WO2023199435A1 - 暗号文変換システム、暗号文変換方法、及び暗号文変換プログラム - Google Patents

暗号文変換システム、暗号文変換方法、及び暗号文変換プログラム Download PDF

Info

Publication number
WO2023199435A1
WO2023199435A1 PCT/JP2022/017725 JP2022017725W WO2023199435A1 WO 2023199435 A1 WO2023199435 A1 WO 2023199435A1 JP 2022017725 W JP2022017725 W JP 2022017725W WO 2023199435 A1 WO2023199435 A1 WO 2023199435A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
ciphertext
encryption
common
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2022/017725
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
豊 川合
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mitsubishi Electric Corp
Original Assignee
Mitsubishi Electric Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mitsubishi Electric Corp filed Critical Mitsubishi Electric Corp
Priority to JP2024501718A priority Critical patent/JP7486688B2/ja
Priority to PCT/JP2022/017725 priority patent/WO2023199435A1/ja
Priority to CN202280094284.8A priority patent/CN118947083A/zh
Priority to DE112022006626.1T priority patent/DE112022006626B4/de
Publication of WO2023199435A1 publication Critical patent/WO2023199435A1/ja
Priority to US18/815,164 priority patent/US20240421976A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Definitions

  • the present disclosure relates to a ciphertext conversion system, a ciphertext conversion method, and a ciphertext conversion program.
  • a Proxy Re-Encryption (PRE) system is a system that delegates the authority to decrypt a ciphertext to another party without decrypting the ciphertext.
  • Non-Patent Document 1 discloses a PRE (Attribute-Based PRE, ABPRE) method in an arbitrary method of attribute-based cryptography. By using the technology disclosed in Non-Patent Document 1, proxy re-encryption is realized between mutually different attribute-based ciphers.
  • Non-Patent Document 2 discloses a technique for changing the key without decoding the ciphertext of the common key cryptosystem.
  • a normal proxy re-encryption method such as the method disclosed in Non-Patent Document 1 is a technique for converting a ciphertext of a certain public key cryptosystem into a ciphertext of another public key cryptosystem.
  • the technology disclosed in Non-Patent Document 2 is a technology for converting a ciphertext based on a common key cryptosystem into a ciphertext based on a common key cryptosystem.
  • the ciphertext using a common key cryptosystem is decrypted once, and the decrypted plaintext is encrypted using a public key cryptosystem.
  • the conventional technology has a problem of low security because the plaintext is exposed when converting the ciphertext of the common key cryptosystem to the ciphertext of the public key cryptosystem.
  • the present disclosure aims to convert a ciphertext encrypted using a common key cryptosystem into a ciphertext using a public key cryptosystem without decrypting it.
  • the ciphertext conversion system is generating a converted public key ciphertext and a key corresponding to the converted public key ciphertext by performing encryption using a public key cryptosystem using a public key and a decryptable condition; The value calculated by executing encryption using the common key cryptosystem using the first auxiliary information and the main secret key which is a random number, and the value calculated by executing the encryption using the common key cryptosystem using the second auxiliary information and the sub secret key which is the random number. Executing encryption using a common key cryptosystem using a first ciphertext that is the exclusive OR of the value calculated by executing the encryption and the plaintext, the sub-private key, and the second auxiliary information.
  • the converter includes a converter including a converter that calculates at least a part of the post-common key ciphertext.
  • a first ciphertext which is a ciphertext encrypted using a common key cryptosystem
  • a first ciphertext is calculated by performing encryption using a common key cryptosystem using a sub-secret key and second auxiliary information.
  • the conversion is performed using the value and the value calculated by executing encryption using the common key encryption method using the key corresponding to the converted public key ciphertext and the third auxiliary information.
  • the key corresponding to the converted public key ciphertext is a key generated by executing encryption using public key cryptography. Therefore, according to the present disclosure, a ciphertext encrypted using a common key cryptosystem can be converted into a ciphertext using a public key cryptosystem without decrypting it.
  • FIG. 1 is a diagram showing a configuration example of a ciphertext conversion system 100 according to Embodiment 1.
  • FIG. 1 is a diagram illustrating a configuration example of a common secret key generation device 200 according to Embodiment 1.
  • FIG. 1 is a diagram illustrating a configuration example of a common parameter generation device 300 according to Embodiment 1.
  • FIG. 1 is a diagram illustrating a configuration example of a user private key generation device 400 according to Embodiment 1.
  • FIG. 1 is a diagram illustrating a configuration example of a common key ciphertext generation device 500 according to Embodiment 1.
  • FIG. FIG. 6 is a diagram illustrating a configuration example of a conversion device 600 according to Embodiment 1.
  • FIG. 7 is a diagram illustrating a configuration example of a decoding device 700 according to Embodiment 1.
  • 1 is a diagram illustrating an example of the hardware configuration of each device according to Embodiment 1.
  • FIG. 2 is a flowchart showing the operation of the common secret key generation device 200 according to the first embodiment.
  • 5 is a flowchart showing the operation of the common parameter generation device 300 according to the first embodiment.
  • 5 is a flowchart showing the operation of user private key generation device 400 according to the first embodiment.
  • 5 is a flowchart showing the operation of the common key ciphertext generation device 500 according to the first embodiment.
  • 7 is a flowchart showing the operation of conversion device 600 according to the first embodiment.
  • 7 is a flowchart showing the operation of decoding device 700 according to Embodiment 1.
  • 6 is a diagram illustrating an example of the hardware configuration of each device according to a modification of the first embodiment.
  • FIG. 6 is a diagram illustrating an example of the hardware configuration of each device according
  • Embodiment 1 ***Explanation of configuration*** In this embodiment, a ciphertext conversion system 100 is disclosed. The outline of this embodiment will be described below with reference to the drawings.
  • FIG. 1 is a block diagram showing the configuration of a ciphertext conversion system 100 according to this embodiment.
  • the ciphertext conversion system 100 includes a plurality of common secret key generation devices 200, a common parameter generation device 300, a plurality of user secret key generation devices 400, a ciphertext generation device 500, and a conversion device. 600 and a decoding device 700.
  • the devices constituting the ciphertext conversion system 100 are not communicably connected to each other via the Internet 101, and even if they are installed within a LAN (Local Area Network) installed within the same company, etc. good. At least two devices constituting the ciphertext conversion system 100 may be integrally configured as appropriate.
  • LAN Local Area Network
  • the Internet 101 is capable of communicating with a plurality of common secret key generation devices 200, a common parameter generation device 300, a plurality of user private key generation devices 400, a ciphertext generation device 500, a conversion device 600, and a decryption device 700. It is a communication path that connects to The Internet 101 is a specific example of a network. Other types of networks may be used instead of the Internet 101.
  • the common secret key generation device 200 is a PC (Personal Computer) as a specific example, and is also called a common key encryption secret key generation device.
  • the common secret key generation device 200 generates a main secret key sk1 and a sub secret key sk2, transmits the generated main secret key sk1 to the user secret key generation device 400 via the Internet 101, and sends the generated sub secret key sk1 to the user secret key generation device 400.
  • This is a computer that transmits the private key sk2 to the conversion device 600.
  • the main secret key sk1 is also called a common key encryption main secret key.
  • the sub-private key sk2 is also called a common key encryption sub-private key.
  • the common parameter generation device 300 is a PC as a specific example, generates common parameters used in the ciphertext conversion system 100, and transmits them to each of the plurality of user private key generation devices 400 and the conversion device 600 via the Internet 101.
  • This is a computer that appropriately transmits information indicating the generated common parameters to the computer.
  • the common parameters include a master secret key msk and a public key pk. Note that the information indicating the common parameters may not be sent via the Internet 101, but may be sent directly to each device by mail or the like.
  • the terms data and information may have equivalent meanings.
  • a specific example of the user private key generation device 400 is a PC.
  • the user secret key generation device 400 receives the main secret key sk1 from the common secret key generation device 200, receives the master secret key msk from the common parameter generation device 300, and receives information indicating the attribute parameter ⁇ as input.
  • the user secret key generation device 400 is a computer that generates a user secret key sku based on the received master secret key msk and main secret key sk1 and the attribute parameter ⁇ , and transmits the generated user secret key sku to the decryption device 700. It is.
  • the ciphertext generation device 500 is a device that functions as a data encryption device, a specific example of which is a PC, and is also called a common key ciphertext generation device.
  • the ciphertext generation device 500 receives each of the main secret key sk1 and the sub-secret key sk2 from the common secret key generation device 200, and also receives information indicating the plaintext M as input.
  • the ciphertext generation device 500 is a computer that generates a common key ciphertext Csk using the received main secret key sk1 and subsecret key sk2 and plaintext M, and sends the generated common key ciphertext Csk to the conversion device 600. It is.
  • the conversion device 600 is a PC as a specific example.
  • the conversion device 600 receives the sub-private key sk2 from the common secret key generation device 200, receives the public key pk from the common parameter generation device 300, receives the common key ciphertext Csk from the ciphertext generation device 500, and can decrypt it.
  • Information indicating condition L is received as input.
  • the conversion device 600 generates a converted common key ciphertext Csk' and a converted public key ciphertext Cpk using the received data and the decodability condition L, and generates a converted common key ciphertext Csk' and a converted public key ciphertext Csk'.
  • This is a computer that transmits the public key ciphertext Cpk to the decryption device 700.
  • the decoding device 700 is a PC as a specific example.
  • the decryption device 700 receives each of the converted common key ciphertext Csk' and the converted public key ciphertext Cpk from the conversion device 600, and also receives the user private key sku from the user private key generation device 400. This is a computer that decrypts the ciphertext based on the data and outputs the decryption result.
  • FIG. 2 is a block diagram showing a configuration example of the common secret key generation device 200.
  • the common secret key generation device 200 includes an input section 201, a common key encryption key generation section 202, and a transmission section 203.
  • the common secret key generation device 200 includes a recording medium that stores data used in each part of the common secret key generation device 200.
  • the input unit 201 receives input of information indicating the bit length k of the key used in the ciphertext conversion system 100.
  • the common key encryption key generation unit 202 generates a main secret key sk1 and a sub secret key sk2.
  • Each of the main secret key sk1 and the sub-secret key sk2 is a random number, and is used as a basis of calculation in the ciphertext conversion system 100.
  • the common key encryption key generation unit 202 may include a random number generation function or the like in order to generate the main secret key sk1 and the sub secret key sk2.
  • the transmitting unit 203 transmits the main secret key sk1 generated by the common key encryption key generating unit 202 to each of the user private key generating device 400 and the ciphertext generating device 500. Further, the transmitting unit 203 transmits the sub-secret key sk2 generated by the common key encryption key generating unit 202 to each of the ciphertext generating device 500 and the converting device 600.
  • FIG. 3 is a block diagram showing a configuration example of the common parameter generation device 300.
  • the common parameter generation device 300 includes an input section 301, a common parameter generation section 302, and a transmission section 303.
  • the common parameter generation device 300 includes a recording medium that stores data used in each part of the common parameter generation device 300.
  • the input unit 301 receives input of information indicating the bit length k of the key used in the ciphertext conversion system 100.
  • the common parameter generation unit 302 generates each of a public key pk and a master private key msk. Each of the public key pk and master private key msk is used as a basis of calculation in the ciphertext conversion system 100. Although not shown, the common parameter generation unit 302 may include a random number generation function or the like in order to generate the public key pk and the master private key msk.
  • the transmitting unit 303 transmits the public key pk generated by the common parameter generating unit 302 to the conversion device 600. Further, the transmitting unit 303 transmits the master secret key msk generated by the common parameter generating unit 302 to each of the plurality of user private key generating devices 400.
  • FIG. 4 is a block diagram showing a configuration example of the user private key generation device 400.
  • the user private key generation device 400 includes an input section 401, a key reception section 402, a key generation section 403, and a transmission section 404.
  • the user private key generation device 400 includes a recording medium that stores data used in each part of the user private key generation device 400.
  • the input unit 401 receives input of information indicating the attribute parameter ⁇ .
  • the key receiving unit 402 receives each of the master secret key msk and the main secret key sk1.
  • the transmitting unit 404 transmits the user private key sku generated by the key generating unit 403 to the decryption device 700.
  • FIG. 5 is a block diagram showing a configuration example of the ciphertext generation device 500.
  • the ciphertext generation device 500 includes an input section 501, a key reception section 502, an encryption section 503, and a transmission section 504.
  • the ciphertext generation device 500 includes a recording medium that stores data used in each part of the ciphertext generation device 500.
  • the input unit 501 receives input of information indicating plaintext M.
  • the key receiving unit 502 receives each of the main secret key sk1 and the sub secret key sk2.
  • the encryption unit 503 generates a common key ciphertext Csk.
  • the encryption unit 503 may include a random number generation function or the like in order to generate the common key ciphertext Csk.
  • the transmitting unit 504 transmits the common key ciphertext Csk to the conversion device 600.
  • FIG. 6 is a block diagram showing a configuration example of the conversion device 600.
  • the conversion device 600 includes a key reception section 601, an input section 602, a ciphertext reception section 603, a conversion section 604, and a transmission section 605.
  • the conversion device 600 includes a recording medium that stores data used in each part of the conversion device 600.
  • the key receiving unit 601 receives each of the public key pk and the sub-private key sk2.
  • the input unit 602 receives input of information indicating the decodability condition L from the outside.
  • the ciphertext receiving unit 603 receives the common key ciphertext Csk.
  • the conversion unit 604 generates a converted public key ciphertext Cpk using the decodability condition L and the public key pk. At this time, the conversion unit 604 corresponds to the converted public key ciphertext P and the converted public key ciphertext P by executing encryption using the public key cryptosystem using the public key pk and the decryption enable condition L. A key K is generated. Next, the conversion unit 604 generates a converted common key ciphertext Csk' by converting the common key ciphertext Csk using the sub-secret key sk2.
  • the conversion unit 604 converts the first ciphertext, the value calculated by executing encryption using the common key cryptosystem using the sub-private key sk2 and the second auxiliary information, and the converted public key ciphertext P.
  • the first ciphertext is a value calculated by executing encryption using the common key cryptosystem using the first auxiliary information and the main secret key sk1, and a common key cryptogram using the second auxiliary information and the sub secret key sk2.
  • the converted common key ciphertext Csk' may include at least a portion of the converted common key ciphertext Csk', first auxiliary information, and third auxiliary information.
  • a specific example of the public key cryptosystem is a functional cryptosystem or an attribute-based cryptosystem in which an access range can be set.
  • the transmitting unit 605 transmits each of the converted public key ciphertext Cpk and the converted common key ciphertext Csk' to the decryption device 700.
  • FIG. 7 is a block diagram showing a configuration example of the decoding device 700.
  • the decryption device 700 includes a ciphertext reception section 701, a key reception section 702, a decryption section 703, and a result output section 704.
  • the ciphertext receiving unit 701 receives each of the converted public key ciphertext Cpk and the converted common key ciphertext Csk'.
  • the key receiving unit 702 receives the user private key sku.
  • the decryption unit 703 decrypts the plaintext M by executing decryption processing. Specifically, first, the decryption unit 703 decrypts the converted public key ciphertext Cpk using the user private key sk ⁇ corresponding to the decryption enable condition L and the converted public key ciphertext Cpk. The key K corresponding to the public key ciphertext Cpk is decrypted. Next, the decryption unit 703 uses at least a part of the converted common key ciphertext Csk', the key K corresponding to the decrypted converted public key ciphertext Cpk, and the third auxiliary information to encrypt the ciphertext of the common key cryptosystem. The exclusive OR of the value calculated by executing the encryption and the value calculated by executing the encryption using the common key encryption method using the main secret key sk1 and the first auxiliary information is calculated as the plaintext M. do.
  • the result output unit 704 outputs the plaintext M decrypted by the decryption unit 703.
  • FIG. 8 is a diagram showing an example of hardware resources of each device according to the present embodiment. As shown in FIG. 8, each device is a general computer including a processor 11 (Central Processing Unit).
  • processor 11 Central Processing Unit
  • the processor 11 is, for example, a CPU (Central Processing Unit), a DSP (Digital Signal Processor), or a GPU (Graphics Processing Unit).
  • the processor 11 connects to a ROM (Read Only Memory) 13, a RAM (Random Access Memory) 14, a communication board 15, a display 31 (display device), a keyboard 32, a mouse 33, and a drive 34 via a bus 12. It is connected to hardware devices such as the magnetic disk drive 20, and controls these hardware devices.
  • the drive 34 is a device that reads and writes storage media such as an FD (Flexible Disk Drive), a CD (Compact Disc), and a DVD (Digital Versatile Disc).
  • the ROM 13, RAM 14, magnetic disk device 20, and drive 34 are examples of storage devices.
  • the keyboard 32, mouse 33, and communication board 15 are examples of input devices.
  • the display 31 and the communication board 15 are examples of output devices.
  • the communication board 15 is wired or wirelessly connected to a communication network such as a LAN, the Internet, or a telephone line.
  • the magnetic disk device 20 stores an OS (operating system) 21, a program group 22, and a file group 23.
  • OS operating system
  • the program group 22 includes programs that execute functions described as "units" in this embodiment.
  • the program is read and executed by the processor 11. That is, the program causes the computer to function as a "section” and causes the computer to execute the procedures and methods of the "section.”
  • the file group 23 includes various data (inputs, outputs, determination results, calculation results, processing results, etc.) used in the "section" described in this embodiment.
  • the operating procedure of each device constituting the ciphertext conversion system 100 corresponds to a ciphertext conversion method.
  • the ciphertext conversion method is also a general term for methods executed in each device.
  • a program that realizes the operation of each device constituting the ciphertext conversion system 100 corresponds to a ciphertext conversion program.
  • the ciphertext conversion program is also a general term for programs executed in each device.
  • the attribute-based cipher is a cipher that can be decrypted only by a user who has a user secret key generated using a set ⁇ of attributes that satisfies the decryption conditions set by the decryption condition L.
  • attribute-based cryptography is configured by an algorithm that includes the following processing. Processing 1: Processing of inputting setup ABESETUP, key length, etc., and outputting master private key msk and public key pk. Process 2: Process of generating a user secret key sk ⁇ corresponding to the attribute set ⁇ by inputting the user secret key generation ABEKEYGEN, the master secret key msk, and the attribute set ⁇ .
  • Process 3 Process of generating a key K for common key encryption and a ciphertext P corresponding to the key K by inputting the encrypted ABEENC, the public key pk, and the decoding enablement condition L.
  • Process 4 Decryption ABEDEC, user private key sk ⁇ , and ciphertext P are input, and if the set ⁇ of attributes matches the decryption enablement condition L when generating ciphertext P, it is encrypted as ciphertext P.
  • a process in which the key K that exists is output.
  • the common key encryption is a technique of encrypting the plaintext M using the common key encryption secret key sk, and decrypting the cipher text using the common key encryption secret key sk.
  • the common key encryption secret key sk is a random value
  • the encryption SKEENC inputs the common key encryption secret key sk and the plaintext M, and outputs a ciphertext.
  • the decryption SKEDEC inputs the common key cryptographic secret key sk and the ciphertext, and outputs the plaintext M.
  • a counter mode encryption technique using a block cipher is used in this embodiment.
  • encryption is performed as shown in [Formula 1] using the encryption function SENC of the common key cryptosystem and auxiliary information auxC, and as shown in [Formula 2] using the encryption function SENC and auxiliary information auxC. ]
  • Decryption is performed as shown in .
  • the operator + indicates exclusive OR.
  • the auxiliary information is a counter value.
  • FIG. 9 shows an example of secret key generation processing. The secret key generation process will be explained using FIG. 9.
  • Step S201 Information input step
  • the input unit 201 receives information indicating the bit length k of the key as input.
  • Step S202 Private key generation step
  • the common key encryption key generation unit 202 generates two k-bit random numbers, sets one of the generated random numbers as a main secret key sk1, and sets the other of the generated random numbers as a sub-secret key sk2.
  • Step S203 Sending step
  • the transmitter 203 appropriately transmits the main secret key sk1 and the sub-secret key sk2 to each device.
  • FIG. 10 shows an example of parameter generation processing. Parameter generation processing will be explained using FIG. 10.
  • Step S301 Information input step
  • the input unit 301 receives information indicating the bit length k of the key as input.
  • Step S302 Key generation step
  • the common parameter generation unit 302 generates each of a master private key msk and a public key pk by executing Setup for attribute-based cryptography.
  • Step S303 Sending step
  • the transmitter 303 appropriately transmits each of the generated master private key msk and public key pk to each device.
  • FIG. 11 shows an example of user private key generation processing. User private key generation processing will be explained using FIG. 11.
  • Step S401 Attribute input step
  • the input unit 401 receives information indicating the attribute parameter ⁇ .
  • Step S402 Key input step
  • the key receiving unit 402 receives each of the master secret key msk and the main secret key sk1.
  • Step S403 User private key generation step
  • the key generation unit 403 generates a user secret key sk ⁇ by executing user secret key generation ABEKEYGEN of attribute-based cryptography using the attribute parameter ⁇ and the master secret key msk.
  • Step S404 Sending step
  • FIG. 12 shows an example of ciphertext generation processing. The ciphertext generation process will be explained using FIG. 12.
  • Step S501 Key reception step
  • the key receiving unit 502 receives each of the main secret key sk1 and the sub secret key sk2.
  • Step S502 Plaintext input step
  • the input unit 501 receives information indicating plaintext M.
  • Step S503 Encryption step
  • the encryption unit 503 encrypts the plaintext M as shown in [Formula 3].
  • the encryption unit 503 generates each of the auxiliary information auxC1 and auxiliary information auxC2 as data with an appropriate bit length.
  • the encryption unit 503 sets the common key ciphertext Csk to (C, auxC1, auxC2).
  • the auxiliary information auxC1 is also called first auxiliary information.
  • the auxiliary information auxC2 is also called second auxiliary information.
  • C corresponds to the first ciphertext and corresponds to the ciphertext of the common key cryptosystem.
  • SENC (sk1, auxC1) is a value calculated by executing encryption using the common key encryption method using the first auxiliary information and the main secret key sk1.
  • SENC (sk2, auxC2) is a value calculated by executing encryption using the common key cryptosystem using the second auxiliary information and the sub-secret key sk2, which is a random number.
  • Step S504 Sending step
  • FIG. 13 shows an example of the conversion process. The conversion process will be explained using FIG. 13.
  • Step S601 Key reception step
  • the key receiving unit 601 receives each of the public key pk and the sub-private key sk2.
  • Step 602 Input step
  • the input unit 602 receives information indicating the decodability condition L as input.
  • Step 603 Conversion destination generation step
  • the conversion unit 604 uses the public key pk and the decryption condition L to execute the encryption ABEENC of the attribute-based encryption as shown in [Equation 4].
  • P is a converted public key ciphertext
  • K is a key corresponding to the converted public key ciphertext, which corresponds to a key generated by decrypting P.
  • Step 604 Common key encryption conversion step
  • the conversion unit 604 generates auxiliary information auxC', and performs the calculation shown in [Formula 5] using C, the sub-secret key sk2, the auxiliary information auxC2, the key K, and the generated auxiliary information auxC'. ' is calculated, and the converted common key ciphertext Csk' is set as (C', auxC1, auxC').
  • the auxiliary information auxC' corresponds to the third auxiliary information.
  • SENC (sk2, auxC2) is a value calculated by executing encryption using the common key encryption method using the sub-secret key sk2 and the second auxiliary information.
  • SENC(K, auxC') is a value calculated by executing encryption using the common key cryptosystem using the key K and third auxiliary information corresponding to the converted public key ciphertext.
  • C' corresponds to at least a part of the converted common key ciphertext Csk'.
  • Step 605 Sending step
  • the transmitter 605 sets the converted public key ciphertext Cpk to P, and transmits each of the converted public key ciphertext Cpk and the converted common key ciphertext Csk' to each device as appropriate.
  • FIG. 14 shows an example of decoding processing. The decoding process will be explained using FIG. 14.
  • Step S701 Ciphertext reception step
  • Step S702 Key input step
  • Step 703 Decryption processing step
  • the decryption unit 703 executes the calculation shown in [Equation 7] as a decryption process of the attribute-based encryption.
  • the key K corresponds to the converted public key ciphertext Cpk.
  • SENC(K, auxC') is a value calculated by executing encryption using the common key encryption method using the key K and the third auxiliary information.
  • SENC (sk1, auxC1) is a value calculated by executing encryption using the common key encryption method using the main secret key sk1 and the first auxiliary information.
  • Step 704 Output step
  • the result output unit 704 outputs data indicating the plaintext M obtained in the decryption process.
  • Embodiment 1 it is possible to convert a ciphertext based on a common key cryptosystem into a ciphertext based on a public key cryptosystem without decrypting it. Furthermore, according to the present embodiment, there is no need to generate a conversion key for each ciphertext to convert a ciphertext based on a common key cryptosystem into a ciphertext based on a public key cryptosystem. Therefore, according to the present embodiment, the cost of generating a conversion key can be reduced, and the number of times a private key is called to generate a conversion key can be reduced, thereby realizing enhanced security. can do.
  • FIG. 15 shows an example of the hardware configuration of each device according to this modification.
  • Each device includes a processing circuit 18 in place of the processor 11, the processor 11 and ROM 13, the processor 11 and RAM 14, or the processor 11, ROM 13, and RAM 14.
  • the processing circuit 18 is hardware that realizes at least a part of each unit included in each device.
  • the processing circuit 18 may be dedicated hardware or may be a processor that executes a program stored in the RAM 14.
  • the processing circuit 18 may be, for example, a single circuit, a composite circuit, a programmed processor, a parallel programmed processor, an ASIC (Application Specific Integrated Circuit), or an FPGA (Field Programmable Gate Array) or a combination thereof.
  • Each device may include multiple processing circuits to replace processing circuit 18. The plurality of processing circuits share the role of the processing circuit 18.
  • the processing circuit 18 is implemented, for example, by hardware, software, firmware, or a combination thereof.
  • the processor 11, ROM 13, RAM 14, and processing circuit 18 are collectively referred to as a "processing circuitry.” That is, the functions of each functional component of each device are realized by processing circuitry.
  • Embodiment 1 has been described, a plurality of parts of this embodiment may be implemented in combination. Alternatively, this embodiment may be partially implemented. In addition, this embodiment may be modified in various ways as necessary, and may be implemented as a whole or in part in any combination. Note that the embodiments described above are essentially preferable examples, and are not intended to limit the present disclosure, its applications, and the scope of use. The procedures described using flowcharts and the like may be changed as appropriate.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)
PCT/JP2022/017725 2022-04-13 2022-04-13 暗号文変換システム、暗号文変換方法、及び暗号文変換プログラム Ceased WO2023199435A1 (ja)

Priority Applications (5)

Application Number Priority Date Filing Date Title
JP2024501718A JP7486688B2 (ja) 2022-04-13 2022-04-13 暗号文変換システム、暗号文変換方法、及び暗号文変換プログラム
PCT/JP2022/017725 WO2023199435A1 (ja) 2022-04-13 2022-04-13 暗号文変換システム、暗号文変換方法、及び暗号文変換プログラム
CN202280094284.8A CN118947083A (zh) 2022-04-13 2022-04-13 密文转换系统、密文转换方法以及密文转换程序
DE112022006626.1T DE112022006626B4 (de) 2022-04-13 2022-04-13 Chiffretext-umwandlungssystem, chiffretext-umwandlungsverfahren und chiffretext-umwandlungsprogramm
US18/815,164 US20240421976A1 (en) 2022-04-13 2024-08-26 Ciphertext conversion system, ciphertext conversion method, and non-transitory computer readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/017725 WO2023199435A1 (ja) 2022-04-13 2022-04-13 暗号文変換システム、暗号文変換方法、及び暗号文変換プログラム

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US18/815,164 Continuation US20240421976A1 (en) 2022-04-13 2024-08-26 Ciphertext conversion system, ciphertext conversion method, and non-transitory computer readable medium

Publications (1)

Publication Number Publication Date
WO2023199435A1 true WO2023199435A1 (ja) 2023-10-19

Family

ID=88329375

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/017725 Ceased WO2023199435A1 (ja) 2022-04-13 2022-04-13 暗号文変換システム、暗号文変換方法、及び暗号文変換プログラム

Country Status (5)

Country Link
US (1) US20240421976A1 (https=)
JP (1) JP7486688B2 (https=)
CN (1) CN118947083A (https=)
DE (1) DE112022006626B4 (https=)
WO (1) WO2023199435A1 (https=)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023199436A1 (ja) * 2022-04-13 2023-10-19 三菱電機株式会社 暗号文変換システム、暗号文変換方法、及び暗号文変換プログラム
US12476945B2 (en) * 2022-12-28 2025-11-18 Crypto Lab Inc. Electronic device for performing evaluation of encrypted messages and methods thereof

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008172736A (ja) * 2006-12-14 2008-07-24 Ntt Data Corp 暗号文復号権委譲システム
WO2017141399A1 (ja) * 2016-02-18 2017-08-24 株式会社日立製作所 データ処理システム
JP6962629B1 (ja) * 2021-03-23 2021-11-05 Eaglys株式会社 データ共有システム、データ共有方法、およびデータ共有プログラム

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5265164A (en) 1991-10-31 1993-11-23 International Business Machines Corporation Cryptographic facility environment backup/restore and replication in a public key cryptosystem
DE60024941T8 (de) 1999-08-31 2006-08-10 Matsushita Electric Industrial Co., Ltd., Kadoma Verschlüsselungsverfahren und -Vorrichtung, Entschlüsselungsverfahren und -Vorrichtung
FR2836608A1 (fr) * 2002-02-25 2003-08-29 Thomson Licensing Sa Dispositif de traitement et procede de transmission de donnees chiffrees pour un premier domaine dans un reseau appartenant a un second domaine
JP2016189527A (ja) * 2015-03-30 2016-11-04 三菱電機株式会社 情報処理装置及び情報処理システム及び情報処理方法及び情報処理プログラム
DE112018007433T5 (de) * 2018-05-08 2020-12-31 Mitsubishi Electric Corporation Registrierungsvorrichtung, servervorrichtung, durchsuchbares verschlüsselungssystem, durchsuchbares verschlüsselungs-verfahren, registrierungsprogramm und serverprogramm
CN113315745B (zh) * 2020-02-27 2026-01-09 华为云计算技术有限公司 一种数据处理方法、装置、设备及介质
JP7325689B2 (ja) * 2021-05-17 2023-08-14 三菱電機株式会社 暗号文変換システム、変換鍵生成方法、及び、変換鍵生成プログラム
JPWO2023127963A1 (https=) * 2021-12-28 2023-07-06
WO2023199436A1 (ja) * 2022-04-13 2023-10-19 三菱電機株式会社 暗号文変換システム、暗号文変換方法、及び暗号文変換プログラム

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008172736A (ja) * 2006-12-14 2008-07-24 Ntt Data Corp 暗号文復号権委譲システム
WO2017141399A1 (ja) * 2016-02-18 2017-08-24 株式会社日立製作所 データ処理システム
JP6962629B1 (ja) * 2021-03-23 2021-11-05 Eaglys株式会社 データ共有システム、データ共有方法、およびデータ共有プログラム

Also Published As

Publication number Publication date
JPWO2023199435A1 (https=) 2023-10-19
US20240421976A1 (en) 2024-12-19
DE112022006626B4 (de) 2026-04-02
CN118947083A (zh) 2024-11-12
JP7486688B2 (ja) 2024-05-17
DE112022006626T5 (de) 2024-12-19

Similar Documents

Publication Publication Date Title
JP7325689B2 (ja) 暗号文変換システム、変換鍵生成方法、及び、変換鍵生成プログラム
CN103283177B (zh) 与分段密钥一起使用的密码学模块及其使用方法
CN102055760A (zh) 消息发送/接收方法和系统
JP6194886B2 (ja) 暗号化統計処理システム、復号システム、鍵生成装置、プロキシ装置、暗号化統計データ生成装置、暗号化統計処理方法、および、暗号化統計処理プログラム
JPWO2019130528A1 (ja) 変換鍵生成装置、暗号文変換装置、秘匿情報処理システム、変換鍵生成方法、変換鍵生成プログラム、暗号文変換方法及び暗号文変換プログラム
KR20050069936A (ko) 암호 장치, 복호 장치, 및 암호 시스템
US20240421976A1 (en) Ciphertext conversion system, ciphertext conversion method, and non-transitory computer readable medium
US12200099B2 (en) Multi-party cryptographic systems and methods
US7894608B2 (en) Secure approach to send data from one system to another
JP6556955B2 (ja) 通信端末、サーバ装置、プログラム
CN107534558A (zh) 用于保护经由数据总线传输的数据的信息安全的方法以及数据总线系统
JP7486693B2 (ja) 暗号文変換システム、暗号文変換方法、及び暗号文変換プログラム
WO2019220900A1 (ja) 暗号化システム、暗号化装置、復号装置、暗号化方法、復号方法、及びプログラム
JP2006311383A (ja) データ管理方法、データ管理システムおよびデータ管理装置
JP7520255B2 (ja) 秘匿情報処理システム、秘匿情報処理方法、及び秘匿情報処理プログラム
JP2016139861A (ja) 暗号化装置、暗号化方法及び配信システム
JP6949276B2 (ja) 再暗号化装置、再暗号化方法、再暗号化プログラム及び暗号システム
WO2015173905A1 (ja) 暗号装置及び記憶システム及び復号装置及び暗号方法及び復号方法及び暗号プログラム及び復号プログラム
JP7466791B2 (ja) 暗号化装置、復号装置、復号可能検証装置、暗号システム、暗号化方法、及び暗号化プログラム
WO2025262960A1 (ja) 暗号文変換システム、再暗号化検証方法、及び再暗号化検証プログラム
WO2025262959A1 (ja) 再暗号化鍵生成装置、再暗号化装置、暗号文変換システム、再暗号化方法、及び再暗号化プログラム
WO2021144842A1 (ja) 秘匿情報処理システム、準同型演算装置、復号装置、秘匿情報処理方法、および、秘匿情報処理プログラム
JP6711522B2 (ja) 通信システム、通信装置、及び通信方法
JP2025184230A (ja) クライアント装置、サーバ装置、パラメータ秘匿化システム、パラメータ秘匿化方法、及びパラメータ秘匿化プログラム
WO2024201635A1 (ja) 秘匿情報処理システム、秘匿情報処理方法、および秘匿情報処理プログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22937414

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2024501718

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 202280094284.8

Country of ref document: CN

WWE Wipo information: entry into national phase

Ref document number: 112022006626

Country of ref document: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22937414

Country of ref document: EP

Kind code of ref document: A1