WO2014007311A1 - 秘密分散システム、データ分散装置、分散データ変換装置、秘密分散方法、およびプログラム - Google Patents
秘密分散システム、データ分散装置、分散データ変換装置、秘密分散方法、およびプログラム Download PDFInfo
- Publication number
- WO2014007311A1 WO2014007311A1 PCT/JP2013/068330 JP2013068330W WO2014007311A1 WO 2014007311 A1 WO2014007311 A1 WO 2014007311A1 JP 2013068330 W JP2013068330 W JP 2013068330W WO 2014007311 A1 WO2014007311 A1 WO 2014007311A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- secret sharing
- distributed
- values
- value
- sharing scheme
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/46—Secure multiparty computation, e.g. millionaire problem
Definitions
- This invention relates to a ramp-type secret sharing technique and a multi-party calculation technique.
- Secret sharing is a technology that converts data into a plurality of distributed values and restores the original data by using more than a certain number of distributed values, and makes it impossible to restore the original data from less than a certain number of distributed values.
- N the total number of variance values
- K the minimum number of variance values required for restoration
- p is a prime number
- GF (p) is a finite field of order p
- the coefficients a 0 , a 1 ,..., A L ⁇ 1 of the expression f (x) can be uniquely obtained. This can be done by finding the solution of a 0 , a 1 , ..., a L-1 for the following matrix with a 0 , a 1 , ..., a L-1 , r L , ..., r K-1 as variables .
- a specific function value F i a 1 , ..., A N
- the linear secret sharing scheme is defined as secret sharing in which all distributed values of the original data a ⁇ GF (p) can be expressed by a linear combination of random numbers on a ⁇ GF (p) and GF (p). It is known that any linear secret sharing scheme can be extended to multi-party computation (see Non-Patent Document 4).
- the total data amount of the distributed value is approximately N times the data amount of the information a.
- the total data amount of the variance values necessary for restoration is approximately K times the data amount of information a. Since an increase in the data amount of the variance value leads to an increase in communication time and stored data, it is desirable to suppress the data amount of the variance value as much as possible.
- the present invention has been made in view of these points, and an object of the present invention is to provide a secret sharing technique capable of performing multi-party calculation using a distributed value based on a ramp-type secret sharing scheme.
- the secret sharing system of the present invention includes a data sharing apparatus and N distributed data conversion apparatuses.
- I is an integer of i ⁇
- f x (n) is N variance values of x
- R is a ring.
- the data distribution apparatus includes a distribution unit.
- the distributed data conversion apparatus includes a random number selection unit, a first random number distribution unit, a second random number distribution unit, a disturbance unit, a restoration unit, a redistribution unit, and a conversion unit.
- the first random number distribution unit distributes the random number vector r i into N distributed values f ri (n) by a ramp-type secret sharing scheme S1 having an arbitrary homomorphism.
- the second random number distribution unit converts the random numbers r i, 1 ,..., R i, L into N distributed values g ri, 1 (n) ,. , L (n).
- Disturbance unit generates the variance value U i by using the variance value f a contained variance value f a (n) (i) and the K dispersion values f r ⁇ (i).
- the restoration unit restores L pieces of disturbance information c 1 ,..., C L from the K pieces of distributed values U ⁇ by using a ramp-type secret sharing scheme S 1 having arbitrary homomorphism.
- the redistribution unit disperses the disturbance information c 1 ,..., C L into N pieces by a secret sharing scheme S2 having an arbitrary homomorphism, respectively, and obtains the dispersion values g c1 (n), ..., g cL (n). Generate.
- the conversion unit includes L dispersion values g c1 (i),..., G cL (i) included in the dispersion values g c1 (n),..., G cL (n) and L ⁇ K dispersion values g r ⁇ . , 1 (i), ..., g r ⁇ , L (i) dispersion value g a1 (i) of information a using a ... to generate a g aL (i).
- the secret sharing technique of the present invention it is possible to convert a distributed value according to a ramp-type secret sharing scheme having arbitrary homomorphism into a distributed value according to a secret sharing scheme having arbitrary homomorphism.
- many existing linear secret sharing schemes such as Shamir secret sharing schemes are homomorphic secret sharing schemes, and a method for performing multi-party computation using shared values from existing linear secret sharing schemes such as Shamir secret sharing schemes Is known. Therefore, by selecting an existing linear secret sharing scheme such as Shamir secret sharing scheme as a secret sharing scheme with homomorphism, it becomes possible to perform multi-party calculations using the distributed value by ramp type secret sharing scheme .
- the ramp type secret sharing scheme has good encoding efficiency and the size of the distributed value is small, and therefore the total data capacity of the distributed value to be stored and the total data capacity of the distributed value necessary for restoration can be reduced.
- FIG. 1 is a diagram illustrating a functional configuration of a secret sharing system.
- FIG. 2 is a diagram illustrating a functional configuration of the data distribution apparatus.
- FIG. 3 is a diagram illustrating a functional configuration of the distributed data conversion apparatus.
- FIG. 4 is a diagram illustrating a processing flow of the data distribution apparatus.
- FIG. 5 is a diagram illustrating a processing flow of the distributed data conversion apparatus.
- the secret sharing system converts a distributed value according to a ramp-type secret sharing scheme having arbitrary homomorphism into a distributed value according to a secret sharing scheme having arbitrary homomorphism.
- the secret sharing system 1 includes a data sharing device 10, at least N distributed data conversion devices 20 1 to 20 N and a network 90.
- the data distribution device 10 and the distributed data conversion devices 20 1 to 20 N are connected to the network 90.
- the network 90 only needs to be configured so that the data distribution device 10 and each of the distributed data conversion devices 20 1 to 20 N can communicate with each other.
- the network 90 can be configured with the Internet, a LAN, a WAN, or the like.
- the data distribution device 10 and each of the distributed data conversion devices 20 1 to 20 N need not necessarily be able to communicate online via a network.
- the information output from the data distribution device 10 may be stored in a portable recording medium such as a USB memory, and input from the portable recording medium to the distributed data conversion devices 20 1 to 20 N offline. .
- the data distribution apparatus 10 includes an input unit 110, a distribution unit 120, and an output unit 130.
- the distributed data converter 20 includes an input unit 210, a random number selection unit 220, a first random number distribution unit 230, a second random number distribution unit 235, a disturbance unit 240, a restoration unit 250, a redistribution unit 260, a conversion unit 270, and an output unit 280. And a storage unit 290.
- the storage unit 290 is, for example, a main storage device such as a RAM (Random Access Memory), an auxiliary storage device configured by a semiconductor memory element such as a hard disk, an optical disk, or a flash memory (Flash Memory), or a relational database or a key-value store.
- the middleware can be configured.
- I is an integer of i ⁇ , f x (n) is N variance values of x, and R is a ring.
- step S110 information a is input to the input unit 110.
- Examples of the information a are a moving image file, an audio file, a text file, a table file, and the like.
- the data amount of information a is, for example, 1 megabyte or more.
- Step S120 the distribution unit 120 distributes the information a into N distributed values f a (1),..., F a (N) by a ramp-type secret sharing scheme S1 having arbitrary homomorphism.
- the ramp-type secret sharing scheme can restore the original data from K or more distributed values, and for an integer L less than K, the original data cannot be restored from KL or less distributed values at all, but K-L
- K-L This is a kind of secret sharing in which a part of the original data is obtained from +1 or more and K-1 or less shared values.
- the size of the distributed value by the ramp-type secret sharing scheme is 1 / L of the size of the original data, and the coding efficiency is better than the Shamir secret sharing scheme where the size of the distributed value is the same as the original data. .
- the ramp-type secret sharing scheme S1 used in the present invention must be a ramp-type secret sharing scheme having homomorphism.
- step S130 the output unit 130 outputs the variance values f a (1),..., F a (N).
- the output distributed values f a (1),..., F a (N) are respectively input to the distributed data converters 20 1 to 20 N via a network 90 or a portable recording medium such as a USB memory. .
- step S ⁇ b > 210 the variance value f a (i) output from the data distribution device 10 is input to the input unit 210.
- the variance value f a (i) may be stored in the storage unit 290, and the subsequent processing may be executed at an arbitrary timing. Instead of storing in the storage unit 290, it may be configured such that subsequent processing is continued when the variance value f a (i) is input.
- the random number selection unit 220 selects L random numbers r i, 1 ,..., R i, L from the ring R, and generates a random number vector r i .
- the random number selection unit 220 may randomly select L random numbers r i, 1 ,..., R i, L one by one , or may select a predetermined rule from a plurality of values generated in advance and stored in the memory. , L random numbers r i, 1 ,..., R i, L may be selected.
- the random number vector r i is input to the first random number distribution unit 230.
- the first random number distribution unit 230 converts the random number vector r i into N distributed values f ri (1),..., F ri (N) by a ramp-type secret sharing scheme S1 having arbitrary homomorphism. scatter.
- the ramp-type secret sharing scheme S1 may be any secret-sharing scheme as long as it is a ramp-type secret sharing scheme having homomorphism, but the ramp-type secret sharing scheme used by the distribution unit 120 included in the data distribution apparatus 10 Must be the same method as S1.
- the random numbers r i, 1 ,..., R i, L are input to the second random number distribution unit 235.
- the second random number distribution unit 235 converts the random numbers r i, 1 ,..., R i, L into N distributed values g ri, 1 (n) by a secret sharing scheme S2 having arbitrary homomorphism, respectively.
- the secret sharing scheme S2 may be any secret sharing scheme as long as it is a secret sharing scheme having homomorphism. For example, an existing linear secret sharing scheme such as Shamir secret sharing scheme can be applied.
- step S212 K variance values f r ⁇ (i) generated by the first random number distribution unit 230 included in the K number of distributed data conversion devices 20 ⁇ ( ⁇ ⁇ 1,..., N ⁇ ) are input to the input unit 210. Is entered.
- the variance value f r ⁇ (i) may be stored in the storage unit 290, and the subsequent processing may be executed at an arbitrary timing.
- the storage unit 290 may not be stored, and the subsequent processing may be continuously executed when the variance value f r ⁇ (i) is input.
- the variance value f a (i) and the K variance values f r ⁇ (i) are input to the disturbance unit 240.
- the disturbance unit 240 generates a dispersion value U i using the dispersion value f a (i) and the K dispersion values f r ⁇ (i). More specifically, the variance value U i is generated by adding the sum of K variance values f r ⁇ (i) to the variance value f a (i) as in the following equation.
- the distributed value f a (i) is a distributed value obtained by distributing the information a by the secret sharing scheme S2 having homomorphism
- the distributed value f r ⁇ (i) is K random numbers by the secret sharing scheme S2 having homomorphism. It is a dispersion value obtained by dispersing the vectors r ⁇ ( ⁇ ⁇ 1,..., N ⁇ ).
- the variance value U i is a variance value obtained by dispersing the sum of the information a and K random number vectors r ⁇ by the secret sharing scheme S2.
- the sum of the information a and the K random number vectors r ⁇ is referred to as ciphertext c. Therefore, the ciphertext c can be expressed by the following equation.
- step S211 to step S240 shown in FIG. 5 does not have to be performed by all of the N distributed data conversion apparatuses 20 1 to 20 N , and may be performed by at least K arbitrarily selected.
- step S213 the K variance values U ⁇ generated by the disturbance unit 240 included in the K distributed data conversion devices 20 ⁇ ( ⁇ ⁇ 1,..., N ⁇ ) are input to the input unit 210.
- the variance value U ⁇ may be stored in the storage unit 290, and the subsequent processing may be executed at an arbitrary timing. Instead of storing in the storage unit 290, when the variance value U ⁇ is input, the subsequent processing may be continued.
- the K variance values U ⁇ are input to the restoration unit 250.
- the restoration unit 250 restores the L pieces of disturbance information c 1 ,..., C L from the K pieces of dispersion values U ⁇ by the ramp type secret sharing scheme S1 having a predetermined homomorphism.
- the ramp-type secret sharing scheme S1 may be any secret sharing scheme as long as it is a ramp-type secret sharing scheme having homomorphism, but the distribution section 120 and the distributed data conversion apparatus 20 included in the data distribution apparatus 10 may be used. It must be the same method as the ramp-type secret sharing method S1 used by the first random number distribution unit 230 provided.
- the secret sharing scheme S2 may be any secret sharing scheme as long as it is a secret sharing scheme having homomorphism, but it must be the same scheme as the secret sharing scheme S2 used by the second random number distribution section 235.
- step S213 to step S260 shown in FIG. 5 does not have to be performed by all of the N distributed data conversion apparatuses 20 1 to 20 N , and may be performed by at least one arbitrarily selected.
- step S214 the variance value g r ⁇ , 1 (i), generated by the second random number distribution unit 235 included in the K distributed data conversion devices 20 ⁇ ( ⁇ ⁇ 1,..., N ⁇ ) is input to the input unit 210. ..., g r ⁇ , L (i) is input.
- the variance values g r ⁇ , 1 (i),..., G r ⁇ , L (i) may be stored in the storage unit 290, and the subsequent processing may be executed at an arbitrary timing. Instead of storing in the storage unit 290, when the variance values g r ⁇ , 1 (i),..., G r ⁇ , L (i) are input, the subsequent processing may be executed.
- L variance values g c1 (i), ..., g cL (i) and L ⁇ K variance values g r ⁇ , 1 (i included in variance values g c1 (n), ..., g cL (n) ,..., G r ⁇ , L (i) are input to the conversion unit 270.
- the conversion unit 270 determines that L dispersion values g c1 (i),..., G cL (i) and L ⁇ K dispersion values g r ⁇ , 1 (i) ,. i) is used to generate variance values g a1 (i),..., g aL (i) of information a.
- step S280 the output unit 280 outputs the variance values g a1 (i),..., G aL (i). Variance g a1 (i), ..., g aL (i) the stores in the storage unit 290, the dispersion value from the storage unit 290 in response to a request from an external g a1 (i), ..., g aL (i ) May be read and output.
- step S214 to step S280 shown in FIG. 5 is performed by all of the N distributed data conversion apparatuses 20 1 to 20 N.
- the information on information a obtained by the distributed data conversion devices 20 1 to 20 N is a distributed value by the ramp-type secret sharing scheme S1 having homomorphism and a distributed value by the secret sharing scheme S2 having homomorphism. If the random numbers used to generate the are independent of each other, the confidentiality of this embodiment is reduced to the confidentiality of the ramp-type secret sharing scheme S1 having homomorphism and the secret sharing scheme S2 having homomorphism to be used. .
- at least one distributed data conversion apparatus 20 obtains ciphertext c. Since ciphertext c is obtained by adding the sum of random numbers generated by other distributed data conversion apparatuses 20 to information a, all random numbers are included. Information a cannot be obtained unless it is obtained. Therefore, the confidentiality of this embodiment is eventually reduced to the confidentiality of the secret sharing scheme S2 to be used.
- the distributed values f a (1),..., F a (N) of the information a (a 1 ,..., A L ) according to the ramp-type secret sharing scheme S1 having arbitrary homomorphism. ) Can be converted into distributed values g a (1),..., G a (N) by the secret sharing scheme S2 having an arbitrary homomorphism.
- Examples of secret sharing schemes having homomorphism include existing linear secret sharing schemes such as Shamir secret sharing schemes. Since the method of performing multi-party computation using the existing linear secret sharing scheme such as Shamir secret sharing scheme is already known, by selecting the existing linear secret sharing scheme such as Shamir secret sharing scheme as the secret sharing scheme S2, the ramp type Multi-party calculation can be performed using a shared value by a secret sharing method.
- the ramp-type secret sharing scheme saves the distributed value compared to the Shamir secret sharing scheme where the size of the distributed value is the same as the original data because the lower limit of the size of the distributed value is 1 / L of the original data Therefore, it is possible to reduce the storage capacity that is necessary to do this.
- the program describing the processing contents can be recorded on a computer-readable recording medium.
- a computer-readable recording medium any recording medium such as a magnetic recording device, an optical disk, a magneto-optical recording medium, and a semiconductor memory may be used.
- this program is distributed, for example, by selling, transferring, or lending a portable recording medium such as a DVD or CD-ROM in which the program is recorded. Furthermore, the program may be distributed by storing the program in a storage device of the server computer and transferring the program from the server computer to another computer via a network.
- a computer that executes such a program first stores a program recorded on a portable recording medium or a program transferred from a server computer in its own storage device.
- the computer reads a program stored in its own recording medium and executes a process according to the read program.
- the computer may directly read the program from a portable recording medium and execute processing according to the program, and the program is transferred from the server computer to the computer.
- the processing according to the received program may be executed sequentially.
- the program is not transferred from the server computer to the computer, and the above processing is executed by a so-called ASP (Application Service Provider) type service that realizes the processing function only by the execution instruction and result acquisition. It is good.
- ASP Application Service Provider
- the program in this embodiment includes information that is used for processing by an electronic computer and that conforms to the program (data that is not a direct command to the computer but has a property that defines the processing of the computer).
- the present apparatus is configured by executing a predetermined program on a computer.
- a predetermined program on a computer.
- at least a part of these processing contents may be realized by hardware.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Description
この発明の実施形態に係る秘密分散システムは、任意の準同型性をもつランプ型秘密分散方式による分散値を、任意の準同型性をもつ秘密分散方式による分散値に変換する。
図1を参照して、実施形態に係る秘密分散システム1の構成例を説明する。秘密分散システム1は、データ分散装置10と少なくともN台の分散データ変換装置201~20Nとネットワーク90を含む。データ分散装置10と分散データ変換装置201~20Nは、ネットワーク90に接続される。ネットワーク90は、データ分散装置10と分散データ変換装置201~20Nそれぞれとが相互に通信可能なように構成されていればよく、例えばインターネットやLAN、WANなどで構成することができる。また、データ分散装置10と分散データ変換装置201~20Nそれぞれとは必ずしもネットワークを介してオンラインで通信可能である必要はない。例えば、データ分散装置10が出力する情報をUSBメモリなどの可搬型記録媒体に記憶し、その可搬型記録媒体から分散データ変換装置201~20Nへオフラインで入力するように構成してもよい。
図4を参照して、データ分散装置10の動作例を、実際に行われる手続きの順に従って説明する。以下の説明では、N,K,Lは2以上の整数であり、N≧K>Lであり、n=1,…,Nであり、λは互いに異なる1以上N以下のK個の整数であり、iはi∈λの整数であり、fx(n)はxのN個の分散値であり、Rは環であるものとする。
図5を参照して、分散データ変換装置20iの動作例を、実際に行われる手続きの順に従って説明する。
分散データ変換装置201~20Nが得る情報aに関する情報は、準同型性をもつランプ型秘密分散方式S1による分散値および準同型性をもつ秘密分散方式S2による分散値であり、各分散値の生成に用いる乱数が互いに独立であれば、この実施形態の機密性は、利用する準同型性をもつランプ型秘密分散方式S1および準同型性をもつ秘密分散方式S2の機密性に帰着される。また、少なくとも1台の分散データ変換装置20は暗号文cを得るが、暗号文cは情報aに他の分散データ変換装置20が生成した乱数の和が加算されているため、すべての乱数が得られない限り情報aを得ることはできない。そのため、この実施形態の機密性は、結局、利用する秘密分散方式S2の機密性に帰着される。
この実施形態の秘密分散システムは、任意の準同型性をもつランプ型秘密分散方式S1による情報a=(a1,…,aL)の分散値fa(1),…,fa(N)を、任意の準同型性をもつ秘密分散方式S2による分散値ga(1),…,ga(N)に変換することができる。
この発明は上述の実施形態に限定されるものではなく、この発明の趣旨を逸脱しない範囲で適宜変更が可能であることはいうまでもない。上記実施例において説明した各種の処理は、記載の順に従って時系列に実行されるのみならず、処理を実行する装置の処理能力あるいは必要に応じて並列的にあるいは個別に実行されてもよい。
Claims (7)
- データ分散装置とN台の分散データ変換装置を含む秘密分散システムであって、
N,K,Lは2以上の整数であり、N≧K>Lであり、n=1,…,Nであり、λは互いに異なる1以上N以下のK個の整数であり、iはi∈λの整数であり、fx(n)はxのN個の分散値であり、Rは環であり、
前記データ分散装置は、
情報a=(a1,…,aL)∈RLを任意の準同型性をもつランプ型秘密分散方式S1によりN個の分散値fa(n)に分散する分散部
を備え、
前記分散データ変換装置は、
L個の乱数ri,1,…,ri,L∈Rを要素とする乱数ベクトルri=(ri,1,…,ri,L)を生成する乱数選択部と、
前記乱数ベクトルriを前記ランプ型秘密分散方式S1によりN個の分散値fri(n)に分散する第1乱数分散部と、
前記乱数ri,1,…,ri,Lを任意の準同型性をもつ秘密分散方式S2によりそれぞれN個の分散値gri,1(n),…,gri,L(n)に分散する第2乱数分散部と、
前記分散値fa(n)に含まれる分散値fa(i)とK個の分散値frλ(i)とを用いて分散値Uiを生成する撹乱部と、
K個の分散値Uλから前記ランプ型秘密分散方式S1によりL個の撹乱情報c1,…,cLを復元する復元部と、
前記撹乱情報c1,…,cLを前記秘密分散方式S2によりそれぞれN個に分散して分散値gc1(n),…,gcL(n)を生成する再分散部と、
前記分散値gc1(n),…,gcL(n)に含まれるL個の分散値gc1(i),…,gcL(i)とL×K個の分散値grλ,1(i),…,grλ,L(i)を用いて前記情報aの分散値ga1(i),…,gaL(i)を生成する変換部と、
を備える秘密分散システム。 - 請求項1に記載の秘密分散システムであって、
前記撹乱部は、前記分散値fa(i)に前記分散値frλ(i)の総和を加算して前記分散値Uiを生成し、
前記変換部は、j=1,…,Lについて、前記分散値gcj(i)から前記分散値grλ,j(i)の総和を減算して、前記分散値gaj(i)を生成する
秘密分散システム。 - 請求項1または2に記載の秘密分散システムであって、
前記秘密分散方式S2は、Shamir秘密分散方式である
秘密分散システム。 - Nは2以上の整数であり、n=1,…,Nであり、fx(n)はxのN個の分散値であり、Rは環であり、
情報a=(a1,…,aL)∈RLを任意の準同型性をもつランプ型秘密分散方式S1によりN個の分散値fa(n)に分散する分散部
を備えるデータ分散装置。 - N,K,Lは2以上の整数であり、N≧K>Lであり、n=1,…,Nであり、λは互いに異なる1以上N以下のK個の整数であり、iはi∈λの整数であり、fx(n)はxのN個の分散値であり、Rは環であり、
L個の乱数ri,1,…,ri,L∈Rを要素とする乱数ベクトルri=(ri,1,…,ri,L)を生成する乱数選択部と、
前記乱数ベクトルriを任意の準同型性をもつランプ型秘密分散方式S1によりN個の分散値fri(n)に分散する第1乱数分散部と、
前記乱数ri,1,…,ri,Lを任意の準同型性をもつ秘密分散方式S2によりそれぞれN個の分散値gri,1(n),…,gri,L(n)に分散する第2乱数分散部と、
情報a=(a1,…,aL)∈RLを前記ランプ型秘密分散方式S1によりN個に分散した分散値fa(n)に含まれる分散値fa(i)とK個の分散値frλ(i)とを用いて分散値Uiを生成する撹乱部と、
K個の分散値Uλから前記ランプ型秘密分散方式S1によりL個の撹乱情報c1,…,cLを復元する復元部と、
前記撹乱情報c1,…,cLを前記秘密分散方式S2によりそれぞれN個に分散して分散値gc1(n),…,gcL(n)を生成する再分散部と、
前記分散値gc1(n),…,gcL(n)に含まれるL個の分散値gc1(i),…,gcL(i)とL×K個の分散値grλ,1(i),…,grλ,L(i)を用いて前記情報aの分散値ga1(i),…,gaL(i)を生成する変換部と、
を備える分散データ変換装置。 - N,K,Lは2以上の整数であり、N≧K>Lであり、n=1,…,Nであり、λは互いに異なる1以上N以下のK個の整数であり、iはi∈λの整数であり、fx(n)はxのN個の分散値であり、Rは環であり、
データ分散装置が、情報a=(a1,…,aL)∈RLを任意の準同型性をもつランプ型秘密分散方式S1によりN個の分散値fa(n)に分散する分散ステップと、
分散データ変換装置が、L個の乱数ri,1,…,ri,L∈Rを要素とする乱数ベクトルri=(ri,1,…,ri,L)を生成する乱数選択ステップと、
前記分散データ変換装置が、前記乱数ベクトルriを前記ランプ型秘密分散方式S1によりN個の分散値fri(n)に分散する第1乱数分散ステップと、
前記分散データ変換装置が、前記乱数ri,1,…,ri,Lを任意の準同型性をもつ秘密分散方式S2によりそれぞれN個の分散値gri,1(n),…,gri,L(n)に分散する第2乱数分散ステップと、
前記分散データ変換装置が、前記分散値fa(n)に含まれる分散値fa(i)とK個の分散値frλ(i)とを用いて分散値Uiを生成する撹乱ステップと、
前記分散データ変換装置が、K個の分散値Uλから前記ランプ型秘密分散方式S1によりL個の撹乱情報c1,…,cLを復元する復元ステップと、
前記分散データ変換装置が、前記撹乱情報c1,…,cLを前記秘密分散方式S2によりそれぞれN個に分散して分散値gc1(n),…,gcL(n)を生成する再分散ステップと、
前記分散データ変換装置が、前記分散値gc1(n),…,gcL(n)に含まれるL個の分散値gc1(i),…,gcL(i)とL×K個の分散値grλ,1(i),…,grλ,L(i)を用いて前記情報aの分散値ga1(i),…,gaL(i)を生成する変換ステップと、
を含む秘密分散方法。 - 請求項4に記載のデータ分散装置もしくは請求項5に記載の分散データ変換装置としてコンピュータを機能させるためのプログラム。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2014523778A JP5826934B2 (ja) | 2012-07-05 | 2013-07-04 | 秘密分散システム、データ分散装置、分散データ変換装置、秘密分散方法、およびプログラム |
EP13812992.9A EP2858297B1 (en) | 2012-07-05 | 2013-07-04 | Secret sharing system, data distribution apparatus, distributed data transform apparatus, secret sharing method and program |
CN201380035857.0A CN104412539B (zh) | 2012-07-05 | 2013-07-04 | 秘密分散系统、数据分散装置、分散数据变换装置、以及秘密分散方法 |
US14/408,453 US9679149B2 (en) | 2012-07-05 | 2013-07-04 | Secret sharing system, data distribution apparatus, distributed data transform apparatus, secret sharing method and program |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2012-151139 | 2012-07-05 | ||
JP2012151139 | 2012-07-05 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014007311A1 true WO2014007311A1 (ja) | 2014-01-09 |
Family
ID=49882062
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2013/068330 WO2014007311A1 (ja) | 2012-07-05 | 2013-07-04 | 秘密分散システム、データ分散装置、分散データ変換装置、秘密分散方法、およびプログラム |
Country Status (5)
Country | Link |
---|---|
US (1) | US9679149B2 (ja) |
EP (1) | EP2858297B1 (ja) |
JP (1) | JP5826934B2 (ja) |
CN (1) | CN104412539B (ja) |
WO (1) | WO2014007311A1 (ja) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2015135380A (ja) * | 2014-01-16 | 2015-07-27 | 日本電信電話株式会社 | シェア変換システム、シェア変換方法、プログラム |
JP2015135382A (ja) * | 2014-01-16 | 2015-07-27 | 日本電信電話株式会社 | シェア変換システム、シェア変換方法、プログラム |
JP2015135381A (ja) * | 2014-01-16 | 2015-07-27 | 日本電信電話株式会社 | シェア変換システム、シェア変換方法、プログラム |
WO2016159357A1 (ja) * | 2015-04-03 | 2016-10-06 | 日本電気株式会社 | 秘密計算システム、サーバ装置、秘密計算方法、および、プログラム |
JP2017129913A (ja) * | 2016-01-18 | 2017-07-27 | 日本電信電話株式会社 | 秘匿決定木計算システム、装置、方法及びプログラム |
US9967295B2 (en) | 2008-11-26 | 2018-05-08 | David Harrison | Automated discovery and launch of an application on a network enabled device |
WO2020165931A1 (ja) * | 2019-02-12 | 2020-08-20 | 日本電気株式会社 | 情報処理装置、秘密計算方法及びプログラム |
Families Citing this family (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5968484B1 (ja) * | 2015-03-18 | 2016-08-10 | 日本電信電話株式会社 | シェア復旧システム、シェア復旧方法、およびプログラム |
JP5957120B1 (ja) * | 2015-05-12 | 2016-07-27 | 日本電信電話株式会社 | 秘密分散方法、秘密分散システム、分散装置、およびプログラム |
JP5957126B1 (ja) * | 2015-06-24 | 2016-07-27 | 日本電信電話株式会社 | 秘密計算装置、秘密計算方法、およびプログラム |
CN105204782B (zh) * | 2015-10-13 | 2018-12-11 | 中国联合网络通信集团有限公司 | 一种实现数据存储的方法及装置 |
EP3364398B1 (en) * | 2015-10-13 | 2020-05-06 | Nippon Telegraph And Telephone Corporation | Secret random number synthesizing device, secret random number synthesizing method, and program |
JP6467063B2 (ja) * | 2015-10-13 | 2019-02-06 | 日本電信電話株式会社 | 秘密認証符号付加装置、秘密認証符号付加方法、およびプログラム |
US10419225B2 (en) | 2017-01-30 | 2019-09-17 | Factom, Inc. | Validating documents via blockchain |
US10411897B2 (en) * | 2017-02-17 | 2019-09-10 | Factom, Inc. | Secret sharing via blockchains |
US10817873B2 (en) | 2017-03-22 | 2020-10-27 | Factom, Inc. | Auditing of electronic documents |
US10685399B2 (en) | 2017-03-31 | 2020-06-16 | Factom, Inc. | Due diligence in electronic documents |
US10270599B2 (en) | 2017-04-27 | 2019-04-23 | Factom, Inc. | Data reproducibility using blockchains |
US11818254B2 (en) * | 2017-08-22 | 2023-11-14 | Nippon Telegraph And Telephone Corporation | Share generating device, reconstructing device, secure computation system, share generation method, reconstruction method, program, and recording medium |
US10783164B2 (en) | 2018-05-18 | 2020-09-22 | Factom, Inc. | Import and export in blockchain environments |
US11134120B2 (en) | 2018-05-18 | 2021-09-28 | Inveniam Capital Partners, Inc. | Load balancing in blockchain environments |
US11170366B2 (en) | 2018-05-18 | 2021-11-09 | Inveniam Capital Partners, Inc. | Private blockchain services |
US11201734B2 (en) | 2018-06-04 | 2021-12-14 | Robert Bosch Gmbh | Method and system for fault tolerant and secure multiparty computation with SPDZ |
WO2019244756A1 (ja) * | 2018-06-20 | 2019-12-26 | 日本電信電話株式会社 | 秘密結合システム、方法、秘密計算装置及びプログラム |
US11328290B2 (en) | 2018-08-06 | 2022-05-10 | Inveniam Capital Partners, Inc. | Stable cryptocurrency coinage |
US11276056B2 (en) | 2018-08-06 | 2022-03-15 | Inveniam Capital Partners, Inc. | Digital contracts in blockchain environments |
US11989208B2 (en) | 2018-08-06 | 2024-05-21 | Inveniam Capital Partners, Inc. | Transactional sharding of blockchain transactions |
JP7067626B2 (ja) * | 2018-08-13 | 2022-05-16 | 日本電信電話株式会社 | 秘密結合情報生成システム、秘密結合システム、これらの方法、秘密計算装置及びプログラム |
US20220060318A1 (en) * | 2018-10-10 | 2022-02-24 | Nippon Telegraph And Telephone Corporation | Secure right shift computation system, secure division system, methods therefor, secure computation apparatus, and program |
CN110472439B (zh) * | 2019-08-09 | 2023-08-22 | 创新先进技术有限公司 | 模型参数确定方法、装置和电子设备 |
US11343075B2 (en) | 2020-01-17 | 2022-05-24 | Inveniam Capital Partners, Inc. | RAM hashing in blockchain environments |
US12008526B2 (en) | 2021-03-26 | 2024-06-11 | Inveniam Capital Partners, Inc. | Computer system and method for programmatic collateralization services |
US12007972B2 (en) | 2021-06-19 | 2024-06-11 | Inveniam Capital Partners, Inc. | Systems and methods for processing blockchain transactions |
JP2023157174A (ja) * | 2022-04-14 | 2023-10-26 | 株式会社東芝 | 暗号通信システム、暗号通信装置および暗号通信方法 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004287333A (ja) * | 2003-03-25 | 2004-10-14 | Oki Electric Ind Co Ltd | 分散計算装置及び分散計算システム |
JP2007124610A (ja) * | 2005-09-20 | 2007-05-17 | Nippon Telegr & Teleph Corp <Ntt> | 秘密情報分散装置及び秘密情報復元装置及び方法及びプログラム |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1884059A2 (en) * | 2005-05-13 | 2008-02-06 | Temple University of the Commonwealth System of Higher Education | Secret sharing technique with low overhead information content |
US9208351B2 (en) * | 2009-06-15 | 2015-12-08 | International Business Machines Corporation | Processing information |
US8675877B2 (en) * | 2008-08-29 | 2014-03-18 | Red Hat, Inc. | Sharing a secret via linear interpolation |
US8549290B2 (en) * | 2009-04-24 | 2013-10-01 | Nippon Telegraph And Telephone Corporation | Secret sharing system, sharing apparatus, share management apparatus, acquisition apparatus, processing methods thereof, secret sharing method, program, and recording medium |
US8843762B2 (en) * | 2009-09-04 | 2014-09-23 | Gradiant, Centro Tecnolóxico de Telecomunicacións de Galicia | Cryptographic system for performing secure iterative computations and signal processing directly on encrypted data in untrusted environments |
US9432188B2 (en) * | 2012-07-05 | 2016-08-30 | Nippon Telegraph And Telephone Corporation | Secret sharing system, data distribution apparatus, distributed data transform apparatus, secret sharing method and program |
JP6008316B2 (ja) * | 2012-08-24 | 2016-10-19 | パナソニックIpマネジメント株式会社 | 秘密分散装置および秘密分散プログラム |
-
2013
- 2013-07-04 WO PCT/JP2013/068330 patent/WO2014007311A1/ja active Application Filing
- 2013-07-04 JP JP2014523778A patent/JP5826934B2/ja active Active
- 2013-07-04 CN CN201380035857.0A patent/CN104412539B/zh active Active
- 2013-07-04 EP EP13812992.9A patent/EP2858297B1/en active Active
- 2013-07-04 US US14/408,453 patent/US9679149B2/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004287333A (ja) * | 2003-03-25 | 2004-10-14 | Oki Electric Ind Co Ltd | 分散計算装置及び分散計算システム |
JP2007124610A (ja) * | 2005-09-20 | 2007-05-17 | Nippon Telegr & Teleph Corp <Ntt> | 秘密情報分散装置及び秘密情報復元装置及び方法及びプログラム |
Non-Patent Citations (9)
Title |
---|
A. SHAMIR: "How to share a secret", COMMUN. ACM, vol. 22, no. 11, 1979, pages 612 - 613, XP000565227, DOI: doi:10.1145/359168.359176 |
HIROSUKE YAMAMOTO: "Secret sharing and its variations", RESEARCH INSTITUTE FOR MATHEMATICAL SCIENCES, KOKYUROKU, vol. 1361, 2004, pages 19 - 31 |
KOJI CHIDA ET AL.: "Efficient Conversions from Computational SSS And Ramp SSS to Multi-Party Computation", IEICE TECHNICAL REPORT, vol. 112, no. 126, 12 July 2012 (2012-07-12), pages 267 - 271, XP008175631 * |
KOJI CHIDA ET AL.: "Multiparty Keisan ni Tekiyo Kano na Keisanryoteki Short Himitsu Bunsan", DAI 29 KAI SYMPOSIUM ON CRYPTOGRAPHY AND INFORMATION SECURITY (SCIS2012), 30 January 2012 (2012-01-30), pages 3B3 - 2, XP008176581 * |
M. BEN-OR; S. GOLDWASSER; A. WIGDERSON: "Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract", STOC 1988, 1988, pages 1 - 10 |
MIKIHIKO NISHIARA; KATSUNORI TAKIZAWA: "Strong ramp threshold secret sharing scheme using polynomial interpolation", THE INSTITUTE OF ELECTRONICS, INFORMATION AND COMMUNICATION ENGINEERS, RESEARCH REPORT, IT, INFORMATION THEORY, vol. 109, no. 143, 16 July 2009 (2009-07-16), pages 127 - 129 |
R. CRAMER ET AL.: "Atomic Secure Multi-party Multiplication with Low Communication", LECTURE NOTES IN COMPUTER SCIENCE, vol. 4515, 2007, pages 329 - 346, XP047029644 * |
R. CRAMER; 1. DAMGARD; U. MAURER: "General Secure Multi-Party Computation from any Linear Secret-Sharing Scheme", EUROCRYPTO 2000, 2000, pages 316 - 334, XP055258618, DOI: doi:10.1007/3-540-45539-6_22 |
See also references of EP2858297A4 * |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9967295B2 (en) | 2008-11-26 | 2018-05-08 | David Harrison | Automated discovery and launch of an application on a network enabled device |
JP2015135380A (ja) * | 2014-01-16 | 2015-07-27 | 日本電信電話株式会社 | シェア変換システム、シェア変換方法、プログラム |
JP2015135382A (ja) * | 2014-01-16 | 2015-07-27 | 日本電信電話株式会社 | シェア変換システム、シェア変換方法、プログラム |
JP2015135381A (ja) * | 2014-01-16 | 2015-07-27 | 日本電信電話株式会社 | シェア変換システム、シェア変換方法、プログラム |
WO2016159357A1 (ja) * | 2015-04-03 | 2016-10-06 | 日本電気株式会社 | 秘密計算システム、サーバ装置、秘密計算方法、および、プログラム |
JPWO2016159357A1 (ja) * | 2015-04-03 | 2018-02-01 | 日本電気株式会社 | 秘密計算システム、サーバ装置、秘密計算方法、および、プログラム |
US10749671B2 (en) | 2015-04-03 | 2020-08-18 | Nec Corporation | Secure computation system, server apparatus, secure computation method, and program |
JP2017129913A (ja) * | 2016-01-18 | 2017-07-27 | 日本電信電話株式会社 | 秘匿決定木計算システム、装置、方法及びプログラム |
WO2020165931A1 (ja) * | 2019-02-12 | 2020-08-20 | 日本電気株式会社 | 情報処理装置、秘密計算方法及びプログラム |
JPWO2020165931A1 (ja) * | 2019-02-12 | 2021-12-09 | 日本電気株式会社 | 情報処理装置、秘密計算方法及びプログラム |
JP7259875B2 (ja) | 2019-02-12 | 2023-04-18 | 日本電気株式会社 | 情報処理装置、秘密計算方法及びプログラム |
Also Published As
Publication number | Publication date |
---|---|
JP5826934B2 (ja) | 2015-12-02 |
US9679149B2 (en) | 2017-06-13 |
EP2858297B1 (en) | 2017-03-01 |
EP2858297A1 (en) | 2015-04-08 |
US20150193633A1 (en) | 2015-07-09 |
CN104412539B (zh) | 2017-05-24 |
JPWO2014007311A1 (ja) | 2016-06-02 |
EP2858297A9 (en) | 2016-06-15 |
CN104412539A (zh) | 2015-03-11 |
EP2858297A4 (en) | 2016-03-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5826934B2 (ja) | 秘密分散システム、データ分散装置、分散データ変換装置、秘密分散方法、およびプログラム | |
JP5885840B2 (ja) | 秘密分散システム、データ分散装置、分散データ変換装置、秘密分散方法、およびプログラム | |
JP5860556B1 (ja) | 不整合検知方法、不整合検知システム、不整合検知装置、およびプログラム | |
JP6095792B2 (ja) | 秘密ビット分解装置、秘密モジュラス変換装置、秘密ビット分解方法、秘密モジュラス変換方法、プログラム | |
JP5872085B1 (ja) | 分散値変換システム、分散値変換装置、分散値変換方法、およびプログラム | |
JP5860557B1 (ja) | 秘密公開方法、秘密公開システム、秘密公開装置、およびプログラム | |
JP5872084B1 (ja) | 分散値変換システム、分散値変換装置、分散値変換方法、およびプログラム | |
JP5864004B1 (ja) | 分散値変換システム、分散値変換装置、分散値変換方法、およびプログラム | |
JP6447870B2 (ja) | 秘密情報分散システム、情報処理装置および情報処理プログラム | |
JP5944841B2 (ja) | 秘密分散システム、データ分散装置、分散データ保有装置、秘密分散方法、およびプログラム | |
JP6632959B2 (ja) | 検証システム、検証方法及び検証プログラム | |
US20220413807A1 (en) | Secure random number generation system, secure computation apparatus, secure random number generation method, and program | |
JP6006809B2 (ja) | 復号サービス提供装置、処理装置、安全性評価装置、プログラム、および記録媒体 | |
JP5972181B2 (ja) | 改ざん検知装置、改ざん検知方法、およびプログラム | |
JP5889454B1 (ja) | 分散値変換システム、分散値変換装置、分散値変換方法、およびプログラム | |
TWI730533B (zh) | 容錯環學習(rlwe)密文之壓縮及遺忘擴展 | |
EP3675088B1 (en) | Share generating device, share converting device, secure computation system, share generation method, share conversion method, program, and recording medium | |
JP2019040047A (ja) | 計算システム、計算方法及び計算プログラム | |
EP3767609A1 (en) | Secret table reference system, method, secret calculating device and program | |
CN114077744A (zh) | 区块链通用资产处理方法、装置、设备和存储介质 | |
WO2019188320A1 (ja) | 秘密重複排除フィルタ生成システム、秘密重複排除システム、これらの方法、秘密計算装置及びプログラム | |
JP2013152349A (ja) | ペアリング装置、ペアリング方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13812992 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2014523778 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14408453 Country of ref document: US |
|
REEP | Request for entry into the european phase |
Ref document number: 2013812992 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2013812992 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |