WO2014112550A1 - 改ざん検知装置、改ざん検知方法、およびプログラム - Google Patents
改ざん検知装置、改ざん検知方法、およびプログラム Download PDFInfo
- Publication number
- WO2014112550A1 WO2014112550A1 PCT/JP2014/050651 JP2014050651W WO2014112550A1 WO 2014112550 A1 WO2014112550 A1 WO 2014112550A1 JP 2014050651 W JP2014050651 W JP 2014050651W WO 2014112550 A1 WO2014112550 A1 WO 2014112550A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- unit
- checksum
- value
- values
- detection device
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
- G09C1/00—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/004—Countermeasures against attacks on cryptographic mechanisms for fault attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
Definitions
- Non-Patent Document 1 generates a checksum c of values a 0 ,..., A N-1 ⁇ F with F as a field, using the random number r ⁇ F, by the following equation (1) To do.
- Non-Patent Document 1 the checksum c is verified by the following equation (2).
- An object of the present invention is to provide a falsification detection technique that can be efficiently applied to a secret calculation and can set a lower probability of falsification success.
- the falsification detection device of the present invention uniformly supports ring R to ring R q with N and q being integers of 2 or more and ⁇ being the smallest integer of N / q or more.
- a generation unit that generates a checksum c including addition and multiplication, a vector multiplication as a function f, and a value vector A 0 ,.
- a verification unit that verifies whether any of the values a 0 ,..., A N ⁇ 1 has been altered by comparing the verification value generated using A ⁇ 1 with the checksum c.
- alteration detection technology of the present invention it can be efficiently applied to the secret calculation, and the success rate of alteration can be set lower.
- the first embodiment of the present invention is an embodiment applied to a checksum consisting of addition and multiplication described in Non-Patent Document 1.
- the parameter storage unit 19 is, for example, a main storage device such as a RAM (Random Access Memory), an auxiliary storage device configured by a semiconductor memory element such as a hard disk, an optical disk, or a flash memory, middleware such as a relational database or a key value store, and the like. Can be configured.
- a main storage device such as a RAM (Random Access Memory)
- an auxiliary storage device configured by a semiconductor memory element such as a hard disk, an optical disk, or a flash memory
- middleware such as a relational database or a key value store, and the like. Can be configured.
- N and q are integers of 2 or more
- ⁇ is the smallest integer of N / q or more
- R is a ring.
- the parameters ⁇ i, j, k can be obtained by determining the ring R and the order q. There can be multiple types of parameters ⁇ i, j, k, but taking into account the ease of calculation, etc., q 3 values included in parameter ⁇ i, j, k are the ones that contain the most 0. It is desirable to select the parameters ⁇ i, j, k . For example, if parameters ⁇ i, j, k are determined so that R is a body and R q is an expanded body of body R, tampering detection can be efficiently performed.
- N values a 0 ,..., A N ⁇ 1 ⁇ R are input to the input unit 11 provided in the tampering detection apparatus 1 (step S11a).
- the input values a 0 ,..., A N ⁇ 1 are input to the dividing unit 12.
- the values a 0 ,..., A N-1 may be any information, but may be ciphertexts of homomorphic encryption or shared values of secret sharing, for example.
- the homomorphic encryption is an encryption method having homomorphism, and is an encryption method capable of calculating the sum or product of the original plaintext while being encrypted from the ciphertext.
- An example of homomorphic encryption is ElGamal encryption. For details on ElGamal ciphers, see “T.
- N values a 0 ,..., A N ⁇ 1 ⁇ R, a random number r ⁇ R, and a checksum c are input to the input unit 11 provided in the tampering detection apparatus 1 (step S11b).
- the input values a 0 ,..., A N ⁇ 1 are input to the dividing unit 12.
- the input random number r and checksum c are input to the verification unit 15.
- the dividing unit 12 divides the values a 0 ,..., A N-1 into q pieces from the top to generate value vectors A 0 ,..., A ⁇ -1 (step S12b).
- the dividing method is the same as the processing of the dividing unit 12 in the checksum generation processing. Further, by configuring so as to store the value vectors A 0 ,..., A ⁇ 1 generated in the checksum generation process, the process in step S12b can be omitted.
- Verifying section 15 value vector A 0, ..., by using the A [rho-1 and the random number r and checksum c, value a 0, ..., verification result indicating whether or not one of a N-1 has been tampered Is generated (step S15).
- the verification result is input to the output unit 16.
- vector multiplication is calculated using the function f defined by equations (4) and (5), as in the checksum generation process.
- the output unit 16 outputs the verification result (step S16b).
- the checksum of the first embodiment can be calculated by using the value vectors A 0 ,..., A ⁇ 1 ⁇ R q as a unit, so that the probability of falsification success can be kept low.
- Z is an integer ring
- p is a prime number
- q is an integer of 2 or more
- ring R is a prime field, that is, Z / pZ
- the success probability of alteration can be about N / p q . Therefore, an arbitrary low alteration success probability can be obtained by an arbitrarily set expansion order q.
- the second embodiment of the present invention is an embodiment applied to a checksum in which the success rate of falsification can be suppressed lower than the checksum described in Non-Patent Document 1.
- the tampering detection apparatus 2 includes a control unit 101, a memory 102, an input unit 11, a division unit 12, a selection unit 23, a generation unit 24, a verification unit 25, an output unit 16, and a parameter storage unit 19.
- the tampering detection device 2 is a special device configured by reading a special program into a known or dedicated computer having, for example, a CPU (Central Processing Unit), a RAM (Random Access Memory), and the like.
- the tampering detection apparatus 2 executes each process under the control of the control unit 101. Data input to the falsification detection device 2 and data obtained in each process are stored in the memory 102, and the data stored in the memory 102 is read out as necessary and used for other processes.
- M, N, and q are integers of 2 or more
- M ⁇ N, ⁇ is the smallest integer of N / q or more
- R is a ring.
- step S11a to step S12a Since the processing from step S11a to step S12a is the same as that of the first embodiment, description thereof is omitted here.
- the selection unit 23 of this embodiment selects M random numbers r 0 ,..., R M ⁇ 1 ⁇ R (step S23).
- the selected random numbers r 0 ,..., R M ⁇ 1 are input to the generation unit 24.
- the selection unit 23 may select M random numbers r 0 ,..., R M ⁇ 1 at random one by one, or M according to a predetermined rule from a plurality of values generated in advance and stored in the memory 102. Random numbers r 0 ,..., R M ⁇ 1 may be selected.
- vector multiplication is calculated using the function f defined by the equations (4) and (5) as in the first embodiment.
- the function d (i, j) is a function for determining the order of the j-th random number r j with respect to the i-th value a i .
- i, i ′ is a natural number, i ⁇ i ′, and any j (where j ⁇ M) satisfies d (i, j) ⁇ d (i ′, j). That is, the combinations of the orders of the random numbers r 0 ,..., R M ⁇ 1 must be combinations that do not overlap every A i .
- step S11b to step S12b Since the processing from step S11b to step S12b is the same as that of the first embodiment, description thereof is omitted here.
- the verification unit 25 evaluates the following formula (8). If the expression (8) is true, it is determined that none of the values a 0 ,..., A N ⁇ 1 has been tampered with. If the expression (8) is false, it is determined that at least one of the values a 0 ,..., A N ⁇ 1 has been tampered with.
- function d (i, j) is the same function as function d (i, j) in equation (7).
- the output unit 16 outputs the verification result (step S16b).
- the checksum of the second embodiment can be calculated by using the value vectors A 0 ,..., A ⁇ 1 ⁇ R q as a unit, so that the falsification success probability can be kept low.
- Z is an integer ring
- p is a prime number
- q is an integer of 2 or more
- ring R is a prime field, that is, Z / pZ
- the success probability of falsification can be about logN / p q . Therefore, an arbitrary low alteration success probability can be obtained by an arbitrarily set expansion order q.
- the tampering detection technology of the present invention can be used in various ways. For example, there may be a case in which ciphertext based on homomorphic encryption or distributed data based on secret sharing is deposited in a server managed by a third party. In such a case, when a malicious attacker enters the server and alters the data, or when the server itself alters the data that has been deposited maliciously, the server is infected with malware and the data is altered. Risks such as when to do. By generating and assigning the checksum according to the present invention to the data to be deposited, the server can process data while keeping it secret, and also prevent data tampering. can do.
- the program describing the processing contents can be recorded on a computer-readable recording medium.
- a computer-readable recording medium any recording medium such as a magnetic recording device, an optical disk, a magneto-optical recording medium, and a semiconductor memory may be used.
- this program is distributed by selling, transferring, or lending a portable recording medium such as a DVD or CD-ROM in which the program is recorded. Furthermore, the program may be distributed by storing the program in a storage device of the server computer and transferring the program from the server computer to another computer via a network.
- a computer that executes such a program first stores a program recorded on a portable recording medium or a program transferred from a server computer in its own storage device.
- the computer reads a program stored in its own recording medium and executes a process according to the read program.
- the computer may directly read the program from a portable recording medium and execute processing according to the program, and the program is transferred from the server computer to the computer.
- the processing according to the received program may be executed sequentially.
- the program is not transferred from the server computer to the computer, and the above-described processing is executed by a so-called ASP (Application Service Provider) type service that realizes a processing function only by an execution instruction and result acquisition. It is good.
- the program in this embodiment includes information that is used for processing by an electronic computer and that conforms to the program (data that is not a direct command to the computer but has a property that defines the processing of the computer).
- the present apparatus is configured by executing a predetermined program on a computer.
- a predetermined program on a computer.
- at least a part of these processing contents may be realized by hardware.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
Description
この発明の第一実施形態は、非特許文献1に記載の加算と乗算からなるチェックサムに適用した実施形態である。
図1を参照して、この実施形態の改ざん検知装置1の構成例を説明する。改ざん検知装置1は、制御部101、メモリ102、入力部11、分割部12、選択部13、生成部14、検証部15、出力部16、パラメタ記憶部19を備える。改ざん検知装置1は、例えば、CPU(Central Processing Unit)、RAM(Random Access Memory)等を有する公知又は専用のコンピュータに特別なプログラムが読み込まれて構成された特別な装置である。改ざん検知装置1は制御部101の制御のもとで各処理を実行する。改ざん検知装置1に入力されたデータや各処理で得られたデータはメモリ102に格納され、メモリ102に格納されたデータは必要に応じて読み出されて他の処理に利用される。パラメタ記憶部19は、例えば、RAM(Random Access Memory)などの主記憶装置、ハードディスクや光ディスクもしくはフラッシュメモリなどの半導体メモリ素子により構成される補助記憶装置、リレーショナルデータベースやキーバリューストアなどのミドルウェア、などにより構成することができる。
図2を参照して、この実施形態の改ざん検知装置1が実行するチェックサム生成処理の動作例について手続きの順に従って詳細に説明する。以降の説明では、N,qを2以上の整数とし、ρをN/q以上の最小の整数とし、Rを環とする。
<チェックサム検証処理>
図3を参照して、この実施形態の改ざん検知装置1が実行するチェックサム検証処理の動作例について手続きの順に従って詳細に説明する。
<効果>
非特許文献1に記載のチェックサムは、チェックサム生成対象のデータ数がN、環Rの要素数がpとして、改ざん成功確率が高々N/pである。環Rが固定であり、例えばp=2とすると、改ざん検知はほとんど無力と言ってよい。
この発明の第二実施形態は、非特許文献1に記載のチェックサムよりも改ざん成功確率を低く抑えることができるチェックサムに適用した実施形態である。
図1を参照して、この実施形態の改ざん検知装置2の構成例を説明する。第二実施形態の改ざん検知装置2の構成は、第一実施形態の改ざん検知装置1と同様であるが、選択部と生成部と検証部の処理が異なる。改ざん検知装置2は、制御部101、メモリ102、入力部11、分割部12、選択部23、生成部24、検証部25、出力部16、パラメタ記憶部19を備える。改ざん検知装置2は、例えば、CPU(Central Processing Unit)、RAM(Random Access Memory)等を有する公知又は専用のコンピュータに特別なプログラムが読み込まれて構成された特別な装置である。改ざん検知装置2は制御部101の制御のもとで各処理を実行する。改ざん検知装置2に入力されたデータや各処理で得られたデータはメモリ102に格納され、メモリ102に格納されたデータは必要に応じて読み出されて他の処理に利用される。
図2を参照して、この実施形態の改ざん検知装置2が実行するチェックサム生成処理の動作例について手続きの順に従って詳細に説明する。以降の説明では、M,N,qを2以上の整数とし、M<Nとし、ρをN/q以上の最小の整数とし、Rを環とする。
<チェックサム検証処理>
図3を参照して、この実施形態の改ざん検知装置2が実行するチェックサム検証処理の動作例について手続きの順に従って詳細に説明する。
<効果>
第二実施形態のチェックサムは、値a0,…,aN-1∈Rを単位に計算した場合には、チェックサム生成対象のデータ数がN、環Rの要素数がpとして、改ざん成功確率が高々logN/pである。非特許文献1に記載のチェックサムよりも低いながら、それでも環Rが固定であり、例えばp=2とすると改ざん検知はほとんど無力と言ってよい。
この発明の改ざん検知技術は様々な利用方法が考えられる。例えば、準同型暗号による暗号文や秘密分散による分散データを第三者の管理するサーバに預託する場合が考えられる。このような場合には、サーバに対して悪意ある攻撃者が侵入しデータを改ざんする場合、サーバ自体が悪意を持って預託されたデータを改ざんする場合、サーバがマルウェアに感染してデータを改ざんする場合などのリスクが考えられる。預託するデータに対して、この発明によるチェックサムを生成して付与しておくことで、サーバは秘匿されたデータに対して秘匿されたままデータ処理を行うことができ、さらに、データ改ざんも防止することができる。
この発明は上述の実施形態に限定されるものではなく、この発明の趣旨を逸脱しない範囲で適宜変更が可能であることはいうまでもない。上記実施例において説明した各種の処理は、記載の順に従って時系列に実行されるのみならず、処理を実行する装置の処理能力あるいは必要に応じて並列的にあるいは個別に実行されてもよい。
Claims (5)
- N,qを2以上の整数とし、ρをN/q以上の最小の整数とし、
環Rから環Rqへ一様に対応させるためのパラメタαi,j,k(i=0,…,q-1; j=0,…,q-1; k=0,…,q-1)を記憶するパラメタ記憶部と、
N個の値a0,…,aN-1を先頭からq個ずつに分割して値ベクトルA0,…,Aρ-1を生成する分割部と、
前記値ベクトルA0,…,Aρ-1を用いて、ベクトルの乗算を下記の式で定義される関数fとして、加算と乗算からなるチェックサムcを生成する生成部と、
ベクトルの乗算を上記関数fとして、前記値ベクトルA0,…,Aρ-1を用いて生成した検証値と前記チェックサムcとを比較することで前記値a0,…,aN-1のいずれかが改ざんされたか否かを検証する検証部と、
を含む改ざん検知装置。 - N,qを2以上の整数とし、ρをN/q以上の最小の整数とし、αi,j,k(i=0,…,q-1; j=0,…,q-1; k=0,…,q-1)を環Rから環Rqへ一様に対応させるためのパラメタとし、
分割部が、N個の値a0,…,aN-1を先頭からq個ずつに分割して値ベクトルA0,…,Aρ-1を生成する分割ステップと、
生成部が、前記値ベクトルA0,…,Aρ-1を用いて、ベクトルの乗算を下記の式で定義される関数fとして、加算と乗算からなるチェックサムcを生成する生成ステップと、
検証部が、ベクトルの乗算を上記関数fとして、前記値ベクトルA0,…,Aρ-1を用いて生成した検証値と前記チェックサムcとを比較することで前記値a0,…,aN-1のいずれかが改ざんされたか否かを検証する検証ステップと、
を含む改ざん検知方法。 - 請求項1から3のいずれかに記載の改ざん検知装置としてコンピュータを機能させるためのプログラム。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201480005189.1A CN104919754B (zh) | 2013-01-17 | 2014-01-16 | 篡改检测装置、篡改检测方法、以及程序 |
US14/759,352 US10523422B2 (en) | 2013-01-17 | 2014-01-16 | Tampering detection device, tampering detection method and program |
JP2014557491A JP5957095B2 (ja) | 2013-01-17 | 2014-01-16 | 改ざん検知装置、改ざん検知方法、およびプログラム |
EP14740216.8A EP2947814B1 (en) | 2013-01-17 | 2014-01-16 | Tampering detection device, tampering detection method, and program |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2013-006692 | 2013-01-17 | ||
JP2013006692 | 2013-01-17 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014112550A1 true WO2014112550A1 (ja) | 2014-07-24 |
Family
ID=51209639
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2014/050651 WO2014112550A1 (ja) | 2013-01-17 | 2014-01-16 | 改ざん検知装置、改ざん検知方法、およびプログラム |
Country Status (5)
Country | Link |
---|---|
US (1) | US10523422B2 (ja) |
EP (1) | EP2947814B1 (ja) |
JP (1) | JP5957095B2 (ja) |
CN (1) | CN104919754B (ja) |
WO (1) | WO2014112550A1 (ja) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107111965A (zh) * | 2014-12-26 | 2017-08-29 | 日本电信电话株式会社 | 秘密篡改检测系统、秘密计算装置、秘密篡改检测方法、以及程序 |
WO2018216512A1 (ja) | 2017-05-25 | 2018-11-29 | 日本電信電話株式会社 | 秘密改ざん検知システム、秘密改ざん検知装置、秘密改ざん検知方法、およびプログラム |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10972251B2 (en) | 2017-01-20 | 2021-04-06 | Enveil, Inc. | Secure web browsing via homomorphic encryption |
US11196541B2 (en) | 2017-01-20 | 2021-12-07 | Enveil, Inc. | Secure machine learning analytics using homomorphic encryption |
US11777729B2 (en) | 2017-01-20 | 2023-10-03 | Enveil, Inc. | Secure analytics using term generation and homomorphic encryption |
US10873568B2 (en) | 2017-01-20 | 2020-12-22 | Enveil, Inc. | Secure analytics using homomorphic and injective format-preserving encryption and an encrypted analytics matrix |
WO2018136804A1 (en) | 2017-01-20 | 2018-07-26 | Enveil, Inc. | End-to-end secure operations from a natural language expression |
US11507683B2 (en) | 2017-01-20 | 2022-11-22 | Enveil, Inc. | Query processing with adaptive risk decisioning |
US10902133B2 (en) | 2018-10-25 | 2021-01-26 | Enveil, Inc. | Computational operations in enclave computing environments |
US10817262B2 (en) | 2018-11-08 | 2020-10-27 | Enveil, Inc. | Reduced and pipelined hardware architecture for Montgomery Modular Multiplication |
US20220138338A1 (en) * | 2019-03-11 | 2022-05-05 | Nippon Telegraph And Telephone Corporation | Data replacement apparatus, data replacement method, and program |
US11601258B2 (en) | 2020-10-08 | 2023-03-07 | Enveil, Inc. | Selector derived encryption systems and methods |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008001628A1 (fr) * | 2006-06-30 | 2008-01-03 | Nec Corporation | Générateur et dispositif de restauration d'information distribuée |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050210260A1 (en) * | 2004-03-17 | 2005-09-22 | Ramarathnam Venkatesan | Unimodular matrix-based message authentication codes (MAC) |
US7743253B2 (en) * | 2005-11-04 | 2010-06-22 | Microsoft Corporation | Digital signature for network coding |
US7841010B2 (en) * | 2007-01-08 | 2010-11-23 | Apple Inc. | Software or other information integrity verification using variable block length and selection |
US8752032B2 (en) * | 2007-02-23 | 2014-06-10 | Irdeto Canada Corporation | System and method of interlocking to protect software-mediated program and device behaviours |
US8515058B1 (en) * | 2009-11-10 | 2013-08-20 | The Board Of Trustees Of The Leland Stanford Junior University | Bootstrappable homomorphic encryption method, computer program and apparatus |
WO2012056656A1 (ja) * | 2010-10-28 | 2012-05-03 | パナソニック株式会社 | 改ざん監視システム、保護制御モジュール及び検知モジュール |
DE102011009008A1 (de) * | 2011-01-20 | 2012-07-26 | Rohde & Schwarz Gmbh & Co. Kg | Authentifizierung von verschlüsselten Datenblöcken |
US8837715B2 (en) * | 2011-02-17 | 2014-09-16 | Gradiant, Centro Tecnolóxico de Telecomunicacións de Galica | Method and apparatus for secure iterative processing and adaptive filtering |
WO2012121333A1 (ja) * | 2011-03-10 | 2012-09-13 | 日本電信電話株式会社 | 秘匿積和結合システム、計算装置、秘匿積和結合方法、及びそれらのプログラム |
US9515830B2 (en) * | 2012-07-18 | 2016-12-06 | Nec Corporation | Universal hash function computing device, method and program |
-
2014
- 2014-01-16 EP EP14740216.8A patent/EP2947814B1/en active Active
- 2014-01-16 WO PCT/JP2014/050651 patent/WO2014112550A1/ja active Application Filing
- 2014-01-16 CN CN201480005189.1A patent/CN104919754B/zh active Active
- 2014-01-16 JP JP2014557491A patent/JP5957095B2/ja active Active
- 2014-01-16 US US14/759,352 patent/US10523422B2/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008001628A1 (fr) * | 2006-06-30 | 2008-01-03 | Nec Corporation | Générateur et dispositif de restauration d'information distribuée |
Non-Patent Citations (4)
Title |
---|
A. SHAMIR: "How to share a secret", COMMUNICATIONS OF THE ACM, vol. 22, no. 11, 1979, pages 612 - 613, XP000565227, DOI: doi:10.1145/359168.359176 |
S. OBANA; T. ARAKI: "Almost optimum secret sharing schemes secure against cheating for arbitrary secret distribution", ASIACRYPT, vol. 4284, 2006, pages 364 - 379 |
T. ELGAMAL: "A public key cryptosystem and signature scheme based on discrete logarithms", IEEE TRANSACTIONS ON INFORMATION THEORY, vol. 31, no. 4, 1985, pages 469 - 472, XP000565224, DOI: doi:10.1109/TIT.1985.1057074 |
TOSHINORI ARAKI ET AL.: "Universal Hash Kansu ni Motozuku Koritsu no Yoi Fusei Kenshutsu Kano na Himitsu Bunsanho", 2007 NEN SYMPOSIUM ON CRYPTOGRAPHY AND INFORMATION SECURITY KOEN RONBUNSHU, 23 January 2007 (2007-01-23), pages 1 - 6, XP008180068 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107111965A (zh) * | 2014-12-26 | 2017-08-29 | 日本电信电话株式会社 | 秘密篡改检测系统、秘密计算装置、秘密篡改检测方法、以及程序 |
WO2018216512A1 (ja) | 2017-05-25 | 2018-11-29 | 日本電信電話株式会社 | 秘密改ざん検知システム、秘密改ざん検知装置、秘密改ざん検知方法、およびプログラム |
AU2018271515B2 (en) * | 2017-05-25 | 2020-09-10 | Nippon Telegraph And Telephone Corporation | Secret tampering detection system, secret tampering detection apparatus, secret tampering detection method, and program |
US11157612B2 (en) | 2017-05-25 | 2021-10-26 | Nippon Telegraph And Telephone Corporation | Secret tampering detection system, secret tampering detection apparatus, secret tampering detection method, and program |
Also Published As
Publication number | Publication date |
---|---|
JPWO2014112550A1 (ja) | 2017-01-19 |
US20150358152A1 (en) | 2015-12-10 |
CN104919754A (zh) | 2015-09-16 |
CN104919754B (zh) | 2018-01-16 |
EP2947814B1 (en) | 2018-03-14 |
EP2947814A4 (en) | 2016-11-09 |
JP5957095B2 (ja) | 2016-07-27 |
EP2947814A1 (en) | 2015-11-25 |
US10523422B2 (en) | 2019-12-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5957095B2 (ja) | 改ざん検知装置、改ざん検知方法、およびプログラム | |
Wang et al. | Oruta: Privacy-preserving public auditing for shared data in the cloud | |
Wang et al. | Privacy-preserving public auditing for data storage security in cloud computing | |
Yu et al. | Remote data possession checking with enhanced security for cloud storage | |
EP2947812B1 (en) | Segmented secret-key storage system, segment storage apparatus segmented secret-key storage method | |
Sookhak et al. | Towards dynamic remote data auditing in computational clouds | |
Varalakshmi et al. | Integrity checking for cloud environment using encryption algorithm | |
JP6451938B2 (ja) | 暗号文照合システム、方法、およびプログラム | |
JP5972181B2 (ja) | 改ざん検知装置、改ざん検知方法、およびプログラム | |
KR20190143196A (ko) | 양자 난수열 기반의 암호 장치 | |
Ying et al. | Reliable policy updating under efficient policy hidden fine-grained access control framework for cloud data sharing | |
Hwang et al. | Data error locations reported by public auditing in cloud storage service | |
Li et al. | IPOR: An efficient IDA-based proof of retrievability scheme for cloud storage systems | |
Abo-Alian et al. | Auditing-as-a-service for cloud storage | |
Chakraborty et al. | Integrity checking using third party auditor in cloud storage | |
KR102132685B1 (ko) | 순서 노출 암호화를 위한 장치 및 방법 | |
US8036378B2 (en) | System and method of authentication | |
Gohel et al. | A new data integrity checking protocol with public verifiability in cloud storage | |
JP5970193B2 (ja) | 検索システム、検索方法および検索プログラム | |
Jabbar et al. | Design and Implementation of Hybrid EC-RSA Security Algorithm Based on TPA for Cloud Storage | |
Yarava et al. | Efficient and Secure Cloud Storage Auditing Based on the Diffie-Hellman Key Exchange. | |
Blömer et al. | Cloud architectures for searchable encryption | |
Barsoum | Provable data possession in single cloud server: A survey, classification and comparative study | |
Fu et al. | Cryptanalysis of remote data integrity checking protocol proposed by L. Chen for cloud storage | |
Abraham et al. | Proving possession and retrievability within a cloud environment: A comparative survey |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14740216 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2014557491 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14759352 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2014740216 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |