1} , f ′ (a _{n + 1} )) to (a _r , f ′ (a _r ))) where r> n. (Polynomial point set R) is preferably calculated to ensure the security of the secret registration information (polynomial point set R). However, when r = n, the polynomial point set R does not include the chaff. It is also possible to use a code word of (n, k) code (a set of registered polynomial points (a ₁ , f (a ₁ )) to (a _n , f (a _n )) only). Further, L> 0, and calculating the secure search information L types of search numerical _{b m-L} + 1 ~b _m is removed (Search subset ^{B *),} the confidential search information (search subset ^B *) However, it is also possible to set the search subset B ^* to be the search set B itself (B ^* = B) with L = 0. In this case, it is preferable to use the dedicated line, the encryption communication network, or the like as a communication line to increase the tamper resistance.
(H05) In the present invention, by the hash function H as an example of a one-way function, the numerical _a 1 _{~a n,} b 1 ~b from said _m each partial information _s q1 _{~s qn,} a t q1 _{~t qm} It is preferable to restore the information s and t so that the information s and t cannot be used. However, the present invention is not limited to this. For example, the hash function H is determined according to the security of the secret registration information (polynomial point set R). Can be changed to a reversible function as an example of a bidirectional function.

(H06) In the above embodiment, each of the information s, t, t ′ is composed of character string information, but is not limited to this. For example, information such as an ordered tree, an unordered tree, a graph, etc. It is also possible to configure by. Here, the information of the ordered tree means that the information s, t, and t ′ includes the root node that is the node that is the start point of the branch, the leaf node that is the node that is the end point of the branch, and the root node. And the information on the branch that is a branch connecting the root node, the internal node, and the leaf node, and an internal node that is a node provided between the leaf node and the root node. Are each ordered information. Further, unordered tree information is information in which each branch is not ordered compared to the ordered tree information.
For these pieces of information, when a histogram (histogram, frequency distribution chart, columnar graph) based on the structure of the information is calculated, a solution candidate is calculated based on the distance between the histograms (L ₁ distance, L ₁ distance). The filtering process can be performed.

  For example, the ordered tree information is limited to two branches that branch from the root node and the internal node, and the height that is the number of branches until the leaf node is reached from the root node. The ordered complete binary tree structure information is converted into q-level bifurcated information (operation unit information) by converting the ordered complete binary tree structure information, which is the information of the ordered complete binary tree that is all the same. ) Of the histogram. The q-level bifurcation is a subtree that is information on the structure of a subtree composed of the nodes of a part of the complete binary tree and the information of the branch that is a branch connecting the nodes. Structural information, which is the partial tree structure information in which the height of the partial tree is (q-1). In addition, the q-level bifurcation information histogram refers to the frequency of appearance of the same q-level bifurcation information in the complete binary tree.

Here, the two ordered complete binary tree structure information are U and V, the number of types of histograms (the size of the vector space) of the q-level bifurcation information is | ΓU |, | ΓV | A histogram of q-level bifurcation information is represented by u _{1 to} u _{| ΓU |} and v _{1 to} v _{| ΓV |} , and U = (u ₁ , u ₂ ,..., u _{| ΓU |} ), V = (v ₁ , v ₂ ,..., v _{| ΓV |} ), the L ₁ distance is the vector distance between the ordered complete binary tree structure information U and V. Therefore, on the basis of the L ₁ distance, it is possible to complete binary tree structure information U with order, what V it is determined whether or not similar. That is, solution candidate filtering processing can be performed.

Incidentally, based on the L ₁ distance between histograms of these information, the similarity information retrieval process without concealing the filtering process of the candidate solutions are, for example, are described in Non-Patent Document 10 to 12, in a known is there. For the ordered complete binary tree structure information U and V obtained by converting the ordered tree information, when the editing distance between the ordered complete binary tree structure information U and V is d, the ordered complete binary tree structure information U and V is obtained. binary tree structure information U, is _{L 1} distance between V is known to be a {4 × (q-1) +1} × d ( e.g., see non-Patent Document 10 or the like). Here, the edit distance d means each of insertion / deletion / replacement information of the q-level bifurcation information until the ordered complete binary tree structure information V becomes the ordered complete binary tree structure information U. This is the number of editing operations.

Therefore, the L ₁ distance as the condition of the filtering process, by a filtering condition of unlocking processing of the fuzzy vault, it is possible to perform similar information retrieval processing which has been concealed. For example, the ordered tree information is obtained by calculating the sets A and B based on the ordered complete binary tree structure information U and V to obtain the secret registration information (polynomial point set R) or the secret search information ( The search subset B ^* ) can be computed. It is assumed that the number of nodes included in the complete binary tree structure information U and V, for example, | U |, | V |, and | ΓU | = n, | ΓV | = m, n ≧ m holds. When the following equations (11) and (12) are established for the natural numbers c and k, the following equation (13) is established.

c = n− {4 × (q−1) +1} × d (11)
(N + k) / 2 = n− {4 × (q−1) +1} × d _max (12)
‖Q _j ‖ ≧ c
= N- {4 * (q-1) +1} * d
≧ n− {4 × (q−1) +1} × d _max
= (N + k) / 2 (13)

  That is, since c ≧ (n + k) / 2 is always established (see Expression (7)), the polynomial f (x) can be calculated by setting the degree (k−1) as in the above embodiment. Based on the discriminant value c, a concealed filtering process can be executed (see ST308 in FIG. 7 and ST406 in FIG. 8). As a result, similar to the similar information search system S of the first embodiment, the secret similar information search process (FIG. 7) is performed based on the values of the natural numbers c, d, k, L, n, m, q, and r. ST303 to ST312) can be executed.

(H07) In the present invention, it is preferable to display the images 2 and 3 for inputting the information s and t. However, the present invention is not limited to this. For example, the information s and t is input by command input or the like. It is also possible to omit the images 2 and 3 by inputting.
(H08) In the above embodiment, the coefficients s _{0 to} s _k-1 of the polynomial f (x) are calculated by the unlocking process using the BM algorithm as an example of the decoding algorithm of the error correction code. Although the similar information t ′ is restored (see ST410 in FIG. 8), the present invention is not limited to this. For example, the similarity information t ′ is not limited to this, and may be developed using the Peterson method or the Euclidean method as an example of the decoding algorithm of the error correction code. It is also possible to restore the similar information t ′ by a lock process (see, for example, Japanese Patent Laid-Open No. 2003-168983 and Non-Patent Document 6).

(H09) In the present invention, each value of the natural numbers c, d, k, L, n, m, q, r is preset or automatically based on the information s, t, t ′. Although it is set, the present invention is not limited to this, and it is also possible to allow the user to set the image using the images 3 and 4. For example, for the maximum value d _max of the edit distance d, a maximum value input unit may be provided in the search image 4 so that the searcher can set it.
(H010) In the present invention, based on the registration information s, it is guaranteed that the number of points necessary for restoring the registration information s is {(n + k) / 2} at a minimum (k−1). Although it is preferable to calculate a single variable polynomial f (x) in dimension (see ST107 in FIG. 5), the present invention is not limited to this. For example, even if {(n + k) / 2} exist, the registration information s It is also possible to calculate a polynomial that cannot be restored. In this case, the total number of polynomials that can be selected as the polynomial f (x) can be increased, and the convenience and the safety are enhanced, but the filtering process for determining whether or not the similar information t ′ can be restored. Since the accuracy of ST308 in FIG. 7 (see ST406 in FIG. 8) is reduced, there is a possibility that false detections increase and the processing efficiency as the similar information search processing is lowered. For this reason, the number of points that can be restored in the polynomial f (x) is set within the allowable range of the similarity information search system S, with the convenience, the safety, and the processing efficiency based on the accuracy of the filtering process. Can be adjusted accordingly.

(H011) In the present invention, based on the registration information s, the number of points necessary for restoring the registration information s is {(n + k) / 2} or more (k−1) -dimensional polynomial of one variable Although f (x) has been calculated (see ST107 in FIG. 5), the present invention is not limited to this. For example, there is a polynomial that is guaranteed to be able to restore the registration information s with {(n + k) / 2} or less. If present, it is also possible to compute such a polynomial. That is, as the error correction code, the (n, k) code ((n, k) RS code) that can be restored to the polynomial by the BM algorithm or the like when the {(n + k) / 2} or more points are found. The present invention is not limited to use, and it is also possible to use other error correction codes that can restore a polynomial by {(n + k) / 2} or less points. In this case, since the number of the registered polynomial points (a ₁ , f (a ₁ )) to (a _n , f (a _n )) that need to be known for decoding is reduced, the polynomial point set R Although the safety is reduced, the value of the total number r of the registered polynomial points (a ₁ , f (a ₁ )) to (a _n , f (a _n )) included in the polynomial point set R is increased, The safety can be ensured by increasing the total number of the pseudo-polynomial points (a _{n + 1} , f ′ (a _{n + 1} )) to (a _r , f ′ (a _r )).

  The present invention relates to, for example, management of a gene information database in which genetic information such as DNA base sequence information (nucleic acid sequence information) and protein amino acid sequence information is stored as information to be registered. This is useful when a DAS model is outsourced to an outside contractor.

FIG. 1 is an overall explanatory diagram of a similar information search system according to a first embodiment of the present invention. FIG. 2 is an explanatory diagram showing the function of each device constituting the similar information retrieval system of the first embodiment of the present invention in a block diagram (functional block diagram). FIG. 3 is an explanatory diagram of a registered image according to the first embodiment. FIG. 4 is an explanatory diagram of a registered image according to the first embodiment. FIG. 5 is a flowchart of the secret registration information transmission process of the secret registration information transmission program according to the first embodiment. FIG. 6 is a flowchart of the confidential search information transmission process of the confidential search information transmission program according to the first embodiment. FIG. 7 is a flowchart of the secret similar information search process of the secret similar information search program according to the first embodiment. FIG. 8 is a flowchart of the secret similar information restoration process of the secret similar information restoration program according to the first embodiment, and is an explanatory diagram of the subroutine of ST211 in FIG. FIG. 9 is an explanatory view when a conventionally known encryption database technique is applied to the gene information database in the DAS model.

Explanation of symbols

A ... registration set, AP4 ... similar information retrieval _{program, a} 1 ~a n _... registration numerical _{value, a n +} 1 ~a r _... pseudo numerical _{value, (a 1, f (a} 1)) ~ (a n, f (a n) ) ... polynomial points, registered polynomial points, (a _{n + 1} , f ′ (a _{n + 1} )) to ( _ar , f ′ (a _r )) ... pseudo-polynomial points, B ... search set, B ^* ... search subset , Secret search information, b _{1 to} b _m ... Search numerical value, c, d, k, L, n, m, q, r ... natural number, CA3 ... polynomial operation means, CA4 ... registered partial information extraction means, CA5 ... registered set Calculation means, CA6 ... registered substitution value calculation means, CA7 ... pseudo numerical value calculation means, CA8 ... pseudo substitution value calculation means, CA9 ... secret registration information calculation means, CA10 ... secret registration information transmission means, CB3 ... search partial information extraction means, CB4: Search set calculation means, CB5: Search set storage CB6 ... Secret search information calculation means, CB7 ... Secret search information transmission means, CB9 ... Secret similarity information reception means, CB10A ... Search numerical value determination means, CB10B ... Numerical value extraction means, CB11A ... Similar information restoration determination means, CB12 ... Similar information Restoring means, CD1 ... Secret registration information receiving means, CD2 ... Secret registration information storage means, CD3 ... Secret search information receiving means, CD4 ... Search numerical value discrimination means, CD5 ... Polynomial point subset calculating means, CD6 ... Polynomial point subset element number determining means, CD7 ... confidential similarity information calculating means, CD8 ... confidential similarity information transmitting means, DS ... storage device, similar information retrieval system, f (x) ... _{polynomial, f (a 1), f} (a 2), ... , F (a _n ) ... registered substitution value, f ′ (a _{n + 1} ) to f ′ (a _r ) ... pseudo substitution value, PCa ... registration device, PCb ... search device, Q ₁ ^{* to} Q _N ^* ... polynomial point part Minute set, R ... polynomial point set, confidential registration information, R A _... confidential similar information, H ... one-way function, S ... similar information retrieval system, s ... registration information, character string _{information, s} q1 ~s _{qn ...} registration part information, partial information, t ... search information, the character string _{information, t} q1 ~t _{qm ...} search part information, part information, t '... similar information, character string information.

Claims (4)

A storage device for storing registration information which is information to be registered;
A registration device that is connected to the storage device so as to be able to transmit and receive information, and that registers the registration information to the storage device;
Information similar to the registration information that is the same as or similar to the search information that is the search target information among the stored registration information that is connected to the storage device so as to be able to transmit and receive information. A search device for searching;
A similar information retrieval system having
The natural numbers are c, d, k, L, n, m, q, and r, respectively, and d operations of insertion / deletion / replacement are performed on the operation unit information that is the unit information to be operated in the search information. The search information is converted into the similar information, and n pieces of partial information having q pieces of the operation unit information can be calculated for the registration information. m or more pieces of partial information having q pieces of the operation unit information can be calculated, c is calculated based on d, q, n, m, and c ≧ L, m ≧ L, r ≧ n Are assumed to hold,
The registration device
Based on the registration information, a polynomial computing means for computing the polynomial that is a univariate (k-1) dimension and that can restore the registration information;
Registered partial information extracting means for extracting registered partial information, which is n pieces of partial information capable of restoring the registered information, based on the registered information;
A registered set calculation means for calculating a registered set, which is a set having n registered numeric values as elements, based on the extracted n pieces of registered partial information;
A registered substitution value calculating means for calculating a registered substitution value that is a numerical value of the polynomial into which the registered numeric value is substituted;
Pseudo numerical value calculating means for calculating (rn) types of pseudo numerical values which are numerical values other than the registered numerical values;
Pseudo-substitution value calculating means for calculating a pseudo-substitution value that is a numerical value other than the numerical value of the polynomial into which the pseudo-numeric value is substituted;
A point on the polynomial having a set of the registered numerical value and the registered substitution value corresponding to the registered numerical value is a registered polynomial point, and the pseudo numerical value and the pseudo substitution value corresponding to the pseudo numerical value are a set. When a point other than the polynomial is set as a pseudo-polynomial point, a polynomial point set that is a set of r points having n registered polynomial points and (r−n) pseudo-polynomial points is calculated. A secret registration information calculation means for calculating secret registration information in which the registration information is concealed;
Secret registration information transmitting means for transmitting the calculated secret registration information to the storage device;
Have
The storage device
Confidential registration information receiving means for receiving the confidential registration information transmitted by the confidential registration information transmitting means;
Secret registration information storage means for storing the received secret registration information;
Have
The search device includes:
Search partial information extraction means for extracting search partial information which is m pieces of partial information capable of restoring the search information based on the search information;
A search set calculation means for calculating a search set that is a set having m search numerical values as elements based on the extracted m pieces of search partial information;
Search set storage means for storing the calculated search set;
By calculating a search subset that is a subset of the search set having (m−L) types of the search numerical values excluding L types of the search numerical values among the m types of search numerical values, the search Secret search information calculation means for calculating secret search information in which information is concealed;
A secret search information transmitting means for transmitting the calculated secret search information to the storage device;
Have
The storage device
Secret search information receiving means for receiving the secret search information transmitted by the secret search information transmitting means;
Search numerical value determining means for determining whether the search numerical value included in the received confidential search information is the same as the registered numerical value or the pseudo numerical value included in each stored confidential registration information;
By extracting the registered polynomial point of the registered numerical value and the pseudo-polynomial point of the pseudo-numerical value that are the same as the search numerical value, a projection set of the search numerical value in the polynomial point set, A polynomial point subset computing means for computing a polynomial point subset which is a subset;
Polynomial point subset element number determining means for determining whether or not the calculated points of the polynomial point subset are (c−L) or more;
(CL) Concealed similarity information computing means for computing concealed similarity information in which the similar information is concealed by computing each concealment registration information corresponding to the polynomial point subset having at least (c−L) points ,
A secret similarity information transmitting means for transmitting the calculated secret similarity information to the search device;
Have
The search device includes:
A concealment similarity information receiving means for receiving the concealment similarity information transmitted by the concealment similarity information transmission means;
Search numerical value determining means for determining whether or not the search numerical value included in the stored search set is the same as the registered numerical value or the pseudo numerical value included in each received secret similar information;
Numerical value extraction means for extracting the registered numerical value and the pseudo numerical value that are the same as the search numerical value;
It is determined whether or not each of the secret similar information can be restored as the similar information with respect to the search information by determining whether or not the extracted registered numerical value and the pseudo numerical value are c or more. Similar information restoration discrimination means,
Similar information restoration means for computing the polynomial and restoring the similar information based on the registered numeric value and the pseudo numeric value when the extracted registered numeric value and the pseudo numeric value are c or more,
A similar information retrieval system characterized by comprising: When c ≧ (n + k) / 2 holds for the natural numbers c, k, n,
The registration device
Based on the registration information, the polynomial is a one-variable polynomial in (k−1) dimensions, and the number of points on the polynomial necessary for restoring the registration information is {(n + k) / 2} or more. A polynomial calculation means for calculating a polynomial;
The similar information retrieval system according to claim 1, wherein: Information to be registered is registered information,
Information that is the same as or similar to the registration information is similar information,
The natural numbers are d, k, n, q, r, respectively.
With respect to operation unit information that is information of a unit to be operated in the registration information, the registration information is converted into the similar information by performing d insertion / deletion / replacement operations, and the registration For information, it is assumed that n or more pieces of partial information having q pieces of operation unit information can be calculated, and r ≧ n holds.
The n pieces of partial information that can restore the registration information extracted based on the registration information are used as registration partial information.
A set having a registered numerical value, which is an n-type numerical value calculated based on the extracted n pieces of registered partial information, as a registered set,
A (k−1) -dimensional univariate polynomial calculated based on the registration information, and a numerical value calculated by substituting the registered numerical value for the polynomial that can restore the registration information is used as a registered substitution value. ,
A point on the polynomial having a set of the registered numerical value and the registered substitution value corresponding to the registered numerical value is a registered polynomial point,
A pseudo numerical value that is a numerical value other than the registered numerical value and a pseudo substituted value corresponding to the pseudo numerical value, and the pseudo substituted value that is a numerical value other than the numerical value of the polynomial to which the pseudo numerical value is substituted is a set. When a point other than a polynomial is a pseudo-polynomial point,
A polynomial point set, which is a set of r points each having n registration polynomial points and (r−n) pseudo-polynomial points, is stored as secret registration information in which the registration information is concealed. A secret registration information storage means;
The search target information is the search information,
Let natural numbers be c, L, m respectively.
For the search information, m or more pieces of partial information having q pieces of operation unit information can be calculated, c is calculated based on d, q, n, m, and c ≧ L, m ≧ L is established,
With respect to the operation unit information in the search information, the search information is converted into the similar information by performing d insertion / deletion / replacement operations, and the search information is extracted based on the search information. The m pieces of partial information capable of restoring the search information are set as search partial information,
A set having as elements search numerical values that are m types of numerical values calculated based on the extracted m pieces of search partial information is defined as a search set.
Of the m types of search numerical values, the search information conceals a search subset that is a subset of the search set whose elements are the (m−L) types of search numerical values excluding the L types of search numerical values. If the search information is hidden,
Search numerical value determination means for determining whether the search numerical value included in the confidential search information is the same as the registered numerical value or the pseudo numerical value included in each stored confidential registration information;
By extracting the registered polynomial point of the registered numerical value and the pseudo-polynomial point of the pseudo-numerical value that are the same as the search numerical value, a projection set of the search numerical value in the polynomial point set, A polynomial point subset computing means for computing a polynomial point subset which is a subset;
Polynomial point subset element number determining means for determining whether or not the calculated points of the polynomial point subset are (c−L) or more;
(CL) Concealed similarity information computing means for computing concealed similarity information in which the similar information is concealed by computing each concealment registration information corresponding to the polynomial point subset having at least (c−L) points ,
A similar information retrieval system characterized by comprising: Computer
Information to be registered is registered information,
Information that is the same as or similar to the registration information is similar information,
The natural numbers are d, k, n, q, r, respectively.
With respect to operation unit information that is information of a unit to be operated in the registration information, the registration information is converted into the similar information by performing d insertion / deletion / replacement operations, and the registration For information, it is assumed that n or more pieces of partial information having q pieces of operation unit information can be calculated, and r ≧ n holds.
The n pieces of partial information that can restore the registration information extracted based on the registration information are used as registration partial information.
A set having a registered numerical value, which is an n-type numerical value calculated based on the extracted n pieces of registered partial information, as a registered set,
A (k−1) -dimensional univariate polynomial calculated based on the registration information, and a numerical value calculated by substituting the registered numerical value for the polynomial that can restore the registration information is used as a registered substitution value. ,
A point on the polynomial having a set of the registered numerical value and the registered substitution value corresponding to the registered numerical value is a registered polynomial point,
A pseudo numerical value that is a numerical value other than the registered numerical value and a pseudo substituted value corresponding to the pseudo numerical value, and the pseudo substituted value that is a numerical value other than the numerical value of the polynomial to which the pseudo numerical value is substituted is a set. When a point other than a polynomial is a pseudo-polynomial point,
A polynomial point set, which is a set of r points each having n registration polynomial points and (r−n) pseudo-polynomial points, is stored as secret registration information in which the registration information is concealed. Secret registration information storage means,
The search target information is the search information,
Let natural numbers be c, L, m respectively.
If m or more pieces of partial information having q pieces of operation unit information can be calculated for the search information, c is calculated based on d, q, n, m, and c ≧ L, m ≧ L Each holds,
With respect to the operation unit information in the search information, the search information is converted into the similar information by performing d insertion / deletion / replacement operations, and the search information is extracted based on the search information. The m pieces of partial information capable of restoring the search information are set as search partial information,
A set having as elements search numerical values that are m types of numerical values calculated based on the extracted m pieces of search partial information is defined as a search set.
Of the m types of search numerical values, the search information conceals a search subset that is a subset of the search set whose elements are the (m−L) types of search numerical values excluding the L types of search numerical values. If the search information is hidden,
Search numerical value determining means for determining whether the search numerical value included in the confidential search information is the same as the registered numerical value or the pseudo numerical value included in each stored confidential registration information;
By extracting the registered polynomial point of the registered numerical value and the pseudo-polynomial point of the pseudo-numerical value that are the same as the search numerical value, a projection set of the search numerical value in the polynomial point set, A polynomial point subset computing means for computing a polynomial point subset which is a subset;
A polynomial point subset element number discriminating means for discriminating whether or not there are (c−L) or more calculated points of the polynomial point subset;
(CL) Secret similar information calculation means for calculating secret similar information in which the similar information is concealed by calculating each secret registration information corresponding to the polynomial point subset having more than (c−L) points;
A similar information retrieval program characterized by functioning as