WO2013108698A1 - 文字列がオートマトンに受理されるか否かを認証するシステム - Google Patents
文字列がオートマトンに受理されるか否かを認証するシステム Download PDFInfo
- Publication number
- WO2013108698A1 WO2013108698A1 PCT/JP2013/050263 JP2013050263W WO2013108698A1 WO 2013108698 A1 WO2013108698 A1 WO 2013108698A1 JP 2013050263 W JP2013050263 W JP 2013050263W WO 2013108698 A1 WO2013108698 A1 WO 2013108698A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- index
- character
- client
- state
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/903—Querying
- G06F16/90335—Query processing
- G06F16/90344—Query processing by using string matching techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/24—Key scheduling, i.e. generating round keys or sub-keys for block encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/061—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
Definitions
- the present invention relates to a server, a client, a method, and a program for authenticating whether a character string is accepted by an automaton.
- Patent Document 1 Japanese Unexamined Patent Application Publication No. 2009-151757
- Non-patent Document 1 Michael J. Freedman, Kobbi Nissim and Benny Pinkas, "Efficient Private Matching and Set Intersection", Advances in Cryptology EUROCRYPT 2004, Lecture Notes in Computer Science, 2004
- Non-Patent Document 2 Even, O. Goldreich, and A Lempel, "A Randomized Protocol for Signing Contracts", Communications of the ACM, Volume 28, Issue 6, pg. 637-647, 1985
- a server having an automaton that is connectable to a client that inputs a character string and that defines a subsequent state to be shifted for each previous state and for each character.
- a key chain that encrypts the key of the next index corresponding to the subsequent state that transitions from the state according to the character with the key corresponding to the state
- a key chain generation unit that generates the key chain corresponding to each input character in the set of key chains for each index in a state in which the input character is concealed from the client in communication with the client;
- a server having a providing unit provided to the client, and an information processing method executed by such a server And to provide the program.
- a client that can connect to a server having an automaton that defines a previous state to be transitioned for each previous state and for each character, and that inputs a character string, communicates with the server.
- the receiving unit that receives a plurality of key chains corresponding to the characters input for each index from the server, and the plurality of keys received using the keys decrypted in the decryption process corresponding to the immediately preceding index in the order of the indexes
- FIG. 1 shows a configuration of an authentication system 10 according to the present embodiment.
- FIG. 2 shows functional block configurations of the server 20 and the client 30 according to the present embodiment.
- FIG. 3 shows a flowchart of processing of the server 20 and the client 30 according to the present embodiment.
- FIG. 4 shows a flowchart of key chain set generation processing.
- FIG. 5 shows an example of each state key generated for each index.
- FIG. 6 shows an example of an automaton transition table, and a key table in which keys of the next index of the next state corresponding to each state and each character in the first index, the second index, and the third index are assigned. An example is shown.
- FIG. 7 shows an example of a set of key chains generated for each combination of index, character, and state.
- FIG. 8 shows an example of the final state information.
- FIG. 9 shows an example of an indexed state transition value from the first index to the third index when a binary character of “0” or “1” is input.
- FIG. 10 shows an example of a set of key chains associated with indexed state transition values.
- FIG. 11 shows an example of communication processing by the secret common set calculation protocol in the authentication system 10 according to the present embodiment.
- FIG. 12 shows an example of a plurality of response ciphertexts received by the client 30 in this embodiment and a plurality of key chains decrypted from the plurality of response ciphertexts.
- FIG. 13 shows a flowchart of sequential decryption processing of a plurality of key chains in the client 30.
- FIG. 14 shows an example of a key decrypted in the sequential decryption process of the number of key chains by the client 30.
- FIG. 15 shows a configuration of the authentication system 10 according to the modification.
- FIG. 16 shows a flowchart of processing of the server 20 and the client 30 according to the modification.
- FIG. 17 shows an example of a set of key chains of the first index.
- FIG. 18 shows an example of a set of key chains of the second index.
- FIG. 19 shows an example of a set of key chains of the third index.
- FIG. 20 shows an example of keys that are sequentially decrypted from a subset of the key chain for each index.
- FIG. 21 shows a flow of delivery processing by lost communication of a subset of the key chain between the server 20 and the client 30 according to this modification.
- FIG. 22 shows a flow following FIG.
- FIG. 23 shows the flow following FIG.
- FIG. 24 shows an example of a hardware configuration of a computer 1900 according to the present embodiment.
- FIG. 1 shows a configuration of an authentication system 10 according to the present embodiment.
- the authentication system 10 according to the present embodiment includes a server 20 and a client 30.
- the server 20 and the client 30 are connected to each other via a network.
- the authentication system 10 according to the present embodiment determines whether the automaton held by the server 20 transitions to the correct final state based on the character string input to the client 30.
- Client 30 inputs a character string from the outside.
- the character included in the character string may be any character.
- the character may be a binary character “0” or “1”, or may be a character represented by 1 byte.
- the server 20 has an automaton whose state transitions according to the received character.
- the automaton defines a rear state to be transitioned for each previous state and for each character.
- the characters received by the automaton are characters input to the client 30.
- the automaton represents a regular expression of a set of character strings (character string group) registered in advance.
- the automaton sequentially receives each character included in the character string from the top, and sequentially changes the state one character at a time from the top character.
- the automaton then outputs “accept” if it has transitioned to the correct final state after receiving the last character and transitioned, and outputs “not accepted” if it has not transitioned to the correct final state.
- the server 20 and the client 30 are input to the client 30 by concealing the character string input by the client 30 from the server 20 and concealing the automaton held by the server 20 from the client 30. It is determined whether the automaton held by the server 20 changes to the correct final state based on the character string.
- FIG. 2 shows a functional block configuration of each of the server 20 and the client 30 according to the present embodiment.
- the server 20 includes an automaton storage unit 42, a key generation unit 44, a key chain generation unit 46, an indexed state transition value generation unit 48, a synthesis unit 50, and a provision unit 52.
- the client 30 includes an input unit 60, an indexed character generation unit 62, a reception unit 64, and a decryption unit 66.
- the input unit 60 of the client 30 inputs each character included in the character string one by one.
- the input unit 60 passes each input character to the indexed character generation unit 62.
- the indexed character generator 62 generates an indexed character for each character included in the character string.
- the index represents the position of the character in the character string, that is, the order of the character in which the character is given to the automaton.
- the indexed character is a value representing a set of the character and the index, and is a value obtained by substituting a value representing a character and a value representing an index into a one-way function, for example.
- the indexed character may be a concealed or encrypted value so that it is difficult to detect the character and the index from the value.
- the indexed character generation unit 62 delivers each of the indexed characters generated for each character included in the character string to the reception unit 64.
- the automaton storage unit 42 of the server 20 stores an automaton for determining whether or not to accept a character string input to the client 30.
- the automaton storage unit 42 includes, as an example, a transition table representing state transition, a character group that can be input, a state group, an initial state, and a final state.
- the state transitions in accordance with the transition table according to each character included in the character string being given one character from the top, that is, for each index.
- the transition of the automaton from the previous state to the subsequent state in response to a single character being given is called a state transition
- the combination of the previous state, the character, and the subsequent state in the state transition is called a state transition relationship.
- the key generation unit 44 of the server 20 generates a key corresponding to each of a plurality of states included in the automaton for each index. Furthermore, the key generation unit 44 also generates a key corresponding to each state that is the last transition destination (the last state that transitions as a result of the automaton receiving up to the last character of the character string). An example of the key generated by the key generation unit 44 will be further described with reference to FIG.
- the key chain generation unit 46 of the server 20 For each combination of index, character, and state, the key chain generation unit 46 of the server 20 encrypts the key of the next index corresponding to the subsequent state that transitions from the state according to the character with the key corresponding to the state. Generated key chain.
- the key chain generation unit 46 uses the key corresponding to the state in the index corresponding to the last character of the character string, and the key corresponding to the last transition destination state that transitions from the state according to the character. Generate a key chain that encrypts. Each of these keys is generated by the key generation unit 44.
- the key chain generation unit 46 encrypts a value indicating whether or not the last transition destination state is the final state determined by the automaton, using the key corresponding to the last transition destination state.
- the final state information is generated. Details of an example of a set of key chains and final state information will be further described with reference to FIG. 4, FIG. 7, FIG.
- the indexed state transition value generation unit 48 of the server 20 generates an indexed state transition value for each state transition relationship.
- the indexed state transition value is a value representing a combination of a character and an index that each state transition can accept in an automaton. For example, a value representing a character and a value representing an index are substituted into a one-way function. This is the value obtained. In this case, the one-way function is the same as the one-way function used to generate the index character.
- the indexed state transition value may be a value concealed or encrypted so that it is difficult to detect the character and the index from the value. An example of the indexed state transition value will be further described with reference to FIG.
- the composition unit 50 of the server 20 adds an indexed state generated by the indexed state transition value generation unit 48 to each key chain included in the set of key chains generated by the key chain generation unit 46. Associate transition values. Then, the synthesis unit 50 generates a set of key chains associated with the indexed state transition values.
- An example of a set of key chains associated with indexed state transition values will be further described with reference to FIG.
- the providing unit 52 of the server 20 communicates with the receiving unit 64 of the client 30.
- the receiving unit 64 of the client 30 communicates with the providing unit 52 of the server 20.
- the providing unit 52 of the server 20 communicates with the receiving unit 64 of the client 30 so that each input character string is included in the set of key chains for each index in a state where the input characters are kept secret.
- a corresponding key chain is provided to the client 30. That is, for each index, the providing unit 52 does not provide the receiving unit 64 with a key chain corresponding to a character string that is not input by the input unit 60, but only a key chain corresponding to the character string input by the input unit 60. Is provided to the receiving unit 64.
- the receiving unit 64 of the client 30 communicates with the providing unit 52 of the server 20 and receives a key chain corresponding to the input character string from the server 20 for each index in a state where the automaton is concealed. That is, for each index, the receiving unit 64 does not receive the key chain corresponding to the character string not input by the input unit 60 from the providing unit 52, and provides only the key chain corresponding to the character string input by the input unit 60. Received from part 52.
- the providing unit 52 and the receiving unit 64 correspond to the input character string using a concealed common set calculation protocol for concealing each other's set elements and detecting whether a common element is included between each set.
- the key chain to be transferred Thereby, the providing unit 52 can provide the receiving unit 64 with a key chain corresponding to the input character string in a state where the automaton is concealed from the client 30.
- the receiving unit 64 can receive a key chain corresponding to the input character from the providing unit 52 in a state where the input character string is concealed from the server 20.
- the providing unit 52 of the server 20 receives the key corresponding to the initial state (that is, the key of the first index corresponding to the initial state) and the final state information generated by the key chain generating unit 46 of the client 30.
- the receiving unit 64 of the client 30 receives the key corresponding to the initial state and the final state information from the providing unit 52 of the server 20.
- the decrypting unit 66 performs the decrypting process on each of all the key chains received by the receiving unit 64 using the keys decrypted in the decrypting process corresponding to the immediately preceding index in the order of the indexes, and sets the next index. The corresponding key is decrypted. Note that the decrypting unit 66 performs decryption processing using the initial state key separately obtained from the server 20 in the decryption processing of the first index. Furthermore, the decryption unit 66 can decrypt the key corresponding to the last transition destination state in the decryption process corresponding to the last index corresponding to the last character of the character string.
- the decrypting unit 66 decrypts the final state information with the decrypted key. As a result of decoding the final state information, the decoding unit 66 determines that the state has transitioned to the correct final state when a value representing the final state can be acquired. When the value representing the final state can be acquired, the decoding unit 66 outputs information indicating that the character string has been accepted by the automaton, and ends when the value indicating the final state cannot be acquired. Outputs information indicating that the string was not accepted by the automaton.
- FIG. 3 shows a flowchart of processing of the server 20 and the client 30 according to the present embodiment.
- the client 30 inputs a character string.
- the client 30 may input a character string having a predetermined number of characters or a variable-length character string.
- the client 30 notifies the server 20 of the number of input characters (that is, the number of indexes).
- step S12 the client 30 generates an indexed character representing an index and a set of input characters for each character of the input character string.
- the indexed character is a value obtained by substituting a value representing the index and a value representing the input character into the one-way function.
- the content of the one-way function is determined in advance between the server 20 and the client 30, for example.
- N is an integer equal to or greater than 2
- the client 30 for example, for each character included in the character string, the character index (that is, the order from the beginning of the character in the character string) and the character A value representing a character is substituted into the one-way function g ().
- the client 30 can calculate a value (indexed character) representing an index and a set of input characters.
- the client 30 performs such an operation on all characters included in the character string, and generates a set of indexed characters as shown in the following Equation 3. Then, the client 30 stores such a set of indexed characters in a memory or the like.
- step S13 for each index, each character, and each state, the server 20 encrypts the key of the next index corresponding to the subsequent state that transitions from the state according to the character using the key corresponding to the state. Generate a simplified key chain.
- the server 20 encrypts the key corresponding to the last transition destination state that transitions from the state according to the character with the key corresponding to the state. Generated key chain. The details of the key chain generation process will be described with reference to the flowchart of FIG.
- the server 20 generates an indexed state transition value for each state transition relationship.
- the indexed state transition value is a value obtained by substituting a value representing an index and a value representing a character into a one-way function, as shown in Equation 4 below.
- the server 20 can calculate a value (indexed state transition value) representing a set of an index and a character.
- the one-way function for generating the indexed state transition value is the same as the one-way function used by the client 30 to generate the indexed character.
- step S14 the server 20 generates, for each index, an indexed state transition value for each character that can be input by the automaton, as shown in the following formula 5.
- ⁇ represents the number of characters that can be input by the automaton.
- step S15 the server 20 associates a corresponding indexed state transition value with each of the generated plurality of key chains. Then, the server 20 generates a set of key chains associated with indexed state transition values.
- a set of key chains associated with indexed state transition values will be further described with reference to FIG.
- step S16 the server 20 and the client 30 deliver a key chain corresponding to the input character using the secret common set calculation protocol.
- the client 30 transmits to the server 20 a transmission ciphertext obtained by encrypting a set of indexed characters for each character of the input character string. Subsequently, for each key chain included in the set of key chains, the server 20 becomes the key chain when the corresponding indexed state transition value is included in the set of indexed characters based on the transmitted ciphertext. When the indexed state transition value is not included in the set of indexed characters, a response ciphertext is generated by encrypting the value that does not become the key chain, and is transmitted to the client 30.
- the client 30 receives the response ciphertext from the server 20 and decrypts the received response ciphertext. Thereby, the client 30 can receive the key chain corresponding to the inputted character for each index.
- the server 20 can provide the client 30 with a key chain corresponding to the input character in a state where the automaton is concealed from the client 30. Further, the client 30 can receive a key chain corresponding to the input character from the server 20 in a state where the input character string is concealed from the server 20.
- step S ⁇ b> 17 the server 20 transmits the key corresponding to the initial state (that is, the key of the first index corresponding to the initial state) and the final state information to the client 30.
- step S18 the client 30 performs decryption processing on each of all the key chains received from the server 20 using the keys decrypted in the decryption processing corresponding to the immediately preceding index in the order of the indexes.
- the key corresponding to the next index is sequentially decrypted.
- the client 30 performs the decryption process using the initial state key separately received from the server 20.
- the client 30 performs a decryption process on each of the key chains received by the receiving unit 64 in the process corresponding to the last index corresponding to the last character of the character string, so that the last transition is performed.
- the key corresponding to the previous state can be decrypted.
- the client 30 decrypts the final state information with the decrypted key.
- the client 30 determines that it has transitioned to the correct final state when a value representing the final state can be acquired.
- the client 30 outputs information indicating that the character string has been accepted by the automaton when the value representing the final state can be acquired, and the character string when the client 30 ends without obtaining the value representing the final state. Outputs information indicating that was not accepted by the automaton.
- the server 20 and the client 30 conceal the character string input by the client 30 from the server 20, conceal the automaton held by the server 20 from the client 30, and are input to the client 30. It can be determined whether the automaton held by the server 20 transitions to the correct final state based on the character string.
- FIG. 4 shows a flowchart of key chain set generation processing.
- FIG. 5 shows an example of each state key generated for each index.
- FIG. 6 shows an example of an automaton transition table, and a key table in which keys of the next index of the next state corresponding to each state and each character in the first index, the second index, and the third index are assigned. An example is shown.
- the server 20 executes the following processing from step S31 to step S42 as the key chain set generation processing in step S13 of FIG.
- step S31 the server 20 generates a key corresponding to each of a plurality of states included in the automaton for each index. Furthermore, the server 20 also generates a key corresponding to each state that is the last transition destination.
- the server 20 generates a random number having a different value as a key. For example, if the automaton has three states (state a, state b, and state c) and the character string includes three characters, the server 20 generates a key as shown in FIG.
- the server 20 corresponds to the first index
- the r a0 generates a key corresponding to the state a
- the r b0 generated as a key that corresponds to the state b
- state rc0 is generated as a key corresponding to c.
- the server 20 generates r a1 as a key corresponding to the state a
- r c1 as a key corresponding to the state c.
- the server 20 is, in the third index, the r a2 generated as a key that corresponds to the state a, the r b2 occurs as a key that corresponds to the state b, to generate the r c2 as a key that corresponds to the state c . Further, the server 20, in response to the last transition destination, the r a3 generated as a key that corresponds to the state a, the r b3 generates a key corresponding to the state b, r c3 as a key that corresponds to the state c Is generated.
- the server 20 repeats the processing from step S33 to step S40 for each index.
- the server 20 repeats the processing from step S34 to step S39 for each character.
- the server 20 repeats the processing from step S35 to step S38 for each state.
- the server 20 repeatedly executes the processing from step S35 to step S38 for each index, each character, and each state.
- step S35 the server 20 reads the index corresponding to the processing target and the key corresponding to the state from the keys generated in step S31.
- step S36 the server 20 reads the automaton transition table, and identifies the post-state that transitions in response to the input of the character that is the processing target in the state that is the processing target. To do.
- the rear state is “a”, and when the character “1” is input in the state a, the rear state Becomes "b".
- the rear state is “a”, and when the character “1” is input in the state b, the rear state is “c”.
- the rear state is “c”, and when the character “1” is input in the state c, the rear state is “c”.
- step S37 the server 20 reads the key corresponding to the state specified in step S36 in the index next to the processing target index from the keys generated in step S31.
- the server 20 reads a key as shown in the key table of FIG. 6A for the first index. That is, the server 20 receives the key “r a1 ” when the character “0” is input in the state a, the key “r b1 ” when the character “1” is input in the state a, and the character in the state b.
- the key “r a1 ” is input when “0” is input
- the key “r c1 ” is input when the character “1” is input in the state b
- the character “0” is input in the state c.
- the key “r c1 ” and the character “1” are input in the state c
- the key “r c1 ” is read out.
- the server 20 reads a key as shown in the key table of FIG. 6B for the second index. That is, the server 20 receives the key “r a2 ” when the character “0” is input in the state a, the key “r b2 ” when the character “1” is input in the state a, and the character in the state b.
- the key “r a2 “ when the character “1” is entered in the state b
- the key “r c2” when the character “0” is entered in the state c
- the key “r c2 ” is read out.
- the server 20 reads a key as shown in the key table of FIG. 6C. That is, the server 20 receives the key “r a3 ” when the character “0” is input in the state c, the key “r b3 ” when the character “1” is input in the state a, and the character in the state b.
- the key “r a3 “, when the character “1” is entered in the state b the key “r c3 “, when the character “0” is entered in the state c
- the key “r c3 ” is read out.
- step S38 the server 20 generates a key chain obtained by encrypting the key of the next index corresponding to the state read in step S37 with the key of the index corresponding to the state read in step S35.
- the key chain encryption method may be, for example, a Diffie-Hellman encryption method such as a secret key encryption method with a message authentication code (MAC).
- MAC message authentication code
- step S42 when the server 20 finishes generating the key chain by executing the processing from step S35 to step S38 for all indexes, all characters, and all states, the process proceeds to step S42.
- step S42 the server 20 encrypts a value indicating whether or not the last transition destination state is the final state determined by the automaton, using the key corresponding to the last transition destination state.
- the final state information is generated.
- the server 20 will complete
- FIG. 7 shows an example of a set of key chains generated for each combination of index, character, and state.
- the server 20 can generate a set of key chains.
- the server 20 when an automaton transition table and a key as shown in FIG. 6 are generated, the server 20 generates a set of key chains corresponding to each combination of index, character, and state as shown in FIG. can do.
- Enc (x, y) represents that data y is encrypted by a common key encryption method using a key x.
- the common key encryption method is an encryption method that uses the same key for encryption and decryption, such as DES (Data Encryption Standard) and AES (AdvancedAEncryption Standard).
- FIG. 8 shows an example of final state information.
- the server 20 can generate final state information as a result of executing the process of step S42 of FIG. For example, in the case where an automaton transition table and a key as shown in FIG. 6 are generated, if the correct final state defined by the automaton is “a”, the server 20 will send the final state as shown in FIG. State information can be generated.
- the server 20 uses the key “r a3 ” corresponding to the last transition destination state “a” to encrypt the value indicating the correct final state (“1” in this example). Generate information. Also, final state information is generated by encrypting a value (in this example, “0”) indicating that the state is not the correct final state, by using the key “r b3 ” corresponding to the last transition destination state “b”. . Also, final state information is generated by encrypting a value (in this example, “0”) indicating that the state is not the correct final state, by using the key “r c3 ” corresponding to the last transition destination state “c”. .
- FIG. 9 shows an example of an indexed state transition value from the first index to the third index when a binary character of “0” or “1” is input.
- the server 20 can generate an indexed state transition value as a result of executing the process of step S14 of FIG.
- the server 20 adds an index as shown in FIG. Generate state transition values. That is, the server 20 generates an indexed state transition value for each of the first to third indexes and for each of the acceptable characters “0” and “1”.
- FIG. 10 shows an example of a set of key chains associated with indexed state transition values.
- the server 20 can associate an indexed state transition value with each of a plurality of key chains generated for each combination of index, character, and state as a result of executing the process of step S15 of FIG.
- the server 20 includes an index representing a set of the first index and the character “0” for each key chain corresponding to the character “0” of the first index.
- the state transition value f (1, 0) is associated.
- the server 20 sets an indexed state transition value f (1, 1) representing a set of the first index and the character “1” for each key chain corresponding to the character “1” of the first index. ).
- the server 20 represents a set of the second index and the character “0” for each key chain corresponding to the character “0” of the second index.
- the indexed state transition value f (2, 0) is associated.
- the server 20 assigns an indexed state transition value f (2,1) representing a set of the second index and the character “1” to each key chain corresponding to the character “1” of the second index. ).
- the server 20 represents a set of the third index and the character “0” for each key chain corresponding to the character “0” of the third index.
- the indexed state transition value f (3, 0) is associated.
- the server 20 assigns an indexed state transition value f (3,1) representing a set of the third index and the character “1” to each key chain corresponding to the character “1” of the third index. ).
- FIG. 11 shows an example of communication processing by the secret common set calculation protocol in the authentication system 10 according to the present embodiment.
- the server 20 and the client 30 use the secret common set calculation protocol shown in steps S51 to S58 below to generate a key chain corresponding to the character input in each index from the generated set of key chains. Deliver to 30.
- step S51 the client 30 acquires a set of indexed characters.
- the client 30 sets a set of N indexed characters g 1 to g corresponding to each of the first to Nth characters X 1 to X N as shown in Equation 6 below. Get N.
- step S52 the client 30 generates a polynomial P (x).
- the polynomial P (x) becomes 0 when any indexed character included in the set of indexed characters g 1 to g N is assigned to the variable x, and non-value when a value other than the indexed character is assigned. It is a function that becomes zero. That is, the client 30 generates a polynomial P (x) having an indexed character included in the indexed character set g 1 to g N as a solution of the variable x, as shown in the following Expression 7.
- step S53 the client 30 determines the coefficients l N , l N ⁇ 1 ,..., L 0 of all the orders of the polynomial P (x) as shown in the following equation (8) and predetermined values.
- a plurality of transmission ciphertexts are generated by encrypting each of the constants (for example, 1) by an encryption method having homomorphism (for example, additive homomorphism).
- the client 30 encrypts each coefficient and a predetermined constant by the extended El Gamal encryption.
- E (m) represents a ciphertext obtained by encrypting plaintext m by an encryption method having additive homomorphism.
- the ciphertext encrypted by the encryption method having additive homomorphism has the characteristics as shown in the following equation (9). Note that m 1 , m 2 , and m represent plain text.
- step S54 the client 30 transmits the generated plurality of transmission ciphertexts to the server 20.
- the client 30 transmits each transmission ciphertext so that the server 20 can specify which order coefficient corresponds to.
- step S55 the server 20 acquires a set of key chains associated with indexed state transition values.
- the server 20 acquires a set of key chains associated with indexed state transition values as shown in Equation 10 below. Note that j represents an index value.
- step S56 the server 20 is based on a plurality of transmission ciphertexts transmitted from the client 30 for each key chain included in the set of key chains (that is, for each index, each character, and each previous state).
- Response ciphertext is generated in More specifically, for each key chain included in the set of key chains, the server 20 determines that the corresponding indexed state transition value is included in the set of indexed characters based on the transmitted ciphertext. If it becomes a key chain and the indexed state transition value is not included in the set of indexed characters, a response ciphertext that encrypts a value that does not become the key chain (for example, a random number) is generated.
- the server 20 uses the characteristics of the homomorphic ciphertext as follows when the indexed state transition value corresponding to the jth index and the character x ⁇ is f and the key chain is S.
- the response ciphertext shown in Equation 11 is generated.
- the response ciphertext shown in Equation 11 is obtained by multiplying a value P (f) representing the result of substituting the indexed state transition value f into the variable x of the polynomial P (x) by the random number r, the key
- the ciphertext E is obtained by encrypting a value obtained by adding the chain S with an encryption method having additive homomorphism.
- the server 20 transmits transmission ciphertexts (E (l N ), E (l N ⁇ 1 )..., E (l 1 ), in which each coefficient of the polynomial is encrypted by an encryption method having additive homomorphism.
- E (l 0 )) is added (on the ciphertext) by the number of indexed state transition values (f N , f N ⁇ 1 ,..., F 1 , f 0 ) in which the corresponding orders are raised to the power.
- the calculated values are calculated, and these are added and synthesized.
- the server 20 adds the added and synthesized values r times (on the ciphertext), and then adds the ciphertext E (S) obtained by encrypting the key chain S by the encryption method E (on the ciphertext). .
- the server 20 can generate a response ciphertext as shown in Equation 11 above.
- the server 20 generates such a response ciphertext for each of a plurality of key chains included in the set of key chains. For example, when the server 20 generates a response ciphertext corresponding to the set of key chains associated with the indexed state transition values shown in Expression 10, the index 20 is expressed as shown in Expression 12 below. The three response ciphertexts corresponding to the character “0” and the three response ciphertexts corresponding to the character “1” are generated.
- step S57 the server 20 transmits the generated response ciphertexts to the client 30.
- step S58 the client 30 decrypts each of the plurality of response ciphertexts with the decryption key corresponding to the encryption key used in step S53.
- the solution of the polynomial P (x) is the indexed characters g 1 , g 2 , g 3 ,..., G N. Therefore, when the indexed state transition value f assigned to the polynomial P (x) matches any of the indexed characters g 1 , g 2 , g 3 ,..., G N , the polynomial P (x) The calculation result is 0. Therefore, in this case, the decryption result obtained by decrypting the response ciphertext is the key chain S.
- the client 30 can receive the key chain corresponding to the input character for each index by decrypting each of the plurality of response ciphertexts.
- the server 20 and the client 30 execute a communication process based on the secret common set calculation protocol, thereby concealing the character string from the server 20 and corresponding to a character other than the input character. Can be transferred from the server 20 to the client 30 for each index.
- FIG. 12 shows an example of a plurality of response ciphertexts received by the client 30 in this embodiment and a plurality of key chains decrypted from the plurality of response ciphertexts.
- the client 30 receives a plurality of response ciphertexts as shown in FIG.
- the client 30 corresponds to a plurality of response ciphertexts corresponding to the character “0” of the first index and the character “1” of the second index.
- the client 30 acquires the unknown value (X) as a result of decrypting the other response ciphertext.
- the client 30 stores the decryption result obtained by decrypting each of the plurality of response ciphertexts in, for example, a memory without distinguishing whether it is a key chain or an unknown value.
- FIG. 13 shows a flowchart of sequential decryption processing of a plurality of key chains in the client 30.
- the client 30 executes the following processing from step S61 to step S65 as the decryption processing of the key chain in step S18 shown in FIG.
- the client 30 executes the process of step S62 in the order of the index (loop process between step S61 and step S63).
- step S62 the client 30 performs a decryption process on each of all the key chains received by the receiving unit 64, using the key decrypted in the decryption process corresponding to the immediately preceding index. Then, the key corresponding to the next index is decrypted.
- the client 30 may execute the decryption process on all the decryption results of the plurality of response ciphertexts received by the receiving unit 64 for all indexes. That is, the client 30 may execute the decryption process on all the decryption results without distinguishing the key chain and the unknown value.
- step S62 in the decryption process corresponding to the first index, the client 30 performs the decryption process on each of the key chains received by the receiving unit 64 using the key in the initial state. Thus, the key corresponding to the second index is decrypted.
- step S62 the client 30 performs decryption processing on each of all the key chains received by the receiving unit 64 in the decryption processing corresponding to the last index corresponding to the last character of the character string. The key corresponding to the last transition destination state can be decrypted.
- One key corresponding to the state of the index transition destination can be decrypted.
- the client 30 can decrypt one key corresponding to the state of the transition destination of the next index with the key corresponding to the next index.
- the client 30 can decrypt one key corresponding to the last transition destination state by executing a decryption process corresponding to the last index of the character string.
- step S64 the client 30 decrypts the final state information with the key corresponding to the last transition destination state obtained by executing the decryption process corresponding to the last index.
- the client 30 can obtain either a value indicating the final state or a value indicating that the final state is not the final state.
- step S65 the client 30 determines whether or not a value indicating the final state has been decoded as a result of the processing in step S64.
- the client 30 outputs that the character string has been accepted by the automaton and ends the process of the flowchart. If the value indicating the final state is not decoded, the client 30 outputs that the character string has not been accepted by the automaton and ends the process of the flowchart.
- FIG. 14 shows an example of a key that is decrypted in the sequential decryption process of a number of key chains by the client 30.
- the client 30 may use a plurality of response ciphertexts in the sequential decryption process of the key chain corresponding to each index, for example, as shown in FIG. From the result of decrypting each of these (the result including the key chain and the unknown value), it is possible to obtain a key in a state of transition at the next index.
- the client 30 uses the initial key r a0 to decrypt a plurality of response ciphertexts (a result including a key chain and an indefinite value).
- the decryption process is performed on each of the above.
- the client 30 obtains 2 from the response ciphertext Enc (r a0 , r a1 ) corresponding to the automaton state (state a) at the second index among the decryption results of the plurality of response ciphertexts.
- the key r a1 corresponding to the th index can be obtained.
- the client 30 uses the key r a1 decrypted by the decryption process corresponding to the immediately preceding index to each of the decryption results of the plurality of response ciphertexts. Perform decryption processing. As a result, the client 30 obtains from one response ciphertext Enc (r a1 , r b2 ) corresponding to the state of the automaton (state b) at the third index among the decryption results of the plurality of response ciphertexts to 3 The key rb2 corresponding to the th index can be obtained.
- the client 30 uses the key r b2 decrypted by the decryption process corresponding to the immediately preceding index to decrypt the plurality of response ciphertexts.
- the decryption process is performed on each of the above.
- the client 30 determines the last transition destination from one response ciphertext Enc (r b2 , r a3 ) corresponding to the last transition destination state (state a) among the decryption results of the plurality of response ciphertexts.
- the key ra3 corresponding to the state can be acquired.
- the client 30 uses the key r a3 corresponding to the last transition destination state to use the final state information Enc (r a3 , 1). Is decrypted. As a result, the client 30 can acquire a value (for example, “1”) indicating the correct final state from the final state information Enc (r a3 , 1).
- FIG. 15 shows a configuration of the authentication system 10 according to the modification.
- the authentication system 10 according to the present modification has substantially the same configuration and function as the authentication system 10 according to the present embodiment described with reference to FIGS. Therefore, about this modification, description is abbreviate
- the server 20 includes an automaton storage unit 42, a key generation unit 44, a key chain generation unit 46, and a provision unit 52.
- the client 30 includes an input unit 60, a receiving unit 64, and a decrypting unit 66.
- the providing unit 52 of the server 20 communicates with the client 30 and selectively transmits a subset corresponding to the characters input by the client 30 from the set of key chains for each index to the client 30 by lost communication.
- the receiving unit 64 of the client 30 communicates with the providing unit 52 of the server 20 and selectively receives a subset of the key chain corresponding to the input character string from the server 20 for each index by lost communication.
- the providing unit 52 and the receiving unit 64 deliver a subset of the key chain corresponding to the input character string using the lost communication protocol.
- the receiving side device cannot acquire a message other than the specified identification number and does not specify the specified identification number to the transmitting side device, but the receiving side device out of the M messages held by the transmitting side device. Is a protocol for transmitting a message having an identification number designated by the sender device to the receiver device.
- An example of lost communication is described in Non-Patent Document 2, for example.
- the providing unit 52 conceals a subset of the key chain other than the character string input by the client 30 from the client 30 by using such lost communication, and stores the key chain corresponding to the input character.
- a subset can be provided to the client 30.
- the receiving unit 64 can conceal the input characters from the server 20 and receive a subset of the key chain corresponding to the input characters from the server 20.
- the providing unit 52 of the server 20 rearranges a plurality of key chains in the key chain subset for each index, and transmits them to the client 30. Thereby, the server 20 can make it impossible to estimate the state of the automaton from the decoding result.
- the decryption unit 66 of the client 30 uses the keys decrypted in the decryption process corresponding to the immediately preceding index in the order of the indexes, and applies to each key chain included in the subset of the key chain received corresponding to the index. And decrypting the key corresponding to the next index.
- FIG. 16 shows a flowchart of processing of the server 20 and the client 30 according to the modification.
- step S71 the client 30 inputs a character string.
- the process of step S71 is the same as the process of step S11 shown in FIG.
- step S72 the server 20 generates a set of key chains for each index.
- the process of step S72 is different in that the process of step S13 shown in FIG. 3 is executed for each index, but the other points are the same as step S13 shown in FIG.
- the server 20 and the client 30 for each index are transferred from the server 20 to the client 30 using the lost communication protocol. That is, in the first index processing (step S73), the server 20 and the client 30 input at the first index among the set of key chains generated corresponding to the set of key chains of the first index. A subset of the key chain corresponding to the set character (that is, the first character) is transferred from the server 20 to the client 30 by lost communication.
- the server 20 and the client 30 input in the second index of the set of key chains generated corresponding to the set of key chains of the second index in the processing of the second index (step S74).
- a subset of the key chain corresponding to the set character ie, the second character is transferred from the server 20 to the client 30 by lost communication.
- the server 20 and the client 30 execute the same processing in each of the third to (N-1) th indexes. Then, in the processing of the Nth index (step S75), the server 20 and the client 30 input at the Nth index among the set of key chains generated corresponding to the set of keychains of the Nth index. A subset of the key chain corresponding to the designated character (ie, the Nth character) is transferred from the server 20 to the client 30 by lost communication.
- step S76 the server 20 transmits the key corresponding to the initial state and the final state information to the client 30.
- step S77 the client 30 uses the keys decrypted in the decryption process corresponding to the immediately preceding index in the order of the indexes, and the key chain corresponding to the character input in the index received from the server 20. Decryption processing is performed on each of the subsets, and the key corresponding to the next index is sequentially decrypted.
- step S77 is different from the process in step S18 in FIG. 3 in that the decryption target is a plurality of key chains included in a subset of the key chain corresponding to the character input in the index. This point is the same as the processing in step S18 in FIG.
- the server 20 and the client 30 conceal the character string input by the client 30 from the server 20, conceal the automaton held by the server 20 from the client 30, and are input to the client 30. It can be determined whether the automaton held by the server 20 transitions to the correct final state based on the character string.
- FIG. 17 shows an example of a set of key chains of the first index.
- FIG. 18 shows an example of a set of key chains of the second index.
- FIG. 19 shows an example of a set of key chains of the third index.
- the server 20 can generate a set of key chains for each index as a result of executing the process of step S72 of FIG. For example, when automaton transition tables as shown in FIGS. 5 and 6 and keys for each index are generated, the server 20 sets the key chain set of the first index as shown in FIG. 17, for example. Can be generated.
- Enc (x, y) represents that data y is encrypted by a common key encryption method using a key x.
- the common key encryption method is an encryption method that uses the same key for encryption and decryption, such as DES and AES.
- the server 20 can generate a set of key chains of the second index as shown in FIG. 18, for example.
- the server 20 can generate a set of key chains of the third index as shown in FIG.
- Each of the set of key chains for each index is divided into a subset for each character. For example, as shown in FIGS. 17, 18, and 19, the set of key chains of the first index, the second index, and the third index is a subset of the key chain corresponding to the character “0”. , And a subset of the key chain corresponding to the character “1”.
- the server 20 randomly rearranges the order of the key chains in each subset for each index during transmission to the client 30. Thereby, the client 30 can make it impossible to estimate the corresponding state in the automaton from the arrangement order of the key chains.
- FIG. 20 shows an example of keys that are sequentially decrypted from a subset of the key chain for each index.
- the client 30 selectively receives a subset of the key chain corresponding to the character input in the index corresponding to each index by the lost communication protocol.
- the client 30 receives a subset of the key chain corresponding to the first character “0” in the first index. And no subset of the key chain corresponding to other characters has been received.
- the client 30 has received a subset of the key chain corresponding to the second character “1”, and has not received a subset of the key chain corresponding to another character.
- the client 30 has received a subset of the key chain corresponding to the third character “0”, and has not received a subset of the key chain corresponding to another character.
- the client 30 then, for each index in order from the initial state, from each key chain included in the subset of the key chain corresponding to the input character received in the index, the next corresponding to the state transitioning from the state Decrypt the index key.
- the client 30 assigns each of a plurality of key chains included in the subset of the key chain corresponding to the input character to the key corresponding to the initial state (the first key corresponding to the initial state). Decryption processing is performed using the index key). As a result, the client 30 can decrypt one key from one key chain corresponding to the initial state among a subset of the key chain corresponding to the input character.
- the client 30 uses the key ra a0 of the first index corresponding to the initial state for each of the subsets of the key chain corresponding to the character “0” in the first index.
- the decryption process is executed. Thereby, the client 30 can decrypt the key r a1 of the second index from one key chain Enc (r ao , r a1 ) corresponding to the initial state “a” of the character “0”.
- the client 30 uses each key chain included in the subset of the key chain corresponding to the input character with the key decrypted in the decryption process corresponding to the immediately preceding index. Perform decryption processing. As a result, the client 30 can decrypt one key of the next index from the key chain corresponding to the state in which the automaton transitions in the index.
- the client 30 decrypts each of the subsets of the key chain corresponding to the character “1” in the second index in the decryption process corresponding to the first index. Decryption processing is executed with the key ra1 . Accordingly, the client 30 can decrypt the key r b2 of the third index from one key chain Enc (r a1 , r b2 ) corresponding to the state “a” of the character “1”.
- the client 30 has decrypted each subset of the key chain corresponding to the character “0” in the third index in the decryption process of the second index. Decryption processing is executed with the key rb2 . Thereby, the client 30 can decrypt the key r a3 corresponding to the last transition destination state from one key chain Enc (r b2 , r a3 ) corresponding to the state “b” of the character “0”. it can.
- the client 30 decrypts the final state information with the decrypted key. As a result of decoding the final state information, the client 30 determines that it has transitioned to the correct final state when a value representing the final state can be acquired.
- the client 30 performs a decryption process on the final state information Enc (r a3 , 1) using the key r a3 decrypted at the third index.
- the client 30 can decode a value (for example, 1) indicating the final state and output information indicating that the character string has been accepted by the automaton.
- the character string input by the client 30 is concealed from the server 20, and the automaton held by the server 20 is concealed from the client 30. Thus, it can be determined whether or not the character string is accepted by the automaton.
- FIG. 21 shows a flow of delivery processing by lost communication of a subset of the key chain between the server 20 and the client 30 according to this modification.
- FIG. 22 shows a flow following FIG.
- FIG. 23 shows the flow following FIG.
- M is an integer of 2 or more
- the character input by the client 30 in the index is the character having the identification number i (i-th) among the M characters.
- step S81 the server 20 generates “r”. Subsequently, in step S82, the server 20 generates “g r ” by raising “r” to “g”.
- g represents the generation source of the order “q”.
- q is an arbitrary prime number.
- g is a value determined in common by both the server 20 and the client 30.
- R is a value selected at random from the cyclic group “Z q ” of order “ q ”. Further, “r1” and “r2” to be described later are also values randomly selected from the cyclic group Z q of the order “q”.
- step S83 the server 20 generates “T 2 , T 3 , T 4 ,..., T M ”.
- T 2 , T 3 , T 4 ,..., T M ′′ are (M ⁇ 1) arbitrary integers, and are assigned identification numbers from 2 to M.
- step S84 the server 20 transmits “g r ” and “T 2 , T 3 , T 4 ,..., T M ” to the client 30.
- step S85 the client 30 receives an identification number for specifying the character input in the index among the M characters.
- the client 30 receives “i” as the identification number.
- “i” is an arbitrary integer of 1 or more and M or less.
- step S ⁇ b > 86 the client 30 selects “T i ” corresponding to the i-th identification number from “T 2 , T 3 , T 4 ,..., T M ”.
- step S87 the client 30 generates “r2”.
- step S88 the client 30 generates “g r2 ” by raising “ r2 ” to “g”.
- step S ⁇ b> 90 the client 30 transmits “PK 1 ” to the server 20.
- the server 20 it is extremely difficult for the server 20 to calculate “r2” from “g r2 ” due to the nature of the discrete logarithm. Therefore, it can be said that “r2” is kept secret from the server 20.
- step S91 the server 20 performs the following equation (11) based on “r”, “T 2 , T 3 , T 4 ,..., T M ” and the received “PK 1 ”.
- (PK 1 ) r , (PK 2 ) r ,..., (PK i ) r ,..., (PK M ) r are calculated.
- (PK i ) r is g (r 2 ⁇ r) as shown in the following equation (12).
- step S92 the server 20 generates “r1”.
- step S93 the server 20 generates M encryption keys “S 1 , S 2 ,..., S i ,..., S M ” as shown in the following formula (13).
- H (x, y, z) represents a hash function with x, y, and z as variables.
- step S95 the server 20 converts each of the M key chain subsets “Y 1 , Y 2 ,..., Y M ” into M encryption keys “S 1 , S generated in step S93”. 2, ..., S i, ... , to encrypt by the respective S M ". That is, the server 20 encrypts the subset Y 1 of the key chain corresponding to the first character of the index with the first encryption key “S 1 ”.
- the server 20 encrypts the subset Y 2 of the key chain corresponding to the second character of the index with the second encryption key “S 2 ”. Further, the server 20 encrypts the subset Y i of the key chain corresponding to the i-th character of the index with the i-th encryption key “S i ”.
- the server 20 is a subset Y M key chain corresponding to M-th character of the index, encrypts the M-th encryption key "S M". Thereby, the server 20 can generate M ciphertexts as shown in the following equation (14).
- step S ⁇ b> 96 the server 20 transmits the generated M ciphertexts to the client 30.
- step S ⁇ b> 97 the server 20 transmits “r1” to the client 30.
- step S98 the client 30 calculates “(g r ) r2 ” obtained by raising “ r 2 ” to “g r ”.
- (PK i ) r is g (r 2 ⁇ r) as shown in the equation (12). That is, “(g r ) r2 ” calculated by the client 30 in step S98 represents “(PK i ) r ”.
- step S99 the client 30 generates an encryption key “S i ” corresponding to the identification number i using “(PK i ) r ”, “r1”, and “i”. Since the client 30 cannot generate a value other than (PK i ) r (for example, (PK 1 ) r , (PK 2 ) r , (PK M ) r, etc.), it corresponds to the identification number i. An encryption key other than the encryption key “S i ” cannot be generated. Accordingly, the client 30 cannot obtain a key chain subset other than the key chain subset Y j corresponding to the character of the identification number i.
- step S100 the client 30 decrypts the key chain subset Y j from the ciphertext E (S i , Y j ) using the encryption key “S i ” generated in step S99. Thereby, the client 30 can acquire the subset Y j of the key chain corresponding to the character of the identification number i.
- the server 20 and the client 30 cannot acquire a key chain subset other than the key chain subset Y j corresponding to the character of the identification number i input in the index, and the client 30 cannot obtain the identification number. Without allowing the server 20 to identify the letter i, the key chain subset Yj corresponding to the letter i can be passed.
- FIG. 24 shows an example of a hardware configuration of a computer 1900 according to this embodiment.
- a computer 1900 according to this embodiment is connected to a CPU peripheral unit having a CPU 2000, a RAM 2020, a graphic controller 2075, and a display device 2080 that are connected to each other by a host controller 2082, and to the host controller 2082 by an input / output controller 2084.
- Input / output unit having communication interface 2030, hard disk drive 2040, and CD-ROM drive 2060, and legacy input / output unit having ROM 2010, flexible disk drive 2050, and input / output chip 2070 connected to input / output controller 2084 With.
- the host controller 2082 connects the RAM 2020 to the CPU 2000 and the graphic controller 2075 that access the RAM 2020 at a high transfer rate.
- the CPU 2000 operates based on programs stored in the ROM 2010 and the RAM 2020 and controls each unit.
- the graphic controller 2075 acquires image data generated by the CPU 2000 or the like on a frame buffer provided in the RAM 2020 and displays it on the display device 2080.
- the graphic controller 2075 may include a frame buffer for storing image data generated by the CPU 2000 or the like.
- the input / output controller 2084 connects the host controller 2082 to the communication interface 2030, the hard disk drive 2040, and the CD-ROM drive 2060, which are relatively high-speed input / output devices.
- the communication interface 2030 communicates with other devices via a network.
- the hard disk drive 2040 stores programs and data used by the CPU 2000 in the computer 1900.
- the CD-ROM drive 2060 reads a program or data from the CD-ROM 2095 and provides it to the hard disk drive 2040 via the RAM 2020.
- the ROM 2010, the flexible disk drive 2050, and the relatively low-speed input / output device of the input / output chip 2070 are connected to the input / output controller 2084.
- the ROM 2010 stores a boot program that the computer 1900 executes at startup and / or a program that depends on the hardware of the computer 1900.
- the flexible disk drive 2050 reads a program or data from the flexible disk 2090 and provides it to the hard disk drive 2040 via the RAM 2020.
- the input / output chip 2070 connects the flexible disk drive 2050 to the input / output controller 2084 and inputs / outputs various input / output devices via, for example, a parallel port, a serial port, a keyboard port, a mouse port, and the like. Connect to controller 2084.
- the program provided to the hard disk drive 2040 via the RAM 2020 is stored in a recording medium such as the flexible disk 2090, the CD-ROM 2095, or an IC card and provided by the user.
- the program is read from the recording medium, installed in the hard disk drive 2040 in the computer 1900 via the RAM 2020, and executed by the CPU 2000.
- a program installed in the computer 1900 and causing the computer 1900 to function as the server 20 includes an automaton storage module, a key generation module, a key chain generation module, an indexed state transition value generation module, a synthesis module, and a provision module. Is provided. These programs or modules work on the CPU 2000 or the like to make the computer 1900 into the automaton storage unit 42, the key generation unit 44, the key chain generation unit 46, the indexed state transition value generation unit 48, the synthesis unit 50, and the provision unit 52. Let each function.
- the information processing described in these programs is read by the computer 1900, and is a specific means in which the software and the various hardware resources described above cooperate.
- the automaton storage unit 42, the key generation unit 44, It functions as a key chain generation unit 46, an indexed state transition value generation unit 48, a synthesis unit 50, and a provision unit 52.
- the specific server 20 according to the use purpose is constructed
- the program installed in the computer 1900 and causing the computer 1900 to function as the client 30 includes an input module, an indexed character generation module, a receiving module, and a decoding module. These programs or modules work on the CPU 2000 or the like to cause the computer 1900 to function as the input unit 60, the indexed character generation unit 62, the reception unit 64, and the decoding unit 66, respectively.
- the information processing described in these programs is read by the computer 1900, and is a specific means in which the software and the various hardware resources described above cooperate with each other.
- the specific client 30 according to the intended use is constructed
- the CPU 2000 executes a communication program loaded on the RAM 2020 and executes a communication interface based on the processing content described in the communication program.
- a communication process is instructed to 2030.
- the communication interface 2030 reads transmission data stored in a transmission buffer area or the like provided on a storage device such as the RAM 2020, the hard disk drive 2040, the flexible disk 2090, or the CD-ROM 2095, and sends it to the network.
- the reception data transmitted or received from the network is written into a reception buffer area or the like provided on the storage device.
- the communication interface 2030 may transfer transmission / reception data to / from the storage device by a DMA (direct memory access) method. Instead, the CPU 2000 transfers the storage device or the communication interface 2030 as a transfer source.
- the transmission / reception data may be transferred by reading the data from the data and writing the data to the communication interface 2030 or the storage device of the transfer destination.
- the CPU 2000 is all or necessary from among files or databases stored in an external storage device such as a hard disk drive 2040, a CD-ROM drive 2060 (CD-ROM 2095), and a flexible disk drive 2050 (flexible disk 2090).
- This portion is read into the RAM 2020 by DMA transfer or the like, and various processes are performed on the data on the RAM 2020. Then, CPU 2000 writes the processed data back to the external storage device by DMA transfer or the like.
- the RAM 2020 and the external storage device are collectively referred to as a memory, a storage unit, or a storage device.
- the CPU 2000 can also store a part of the RAM 2020 in the cache memory and perform reading and writing on the cache memory. Even in such a form, the cache memory bears a part of the function of the RAM 2020. Therefore, in the present embodiment, the cache memory is also included in the RAM 2020, the memory, and / or the storage device unless otherwise indicated. To do.
- the CPU 2000 performs various operations, such as various operations, information processing, condition determination, information search / replacement, etc., described in the present embodiment, specified for the data read from the RAM 2020 by the instruction sequence of the program. Is written back to the RAM 2020. For example, when performing the condition determination, the CPU 2000 determines whether the various variables shown in the present embodiment satisfy the conditions such as large, small, above, below, equal, etc., compared to other variables or constants. When the condition is satisfied (or not satisfied), the program branches to a different instruction sequence or calls a subroutine.
- the CPU 2000 can search for information stored in a file or database in the storage device. For example, in the case where a plurality of entries in which the attribute value of the second attribute is associated with the attribute value of the first attribute are stored in the storage device, the CPU 2000 displays the plurality of entries stored in the storage device. The entry that matches the condition in which the attribute value of the first attribute is specified is retrieved, and the attribute value of the second attribute that is stored in the entry is read, thereby associating with the first attribute that satisfies the predetermined condition The attribute value of the specified second attribute can be obtained.
- the program or module shown above may be stored in an external recording medium.
- an optical recording medium such as DVD or CD
- a magneto-optical recording medium such as MO
- a tape medium such as an IC card, and the like
- a storage device such as a hard disk or RAM provided in a server system connected to a dedicated communication network or the Internet may be used as a recording medium, and the program may be provided to the computer 1900 via the network.
- authentication system 20 server 30 client 42 automaton storage unit 44 key generation unit 46 key chain generation unit 48 indexed state transition value generation unit 50 synthesis unit 52 provision unit 60 input unit 62 indexed character generation unit 64 reception unit 66 decryption unit 1900 Computer 2000 CPU 2010 ROM 2020 RAM 2030 Communication interface 2040 Hard disk drive 2050 Flexible disk drive 2060 CD-ROM drive 2070 Input / output chip 2075 Graphic controller 2080 Display device 2082 Host controller 2084 Input / output controller 2090 Flexible disk 2095 CD-ROM
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Evolutionary Computation (AREA)
- Evolutionary Biology (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Computational Linguistics (AREA)
- Artificial Intelligence (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Document Processing Apparatus (AREA)
Abstract
Description
[先行技術文献]
[特許文献]
特許文献1 特開2009-151757号公報
[非特許文献]
非特許文献1 Michael J. Freedman, Kobbi Nissim and Benny Pinkas、 "Efficient Private Matching and Set Intersection"、 Advances in Cryptology EUROCRYPT 2004、Lecture Notes in Computer Science、2004年
非特許文献2 Even, O. Goldreich, and A. Lempel, "A Randomized Protocol for Signing Contracts", Communications of the ACM, Volume 28, Issue 6, pg. 637-647, 1985
本発明の第2の態様においては、前状態毎かつ文字毎に遷移させるべき後状態を定義したオートマトンを有するサーバに接続可能であり、文字列を入力するクライアントであって、前記サーバと通信して、各インデックスについて入力した文字に対応する複数の鍵チェーンを前記サーバから受け取る受取部と、インデックスの順に、直前のインデックスに対応する復号処理において復号した鍵を用いて、受け取った前記複数の鍵チェーンのそれぞれに対して復号処理をして、次のインデックスに対応する鍵を復号していく復号部とを有するクライアント、並びに、このようなクライアントにより実行される情報処理の方法およびプログラムを提供する。
20 サーバ
30 クライアント
42 オートマトン記憶部
44 鍵発生部
46 鍵チェーン生成部
48 インデックス付き状態遷移値生成部
50 合成部
52 提供部
60 入力部
62 インデックス付き文字生成部
64 受取部
66 復号部
1900 コンピュータ
2000 CPU
2010 ROM
2020 RAM
2030 通信インターフェイス
2040 ハードディスクドライブ
2050 フレキシブルディスク・ドライブ
2060 CD-ROMドライブ
2070 入出力チップ
2075 グラフィック・コントローラ
2080 表示装置
2082 ホスト・コントローラ
2084 入出力コントローラ
2090 フレキシブルディスク
2095 CD-ROM
Claims (16)
- 文字列を入力するクライアントと接続可能であり、前状態毎かつ文字毎に遷移させるべき後状態を定義したオートマトンを有するサーバであって、
前記文字列中の各文字の位置を表すインデックス、文字および状態の組み合わせ毎に、当該状態に対応する鍵により当該状態から当該文字に応じて遷移する後状態に対応する次のインデックスの鍵を暗号化した鍵チェーンを生成する鍵チェーン生成部と、
前記クライアントと通信して、入力された文字が前記クライアントから秘匿された状態で、各インデックスについて前記鍵チェーンの集合のうち入力した各文字に対応する前記鍵チェーンを前記クライアントに提供する提供部と、
を有するサーバ。 - 前記クライアントは、
前記提供部と通信して、各インデックスについて入力した文字に対応する複数の前記鍵チェーンを前記サーバから受け取る受取部と、
インデックスの順に、直前のインデックスに対応する復号処理において復号した鍵を用いて、受け取った前記複数の鍵チェーンのそれぞれに対して復号処理をして、次のインデックスに対応する鍵を復号していく復号部と
を有する
請求項1に記載のサーバ。 - 前記提供部は、
入力した前記文字列の各文字についての、インデックス及び入力した文字の組を表すインデックス付き文字の集合を暗号化した送信暗号文を前記クライアントから受信し、
前記鍵チェーンの集合に含まれるそれぞれの鍵チェーンについて、前記送信暗号文に基づいて、対応するインデックス及び対応する文字の組を表すインデックス付き状態遷移値が前記インデックス付き文字の集合に含まれる場合には当該鍵チェーンとなり、前記インデックス付き状態遷移値が前記インデックス付き文字の集合に含まれない場合には当該鍵チェーンとならない値を暗号化した応答暗号文を生成して、前記クライアントに送信する 請求項2に記載のサーバ。 - 前記受取部は、前記応答暗号文のそれぞれを復号処理して、複数の前記鍵チェーンを取得し、
前記復号部は、インデックスの順に、直前のインデックスに対応する復号処理おいて復号した鍵により前記複数の鍵チェーンのそれぞれに対して復号処理をして、次のインデックスに対応する鍵を復号していく
請求項3に記載のサーバ。 - 前記提供部は、
前記インデックス付き文字が代入されると0となり、前記インデックス付き文字以外の値が代入されると非0となる多項式の各係数を、準同型性を有する暗号化方式により暗号化した前記送信暗号文を前記クライアントから受信し、
前記鍵チェーンの集合に含まれるそれぞれの鍵チェーンについて、前記インデックス付き状態遷移値を前記多項式に代入した値に乱数を乗じた値と当該鍵チェーンの値とを加算した合計値を、前記暗号化方式により暗号化した前記応答暗号文を生成して、前記クライアントに送信する
請求項4に記載のサーバ。 - 前記提供部は、前記クライアントと通信して、インデックス毎の前記鍵チェーンの集合のうちから前記クライアントが入力した文字に対応する部分集合を、紛失通信により選択的に前記クライアントへと送信する請求項2に記載のサーバ。
- 前記受取部は、前記提供部と通信して、前記インデックス毎に、入力した文字に対応する前記鍵チェーンの部分集合を、紛失通信により選択的に前記サーバから受け取り、
前記復号部は、インデックスの順に、直前のインデックスに対応する復号処理おいて復号した鍵を用いて、当該インデックスに対応して受け取った前記鍵チェーンの部分集合に含まれる各鍵チェーンに対して復号処理をして、次のインデックスに対応する鍵を復号していく
請求項6に記載のサーバ。 - 前記提供部は、
インデックス毎に、前記鍵チェーンの集合における各文字に対応する複数の部分集合のそれぞれを、各文字に対応する暗号鍵により暗号化して予め前記クライアントに提供し、 インデックス毎に、前記クライアントと通信して、当該インデックスについて文字毎の暗号鍵の中から前記クライアントが入力した文字に対応する暗号鍵を、入力した文字が前記クライアントから秘匿された状態で前記クライアントに提供する
請求項7に記載のサーバ。 - 前記クライアントは、予め受け取ったインデックス毎の前記複数の部分集合のうち、前記サーバから送信された、前記クライアントが入力した文字に対応する暗号鍵を用いて当該文字に対応する部分集合を復号する
請求項8に記載のサーバ。 - 前記提供部は、前記インデックス毎に、複数の前記鍵チェーンを並べ替えて送信する
請求項6に記載のサーバ。 - 前記鍵チェーン生成部は、
文字列の最後の文字に対応するインデックスにおいて、当該状態に対応する鍵により最後の遷移先の状態に対応する鍵を暗号化した鍵チェーンを生成し、
前記最後の遷移先の状態に対応する鍵により当該最後の遷移先の状態が、前記オートマトンにより定められた最終状態であるか否かを示す値を暗号化した最終状態情報を生成する
請求項1に記載のサーバ。 - 前状態毎かつ文字毎に遷移させるべき後状態を定義したオートマトンを有するサーバに接続可能であり、文字列を入力するクライアントであって、
前記サーバと通信して、各インデックスについて入力した文字に対応する複数の鍵チェーンを前記サーバから受け取る受取部と、
インデックスの順に、直前のインデックスに対応する復号処理において復号した鍵を用いて、受け取った前記複数の鍵チェーンのそれぞれに対して復号処理をして、次のインデックスに対応する鍵を復号していく復号部と
を有するクライアント。 - 文字列を入力するクライアントと接続可能であり、前状態毎かつ文字毎に遷移させるべき後状態を定義したオートマトンを有するサーバにおける情報処理の方法であって、
前記文字列中の各文字の位置を表すインデックス、文字および状態の組み合わせ毎に、当該状態に対応する鍵により当該状態から当該文字に応じて遷移する後状態に対応する次のインデックスの鍵を暗号化した鍵チェーンを生成し、
前記クライアントと通信して、入力された文字が前記クライアントから秘匿された状態で、各インデックスについて前記鍵チェーンの集合のうち入力した各文字に対応する前記鍵チェーンを前記クライアントに提供する
方法。 - 前状態毎かつ文字毎に遷移させるべき後状態を定義したオートマトンを有するサーバに接続可能であり、文字列を入力するクライアントにおける情報処理の方法であって、
前記サーバと通信して、各インデックスについて入力した文字に対応する複数の鍵チェーンを前記サーバから受け取り、
インデックスの順に、直前のインデックスに対応する復号処理において復号した鍵を用いて、受け取った前記複数の鍵チェーンのそれぞれに対して復号処理をして、次のインデックスに対応する鍵を復号していく
方法。 - コンピュータを請求項1に記載のサーバとして機能させるためのプログラム。
- コンピュータを請求項12に記載のクライアントとして機能させるためのプログラム。
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/372,466 US9397986B2 (en) | 2012-01-19 | 2013-01-10 | Authenticating acceptance of a string using an automaton |
DE112013000357.0T DE112013000357B4 (de) | 2012-01-19 | 2013-01-10 | System zum Authentifizieren einer Annahme einer Zeichenfolge durch einen Automaten |
JP2013554278A JP5593458B2 (ja) | 2012-01-19 | 2013-01-10 | 文字列がオートマトンに受理されるか否かを認証するシステム |
CN201380006069.9A CN104067556B (zh) | 2012-01-19 | 2013-01-10 | 用于确定自动机是否已经接受了字符串的系统 |
GB1409577.2A GB2512513B (en) | 2012-01-19 | 2013-01-10 | System for authenticating acceptance of string by automaton |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2012-009281 | 2012-01-19 | ||
JP2012009281 | 2012-01-19 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2013108698A1 true WO2013108698A1 (ja) | 2013-07-25 |
Family
ID=48799124
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2013/050263 WO2013108698A1 (ja) | 2012-01-19 | 2013-01-10 | 文字列がオートマトンに受理されるか否かを認証するシステム |
Country Status (6)
Country | Link |
---|---|
US (1) | US9397986B2 (ja) |
JP (1) | JP5593458B2 (ja) |
CN (1) | CN104067556B (ja) |
DE (1) | DE112013000357B4 (ja) |
GB (1) | GB2512513B (ja) |
WO (1) | WO2013108698A1 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9397986B2 (en) | 2012-01-19 | 2016-07-19 | Globalfoundries Inc. | Authenticating acceptance of a string using an automaton |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9281941B2 (en) * | 2012-02-17 | 2016-03-08 | International Business Machines Corporation | Homomorphic evaluation including key switching, modulus switching, and dynamic noise management |
HUP1300501A1 (hu) * | 2013-08-26 | 2015-03-02 | Pannon Szoftver Kft | Automataelméleti alapú kriptográfiai berendezés és eljárás információk titkosítására és visszafejtésére |
US10333696B2 (en) | 2015-01-12 | 2019-06-25 | X-Prime, Inc. | Systems and methods for implementing an efficient, scalable homomorphic transformation of encrypted data with minimal data expansion and improved processing efficiency |
US10826680B2 (en) * | 2015-06-18 | 2020-11-03 | Nec Corporation | Collation system, collation method, and non-transitory recording medium |
CN105721140B (zh) * | 2016-01-27 | 2019-03-15 | 北京航空航天大学 | n取k的不经意传输方法和系统 |
US10812252B2 (en) | 2017-01-09 | 2020-10-20 | Microsoft Technology Licensing, Llc | String matching in encrypted data |
US11165563B2 (en) * | 2017-06-15 | 2021-11-02 | Intelligens Technologiak Kft. | Symmetric key stream cipher cryptographic method and device |
US11196539B2 (en) | 2017-06-22 | 2021-12-07 | Microsoft Technology Licensing, Llc | Multiplication operations on homomorphic encrypted data |
US10541805B2 (en) | 2017-06-26 | 2020-01-21 | Microsoft Technology Licensing, Llc | Variable relinearization in homomorphic encryption |
US10749665B2 (en) * | 2017-06-29 | 2020-08-18 | Microsoft Technology Licensing, Llc | High-precision rational number arithmetic in homomorphic encryption |
US11924348B2 (en) * | 2021-02-27 | 2024-03-05 | International Business Machines Corporation | Honest behavior enforcement via blockchain |
Family Cites Families (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1302022A2 (en) * | 2000-03-31 | 2003-04-16 | VDG Inc. | Authentication method and schemes for data integrity protection |
US20050149739A1 (en) * | 2003-12-31 | 2005-07-07 | Hewlett-Packard Development Company, L.P. | PIN verification using cipher block chaining |
KR20120115425A (ko) * | 2005-12-14 | 2012-10-17 | 엔디에스 리미티드 | 블록 사이퍼 암호화의 사용을 위한 방법 및 시스템 |
EP2056221A1 (en) | 2007-10-30 | 2009-05-06 | Mitsubishi Electric Corporation | Split state machines for matching |
WO2009104260A1 (ja) * | 2008-02-20 | 2009-08-27 | 三菱電機株式会社 | 検証装置 |
US8903090B2 (en) * | 2008-04-29 | 2014-12-02 | International Business Machines Corporation | Securely classifying data |
FR2952778B1 (fr) * | 2009-11-17 | 2011-12-23 | Thales Sa | Procede de transmission de donnees securise et systeme de chiffrement et de dechiffrement permettant une telle transmission |
US8311213B2 (en) * | 2009-12-07 | 2012-11-13 | Mitsubishi Electric Research Laboratories, Inc. | Method for determining functions applied to signals |
US8862895B2 (en) * | 2010-04-27 | 2014-10-14 | Fuji Xerox Co., Ltd. | Systems and methods for communication, storage, retrieval, and computation of simple statistics and logical operations on encrypted data |
JP5198539B2 (ja) * | 2010-11-05 | 2013-05-15 | 株式会社東芝 | 記憶装置、アクセス装置およびプログラム |
KR101216995B1 (ko) * | 2010-12-03 | 2012-12-31 | 충남대학교산학협력단 | 인덱스 테이블 기반 코드 암호화 및 복호화 장치 및 그 방법 |
TW201243643A (en) * | 2011-04-22 | 2012-11-01 | Inst Information Industry | Hierarchical encryption/decryption device and method thereof |
CN102164369B (zh) * | 2011-05-13 | 2013-09-25 | 南京邮电大学 | 基于自动机和生命游戏的无线传感器网络广播认证方法 |
WO2013108698A1 (ja) | 2012-01-19 | 2013-07-25 | インターナショナル・ビジネス・マシーンズ・コーポレーション | 文字列がオートマトンに受理されるか否かを認証するシステム |
-
2013
- 2013-01-10 WO PCT/JP2013/050263 patent/WO2013108698A1/ja active Application Filing
- 2013-01-10 JP JP2013554278A patent/JP5593458B2/ja not_active Expired - Fee Related
- 2013-01-10 GB GB1409577.2A patent/GB2512513B/en not_active Expired - Fee Related
- 2013-01-10 DE DE112013000357.0T patent/DE112013000357B4/de not_active Expired - Fee Related
- 2013-01-10 US US14/372,466 patent/US9397986B2/en active Active
- 2013-01-10 CN CN201380006069.9A patent/CN104067556B/zh not_active Expired - Fee Related
Non-Patent Citations (4)
Title |
---|
JUAN RAMON TRONCOSO-PASTORIZA ET AL.: "Privacy Preserving Error Resilient DNA Searching through Oblivious Automata", PROCEEDINGS OF THE 14TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'07), 2007, pages 519 - 528, XP002495762, Retrieved from the Internet <URL:http://delivery.acm.org/10.1145/1320000/1315309/p519-troncoso.pdf?ip=101.110.22.93&acc=ACTIVE%20SERVICE&CFID=178001476&CFTOKEN=86903090&_acm_=1360022900_39442599e4614cf0cl6d42bla28faf5d> [retrieved on 20130130] * |
KEITH B. FRIKKEN: "Practical Private DNA String Searching and Matching through Efficient Oblivious Automata Evaluation", LNCS, DATA AND APPLICATIONS SECURITY XXIII, vol. 5645, July 2009 (2009-07-01), pages 81 - 94 * |
ROSARIO GENNARO ET AL.: "Automata Evaluation and Text Search Protocols with Simulation Based Security", CRYPTOLOGY EPRINT ARCHIVE: REPORT 2010/484, 16 September 2010 (2010-09-16), XP061004237, Retrieved from the Internet <URL:http://eprint.iacr.org/2010/484.pdf> [retrieved on 20130204] * |
RYO NOJIMA: "Applied Cryptography: On the Construction of Fast Secure Set-Intersection Protocols", REVIEW OF THE NATIONAL INSTITUTE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY, vol. 54, no. 2/3, June 2008 (2008-06-01), pages 9 - 14, Retrieved from the Internet <URL:http://www.nict.go.jp/publication/shuppan/kihou-journal/kihou-vol54no2.3/0301.pdf> [retrieved on 20130204] * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9397986B2 (en) | 2012-01-19 | 2016-07-19 | Globalfoundries Inc. | Authenticating acceptance of a string using an automaton |
Also Published As
Publication number | Publication date |
---|---|
CN104067556B (zh) | 2017-05-24 |
GB201409577D0 (en) | 2014-07-16 |
DE112013000357T5 (de) | 2014-08-28 |
JPWO2013108698A1 (ja) | 2015-05-11 |
US9397986B2 (en) | 2016-07-19 |
JP5593458B2 (ja) | 2014-09-24 |
DE112013000357B4 (de) | 2018-02-15 |
GB2512513A (en) | 2014-10-01 |
GB2512513B (en) | 2015-01-07 |
US20150033018A1 (en) | 2015-01-29 |
CN104067556A (zh) | 2014-09-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5593458B2 (ja) | 文字列がオートマトンに受理されるか否かを認証するシステム | |
US10489604B2 (en) | Searchable encryption processing system and searchable encryption processing method | |
US9100185B2 (en) | Encryption processing apparatus and method | |
US9172533B2 (en) | Method and system for securing communication | |
JP5846577B2 (ja) | クライアントの状態が予め定められた状態に一致するかを検出するシステム | |
US8300828B2 (en) | System and method for a derivation function for key per page | |
JP4256415B2 (ja) | 暗号化装置、復号装置、情報システム、暗号化方法、復号方法及びプログラム | |
US9021259B2 (en) | Encrypted database system, client terminal, encrypted database server, natural joining method, and program | |
KR102219476B1 (ko) | 데이터를 암호화하는 방법 및 그를 위한 장치 | |
WO2024077948A1 (zh) | 匿踪查询方法、装置和系统及存储介质 | |
JP5843261B2 (ja) | 文字列がオートマトンに受理されるか否かを認証するシステム | |
JP5929905B2 (ja) | 順序保存暗号化システム、装置、方法及びプログラム | |
US9641328B1 (en) | Generation of public-private key pairs | |
JPWO2013005505A1 (ja) | 暗号化装置、暗号文比較システム、暗号文比較方法、および暗号文比較プログラム | |
US8325913B2 (en) | System and method of authentication | |
JP5737788B2 (ja) | 紛失通信によりメッセージを送信するシステム | |
US9633212B2 (en) | Intelligent key selection and generation | |
CN113259438B (zh) | 模型文件的发送方法和装置及模型文件的接收方法和装置 | |
WO2022215249A1 (ja) | 暗号化装置、復号装置、暗号化方法、暗号化プログラム、復号方法及び復号プログラム | |
JP2010002525A (ja) | 文書・平文空間写像装置、平文空間・文書写像装置、方法及びプログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13738100 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2013554278 Country of ref document: JP Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 1409577 Country of ref document: GB Kind code of ref document: A Free format text: PCT FILING DATE = 20130110 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1409577.2 Country of ref document: GB |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1120130003570 Country of ref document: DE Ref document number: 112013000357 Country of ref document: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14372466 Country of ref document: US |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 13738100 Country of ref document: EP Kind code of ref document: A1 |