WO2020075224A1 - Dispositif d'analyse du secret, système d'analyse du secret, procédé d'analyse du secret, et programme d'analyse du secret - Google Patents

Dispositif d'analyse du secret, système d'analyse du secret, procédé d'analyse du secret, et programme d'analyse du secret Download PDF

Info

Publication number
WO2020075224A1
WO2020075224A1 PCT/JP2018/037603 JP2018037603W WO2020075224A1 WO 2020075224 A1 WO2020075224 A1 WO 2020075224A1 JP 2018037603 W JP2018037603 W JP 2018037603W WO 2020075224 A1 WO2020075224 A1 WO 2020075224A1
Authority
WO
WIPO (PCT)
Prior art keywords
ciphertext
token
encryption
decryption
key
Prior art date
Application number
PCT/JP2018/037603
Other languages
English (en)
Japanese (ja)
Inventor
豊 川合
貴人 平野
Original Assignee
三菱電機株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 三菱電機株式会社 filed Critical 三菱電機株式会社
Priority to PCT/JP2018/037603 priority Critical patent/WO2020075224A1/fr
Publication of WO2020075224A1 publication Critical patent/WO2020075224A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Definitions

  • the present invention relates to a technique for executing an operation while being encrypted.
  • inner product encryption There is a functional encryption that can calculate the inner product (hereinafter referred to as inner product encryption) (see Patent Document 1 and Non-Patent Document 1).
  • inner product encryption a vector x is set when the encryption is executed, a vector y is set in the user secret key, and an inner product ⁇ x, y> of the vector x and the vector y is output when the ciphertext is decrypted. That is, the inner product cipher is a cipher capable of calculating the inner product while being encrypted.
  • the inner product of the vector x and the vector y will be written as ⁇ x, y>.
  • the inner product cipher can be divided into a single input inner product cipher and a plurality of input inner product ciphers.
  • the inner product cipher that can be single-input can only calculate one inner product at the time of decryption.
  • the inner product cipher capable of inputting a plurality of numbers has N vectors y 1 ,. . . , Y N can be set, and when N pieces of ciphertext are input at the time of decryption, ⁇ x 1 , y 1 > + ⁇ x 2 , y 2 > + ... + ⁇ x N , y N >. Can be calculated.
  • Multi-Input Functional Encryption for Inner Products Function-Hiding Realizations and Constructions without Pairings Michel Abdalla and Dario Catalano and Dario Fiore and Romain Gay and Bogdan Ursu in Cryptology ePrint Archive:
  • Non-Patent Document 1 can calculate the sum of N inner products. However, in the method described in Non-Patent Document 1, a user who possesses at least one user private key and can execute encryption can infer a vector associated with a ciphertext. Is.
  • the inner product cryptography that allows multiple inputs is expected to be analyzed as an inner product without decrypting the multiple ciphertexts uploaded to the cloud.
  • information set in each ciphertext that should not be originally leaked for example, a vector value in the case of an inner product is leaked.
  • the purpose of this invention is to prevent the leakage of the information set in the ciphertext while enabling the calculation such as the inner product while being encrypted.
  • the ciphertext c ′ i in the multi-input function cryptography that outputs y and y to the function f to obtain the operation result is a ciphertext acquisition for obtaining the ciphertext c i encrypted using the encryption token etk Department, A decryption key acquisition unit for acquiring the secret key sk y of the plurality input function code, A token acquisition unit for acquiring a decryption token dtk corresponding to the encryption token etk; By the ciphertext c i and decrypted using the decryption token dtk 'generates a i, the ciphertext
  • the ciphertext c ′ i in the common-key multiple-input-function encryption is encrypted using the encryption token etk to obtain the ciphertext c i , and the ciphertext c i is decrypted using the decryption token dtk.
  • FIG. 1 is a configuration diagram of a confidentiality analysis system 10 according to the first embodiment.
  • FIG. 2 is a configuration diagram of a setup device 20 according to the first embodiment.
  • 3 is a configuration diagram of a key generation device 30 according to the first embodiment.
  • FIG. 3 is a configuration diagram of a token generation device 40 according to the first embodiment.
  • FIG. FIG. 3 is a configuration diagram of the encryption device 50 according to the first embodiment.
  • 1 is a configuration diagram of a confidentiality analysis device 60 according to the first embodiment.
  • 3 is a flowchart showing the operation of the setup device 20 according to the first embodiment.
  • 5 is a flowchart showing the operation of the key generation device 30 according to the first embodiment.
  • 3 is a flowchart showing the operation of the token generation device 40 according to the first embodiment.
  • FIG. 6 is a flowchart showing the operation of the encryption device 50 according to the first embodiment. 6 is a flowchart showing the operation of the confidentiality analysis device 60 according to the first embodiment.
  • the block diagram of the setup apparatus 20 which concerns on the modification 1.
  • FIG. 8 is a configuration diagram of a key generation device 30 according to Modification 1.
  • the block diagram of the token generation apparatus 40 which concerns on the modification 1.
  • the block diagram of the encryption apparatus 50 which concerns on the modification 1.
  • the block diagram of the confidentiality analysis apparatus 60 which concerns on the modification 1.
  • the confidentiality analysis system 10 includes a setup device 20, a key generation device 30, a token generation device 40, an encryption device 50, and a confidentiality analysis device 60.
  • the setup device 20, the key generation device 30, the token generation device 40, the encryption device 50, the confidentiality analysis device 60, and the confidentiality analysis device 60 are connected via a transmission line 90.
  • the transmission path 90 is, for example, the Internet or a LAN (Local Area Network).
  • the confidentiality analysis system 10 may include a plurality of key generation devices 30, token generation devices 40, encryption devices 50, and confidentiality analysis devices 60.
  • the setup device 20 includes hardware such as a processor 21, a memory 22, a storage 23, and a communication interface 24.
  • the processor 21 is connected to other hardware via a signal line, and controls the other hardware.
  • the setup device 20 includes a parameter acquisition unit 211, a master key generation unit 212, and a transmission unit 213 as functional components.
  • the function of each functional component of the setup device 20 is realized by software.
  • the storage 23 stores programs that implement the functions of the functional components of the setup device 20. This program is read into the memory 22 by the processor 21 and executed by the processor 21. As a result, the function of each functional component of the setup device 20 is realized.
  • the storage 23 also realizes the function of the master key storage unit 231.
  • the configuration of the key generation device 30 according to the first embodiment will be described with reference to FIG.
  • the key generation device 30 includes hardware such as a processor 31, a memory 32, a storage 33, and a communication interface 34.
  • the processor 31 is connected to other hardware via a signal line, and controls the other hardware.
  • the key generation device 30 includes a master key acquisition unit 311, a value acquisition unit 312, a secret key generation unit 313, and a transmission unit 314 as functional components.
  • the function of each functional component of the key generation device 30 is realized by software.
  • the storage 33 stores programs that implement the functions of the functional components of the key generation device 30. This program is read into the memory 32 by the processor 31 and executed by the processor 31. Thereby, the function of each functional component of the key generation device 30 is realized.
  • the storage 33 also realizes the function of the master key storage unit 331.
  • the configuration of the token generation device 40 according to the first embodiment will be described with reference to FIG.
  • the token generation device 40 includes hardware such as a processor 41, a memory 42, a storage 43, and a communication interface 44.
  • the processor 41 is connected to other hardware via a signal line and controls these other hardware.
  • the token generation device 40 includes a parameter acquisition unit 411, a token generation unit 412, and a transmission unit 413 as functional components.
  • the function of each functional component of the token generation device 40 is realized by software.
  • the storage 43 stores programs that implement the functions of the functional components of the token generation device 40. This program is read into the memory 42 by the processor 41 and executed by the processor 41. Thereby, the function of each functional component of the token generation device 40 is realized.
  • the configuration of the encryption device 50 according to the first embodiment will be described with reference to FIG.
  • the encryption device 50 includes hardware such as a processor 51, a memory 52, a storage 53, and a communication interface 54.
  • the processor 51 is connected to other hardware via a signal line, and controls these other hardware.
  • the encryption device 50 includes a master key acquisition unit 511, a token acquisition unit 512, a message acquisition unit 513, an encryption unit 514, and a transmission unit 515 as functional components.
  • the function of each functional component of the encryption device 50 is realized by software.
  • the storage 53 stores programs that implement the functions of the functional components of the encryption device 50. This program is read into the memory 52 by the processor 51 and executed by the processor 51. As a result, the function of each functional component of the encryption device 50 is realized.
  • the storage 53 also realizes the functions of the master key storage unit 531 and the token storage unit 532.
  • the confidentiality analysis device 60 includes hardware such as a processor 61, a memory 62, a storage 63, and a communication interface 64.
  • the processor 61 is connected to other hardware via a signal line, and controls these other hardware.
  • the confidentiality analysis device 60 includes a secret key acquisition unit 611, a token acquisition unit 612, a ciphertext acquisition unit 613, a decryption unit 614, and a transmission unit 615 as functional components.
  • the function of each functional component of the confidentiality analysis device 60 is realized by software.
  • the storage 63 stores a program that realizes the function of each functional component of the confidentiality analysis device 60. This program is read into the memory 62 by the processor 61 and executed by the processor 61. As a result, the function of each functional component of the confidentiality analysis device 60 is realized.
  • the storage 63 realizes the functions of the secret key storage unit 631, the token storage unit 632, and the ciphertext storage unit 633.
  • the processors 21, 31, 41, 51, 61 are ICs (Integrated Circuits) that perform arithmetic processing.
  • the processors 21, 31, 41, 51, 61 are, as specific examples, a CPU (Central Processing Unit), a DSP (Digital Signal Processor), and a GPU (Graphics Processing Unit).
  • the memories 22, 32, 42, 52, 62 are storage devices for temporarily storing data.
  • the memory 22, 32, 42, 52, 62 is, for example, SRAM (Static Random Access Memory) or DRAM (Dynamic Random Access Memory).
  • the storages 23, 33, 43, 53, 63 are storage devices for storing data.
  • the storages 23, 33, 43, 53, 63 are, as a specific example, HDDs (Hard Disk Drives).
  • the storages 23, 33, 43, 53, 63 are SD (registered trademark, Secure Digital) memory cards, CF (CompactFlash, registered trademark), NAND flash, flexible disk, optical disk, compact disk, Blu-ray (registered trademark) disk. It may be a portable storage medium such as a DVD (Digital Versatile Disk).
  • the communication interfaces 24, 34, 44, 54, 64 are interfaces for communicating with external devices.
  • the communication interfaces 24, 34, 44, 54, 64 are, as specific examples, Ethernet (registered trademark), USB (Universal Serial Bus), and HDMI (registered trademark, High-Definition Multimedia Interface) ports.
  • the setup device 20 may include a plurality of processors that replace the processor 21.
  • the key generation device 30 may include a plurality of processors that replace the processor 31.
  • the token generation device 40 may include a plurality of processors that replace the processor 41.
  • the encryption device 50 may include a plurality of processors that replace the processor 51.
  • the confidentiality analysis device 60 may include a plurality of processors that replace the processor 61. These multiple processors share the execution of programs that implement the functions of the functional components.
  • Each of the processors is an IC that performs arithmetic processing similarly to the processors 21, 31, 41, 51 and 61.
  • the secret analysis system 10 uses public key cryptography.
  • the public key cryptography is the following PKE. KeyGen algorithm and PKE. Enc algorithm and PKE. And the Dec algorithm. Any specific public key cryptosystem may be used.
  • the KeyGen algorithm is a key generation algorithm.
  • the KeyGen algorithm inputs the security parameter ⁇ and outputs a pair of the public key pk and the secret key sk.
  • the Enc algorithm is an encryption algorithm.
  • the Enc algorithm inputs the public key pk and the message x and outputs the ciphertext c obtained by encrypting the message x.
  • the Dec algorithm is a decoding algorithm.
  • PKE. The Dec algorithm inputs the secret key sk and the ciphertext c and outputs the message x or the special symbol ⁇ .
  • the Setup algorithm is a master key generation algorithm.
  • the Setup algorithm receives the security parameter ⁇ as an input and outputs a pair of the public key mpk and the master secret key msk.
  • the KeyGen algorithm is a secret key generation algorithm.
  • the KeyGen algorithm inputs the master secret key msk and the value y and outputs the secret key sk y in which the value y is set.
  • the Enc algorithm is an encryption algorithm.
  • M. The Enc algorithm inputs the master secret key msk, the index i, and the message x i, and outputs the ciphertext c i .
  • the Dec algorithm is a decoding algorithm.
  • the result f (x 1 , ..., X n , y) or the special symbol ⁇ is output.
  • the confidentiality analysis system 10 implements token-based multiple input function encryption using public key encryption and common key type multiple input function encryption.
  • the token-based multi-input function cryptography includes the following Setup algorithm, KeyGen algorithm, GenToken algorithm, Enc algorithm, and Dec algorithm.
  • ⁇ Setup algorithm> The Setup algorithm inputs the security parameter ⁇ and outputs the public key PK and the master secret key MSK.
  • ⁇ KeyGen algorithm> The KeyGen algorithm inputs the master secret key MSK and the value y and outputs the secret key sk y in which the value y is set.
  • ⁇ Enc algorithm> Enc algorithm, as input and a master secret key MSK, and the index i, and the encryption token etk i, and a message x i, and outputs the cipher text c i.
  • ⁇ Dec algorithm> Dec algorithm, and the decryption token dtk, and the secret key sk y, i 1 ,. . . , N of ciphertexts c i (c 1 , ..., C n ) for each integer i, and a message x i and a value y for each integer i input to a function f.
  • the result f (x 1 , ..., X n , y) or the special symbol ⁇ is output.
  • the operation of the setup device 20 according to the first embodiment corresponds to the setup method according to the first embodiment.
  • the operation of the setup device 20 according to the first embodiment corresponds to the process of the setup program according to the first embodiment.
  • the setup device 20 implements the Setup algorithm in token-based multiple input function encryption.
  • Step S11 Parameter acquisition process
  • the parameter acquisition unit 211 acquires the security parameter ⁇ . Specifically, the parameter acquisition unit 211 receives the security parameter ⁇ input by operating the input device by the user of the setup device 20. The parameter acquisition unit 211 writes the security parameter ⁇ in the memory 22.
  • the master key generation unit 212 reads the security parameter ⁇ from the memory 22.
  • the master key generation unit 212 receives the security parameter ⁇ as an input and outputs the M.
  • the Setup algorithm is executed to generate a public key mpk and a master secret key msk.
  • the master key generation unit 212 sets the public key mpk as the public key MPK and sets the master secret key msk as the master secret key MSK.
  • the master key generation unit 212 writes the public key MPK and the master secret key MSK in the memory 22 and the master key storage unit 231.
  • Step S13 transmission process
  • the transmission unit 213 reads the master secret key MSK from the memory 22.
  • the transmission unit 213 secretly transmits the master secret key MSK to the key generation device 30 and the encryption device 50 via the communication interface 24.
  • the secret transmission means, for example, that the data is encrypted by an existing encryption method and then transmitted.
  • the master key acquisition unit 311 of the key generation device 30 acquires the master secret key MSK and writes it in the master key storage unit 331.
  • the master key acquisition unit 511 of the encryption device 50 acquires the master secret key MSK and writes it in the master key storage unit 531.
  • the operation of the key generation device 30 according to the first embodiment corresponds to the key generation method according to the first embodiment.
  • the operation of the key generation device 30 according to the first embodiment corresponds to the processing of the key generation program according to the first embodiment.
  • the key generation device 30 implements the KeyGen algorithm in token-based multiple input function encryption.
  • Step S21 value acquisition process
  • the value acquisition unit 312 acquires the value y.
  • the value y is a value to be calculated. Specifically, the value acquisition unit 312 receives the value y input by operating the input device by the user of the key generation device 30. The value acquisition unit 312 writes the value y in the memory 32.
  • the secret key generation unit 313 reads the master secret key MSK from the master key storage unit 331.
  • the secret key generation unit 313 also reads the value y from the memory 32.
  • the secret key generation unit 313 receives the master secret key MSK and the value y as input, and outputs the M.M.
  • the KeyGen algorithm is executed to generate the secret key sk y with the value y set.
  • the secret key generating unit 313 writes the secret key sk y in the memory 32.
  • Step S23 transmission process
  • the transmission unit 314 reads the secret key sk y from the memory 32.
  • the private key acquiring section 611 of the concealment analyzer 60 obtains the private key sk y, written in the secret key storage unit 631.
  • the operation of the token generation device 40 according to the first embodiment corresponds to the token generation method according to the first embodiment.
  • the operation of the token generation device 40 according to the first embodiment corresponds to the processing of the token generation program according to the first embodiment.
  • the token generation device 40 implements the GenToken algorithm in token-based multiple input function cryptography.
  • Step S31 Parameter acquisition process
  • the parameter acquisition unit 411 acquires the security parameter ⁇ .
  • the security parameter ⁇ may be the same parameter as the security parameter ⁇ acquired in step S11, or may be a different parameter.
  • the parameter acquisition unit 411 receives the security parameter ⁇ input by operating the input device by the user of the token generation device 40.
  • the parameter acquisition unit 411 writes the security parameter ⁇ in the memory 42.
  • Step S32 token generation process
  • the token generation unit 412 reads the security parameter ⁇ from the memory 42.
  • the token generation unit 412 receives the security parameter ⁇ as an input and outputs the PKE.
  • the KeyGen algorithm is executed to generate a public key pk and private key sk pair.
  • Step S33 transmission process
  • the cryptographic token ETK i for each integer i of n via the communication interface 44, transmits secretly encryption device 50. Further, the transmission unit 413 secretly transmits the decryption token dtk to the confidentiality analysis device 60 via the communication interface 44.
  • N for each integer i of the encrypted token etk i , and writes it in the token storage unit 532. Further, the token acquisition unit 612 of the confidentiality analysis device 60 acquires the decryption token dtk and writes it in the token storage unit 632.
  • the operation of the encryption device 50 according to the first embodiment corresponds to the encryption method according to the first embodiment.
  • the operation of the encryption device 50 according to the first embodiment corresponds to the processing of the encryption program according to the first embodiment.
  • the encryption device 50 implements the Enc algorithm in token-based multiple input function encryption.
  • Step S41 message acquisition process
  • the message acquisition unit 513 acquires the index i and the message x i corresponding to the index i. Specifically, the message acquisition unit 513 receives the index x and the message x i input by the user of the encryption device 50 operating the input device. The message acquisition unit 513 writes the index i and the message x i in the memory 52. If the index i corresponds to the encryption device 50, the message acquisition unit 513 may acquire only the message x i .
  • Step S42 First encryption process
  • the encryption unit 514 reads the master secret key MSK from the master key storage unit 531.
  • the encryption unit 514 also reads the index i and the message x i from the memory 52.
  • the encryption unit 514 receives the master secret key MSK, the index i, and the message x i as inputs and outputs the M.M.
  • the Enc algorithm is executed to generate the ciphertext c ′ i .
  • the encryption unit 514 writes the ciphertext c ′ i in the memory 52.
  • Step S43 Second encryption process
  • Encryption unit 514 reads the encrypted token ETK i from the token storage unit 532.
  • the encryption unit 514 also reads the ciphertext c ′ i from the memory 52.
  • the Enc algorithm is executed to generate the ciphertext c i . That is, the encryption unit 514 determines that the PKE.
  • the ciphertext c ′ i is encrypted by the Enc algorithm to generate the ciphertext c i .
  • the encryption unit 514 writes the ciphertext c i in the memory 52.
  • Step S44 transmission process
  • the transmission unit 515 reads the ciphertext c i from the memory 52.
  • the transmission unit 515 transmits the ciphertext c i to the confidentiality analysis device 60 via the communication interface 54.
  • the ciphertext acquisition unit 613 of the concealment analyzer 60 acquires the ciphertext c i, writes the ciphertext storage unit 633.
  • the operation of the confidentiality analysis device 60 according to the first embodiment corresponds to the confidentiality analysis method according to the first embodiment.
  • the operation of the confidentiality analysis device 60 according to the first embodiment corresponds to the processing of the confidentiality analysis program according to the first embodiment.
  • the confidentiality analysis device 60 implements the Dec algorithm in the token-based multiple input function encryption.
  • Step S51 First decryption process
  • the dec algorithm is executed to generate the ciphertext c ′ i . That is, the decoding unit 614 decodes the cipher text c i, and generates a ciphertext c 'i.
  • the decryption unit 614 writes the ciphertext c ′ i in the memory 62.
  • Step S52 Second decoding process
  • the decoding unit 614 writes the calculation result f (x 1 , ..., X n , y) or the special symbol ⁇ in the memory 62.
  • Step S53 transmission process
  • the transmission unit 615 reads the calculation result f (x 1 , ..., X n , y) or the special symbol ⁇ from the memory 62.
  • the transmission unit 615 outputs the calculation result f (x 1 , ..., X n , y) or the special symbol ⁇ via the communication interface 64.
  • the confidentiality analysis device 60 allows the ciphertext c ′ i in the common-key multiple-input-function encryption to be encrypted using the encryption token etk. Get i . Then, concealment analyzer 60 decodes using the decoding token dtk ciphertext c i 'generates a i, ciphertext c using the private key sk y' ciphertext c by decoding the i, computation Calculate the result. Even if the user has the private key sk, the operation cannot be performed without the decryption token dtk. Therefore, it is possible to prevent the information from being leaked to the user who has the private key sk.
  • each functional component is realized by software. However, as a first modification, each functional component may be realized by hardware. Differences between the first modification and the first embodiment will be described.
  • the setup device 20 includes an electronic circuit 25 instead of the processor 21, the memory 22, and the storage 23.
  • the electronic circuit 25 is a dedicated circuit that realizes the functional components of the setup device 20 and the functions of the memory 22 and the storage 23.
  • the key generation device 30 includes an electronic circuit 35 instead of the processor 31, the memory 32, and the storage 33.
  • the electronic circuit 35 is a dedicated circuit that implements the functional components of the key generation device 30 and the functions of the memory 32 and the storage 33.
  • the token generation device 40 includes an electronic circuit 45 instead of the processor 41, the memory 42, and the storage 43.
  • the electronic circuit 45 is a dedicated circuit that realizes the functional components of the token generation device 40 and the functions of the memory 42 and the storage 43.
  • the encryption device 50 includes an electronic circuit 55 instead of the processor 51, the memory 52, and the storage 53.
  • the electronic circuit 55 is a dedicated circuit for realizing the functional components of the encryption device 50 and the functions of the memory 52 and the storage 53.
  • the confidentiality analysis device 60 includes an electronic circuit 65 instead of the processor 61, the memory 62, and the storage 63.
  • the electronic circuit 65 is a dedicated circuit for realizing the functional components of the confidentiality analysis device 60 and the functions of the memory 62 and the storage 63.
  • the electronic circuits 25, 35, 45, 55, 65 are a single circuit, a composite circuit, a programmed processor, a parallel programmed processor, a logic IC, a GA (Gate Array), an ASIC (Application Specific Integrated Circuit), and an FPGA (FPGA). Field-Programmable Gate Array) is assumed.
  • the function of each functional constituent element of the setup device 20 may be realized by one electronic circuit 25, or the function of each functional constituent element may be distributed to a plurality of electronic circuits 25 and realized.
  • the token generation device 40, the encryption device 50, and the confidentiality analysis device 60 even if the functions of the respective functional components are realized by one electronic circuit 35, 45, 55, 65.
  • the function of each functional component may be distributed to a plurality of electronic circuits 35, 45, 55, and 65 to be realized.
  • ⁇ Modification 2> As a second modification, some functions may be realized by hardware and other functions may be realized by software. That is, among the functional components, some functions may be realized by hardware and other functions may be realized by software.
  • the processor 21, 31, 41, 51, 61, the memory 22, 32, 42, 52, 62, the storage 23, 33, 43, 53, 63 and the electronic circuit 25, 35, 45, 55, 65 are called a processing circuit. That is, the function of each functional component is realized by the processing circuit.
  • Embodiment 2 differs from the first embodiment in that a pseudo random function is used instead of public key encryption. In the second embodiment, these different points will be described, and description of the same points will be omitted.
  • the operation of the confidentiality analysis system 10 according to the second embodiment will be described with reference to FIGS. 9 to 11.
  • the operations of the setup device 20 and the key generation device 30 are the same as in the first embodiment. Therefore, the operations of the token generation device 40, the encryption device 50, and the confidentiality analysis device 60 will be described here.
  • K ⁇ D ⁇ R has the following PRF. KeyGen algorithm and PRF. And the Eval algorithm.
  • K is a key space
  • D is a domain of input values
  • R is a range of output values.
  • the KeyGen algorithm is a key generation algorithm.
  • the KeyGen algorithm inputs the security parameter ⁇ and outputs the key k ⁇ K of the pseudo-random function.
  • the Eval algorithm is an evaluation algorithm. PRF.
  • the Eval algorithm inputs the key k of the pseudo-random function and the value j ⁇ D, and outputs the value m ⁇ R.
  • the operation of the token generation device 40 according to the second embodiment corresponds to the token generation method according to the second embodiment.
  • the operation of the token generation device 40 according to the second embodiment corresponds to the processing of the token generation program according to the second embodiment.
  • the token generation device 40 implements the GenToken algorithm in token-based multiple input function cryptography.
  • step S31 and step S33 are the same as that of the first embodiment.
  • Step S32 token generation process
  • the token generation unit 412 reads the security parameter ⁇ from the memory 42.
  • the KeyGen algorithm is run to generate the key k i for the pseudo-random function.
  • the operation of the encryption device 50 according to the second embodiment corresponds to the encryption method according to the second embodiment.
  • the operation of the encryption device 50 according to the second embodiment corresponds to the processing of the encryption program according to the second embodiment.
  • the encryption device 50 implements the Enc algorithm in token-based multiple input function encryption.
  • step S41, step S42, and step S44 is the same as that of the first embodiment.
  • Step S43 Second encryption process
  • the encryption unit 514 also reads the ciphertext c ′ i from the memory 52.
  • Encryption unit 514 is input with a key k i and the value j of the pseudo random function in encrypted token ETK i, PRF. Run the Eval algorithm to generate the value m i .
  • the encryption unit 514 sets a pair of the ciphertext c * i and the value j in the ciphertext c i .
  • the encryption unit 514 writes the ciphertext c i in the memory 52.
  • the operation of the confidentiality analysis device 60 according to the second embodiment corresponds to the confidentiality analysis method according to the second embodiment.
  • the operation of the confidentiality analysis device 60 according to the second embodiment corresponds to the processing of the confidentiality analysis program according to the second embodiment.
  • the confidentiality analysis device 60 implements the Dec algorithm in the token-based multiple input function encryption.
  • steps S52 and S53 are the same as that of the first embodiment.
  • Step S51 First decryption process
  • the decryption unit 614 writes the ciphertext c ′ i in the memory 62.
  • the confidentiality analysis system 10 according to the second embodiment can achieve the same effect as that of the first embodiment by using the pseudo-random function instead of the public key encryption. Further, the concealment analysis system 10 according to the second embodiment, the value j for use in generating the value m i is different value for each encryption. Therefore, since the value m i is different for each encryption, high security can be realized.
  • 10 secret analysis system 20 setup device, 21 processor, 22 memory, 23 storage, 24 communication interface, 25 electronic circuit, 211 parameter acquisition unit, 212 master key generation unit, 213 transmission unit, 231 master key storage unit, 30 key generation Device, 31 processor, 32 memory, 33 storage, 34 communication interface, 35 electronic circuit, 311, master key acquisition unit, 312 value acquisition unit, 313 secret key generation unit, 314 transmission unit, 331 master key storage unit, 40 token generation device , 41 processor, 42 memory, 43 storage, 44 communication interface, 45 electronic circuit, 411 parameter acquisition part, 412 token generation part, 413 transmission part, 50 encryption device, 51 process Service, 52 memory, 53 storage, 54 communication interface, 55 electronic circuit, 511 master key acquisition unit, 512 token acquisition unit, 513 message acquisition unit, 514 encryption unit, 515 transmission unit, 531 master key storage unit, 532 token storage Section, 60 confidentiality analyzer, 61 processor, 62 memory, 63 storage, 64 communication interface, 65 electronic circuit, 611 private key acquisition section, 612 token acquisition section, 613 ciphertext acquisition section

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un dispositif d'analyse du secret (60) qui accepte un cryptogramme c'i obtenu en cryptant un message xi et une clé secrète sky ayant une valeur définie pour y en tant qu'entrées, et acquiert un cryptogramme ci qui est obtenu, à l'aide d'un jeton de codage etk, en cryptant le cryptogramme c'i par le biais d'un cryptage fonctionnel à entrées multiples qui délivre un résultat arithmétique lorsque le message xi et la valeur y sont entrés dans la fonction f. Le dispositif d'analyse du secret (60) génère le cryptogramme c'i en décodant le cryptogramme cià l'aide d'un jeton de décodage dtk, et calcule un résultat arithmétique en décodant le cryptogramme c'i à l'aide de la clé secrète sky.
PCT/JP2018/037603 2018-10-09 2018-10-09 Dispositif d'analyse du secret, système d'analyse du secret, procédé d'analyse du secret, et programme d'analyse du secret WO2020075224A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2018/037603 WO2020075224A1 (fr) 2018-10-09 2018-10-09 Dispositif d'analyse du secret, système d'analyse du secret, procédé d'analyse du secret, et programme d'analyse du secret

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2018/037603 WO2020075224A1 (fr) 2018-10-09 2018-10-09 Dispositif d'analyse du secret, système d'analyse du secret, procédé d'analyse du secret, et programme d'analyse du secret

Publications (1)

Publication Number Publication Date
WO2020075224A1 true WO2020075224A1 (fr) 2020-04-16

Family

ID=70164019

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2018/037603 WO2020075224A1 (fr) 2018-10-09 2018-10-09 Dispositif d'analyse du secret, système d'analyse du secret, procédé d'analyse du secret, et programme d'analyse du secret

Country Status (1)

Country Link
WO (1) WO2020075224A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002077134A (ja) * 2000-08-31 2002-03-15 Toshiba Corp サーバ・クライアント・システム、データサーバ、データクライアント及びデータ提供・利用方法並びに記録媒体
US20070237327A1 (en) * 2006-03-23 2007-10-11 Exegy Incorporated Method and System for High Throughput Blockwise Independent Encryption/Decryption
JP2011166752A (ja) * 2010-01-15 2011-08-25 Nippon Telegr & Teleph Corp <Ntt> 暗号化システム、暗号化装置、復号装置、暗号化方法、プログラム

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002077134A (ja) * 2000-08-31 2002-03-15 Toshiba Corp サーバ・クライアント・システム、データサーバ、データクライアント及びデータ提供・利用方法並びに記録媒体
US20070237327A1 (en) * 2006-03-23 2007-10-11 Exegy Incorporated Method and System for High Throughput Blockwise Independent Encryption/Decryption
JP2011166752A (ja) * 2010-01-15 2011-08-25 Nippon Telegr & Teleph Corp <Ntt> 暗号化システム、暗号化装置、復号装置、暗号化方法、プログラム

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
ABDALLA, M. ET AL.: "Multi-Input Functional Encryption for Inner Products: Function-Hiding Realizations and Constructions without Pairings", LECTURE NOTES IN COMPUTER SCIENCE, vol. 10991, August 2018 (2018-08-01), pages 597 - 627, XP055700529 *
AGRAWAL, S. ET AL.: "Fully Secure Functional Encryption for Inner Products", FROM STANDARD ASSUMPTIONS, August 2016 (2016-08-01), XP061022140, Retrieved from the Internet <URL:https://www.iacr.org/archive/crypto2016/crypto2016-index.html> [retrieved on 20181226] *
NAVEED, M. ET AL.: "Controlled Functional Encryption", PROCEEDINGS OF THE 21ST ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, November 2014 (2014-11-01), pages 1280 - 1291, XP058060594, DOI: 10.1145/2660267.2660291 *

Similar Documents

Publication Publication Date Title
JP6732141B2 (ja) 変換鍵生成装置、暗号文変換装置、秘匿情報処理システム、変換鍵生成方法、変換鍵生成プログラム、暗号文変換方法及び暗号文変換プログラム
KR20150122513A (ko) 암호화 장치, 암호화 방법 및 컴퓨터 판독가능 기록매체
KR20100138986A (ko) 암호 시스템
JP6386198B1 (ja) 暗号化装置及び復号装置
JP2015184490A (ja) 暗号化装置、暗号化方法、情報処理装置および暗号化システム
JP6522263B2 (ja) 準同型演算装置、暗号システム及び準同型演算プログラム
WO2016088453A1 (fr) Appareil de chiffrement, appareil de déchiffrement, système de traitement cryptographique, procédé de chiffrement, procédé de déchiffrement, programme de chiffrement et programme de déchiffrement
WO2019239776A1 (fr) Dispositif de déchiffrement, dispositif de chiffrement et système de chiffrement
KR20040065795A (ko) 암호화 장치 및 암호화 방법
WO2020044748A1 (fr) Dispositif de configuration de système de preuve de hachage à base d&#39;id, dispositif de chiffrement à base d&#39;id, procédé de configuration de système de preuve de hachage à base d&#39;id, et programme
US20240048377A1 (en) Ciphertext conversion system, conversion key generation method, and non-transitory computer readable medium
JP2018036418A (ja) 暗号システム、暗号方法及び暗号プログラム
Kangavalli et al. A mixed homomorphic encryption scheme for secure data storage in cloud
JP7117964B2 (ja) 復号装置、暗号システム、復号方法及び復号プログラム
CN115668334A (zh) 隐匿信息处理系统、加密装置、加密方法和加密程序
JP6452910B1 (ja) 秘匿分析装置、秘匿分析システム、秘匿分析方法及び秘匿分析プログラム
JP6949276B2 (ja) 再暗号化装置、再暗号化方法、再暗号化プログラム及び暗号システム
Hazzazi et al. Asymmetric Key Cryptosystem for Image Encryption by Elliptic Curve over Galois Field GF (2 n).
WO2020075224A1 (fr) Dispositif d&#39;analyse du secret, système d&#39;analyse du secret, procédé d&#39;analyse du secret, et programme d&#39;analyse du secret
WO2022054130A1 (fr) Système cryptographique, procédé et programme
JP7520255B2 (ja) 秘匿情報処理システム、秘匿情報処理方法、及び秘匿情報処理プログラム
KR20150139304A (ko) 마스터 키를 보호하기 위한 암호화 장치 및 그 방법
US12056549B1 (en) Method and apparatus for activating a remote device
JP6885325B2 (ja) 暗号化装置、復号装置、暗号化方法、復号方法、プログラム
Ibrahim et al. A Robust Image Cipher System Based on Cramer-Shoup Algorithm and 5-D Hyper Chaotic System

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18936481

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18936481

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP