WO2014030706A1 - Système, dispositif client et serveur de base de données cryptées, et procédé et programme d'addition de données cryptées - Google Patents

Système, dispositif client et serveur de base de données cryptées, et procédé et programme d'addition de données cryptées Download PDF

Info

Publication number
WO2014030706A1
WO2014030706A1 PCT/JP2013/072433 JP2013072433W WO2014030706A1 WO 2014030706 A1 WO2014030706 A1 WO 2014030706A1 JP 2013072433 W JP2013072433 W JP 2013072433W WO 2014030706 A1 WO2014030706 A1 WO 2014030706A1
Authority
WO
WIPO (PCT)
Prior art keywords
client device
encrypted
addition
database server
advance
Prior art date
Application number
PCT/JP2013/072433
Other languages
English (en)
Japanese (ja)
Inventor
勇 寺西
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Publication of WO2014030706A1 publication Critical patent/WO2014030706A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Definitions

  • the present invention relates to an encrypted database system, a client device and a server, an encrypted data addition method, and a program, and in particular, it is possible to add encrypted data without decrypting and verify the addition result with a small amount of calculation. It relates to an encrypted database system.
  • the user encrypts his / her data with the encryption key held in his / her client and then transmits it to the server.
  • the server side it is necessary to be able to “perform addition processing without decrypting the encrypted data”, and on the client side “verify whether the returned addition result is correct” It needs to be possible.
  • Non-Patent Document 1 describes a technique that can perform addition processing without decrypting data encrypted using “trapdoor permutation”.
  • Non-Patent Document 2 describes an encryption method that can be used for electronic voting.
  • Non-Patent Document 3 describes an encryption method that is strong against selective ciphertext attacks.
  • Non-Patent Document 4 describes a method of calculating a power residue described later.
  • Patent Document 1 describes a distributed information processing system that can perform operations including size comparison on secret information.
  • Patent Document 2 describes a message authentication device capable of efficiently performing block cipher authentication.
  • Patent Document 3 describes a searchable encryption system that can search a database including ciphertext.
  • Patent Document 4 describes a data collection system that can collect and analyze data of each customer device while ensuring secrecy to a third party and anonymity to a center.
  • JP 2008-020871 A International Publication WO2007 / 0524477 JP 2012-079192 A JP 2009-290774 A
  • Non-Patent Documents 1 and 2 and Patent Document 1 describe a technique that enables addition of encrypted data, but does not describe verifying the addition result.
  • Non-Patent Document 3 describes a technique for verifying the validity of encryption, but this is a verification of the validity of the ciphertext itself and not the validity of the addition result.
  • the remaining Non-Patent Document 4 and Patent Documents 2 to 4 do not describe a technique that satisfies both of the above properties.
  • An object of the present invention is to perform addition processing without decrypting encrypted data, and to verify whether or not the addition result is correct with a significantly smaller amount of calculation than addition processing.
  • an encrypted database system adds a client device that transmits an addition command and encrypted data stored in advance according to the addition command without decryption.
  • An encrypted database system comprising an encrypted database server for transmitting the result to the client device, wherein the client device generates an encryption key and a random number sequence to be used in a tagged encryption method in advance.
  • a data registration unit that sends it to the encrypted database server for storage, and a target for calculating the sum of plaintexts. And having an addition unit that transmits the encrypted database server data set as addition instruction.
  • the client apparatus adds an encrypted data stored in advance according to a transmitted addition command without decrypting the encrypted data and transmits the result.
  • a set-up unit that generates an encryption key and a random number sequence used in a tagged encryption method and stores them in a storage unit provided in advance, and corresponds to the input plaintext
  • a data registration unit which calculates a tag by a polynomial of a random number sequence, adds a tag to a ciphertext obtained by encrypting a plaintext using a cryptographic key with an encryption key, and transmits the encrypted text to an encrypted database server;
  • an addition unit that transmits a data set to be calculated as a sum of plaintexts to the encrypted database server as an addition command.
  • an encrypted database server adds encrypted data stored in advance according to an addition command received from a client device without decrypting the result, and adds the result to the client.
  • An encrypted database server to be transmitted to a device, which receives an integer generated in advance by a client device and stores it in a storage means provided in advance, and plaintext and a tag encrypted by the client device
  • a data registration unit that stores the set of data in a storage unit provided in advance, a product of ciphertexts belonging to the data set received from the client device, and a sum of tags corresponding to the ciphertexts, and calculating this as an addition result
  • an adding unit that sends a reply to the client device.
  • an encrypted data addition method adds a client device that transmits an addition command and encrypted data stored in advance according to the addition command without decryption.
  • the setup unit of the client device In the encrypted database system comprising the encrypted database server that transmits the result to the client device, the setup unit of the client device previously obtains an encryption key and a random number sequence used for the tagged encryption method.
  • Storage means that is generated and stored in a storage means provided in advance, and that the simultaneously generated integer is transmitted to the encryption database server, and the setup unit of the encryption database server is provided with the integer received from the client device in advance.
  • the data registration unit of the client device adds a tag corresponding to the input plaintext.
  • the data registration unit of the client device calculates by using a polynomial of a number sequence, adds a tag to the ciphertext obtained by encrypting the plaintext by the tagged encryption method using the encryption key, and transmits it to the encryption database server.
  • the data registration unit of the server stores the plaintext and tag set received from the client device in a storage means provided in advance, and the addition unit of the client device uses the data set for which the sum of the plaintext is calculated as an addition command Sent to the encrypted database server, and the addition unit of the encrypted database server calculates the product of the ciphertexts belonging to the data set received from the client device and the sum of the tags corresponding to each ciphertext, and uses this as the addition result A reply is made to the client device.
  • an encrypted data addition program adds a client device that transmits an addition command and encrypted data stored in advance according to the addition command without decryption.
  • an encrypted database system comprising an encrypted database server that transmits the result to the client device, an encryption key and a random number sequence used in the tagged encryption method are preliminarily assigned to the processor provided in the client device.
  • another encrypted data addition program includes a client device that transmits an addition command, and without decrypting encrypted data that is stored in advance in accordance with the addition command.
  • a processor provided in the encrypted database server is pre-stored with an integer received from the client device. The procedure for storing the plaintext and tag set received from the client device in the storage means provided in advance, and the ciphertext belonging to the data set for which the sum of the plaintext received from the client device is calculated. Calculate the product and the sum of the tags corresponding to each ciphertext, and use this as the addition result Characterized in that to execute a procedure for replying to the client device.
  • the present invention adds a tag to a ciphertext obtained by encrypting a plaintext using a cipher key using a cipher key and stores it in the encrypted database server, and calculates the encrypted database server.
  • the encryption database server is configured to calculate the product of the ciphertexts belonging to the data set to be processed and the sum of the tags corresponding to each ciphertext and return this to the client device as the addition result, the encrypted database server The sum can be calculated without decryption, and the client device can easily verify whether this sum is correct.
  • a forward encryption database system, a client and a server, an encryption data addition method, and a program having the above characteristics can be provided.
  • the encrypted database system 1 adds the encrypted data stored in advance according to the addition command without decrypting the client device 20 that transmits the addition command, and adds the result to the
  • This is an encrypted database system comprising an encrypted database server 10 that transmits to a client device.
  • the client device 20 generates an encryption key and a random number sequence used in the tagged encryption method in advance and stores them in the storage unit 22 provided in advance, and a tag corresponding to the input plaintext is a random number sequence
  • a data registration unit 202 that adds a tag to a ciphertext obtained by encrypting the plaintext using a cipher with a tag using an encryption key, and transmits the data to the encryption database server for storage.
  • an adder 203 that transmits a data set to be calculated as a sum command to the encryption database server.
  • One encrypted database server 10 receives an integer generated in advance by the client device 20 and stores it in a storage unit 12 provided in advance, and a set of plaintext and tags encrypted by the client device. Is stored in a storage means provided in advance, and a product of ciphertexts belonging to the data set received from the client device and a sum of tags corresponding to the ciphertexts are calculated and added to the client as a result of addition. And an adding unit 103 that sends a reply to the apparatus.
  • the adding unit 203 of the client device 20 decrypts the received addition result using an encryption key, calculates a tag again from the plaintext obtained by the decryption using a random number sequence polynomial, and combines the plaintext and the tag. It has a function of verifying whether or not the addition result is valid based on whether or not the result encrypted by the tagged encryption method using the encryption key again matches the addition result.
  • the encrypted database system 1 performs the addition process without decrypting the encrypted data, and the calculation whether the addition result is correct is significantly less than the addition process. It can be verified by quantity. Hereinafter, this will be described in more detail.
  • Equation 1 The ciphertext Enc (K, a, ⁇ ) is defined as shown in Equation 1 below.
  • K is a common key
  • a plaintext (a numerical value to be added)
  • is data called a tag
  • A is an arbitrary constant
  • N is an RSA modulus
  • g is an element of (Z / N ⁇ sZ)
  • s is a natural number of 2 or more.
  • Equation 1 When there are two sets of plaintexts (a, ⁇ ) and (a ′, ⁇ ′) and corresponding tags, Enc (K, a, ⁇ ) defined by Equation 1 has the property shown by Equation 2. There is. Here, “ ⁇ ” indicates multiplication.
  • a + a ′ ciphertext can be calculated from a ciphertext and a ′ ciphertext, and a and a ′ can be added as encrypted. .
  • plaintext a is used for two elements “(1 + AN) ⁇ a” and “g ⁇ a”. This part can be used to verify the validity of the ciphertext ("A to the Bth power" is expressed as "A ⁇ B" in lines other than the mathematical expressions in this specification). If this ciphertext is illegal, the two elements have different values, such as “(1 + AN) ⁇ a” and “g ⁇ b”. Therefore, if the coincidence between the two elements is determined, it can be verified that the ciphertext has not been created in an unauthorized manner.
  • the ciphertext C received from the server is decrypted once with a valid encryption key K possessed by the user to obtain plaintext a, the following number It can be determined that the ciphertext C is valid if the relationship shown in FIG.
  • Equation 4 each of n (n ⁇ 2) plaintexts and corresponding tag pairs (a [1], ⁇ [1]),..., (A [n], ⁇ [n])
  • n ciphertexts shown in Equation 4 encrypted by the defined method.
  • the server calculated the ciphertext C as an addition result shown in Equation 5.
  • the server illegally calculates the ciphertext C as the addition result, there is a high possibility that this C will not pass the above verification. Accordingly, after the user decrypts the ciphertext C once with the valid encryption key K possessed by the user and obtains the plaintext a, the ciphertext C is valid if the relationship shown in Equation 6 is established, and is invalid if the relationship is not established. It can be determined that there is.
  • is the order of g, h is randomly selected from (Z / N ⁇ sZ), and x is randomly selected from the (Z / ⁇ Z) set, and y [i ] And ⁇ [i] are defined.
  • the array ⁇ is parametrized with only one type of variable i, that is, the case where it is expressed as ⁇ [i] has been described.
  • the array ⁇ has d variables i [1],. Even when parameterized by i [d], it can be easily expanded. That is, in this case, the array ⁇ can be expressed as shown in Equation 11.
  • e vectors j [1],..., J [e] are defined as shown in Equation 12.
  • i (i [1],..., I [d]).
  • the set X is defined as shown in Equation 13.
  • [A..B] is “a set of integers between A and B”.
  • Equation 16 It is assumed that the sum of ciphertexts shown in Equation 16 can be obtained from the ciphertext C shown in Equation 14 by calculating the product as shown in Equation 15.
  • x [1],..., X [d] is selected at random from (Z / ⁇ Z), and y [i [1],..., I [d]] and ⁇ [i] as shown in the following Equation 18. [1], ..., i [d]] are defined.
  • Equation 19 If w [l] and z are defined as in the following equation 19, the relationship of equation 20 is established. Therefore, since the relationship of Equation 21 is established, it is only necessary to calculate h ⁇ z instead of calculating the product shown in Equation 17, so that the calculation related to the verification of the addition result can be streamlined.
  • FIG. 1 is an explanatory diagram showing a configuration of an encrypted database system 1 according to an embodiment of the present invention.
  • the encrypted database system 1 is configured by connecting an encrypted database server 10 and a client device 20 to each other.
  • FIG. 1 shows one encrypted database server 10 and one client device 20, but basically there are many units for one encrypted database server 10.
  • the client device 20 is connected.
  • the encrypted database server 10 has a configuration as a general computer device. That is, the encrypted database server 10 includes a processor 11 that is a main body that executes a computer program, a storage unit 12 that stores data, and a communication unit 13 that performs data communication with other computers.
  • a processor 11 that is a main body that executes a computer program
  • a storage unit 12 that stores data
  • a communication unit 13 that performs data communication with other computers.
  • the client device 20 also has a configuration as a general computer device. That is, the client device 20 receives the input from the user and presents the calculation result to the user in addition to the processor 21, the storage unit 22, and the communication unit 23 similar to the encrypted database server 10. Output means 24 is provided.
  • the processor 11 of the encrypted database server 10 functions as each of the setup unit 101, the data registration unit 102, the addition unit 103, and the high-speed addition unit 104 by the operation of the encrypted data management program.
  • the storage unit 12 of the encrypted database server 10 stores data such as encrypted data 111 and encryption parameters 112.
  • the processor 21 of the client device 20 also functions as each of the setup unit 201, the data registration unit 202, the addition unit 203, and the high-speed addition unit 204 by the operation of the encrypted data management program.
  • the encryption parameter 211 is stored in the storage unit 22 of the client device 20.
  • the setup units 101 and 201, the data registration units 102 and 202, and the addition units 103 and 203 perform the following processing in conjunction with each other. Further, the high-speed adding unit 204 of the client device 20 works in conjunction with the adding unit 103 of the encrypted database server 10.
  • the setup units 101 and 201 generate information to be shared between the encrypted database server 10 and the client device 20 that is a premise of the operation of the present embodiment, and store the information as the encryption parameters 112 and 211.
  • the data registration units 102 and 202 encrypt the data in the client device 20 and transmit the encrypted data to the encrypted database server 10, and the encrypted database server 10 stores the encrypted data as the encrypted data 111.
  • the adders 103 and 203 generate a command statement for adding data in a specific range in the encrypted data 111 in the client device 20 and transmit it to the encrypted database server 10, and the encryption database server 10 adds it accordingly.
  • the high-speed addition unit 204 executes the same addition process at a higher speed than the addition units 103 and 203, but the types of sums that can be calculated are limited (details will be described later).
  • the key generation algorithm Kg outputs integers U, V, ⁇ and a common key K.
  • a set of integers is expressed as Z
  • a cyclic group of order N is expressed as Z / NZ.
  • g is an element of (Z / Ns)
  • is the order of g.
  • the tag ⁇ (Z / ⁇ Z) is data for managing the storage location of the plaintext m (the numerical value to be added).
  • the encryption algorithm Enc receives the common key K, the plaintext m ⁇ (Z / UZ), and the tag ⁇ (Z / ⁇ Z) as inputs, and outputs the ciphertext C ⁇ (Z / VZ).
  • the decryption algorithm Dec receives the common key K, the ciphertext C, and the tag ⁇ as inputs, and outputs an error message indicating that the plaintext m or C is invalid.
  • the tagged encryption method used in this embodiment is expressed as follows when s is defined as a natural number of 2 or more and A is defined as an arbitrary constant.
  • the key generation algorithm Kg selects the elements g and h of the integers N and Z / (N ⁇ 2) Z and the order is the same value ⁇ , and U, V, ⁇ defined by the following number 22 , K are output.
  • ⁇ and ⁇ ′ are security parameters, from the viewpoint of safety, ⁇ is defined as 1024 or more, ⁇ ′ is defined as 160 or more, and N Is a product of randomly selected prime numbers p and q of ⁇ / 2 bits, and ⁇ is a divisor of the N ⁇ s Carmichael number and more than ⁇ ′ bits.
  • d is an integer and d ⁇ 2.
  • S [1], ..., S [d] and T [1], ..., T [d] are all integers, and S [1] ⁇ T [1], ..., S [d] ⁇ T [ d] is satisfied.
  • the encrypted database server 10 and the client device 20 share the values of d and S [1],..., S [d] in advance, and are stored in advance as encryption parameters 112 and 211 in the respective storage means 12 and 22. Has been.
  • This sharing should be done “in secret” without going through the Internet. Specifically, for example, there are methods such as storing in a storage medium and mailing or bringing it in, or transmitting via a dedicated management line separate from the Internet.
  • the encrypted database server 10 is configured to satisfy i [1], ..., i [d satisfying S [1] ⁇ i [1] ⁇ T [1], ..., S [d] ⁇ i [d] ⁇ T [d]. ],
  • the d-dimensional array Cipher [i [1],..., I [d]] is managed as the encrypted data 111.
  • each element of Cipher [i [1],..., I [d]] is 0 or a null value.
  • FIG. 2 is a flowchart showing the operation of the setup units 101 and 201 shown in FIG.
  • the setup unit 201 outputs U, V, ⁇ , and K expressed by Equation 22 using the key generation algorithm Kg described above (step S301).
  • the setup unit 201 reads d stored in advance as the encryption parameter 211 and randomly selects x [1],..., X [d] ⁇ (Z / ⁇ Z) and h ⁇ (Z / VZ).
  • Step S302 K, x [1],..., X [d], and h are stored in the encryption parameter 211 (Step S303), and V is transmitted to the encrypted database server 10 (Step S304).
  • the setup unit 101 receives this V and stores it in the encryption parameter 112 (step S305).
  • FIG. 3 is a flowchart showing the operation of the data registration units 102 and 202 shown in FIG.
  • Data that is input from the client device 20 via the input / output unit 24 and is transmitted to the encrypted database server 10 and is to be registered is input (step S401).
  • This data is a [i [1] .. i [d]].
  • [A..B] is “a set of integers from A to B”. I [1],..., I [d] satisfy S [1] ⁇ i [1] ⁇ T [1],..., S [d] ⁇ i [d] ⁇ T [d].
  • the data registration unit 202 of the client device 20 reads K, x [1],..., X [d], and h stored in the above-described step S303 from the encryption parameter 211 (step S402). Then, y represented by the following equation 25 is calculated (step S403), and this is applied to the encryption algorithm Enc to calculate a ciphertext C represented by the following equation 26 (step S404). 1],..., I [d] and the data represented by the following Expression 27 is transmitted to the encrypted database server 10 (step S405).
  • the data registration unit 102 receives the data represented by Expression 26 and stores the data as encrypted data 111, that is, as a d-dimensional array Cipher [i [1],..., I [d]] ( Step S406).
  • FIG. 4 is a flowchart showing the operation of the adding units 103 and 203 shown in FIG. Now, for i [1],..., I [d] belonging to the set X shown in Equation 28, the client apparatus 20 sends a [i [1],..., I [d]] to the encrypted database server 10. An addition process for obtaining the total value is to be executed. In that case, the adding unit 203 transmits the set X to the encrypted database server 10 and sends a command for performing the adding process (step S501).
  • the adder 103 receives this, calculates the ciphertext C as the addition result shown in the following equation 29 (step S502), and sends this to the client device 20. (Step S503).
  • the adding unit 203 receives it, and first reads K and h stored in the above-described step S303 from the encryption parameter 211 (step S504). A value is calculated (step S505).
  • FIG. 5 is a flowchart showing the operations of the adding unit 103 and the high-speed adding unit 204 shown in FIG.
  • the e vectors shown in Expression 31 are defined as j [1],..., J [e], and the set X is defined as Expression 32.
  • the client device 20 can perform the calculation in step S505 using the high-speed addition unit 204.
  • the high speed addition unit 204 calculates the value of z using the relationship shown in Equation 34 (step S601). Except for this point, the operation is the same as the operation of the calculation shown in FIG. 4. Therefore, the other steps are denoted by the same reference numerals and description thereof is omitted.
  • the encrypted data addition method adds the encrypted data stored in advance according to the addition command without decrypting the client device 20 that transmits the addition command, and adds the result to the client device 20.
  • an encrypted database system 1 including an encrypted database server 10 that transmits to a client device, a setup unit of the client device generates an encryption key and a random number sequence to be used in a tagged encryption method in advance.
  • the stored integer is stored in the storage unit prepared in advance, and the simultaneously generated integer is transmitted to the encrypted database server, and the setup unit of the encrypted database server stores the integer received from the client device in the storage unit prepared in advance.
  • a tag corresponding to the plaintext is calculated by a polynomial of a random number sequence (FIG. 3, steps S402 to 403), and the data registration unit of the client device converts the plaintext into a ciphertext encrypted by a tagged encryption method using an encryption key.
  • a tag is added and transmitted to the encrypted database server (FIG. 3, steps S404 to S405), and the data registration unit of the encrypted database server stores the plaintext and the tag combination received from the client device in a storage means provided in advance. The data is stored (FIG.
  • step S406 and the adding unit of the client device transmits the data set that is the target of calculating the plaintext sum as an addition command to the encrypted database server (FIG. 4, step S501).
  • the adder of the server applies the product of the ciphertext belonging to the data set received from the client device to each ciphertext. It calculates the sum of the tags to reply to the client device as a result of addition to this (Fig. 4, steps S502 ⁇ 503).
  • the adding unit of the client device decrypts the received addition result using the encryption key (FIG. 4, steps S504 to 505), and again calculates the tag from the plaintext obtained by this decryption using the polynomial of the random number sequence. Then, it is verified whether the addition result is valid or not by checking whether the result of encrypting the plaintext and the tag by the tagged encryption method using the encryption key again matches the addition result (FIG. 4). Steps S505 to S507).
  • each of the above operation steps is programmed so as to be executable by a computer, and these are executed by the processor 11 of the encrypted database server and the processor 21 of the client device that directly execute the respective steps.
  • the program may be recorded on a non-temporary recording medium, such as a DVD, a CD, or a flash memory. In this case, the program is read from the recording medium by a computer and executed.
  • the sum of data encrypted by the user on the client device side can be calculated on the encrypted database server side without decryption.
  • the user can verify whether the calculated and returned sum is valid or not on the client device side.
  • the amount of calculation required for the verification can be made smaller than the amount of calculation required for calculating the sum of data before encryption on the client device side.
  • the client apparatus which transmits an addition command, and the encryption which adds the encrypted data stored beforehand according to the said addition command, without decoding, and transmits the result to the said client apparatus
  • An encrypted database system comprising a database server
  • the client device is A setup unit for generating an encryption key and a random number sequence to be used in a tagged encryption method in advance and storing them in a storage means provided in advance;
  • a tag corresponding to the input plaintext is calculated by a polynomial of the random number sequence, the tag is added to the ciphertext obtained by encrypting the plaintext by a tagged encryption method using the encryption key, and the encryption is performed.
  • a data registration unit to be transmitted and stored in the database server;
  • An encryption database system comprising: an addition unit that transmits a data set to be calculated as a sum of the plaintexts as the addition instruction to the encryption database server.
  • the encrypted database server is A setup unit that receives an integer generated in advance by the client device and stores it in a storage means provided in advance; A data registration unit for storing a set of the plaintext and the tag encrypted by the client device in a storage unit provided in advance; An adder that calculates a product of ciphertexts belonging to the data set received from the client device and a sum of tags corresponding to the ciphertexts and returns the result as an addition result to the client device;
  • the encrypted database system according to Supplementary Note 1.
  • the said addition part of the said client apparatus is, The received addition result is decrypted using the encryption key, the tag is calculated again from the plaintext obtained by the decryption using the polynomial of the random number sequence, and the plaintext and the tag are used again using the encryption key.
  • the encryption according to appendix 2 characterized by having a function of verifying whether the addition result is valid by checking whether the result encrypted by the tagged encryption method matches the addition result Database system.
  • the setup unit of the client device stores a plurality of integers generated in advance in the storage unit in advance, A data registration unit of the client device calculates the ciphertext from a power residue that uses the integer as a base and the plaintext as a base, and another power residue that uses the other integer as a base and the tag as a base.
  • the encrypted database system according to appendix 1 characterized by:
  • the client device is When the input data set is a set composed of a linear sum of a plurality of vectors, the tag is calculated by a polynomial of the random number sequence for each of the plurality of vectors, and this is included in the addition instruction
  • a client device connected to an encrypted database server that adds the encrypted data stored in advance according to the transmitted addition command without decrypting and transmits the result,
  • a tag corresponding to the input plaintext is calculated by a polynomial of the random number sequence, the tag is added to the ciphertext obtained by encrypting the plaintext by a tagged encryption method using the encryption key, and the encryption is performed.
  • a data registration unit to be transmitted and stored in the database server;
  • a client device comprising: an adding unit that transmits a data set to be calculated as a sum of the plaintexts to the encrypted database server as the addition command.
  • the adding unit is The addition result received from the encrypted database server is decrypted using the encryption key, the tag is again calculated from the plaintext obtained by the decryption by the polynomial of the random number sequence, and the plaintext and the tag are again The function of verifying whether or not the addition result is valid by checking whether or not the result of encryption by the tagged encryption method using the encryption key matches the addition result, 6.
  • the client device according to 6.
  • An encrypted database server that adds encrypted data stored in advance according to an addition command received from a client device without decrypting and transmits the result to the client device,
  • a setup unit that receives an integer generated in advance by the client device and stores it in a storage means provided in advance;
  • a data registration unit for storing a set of the plaintext and the tag encrypted by the client device in a storage unit provided in advance;
  • An adder that calculates a product of ciphertexts belonging to the data set received from the client device and a sum of tags corresponding to the ciphertexts and returns the result as an addition result to the client device;
  • An encrypted database server An encrypted database server.
  • the setup unit of the client device From the client device that transmits the addition command and the encrypted database server that adds the encrypted data stored in advance according to the addition command without decrypting and transmits the result to the client device Is an encrypted database system,
  • the setup unit of the client device generates an encryption key and a random number sequence used in the tagged encryption method in advance and stores them in a storage unit provided in advance, and simultaneously generates an integer generated in the encryption database server.
  • the setup unit of the encrypted database server stores the integer received from the client device in a storage unit provided in advance,
  • the data registration unit of the client device calculates a tag corresponding to the input plaintext by a polynomial of the random number sequence,
  • the data registration unit of the client device adds the tag to a ciphertext obtained by encrypting the plaintext using a cipher key using the encryption key, and transmits the ciphertext to the encrypted database server
  • the data registration unit of the encrypted database server stores the plaintext and tag set received from the client device in a storage unit provided in advance,
  • the addition unit of the client device transmits a data set that is a target for calculating the sum of the plaintexts to the encrypted database server as the addition command,
  • the adding unit of the encrypted database server calculates a product of ciphertexts belonging to the data set received from the client device and a sum of tags corresponding to the ciphertexts, and adds the result to the client device as an addition result.
  • the adding unit of the client device decrypts the received addition result by using the encryption key, calculates the tag again from the plaintext obtained by the decryption by the polynomial of the random number sequence, Whether the addition result is valid or not is verified based on whether the result of encrypting the tag by the tagged encryption method using the encryption key again matches the addition result, The method of adding encrypted data according to appendix 9.
  • the present invention can be widely used in a database in which stored data is encrypted.
  • it is a database used in cloud computing, and is suitable for use in processing while ensuring security.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

Le problème décrit par l'invention est de pourvoir à un système de base de données cryptées ou analogue permettant d'effectuer une addition sans décryptage de données cryptées, et de vérifier les résultats d'addition avec une faible quantité de calcul. La solution de l'invention porte sur un système de base de données cryptées comprenant un dispositif client (20) et un serveur de base de données cryptées (10), le dispositif client (20) comprenant : une unité de configuration (201) pour générer et stocker une clé de cryptage et une séquence de nombres aléatoires à l'avance ; une unité d'enregistrement de données (202) pour calculer une étiquette correspondant à un texte en clair saisi à l'aide d'une expression polynomiale de la séquence de nombres aléatoires, additionner l'étiquette à un texte crypté en lequel le texte en clair a été crypté par une formule de cryptage étiquetée à l'aide de la clé de cryptage, et envoyer le texte crypté étiqueté à une base de données cryptées et l'y stocker ; et une unité d'addition (203) par laquelle un ensemble de données pour lequel la somme du texte en clair doit être calculée est envoyé sous la forme d'une instruction d'addition au serveur de base de données cryptées.
PCT/JP2013/072433 2012-08-23 2013-08-22 Système, dispositif client et serveur de base de données cryptées, et procédé et programme d'addition de données cryptées WO2014030706A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2012-184578 2012-08-23
JP2012184578 2012-08-23

Publications (1)

Publication Number Publication Date
WO2014030706A1 true WO2014030706A1 (fr) 2014-02-27

Family

ID=50150010

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2013/072433 WO2014030706A1 (fr) 2012-08-23 2013-08-22 Système, dispositif client et serveur de base de données cryptées, et procédé et programme d'addition de données cryptées

Country Status (1)

Country Link
WO (1) WO2014030706A1 (fr)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106165340A (zh) * 2014-04-28 2016-11-23 加泽郎 加密方法、程序和系统
WO2019010430A3 (fr) * 2017-07-06 2019-02-28 Robert Bosch Gmbh Procédé et système de publicité par des médias sociaux préservant la confidentialité
WO2019037422A1 (fr) * 2017-08-22 2019-02-28 深圳市文鼎创数据科技有限公司 Clé, procédé et système de génération d'identification de clé et dispositif de sécurité à clé intelligente
CN110378128A (zh) * 2019-06-17 2019-10-25 深圳壹账通智能科技有限公司 数据加密方法、装置及终端设备
CN111984997A (zh) * 2020-08-19 2020-11-24 北京人大金仓信息技术股份有限公司 数据库加密算法是否被破坏的确定方法、装置及电子设备
US11213773B2 (en) 2017-03-06 2022-01-04 Cummins Filtration Ip, Inc. Genuine filter recognition with filter monitoring system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006227563A (ja) * 2005-01-24 2006-08-31 Nippon Telegr & Teleph Corp <Ntt> 秘密計算方法及びシステム、並びにプログラム

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006227563A (ja) * 2005-01-24 2006-08-31 Nippon Telegr & Teleph Corp <Ntt> 秘密計算方法及びシステム、並びにプログラム

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
JUN SAKUMA ET AL.: "Utilization and privacy preservation of personal information with cloud storage", JOHO SHORI, vol. 52, no. 6, 15 May 2011 (2011-05-15), pages 706 - 715 *
YOSHIKI AOKI ET AL.: "Dokodemo Himitsu Keisan Framework Fairy Ring", SYMPOSIUM ON MULTIMEDIA, DISTRIBUTED, COOPERATIVE AND MOBILE SYSTEMS (DICOM02012) RONBUNSHU, 27 June 2012 (2012-06-27), pages 1618 - 1627 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106165340A (zh) * 2014-04-28 2016-11-23 加泽郎 加密方法、程序和系统
US11213773B2 (en) 2017-03-06 2022-01-04 Cummins Filtration Ip, Inc. Genuine filter recognition with filter monitoring system
WO2019010430A3 (fr) * 2017-07-06 2019-02-28 Robert Bosch Gmbh Procédé et système de publicité par des médias sociaux préservant la confidentialité
US11082234B2 (en) 2017-07-06 2021-08-03 Robert Bosch Gmbh Method and system for privacy-preserving social media advertising
WO2019037422A1 (fr) * 2017-08-22 2019-02-28 深圳市文鼎创数据科技有限公司 Clé, procédé et système de génération d'identification de clé et dispositif de sécurité à clé intelligente
CN110378128A (zh) * 2019-06-17 2019-10-25 深圳壹账通智能科技有限公司 数据加密方法、装置及终端设备
CN111984997A (zh) * 2020-08-19 2020-11-24 北京人大金仓信息技术股份有限公司 数据库加密算法是否被破坏的确定方法、装置及电子设备

Similar Documents

Publication Publication Date Title
US11882218B2 (en) Matching system, method, apparatus, and program
Liu et al. An efficient privacy-preserving outsourced calculation toolkit with multiple keys
EP3940988B1 (fr) Chiffrement authentifié par seuil de plusieurs parties
US11895231B2 (en) Adaptive attack resistant distributed symmetric encryption
US9350543B2 (en) Method and system for homomorphicly randomizing an input
EP2228942B1 (fr) Sécurisation de communications adressées par un premier utilisateur à un deuxième utilisateur
JP6459658B2 (ja) 暗号処理装置、暗号処理方法、および暗号処理プログラム
JP2014002365A (ja) プライバシーを保護することができる暗号化データの問い合わせ方法及びシステム
WO2014030706A1 (fr) Système, dispositif client et serveur de base de données cryptées, et procédé et programme d&#39;addition de données cryptées
JP2016114692A (ja) 暗号処理装置、暗号処理方法、及び暗号処理プログラム
JP2015184594A (ja) 暗号文処理装置、暗号文処理方法、暗号文処理プログラムおよび情報処理装置
WO2016088453A1 (fr) Appareil de chiffrement, appareil de déchiffrement, système de traitement cryptographique, procédé de chiffrement, procédé de déchiffrement, programme de chiffrement et programme de déchiffrement
GB2603495A (en) Generating shared keys
US10484182B2 (en) Encrypted text verification system, method, and recording medium
Fatahi et al. High-efficient arbitrated quantum signature scheme based on cluster states
CN112491529A (zh) 用于不可信服务器环境中数据文件加密及完整性验证方法及其系统
CN114142996B (zh) 一种基于sm9密码算法的可搜索加密方法
JP6468567B2 (ja) 鍵交換方法、鍵交換システム
WO2016199507A1 (fr) Procédé d&#39;échange de clé, système d&#39;échange de clé, dispositif de distribution de clé, dispositif de communication et programme
CN116346336B (zh) 一种基于多层密钥生成中心的密钥分发方法及相关系统
CN116170142A (zh) 分布式协同解密方法、设备和存储介质
CN115336224A (zh) 自适应抗攻击分布式对称加密
JP2013148822A (ja) 検索可能暗号システム、検索装置、計算装置、及びプログラム
JP2004246350A (ja) 暗号化装置および復号化装置、並びにこれらを備えた暗号システム、暗号化方法および復号化方法
CN114362912A (zh) 基于分布式密钥中心的标识密码生成方法、电子设备及介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13831203

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13831203

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP