WO2017203743A1 - Appareil de chiffrement, appareil de décodage, système de chiffrement - Google Patents

Appareil de chiffrement, appareil de décodage, système de chiffrement Download PDF

Info

Publication number
WO2017203743A1
WO2017203743A1 PCT/JP2017/001558 JP2017001558W WO2017203743A1 WO 2017203743 A1 WO2017203743 A1 WO 2017203743A1 JP 2017001558 W JP2017001558 W JP 2017001558W WO 2017203743 A1 WO2017203743 A1 WO 2017203743A1
Authority
WO
WIPO (PCT)
Prior art keywords
group
encryption
ciphertext
key
cipher
Prior art date
Application number
PCT/JP2017/001558
Other languages
English (en)
Japanese (ja)
Inventor
克幸 高島
小柴 健史
Original Assignee
三菱電機株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 三菱電機株式会社 filed Critical 三菱電機株式会社
Publication of WO2017203743A1 publication Critical patent/WO2017203743A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • This invention relates to an anti-quantum cryptosystem.
  • Non-Patent Document 1 describes one method of attribute-based encryption using a pairing operation on an elliptic curve.
  • Non-Patent Document 2 describes a public key cryptosystem having quantum resistance using the same kind of mapping.
  • An object of the present invention is to make it possible to configure an encryption scheme such as attribute-based encryption that is effective even when a quantum computer is made.
  • the encryption device provides: An encryption device in an encryption system using a plurality of groups associated by homogenous mapping and pairing operation, A ciphertext generating unit configured to generate a ciphertext including a certain group of cipher elements of the plurality of groups;
  • a cipher such as an attribute-based encryption that is effective even when a quantum computer is created.
  • FIG. 1 is a configuration diagram of a cryptographic system 1 according to Embodiment 1.
  • FIG. 1 is a configuration diagram of a key generation device 10 according to Embodiment 1.
  • FIG. 1 is a configuration diagram of an encryption device 20 according to Embodiment 1.
  • FIG. 1 is a configuration diagram of a decoding device 30 according to Embodiment 1.
  • FIG. 4 is a flowchart of a setup algorithm according to the first embodiment. Explanatory drawing of the same kind pairing group which concerns on Embodiment 1.
  • FIG. 4 is a flowchart of a KeyGen algorithm according to the first embodiment. 4 is a flowchart of an Enc algorithm according to the first embodiment.
  • FIG. 3 is a flowchart of a Dec algorithm according to the first embodiment. Explanatory drawing of the attack method with respect to the IBE system which concerns on Embodiment 1.
  • FIG. The block diagram of the key generation apparatus 10 which concerns on the modification 1.
  • FIG. The block diagram of the encryption apparatus 20 which concerns on the modification 1.
  • FIG. The block diagram of the decoding apparatus 30 which concerns on the modification 1.
  • FIG. FIG. 3 is a configuration diagram of a cryptographic system 1 according to a second embodiment.
  • FIG. 3 is a configuration diagram of a key generation device 10 according to a second embodiment.
  • FIG. 4 is a configuration diagram of an encryption device 20 according to a second embodiment.
  • FIG. 4 is a configuration diagram of a decoding device 30 according to a second embodiment.
  • FIG. 10 is a flowchart of an IPG generation algorithm according to the fifth embodiment.
  • FIG. 10 is an explanatory diagram of algorithms Isog L to ⁇ (E 0 ) according to the fifth embodiment.
  • FIG. 10 is an explanatory diagram of algorithms Isog L to ⁇ (E 0 ) according to the fifth embodiment.
  • Embodiment 1 FIG. In Embodiment 1, an ID-based encryption (hereinafter referred to as IBE) method having quantum resistance will be described.
  • IBE ID-based encryption
  • Equation 101 represents selecting y from A randomly according to the distribution of A. That is, in Equation 101, y is a random number.
  • Equation 102 represents selecting y from A uniformly. That is, in Equation 102, y is a uniform random number.
  • the number 103 represents a field of order q.
  • the field of order q is simply referred to as F q in the text.
  • the IPG has a plurality of groups associated with each other by a homogeneous map and a pairing operation.
  • IPG is defined as follows: In the IPG generation algorithm Gen IPG (1 ⁇ , d), a master key pair of the public parameter pk IPG and the master secret key sk IPG shown in Expression 106 is randomly generated.
  • (G t, G ⁇ t , e t, G T) is pairing operation e t: is asymmetrical pairing group G t ⁇ G ⁇ t ⁇ number of prime number having a G T q. a g ⁇ t ⁇ G ⁇ t.
  • Homogeneous map ⁇ t G 0 ⁇ G t and is given by the same kind between different elliptic curves.
  • g t ⁇ t (g 0 ) ⁇ G t .
  • the IPG has compatibility shown in Equation 107.
  • g T e 0 (g 0 , g ⁇ 0 ) ⁇ 1.
  • G t G ⁇ t .
  • the IBE method includes a Setup algorithm, a KeyGen algorithm, an Enc algorithm, and a Dec algorithm.
  • the Setup algorithm receives the security parameter 1 ⁇ and outputs the public parameter pk and the master secret key sk.
  • the KeyGen algorithm receives a public parameter pk, a master secret key sk, and an identifier ID, and outputs a decryption key sk ID corresponding to the identifier ID.
  • the Enc algorithm receives the public parameter pk, the message m in the message space msg, and the identifier ID ′, and outputs a ciphertext ct ID ′ .
  • the Dec algorithm receives the public parameter pk, the decryption key sk ID corresponding to the identifier ID, and the ciphertext ct ID ′ encrypted under the identifier ID ′, and receives the message m′ ⁇ msg or decryption. Outputs identification information ⁇ ⁇ indicating failure.
  • the encryption system 1 includes a key generation device 10, an encryption device 20, and a decryption device 30.
  • the key generation device 10, the encryption device 20, and the decryption device 30 are computers.
  • the key generation device 10, the encryption device 20, and the decryption device 30 are connected via a network.
  • the key generation apparatus 10 receives the security parameter 1 ⁇ and executes the Setup algorithm to generate the public parameter pk and the master secret key sk. Further, the key generation device 10 receives the public parameter pk, the master secret key sk, and the identifier ID, executes the KeyGen algorithm, and generates a decryption key sk ID . The key generation device 10 discloses the public parameter pk and outputs the decryption key sk ID to the decryption device 30 corresponding to the identifier ID. The key generation device 10 stores the master secret key sk.
  • the encryption device 20 receives the public parameter pk, the message m, and the identifier ID ′, executes the Enc algorithm, and generates a ciphertext ct ID ′ .
  • the encryption device 20 outputs the ciphertext ct ID ′ to the decryption device 30.
  • the decryption device 30 receives the public parameter pk, the decryption key sk ID, and the ciphertext ct ID ′ , executes the Dec algorithm, and receives the message m ′ or the identification information ⁇ indicating that decryption has failed. Generate.
  • the key generation device 10 includes hardware including a processor 11, a storage device 12, and an input / output interface 13.
  • the processor 11 is connected to other hardware via a signal line, and controls these other hardware.
  • the key generation device 10 includes a master key generation unit 14, a decryption key generation unit 15, and a key output unit 16 as functional components.
  • the functions of the master key generation unit 14, the decryption key generation unit 15, and the key output unit 16 are realized by software.
  • the storage device 12 stores a program that realizes the functions of the respective units of the key generation device 10. This program is read by the processor 11 and executed by the processor 11. Thereby, the function of each part of the key generation device 10 is realized.
  • the encryption device 20 includes hardware including a processor 21, a storage device 22, and an input / output interface 23.
  • the processor 21 is connected to other hardware via a signal line, and controls these other hardware.
  • the encryption device 20 includes an input reception unit 24, a ciphertext generation unit 25, and a ciphertext output unit 26 as functional components.
  • the functions of the input reception unit 24, the ciphertext generation unit 25, and the ciphertext output unit 26 are realized by software.
  • the storage device 22 stores a program that realizes the functions of the respective units of the encryption device 20. This program is read by the processor 21 and executed by the processor 21. Thereby, the function of each part of the encryption apparatus 20 is implement
  • the decoding device 30 includes hardware including a processor 31, a storage device 32, and an input / output interface 33.
  • the processor 31 is connected to other hardware via a signal line, and controls these other hardware.
  • the decryption device 30 includes an input reception unit 34, a decryption unit 35, and a message output unit 36 as functional components.
  • the functions of the input reception unit 34, the decoding unit 35, and the message output unit 36 are realized by software.
  • the storage device 32 stores a program that realizes the functions of each unit of the decoding device 30. This program is read by the processor 31 and executed by the processor 31. Thereby, the function of each part of the decoding apparatus 30 is implement
  • the processors 11, 21, 31 are ICs (Integrated Circuits) that perform processing. Specific examples of the processors 11, 21, and 31 are a CPU (Central Processing Unit), a DSP (Digital Signal Processor), and a GPU (Graphics Processing Unit).
  • CPU Central Processing Unit
  • DSP Digital Signal Processor
  • GPU Graphics Processing Unit
  • the storage devices 12, 22, and 32 include a RAM (Random Access). Memory) and HDD (Hard Disk Drive).
  • the storage devices 12, 22, and 32 are portable storage media such as an SD (Secure Digital) memory card, a CF (Compact Flash), a NAND flash, a flexible disk, an optical disk, a compact disk, a Blu-ray (registered trademark) disk, and a DVD. May be.
  • the input / output interfaces 13, 23, and 33 are interfaces for receiving data input from the outside and outputting the data to the outside.
  • Specific examples of the input / output interfaces 13, 23, and 33 include USB (Universal Serial Bus), PS / 2, HDMI (registered trademark, High-Definition Multimedia Interface) for connecting an input device such as a keyboard and an output device such as a display. ).
  • the input / output interfaces 13, 23, and 33 are NICs (Networks) that transmit and receive data from the outside via a network. (Interface Card).
  • Information, data, signal values, and variable values indicating the processing results of the functions of the respective units realized by the processor 11 are stored in the storage device 12 or in a register or cache memory in the processor 11.
  • information, data, signal values, and variable values indicating the processing results of the functions of the respective units realized by the processor 21 are stored in the storage device 22, a register in the processor 21, or a cache memory.
  • information, data, signal values, and variable values indicating the results of processing of the functions of the respective units realized by the processor 31 are stored in the storage device 32, or a register or cache memory in the processor 31.
  • a program for realizing each function realized by the processor 11 is stored in the storage device 12.
  • a program for realizing each function realized by the processor 21 is stored in the storage device 22.
  • a program for realizing each function realized by the processor 31 is stored in the storage device 32.
  • this program may be stored in a portable storage medium such as a magnetic disk, a flexible disk, an optical disk, a compact disk, a Blu-ray (registered trademark) disk, or a DVD.
  • the key generation device 10 may include a plurality of processors that replace the processor 11.
  • the plurality of processors share the execution of a program that realizes the function of each unit of the key generation device 10.
  • Each processor is an IC that performs processing in the same manner as the processor 11.
  • the encryption device 20 may include a plurality of processors that replace the processor 21.
  • the decoding device 30 may include a plurality of processors that replace the processor 31.
  • the operation of the cryptographic system 1 according to the first embodiment will be described with reference to FIGS. 3 to 9.
  • the operation of the cryptographic system 1 according to the first embodiment corresponds to the cryptographic method according to the first embodiment.
  • the operation of the cryptographic system 1 according to the first embodiment corresponds to the processing of the cryptographic program according to the first embodiment.
  • the Setup algorithm according to the first embodiment will be described with reference to FIGS. 3 and 6.
  • the Setup algorithm is executed by the key generation device 10.
  • Step S11 IPG generation processing
  • the master key generation unit 14 receives an input of the security parameter 1 ⁇ through the input / output interface 13.
  • a master key pair with the secret key sk IPG is generated.
  • Step S12 Hash function generation process
  • the master key generation unit 14 generates a random hash function H that converts an element of the field F q that is an identifier space into an element of the group G 0 .
  • Step S13 Master key generation process
  • the key output unit 16 outputs the public parameter pk to the encryption device 20 and the decryption device 30 by outputting the public parameter pk to an external public server or the like via the input / output interface 13.
  • the master key generation unit 14 writes the generated master secret key sk in the storage device 12.
  • the master key generation unit 14 executes the Setup algorithm shown in Equation 109 to generate a master key pair.
  • the KeyGen algorithm according to Embodiment 1 will be described with reference to FIGS.
  • the KeyGen algorithm is executed by the key generation device 10.
  • Step S21 ID reception process
  • the decryption key generation unit 15 receives input of an identifier ID of a user who uses the decryption key sk ID via the input / output interface 13.
  • Step S22 Key element generation process
  • Decryption key generating unit 15 is input with the identifier ID received in step S21, by calculating the hash function H included in the public parameter pk, and generates an element h 0 is an element of the group G 0.
  • the decryption key generation unit 15 converts the element h 0 with the homogeneous map ⁇ 1 included in the master secret key sk to generate the element h 1 .
  • Step S23 Key element output processing
  • Key output unit 16 the identifier ID received in step S21, the decryption key sk ID to the key elements and element h 1 generated in step S22, and outputs to the decoding device 30 via the input-output interface 13 .
  • the key output unit 16 prevents the decryption key sk ID from leaking to a third party by a method such as encryption by some encryption method.
  • the decryption key generation unit 15 executes the KeyGen algorithm expressed by Equation 110 to generate a decryption key sk ID .
  • the Enc algorithm according to the first embodiment will be described with reference to FIGS. 4 and 9.
  • the Enc algorithm is executed by the encryption device 20.
  • Step S31 Input acceptance process
  • the input reception unit 24 receives input of the public parameter pk generated by the key generation device 10, the message m to be encrypted, and the identifier ID ′ as a decryption condition via the input / output interface 23.
  • Ciphertext generator 25 is input with the identifier ID 'received in step S31, by calculating the hash function H included in the public parameter pk, and generates an element h 0 is an element of the group G 0.
  • the ciphertext generation unit 25 generates a uniform random number ⁇ .
  • the ciphertext generation unit 25 generates an element c represented by Formula 111 using the uniform random number ⁇ .
  • the ciphertext generation unit 25 generates the element z shown in Expression 112 using the element h 0 and the uniform random number ⁇ .
  • Ciphertext output unit 26 the identifier ID received in step S31 to 'and generated elements c in step S32, the ciphertext ct ID to encryption elements and c T', output interface 23 decodes Output to device 30.
  • the encryption device 20 executes the Enc algorithm expressed by Equation 113 to generate a ciphertext ct ID ′ .
  • the Dec algorithm according to the first embodiment will be described with reference to FIGS.
  • the Dec algorithm is executed by the decoding device 30.
  • Step S41 input acceptance process
  • the input receiving unit 34 receives input of the public parameter pk and decryption key sk ID generated by the key generation device 10 and the ciphertext ct ID ′ generated by the encryption device 20 via the input / output interface 33. .
  • Step S42 Decoding determination process
  • the decryption unit 35 determines whether or not the identifier ID included in the decryption key sk ID received in step S41 is equal to the identifier ID ′ included in the ciphertext ct ID ′ . Thereby, it is determined whether or not the ciphertext ct ID ′ can be decrypted with the decryption key sk ID . When it is determined that they are equal, that is, when it is determined that decoding is possible, the decoding unit 35 proceeds with the process to step S43, and when not, proceeds with the process to step S45.
  • Step S43 Decoding process
  • the decryption unit 35 performs a pairing operation e 1 on the element h 1 included in the decryption key sk ID received in step S41 and the encryption element c included in the ciphertext ct ID ′ , and calculates the element z ′.
  • Step S44 Message output processing
  • the message output unit 36 outputs the message m ′ calculated in step S42 via the input / output interface 33.
  • Step S45 identification information output process
  • the message output unit 36 outputs the identification information box via the input / output interface 33.
  • the decryption device 30 executes the Dec algorithm expressed by Equation 114, and decrypts the ciphertext ct ID ′ using the decryption key sk ID .
  • Embodiment 1 implements the IBE method using IPG.
  • the IBE method according to the first embodiment has a hierarchical structure in which the secret key has two layers. That is, in the IBE method according to Embodiment 1, the secret key has a two-layer structure of the upper layer master secret key and the lower layer decryption key. If the master secret key is revealed, a decryption key for any identifier ID can be generated using a conventional stochastic polynomial time machine. Therefore, in order to attack efficiently, the attacker first tries to reveal the master secret key. If the master secret key is protected, the attacker must break the ciphertext one by one.
  • a method of attacking the master secret key is called “master key level attack”, and a method of attacking ciphertexts one by one is called “user level attack”.
  • master key level attack a method of attacking ciphertexts one by one
  • user level attack a method of attacking ciphertexts one by one
  • the cryptographic system 1 according to the first embodiment Although a user level attack becomes possible, a master key level attack can be prevented. Even if the quantum computer is completed, the development speed is considered to be relatively slow at the initial stage, as in the case of existing computers. At least at the initial stage, portable handheld quantum computers do not spread, and such quantum computers are considered expensive. Therefore, it is considered that the user level attack is very inefficient.
  • the cryptographic system 1 according to the first embodiment it is possible to prevent a master key level attack while realizing an efficient IBE scheme. Therefore, the IBE method realized by the cryptographic system 1 according to the first embodiment is considered to be efficient and useful for a while even if the quantum computer is completed.
  • the functions of the respective units of the key generation device 10, the encryption device 20, and the decryption device 30 are realized by software.
  • the functions of the units of the key generation device 10, the encryption device 20, and the decryption device 30 may be realized by hardware. The first modification will be described with respect to differences from the first embodiment.
  • the key generation device 10 With reference to FIGS. 12 to 14, configurations of the key generation device 10, the encryption device 20, and the decryption device 30 according to the first modification will be described.
  • the key generation device 10, the encryption device 20, and the decryption device 30 are replaced with the processing circuits 17, 21 and 31 and the storage devices 12, 22, and 32, instead of the processing circuit 17, 27, 37.
  • the processing circuits 17, 27, and 37 are dedicated electronic circuits that implement the functions of the respective units of the key generation device 10, the encryption device 20, and the decryption device 30 and the functions of the storage devices 12, 22, and 32.
  • the processing circuits 17, 27, and 37 are a single circuit, a composite circuit, a programmed processor, a parallel programmed processor, a logic IC, a GA (Gate Array), an ASIC (Application Specific Integrated Circuit), and an FPGA (Field-Programmable Gate). Array) is assumed.
  • the key generation device 10, the encryption device 20, and the decryption device 30 may include a plurality of processing circuits that substitute for the processing circuits 17, 27, and 37. The function of each unit is realized as a whole by the plurality of processing circuits.
  • Each processing circuit is a dedicated electronic circuit, like the processing circuits 17, 27, and 37.
  • ⁇ Modification 2> As a second modification, some functions may be realized by hardware, and other functions may be realized by software. That is, some of the functions of the key generation device 10, the encryption device 20, and the decryption device 30 may be realized by hardware, and the other functions may be realized by software.
  • the processors 11, 21, 31, the storage devices 12, 22, 32, and the processing circuits 17, 27, 37 are collectively referred to as “processing circuits”. That is, the function of each part is realized by a processing circuit.
  • Embodiment 2 an ABE method having quantum resistance will be described.
  • the matrix M is a (L row ⁇ r column) matrix on the field Fq .
  • the labels ⁇ are ⁇ (t, v), (t ′, v ′),. . . ⁇
  • are labels given to the rows of the matrix M according to attributes. Note that all rows are labeled with one attribute. That is, ⁇ : ⁇ 1,. . . , L ⁇ ⁇ ⁇ (t, v), (t ′, v ′),. . . ⁇ .
  • the span program accepts or rejects input according to the following criteria: Let ⁇ be an attribute set.
  • ⁇ : ⁇ (t j , x j ) ⁇ 1 ⁇ j ⁇ d ′ (x j ⁇ U tj ).
  • the span program S accepts the attribute set ⁇ only if 1 ⁇ ⁇ span ⁇ (M i ) ⁇ (i) ⁇ >.
  • the matrix S is called an access structure.
  • KP-ABE key policy type ABE
  • a policy that is a decryption condition is set for a decryption key
  • a ciphertext policy type ABE in which a policy is set for ciphertext based on the same concept.
  • a tagged KP-ABE method will be described. In the tagged KP-ABE method, the relationship R + ((tag, S), (tag ′,) is applied to the decryption key parameter (tag, S) and the ciphertext parameter (tag ′, ⁇ ).
  • the KP-ABE method includes a Setup algorithm, a KeyGen algorithm, an Enc algorithm, and a Dec algorithm.
  • the Setup algorithm receives the security parameter 1 ⁇ and outputs the public parameter pk and the master secret key sk.
  • the Dec algorithm includes a public parameter pk, a decryption key sk tag, S corresponding to the input tag tag and the access structure S, and a ciphertext ct tag ′, ⁇ encrypted under the input tag tag ′ and the attribute set ⁇ . Is input, and the message m′ ⁇ msg or the identification information ⁇ indicating that decoding has failed is output.
  • the encryption system 1 includes a key generation device 10, an encryption device 20, and a decryption device 30.
  • the key generation device 10, the encryption device 20, and the decryption device 30 are computers.
  • the key generation device 10, the encryption device 20, and the decryption device 30 are connected via a network.
  • the encryption device 20 receives the public parameter pk, the message m, the input tag tag ′, and the attribute set ⁇ , and executes the Enc algorithm to generate the ciphertext ct tag ′, ⁇ .
  • the encryption device 20 outputs the ciphertext ct tag ′, ⁇ to the decryption device 30.
  • the decryption device 30 receives the public parameter pk, the decryption key sk tag, S, and the ciphertext ct tag ′, ⁇ and executes the Dec algorithm to indicate that the message m ′ or decryption has failed. Generate identification information ⁇ .
  • the configuration of the key generation device 10 shown in FIG. 16, the encryption device 20 shown in FIG. 17, and the decryption device 30 shown in FIG. 18 is the same as that of the key generation device 10 shown in FIG. 3 and the encryption device shown in FIG. 20 and the configuration of the decoding device 30 shown in FIG. However, the information inputted and outputted by each component is different.
  • the operation of the cryptographic system 1 according to the second embodiment corresponds to the cryptographic method according to the second embodiment.
  • the operation of the cryptographic system 1 according to the second embodiment corresponds to the processing of the cryptographic program according to the second embodiment.
  • the Setup algorithm is executed by the key generation device 10.
  • Step S11 IPG generation processing
  • the master key generation unit 14 receives an input of the security parameter 1 ⁇ through the input / output interface 13.
  • the master key generation unit 14 receives the received security parameter 1 ⁇ and an integer d equal to or greater than 1, and executes the IPG generation algorithm Gen IPG (1 ⁇ , d) to execute the public parameter pk IPG shown in Formula 115.
  • a master key pair of the master secret key sk IPG a master key pair of the master secret key sk IPG .
  • t 1,. . . , D
  • the attribute is set to the group G t and the group G ⁇ t . Therefore, the value of the integer d is determined according to the number of attributes to be set.
  • Step S12 Hash function generation process
  • the master key generation unit 14 generates a hash function H.
  • Step S13 Master key generation process
  • the key output unit 16 outputs the public parameter pk to the encryption device 20 and the decryption device 30 by outputting the public parameter pk to an external public server or the like via the input / output interface 13.
  • the master key generation unit 14 writes the generated master secret key sk in the storage device 12.
  • the master key generation unit 14 executes the Setup algorithm shown in Expression 116 to generate a master key pair.
  • the KeyGen algorithm according to the second embodiment will be described with reference to FIGS. 16 and 8.
  • the KeyGen algorithm is executed by the key generation device 10.
  • Step S21 ID reception process
  • the access structure S indicates a range that can be decrypted with the decryption key sk tag, S.
  • Step S22 Key element generation process
  • Decryption key generating unit 15 is input with the input tag tag received in step S21, by calculating the hash function H included in the public parameter pk, and generates an element h 0 is an element of the group G 0.
  • the element h 0 is converted by the homogeneous map ⁇ t to generate the element k i .
  • Step S23 Key element output processing
  • the key output unit 16 uses the input tag tag and the access structure S received in step S21 and the decryption key sk tag, S having the key element k i for i ⁇ [L] generated in step S22 as key elements. And output to the decoding device 30 via the input / output interface 13. At this time, the key output unit 16 prevents the decryption key sk tag, S from leaking to a third party by a method such as encryption by some encryption method.
  • the decryption key generation unit 15 executes the KeyGen algorithm expressed by Equation 118 to generate the decryption key sk tag, S.
  • the Enc algorithm according to the second embodiment will be described with reference to FIGS.
  • the Enc algorithm is executed by the encryption device 20.
  • Step S31 Input acceptance process
  • the input receiving unit 24 inputs the public parameter pk generated by the key generation device 10, the message m to be encrypted, the input tag tag ′ and the attribute set ⁇ as the decryption conditions via the input / output interface 23. Accept.
  • Step S33 Ciphertext Output Process
  • the ciphertext output unit 26 encrypts the input tag tag ′ and the attribute set ⁇ received in step S31, and the element c t and the element c T for each integer t included in the attribute set ⁇ generated in step S32.
  • the ciphertext ct tag ′, ⁇ as an element is output to the decryption device 30 via the input / output interface 23.
  • the encryption device 20 executes the Enc algorithm expressed by Equation 121 to generate ciphertext ct tag ′, ⁇ .
  • the Dec algorithm according to the second embodiment will be described with reference to FIGS.
  • the Dec algorithm is executed by the decoding device 30.
  • Step S41 input acceptance process
  • the input receiving unit 34 via the input / output interface 33, the public parameter pk and the decryption key sk tag, S generated by the key generation device 10, the ciphertext ct tag ′, ⁇ generated by the encryption device 20 , and Accepts input.
  • Step S42 Decoding determination process
  • the decryption unit 35 determines whether or not the input tag tag included in the decryption key sk tag, S received in step S41 is equal to the input tag tag ′ included in the ciphertext ct tag ′, ⁇ . Further, the decryption unit 35 determines whether or not the access structure S included in the decryption key sk tag, S accepts the attribute set ⁇ included in the ciphertext ct tag ′, ⁇ . Thus, it is determined whether or not the ciphertext ct tag ′, ⁇ can be decrypted with the decryption key sk tag, S. When it is determined that the input tag tag is equal to the input tag tag ′ and the access structure S is determined to accept the attribute set ⁇ , the decryption unit 35 proceeds to step S43. Proceed to step S45.
  • Step S43 Decoding process
  • the decoding unit 35 calculates a complementary coefficient ⁇ i satisfying Expression 122 for ⁇ (i) ⁇ .
  • M i is the i-th row of the matrix M.
  • the decryption unit 35 uses the element k i included in the decryption key sk tag, S received in step S41 and the cipher element c t included in the ciphertext ct tag ′, ⁇ .
  • the pairing calculation shown in Expression 123 is performed for and, and the element z ′ is calculated.
  • step S44 to step S45 is the same as in the first embodiment.
  • the decryption apparatus 30 executes the Dec algorithm expressed by Equation 124, and decrypts the ciphertext ct ID ′ using the decryption key sk ID .
  • the ciphertext ct tag ′, ⁇ can be decrypted with the decryption key sk tag, S in step S43.
  • the cryptographic system 1 implements the ABE method using IPG.
  • a hierarchical structure for two instances t ⁇ [d] and j ⁇ [n] of a small universe of ABE is used. Then, in the third embodiment, in the instance of the lower hierarchy, special form of secret sharing predicates n-out-of-2n are used to identifier matching for the identifier x t binary length n.
  • the operation of the cryptographic system 1 according to Embodiment 3 will be described with reference to FIGS. 16 to 18 and FIGS.
  • the operation of the cryptographic system 1 according to the third embodiment corresponds to the cryptographic method according to the third embodiment.
  • the operation of the cryptographic system 1 according to the third embodiment corresponds to the processing of the cryptographic program according to the third embodiment.
  • the Setup algorithm is executed by the key generation device 10.
  • Step S11 IPG generation processing
  • the master key generation unit 14 receives an input of the security parameter 1 ⁇ through the input / output interface 13.
  • the master key generation unit 14 executes the IPG generation algorithm Gen IPG (1 ⁇ , 2dn) with the received security parameter 1 ⁇ and the integer ddn of 1 or more and the integer 2dn of the integer n of 1 or more as inputs.
  • a master key pair of the public parameter pk IPG and the master secret key sk IPG shown in Expression 126 is generated.
  • the attributes are set to the group G t, j, ⁇ and the group G ⁇ t, j, ⁇ . Therefore, the values of the integers d and n are determined according to the number of attributes to be set.
  • Step S12 Hash function generation process
  • the master key generation unit 14 generates a hash function H.
  • Step S13 Master key generation process
  • the key output unit 16 outputs the public parameter pk to the encryption device 20 and the decryption device 30 by outputting the public parameter pk to an external public server or the like via the input / output interface 13.
  • the master key generation unit 14 writes the generated master secret key sk in the storage device 12.
  • the master key generation unit 14 executes the Setup algorithm shown in Equation 127 to generate a master key pair.
  • the KeyGen algorithm according to the second embodiment will be described with reference to FIGS. 16 and 8.
  • the KeyGen algorithm is executed by the key generation device 10.
  • step S21 is the same as that in the second embodiment.
  • Step S22 Key element generation process
  • Decryption key generating unit 15 is input with the input tag tag received in step S21, by calculating the hash function H included in the public parameter pk, and generates an element h 0 is an element of the group G 0.
  • the decryption key generation unit 15 converts the element h 0 with the homogeneous map ⁇ t, j, ⁇ included in the master secret key sk as shown in the equation 128, and generates the element k i, j Is generated.
  • Step S23 Key element output processing
  • the key output unit 16 uses the input tag tag and the access structure S received in step S21, and the elements k i, j for i ⁇ [L] and j ⁇ [n] generated in step S22 as key elements.
  • the decryption key sk tag, S to be output to the decryption device 30 via the input / output interface 13.
  • the key output unit 16 prevents the decryption key sk tag, S from leaking to a third party by a method such as encryption by some encryption method.
  • the decryption key generation unit 15 generates the decryption key sk tag, S by executing the KeyGen algorithm expressed by Equation 129.
  • the Enc algorithm according to the second embodiment will be described with reference to FIGS.
  • the Enc algorithm is executed by the encryption device 20.
  • step S31 is the same as that in the second embodiment.
  • Ciphertext generator 25 is input with the input tag tag 'received in step S31, by calculating the hash function H included in the public parameter pk, and generates an element h 0 is an element of the group G 0.
  • the ciphertext generation unit 25 generates a uniform random number ⁇ .
  • Step S33 Ciphertext Output Process
  • the ciphertext output unit 26 receives the input tag tag ′ and the attribute set ⁇ received in step S31, and the elements c t, j for each integer t and j ⁇ [n] included in the attribute set ⁇ generated in step S32 .
  • Cipher text ct tag ′, ⁇ having j and element c T as encryption elements is output to the decryption device 30 via the input / output interface 23.
  • the encryption device 20 executes the Enc algorithm expressed by Equation 132 to generate the ciphertext ct tag ′, ⁇ .
  • the Dec algorithm according to the second embodiment will be described with reference to FIGS.
  • the Dec algorithm is executed by the decoding device 30.
  • step S41 to step S42 is the same as that in the second embodiment.
  • Step S43 Decoding process
  • the decoding unit 35 calculates a complementary coefficient ⁇ i that satisfies Equation 133. Using the calculated complementary coefficient ⁇ i , the decryption unit 35 uses the element k i, j included in the decryption key sk tag, S received in step S41 and the encryption element included in the ciphertext ct tag ′, ⁇ . The pairing operation shown in Equation 134 is performed for c t, j and the element z ′ is calculated.
  • step S44 to step S45 is the same as that in the second embodiment.
  • the decryption device 30 executes the Dec algorithm expressed by Equation 135, and decrypts the ciphertext ct ID ′ using the decryption key sk ID .
  • the ciphertext ct tag ′, ⁇ can be decrypted with the decryption key sk tag, S in step S43.
  • Embodiment 3 realizes the ABE method for a large universe using IPG.
  • Embodiment 4 FIG.
  • a hierarchical IBE (hereinafter, HIBE) method will be described.
  • differences from the first embodiment will be described.
  • the operation of the cryptographic system 1 according to the fourth embodiment will be described with reference to FIGS.
  • the operation of the cryptographic system 1 according to the fourth embodiment corresponds to the cryptographic method according to the fourth embodiment.
  • the operation of the cryptographic system 1 according to the fourth embodiment corresponds to the processing of the cryptographic program according to the fourth embodiment.
  • the Setup algorithm according to the first embodiment will be described with reference to FIGS. 3 and 6.
  • the Setup algorithm is executed by the key generation device 10.
  • step S11 is the same as that in the first embodiment.
  • Step S12 Hash function generation process
  • Step S13 Master key generation process
  • the key output unit 16 outputs the public parameter pk to the encryption device 20 and the decryption device 30 by outputting the public parameter pk to an external public server or the like via the input / output interface 13.
  • the master key generation unit 14 writes the generated master secret key sk in the storage device 12.
  • the master key generation unit 14 executes the Setup algorithm shown in Formula 137 to generate a master key pair.
  • the KeyGen algorithm according to the fourth embodiment will be described with reference to FIGS.
  • the KeyGen algorithm is executed by the key generation device 10.
  • Step S21 ID reception process
  • the decryption key generation unit 15 receives input of an identifier ID of a user who uses the decryption key sk ID via the input / output interface 13.
  • the identifier ID is composed of ID i for i ⁇ [j]. j is an integer of 2 or more.
  • Step S22 Key element generation process
  • the decryption key generation unit 15 generates an element d ⁇ i for i ⁇ [j ⁇ 1] as shown in Formula 138.
  • the decryption key generation unit 15 calculates the hash function H 0 included in the public parameter pk, using ID 1 constituting the identifier ID received in step S21 as an input, and obtains the element h 1 that is an element of the group G 0 Generate. Also, the decryption key generation unit 15 sets ID 1 ,. . . , ID i as input, the hash function H 1 included in the public parameter pk is calculated to generate an element h i that is an element of the group G 1 . Then, the decryption key generation unit 15 generates an element d j obtained by converting the element h 1 with the same kind of mapping ⁇ 1 included in the master secret key sk as shown in Expression 139.
  • Step S23 Key element output processing
  • the key output unit 16 uses the identifier ID received in step S21, and the decryption key sk ID generated using the element d ⁇ j and the element d j for i ⁇ [j-1] generated in step S22 as key elements. Is output to the decoding device 30 via the input / output interface 13. At this time, the key output unit 16 prevents the decryption key sk ID from leaking to a third party by a method such as encryption by some encryption method.
  • the decryption key generation unit 15 executes the KeyGen algorithm expressed by Equation 140 to generate a decryption key sk ID .
  • the Enc algorithm according to the first embodiment will be described with reference to FIGS. 4 and 9.
  • the Enc algorithm is executed by the encryption device 20.
  • Step S31 Input acceptance process
  • the input reception unit 24 receives input of the public parameter pk generated by the key generation device 10, the message m to be encrypted, and the identifier ID ′ as a decryption condition via the input / output interface 23.
  • the identifier ID ′ is composed of ID ′ i for i ⁇ [j].
  • the ciphertext generator 25 generates a uniform random number ⁇ .
  • the ciphertext generation unit 25 generates an element c ⁇ 0 shown in Formula 141 using the uniform random number ⁇ .
  • the ciphertext generation unit 25 sets ID ′ 1 ,. . . , ID ′ i as input, the hash function H 1 included in the public parameter pk is calculated, and the element h i that is an element of the group G 1 is generated.
  • Ciphertext generating unit 25 uses the element h i, to produce an element c i shown in Formula 142.
  • Step S33 Ciphertext Output Process
  • the ciphertext output unit 26 uses the identifier ID ′ received in step S31 and the elements c ⁇ 0 , (c i ) i ⁇ [2, j] and c T generated in step S32 as encryption elements.
  • the sentence ct ID ′ is output to the decryption device 30 via the input / output interface 23.
  • the encryption device 20 executes the Enc algorithm shown in Formula 144 to generate the ciphertext ct ID ′ .
  • the Dec algorithm according to the first embodiment will be described with reference to FIGS.
  • the Dec algorithm is executed by the decoding device 30.
  • step S41 to step S42 is the same as in the first embodiment.
  • Step S43 Decoding process
  • Decoding unit 35 shown in element d ⁇ and j and element d j, the element c ⁇ 0 and element c i and the number 145 included in the ciphertext ct ID 'included in the decryption key sk ID received in step S41 Perform an operation to calculate the element z ′.
  • step S44 to step S45 is the same as in the first embodiment.
  • the decryption apparatus 30 executes the Dec algorithm expressed by Equation 146 to decrypt the ciphertext ct ID ′ with the decryption key sk ID .
  • the ciphertext ct tag ′, ⁇ can be decrypted with the decryption key sk tag, S in step S43.
  • the cryptographic system 1 implements the HIBE method using IPG.
  • Embodiment 5 FIG.
  • the IPG generation algorithm Gen IPG (1 ⁇ , d) will be specifically described using an elliptic curve.
  • Step S51 Element generation processing
  • the master key generation unit 14 has a sufficiently large hyperelliptic curve E 0 / F p2 for the odd prime p. (Here, p2 is p 2) randomly generating.
  • the master key generation unit 14, a suitable (L ⁇ , kappa) and asymmetric pairing groups quantile r comprised subgroup of an elliptic curve E 0 (G 0, G ⁇ 0, G T; e 0) Is generated.
  • the master key generation unit 14 selects from the group G 0 elements g 0 uniformly, evenly select an element g ⁇ 0 from the group G ⁇ 0.
  • Step S52 Homogeneous generation process
  • the master key generation unit 14 the algorithm ISOG L ⁇ , running kappa (E 0), t ⁇ for [d], the elliptic curve E t as the elliptic curve E 0 and the like, an elliptic curve from the elliptic curve E 0
  • a trapdoor ⁇ t for calculating a homogeneous map to E t is randomly generated.
  • the algorithm Isog L ⁇ , ⁇ (E 0 ) the Isog L ⁇ , ⁇ djp algorithm described in Non-Patent Document 3 shown in FIG. 20 can be used.
  • the algorithms Isog L ⁇ , ⁇ (E 0 ) the Isog L ⁇ , ⁇ clg algorithm described in Non-Patent Documents 4 and 5 shown in FIG. 21 can be used.
  • Step S53 Homogeneous element generation processing
  • Step S54 Element output process
  • the master key generation unit 14, generated at step S51 and step S53 (G t, G ⁇ t , g t, g ⁇ t, e t) t ⁇ [0, d], the public parameters pk IPG the G T , ( ⁇ t ) t ⁇ [d] , ( ⁇ t ) t ⁇ [d] is output as the master secret key sk IPG .
  • the IPG generation algorithm Gen IPG (1 ⁇ , d) is as shown in Formula 148.
  • Embodiment 5 can implement the IPG generation algorithm Gen IPG (1 ⁇ , d) using an elliptic curve.
  • Embodiment 6 FIG.
  • a specific configuration using an elliptic curve will be described.
  • the IBE method described in the first embodiment and the ABE method described in the second embodiment will be described.
  • the ABE method described in the third embodiment and the HIBE method described in the fourth embodiment can also have a specific configuration using an elliptic curve by a similar method.
  • the Enc algorithm is as shown in Formula 151.
  • the Dec algorithm is as shown in Formula 152.
  • the ciphertext ct ID ′ can be decrypted with the decryption key sk ID .
  • deg ( ⁇ 1 ) L 1 to ⁇ .
  • the ABE method described in the second embodiment will be described.
  • the Setup algorithm is as shown in Equation 154.
  • the KeyGen algorithm is as shown in Equation 155.
  • the Enc algorithm is as shown in Equation 156.
  • the Dec algorithm is as shown in Equation 157.
  • the ciphertext ct ID ′ can be decrypted with the decryption key sk ID .
  • the IBE method and the ABE method can be specifically configured using an elliptic curve.
  • Embodiment 7 FIG.
  • the IPG is configured using the same kind of mapping and the pairing calculation.
  • the IPG may be configured using a trapdoor homomorphic map (hereinafter, TH) instead of the homogeneous map.
  • TH trapdoor homomorphic map
  • mapping ⁇ : ⁇ ⁇ : G 0 ⁇ G 1 for two randomly selected cyclic groups G 0 and G 1 of prime order q is TH.
  • the map ⁇ is a non-trivial homomorphic map. Non-trivial is, for example, non-zero for additive groups.
  • is an element of the group G in the case of symmetric pairing or the group G ⁇ in the case of asymmetric pairing.
  • ⁇ : C is a cyclic subgroup of the curve E.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention rend possible la configuration de chiffrement tel qu'un chiffrement basé sur un attribut qui est efficace même dans le cas où un ordinateur quantique est fabriqué. Un système de chiffrement (1) utilise une pluralité de groupes qui sont associés par une isogénie φt concernant un nombre entier t de t ∈ [d] et un calcul d'appariement e t concernant un nombre entier t de t ∈ [0, d]. Le système de chiffrement (1) comprend : un appareil de chiffrement (20) qui génère un texte chiffré comprenant un élément de chiffrement d'un certain groupe parmi la pluralité de groupes ; et un appareil de décodage (30) qui décode le texte chiffré généré par l'appareil de chiffrement (20) à l'aide d'une clé de décodage comprenant un élément de clé d'un groupe différent d'un certain groupe parmi la pluralité des groupes.
PCT/JP2017/001558 2016-05-27 2017-01-18 Appareil de chiffrement, appareil de décodage, système de chiffrement WO2017203743A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2016106653A JP2017212699A (ja) 2016-05-27 2016-05-27 暗号化装置、復号装置及び暗号システム
JP2016-106653 2016-05-27

Publications (1)

Publication Number Publication Date
WO2017203743A1 true WO2017203743A1 (fr) 2017-11-30

Family

ID=60412731

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2017/001558 WO2017203743A1 (fr) 2016-05-27 2017-01-18 Appareil de chiffrement, appareil de décodage, système de chiffrement

Country Status (2)

Country Link
JP (1) JP2017212699A (fr)
WO (1) WO2017203743A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114287001A (zh) * 2019-08-26 2022-04-05 皇家飞利浦有限公司 用于保护用户隐私和身份的受限的完全私密合取数据库查询
WO2023135642A1 (fr) * 2022-01-11 2023-07-20 三菱電機株式会社 Dispositif de chiffrement, dispositif de déchiffrement, dispositif de vérification d'aptitude au déchiffrement, système de chiffrement, procédé de chiffrement et programme de chiffrement

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005141200A (ja) * 2003-11-03 2005-06-02 Microsoft Corp 暗号システムの設計におけるアイソジャニの使用
JP2006311477A (ja) * 2005-04-29 2006-11-09 Microsoft Corp 同種写像ベースの署名の生成および検証のためのシステムおよび方法

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005141200A (ja) * 2003-11-03 2005-06-02 Microsoft Corp 暗号システムの設計におけるアイソジャニの使用
JP2006311477A (ja) * 2005-04-29 2006-11-09 Microsoft Corp 同種写像ベースの署名の生成および検証のためのシステムおよび方法

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
GENTRY, CRAIG ET AL.: "Hierarchical ID-Based Cryptography", LECTURE NOTES IN COMPUTER SCIENCE, vol. 2501, 2002, pages 548 - 566, XP002396667 *
KOSHIBA, TAKESHI ET AL.: "Pairing Cryptography Meets Isogeny: A New Framework of Isogenous Pairing Groups", CRYPTOLOGY EPRINT ARCHIVE, December 2016 (2016-12-01), pages 1 - 36, XP061022300, Retrieved from the Internet <URL:http://eprint.iacr.org/2016/1138/20161214:185829> [retrieved on 20170407] *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114287001A (zh) * 2019-08-26 2022-04-05 皇家飞利浦有限公司 用于保护用户隐私和身份的受限的完全私密合取数据库查询
WO2023135642A1 (fr) * 2022-01-11 2023-07-20 三菱電機株式会社 Dispositif de chiffrement, dispositif de déchiffrement, dispositif de vérification d'aptitude au déchiffrement, système de chiffrement, procédé de chiffrement et programme de chiffrement
JPWO2023135642A1 (fr) * 2022-01-11 2023-07-20
JP7466791B2 (ja) 2022-01-11 2024-04-12 三菱電機株式会社 暗号化装置、復号装置、復号可能検証装置、暗号システム、暗号化方法、及び暗号化プログラム

Also Published As

Publication number Publication date
JP2017212699A (ja) 2017-11-30

Similar Documents

Publication Publication Date Title
JP6083234B2 (ja) 暗号処理装置
JP5291795B2 (ja) 暗号化装置、復号装置、暗号化方法、復号方法、セキュリティ方法、プログラム及び記録媒体
JP5618881B2 (ja) 暗号処理システム、鍵生成装置、暗号化装置、復号装置、暗号処理方法及び暗号処理プログラム
JP5814880B2 (ja) 暗号システム、暗号方法、暗号プログラム及び復号装置
JP6719339B2 (ja) 暗号システム、暗号方法及び暗号プログラム
JP6059347B2 (ja) 復号装置、復号能力提供装置、それらの方法、およびプログラム
JP2014095847A (ja) 関数型暗号システム、鍵生成装置、暗号化装置、復号装置、関数型暗号方法、およびプログラム
JP5606351B2 (ja) 暗号処理システム、鍵生成装置、暗号化装置、復号装置、鍵委譲装置、暗号処理方法及び暗号処理プログラム
KR20230141845A (ko) 임계값 키 교환
US11909873B2 (en) Decryption device, cryptographic system, and decryption method
WO2017203743A1 (fr) Appareil de chiffrement, appareil de décodage, système de chiffrement
WO2015125293A1 (fr) Système cryptographique et programme cryptographique
JP5596616B2 (ja) 情報提供システム、仲介装置、仲介方法、情報提供方法、及びプログラム
JP6625283B2 (ja) 暗号化装置、復号装置、暗号化方法、暗号化プログラム、復号方法及び復号プログラム
Hussein et al. Proposed Parallel Algorithms to Encryption Image Based on Hybrid Enhancement RC5 and RSA
JP5513444B2 (ja) ベクトル構成システム、方法、装置及びプログラム並びに暗号システム
JP6949276B2 (ja) 再暗号化装置、再暗号化方法、再暗号化プログラム及び暗号システム
Sharma A symmetric FHE scheme based on Linear Algebra
JP2013172178A (ja) 署名鍵難読化システム、署名鍵難読化方法、難読化された署名鍵を用いた暗号化署名システム、難読化された署名鍵を用いた暗号化署名方法、装置とプログラム
JP5612494B2 (ja) 関数暗号を用いた時限暗号システム、時限暗号方法、装置、プログラム
Mittal et al. A retrospective study on NTRU cryptosystem
KR101932032B1 (ko) 선형 길이의 암호문을 가지는 다항식 함수 암호화 방법
JP5912281B2 (ja) 復号結果検証装置、方法、システム及びプログラム
Marron Quantum Attacks on Modern Cryptography and Post-Quantum Cryptosystems
Ibrahim et al. A Robust Image Cipher System Based on Cramer-Shoup Algorithm and 5-D Hyper Chaotic System

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17802345

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 17802345

Country of ref document: EP

Kind code of ref document: A1